From f8179521340234b1a9c31d01650179c09271eb87 Mon Sep 17 00:00:00 2001 From: Ekleog-NEAR <96595974+Ekleog-NEAR@users.noreply.github.com> Date: Thu, 23 Nov 2023 19:15:10 +0100 Subject: [PATCH] bump ed25519-dalek to 2.1.0 (#10201) Co-authored-by: Simonas Kazlauskas --- Cargo.lock | 160 ++++++++---------- Cargo.toml | 4 +- core/crypto/src/key_conversion.rs | 11 +- core/crypto/src/signature.rs | 49 +++--- core/crypto/src/test_utils.rs | 14 +- core/crypto/src/util.rs | 2 +- core/crypto/src/vrf.rs | 6 +- deny.toml | 2 - .../near-vm-runner/src/logic/gas_counter.rs | 4 +- runtime/near-vm-runner/src/logic/logic.rs | 32 ++-- tools/mirror/src/key_mapping.rs | 10 +- 11 files changed, 135 insertions(+), 159 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9316b653fb7..4638987fbe9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -703,15 +703,6 @@ dependencies = [ "digest 0.9.0", ] -[[package]] -name = "block-buffer" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" -dependencies = [ - "generic-array 0.14.5", -] - [[package]] name = "block-buffer" version = "0.10.2" @@ -776,7 +767,7 @@ dependencies = [ "arbitrary", "bolero-generator-derive", "either", - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -1655,17 +1646,33 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "3.2.0" +version = "4.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" +checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", + "cfg-if 1.0.0", + "cpufeatures", + "curve25519-dalek-derive", + "digest 0.10.6", + "fiat-crypto", + "platforms", + "rand_core 0.6.4", + "rustc_version 0.4.0", "subtle", "zeroize", ] +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.32", +] + [[package]] name = "cxx" version = "1.0.94" @@ -1819,7 +1826,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ - "block-buffer 0.10.2", + "block-buffer", "crypto-common", "subtle", ] @@ -1923,25 +1930,24 @@ checksum = "53aff6fdc1b181225acdcb5b14c47106726fd8e486707315b1b138baed68ee31" [[package]] name = "ed25519" -version = "1.5.1" +version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9cb2103c580a9f8732121f755eccb51312f7db26314664314c119298107064b" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ "signature", ] [[package]] name = "ed25519-dalek" -version = "1.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0" dependencies = [ "curve25519-dalek", "ed25519", - "rand 0.7.3", - "serde", - "sha2 0.9.9", - "zeroize", + "rand_core 0.6.4", + "sha2", + "subtle", ] [[package]] @@ -2104,6 +2110,12 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +[[package]] +name = "fiat-crypto" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" + [[package]] name = "finite-wasm" version = "0.5.0" @@ -2719,7 +2731,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0acd33ff0285af998aaf9b57342af478078f53492322fafc47450e09397e0e9" dependencies = [ "bitmaps", - "rand_core 0.6.3", + "rand_core 0.6.4", "rand_xoshiro", "sized-chunks", "typenum", @@ -3533,7 +3545,7 @@ dependencies = [ "once_cell", "serde", "serde_json", - "sha2 0.10.6", + "sha2", "smart-default", "tracing", ] @@ -3694,7 +3706,7 @@ dependencies = [ "secp256k1", "serde", "serde_json", - "sha2 0.10.6", + "sha2", "subtle", "tempfile", "thiserror", @@ -4012,7 +4024,7 @@ dependencies = [ "secp256k1", "serde", "serde_json", - "sha2 0.10.6", + "sha2", "strum", "thiserror", "tokio", @@ -4218,7 +4230,7 @@ dependencies = [ "serde_json", "serde_repr", "serde_with", - "sha2 0.10.6", + "sha2", "strum", "thiserror", ] @@ -4294,7 +4306,7 @@ dependencies = [ "near-ping", "near-primitives", "once_cell", - "sha2 0.10.6", + "sha2", "tokio", "tracing", ] @@ -4532,7 +4544,7 @@ dependencies = [ "serde_json", "serde_repr", "serde_with", - "sha2 0.10.6", + "sha2", "sha3", "strum", "thiserror", @@ -4811,7 +4823,7 @@ dependencies = [ "rayon", "serde", "serde_json", - "sha2 0.10.6", + "sha2", "tempfile", "testlib", "thiserror", @@ -5337,6 +5349,12 @@ version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +[[package]] +name = "platforms" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0" + [[package]] name = "ppv-lite86" version = "0.2.16" @@ -5436,9 +5454,9 @@ checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" [[package]] name = "proc-macro2" -version = "1.0.64" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] @@ -5610,9 +5628,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.30" +version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5907a1b7c277254a8b15170f6e7c97cfa60ee7872a3217663bb81151e48184bb" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ "proc-macro2", ] @@ -5644,7 +5662,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha 0.3.1", - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -5664,7 +5682,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -5678,9 +5696,9 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ "getrandom 0.2.9", ] @@ -5700,7 +5718,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" dependencies = [ - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -5709,7 +5727,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f" dependencies = [ - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -5718,7 +5736,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6f97cdb2a36ed4183de61b2f824cc45c9f1037f28afe0a322e9fff4c108b5aaa" dependencies = [ - "rand_core 0.6.3", + "rand_core 0.6.4", ] [[package]] @@ -6107,7 +6125,7 @@ dependencies = [ "serde", "serde-xml-rs", "serde_derive", - "sha2 0.10.6", + "sha2", "thiserror", "time", "tokio", @@ -6501,19 +6519,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" -[[package]] -name = "sha2" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if 1.0.0", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", -] - [[package]] name = "sha2" version = "0.10.6" @@ -6588,9 +6593,9 @@ dependencies = [ [[package]] name = "signature" -version = "1.5.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f054c6c1a6e95179d6f23ed974060dcefb2d9388bb7256900badad682c499de4" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" [[package]] name = "similar" @@ -6886,18 +6891,6 @@ dependencies = [ "syn 2.0.32", ] -[[package]] -name = "synstructure" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.103", - "unicode-xid", -] - [[package]] name = "sysinfo" version = "0.24.5" @@ -7527,12 +7520,6 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" -[[package]] -name = "unicode-xid" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "957e51f3646910546462e67d5f7599b9e4fb8acdd304b087a6494730f9eebf04" - [[package]] name = "unsafe-libyaml" version = "0.2.5" @@ -8593,24 +8580,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.103", - "synstructure", -] +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" [[package]] name = "zeropool-bn" diff --git a/Cargo.toml b/Cargo.toml index c4515308744..5dc6526723a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -138,14 +138,14 @@ crossbeam = "0.8" crossbeam-channel = "0.5.8" crossbeam-queue = "0.3.8" csv = "1.2.1" -curve25519-dalek = "3" +curve25519-dalek = { version = "4.1.1", default-features = false, features = ["alloc", "precomputed-tables", "rand_core"] } derive-enum-from-into = "0.1.1" derive_more = "0.99.9" dirs = "4" dynasm = "2.0" dynasmrt = "2.0" easy-ext = "0.2" -ed25519-dalek = "1" +ed25519-dalek = { version = "2.1.0", default-features = false, features = ["hazmat", "rand_core"] } elastic-array = "0.11" enum-map = "2.1.0" enumset = "1.0" diff --git a/core/crypto/src/key_conversion.rs b/core/crypto/src/key_conversion.rs index 6326a467b07..5f81ee27fb6 100644 --- a/core/crypto/src/key_conversion.rs +++ b/core/crypto/src/key_conversion.rs @@ -1,7 +1,6 @@ use crate::{signature, vrf, PublicKey}; use curve25519_dalek::edwards::{CompressedEdwardsY, EdwardsPoint}; use curve25519_dalek::ristretto::RistrettoPoint; -use curve25519_dalek::scalar::Scalar; use std::mem::transmute; pub fn is_valid_staking_key(public_key: &PublicKey) -> bool { @@ -13,7 +12,7 @@ pub fn is_valid_staking_key(public_key: &PublicKey) -> bool { } pub fn convert_public_key(key: &signature::ED25519PublicKey) -> Option { - let ep: EdwardsPoint = CompressedEdwardsY::from_slice(&key.0).decompress()?; + let ep: EdwardsPoint = CompressedEdwardsY::from_slice(&key.0).ok()?.decompress()?; // All properly generated public keys are torsion-free. RistrettoPoint type can handle some values that are not torsion-free, but not all. if !ep.is_torsion_free() { return None; @@ -24,11 +23,9 @@ pub fn convert_public_key(key: &signature::ED25519PublicKey) -> Option vrf::SecretKey { - let b = ed25519_dalek::ExpandedSecretKey::from( - &ed25519_dalek::SecretKey::from_bytes(&key.0[..32]).unwrap(), - ) - .to_bytes(); - vrf::SecretKey::from_scalar(Scalar::from_bytes_mod_order(b[0..32].try_into().unwrap())) + let b = <&[u8; 32]>::try_from(&key.0[..32]).unwrap(); + let s = ed25519_dalek::hazmat::ExpandedSecretKey::from(b).scalar; + vrf::SecretKey::from_scalar(s) } #[cfg(test)] diff --git a/core/crypto/src/signature.rs b/core/crypto/src/signature.rs index 966559c1fb5..a9121131423 100644 --- a/core/crypto/src/signature.rs +++ b/core/crypto/src/signature.rs @@ -2,7 +2,7 @@ use borsh::{BorshDeserialize, BorshSerialize}; use ed25519_dalek::ed25519::signature::{Signer, Verifier}; use once_cell::sync::Lazy; use primitive_types::U256; -use rand::rngs::OsRng; +use secp256k1::rand::rngs::OsRng; use secp256k1::Message; use std::convert::AsRef; use std::fmt::{Debug, Display, Formatter}; @@ -305,19 +305,17 @@ impl SecretKey { pub fn from_random(key_type: KeyType) -> SecretKey { match key_type { KeyType::ED25519 => { - let keypair = ed25519_dalek::Keypair::generate(&mut OsRng); - SecretKey::ED25519(ED25519SecretKey(keypair.to_bytes())) - } - KeyType::SECP256K1 => { - SecretKey::SECP256K1(secp256k1::SecretKey::new(&mut secp256k1::rand::rngs::OsRng)) + let keypair = ed25519_dalek::SigningKey::generate(&mut OsRng); + SecretKey::ED25519(ED25519SecretKey(keypair.to_keypair_bytes())) } + KeyType::SECP256K1 => SecretKey::SECP256K1(secp256k1::SecretKey::new(&mut OsRng)), } } pub fn sign(&self, data: &[u8]) -> Signature { match &self { SecretKey::ED25519(secret_key) => { - let keypair = ed25519_dalek::Keypair::from_bytes(&secret_key.0).unwrap(); + let keypair = ed25519_dalek::SigningKey::from_keypair_bytes(&secret_key.0).unwrap(); Signature::ED25519(keypair.sign(data)) } @@ -508,13 +506,13 @@ impl Signature { signature_data: &[u8], ) -> Result { match signature_type { - KeyType::ED25519 => Ok(Signature::ED25519( - ed25519_dalek::Signature::from_bytes(signature_data).map_err(|err| { - crate::errors::ParseSignatureError::InvalidData { + KeyType::ED25519 => Ok(Signature::ED25519(ed25519_dalek::Signature::from_bytes( + <&[u8; ed25519_dalek::SIGNATURE_LENGTH]>::try_from(signature_data).map_err( + |err| crate::errors::ParseSignatureError::InvalidData { error_message: err.to_string(), - } - })?, - )), + }, + )?, + ))), KeyType::SECP256K1 => { Ok(Signature::SECP256K1(Secp256K1Signature::try_from(signature_data).map_err( |_| crate::errors::ParseSignatureError::InvalidData { @@ -530,7 +528,7 @@ impl Signature { pub fn verify(&self, data: &[u8], public_key: &PublicKey) -> bool { match (&self, public_key) { (Signature::ED25519(signature), PublicKey::ED25519(public_key)) => { - match ed25519_dalek::PublicKey::from_bytes(&public_key.0) { + match ed25519_dalek::VerifyingKey::from_bytes(&public_key.0) { Err(_) => false, Ok(public_key) => public_key.verify(data, signature).is_ok(), } @@ -598,10 +596,14 @@ impl BorshDeserialize for Signature { KeyType::ED25519 => { let array: [u8; ed25519_dalek::SIGNATURE_LENGTH] = BorshDeserialize::deserialize_reader(rd)?; - Ok(Signature::ED25519( - ed25519_dalek::Signature::from_bytes(&array) - .map_err(|e| Error::new(ErrorKind::InvalidData, e.to_string()))?, - )) + // Sanity-check that was performed by ed25519-dalek in from_bytes before version 2, + // but was removed with version 2. It is not actually any good a check, but we have + // it here in case we need to keep backward compatibility. Maybe this check is not + // actually required, but please think carefully before removing it. + if array[ed25519_dalek::SIGNATURE_LENGTH - 1] & 0b1110_0000 != 0 { + return Err(Error::new(ErrorKind::InvalidData, "signature error")); + } + Ok(Signature::ED25519(ed25519_dalek::Signature::from_bytes(&array))) } KeyType::SECP256K1 => { let array: [u8; 65] = BorshDeserialize::deserialize_reader(rd)?; @@ -613,11 +615,15 @@ impl BorshDeserialize for Signature { impl Display for Signature { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> Result<(), std::fmt::Error> { + let buf; let (key_type, key_data) = match self { - Signature::ED25519(signature) => (KeyType::ED25519, signature.as_ref()), + Signature::ED25519(signature) => { + buf = signature.to_bytes(); + (KeyType::ED25519, &buf[..]) + } Signature::SECP256K1(signature) => (KeyType::SECP256K1, &signature.0[..]), }; - write!(f, "{}:{}", key_type, Bs58(key_data)) + write!(f, "{}:{}", key_type, Bs58(&key_data)) } } @@ -647,8 +653,7 @@ impl FromStr for Signature { Ok(match sig_type { KeyType::ED25519 => { let data = decode_bs58::<{ ed25519_dalek::SIGNATURE_LENGTH }>(sig_data)?; - let sig = ed25519_dalek::Signature::from_bytes(&data) - .map_err(|err| Self::Err::InvalidData { error_message: err.to_string() })?; + let sig = ed25519_dalek::Signature::from_bytes(&data); Signature::ED25519(sig) } KeyType::SECP256K1 => Signature::SECP256K1(Secp256K1Signature(decode_bs58(sig_data)?)), diff --git a/core/crypto/src/test_utils.rs b/core/crypto/src/test_utils.rs index 08e8435f5fa..07614c44d79 100644 --- a/core/crypto/src/test_utils.rs +++ b/core/crypto/src/test_utils.rs @@ -4,14 +4,12 @@ use crate::signature::{ED25519PublicKey, ED25519SecretKey, KeyType, PublicKey, S use crate::{InMemorySigner, Signature}; use near_account_id::AccountId; -fn ed25519_key_pair_from_seed(seed: &str) -> ed25519_dalek::Keypair { +fn ed25519_key_pair_from_seed(seed: &str) -> ed25519_dalek::SigningKey { let seed_bytes = seed.as_bytes(); let len = std::cmp::min(ed25519_dalek::SECRET_KEY_LENGTH, seed_bytes.len()); let mut seed: [u8; ed25519_dalek::SECRET_KEY_LENGTH] = [b' '; ed25519_dalek::SECRET_KEY_LENGTH]; seed[..len].copy_from_slice(&seed_bytes[..len]); - let secret = ed25519_dalek::SecretKey::from_bytes(&seed).unwrap(); - let public = ed25519_dalek::PublicKey::from(&secret); - ed25519_dalek::Keypair { secret, public } + ed25519_dalek::SigningKey::from_bytes(&seed) } fn secp256k1_secret_key_from_seed(seed: &str) -> secp256k1::SecretKey { @@ -28,7 +26,7 @@ impl PublicKey { match key_type { KeyType::ED25519 => { let keypair = ed25519_key_pair_from_seed(seed); - PublicKey::ED25519(ED25519PublicKey(keypair.public.to_bytes())) + PublicKey::ED25519(ED25519PublicKey(keypair.verifying_key().to_bytes())) } _ => unimplemented!(), } @@ -40,7 +38,7 @@ impl SecretKey { match key_type { KeyType::ED25519 => { let keypair = ed25519_key_pair_from_seed(seed); - SecretKey::ED25519(ED25519SecretKey(keypair.to_bytes())) + SecretKey::ED25519(ED25519SecretKey(keypair.to_keypair_bytes())) } _ => SecretKey::SECP256K1(secp256k1_secret_key_from_seed(seed)), } @@ -53,9 +51,7 @@ impl Signature { /// Empty signature that doesn't correspond to anything. pub fn empty(key_type: KeyType) -> Self { match key_type { - KeyType::ED25519 => { - Signature::ED25519(ed25519_dalek::Signature::from_bytes(&SIG).unwrap()) - } + KeyType::ED25519 => Signature::ED25519(ed25519_dalek::Signature::from_bytes(&SIG)), _ => unimplemented!(), } } diff --git a/core/crypto/src/util.rs b/core/crypto/src/util.rs index 431964dec15..789df5f91a9 100644 --- a/core/crypto/src/util.rs +++ b/core/crypto/src/util.rs @@ -51,7 +51,7 @@ impl Packable for Scalar { type Packed = [u8; 32]; fn unpack(data: &[u8; 32]) -> Option { - Scalar::from_canonical_bytes(*data) + Scalar::from_canonical_bytes(*data).into() } fn pack(&self) -> [u8; 32] { diff --git a/core/crypto/src/vrf.rs b/core/crypto/src/vrf.rs index 4745ebc80bd..651989bacbd 100644 --- a/core/crypto/src/vrf.rs +++ b/core/crypto/src/vrf.rs @@ -46,11 +46,11 @@ impl PublicKey { // manner. #[allow(clippy::arithmetic_side_effects)] fn basemul(s: Scalar) -> Point { - &s * > + &s * &*GT } fn safe_invert(s: Scalar) -> Scalar { - Scalar::conditional_select(&s, &Scalar::one(), s.ct_eq(&Scalar::zero())).invert() + Scalar::conditional_select(&s, &Scalar::ONE, s.ct_eq(&Scalar::ZERO)).invert() } impl SecretKey { @@ -122,7 +122,7 @@ traits!(SecretKey, 32, |s| s.0.as_bytes(), "secret key"); mod tests { use super::*; - use rand::rngs::OsRng; + use secp256k1::rand::rngs::OsRng; use serde::{Deserialize, Serialize}; use serde_json::{from_str, to_string}; diff --git a/deny.toml b/deny.toml index 93e156d3de7..becd19e3c08 100644 --- a/deny.toml +++ b/deny.toml @@ -45,9 +45,7 @@ skip = [ { name = "cfg-if", version = "=1.0.0" }, # `sha2`, `blake3` and `curve25519-dalek` need to be updated. - { name = "block-buffer", version = "=0.9.0" }, { name = "digest", version = "=0.9.0" }, - { name = "sha2", version = "=0.9.9" }, # Need this specific version of pwasm-utils for backwards-compatible # stack limiting. diff --git a/runtime/near-vm-runner/src/logic/gas_counter.rs b/runtime/near-vm-runner/src/logic/gas_counter.rs index b7076be2c3a..8989813bf93 100644 --- a/runtime/near-vm-runner/src/logic/gas_counter.rs +++ b/runtime/near-vm-runner/src/logic/gas_counter.rs @@ -11,7 +11,7 @@ use std::collections::HashMap; #[inline] pub fn with_ext_cost_counter(f: impl FnOnce(&mut HashMap)) { - #[cfg(feature = "costs_counting")] + #[cfg(any(test, feature = "costs_counting"))] { thread_local! { static EXT_COSTS_COUNTER: std::cell::RefCell> = @@ -19,7 +19,7 @@ pub fn with_ext_cost_counter(f: impl FnOnce(&mut HashMap)) { } EXT_COSTS_COUNTER.with(|rc| f(&mut *rc.borrow_mut())); } - #[cfg(not(feature = "costs_counting"))] + #[cfg(not(any(test, feature = "costs_counting")))] let _ = f; } diff --git a/runtime/near-vm-runner/src/logic/logic.rs b/runtime/near-vm-runner/src/logic/logic.rs index 6288ee8e5a0..e5b223b949c 100644 --- a/runtime/near-vm-runner/src/logic/logic.rs +++ b/runtime/near-vm-runner/src/logic/logic.rs @@ -1152,28 +1152,32 @@ impl<'a> VMLogic<'a> { let signature: ed25519_dalek::Signature = { let vec = get_memory_or_register!(self, signature_ptr, signature_len)?; - if vec.len() != ed25519_dalek::SIGNATURE_LENGTH { - return Err(VMLogicError::HostError(HostError::Ed25519VerifyInvalidInput { + let b = <&[u8; ed25519_dalek::SIGNATURE_LENGTH]>::try_from(&vec[..]).map_err(|_| { + VMLogicError::HostError(HostError::Ed25519VerifyInvalidInput { msg: "invalid signature length".to_string(), - })); - } - match ed25519_dalek::Signature::from_bytes(&vec) { - Ok(signature) => signature, - Err(_) => return Ok(false as u64), + }) + })?; + // Sanity-check that was performed by ed25519-dalek in from_bytes before version 2, + // but was removed with version 2. It is not actually any good a check, but we need + // it to avoid costs changing. + if b[ed25519_dalek::SIGNATURE_LENGTH - 1] & 0b1110_0000 != 0 { + return Ok(false as u64); } + ed25519_dalek::Signature::from_bytes(b) }; let message = get_memory_or_register!(self, message_ptr, message_len)?; self.gas_counter.pay_per(ed25519_verify_byte, message.len() as u64)?; - let public_key: ed25519_dalek::PublicKey = { + let public_key: ed25519_dalek::VerifyingKey = { let vec = get_memory_or_register!(self, public_key_ptr, public_key_len)?; - if vec.len() != ed25519_dalek::PUBLIC_KEY_LENGTH { - return Err(VMLogicError::HostError(HostError::Ed25519VerifyInvalidInput { - msg: "invalid public key length".to_string(), - })); - } - match ed25519_dalek::PublicKey::from_bytes(&vec) { + let b = + <&[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>::try_from(&vec[..]).map_err(|_| { + VMLogicError::HostError(HostError::Ed25519VerifyInvalidInput { + msg: "invalid public key length".to_string(), + }) + })?; + match ed25519_dalek::VerifyingKey::from_bytes(b) { Ok(public_key) => public_key, Err(_) => return Ok(false as u64), } diff --git a/tools/mirror/src/key_mapping.rs b/tools/mirror/src/key_mapping.rs index 4cbc8608419..46932926ad5 100644 --- a/tools/mirror/src/key_mapping.rs +++ b/tools/mirror/src/key_mapping.rs @@ -40,9 +40,13 @@ fn map_ed25519( ed25519_map_secret(&mut buf[..ed25519_dalek::SECRET_KEY_LENGTH], public, secret); - let secret_key = - ed25519_dalek::SecretKey::from_bytes(&buf[..ed25519_dalek::SECRET_KEY_LENGTH]).unwrap(); - let public_key = ed25519_dalek::PublicKey::from(&secret_key); + let secret_key = ed25519_dalek::SigningKey::from_bytes( + <&[u8; ed25519_dalek::SECRET_KEY_LENGTH]>::try_from( + &buf[..ed25519_dalek::SECRET_KEY_LENGTH], + ) + .unwrap(), + ); + let public_key = ed25519_dalek::VerifyingKey::from(&secret_key); buf[ed25519_dalek::SECRET_KEY_LENGTH..].copy_from_slice(public_key.as_bytes()); ED25519SecretKey(buf)