From f0c4da561c2bd6664940ca9f7579eba310542c85 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Thu, 13 Aug 2020 14:46:10 -0700 Subject: [PATCH 01/12] Use latest schnorrkel and attach_rng --- Cargo.lock | 46 +++++++++++++++++++++++++------------------ crypto/sig/Cargo.toml | 4 ++-- crypto/sig/src/lib.rs | 12 +++++++---- 3 files changed, 37 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a187faaf06..b76c5ae9c1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -12,7 +12,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cf01b9b56e767bb57b94ebf91a58b338002963785cdd7013e21c0d4679471e4" dependencies = [ - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -302,7 +302,7 @@ dependencies = [ "block-padding", "byte-tools", "byteorder", - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -311,7 +311,7 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c924d49bd09e7c06003acda26cd9742e796e34282ec6c1189404dee0c1f4774" dependencies = [ - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -744,7 +744,7 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" dependencies = [ - "generic-array", + "generic-array 0.12.3", "subtle 1.0.0", ] @@ -895,7 +895,7 @@ version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" dependencies = [ - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -1274,6 +1274,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "generic-array" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ed1e761351b56f54eb9dcd0cfaca9fd0daecf93918e1cfc01c8a3d26ee7adcd" +dependencies = [ + "typenum", +] + [[package]] name = "genio" version = "0.2.1" @@ -2022,11 +2031,8 @@ dependencies = [ name = "mc-api" version = "0.6.0" dependencies = [ - "bs58", "cargo-emit", - "crc", "curve25519-dalek", - "displaydoc", "mc-account-keys", "mc-common", "mc-crypto-keys", @@ -2097,7 +2103,7 @@ dependencies = [ "digest", "displaydoc", "failure", - "generic-array", + "generic-array 0.12.3", "hex 0.3.2", "hex_fmt", "mbedtls", @@ -2180,7 +2186,7 @@ dependencies = [ "cfg-if", "chrono", "failure", - "generic-array", + "generic-array 0.12.3", "hashbrown 0.6.3", "hex_fmt", "hostname 0.1.5", @@ -2379,7 +2385,6 @@ dependencies = [ "mc-transaction-core", "mc-util-from-random", "mc-util-serial", - "mockall", "rand_core 0.5.1", "rand_hc 0.2.0", "sha2", @@ -2541,7 +2546,7 @@ name = "mc-crypto-digestible-derive" version = "0.6.0" dependencies = [ "digest", - "generic-array", + "generic-array 0.12.3", "mc-crypto-digestible", "proc-macro2 1.0.12", "quote 1.0.4", @@ -2593,7 +2598,7 @@ version = "0.6.0" dependencies = [ "aes-gcm", "failure", - "generic-array", + "generic-array 0.12.3", "mc-util-serial", "mc-util-test-helper", "rand_core 0.5.1", @@ -2609,7 +2614,7 @@ dependencies = [ "aes-gcm", "digest", "failure", - "generic-array", + "generic-array 0.12.3", "hkdf", "mc-crypto-keys", "mc-util-from-random", @@ -2643,6 +2648,7 @@ dependencies = [ "mc-crypto-keys", "mc-util-from-random", "mc-util-test-helper", + "merlin", "rand_core 0.5.1", "rand_hc 0.2.0", "schnorrkel", @@ -2874,7 +2880,6 @@ dependencies = [ "mc-util-grpc", "mc-util-serial", "mc-util-uri", - "mockall", "protobuf", "rand 0.7.3", "rand_hc 0.2.0", @@ -3184,7 +3189,7 @@ dependencies = [ "curve25519-dalek", "digest", "failure", - "generic-array", + "generic-array 0.12.3", "hex_fmt", "lazy_static", "mc-account-keys", @@ -3461,7 +3466,7 @@ dependencies = [ name = "mc-util-repr-bytes" version = "0.6.0" dependencies = [ - "generic-array", + "generic-array 0.13.2", "prost", "serde", "serde_cbor", @@ -4872,12 +4877,15 @@ dependencies = [ [[package]] name = "schnorrkel" version = "0.9.1" -source = "git+https://github.com/sugargoat/schnorrkel?rev=60eedb2d3e005539052e1a2aef864bc78323c66c#60eedb2d3e005539052e1a2aef864bc78323c66c" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "021b403afe70d81eea68f6ea12f6b3c9588e5d536a94c3bf80f15e7faa267862" dependencies = [ "arrayref", "arrayvec", "curve25519-dalek", + "getrandom", "merlin", + "rand 0.7.3", "rand_core 0.5.1", "sha2", "subtle 2.2.3", @@ -5966,7 +5974,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df0c900f2f9b4116803415878ff48b63da9edb268668e08cf9292d7503114a01" dependencies = [ - "generic-array", + "generic-array 0.12.3", "subtle 2.2.3", ] diff --git a/crypto/sig/Cargo.toml b/crypto/sig/Cargo.toml index 3cd3e57dfe..f53a1989e4 100644 --- a/crypto/sig/Cargo.toml +++ b/crypto/sig/Cargo.toml @@ -9,10 +9,10 @@ mc-crypto-hashes = { path = "../hashes" } mc-crypto-keys = { path = "../keys", default-features = false } digest = { version = "0.8.1", default-features = false } +merlin = "2.0" rand_core = { version = "0.5", default-features = false } rand_hc = "0.2" -# FIXME: Introduces *_rng methods that take an rng to bypass rand_hack that fails no_std builds -schnorrkel = { git = "https://github.com/sugargoat/schnorrkel", rev = "60eedb2d3e005539052e1a2aef864bc78323c66c", default-features = false} +schnorrkel = "0.9" [dev-dependencies] mc-util-from-random = { path = "../../util/from-random" } diff --git a/crypto/sig/src/lib.rs b/crypto/sig/src/lib.rs index 61697130b7..d26869b3d3 100644 --- a/crypto/sig/src/lib.rs +++ b/crypto/sig/src/lib.rs @@ -10,9 +10,10 @@ use digest::Input; use mc_crypto_hashes::Blake2b256; use mc_crypto_keys::{RistrettoPrivate, RistrettoPublic}; +use merlin::Transcript; use rand_core::SeedableRng; use rand_hc::Hc128Rng as FixedRng; -use schnorrkel::{signing_context, SecretKey}; +use schnorrkel::{context::attach_rng, signing_context, SecretKey}; pub use schnorrkel::{Signature, SignatureError, SIGNATURE_LENGTH}; /// Create a deterministic Schnorrkel signature @@ -44,10 +45,13 @@ pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) let keypair = secret_key.to_keypair(); // Context provides domain separation for signature - let ctx = signing_context(context_tag); + let mut t = Transcript::new(b"SigningContext"); + t.append_message(b"", context_tag); + t.append_message(b"sign-bytes", message); // NOTE: The fog_authority_fingerprint_sig is deterministic due to using the above hash as the rng seed - let mut csprng: FixedRng = SeedableRng::from_seed(nonce.into()); - keypair.sign_rng(ctx.bytes(message), &mut csprng) + let csprng: FixedRng = SeedableRng::from_seed(nonce.into()); + let transcript = attach_rng(t, csprng); + keypair.sign(transcript) } /// Verify a Schnorrkel signature From 3951babb56cd41b9312d383159b374d089584ecb Mon Sep 17 00:00:00 2001 From: sugargoat Date: Thu, 13 Aug 2020 14:48:38 -0700 Subject: [PATCH 02/12] Also hash context_tag --- Cargo.lock | 2 -- crypto/sig/Cargo.toml | 2 +- crypto/sig/src/lib.rs | 10 +++------- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b76c5ae9c1..d589258587 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4883,9 +4883,7 @@ dependencies = [ "arrayref", "arrayvec", "curve25519-dalek", - "getrandom", "merlin", - "rand 0.7.3", "rand_core 0.5.1", "sha2", "subtle 2.2.3", diff --git a/crypto/sig/Cargo.toml b/crypto/sig/Cargo.toml index f53a1989e4..91862b899f 100644 --- a/crypto/sig/Cargo.toml +++ b/crypto/sig/Cargo.toml @@ -12,7 +12,7 @@ digest = { version = "0.8.1", default-features = false } merlin = "2.0" rand_core = { version = "0.5", default-features = false } rand_hc = "0.2" -schnorrkel = "0.9" +schnorrkel = { version = "0.9", default-features = false } [dev-dependencies] mc-util-from-random = { path = "../../util/from-random" } diff --git a/crypto/sig/src/lib.rs b/crypto/sig/src/lib.rs index d26869b3d3..a3cf7a7941 100644 --- a/crypto/sig/src/lib.rs +++ b/crypto/sig/src/lib.rs @@ -26,13 +26,9 @@ pub use schnorrkel::{Signature, SignatureError, SIGNATURE_LENGTH}; /// Returns: /// * A 64-byte Schnorrkel Signature object which can be converted to and from bytes using its API. pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) -> Signature { - // Nonce is hash( private_key || message ) - // FIXME: We should probably hash the context_tag in as well. - // Or just use something like merlin instead of Blake2b256. - // In that case we make the assumption that Keccak, which underlies STROBE, - // is a strong Pseudorandom permutation, and that consequently Merlin with - // a partially secret input is a PRF. + // Nonce is hash( context_tag || private_key || message ) let mut hasher = Blake2b256::new(); + hasher.input(context_tag); hasher.input(private_key.to_bytes()); hasher.input(message); let nonce = hasher.result(); @@ -44,7 +40,7 @@ pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) let secret_key = SecretKey::from_bytes(&secret_bytes).unwrap(); let keypair = secret_key.to_keypair(); - // Context provides domain separation for signature + // SigningContext provides domain separation for signature let mut t = Transcript::new(b"SigningContext"); t.append_message(b"", context_tag); t.append_message(b"sign-bytes", message); From c9c4779f14f35e73551cc114bfbdbd7723a2f735 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Thu, 13 Aug 2020 15:05:09 -0700 Subject: [PATCH 03/12] Default features false for merlin --- crypto/sig/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sig/Cargo.toml b/crypto/sig/Cargo.toml index 91862b899f..9a8e1b4204 100644 --- a/crypto/sig/Cargo.toml +++ b/crypto/sig/Cargo.toml @@ -9,7 +9,7 @@ mc-crypto-hashes = { path = "../hashes" } mc-crypto-keys = { path = "../keys", default-features = false } digest = { version = "0.8.1", default-features = false } -merlin = "2.0" +merlin = { version = "2.0", default-features = false } rand_core = { version = "0.5", default-features = false } rand_hc = "0.2" schnorrkel = { version = "0.9", default-features = false } From 34ae35793a5fe3550901303d45d056156592f8f6 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Thu, 13 Aug 2020 15:09:16 -0700 Subject: [PATCH 04/12] Cargo.lock --- consensus/enclave/trusted/Cargo.lock | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/consensus/enclave/trusted/Cargo.lock b/consensus/enclave/trusted/Cargo.lock index bcb69a1e2c..55292a9ac8 100644 --- a/consensus/enclave/trusted/Cargo.lock +++ b/consensus/enclave/trusted/Cargo.lock @@ -401,6 +401,14 @@ dependencies = [ "typenum 1.11.2 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "generic-array" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "typenum 1.11.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "genio" version = "0.2.1" @@ -917,9 +925,10 @@ dependencies = [ "digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "mc-crypto-hashes 0.6.0", "mc-crypto-keys 0.6.0", + "merlin 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", "rand_hc 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", - "schnorrkel 0.9.1 (git+https://github.com/sugargoat/schnorrkel?rev=60eedb2d3e005539052e1a2aef864bc78323c66c)", + "schnorrkel 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -1130,7 +1139,7 @@ dependencies = [ name = "mc-util-repr-bytes" version = "0.6.0" dependencies = [ - "generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)", + "generic-array 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)", "prost 0.6.1 (git+https://github.com/danburkert/prost?rev=6113789f70b69709820becba4242824b4fb3ffec)", "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -1345,7 +1354,7 @@ dependencies = [ [[package]] name = "schnorrkel" version = "0.9.1" -source = "git+https://github.com/sugargoat/schnorrkel?rev=60eedb2d3e005539052e1a2aef864bc78323c66c#60eedb2d3e005539052e1a2aef864bc78323c66c" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "arrayref 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", "arrayvec 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1724,6 +1733,7 @@ dependencies = [ "checksum failure_derive 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0bc225b78e0391e4b8683440bf2e63c2deeeb2ce5189eab46e2b68c6d3725d08" "checksum fake-simd 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" "checksum generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)" = "c68f0274ae0e023facc3c97b2e00f076be70e254bc851d972503b328db79b2ec" +"checksum generic-array 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0ed1e761351b56f54eb9dcd0cfaca9fd0daecf93918e1cfc01c8a3d26ee7adcd" "checksum genio 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f4e26859a808ffa83a83f20c7e3c9366afea91edae637a6ac203051885882dc8" "checksum getrandom 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)" = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" "checksum ghash 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "9f0930ed19a7184089ea46d2fedead2f6dc2b674c5db4276b7da336c7cd83252" @@ -1773,7 +1783,7 @@ dependencies = [ "checksum rjson 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5510dbde48c4c37bf69123b1f636b6dd5f8dffe1f4e358af03c46a4947dca219" "checksum rustc-hash 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" "checksum same-file 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)" = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" -"checksum schnorrkel 0.9.1 (git+https://github.com/sugargoat/schnorrkel?rev=60eedb2d3e005539052e1a2aef864bc78323c66c)" = "" +"checksum schnorrkel 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "021b403afe70d81eea68f6ea12f6b3c9588e5d536a94c3bf80f15e7faa267862" "checksum secrecy 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9eb052cf770a381fa9a6ee63038ff9a0b11d30abb53be970672e950649ff0bfb" "checksum serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)" = "414115f25f818d7dfccec8ee535d76949ae78584fc4f79a6f45a904bf8ab4449" "checksum serde_cbor 0.11.1 (git+https://github.com/mobilecoinofficial/cbor?rev=4c886a7c1d523aae1ec4aa7386f402cb2f4341b5)" = "" From 7e720397355e09a46704e8a2a16ae44013f0a99f Mon Sep 17 00:00:00 2001 From: sugargoat Date: Fri, 14 Aug 2020 11:41:21 -0700 Subject: [PATCH 05/12] Cargo.lock --- Cargo.lock | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index d589258587..fcb6b7510b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2031,8 +2031,11 @@ dependencies = [ name = "mc-api" version = "0.6.0" dependencies = [ + "bs58", "cargo-emit", + "crc", "curve25519-dalek", + "displaydoc", "mc-account-keys", "mc-common", "mc-crypto-keys", From cb08ba8cdbc19a710e8e81f0a825a0d26c8656c9 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Sat, 15 Aug 2020 09:46:32 -0700 Subject: [PATCH 06/12] Signature changes in tests --- util/url-encoding/src/payment_request.rs | 17 +++++++++-------- util/url-encoding/tests/comparison.rs | 10 +++++----- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/util/url-encoding/src/payment_request.rs b/util/url-encoding/src/payment_request.rs index 30230176b8..c606042b18 100644 --- a/util/url-encoding/src/payment_request.rs +++ b/util/url-encoding/src/payment_request.rs @@ -67,6 +67,7 @@ mod tests { use core::{convert::TryFrom, str::FromStr}; + use hex::FromHex; use mc_account_keys::{AccountKey, RootEntropy, RootIdentity}; use mc_crypto_keys::RistrettoPrivate; use mc_util_test_helper::{run_with_several_seeds, RngCore}; @@ -78,7 +79,8 @@ mod tests { root_entropy: RootEntropy::from(&[0u8; 32]), fog_report_url: "fog://example.com".to_owned(), fog_report_id: Default::default(), - fog_authority_fingerprint: Default::default(), + fog_authority_fingerprint: Vec::from_hex("23e9dfabdaf74c69428ec0dfac15784eedc7466e") + .unwrap(), }; let acct = AccountKey::from(&identity); @@ -93,7 +95,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://example.com/9i_xwzoihbGu5hLthygfLGi7K1sPFDmhPkq3KPmO-2p4kBwRg06ELfa-mMEnlTUT4RYJXUEizCfYB7RRHLgeEWfP?s=QqLfvkgCM29apl9PBGhIag-XlF-qy_CF2_qb7znsWhFViPW0f5v-ggZnCm0vkK5aaWAfP4uxWb5lWUa8zBpNjT9A"); + assert_eq!(mob_url.as_ref(), "mob://example.com/9i_xwzoihbGu5hLthygfLGi7K1sPFDmhPkq3KPmO-2p4kBwRg06ELfa-mMEnlTUT4RYJXUEizCfYB7RRHLgeEWfP?s=HFZv2Edntt6Q4y5bSYdHHPh78NFHTx_7lH9ImnLt4T3xHXjOnZaR4ObQsyv-PopMCLIIqX6TpGhq7tnopzg6jpFt"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); @@ -132,7 +134,7 @@ mod tests { &RistrettoPrivate::try_from(&[1u8; 32]).unwrap(), "fog://fog.mobilecoin.com".to_string(), 0.to_string(), - b"deadbeef".to_vec(), + Vec::from_hex("23e9dfabdaf74c69428ec0dfac15784eedc7466e").unwrap(), ); let addr = acct.default_subaddress(); @@ -148,8 +150,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=2+baby+goats&s=-ry4OlNUCMW1o8tZ188x4I8ppwTPik7t5jRxALmGDhB6hbitNs5Wx5W9go-BPkyieM_NbFVAlP848faDVXEFjAm1#0"); - + assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=2+baby+goats&s=ArdJFqaDdDveqoiL_iUerG8LQIl09OLyjyGXnGddknzmCSlQanEBQTg6SClF3drMTAOQyzRRdd-tR_Rj74RZgHO2#0"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); assert_eq!(payload, payload2); @@ -163,7 +164,7 @@ mod tests { &RistrettoPrivate::try_from(&[1u8; 32]).unwrap(), "fog://fog.mobilecoin.com".to_string(), 0.to_string(), - b"deadbeef".to_vec(), + Vec::from_hex("23e9dfabdaf74c69428ec0dfac15784eedc7466e").unwrap(), ); let addr = acct.default_subaddress(); @@ -179,7 +180,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=%D9%84%D8%B3%D9%84%D8%A7%D9%85+%D8%B9%D9%84%D9%8A%D9%83%D9%85&s=-ry4OlNUCMW1o8tZ188x4I8ppwTPik7t5jRxALmGDhB6hbitNs5Wx5W9go-BPkyieM_NbFVAlP848faDVXEFjAm1#0"); + assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=%D9%84%D8%B3%D9%84%D8%A7%D9%85+%D8%B9%D9%84%D9%8A%D9%83%D9%85&s=ArdJFqaDdDveqoiL_iUerG8LQIl09OLyjyGXnGddknzmCSlQanEBQTg6SClF3drMTAOQyzRRdd-tR_Rj74RZgHO2#0"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); @@ -207,7 +208,7 @@ mod tests { &RistrettoPrivate::try_from(&[1u8; 32]).unwrap(), "fog://fog.mobilecoin.com".to_string(), 0.to_string(), - b"deadbeef".to_vec(), + Vec::from_hex("23e9dfabdaf74c69428ec0dfac15784eedc7466e").unwrap(), ); let addr = acct.default_subaddress(); diff --git a/util/url-encoding/tests/comparison.rs b/util/url-encoding/tests/comparison.rs index 96b8d7938c..dc7d2ca2db 100644 --- a/util/url-encoding/tests/comparison.rs +++ b/util/url-encoding/tests/comparison.rs @@ -65,7 +65,7 @@ fn test_url_encoding() { }; let encoded = MobUrl::try_from(&payload).unwrap(); let encoded_str: &str = encoded.as_ref(); - assert_eq!("mob://fog.mobilecoin.signal.org/rmiEqq-34E3Fbm3hwxaYJtPZzu9THCBkQaqJDeZwuXG8mf2yOhmGoZmnKTu3--ZCj--5MdTwwCib2p7Dn3KTCl6E?a=666&m=2+baby+goats&s=KovIno-JXUsQuTSmUj4MDowMENWBpAbrHcT61x72MWNc24hBmdiRlPtpuxSdju_eaMXKeSrLLHjP7VltAuI_hP1f", encoded_str); + assert_eq!("mob://fog.mobilecoin.signal.org/rmiEqq-34E3Fbm3hwxaYJtPZzu9THCBkQaqJDeZwuXG8mf2yOhmGoZmnKTu3--ZCj--5MdTwwCib2p7Dn3KTCl6E?a=666&m=2+baby+goats&s=Ogw_pwCYvWIH4U3Fp_meqsRNIuRTM7t7dm2xPYTpSgkD3Slnk6cb-lCQRaZaEhu8dxyLQJ6VqoqvF-ZDjcMdhIP3", encoded_str); assert_eq!(232, encoded_str.len()); let b58_payload = RequestPayload::new_v4( @@ -79,8 +79,8 @@ fn test_url_encoding() { ) .unwrap(); let b58_encoded = "mob:///".to_string() + &b58_payload.encode(); - assert_eq!("mob:///CzpFtx52f77AfogondLHGH4ZnhraB4igZKptek36H2mUPmj3qtLCV4UWB8QaDUqro3xBoKb4rXDSBm2nxV6GNz6pNfG5nwrdG17pPACnuh1NNFxyyUyEL6ckUfUhEYvPXLAy3JZhWCyi6g1S5MQd4NvaPXcptK14T5X2NP1yQei4paCBty8JxM4sc8mJa34NXYSySTnqAR53qC2WzmVKWtfuAAQXZU2jPR1kxZ2tJCdhBtERcfzsjKUAwZZMAYfgP9", b58_encoded); - assert_eq!(265, b58_encoded.len()); + assert_eq!("mob:///269zXNVHVYVq6Z9hrS1AmxtamM2X2gKoYeEafzdc2JrZN2pp8s5ZmKfrxaAffvT54hBufmF2GrGq267H1VLAo2LuiYiY97CEgKuM7DGrHngQrNKJMXfy1N8mETeco5p9p3QW2mXFiv9LfYGJfyK61PpRkoPwx1hBPFVuq6pDM2jNKR8JAoDyJkkCCW1Bsdy7hMAbkzZ5vZCwdqDp6GvPqaZ6vjumpkVat4RTHx13di4e5BmEpbGBCaeMp77QhKXoDxB", b58_encoded); + assert_eq!(266, b58_encoded.len()); } { @@ -92,7 +92,7 @@ fn test_url_encoding() { }; let encoded = MobUrl::try_from(&payload).unwrap(); let encoded_str: &str = encoded.as_ref(); - assert_eq!("mob://fog.diogenes.mobilecoin.com/krmSAg7MnM0fn-yTIjV6tHtRA7Zj2JRZ4pJ-_PcweTkAu7afknATa5hFwtc_Zvi8R6d36cnpMA0-inMbZHiqMRqp?a=666&m=2+baby+goats&s=SC9cs96Ry9z4Js_VXkC35IMnTjpQCtEujN8D-R15qTsJloN2pZ75BbSzGtQJ99kBt8mM2YBhlTW9wuCfzHU3gJmx", encoded_str); + assert_eq!("mob://fog.diogenes.mobilecoin.com/krmSAg7MnM0fn-yTIjV6tHtRA7Zj2JRZ4pJ-_PcweTkAu7afknATa5hFwtc_Zvi8R6d36cnpMA0-inMbZHiqMRqp?a=666&m=2+baby+goats&s=BvPCBBLW_PzgnuwvyXDl5OX7oj48ibwFCN5MfnZxKy3kXVD1uJyUv9DHA89euJeY6NnTauicxmKc98zNAiXVhlyC", encoded_str); assert_eq!(234, encoded_str.len()); let b58_payload = RequestPayload::new_v4( @@ -106,7 +106,7 @@ fn test_url_encoding() { ) .unwrap(); let b58_encoded = "mob:///".to_string() + &b58_payload.encode(); - assert_eq!("mob:///8dUCXPapoK52Zvhdfb3YHpKJRDPKvXAJmeKjkAxXv7o4QDftDV2JPybwQXzzuU5pqqS3QJkGFnFVWzxDNdd86vEDm3HDdHSgjjX2b2dxW9PDP9Ly3ziqLsLvy1d9xpdVUGAo6gniDHbjNypcVXwyU7hQUmbuHK8YsfJkKz2DPj8GxT5dgMhNzgbmzenpoexERAc1NehdHpwi6e6Tro63i6ny7akE2911sxb8Ar12Lgk44Zsfvf43oRtQVmGGpWR5idGb1", b58_encoded); + assert_eq!("mob:///A5kTrBAjEj2r72QnwJeQe6CXed6DLpUZuQZjVzoYfvuZKxgyn166FJiBehmyVGX1tVbunEyjdNHxCtpWPGnYkavryzigWg1VGAdyDLMVWnCgS9qcTjoSqwaNeMzyJqLwypkCA2GZaZGqE9wqGr4heiudKMrtzqfpKhKbzBvwkLPXBUh1qYvh8TsusayjPaJsa24nMEJaH49xp6Uzoes4En6CsYW6eeGfKLv9ZTMZDqybF7Tw9YViXAYHQ8KdQnjbGTu7M", b58_encoded); assert_eq!(268, b58_encoded.len()); } } From 5f12a4fd52f92c63883409ba966e984665209f12 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Tue, 18 Aug 2020 10:38:42 -0700 Subject: [PATCH 07/12] Use transcript.challenge_bytes for Nonce and update security statement --- Cargo.lock | 1 - crypto/sig/Cargo.toml | 1 - crypto/sig/README.md | 17 +++++++++-------- crypto/sig/src/lib.rs | 16 +++++++--------- 4 files changed, 16 insertions(+), 19 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fcb6b7510b..7f8b7008e0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2646,7 +2646,6 @@ dependencies = [ name = "mc-crypto-sig" version = "0.6.0" dependencies = [ - "digest", "mc-crypto-hashes", "mc-crypto-keys", "mc-util-from-random", diff --git a/crypto/sig/Cargo.toml b/crypto/sig/Cargo.toml index 9a8e1b4204..b0304a6635 100644 --- a/crypto/sig/Cargo.toml +++ b/crypto/sig/Cargo.toml @@ -8,7 +8,6 @@ edition = "2018" mc-crypto-hashes = { path = "../hashes" } mc-crypto-keys = { path = "../keys", default-features = false } -digest = { version = "0.8.1", default-features = false } merlin = { version = "2.0", default-features = false } rand_core = { version = "0.5", default-features = false } rand_hc = "0.2" diff --git a/crypto/sig/README.md b/crypto/sig/README.md index 48d0e6ea0f..3df1b7e78e 100644 --- a/crypto/sig/README.md +++ b/crypto/sig/README.md @@ -49,15 +49,13 @@ and the nonce should be *pseudorandomly generated* from the message and the priv If a PRF is used to compute the nonce, then the nonce is hard to distinguish from random even if the messages that are signed are adversarially chosen. -For this generation, we can think of the private key -as a source of entropy for a *secret seed* to the PRF. -We note that when secret entropy like this is available, -then PRFs exist under weak assumptions, and do not require the "random oracle model" for hash functions. +For this generation, we can think of the private key as a source of entropy for a *secret seed* to the PRF. +We note that when secret entropy like this is available, then PRFs exist under weak assumptions, and do not require the "random oracle model" for hash functions. (See for instance [Chapter 3.8 in Pass "A Course in Cryptography"](https://www.cs.cornell.edu/courses/cs4830/2010fa/lecnotes.pdf) It is known that PRFs of this form exist if cryptographic Pseudorandom Generators (PRGs) exist. [Hastad, Impagliazzo, Levin and Luby famously showed](http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.185.988) that PRG's exist if and only if one-way functions exist. This is a necessary assumption for semantically-secure symmetric key cryptography.) -In the `sign` function in this crate, we take as an assumption that secret-prefix-Blake2b is a PRF. +In the `sign` function in this crate, we take as an assumption that a Merlin Transcript's [`challenge_bytes`](https://docs.rs/merlin/1.0.3/merlin/struct.Transcript.html#method.challenge_bytes) method is a PRF. The [ed25519 manuscript]((http://ed25519.cr.yp.to/ed25519-20110926.pdf)) from 2011-09-26 has remarks in the section "pseudorandom generation of r", where `r` is the nonce, which support this idea: @@ -77,10 +75,13 @@ The [ed25519 manuscript]((http://ed25519.cr.yp.to/ed25519-20110926.pdf)) from 20 > a cipher such as AES, combined with standard PRF-stretching mechanisms to support a long input; > but we prefer to reuse `H` to save area in hardware implementations. -We point out that Blake was one of the SHA-3 finalists, and was also explicitly designed to model a PRF. -We prefer Blake2b here because it reduces the number of different hash functions in our system overall. +We point out that Merlin Transcripts implement a subset of the STROBE protocol, which states in [STROBE Protocol Framework](https://strobe.sourceforge.io/), -Assuming the Blake2b has the secret-prefix-PRF property, we can say that the signatures created this way +> Strobe is based on SHA-3, or rather Keccak-f and cSHAKE (draft NIST SP 800-185). + +We prefer using Merlin Transcripts here for simplicity, as we are constructing two transcripts in the course of constructing the signature, and because it reduces the number of different hash functions in our system overall. + +Assuming the Merlin `challenge_bytes` has the secret-prefix-PRF property, we can say that the signatures created this way are hard to distinguish from signatures created where the nonce is truly uniformly random, even if the messages that are signed are adversarially chosen. So, if Schnorrkel is secure when the nonces are truly random and the RNG is the OS-RNG, or, when the nonce is created using the mini-secret-key expansion, then this should also be secure. diff --git a/crypto/sig/src/lib.rs b/crypto/sig/src/lib.rs index a3cf7a7941..efec3bbc35 100644 --- a/crypto/sig/src/lib.rs +++ b/crypto/sig/src/lib.rs @@ -7,8 +7,6 @@ //! and implements many handy traits for performing high-level cryptography operations, //! and this crate provides a way to create signatures that is compatible with these key pairs. -use digest::Input; -use mc_crypto_hashes::Blake2b256; use mc_crypto_keys::{RistrettoPrivate, RistrettoPublic}; use merlin::Transcript; use rand_core::SeedableRng; @@ -26,12 +24,12 @@ pub use schnorrkel::{Signature, SignatureError, SIGNATURE_LENGTH}; /// Returns: /// * A 64-byte Schnorrkel Signature object which can be converted to and from bytes using its API. pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) -> Signature { - // Nonce is hash( context_tag || private_key || message ) - let mut hasher = Blake2b256::new(); - hasher.input(context_tag); - hasher.input(private_key.to_bytes()); - hasher.input(message); - let nonce = hasher.result(); + let mut transcript = Transcript::new(b"SigningNonce"); + transcript.append_message(b"context", &context_tag); + transcript.append_message(b"private", &private_key.to_bytes()); + transcript.append_message(b"message", &message); + let mut nonce = [0u8; 32]; + transcript.challenge_bytes(b"nonce", &mut nonce); // Construct a Schnorrkel SecretKey object from private_key and our nonce value let mut secret_bytes = [0u8; 64]; @@ -44,7 +42,7 @@ pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) let mut t = Transcript::new(b"SigningContext"); t.append_message(b"", context_tag); t.append_message(b"sign-bytes", message); - // NOTE: The fog_authority_fingerprint_sig is deterministic due to using the above hash as the rng seed + // NOTE: The fog_authority_fingerprint_sig is deterministic due to using the above nonce as the rng seed let csprng: FixedRng = SeedableRng::from_seed(nonce.into()); let transcript = attach_rng(t, csprng); keypair.sign(transcript) From cb368ed722010e944149dc032bbc81132d0dcebd Mon Sep 17 00:00:00 2001 From: sugargoat Date: Tue, 18 Aug 2020 18:04:05 -0700 Subject: [PATCH 08/12] Update README --- crypto/sig/README.md | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/crypto/sig/README.md b/crypto/sig/README.md index 3df1b7e78e..42fdb06bad 100644 --- a/crypto/sig/README.md +++ b/crypto/sig/README.md @@ -79,12 +79,23 @@ We point out that Merlin Transcripts implement a subset of the STROBE protocol, > Strobe is based on SHA-3, or rather Keccak-f and cSHAKE (draft NIST SP 800-185). -We prefer using Merlin Transcripts here for simplicity, as we are constructing two transcripts in the course of constructing the signature, and because it reduces the number of different hash functions in our system overall. +We prefer using Merlin transcripts to produce the nonce here, instead of a cryptographic hash function. Schnorrkel already relies on Merlin -- it has several benefits, like automatic domain separation and framing. By using this here instead of a hash function like SHA3, we can reduce the total number of cryptographic assumptions underpinning this signature scheme. -Assuming the Merlin `challenge_bytes` has the secret-prefix-PRF property, we can say that the signatures created this way -are hard to distinguish from signatures created where the nonce is truly uniformly random, even if the messages -that are signed are adversarially chosen. So, if Schnorrkel is secure when the nonces are truly random and -the RNG is the OS-RNG, or, when the nonce is created using the mini-secret-key expansion, then this should also be secure. +When using Merlin for this, instead of assuming that a hash function has the secret-prefix-PRF property, we assume that the following pseudo-rust function does, for any particular merlin transcript, where the private_key argument is identified with the secret prefix: + +``` +fn produce_nonce(transcript, private_key, message) -> [u8; 32] + transcript.append_message("private", private_key); + transcript.append_message("message", message); + let mut nonce = [0u8; 32]; + transcript.challenge_bytes("nonce", &mut nonce); + nonce +} +``` + +This assumption can be justified if we believe that the STROBE "PRF" operation functions as a PRF once STROBE has been keyed. We refer the reader to https://strobe.sourceforge.io/papers/strobe-20170130.pdf for a discussion of the usage and security properties of STROBE. For more discussion, see also the documentation around Merlin: https://merlin.cool/transcript/ops.html. + +With this assumption in hand, we can say that signatures created this way are hard to distinguish from signatures created where the nonce is truly uniformly random, even if the messages that are signed are adversarially chosen. So, if Schnorrkel is secure when the nonces are truly random and the RNG is the OS-RNG, or, when the nonce is created using the mini-secret-key expansion, then this should also be secure. Rng required by Schnorrkel -------------------------- From 81342479109f60dbec252a42576b4f197ed2df03 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Tue, 18 Aug 2020 18:06:05 -0700 Subject: [PATCH 09/12] Readability --- crypto/sig/src/lib.rs | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/crypto/sig/src/lib.rs b/crypto/sig/src/lib.rs index efec3bbc35..0a1e7d071f 100644 --- a/crypto/sig/src/lib.rs +++ b/crypto/sig/src/lib.rs @@ -24,12 +24,17 @@ pub use schnorrkel::{Signature, SignatureError, SIGNATURE_LENGTH}; /// Returns: /// * A 64-byte Schnorrkel Signature object which can be converted to and from bytes using its API. pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) -> Signature { - let mut transcript = Transcript::new(b"SigningNonce"); - transcript.append_message(b"context", &context_tag); - transcript.append_message(b"private", &private_key.to_bytes()); - transcript.append_message(b"message", &message); - let mut nonce = [0u8; 32]; - transcript.challenge_bytes(b"nonce", &mut nonce); + // Create a deterministic nonce using a merlin transcript. See this crate's README + // for a security statement. + let nonce = { + let mut transcript = Transcript::new(b"SigningNonce"); + transcript.append_message(b"context", &context_tag); + transcript.append_message(b"private", &private_key.to_bytes()); + transcript.append_message(b"message", &message); + let mut nonce = [0u8; 32]; + transcript.challenge_bytes(b"nonce", &mut nonce); + nonce + }; // Construct a Schnorrkel SecretKey object from private_key and our nonce value let mut secret_bytes = [0u8; 64]; From d05b41a3a9f6640cc860b41036f66757985bff31 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Tue, 18 Aug 2020 18:22:25 -0700 Subject: [PATCH 10/12] Update tests --- util/url-encoding/src/payment_request.rs | 6 +++--- util/url-encoding/tests/comparison.rs | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/util/url-encoding/src/payment_request.rs b/util/url-encoding/src/payment_request.rs index c606042b18..976d08cf20 100644 --- a/util/url-encoding/src/payment_request.rs +++ b/util/url-encoding/src/payment_request.rs @@ -95,7 +95,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://example.com/9i_xwzoihbGu5hLthygfLGi7K1sPFDmhPkq3KPmO-2p4kBwRg06ELfa-mMEnlTUT4RYJXUEizCfYB7RRHLgeEWfP?s=HFZv2Edntt6Q4y5bSYdHHPh78NFHTx_7lH9ImnLt4T3xHXjOnZaR4ObQsyv-PopMCLIIqX6TpGhq7tnopzg6jpFt"); + assert_eq!(mob_url.as_ref(), "mob://example.com/9i_xwzoihbGu5hLthygfLGi7K1sPFDmhPkq3KPmO-2p4kBwRg06ELfa-mMEnlTUT4RYJXUEizCfYB7RRHLgeEWfP?s=gg1381eECt9C0_0DMLgXuNgKWmNokd5LL9y8ylFkuzCKnF2p2znWQTGIjfq1ePaKxxRpPlmRQ3lPAY93JrOchCyk"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); @@ -150,7 +150,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=2+baby+goats&s=ArdJFqaDdDveqoiL_iUerG8LQIl09OLyjyGXnGddknzmCSlQanEBQTg6SClF3drMTAOQyzRRdd-tR_Rj74RZgHO2#0"); + assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=2+baby+goats&s=ruXXc2snZySyUAlvbLuzbaTQB-ZathDvUo73-50U7i_nnbOIZ31UivYz9gaokRaiYB2JZfOQVY2tFl9ntPtwhFvg#0"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); assert_eq!(payload, payload2); @@ -180,7 +180,7 @@ mod tests { }) .unwrap(); - assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=%D9%84%D8%B3%D9%84%D8%A7%D9%85+%D8%B9%D9%84%D9%8A%D9%83%D9%85&s=ArdJFqaDdDveqoiL_iUerG8LQIl09OLyjyGXnGddknzmCSlQanEBQTg6SClF3drMTAOQyzRRdd-tR_Rj74RZgHO2#0"); + assert_eq!(mob_url.as_ref(), "mob://fog.mobilecoin.com/oGbA6juTWhUdfL6qNMocAGN96wNiZpZegP0TUjKXHEM-GYmM50bLJVeL6NgftIumjt8nwYw7MjEnQT7hCw9bVUgh?a=777&m=%D9%84%D8%B3%D9%84%D8%A7%D9%85+%D8%B9%D9%84%D9%8A%D9%83%D9%85&s=ruXXc2snZySyUAlvbLuzbaTQB-ZathDvUo73-50U7i_nnbOIZ31UivYz9gaokRaiYB2JZfOQVY2tFl9ntPtwhFvg#0"); let payload2 = PaymentRequest::try_from(&mob_url).unwrap(); diff --git a/util/url-encoding/tests/comparison.rs b/util/url-encoding/tests/comparison.rs index dc7d2ca2db..5b0e629099 100644 --- a/util/url-encoding/tests/comparison.rs +++ b/util/url-encoding/tests/comparison.rs @@ -65,7 +65,7 @@ fn test_url_encoding() { }; let encoded = MobUrl::try_from(&payload).unwrap(); let encoded_str: &str = encoded.as_ref(); - assert_eq!("mob://fog.mobilecoin.signal.org/rmiEqq-34E3Fbm3hwxaYJtPZzu9THCBkQaqJDeZwuXG8mf2yOhmGoZmnKTu3--ZCj--5MdTwwCib2p7Dn3KTCl6E?a=666&m=2+baby+goats&s=Ogw_pwCYvWIH4U3Fp_meqsRNIuRTM7t7dm2xPYTpSgkD3Slnk6cb-lCQRaZaEhu8dxyLQJ6VqoqvF-ZDjcMdhIP3", encoded_str); + assert_eq!("mob://fog.mobilecoin.signal.org/rmiEqq-34E3Fbm3hwxaYJtPZzu9THCBkQaqJDeZwuXG8mf2yOhmGoZmnKTu3--ZCj--5MdTwwCib2p7Dn3KTCl6E?a=666&m=2+baby+goats&s=kjgEUqPUmd_pDqy6bJZwb3HcbzIfJva1pEV7SqPkmzBMz_k7lvGNnvN6QZh6O6_qFdDQTKYSdrr3biJWP4vkgYHq", encoded_str); assert_eq!(232, encoded_str.len()); let b58_payload = RequestPayload::new_v4( @@ -79,8 +79,8 @@ fn test_url_encoding() { ) .unwrap(); let b58_encoded = "mob:///".to_string() + &b58_payload.encode(); - assert_eq!("mob:///269zXNVHVYVq6Z9hrS1AmxtamM2X2gKoYeEafzdc2JrZN2pp8s5ZmKfrxaAffvT54hBufmF2GrGq267H1VLAo2LuiYiY97CEgKuM7DGrHngQrNKJMXfy1N8mETeco5p9p3QW2mXFiv9LfYGJfyK61PpRkoPwx1hBPFVuq6pDM2jNKR8JAoDyJkkCCW1Bsdy7hMAbkzZ5vZCwdqDp6GvPqaZ6vjumpkVat4RTHx13di4e5BmEpbGBCaeMp77QhKXoDxB", b58_encoded); - assert_eq!(266, b58_encoded.len()); + assert_eq!("mob:///oSVfMupaCebhsoAJAY3uDqk6zBSV19PpavGTHxt29tubB9YiG8aFXSj9h3f9DS9VBxnSGjy77cSWZPF6o2J6HojmAc7SpvSvzCLxwnHmFwXUXkc8PhtDyTZ749znMXGAfd2zvFVaidC6GoiWDCN1DnQBStF8JVBsXP6UChTnjfuEVmY3J1f742uWpAU6LChyff78uvLZNAEsRNKFj6pkVW5ZRLVJK7GhhRru83CxaLnuCNqriNDdQfZUuWpK4Xrtib", b58_encoded); + assert_eq!(265, b58_encoded.len()); } { @@ -92,7 +92,7 @@ fn test_url_encoding() { }; let encoded = MobUrl::try_from(&payload).unwrap(); let encoded_str: &str = encoded.as_ref(); - assert_eq!("mob://fog.diogenes.mobilecoin.com/krmSAg7MnM0fn-yTIjV6tHtRA7Zj2JRZ4pJ-_PcweTkAu7afknATa5hFwtc_Zvi8R6d36cnpMA0-inMbZHiqMRqp?a=666&m=2+baby+goats&s=BvPCBBLW_PzgnuwvyXDl5OX7oj48ibwFCN5MfnZxKy3kXVD1uJyUv9DHA89euJeY6NnTauicxmKc98zNAiXVhlyC", encoded_str); + assert_eq!("mob://fog.diogenes.mobilecoin.com/krmSAg7MnM0fn-yTIjV6tHtRA7Zj2JRZ4pJ-_PcweTkAu7afknATa5hFwtc_Zvi8R6d36cnpMA0-inMbZHiqMRqp?a=666&m=2+baby+goats&s=HJ9SIosiJMmcDi9OBap9L5SY6Bzasr9CIAGmSIq2rgdR4MMpwAgKVdUPc1YrEwDIQzqsa03e6Z5fPjJRrxWJjwM5", encoded_str); assert_eq!(234, encoded_str.len()); let b58_payload = RequestPayload::new_v4( @@ -106,7 +106,7 @@ fn test_url_encoding() { ) .unwrap(); let b58_encoded = "mob:///".to_string() + &b58_payload.encode(); - assert_eq!("mob:///A5kTrBAjEj2r72QnwJeQe6CXed6DLpUZuQZjVzoYfvuZKxgyn166FJiBehmyVGX1tVbunEyjdNHxCtpWPGnYkavryzigWg1VGAdyDLMVWnCgS9qcTjoSqwaNeMzyJqLwypkCA2GZaZGqE9wqGr4heiudKMrtzqfpKhKbzBvwkLPXBUh1qYvh8TsusayjPaJsa24nMEJaH49xp6Uzoes4En6CsYW6eeGfKLv9ZTMZDqybF7Tw9YViXAYHQ8KdQnjbGTu7M", b58_encoded); + assert_eq!("mob:///JQPG3B9e4BXi7FB5Y2BRBBvykBMRYG6JCBop8bzsrqh29Wq7Z9wqxaACrdpqrRuUPd2Wrj1RwuZnA29njmEZE3BMsuCuBqFHyTLzhKZCJL7R4obo5Kzvht5F6YaVKcVzx8sbGdsVwS1Ty7jCopiVsyQBeTLZ8tCHWn83YJVHeoFUqkRp9Pvk65fxzVjSRDT8VcMTDYQsccR8KVV9w1qwTTYqsifwFWga8kCHvHRc4qwcqvjNj3aFQxQUTbrHf6fAR9tZu", b58_encoded); assert_eq!(268, b58_encoded.len()); } } From 5a97eb16d8691f15d5a549c8b423bafe39eed980 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Wed, 19 Aug 2020 12:30:01 -0700 Subject: [PATCH 11/12] Cargo.lock --- Cargo.lock | 37 +++++++++++----------------- consensus/enclave/trusted/Cargo.lock | 12 +-------- 2 files changed, 16 insertions(+), 33 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7f8b7008e0..260f6f73ad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -12,7 +12,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cf01b9b56e767bb57b94ebf91a58b338002963785cdd7013e21c0d4679471e4" dependencies = [ - "generic-array 0.12.3", + "generic-array", ] [[package]] @@ -302,7 +302,7 @@ dependencies = [ "block-padding", "byte-tools", "byteorder", - "generic-array 0.12.3", + "generic-array", ] [[package]] @@ -311,7 +311,7 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c924d49bd09e7c06003acda26cd9742e796e34282ec6c1189404dee0c1f4774" dependencies = [ - "generic-array 0.12.3", + "generic-array", ] [[package]] @@ -744,7 +744,7 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" dependencies = [ - "generic-array 0.12.3", + "generic-array", "subtle 1.0.0", ] @@ -895,7 +895,7 @@ version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" dependencies = [ - "generic-array 0.12.3", + "generic-array", ] [[package]] @@ -1274,15 +1274,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "generic-array" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed1e761351b56f54eb9dcd0cfaca9fd0daecf93918e1cfc01c8a3d26ee7adcd" -dependencies = [ - "typenum", -] - [[package]] name = "genio" version = "0.2.1" @@ -2106,7 +2097,7 @@ dependencies = [ "digest", "displaydoc", "failure", - "generic-array 0.12.3", + "generic-array", "hex 0.3.2", "hex_fmt", "mbedtls", @@ -2189,7 +2180,7 @@ dependencies = [ "cfg-if", "chrono", "failure", - "generic-array 0.12.3", + "generic-array", "hashbrown 0.6.3", "hex_fmt", "hostname 0.1.5", @@ -2388,6 +2379,7 @@ dependencies = [ "mc-transaction-core", "mc-util-from-random", "mc-util-serial", + "mockall", "rand_core 0.5.1", "rand_hc 0.2.0", "sha2", @@ -2549,7 +2541,7 @@ name = "mc-crypto-digestible-derive" version = "0.6.0" dependencies = [ "digest", - "generic-array 0.12.3", + "generic-array", "mc-crypto-digestible", "proc-macro2 1.0.12", "quote 1.0.4", @@ -2601,7 +2593,7 @@ version = "0.6.0" dependencies = [ "aes-gcm", "failure", - "generic-array 0.12.3", + "generic-array", "mc-util-serial", "mc-util-test-helper", "rand_core 0.5.1", @@ -2617,7 +2609,7 @@ dependencies = [ "aes-gcm", "digest", "failure", - "generic-array 0.12.3", + "generic-array", "hkdf", "mc-crypto-keys", "mc-util-from-random", @@ -2882,6 +2874,7 @@ dependencies = [ "mc-util-grpc", "mc-util-serial", "mc-util-uri", + "mockall", "protobuf", "rand 0.7.3", "rand_hc 0.2.0", @@ -3191,7 +3184,7 @@ dependencies = [ "curve25519-dalek", "digest", "failure", - "generic-array 0.12.3", + "generic-array", "hex_fmt", "lazy_static", "mc-account-keys", @@ -3468,7 +3461,7 @@ dependencies = [ name = "mc-util-repr-bytes" version = "0.6.0" dependencies = [ - "generic-array 0.13.2", + "generic-array", "prost", "serde", "serde_cbor", @@ -5974,7 +5967,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df0c900f2f9b4116803415878ff48b63da9edb268668e08cf9292d7503114a01" dependencies = [ - "generic-array 0.12.3", + "generic-array", "subtle 2.2.3", ] diff --git a/consensus/enclave/trusted/Cargo.lock b/consensus/enclave/trusted/Cargo.lock index 55292a9ac8..c9afce17ad 100644 --- a/consensus/enclave/trusted/Cargo.lock +++ b/consensus/enclave/trusted/Cargo.lock @@ -401,14 +401,6 @@ dependencies = [ "typenum 1.11.2 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "generic-array" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "typenum 1.11.2 (registry+https://github.com/rust-lang/crates.io-index)", -] - [[package]] name = "genio" version = "0.2.1" @@ -922,7 +914,6 @@ dependencies = [ name = "mc-crypto-sig" version = "0.6.0" dependencies = [ - "digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "mc-crypto-hashes 0.6.0", "mc-crypto-keys 0.6.0", "merlin 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1139,7 +1130,7 @@ dependencies = [ name = "mc-util-repr-bytes" version = "0.6.0" dependencies = [ - "generic-array 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)", + "generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)", "prost 0.6.1 (git+https://github.com/danburkert/prost?rev=6113789f70b69709820becba4242824b4fb3ffec)", "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -1733,7 +1724,6 @@ dependencies = [ "checksum failure_derive 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0bc225b78e0391e4b8683440bf2e63c2deeeb2ce5189eab46e2b68c6d3725d08" "checksum fake-simd 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" "checksum generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)" = "c68f0274ae0e023facc3c97b2e00f076be70e254bc851d972503b328db79b2ec" -"checksum generic-array 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0ed1e761351b56f54eb9dcd0cfaca9fd0daecf93918e1cfc01c8a3d26ee7adcd" "checksum genio 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f4e26859a808ffa83a83f20c7e3c9366afea91edae637a6ac203051885882dc8" "checksum getrandom 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)" = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" "checksum ghash 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "9f0930ed19a7184089ea46d2fedead2f6dc2b674c5db4276b7da336c7cd83252" From 824d76ce73d30053947b1a9285e930583d3dcf34 Mon Sep 17 00:00:00 2001 From: sugargoat Date: Wed, 19 Aug 2020 12:49:55 -0700 Subject: [PATCH 12/12] Lint --- crypto/sig/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sig/src/lib.rs b/crypto/sig/src/lib.rs index 0a1e7d071f..a8b22d26fb 100644 --- a/crypto/sig/src/lib.rs +++ b/crypto/sig/src/lib.rs @@ -48,7 +48,7 @@ pub fn sign(context_tag: &[u8], private_key: &RistrettoPrivate, message: &[u8]) t.append_message(b"", context_tag); t.append_message(b"sign-bytes", message); // NOTE: The fog_authority_fingerprint_sig is deterministic due to using the above nonce as the rng seed - let csprng: FixedRng = SeedableRng::from_seed(nonce.into()); + let csprng: FixedRng = SeedableRng::from_seed(nonce); let transcript = attach_rng(t, csprng); keypair.sign(transcript) }