Update crypto deps (#74)

* p256 & k256 from 0.10 -> 0.11

* p256 & k256 from 0.11 -> 0.12

- https://github.com/RustCrypto/traits/pull/1141/files
- https://github.com/RustCrypto/traits/blob/master/signature/CHANGELOG.md#200-2023-01-15

* p256 & k256 from 0.12 -> 0.13

* Remove unused lazy_static dep

* use non-deprecated solana_sdk::Keypair constructor

from_bytes -> try_from(slice)

* Update tpm ecdh

p256 used to provide a From implementation for AffinePoint to SharedSecret. We can recreate what it was doing using the AffineCoordinates trait.

RustCrypto/elliptic-curves@a7011d2#diff-c6f073a6c542e656510c60595c86058a65f58dc3f00824c7f505cf6b556d3b73L49-L53

- RustCrypto/elliptic-curves@a7011d2#diff-c6f073a6c542e656510c60595c86058a65f58dc3f00824c7f505cf6b556d3b73L49-L53
- https://docs.rs/elliptic-curve/0.13.8/elliptic_curve/point/trait.AffineCoordinates.html

Author: michaeldjeffrey

Cargo.toml

@@ -13,18 +13,18 @@ thiserror = "1"
 bs58 = { version = "0.5", features = ["check"] }
 base64 = ">=0.21"
 drop_guard = { version = "0.3.0", optional = true }
-signature = "1"
+signature = "2"
 serde = { version = "1", features = ["derive"] }
 rand_core = "^0.6"
 sha2 = { version = "0.10", default-features = false, features = ["std", "oid"] }
 ed25519-compact = { version = "2", features = ["std", "traits"] }
-p256 = { version = "0.10", default-features = false, features = [
+p256 = { version = "0.13", default-features = false, features = [
   "arithmetic",
   "ecdsa",
   "sha256",
   "ecdh",
 ] }
-k256 = { version = "0.10", default-features = false, features = [
+k256 = { version = "0.13", default-features = false, features = [
   "arithmetic",
   "ecdsa",
   "sha256",
@@ -36,7 +36,6 @@ rsa = { version = "0.4", optional = true, default-features = false, features = [
 ] }
 ecc608-linux = { version = "0", optional = true }
 tss-esapi = { version = "7", optional = true }
-lazy_static = "1.4.0"
 libc = { version = "0", optional = true }
 byteorder = { version = "1", optional = true }
 multihash = { version = "0.18", optional = true }

src/ecc_compact/mod.rs

@@ -1,7 +1,7 @@
 use crate::*;
 use p256::{
     ecdsa,
-    elliptic_curve::{ecdh, sec1::ToCompactEncodedPoint, DecompactPoint},
+    elliptic_curve::{ecdh, point::DecompactPoint, sec1::ToCompactEncodedPoint},
     FieldBytes,
 };
 use std::{hash::Hasher, ops::Deref};
@@ -29,7 +29,7 @@ pub trait IsCompactable {
 
 impl IsCompactable for p256::PublicKey {
     fn is_compactable(&self) -> bool {
-        self.as_affine().to_compact_encoded_point().is_some()
+        self.as_affine().to_compact_encoded_point().is_some().into()
     }
 }
 
@@ -61,7 +61,7 @@ impl TryFrom<&[u8]> for Keypair {
     fn try_from(input: &[u8]) -> Result<Self> {
         let network = Network::try_from(input[0])?;
         let secret =
-            p256::SecretKey::from_be_bytes(&input[1..usize::min(input.len(), KEYPAIR_LENGTH)])?;
+            p256::SecretKey::from_slice(&input[1..usize::min(input.len(), KEYPAIR_LENGTH)])?;
         let public_key =
             public_key::PublicKey::for_network(network, PublicKey(secret.public_key()));
         Ok(Keypair {
@@ -98,7 +98,7 @@ impl Keypair {
     }
 
     pub fn generate_from_entropy(network: Network, entropy: &[u8]) -> Result<Keypair> {
-        let secret = p256::SecretKey::from_be_bytes(entropy)?;
+        let secret = p256::SecretKey::from_slice(entropy)?;
         let public_key = secret.public_key();
         if !public_key.is_compactable() {
             return Err(Error::not_compact());
@@ -133,29 +133,13 @@ impl Keypair {
         C: TryInto<&'a PublicKey, Error = Error>,
     {
         let public_key = public_key.try_into()?;
-        let secret_key = p256::SecretKey::from_be_bytes(&self.secret.to_bytes())?;
+        let secret_key = p256::SecretKey::from_slice(&self.secret.to_bytes())?;
         let shared_secret =
             ecdh::diffie_hellman(secret_key.to_nonzero_scalar(), public_key.0.as_affine());
         Ok(SharedSecret(shared_secret))
     }
 }
 
-impl signature::Signature for Signature {
-    fn from_bytes(input: &[u8]) -> std::result::Result<Self, signature::Error> {
-        Ok(Signature(signature::Signature::from_bytes(input)?))
-    }
-
-    fn as_bytes(&self) -> &[u8] {
-        self.0.as_bytes()
-    }
-}
-
-impl AsRef<[u8]> for Signature {
-    fn as_ref(&self) -> &[u8] {
-        self.0.as_ref()
-    }
-}
-
 impl signature::Signer<Signature> for Keypair {
     fn try_sign(&self, msg: &[u8]) -> std::result::Result<Signature, signature::Error> {
         Ok(Signature(self.secret.sign(msg)))
@@ -164,7 +148,9 @@ impl signature::Signer<Signature> for Keypair {
 
 impl Signature {
     pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
-        Ok(Signature(signature::Signature::from_bytes(bytes)?))
+        ecdsa::Signature::try_from(bytes)
+            .map(Signature)
+            .map_err(error::Error::from)
     }
 
     pub fn to_vec(&self) -> Vec<u8> {
@@ -210,14 +196,16 @@ impl TryFrom<&[u8]> for PublicKey {
             use p256::elliptic_curve::sec1::FromEncodedPoint;
             let encoded_point =
                 p256::EncodedPoint::from_bytes(input).map_err(p256::elliptic_curve::Error::from)?;
+
             // Convert to an affine point, then to the compact encoded form.
             // Then finally convert to the p256 public key.
-            let public_key = Option::from(p256::AffinePoint::from_encoded_point(&encoded_point))
-                .and_then(|affine_point: p256::AffinePoint| affine_point.to_compact_encoded_point())
-                .and_then(|compact_point| {
-                    Option::from(p256::PublicKey::from_encoded_point(&compact_point))
-                });
-            Ok(PublicKey(public_key.ok_or_else(Error::not_compact)?))
+            let public_key = p256::AffinePoint::from_encoded_point(&encoded_point)
+                .and_then(|affine_point| affine_point.to_compact_encoded_point())
+                .and_then(|compact_point| p256::PublicKey::from_encoded_point(&compact_point));
+
+            // Break out of constant time operations
+            let pub_key_opt = Option::from(public_key);
+            Ok(PublicKey(pub_key_opt.ok_or_else(Error::not_compact)?))
         }
     }
 }
@@ -358,6 +346,9 @@ mod tests {
         // And now do an ecdh with my keypair and the other public key and
         // compare it with the shared secret that the erlang ecdh generated
         let shared_secret = keypair.ecdh(&other_public_key).expect("shared secret");
-        assert_eq!(shared_secret.as_bytes().as_slice(), OTHER_SHARED_SECRET);
+        assert_eq!(
+            shared_secret.raw_secret_bytes().as_slice(),
+            OTHER_SHARED_SECRET
+        );
     }
 }

src/ed25519/mod.rs

@@ -95,19 +95,6 @@ impl Keypair {
     }
 }
 
-impl signature::Signature for Signature {
-    fn from_bytes(input: &[u8]) -> std::result::Result<Self, signature::Error> {
-        Ok(Signature(
-            ed25519_compact::Signature::from_slice(input)
-                .map_err(|_| signature::Error::default())?,
-        ))
-    }
-
-    fn as_bytes(&self) -> &[u8] {
-        self.0.as_ref()
-    }
-}
-
 impl AsRef<[u8]> for Signature {
     fn as_ref(&self) -> &[u8] {
         self.0.as_ref()
@@ -257,11 +244,11 @@ mod tests {
         use solana_sdk::signature as solana_sdk;
         use std::convert::TryInto;
 
-        let solana_wallet = solana_sdk::Keypair::from_bytes(&BYTES).unwrap();
+        let solana_wallet = solana_sdk::Keypair::try_from(&BYTES[..]).unwrap();
         let solana_pubkey = solana_sdk::Signer::pubkey(&solana_wallet);
 
         let entropy = &BYTES[..32];
-        let keypair = Keypair::generate_from_entropy(Network::MainNet, &entropy).expect("keypair");
+        let keypair = Keypair::generate_from_entropy(Network::MainNet, entropy).expect("keypair");
         let solana_pubkey_from_helium = keypair.public_key.try_into().unwrap();
         assert_eq!(solana_pubkey, solana_pubkey_from_helium);
     }

src/keypair.rs

@@ -279,7 +279,11 @@ mod tests {
         let other_shared = other
             .ecdh(key_pair.public_key())
             .expect("other shared secret");
-        assert_eq!(keypair_shared.as_bytes(), other_shared.as_bytes());
+
+        assert_eq!(
+            keypair_shared.raw_secret_bytes(),
+            other_shared.raw_secret_bytes()
+        );
     }
 
     fn seed_roundtrip(key_tag: KeyTag) {

src/secp256k1/mod.rs

@@ -48,7 +48,7 @@ impl TryFrom<&[u8]> for Keypair {
     type Error = super::error::Error;
     fn try_from(input: &[u8]) -> Result<Self> {
         let network = Network::try_from(input[0])?;
-        let secret = k256::SecretKey::from_be_bytes(&input[1..])?;
+        let secret = k256::SecretKey::from_slice(&input[1..])?;
         let public_key =
             public_key::PublicKey::for_network(network, PublicKey(secret.public_key()));
         Ok(Keypair {
@@ -81,7 +81,7 @@ impl Keypair {
     }
 
     pub fn generate_from_entropy(network: Network, entropy: &[u8]) -> Result<Keypair> {
-        let secret = k256::SecretKey::from_be_bytes(entropy)?;
+        let secret = k256::SecretKey::from_slice(entropy)?;
         let public_key = secret.public_key();
         Ok(Keypair {
             network,
@@ -109,22 +109,6 @@ impl Keypair {
     }
 }
 
-impl signature::Signature for Signature {
-    fn from_bytes(input: &[u8]) -> std::result::Result<Self, signature::Error> {
-        Ok(Signature(signature::Signature::from_bytes(input)?))
-    }
-
-    fn as_bytes(&self) -> &[u8] {
-        self.0.as_bytes()
-    }
-}
-
-impl AsRef<[u8]> for Signature {
-    fn as_ref(&self) -> &[u8] {
-        self.0.as_ref()
-    }
-}
-
 impl signature::Signer<Signature> for Keypair {
     fn try_sign(&self, msg: &[u8]) -> std::result::Result<Signature, signature::Error> {
         Ok(Signature(self.secret.sign(msg)))
@@ -133,7 +117,9 @@ impl signature::Signer<Signature> for Keypair {
 
 impl Signature {
     pub fn from_be_bytes(bytes: &[u8]) -> Result<Self> {
-        Ok(Signature(signature::Signature::from_bytes(bytes)?))
+        ecdsa::Signature::try_from(bytes)
+            .map(Signature)
+            .map_err(error::Error::from)
     }
 
     pub fn to_vec(&self) -> Vec<u8> {

src/tpm/mod.rs

@@ -101,8 +101,9 @@ impl KeypairHandle {
         let encoded_point = p256::EncodedPoint::from_bytes(shared_secret_bytes.as_slice())
             .map_err(p256::elliptic_curve::Error::from)?;
         let affine_point = p256::AffinePoint::from_encoded_point(&encoded_point).unwrap();
+
         Ok(ecc_compact::SharedSecret(p256::ecdh::SharedSecret::from(
-            &affine_point,
+            p256::elliptic_curve::point::AffineCoordinates::x(&affine_point),
         )))
     }
 }