From 17bb6be34b12c49aaa21c294f208898267966179 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sat, 17 Jul 2021 14:27:25 +0100 Subject: [PATCH 01/18] tink-proto: move to core+alloc The "json" feature requires the base64 and serde dependencies to have their "alloc" feature enabled. --- Cargo.lock | 132 ++++++++++++++++++++++++++++++++++++----------- proto/Cargo.toml | 8 +-- proto/src/lib.rs | 8 +++ 3 files changed, 114 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b146680e..f8eb894a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1010,6 +1010,15 @@ dependencies = [ "hashbrown", ] +[[package]] +name = "itertools" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "284f18f85651fe11e8a991b2adb42cb078325c996ed026d994719efcfca1d54b" +dependencies = [ + "either", +] + [[package]] name = "itertools" version = "0.10.1" @@ -1388,6 +1397,16 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "prost" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e6984d2f1a23009bd270b8bb56d0926810a3d483f59c987d77969e9d8e840b2" +dependencies = [ + "bytes", + "prost-derive 0.7.0", +] + [[package]] name = "prost" version = "0.8.0" @@ -1395,7 +1414,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" dependencies = [ "bytes", - "prost-derive", + "prost-derive 0.8.0", +] + +[[package]] +name = "prost-build" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32d3ebd75ac2679c2af3a92246639f9fcc8a442ee420719cc4fe195b98dd5fa3" +dependencies = [ + "bytes", + "heck", + "itertools 0.9.0", + "log", + "multimap", + "petgraph", + "prost 0.7.0", + "prost-types 0.7.0", + "tempfile", + "which", ] [[package]] @@ -1406,16 +1443,29 @@ checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" dependencies = [ "bytes", "heck", - "itertools", + "itertools 0.10.1", "log", "multimap", "petgraph", - "prost", - "prost-types", + "prost 0.8.0", + "prost-types 0.8.0", "tempfile", "which", ] +[[package]] +name = "prost-derive" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "169a15f3008ecb5160cba7d37bcd690a7601b6d30cfb87a117d45e59d52af5d4" +dependencies = [ + "anyhow", + "itertools 0.9.0", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "prost-derive" version = "0.8.0" @@ -1423,12 +1473,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" dependencies = [ "anyhow", - "itertools", + "itertools 0.10.1", "proc-macro2", "quote", "syn", ] +[[package]] +name = "prost-types" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b518d7cdd93dab1d1122cf07fa9a60771836c668dde9d9e2a139f957f0d9f1bb" +dependencies = [ + "bytes", + "prost 0.7.0", +] + [[package]] name = "prost-types" version = "0.8.0" @@ -1436,7 +1496,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" dependencies = [ "bytes", - "prost", + "prost 0.8.0", ] [[package]] @@ -1616,7 +1676,7 @@ dependencies = [ "tink-gcpkms", "tink-mac", "tink-prf", - "tink-proto", + "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", ] @@ -2074,11 +2134,11 @@ dependencies = [ "aes-gcm-siv", "chacha20poly1305", "generic-array", - "prost", + "prost 0.8.0", "rand 0.7.3", "tink-core", "tink-mac", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2102,14 +2162,14 @@ dependencies = [ "digest", "hkdf", "lazy_static", - "prost", + "prost 0.8.0", "rand 0.7.3", "serde", "serde_json", "sha-1", "sha2", "subtle", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2118,9 +2178,9 @@ version = "0.2.0" dependencies = [ "aead", "aes-siv", - "prost", + "prost 0.8.0", "tink-core", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2146,10 +2206,10 @@ dependencies = [ name = "tink-mac" version = "0.2.0" dependencies = [ - "prost", + "prost 0.8.0", "tink-core", "tink-prf", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2161,20 +2221,32 @@ dependencies = [ "digest", "hkdf", "hmac", - "prost", + "prost 0.8.0", "sha-1", "sha2", "tink-core", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] name = "tink-proto" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f097af9d2db1a08ea01008f88bc803d8bda25c13bfdc076df7449da907e259f" +dependencies = [ + "base64", + "prost 0.7.0", + "prost-build 0.7.0", + "serde", +] + +[[package]] +name = "tink-proto" +version = "0.3.0" dependencies = [ "base64", - "prost", - "prost-build", + "prost 0.8.0", + "prost-build 0.8.0", "serde", ] @@ -2186,11 +2258,11 @@ dependencies = [ "ed25519-dalek", "generic-array", "p256", - "prost", + "prost 0.8.0", "rand 0.7.3", "signature", "tink-core", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2199,11 +2271,11 @@ version = "0.2.0" dependencies = [ "aes", "aes-gcm", - "prost", + "prost 0.8.0", "rand 0.7.3", "tink-core", "tink-mac", - "tink-proto", + "tink-proto 0.2.0", ] [[package]] @@ -2213,14 +2285,14 @@ dependencies = [ "env_logger", "futures", "log", - "prost", + "prost 0.8.0", "structopt", "tink-aead", "tink-core", "tink-daead", "tink-mac", "tink-prf", - "tink-proto", + "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", "tink-tests", @@ -2240,7 +2312,7 @@ dependencies = [ "lazy_static", "maplit", "p256", - "prost", + "prost 0.8.0", "rand 0.7.3", "regex", "serde", @@ -2253,7 +2325,7 @@ dependencies = [ "tink-gcpkms", "tink-mac", "tink-prf", - "tink-proto", + "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", ] @@ -2378,8 +2450,8 @@ dependencies = [ "hyper-timeout", "percent-encoding", "pin-project 1.0.2", - "prost", - "prost-derive", + "prost 0.8.0", + "prost-derive 0.8.0", "tokio", "tokio-stream", "tokio-util", @@ -2397,7 +2469,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d12faebbe071b06f486be82cc9318350814fdd07fcb28f3690840cd770599283" dependencies = [ "proc-macro2", - "prost-build", + "prost-build 0.8.0", "quote", "syn", ] diff --git a/proto/Cargo.toml b/proto/Cargo.toml index 0193e918..caa5bf95 100644 --- a/proto/Cargo.toml +++ b/proto/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-proto" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -14,9 +14,9 @@ default = [] json = ["base64", "serde"] [dependencies] -base64 = { version = "^0.13", optional = true } -prost = "^0.8" -serde = { version = "^1.0.126", features = ["derive"], optional = true } +base64 = { version = "^0.13", default-features = false, features = ["alloc"], optional = true } +prost = { version = "^0.8", default-features = false } +serde = { version = "^1.0.126", default-features = false, features = ["alloc", "derive"], optional = true } [build-dependencies] prost-build = "^0.8" diff --git a/proto/src/lib.rs b/proto/src/lib.rs index 3560a45b..9d4e812c 100644 --- a/proto/src/lib.rs +++ b/proto/src/lib.rs @@ -16,8 +16,12 @@ //! Protocol buffer message definitions for Tink. +#![no_std] #![deny(broken_intra_doc_links)] +#[cfg(feature = "json")] +extern crate alloc; + #[cfg(not(feature = "json"))] include!("codegen/google.crypto.tink.rs"); #[cfg(feature = "json")] @@ -30,6 +34,7 @@ pub mod json { //! the `i32` values used by prost. pub mod key_status_type { //! Manual JSON serialization for [`KeyStatusType`](crate::KeyStatusType) enums. + use alloc::string::String; use serde::Deserialize; pub fn serialize( val: &i32, @@ -56,6 +61,7 @@ pub mod json { } pub mod output_prefix_type { //! Manual JSON serialization for [`OutputPrefixType`](crate::OutputPrefixType) enums. + use alloc::string::String; use serde::Deserialize; pub fn serialize( val: &i32, @@ -85,6 +91,7 @@ pub mod json { pub mod key_material_type { //! Manual JSON serialization for [`KeyMaterialType`](crate::key_data::KeyMaterialType) //! enums. + use alloc::string::String; use serde::Deserialize; pub fn serialize( val: &i32, @@ -113,6 +120,7 @@ pub mod json { } pub mod b64 { //! Manual serialization implementations for base64-encoded binary data. + use alloc::{string::String, vec::Vec}; use serde::Deserialize; pub fn serialize( val: &[u8], From 6613df93e2973890c0ad5688f77e29638f274c4d Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sat, 17 Jul 2021 18:28:03 +0100 Subject: [PATCH 02/18] tink-core: move to core+alloc with std feature Requires use of `rand::OsRng` (and with it the `getrandom` feature of the `rand` crate) rather than `rand::thread_rng()`. --- Cargo.lock | 89 +++++++++++++++++++++++------- core/Cargo.toml | 24 +++++--- core/src/aead.rs | 2 + core/src/cryptofmt/mod.rs | 1 + core/src/deterministic_aead.rs | 2 + core/src/hybrid_decrypt.rs | 2 + core/src/hybrid_encrypt.rs | 2 + core/src/keyset/handle.rs | 6 +- core/src/keyset/manager.rs | 7 +-- core/src/keyset/mod.rs | 2 + core/src/keyset/validation.rs | 1 + core/src/lib.rs | 11 +++- core/src/mac.rs | 2 + core/src/prf.rs | 2 + core/src/primitiveset/mod.rs | 18 ++++-- core/src/registry/key_manager.rs | 3 +- core/src/registry/key_templates.rs | 19 +++---- core/src/registry/kms_client.rs | 5 +- core/src/registry/mod.rs | 25 +++------ core/src/signer.rs | 2 + core/src/subtle/hkdf.rs | 1 + core/src/subtle/mod.rs | 1 + core/src/subtle/random.rs | 9 +-- core/src/utils.rs | 29 +++++++--- core/src/verifier.rs | 2 + deny.toml | 5 ++ 26 files changed, 187 insertions(+), 85 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f8eb894a..fa2a16c1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -548,7 +548,7 @@ version = "0.2.0" dependencies = [ "hex", "tink-aead", - "tink-core", + "tink-core 0.2.0", ] [[package]] @@ -556,7 +556,7 @@ name = "example-daead" version = "0.2.0" dependencies = [ "hex", - "tink-core", + "tink-core 0.2.0", "tink-daead", ] @@ -564,7 +564,7 @@ dependencies = [ name = "example-keygen" version = "0.2.0" dependencies = [ - "tink-core", + "tink-core 0.2.0", "tink-daead", ] @@ -573,7 +573,7 @@ name = "example-keymgr" version = "0.2.0" dependencies = [ "tink-aead", - "tink-core", + "tink-core 0.2.0", ] [[package]] @@ -583,7 +583,7 @@ dependencies = [ "hex", "tink-aead", "tink-awskms", - "tink-core", + "tink-core 0.2.0", ] [[package]] @@ -591,7 +591,7 @@ name = "example-mac" version = "0.2.0" dependencies = [ "hex", - "tink-core", + "tink-core 0.2.0", "tink-mac", ] @@ -600,7 +600,7 @@ name = "example-signature" version = "0.2.0" dependencies = [ "hex", - "tink-core", + "tink-core 0.2.0", "tink-signature", ] @@ -609,7 +609,7 @@ name = "example-streaming" version = "0.2.0" dependencies = [ "tempfile", - "tink-core", + "tink-core 0.2.0", "tink-streaming-aead", ] @@ -1048,6 +1048,9 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin 0.5.2", +] [[package]] name = "libc" @@ -1055,6 +1058,15 @@ version = "0.2.98" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790" +[[package]] +name = "lock_api" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0382880606dff6d15c9476c416d18690b72742aa7b605bb6dd6ec9030fbf07eb" +dependencies = [ + "scopeguard", +] + [[package]] name = "log" version = "0.4.14" @@ -1658,7 +1670,7 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", + "spin 0.5.2", "untrusted", "web-sys", "winapi", @@ -1671,7 +1683,7 @@ dependencies = [ "structopt", "tink-aead", "tink-awskms", - "tink-core", + "tink-core 0.2.0", "tink-daead", "tink-gcpkms", "tink-mac", @@ -1814,6 +1826,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "scopeguard" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + [[package]] name = "sct" version = "0.6.0" @@ -1987,6 +2005,15 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "511254be0c5bcf062b019a6c89c01a664aa359ded62f78aa72c6fc137c0590e5" +dependencies = [ + "lock_api", +] + [[package]] name = "spki" version = "0.3.0" @@ -2136,7 +2163,7 @@ dependencies = [ "generic-array", "prost 0.8.0", "rand 0.7.3", - "tink-core", + "tink-core 0.2.0", "tink-mac", "tink-proto 0.2.0", ] @@ -2151,18 +2178,20 @@ dependencies = [ "rusoto_core", "rusoto_credential", "rusoto_kms", - "tink-core", + "tink-core 0.2.0", "tokio", ] [[package]] name = "tink-core" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7fefcbc7d04471b83ca8b3c445c376d45a8ab8fc35c3aa215df51f90aa95737" dependencies = [ "digest", "hkdf", "lazy_static", - "prost 0.8.0", + "prost 0.7.0", "rand 0.7.3", "serde", "serde_json", @@ -2172,6 +2201,24 @@ dependencies = [ "tink-proto 0.2.0", ] +[[package]] +name = "tink-core" +version = "0.3.0" +dependencies = [ + "digest", + "hkdf", + "lazy_static", + "prost 0.8.0", + "rand 0.7.3", + "serde", + "serde_json", + "sha-1", + "sha2", + "spin 0.9.2", + "subtle", + "tink-proto 0.3.0", +] + [[package]] name = "tink-daead" version = "0.2.0" @@ -2179,7 +2226,7 @@ dependencies = [ "aead", "aes-siv", "prost 0.8.0", - "tink-core", + "tink-core 0.2.0", "tink-proto 0.2.0", ] @@ -2197,7 +2244,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "tink-core", + "tink-core 0.2.0", "tokio", "yup-oauth2", ] @@ -2207,7 +2254,7 @@ name = "tink-mac" version = "0.2.0" dependencies = [ "prost 0.8.0", - "tink-core", + "tink-core 0.2.0", "tink-prf", "tink-proto 0.2.0", ] @@ -2224,7 +2271,7 @@ dependencies = [ "prost 0.8.0", "sha-1", "sha2", - "tink-core", + "tink-core 0.2.0", "tink-proto 0.2.0", ] @@ -2261,7 +2308,7 @@ dependencies = [ "prost 0.8.0", "rand 0.7.3", "signature", - "tink-core", + "tink-core 0.2.0", "tink-proto 0.2.0", ] @@ -2273,7 +2320,7 @@ dependencies = [ "aes-gcm", "prost 0.8.0", "rand 0.7.3", - "tink-core", + "tink-core 0.2.0", "tink-mac", "tink-proto 0.2.0", ] @@ -2288,7 +2335,7 @@ dependencies = [ "prost 0.8.0", "structopt", "tink-aead", - "tink-core", + "tink-core 0.2.0", "tink-daead", "tink-mac", "tink-prf", @@ -2320,7 +2367,7 @@ dependencies = [ "tempfile", "tink-aead", "tink-awskms", - "tink-core", + "tink-core 0.2.0", "tink-daead", "tink-gcpkms", "tink-mac", diff --git a/core/Cargo.toml b/core/Cargo.toml index 3478aa53..9877e119 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-core" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -14,20 +14,26 @@ default = [] # The `insecure` feature enables methods that expose unencrypted key material insecure = [] # The `json` feature enables methods for serializing keysets to/from JSON. -json = ["tink-proto/json", "serde", "serde_json"] +json = ["tink-proto/json", "serde", "serde_json", "std"] +# The `std` feature enables: +# - the `StreamingAead` primitive +# - full `Error` behaviour for `TinkError` +# - methods for serializing keysets to/from binary. +std = [] [dependencies] digest = "^0.9" hkdf = "^0.11" -lazy_static = "^1.4" -prost = "^0.8" -rand = "^0.7" +lazy_static = { version = "^1.4", features = ["spin_no_std"] } +prost = { version = "^0.8", default-features = false } +rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } serde = { version = "^1.0.126", features = ["derive"], optional = true } serde_json = { version = "^1.0.64", optional = true } -sha-1 = "^0.9.7" -sha2 = "^0.9.5" -subtle = "^2.4" -tink-proto = "^0.2" +sha-1 = { version = "^0.9.7", default-features = false } +sha2 = { version = "^0.9.5", default-features = false } +spin = { version = "^0.9.2", features = ["once"] } +subtle = { version = "^2.4", default-features = false } +tink-proto = "^0.3" [package.metadata.docs.rs] all-features = true diff --git a/core/src/aead.rs b/core/src/aead.rs index 0cabf6ce..c676bbb3 100644 --- a/core/src/aead.rs +++ b/core/src/aead.rs @@ -16,6 +16,8 @@ //! Authenticated encryption with additional authenticated data. +use alloc::{boxed::Box, vec::Vec}; + /// `Aead` is the interface for authenticated encryption with additional authenticated data. /// /// Implementations of this trait are secure against adaptive chosen ciphertext attacks. diff --git a/core/src/cryptofmt/mod.rs b/core/src/cryptofmt/mod.rs index 7434f61d..2e1fa7ba 100644 --- a/core/src/cryptofmt/mod.rs +++ b/core/src/cryptofmt/mod.rs @@ -17,6 +17,7 @@ //! Provides constants and convenience methods that define the format of ciphertexts and signatures. use crate::TinkError; +use alloc::vec::Vec; use tink_proto::OutputPrefixType; /// Prefix size of Tink and Legacy key types. diff --git a/core/src/deterministic_aead.rs b/core/src/deterministic_aead.rs index 5b9f6168..b2f0f0f1 100644 --- a/core/src/deterministic_aead.rs +++ b/core/src/deterministic_aead.rs @@ -16,6 +16,8 @@ //! Deterministic authenticated encryption with associated data. +use alloc::{boxed::Box, vec::Vec}; + /// `DeterministicAead` is the interface for deterministic authenticated encryption with associated /// data. /// diff --git a/core/src/hybrid_decrypt.rs b/core/src/hybrid_decrypt.rs index f7afd108..43904e7d 100644 --- a/core/src/hybrid_decrypt.rs +++ b/core/src/hybrid_decrypt.rs @@ -16,6 +16,8 @@ //! Hybrid decryption. +use alloc::{boxed::Box, vec::Vec}; + /// `HybridDecrypt` is the interface for hybrid decryption. /// /// Hybrid Encryption combines the efficiency of symmetric encryption with the convenience of diff --git a/core/src/hybrid_encrypt.rs b/core/src/hybrid_encrypt.rs index 583ab9eb..453de0bc 100644 --- a/core/src/hybrid_encrypt.rs +++ b/core/src/hybrid_encrypt.rs @@ -16,6 +16,8 @@ //! Hybrid encryption. +use alloc::{boxed::Box, vec::Vec}; + /// `HybridEncrypt` is the interface for hybrid encryption. /// /// Hybrid Encryption combines the efficiency of symmetric encryption with the convenience of diff --git a/core/src/keyset/handle.rs b/core/src/keyset/handle.rs index 53dedbca..448a6ed3 100644 --- a/core/src/keyset/handle.rs +++ b/core/src/keyset/handle.rs @@ -17,8 +17,8 @@ //! Handle wrapper for keysets. use crate::{utils::wrap_err, TinkError}; +use alloc::{boxed::Box, format, string::ToString, sync::Arc, vec, vec::Vec}; use prost::Message; -use std::sync::Arc; use tink_proto::{key_data::KeyMaterialType, Keyset, KeysetInfo}; /// `Handle` provides access to a [`Keyset`] protobuf, to limit the exposure @@ -351,10 +351,10 @@ fn get_key_info(key: &tink_proto::keyset::Key) -> tink_proto::keyset_info::KeyIn } } -impl std::fmt::Debug for Handle { +impl core::fmt::Debug for Handle { /// Return a string representation of the managed keyset. /// The result does not contain any sensitive key material. - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { write!(f, "{:?}", get_keyset_info(&self.ks)) } } diff --git a/core/src/keyset/manager.rs b/core/src/keyset/manager.rs index 00540541..e918d459 100644 --- a/core/src/keyset/manager.rs +++ b/core/src/keyset/manager.rs @@ -17,7 +17,8 @@ //! Utilities for managing keys in a keyset. use crate::{utils::wrap_err, KeyId, TinkError}; -use rand::Rng; +use alloc::format; +use rand::{rngs::OsRng, Rng}; use tink_proto::{KeyStatusType, OutputPrefixType}; /// Manager manages a [`Keyset`](tink_proto::Keyset)-proto, with convenience methods that rotate, @@ -209,10 +210,8 @@ impl Manager { /// Generate a key id that has not been used by any key in the [`Keyset`](tink_proto::Keyset). fn new_key_id(&self) -> KeyId { - let mut rng = rand::thread_rng(); - loop { - let ret = rng.gen::(); + let ret = OsRng.gen::(); if self.ks.key.iter().any(|x| x.key_id == ret) { continue; } diff --git a/core/src/keyset/mod.rs b/core/src/keyset/mod.rs index 5a32ffec..51a167f1 100644 --- a/core/src/keyset/mod.rs +++ b/core/src/keyset/mod.rs @@ -16,7 +16,9 @@ //! Provide methods to generate, read, write or validate keysets. +#[cfg(feature = "std")] mod binary_io; +#[cfg(feature = "std")] pub use binary_io::*; mod handle; pub use handle::*; diff --git a/core/src/keyset/validation.rs b/core/src/keyset/validation.rs index c4827381..0b194284 100644 --- a/core/src/keyset/validation.rs +++ b/core/src/keyset/validation.rs @@ -17,6 +17,7 @@ //! Keyset validation functions. use crate::TinkError; +use alloc::format; /// Check whether the given version is valid. The version is valid /// only if it is the range [0..max_expected]. diff --git a/core/src/lib.rs b/core/src/lib.rs index 64afeaca..84f6d19d 100644 --- a/core/src/lib.rs +++ b/core/src/lib.rs @@ -15,9 +15,13 @@ //////////////////////////////////////////////////////////////////////////////// //! Core crate for Tink. - +#![cfg_attr(not(feature = "std"), no_std)] #![deny(broken_intra_doc_links)] +extern crate alloc; + +use alloc::boxed::Box; + pub mod cryptofmt; pub mod keyset; pub mod primitiveset; @@ -48,7 +52,9 @@ mod prf; pub use prf::*; mod signer; pub use signer::*; +#[cfg(feature = "std")] mod streamingaead; +#[cfg(feature = "std")] pub use streamingaead::*; mod verifier; pub use verifier::*; @@ -62,6 +68,7 @@ pub enum Primitive { Mac(Box), Prf(Box), Signer(Box), + #[cfg(feature = "std")] StreamingAead(Box), Verifier(Box), } @@ -79,6 +86,7 @@ impl Clone for Primitive { Primitive::Mac(p) => Primitive::Mac(p.box_clone()), Primitive::Prf(p) => Primitive::Prf(p.box_clone()), Primitive::Signer(p) => Primitive::Signer(p.box_clone()), + #[cfg(feature = "std")] Primitive::StreamingAead(p) => Primitive::StreamingAead(p.box_clone()), Primitive::Verifier(p) => Primitive::Verifier(p.box_clone()), } @@ -151,6 +159,7 @@ impl From for Box { } } +#[cfg(feature = "std")] impl From for Box { fn from(p: Primitive) -> Box { match p { diff --git a/core/src/mac.rs b/core/src/mac.rs index 6826cd86..4c86ebac 100644 --- a/core/src/mac.rs +++ b/core/src/mac.rs @@ -16,6 +16,8 @@ //! Message Authentication Codes. +use alloc::{boxed::Box, vec::Vec}; + /// `Mac` is the interface for MACs (Message Authentication Codes). /// This interface should be used for authentication only, and not for other purposes /// (for example, it should not be used to generate pseudorandom bytes). diff --git a/core/src/prf.rs b/core/src/prf.rs index a54a2efb..2d26ede2 100644 --- a/core/src/prf.rs +++ b/core/src/prf.rs @@ -16,6 +16,8 @@ //! Pseudo-random function. +use alloc::{boxed::Box, vec::Vec}; + /// The `Prf` trait is an abstraction for an element of a pseudo random /// function family, selected by a key. It has the following property: /// * It is deterministic. `compute_prf(input, length)` will always return the same output if the diff --git a/core/src/primitiveset/mod.rs b/core/src/primitiveset/mod.rs index 2991b95c..5803d732 100644 --- a/core/src/primitiveset/mod.rs +++ b/core/src/primitiveset/mod.rs @@ -21,7 +21,12 @@ //! primary" one. use crate::utils::{wrap_err, TinkError}; -use std::collections::{hash_map, HashMap}; +use alloc::{ + boxed::Box, + collections::{btree_map, BTreeMap}, + vec, + vec::Vec, +}; /// `Entry` represents a single entry in the keyset. In addition to the actual /// primitive, it holds the identifier and status of the primitive. @@ -71,7 +76,7 @@ pub struct PrimitiveSet { // The primitives are stored in a map of (ciphertext prefix, list of // primitives sharing the prefix). This allows quickly retrieving the // primitives sharing some particular prefix. - pub entries: HashMap, Vec>, + pub entries: BTreeMap, Vec>, } impl PrimitiveSet { @@ -79,7 +84,7 @@ impl PrimitiveSet { pub fn new() -> Self { PrimitiveSet { primary: None, - entries: HashMap::new(), + entries: BTreeMap::new(), } } @@ -118,8 +123,8 @@ impl PrimitiveSet { ); let retval = entry.clone(); match self.entries.entry(prefix) { - hash_map::Entry::Occupied(mut oe) => oe.get_mut().push(entry), - hash_map::Entry::Vacant(ve) => { + btree_map::Entry::Occupied(mut oe) => oe.get_mut().push(entry), + btree_map::Entry::Vacant(ve) => { ve.insert(vec![entry]); } }; @@ -158,7 +163,7 @@ pub struct TypedPrimitiveSet> { // The primitives are stored in a map of (ciphertext prefix, list of // primitives sharing the prefix). This allows quickly retrieving the // primitives sharing some particular prefix. - pub entries: HashMap, Vec>>, + pub entries: BTreeMap, Vec>>, } impl> TypedPrimitiveSet

{ @@ -251,6 +256,7 @@ impl Clone for TypedEntry> { } } } +#[cfg(feature = "std")] impl Clone for TypedEntry> { fn clone(&self) -> Self { Self { diff --git a/core/src/registry/key_manager.rs b/core/src/registry/key_manager.rs index 6be1eaf9..ad9bfb68 100644 --- a/core/src/registry/key_manager.rs +++ b/core/src/registry/key_manager.rs @@ -17,6 +17,7 @@ //! Trait definition for key managers. use crate::TinkError; +use alloc::string::ToString; /// `KeyManager` "understands" keys of a specific key types: it can generate keys of a supported /// type and create primitives for supported keys. A key type is identified by the global name of @@ -29,7 +30,7 @@ pub trait KeyManager: Send + Sync { /// Generate a new key according to specification in `serialized_key_format`, which must be /// supported by this manager, returned as a serialized protocol buffer. - fn new_key(&self, serialized_key_format: &[u8]) -> Result, TinkError>; + fn new_key(&self, serialized_key_format: &[u8]) -> Result, TinkError>; /// Return true iff this [`KeyManager`] supports key type identified by `type_url`. fn does_support(&self, type_url: &str) -> bool { diff --git a/core/src/registry/key_templates.rs b/core/src/registry/key_templates.rs index 5a30d8a7..69aed5d2 100644 --- a/core/src/registry/key_templates.rs +++ b/core/src/registry/key_templates.rs @@ -16,36 +16,31 @@ //! Provides a registry of generator functions that return [`tink_proto::KeyTemplate`] objects. +use alloc::{collections::BTreeMap, string::ToString}; use lazy_static::lazy_static; -use std::{collections::HashMap, sync::RwLock}; +use spin::RwLock; pub type KeyTemplateGenerator = fn() -> tink_proto::KeyTemplate; lazy_static! { /// Global registry of key template generator functions, indexed by template name. - static ref TEMPLATE_GENERATORS: RwLock> = - RwLock::new(HashMap::new()); + static ref TEMPLATE_GENERATORS: RwLock> = + RwLock::new(BTreeMap::new()); } /// Register a key template generator function by name. pub fn register_template_generator(name: &str, generator: KeyTemplateGenerator) { TEMPLATE_GENERATORS .write() - .unwrap() // safe: lock .insert(name.to_string(), generator); } /// Find a key template generator function by name. pub fn get_template_generator(name: &str) -> Option { - TEMPLATE_GENERATORS.read().unwrap().get(name).copied() // safe: lock + TEMPLATE_GENERATORS.read().get(name).copied() } /// Return all available key template generator names. -pub fn template_names() -> Vec { - TEMPLATE_GENERATORS - .read() - .unwrap() // safe: lock - .keys() - .cloned() - .collect() +pub fn template_names() -> alloc::vec::Vec { + TEMPLATE_GENERATORS.read().keys().cloned().collect() } diff --git a/core/src/registry/kms_client.rs b/core/src/registry/kms_client.rs index d3ade597..715ab589 100644 --- a/core/src/registry/kms_client.rs +++ b/core/src/registry/kms_client.rs @@ -22,5 +22,8 @@ pub trait KmsClient: Send + Sync { fn supported(&self, key_uri: &str) -> bool; /// Get an [`Aead`](crate::Aead) backend by `key_uri`. - fn get_aead(&self, key_uri: &str) -> Result, crate::TinkError>; + fn get_aead( + &self, + key_uri: &str, + ) -> Result, crate::TinkError>; } diff --git a/core/src/registry/mod.rs b/core/src/registry/mod.rs index 3c6380e6..2bfeadf3 100644 --- a/core/src/registry/mod.rs +++ b/core/src/registry/mod.rs @@ -27,11 +27,9 @@ //! public though, to enable configurations with custom primitives and [`KeyManager`]s. use crate::TinkError; +use alloc::{collections::BTreeMap, format, sync::Arc, vec::Vec}; use lazy_static::lazy_static; -use std::{ - collections::HashMap, - sync::{Arc, RwLock}, -}; +use spin::RwLock; mod kms_client; pub use kms_client::*; @@ -42,23 +40,18 @@ pub use key_templates::*; lazy_static! { /// Global registry of key manager objects, indexed by type URL. - static ref KEY_MANAGERS: RwLock>> = - RwLock::new(HashMap::new()); + static ref KEY_MANAGERS: RwLock>> = + RwLock::new(BTreeMap::new()); /// Global list of KMS client objects. static ref KMS_CLIENTS: RwLock>> = RwLock::new(Vec::new()); } -/// Error message for global key manager registry lock. -const MERR: &str = "global KEY_MANAGERS lock poisoned"; -/// Error message for global KMS client list lock. -const CERR: &str = "global KMS_CLIENTS lock poisoned"; - /// Register the given key manager. Does not allow overwrite of existing key managers. pub fn register_key_manager(km: Arc) -> Result<(), TinkError> where T: 'static + KeyManager, { - let mut key_mgrs = KEY_MANAGERS.write().expect(MERR); // safe: lock + let mut key_mgrs = KEY_MANAGERS.write(); let type_url = km.type_url(); if key_mgrs.contains_key(type_url) { @@ -74,7 +67,7 @@ where /// Return the key manager for the given `type_url` if it exists. pub fn get_key_manager(type_url: &str) -> Result, TinkError> { - let key_mgrs = KEY_MANAGERS.read().expect(MERR); // safe: lock + let key_mgrs = KEY_MANAGERS.read(); let km = key_mgrs.get(type_url).ok_or_else(|| { TinkError::new(&format!( "registry::get_key_manager: unsupported key type: {}", @@ -113,19 +106,19 @@ pub fn register_kms_client(k: T) where T: 'static + KmsClient, { - let mut kms_clients = KMS_CLIENTS.write().expect(CERR); // safe: lock + let mut kms_clients = KMS_CLIENTS.write(); kms_clients.push(Arc::new(k)); } /// Remove all registered KMS clients. pub fn clear_kms_clients() { - let mut kms_clients = KMS_CLIENTS.write().expect(CERR); // safe: lock + let mut kms_clients = KMS_CLIENTS.write(); kms_clients.clear(); } /// Fetches a [`KmsClient`] by a given URI. pub fn get_kms_client(key_uri: &str) -> Result, TinkError> { - let kms_clients = KMS_CLIENTS.read().expect(CERR); // safe: lock + let kms_clients = KMS_CLIENTS.read(); for k in kms_clients.iter() { if k.supported(key_uri) { return Ok(k.clone()); diff --git a/core/src/signer.rs b/core/src/signer.rs index e77a301b..fdb3ef52 100644 --- a/core/src/signer.rs +++ b/core/src/signer.rs @@ -16,6 +16,8 @@ //! Digital signature signing. +use alloc::{boxed::Box, vec::Vec}; + /// `Signer` is the signing interface for digital signature. /// /// Implementations of this trait are secure against adaptive chosen-message diff --git a/core/src/subtle/hkdf.rs b/core/src/subtle/hkdf.rs index 492f4346..2eb6ea20 100644 --- a/core/src/subtle/hkdf.rs +++ b/core/src/subtle/hkdf.rs @@ -17,6 +17,7 @@ //! HKDF functions. use crate::{utils::wrap_err, TinkError}; +use alloc::{format, vec, vec::Vec}; use tink_proto::HashType; /// Minimum tag size in bytes. This provides minimum 80-bit security strength. diff --git a/core/src/subtle/mod.rs b/core/src/subtle/mod.rs index 719e4472..8b88aa64 100644 --- a/core/src/subtle/mod.rs +++ b/core/src/subtle/mod.rs @@ -17,6 +17,7 @@ //! Common methods needed in subtle implementations. use crate::TinkError; +use alloc::vec::Vec; use digest::Digest; use subtle::ConstantTimeEq; use tink_proto::HashType; diff --git a/core/src/subtle/random.rs b/core/src/subtle/random.rs index 629a6d79..08cf9d45 100644 --- a/core/src/subtle/random.rs +++ b/core/src/subtle/random.rs @@ -16,16 +16,17 @@ //! Utilities for random data. -use rand::{thread_rng, Rng}; +use alloc::vec; +use rand::{rngs::OsRng, Rng}; /// Return a vector of the given `size` filled with random bytes. -pub fn get_random_bytes(size: usize) -> Vec { +pub fn get_random_bytes(size: usize) -> alloc::vec::Vec { let mut data = vec![0u8; size]; - thread_rng().fill(&mut data[..]); + OsRng.fill(&mut data[..]); data } /// Randomly generate an unsigned 32-bit integer. pub fn get_random_uint32() -> u32 { - thread_rng().gen() + OsRng.gen() } diff --git a/core/src/utils.rs b/core/src/utils.rs index 496f5859..9d77c031 100644 --- a/core/src/utils.rs +++ b/core/src/utils.rs @@ -19,14 +19,15 @@ //! Some of these utilities are not idiomatic Rust, but are included to make the process of //! translating code from other languages (e.g. Go) easier. -use std::error::Error; +use alloc::string::{String, ToString}; /// `Error` type for errors emitted by Tink. Note that errors from cryptographic /// operations are necessarily uninformative, to avoid information leakage. #[derive(Debug)] pub struct TinkError { msg: String, - src: Option>, + #[cfg(feature = "std")] + src: Option>, } impl TinkError { @@ -35,6 +36,7 @@ impl TinkError { } } +#[cfg(feature = "std")] impl std::fmt::Display for TinkError { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { if let Some(src) = &self.src { @@ -45,20 +47,26 @@ impl std::fmt::Display for TinkError { } } -impl Error for TinkError {} +#[cfg(feature = "std")] +impl std::error::Error for TinkError {} -impl std::convert::From<&str> for TinkError { +impl From<&str> for TinkError { fn from(msg: &str) -> Self { TinkError { msg: msg.to_string(), + #[cfg(feature = "std")] src: None, } } } -impl std::convert::From for TinkError { +impl From for TinkError { fn from(msg: String) -> Self { - TinkError { msg, src: None } + TinkError { + msg, + #[cfg(feature = "std")] + src: None, + } } } @@ -71,12 +79,19 @@ impl std::convert::From for TinkError { /// return nil, fmt.Errorf("FunctionCall failed: %s", err) /// } /// ``` +#[cfg(feature = "std")] pub fn wrap_err(msg: &str, src: T) -> TinkError where - T: Error + 'static, + T: std::error::Error + 'static, { TinkError { msg: msg.to_string(), src: Some(Box::new(src)), } } +#[cfg(not(feature = "std"))] +pub fn wrap_err(msg: &str, _src: T) -> TinkError { + TinkError { + msg: msg.to_string(), + } +} diff --git a/core/src/verifier.rs b/core/src/verifier.rs index 92007c5a..60c6e165 100644 --- a/core/src/verifier.rs +++ b/core/src/verifier.rs @@ -16,6 +16,8 @@ //! Digital signature verification. +use alloc::boxed::Box; + /// `Verifier` is the verifying interface for digital signature. /// /// Implementations of this trait are secure against adaptive chosen-message diff --git a/deny.toml b/deny.toml index b0156e4a..346a7eb9 100644 --- a/deny.toml +++ b/deny.toml @@ -65,6 +65,11 @@ version = "0.5.1" name = "rand_chacha" version = "0.2.2" +# hyper-rustls(v0.22.1) => rustls => ring(v0.16.20) => spin(v0.5.2) +[[bans.skip]] +name = "spin" +version = "0.5.2" + ###################################### # List of allowed licenses. From c140938d1ba7f483a5f06e8f9d0588ecaba6d7cf Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:08:37 +0100 Subject: [PATCH 03/18] tink-core: expect Display not Error for sub-errs --- core/Cargo.toml | 2 +- core/src/utils.rs | 36 +++++++++++++++--------------------- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/core/Cargo.toml b/core/Cargo.toml index 9877e119..150f4b00 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -17,8 +17,8 @@ insecure = [] json = ["tink-proto/json", "serde", "serde_json", "std"] # The `std` feature enables: # - the `StreamingAead` primitive -# - full `Error` behaviour for `TinkError` # - methods for serializing keysets to/from binary. +# - `impl std::error::Error for TinkError` std = [] [dependencies] diff --git a/core/src/utils.rs b/core/src/utils.rs index 9d77c031..3725cbd4 100644 --- a/core/src/utils.rs +++ b/core/src/utils.rs @@ -19,15 +19,16 @@ //! Some of these utilities are not idiomatic Rust, but are included to make the process of //! translating code from other languages (e.g. Go) easier. -use alloc::string::{String, ToString}; +use alloc::{ + boxed::Box, + string::{String, ToString}, +}; /// `Error` type for errors emitted by Tink. Note that errors from cryptographic /// operations are necessarily uninformative, to avoid information leakage. -#[derive(Debug)] pub struct TinkError { msg: String, - #[cfg(feature = "std")] - src: Option>, + src: Option>, } impl TinkError { @@ -36,9 +37,14 @@ impl TinkError { } } -#[cfg(feature = "std")] -impl std::fmt::Display for TinkError { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +impl core::fmt::Debug for TinkError { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + ::fmt(self, f) + } +} + +impl core::fmt::Display for TinkError { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { if let Some(src) = &self.src { write!(f, "{}: {}", self.msg, src) } else { @@ -54,7 +60,6 @@ impl From<&str> for TinkError { fn from(msg: &str) -> Self { TinkError { msg: msg.to_string(), - #[cfg(feature = "std")] src: None, } } @@ -62,11 +67,7 @@ impl From<&str> for TinkError { impl From for TinkError { fn from(msg: String) -> Self { - TinkError { - msg, - #[cfg(feature = "std")] - src: None, - } + TinkError { msg, src: None } } } @@ -79,19 +80,12 @@ impl From for TinkError { /// return nil, fmt.Errorf("FunctionCall failed: %s", err) /// } /// ``` -#[cfg(feature = "std")] pub fn wrap_err(msg: &str, src: T) -> TinkError where - T: std::error::Error + 'static, + T: core::fmt::Display + 'static, { TinkError { msg: msg.to_string(), src: Some(Box::new(src)), } } -#[cfg(not(feature = "std"))] -pub fn wrap_err(msg: &str, _src: T) -> TinkError { - TinkError { - msg: msg.to_string(), - } -} From a6b29d3983eae286dea760e8cc96bb444cecf8c2 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 08:15:50 +0100 Subject: [PATCH 04/18] tink-prf: move to core+alloc --- Cargo.lock | 29 +++++++++--- prf/Cargo.toml | 13 +++--- prf/src/aes_cmac_prf_key_manager.rs | 1 + prf/src/hkdf_prf_key_manager.rs | 1 + prf/src/hmac_prf_key_manager.rs | 1 + prf/src/key_templates.rs | 1 + prf/src/lib.rs | 17 ++++--- prf/src/set_factory.rs | 6 +-- prf/src/subtle/aes_cmac.rs | 49 +++++++++----------- prf/src/subtle/hkdf.rs | 1 + prf/src/subtle/hmac.rs | 69 +++++++++++++---------------- 11 files changed, 99 insertions(+), 89 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fa2a16c1..0b86407a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1687,7 +1687,7 @@ dependencies = [ "tink-daead", "tink-gcpkms", "tink-mac", - "tink-prf", + "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", @@ -2255,26 +2255,45 @@ version = "0.2.0" dependencies = [ "prost 0.8.0", "tink-core 0.2.0", - "tink-prf", + "tink-prf 0.2.0", "tink-proto 0.2.0", ] [[package]] name = "tink-prf" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ae8bd3f58adff2c1fb3286c9a8ab1c0964045614778595ec9877b9f6ba98d38" dependencies = [ "aes", "cmac", "digest", "hkdf", "hmac", - "prost 0.8.0", + "prost 0.7.0", "sha-1", "sha2", "tink-core 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-prf" +version = "0.3.0" +dependencies = [ + "aes", + "cmac", + "digest", + "hkdf", + "hmac", + "prost 0.8.0", + "sha-1", + "sha2", + "spin 0.9.2", + "tink-core 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-proto" version = "0.2.0" @@ -2338,7 +2357,7 @@ dependencies = [ "tink-core 0.2.0", "tink-daead", "tink-mac", - "tink-prf", + "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", @@ -2371,7 +2390,7 @@ dependencies = [ "tink-daead", "tink-gcpkms", "tink-mac", - "tink-prf", + "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", "tink-streaming-aead", diff --git a/prf/Cargo.toml b/prf/Cargo.toml index b825ed80..33cdf821 100644 --- a/prf/Cargo.toml +++ b/prf/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-prf" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -15,8 +15,9 @@ cmac = "^0.6" digest = "^0.9" hkdf = "^0.11" hmac = "^0.11" -prost = "^0.8" -sha-1 = "^0.9.7" -sha2 = "^0.9.5" -tink-core = "^0.2" -tink-proto = "^0.2" +prost = { version = "^0.8", default-features = false } +sha-1 = { version = "^0.9.7", default-features = false } +sha2 = { version = "^0.9.5", default-features = false } +spin = { version = "^0.9.2", features = ["once"] } +tink-core = "^0.3" +tink-proto = "^0.3" diff --git a/prf/src/aes_cmac_prf_key_manager.rs b/prf/src/aes_cmac_prf_key_manager.rs index 664e543c..bcbc8de6 100644 --- a/prf/src/aes_cmac_prf_key_manager.rs +++ b/prf/src/aes_cmac_prf_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for AES-CMAC keys for PRF. use crate::subtle; +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/prf/src/hkdf_prf_key_manager.rs b/prf/src/hkdf_prf_key_manager.rs index acc7ae5c..132257e3 100644 --- a/prf/src/hkdf_prf_key_manager.rs +++ b/prf/src/hkdf_prf_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for HKDF keys for PRF. use crate::subtle; +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; use tink_proto::HashType; diff --git a/prf/src/hmac_prf_key_manager.rs b/prf/src/hmac_prf_key_manager.rs index 757a1958..2a874bf3 100644 --- a/prf/src/hmac_prf_key_manager.rs +++ b/prf/src/hmac_prf_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for HMAC keys for PRF. use crate::subtle; +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; use tink_proto::HashType; diff --git a/prf/src/key_templates.rs b/prf/src/key_templates.rs index 9da820cf..8a1ed37b 100644 --- a/prf/src/key_templates.rs +++ b/prf/src/key_templates.rs @@ -16,6 +16,7 @@ //! This module contains pre-generated [`KeyTemplate`] instances for PRF. +use alloc::{string::ToString, vec::Vec}; use prost::Message; use tink_proto::KeyTemplate; diff --git a/prf/src/lib.rs b/prf/src/lib.rs index f3065e1b..505906dd 100644 --- a/prf/src/lib.rs +++ b/prf/src/lib.rs @@ -15,10 +15,13 @@ //////////////////////////////////////////////////////////////////////////////// //! This crate provides implementations of the [`tink_core::Prf`] primitive. - +#![no_std] #![deny(broken_intra_doc_links)] -use std::sync::Once; +extern crate alloc; + +use alloc::sync::Arc; +use spin::{Mutex, Once}; use tink_core::registry::register_key_manager; mod aes_cmac_prf_key_manager; @@ -38,17 +41,17 @@ pub mod subtle; /// port is based on. pub const UPSTREAM_VERSION: &str = "1.6.0"; -static INIT: Once = Once::new(); +static INIT: Mutex = Mutex::new(Once::new()); /// Initialize the `tink-prf` crate, registering its primitives so they are available via /// Tink. pub fn init() { - INIT.call_once(|| { - register_key_manager(std::sync::Arc::new(HmacPrfKeyManager::default())) + INIT.lock().call_once(|| { + register_key_manager(Arc::new(HmacPrfKeyManager::default())) .expect("tink_prf::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(HkdfPrfKeyManager::default())) + register_key_manager(Arc::new(HkdfPrfKeyManager::default())) .expect("tink_prf::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(AesCmacPrfKeyManager::default())) + register_key_manager(Arc::new(AesCmacPrfKeyManager::default())) .expect("tink_prf::init() failed"); // safe: init tink_core::registry::register_template_generator( diff --git a/prf/src/set_factory.rs b/prf/src/set_factory.rs index 06a42f1b..5a13e7da 100644 --- a/prf/src/set_factory.rs +++ b/prf/src/set_factory.rs @@ -16,7 +16,7 @@ //! Provides an implementation of PRF using a set of underlying implementations. -use std::{collections::HashMap, sync::Arc}; +use alloc::{boxed::Box, collections::BTreeMap, format, sync::Arc, vec::Vec}; use tink_core::{utils::wrap_err, Prf, TinkError}; /// `Set` is a set of PRFs. A [`Keyset`](tink_proto::Keyset) can be converted into a set of PRFs @@ -27,7 +27,7 @@ pub struct Set { /// The key ID marked as primary in the corresponding [`Keyset`](tink_proto::Keyset). pub primary_id: u32, /// Map key IDs to their corresponding Prf. - pub prfs: HashMap>, + pub prfs: BTreeMap>, } impl Set { @@ -74,7 +74,7 @@ fn wrap_prf_set(ps: tink_core::primitiveset::PrimitiveSet) -> Result { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - AesCmacVariant::Aes192(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - AesCmacVariant::Aes256(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - }, - ) + Ok(match self.mac.lock().deref_mut() { + AesCmacVariant::Aes128(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + AesCmacVariant::Aes192(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + AesCmacVariant::Aes256(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + }) } } diff --git a/prf/src/subtle/hkdf.rs b/prf/src/subtle/hkdf.rs index 7409c465..3d62b904 100644 --- a/prf/src/subtle/hkdf.rs +++ b/prf/src/subtle/hkdf.rs @@ -16,6 +16,7 @@ //! Provides an implementation of PRF using HKDF. +use alloc::{format, vec, vec::Vec}; use tink_core::TinkError; use tink_proto::HashType; diff --git a/prf/src/subtle/hmac.rs b/prf/src/subtle/hmac.rs index 9145aa37..a97ab663 100644 --- a/prf/src/subtle/hmac.rs +++ b/prf/src/subtle/hmac.rs @@ -17,11 +17,9 @@ //! Provides an implementation of PRF using HMAC. use ::hmac::{Hmac, Mac, NewMac}; -use std::{ - cmp::min, - ops::DerefMut, - sync::{Arc, Mutex}, -}; +use alloc::{format, sync::Arc, vec::Vec}; +use core::{cmp::min, ops::DerefMut}; +use spin::Mutex; use tink_core::TinkError; use tink_proto::HashType; @@ -104,39 +102,32 @@ impl tink_core::Prf for HmacPrf { ) .into()); } - Ok( - match self - .mac - .lock() - .expect("internal lock corrupted") // safe: lock - .deref_mut() - { - HmacPrfVariant::Sha1(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - HmacPrfVariant::Sha224(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - HmacPrfVariant::Sha256(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - HmacPrfVariant::Sha384(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - HmacPrfVariant::Sha512(mac) => { - mac.update(data); - let result = mac.finalize_reset().into_bytes(); - result[..min(result.len(), output_length)].to_vec() - } - }, - ) + Ok(match self.mac.lock().deref_mut() { + HmacPrfVariant::Sha1(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + HmacPrfVariant::Sha224(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + HmacPrfVariant::Sha256(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + HmacPrfVariant::Sha384(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + HmacPrfVariant::Sha512(mac) => { + mac.update(data); + let result = mac.finalize_reset().into_bytes(); + result[..min(result.len(), output_length)].to_vec() + } + }) } } From 6cef4337955608aeec3a9a785b2980fe958be813 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 08:16:00 +0100 Subject: [PATCH 05/18] tink-mac: move to core+alloc --- Cargo.lock | 27 ++++++++++++++++++++------- mac/Cargo.toml | 11 ++++++----- mac/src/aes_cmac_key_manager.rs | 1 + mac/src/factory.rs | 2 +- mac/src/hmac_key_manager.rs | 1 + mac/src/key_templates.rs | 1 + mac/src/lib.rs | 18 ++++++++++-------- mac/src/subtle/cmac.rs | 1 + mac/src/subtle/hmac.rs | 1 + 9 files changed, 42 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0b86407a..a2b8f15c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -592,7 +592,7 @@ version = "0.2.0" dependencies = [ "hex", "tink-core 0.2.0", - "tink-mac", + "tink-mac 0.2.0", ] [[package]] @@ -1686,7 +1686,7 @@ dependencies = [ "tink-core 0.2.0", "tink-daead", "tink-gcpkms", - "tink-mac", + "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", @@ -2164,7 +2164,7 @@ dependencies = [ "prost 0.8.0", "rand 0.7.3", "tink-core 0.2.0", - "tink-mac", + "tink-mac 0.2.0", "tink-proto 0.2.0", ] @@ -2252,13 +2252,26 @@ dependencies = [ [[package]] name = "tink-mac" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4e4cfdad0b51ddd727a51245e860b97ae931be05f99dd98bb7a51b1b19e5a97" dependencies = [ - "prost 0.8.0", + "prost 0.7.0", "tink-core 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-mac" +version = "0.3.0" +dependencies = [ + "prost 0.8.0", + "spin 0.9.2", + "tink-core 0.3.0", + "tink-prf 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-prf" version = "0.2.0" @@ -2340,7 +2353,7 @@ dependencies = [ "prost 0.8.0", "rand 0.7.3", "tink-core 0.2.0", - "tink-mac", + "tink-mac 0.2.0", "tink-proto 0.2.0", ] @@ -2356,7 +2369,7 @@ dependencies = [ "tink-aead", "tink-core 0.2.0", "tink-daead", - "tink-mac", + "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", @@ -2389,7 +2402,7 @@ dependencies = [ "tink-core 0.2.0", "tink-daead", "tink-gcpkms", - "tink-mac", + "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", diff --git a/mac/Cargo.toml b/mac/Cargo.toml index 24d2bacb..d47a7477 100644 --- a/mac/Cargo.toml +++ b/mac/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-mac" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -10,7 +10,8 @@ keywords = ["cryptography", "tink", "mac"] categories = ["cryptography"] [dependencies] -prost = "^0.8" -tink-core = "^0.2" -tink-prf = "^0.2" -tink-proto = "^0.2" +prost = { version = "^0.8", default-features = false } +spin = { version = "^0.9.2", features = ["once"] } +tink-core = "^0.3" +tink-prf = "^0.3" +tink-proto = "^0.3" diff --git a/mac/src/aes_cmac_key_manager.rs b/mac/src/aes_cmac_key_manager.rs index 2d1fdf0a..7ed9d3db 100644 --- a/mac/src/aes_cmac_key_manager.rs +++ b/mac/src/aes_cmac_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for AES-CMAC keys for MAC. +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/mac/src/factory.rs b/mac/src/factory.rs index 3a7ae4b3..ec0a45b8 100644 --- a/mac/src/factory.rs +++ b/mac/src/factory.rs @@ -16,7 +16,7 @@ //! Provides an implementation of MAC using a set of underlying implementations. -use std::sync::Arc; +use alloc::{boxed::Box, sync::Arc, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; use tink_proto::OutputPrefixType; diff --git a/mac/src/hmac_key_manager.rs b/mac/src/hmac_key_manager.rs index ba7892ea..41216d91 100644 --- a/mac/src/hmac_key_manager.rs +++ b/mac/src/hmac_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for AES-CMAC keys for HMAC. +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; use tink_proto::HashType; diff --git a/mac/src/key_templates.rs b/mac/src/key_templates.rs index b9a6b283..242c15ff 100644 --- a/mac/src/key_templates.rs +++ b/mac/src/key_templates.rs @@ -16,6 +16,7 @@ //! This module contains pre-generated [`KeyTemplate`] instances for MAC. +use alloc::{string::ToString, vec::Vec}; use prost::Message; use tink_proto::KeyTemplate; diff --git a/mac/src/lib.rs b/mac/src/lib.rs index 7c561e44..1522d880 100644 --- a/mac/src/lib.rs +++ b/mac/src/lib.rs @@ -20,9 +20,13 @@ //! message. MAC protects data integrity as well as provides for authenticity //! of the message. +#![no_std] #![deny(broken_intra_doc_links)] -use std::sync::Once; +extern crate alloc; + +use alloc::sync::Arc; +use spin::{Mutex, Once}; mod aes_cmac_key_manager; pub use aes_cmac_key_manager::*; @@ -39,18 +43,16 @@ pub mod subtle; /// port is based on. pub const UPSTREAM_VERSION: &str = "1.6.0"; -static INIT: Once = Once::new(); +static INIT: Mutex = Mutex::new(Once::new()); /// Initialize the `tink-daead` crate, registering its primitives so they are available via /// Tink. pub fn init() { - INIT.call_once(|| { - tink_core::registry::register_key_manager(std::sync::Arc::new(HmacKeyManager::default())) + INIT.lock().call_once(|| { + tink_core::registry::register_key_manager(Arc::new(HmacKeyManager::default())) + .expect("tink_mac::init() failed"); // safe: init + tink_core::registry::register_key_manager(Arc::new(AesCmacKeyManager::default())) .expect("tink_mac::init() failed"); // safe: init - tink_core::registry::register_key_manager( - std::sync::Arc::new(AesCmacKeyManager::default()), - ) - .expect("tink_mac::init() failed"); // safe: init tink_core::registry::register_template_generator( "HMAC_SHA256_128BITTAG", diff --git a/mac/src/subtle/cmac.rs b/mac/src/subtle/cmac.rs index 805de7c1..d849e2a6 100644 --- a/mac/src/subtle/cmac.rs +++ b/mac/src/subtle/cmac.rs @@ -16,6 +16,7 @@ //! Provides an implementation of MAC using AES-CMAC. +use alloc::{format, vec::Vec}; use tink_core::{utils::wrap_err, Prf, TinkError}; const MIN_CMAC_KEY_SIZE_IN_BYTES: usize = 16; diff --git a/mac/src/subtle/hmac.rs b/mac/src/subtle/hmac.rs index 0c9c6396..6a0e6a26 100644 --- a/mac/src/subtle/hmac.rs +++ b/mac/src/subtle/hmac.rs @@ -16,6 +16,7 @@ //! Provides an implementation of MAC using HMAC. +use alloc::vec::Vec; use tink_core::{utils::wrap_err, Prf, TinkError}; use tink_proto::HashType; From 024b71c7d7e345edc59e7d254e522d2b7915eded Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:01:51 +0100 Subject: [PATCH 06/18] tink-aead: move to core+alloc --- Cargo.lock | 35 +++++++++++++++----- aead/Cargo.toml | 16 ++++----- aead/src/aead_factory.rs | 3 +- aead/src/aead_key_templates.rs | 1 + aead/src/aes_ctr_hmac_aead_key_manager.rs | 1 + aead/src/aes_gcm_key_manager.rs | 1 + aead/src/aes_gcm_siv_key_manager.rs | 1 + aead/src/chacha20poly1305_key_manager.rs | 1 + aead/src/kms_envelope_aead.rs | 3 +- aead/src/kms_envelope_aead_key_manager.rs | 1 + aead/src/lib.rs | 22 +++++++----- aead/src/subtle/aead.rs | 2 ++ aead/src/subtle/aes_ctr.rs | 1 + aead/src/subtle/aes_gcm.rs | 3 +- aead/src/subtle/aes_gcm_siv.rs | 1 + aead/src/subtle/chacha20poly1305.rs | 1 + aead/src/subtle/encrypt_then_authenticate.rs | 1 + aead/src/subtle/ind_cpa.rs | 2 ++ aead/src/subtle/xchacha20poly1305.rs | 1 + aead/src/xchacha20poly1305_key_manager.rs | 1 + 20 files changed, 70 insertions(+), 28 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a2b8f15c..6a0db44b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -9,7 +9,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e3e798aa0c8239776f54415bc06f3d74b1850f3f830b45c35cfc80556973f70" dependencies = [ "generic-array", - "rand_core 0.6.2", ] [[package]] @@ -547,7 +546,7 @@ name = "example-aead" version = "0.2.0" dependencies = [ "hex", - "tink-aead", + "tink-aead 0.2.0", "tink-core 0.2.0", ] @@ -572,7 +571,7 @@ dependencies = [ name = "example-keymgr" version = "0.2.0" dependencies = [ - "tink-aead", + "tink-aead 0.2.0", "tink-core 0.2.0", ] @@ -581,7 +580,7 @@ name = "example-kms" version = "0.2.0" dependencies = [ "hex", - "tink-aead", + "tink-aead 0.2.0", "tink-awskms", "tink-core 0.2.0", ] @@ -1681,7 +1680,7 @@ name = "rinkey" version = "0.2.0" dependencies = [ "structopt", - "tink-aead", + "tink-aead 0.2.0", "tink-awskms", "tink-core 0.2.0", "tink-daead", @@ -2154,6 +2153,8 @@ dependencies = [ [[package]] name = "tink-aead" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b42721a0582f6058024a2669a7b2fbbfa1c04153332e08fe6e335dd8e8b7ee6d" dependencies = [ "aead", "aes", @@ -2161,13 +2162,31 @@ dependencies = [ "aes-gcm-siv", "chacha20poly1305", "generic-array", - "prost 0.8.0", + "prost 0.7.0", "rand 0.7.3", "tink-core 0.2.0", "tink-mac 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-aead" +version = "0.3.0" +dependencies = [ + "aead", + "aes", + "aes-gcm", + "aes-gcm-siv", + "chacha20poly1305", + "generic-array", + "prost 0.8.0", + "rand 0.7.3", + "spin 0.9.2", + "tink-core 0.3.0", + "tink-mac 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-awskms" version = "0.2.0" @@ -2366,7 +2385,7 @@ dependencies = [ "log", "prost 0.8.0", "structopt", - "tink-aead", + "tink-aead 0.2.0", "tink-core 0.2.0", "tink-daead", "tink-mac 0.2.0", @@ -2397,7 +2416,7 @@ dependencies = [ "serde", "serde_json", "tempfile", - "tink-aead", + "tink-aead 0.2.0", "tink-awskms", "tink-core 0.2.0", "tink-daead", diff --git a/aead/Cargo.toml b/aead/Cargo.toml index 96103e5a..7509ef6d 100644 --- a/aead/Cargo.toml +++ b/aead/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-aead" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -10,15 +10,15 @@ keywords = ["cryptography", "tink", "aead"] categories = ["cryptography"] [dependencies] -# Need the `std` feature for Error type conversion -aead = { version = "^0.4.2", features = ["std"] } +aead = { version = "^0.4.2" } aes = { version = "^0.7.4", features = ["ctr"] } aes-gcm = "^0.9.2" aes-gcm-siv = "^0.10" chacha20poly1305 = "^0.8" generic-array = "^0.14.4" -prost = "^0.8" -rand = "^0.7" -tink-core = "^0.2" -tink-mac = "^0.2" -tink-proto = "^0.2" +prost = { version = "^0.8", default-features = false } +rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +spin = { version = "^0.9.2", features = ["once"] } +tink-core = "^0.3" +tink-mac = "^0.3" +tink-proto = "^0.3" diff --git a/aead/src/aead_factory.rs b/aead/src/aead_factory.rs index ee6a77c5..bb083664 100644 --- a/aead/src/aead_factory.rs +++ b/aead/src/aead_factory.rs @@ -16,6 +16,7 @@ //! Provides an implementation of AEAD using a set of underlying implementations. +use alloc::{boxed::Box, sync::Arc, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// Returns a [`tink_core::Aead`] primitive from the given keyset handle. @@ -27,7 +28,7 @@ pub fn new(h: &tink_core::keyset::Handle) -> Result, Ti /// manager. fn new_with_key_manager( h: &tink_core::keyset::Handle, - km: Option>, + km: Option>, ) -> Result, TinkError> { let ps = h .primitives_with_key_manager(km) diff --git a/aead/src/aead_key_templates.rs b/aead/src/aead_key_templates.rs index 6cbd899d..f837f9bf 100644 --- a/aead/src/aead_key_templates.rs +++ b/aead/src/aead_key_templates.rs @@ -17,6 +17,7 @@ //! This module contains pre-generated [`KeyTemplate`]s for AEAD keys. One can use these templates //! to generate new Keysets. +use alloc::{string::ToString, vec, vec::Vec}; use prost::Message; use tink_proto::{HashType, KeyTemplate, OutputPrefixType}; diff --git a/aead/src/aes_ctr_hmac_aead_key_manager.rs b/aead/src/aes_ctr_hmac_aead_key_manager.rs index d4f6bae7..c5c9ee7e 100644 --- a/aead/src/aes_ctr_hmac_aead_key_manager.rs +++ b/aead/src/aes_ctr_hmac_aead_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for AES-CTR-HMAC keys. use crate::subtle; +use alloc::{boxed::Box, format, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; use tink_proto::HashType; diff --git a/aead/src/aes_gcm_key_manager.rs b/aead/src/aes_gcm_key_manager.rs index 882d649a..1f8f8058 100644 --- a/aead/src/aes_gcm_key_manager.rs +++ b/aead/src/aes_gcm_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for AES-GCM keys. use crate::subtle; +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/aes_gcm_siv_key_manager.rs b/aead/src/aes_gcm_siv_key_manager.rs index f387ff8c..63a48abe 100644 --- a/aead/src/aes_gcm_siv_key_manager.rs +++ b/aead/src/aes_gcm_siv_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for AES-GCM-SIV keys. use crate::subtle; +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/chacha20poly1305_key_manager.rs b/aead/src/chacha20poly1305_key_manager.rs index 8e89e2d7..7dc6044a 100644 --- a/aead/src/chacha20poly1305_key_manager.rs +++ b/aead/src/chacha20poly1305_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for ChaCha20Poly1305 keys. use crate::subtle; +use alloc::{boxed::Box, format, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/kms_envelope_aead.rs b/aead/src/kms_envelope_aead.rs index 0be340c1..656d11c0 100644 --- a/aead/src/kms_envelope_aead.rs +++ b/aead/src/kms_envelope_aead.rs @@ -16,7 +16,8 @@ //! Provide an implementation of AEAD using a KMS. -use std::convert::TryInto; +use alloc::{boxed::Box, vec::Vec}; +use core::convert::TryInto; use tink_core::{utils::wrap_err, TinkError}; const LEN_DEK: usize = 4; diff --git a/aead/src/kms_envelope_aead_key_manager.rs b/aead/src/kms_envelope_aead_key_manager.rs index d69ce355..da6c3ac8 100644 --- a/aead/src/kms_envelope_aead_key_manager.rs +++ b/aead/src/kms_envelope_aead_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for keys wrapped by a KMS. +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/lib.rs b/aead/src/lib.rs index 7475b1af..08c70c06 100644 --- a/aead/src/lib.rs +++ b/aead/src/lib.rs @@ -19,9 +19,13 @@ //! AEAD encryption assures the confidentiality and authenticity of the data. This primitive is CPA //! secure. +#![no_std] #![deny(broken_intra_doc_links)] -use std::sync::Once; +extern crate alloc; + +use alloc::sync::Arc; +use spin::{Mutex, Once}; use tink_core::registry::register_key_manager; mod aead_factory; @@ -49,23 +53,23 @@ pub mod subtle; /// port is based on. pub const UPSTREAM_VERSION: &str = "1.6.0"; -static INIT: Once = Once::new(); +static INIT: Mutex = Mutex::new(Once::new()); /// Initialize the `tink-aead` crate, registering its primitives so they are available via /// tink-core. pub fn init() { - INIT.call_once(|| { - register_key_manager(std::sync::Arc::new(AesCtrHmacAeadKeyManager::default())) + INIT.lock().call_once(|| { + register_key_manager(Arc::new(AesCtrHmacAeadKeyManager::default())) .expect("tink_aead::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(AesGcmKeyManager::default())) + register_key_manager(Arc::new(AesGcmKeyManager::default())) .expect("tink_aead::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(AesGcmSivKeyManager::default())) + register_key_manager(Arc::new(AesGcmSivKeyManager::default())) .expect("tink_aead::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(ChaCha20Poly1305KeyManager::default())) + register_key_manager(Arc::new(ChaCha20Poly1305KeyManager::default())) .expect("tink_aead::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(XChaCha20Poly1305KeyManager::default())) + register_key_manager(Arc::new(XChaCha20Poly1305KeyManager::default())) .expect("tink_aead::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(KmsEnvelopeAeadKeyManager::default())) + register_key_manager(Arc::new(KmsEnvelopeAeadKeyManager::default())) .expect("tink_aead::init() failed"); // safe:init tink_core::registry::register_template_generator("AES128_GCM", aes128_gcm_key_template); diff --git a/aead/src/subtle/aead.rs b/aead/src/subtle/aead.rs index 9169fbd6..2fe287ac 100644 --- a/aead/src/subtle/aead.rs +++ b/aead/src/subtle/aead.rs @@ -16,6 +16,8 @@ //! Utilities for AEAD functionality. +use alloc::format; + /// Check if the given key size is a valid AES key size. pub fn validate_aes_key_size(size_in_bytes: usize) -> Result<(), tink_core::TinkError> { match size_in_bytes { diff --git a/aead/src/subtle/aes_ctr.rs b/aead/src/subtle/aes_ctr.rs index 60c2d3ad..1c6f65f0 100644 --- a/aead/src/subtle/aes_ctr.rs +++ b/aead/src/subtle/aes_ctr.rs @@ -21,6 +21,7 @@ use aes::{ cipher::{consts::U16, generic_array::GenericArray, FromBlockCipher, StreamCipher}, NewBlockCipher, }; +use alloc::{format, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// The minimum IV size that this implementation supports. diff --git a/aead/src/subtle/aes_gcm.rs b/aead/src/subtle/aes_gcm.rs index afe45df4..eb1435c8 100644 --- a/aead/src/subtle/aes_gcm.rs +++ b/aead/src/subtle/aes_gcm.rs @@ -17,6 +17,7 @@ //! AES-GCM based implementation of the [`tink_core::Aead`] trait. use aes_gcm::aead::{consts::U12, generic_array::GenericArray, Aead, NewAead, Payload}; +use alloc::{boxed::Box, format, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// The only IV size that this implementation supports. @@ -106,5 +107,5 @@ fn new_iv() -> GenericArray { /// Maximum plaintext size. fn max_pt_size() -> usize { let x = (isize::MAX as usize) - AES_GCM_IV_SIZE - AES_GCM_TAG_SIZE; - std::cmp::min(x, MAX_AES_GCM_PLAINTEXT_SIZE) + core::cmp::min(x, MAX_AES_GCM_PLAINTEXT_SIZE) } diff --git a/aead/src/subtle/aes_gcm_siv.rs b/aead/src/subtle/aes_gcm_siv.rs index c7307ddc..8871c23b 100644 --- a/aead/src/subtle/aes_gcm_siv.rs +++ b/aead/src/subtle/aes_gcm_siv.rs @@ -17,6 +17,7 @@ //! AES-GCM-SIV based implementation of the [`tink_core::Aead`] trait. use aes_gcm_siv::aead::{consts::U12, generic_array::GenericArray, Aead, NewAead, Payload}; +use alloc::{boxed::Box, format, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// The only IV size that this implementation supports. diff --git a/aead/src/subtle/chacha20poly1305.rs b/aead/src/subtle/chacha20poly1305.rs index 86c19dd4..61b2b4aa 100644 --- a/aead/src/subtle/chacha20poly1305.rs +++ b/aead/src/subtle/chacha20poly1305.rs @@ -16,6 +16,7 @@ //! ChaCha20 Poly1305 implementation of AEAD. +use alloc::vec::Vec; use chacha20poly1305::aead::{Aead, NewAead, Payload}; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/subtle/encrypt_then_authenticate.rs b/aead/src/subtle/encrypt_then_authenticate.rs index 2260d13b..370d28f5 100644 --- a/aead/src/subtle/encrypt_then_authenticate.rs +++ b/aead/src/subtle/encrypt_then_authenticate.rs @@ -17,6 +17,7 @@ //! General AEAD implementation combining an `IndCpaCipher` with a `tink_core::Mac` use super::IndCpaCipher; +use alloc::{boxed::Box, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// `EncryptThenAuthenticate` performs an encrypt-then-MAC operation on plaintext diff --git a/aead/src/subtle/ind_cpa.rs b/aead/src/subtle/ind_cpa.rs index 56586594..f52846c5 100644 --- a/aead/src/subtle/ind_cpa.rs +++ b/aead/src/subtle/ind_cpa.rs @@ -16,6 +16,8 @@ //! Trait definition for `IndCpaCipher`. +use alloc::{boxed::Box, vec::Vec}; + // `IndCpaCipher` provides an interface for symmetric key ciphers that are // indistinguishable against chosen-plaintext attacks. Said primitives do not // provide authentication, thus should not be used directly, but only to diff --git a/aead/src/subtle/xchacha20poly1305.rs b/aead/src/subtle/xchacha20poly1305.rs index 54ab691f..1ce7c545 100644 --- a/aead/src/subtle/xchacha20poly1305.rs +++ b/aead/src/subtle/xchacha20poly1305.rs @@ -16,6 +16,7 @@ //! XChaCha20 Poly1305 implementation of AEAD. +use alloc::vec::Vec; use chacha20poly1305::aead::{Aead, NewAead, Payload}; use tink_core::{utils::wrap_err, TinkError}; diff --git a/aead/src/xchacha20poly1305_key_manager.rs b/aead/src/xchacha20poly1305_key_manager.rs index 9a259200..1ef64d4d 100644 --- a/aead/src/xchacha20poly1305_key_manager.rs +++ b/aead/src/xchacha20poly1305_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for XChaCha20Poly1305 keys. use crate::subtle; +use alloc::{boxed::Box, format, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; From c3571fd71c97c17961969e3ff410d40986479bcc Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:14:10 +0100 Subject: [PATCH 07/18] tink-daead: move to core+alloc --- Cargo.lock | 26 ++++++++++++++++++++------ daead/Cargo.toml | 11 ++++++----- daead/src/aes_siv_key_manager.rs | 1 + daead/src/factory.rs | 2 +- daead/src/key_templates.rs | 1 + daead/src/lib.rs | 12 ++++++++---- daead/src/subtle.rs | 3 ++- 7 files changed, 39 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6a0db44b..fd387ce8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -556,7 +556,7 @@ version = "0.2.0" dependencies = [ "hex", "tink-core 0.2.0", - "tink-daead", + "tink-daead 0.2.0", ] [[package]] @@ -564,7 +564,7 @@ name = "example-keygen" version = "0.2.0" dependencies = [ "tink-core 0.2.0", - "tink-daead", + "tink-daead 0.2.0", ] [[package]] @@ -1683,7 +1683,7 @@ dependencies = [ "tink-aead 0.2.0", "tink-awskms", "tink-core 0.2.0", - "tink-daead", + "tink-daead 0.2.0", "tink-gcpkms", "tink-mac 0.2.0", "tink-prf 0.2.0", @@ -2241,14 +2241,28 @@ dependencies = [ [[package]] name = "tink-daead" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc4f26fc8337a45a073e2c49676215838d7c57004e25d31ebc7f1438c15caf45" dependencies = [ "aead", "aes-siv", - "prost 0.8.0", + "prost 0.7.0", "tink-core 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-daead" +version = "0.3.0" +dependencies = [ + "aead", + "aes-siv", + "prost 0.8.0", + "spin 0.9.2", + "tink-core 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-gcpkms" version = "0.2.0" @@ -2387,7 +2401,7 @@ dependencies = [ "structopt", "tink-aead 0.2.0", "tink-core 0.2.0", - "tink-daead", + "tink-daead 0.2.0", "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", @@ -2419,7 +2433,7 @@ dependencies = [ "tink-aead 0.2.0", "tink-awskms", "tink-core 0.2.0", - "tink-daead", + "tink-daead 0.2.0", "tink-gcpkms", "tink-mac 0.2.0", "tink-prf 0.2.0", diff --git a/daead/Cargo.toml b/daead/Cargo.toml index 8920ac2e..f1ffdcf2 100644 --- a/daead/Cargo.toml +++ b/daead/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-daead" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -10,8 +10,9 @@ keywords = ["cryptography", "tink", "daead"] categories = ["cryptography"] [dependencies] -aead = { version = "^0.4.2", features = ["std"] } +aead = "^0.4.2" aes-siv = "^0.6" -prost = "^0.8" -tink-core = "^0.2" -tink-proto = "^0.2" +prost = { version = "^0.8", default-features = false } +spin = { version = "^0.9.2", features = ["once"] } +tink-core = "^0.3" +tink-proto = "^0.3" diff --git a/daead/src/aes_siv_key_manager.rs b/daead/src/aes_siv_key_manager.rs index 74c9408d..dca6a5ee 100644 --- a/daead/src/aes_siv_key_manager.rs +++ b/daead/src/aes_siv_key_manager.rs @@ -17,6 +17,7 @@ //! Key manager for AES-SIV keys for deterministic AEAD. use crate::subtle; +use alloc::{boxed::Box, format, vec::Vec}; use prost::Message; use tink_core::{ registry::KeyManager, diff --git a/daead/src/factory.rs b/daead/src/factory.rs index 79134e50..7f3f4877 100644 --- a/daead/src/factory.rs +++ b/daead/src/factory.rs @@ -16,7 +16,7 @@ //! Provides an implementation of deterministic AEAD using a set of underlying implementations. -use std::sync::Arc; +use alloc::{boxed::Box, sync::Arc, vec::Vec}; use tink_core::utils::{wrap_err, TinkError}; /// Return a [`tink_core::DeterministicAead`] primitive from the given keyset handle. diff --git a/daead/src/key_templates.rs b/daead/src/key_templates.rs index 101af1c0..489d4ac8 100644 --- a/daead/src/key_templates.rs +++ b/daead/src/key_templates.rs @@ -16,6 +16,7 @@ //! This module contains pre-generated [`KeyTemplate`] instances for deterministic AEAD. +use alloc::{string::ToString, vec::Vec}; use prost::Message; use tink_proto::KeyTemplate; diff --git a/daead/src/lib.rs b/daead/src/lib.rs index 8eba42ba..2fc19c0d 100644 --- a/daead/src/lib.rs +++ b/daead/src/lib.rs @@ -20,8 +20,12 @@ //! encrypting the same plaintex always yields the same ciphertext. #![deny(broken_intra_doc_links)] +#![no_std] -use std::sync::Once; +extern crate alloc; + +use alloc::sync::Arc; +use spin::{Mutex, Once}; mod aes_siv_key_manager; pub use aes_siv_key_manager::*; @@ -36,13 +40,13 @@ pub mod subtle; /// port is based on. pub const UPSTREAM_VERSION: &str = "1.6.0"; -static INIT: Once = Once::new(); +static INIT: Mutex = Mutex::new(Once::new()); /// Initialize the `tink-daead` crate, registering its primitives so they are available via /// tink-core. pub fn init() { - INIT.call_once(|| { - tink_core::registry::register_key_manager(std::sync::Arc::new(AesSivKeyManager::default())) + INIT.lock().call_once(|| { + tink_core::registry::register_key_manager(Arc::new(AesSivKeyManager::default())) .expect("tink_daead::init() failed"); // safe: init tink_core::registry::register_template_generator("AES256_SIV", aes_siv_key_template); diff --git a/daead/src/subtle.rs b/daead/src/subtle.rs index ee865f17..af9af604 100644 --- a/daead/src/subtle.rs +++ b/daead/src/subtle.rs @@ -17,7 +17,8 @@ //! Provides subtle implementations of the `DeterministicAEAD` primitive using AES-SIV. use aes_siv::{aead::generic_array::GenericArray, siv::Aes256Siv}; -use std::{cell::RefCell, rc::Rc}; +use alloc::{format, rc::Rc, vec::Vec}; +use core::cell::RefCell; use tink_core::{utils::wrap_err, TinkError}; const AES_BLOCK_SIZE: usize = 16; From 2287fc7bc198a495871c4d07f21c5136390500ff Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:15:47 +0100 Subject: [PATCH 08/18] tink-streaming-aead: update deps for std use --- Cargo.lock | 25 ++++++++++++++++++++----- streaming/Cargo.toml | 15 +++++++-------- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fd387ce8..c925ffcc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -609,7 +609,7 @@ version = "0.2.0" dependencies = [ "tempfile", "tink-core 0.2.0", - "tink-streaming-aead", + "tink-streaming-aead 0.2.0", ] [[package]] @@ -1689,7 +1689,7 @@ dependencies = [ "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", - "tink-streaming-aead", + "tink-streaming-aead 0.2.0", ] [[package]] @@ -2380,16 +2380,31 @@ dependencies = [ [[package]] name = "tink-streaming-aead" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59c06fe5f8643ab730304a797dd8c802ceddde14750d142714a22c7ca6323863" dependencies = [ "aes", "aes-gcm", - "prost 0.8.0", + "prost 0.7.0", "rand 0.7.3", "tink-core 0.2.0", "tink-mac 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-streaming-aead" +version = "0.3.0" +dependencies = [ + "aes", + "aes-gcm", + "prost 0.8.0", + "rand 0.7.3", + "tink-core 0.3.0", + "tink-mac 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-testing-server" version = "0.2.0" @@ -2406,7 +2421,7 @@ dependencies = [ "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", - "tink-streaming-aead", + "tink-streaming-aead 0.2.0", "tink-tests", "tokio", "tonic", @@ -2439,7 +2454,7 @@ dependencies = [ "tink-prf 0.2.0", "tink-proto 0.2.0", "tink-signature", - "tink-streaming-aead", + "tink-streaming-aead 0.2.0", ] [[package]] diff --git a/streaming/Cargo.toml b/streaming/Cargo.toml index 2fe4e268..48b5d8ca 100644 --- a/streaming/Cargo.toml +++ b/streaming/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-streaming-aead" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -11,10 +11,9 @@ categories = ["cryptography"] [dependencies] aes = { version = "^0.7.4", features = ["ctr"] } -# Need the `std` feature for Error type conversion -aes-gcm = { version = "^0.9.2", features = ["std"] } -prost = "^0.8" -rand = "^0.7" -tink-core = "^0.2" -tink-mac = "^0.2" -tink-proto = "^0.2" +aes-gcm = { version = "^0.9.2" } +prost = { version = "^0.8", default-features = false } +rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +tink-core = { version = "^0.3", features = ["std"] } +tink-mac = "^0.3" +tink-proto = "^0.3" From 528da2e3fd9dd26bff7022903f1226d402766e1d Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:41:56 +0100 Subject: [PATCH 09/18] tink-signature: move to core+alloc This means that there are no details in errors, so remove the test for specific error text. --- Cargo.lock | 28 +++++++++++++++---- signature/Cargo.toml | 15 +++++----- signature/src/ecdsa_signer_key_manager.rs | 1 + signature/src/ecdsa_verifier_key_manager.rs | 1 + signature/src/ed25519_signer_key_manager.rs | 1 + signature/src/ed25519_verifier_key_manager.rs | 1 + signature/src/lib.rs | 18 +++++++----- signature/src/signature_key_templates.rs | 1 + signature/src/signer_factory.rs | 2 +- signature/src/subtle/ecdsa_common.rs | 1 + signature/src/subtle/ecdsa_signer.rs | 1 + signature/src/subtle/ecdsa_verifier.rs | 1 + signature/src/subtle/ed25519_signer.rs | 1 + signature/src/subtle/ed25519_verifier.rs | 1 + signature/src/verifier_factory.rs | 2 +- .../subtle/ed25519_signer_verifier_test.rs | 1 - 16 files changed, 54 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c925ffcc..535cce8e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -600,7 +600,7 @@ version = "0.2.0" dependencies = [ "hex", "tink-core 0.2.0", - "tink-signature", + "tink-signature 0.2.0", ] [[package]] @@ -1688,7 +1688,7 @@ dependencies = [ "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", - "tink-signature", + "tink-signature 0.2.0", "tink-streaming-aead 0.2.0", ] @@ -2365,18 +2365,36 @@ dependencies = [ [[package]] name = "tink-signature" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5b54df96bd2a0524d2ffb9f2b6aa9574a4c9a4834e7d8585907f5b04fcd0743" dependencies = [ "ecdsa", "ed25519-dalek", "generic-array", "p256", - "prost 0.8.0", + "prost 0.7.0", "rand 0.7.3", "signature", "tink-core 0.2.0", "tink-proto 0.2.0", ] +[[package]] +name = "tink-signature" +version = "0.3.0" +dependencies = [ + "ecdsa", + "ed25519-dalek", + "generic-array", + "p256", + "prost 0.8.0", + "rand 0.7.3", + "signature", + "spin 0.9.2", + "tink-core 0.3.0", + "tink-proto 0.3.0", +] + [[package]] name = "tink-streaming-aead" version = "0.2.0" @@ -2420,7 +2438,7 @@ dependencies = [ "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", - "tink-signature", + "tink-signature 0.2.0", "tink-streaming-aead 0.2.0", "tink-tests", "tokio", @@ -2453,7 +2471,7 @@ dependencies = [ "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", - "tink-signature", + "tink-signature 0.2.0", "tink-streaming-aead 0.2.0", ] diff --git a/signature/Cargo.toml b/signature/Cargo.toml index 8f94f8f9..09e2aa63 100644 --- a/signature/Cargo.toml +++ b/signature/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-signature" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -11,11 +11,12 @@ categories = ["cryptography"] [dependencies] ecdsa = { version = "^0.11", features = ["der"] } -ed25519-dalek = "^1.0.1" +ed25519-dalek = { version = "^1.0.1", default-features = false, features = ["rand", "u64_backend"]} generic-array = "^0.14.4" p256 = "^0.8.1" -prost = "^0.8" -rand = "^0.7" -signature = "^1.3" -tink-core = "^0.2" -tink-proto = "^0.2" +prost = { version = "^0.8", default-features = false } +rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +signature = { version = "^1.3", default-features = false } +spin = { version = "^0.9.2", features = ["once"] } +tink-core = "^0.3" +tink-proto = "^0.3" diff --git a/signature/src/ecdsa_signer_key_manager.rs b/signature/src/ecdsa_signer_key_manager.rs index 5c3ac064..3f01cb50 100644 --- a/signature/src/ecdsa_signer_key_manager.rs +++ b/signature/src/ecdsa_signer_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for ECDSA signing keys. +use alloc::{boxed::Box, format, string::ToString, vec::Vec}; use generic_array::typenum::Unsigned; use p256::elliptic_curve; use prost::Message; diff --git a/signature/src/ecdsa_verifier_key_manager.rs b/signature/src/ecdsa_verifier_key_manager.rs index 1eedec82..9bff82f2 100644 --- a/signature/src/ecdsa_verifier_key_manager.rs +++ b/signature/src/ecdsa_verifier_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for ECDSA verification keys. +use alloc::{boxed::Box, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/signature/src/ed25519_signer_key_manager.rs b/signature/src/ed25519_signer_key_manager.rs index 6f0f5d6b..7d878ef3 100644 --- a/signature/src/ed25519_signer_key_manager.rs +++ b/signature/src/ed25519_signer_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for ED25519 signing keys. +use alloc::{boxed::Box, format, string::ToString, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/signature/src/ed25519_verifier_key_manager.rs b/signature/src/ed25519_verifier_key_manager.rs index 8ab6a4a8..9a6d7b68 100644 --- a/signature/src/ed25519_verifier_key_manager.rs +++ b/signature/src/ed25519_verifier_key_manager.rs @@ -16,6 +16,7 @@ //! Key manager for ED25519 verification keys. +use alloc::{boxed::Box, format, vec::Vec}; use prost::Message; use tink_core::{utils::wrap_err, TinkError}; diff --git a/signature/src/lib.rs b/signature/src/lib.rs index a93cd7df..594175bd 100644 --- a/signature/src/lib.rs +++ b/signature/src/lib.rs @@ -19,8 +19,12 @@ //! To sign data using Tink you can use ECDSA or ED25519 key templates. #![deny(broken_intra_doc_links)] +#![no_std] -use std::sync::Once; +extern crate alloc; + +use alloc::sync::Arc; +use spin::{Mutex, Once}; use tink_core::registry::register_key_manager; mod ecdsa_signer_key_manager; @@ -46,22 +50,22 @@ pub mod subtle; /// port is based on. pub const UPSTREAM_VERSION: &str = "1.6.0"; -static INIT: Once = Once::new(); +static INIT: Mutex = Mutex::new(Once::new()); /// Initialize the `tink-signature` crate, registering its primitives so they are available via /// Tink. pub fn init() { - INIT.call_once(|| { + INIT.lock().call_once(|| { // ECDSA - register_key_manager(std::sync::Arc::new(EcdsaSignerKeyManager::default())) + register_key_manager(Arc::new(EcdsaSignerKeyManager::default())) .expect("tink_signature::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(EcdsaVerifierKeyManager::default())) + register_key_manager(Arc::new(EcdsaVerifierKeyManager::default())) .expect("tink_signature::init() failed"); // safe: init // Ed25519 - register_key_manager(std::sync::Arc::new(Ed25519SignerKeyManager::default())) + register_key_manager(Arc::new(Ed25519SignerKeyManager::default())) .expect("tink_signature::init() failed"); // safe: init - register_key_manager(std::sync::Arc::new(Ed25519VerifierKeyManager::default())) + register_key_manager(Arc::new(Ed25519VerifierKeyManager::default())) .expect("tink_signature::init() failed"); // safe: init tink_core::registry::register_template_generator("ECDSA_P256", ecdsa_p256_key_template); diff --git a/signature/src/signature_key_templates.rs b/signature/src/signature_key_templates.rs index fc50f4c4..9a3a3bd2 100644 --- a/signature/src/signature_key_templates.rs +++ b/signature/src/signature_key_templates.rs @@ -16,6 +16,7 @@ //! This module contains pre-generated KeyTemplates for Signer and Verifier. /// One can use these templates to generate new Keysets. +use alloc::{string::ToString, vec, vec::Vec}; use prost::Message; use tink_proto::KeyTemplate; diff --git a/signature/src/signer_factory.rs b/signature/src/signer_factory.rs index 65ade6d7..bfac153d 100644 --- a/signature/src/signer_factory.rs +++ b/signature/src/signer_factory.rs @@ -16,7 +16,7 @@ //! Factory methods for [`tink_core::Signer`] instances. -use std::sync::Arc; +use alloc::{boxed::Box, sync::Arc, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// Return a [`tink_core::Signer`] primitive from the given keyset handle. diff --git a/signature/src/subtle/ecdsa_common.rs b/signature/src/subtle/ecdsa_common.rs index 4cdc7f03..78438864 100644 --- a/signature/src/subtle/ecdsa_common.rs +++ b/signature/src/subtle/ecdsa_common.rs @@ -14,6 +14,7 @@ // //////////////////////////////////////////////////////////////////////////////// +use alloc::format; use tink_core::TinkError; use tink_proto::{EcdsaSignatureEncoding, EllipticCurveType, HashType}; diff --git a/signature/src/subtle/ecdsa_signer.rs b/signature/src/subtle/ecdsa_signer.rs index deb3f6bf..30d4ff26 100644 --- a/signature/src/subtle/ecdsa_signer.rs +++ b/signature/src/subtle/ecdsa_signer.rs @@ -14,6 +14,7 @@ // //////////////////////////////////////////////////////////////////////////////// +use alloc::{format, vec::Vec}; use generic_array::typenum::Unsigned; use p256::{ ecdsa::signature::{RandomizedSigner, Signature}, diff --git a/signature/src/subtle/ecdsa_verifier.rs b/signature/src/subtle/ecdsa_verifier.rs index 6f2b3c7f..9eb58a96 100644 --- a/signature/src/subtle/ecdsa_verifier.rs +++ b/signature/src/subtle/ecdsa_verifier.rs @@ -14,6 +14,7 @@ // //////////////////////////////////////////////////////////////////////////////// +use alloc::{format, vec}; use generic_array::typenum::Unsigned; use p256::{ ecdsa::{signature::Verifier, Signature}, diff --git a/signature/src/subtle/ed25519_signer.rs b/signature/src/subtle/ed25519_signer.rs index ebb6fbb2..6891cda9 100644 --- a/signature/src/subtle/ed25519_signer.rs +++ b/signature/src/subtle/ed25519_signer.rs @@ -14,6 +14,7 @@ // //////////////////////////////////////////////////////////////////////////////// +use alloc::vec::Vec; use signature::{Signature, Signer as RustCryptoSigner}; use tink_core::{utils::wrap_err, Signer, TinkError}; diff --git a/signature/src/subtle/ed25519_verifier.rs b/signature/src/subtle/ed25519_verifier.rs index c5ff0440..9d5c94fe 100644 --- a/signature/src/subtle/ed25519_verifier.rs +++ b/signature/src/subtle/ed25519_verifier.rs @@ -14,6 +14,7 @@ // //////////////////////////////////////////////////////////////////////////////// +use alloc::format; use signature::{Signature, Verifier as RustCryptoVerifier}; use tink_core::{utils::wrap_err, TinkError}; diff --git a/signature/src/verifier_factory.rs b/signature/src/verifier_factory.rs index 35708649..c1a98b46 100644 --- a/signature/src/verifier_factory.rs +++ b/signature/src/verifier_factory.rs @@ -16,7 +16,7 @@ //! Factory methods for [`tink_core::Verifier`] instances. -use std::sync::Arc; +use alloc::{boxed::Box, sync::Arc, vec::Vec}; use tink_core::{utils::wrap_err, TinkError}; /// Return a [`tink_core::Verifier`] primitive from the given keyset handle. diff --git a/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs b/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs index d31114e8..2e7808ca 100644 --- a/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs +++ b/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs @@ -297,6 +297,5 @@ fn test_ed25519_point_on_curve() { ]; let result = ed25519_dalek::PublicKey::from_bytes(&public_key_bytes); assert!(result.is_err()); - assert!(format!("{:?}", result).contains("Cannot decompress")); assert!(Ed25519Verifier::new(&public_key_bytes).is_err()); } From a65905402829fb4302cfec5b1dbee24d07001c50 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:43:30 +0100 Subject: [PATCH 10/18] tink-awskms: update deps --- Cargo.lock | 320 +++++++++++++++++++++++++++++++--- integration/awskms/Cargo.toml | 4 +- 2 files changed, 299 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 535cce8e..8f440fd9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,7 +63,7 @@ dependencies = [ "aes", "cipher", "cmac", - "crypto-mac", + "crypto-mac 0.11.0", "ctr", "dbl", "zeroize", @@ -148,6 +148,12 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +[[package]] +name = "base-x" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b" + [[package]] name = "base64" version = "0.13.0" @@ -264,7 +270,7 @@ dependencies = [ "num-integer", "num-traits", "serde", - "time", + "time 0.1.44", "winapi", ] @@ -298,7 +304,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b70e37282d9624283878ffda1d1e53883bcf868cf441bddda44127620b39572d" dependencies = [ - "crypto-mac", + "crypto-mac 0.11.0", "dbl", ] @@ -308,6 +314,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "279bc8fc53f788a75c7804af68237d1fce02cde1e275a886a4b320604dc2aeda" +[[package]] +name = "const_fn" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f92cfa0fd5690b3cf8c1ef2cabbd9b7ef22fa53cf5e1f92b05103f6d5d1cf6e7" + [[package]] name = "core-foundation" version = "0.7.0" @@ -358,6 +370,16 @@ dependencies = [ "cfg-if 0.1.10", ] +[[package]] +name = "crypto-mac" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "crypto-mac" version = "0.11.0" @@ -471,6 +493,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "discard" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0" + [[package]] name = "ecdsa" version = "0.11.1" @@ -479,7 +507,7 @@ checksum = "34d33b390ab82f2e1481e331dbd0530895640179d2128ef9a79cc690b78d1eba" dependencies = [ "der", "elliptic-curve", - "hmac", + "hmac 0.11.0", "signature", ] @@ -581,7 +609,7 @@ version = "0.2.0" dependencies = [ "hex", "tink-aead 0.2.0", - "tink-awskms", + "tink-awskms 0.2.0", "tink-core 0.2.0", ] @@ -869,7 +897,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" dependencies = [ "digest", - "hmac", + "hmac 0.11.0", +] + +[[package]] +name = "hmac" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15" +dependencies = [ + "crypto-mac 0.10.0", + "digest", ] [[package]] @@ -878,7 +916,7 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" dependencies = [ - "crypto-mac", + "crypto-mac 0.11.0", "digest", ] @@ -1098,6 +1136,12 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "md5" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771" + [[package]] name = "memchr" version = "2.4.0" @@ -1681,7 +1725,7 @@ version = "0.2.0" dependencies = [ "structopt", "tink-aead 0.2.0", - "tink-awskms", + "tink-awskms 0.2.0", "tink-core 0.2.0", "tink-daead 0.2.0", "tink-gcpkms", @@ -1692,6 +1736,31 @@ dependencies = [ "tink-streaming-aead 0.2.0", ] +[[package]] +name = "rusoto_core" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02aff20978970d47630f08de5f0d04799497818d16cafee5aec90c4b4d0806cf" +dependencies = [ + "async-trait", + "base64", + "bytes", + "crc32fast", + "futures", + "http", + "hyper", + "hyper-tls", + "lazy_static", + "log", + "rusoto_credential 0.46.0", + "rusoto_signature 0.46.0", + "rustc_version 0.2.3", + "serde", + "serde_json", + "tokio", + "xml-rs", +] + [[package]] name = "rusoto_core" version = "0.47.0" @@ -1708,15 +1777,33 @@ dependencies = [ "hyper-tls", "lazy_static", "log", - "rusoto_credential", - "rusoto_signature", - "rustc_version", + "rusoto_credential 0.47.0", + "rusoto_signature 0.47.0", + "rustc_version 0.4.0", "serde", "serde_json", "tokio", "xml-rs", ] +[[package]] +name = "rusoto_credential" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e91e4c25ea8bfa6247684ff635299015845113baaa93ba8169b9e565701b58e" +dependencies = [ + "async-trait", + "chrono", + "dirs-next", + "futures", + "hyper", + "serde", + "serde_json", + "shlex 0.1.1", + "tokio", + "zeroize", +] + [[package]] name = "rusoto_credential" version = "0.47.0" @@ -1730,11 +1817,25 @@ dependencies = [ "hyper", "serde", "serde_json", - "shlex", + "shlex 1.0.0", "tokio", "zeroize", ] +[[package]] +name = "rusoto_kms" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e5655f80886a4b0f6f57ca0921e38b4f96e5c70135dd8d6d2a7ee8e70f0e013" +dependencies = [ + "async-trait", + "bytes", + "futures", + "rusoto_core 0.46.0", + "serde", + "serde_json", +] + [[package]] name = "rusoto_kms" version = "0.47.0" @@ -1744,11 +1845,36 @@ dependencies = [ "async-trait", "bytes", "futures", - "rusoto_core", + "rusoto_core 0.47.0", "serde", "serde_json", ] +[[package]] +name = "rusoto_signature" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5486e6b1673ab3e0ba1ded284fb444845fe1b7f41d13989a54dd60f62a7b2baa" +dependencies = [ + "base64", + "bytes", + "futures", + "hex", + "hmac 0.10.1", + "http", + "hyper", + "log", + "md5", + "percent-encoding", + "pin-project-lite 0.2.4", + "rusoto_credential 0.46.0", + "rustc_version 0.2.3", + "serde", + "sha2", + "time 0.2.27", + "tokio", +] + [[package]] name = "rusoto_signature" version = "0.47.0" @@ -1761,27 +1887,36 @@ dependencies = [ "digest", "futures", "hex", - "hmac", + "hmac 0.11.0", "http", "hyper", "log", "md-5", "percent-encoding", "pin-project-lite 0.2.4", - "rusoto_credential", - "rustc_version", + "rusoto_credential 0.47.0", + "rustc_version 0.4.0", "serde", "sha2", "tokio", ] +[[package]] +name = "rustc_version" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" +dependencies = [ + "semver 0.9.0", +] + [[package]] name = "rustc_version" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver", + "semver 1.0.3", ] [[package]] @@ -1893,12 +2028,27 @@ dependencies = [ "libc", ] +[[package]] +name = "semver" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" +dependencies = [ + "semver-parser", +] + [[package]] name = "semver" version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f3aac57ee7f3272d8395c6e4f502f434f0e289fcd62876f70daa008c20dcabe" +[[package]] +name = "semver-parser" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" + [[package]] name = "serde" version = "1.0.126" @@ -1943,6 +2093,12 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "sha1" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d" + [[package]] name = "sha2" version = "0.9.5" @@ -1956,6 +2112,12 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "shlex" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" + [[package]] name = "shlex" version = "1.0.0" @@ -2022,6 +2184,64 @@ dependencies = [ "der", ] +[[package]] +name = "standback" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff" +dependencies = [ + "version_check", +] + +[[package]] +name = "stdweb" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5" +dependencies = [ + "discard", + "rustc_version 0.2.3", + "stdweb-derive", + "stdweb-internal-macros", + "stdweb-internal-runtime", + "wasm-bindgen", +] + +[[package]] +name = "stdweb-derive" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_derive", + "syn", +] + +[[package]] +name = "stdweb-internal-macros" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11" +dependencies = [ + "base-x", + "proc-macro2", + "quote", + "serde", + "serde_derive", + "serde_json", + "sha1", + "syn", +] + +[[package]] +name = "stdweb-internal-runtime" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0" + [[package]] name = "strsim" version = "0.8.0" @@ -2150,6 +2370,44 @@ dependencies = [ "winapi", ] +[[package]] +name = "time" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242" +dependencies = [ + "const_fn", + "libc", + "standback", + "stdweb", + "time-macros", + "version_check", + "winapi", +] + +[[package]] +name = "time-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1" +dependencies = [ + "proc-macro-hack", + "time-macros-impl", +] + +[[package]] +name = "time-macros-impl" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f" +dependencies = [ + "proc-macro-hack", + "proc-macro2", + "quote", + "standback", + "syn", +] + [[package]] name = "tink-aead" version = "0.2.0" @@ -2190,17 +2448,33 @@ dependencies = [ [[package]] name = "tink-awskms" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f02b526286c5f991c0d05944f76c01660268230b7fde8144706994e2b3d82" dependencies = [ "csv", "hex", "regex", - "rusoto_core", - "rusoto_credential", - "rusoto_kms", + "rusoto_core 0.46.0", + "rusoto_credential 0.46.0", + "rusoto_kms 0.46.0", "tink-core 0.2.0", "tokio", ] +[[package]] +name = "tink-awskms" +version = "0.3.0" +dependencies = [ + "csv", + "hex", + "regex", + "rusoto_core 0.47.0", + "rusoto_credential 0.47.0", + "rusoto_kms 0.47.0", + "tink-core 0.3.0", + "tokio", +] + [[package]] name = "tink-core" version = "0.2.0" @@ -2315,7 +2589,7 @@ dependencies = [ "cmac", "digest", "hkdf", - "hmac", + "hmac 0.11.0", "prost 0.7.0", "sha-1", "sha2", @@ -2331,7 +2605,7 @@ dependencies = [ "cmac", "digest", "hkdf", - "hmac", + "hmac 0.11.0", "prost 0.8.0", "sha-1", "sha2", @@ -2464,7 +2738,7 @@ dependencies = [ "serde_json", "tempfile", "tink-aead 0.2.0", - "tink-awskms", + "tink-awskms 0.2.0", "tink-core 0.2.0", "tink-daead 0.2.0", "tink-gcpkms", diff --git a/integration/awskms/Cargo.toml b/integration/awskms/Cargo.toml index 639d6323..4c7b9f18 100644 --- a/integration/awskms/Cargo.toml +++ b/integration/awskms/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-awskms" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -16,6 +16,6 @@ regex = "^1.5.4" rusoto_core = "^0.47" rusoto_credential = "^0.47" rusoto_kms = "^0.47" -tink-core = "^0.2" +tink-core = "^0.3" # Match the version of tokio required by rusoto_* v0.46.0 tokio = "^1.8" From 883a7a9de4a83bf43d71b9140c641ab8bdc9c530 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:45:03 +0100 Subject: [PATCH 11/18] tink-gcpkms: update deps --- Cargo.lock | 25 +++++++++++++++++++++++-- integration/gcpkms/Cargo.toml | 4 ++-- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8f440fd9..af9914a1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1728,7 +1728,7 @@ dependencies = [ "tink-awskms 0.2.0", "tink-core 0.2.0", "tink-daead 0.2.0", - "tink-gcpkms", + "tink-gcpkms 0.2.0", "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", @@ -2540,6 +2540,8 @@ dependencies = [ [[package]] name = "tink-gcpkms" version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff574cafdf268b310b2d4c20e8d66bf98ba35093e41f848dad9144a6e9e642e8" dependencies = [ "base64", "chrono", @@ -2556,6 +2558,25 @@ dependencies = [ "yup-oauth2", ] +[[package]] +name = "tink-gcpkms" +version = "0.3.0" +dependencies = [ + "base64", + "chrono", + "futures", + "http", + "hyper", + "hyper-rustls", + "lazy_static", + "percent-encoding", + "serde", + "serde_json", + "tink-core 0.3.0", + "tokio", + "yup-oauth2", +] + [[package]] name = "tink-mac" version = "0.2.0" @@ -2741,7 +2762,7 @@ dependencies = [ "tink-awskms 0.2.0", "tink-core 0.2.0", "tink-daead 0.2.0", - "tink-gcpkms", + "tink-gcpkms 0.2.0", "tink-mac 0.2.0", "tink-prf 0.2.0", "tink-proto 0.2.0", diff --git a/integration/gcpkms/Cargo.toml b/integration/gcpkms/Cargo.toml index c2f76a57..3bbe47d6 100644 --- a/integration/gcpkms/Cargo.toml +++ b/integration/gcpkms/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-gcpkms" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -20,6 +20,6 @@ lazy_static = "^1.4" percent-encoding = "^2.1" serde = { version = "^1.0", features = ["derive"] } serde_json = "^1.0.64" -tink-core = "^0.2" +tink-core = "^0.3" tokio = "^1.8" yup-oauth2 = "^5.1" From 7424ff7735446ff6e2655f2aa1d91579a926b3b3 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:46:23 +0100 Subject: [PATCH 12/18] rinkey: update deps --- Cargo.lock | 22 +++++++++++----------- rinkey/Cargo.toml | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index af9914a1..f2bad82f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1721,19 +1721,19 @@ dependencies = [ [[package]] name = "rinkey" -version = "0.2.0" +version = "0.3.0" dependencies = [ "structopt", - "tink-aead 0.2.0", - "tink-awskms 0.2.0", - "tink-core 0.2.0", - "tink-daead 0.2.0", - "tink-gcpkms 0.2.0", - "tink-mac 0.2.0", - "tink-prf 0.2.0", - "tink-proto 0.2.0", - "tink-signature 0.2.0", - "tink-streaming-aead 0.2.0", + "tink-aead 0.3.0", + "tink-awskms 0.3.0", + "tink-core 0.3.0", + "tink-daead 0.3.0", + "tink-gcpkms 0.3.0", + "tink-mac 0.3.0", + "tink-prf 0.3.0", + "tink-proto 0.3.0", + "tink-signature 0.3.0", + "tink-streaming-aead 0.3.0", ] [[package]] diff --git a/rinkey/Cargo.toml b/rinkey/Cargo.toml index 12a805ca..6042e5a7 100644 --- a/rinkey/Cargo.toml +++ b/rinkey/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rinkey" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -11,13 +11,13 @@ categories = ["cryptography", "command-line-utilities"] [dependencies] structopt = "^0.3.22" -tink-aead = "^0.2" -tink-awskms = "^0.2" -tink-core = { version = "^0.2", features = ["insecure", "json"] } -tink-daead = "^0.2" -tink-gcpkms = "^0.2" -tink-mac = "^0.2" -tink-prf = "^0.2" -tink-proto = "^0.2" -tink-signature = "^0.2" -tink-streaming-aead = "^0.2" +tink-aead = "^0.3" +tink-awskms = "^0.3" +tink-core = { version = "^0.3", features = ["insecure", "json"] } +tink-daead = "^0.3" +tink-gcpkms = "^0.3" +tink-mac = "^0.3" +tink-prf = "^0.3" +tink-proto = "^0.3" +tink-signature = "^0.3" +tink-streaming-aead = "^0.3" From 044dc261eb77531e91a3956561dabb54a01de465 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 09:58:24 +0100 Subject: [PATCH 13/18] tink-tests: update deps for std usage Move to use the same features of dependencies as the crates under test. This requires a shift from rand::thread_rng() to rand::rngs::OsRng. This crate still uses `std` though. --- Cargo.lock | 45 +++++-------------- testing/Cargo.toml | 2 +- tests/Cargo.toml | 36 +++++++-------- tests/src/lib.rs | 2 +- .../aead/subtle/chacha20poly1305_test.rs | 6 +-- .../aead/subtle/xchacha20poly1305_test.rs | 6 +-- .../subtle/ed25519_signer_verifier_test.rs | 10 ++--- tests/tests/streaming/integration_test.rs | 2 +- 8 files changed, 44 insertions(+), 65 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f2bad82f..88848196 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1728,7 +1728,7 @@ dependencies = [ "tink-awskms 0.3.0", "tink-core 0.3.0", "tink-daead 0.3.0", - "tink-gcpkms 0.3.0", + "tink-gcpkms", "tink-mac 0.3.0", "tink-prf 0.3.0", "tink-proto 0.3.0", @@ -2537,27 +2537,6 @@ dependencies = [ "tink-proto 0.3.0", ] -[[package]] -name = "tink-gcpkms" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff574cafdf268b310b2d4c20e8d66bf98ba35093e41f848dad9144a6e9e642e8" -dependencies = [ - "base64", - "chrono", - "futures", - "http", - "hyper", - "hyper-rustls", - "lazy_static", - "percent-encoding", - "serde", - "serde_json", - "tink-core 0.2.0", - "tokio", - "yup-oauth2", -] - [[package]] name = "tink-gcpkms" version = "0.3.0" @@ -2743,7 +2722,7 @@ dependencies = [ [[package]] name = "tink-tests" -version = "0.2.0" +version = "0.3.0" dependencies = [ "base64", "ed25519-dalek", @@ -2758,16 +2737,16 @@ dependencies = [ "serde", "serde_json", "tempfile", - "tink-aead 0.2.0", - "tink-awskms 0.2.0", - "tink-core 0.2.0", - "tink-daead 0.2.0", - "tink-gcpkms 0.2.0", - "tink-mac 0.2.0", - "tink-prf 0.2.0", - "tink-proto 0.2.0", - "tink-signature 0.2.0", - "tink-streaming-aead 0.2.0", + "tink-aead 0.3.0", + "tink-awskms 0.3.0", + "tink-core 0.3.0", + "tink-daead 0.3.0", + "tink-gcpkms", + "tink-mac 0.3.0", + "tink-prf 0.3.0", + "tink-proto 0.3.0", + "tink-signature 0.3.0", + "tink-streaming-aead 0.3.0", ] [[package]] diff --git a/testing/Cargo.toml b/testing/Cargo.toml index 47becbc2..e5d84294 100644 --- a/testing/Cargo.toml +++ b/testing/Cargo.toml @@ -27,7 +27,7 @@ tink-prf = "^0.2" tink-proto = "^0.2" tink-signature = "^0.2" tink-streaming-aead = "^0.2" -tink-tests = "^0.2" +tink-tests = "^0.3" tokio = { version = "^1.8", features = [ "macros", "rt-multi-thread", diff --git a/tests/Cargo.toml b/tests/Cargo.toml index f26983a6..61cc32af 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-tests" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -12,32 +12,32 @@ publish = false [dependencies] base64 = "^0.13" -ed25519-dalek = "^1.0.1" +ed25519-dalek = { version = "^1.0.1", default-features = false, features = ["rand", "u64_backend"]} generic-array = "^0.14.4" hex = "^0.4.3" p256 = "^0.8.1" -prost = "^0.8" -rand = "^0.7" +prost = { version = "^0.8", default-features = false } +rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } regex = "^1.5.4" serde = { version = "^1.0.126", features = ["derive"] } serde_json = "^1.0.64" -tink-core = { version = "^0.2", features = ["insecure", "json"] } -tink-aead = "^0.2" -tink-daead = "^0.2" -tink-mac = "^0.2" -tink-proto = "^0.2" +tink-core = { version = "^0.3", features = ["insecure", "json"] } +tink-aead = "^0.3" +tink-daead = "^0.3" +tink-mac = "^0.3" +tink-proto = "^0.3" [dev-dependencies] base64 = "^0.13" hex = "^0.4.3" -lazy_static = "^1.4" +lazy_static = { version = "^1.4", features = ["spin_no_std"] } maplit = "^1.0.2" tempfile = "^3.2" -tink-aead = "^0.2" -tink-awskms = "^0.2" -tink-daead = "^0.2" -tink-gcpkms = "^0.2" -tink-mac = "^0.2" -tink-prf = "^0.2" -tink-signature = "^0.2" -tink-streaming-aead = "^0.2" +tink-aead = "^0.3" +tink-awskms = "^0.3" +tink-daead = "^0.3" +tink-gcpkms = "^0.3" +tink-mac = "^0.3" +tink-prf = "^0.3" +tink-signature = "^0.3" +tink-streaming-aead = "^0.3" diff --git a/tests/src/lib.rs b/tests/src/lib.rs index db2a1354..88ccd4a0 100644 --- a/tests/src/lib.rs +++ b/tests/src/lib.rs @@ -387,7 +387,7 @@ pub fn get_ecdsa_params( /// Create an [`Ed25519PrivateKey`](tink_proto::Ed25519PrivateKey) with randomly generated key /// material. pub fn new_ed25519_private_key() -> tink_proto::Ed25519PrivateKey { - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = ed25519_dalek::Keypair::generate(&mut csprng); let public_proto = tink_proto::Ed25519PublicKey { diff --git a/tests/tests/aead/subtle/chacha20poly1305_test.rs b/tests/tests/aead/subtle/chacha20poly1305_test.rs index 6ae72c58..f5e87e2a 100644 --- a/tests/tests/aead/subtle/chacha20poly1305_test.rs +++ b/tests/tests/aead/subtle/chacha20poly1305_test.rs @@ -15,7 +15,7 @@ //////////////////////////////////////////////////////////////////////////////// use super::{chacha20poly1305_vectors::*, wycheproof::*}; -use rand::{thread_rng, Rng}; +use rand::{rngs::OsRng, Rng}; use std::collections::HashSet; use tink_aead::subtle; use tink_core::{subtle::random::get_random_bytes, Aead}; @@ -172,7 +172,7 @@ fn test_cha_cha20_poly1305_modify_ciphertext() { .unwrap_or_else(|e| panic!("#{}: encrypt failed: {:?}", i, e)); if !aad.is_empty() { - let alter_aad_idx = thread_rng().gen_range(0, aad.len()); + let alter_aad_idx = OsRng.gen_range(0, aad.len()); aad[alter_aad_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), @@ -182,7 +182,7 @@ fn test_cha_cha20_poly1305_modify_ciphertext() { aad[alter_aad_idx] ^= 0x80; } - let alter_ct_idx = thread_rng().gen_range(0, ct.len()); + let alter_ct_idx = OsRng.gen_range(0, ct.len()); ct[alter_ct_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), diff --git a/tests/tests/aead/subtle/xchacha20poly1305_test.rs b/tests/tests/aead/subtle/xchacha20poly1305_test.rs index aa22ef36..4a7ab0ee 100644 --- a/tests/tests/aead/subtle/xchacha20poly1305_test.rs +++ b/tests/tests/aead/subtle/xchacha20poly1305_test.rs @@ -15,7 +15,7 @@ //////////////////////////////////////////////////////////////////////////////// use super::{wycheproof::*, xchacha20poly1305_vectors::*}; -use rand::{thread_rng, Rng}; +use rand::{rngs::OsRng, Rng}; use std::collections::HashSet; use tink_aead::subtle; use tink_core::{subtle::random::get_random_bytes, Aead}; @@ -173,7 +173,7 @@ fn test_x_cha_cha20_poly1305_modify_ciphertext() { .unwrap_or_else(|e| panic!("#{}: encrypt failed: {:?}", i, e)); if !aad.is_empty() { - let alter_aad_idx = thread_rng().gen_range(0, aad.len()); + let alter_aad_idx = OsRng.gen_range(0, aad.len()); aad[alter_aad_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), @@ -183,7 +183,7 @@ fn test_x_cha_cha20_poly1305_modify_ciphertext() { aad[alter_aad_idx] ^= 0x80; } - let alter_ct_idx = thread_rng().gen_range(0, ct.len()); + let alter_ct_idx = OsRng.gen_range(0, ct.len()); ct[alter_ct_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), diff --git a/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs b/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs index 2e7808ca..005416df 100644 --- a/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs +++ b/tests/tests/signature/subtle/ed25519_signer_verifier_test.rs @@ -23,7 +23,7 @@ use tink_tests::WycheproofResult; #[test] fn test_ed25519_deterministic() { let data = get_random_bytes(20); - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = Keypair::generate(&mut csprng); // Use the private key and public key directly to create new instances @@ -46,7 +46,7 @@ fn test_ed25519_deterministic() { #[test] fn test_ed25519_verify_modified_signature() { let data = get_random_bytes(20); - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = Keypair::generate(&mut csprng); // Use the private key and public key directly to create new instances @@ -73,7 +73,7 @@ fn test_ed25519_verify_modified_signature() { #[test] fn test_ed25519_verify_truncated_signature() { let data = get_random_bytes(20); - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = Keypair::generate(&mut csprng); // Use the private key and public key directly to create new instances @@ -89,7 +89,7 @@ fn test_ed25519_verify_truncated_signature() { #[test] fn test_ed25519_verify_modified_message() { let mut data = get_random_bytes(20); - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = Keypair::generate(&mut csprng); // Use the private key and public key directly to create new instances @@ -114,7 +114,7 @@ fn test_ed25519_verify_modified_message() { } #[test] fn test_ed25519_sign_verify() { - let mut csprng = rand::thread_rng(); + let mut csprng = rand::rngs::OsRng; let keypair = Keypair::generate(&mut csprng); let seed = keypair.secret.as_bytes().to_vec(); diff --git a/tests/tests/streaming/integration_test.rs b/tests/tests/streaming/integration_test.rs index 6098f71f..139d596c 100644 --- a/tests/tests/streaming/integration_test.rs +++ b/tests/tests/streaming/integration_test.rs @@ -174,7 +174,7 @@ impl std::io::Read for PartialReader { // when more data is available. This is valid for Rust's `std::io::Read`, but // would not be valid for an `io::Writer` in Go. fn read(&mut self, buf: &mut [u8]) -> std::io::Result { - if rand::thread_rng().gen_range(0, 3) == 0 { + if rand::rngs::OsRng.gen_range(0, 3) == 0 { // Randomly pretend to have been interrupted. return Err(std::io::Error::new( std::io::ErrorKind::Interrupted, From 80c826a86dc55f5b949bba8a30575bf77709d244 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 10:08:26 +0100 Subject: [PATCH 14/18] tink-testing: update deps --- Cargo.lock | 22 +++++++++------------- testing/Cargo.toml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 88848196..c52f84d9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2486,8 +2486,6 @@ dependencies = [ "lazy_static", "prost 0.7.0", "rand 0.7.3", - "serde", - "serde_json", "sha-1", "sha2", "subtle", @@ -2620,10 +2618,8 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6f097af9d2db1a08ea01008f88bc803d8bda25c13bfdc076df7449da907e259f" dependencies = [ - "base64", "prost 0.7.0", "prost-build 0.7.0", - "serde", ] [[package]] @@ -2699,21 +2695,21 @@ dependencies = [ [[package]] name = "tink-testing-server" -version = "0.2.0" +version = "0.3.0" dependencies = [ "env_logger", "futures", "log", "prost 0.8.0", "structopt", - "tink-aead 0.2.0", - "tink-core 0.2.0", - "tink-daead 0.2.0", - "tink-mac 0.2.0", - "tink-prf 0.2.0", - "tink-proto 0.2.0", - "tink-signature 0.2.0", - "tink-streaming-aead 0.2.0", + "tink-aead 0.3.0", + "tink-core 0.3.0", + "tink-daead 0.3.0", + "tink-mac 0.3.0", + "tink-prf 0.3.0", + "tink-proto 0.3.0", + "tink-signature 0.3.0", + "tink-streaming-aead 0.3.0", "tink-tests", "tokio", "tonic", diff --git a/testing/Cargo.toml b/testing/Cargo.toml index e5d84294..509db595 100644 --- a/testing/Cargo.toml +++ b/testing/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tink-testing-server" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -16,17 +16,17 @@ futures = "^0.3.15" log = "^0.4.14" prost = "^0.8" structopt = "^0.3.22" -tink-aead = "^0.2" -tink-core = { version = "^0.2", features = [ +tink-aead = "^0.3" +tink-core = { version = "^0.3", features = [ "insecure", "json", ] } -tink-daead = "^0.2" -tink-mac = "^0.2" -tink-prf = "^0.2" -tink-proto = "^0.2" -tink-signature = "^0.2" -tink-streaming-aead = "^0.2" +tink-daead = "^0.3" +tink-mac = "^0.3" +tink-prf = "^0.3" +tink-proto = "^0.3" +tink-signature = "^0.3" +tink-streaming-aead = "^0.3" tink-tests = "^0.3" tokio = { version = "^1.8", features = [ "macros", From e05b038dfc760a630d61cd091a495c6c8763ea13 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 10:09:18 +0100 Subject: [PATCH 15/18] examples: update deps --- Cargo.lock | 673 ++++++---------------------------- examples/aead/Cargo.toml | 6 +- examples/daead/Cargo.toml | 6 +- examples/keygen/Cargo.toml | 6 +- examples/keymgr/Cargo.toml | 6 +- examples/kms/Cargo.toml | 8 +- examples/mac/Cargo.toml | 6 +- examples/signature/Cargo.toml | 6 +- examples/streaming/Cargo.toml | 6 +- 9 files changed, 133 insertions(+), 590 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c52f84d9..7129229c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,7 +63,7 @@ dependencies = [ "aes", "cipher", "cmac", - "crypto-mac 0.11.0", + "crypto-mac", "ctr", "dbl", "zeroize", @@ -148,12 +148,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" -[[package]] -name = "base-x" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b" - [[package]] name = "base64" version = "0.13.0" @@ -270,7 +264,7 @@ dependencies = [ "num-integer", "num-traits", "serde", - "time 0.1.44", + "time", "winapi", ] @@ -304,7 +298,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b70e37282d9624283878ffda1d1e53883bcf868cf441bddda44127620b39572d" dependencies = [ - "crypto-mac 0.11.0", + "crypto-mac", "dbl", ] @@ -314,12 +308,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "279bc8fc53f788a75c7804af68237d1fce02cde1e275a886a4b320604dc2aeda" -[[package]] -name = "const_fn" -version = "0.4.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f92cfa0fd5690b3cf8c1ef2cabbd9b7ef22fa53cf5e1f92b05103f6d5d1cf6e7" - [[package]] name = "core-foundation" version = "0.7.0" @@ -370,16 +358,6 @@ dependencies = [ "cfg-if 0.1.10", ] -[[package]] -name = "crypto-mac" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "crypto-mac" version = "0.11.0" @@ -493,12 +471,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "discard" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0" - [[package]] name = "ecdsa" version = "0.11.1" @@ -507,7 +479,7 @@ checksum = "34d33b390ab82f2e1481e331dbd0530895640179d2128ef9a79cc690b78d1eba" dependencies = [ "der", "elliptic-curve", - "hmac 0.11.0", + "hmac", "signature", ] @@ -529,7 +501,6 @@ dependencies = [ "curve25519-dalek", "ed25519", "rand 0.7.3", - "serde", "sha2", "zeroize", ] @@ -571,73 +542,73 @@ dependencies = [ [[package]] name = "example-aead" -version = "0.2.0" +version = "0.3.0" dependencies = [ "hex", - "tink-aead 0.2.0", - "tink-core 0.2.0", + "tink-aead", + "tink-core", ] [[package]] name = "example-daead" -version = "0.2.0" +version = "0.3.0" dependencies = [ "hex", - "tink-core 0.2.0", - "tink-daead 0.2.0", + "tink-core", + "tink-daead", ] [[package]] name = "example-keygen" -version = "0.2.0" +version = "0.3.0" dependencies = [ - "tink-core 0.2.0", - "tink-daead 0.2.0", + "tink-core", + "tink-daead", ] [[package]] name = "example-keymgr" -version = "0.2.0" +version = "0.3.0" dependencies = [ - "tink-aead 0.2.0", - "tink-core 0.2.0", + "tink-aead", + "tink-core", ] [[package]] name = "example-kms" -version = "0.2.0" +version = "0.3.0" dependencies = [ "hex", - "tink-aead 0.2.0", - "tink-awskms 0.2.0", - "tink-core 0.2.0", + "tink-aead", + "tink-awskms", + "tink-core", ] [[package]] name = "example-mac" -version = "0.2.0" +version = "0.3.0" dependencies = [ "hex", - "tink-core 0.2.0", - "tink-mac 0.2.0", + "tink-core", + "tink-mac", ] [[package]] name = "example-signature" -version = "0.2.0" +version = "0.3.0" dependencies = [ "hex", - "tink-core 0.2.0", - "tink-signature 0.2.0", + "tink-core", + "tink-signature", ] [[package]] name = "example-streaming" -version = "0.2.0" +version = "0.3.0" dependencies = [ "tempfile", - "tink-core 0.2.0", - "tink-streaming-aead 0.2.0", + "tink-core", + "tink-streaming-aead", ] [[package]] @@ -897,17 +868,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" dependencies = [ "digest", - "hmac 0.11.0", -] - -[[package]] -name = "hmac" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15" -dependencies = [ - "crypto-mac 0.10.0", - "digest", + "hmac", ] [[package]] @@ -916,7 +877,7 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" dependencies = [ - "crypto-mac 0.11.0", + "crypto-mac", "digest", ] @@ -1047,15 +1008,6 @@ dependencies = [ "hashbrown", ] -[[package]] -name = "itertools" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "284f18f85651fe11e8a991b2adb42cb078325c996ed026d994719efcfca1d54b" -dependencies = [ - "either", -] - [[package]] name = "itertools" version = "0.10.1" @@ -1136,12 +1088,6 @@ dependencies = [ "opaque-debug", ] -[[package]] -name = "md5" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771" - [[package]] name = "memchr" version = "2.4.0" @@ -1452,16 +1398,6 @@ dependencies = [ "unicode-xid", ] -[[package]] -name = "prost" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e6984d2f1a23009bd270b8bb56d0926810a3d483f59c987d77969e9d8e840b2" -dependencies = [ - "bytes", - "prost-derive 0.7.0", -] - [[package]] name = "prost" version = "0.8.0" @@ -1469,25 +1405,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" dependencies = [ "bytes", - "prost-derive 0.8.0", -] - -[[package]] -name = "prost-build" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32d3ebd75ac2679c2af3a92246639f9fcc8a442ee420719cc4fe195b98dd5fa3" -dependencies = [ - "bytes", - "heck", - "itertools 0.9.0", - "log", - "multimap", - "petgraph", - "prost 0.7.0", - "prost-types 0.7.0", - "tempfile", - "which", + "prost-derive", ] [[package]] @@ -1498,29 +1416,16 @@ checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" dependencies = [ "bytes", "heck", - "itertools 0.10.1", + "itertools", "log", "multimap", "petgraph", - "prost 0.8.0", - "prost-types 0.8.0", + "prost", + "prost-types", "tempfile", "which", ] -[[package]] -name = "prost-derive" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "169a15f3008ecb5160cba7d37bcd690a7601b6d30cfb87a117d45e59d52af5d4" -dependencies = [ - "anyhow", - "itertools 0.9.0", - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "prost-derive" version = "0.8.0" @@ -1528,22 +1433,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" dependencies = [ "anyhow", - "itertools 0.10.1", + "itertools", "proc-macro2", "quote", "syn", ] -[[package]] -name = "prost-types" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b518d7cdd93dab1d1122cf07fa9a60771836c668dde9d9e2a139f957f0d9f1bb" -dependencies = [ - "bytes", - "prost 0.7.0", -] - [[package]] name = "prost-types" version = "0.8.0" @@ -1551,7 +1446,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" dependencies = [ "bytes", - "prost 0.8.0", + "prost", ] [[package]] @@ -1576,7 +1471,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" dependencies = [ "getrandom 0.1.15", - "libc", "rand_chacha 0.2.2", "rand_core 0.5.1", "rand_hc 0.2.0", @@ -1724,41 +1618,16 @@ name = "rinkey" version = "0.3.0" dependencies = [ "structopt", - "tink-aead 0.3.0", - "tink-awskms 0.3.0", - "tink-core 0.3.0", - "tink-daead 0.3.0", + "tink-aead", + "tink-awskms", + "tink-core", + "tink-daead", "tink-gcpkms", - "tink-mac 0.3.0", - "tink-prf 0.3.0", - "tink-proto 0.3.0", - "tink-signature 0.3.0", - "tink-streaming-aead 0.3.0", -] - -[[package]] -name = "rusoto_core" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02aff20978970d47630f08de5f0d04799497818d16cafee5aec90c4b4d0806cf" -dependencies = [ - "async-trait", - "base64", - "bytes", - "crc32fast", - "futures", - "http", - "hyper", - "hyper-tls", - "lazy_static", - "log", - "rusoto_credential 0.46.0", - "rusoto_signature 0.46.0", - "rustc_version 0.2.3", - "serde", - "serde_json", - "tokio", - "xml-rs", + "tink-mac", + "tink-prf", + "tink-proto", + "tink-signature", + "tink-streaming-aead", ] [[package]] @@ -1777,33 +1646,15 @@ dependencies = [ "hyper-tls", "lazy_static", "log", - "rusoto_credential 0.47.0", - "rusoto_signature 0.47.0", - "rustc_version 0.4.0", + "rusoto_credential", + "rusoto_signature", + "rustc_version", "serde", "serde_json", "tokio", "xml-rs", ] -[[package]] -name = "rusoto_credential" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e91e4c25ea8bfa6247684ff635299015845113baaa93ba8169b9e565701b58e" -dependencies = [ - "async-trait", - "chrono", - "dirs-next", - "futures", - "hyper", - "serde", - "serde_json", - "shlex 0.1.1", - "tokio", - "zeroize", -] - [[package]] name = "rusoto_credential" version = "0.47.0" @@ -1817,25 +1668,11 @@ dependencies = [ "hyper", "serde", "serde_json", - "shlex 1.0.0", + "shlex", "tokio", "zeroize", ] -[[package]] -name = "rusoto_kms" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e5655f80886a4b0f6f57ca0921e38b4f96e5c70135dd8d6d2a7ee8e70f0e013" -dependencies = [ - "async-trait", - "bytes", - "futures", - "rusoto_core 0.46.0", - "serde", - "serde_json", -] - [[package]] name = "rusoto_kms" version = "0.47.0" @@ -1845,36 +1682,11 @@ dependencies = [ "async-trait", "bytes", "futures", - "rusoto_core 0.47.0", + "rusoto_core", "serde", "serde_json", ] -[[package]] -name = "rusoto_signature" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5486e6b1673ab3e0ba1ded284fb444845fe1b7f41d13989a54dd60f62a7b2baa" -dependencies = [ - "base64", - "bytes", - "futures", - "hex", - "hmac 0.10.1", - "http", - "hyper", - "log", - "md5", - "percent-encoding", - "pin-project-lite 0.2.4", - "rusoto_credential 0.46.0", - "rustc_version 0.2.3", - "serde", - "sha2", - "time 0.2.27", - "tokio", -] - [[package]] name = "rusoto_signature" version = "0.47.0" @@ -1887,36 +1699,27 @@ dependencies = [ "digest", "futures", "hex", - "hmac 0.11.0", + "hmac", "http", "hyper", "log", "md-5", "percent-encoding", "pin-project-lite 0.2.4", - "rusoto_credential 0.47.0", - "rustc_version 0.4.0", + "rusoto_credential", + "rustc_version", "serde", "sha2", "tokio", ] -[[package]] -name = "rustc_version" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" -dependencies = [ - "semver 0.9.0", -] - [[package]] name = "rustc_version" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.3", + "semver", ] [[package]] @@ -2028,27 +1831,12 @@ dependencies = [ "libc", ] -[[package]] -name = "semver" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" -dependencies = [ - "semver-parser", -] - [[package]] name = "semver" version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f3aac57ee7f3272d8395c6e4f502f434f0e289fcd62876f70daa008c20dcabe" -[[package]] -name = "semver-parser" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" - [[package]] name = "serde" version = "1.0.126" @@ -2093,12 +1881,6 @@ dependencies = [ "opaque-debug", ] -[[package]] -name = "sha1" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d" - [[package]] name = "sha2" version = "0.9.5" @@ -2112,12 +1894,6 @@ dependencies = [ "opaque-debug", ] -[[package]] -name = "shlex" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" - [[package]] name = "shlex" version = "1.0.0" @@ -2184,64 +1960,6 @@ dependencies = [ "der", ] -[[package]] -name = "standback" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff" -dependencies = [ - "version_check", -] - -[[package]] -name = "stdweb" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5" -dependencies = [ - "discard", - "rustc_version 0.2.3", - "stdweb-derive", - "stdweb-internal-macros", - "stdweb-internal-runtime", - "wasm-bindgen", -] - -[[package]] -name = "stdweb-derive" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_derive", - "syn", -] - -[[package]] -name = "stdweb-internal-macros" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11" -dependencies = [ - "base-x", - "proc-macro2", - "quote", - "serde", - "serde_derive", - "serde_json", - "sha1", - "syn", -] - -[[package]] -name = "stdweb-internal-runtime" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0" - [[package]] name = "strsim" version = "0.8.0" @@ -2370,63 +2088,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "time" -version = "0.2.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242" -dependencies = [ - "const_fn", - "libc", - "standback", - "stdweb", - "time-macros", - "version_check", - "winapi", -] - -[[package]] -name = "time-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1" -dependencies = [ - "proc-macro-hack", - "time-macros-impl", -] - -[[package]] -name = "time-macros-impl" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f" -dependencies = [ - "proc-macro-hack", - "proc-macro2", - "quote", - "standback", - "syn", -] - -[[package]] -name = "tink-aead" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42721a0582f6058024a2669a7b2fbbfa1c04153332e08fe6e335dd8e8b7ee6d" -dependencies = [ - "aead", - "aes", - "aes-gcm", - "aes-gcm-siv", - "chacha20poly1305", - "generic-array", - "prost 0.7.0", - "rand 0.7.3", - "tink-core 0.2.0", - "tink-mac 0.2.0", - "tink-proto 0.2.0", -] - [[package]] name = "tink-aead" version = "0.3.0" @@ -2437,28 +2098,12 @@ dependencies = [ "aes-gcm-siv", "chacha20poly1305", "generic-array", - "prost 0.8.0", + "prost", "rand 0.7.3", "spin 0.9.2", - "tink-core 0.3.0", - "tink-mac 0.3.0", - "tink-proto 0.3.0", -] - -[[package]] -name = "tink-awskms" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5f02b526286c5f991c0d05944f76c01660268230b7fde8144706994e2b3d82" -dependencies = [ - "csv", - "hex", - "regex", - "rusoto_core 0.46.0", - "rusoto_credential 0.46.0", - "rusoto_kms 0.46.0", - "tink-core 0.2.0", - "tokio", + "tink-core", + "tink-mac", + "tink-proto", ] [[package]] @@ -2468,30 +2113,13 @@ dependencies = [ "csv", "hex", "regex", - "rusoto_core 0.47.0", - "rusoto_credential 0.47.0", - "rusoto_kms 0.47.0", - "tink-core 0.3.0", + "rusoto_core", + "rusoto_credential", + "rusoto_kms", + "tink-core", "tokio", ] -[[package]] -name = "tink-core" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7fefcbc7d04471b83ca8b3c445c376d45a8ab8fc35c3aa215df51f90aa95737" -dependencies = [ - "digest", - "hkdf", - "lazy_static", - "prost 0.7.0", - "rand 0.7.3", - "sha-1", - "sha2", - "subtle", - "tink-proto 0.2.0", -] - [[package]] name = "tink-core" version = "0.3.0" @@ -2499,7 +2127,7 @@ dependencies = [ "digest", "hkdf", "lazy_static", - "prost 0.8.0", + "prost", "rand 0.7.3", "serde", "serde_json", @@ -2507,20 +2135,7 @@ dependencies = [ "sha2", "spin 0.9.2", "subtle", - "tink-proto 0.3.0", -] - -[[package]] -name = "tink-daead" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc4f26fc8337a45a073e2c49676215838d7c57004e25d31ebc7f1438c15caf45" -dependencies = [ - "aead", - "aes-siv", - "prost 0.7.0", - "tink-core 0.2.0", - "tink-proto 0.2.0", + "tink-proto", ] [[package]] @@ -2529,10 +2144,10 @@ version = "0.3.0" dependencies = [ "aead", "aes-siv", - "prost 0.8.0", + "prost", "spin 0.9.2", - "tink-core 0.3.0", - "tink-proto 0.3.0", + "tink-core", + "tink-proto", ] [[package]] @@ -2549,50 +2164,20 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "tink-core 0.3.0", + "tink-core", "tokio", "yup-oauth2", ] -[[package]] -name = "tink-mac" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4e4cfdad0b51ddd727a51245e860b97ae931be05f99dd98bb7a51b1b19e5a97" -dependencies = [ - "prost 0.7.0", - "tink-core 0.2.0", - "tink-prf 0.2.0", - "tink-proto 0.2.0", -] - [[package]] name = "tink-mac" version = "0.3.0" dependencies = [ - "prost 0.8.0", + "prost", "spin 0.9.2", - "tink-core 0.3.0", - "tink-prf 0.3.0", - "tink-proto 0.3.0", -] - -[[package]] -name = "tink-prf" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ae8bd3f58adff2c1fb3286c9a8ab1c0964045614778595ec9877b9f6ba98d38" -dependencies = [ - "aes", - "cmac", - "digest", - "hkdf", - "hmac 0.11.0", - "prost 0.7.0", - "sha-1", - "sha2", - "tink-core 0.2.0", - "tink-proto 0.2.0", + "tink-core", + "tink-prf", + "tink-proto", ] [[package]] @@ -2603,23 +2188,13 @@ dependencies = [ "cmac", "digest", "hkdf", - "hmac 0.11.0", - "prost 0.8.0", + "hmac", + "prost", "sha-1", "sha2", "spin 0.9.2", - "tink-core 0.3.0", - "tink-proto 0.3.0", -] - -[[package]] -name = "tink-proto" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f097af9d2db1a08ea01008f88bc803d8bda25c13bfdc076df7449da907e259f" -dependencies = [ - "prost 0.7.0", - "prost-build 0.7.0", + "tink-core", + "tink-proto", ] [[package]] @@ -2627,28 +2202,11 @@ name = "tink-proto" version = "0.3.0" dependencies = [ "base64", - "prost 0.8.0", - "prost-build 0.8.0", + "prost", + "prost-build", "serde", ] -[[package]] -name = "tink-signature" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5b54df96bd2a0524d2ffb9f2b6aa9574a4c9a4834e7d8585907f5b04fcd0743" -dependencies = [ - "ecdsa", - "ed25519-dalek", - "generic-array", - "p256", - "prost 0.7.0", - "rand 0.7.3", - "signature", - "tink-core 0.2.0", - "tink-proto 0.2.0", -] - [[package]] name = "tink-signature" version = "0.3.0" @@ -2657,27 +2215,12 @@ dependencies = [ "ed25519-dalek", "generic-array", "p256", - "prost 0.8.0", + "prost", "rand 0.7.3", "signature", "spin 0.9.2", - "tink-core 0.3.0", - "tink-proto 0.3.0", -] - -[[package]] -name = "tink-streaming-aead" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59c06fe5f8643ab730304a797dd8c802ceddde14750d142714a22c7ca6323863" -dependencies = [ - "aes", - "aes-gcm", - "prost 0.7.0", - "rand 0.7.3", - "tink-core 0.2.0", - "tink-mac 0.2.0", - "tink-proto 0.2.0", + "tink-core", + "tink-proto", ] [[package]] @@ -2686,11 +2229,11 @@ version = "0.3.0" dependencies = [ "aes", "aes-gcm", - "prost 0.8.0", + "prost", "rand 0.7.3", - "tink-core 0.3.0", - "tink-mac 0.3.0", - "tink-proto 0.3.0", + "tink-core", + "tink-mac", + "tink-proto", ] [[package]] @@ -2700,16 +2243,16 @@ dependencies = [ "env_logger", "futures", "log", - "prost 0.8.0", + "prost", "structopt", - "tink-aead 0.3.0", - "tink-core 0.3.0", - "tink-daead 0.3.0", - "tink-mac 0.3.0", - "tink-prf 0.3.0", - "tink-proto 0.3.0", - "tink-signature 0.3.0", - "tink-streaming-aead 0.3.0", + "tink-aead", + "tink-core", + "tink-daead", + "tink-mac", + "tink-prf", + "tink-proto", + "tink-signature", + "tink-streaming-aead", "tink-tests", "tokio", "tonic", @@ -2727,22 +2270,22 @@ dependencies = [ "lazy_static", "maplit", "p256", - "prost 0.8.0", + "prost", "rand 0.7.3", "regex", "serde", "serde_json", "tempfile", - "tink-aead 0.3.0", - "tink-awskms 0.3.0", - "tink-core 0.3.0", - "tink-daead 0.3.0", + "tink-aead", + "tink-awskms", + "tink-core", + "tink-daead", "tink-gcpkms", - "tink-mac 0.3.0", - "tink-prf 0.3.0", - "tink-proto 0.3.0", - "tink-signature 0.3.0", - "tink-streaming-aead 0.3.0", + "tink-mac", + "tink-prf", + "tink-proto", + "tink-signature", + "tink-streaming-aead", ] [[package]] @@ -2865,8 +2408,8 @@ dependencies = [ "hyper-timeout", "percent-encoding", "pin-project 1.0.2", - "prost 0.8.0", - "prost-derive 0.8.0", + "prost", + "prost-derive", "tokio", "tokio-stream", "tokio-util", @@ -2884,7 +2427,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d12faebbe071b06f486be82cc9318350814fdd07fcb28f3690840cd770599283" dependencies = [ "proc-macro2", - "prost-build 0.8.0", + "prost-build", "quote", "syn", ] diff --git a/examples/aead/Cargo.toml b/examples/aead/Cargo.toml index 3163f13e..2a2f001a 100644 --- a/examples/aead/Cargo.toml +++ b/examples/aead/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-aead" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,5 +8,5 @@ publish = false [dependencies] hex = "^0.4.3" -tink-aead = "^0.2" -tink-core = "^0.2" +tink-aead = "^0.3" +tink-core = "^0.3" diff --git a/examples/daead/Cargo.toml b/examples/daead/Cargo.toml index dae5b95a..09d33132 100644 --- a/examples/daead/Cargo.toml +++ b/examples/daead/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-daead" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,5 +8,5 @@ publish = false [dependencies] hex = "^0.4.3" -tink-core = "^0.2" -tink-daead = "^0.2" +tink-core = "^0.3" +tink-daead = "^0.3" diff --git a/examples/keygen/Cargo.toml b/examples/keygen/Cargo.toml index 04a6db49..11c03740 100644 --- a/examples/keygen/Cargo.toml +++ b/examples/keygen/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "example-keygen" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" publish = false [dependencies] -tink-core = "^0.2" -tink-daead = "^0.2" +tink-core = "^0.3" +tink-daead = "^0.3" diff --git a/examples/keymgr/Cargo.toml b/examples/keymgr/Cargo.toml index c443c4c4..d8bc6c8e 100644 --- a/examples/keymgr/Cargo.toml +++ b/examples/keymgr/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "example-keymgr" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" publish = false [dependencies] -tink-aead = "^0.2" -tink-core = "^0.2" +tink-aead = "^0.3" +tink-core = "^0.3" diff --git a/examples/kms/Cargo.toml b/examples/kms/Cargo.toml index 821447a3..1fd90372 100644 --- a/examples/kms/Cargo.toml +++ b/examples/kms/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-kms" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,6 +8,6 @@ publish = false [dependencies] hex = "^0.4.3" -tink-aead = "^0.2" -tink-core = { version = "^0.2", features = ["insecure"] } -tink-awskms = "^0.2" +tink-aead = "^0.3" +tink-core = { version = "^0.3", features = ["insecure"] } +tink-awskms = "^0.3" diff --git a/examples/mac/Cargo.toml b/examples/mac/Cargo.toml index 8293081c..d06c01e9 100644 --- a/examples/mac/Cargo.toml +++ b/examples/mac/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-mac" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,5 +8,5 @@ publish = false [dependencies] hex = "^0.4.3" -tink-core = "^0.2" -tink-mac = "^0.2" +tink-core = "^0.3" +tink-mac = "^0.3" diff --git a/examples/signature/Cargo.toml b/examples/signature/Cargo.toml index 9de358a6..c101f06d 100644 --- a/examples/signature/Cargo.toml +++ b/examples/signature/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-signature" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,5 +8,5 @@ publish = false [dependencies] hex = "^0.4.3" -tink-core = "^0.2" -tink-signature = "^0.2" +tink-core = "^0.3" +tink-signature = "^0.3" diff --git a/examples/streaming/Cargo.toml b/examples/streaming/Cargo.toml index 4233f78d..b2283079 100644 --- a/examples/streaming/Cargo.toml +++ b/examples/streaming/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "example-streaming" -version = "0.2.0" +version = "0.3.0" authors = ["David Drysdale "] edition = "2018" license = "Apache-2.0" @@ -8,5 +8,5 @@ publish = false [dependencies] tempfile = "^3.2" -tink-core = "^0.2" -tink-streaming-aead = "^0.2" +tink-core = "^0.3" +tink-streaming-aead = "^0.3" From dd1518d43b8b21b2de0ffcb03b5243004a092fec Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 13:18:33 +0100 Subject: [PATCH 16/18] ci: run clippy over feature combinations --- .github/workflows/ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 88421016..fe2a0378 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,6 +112,14 @@ jobs: components: rustfmt, clippy - run: rustc --version - run: cargo clippy --all-features --all-targets -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path proto/Cargo.toml --no-default-features -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path proto/Cargo.toml --no-default-features --features json -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features --features insecure -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features --features json -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features --features std -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features --features insecure,json -- -Dwarnings + - run: cargo clippy --all-targets --manifest-path core/Cargo.toml --no-default-features --features insecure,std -- -Dwarnings doc: runs-on: ubuntu-latest From 9010159f3a1d9cac87f915d0d0ca74f2e170107b Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Sun, 18 Jul 2021 13:15:08 +0100 Subject: [PATCH 17/18] no-std: add binary crate to check no_std compliance --- .github/workflows/ci.yml | 13 + no-std-check/Cargo.lock | 1043 ++++++++++++++++++++++++++++++++++++++ no-std-check/Cargo.toml | 39 ++ no-std-check/deny.toml | 62 +++ no-std-check/src/main.rs | 49 ++ 5 files changed, 1206 insertions(+) create mode 100644 no-std-check/Cargo.lock create mode 100644 no-std-check/Cargo.toml create mode 100644 no-std-check/deny.toml create mode 100644 no-std-check/src/main.rs diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe2a0378..88ecec09 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -132,6 +132,19 @@ jobs: - run: rustc --version - run: cargo doc --no-deps --document-private-items --all-features + nostd: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2021-07-01 + override: true + target: thumbv7em-none-eabi + # Target thumbv7em does not have std + - run: cargo build --target thumbv7em-none-eabi --manifest-path no-std-check/Cargo.toml + udeps: runs-on: ubuntu-latest steps: diff --git a/no-std-check/Cargo.lock b/no-std-check/Cargo.lock new file mode 100644 index 00000000..6754b145 --- /dev/null +++ b/no-std-check/Cargo.lock @@ -0,0 +1,1043 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aead" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e3e798aa0c8239776f54415bc06f3d74b1850f3f830b45c35cfc80556973f70" +dependencies = [ + "generic-array", +] + +[[package]] +name = "aes" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "495ee669413bfbe9e8cace80f4d3d78e6d8c8d99579f97fb93bde351b185f2d4" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", + "ctr", + "opaque-debug", +] + +[[package]] +name = "aes-gcm" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc3be92e19a7ef47457b8e6f90707e12b6ac5d20c6f3866584fa3be0787d839f" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "aes-gcm-siv" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfde8146762f3c5f3c5cd41aa17a71f3188df09d5857192b658510d850e16068" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "polyval", + "subtle", + "zeroize", +] + +[[package]] +name = "aes-siv" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b1439568d47108b9707c3f00d50601c14e5ba6092262a64df2c9715bbb16bb" +dependencies = [ + "aead", + "aes", + "cipher", + "cmac", + "crypto-mac", + "ctr", + "dbl", + "zeroize", +] + +[[package]] +name = "anyhow" +version = "1.0.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "595d3cfa7a60d4555cb5067b99f07142a08ea778de5cf993f7b75c7d8fabc486" + +[[package]] +name = "autocfg" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" + +[[package]] +name = "bitflags" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "bitvec" +version = "0.20.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7774144344a4faa177370406a7ff5f1da24303817368584c6206c8303eb07848" +dependencies = [ + "funty", + "radium", + "tap", + "wyz", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array", +] + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "bytes" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fee7ad89dc1128635074c268ee661f90c3f7e83d9fd12910608c36b47d6c3412" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", + "zeroize", +] + +[[package]] +name = "chacha20poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1580317203210c517b6d44794abfbe600698276db18127e37ad3e69bf5e848e5" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +dependencies = [ + "generic-array", +] + +[[package]] +name = "cmac" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b70e37282d9624283878ffda1d1e53883bcf868cf441bddda44127620b39572d" +dependencies = [ + "crypto-mac", + "dbl", +] + +[[package]] +name = "const-oid" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "279bc8fc53f788a75c7804af68237d1fce02cde1e275a886a4b320604dc2aeda" + +[[package]] +name = "cpufeatures" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66c99696f6c9dd7f35d486b9d04d7e6e202aa3e8c40d553f2fdf5e7e0c6a71ef" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-mac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e" +dependencies = [ + "cipher", + "generic-array", + "subtle", +] + +[[package]] +name = "ctr" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a232f92a03f37dd7d7dd2adc67166c77e9cd88de5b019b9a9eecfaeaf7bfd481" +dependencies = [ + "cipher", +] + +[[package]] +name = "curve25519-dalek" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3" +dependencies = [ + "byteorder", + "digest", + "rand_core 0.5.1", + "subtle", + "zeroize", +] + +[[package]] +name = "dbl" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37e797687b5f09528a48fcb63b6914d0255b8a6c760699a919af37042f09d9b3" +dependencies = [ + "generic-array", +] + +[[package]] +name = "der" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2eeb9d92785d1facb50567852ce75d0858630630e7eabea59cf7eb7474051087" +dependencies = [ + "const-oid", + "typenum", +] + +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + +[[package]] +name = "ecdsa" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34d33b390ab82f2e1481e331dbd0530895640179d2128ef9a79cc690b78d1eba" +dependencies = [ + "der", + "elliptic-curve", + "hmac", + "signature", +] + +[[package]] +name = "ed25519" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d0860415b12243916284c67a9be413e044ee6668247b99ba26d94b2bc06c8f6" +dependencies = [ + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +dependencies = [ + "curve25519-dalek", + "ed25519", + "rand 0.7.3", + "sha2", + "zeroize", +] + +[[package]] +name = "either" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" + +[[package]] +name = "elliptic-curve" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c13e9b0c3c4170dcc2a12783746c4205d98e18957f57854251eea3f9750fe005" +dependencies = [ + "bitvec", + "ff", + "generic-array", + "group", + "pkcs8", + "rand_core 0.6.3", + "subtle", + "zeroize", +] + +[[package]] +name = "ff" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72a4d941a5b7c2a75222e2d44fcdf634a67133d9db31e177ae5ff6ecda852bfe" +dependencies = [ + "bitvec", + "rand_core 0.6.3", + "subtle", +] + +[[package]] +name = "fixedbitset" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" + +[[package]] +name = "funty" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" + +[[package]] +name = "generic-array" +version = "0.14.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "501466ecc8a30d1d3b7fc9229b122b2ce8ed6e9d9223f1138d4babb253e51817" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.9.0+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.10.2+wasi-snapshot-preview1", +] + +[[package]] +name = "ghash" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7bbd60caa311237d508927dbba7594b483db3ef05faa55172fcf89b1bcda7853" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "group" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61b3c1e8b4f1ca07e6605ea1be903a5f6956aec5c8a67fd44d56076631675ed8" +dependencies = [ + "ff", + "rand_core 0.6.3", + "subtle", +] + +[[package]] +name = "hashbrown" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" + +[[package]] +name = "heck" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c" +dependencies = [ + "unicode-segmentation", +] + +[[package]] +name = "hkdf" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" +dependencies = [ + "digest", + "hmac", +] + +[[package]] +name = "hmac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +dependencies = [ + "crypto-mac", + "digest", +] + +[[package]] +name = "indexmap" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5" +dependencies = [ + "autocfg", + "hashbrown", +] + +[[package]] +name = "itertools" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69ddb889f9d0d08a67338271fa9b62996bc788c7796a5c18cf057420aaed5eaf" +dependencies = [ + "either", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin 0.5.2", +] + +[[package]] +name = "libc" +version = "0.2.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790" + +[[package]] +name = "lock_api" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0382880606dff6d15c9476c416d18690b72742aa7b605bb6dd6ec9030fbf07eb" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "multimap" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" + +[[package]] +name = "no-std-check" +version = "0.1.0" +dependencies = [ + "libc", + "tink-aead", + "tink-core", + "tink-daead", + "tink-mac", + "tink-prf", + "tink-proto", + "tink-signature", +] + +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + +[[package]] +name = "p256" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f05f5287453297c4c16af5e2b04df8fd2a3008d70f252729650bc6d7ace5844" +dependencies = [ + "ecdsa", + "elliptic-curve", + "sha2", +] + +[[package]] +name = "petgraph" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "467d164a6de56270bd7c4d070df81d07beace25012d5103ced4e9ff08d6afdb7" +dependencies = [ + "fixedbitset", + "indexmap", +] + +[[package]] +name = "pkcs8" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9c2f795bc591cb3384cb64082a578b89207ac92bb89c9d98c1ea2ace7cd8110" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "poly1305" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fe800695325da85083cd23b56826fccb2e2dc29b218e7811a6f33bc93f414be" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "polyval" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e597450cbf209787f0e6de80bf3795c6b2356a380ee87837b545aded8dbc1823" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" + +[[package]] +name = "proc-macro2" +version = "1.0.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8caf72986c1a598726adc988bb5984792ef84f5ee5aa50209145ee8077038" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "prost" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" +dependencies = [ + "bytes", + "prost-derive", +] + +[[package]] +name = "prost-build" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" +dependencies = [ + "bytes", + "heck", + "itertools", + "log", + "multimap", + "petgraph", + "prost", + "prost-types", + "tempfile", + "which", +] + +[[package]] +name = "prost-derive" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" +dependencies = [ + "anyhow", + "itertools", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "prost-types" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" +dependencies = [ + "bytes", + "prost", +] + +[[package]] +name = "quote" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "radium" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "643f8f41a8ebc4c5dc4515c82bb8abd397b527fc20fd681b7c011c2aee5d44fb" + +[[package]] +name = "rand" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +dependencies = [ + "getrandom 0.1.16", + "rand_chacha 0.2.2", + "rand_core 0.5.1", + "rand_hc 0.2.0", +] + +[[package]] +name = "rand" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.3", + "rand_hc 0.3.1", +] + +[[package]] +name = "rand_chacha" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +dependencies = [ + "ppv-lite86", + "rand_core 0.5.1", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.3", +] + +[[package]] +name = "rand_core" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" +dependencies = [ + "getrandom 0.1.16", +] + +[[package]] +name = "rand_core" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +dependencies = [ + "getrandom 0.2.3", +] + +[[package]] +name = "rand_hc" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +dependencies = [ + "rand_core 0.5.1", +] + +[[package]] +name = "rand_hc" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" +dependencies = [ + "rand_core 0.6.3", +] + +[[package]] +name = "redox_syscall" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ab49abadf3f9e1c4bc499e8845e152ad87d2ad2d30371841171169e9d75feee" +dependencies = [ + "bitflags", +] + +[[package]] +name = "remove_dir_all" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ + "winapi", +] + +[[package]] +name = "scopeguard" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + +[[package]] +name = "sha-1" +version = "0.9.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a0c8611594e2ab4ebbf06ec7cbbf0a99450b8570e96cbf5188b5d5f6ef18d81" +dependencies = [ + "block-buffer", + "cfg-if", + "cpufeatures", + "digest", + "opaque-debug", +] + +[[package]] +name = "sha2" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b362ae5752fd2137731f9fa25fd4d9058af34666ca1966fb969119cc35719f12" +dependencies = [ + "block-buffer", + "cfg-if", + "cpufeatures", + "digest", + "opaque-debug", +] + +[[package]] +name = "signature" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c19772be3c4dd2ceaacf03cb41d5885f2a02c4d8804884918e3a258480803335" +dependencies = [ + "digest", + "rand_core 0.6.3", +] + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "spin" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "511254be0c5bcf062b019a6c89c01a664aa359ded62f78aa72c6fc137c0590e5" +dependencies = [ + "lock_api", +] + +[[package]] +name = "spki" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dae7e047abc519c96350e9484a96c6bf1492348af912fd3446dd2dc323f6268" +dependencies = [ + "der", +] + +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + +[[package]] +name = "syn" +version = "1.0.73" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f71489ff30030d2ae598524f61326b902466f72a0fb1a8564c001cc63425bcc7" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "synstructure" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "474aaa926faa1603c40b7885a9eaea29b444d1cb2850cb7c0e37bb1a4182f4fa" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "unicode-xid", +] + +[[package]] +name = "tap" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" + +[[package]] +name = "tempfile" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" +dependencies = [ + "cfg-if", + "libc", + "rand 0.8.4", + "redox_syscall", + "remove_dir_all", + "winapi", +] + +[[package]] +name = "tink-aead" +version = "0.3.0" +dependencies = [ + "aead", + "aes", + "aes-gcm", + "aes-gcm-siv", + "chacha20poly1305", + "generic-array", + "prost", + "rand 0.7.3", + "spin 0.9.2", + "tink-core", + "tink-mac", + "tink-proto", +] + +[[package]] +name = "tink-core" +version = "0.3.0" +dependencies = [ + "digest", + "hkdf", + "lazy_static", + "prost", + "rand 0.7.3", + "sha-1", + "sha2", + "spin 0.9.2", + "subtle", + "tink-proto", +] + +[[package]] +name = "tink-daead" +version = "0.3.0" +dependencies = [ + "aead", + "aes-siv", + "prost", + "spin 0.9.2", + "tink-core", + "tink-proto", +] + +[[package]] +name = "tink-mac" +version = "0.3.0" +dependencies = [ + "prost", + "spin 0.9.2", + "tink-core", + "tink-prf", + "tink-proto", +] + +[[package]] +name = "tink-prf" +version = "0.3.0" +dependencies = [ + "aes", + "cmac", + "digest", + "hkdf", + "hmac", + "prost", + "sha-1", + "sha2", + "spin 0.9.2", + "tink-core", + "tink-proto", +] + +[[package]] +name = "tink-proto" +version = "0.3.0" +dependencies = [ + "prost", + "prost-build", +] + +[[package]] +name = "tink-signature" +version = "0.3.0" +dependencies = [ + "ecdsa", + "ed25519-dalek", + "generic-array", + "p256", + "prost", + "rand 0.7.3", + "signature", + "spin 0.9.2", + "tink-core", + "tink-proto", +] + +[[package]] +name = "typenum" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06" + +[[package]] +name = "unicode-segmentation" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "universal-hash" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8326b2c654932e3e4f9196e69d08fdf7cfd718e1dc6f66b347e6024a0c961402" +dependencies = [ + "generic-array", + "subtle", +] + +[[package]] +name = "version_check" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" + +[[package]] +name = "wasi" +version = "0.9.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" + +[[package]] +name = "wasi" +version = "0.10.2+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" + +[[package]] +name = "which" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b55551e42cbdf2ce2bedd2203d0cc08dba002c27510f86dab6d0ce304cba3dfe" +dependencies = [ + "either", + "libc", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "wyz" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" + +[[package]] +name = "zeroize" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eeafe61337cb2c879d328b74aa6cd9d794592c82da6be559fdf11493f02a2d18" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2c1e130bebaeab2f23886bf9acbaca14b092408c452543c857f66399cd6dab1" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] diff --git a/no-std-check/Cargo.toml b/no-std-check/Cargo.toml new file mode 100644 index 00000000..7fadc729 --- /dev/null +++ b/no-std-check/Cargo.toml @@ -0,0 +1,39 @@ +[package] +name = "no-std-check" +version = "0.1.0" +authors = ["David Drysdale "] +edition = "2018" +license = "Apache-2.0" +description = "Internal binary crate to check all Tink deps are no_std" +repository = "https://github.com/project-oak/tink-rust" + +[dependencies] +libc = { version = "0.2", default-features = false } +tink-aead = "^0.3" +# tink-awskms requires std +tink-core = { version = "^0.3", features = ["insecure"] } +tink-daead = "^0.3" +# tink-gcpkms requires std +tink-mac = "^0.3" +tink-prf = "^0.3" +tink-proto = "^0.3" +tink-signature = "^0.3" +# tink-streaming-aead requires std + +[profile.dev] +panic = "abort" + +[profile.release] +panic = "abort" + +# Patch dependencies on tink crates so that they refer to the versions within this same repository. +[patch.crates-io] +tink-aead = { path = "../aead" } +tink-core = { path = "../core" } +tink-daead = { path = "../daead" } +tink-mac = { path = "../mac" } +tink-prf = { path = "../prf" } +tink-proto = { path = "../proto" } +tink-signature = { path = "../signature" } + +[workspace] diff --git a/no-std-check/deny.toml b/no-std-check/deny.toml new file mode 100644 index 00000000..7b049a14 --- /dev/null +++ b/no-std-check/deny.toml @@ -0,0 +1,62 @@ +# Configuration used for dependency checking with cargo-deny. +# +# For further details on all configuration options see: +# https://embarkstudios.github.io/cargo-deny/checks/cfg.html +targets = [ + { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-unknown-linux-musl" }, + { triple = "x86_64-apple-darwin" }, + { triple = "x86_64-pc-windows-msvc" }, +] + +# Deny all advisories unless explicitly ignored. +[advisories] +vulnerability = "deny" +unmaintained = "deny" +yanked = "deny" +notice = "deny" +ignore = [] + +# Deny multiple versions unless explicitly skipped. +[bans] +multiple-versions = "deny" +wildcards = "allow" + +###################################### + +# ed25519-dalek(v1.0.1) => rand_core(v0.5.x), {rand(v0.7.3) => getrandom(v0.1.*)} +[[bans.skip]] +name = "getrandom" +version = "0.1.15" +[[bans.skip]] +name = "rand" +version = "0.7.3" +[[bans.skip]] +name = "rand_core" +version = "0.5.1" +[[bans.skip]] +name = "rand_chacha" +version = "0.2.2" + +# lazy_static(v1.4.0) => spin(v0.5.2) +[[bans.skip]] +name = "spin" +version = "0.5.2" + +###################################### + +# List of allowed licenses. +# For more detailed information see http://go/thirdpartylicenses. +[licenses] +allow = [ + "Apache-2.0", + "MIT", + "BSD-3-Clause", +] +copyleft = "deny" + +[[licenses.clarify]] +name = "ring" +version = "*" +expression = "MIT AND ISC AND OpenSSL" +license-files = [{ path = "LICENSE", hash = 3171872035 }] diff --git a/no-std-check/src/main.rs b/no-std-check/src/main.rs new file mode 100644 index 00000000..d18002db --- /dev/null +++ b/no-std-check/src/main.rs @@ -0,0 +1,49 @@ +// Copyright 2021 The Tink-Rust Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +//! This binary crate is `no_std`, and used to check that no `std` depedencies +//! have crept into `tink-*` crates and their dependencies. +#![no_std] +#![no_main] +#![feature(lang_items)] +#![feature(start)] +#![allow(unused_imports)] + +use tink_aead; +use tink_core; +use tink_daead; +use tink_mac; +use tink_prf; +use tink_proto; +use tink_signature; + +#[panic_handler] +fn panic(_info: &core::panic::PanicInfo) -> ! { + loop {} +} + +#[lang = "eh_personality"] +extern "C" fn my_eh_personality() {} + +#[no_mangle] +pub extern "C" fn _start() -> ! { + loop {} +} + +#[start] +pub extern "C" fn _main(_argc: isize, _argv: *const *const u8) -> isize { + 0 +} From 66e302bbde7f1039c2d8582848803cef4d1ce769 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Wed, 21 Jul 2021 09:42:36 +0100 Subject: [PATCH 18/18] temp: use forked ed25519-dalek, bump rand This commit cannot be included in a release, because it makes the codebase rely on an unreleased crate. --- Cargo.lock | 122 +++++------------- Cargo.toml | 2 + aead/Cargo.toml | 2 +- core/Cargo.toml | 2 +- deny.toml | 18 +-- no-std-check/Cargo.lock | 112 +++++----------- no-std-check/Cargo.toml | 2 + signature/Cargo.toml | 4 +- streaming/Cargo.toml | 2 +- tests/Cargo.toml | 4 +- .../aead/subtle/chacha20poly1305_test.rs | 4 +- .../aead/subtle/xchacha20poly1305_test.rs | 4 +- tests/tests/streaming/integration_test.rs | 2 +- 13 files changed, 84 insertions(+), 196 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7129229c..61eb763f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -410,15 +410,15 @@ dependencies = [ ] [[package]] -name = "curve25519-dalek" -version = "3.0.0" +name = "curve25519-dalek-ng" +version = "4.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8492de420e9e60bc9a1d66e2dbb91825390b738a388606600663fc529b4b307" +checksum = "574d8b2cd0bae5434fd50d53280f8299d95557a978686555880aaf5b8f4f81e9" dependencies = [ "byteorder", "digest", - "rand_core 0.5.1", - "subtle", + "rand_core", + "subtle-ng", "zeroize", ] @@ -494,13 +494,12 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +version = "1.0.2" +source = "git+https://github.com/daviddrysdale/ed25519-dalek?branch=rand-bump#eebf0b3fead5690101c0d44d5cc6de45e63b9aa8" dependencies = [ - "curve25519-dalek", + "curve25519-dalek-ng", "ed25519", - "rand 0.7.3", + "rand", "sha2", "zeroize", ] @@ -522,7 +521,7 @@ dependencies = [ "generic-array", "group", "pkcs8", - "rand_core 0.6.2", + "rand_core", "subtle", "zeroize", ] @@ -618,7 +617,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72a4d941a5b7c2a75222e2d44fcdf634a67133d9db31e177ae5ff6ecda852bfe" dependencies = [ "bitvec", - "rand_core 0.6.2", + "rand_core", "subtle", ] @@ -769,17 +768,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6" -dependencies = [ - "cfg-if 0.1.10", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.2" @@ -788,7 +776,7 @@ checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" dependencies = [ "cfg-if 1.0.0", "libc", - "wasi 0.10.0+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -808,7 +796,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61b3c1e8b4f1ca07e6605ea1be903a5f6956aec5c8a67fd44d56076631675ed8" dependencies = [ "ff", - "rand_core 0.6.2", + "rand_core", "subtle", ] @@ -1464,18 +1452,6 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "643f8f41a8ebc4c5dc4515c82bb8abd397b527fc20fd681b7c011c2aee5d44fb" -[[package]] -name = "rand" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -dependencies = [ - "getrandom 0.1.15", - "rand_chacha 0.2.2", - "rand_core 0.5.1", - "rand_hc 0.2.0", -] - [[package]] name = "rand" version = "0.8.3" @@ -1483,19 +1459,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e" dependencies = [ "libc", - "rand_chacha 0.3.0", - "rand_core 0.6.2", - "rand_hc 0.3.0", -] - -[[package]] -name = "rand_chacha" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" -dependencies = [ - "ppv-lite86", - "rand_core 0.5.1", + "rand_chacha", + "rand_core", + "rand_hc", ] [[package]] @@ -1505,16 +1471,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d" dependencies = [ "ppv-lite86", - "rand_core 0.6.2", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.15", + "rand_core", ] [[package]] @@ -1523,16 +1480,7 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7" dependencies = [ - "getrandom 0.2.2", -] - -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", + "getrandom", ] [[package]] @@ -1541,7 +1489,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73" dependencies = [ - "rand_core 0.6.2", + "rand_core", ] [[package]] @@ -1559,7 +1507,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64" dependencies = [ - "getrandom 0.2.2", + "getrandom", "redox_syscall", ] @@ -1917,7 +1865,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c19772be3c4dd2ceaacf03cb41d5885f2a02c4d8804884918e3a258480803335" dependencies = [ "digest", - "rand_core 0.6.2", + "rand_core", ] [[package]] @@ -1996,6 +1944,12 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +[[package]] +name = "subtle-ng" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8049cf85f0e715d6af38dde439cb0ccb91f67fb9f5f63c80f8b43e48356e1a3f" + [[package]] name = "syn" version = "1.0.60" @@ -2033,7 +1987,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ "cfg-if 1.0.0", "libc", - "rand 0.8.3", + "rand", "redox_syscall", "remove_dir_all", "winapi", @@ -2084,7 +2038,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255" dependencies = [ "libc", - "wasi 0.10.0+wasi-snapshot-preview1", + "wasi", "winapi", ] @@ -2099,7 +2053,7 @@ dependencies = [ "chacha20poly1305", "generic-array", "prost", - "rand 0.7.3", + "rand", "spin 0.9.2", "tink-core", "tink-mac", @@ -2128,7 +2082,7 @@ dependencies = [ "hkdf", "lazy_static", "prost", - "rand 0.7.3", + "rand", "serde", "serde_json", "sha-1", @@ -2216,7 +2170,7 @@ dependencies = [ "generic-array", "p256", "prost", - "rand 0.7.3", + "rand", "signature", "spin 0.9.2", "tink-core", @@ -2230,7 +2184,7 @@ dependencies = [ "aes", "aes-gcm", "prost", - "rand 0.7.3", + "rand", "tink-core", "tink-mac", "tink-proto", @@ -2271,7 +2225,7 @@ dependencies = [ "maplit", "p256", "prost", - "rand 0.7.3", + "rand", "regex", "serde", "serde_json", @@ -2442,7 +2396,7 @@ dependencies = [ "futures-util", "indexmap", "pin-project 1.0.2", - "rand 0.8.3", + "rand", "slab", "tokio", "tokio-stream", @@ -2611,12 +2565,6 @@ dependencies = [ "try-lock", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.0+wasi-snapshot-preview1" diff --git a/Cargo.toml b/Cargo.toml index 3e412477..057b375b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,8 @@ members = [ # Patch dependencies on tink crates so that they refer to the versions within this same repository. [patch.crates-io] +# TODO(#7): remove if/when https://github.com/dalek-cryptography/ed25519-dalek/pull/160 is merged. +ed25519-dalek = { git = "https://github.com/daviddrysdale/ed25519-dalek", branch = "rand-bump" } rinkey = { path = "rinkey" } tink-aead = { path = "aead" } tink-awskms = { path = "integration/awskms" } diff --git a/aead/Cargo.toml b/aead/Cargo.toml index 7509ef6d..6f2d4aca 100644 --- a/aead/Cargo.toml +++ b/aead/Cargo.toml @@ -17,7 +17,7 @@ aes-gcm-siv = "^0.10" chacha20poly1305 = "^0.8" generic-array = "^0.14.4" prost = { version = "^0.8", default-features = false } -rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +rand = { version = "^0.8", default-features = false, features = ["alloc", "getrandom"] } spin = { version = "^0.9.2", features = ["once"] } tink-core = "^0.3" tink-mac = "^0.3" diff --git a/core/Cargo.toml b/core/Cargo.toml index 150f4b00..7688f5fa 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -26,7 +26,7 @@ digest = "^0.9" hkdf = "^0.11" lazy_static = { version = "^1.4", features = ["spin_no_std"] } prost = { version = "^0.8", default-features = false } -rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +rand = { version = "^0.8", default-features = false, features = ["alloc", "getrandom"] } serde = { version = "^1.0.126", features = ["derive"], optional = true } serde_json = { version = "^1.0.64", optional = true } sha-1 = { version = "^0.9.7", default-features = false } diff --git a/deny.toml b/deny.toml index 346a7eb9..26af1833 100644 --- a/deny.toml +++ b/deny.toml @@ -9,6 +9,9 @@ targets = [ { triple = "x86_64-pc-windows-msvc" }, ] +[sources] +allow-git = [ "https://github.com/daviddrysdale/ed25519-dalek" ] + # Deny all advisories unless explicitly ignored. [advisories] vulnerability = "deny" @@ -50,21 +53,6 @@ version = "=0.4.4" name = "security-framework-sys" version = "=0.4.3" -# ed25519-dalek(v1.0.1) => rand_core(v0.5.x), {rand(v0.7.3) => getrandom(v0.1.*)} -# tonic(v0.4.0) ..=> rand(v0.8.3) ..=> {rand_core(v0.6.x), getrandom(v0.2.x)} -[[bans.skip]] -name = "getrandom" -version = "0.1.15" -[[bans.skip]] -name = "rand" -version = "0.7.3" -[[bans.skip]] -name = "rand_core" -version = "0.5.1" -[[bans.skip]] -name = "rand_chacha" -version = "0.2.2" - # hyper-rustls(v0.22.1) => rustls => ring(v0.16.20) => spin(v0.5.2) [[bans.skip]] name = "spin" diff --git a/no-std-check/Cargo.lock b/no-std-check/Cargo.lock index 6754b145..f6de296a 100644 --- a/no-std-check/Cargo.lock +++ b/no-std-check/Cargo.lock @@ -206,15 +206,15 @@ dependencies = [ ] [[package]] -name = "curve25519-dalek" -version = "3.1.0" +name = "curve25519-dalek-ng" +version = "4.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3" +checksum = "574d8b2cd0bae5434fd50d53280f8299d95557a978686555880aaf5b8f4f81e9" dependencies = [ "byteorder", "digest", - "rand_core 0.5.1", - "subtle", + "rand_core", + "subtle-ng", "zeroize", ] @@ -269,13 +269,12 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +version = "1.0.2" +source = "git+https://github.com/daviddrysdale/ed25519-dalek?branch=rand-bump#eebf0b3fead5690101c0d44d5cc6de45e63b9aa8" dependencies = [ - "curve25519-dalek", + "curve25519-dalek-ng", "ed25519", - "rand 0.7.3", + "rand", "sha2", "zeroize", ] @@ -297,7 +296,7 @@ dependencies = [ "generic-array", "group", "pkcs8", - "rand_core 0.6.3", + "rand_core", "subtle", "zeroize", ] @@ -309,7 +308,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72a4d941a5b7c2a75222e2d44fcdf634a67133d9db31e177ae5ff6ecda852bfe" dependencies = [ "bitvec", - "rand_core 0.6.3", + "rand_core", "subtle", ] @@ -335,17 +334,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.3" @@ -354,7 +342,7 @@ checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ "cfg-if", "libc", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -374,7 +362,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61b3c1e8b4f1ca07e6605ea1be903a5f6956aec5c8a67fd44d56076631675ed8" dependencies = [ "ff", - "rand_core 0.6.3", + "rand_core", "subtle", ] @@ -626,18 +614,6 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "643f8f41a8ebc4c5dc4515c82bb8abd397b527fc20fd681b7c011c2aee5d44fb" -[[package]] -name = "rand" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -dependencies = [ - "getrandom 0.1.16", - "rand_chacha 0.2.2", - "rand_core 0.5.1", - "rand_hc 0.2.0", -] - [[package]] name = "rand" version = "0.8.4" @@ -645,19 +621,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" dependencies = [ "libc", - "rand_chacha 0.3.1", - "rand_core 0.6.3", - "rand_hc 0.3.1", -] - -[[package]] -name = "rand_chacha" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" -dependencies = [ - "ppv-lite86", - "rand_core 0.5.1", + "rand_chacha", + "rand_core", + "rand_hc", ] [[package]] @@ -667,16 +633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.3", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", + "rand_core", ] [[package]] @@ -685,16 +642,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.3", -] - -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", + "getrandom", ] [[package]] @@ -703,7 +651,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" dependencies = [ - "rand_core 0.6.3", + "rand_core", ] [[package]] @@ -763,7 +711,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c19772be3c4dd2ceaacf03cb41d5885f2a02c4d8804884918e3a258480803335" dependencies = [ "digest", - "rand_core 0.6.3", + "rand_core", ] [[package]] @@ -796,6 +744,12 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +[[package]] +name = "subtle-ng" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8049cf85f0e715d6af38dde439cb0ccb91f67fb9f5f63c80f8b43e48356e1a3f" + [[package]] name = "syn" version = "1.0.73" @@ -833,7 +787,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ "cfg-if", "libc", - "rand 0.8.4", + "rand", "redox_syscall", "remove_dir_all", "winapi", @@ -850,7 +804,7 @@ dependencies = [ "chacha20poly1305", "generic-array", "prost", - "rand 0.7.3", + "rand", "spin 0.9.2", "tink-core", "tink-mac", @@ -865,7 +819,7 @@ dependencies = [ "hkdf", "lazy_static", "prost", - "rand 0.7.3", + "rand", "sha-1", "sha2", "spin 0.9.2", @@ -930,7 +884,7 @@ dependencies = [ "generic-array", "p256", "prost", - "rand 0.7.3", + "rand", "signature", "spin 0.9.2", "tink-core", @@ -971,12 +925,6 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.2+wasi-snapshot-preview1" diff --git a/no-std-check/Cargo.toml b/no-std-check/Cargo.toml index 7fadc729..522c560f 100644 --- a/no-std-check/Cargo.toml +++ b/no-std-check/Cargo.toml @@ -28,6 +28,8 @@ panic = "abort" # Patch dependencies on tink crates so that they refer to the versions within this same repository. [patch.crates-io] +# TODO(#7): remove if/when https://github.com/dalek-cryptography/ed25519-dalek/pull/160 is merged. +ed25519-dalek = { git = "https://github.com/daviddrysdale/ed25519-dalek", branch = "rand-bump" } tink-aead = { path = "../aead" } tink-core = { path = "../core" } tink-daead = { path = "../daead" } diff --git a/signature/Cargo.toml b/signature/Cargo.toml index 09e2aa63..df866eb0 100644 --- a/signature/Cargo.toml +++ b/signature/Cargo.toml @@ -11,11 +11,11 @@ categories = ["cryptography"] [dependencies] ecdsa = { version = "^0.11", features = ["der"] } -ed25519-dalek = { version = "^1.0.1", default-features = false, features = ["rand", "u64_backend"]} +ed25519-dalek = { version = "^1.0.2", default-features = false, features = ["rand", "u64_backend"]} generic-array = "^0.14.4" p256 = "^0.8.1" prost = { version = "^0.8", default-features = false } -rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +rand = { version = "^0.8", default-features = false, features = ["alloc", "getrandom"] } signature = { version = "^1.3", default-features = false } spin = { version = "^0.9.2", features = ["once"] } tink-core = "^0.3" diff --git a/streaming/Cargo.toml b/streaming/Cargo.toml index 48b5d8ca..86fbc944 100644 --- a/streaming/Cargo.toml +++ b/streaming/Cargo.toml @@ -13,7 +13,7 @@ categories = ["cryptography"] aes = { version = "^0.7.4", features = ["ctr"] } aes-gcm = { version = "^0.9.2" } prost = { version = "^0.8", default-features = false } -rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +rand = { version = "^0.8", default-features = false, features = ["alloc", "getrandom"] } tink-core = { version = "^0.3", features = ["std"] } tink-mac = "^0.3" tink-proto = "^0.3" diff --git a/tests/Cargo.toml b/tests/Cargo.toml index 61cc32af..245c8400 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -12,12 +12,12 @@ publish = false [dependencies] base64 = "^0.13" -ed25519-dalek = { version = "^1.0.1", default-features = false, features = ["rand", "u64_backend"]} +ed25519-dalek = { version = "^1.0.2", default-features = false, features = ["rand", "u64_backend"]} generic-array = "^0.14.4" hex = "^0.4.3" p256 = "^0.8.1" prost = { version = "^0.8", default-features = false } -rand = { version = "^0.7", default-features = false, features = ["alloc", "getrandom"] } +rand = { version = "^0.8", default-features = false, features = ["alloc", "getrandom"] } regex = "^1.5.4" serde = { version = "^1.0.126", features = ["derive"] } serde_json = "^1.0.64" diff --git a/tests/tests/aead/subtle/chacha20poly1305_test.rs b/tests/tests/aead/subtle/chacha20poly1305_test.rs index f5e87e2a..19a73eb9 100644 --- a/tests/tests/aead/subtle/chacha20poly1305_test.rs +++ b/tests/tests/aead/subtle/chacha20poly1305_test.rs @@ -172,7 +172,7 @@ fn test_cha_cha20_poly1305_modify_ciphertext() { .unwrap_or_else(|e| panic!("#{}: encrypt failed: {:?}", i, e)); if !aad.is_empty() { - let alter_aad_idx = OsRng.gen_range(0, aad.len()); + let alter_aad_idx = OsRng.gen_range(0..aad.len()); aad[alter_aad_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), @@ -182,7 +182,7 @@ fn test_cha_cha20_poly1305_modify_ciphertext() { aad[alter_aad_idx] ^= 0x80; } - let alter_ct_idx = OsRng.gen_range(0, ct.len()); + let alter_ct_idx = OsRng.gen_range(0..ct.len()); ct[alter_ct_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), diff --git a/tests/tests/aead/subtle/xchacha20poly1305_test.rs b/tests/tests/aead/subtle/xchacha20poly1305_test.rs index 4a7ab0ee..88307dc1 100644 --- a/tests/tests/aead/subtle/xchacha20poly1305_test.rs +++ b/tests/tests/aead/subtle/xchacha20poly1305_test.rs @@ -173,7 +173,7 @@ fn test_x_cha_cha20_poly1305_modify_ciphertext() { .unwrap_or_else(|e| panic!("#{}: encrypt failed: {:?}", i, e)); if !aad.is_empty() { - let alter_aad_idx = OsRng.gen_range(0, aad.len()); + let alter_aad_idx = OsRng.gen_range(0..aad.len()); aad[alter_aad_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), @@ -183,7 +183,7 @@ fn test_x_cha_cha20_poly1305_modify_ciphertext() { aad[alter_aad_idx] ^= 0x80; } - let alter_ct_idx = OsRng.gen_range(0, ct.len()); + let alter_ct_idx = OsRng.gen_range(0..ct.len()); ct[alter_ct_idx] ^= 0x80; assert!( ca.decrypt(&ct, &aad).is_err(), diff --git a/tests/tests/streaming/integration_test.rs b/tests/tests/streaming/integration_test.rs index 139d596c..bc7dd1cc 100644 --- a/tests/tests/streaming/integration_test.rs +++ b/tests/tests/streaming/integration_test.rs @@ -174,7 +174,7 @@ impl std::io::Read for PartialReader { // when more data is available. This is valid for Rust's `std::io::Read`, but // would not be valid for an `io::Writer` in Go. fn read(&mut self, buf: &mut [u8]) -> std::io::Result { - if rand::rngs::OsRng.gen_range(0, 3) == 0 { + if rand::rngs::OsRng.gen_range(0..3) == 0 { // Randomly pretend to have been interrupted. return Err(std::io::Error::new( std::io::ErrorKind::Interrupted,