diff --git a/Cargo.toml b/Cargo.toml index 9e1790a9..8bd36b80 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,7 @@ keywords = ["peer-to-peer", "libp2p", "networking"] categories = ["network-programming", "asynchronous"] [features] -default = ["secio-rsa", "secio-secp256k1", "libp2p-websocket"] -secio-rsa = ["libp2p-secio/rsa"] +default = ["secio-secp256k1", "libp2p-websocket"] secio-secp256k1 = ["libp2p-secio/secp256k1"] [dependencies] diff --git a/protocols/secio/Cargo.toml b/protocols/secio/Cargo.toml index 13b41210..cb4a55e0 100644 --- a/protocols/secio/Cargo.toml +++ b/protocols/secio/Cargo.toml @@ -30,15 +30,14 @@ ed25519-dalek = "0.8.0" hmac = "0.6.3" [target.'cfg(not(any(target_os = "emscripten", target_os = "unknown")))'.dependencies] -ring = { version = "0.13", features = ["use_heap"], default-features = false } +ring = { version = "0.14", features = ["use_heap"], default-features = false } untrusted = { version = "0.6" } [target.'cfg(any(target_os = "emscripten", target_os = "unknown"))'.dependencies] stdweb = { version = "0.4", default-features = false } [features] -default = ["rsa", "secp256k1"] -rsa = ["ring/rsa_signing"] +default = ["secp256k1"] aes-all = ["aesni"] [dev-dependencies] diff --git a/protocols/secio/src/algo_support.rs b/protocols/secio/src/algo_support.rs index b92a6740..b37b4c85 100644 --- a/protocols/secio/src/algo_support.rs +++ b/protocols/secio/src/algo_support.rs @@ -24,7 +24,7 @@ //! helps you with. use crate::error::SecioError; -#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] use ring::digest; use std::cmp::Ordering; use crate::stream_cipher::Cipher; @@ -204,7 +204,7 @@ pub fn select_digest(r: Ordering, ours: &str, theirs: &str) -> Result for Digest { #[inline] fn into(self) -> &'static digest::Algorithm { diff --git a/protocols/secio/src/exchange/impl_ring.rs b/protocols/secio/src/exchange/impl_ring.rs index 9edc8b9a..46a0943f 100644 --- a/protocols/secio/src/exchange/impl_ring.rs +++ b/protocols/secio/src/exchange/impl_ring.rs @@ -48,9 +48,10 @@ pub fn generate_agreement(algorithm: KeyAgreement) -> impl Future { - let mut tmp_pub_key: Vec = (0 .. tmp_priv_key.public_key_len()).map(|_| 0).collect(); - tmp_priv_key.compute_public_key(&mut tmp_pub_key).unwrap(); - future::ok((tmp_priv_key, tmp_pub_key)) + let r = tmp_priv_key.compute_public_key() + .map_err(|_| SecioError::EphemeralKeyGenerationFailed) + .map(move |tmp_pub_key| (tmp_priv_key, tmp_pub_key.as_ref().to_vec())); + future::result(r) }, Err(_) => { debug!("failed to generate ECDH key"); diff --git a/protocols/secio/src/handshake.rs b/protocols/secio/src/handshake.rs index 46ad1e2c..0dade3a8 100644 --- a/protocols/secio/src/handshake.rs +++ b/protocols/secio/src/handshake.rs @@ -34,9 +34,9 @@ use log::{debug, trace}; use protobuf::parse_from_bytes as protobuf_parse_from_bytes; use protobuf::Message as ProtobufMessage; use rand::{self, RngCore}; -#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] -use ring::signature::{RSASigningState, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, verify as ring_verify}; -#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] +use ring::signature::{RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, verify as ring_verify}; +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] use ring::rand::SystemRandom; #[cfg(feature = "secp256k1")] use secp256k1; @@ -46,7 +46,7 @@ use std::io::{Error as IoError, ErrorKind as IoErrorKind}; use crate::structs_proto::{Exchange, Propose}; use tokio_io::codec::length_delimited; use tokio_io::{AsyncRead, AsyncWrite}; -#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] use untrusted::Input as UntrustedInput; use crate::{KeyAgreement, SecioConfig, SecioKeyPairInner}; #[cfg(feature = "secp256k1")] @@ -370,18 +370,11 @@ where exchange.set_epubkey(tmp_pub_key); exchange.set_signature({ match context.config.key.inner { - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] SecioKeyPairInner::Rsa { ref private, .. } => { - let mut state = match RSASigningState::new(private.clone()) { - Ok(s) => s, - Err(_) => { - debug!("failed to sign local exchange"); - return Err(SecioError::SigningFailure); - }, - }; let mut signature = vec![0; private.public_modulus_len()]; let rng = SystemRandom::new(); - match state.sign(&RSA_PKCS1_SHA256, &rng, &data_to_sign, &mut signature) { + match private.sign(&RSA_PKCS1_SHA256, &rng, &data_to_sign, &mut signature) { Ok(_) => (), Err(_) => { debug!("failed to sign local exchange"); @@ -453,7 +446,7 @@ where data_to_verify.extend_from_slice(remote_exch.get_epubkey()); match context.state.remote.public_key { - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] PublicKey::Rsa(ref remote_public_key) => { // TODO: The ring library doesn't like some stuff in our DER public key, // therefore we scrap the first 24 bytes of the key. A proper fix would @@ -507,7 +500,7 @@ where return Err(SecioError::SignatureVerificationFailed) } }, - #[cfg(not(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown")))))] + #[cfg(any(target_os = "emscripten", target_os = "unknown"))] PublicKey::Rsa(_) => { debug!("support for RSA was disabled at compile-time"); return Err(SecioError::SignatureVerificationFailed); @@ -640,7 +633,7 @@ mod tests { use crate::{SecioConfig, SecioKeyPair}; #[test] - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] fn handshake_with_self_succeeds_rsa() { let key1 = { let private = include_bytes!("../tests/test-rsa-private-key.pk8"); diff --git a/protocols/secio/src/lib.rs b/protocols/secio/src/lib.rs index d6cf9e0f..999fb17c 100644 --- a/protocols/secio/src/lib.rs +++ b/protocols/secio/src/lib.rs @@ -93,15 +93,15 @@ use futures::{Future, Poll, Sink, StartSend, Stream}; use lazy_static::lazy_static; use libp2p_core::{PeerId, PublicKey, upgrade::{UpgradeInfo, InboundUpgrade, OutboundUpgrade}}; use log::debug; -#[cfg(all(feature = "rsa", not(any(target_os = "emscripten", target_os = "unknown"))))] -use ring::signature::RSAKeyPair; +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] +use ring::signature::RsaKeyPair; use rw_stream_sink::RwStreamSink; use std::error::Error; use std::io::{Error as IoError, ErrorKind as IoErrorKind}; use std::iter; use std::sync::Arc; use tokio_io::{AsyncRead, AsyncWrite}; -#[cfg(all(feature = "rsa", not(any(target_os = "emscripten", target_os = "unknown"))))] +#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] use untrusted::Input; mod algo_support; @@ -217,7 +217,7 @@ pub struct SecioKeyPair { impl SecioKeyPair { /// Builds a `SecioKeyPair` from a PKCS8 private key and public key. - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] pub fn rsa_from_pkcs8

( private: &[u8], public: P, @@ -225,7 +225,7 @@ impl SecioKeyPair { where P: Into>, { - let private = RSAKeyPair::from_pkcs8(Input::from(&private[..])).map_err(Box::new)?; + let private = RsaKeyPair::from_pkcs8(Input::from(&private[..])).map_err(Box::new)?; Ok(SecioKeyPair { inner: SecioKeyPairInner::Rsa { @@ -288,7 +288,7 @@ impl SecioKeyPair { /// Returns the public key corresponding to this key pair. pub fn to_public_key(&self) -> PublicKey { match self.inner { - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] SecioKeyPairInner::Rsa { ref public, .. } => PublicKey::Rsa(public.clone()), SecioKeyPairInner::Ed25519 { ref key_pair } => { PublicKey::Ed25519(key_pair.public.as_bytes().to_vec()) @@ -313,11 +313,11 @@ impl SecioKeyPair { // Inner content of `SecioKeyPair`. #[derive(Clone)] enum SecioKeyPairInner { - #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))] + #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))] Rsa { public: Vec, // We use an `Arc` so that we can clone the enum. - private: Arc, + private: Arc, }, Ed25519 { // We use an `Arc` so that we can clone the enum.