mirror of
https://github.com/signalapp/libsignal.git
synced 2024-09-19 11:32:17 +02:00
Use workspace.dependencies for common dependencies
This commit is contained in:
parent
9e6061a172
commit
e84af68a1b
@ -6,7 +6,7 @@ indent_string = ' '
|
||||
|
||||
[[rule]]
|
||||
include = ["**/Cargo.toml"]
|
||||
keys = ["dependencies"]
|
||||
keys = ["dependencies", "workspace.dependencies"]
|
||||
|
||||
[rule.formatting]
|
||||
reorder_keys = true
|
||||
|
5
Cargo.lock
generated
5
Cargo.lock
generated
@ -2125,10 +2125,8 @@ dependencies = [
|
||||
name = "libsignal-jni-testing"
|
||||
version = "0.56.0"
|
||||
dependencies = [
|
||||
"jni 0.21.1",
|
||||
"libsignal-bridge-testing",
|
||||
"log",
|
||||
"log-panics",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -2357,7 +2355,7 @@ dependencies = [
|
||||
"prost-build",
|
||||
"rand_core",
|
||||
"sha2",
|
||||
"strum_macros",
|
||||
"strum",
|
||||
"subtle",
|
||||
"test-case",
|
||||
"zerocopy",
|
||||
@ -3897,6 +3895,7 @@ dependencies = [
|
||||
"hex-literal",
|
||||
"hkdf",
|
||||
"hmac",
|
||||
"rand_core",
|
||||
"sha2",
|
||||
"static_assertions",
|
||||
"thiserror",
|
||||
|
89
Cargo.toml
89
Cargo.toml
@ -34,10 +34,95 @@ default-members = [
|
||||
]
|
||||
resolver = "2" # so that our dev-dependency features don't leak into products
|
||||
|
||||
[workspace.dependencies]
|
||||
# Our forks of some dependencies, accessible as xxx_signal so that usages of them are obvious in source code. Crates
|
||||
# that want to use the real things can depend on those directly.
|
||||
|
||||
boring-signal = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0", package = "boring", default-features = false }
|
||||
curve25519-dalek-signal = { git = 'https://github.com/signalapp/curve25519-dalek', package = "curve25519-dalek", tag = 'signal-curve25519-4.1.3' }
|
||||
tokio-boring-signal = { git = "https://github.com/signalapp/boring", package = "tokio-boring", tag = "signal-v4.9.0" }
|
||||
|
||||
aes = "0.8.3"
|
||||
aes-gcm-siv = "0.11.1"
|
||||
array-concat = "0.5.2"
|
||||
arrayvec = "0.7.4"
|
||||
asn1 = "0.16.1"
|
||||
assert_matches = "1.5"
|
||||
async-trait = "0.1.41"
|
||||
atomic-take = "1.1.0"
|
||||
base64 = "0.21"
|
||||
bincode = "1.0"
|
||||
bitflags = "2.3.3"
|
||||
boring = { version = "4.6.0", default-features = false }
|
||||
cbc = "0.1.2"
|
||||
cfg-if = "1.0.0"
|
||||
chacha20poly1305 = "0.10.1"
|
||||
chrono = "0.4"
|
||||
ciborium = "0.2"
|
||||
clap = "4.4.11"
|
||||
criterion = "0.5"
|
||||
ctr = "0.9.2"
|
||||
curve25519-dalek = "4.1.3"
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2"
|
||||
ed25519-dalek = "2.1.0"
|
||||
env_logger = "0.11.4"
|
||||
futures = "0.3"
|
||||
futures-util = "0.3"
|
||||
heck = "0.5"
|
||||
hex = "0.4"
|
||||
hex-literal = "0.4.1"
|
||||
hkdf = "0.12"
|
||||
hmac = "0.12.0"
|
||||
http = "1.0.0"
|
||||
indexmap = "2.1.0"
|
||||
itertools = "0.13.0"
|
||||
jni = "0.21"
|
||||
lazy_static = "1.4.0"
|
||||
libc = "0.2"
|
||||
linkme = "0.3.9"
|
||||
log = "0.4"
|
||||
log-panics = "2.1.0"
|
||||
mediasan-common = "0.5.0"
|
||||
neon = { version = "1.0.0", default-features = false }
|
||||
nonzero_ext = "0.3.0"
|
||||
num_enum = "0.7.2"
|
||||
once_cell = "1.19.0"
|
||||
partial-default = "0.1.0"
|
||||
paste = "1.0"
|
||||
proc-macro2 = "1.0"
|
||||
proptest = "1.0"
|
||||
prost = "0.13.1"
|
||||
prost-build = "0.13.1"
|
||||
quote = "1.0"
|
||||
rand = "0.8"
|
||||
rand_core = "0.6"
|
||||
rayon = "1.8.0"
|
||||
rustls-platform-verifier = "0.3.1"
|
||||
scopeguard = "1.0"
|
||||
serde = "1.0"
|
||||
serde_json = "1.0"
|
||||
sha1 = "0.10"
|
||||
sha2 = "0.10"
|
||||
snow = { version = "0.9.6", default-features = false }
|
||||
static_assertions = "1.1"
|
||||
strum = "0.26"
|
||||
subtle = "2.5"
|
||||
syn = "2.0"
|
||||
syn-mid = "0.6"
|
||||
test-case = "3.3"
|
||||
testing_logger = "0.1.1"
|
||||
thiserror = "1.0.57"
|
||||
tokio = "1"
|
||||
uuid = "1.1.2"
|
||||
x25519-dalek = "2.0.0"
|
||||
zerocopy = "0.7.34"
|
||||
|
||||
[patch.crates-io]
|
||||
# Use our fork of curve25519-dalek for zkgroup support.
|
||||
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3' }
|
||||
# When building libsignal, just use our forks so we don't end up with two different versions of the libraries.
|
||||
|
||||
boring = { git = 'https://github.com/signalapp/boring', tag = 'signal-v4.9.0' }
|
||||
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3' }
|
||||
|
||||
[profile.dev.package.argon2]
|
||||
opt-level = 2 # signal-signal-pin unit tests are too slow with an unoptimized argon2
|
||||
|
@ -11,42 +11,41 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0", default-features = false }
|
||||
|
||||
asn1 = "0.16.1"
|
||||
base64 = "0.21"
|
||||
bitflags = "2.3.3"
|
||||
asn1 = { workspace = true }
|
||||
base64 = { workspace = true }
|
||||
bitflags = { workspace = true }
|
||||
blake2 = "0.10"
|
||||
chacha20poly1305 = "0.10.1"
|
||||
chrono = { version = "0.4", features = ["serde"] }
|
||||
ciborium = "0.2"
|
||||
displaydoc = "0.2"
|
||||
hex = { version = "0.4", features = ["serde"] }
|
||||
hex-literal = "0.4.1"
|
||||
lazy_static = "1.4.0"
|
||||
libc = "0.2"
|
||||
log = "0.4"
|
||||
prost = "0.13.1"
|
||||
rand_core = { version = "0.6", features = ["getrandom"] }
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = { version = "1.0", features = ["raw_value"] }
|
||||
sha2 = "0.10"
|
||||
snow = { version = "0.9.5", default-features = false }
|
||||
static_assertions = "1.1"
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
subtle = "2.5"
|
||||
thiserror = "1.0.57"
|
||||
uuid = "1.1.2"
|
||||
x25519-dalek = "2.0.0"
|
||||
zerocopy = { version = "0.7.34", features = ["derive"] }
|
||||
boring-signal = { workspace = true }
|
||||
chacha20poly1305 = { workspace = true }
|
||||
chrono = { workspace = true, features = ["serde"] }
|
||||
ciborium = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
hex = { workspace = true, features = ["serde"] }
|
||||
hex-literal = { workspace = true }
|
||||
lazy_static = { workspace = true }
|
||||
libc = { workspace = true }
|
||||
log = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
rand_core = { workspace = true }
|
||||
serde = { workspace = true }
|
||||
serde_json = { workspace = true, features = ["raw_value"] }
|
||||
sha2 = { workspace = true }
|
||||
snow = { workspace = true }
|
||||
static_assertions = { workspace = true }
|
||||
strum = { workspace = true, features = ["derive"] }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
uuid = { workspace = true }
|
||||
x25519-dalek = { workspace = true }
|
||||
zerocopy = { workspace = true, features = ["derive"] }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5"
|
||||
snow = { version = "0.9.5", features = ["default-resolver"] }
|
||||
test-case = "3.3"
|
||||
assert_matches = { workspace = true }
|
||||
snow = { workspace = true, features = ["default-resolver"] }
|
||||
test-case = { workspace = true }
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13.1"
|
||||
prost-build = { workspace = true }
|
||||
|
||||
[lints.rust]
|
||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(fuzzing)'] }
|
||||
|
@ -3,12 +3,12 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use boring::ec::EcKey;
|
||||
use boring::pkey::Public;
|
||||
use boring::stack::{Stack, Stackable};
|
||||
use boring::x509::crl::X509CRLRef;
|
||||
use boring::x509::store::X509StoreRef;
|
||||
use boring::x509::{X509StoreContext, X509};
|
||||
use boring_signal::ec::EcKey;
|
||||
use boring_signal::pkey::Public;
|
||||
use boring_signal::stack::{Stack, Stackable};
|
||||
use boring_signal::x509::crl::X509CRLRef;
|
||||
use boring_signal::x509::store::X509StoreRef;
|
||||
use boring_signal::x509::{X509StoreContext, X509};
|
||||
|
||||
use std::time::SystemTime;
|
||||
|
||||
@ -93,7 +93,7 @@ impl CertChain {
|
||||
}
|
||||
|
||||
/// Converts the iterator into a stack, preserving the iterator's original order
|
||||
fn stack<T, I>(ts: I) -> std::result::Result<Stack<T>, boring::error::ErrorStack>
|
||||
fn stack<T, I>(ts: I) -> std::result::Result<Stack<T>, boring_signal::error::ErrorStack>
|
||||
where
|
||||
T: Stackable,
|
||||
I: IntoIterator<Item = T>,
|
||||
@ -164,15 +164,15 @@ impl Expireable for CertChain {
|
||||
pub mod testutil {
|
||||
use super::CertChain;
|
||||
|
||||
use boring::asn1::{Asn1Integer, Asn1IntegerRef, Asn1Time};
|
||||
use boring::bn::{BigNum, MsbOption};
|
||||
use boring::ec::{EcGroup, EcKey};
|
||||
use boring::hash::MessageDigest;
|
||||
use boring::nid::Nid;
|
||||
use boring::pkey::{PKey, Private};
|
||||
use boring::x509::crl::{X509CRLBuilder, X509Revoked, X509CRL};
|
||||
use boring::x509::extension::BasicConstraints;
|
||||
use boring::x509::{X509Name, X509};
|
||||
use boring_signal::asn1::{Asn1Integer, Asn1IntegerRef, Asn1Time};
|
||||
use boring_signal::bn::{BigNum, MsbOption};
|
||||
use boring_signal::ec::{EcGroup, EcKey};
|
||||
use boring_signal::hash::MessageDigest;
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::pkey::{PKey, Private};
|
||||
use boring_signal::x509::crl::{X509CRLBuilder, X509Revoked, X509CRL};
|
||||
use boring_signal::x509::extension::BasicConstraints;
|
||||
use boring_signal::x509::{X509Name, X509};
|
||||
use std::borrow::Borrow;
|
||||
|
||||
/// generate EC private key
|
||||
@ -313,10 +313,10 @@ mod test {
|
||||
use super::*;
|
||||
|
||||
use assert_matches::assert_matches;
|
||||
use boring::nid::Nid;
|
||||
use boring::x509::store::{X509Store, X509StoreBuilder};
|
||||
use boring::x509::verify::X509VerifyFlags;
|
||||
use boring::x509::X509Ref;
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::x509::store::{X509Store, X509StoreBuilder};
|
||||
use boring_signal::x509::verify::X509VerifyFlags;
|
||||
use boring_signal::x509::X509Ref;
|
||||
|
||||
fn names(certs: &[X509]) -> Vec<String> {
|
||||
certs
|
||||
|
@ -25,16 +25,16 @@ use std::collections::HashMap;
|
||||
|
||||
use std::time::SystemTime;
|
||||
|
||||
use boring::asn1::{Asn1Time, Asn1TimeRef};
|
||||
use boring::bn::BigNumContext;
|
||||
use boring::ec::*;
|
||||
use boring::error::ErrorStack;
|
||||
use boring::nid::Nid;
|
||||
use boring::pkey::{PKey, PKeyRef, Public};
|
||||
use boring::x509::crl::X509CRLRef;
|
||||
use boring::x509::store::{X509Store, X509StoreBuilder};
|
||||
use boring::x509::verify::X509VerifyFlags;
|
||||
use boring::x509::{X509Ref, X509};
|
||||
use boring_signal::asn1::{Asn1Time, Asn1TimeRef};
|
||||
use boring_signal::bn::BigNumContext;
|
||||
use boring_signal::ec::*;
|
||||
use boring_signal::error::ErrorStack;
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::pkey::{PKey, PKeyRef, Public};
|
||||
use boring_signal::x509::crl::X509CRLRef;
|
||||
use boring_signal::x509::store::{X509Store, X509StoreBuilder};
|
||||
use boring_signal::x509::verify::X509VerifyFlags;
|
||||
use boring_signal::x509::{X509Ref, X509};
|
||||
use hex::ToHex;
|
||||
use lazy_static::lazy_static;
|
||||
use uuid::Uuid;
|
||||
@ -653,7 +653,7 @@ mod test {
|
||||
|
||||
use crate::dcap::endorsements::{QeTcbLevel, TcbInfoVersion};
|
||||
use crate::dcap::fakes::FakeAttestation;
|
||||
use boring::bn::BigNum;
|
||||
use boring_signal::bn::BigNum;
|
||||
use hex_literal::hex;
|
||||
|
||||
use super::*;
|
||||
|
@ -3,10 +3,10 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use boring::bn::BigNum;
|
||||
use boring::ec::EcKeyRef;
|
||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring::pkey::Public;
|
||||
use boring_signal::bn::BigNum;
|
||||
use boring_signal::ec::EcKeyRef;
|
||||
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring_signal::pkey::Public;
|
||||
use sha2::Digest;
|
||||
|
||||
/// Deserialize a 64 byte ECDSA Signature
|
||||
|
@ -8,9 +8,9 @@
|
||||
//! through the Intel Provisioning Certification Service (PCS), or a cache (PCCS).
|
||||
//! For specification of the json data structures within the OE structures,
|
||||
//! see <https://api.portal.trustedservices.intel.com/documentation>
|
||||
use boring::ec::EcKeyRef;
|
||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring::pkey::Public;
|
||||
use boring_signal::ec::EcKeyRef;
|
||||
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring_signal::pkey::Public;
|
||||
use chrono::Utc;
|
||||
use serde::Deserialize;
|
||||
use serde_json::value::RawValue;
|
||||
|
@ -19,13 +19,13 @@ use crate::dcap::endorsements::SgxEndorsements;
|
||||
use crate::dcap::evidence::Evidence;
|
||||
use crate::dcap::revocation_list::RevocationList;
|
||||
use crate::dcap::{attest_impl, Attestation};
|
||||
use boring::asn1::{Asn1Integer, Asn1IntegerRef};
|
||||
use boring::bn::{BigNum, BigNumContext};
|
||||
use boring::ec::{EcGroup, EcKey, EcKeyRef};
|
||||
use boring::ecdsa::EcdsaSig;
|
||||
use boring::hash::{Hasher, MessageDigest};
|
||||
use boring::nid::Nid;
|
||||
use boring::pkey::{PKey, Private, Public};
|
||||
use boring_signal::asn1::{Asn1Integer, Asn1IntegerRef};
|
||||
use boring_signal::bn::{BigNum, BigNumContext};
|
||||
use boring_signal::ec::{EcGroup, EcKey, EcKeyRef};
|
||||
use boring_signal::ecdsa::EcdsaSig;
|
||||
use boring_signal::hash::{Hasher, MessageDigest};
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::pkey::{PKey, Private, Public};
|
||||
use chrono::Utc;
|
||||
|
||||
use std::time::SystemTime;
|
||||
@ -162,7 +162,7 @@ pub(crate) struct FakeAttestationBuilder {
|
||||
|
||||
impl FakeAttestationBuilder {
|
||||
fn sign_data(data: &[u8], key: &EcKeyRef<Private>) -> EcdsaSig {
|
||||
let hash = boring::hash::hash(MessageDigest::sha256(), data).unwrap();
|
||||
let hash = boring_signal::hash::hash(MessageDigest::sha256(), data).unwrap();
|
||||
EcdsaSig::sign(&hash, key).unwrap()
|
||||
}
|
||||
|
||||
|
@ -4,8 +4,8 @@
|
||||
//
|
||||
|
||||
use crate::dcap::{Error, Expireable, Result};
|
||||
use boring::nid::Nid;
|
||||
use boring::x509::crl::{X509CRLRef, X509CRL};
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::x509::crl::{X509CRLRef, X509CRL};
|
||||
use std::collections::HashSet;
|
||||
use std::time::SystemTime;
|
||||
|
||||
|
@ -7,12 +7,12 @@
|
||||
//!
|
||||
//! See <https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf> section A.4
|
||||
|
||||
use boring::bn::BigNum;
|
||||
use boring::ec::{EcGroup, EcKey};
|
||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring::error::ErrorStack;
|
||||
use boring::nid::Nid;
|
||||
use boring::pkey::Public;
|
||||
use boring_signal::bn::BigNum;
|
||||
use boring_signal::ec::{EcGroup, EcKey};
|
||||
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||
use boring_signal::error::ErrorStack;
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::pkey::Public;
|
||||
use sha2::Digest;
|
||||
use zerocopy::{AsBytes, FromBytes, FromZeroes};
|
||||
|
||||
@ -327,7 +327,7 @@ static_assertions::const_assert_eq!(578, std::mem::size_of::<SgxEcdsaSignatureHe
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
use boring::pkey::Private;
|
||||
use boring_signal::pkey::Private;
|
||||
|
||||
use std::fs;
|
||||
use std::path::Path;
|
||||
|
@ -8,8 +8,8 @@ use std::collections::HashMap;
|
||||
use crate::dcap::{Error, Result};
|
||||
use crate::error::Context;
|
||||
use asn1::{oid, ObjectIdentifier, SequenceOf};
|
||||
use boring::asn1::Asn1ObjectRef;
|
||||
use boring::nid::Nid;
|
||||
use boring_signal::asn1::Asn1ObjectRef;
|
||||
use boring_signal::nid::Nid;
|
||||
|
||||
pub const SGX_EXTENSIONS_OID: &str = "1.2.840.113741.1.13.1";
|
||||
const _SGX_EXTENSIONS_OID_OID: ObjectIdentifier = oid!(1, 2, 840, 113741, 1, 13, 1);
|
||||
|
@ -8,13 +8,13 @@ use std::error::Error;
|
||||
use std::string::ToString;
|
||||
use std::time::SystemTime;
|
||||
|
||||
use boring::error::ErrorStack;
|
||||
use boring::hash::MessageDigest;
|
||||
use boring::nid::Nid;
|
||||
use boring::rsa::Padding;
|
||||
use boring::sign::Verifier;
|
||||
use boring::x509::crl::X509CRL;
|
||||
use boring::x509::X509;
|
||||
use boring_signal::error::ErrorStack;
|
||||
use boring_signal::hash::MessageDigest;
|
||||
use boring_signal::nid::Nid;
|
||||
use boring_signal::rsa::Padding;
|
||||
use boring_signal::sign::Verifier;
|
||||
use boring_signal::x509::crl::X509CRL;
|
||||
use boring_signal::x509::X509;
|
||||
use lazy_static::lazy_static;
|
||||
|
||||
use crate::cert_chain::CertChain;
|
||||
@ -134,7 +134,7 @@ impl CertChain {
|
||||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use boring::base64::decode_block;
|
||||
use boring_signal::base64::decode_block;
|
||||
use chrono::DateTime;
|
||||
use std::time::Duration;
|
||||
|
||||
|
@ -5,11 +5,11 @@
|
||||
use std::collections::HashMap;
|
||||
use std::time::SystemTime;
|
||||
|
||||
use boring::bn::BigNum;
|
||||
use boring::ecdsa::EcdsaSig;
|
||||
use boring::stack;
|
||||
use boring::x509::store::X509StoreBuilder;
|
||||
use boring::x509::{X509StoreContext, X509};
|
||||
use boring_signal::bn::BigNum;
|
||||
use boring_signal::ecdsa::EcdsaSig;
|
||||
use boring_signal::stack;
|
||||
use boring_signal::x509::store::X509StoreBuilder;
|
||||
use boring_signal::x509::{X509StoreContext, X509};
|
||||
use ciborium::value::{Integer, Value};
|
||||
use prost::{DecodeError, Message};
|
||||
use sha2::{Digest, Sha384};
|
||||
@ -95,8 +95,8 @@ impl From<ciborium::de::Error<std::io::Error>> for NitroError {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<boring::error::ErrorStack> for NitroError {
|
||||
fn from(err: boring::error::ErrorStack) -> NitroError {
|
||||
impl From<boring_signal::error::ErrorStack> for NitroError {
|
||||
fn from(err: boring_signal::error::ErrorStack) -> NitroError {
|
||||
NitroError::InvalidCertificate(err.to_string())
|
||||
}
|
||||
}
|
||||
|
@ -4,10 +4,10 @@
|
||||
//
|
||||
use std::time::SystemTime;
|
||||
|
||||
use boring::pkey::{PKey, Public};
|
||||
use boring::rsa::Rsa;
|
||||
use boring::x509::store::X509StoreBuilder;
|
||||
use boring::x509::X509;
|
||||
use boring_signal::pkey::{PKey, Public};
|
||||
use boring_signal::rsa::Rsa;
|
||||
use boring_signal::x509::store::X509StoreBuilder;
|
||||
use boring_signal::x509::X509;
|
||||
use prost::Message;
|
||||
|
||||
use crate::cert_chain::{self, CertChain};
|
||||
@ -178,8 +178,8 @@ fn verify_vcek_cert(
|
||||
}
|
||||
}
|
||||
|
||||
impl From<boring::error::ErrorStack> for Error {
|
||||
fn from(_err: boring::error::ErrorStack) -> Error {
|
||||
impl From<boring_signal::error::ErrorStack> for Error {
|
||||
fn from(_err: boring_signal::error::ErrorStack) -> Error {
|
||||
Error::AttestationDataError {
|
||||
reason: "Invalid certificate".to_string(),
|
||||
}
|
||||
|
@ -4,10 +4,10 @@
|
||||
//
|
||||
|
||||
use base64::prelude::{Engine as _, BASE64_URL_SAFE_NO_PAD};
|
||||
use boring::bn::BigNum;
|
||||
use boring::ecdsa::EcdsaSig;
|
||||
use boring::pkey::{PKey, Public};
|
||||
use boring::rsa::Rsa;
|
||||
use boring_signal::bn::BigNum;
|
||||
use boring_signal::ecdsa::EcdsaSig;
|
||||
use boring_signal::pkey::{PKey, Public};
|
||||
use boring_signal::rsa::Rsa;
|
||||
use sha2::{Digest as _, Sha256, Sha384};
|
||||
use subtle::ConstantTimeEq as _;
|
||||
|
||||
|
@ -3,9 +3,9 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use boring::hash::MessageDigest;
|
||||
use boring::sign::Verifier;
|
||||
use boring::x509::X509;
|
||||
use boring_signal::hash::MessageDigest;
|
||||
use boring_signal::sign::Verifier;
|
||||
use boring_signal::x509::X509;
|
||||
use sha2::{Digest, Sha256};
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
use std::time::SystemTime;
|
||||
|
||||
use boring::asn1::Asn1Time;
|
||||
use boring_signal::asn1::Asn1Time;
|
||||
use libc::time_t;
|
||||
|
||||
/// A replacement for [`std::collections::HashMap`] that performs linear lookups.
|
||||
|
@ -27,9 +27,9 @@ libsignal-net = { path = "../../net" }
|
||||
libsignal-protocol = { path = "../../protocol" }
|
||||
signal-media = { path = "../../media" }
|
||||
|
||||
futures-util = "0.3"
|
||||
log = "0.4"
|
||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
||||
futures-util = { workspace = true }
|
||||
log = { workspace = true }
|
||||
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||
|
||||
[target.aarch64-apple-ios.dependencies]
|
||||
cpufeatures = "0.2.1" # Make sure iOS gets optimized crypto.
|
||||
|
@ -19,10 +19,10 @@ libsignal-bridge = { path = "../shared", features = ["jni", "signal-media"] }
|
||||
libsignal-protocol = { path = "../../protocol" }
|
||||
signal-crypto = { path = "../../crypto" }
|
||||
|
||||
cfg-if = "1.0.0"
|
||||
jni = "0.21.0"
|
||||
log = "0.4"
|
||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
||||
cfg-if = { workspace = true }
|
||||
jni = { workspace = true }
|
||||
log = { workspace = true }
|
||||
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||
|
||||
[features]
|
||||
testing-fns = ["libsignal-bridge/testing-fns"]
|
||||
|
@ -17,6 +17,4 @@ crate-type = ["cdylib"]
|
||||
[dependencies]
|
||||
libsignal-bridge-testing = { path = "../../shared/testing", features = ["jni"] }
|
||||
|
||||
jni = "0.21.0"
|
||||
log = { version = "0.4", features = ["release_max_level_info"] }
|
||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
||||
log = { workspace = true }
|
||||
|
@ -19,9 +19,9 @@ libsignal-bridge = { path = "../shared", features = ["node", "signal-media"] }
|
||||
libsignal-bridge-testing = { path = "../shared/testing", features = ["node", "signal-media"] }
|
||||
libsignal-protocol = { path = "../../protocol" }
|
||||
|
||||
futures = { version = "0.3", default-features = false, features = ["executor"] }
|
||||
log = "0.4"
|
||||
log-panics = { version = "2.0.0", features = ["with-backtrace"] }
|
||||
futures = { workspace = true }
|
||||
log = { workspace = true }
|
||||
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||
minidump = { version = "0.20.0", default-features = false }
|
||||
minidump-processor = { version = "0.20.0", default-features = false }
|
||||
minidump-unwind = { version = "0.20.0", default-features = false }
|
||||
|
@ -21,8 +21,8 @@ path = "benches/node.rs"
|
||||
harness = false
|
||||
|
||||
[dependencies]
|
||||
futures-util = "0.3.7"
|
||||
neon = { version = "1.0.0", default-features = false, features = ["napi-4"] }
|
||||
futures-util = { workspace = true }
|
||||
neon = { workspace = true, features = ["napi-4"] }
|
||||
|
||||
[dev-dependencies]
|
||||
signal-neon-futures-tests = { path = "tests-node-module" }
|
||||
|
@ -18,8 +18,8 @@ crate-type = ["cdylib"]
|
||||
[dependencies]
|
||||
signal-neon-futures = { path = ".." }
|
||||
|
||||
futures-util = "0.3.7"
|
||||
neon = { version = "1.0.0", default-features = false, features = ["napi-1"] }
|
||||
futures-util = { workspace = true }
|
||||
neon = { workspace = true, default-features = false, features = ["napi-1"] }
|
||||
|
||||
[features]
|
||||
# Enable default-panic-hook to get backtraces of panics.
|
||||
|
@ -26,36 +26,36 @@ usernames = { path = "../../usernames" }
|
||||
zkgroup = { path = "../../zkgroup" }
|
||||
|
||||
aes-gcm-siv = "0.11.1"
|
||||
base64 = "0.21"
|
||||
bincode = "1.0"
|
||||
futures-util = "0.3.7"
|
||||
hkdf = "0.12"
|
||||
hmac = "0.12.0"
|
||||
http = "1.0.0"
|
||||
log = "0.4"
|
||||
nonzero_ext = "0.3.0"
|
||||
paste = "1.0"
|
||||
prost = "0.13.1"
|
||||
rand = "0.8"
|
||||
scopeguard = "1.0"
|
||||
sha2 = "0.10"
|
||||
static_assertions = "1.1"
|
||||
tokio = { version = "1", features = ["rt-multi-thread"] }
|
||||
uuid = "1.1.2"
|
||||
base64 = { workspace = true }
|
||||
bincode = { workspace = true }
|
||||
futures-util = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
http = { workspace = true }
|
||||
log = { workspace = true }
|
||||
nonzero_ext = { workspace = true }
|
||||
paste = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
scopeguard = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
static_assertions = { workspace = true }
|
||||
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
||||
uuid = { workspace = true }
|
||||
|
||||
# Enable this for all libsignal app language libraries
|
||||
subtle = { version = "2.5", features = ["core_hint_black_box"] }
|
||||
subtle = { workspace = true, features = ["core_hint_black_box"] }
|
||||
|
||||
jni = { version = "0.21", package = "jni", optional = true }
|
||||
linkme = { version = "0.3.9", optional = true }
|
||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
jni = { workspace = true, optional = true }
|
||||
linkme = { workspace = true, optional = true }
|
||||
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||
strum = { workspace = true, features = ["derive"] }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5"
|
||||
test-case = "3.3.1"
|
||||
testing_logger = "0.1.1"
|
||||
tokio = { version = "1", features = ["test-util", "time", "macros"] }
|
||||
assert_matches = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
testing_logger = { workspace = true }
|
||||
tokio = { workspace = true, features = ["test-util", "time", "macros"] }
|
||||
|
||||
[features]
|
||||
ffi = ["libsignal-bridge-types/ffi"]
|
||||
|
@ -14,11 +14,11 @@ license = "AGPL-3.0-only"
|
||||
proc-macro = true
|
||||
|
||||
[dependencies]
|
||||
heck = "0.5"
|
||||
proc-macro2 = "1.0"
|
||||
quote = "1.0"
|
||||
syn = "2.0"
|
||||
syn-mid = "0.6"
|
||||
heck = { workspace = true }
|
||||
proc-macro2 = { workspace = true }
|
||||
quote = { workspace = true }
|
||||
syn = { workspace = true }
|
||||
syn-mid = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
syn = { version = "2.0", features = ["extra-traits"] }
|
||||
syn = { workspace = true, features = ["extra-traits"] }
|
||||
|
@ -15,14 +15,14 @@ libsignal-bridge-macros = { path = "../macros" }
|
||||
libsignal-bridge-types = { path = "../types" }
|
||||
libsignal-message-backup = { path = "../../../message-backup", features = ["json"] }
|
||||
|
||||
futures-util = "0.3.7"
|
||||
paste = "1.0"
|
||||
scopeguard = "1.0"
|
||||
tokio = "1"
|
||||
futures-util = { workspace = true }
|
||||
paste = { workspace = true }
|
||||
scopeguard = { workspace = true }
|
||||
tokio = { workspace = true }
|
||||
|
||||
jni = { version = "0.21", package = "jni", optional = true }
|
||||
linkme = { version = "0.3.9", optional = true }
|
||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
||||
jni = { workspace = true, optional = true }
|
||||
linkme = { workspace = true, optional = true }
|
||||
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||
|
||||
[features]
|
||||
ffi = ["libsignal-bridge-types/ffi"]
|
||||
|
@ -24,42 +24,42 @@ signal-pin = { path = "../../../pin" }
|
||||
usernames = { path = "../../../usernames" }
|
||||
zkgroup = { path = "../../../zkgroup" }
|
||||
|
||||
aes-gcm-siv = "0.11.1"
|
||||
async-trait = "0.1.41"
|
||||
atomic-take = "1.1.0"
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2"
|
||||
futures-util = "0.3.30"
|
||||
hmac = "0.12.0"
|
||||
http = "1.0.0"
|
||||
log = "0.4"
|
||||
mediasan-common = "0.5.0"
|
||||
num_enum = "0.7.2"
|
||||
once_cell = "1.19.0"
|
||||
partial-default = "0.1.0"
|
||||
paste = "1.0"
|
||||
rayon = "1.8.0"
|
||||
serde = "1.0"
|
||||
sha2 = "0.10"
|
||||
static_assertions = "1.1"
|
||||
thiserror = "1.0.50"
|
||||
tokio = { version = "1", features = ["rt-multi-thread"] }
|
||||
uuid = "1.1.2"
|
||||
aes-gcm-siv = { workspace = true }
|
||||
async-trait = { workspace = true }
|
||||
atomic-take = { workspace = true }
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
futures-util = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
http = { workspace = true }
|
||||
log = { workspace = true }
|
||||
mediasan-common = { workspace = true }
|
||||
num_enum = { workspace = true }
|
||||
once_cell = { workspace = true }
|
||||
partial-default = { workspace = true }
|
||||
paste = { workspace = true }
|
||||
rayon = { workspace = true }
|
||||
serde = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
static_assertions = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
||||
uuid = { workspace = true }
|
||||
|
||||
# Enable this for all libsignal app language libraries
|
||||
subtle = { version = "2.5", features = ["core_hint_black_box"] }
|
||||
subtle = { workspace = true, features = ["core_hint_black_box"] }
|
||||
|
||||
jni = { version = "0.21", package = "jni", optional = true }
|
||||
linkme = { version = "0.3.9", optional = true }
|
||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
||||
jni = { workspace = true, optional = true }
|
||||
linkme = { workspace = true, optional = true }
|
||||
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||
signal-neon-futures = { path = "../../node/futures", optional = true }
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
zerocopy = { version = "0.7.34", optional = true }
|
||||
strum = { workspace = true }
|
||||
zerocopy = { workspace = true, optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5"
|
||||
test-case = "3.3.1"
|
||||
tokio = { version = "1", features = ["test-util", "time", "macros"] }
|
||||
assert_matches = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
tokio = { workspace = true, features = ["test-util", "time", "macros"] }
|
||||
|
||||
[features]
|
||||
ffi = []
|
||||
|
@ -11,10 +11,10 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
num_enum = "0.7.2"
|
||||
uuid = "1.1.2"
|
||||
num_enum = { workspace = true }
|
||||
uuid = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
hex-literal = "0.4.1"
|
||||
proptest = "1.0"
|
||||
rand = "0.8"
|
||||
hex-literal = { workspace = true }
|
||||
proptest = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
|
@ -11,23 +11,23 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
aes = { version = "0.8.3", features = ["zeroize"] }
|
||||
cbc = { version = "0.1.2", features = ["std", "zeroize"] }
|
||||
ctr = { version = "0.9.2", features = ["zeroize"] }
|
||||
displaydoc = "0.2"
|
||||
aes = { workspace = true, features = ["zeroize"] }
|
||||
cbc = { workspace = true, features = ["std", "zeroize"] }
|
||||
ctr = { workspace = true, features = ["zeroize"] }
|
||||
displaydoc = { workspace = true }
|
||||
ghash = { version = "0.5.0", features = ["zeroize"] }
|
||||
hmac = { version = "0.12", features = ["reset"] }
|
||||
sha1 = "0.10"
|
||||
sha2 = "0.10"
|
||||
subtle = "2.3"
|
||||
thiserror = "1.0.38"
|
||||
hmac = { workspace = true, features = ["reset"] }
|
||||
sha1 = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
criterion = "0.5"
|
||||
hex = "0.4"
|
||||
hex-literal = "0.4.1"
|
||||
rand = "0.8"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
criterion = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
serde = { workspace = true }
|
||||
serde_json = "1.0"
|
||||
|
||||
[[bench]]
|
||||
|
@ -6,8 +6,8 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
boring = { version = "4.6.0", default-features = false }
|
||||
libc = "0.2"
|
||||
boring = { workspace = true }
|
||||
libc = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
hex = "0.4"
|
||||
hex = { workspace = true }
|
||||
|
@ -11,18 +11,18 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
curve25519-dalek = { version = "4.1.3" }
|
||||
displaydoc = "0.2"
|
||||
ed25519-dalek = "2.1.0"
|
||||
hmac = "0.12.1"
|
||||
prost = "0.13"
|
||||
sha2 = "0.10"
|
||||
curve25519-dalek = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
ed25519-dalek = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13"
|
||||
prost-build = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5.0"
|
||||
hex-literal = "0.4.1"
|
||||
proptest = "1.5.0"
|
||||
test-case = "3.3.1"
|
||||
assert_matches = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
proptest = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
|
@ -6,10 +6,10 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
futures-util = "0.3.7"
|
||||
mediasan-common = "0.5.0"
|
||||
futures-util = { workspace = true }
|
||||
mediasan-common = { workspace = true }
|
||||
mp4san = { version = "0.5.0", optional = true }
|
||||
thiserror = "1.0.38"
|
||||
thiserror = { workspace = true }
|
||||
webpsan = { version = "0.5.0", optional = true, default-features = false }
|
||||
|
||||
[features]
|
||||
|
@ -29,55 +29,55 @@ usernames = { path = "../usernames" }
|
||||
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
||||
zkgroup = { path = "../zkgroup" }
|
||||
|
||||
aes = "0.8.3"
|
||||
arrayvec = "0.7.4"
|
||||
aes = { workspace = true }
|
||||
arrayvec = { workspace = true }
|
||||
async-compression = { version = "0.4.5", features = ["futures-io", "gzip"] }
|
||||
async-trait = "0.1.41"
|
||||
cbc = "0.1.2"
|
||||
clap = { version = "4.2.1", features = ["derive"] }
|
||||
async-trait = { workspace = true }
|
||||
cbc = { workspace = true }
|
||||
clap = { workspace = true, features = ["derive"] }
|
||||
clap-stdin = "0.3.0"
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2.5"
|
||||
env_logger = "0.11.4"
|
||||
futures = "0.3.29"
|
||||
hex = { version = "0.4.3", features = ["serde"] }
|
||||
hkdf = "0.12"
|
||||
hmac = "0.12"
|
||||
itertools = "0.13.0"
|
||||
log = "0.4"
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
env_logger = { workspace = true }
|
||||
futures = { workspace = true }
|
||||
hex = { workspace = true, features = ["serde"] }
|
||||
hkdf = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
itertools = { workspace = true }
|
||||
log = { workspace = true }
|
||||
macro_rules_attribute = "0.2.0"
|
||||
mediasan-common = "0.5.0"
|
||||
num_enum = "0.7.2"
|
||||
mediasan-common = { workspace = true }
|
||||
num_enum = { workspace = true }
|
||||
protobuf = "3.3.0"
|
||||
protobuf-json-mapping = { version = "3.3.0", optional = true }
|
||||
serde = { version = "1.0", features = ["derive", "rc"] }
|
||||
serde_json = { version = "1.0", optional = true, features = ["preserve_order"] }
|
||||
sha2 = "0.10"
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
serde = { workspace = true, features = ["derive", "rc"] }
|
||||
serde_json = { workspace = true, optional = true, features = ["preserve_order"] }
|
||||
sha2 = { workspace = true }
|
||||
strum = { workspace = true, features = ["derive"] }
|
||||
# This isn't strictly necessary but we need at least this version to avoid
|
||||
# warnings from the latest nightly rustc. Remove this when the referenced strum
|
||||
# version has at least this version as a dependency.
|
||||
strum_macros = { version = "0.26.4" }
|
||||
subtle = "2.5.0"
|
||||
thiserror = "1.0.50"
|
||||
uuid = { version = "1.1.2", features = ["serde"] }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
uuid = { workspace = true, features = ["serde"] }
|
||||
|
||||
[dev-dependencies]
|
||||
libsignal-message-backup = { path = "./", features = ["json"] }
|
||||
signal-crypto = { path = "../crypto" }
|
||||
|
||||
array-concat = "0.5.2"
|
||||
array-concat = { workspace = true }
|
||||
assert_cmd = "2.0.13"
|
||||
assert_matches = "1.5.0"
|
||||
assert_matches = { workspace = true }
|
||||
dir-test = "0.2.0"
|
||||
futures = { version = "0.3.29", features = ["executor"] }
|
||||
hex-literal = "0.4.1"
|
||||
futures = { workspace = true, features = ["executor"] }
|
||||
hex-literal = { workspace = true }
|
||||
json5 = "0.4.1"
|
||||
nonzero_ext = "0.3.0"
|
||||
once_cell = "1.19"
|
||||
test-case = "3.3.1"
|
||||
nonzero_ext = { workspace = true }
|
||||
once_cell = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
test-log = "0.2.14"
|
||||
testing_logger = "0.1.1"
|
||||
testing_logger = { workspace = true }
|
||||
pretty_assertions = "1.4.0"
|
||||
|
||||
[build-dependencies]
|
||||
|
@ -13,10 +13,10 @@ license = "AGPL-3.0-only"
|
||||
proc-macro = true
|
||||
|
||||
[dependencies]
|
||||
heck = "0.5"
|
||||
proc-macro2 = "1.0.74"
|
||||
quote = "1.0.35"
|
||||
syn = { version = "2.0.46", features = ["full", "extra-traits"] }
|
||||
heck = { workspace = true }
|
||||
proc-macro2 = { workspace = true }
|
||||
quote = { workspace = true }
|
||||
syn = { workspace = true, features = ["full", "extra-traits"] }
|
||||
|
||||
[dev-dependencies]
|
||||
test-case = "3.3.1"
|
||||
test-case = { workspace = true }
|
||||
|
@ -14,69 +14,72 @@ libsignal-core = { path = "../core" }
|
||||
libsignal-protocol = { path = "../protocol" }
|
||||
libsignal-svr3 = { path = "../svr3" }
|
||||
|
||||
async-trait = "0.1.41"
|
||||
base64 = "0.21"
|
||||
bincode = "1.0"
|
||||
async-trait = { workspace = true }
|
||||
base64 = { workspace = true }
|
||||
bincode = { workspace = true }
|
||||
bitstream-io = "1.10.0"
|
||||
boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0" }
|
||||
boring-signal = { workspace = true }
|
||||
bytes = "1.4.0"
|
||||
const-str = { version = "0.5.6", features = ["std"] }
|
||||
derive-where = "1.2.7"
|
||||
displaydoc = "0.2"
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
either = "1.10.0"
|
||||
futures-util = "0.3.7"
|
||||
hex = "0.4"
|
||||
hmac = "0.12"
|
||||
http = "1.0.0"
|
||||
futures-util = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
http = { workspace = true }
|
||||
http-body-util = "0.1.1"
|
||||
hyper = { version = "1.3.1", features = ["http2", "client"] }
|
||||
hyper-util = { version = "0.1.3", features = ["tokio"] }
|
||||
indexmap = "2.1.0"
|
||||
itertools = "0.13.0"
|
||||
log = "0.4.19"
|
||||
nonzero_ext = "0.3.0"
|
||||
num_enum = "0.7.2"
|
||||
prost = "0.13.1"
|
||||
rand = "0.8.0"
|
||||
rand_core = "0.6"
|
||||
indexmap = { workspace = true }
|
||||
itertools = { workspace = true }
|
||||
log = { workspace = true }
|
||||
nonzero_ext = { workspace = true }
|
||||
num_enum = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand_core = { workspace = true }
|
||||
rustls = { version = "0.23.4", default-features = false, features = ["ring", "std", "tls12"] }
|
||||
rustls-platform-verifier = "0.3.1"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
sha2 = "0.10.8"
|
||||
snow = { version = "0.9.5", default-features = false }
|
||||
static_assertions = "1.1"
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
thiserror = "1.0.38"
|
||||
tokio = { version = "1", features = ["rt", "time", "macros"] }
|
||||
tokio-boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0" }
|
||||
rustls-platform-verifier = { workspace = true }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
snow = { workspace = true }
|
||||
static_assertions = { workspace = true }
|
||||
strum = { workspace = true, features = ["derive"] }
|
||||
thiserror = { workspace = true }
|
||||
tokio = { workspace = true, features = ["rt", "time", "macros"] }
|
||||
tokio-boring-signal = { workspace = true }
|
||||
tokio-stream = "0.1.14"
|
||||
tokio-tungstenite = "0.23.0"
|
||||
tokio-util = "0.7.9"
|
||||
tungstenite = { version = "0.23.0", features = ["url"] }
|
||||
url = "2.4.1"
|
||||
uuid = "1.1.2"
|
||||
zerocopy = { version = "0.7", features = ["derive"] }
|
||||
uuid = { workspace = true }
|
||||
zerocopy = { workspace = true }
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13.1"
|
||||
prost-build = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5.0"
|
||||
clap = { version = "4.4.11", features = ["derive"] }
|
||||
assert_matches = { workspace = true }
|
||||
clap = { workspace = true, features = ["derive"] }
|
||||
colored = "2.1"
|
||||
env_logger = "0.11.4"
|
||||
hex-literal = "0.4.1"
|
||||
env_logger = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
hickory-proto = "0.24.1"
|
||||
lazy_static = "1.4.0"
|
||||
proptest = "1.4.0"
|
||||
lazy_static = { workspace = true }
|
||||
proptest = { workspace = true }
|
||||
proptest-state-machine = "0.1.0"
|
||||
rcgen = "0.13.0"
|
||||
snow = "0.9.5"
|
||||
test-case = "3.3.1"
|
||||
snow = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
tls-parser = "0.11.0"
|
||||
tokio = { version = "1", features = ["test-util", "io-std", "rt-multi-thread"] }
|
||||
url = "2.4.1"
|
||||
tokio = { workspace = true, features = [
|
||||
"test-util",
|
||||
"io-std",
|
||||
"rt-multi-thread",
|
||||
] }
|
||||
warp = { version = "0.3.6", features = ["tls"] }
|
||||
|
||||
[[example]]
|
||||
|
@ -13,7 +13,7 @@ use libsignal_core::{Aci, Pni};
|
||||
use prost::Message as _;
|
||||
use thiserror::Error;
|
||||
use tokio::net::TcpStream;
|
||||
use tokio_boring::SslStream;
|
||||
use tokio_boring_signal::SslStream;
|
||||
use tungstenite::protocol::frame::coding::CloseCode;
|
||||
use tungstenite::protocol::CloseFrame;
|
||||
use uuid::Uuid;
|
||||
|
@ -439,7 +439,7 @@ mod test {
|
||||
use async_trait::async_trait;
|
||||
use nonzero_ext::nonzero;
|
||||
use tokio::net::TcpStream;
|
||||
use tokio_boring::SslStream;
|
||||
use tokio_boring_signal::SslStream;
|
||||
|
||||
use crate::auth::Auth;
|
||||
use crate::infra::connection_manager::ConnectionAttemptOutcome;
|
||||
|
@ -5,10 +5,10 @@
|
||||
|
||||
use std::borrow::Cow;
|
||||
|
||||
use boring::error::ErrorStack;
|
||||
use boring::ssl::{SslAlert, SslConnectorBuilder, SslVerifyError, SslVerifyMode};
|
||||
use boring::x509::store::X509StoreBuilder;
|
||||
use boring::x509::X509;
|
||||
use boring_signal::error::ErrorStack;
|
||||
use boring_signal::ssl::{SslAlert, SslConnectorBuilder, SslVerifyError, SslVerifyMode};
|
||||
use boring_signal::x509::store::X509StoreBuilder;
|
||||
use boring_signal::x509::X509;
|
||||
use rustls::client::danger::ServerCertVerifier;
|
||||
|
||||
const SIGNAL_ROOT_CERT_DER: &[u8] = include_bytes!("../../res/signal.cer");
|
||||
@ -93,7 +93,7 @@ fn set_up_platform_verifier(
|
||||
|
||||
// The rest of the chain should be valid intermediate certificates.
|
||||
let intermediates: Vec<_> = cert_chain
|
||||
.collect::<Result<_, boring::error::ErrorStack>>()
|
||||
.collect::<Result<_, boring_signal::error::ErrorStack>>()
|
||||
.map_err(|_| SslVerifyError::Invalid(SslAlert::BAD_CERTIFICATE))?;
|
||||
|
||||
// We don't do our own OCSP. Either the platform will do its own checks, or it won't.
|
||||
@ -168,7 +168,7 @@ mod test {
|
||||
use std::sync::Arc;
|
||||
|
||||
use assert_matches::assert_matches;
|
||||
use boring::ssl::{ErrorCode, SslConnector, SslMethod};
|
||||
use boring_signal::ssl::{ErrorCode, SslConnector, SslMethod};
|
||||
use rustls::RootCertStore;
|
||||
use tokio::net::TcpStream;
|
||||
|
||||
@ -201,7 +201,7 @@ mod test {
|
||||
.expect("valid");
|
||||
|
||||
let transport = TcpStream::connect(addr).await.expect("can connect");
|
||||
let connection = tokio_boring::connect(
|
||||
let connection = tokio_boring_signal::connect(
|
||||
ssl.build().configure().expect("valid"),
|
||||
SERVER_HOSTNAME,
|
||||
transport,
|
||||
@ -236,7 +236,7 @@ mod test {
|
||||
|
||||
let transport = TcpStream::connect(addr).await.expect("can connect");
|
||||
assert_matches!(
|
||||
tokio_boring::connect(
|
||||
tokio_boring_signal::connect(
|
||||
ssl.build().configure().expect("valid"),
|
||||
SERVER_HOSTNAME,
|
||||
transport,
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
use std::fmt::Display;
|
||||
|
||||
use tokio_boring::HandshakeError;
|
||||
use tokio_boring_signal::HandshakeError;
|
||||
|
||||
use crate::infra::certs;
|
||||
|
||||
@ -29,7 +29,7 @@ pub enum TransportConnectError {
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct SslErrorReasons(boring::error::ErrorStack);
|
||||
pub struct SslErrorReasons(boring_signal::error::ErrorStack);
|
||||
|
||||
impl Display for SslErrorReasons {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
@ -38,7 +38,7 @@ impl Display for SslErrorReasons {
|
||||
self.0
|
||||
.errors()
|
||||
.iter()
|
||||
.flat_map::<Option<&'static str>, _>(boring::error::Error::reason),
|
||||
.flat_map::<Option<&'static str>, _>(boring_signal::error::Error::reason),
|
||||
)
|
||||
.finish()
|
||||
}
|
||||
@ -47,7 +47,7 @@ impl Display for SslErrorReasons {
|
||||
#[derive(Debug)]
|
||||
pub struct FailedHandshakeReason {
|
||||
io: Option<std::io::ErrorKind>,
|
||||
code: Option<boring::ssl::ErrorCode>,
|
||||
code: Option<boring_signal::ssl::ErrorCode>,
|
||||
}
|
||||
|
||||
impl<S> From<HandshakeError<S>> for FailedHandshakeReason {
|
||||
@ -77,8 +77,8 @@ impl Display for FailedHandshakeReason {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<boring::error::ErrorStack> for TransportConnectError {
|
||||
fn from(value: boring::error::ErrorStack) -> Self {
|
||||
impl From<boring_signal::error::ErrorStack> for TransportConnectError {
|
||||
fn from(value: boring_signal::error::ErrorStack) -> Self {
|
||||
Self::SslError(SslErrorReasons(value))
|
||||
}
|
||||
}
|
||||
|
@ -9,11 +9,11 @@ use std::sync::Arc;
|
||||
|
||||
use crate::timeouts::TCP_CONNECTION_ATTEMPT_DELAY;
|
||||
use async_trait::async_trait;
|
||||
use boring::ssl::{ConnectConfiguration, SslConnector, SslMethod};
|
||||
use boring_signal::ssl::{ConnectConfiguration, SslConnector, SslMethod};
|
||||
use futures_util::TryFutureExt;
|
||||
use tokio::io::{AsyncRead, AsyncWrite};
|
||||
use tokio::net::TcpStream;
|
||||
use tokio_boring::SslStream;
|
||||
use tokio_boring_signal::SslStream;
|
||||
use tokio_util::either::Either;
|
||||
|
||||
use crate::infra::certs::RootCertificates;
|
||||
@ -130,7 +130,9 @@ impl TransportConnector for ProxyConnector {
|
||||
self.proxy_port
|
||||
);
|
||||
let ssl_config = ssl_config(&self.proxy_certs, &self.proxy_host, None)?;
|
||||
Either::Left(tokio_boring::connect(ssl_config, &self.proxy_host, tcp_stream).await?)
|
||||
Either::Left(
|
||||
tokio_boring_signal::connect(ssl_config, &self.proxy_host, tcp_stream).await?,
|
||||
)
|
||||
}
|
||||
ShouldUseTls::No => {
|
||||
log::debug!(
|
||||
@ -209,7 +211,7 @@ async fn connect_tls<S: AsyncRead + AsyncWrite + Unpin>(
|
||||
) -> Result<SslStream<S>, TransportConnectError> {
|
||||
let ssl_config = ssl_config(&connection_params.certs, &connection_params.sni, Some(alpn))?;
|
||||
|
||||
Ok(tokio_boring::connect(ssl_config, &connection_params.sni, transport).await?)
|
||||
Ok(tokio_boring_signal::connect(ssl_config, &connection_params.sni, transport).await?)
|
||||
}
|
||||
|
||||
async fn connect_tcp(
|
||||
@ -349,9 +351,9 @@ pub(crate) mod testutil {
|
||||
use std::net::{Ipv6Addr, SocketAddr};
|
||||
|
||||
use assert_matches::assert_matches;
|
||||
use boring::pkey::PKey;
|
||||
use boring::ssl::{SslAcceptor, SslMethod};
|
||||
use boring::x509::X509;
|
||||
use boring_signal::pkey::PKey;
|
||||
use boring_signal::ssl::{SslAcceptor, SslMethod};
|
||||
use boring_signal::x509::X509;
|
||||
use lazy_static::lazy_static;
|
||||
use rcgen::CertifiedKey;
|
||||
use tls_parser::{ClientHello, TlsExtension, TlsMessage, TlsMessageHandshake, TlsPlaintext};
|
||||
@ -458,7 +460,7 @@ pub(crate) mod testutil {
|
||||
let (tcp_stream, _remote_addr) =
|
||||
tcp_listener.accept().await.expect("incoming connection");
|
||||
let mut input_stream = if let Some(ssl_acceptor) = &ssl_acceptor {
|
||||
let ssl_stream = tokio_boring::accept(ssl_acceptor, tcp_stream)
|
||||
let ssl_stream = tokio_boring_signal::accept(ssl_acceptor, tcp_stream)
|
||||
.await
|
||||
.expect("handshake successful");
|
||||
|
||||
|
@ -479,7 +479,7 @@ impl From<attest::client_connection::Error> for AttestedConnectionError {
|
||||
}
|
||||
}
|
||||
|
||||
pub type DefaultStream = tokio_boring::SslStream<tokio::net::TcpStream>;
|
||||
pub type DefaultStream = tokio_boring_signal::SslStream<tokio::net::TcpStream>;
|
||||
|
||||
/// Encrypted connection to an attested host.
|
||||
#[derive(Debug)]
|
||||
|
@ -13,16 +13,17 @@ license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
argon2 = { version = "0.5.0", features = ["zeroize"] }
|
||||
displaydoc = "0.2"
|
||||
hkdf = "0.12"
|
||||
sha2 = "0.10"
|
||||
static_assertions = "1.1"
|
||||
thiserror = "1.0.57"
|
||||
displaydoc = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
rand_core = { workspace = true, features = ["getrandom"] }
|
||||
sha2 = { workspace = true }
|
||||
static_assertions = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
hex-literal = "0.4.1"
|
||||
hmac = { version = "0.12", features = ["reset"] }
|
||||
criterion = "0.5"
|
||||
hex-literal = { workspace = true }
|
||||
hmac = { workspace = true, features = ["reset"] }
|
||||
criterion = { workspace = true }
|
||||
|
||||
|
||||
[[bench]]
|
||||
|
@ -11,16 +11,16 @@ edition = "2021"
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
curve25519-dalek = "4.1.3"
|
||||
hmac = { version = "0.12", features = ["reset"] }
|
||||
sha2 = "0.10"
|
||||
curve25519-dalek = { workspace = true }
|
||||
hmac = { workspace = true, features = ["reset"] }
|
||||
sha2 = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
hex = "0.4"
|
||||
hex = { workspace = true }
|
||||
|
||||
# For benchmarking
|
||||
criterion = "0.5"
|
||||
rand = "0.8"
|
||||
criterion = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
|
||||
[[bench]]
|
||||
name = "sho"
|
||||
|
@ -14,32 +14,32 @@ license = "AGPL-3.0-only"
|
||||
libsignal-core = { path = "../core" }
|
||||
signal-crypto = { path = "../crypto" }
|
||||
|
||||
aes = { version = "0.8.3", features = ["zeroize"] }
|
||||
aes-gcm-siv = "0.11.1"
|
||||
aes = { workspace = true, features = ["zeroize"] }
|
||||
aes-gcm-siv = { workspace = true }
|
||||
arrayref = "0.3.6"
|
||||
async-trait = "0.1.41"
|
||||
ctr = { version = "0.9.2", features = ["zeroize"] }
|
||||
curve25519-dalek = { version = "4.1.3", features = ["digest"] }
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2"
|
||||
hex = "0.4"
|
||||
hkdf = "0.12"
|
||||
hmac = "0.12"
|
||||
indexmap = "2.1.0"
|
||||
itertools = "0.13.0"
|
||||
log = "0.4"
|
||||
num_enum = "0.7.2"
|
||||
async-trait = { workspace = true }
|
||||
ctr = { workspace = true, features = ["zeroize"] }
|
||||
curve25519-dalek = { workspace = true, features = ["digest"] }
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
indexmap = { workspace = true }
|
||||
itertools = { workspace = true }
|
||||
log = { workspace = true }
|
||||
num_enum = { workspace = true }
|
||||
pqcrypto-kyber = { version = "0.7.6", default-features = false, features = ["std"] }
|
||||
pqcrypto-traits = "0.3.4"
|
||||
prost = "0.13.1"
|
||||
rand = "0.8"
|
||||
rayon = "1.8.0"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
sha2 = "0.10"
|
||||
subtle = "2.3"
|
||||
thiserror = "1.0.30"
|
||||
uuid = "1.1.2"
|
||||
x25519-dalek = { version = "2.0.0", features = ["static_secrets"] }
|
||||
prost = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rayon = { workspace = true }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
sha2 = { workspace = true }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
uuid = { workspace = true }
|
||||
x25519-dalek = { workspace = true, features = ["static_secrets"] }
|
||||
|
||||
# WARNING: pqcrypto-kyber 0.8 and 0.7 don't actually coexist, they both depend on the same C symbols.
|
||||
# We keep this here for if/when that gets cleared up.
|
||||
@ -53,15 +53,15 @@ kyber768 = []
|
||||
mlkem1024 = ["pqcrypto-ml-kem"]
|
||||
|
||||
[dev-dependencies]
|
||||
clap = { version = "4.4.11", features = ["derive"] }
|
||||
criterion = "0.5"
|
||||
hex-literal = "0.4.1"
|
||||
proptest = "1.0"
|
||||
futures-util = "0.3.7"
|
||||
env_logger = "0.11.4"
|
||||
clap = { workspace = true, features = ["derive"] }
|
||||
criterion = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
proptest = { workspace = true }
|
||||
futures-util = { workspace = true }
|
||||
env_logger = { workspace = true }
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13.1"
|
||||
prost-build = { workspace = true }
|
||||
|
||||
[[bench]]
|
||||
name = "curve"
|
||||
|
@ -10,24 +10,24 @@ authors = ["Signal Messenger LLC"]
|
||||
license = "AGPL-3.0-only"
|
||||
|
||||
[dependencies]
|
||||
curve25519-dalek = { version = "4.1.3", features = ["rand_core"] }
|
||||
displaydoc = "0.2"
|
||||
hkdf = "0.12"
|
||||
prost = "0.13.1"
|
||||
rand_core = { version = "0.6", features = ["getrandom"] }
|
||||
sha2 = "0.10"
|
||||
strum_macros = "0.26"
|
||||
subtle = "2.5"
|
||||
curve25519-dalek = { workspace = true, features = ["rand_core"] }
|
||||
displaydoc = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
rand_core = { workspace = true, features = ["getrandom"] }
|
||||
sha2 = { workspace = true }
|
||||
strum = { workspace = true, features = ["derive"] }
|
||||
subtle = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
assert_matches = "1.5"
|
||||
zerocopy = "0.7.34"
|
||||
criterion = "0.5"
|
||||
hex = "0.4"
|
||||
hex-literal = "0.4.1"
|
||||
nonzero_ext = "0.3.0"
|
||||
test-case = "3.2.1"
|
||||
proptest = "1.0"
|
||||
assert_matches = { workspace = true }
|
||||
zerocopy = { workspace = true }
|
||||
criterion = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
nonzero_ext = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
proptest = { workspace = true }
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13.1"
|
||||
prost-build = { workspace = true }
|
||||
|
@ -38,7 +38,7 @@ impl std::fmt::Display for svr4::response4::Status {
|
||||
}
|
||||
|
||||
/// Represents an erroneous SVR3 response status
|
||||
#[derive(Debug, strum_macros::Display, PartialEq)]
|
||||
#[derive(Debug, strum::Display, PartialEq)]
|
||||
pub enum ErrorStatus {
|
||||
Unset,
|
||||
Missing,
|
||||
|
@ -15,27 +15,27 @@ license = "AGPL-3.0-only"
|
||||
poksho = { path = "../poksho" }
|
||||
signal-crypto = { path = "../crypto" }
|
||||
|
||||
curve25519-dalek = { version = "4.1.3", features = ["digest"] }
|
||||
displaydoc = "0.2"
|
||||
hkdf = "0.12"
|
||||
hmac = "0.12"
|
||||
lazy_static = "1.4.0"
|
||||
log = "0.4"
|
||||
prost = "0.13.1"
|
||||
rand = "0.8"
|
||||
sha2 = "0.10"
|
||||
subtle = "2.5.0"
|
||||
thiserror = "1.0.40"
|
||||
curve25519-dalek = { workspace = true, features = ["digest"] }
|
||||
displaydoc = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
hmac = { workspace = true }
|
||||
lazy_static = { workspace = true }
|
||||
log = { workspace = true }
|
||||
prost = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
sha2 = { workspace = true }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
zkgroup = { path = "../zkgroup" }
|
||||
|
||||
proptest = "1.0"
|
||||
criterion = "0.5"
|
||||
proptest = { workspace = true }
|
||||
criterion = { workspace = true }
|
||||
|
||||
[[bench]]
|
||||
name = "usernames_benchmarks"
|
||||
harness = false
|
||||
|
||||
[build-dependencies]
|
||||
prost-build = "0.13.1"
|
||||
prost-build = { workspace = true }
|
||||
|
@ -13,27 +13,27 @@ license = "AGPL-3.0-only"
|
||||
[dependencies]
|
||||
poksho = { path = "../poksho" }
|
||||
|
||||
cfg-if = "1.0.0"
|
||||
curve25519-dalek = { version = "4.1.3", features = ["serde"] }
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2"
|
||||
lazy_static = "1.4.0"
|
||||
partial-default = { version = "0.1.0", features = ["derive"] }
|
||||
serde = { version = "1.0.106", features = ["derive"] }
|
||||
sha2 = "0.10"
|
||||
subtle = "2.3"
|
||||
thiserror = "1.0.57"
|
||||
cfg-if = { workspace = true }
|
||||
curve25519-dalek = { workspace = true, features = ["serde"] }
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
lazy_static = { workspace = true }
|
||||
partial-default = { workspace = true, features = ["derive"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
sha2 = { workspace = true }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
# If rayon is enabled, certain operations will use rayon's thread pool.
|
||||
rayon = { version = "1.8.0", optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
bincode = "1.2.1"
|
||||
hex = "0.4"
|
||||
hex-literal = "0.4.1"
|
||||
bincode = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
|
||||
# For benchmarking
|
||||
criterion = "0.5"
|
||||
criterion = { workspace = true }
|
||||
|
||||
# Many of zkcredential's tests live in the zkgroup crate,
|
||||
# since zkcredential was designed to work with existing verifiably encrypted attribute types.
|
||||
|
@ -17,35 +17,36 @@ poksho = { path = "../poksho" }
|
||||
signal-crypto = { path = "../crypto" }
|
||||
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
||||
|
||||
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3', version = "4.1.1", features = ["serde"] }
|
||||
# Use our fork of curve25519-dalek for zkgroup support.
|
||||
curve25519-dalek-signal = { workspace = true, features = ["serde"] }
|
||||
|
||||
aes-gcm-siv = "0.11.1"
|
||||
bincode = "1.2.1"
|
||||
derive-where = "1.2.5"
|
||||
displaydoc = "0.2"
|
||||
hex = "0.4.0"
|
||||
hex-literal = "0.4.1"
|
||||
hkdf = "0.12"
|
||||
lazy_static = "1.4.0"
|
||||
num_enum = "0.7.2"
|
||||
partial-default = { version = "0.1.0", features = ["derive"] }
|
||||
rand = "0.8"
|
||||
rayon = "1.8.0"
|
||||
serde = { version = "1.0.106", features = ["derive"] }
|
||||
sha2 = "0.10.0"
|
||||
subtle = "2.3"
|
||||
thiserror = "1.0.57"
|
||||
uuid = "1.1.2"
|
||||
aes-gcm-siv = { workspace = true }
|
||||
bincode = { workspace = true }
|
||||
derive-where = { workspace = true }
|
||||
displaydoc = { workspace = true }
|
||||
hex = { workspace = true }
|
||||
hex-literal = { workspace = true }
|
||||
hkdf = { workspace = true }
|
||||
lazy_static = { workspace = true }
|
||||
num_enum = { workspace = true }
|
||||
partial-default = { workspace = true, features = ["derive"] }
|
||||
rand = { workspace = true }
|
||||
rayon = { workspace = true }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
sha2 = { workspace = true }
|
||||
subtle = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
uuid = { workspace = true }
|
||||
|
||||
# For generation
|
||||
base64 = { version = "0.21", optional = true }
|
||||
base64 = { workspace = true, optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
uuid = { version = "1", features = ["v5"] }
|
||||
uuid = { workspace = true, features = ["v5"] }
|
||||
|
||||
# For benchmarking
|
||||
criterion = "0.5"
|
||||
test-case = "3.3.1"
|
||||
criterion = { workspace = true }
|
||||
test-case = { workspace = true }
|
||||
|
||||
[[bench]]
|
||||
name = "zkgroup_benchmarks"
|
||||
|
@ -15,7 +15,7 @@
|
||||
//! The BackupAuthCredential has the additional constraint that it should be deterministically reproducible. Rather than a randomly
|
||||
//! seeded blinding key pair, the key pair is derived from, you guessed it, the client's master key.
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use hkdf::Hkdf;
|
||||
use partial_default::PartialDefault;
|
||||
use poksho::ShoApi;
|
||||
|
@ -10,7 +10,7 @@
|
||||
//! - the user's ACI (provided by the chat server at issuance, passed encrypted to the calling server for verification)
|
||||
//! - a timestamp, truncated to day granularity (chosen by the chat server at issuance, passed publicly to the calling server for verification)
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use partial_default::PartialDefault;
|
||||
use poksho::ShoApi;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
@ -93,9 +93,9 @@ impl GroupSendEndorsementsResponse {
|
||||
/// it.
|
||||
///
|
||||
/// The `usize` in each pair must be the original index of the point.
|
||||
fn sort_points(points: &mut [(usize, curve25519_dalek::RistrettoPoint)]) {
|
||||
fn sort_points(points: &mut [(usize, curve25519_dalek_signal::RistrettoPoint)]) {
|
||||
debug_assert!(points.iter().enumerate().all(|(i, (j, _))| i == *j));
|
||||
let sort_keys = curve25519_dalek::RistrettoPoint::double_and_compress_batch(
|
||||
let sort_keys = curve25519_dalek_signal::RistrettoPoint::double_and_compress_batch(
|
||||
points.iter().map(|(_i, point)| point),
|
||||
);
|
||||
points.sort_unstable_by_key(|(i, _point)| sort_keys[*i].as_bytes());
|
||||
@ -112,11 +112,12 @@ impl GroupSendEndorsementsResponse {
|
||||
// Note: we could save some work here by pulling the single point we need out of the
|
||||
// serialized bytes, and operating directly on that. However, we'd have to remember to
|
||||
// update that if the serialization format ever changes.
|
||||
let mut points_to_sign: Vec<(usize, curve25519_dalek::RistrettoPoint)> = member_ciphertexts
|
||||
.into_iter()
|
||||
.map(|ciphertext| ciphertext.ciphertext.as_points()[0])
|
||||
.enumerate()
|
||||
.collect();
|
||||
let mut points_to_sign: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> =
|
||||
member_ciphertexts
|
||||
.into_iter()
|
||||
.map(|ciphertext| ciphertext.ciphertext.as_points()[0])
|
||||
.enumerate()
|
||||
.collect();
|
||||
Self::sort_points(&mut points_to_sign);
|
||||
|
||||
let endorsements = zkcredential::endorsements::EndorsementResponse::issue(
|
||||
@ -194,7 +195,7 @@ impl GroupSendEndorsementsResponse {
|
||||
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
||||
// would be much more expensive).
|
||||
// We zip the results together with a set of indexes so we can un-sort the results later.
|
||||
let mut member_points: Vec<(usize, curve25519_dalek::RistrettoPoint)> = user_ids
|
||||
let mut member_points: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> = user_ids
|
||||
.into_iter()
|
||||
.map(|user_id| {
|
||||
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
||||
@ -251,7 +252,7 @@ impl GroupSendEndorsementsResponse {
|
||||
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
||||
// would be much more expensive).
|
||||
// We zip the results together with a set of indexes so we can un-sort the results later.
|
||||
let mut member_points: Vec<(usize, curve25519_dalek::RistrettoPoint)> = user_ids
|
||||
let mut member_points: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> = user_ids
|
||||
.into_par_iter()
|
||||
.map(|user_id| {
|
||||
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
||||
@ -340,18 +341,18 @@ impl GroupSendEndorsementsResponse {
|
||||
|
||||
/// A single endorsement, for one or multiple group members.
|
||||
///
|
||||
/// `Storage` is usually [`curve25519_dalek::RistrettoPoint`], but the `receive` APIs on
|
||||
/// `Storage` is usually [`curve25519_dalek_signal::RistrettoPoint`], but the `receive` APIs on
|
||||
/// [`GroupSendEndorsementsResponse`] produce "compressed" endorsements, since they are usually
|
||||
/// immediately serialized.
|
||||
#[derive(Serialize, Deserialize, PartialDefault, Clone, Copy)]
|
||||
#[partial_default(bound = "Storage: curve25519_dalek::traits::Identity")]
|
||||
#[partial_default(bound = "Storage: curve25519_dalek_signal::traits::Identity")]
|
||||
#[derive_where(PartialEq; Storage: subtle::ConstantTimeEq)]
|
||||
pub struct GroupSendEndorsement<Storage = curve25519_dalek::RistrettoPoint> {
|
||||
pub struct GroupSendEndorsement<Storage = curve25519_dalek_signal::RistrettoPoint> {
|
||||
reserved: ReservedByte,
|
||||
endorsement: zkcredential::endorsements::Endorsement<Storage>,
|
||||
}
|
||||
|
||||
impl Debug for GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
||||
impl Debug for GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint> {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
f.debug_struct("GroupSendEndorsement")
|
||||
.field("reserved", &self.reserved)
|
||||
@ -360,7 +361,7 @@ impl Debug for GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
||||
}
|
||||
}
|
||||
|
||||
impl Debug for GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
||||
impl Debug for GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
f.debug_struct("GroupSendEndorsement")
|
||||
.field("reserved", &self.reserved)
|
||||
@ -388,11 +389,11 @@ pub struct ReceivedEndorsement {
|
||||
// existing memory allocation isn't sufficient anyway, and thus we're better off constructing a
|
||||
// single big Vec rather than two smaller ones, especially since we have to un-permute the
|
||||
// results. (It's close, though, only a 3-6% difference at the largest group sizes.)
|
||||
pub compressed: GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto>,
|
||||
pub compressed: GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto>,
|
||||
pub decompressed: GroupSendEndorsement,
|
||||
}
|
||||
|
||||
impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
||||
impl GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||
/// Attempts to decompress the GroupSendEndorsement.
|
||||
///
|
||||
/// Produces [`ZkGroupDeserializationFailure`] if the compressed storage isn't a valid
|
||||
@ -402,8 +403,10 @@ impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
||||
/// `GroupSendEndorsement<CompressedRistretto>` and then calling `decompress`.
|
||||
pub fn decompress(
|
||||
self,
|
||||
) -> Result<GroupSendEndorsement<curve25519_dalek::RistrettoPoint>, ZkGroupDeserializationFailure>
|
||||
{
|
||||
) -> Result<
|
||||
GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint>,
|
||||
ZkGroupDeserializationFailure,
|
||||
> {
|
||||
Ok(GroupSendEndorsement {
|
||||
reserved: self.reserved,
|
||||
endorsement: self
|
||||
@ -414,14 +417,14 @@ impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
||||
}
|
||||
}
|
||||
|
||||
impl GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
||||
impl GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint> {
|
||||
/// Compresses the GroupSendEndorsement for storage.
|
||||
///
|
||||
/// Serializing an `GroupSendEndorsement<RistrettoPoint>` is equivalent to calling `compress` and
|
||||
/// serializing the resulting `GroupSendEndorsement<CompressedRistretto>`.
|
||||
pub fn compress(
|
||||
self,
|
||||
) -> GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
||||
) -> GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||
GroupSendEndorsement {
|
||||
reserved: self.reserved,
|
||||
endorsement: self.endorsement.compress(),
|
||||
@ -567,7 +570,7 @@ impl GroupSendFullToken {
|
||||
"wrong key pair used for this token"
|
||||
);
|
||||
|
||||
let user_id_sum: curve25519_dalek::RistrettoPoint = user_ids
|
||||
let user_id_sum: curve25519_dalek_signal::RistrettoPoint = user_ids
|
||||
.into_iter()
|
||||
.map(crypto::uid_struct::UidStruct::calc_M1)
|
||||
.sum();
|
||||
|
@ -3,8 +3,8 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use poksho::ShoApi;
|
||||
|
||||
pub struct Sho {
|
||||
|
@ -3,7 +3,7 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use zkcredential::attributes::PublicAttribute;
|
||||
|
@ -5,9 +5,9 @@
|
||||
|
||||
#![allow(non_snake_case)]
|
||||
|
||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -9,8 +9,8 @@ use crate::common::constants::*;
|
||||
use crate::common::sho::*;
|
||||
use crate::common::simple_types::*;
|
||||
use crate::crypto::profile_key_struct;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -10,9 +10,9 @@ use crate::crypto::credentials::{
|
||||
BlindedExpiringProfileKeyCredential, ExpiringProfileKeyCredential,
|
||||
};
|
||||
use crate::crypto::profile_key_struct;
|
||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -9,7 +9,7 @@ use crate::common::errors::*;
|
||||
use crate::common::sho::*;
|
||||
use crate::common::simple_types::*;
|
||||
use crate::crypto::profile_key_struct;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
use crate::common::constants::*;
|
||||
use crate::common::sho::*;
|
||||
use crate::common::simple_types::*;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -5,9 +5,9 @@
|
||||
|
||||
#![allow(non_snake_case)]
|
||||
|
||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::traits::Identity;
|
||||
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::traits::Identity;
|
||||
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
@ -5,9 +5,9 @@
|
||||
|
||||
#![allow(non_snake_case)]
|
||||
|
||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::common::sho::Sho;
|
||||
|
@ -7,9 +7,9 @@ use crate::common::constants::*;
|
||||
use crate::common::errors::*;
|
||||
use crate::common::sho::*;
|
||||
use crate::common::simple_types::*;
|
||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use curve25519_dalek_signal::scalar::Scalar;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::common::sho::Sho;
|
||||
|
@ -9,7 +9,7 @@ use crate::common::errors::*;
|
||||
use crate::common::sho::*;
|
||||
use crate::crypto::uid_struct;
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use lazy_static::lazy_static;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
use crate::common::sho::*;
|
||||
use crate::common::simple_types::*;
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use libsignal_core::ServiceId;
|
||||
use partial_default::PartialDefault;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
@ -7,7 +7,7 @@
|
||||
//!
|
||||
//! Has to live in zkgroup because they implement zkcredential traits on zkgroup types.
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use poksho::{ShoApi, ShoSha256};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use zkcredential::attributes::{Attribute, Domain, RevealedAttribute};
|
||||
@ -453,8 +453,8 @@ struct InverseUidDecryptionKey;
|
||||
impl zkcredential::attributes::Domain for InverseUidDecryptionKey {
|
||||
type Attribute = uid_encryption::Ciphertext;
|
||||
const ID: &'static str = "InverseUidEncryptionDomain_20231011";
|
||||
fn G_a() -> [curve25519_dalek::RistrettoPoint; 2] {
|
||||
static STORAGE: std::sync::OnceLock<[curve25519_dalek::RistrettoPoint; 2]> =
|
||||
fn G_a() -> [curve25519_dalek_signal::RistrettoPoint; 2] {
|
||||
static STORAGE: std::sync::OnceLock<[curve25519_dalek_signal::RistrettoPoint; 2]> =
|
||||
std::sync::OnceLock::new();
|
||||
*zkcredential::attributes::derive_default_generator_points::<Self>(&STORAGE)
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
||||
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||
use hex_literal::hex;
|
||||
use sha2::Sha256;
|
||||
use zkgroup::{Timestamp, SECONDS_PER_DAY};
|
||||
|
Loading…
Reference in New Issue
Block a user