From 52cb8ffd5b33d2a8a58e5cb17cc3c18653c2f039 Mon Sep 17 00:00:00 2001
From: Jason Colburne <j.colburne@gmail.com>
Date: Mon, 24 Apr 2023 11:49:46 -0300
Subject: [PATCH] dalek 2.0.0-rc.2 (#144)

* dalek-2.0.0-rc.2

* fix verfer tests

* format

* remove unused import

* don't be explicit about packages we no longer use

* revert to verify()

* use trait

* make preflight checks better

* clippy

* clippy

* makefile improvements

* fix wasm, add to preflight

* add wasm to ci

* install wasm-pack

---------

Co-authored-by: Kevin Griffin <griffin.kev@gmail.com>
---
 .github/workflows/test.yml    |  8 +++++++-
 Cargo.toml                    |  5 ++---
 Makefile                      | 12 ++++++++++--
 src/core/verfer.rs            | 13 +++++++------
 src/crypto/sign.rs            | 32 +++++++++++++++++++-------------
 wasm/src/primitives/bexter.rs |  2 +-
 6 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6cb5a71..c9deb0f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -29,7 +29,7 @@ jobs:
         run: cargo fmt --all -- --check
 
       - name: Outdated
-        run: cargo outdated -R --ignore rand --exit-code 1
+        run: cargo outdated -R --exit-code 1
 
       - name: Audit
         run: cargo audit
@@ -51,6 +51,12 @@ jobs:
         with:
           version: '0.22.0'
 
+      - name: WASM Sanity Build
+        run: |
+          cd wasm
+          cargo install wasm-pack
+          wasm-pack build
+
       - name: Upload to codecov.io
         uses: codecov/codecov-action@v3
         with:
diff --git a/Cargo.toml b/Cargo.toml
index 3aec13f..96af3fb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,20 +15,19 @@ base64 = "~0.21"
 blake2 = "~0.10"
 blake3 = "~1"
 chrono = { version = "~0.4", default-features = false, features = ["clock"] }
-ed25519-dalek = "~1"
+ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core"] }
 indexmap = "~1"
 k256 = "~0.13"
 lazy_static = "~1"
 num-rational = "~0.4"
 p256 = "~0.13"
-rand = "0.7.0" # this needs pinning for one of the seeding pieces of a signing suite
 rand_core = "~0.6"
 regex = "~1"
 serde_json = { version = "~1", features = ["preserve_order"] }
 sha2 = "~0.10"
 sha3 = "~0.10"
 thiserror = "~1"
-zeroize = "~1"
+zeroize = { version = "~1", features = ["derive"] }
 
 [dev-dependencies]
 hex-literal = "0.4.0"
diff --git a/Makefile b/Makefile
index 10dd978..b2d4f94 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,6 @@
+setup:
+	cargo install cargo-tarpaulin cargo-outdated cargo-audit wasm-pack
+
 clean:
 	cargo clean
 
@@ -5,11 +8,16 @@ fix:
 	cargo fix
 	cargo fmt
 
+clippy:
+	cargo clippy --all-targets -- -D warnings
+
 preflight:
-	cargo audit
 	cargo fmt --check
-	cargo outdated -R --ignore rand --exit-code 1
+	cargo outdated -R --exit-code 1
+	cargo audit
+	cargo check
 	cargo clippy -- -D warnings
 	cargo build --release
 	cargo test --release
 	cargo tarpaulin
+	cd wasm && wasm-pack build && wasm-pack build --target=nodejs
diff --git a/src/core/verfer.rs b/src/core/verfer.rs
index b26eb5b..78d050f 100644
--- a/src/core/verfer.rs
+++ b/src/core/verfer.rs
@@ -198,16 +198,17 @@ mod test {
         let bad_ser = hex!("e1be4d7a8ab5560aa4199eea339849ba8e293d55ca0a81006726d184519e647f"
                                      "5b49b82f805a538c68915c1ae8035c900fd1d4b13902920fd05e1450822f36df");
 
-        let mut csprng = rand::rngs::OsRng::default();
-        let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
+        let mut csprng = rand_core::OsRng::default();
+        let keypair = ed25519_dalek::SigningKey::generate(&mut csprng);
 
         let sig = keypair.sign(&ser).to_bytes();
         let mut bad_sig = sig;
         bad_sig[0] ^= 0xff;
 
-        let raw = keypair.public.as_bytes();
+        let raw = keypair.verifying_key().to_bytes();
 
-        let mut m = Verfer::new(Some(matter::Codex::Ed25519), Some(raw), None, None, None).unwrap();
+        let mut m =
+            Verfer::new(Some(matter::Codex::Ed25519), Some(&raw), None, None, None).unwrap();
         assert!(m.verify(&sig, &ser).unwrap());
         assert!(!m.verify(&bad_sig, &ser).unwrap());
         assert!(!m.verify(&sig, &bad_ser).unwrap());
@@ -263,7 +264,7 @@ mod test {
         let private_key = SigningKey::random(&mut csprng);
 
         let sig = <SigningKey as Signer<Signature>>::sign(&private_key, &ser).to_bytes();
-        let mut bad_sig = sig.clone();
+        let mut bad_sig = sig;
         bad_sig[0] ^= 0xff;
 
         let public_key = VerifyingKey::from(private_key);
@@ -276,7 +277,7 @@ mod test {
         assert!(!m.verify(&sig, &bad_ser).unwrap());
         assert!(m.verify(&[], &ser).is_err());
 
-        m.set_code(&matter::Codex::ECDSA_256r1N);
+        m.set_code(matter::Codex::ECDSA_256r1N);
         assert!(m.verify(&sig, &ser).unwrap());
         assert!(!m.verify(&bad_sig, &ser).unwrap());
         assert!(!m.verify(&sig, &bad_ser).unwrap());
diff --git a/src/crypto/sign.rs b/src/crypto/sign.rs
index cf345b7..44717c0 100644
--- a/src/crypto/sign.rs
+++ b/src/crypto/sign.rs
@@ -74,34 +74,40 @@ pub(crate) fn verify(code: &str, public_key: &[u8], sig: &[u8], ser: &[u8]) -> R
 }
 
 mod ed25519 {
-    use ed25519_dalek::{
-        ed25519::signature::Signer, Keypair, PublicKey, SecretKey, Signature, Verifier,
-    };
-    use rand::rngs::OsRng;
+    use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
+    use rand_core::OsRng;
 
     use crate::error::Result;
 
     pub(crate) fn generate() -> Result<Vec<u8>> {
         let mut csprng = OsRng {};
-        let private_key: SecretKey = SecretKey::generate(&mut csprng);
-        Ok(private_key.as_bytes().to_vec())
+        let mut private_key = SigningKey::generate(&mut csprng);
+        let verifying_key = private_key.verifying_key();
+        let mut weak = verifying_key.is_weak();
+
+        while weak {
+            private_key = SigningKey::generate(&mut csprng);
+            let verifying_key = private_key.verifying_key();
+            weak = verifying_key.is_weak();
+        }
+
+        Ok(private_key.to_bytes().to_vec())
     }
 
     pub(crate) fn public_key(private_key: &[u8]) -> Result<Vec<u8>> {
-        let private_key = SecretKey::from_bytes(private_key)?;
-        let public_key: PublicKey = (&private_key).into();
+        let private_key = SigningKey::from_bytes(&private_key[..32].try_into()?);
+        let public_key: VerifyingKey = (&private_key).into();
         Ok(public_key.as_bytes().to_vec())
     }
 
     pub(crate) fn sign(private_key: &[u8], ser: &[u8]) -> Result<Vec<u8>> {
-        let private_key = SecretKey::from_bytes(private_key)?;
-        let public_key: PublicKey = (&private_key).into();
-        Ok(Keypair { secret: private_key, public: public_key }.sign(ser).to_bytes().to_vec())
+        let private_key = SigningKey::from_bytes(private_key.try_into()?);
+        Ok(private_key.sign(ser).to_bytes().to_vec())
     }
 
     pub(crate) fn verify(public_key: &[u8], sig: &[u8], ser: &[u8]) -> Result<bool> {
-        let public_key = PublicKey::from_bytes(public_key)?;
-        let signature = Signature::from_bytes(sig)?;
+        let public_key = VerifyingKey::from_bytes(public_key.try_into()?)?;
+        let signature = Signature::from_bytes(sig.try_into()?);
 
         match public_key.verify(ser, &signature) {
             Ok(_) => Ok(true),
diff --git a/wasm/src/primitives/bexter.rs b/wasm/src/primitives/bexter.rs
index 5d5a2a4..d0c87bc 100644
--- a/wasm/src/primitives/bexter.rs
+++ b/wasm/src/primitives/bexter.rs
@@ -1,7 +1,7 @@
 use std::ops::Deref;
 
 use crate::{error::*, Wrap};
-use cesride_core::{Bexter, Bext, Matter};
+use cesride_core::{Bext, Bexter, Matter};
 use wasm_bindgen::prelude::*;
 
 #[wasm_bindgen(js_name = Bexter)]