Skip to content

Commit a6caa1c

Browse files
AlenarAlenar
authored
Merge pull request #1189 from input-output-hk/djo/upgrade_dalek_to_v2
Upgrade ed25519-dalek to v2 to solve security issue
2 parents c590faa + be9fdce commit a6caa1c

File tree

7 files changed

+192
-102
lines changed

7 files changed

+192
-102
lines changed

Cargo.lock

Lines changed: 128 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

mithril-common/Cargo.toml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "mithril-common"
3-
version = "0.2.99"
3+
version = "0.2.100"
44
authors = { workspace = true }
55
edition = { workspace = true }
66
documentation = { workspace = true }
@@ -22,7 +22,7 @@ bech32 = "0.9.1"
2222
blake2 = "0.10.6"
2323
chrono = { version = "0.4.26", features = ["serde"] }
2424
digest = "0.10.7"
25-
ed25519-dalek = { version = "1.0.1", features = ["serde"] }
25+
ed25519-dalek = { version = "2.0.0", features = ["rand_core", "serde"] }
2626
fixed = "1.23.1"
2727
glob = "0.3.1"
2828
hex = "0.4.3"
@@ -34,7 +34,6 @@ kes-summed-ed25519 = { version = "0.2.0", features = [
3434
] }
3535
mockall = "0.11.4"
3636
nom = "7.1.3"
37-
rand-chacha-dalek-compat = { package = "rand_chacha", version = "0.2" }
3837
rand_chacha = "0.3.1"
3938
rand_core = "0.6.4"
4039
rayon = "1.7.0"

mithril-common/src/crypto_helper/cardano/cold_key.rs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
1-
use ed25519_dalek::Keypair as ColdKeypair;
2-
use rand_chacha_dalek_compat::rand_core::SeedableRng;
3-
use rand_chacha_dalek_compat::ChaCha20Rng;
1+
use ed25519_dalek::SigningKey as ColdSecretKey;
2+
use rand_chacha::ChaCha20Rng;
3+
use rand_core::SeedableRng;
44

55
/// A cold key generator / test only
66
#[derive(Debug)]
77
pub struct ColdKeyGenerator();
88

99
impl ColdKeyGenerator {
10-
pub(crate) fn create_deterministic_keypair(seed: [u8; 32]) -> ColdKeypair {
10+
pub(crate) fn create_deterministic_keypair(seed: [u8; 32]) -> ColdSecretKey {
1111
let mut rng = ChaCha20Rng::from_seed(seed);
12-
ColdKeypair::generate(&mut rng)
12+
ColdSecretKey::generate(&mut rng)
1313
}
1414
}
1515

mithril-common/src/crypto_helper/cardano/opcert.rs

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,12 @@ use crate::crypto_helper::ProtocolPartyId;
66

77
use bech32::{self, ToBase32, Variant};
88
use blake2::{digest::consts::U28, Blake2b, Digest};
9-
use ed25519_dalek::{Keypair as EdKeypair, Signer};
10-
use ed25519_dalek::{PublicKey as EdPublicKey, Signature as EdSignature, Verifier};
9+
use ed25519_dalek::{
10+
Signature as EdSignature, Signer, SigningKey as EdSecretKey, Verifier,
11+
VerifyingKey as EdVerificationKey,
12+
};
1113
use kes_summed_ed25519::PublicKey as KesPublicKey;
14+
use nom::AsBytes;
1215
use serde::de::Error;
1316
use serde::{Deserialize, Deserializer, Serialize, Serializer};
1417
use sha2::Sha256;
@@ -22,7 +25,7 @@ pub enum OpCertError {
2225
PoolAddressEncoding,
2326
}
2427

25-
/// Raw Fields of the operational certificates (without incluiding the cold VK)
28+
/// Raw Fields of the operational certificates (without including the cold VK)
2629
#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
2730
struct RawFields(
2831
#[serde(with = "serde_bytes")] Vec<u8>,
@@ -33,7 +36,7 @@ struct RawFields(
3336

3437
/// Raw Operational Certificate
3538
#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
36-
struct RawOpCert(RawFields, EdPublicKey);
39+
struct RawOpCert(RawFields, EdVerificationKey);
3740

3841
/// Parsed Operational Certificate
3942
#[derive(Clone, Debug, PartialEq, Eq)]
@@ -43,7 +46,7 @@ pub struct OpCert {
4346
/// KES period at which KES key is initalized
4447
pub start_kes_period: u64,
4548
pub(crate) cert_sig: EdSignature,
46-
pub(crate) cold_vk: EdPublicKey,
49+
pub(crate) cold_vk: EdVerificationKey,
4750
}
4851

4952
impl SerDeShelleyFileFormat for OpCert {
@@ -57,14 +60,15 @@ impl OpCert {
5760
kes_vk: KesPublicKey,
5861
issue_number: u64,
5962
start_kes_period: u64,
60-
cold_keypair: EdKeypair,
63+
cold_secret_key: EdSecretKey,
6164
) -> Self {
62-
let cold_vk: EdPublicKey = cold_keypair.public;
63-
let cert_sig = cold_keypair.sign(&Self::compute_message_to_sign(
65+
let cold_vk: EdVerificationKey = cold_secret_key.verifying_key();
66+
let cert_sig = cold_secret_key.sign(&Self::compute_message_to_sign(
6467
&kes_vk,
6568
issue_number,
6669
start_kes_period,
6770
));
71+
6872
Self {
6973
kes_vk,
7074
issue_number,
@@ -112,7 +116,7 @@ impl OpCert {
112116
let mut hasher = Blake2b::<U28>::new();
113117
hasher.update(self.cold_vk.as_bytes());
114118
let mut pool_id = [0u8; 28];
115-
pool_id.copy_from_slice(hasher.finalize().as_slice());
119+
pool_id.copy_from_slice(hasher.finalize().as_bytes());
116120
bech32::encode("pool", pool_id.to_base32(), Variant::Bech32)
117121
.map_err(|_| OpCertError::PoolAddressEncoding)
118122
}
@@ -166,7 +170,7 @@ impl<'de> Deserialize<'de> for OpCert {
166170
.map_err(|_| Error::custom("KES vk serialisation error"))?,
167171
issue_number: raw_cert.0 .1,
168172
start_kes_period: raw_cert.0 .2,
169-
cert_sig: EdSignature::from_bytes(&raw_cert.0 .3)
173+
cert_sig: EdSignature::from_slice(&raw_cert.0 .3)
170174
.map_err(|_| Error::custom("ed25519 signature serialisation error"))?,
171175
cold_vk: raw_cert.1,
172176
})

0 commit comments

Comments
 (0)