fluencelabs/rust-libp2p
1
0
Fork 0
mirror of https://github.com/fluencelabs/rust-libp2p synced 2025-04-25 11:02:12 +00:00
Code Issues Projects Releases Wiki Activity

Use upstream rust-secp256k1 (#616)

Browse Source
This commit is contained in:
David 2018-11-09 15:02:27 +01:00 committed by Pierre Krieger
parent 981e7b1cc8
commit 3e1eca16d7
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
protocols/secio/Cargo.toml
View File

@ -12,7 +12,7 @@ libp2p-core = { path = "../../core" }
log = "0.4.1" log = "0.4.1"
protobuf = "2.0.2" protobuf = "2.0.2"
rand = "0.5" rand = "0.5"
eth-secp256k1 = { git = "https://github.com/paritytech/rust-secp256k1", optional = true } secp256k1 = {version = "0.11", optional = true }
aes-ctr = "0.1.0" aes-ctr = "0.1.0"
aesni = { version = "0.4.1", features = ["nocheck"], optional = true } aesni = { version = "0.4.1", features = ["nocheck"], optional = true }
twofish = "0.1.0" twofish = "0.1.0"
@ -34,7 +34,6 @@ stdweb = { version = "0.4.8", default-features = false }
[features] [features]
default = ["rsa", "secp256k1"] default = ["rsa", "secp256k1"]
rsa = ["ring/rsa_signing"] rsa = ["ring/rsa_signing"]
secp256k1 = ["eth-secp256k1"]
aes-all = ["aesni", "lazy_static"] aes-all = ["aesni", "lazy_static"]
[dev-dependencies] [dev-dependencies]

9
protocols/secio/src/handshake.rs
View File

@ -399,10 +399,9 @@ where
let data_to_sign = Sha256::digest(&data_to_sign); let data_to_sign = Sha256::digest(&data_to_sign);
let message = secp256k1::Message::from_slice(data_to_sign.as_ref()) let message = secp256k1::Message::from_slice(data_to_sign.as_ref())
.expect("digest output length doesn't match secp256k1 input length"); .expect("digest output length doesn't match secp256k1 input length");
let secp256k1 = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::SignOnly); let secp256k1 = secp256k1::Secp256k1::signing_only();
secp256k1 secp256k1
.sign(&message, private) .sign(&message, private)
.expect("failed to sign message")
.serialize_der(&secp256k1) .serialize_der(&secp256k1)
}, },
} }
@ -493,7 +492,7 @@ where
let data_to_verify = Sha256::digest(&data_to_verify); let data_to_verify = Sha256::digest(&data_to_verify);
let message = secp256k1::Message::from_slice(data_to_verify.as_ref()) let message = secp256k1::Message::from_slice(data_to_verify.as_ref())
.expect("digest output length doesn't match secp256k1 input length"); .expect("digest output length doesn't match secp256k1 input length");
let secp256k1 = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::VerifyOnly); let secp256k1 = secp256k1::Secp256k1::verification_only();
let signature = secp256k1::Signature::from_der(&secp256k1, remote_exch.get_signature()); let signature = secp256k1::Signature::from_der(&secp256k1, remote_exch.get_signature());
let remote_public_key = secp256k1::key::PublicKey::from_slice(&secp256k1, remote_public_key); let remote_public_key = secp256k1::key::PublicKey::from_slice(&secp256k1, remote_public_key);
if let (Ok(signature), Ok(remote_public_key)) = (signature, remote_public_key) { if let (Ok(signature), Ok(remote_public_key)) = (signature, remote_public_key) {
@ -525,7 +524,7 @@ where
Ok((remote_exch, socket, context)) Ok((remote_exch, socket, context))
}) })
// Generate a key from the local ephemeral private key and the remote ephemeral public key, // Generate a key from the local ephemeral private key and the remote ephemeral public key,
// derive from it a ciper key, an iv, and a hmac key, and build the encoder/decoder. // derive from it a cipher key, an iv, and a hmac key, and build the encoder/decoder.
.and_then(|(remote_exch, socket, context)| { .and_then(|(remote_exch, socket, context)| {
let (context, local_priv_key) = context.take_private_key(); let (context, local_priv_key) = context.take_private_key();
let key_size = context.state.remote.chosen_hash.num_bytes(); let key_size = context.state.remote.chosen_hash.num_bytes();
@ -533,7 +532,7 @@ where
.map(move |key_material| (socket, context, key_material)) .map(move |key_material| (socket, context, key_material))
}) })
// Generate a key from the local ephemeral private key and the remote ephemeral public key, // Generate a key from the local ephemeral private key and the remote ephemeral public key,
// derive from it a ciper key, an iv, and a hmac key, and build the encoder/decoder. // derive from it a cipher key, an iv, and a hmac key, and build the encoder/decoder.
.and_then(|(socket, context, key_material)| { .and_then(|(socket, context, key_material)| {
let chosen_cipher = context.state.remote.chosen_cipher; let chosen_cipher = context.state.remote.chosen_cipher;
let cipher_key_size = chosen_cipher.key_size(); let cipher_key_size = chosen_cipher.key_size();

22
protocols/secio/src/lib.rs
View File

@ -201,7 +201,7 @@ impl SecioConfig {
/// ///
/// Generating the keys: /// Generating the keys:
/// ///
/// ```ignore /// ```text
/// openssl genrsa -out private.pem 2048 /// openssl genrsa -out private.pem 2048
/// openssl rsa -in private.pem -outform DER -pubout -out public.der /// openssl rsa -in private.pem -outform DER -pubout -out public.der
/// openssl pkcs8 -in private.pem -topk8 -nocrypt -out private.pk8 /// openssl pkcs8 -in private.pem -topk8 -nocrypt -out private.pk8
@ -254,10 +254,13 @@ impl SecioKeyPair {
/// Generates a new random sec256k1 key pair. /// Generates a new random sec256k1 key pair.
#[cfg(feature = "secp256k1")] #[cfg(feature = "secp256k1")]
pub fn secp256k1_generated() -> Result<SecioKeyPair, Box<Error + Send + Sync>> { pub fn secp256k1_generated() -> Result<SecioKeyPair, Box<Error + Send + Sync>> {
let secp = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::Full); let secp = secp256k1::Secp256k1::new();
let (private, _) = secp.generate_keypair(&mut secp256k1::rand::thread_rng()) // TODO: This will work once 0.11.5 is released. See https://github.com/rust-bitcoin/rust-secp256k1/pull/80#pullrequestreview-172681778
.expect("failed to generate secp256k1 key"); // let private = secp256k1::key::SecretKey::new(&secp, &mut secp256k1::rand::thread_rng());
use rand::Rng;
let mut random_slice= [0u8; secp256k1::constants::SECRET_KEY_SIZE];
rand::thread_rng().fill(&mut random_slice[..]);
let private = secp256k1::key::SecretKey::from_slice(&secp, &random_slice).expect("slice has the right size");
Ok(SecioKeyPair { Ok(SecioKeyPair {
inner: SecioKeyPairInner::Secp256k1 { private }, inner: SecioKeyPairInner::Secp256k1 { private },
}) })
@ -269,7 +272,7 @@ impl SecioKeyPair {
where where
K: AsRef<[u8]>, K: AsRef<[u8]>,
{ {
let secp = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::None); let secp = secp256k1::Secp256k1::without_caps();
let private = secp256k1::key::SecretKey::from_slice(&secp, key.as_ref())?; let private = secp256k1::key::SecretKey::from_slice(&secp, key.as_ref())?;
Ok(SecioKeyPair { Ok(SecioKeyPair {
@ -304,10 +307,9 @@ impl SecioKeyPair {
} }
#[cfg(feature = "secp256k1")] #[cfg(feature = "secp256k1")]
SecioKeyPairInner::Secp256k1 { ref private } => { SecioKeyPairInner::Secp256k1 { ref private } => {
let secp = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::SignOnly); let secp = secp256k1::Secp256k1::signing_only();
let pubkey = secp256k1::key::PublicKey::from_secret_key(&secp, private) let pubkey = secp256k1::key::PublicKey::from_secret_key(&secp, private);
.expect("wrong secp256k1 private key; type safety violated"); PublicKey::Secp256k1(pubkey.serialize().to_vec())
PublicKey::Secp256k1(pubkey.serialize_vec(&secp, true).to_vec())
} }
} }
} }