Update ring to version 0.14 (#885)

This release enables RSA signing by default, hence the `rsa_signing` feature has been removed.

Cargo.toml

@@ -10,8 +10,7 @@ keywords = ["peer-to-peer", "libp2p", "networking"]
 categories = ["network-programming", "asynchronous"]
 
 [features]
-default = ["secio-rsa", "secio-secp256k1", "libp2p-websocket"]
-secio-rsa = ["libp2p-secio/rsa"]
+default = ["secio-secp256k1", "libp2p-websocket"]
 secio-secp256k1 = ["libp2p-secio/secp256k1"]
 
 [dependencies]

protocols/secio/Cargo.toml

@@ -30,15 +30,14 @@ ed25519-dalek = "0.8.0"
 hmac = "0.6.3"
 
 [target.'cfg(not(any(target_os = "emscripten", target_os = "unknown")))'.dependencies]
-ring = { version = "0.13", features = ["use_heap"], default-features = false }
+ring = { version = "0.14", features = ["use_heap"], default-features = false }
 untrusted = { version = "0.6" }
 
 [target.'cfg(any(target_os = "emscripten", target_os = "unknown"))'.dependencies]
 stdweb = { version = "0.4", default-features = false }
 
 [features]
-default = ["rsa", "secp256k1"]
-rsa = ["ring/rsa_signing"]
+default = ["secp256k1"]
 aes-all = ["aesni"]
 
 [dev-dependencies]

protocols/secio/src/algo_support.rs

@@ -24,7 +24,7 @@
 //! helps you with.
 
 use crate::error::SecioError;
-#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
 use ring::digest;
 use std::cmp::Ordering;
 use crate::stream_cipher::Cipher;
@@ -204,7 +204,7 @@ pub fn select_digest(r: Ordering, ours: &str, theirs: &str) -> Result<Digest, Se
     Err(SecioError::NoSupportIntersection)
 }
 
-#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
 impl Into<&'static digest::Algorithm> for Digest {
     #[inline]
     fn into(self) -> &'static digest::Algorithm {

protocols/secio/src/exchange/impl_ring.rs

@@ -48,9 +48,10 @@ pub fn generate_agreement(algorithm: KeyAgreement) -> impl Future<Item = (Agreem
 
     match ring_agreement::EphemeralPrivateKey::generate(algorithm.into(), &rng) {
         Ok(tmp_priv_key) => {
-            let mut tmp_pub_key: Vec<u8> = (0 .. tmp_priv_key.public_key_len()).map(|_| 0).collect();
-            tmp_priv_key.compute_public_key(&mut tmp_pub_key).unwrap();
-            future::ok((tmp_priv_key, tmp_pub_key))
+            let r = tmp_priv_key.compute_public_key()
+                .map_err(|_| SecioError::EphemeralKeyGenerationFailed)
+                .map(move |tmp_pub_key| (tmp_priv_key, tmp_pub_key.as_ref().to_vec()));
+            future::result(r)
         },
         Err(_) => {
             debug!("failed to generate ECDH key");

protocols/secio/src/handshake.rs

@@ -34,9 +34,9 @@ use log::{debug, trace};
 use protobuf::parse_from_bytes as protobuf_parse_from_bytes;
 use protobuf::Message as ProtobufMessage;
 use rand::{self, RngCore};
-#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
-use ring::signature::{RSASigningState, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, verify as ring_verify};
-#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
+use ring::signature::{RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, verify as ring_verify};
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
 use ring::rand::SystemRandom;
 #[cfg(feature = "secp256k1")]
 use secp256k1;
@@ -46,7 +46,7 @@ use std::io::{Error as IoError, ErrorKind as IoErrorKind};
 use crate::structs_proto::{Exchange, Propose};
 use tokio_io::codec::length_delimited;
 use tokio_io::{AsyncRead, AsyncWrite};
-#[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
 use untrusted::Input as UntrustedInput;
 use crate::{KeyAgreement, SecioConfig, SecioKeyPairInner};
 #[cfg(feature = "secp256k1")]
@@ -370,18 +370,11 @@ where
                 exchange.set_epubkey(tmp_pub_key);
                 exchange.set_signature({
                     match context.config.key.inner {
-                        #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+                        #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
                         SecioKeyPairInner::Rsa { ref private, .. } => {
-                            let mut state = match RSASigningState::new(private.clone()) {
-                                Ok(s) => s,
-                                Err(_) => {
-                                    debug!("failed to sign local exchange");
-                                    return Err(SecioError::SigningFailure);
-                                },
-                            };
                             let mut signature = vec![0; private.public_modulus_len()];
                             let rng = SystemRandom::new();
-                            match state.sign(&RSA_PKCS1_SHA256, &rng, &data_to_sign, &mut signature) {
+                            match private.sign(&RSA_PKCS1_SHA256, &rng, &data_to_sign, &mut signature) {
                                 Ok(_) => (),
                                 Err(_) => {
                                     debug!("failed to sign local exchange");
@@ -453,7 +446,7 @@ where
             data_to_verify.extend_from_slice(remote_exch.get_epubkey());
 
             match context.state.remote.public_key {
-                #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+                #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
                 PublicKey::Rsa(ref remote_public_key) => {
                     // TODO: The ring library doesn't like some stuff in our DER public key,
                     //       therefore we scrap the first 24 bytes of the key. A proper fix would
@@ -507,7 +500,7 @@ where
                         return Err(SecioError::SignatureVerificationFailed)
                     }
                 },
-                #[cfg(not(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown")))))]
+                #[cfg(any(target_os = "emscripten", target_os = "unknown"))]
                 PublicKey::Rsa(_) => {
                     debug!("support for RSA was disabled at compile-time");
                     return Err(SecioError::SignatureVerificationFailed);
@@ -640,7 +633,7 @@ mod tests {
     use crate::{SecioConfig, SecioKeyPair};
 
     #[test]
-    #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+    #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
     fn handshake_with_self_succeeds_rsa() {
         let key1 = {
             let private = include_bytes!("../tests/test-rsa-private-key.pk8");

protocols/secio/src/lib.rs

@@ -93,15 +93,15 @@ use futures::{Future, Poll, Sink, StartSend, Stream};
 use lazy_static::lazy_static;
 use libp2p_core::{PeerId, PublicKey, upgrade::{UpgradeInfo, InboundUpgrade, OutboundUpgrade}};
 use log::debug;
-#[cfg(all(feature = "rsa", not(any(target_os = "emscripten", target_os = "unknown"))))]
-use ring::signature::RSAKeyPair;
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
+use ring::signature::RsaKeyPair;
 use rw_stream_sink::RwStreamSink;
 use std::error::Error;
 use std::io::{Error as IoError, ErrorKind as IoErrorKind};
 use std::iter;
 use std::sync::Arc;
 use tokio_io::{AsyncRead, AsyncWrite};
-#[cfg(all(feature = "rsa", not(any(target_os = "emscripten", target_os = "unknown"))))]
+#[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
 use untrusted::Input;
 
 mod algo_support;
@@ -217,7 +217,7 @@ pub struct SecioKeyPair {
 
 impl SecioKeyPair {
     /// Builds a `SecioKeyPair` from a PKCS8 private key and public key.
-    #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+    #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
     pub fn rsa_from_pkcs8<P>(
         private: &[u8],
         public: P,
@@ -225,7 +225,7 @@ impl SecioKeyPair {
     where
         P: Into<Vec<u8>>,
     {
-        let private = RSAKeyPair::from_pkcs8(Input::from(&private[..])).map_err(Box::new)?;
+        let private = RsaKeyPair::from_pkcs8(Input::from(&private[..])).map_err(Box::new)?;
 
         Ok(SecioKeyPair {
             inner: SecioKeyPairInner::Rsa {
@@ -288,7 +288,7 @@ impl SecioKeyPair {
     /// Returns the public key corresponding to this key pair.
     pub fn to_public_key(&self) -> PublicKey {
         match self.inner {
-            #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+            #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
             SecioKeyPairInner::Rsa { ref public, .. } => PublicKey::Rsa(public.clone()),
             SecioKeyPairInner::Ed25519 { ref key_pair } => {
                 PublicKey::Ed25519(key_pair.public.as_bytes().to_vec())
@@ -313,11 +313,11 @@ impl SecioKeyPair {
 // Inner content of `SecioKeyPair`.
 #[derive(Clone)]
 enum SecioKeyPairInner {
-    #[cfg(all(feature = "ring", not(any(target_os = "emscripten", target_os = "unknown"))))]
+    #[cfg(not(any(target_os = "emscripten", target_os = "unknown")))]
     Rsa {
         public: Vec<u8>,
         // We use an `Arc` so that we can clone the enum.
-        private: Arc<RSAKeyPair>,
+        private: Arc<RsaKeyPair>,
     },
     Ed25519 {
         // We use an `Arc` so that we can clone the enum.