diff --git a/Cargo.lock b/Cargo.lock index 9b5534da..9bdd09e9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -707,7 +707,7 @@ dependencies = [ "once_cell", "percent-encoding", "regex", - "sha2 0.10.8", + "sha2", "time", "tracing", ] @@ -741,7 +741,7 @@ dependencies = [ "md-5", "pin-project-lite", "sha1", - "sha2 0.10.8", + "sha2", "tracing", ] @@ -1075,15 +1075,6 @@ dependencies = [ "wyz", ] -[[package]] -name = "block-buffer" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" -dependencies = [ - "generic-array", -] - [[package]] name = "block-buffer" version = "0.10.4" @@ -1486,19 +1477,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "curve25519-dalek" -version = "3.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" -dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", - "subtle", - "zeroize", -] - [[package]] name = "curve25519-dalek" version = "4.1.1" @@ -1662,7 +1640,7 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer 0.10.4", + "block-buffer", "const-oid", "crypto-common", "subtle", @@ -1690,19 +1668,10 @@ dependencies = [ "digest 0.10.7", "elliptic-curve", "rfc6979", - "signature 2.1.0", + "signature", "spki", ] -[[package]] -name = "ed25519" -version = "1.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7" -dependencies = [ - "signature 1.6.4", -] - [[package]] name = "ed25519" version = "2.2.3" @@ -1710,33 +1679,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ "pkcs8", - "signature 2.1.0", + "signature", ] [[package]] name = "ed25519-dalek" -version = "1.0.1" -source = "git+https://github.com/dalek-cryptography/ed25519-dalek.git?rev=7529d65#7529d65506147b6cb24ca6d8f4fc062cac33b395" -dependencies = [ - "curve25519-dalek 3.2.0", - "ed25519 1.5.3", - "rand 0.7.3", - "serde", - "sha2 0.9.9", - "zeroize", -] - -[[package]] -name = "ed25519-dalek" -version = "2.0.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ - "curve25519-dalek 4.1.1", - "ed25519 2.2.3", + "curve25519-dalek", + "ed25519", "rand_core 0.6.4", "serde", - "sha2 0.10.8", + "sha2", + "subtle", "zeroize", ] @@ -2625,8 +2582,8 @@ dependencies = [ "ecdsa", "elliptic-curve", "once_cell", - "sha2 0.10.8", - "signature 2.1.0", + "sha2", + "signature", ] [[package]] @@ -2894,7 +2851,6 @@ dependencies = [ "deadpool-redis", "derive_more", "dotenvy", - "ed25519-dalek 2.0.0", "envy", "futures", "futures-util", @@ -2911,9 +2867,8 @@ dependencies = [ "parquet_derive", "pnet_datalink", "prometheus", - "rand 0.7.3", + "rand 0.8.5", "rand_chacha 0.3.1", - "rand_core 0.5.1", "redis", "regex", "relay_client", @@ -2923,7 +2878,7 @@ dependencies = [ "rmp-serde", "serde", "serde_json", - "sha2 0.10.8", + "sha2", "sha256", "sha3", "sqlx", @@ -3727,7 +3682,7 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "relay_client" version = "0.1.0" -source = "git+https://github.com/WalletConnect/WalletConnectRust.git?tag=v0.26.2#b031367a9dda46efc26fd7a7ad2e847d4cf1a2af" +source = "git+https://github.com/WalletConnect/WalletConnectRust.git?tag=v0.26.4#5d8a12a1fe2ae2df51c512e82789fbdeb9e55766" dependencies = [ "chrono", "futures-channel", @@ -3750,7 +3705,7 @@ dependencies = [ [[package]] name = "relay_rpc" version = "0.1.0" -source = "git+https://github.com/WalletConnect/WalletConnectRust.git?tag=v0.26.2#b031367a9dda46efc26fd7a7ad2e847d4cf1a2af" +source = "git+https://github.com/WalletConnect/WalletConnectRust.git?tag=v0.26.4#5d8a12a1fe2ae2df51c512e82789fbdeb9e55766" dependencies = [ "alloy-json-abi", "alloy-json-rpc", @@ -3764,17 +3719,17 @@ dependencies = [ "chrono", "data-encoding", "derive_more", - "ed25519-dalek 1.0.1", + "ed25519-dalek", "jsonwebtoken", "k256", "once_cell", - "rand 0.7.3", + "rand 0.8.5", "regex", "reqwest", "serde", "serde-aux", "serde_json", - "sha2 0.10.8", + "sha2", "sha3", "thiserror", "url", @@ -3909,7 +3864,7 @@ dependencies = [ "pkcs1", "pkcs8", "rand_core 0.6.4", - "signature 2.1.0", + "signature", "spki", "subtle", "zeroize", @@ -4258,19 +4213,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" -[[package]] -name = "sha2" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", -] - [[package]] name = "sha2" version = "0.10.8" @@ -4291,7 +4233,7 @@ dependencies = [ "async-trait", "bytes", "hex", - "sha2 0.10.8", + "sha2", "tokio", ] @@ -4333,12 +4275,6 @@ dependencies = [ "libc", ] -[[package]] -name = "signature" -version = "1.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" - [[package]] name = "signature" version = "2.1.0" @@ -4477,7 +4413,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "sha2 0.10.8", + "sha2", "smallvec", "sqlformat", "thiserror", @@ -4517,7 +4453,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2 0.10.8", + "sha2", "sqlx-core", "sqlx-mysql", "sqlx-postgres", @@ -4562,7 +4498,7 @@ dependencies = [ "rsa", "serde", "sha1", - "sha2 0.10.8", + "sha2", "smallvec", "sqlx-core", "stringprep", @@ -4603,7 +4539,7 @@ dependencies = [ "serde", "serde_json", "sha1", - "sha2 0.10.8", + "sha2", "smallvec", "sqlx-core", "stringprep", @@ -5627,7 +5563,7 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" dependencies = [ - "curve25519-dalek 4.1.1", + "curve25519-dalek", "rand_core 0.6.4", "serde", "zeroize", diff --git a/Cargo.toml b/Cargo.toml index 94047345..75b08cc5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -62,9 +62,7 @@ regex = "1.7.1" url = "2.3.1" sha256 = "1.1.1" chacha20poly1305 = "0.10.1" -ed25519-dalek = { version = "2.0.0", features = ["rand_core"] } -rand = "0.7.0" -rand_core = "0.5.0" +rand = "0.8.5" ring = "0.16.20" jsonwebtoken = "8.2.0" data-encoding = "2.3.3" @@ -74,8 +72,8 @@ futures = "0.3.26" futures-util = "0.3" dashmap = "5.4.0" -relay_rpc = { git = "https://github.com/WalletConnect/WalletConnectRust.git", tag = "v0.26.2", features = ["cacao"] } -relay_client = { git = "https://github.com/WalletConnect/WalletConnectRust.git", tag = "v0.26.2" } +relay_rpc = { git = "https://github.com/WalletConnect/WalletConnectRust.git", tag = "v0.26.4", features = ["cacao"] } +relay_client = { git = "https://github.com/WalletConnect/WalletConnectRust.git", tag = "v0.26.4" } x25519-dalek = { version = "2.0.0", features = ["static_secrets"] } hkdf = "0.12.3" sha2 = "0.10.6" diff --git a/justfile b/justfile index 3d08fbbb..e5d70ded 100644 --- a/justfile +++ b/justfile @@ -69,7 +69,7 @@ clippy: if command -v cargo-clippy >/dev/null; then echo '==> Running clippy' - cargo clippy --all-features --tests -- -D warnings + cargo clippy --workspace --all-features --all-targets -- -D warnings else echo '==> clippy not found in PATH, skipping' fi diff --git a/src/auth.rs b/src/auth.rs index 04c0ee08..42a1996f 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -12,12 +12,12 @@ use { base64::{DecodeError, Engine}, chrono::{DateTime, Duration as CDuration, Utc}, core::fmt, - ed25519_dalek::{Signer, SigningKey}, hyper::StatusCode, relay_rpc::{ auth::{ cacao::{Cacao, CacaoError}, did::{combine_did_data, extract_did_data, DidError}, + ed25519_dalek::{Signer, SigningKey}, }, domain::{ClientIdDecodingError, DecodedClientId}, jwt::{JwtHeader, JWT_HEADER_ALG, JWT_HEADER_TYP}, @@ -458,7 +458,7 @@ pub fn from_jwt(jwt: &str) -> Result( message: T, - private_key: &ed25519_dalek::SigningKey, + private_key: &SigningKey, ) -> Result { let header = { let data = JwtHeader { diff --git a/src/error.rs b/src/error.rs index ccf67ef3..fc8e0254 100644 --- a/src/error.rs +++ b/src/error.rs @@ -10,7 +10,7 @@ use { data_encoding::DecodeError, hyper::StatusCode, relay_rpc::{ - auth::did::DidError, + auth::{did::DidError, ed25519_dalek::ed25519}, domain::{ClientIdDecodingError, ProjectId, Topic}, }, serde_json::json, @@ -159,7 +159,7 @@ pub enum NotifyServerError { ToStrError(#[from] hyper::header::ToStrError), #[error(transparent)] - EdDalek(#[from] ed25519_dalek::ed25519::Error), + EdDalek(#[from] ed25519::Error), #[error("The requested app does not match the project's app domain")] AppDoesNotMatch, diff --git a/src/lib.rs b/src/lib.rs index 80aee413..ae0c3a47 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -14,9 +14,9 @@ use { aws_config::meta::region::RegionProviderChain, aws_sdk_s3::{config::Region, Client as S3Client}, error::NotifyServerError, - rand::prelude::*, + rand::{rngs::StdRng, SeedableRng}, relay_rpc::auth::{ - cacao::signature::eip1271::blockchain_api::BlockchainApiProvider, ed25519_dalek::Keypair, + cacao::signature::eip1271::blockchain_api::BlockchainApiProvider, ed25519_dalek::SigningKey, }, sqlx::postgres::PgPoolOptions, std::sync::Arc, @@ -69,7 +69,7 @@ pub async fn bootstrap( let keypair_seed = decode_key(&sha256::digest(config.keypair_seed.as_bytes())) .map_err(|_| NotifyServerError::InvalidKeypairSeed)?; // TODO don't ignore error - let keypair = Keypair::generate(&mut StdRng::from_seed(keypair_seed)); + let keypair = SigningKey::generate(&mut StdRng::from_seed(keypair_seed)); let relay_client = Arc::new(create_http_client( &keypair, @@ -102,7 +102,7 @@ pub async fn bootstrap( analytics.clone(), config.clone(), postgres.clone(), - Keypair::from(keypair.secret_key()), + keypair.clone(), keypair_seed, relay_client.clone(), metrics.clone(), diff --git a/src/model/helpers.rs b/src/model/helpers.rs index 2e89cba0..f5d56305 100644 --- a/src/model/helpers.rs +++ b/src/model/helpers.rs @@ -10,8 +10,10 @@ use { utils::get_address_from_account, }, chrono::{DateTime, Utc}, - ed25519_dalek::SigningKey, - relay_rpc::domain::{ProjectId, Topic}, + relay_rpc::{ + auth::ed25519_dalek::SigningKey, + domain::{ProjectId, Topic}, + }, serde::{Deserialize, Serialize}, sqlx::{FromRow, PgPool, Postgres}, std::{collections::HashSet, time::Instant}, diff --git a/src/model/types/mod.rs b/src/model/types/mod.rs index 57ef9ec8..6079d8c9 100644 --- a/src/model/types/mod.rs +++ b/src/model/types/mod.rs @@ -1,7 +1,10 @@ use { crate::{error::NotifyServerError, rpc::decode_key, utils::get_client_id}, chrono::{DateTime, Utc}, - relay_rpc::domain::{DecodedClientId, ProjectId, Topic}, + relay_rpc::{ + auth::ed25519_dalek::VerifyingKey, + domain::{DecodedClientId, ProjectId, Topic}, + }, sqlx::FromRow, uuid::Uuid, }; @@ -27,9 +30,9 @@ pub struct Project { impl Project { pub fn get_authentication_client_id(&self) -> Result { - Ok(get_client_id(&ed25519_dalek::VerifyingKey::from_bytes( - &decode_key(&self.authentication_public_key)?, - )?)) + Ok(get_client_id(&VerifyingKey::from_bytes(&decode_key( + &self.authentication_public_key, + )?)?)) } } diff --git a/src/notify_keys.rs b/src/notify_keys.rs index f14e7969..a12ee9f8 100644 --- a/src/notify_keys.rs +++ b/src/notify_keys.rs @@ -7,7 +7,10 @@ use { rand_core::{RngCore, SeedableRng}, ChaCha20Rng, }, - relay_rpc::domain::{DecodedClientId, Topic}, + relay_rpc::{ + auth::ed25519_dalek::{SigningKey, VerifyingKey}, + domain::{DecodedClientId, Topic}, + }, url::Url, }; @@ -16,8 +19,8 @@ pub struct NotifyKeys { pub key_agreement_secret: x25519_dalek::StaticSecret, pub key_agreement_public: x25519_dalek::PublicKey, pub key_agreement_topic: Topic, - pub authentication_secret: ed25519_dalek::SigningKey, - pub authentication_public: ed25519_dalek::VerifyingKey, + pub authentication_secret: SigningKey, + pub authentication_public: VerifyingKey, pub authentication_client_id: DecodedClientId, } @@ -39,8 +42,8 @@ impl NotifyKeys { }); let key_agreement_public = x25519_dalek::PublicKey::from(&key_agreement_secret); - let authentication_secret = ed25519_dalek::SigningKey::generate(&mut get_rng()); - let authentication_public = ed25519_dalek::VerifyingKey::from(&authentication_secret); + let authentication_secret = SigningKey::generate(&mut get_rng()); + let authentication_public = VerifyingKey::from(&authentication_secret); let authentication_client_id = get_client_id(&authentication_public); Ok(Self { diff --git a/src/notify_message.rs b/src/notify_message.rs index 5e3dacd7..870adc49 100644 --- a/src/notify_message.rs +++ b/src/notify_message.rs @@ -6,8 +6,7 @@ use { spec::{NOTIFY_MESSAGE_ACT, NOTIFY_MESSAGE_TTL}, }, chrono::Utc, - ed25519_dalek::SigningKey, - relay_rpc::domain::DecodedClientId, + relay_rpc::{auth::ed25519_dalek::SigningKey, domain::DecodedClientId}, serde::{Deserialize, Serialize}, sqlx::prelude::FromRow, std::sync::Arc, diff --git a/src/relay_client_helpers.rs b/src/relay_client_helpers.rs index 94cb6785..07507946 100644 --- a/src/relay_client_helpers.rs +++ b/src/relay_client_helpers.rs @@ -2,7 +2,7 @@ use { crate::error::NotifyServerError, relay_client::{http::Client, ConnectionOptions}, relay_rpc::{ - auth::{ed25519_dalek::Keypair, AuthToken}, + auth::{ed25519_dalek::SigningKey, AuthToken}, domain::ProjectId, user_agent::ValidUserAgent, }, @@ -11,7 +11,7 @@ use { }; pub fn create_http_client( - keypair: &Keypair, + keypair: &SigningKey, relay_url: Url, notify_url: Url, project_id: ProjectId, @@ -22,7 +22,7 @@ pub fn create_http_client( } pub fn create_http_connect_options( - keypair: &Keypair, + keypair: &SigningKey, mut relay_url: Url, notify_url: Url, project_id: ProjectId, @@ -41,7 +41,7 @@ pub fn create_http_connect_options( } fn create_connect_options( - keypair: &Keypair, + keypair: &SigningKey, relay_url: &Url, notify_url: Url, project_id: ProjectId, diff --git a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_delete.rs b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_delete.rs index a535bd80..8a5be488 100644 --- a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_delete.rs +++ b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_delete.rs @@ -32,6 +32,7 @@ use { base64::Engine, chrono::Utc, relay_rpc::{ + auth::ed25519_dalek::SigningKey, domain::{DecodedClientId, SubscriptionId, Topic}, rpc::Publish, }, @@ -201,7 +202,7 @@ pub async fn handle(msg: RelayIncomingMessage, state: &AppState) -> Result<(), R }; let response_auth = sign_jwt( response_message, - &ed25519_dalek::SigningKey::from_bytes( + &SigningKey::from_bytes( &decode_key(&project.authentication_private_key) .map_err(RelayMessageServerError::NotifyServerError)?, // TODO change to client error? ), diff --git a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_get_notifications.rs b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_get_notifications.rs index dafbc0d0..d5a653cf 100644 --- a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_get_notifications.rs +++ b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_get_notifications.rs @@ -29,6 +29,7 @@ use { base64::Engine, chrono::Utc, relay_rpc::{ + auth::ed25519_dalek::SigningKey, domain::{DecodedClientId, Topic}, rpc::Publish, }, @@ -159,7 +160,7 @@ pub async fn handle(msg: RelayIncomingMessage, state: &AppState) -> Result<(), R }; let auth = sign_jwt( response_message, - &ed25519_dalek::SigningKey::from_bytes( + &SigningKey::from_bytes( &decode_key(&project.authentication_private_key) .map_err(RelayMessageServerError::NotifyServerError)?, // TODO change to client error? ), diff --git a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_subscribe.rs b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_subscribe.rs index c4efc262..b8362785 100644 --- a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_subscribe.rs +++ b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_subscribe.rs @@ -37,6 +37,7 @@ use { base64::Engine, chrono::Utc, relay_rpc::{ + auth::ed25519_dalek::SigningKey, domain::{DecodedClientId, Topic}, rpc::Publish, }, @@ -243,7 +244,7 @@ pub async fn handle(msg: RelayIncomingMessage, state: &AppState) -> Result<(), R }; let response_auth = sign_jwt( response_message, - &ed25519_dalek::SigningKey::from_bytes( + &SigningKey::from_bytes( &decode_key(&project.authentication_private_key) .map_err(RelayMessageServerError::NotifyServerError)?, // TODO change to client error? ), diff --git a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_update.rs b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_update.rs index 34c8e41e..1c1e0e9d 100644 --- a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_update.rs +++ b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_update.rs @@ -30,6 +30,7 @@ use { base64::Engine, chrono::Utc, relay_rpc::{ + auth::ed25519_dalek::SigningKey, domain::{DecodedClientId, Topic}, rpc::Publish, }, @@ -195,7 +196,7 @@ pub async fn handle(msg: RelayIncomingMessage, state: &AppState) -> Result<(), R }; let response_auth = sign_jwt( response_message, - &ed25519_dalek::SigningKey::from_bytes( + &SigningKey::from_bytes( &decode_key(&project.authentication_private_key) .map_err(RelayMessageServerError::NotifyServerError)?, // TODO change to client error? ), diff --git a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_watch_subscriptions.rs b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_watch_subscriptions.rs index d8da1f34..eb440e6f 100644 --- a/src/services/public_http_server/handlers/relay_webhook/handlers/notify_watch_subscriptions.rs +++ b/src/services/public_http_server/handlers/relay_webhook/handlers/notify_watch_subscriptions.rs @@ -39,7 +39,7 @@ use { }, base64::Engine, chrono::{Duration, Utc}, - relay_rpc::{domain::DecodedClientId, rpc::Publish}, + relay_rpc::{auth::ed25519_dalek::SigningKey, domain::DecodedClientId, rpc::Publish}, sqlx::PgPool, std::sync::Arc, tracing::{info, instrument}, @@ -366,7 +366,7 @@ pub async fn prepare_subscription_watchers( #[instrument(skip_all)] pub async fn send_to_subscription_watchers( watchers_with_subscriptions: Vec<(SubscriptionWatcherQuery, Vec)>, - authentication_secret: &ed25519_dalek::SigningKey, + authentication_secret: &SigningKey, authentication_client_id: &DecodedClientId, http_client: &relay_client::http::Client, metrics: Option<&Metrics>, @@ -402,7 +402,7 @@ async fn send( account: &AccountId, aud: String, sym_key: &str, - authentication_secret: &ed25519_dalek::SigningKey, + authentication_secret: &SigningKey, authentication_client_id: &DecodedClientId, http_client: &relay_client::http::Client, metrics: Option<&Metrics>, diff --git a/src/services/public_http_server/handlers/subscribe_topic.rs b/src/services/public_http_server/handlers/subscribe_topic.rs index e2a24e7d..df2d856d 100644 --- a/src/services/public_http_server/handlers/subscribe_topic.rs +++ b/src/services/public_http_server/handlers/subscribe_topic.rs @@ -18,7 +18,7 @@ use { hyper::StatusCode, once_cell::sync::Lazy, regex::Regex, - relay_rpc::domain::ProjectId, + relay_rpc::{auth::ed25519_dalek::SigningKey, domain::ProjectId}, serde::{Deserialize, Serialize}, serde_json::json, std::sync::Arc, @@ -78,7 +78,7 @@ pub async fn handler( let signing_public = PublicKey::from(&subscribe_key); let topic = topic_from_key(signing_public.as_bytes()); - let authentication_key = ed25519_dalek::SigningKey::generate(&mut OsRng); + let authentication_key = SigningKey::generate(&mut OsRng); let project = upsert_project( project_id, diff --git a/src/services/publisher_service/mod.rs b/src/services/publisher_service/mod.rs index 95d76da5..cabc2e44 100644 --- a/src/services/publisher_service/mod.rs +++ b/src/services/publisher_service/mod.rs @@ -16,6 +16,7 @@ use { helpers::{dead_letter_give_up_check, update_message_processing_status}, relay_client::http::Client, relay_rpc::{ + auth::ed25519_dalek::SigningKey, domain::DecodedClientId, rpc::{msg_id::MsgId, Publish}, }, @@ -279,7 +280,7 @@ async fn process_notification( analytics: &NotifyAnalytics, ) -> Result<(), NotifyServerError> { let project_signing_details = { - let private_key = ed25519_dalek::SigningKey::from_bytes(&decode_key( + let private_key = SigningKey::from_bytes(&decode_key( ¬ification.project_authentication_private_key, )?); let decoded_client_id = diff --git a/src/services/relay_renewal_job/mod.rs b/src/services/relay_renewal_job/mod.rs index 45a7c388..610bd4b3 100644 --- a/src/services/relay_renewal_job/mod.rs +++ b/src/services/relay_renewal_job/mod.rs @@ -2,7 +2,7 @@ use { crate::{error::NotifyServerError, metrics::Metrics}, chrono::Duration, relay_client::http::Client, - relay_rpc::{auth::ed25519_dalek::Keypair, domain::Topic}, + relay_rpc::{auth::ed25519_dalek::SigningKey, domain::Topic}, sqlx::PgPool, std::{future::Future, sync::Arc}, tokio::{sync::Mutex, time}, @@ -16,7 +16,7 @@ mod register_webhook; pub async fn start( key_agreement_topic: Topic, notify_url: Url, - keypair: Keypair, + keypair: SigningKey, relay_client: Arc, postgres: PgPool, metrics: Option, @@ -68,7 +68,7 @@ async fn job( key_agreement_topic: Topic, renew_all_topics_lock: Arc>, notify_url: &Url, - keypair: &Keypair, + keypair: &SigningKey, relay_client: &Client, postgres: &PgPool, metrics: Option<&Metrics>, diff --git a/src/services/relay_renewal_job/register_webhook.rs b/src/services/relay_renewal_job/register_webhook.rs index 60b0d541..b497112c 100644 --- a/src/services/relay_renewal_job/register_webhook.rs +++ b/src/services/relay_renewal_job/register_webhook.rs @@ -5,7 +5,7 @@ use { http::{Client, WatchRegisterRequest}, }, relay_rpc::{ - auth::ed25519_dalek::Keypair, + auth::ed25519_dalek::SigningKey, rpc::{WatchStatus, WatchType}, }, std::time::Duration, @@ -14,7 +14,7 @@ use { }; #[instrument(skip_all)] -pub async fn run(notify_url: &Url, keypair: &Keypair, client: &Client) -> Result<(), Error> { +pub async fn run(notify_url: &Url, keypair: &SigningKey, client: &Client) -> Result<(), Error> { client .watch_register( WatchRegisterRequest { @@ -43,8 +43,6 @@ mod tests { crate::relay_client_helpers::create_http_client, chrono::Utc, hyper::StatusCode, - rand::rngs::StdRng, - rand_core::SeedableRng, relay_rpc::{ domain::{DecodedClientId, DidKey, ProjectId}, jwt::VerifyableClaims, @@ -73,7 +71,7 @@ mod tests { jsonrpc: req.jsonrpc, result: serde_json::to_value(WatchRegisterResponse { relay_id: DidKey::from(DecodedClientId::from_key( - &Keypair::generate(&mut StdRng::from_entropy()).public_key(), + &SigningKey::generate(&mut rand::thread_rng()).verifying_key(), )), }) .unwrap(), @@ -84,7 +82,7 @@ mod tests { .await; let relay_url = relay.uri().parse::().unwrap(); let notify_url = "https://example.com".parse::().unwrap(); - let keypair = Keypair::generate(&mut StdRng::from_entropy()); + let keypair = SigningKey::generate(&mut rand::thread_rng()); let relay_client = create_http_client( &keypair, relay_url, diff --git a/src/state.rs b/src/state.rs index 7f81ce9f..9abba1ae 100644 --- a/src/state.rs +++ b/src/state.rs @@ -13,7 +13,7 @@ use { relay_rpc::{ auth::{ cacao::signature::eip1271::blockchain_api::BlockchainApiProvider, - ed25519_dalek::{Keypair, PublicKey}, + ed25519_dalek::{SigningKey, VerifyingKey}, }, domain::{DecodedClientId, DidKey}, rpc::Receipt, @@ -31,7 +31,7 @@ pub struct AppState { pub build_info: BuildInfo, pub metrics: Option, pub postgres: PgPool, - pub keypair: Keypair, + pub keypair: SigningKey, pub relay_client: Arc, pub relay_identity: DidKey, pub redis: Option>, @@ -50,7 +50,7 @@ impl AppState { analytics: NotifyAnalytics, config: Configuration, postgres: PgPool, - keypair: Keypair, + keypair: SigningKey, keypair_seed: [u8; 32], relay_client: Arc, metrics: Option, @@ -63,7 +63,13 @@ impl AppState { let build_info: &BuildInfo = build_info(); let relay_identity = DidKey::from(DecodedClientId::from_key( - &PublicKey::from_bytes(&hex::decode(&config.relay_public_key).unwrap()).unwrap(), + &VerifyingKey::from_bytes( + &hex::decode(&config.relay_public_key) + .unwrap() + .try_into() + .unwrap(), + ) + .unwrap(), )); let notify_keys = NotifyKeys::new(&config.notify_url, keypair_seed)?; diff --git a/src/utils.rs b/src/utils.rs index f1a3efa5..7a037362 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -1,6 +1,9 @@ use { crate::model::types::AccountId, - relay_rpc::domain::{DecodedClientId, Topic}, + relay_rpc::{ + auth::ed25519_dalek::VerifyingKey, + domain::{DecodedClientId, Topic}, + }, }; // TODO consider using the key object directly instead of a byte slice @@ -8,11 +11,8 @@ pub fn topic_from_key(key: &[u8]) -> Topic { sha256::digest(key).into() } -pub fn get_client_id(verifying_key: &ed25519_dalek::VerifyingKey) -> DecodedClientId { - // Better approach, but dependency versions conflict right now. - // See: https://github.com/WalletConnect/WalletConnectRust/issues/53 - // DecodedClientId::from_key(verifying_key) - DecodedClientId(verifying_key.to_bytes()) +pub fn get_client_id(verifying_key: &VerifyingKey) -> DecodedClientId { + DecodedClientId::from_key(verifying_key) } pub fn get_address_from_account(account: &AccountId) -> &str { diff --git a/tests/integration.rs b/tests/integration.rs index 0f03c7e1..9b21aa96 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -8,7 +8,6 @@ use { }, async_trait::async_trait, chrono::{DateTime, Duration, TimeZone, Utc}, - ed25519_dalek::VerifyingKey, futures::future::BoxFuture, hyper::StatusCode, itertools::Itertools, @@ -82,13 +81,12 @@ use { types::{encode_scope, Notification}, utils::{get_client_id, is_same_address, topic_from_key}, }, - rand::rngs::StdRng, + rand::{rngs::StdRng, SeedableRng}, rand_chacha::rand_core::OsRng, - rand_core::SeedableRng, relay_rpc::{ auth::{ cacao::Cacao, - ed25519_dalek::{ed25519::signature::Signature, Keypair, Signer}, + ed25519_dalek::{Signer, SigningKey, VerifyingKey}, }, domain::{DecodedClientId, DidKey, MessageId, ProjectId, Topic}, jwt::{JwtBasicClaims, JwtHeader, VerifyableClaims}, @@ -214,8 +212,8 @@ fn generate_subscribe_key() -> x25519_dalek::StaticSecret { x25519_dalek::StaticSecret::random_from_rng(OsRng) } -fn generate_authentication_key() -> ed25519_dalek::SigningKey { - ed25519_dalek::SigningKey::generate(&mut OsRng) +fn generate_authentication_key() -> SigningKey { + SigningKey::generate(&mut OsRng) } fn generate_account_id() -> AccountId { @@ -3117,11 +3115,7 @@ async fn subscribe_topic( project_id: &ProjectId, app_domain: DidWeb, notify_server_url: &Url, -) -> ( - x25519_dalek::PublicKey, - ed25519_dalek::VerifyingKey, - DecodedClientId, -) { +) -> (x25519_dalek::PublicKey, VerifyingKey, DecodedClientId) { utils::http_api::subscribe_topic(project_id, Uuid::new_v4(), app_domain, notify_server_url) .await } @@ -8890,11 +8884,11 @@ async fn relay_webhook_rejects_invalid_jwt(notify_server: &NotifyServerContext) #[tokio::test] async fn relay_webhook_rejects_wrong_aud(notify_server: &NotifyServerContext) { let webhook_url = notify_server.url.join(RELAY_WEBHOOK_ENDPOINT).unwrap(); - let keypair = Keypair::generate(&mut StdRng::from_entropy()); + let keypair = SigningKey::generate(&mut rand::thread_rng()); let payload = WatchWebhookPayload { event_auth: vec![WatchEventClaims { basic: JwtBasicClaims { - iss: DidKey::from(DecodedClientId::from_key(&keypair.public_key())), + iss: DidKey::from(DecodedClientId::from_key(&keypair.verifying_key())), aud: "example.com".to_owned(), // sub: DecodedClientId::from_key(¬ify_server.keypair.public_key()).to_did_key(), sub: "".to_string(), @@ -8942,11 +8936,11 @@ async fn relay_webhook_rejects_wrong_aud(notify_server: &NotifyServerContext) { #[tokio::test] async fn relay_webhook_rejects_invalid_signature(notify_server: &NotifyServerContext) { let webhook_url = notify_server.url.join(RELAY_WEBHOOK_ENDPOINT).unwrap(); - let keypair1 = Keypair::generate(&mut StdRng::from_entropy()); - let keypair2 = Keypair::generate(&mut StdRng::from_entropy()); + let keypair1 = SigningKey::generate(&mut rand::thread_rng()); + let keypair2 = SigningKey::generate(&mut rand::thread_rng()); let claims = WatchEventClaims { basic: JwtBasicClaims { - iss: DidKey::from(DecodedClientId::from_key(&keypair1.public_key())), + iss: DidKey::from(DecodedClientId::from_key(&keypair1.verifying_key())), aud: notify_server.url.to_string(), // sub: DecodedClientId::from_key(¬ify_server.keypair.public_key()).to_did_key(), sub: "".to_string(), @@ -8974,7 +8968,7 @@ async fn relay_webhook_rejects_invalid_signature(notify_server: &NotifyServerCon ); let claims = encoder.encode(serde_json::to_string(&claims).unwrap().as_bytes()); let message = format!("{header}.{claims}"); - let signature = encoder.encode(keypair2.sign(message.as_bytes()).as_bytes()); + let signature = encoder.encode(&keypair2.sign(message.as_bytes()).to_bytes()); format!("{message}.{signature}") }; let payload = WatchWebhookPayload { @@ -9006,11 +9000,11 @@ async fn relay_webhook_rejects_invalid_signature(notify_server: &NotifyServerCon #[tokio::test] async fn relay_webhook_rejects_wrong_iss(notify_server: &NotifyServerContext) { let webhook_url = notify_server.url.join(RELAY_WEBHOOK_ENDPOINT).unwrap(); - let keypair = Keypair::generate(&mut StdRng::from_entropy()); + let keypair = SigningKey::generate(&mut rand::thread_rng()); let payload = WatchWebhookPayload { event_auth: vec![WatchEventClaims { basic: JwtBasicClaims { - iss: DidKey::from(DecodedClientId::from_key(&keypair.public_key())), + iss: DidKey::from(DecodedClientId::from_key(&keypair.verifying_key())), aud: notify_server.url.to_string(), // sub: DecodedClientId::from_key(¬ify_server.keypair.public_key()).to_did_key(), sub: "".to_string(), @@ -9121,7 +9115,7 @@ async fn batch_receive_called(notify_server: &NotifyServerContext) { let notify_server_relay_client = { let keypair_seed = decode_key(&sha256::digest(notify_server.keypair_seed.as_bytes())).unwrap(); - let keypair = Keypair::generate(&mut StdRng::from_seed(keypair_seed)); + let keypair = SigningKey::generate(&mut StdRng::from_seed(keypair_seed)); create_http_client( &keypair, diff --git a/tests/utils/http_api.rs b/tests/utils/http_api.rs index e119d895..28214c03 100644 --- a/tests/utils/http_api.rs +++ b/tests/utils/http_api.rs @@ -13,7 +13,10 @@ use { }, utils::get_client_id, }, - relay_rpc::domain::{DecodedClientId, ProjectId}, + relay_rpc::{ + auth::ed25519_dalek::VerifyingKey, + domain::{DecodedClientId, ProjectId}, + }, std::fmt::Display, url::Url, }; @@ -23,11 +26,7 @@ pub async fn subscribe_topic( project_secret: T, app_domain: DidWeb, notify_server_url: &Url, -) -> ( - x25519_dalek::PublicKey, - ed25519_dalek::VerifyingKey, - DecodedClientId, -) +) -> (x25519_dalek::PublicKey, VerifyingKey, DecodedClientId) where T: Display, { @@ -55,7 +54,7 @@ where let key_agreement = decode_key(&response.subscribe_key).unwrap(); let key_agreement = x25519_dalek::PublicKey::from(key_agreement); - let authentication = ed25519_dalek::VerifyingKey::from_bytes(&authentication).unwrap(); + let authentication = VerifyingKey::from_bytes(&authentication).unwrap(); let client_id = get_client_id(&authentication); (key_agreement, authentication, client_id) } diff --git a/tests/utils/mod.rs b/tests/utils/mod.rs index a36707e0..603f1fac 100644 --- a/tests/utils/mod.rs +++ b/tests/utils/mod.rs @@ -1,8 +1,7 @@ use { base64::Engine, chrono::Utc, - ed25519_dalek::{Signer, VerifyingKey}, - k256::ecdsa::SigningKey, + k256::ecdsa::SigningKey as EcdsaSigningKey, notify_server::{ auth::{AuthError, DidWeb, GetSharedClaims, SharedClaims}, error::NotifyServerError, @@ -10,9 +9,7 @@ use { notify_message::NotifyMessage, relay_client_helpers::create_http_client, }, - rand::rngs::StdRng, rand_chacha::rand_core::OsRng, - rand_core::SeedableRng, relay_client::http::Client, relay_rpc::{ auth::{ @@ -24,7 +21,7 @@ use { eip191::{eip191_bytes, EIP191}, }, }, - ed25519_dalek::Keypair, + ed25519_dalek::{Signer, SigningKey as Ed25519SigningKey, VerifyingKey}, }, domain::{DecodedClientId, ProjectId, Topic}, jwt::{JwtHeader, JWT_HEADER_ALG, JWT_HEADER_TYP}, @@ -74,7 +71,7 @@ const RETRIES: usize = 5; impl RelayClient { pub async fn new(relay_url: Url, relay_project_id: ProjectId, notify_url: Url) -> Self { let client = create_http_client( - &Keypair::generate(&mut StdRng::from_entropy()), + &Ed25519SigningKey::generate(&mut rand::thread_rng()), relay_url, notify_url, relay_project_id, @@ -227,8 +224,8 @@ pub fn verify_jwt(jwt: &str, key: &VerifyingKey) -> Result (SigningKey, String) { - let account_signing_key = k256::ecdsa::SigningKey::random(&mut OsRng); +pub fn generate_eoa() -> (EcdsaSigningKey, String) { + let account_signing_key = EcdsaSigningKey::random(&mut OsRng); let address = &Keccak256::default() .chain_update( &account_signing_key @@ -245,13 +242,13 @@ pub fn format_eip155_account(chain_id: u32, address: &str) -> AccountId { AccountId::try_from(format!("eip155:{chain_id}:{address}")).unwrap() } -pub fn generate_account() -> (SigningKey, AccountId) { +pub fn generate_account() -> (EcdsaSigningKey, AccountId) { let (account_signing_key, address) = generate_eoa(); let account = format_eip155_account(1, &address); (account_signing_key, account) } -pub fn encode_auth(auth: &T, signing_key: &ed25519_dalek::SigningKey) -> String { +pub fn encode_auth(auth: &T, signing_key: &Ed25519SigningKey) -> String { let data = JwtHeader { typ: JWT_HEADER_TYP, alg: JWT_HEADER_ALG, @@ -289,7 +286,7 @@ impl GetSharedClaims for UnregisterIdentityRequestAuth { pub async fn unregister_identity_key( keys_server_url: Url, account: &AccountId, - identity_signing_key: &ed25519_dalek::SigningKey, + identity_signing_key: &Ed25519SigningKey, identity_did_key: &DecodedClientId, ) { let unregister_auth = UnregisterIdentityRequestAuth { @@ -326,14 +323,13 @@ pub async fn assert_successful_response(response: Response) -> Response { #[derive(Clone)] pub struct IdentityKeyDetails { pub keys_server_url: Url, - pub signing_key: ed25519_dalek::SigningKey, + pub signing_key: Ed25519SigningKey, pub client_id: DecodedClientId, } -pub fn generate_identity_key() -> (ed25519_dalek::SigningKey, DecodedClientId) { - let keypair = Keypair::generate(&mut StdRng::from_entropy()); - let signing_key = ed25519_dalek::SigningKey::from_bytes(keypair.secret_key().as_bytes()); - let client_id = DecodedClientId::from_key(&keypair.public_key()); +pub fn generate_identity_key() -> (Ed25519SigningKey, DecodedClientId) { + let signing_key = Ed25519SigningKey::generate(&mut rand::thread_rng()); + let client_id = DecodedClientId::from_key(&signing_key.verifying_key()); (signing_key, client_id) } @@ -343,7 +339,7 @@ pub async fn sign_cacao( statement: String, identity_public_key: DecodedClientId, keys_server_url: String, - account_signing_key: &k256::ecdsa::SigningKey, + account_signing_key: &EcdsaSigningKey, ) -> cacao::Cacao { let mut cacao = cacao::Cacao { h: cacao::header::Header { diff --git a/tests/utils/notify_relay_api.rs b/tests/utils/notify_relay_api.rs index 80014f0e..e2efed28 100644 --- a/tests/utils/notify_relay_api.rs +++ b/tests/utils/notify_relay_api.rs @@ -9,7 +9,6 @@ use { relay_api::{decode_message, decode_response_message}, verify_jwt, JWT_LEEWAY, }, - ed25519_dalek::VerifyingKey, notify_server::{ auth::{ from_jwt, DidWeb, NotifyServerSubscription, SubscriptionRequestAuth, @@ -37,7 +36,10 @@ use { utils::{is_same_address, topic_from_key}, }, rand_chacha::rand_core::OsRng, - relay_rpc::domain::{DecodedClientId, MessageId}, + relay_rpc::{ + auth::ed25519_dalek::VerifyingKey, + domain::{DecodedClientId, MessageId}, + }, std::collections::HashSet, url::Url, uuid::Uuid,