mirror of
https://github.com/signalapp/libsignal.git
synced 2024-09-19 19:42:19 +02:00
Use workspace.dependencies for common dependencies
This commit is contained in:
parent
9e6061a172
commit
e84af68a1b
@ -6,7 +6,7 @@ indent_string = ' '
|
|||||||
|
|
||||||
[[rule]]
|
[[rule]]
|
||||||
include = ["**/Cargo.toml"]
|
include = ["**/Cargo.toml"]
|
||||||
keys = ["dependencies"]
|
keys = ["dependencies", "workspace.dependencies"]
|
||||||
|
|
||||||
[rule.formatting]
|
[rule.formatting]
|
||||||
reorder_keys = true
|
reorder_keys = true
|
||||||
|
5
Cargo.lock
generated
5
Cargo.lock
generated
@ -2125,10 +2125,8 @@ dependencies = [
|
|||||||
name = "libsignal-jni-testing"
|
name = "libsignal-jni-testing"
|
||||||
version = "0.56.0"
|
version = "0.56.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"jni 0.21.1",
|
|
||||||
"libsignal-bridge-testing",
|
"libsignal-bridge-testing",
|
||||||
"log",
|
"log",
|
||||||
"log-panics",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@ -2357,7 +2355,7 @@ dependencies = [
|
|||||||
"prost-build",
|
"prost-build",
|
||||||
"rand_core",
|
"rand_core",
|
||||||
"sha2",
|
"sha2",
|
||||||
"strum_macros",
|
"strum",
|
||||||
"subtle",
|
"subtle",
|
||||||
"test-case",
|
"test-case",
|
||||||
"zerocopy",
|
"zerocopy",
|
||||||
@ -3897,6 +3895,7 @@ dependencies = [
|
|||||||
"hex-literal",
|
"hex-literal",
|
||||||
"hkdf",
|
"hkdf",
|
||||||
"hmac",
|
"hmac",
|
||||||
|
"rand_core",
|
||||||
"sha2",
|
"sha2",
|
||||||
"static_assertions",
|
"static_assertions",
|
||||||
"thiserror",
|
"thiserror",
|
||||||
|
89
Cargo.toml
89
Cargo.toml
@ -34,10 +34,95 @@ default-members = [
|
|||||||
]
|
]
|
||||||
resolver = "2" # so that our dev-dependency features don't leak into products
|
resolver = "2" # so that our dev-dependency features don't leak into products
|
||||||
|
|
||||||
|
[workspace.dependencies]
|
||||||
|
# Our forks of some dependencies, accessible as xxx_signal so that usages of them are obvious in source code. Crates
|
||||||
|
# that want to use the real things can depend on those directly.
|
||||||
|
|
||||||
|
boring-signal = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0", package = "boring", default-features = false }
|
||||||
|
curve25519-dalek-signal = { git = 'https://github.com/signalapp/curve25519-dalek', package = "curve25519-dalek", tag = 'signal-curve25519-4.1.3' }
|
||||||
|
tokio-boring-signal = { git = "https://github.com/signalapp/boring", package = "tokio-boring", tag = "signal-v4.9.0" }
|
||||||
|
|
||||||
|
aes = "0.8.3"
|
||||||
|
aes-gcm-siv = "0.11.1"
|
||||||
|
array-concat = "0.5.2"
|
||||||
|
arrayvec = "0.7.4"
|
||||||
|
asn1 = "0.16.1"
|
||||||
|
assert_matches = "1.5"
|
||||||
|
async-trait = "0.1.41"
|
||||||
|
atomic-take = "1.1.0"
|
||||||
|
base64 = "0.21"
|
||||||
|
bincode = "1.0"
|
||||||
|
bitflags = "2.3.3"
|
||||||
|
boring = { version = "4.6.0", default-features = false }
|
||||||
|
cbc = "0.1.2"
|
||||||
|
cfg-if = "1.0.0"
|
||||||
|
chacha20poly1305 = "0.10.1"
|
||||||
|
chrono = "0.4"
|
||||||
|
ciborium = "0.2"
|
||||||
|
clap = "4.4.11"
|
||||||
|
criterion = "0.5"
|
||||||
|
ctr = "0.9.2"
|
||||||
|
curve25519-dalek = "4.1.3"
|
||||||
|
derive-where = "1.2.5"
|
||||||
|
displaydoc = "0.2"
|
||||||
|
ed25519-dalek = "2.1.0"
|
||||||
|
env_logger = "0.11.4"
|
||||||
|
futures = "0.3"
|
||||||
|
futures-util = "0.3"
|
||||||
|
heck = "0.5"
|
||||||
|
hex = "0.4"
|
||||||
|
hex-literal = "0.4.1"
|
||||||
|
hkdf = "0.12"
|
||||||
|
hmac = "0.12.0"
|
||||||
|
http = "1.0.0"
|
||||||
|
indexmap = "2.1.0"
|
||||||
|
itertools = "0.13.0"
|
||||||
|
jni = "0.21"
|
||||||
|
lazy_static = "1.4.0"
|
||||||
|
libc = "0.2"
|
||||||
|
linkme = "0.3.9"
|
||||||
|
log = "0.4"
|
||||||
|
log-panics = "2.1.0"
|
||||||
|
mediasan-common = "0.5.0"
|
||||||
|
neon = { version = "1.0.0", default-features = false }
|
||||||
|
nonzero_ext = "0.3.0"
|
||||||
|
num_enum = "0.7.2"
|
||||||
|
once_cell = "1.19.0"
|
||||||
|
partial-default = "0.1.0"
|
||||||
|
paste = "1.0"
|
||||||
|
proc-macro2 = "1.0"
|
||||||
|
proptest = "1.0"
|
||||||
|
prost = "0.13.1"
|
||||||
|
prost-build = "0.13.1"
|
||||||
|
quote = "1.0"
|
||||||
|
rand = "0.8"
|
||||||
|
rand_core = "0.6"
|
||||||
|
rayon = "1.8.0"
|
||||||
|
rustls-platform-verifier = "0.3.1"
|
||||||
|
scopeguard = "1.0"
|
||||||
|
serde = "1.0"
|
||||||
|
serde_json = "1.0"
|
||||||
|
sha1 = "0.10"
|
||||||
|
sha2 = "0.10"
|
||||||
|
snow = { version = "0.9.6", default-features = false }
|
||||||
|
static_assertions = "1.1"
|
||||||
|
strum = "0.26"
|
||||||
|
subtle = "2.5"
|
||||||
|
syn = "2.0"
|
||||||
|
syn-mid = "0.6"
|
||||||
|
test-case = "3.3"
|
||||||
|
testing_logger = "0.1.1"
|
||||||
|
thiserror = "1.0.57"
|
||||||
|
tokio = "1"
|
||||||
|
uuid = "1.1.2"
|
||||||
|
x25519-dalek = "2.0.0"
|
||||||
|
zerocopy = "0.7.34"
|
||||||
|
|
||||||
[patch.crates-io]
|
[patch.crates-io]
|
||||||
# Use our fork of curve25519-dalek for zkgroup support.
|
# When building libsignal, just use our forks so we don't end up with two different versions of the libraries.
|
||||||
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3' }
|
|
||||||
boring = { git = 'https://github.com/signalapp/boring', tag = 'signal-v4.9.0' }
|
boring = { git = 'https://github.com/signalapp/boring', tag = 'signal-v4.9.0' }
|
||||||
|
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3' }
|
||||||
|
|
||||||
[profile.dev.package.argon2]
|
[profile.dev.package.argon2]
|
||||||
opt-level = 2 # signal-signal-pin unit tests are too slow with an unoptimized argon2
|
opt-level = 2 # signal-signal-pin unit tests are too slow with an unoptimized argon2
|
||||||
|
@ -11,42 +11,41 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0", default-features = false }
|
asn1 = { workspace = true }
|
||||||
|
base64 = { workspace = true }
|
||||||
asn1 = "0.16.1"
|
bitflags = { workspace = true }
|
||||||
base64 = "0.21"
|
|
||||||
bitflags = "2.3.3"
|
|
||||||
blake2 = "0.10"
|
blake2 = "0.10"
|
||||||
chacha20poly1305 = "0.10.1"
|
boring-signal = { workspace = true }
|
||||||
chrono = { version = "0.4", features = ["serde"] }
|
chacha20poly1305 = { workspace = true }
|
||||||
ciborium = "0.2"
|
chrono = { workspace = true, features = ["serde"] }
|
||||||
displaydoc = "0.2"
|
ciborium = { workspace = true }
|
||||||
hex = { version = "0.4", features = ["serde"] }
|
displaydoc = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex = { workspace = true, features = ["serde"] }
|
||||||
lazy_static = "1.4.0"
|
hex-literal = { workspace = true }
|
||||||
libc = "0.2"
|
lazy_static = { workspace = true }
|
||||||
log = "0.4"
|
libc = { workspace = true }
|
||||||
prost = "0.13.1"
|
log = { workspace = true }
|
||||||
rand_core = { version = "0.6", features = ["getrandom"] }
|
prost = { workspace = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
rand_core = { workspace = true }
|
||||||
serde_json = { version = "1.0", features = ["raw_value"] }
|
serde = { workspace = true }
|
||||||
sha2 = "0.10"
|
serde_json = { workspace = true, features = ["raw_value"] }
|
||||||
snow = { version = "0.9.5", default-features = false }
|
sha2 = { workspace = true }
|
||||||
static_assertions = "1.1"
|
snow = { workspace = true }
|
||||||
strum = { version = "0.26", features = ["derive"] }
|
static_assertions = { workspace = true }
|
||||||
subtle = "2.5"
|
strum = { workspace = true, features = ["derive"] }
|
||||||
thiserror = "1.0.57"
|
subtle = { workspace = true }
|
||||||
uuid = "1.1.2"
|
thiserror = { workspace = true }
|
||||||
x25519-dalek = "2.0.0"
|
uuid = { workspace = true }
|
||||||
zerocopy = { version = "0.7.34", features = ["derive"] }
|
x25519-dalek = { workspace = true }
|
||||||
|
zerocopy = { workspace = true, features = ["derive"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5"
|
assert_matches = { workspace = true }
|
||||||
snow = { version = "0.9.5", features = ["default-resolver"] }
|
snow = { workspace = true, features = ["default-resolver"] }
|
||||||
test-case = "3.3"
|
test-case = { workspace = true }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13.1"
|
prost-build = { workspace = true }
|
||||||
|
|
||||||
[lints.rust]
|
[lints.rust]
|
||||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(fuzzing)'] }
|
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(fuzzing)'] }
|
||||||
|
@ -3,12 +3,12 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use boring::ec::EcKey;
|
use boring_signal::ec::EcKey;
|
||||||
use boring::pkey::Public;
|
use boring_signal::pkey::Public;
|
||||||
use boring::stack::{Stack, Stackable};
|
use boring_signal::stack::{Stack, Stackable};
|
||||||
use boring::x509::crl::X509CRLRef;
|
use boring_signal::x509::crl::X509CRLRef;
|
||||||
use boring::x509::store::X509StoreRef;
|
use boring_signal::x509::store::X509StoreRef;
|
||||||
use boring::x509::{X509StoreContext, X509};
|
use boring_signal::x509::{X509StoreContext, X509};
|
||||||
|
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
@ -93,7 +93,7 @@ impl CertChain {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Converts the iterator into a stack, preserving the iterator's original order
|
/// Converts the iterator into a stack, preserving the iterator's original order
|
||||||
fn stack<T, I>(ts: I) -> std::result::Result<Stack<T>, boring::error::ErrorStack>
|
fn stack<T, I>(ts: I) -> std::result::Result<Stack<T>, boring_signal::error::ErrorStack>
|
||||||
where
|
where
|
||||||
T: Stackable,
|
T: Stackable,
|
||||||
I: IntoIterator<Item = T>,
|
I: IntoIterator<Item = T>,
|
||||||
@ -164,15 +164,15 @@ impl Expireable for CertChain {
|
|||||||
pub mod testutil {
|
pub mod testutil {
|
||||||
use super::CertChain;
|
use super::CertChain;
|
||||||
|
|
||||||
use boring::asn1::{Asn1Integer, Asn1IntegerRef, Asn1Time};
|
use boring_signal::asn1::{Asn1Integer, Asn1IntegerRef, Asn1Time};
|
||||||
use boring::bn::{BigNum, MsbOption};
|
use boring_signal::bn::{BigNum, MsbOption};
|
||||||
use boring::ec::{EcGroup, EcKey};
|
use boring_signal::ec::{EcGroup, EcKey};
|
||||||
use boring::hash::MessageDigest;
|
use boring_signal::hash::MessageDigest;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::pkey::{PKey, Private};
|
use boring_signal::pkey::{PKey, Private};
|
||||||
use boring::x509::crl::{X509CRLBuilder, X509Revoked, X509CRL};
|
use boring_signal::x509::crl::{X509CRLBuilder, X509Revoked, X509CRL};
|
||||||
use boring::x509::extension::BasicConstraints;
|
use boring_signal::x509::extension::BasicConstraints;
|
||||||
use boring::x509::{X509Name, X509};
|
use boring_signal::x509::{X509Name, X509};
|
||||||
use std::borrow::Borrow;
|
use std::borrow::Borrow;
|
||||||
|
|
||||||
/// generate EC private key
|
/// generate EC private key
|
||||||
@ -313,10 +313,10 @@ mod test {
|
|||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
use assert_matches::assert_matches;
|
use assert_matches::assert_matches;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::x509::store::{X509Store, X509StoreBuilder};
|
use boring_signal::x509::store::{X509Store, X509StoreBuilder};
|
||||||
use boring::x509::verify::X509VerifyFlags;
|
use boring_signal::x509::verify::X509VerifyFlags;
|
||||||
use boring::x509::X509Ref;
|
use boring_signal::x509::X509Ref;
|
||||||
|
|
||||||
fn names(certs: &[X509]) -> Vec<String> {
|
fn names(certs: &[X509]) -> Vec<String> {
|
||||||
certs
|
certs
|
||||||
|
@ -25,16 +25,16 @@ use std::collections::HashMap;
|
|||||||
|
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use boring::asn1::{Asn1Time, Asn1TimeRef};
|
use boring_signal::asn1::{Asn1Time, Asn1TimeRef};
|
||||||
use boring::bn::BigNumContext;
|
use boring_signal::bn::BigNumContext;
|
||||||
use boring::ec::*;
|
use boring_signal::ec::*;
|
||||||
use boring::error::ErrorStack;
|
use boring_signal::error::ErrorStack;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::pkey::{PKey, PKeyRef, Public};
|
use boring_signal::pkey::{PKey, PKeyRef, Public};
|
||||||
use boring::x509::crl::X509CRLRef;
|
use boring_signal::x509::crl::X509CRLRef;
|
||||||
use boring::x509::store::{X509Store, X509StoreBuilder};
|
use boring_signal::x509::store::{X509Store, X509StoreBuilder};
|
||||||
use boring::x509::verify::X509VerifyFlags;
|
use boring_signal::x509::verify::X509VerifyFlags;
|
||||||
use boring::x509::{X509Ref, X509};
|
use boring_signal::x509::{X509Ref, X509};
|
||||||
use hex::ToHex;
|
use hex::ToHex;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
@ -653,7 +653,7 @@ mod test {
|
|||||||
|
|
||||||
use crate::dcap::endorsements::{QeTcbLevel, TcbInfoVersion};
|
use crate::dcap::endorsements::{QeTcbLevel, TcbInfoVersion};
|
||||||
use crate::dcap::fakes::FakeAttestation;
|
use crate::dcap::fakes::FakeAttestation;
|
||||||
use boring::bn::BigNum;
|
use boring_signal::bn::BigNum;
|
||||||
use hex_literal::hex;
|
use hex_literal::hex;
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
@ -3,10 +3,10 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use boring::bn::BigNum;
|
use boring_signal::bn::BigNum;
|
||||||
use boring::ec::EcKeyRef;
|
use boring_signal::ec::EcKeyRef;
|
||||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||||
use boring::pkey::Public;
|
use boring_signal::pkey::Public;
|
||||||
use sha2::Digest;
|
use sha2::Digest;
|
||||||
|
|
||||||
/// Deserialize a 64 byte ECDSA Signature
|
/// Deserialize a 64 byte ECDSA Signature
|
||||||
|
@ -8,9 +8,9 @@
|
|||||||
//! through the Intel Provisioning Certification Service (PCS), or a cache (PCCS).
|
//! through the Intel Provisioning Certification Service (PCS), or a cache (PCCS).
|
||||||
//! For specification of the json data structures within the OE structures,
|
//! For specification of the json data structures within the OE structures,
|
||||||
//! see <https://api.portal.trustedservices.intel.com/documentation>
|
//! see <https://api.portal.trustedservices.intel.com/documentation>
|
||||||
use boring::ec::EcKeyRef;
|
use boring_signal::ec::EcKeyRef;
|
||||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||||
use boring::pkey::Public;
|
use boring_signal::pkey::Public;
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
use serde_json::value::RawValue;
|
use serde_json::value::RawValue;
|
||||||
|
@ -19,13 +19,13 @@ use crate::dcap::endorsements::SgxEndorsements;
|
|||||||
use crate::dcap::evidence::Evidence;
|
use crate::dcap::evidence::Evidence;
|
||||||
use crate::dcap::revocation_list::RevocationList;
|
use crate::dcap::revocation_list::RevocationList;
|
||||||
use crate::dcap::{attest_impl, Attestation};
|
use crate::dcap::{attest_impl, Attestation};
|
||||||
use boring::asn1::{Asn1Integer, Asn1IntegerRef};
|
use boring_signal::asn1::{Asn1Integer, Asn1IntegerRef};
|
||||||
use boring::bn::{BigNum, BigNumContext};
|
use boring_signal::bn::{BigNum, BigNumContext};
|
||||||
use boring::ec::{EcGroup, EcKey, EcKeyRef};
|
use boring_signal::ec::{EcGroup, EcKey, EcKeyRef};
|
||||||
use boring::ecdsa::EcdsaSig;
|
use boring_signal::ecdsa::EcdsaSig;
|
||||||
use boring::hash::{Hasher, MessageDigest};
|
use boring_signal::hash::{Hasher, MessageDigest};
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::pkey::{PKey, Private, Public};
|
use boring_signal::pkey::{PKey, Private, Public};
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
|
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
@ -162,7 +162,7 @@ pub(crate) struct FakeAttestationBuilder {
|
|||||||
|
|
||||||
impl FakeAttestationBuilder {
|
impl FakeAttestationBuilder {
|
||||||
fn sign_data(data: &[u8], key: &EcKeyRef<Private>) -> EcdsaSig {
|
fn sign_data(data: &[u8], key: &EcKeyRef<Private>) -> EcdsaSig {
|
||||||
let hash = boring::hash::hash(MessageDigest::sha256(), data).unwrap();
|
let hash = boring_signal::hash::hash(MessageDigest::sha256(), data).unwrap();
|
||||||
EcdsaSig::sign(&hash, key).unwrap()
|
EcdsaSig::sign(&hash, key).unwrap()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,8 +4,8 @@
|
|||||||
//
|
//
|
||||||
|
|
||||||
use crate::dcap::{Error, Expireable, Result};
|
use crate::dcap::{Error, Expireable, Result};
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::x509::crl::{X509CRLRef, X509CRL};
|
use boring_signal::x509::crl::{X509CRLRef, X509CRL};
|
||||||
use std::collections::HashSet;
|
use std::collections::HashSet;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
|
@ -7,12 +7,12 @@
|
|||||||
//!
|
//!
|
||||||
//! See <https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf> section A.4
|
//! See <https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf> section A.4
|
||||||
|
|
||||||
use boring::bn::BigNum;
|
use boring_signal::bn::BigNum;
|
||||||
use boring::ec::{EcGroup, EcKey};
|
use boring_signal::ec::{EcGroup, EcKey};
|
||||||
use boring::ecdsa::{EcdsaSig, EcdsaSigRef};
|
use boring_signal::ecdsa::{EcdsaSig, EcdsaSigRef};
|
||||||
use boring::error::ErrorStack;
|
use boring_signal::error::ErrorStack;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::pkey::Public;
|
use boring_signal::pkey::Public;
|
||||||
use sha2::Digest;
|
use sha2::Digest;
|
||||||
use zerocopy::{AsBytes, FromBytes, FromZeroes};
|
use zerocopy::{AsBytes, FromBytes, FromZeroes};
|
||||||
|
|
||||||
@ -327,7 +327,7 @@ static_assertions::const_assert_eq!(578, std::mem::size_of::<SgxEcdsaSignatureHe
|
|||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
use boring::pkey::Private;
|
use boring_signal::pkey::Private;
|
||||||
|
|
||||||
use std::fs;
|
use std::fs;
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
@ -8,8 +8,8 @@ use std::collections::HashMap;
|
|||||||
use crate::dcap::{Error, Result};
|
use crate::dcap::{Error, Result};
|
||||||
use crate::error::Context;
|
use crate::error::Context;
|
||||||
use asn1::{oid, ObjectIdentifier, SequenceOf};
|
use asn1::{oid, ObjectIdentifier, SequenceOf};
|
||||||
use boring::asn1::Asn1ObjectRef;
|
use boring_signal::asn1::Asn1ObjectRef;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
|
|
||||||
pub const SGX_EXTENSIONS_OID: &str = "1.2.840.113741.1.13.1";
|
pub const SGX_EXTENSIONS_OID: &str = "1.2.840.113741.1.13.1";
|
||||||
const _SGX_EXTENSIONS_OID_OID: ObjectIdentifier = oid!(1, 2, 840, 113741, 1, 13, 1);
|
const _SGX_EXTENSIONS_OID_OID: ObjectIdentifier = oid!(1, 2, 840, 113741, 1, 13, 1);
|
||||||
|
@ -8,13 +8,13 @@ use std::error::Error;
|
|||||||
use std::string::ToString;
|
use std::string::ToString;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use boring::error::ErrorStack;
|
use boring_signal::error::ErrorStack;
|
||||||
use boring::hash::MessageDigest;
|
use boring_signal::hash::MessageDigest;
|
||||||
use boring::nid::Nid;
|
use boring_signal::nid::Nid;
|
||||||
use boring::rsa::Padding;
|
use boring_signal::rsa::Padding;
|
||||||
use boring::sign::Verifier;
|
use boring_signal::sign::Verifier;
|
||||||
use boring::x509::crl::X509CRL;
|
use boring_signal::x509::crl::X509CRL;
|
||||||
use boring::x509::X509;
|
use boring_signal::x509::X509;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
|
|
||||||
use crate::cert_chain::CertChain;
|
use crate::cert_chain::CertChain;
|
||||||
@ -134,7 +134,7 @@ impl CertChain {
|
|||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use boring::base64::decode_block;
|
use boring_signal::base64::decode_block;
|
||||||
use chrono::DateTime;
|
use chrono::DateTime;
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
|
@ -5,11 +5,11 @@
|
|||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use boring::bn::BigNum;
|
use boring_signal::bn::BigNum;
|
||||||
use boring::ecdsa::EcdsaSig;
|
use boring_signal::ecdsa::EcdsaSig;
|
||||||
use boring::stack;
|
use boring_signal::stack;
|
||||||
use boring::x509::store::X509StoreBuilder;
|
use boring_signal::x509::store::X509StoreBuilder;
|
||||||
use boring::x509::{X509StoreContext, X509};
|
use boring_signal::x509::{X509StoreContext, X509};
|
||||||
use ciborium::value::{Integer, Value};
|
use ciborium::value::{Integer, Value};
|
||||||
use prost::{DecodeError, Message};
|
use prost::{DecodeError, Message};
|
||||||
use sha2::{Digest, Sha384};
|
use sha2::{Digest, Sha384};
|
||||||
@ -95,8 +95,8 @@ impl From<ciborium::de::Error<std::io::Error>> for NitroError {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl From<boring::error::ErrorStack> for NitroError {
|
impl From<boring_signal::error::ErrorStack> for NitroError {
|
||||||
fn from(err: boring::error::ErrorStack) -> NitroError {
|
fn from(err: boring_signal::error::ErrorStack) -> NitroError {
|
||||||
NitroError::InvalidCertificate(err.to_string())
|
NitroError::InvalidCertificate(err.to_string())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,10 +4,10 @@
|
|||||||
//
|
//
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use boring::pkey::{PKey, Public};
|
use boring_signal::pkey::{PKey, Public};
|
||||||
use boring::rsa::Rsa;
|
use boring_signal::rsa::Rsa;
|
||||||
use boring::x509::store::X509StoreBuilder;
|
use boring_signal::x509::store::X509StoreBuilder;
|
||||||
use boring::x509::X509;
|
use boring_signal::x509::X509;
|
||||||
use prost::Message;
|
use prost::Message;
|
||||||
|
|
||||||
use crate::cert_chain::{self, CertChain};
|
use crate::cert_chain::{self, CertChain};
|
||||||
@ -178,8 +178,8 @@ fn verify_vcek_cert(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl From<boring::error::ErrorStack> for Error {
|
impl From<boring_signal::error::ErrorStack> for Error {
|
||||||
fn from(_err: boring::error::ErrorStack) -> Error {
|
fn from(_err: boring_signal::error::ErrorStack) -> Error {
|
||||||
Error::AttestationDataError {
|
Error::AttestationDataError {
|
||||||
reason: "Invalid certificate".to_string(),
|
reason: "Invalid certificate".to_string(),
|
||||||
}
|
}
|
||||||
|
@ -4,10 +4,10 @@
|
|||||||
//
|
//
|
||||||
|
|
||||||
use base64::prelude::{Engine as _, BASE64_URL_SAFE_NO_PAD};
|
use base64::prelude::{Engine as _, BASE64_URL_SAFE_NO_PAD};
|
||||||
use boring::bn::BigNum;
|
use boring_signal::bn::BigNum;
|
||||||
use boring::ecdsa::EcdsaSig;
|
use boring_signal::ecdsa::EcdsaSig;
|
||||||
use boring::pkey::{PKey, Public};
|
use boring_signal::pkey::{PKey, Public};
|
||||||
use boring::rsa::Rsa;
|
use boring_signal::rsa::Rsa;
|
||||||
use sha2::{Digest as _, Sha256, Sha384};
|
use sha2::{Digest as _, Sha256, Sha384};
|
||||||
use subtle::ConstantTimeEq as _;
|
use subtle::ConstantTimeEq as _;
|
||||||
|
|
||||||
|
@ -3,9 +3,9 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use boring::hash::MessageDigest;
|
use boring_signal::hash::MessageDigest;
|
||||||
use boring::sign::Verifier;
|
use boring_signal::sign::Verifier;
|
||||||
use boring::x509::X509;
|
use boring_signal::x509::X509;
|
||||||
use sha2::{Digest, Sha256};
|
use sha2::{Digest, Sha256};
|
||||||
use subtle::ConstantTimeEq;
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use boring::asn1::Asn1Time;
|
use boring_signal::asn1::Asn1Time;
|
||||||
use libc::time_t;
|
use libc::time_t;
|
||||||
|
|
||||||
/// A replacement for [`std::collections::HashMap`] that performs linear lookups.
|
/// A replacement for [`std::collections::HashMap`] that performs linear lookups.
|
||||||
|
@ -27,9 +27,9 @@ libsignal-net = { path = "../../net" }
|
|||||||
libsignal-protocol = { path = "../../protocol" }
|
libsignal-protocol = { path = "../../protocol" }
|
||||||
signal-media = { path = "../../media" }
|
signal-media = { path = "../../media" }
|
||||||
|
|
||||||
futures-util = "0.3"
|
futures-util = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||||
|
|
||||||
[target.aarch64-apple-ios.dependencies]
|
[target.aarch64-apple-ios.dependencies]
|
||||||
cpufeatures = "0.2.1" # Make sure iOS gets optimized crypto.
|
cpufeatures = "0.2.1" # Make sure iOS gets optimized crypto.
|
||||||
|
@ -19,10 +19,10 @@ libsignal-bridge = { path = "../shared", features = ["jni", "signal-media"] }
|
|||||||
libsignal-protocol = { path = "../../protocol" }
|
libsignal-protocol = { path = "../../protocol" }
|
||||||
signal-crypto = { path = "../../crypto" }
|
signal-crypto = { path = "../../crypto" }
|
||||||
|
|
||||||
cfg-if = "1.0.0"
|
cfg-if = { workspace = true }
|
||||||
jni = "0.21.0"
|
jni = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
testing-fns = ["libsignal-bridge/testing-fns"]
|
testing-fns = ["libsignal-bridge/testing-fns"]
|
||||||
|
@ -17,6 +17,4 @@ crate-type = ["cdylib"]
|
|||||||
[dependencies]
|
[dependencies]
|
||||||
libsignal-bridge-testing = { path = "../../shared/testing", features = ["jni"] }
|
libsignal-bridge-testing = { path = "../../shared/testing", features = ["jni"] }
|
||||||
|
|
||||||
jni = "0.21.0"
|
log = { workspace = true }
|
||||||
log = { version = "0.4", features = ["release_max_level_info"] }
|
|
||||||
log-panics = { version = "2.1.0", features = ["with-backtrace"] }
|
|
||||||
|
@ -19,9 +19,9 @@ libsignal-bridge = { path = "../shared", features = ["node", "signal-media"] }
|
|||||||
libsignal-bridge-testing = { path = "../shared/testing", features = ["node", "signal-media"] }
|
libsignal-bridge-testing = { path = "../shared/testing", features = ["node", "signal-media"] }
|
||||||
libsignal-protocol = { path = "../../protocol" }
|
libsignal-protocol = { path = "../../protocol" }
|
||||||
|
|
||||||
futures = { version = "0.3", default-features = false, features = ["executor"] }
|
futures = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
log-panics = { version = "2.0.0", features = ["with-backtrace"] }
|
log-panics = { workspace = true, features = ["with-backtrace"] }
|
||||||
minidump = { version = "0.20.0", default-features = false }
|
minidump = { version = "0.20.0", default-features = false }
|
||||||
minidump-processor = { version = "0.20.0", default-features = false }
|
minidump-processor = { version = "0.20.0", default-features = false }
|
||||||
minidump-unwind = { version = "0.20.0", default-features = false }
|
minidump-unwind = { version = "0.20.0", default-features = false }
|
||||||
|
@ -21,8 +21,8 @@ path = "benches/node.rs"
|
|||||||
harness = false
|
harness = false
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
neon = { version = "1.0.0", default-features = false, features = ["napi-4"] }
|
neon = { workspace = true, features = ["napi-4"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
signal-neon-futures-tests = { path = "tests-node-module" }
|
signal-neon-futures-tests = { path = "tests-node-module" }
|
||||||
|
@ -18,8 +18,8 @@ crate-type = ["cdylib"]
|
|||||||
[dependencies]
|
[dependencies]
|
||||||
signal-neon-futures = { path = ".." }
|
signal-neon-futures = { path = ".." }
|
||||||
|
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
neon = { version = "1.0.0", default-features = false, features = ["napi-1"] }
|
neon = { workspace = true, default-features = false, features = ["napi-1"] }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
# Enable default-panic-hook to get backtraces of panics.
|
# Enable default-panic-hook to get backtraces of panics.
|
||||||
|
@ -26,36 +26,36 @@ usernames = { path = "../../usernames" }
|
|||||||
zkgroup = { path = "../../zkgroup" }
|
zkgroup = { path = "../../zkgroup" }
|
||||||
|
|
||||||
aes-gcm-siv = "0.11.1"
|
aes-gcm-siv = "0.11.1"
|
||||||
base64 = "0.21"
|
base64 = { workspace = true }
|
||||||
bincode = "1.0"
|
bincode = { workspace = true }
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
hmac = "0.12.0"
|
hmac = { workspace = true }
|
||||||
http = "1.0.0"
|
http = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
nonzero_ext = "0.3.0"
|
nonzero_ext = { workspace = true }
|
||||||
paste = "1.0"
|
paste = { workspace = true }
|
||||||
prost = "0.13.1"
|
prost = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
scopeguard = "1.0"
|
scopeguard = { workspace = true }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
static_assertions = "1.1"
|
static_assertions = { workspace = true }
|
||||||
tokio = { version = "1", features = ["rt-multi-thread"] }
|
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
|
|
||||||
# Enable this for all libsignal app language libraries
|
# Enable this for all libsignal app language libraries
|
||||||
subtle = { version = "2.5", features = ["core_hint_black_box"] }
|
subtle = { workspace = true, features = ["core_hint_black_box"] }
|
||||||
|
|
||||||
jni = { version = "0.21", package = "jni", optional = true }
|
jni = { workspace = true, optional = true }
|
||||||
linkme = { version = "0.3.9", optional = true }
|
linkme = { workspace = true, optional = true }
|
||||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||||
strum = { version = "0.26", features = ["derive"] }
|
strum = { workspace = true, features = ["derive"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5"
|
assert_matches = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
testing_logger = "0.1.1"
|
testing_logger = { workspace = true }
|
||||||
tokio = { version = "1", features = ["test-util", "time", "macros"] }
|
tokio = { workspace = true, features = ["test-util", "time", "macros"] }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
ffi = ["libsignal-bridge-types/ffi"]
|
ffi = ["libsignal-bridge-types/ffi"]
|
||||||
|
@ -14,11 +14,11 @@ license = "AGPL-3.0-only"
|
|||||||
proc-macro = true
|
proc-macro = true
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
heck = "0.5"
|
heck = { workspace = true }
|
||||||
proc-macro2 = "1.0"
|
proc-macro2 = { workspace = true }
|
||||||
quote = "1.0"
|
quote = { workspace = true }
|
||||||
syn = "2.0"
|
syn = { workspace = true }
|
||||||
syn-mid = "0.6"
|
syn-mid = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
syn = { version = "2.0", features = ["extra-traits"] }
|
syn = { workspace = true, features = ["extra-traits"] }
|
||||||
|
@ -15,14 +15,14 @@ libsignal-bridge-macros = { path = "../macros" }
|
|||||||
libsignal-bridge-types = { path = "../types" }
|
libsignal-bridge-types = { path = "../types" }
|
||||||
libsignal-message-backup = { path = "../../../message-backup", features = ["json"] }
|
libsignal-message-backup = { path = "../../../message-backup", features = ["json"] }
|
||||||
|
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
paste = "1.0"
|
paste = { workspace = true }
|
||||||
scopeguard = "1.0"
|
scopeguard = { workspace = true }
|
||||||
tokio = "1"
|
tokio = { workspace = true }
|
||||||
|
|
||||||
jni = { version = "0.21", package = "jni", optional = true }
|
jni = { workspace = true, optional = true }
|
||||||
linkme = { version = "0.3.9", optional = true }
|
linkme = { workspace = true, optional = true }
|
||||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
ffi = ["libsignal-bridge-types/ffi"]
|
ffi = ["libsignal-bridge-types/ffi"]
|
||||||
|
@ -24,42 +24,42 @@ signal-pin = { path = "../../../pin" }
|
|||||||
usernames = { path = "../../../usernames" }
|
usernames = { path = "../../../usernames" }
|
||||||
zkgroup = { path = "../../../zkgroup" }
|
zkgroup = { path = "../../../zkgroup" }
|
||||||
|
|
||||||
aes-gcm-siv = "0.11.1"
|
aes-gcm-siv = { workspace = true }
|
||||||
async-trait = "0.1.41"
|
async-trait = { workspace = true }
|
||||||
atomic-take = "1.1.0"
|
atomic-take = { workspace = true }
|
||||||
derive-where = "1.2.5"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
futures-util = "0.3.30"
|
futures-util = { workspace = true }
|
||||||
hmac = "0.12.0"
|
hmac = { workspace = true }
|
||||||
http = "1.0.0"
|
http = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
mediasan-common = "0.5.0"
|
mediasan-common = { workspace = true }
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
once_cell = "1.19.0"
|
once_cell = { workspace = true }
|
||||||
partial-default = "0.1.0"
|
partial-default = { workspace = true }
|
||||||
paste = "1.0"
|
paste = { workspace = true }
|
||||||
rayon = "1.8.0"
|
rayon = { workspace = true }
|
||||||
serde = "1.0"
|
serde = { workspace = true }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
static_assertions = "1.1"
|
static_assertions = { workspace = true }
|
||||||
thiserror = "1.0.50"
|
thiserror = { workspace = true }
|
||||||
tokio = { version = "1", features = ["rt-multi-thread"] }
|
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
|
|
||||||
# Enable this for all libsignal app language libraries
|
# Enable this for all libsignal app language libraries
|
||||||
subtle = { version = "2.5", features = ["core_hint_black_box"] }
|
subtle = { workspace = true, features = ["core_hint_black_box"] }
|
||||||
|
|
||||||
jni = { version = "0.21", package = "jni", optional = true }
|
jni = { workspace = true, optional = true }
|
||||||
linkme = { version = "0.3.9", optional = true }
|
linkme = { workspace = true, optional = true }
|
||||||
neon = { version = "1.0.0", optional = true, default-features = false, features = ["napi-6"] }
|
neon = { workspace = true, optional = true, default-features = false, features = ["napi-6"] }
|
||||||
signal-neon-futures = { path = "../../node/futures", optional = true }
|
signal-neon-futures = { path = "../../node/futures", optional = true }
|
||||||
strum = { version = "0.26", features = ["derive"] }
|
strum = { workspace = true }
|
||||||
zerocopy = { version = "0.7.34", optional = true }
|
zerocopy = { workspace = true, optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5"
|
assert_matches = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
tokio = { version = "1", features = ["test-util", "time", "macros"] }
|
tokio = { workspace = true, features = ["test-util", "time", "macros"] }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
ffi = []
|
ffi = []
|
||||||
|
@ -11,10 +11,10 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
proptest = "1.0"
|
proptest = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
|
@ -11,23 +11,23 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
aes = { version = "0.8.3", features = ["zeroize"] }
|
aes = { workspace = true, features = ["zeroize"] }
|
||||||
cbc = { version = "0.1.2", features = ["std", "zeroize"] }
|
cbc = { workspace = true, features = ["std", "zeroize"] }
|
||||||
ctr = { version = "0.9.2", features = ["zeroize"] }
|
ctr = { workspace = true, features = ["zeroize"] }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
ghash = { version = "0.5.0", features = ["zeroize"] }
|
ghash = { version = "0.5.0", features = ["zeroize"] }
|
||||||
hmac = { version = "0.12", features = ["reset"] }
|
hmac = { workspace = true, features = ["reset"] }
|
||||||
sha1 = "0.10"
|
sha1 = { workspace = true }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
subtle = "2.3"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.38"
|
thiserror = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { workspace = true }
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
|
@ -6,8 +6,8 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
boring = { version = "4.6.0", default-features = false }
|
boring = { workspace = true }
|
||||||
libc = "0.2"
|
libc = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
|
@ -11,18 +11,18 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
curve25519-dalek = { version = "4.1.3" }
|
curve25519-dalek = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
ed25519-dalek = "2.1.0"
|
ed25519-dalek = { workspace = true }
|
||||||
hmac = "0.12.1"
|
hmac = { workspace = true }
|
||||||
prost = "0.13"
|
prost = { workspace = true }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13"
|
prost-build = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5.0"
|
assert_matches = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
proptest = "1.5.0"
|
proptest = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
|
@ -6,10 +6,10 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
mediasan-common = "0.5.0"
|
mediasan-common = { workspace = true }
|
||||||
mp4san = { version = "0.5.0", optional = true }
|
mp4san = { version = "0.5.0", optional = true }
|
||||||
thiserror = "1.0.38"
|
thiserror = { workspace = true }
|
||||||
webpsan = { version = "0.5.0", optional = true, default-features = false }
|
webpsan = { version = "0.5.0", optional = true, default-features = false }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
|
@ -29,55 +29,55 @@ usernames = { path = "../usernames" }
|
|||||||
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
||||||
zkgroup = { path = "../zkgroup" }
|
zkgroup = { path = "../zkgroup" }
|
||||||
|
|
||||||
aes = "0.8.3"
|
aes = { workspace = true }
|
||||||
arrayvec = "0.7.4"
|
arrayvec = { workspace = true }
|
||||||
async-compression = { version = "0.4.5", features = ["futures-io", "gzip"] }
|
async-compression = { version = "0.4.5", features = ["futures-io", "gzip"] }
|
||||||
async-trait = "0.1.41"
|
async-trait = { workspace = true }
|
||||||
cbc = "0.1.2"
|
cbc = { workspace = true }
|
||||||
clap = { version = "4.2.1", features = ["derive"] }
|
clap = { workspace = true, features = ["derive"] }
|
||||||
clap-stdin = "0.3.0"
|
clap-stdin = "0.3.0"
|
||||||
derive-where = "1.2.5"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2.5"
|
displaydoc = { workspace = true }
|
||||||
env_logger = "0.11.4"
|
env_logger = { workspace = true }
|
||||||
futures = "0.3.29"
|
futures = { workspace = true }
|
||||||
hex = { version = "0.4.3", features = ["serde"] }
|
hex = { workspace = true, features = ["serde"] }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
hmac = "0.12"
|
hmac = { workspace = true }
|
||||||
itertools = "0.13.0"
|
itertools = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
macro_rules_attribute = "0.2.0"
|
macro_rules_attribute = "0.2.0"
|
||||||
mediasan-common = "0.5.0"
|
mediasan-common = { workspace = true }
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
protobuf = "3.3.0"
|
protobuf = "3.3.0"
|
||||||
protobuf-json-mapping = { version = "3.3.0", optional = true }
|
protobuf-json-mapping = { version = "3.3.0", optional = true }
|
||||||
serde = { version = "1.0", features = ["derive", "rc"] }
|
serde = { workspace = true, features = ["derive", "rc"] }
|
||||||
serde_json = { version = "1.0", optional = true, features = ["preserve_order"] }
|
serde_json = { workspace = true, optional = true, features = ["preserve_order"] }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
strum = { version = "0.26", features = ["derive"] }
|
strum = { workspace = true, features = ["derive"] }
|
||||||
# This isn't strictly necessary but we need at least this version to avoid
|
# This isn't strictly necessary but we need at least this version to avoid
|
||||||
# warnings from the latest nightly rustc. Remove this when the referenced strum
|
# warnings from the latest nightly rustc. Remove this when the referenced strum
|
||||||
# version has at least this version as a dependency.
|
# version has at least this version as a dependency.
|
||||||
strum_macros = { version = "0.26.4" }
|
strum_macros = { version = "0.26.4" }
|
||||||
subtle = "2.5.0"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.50"
|
thiserror = { workspace = true }
|
||||||
uuid = { version = "1.1.2", features = ["serde"] }
|
uuid = { workspace = true, features = ["serde"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
libsignal-message-backup = { path = "./", features = ["json"] }
|
libsignal-message-backup = { path = "./", features = ["json"] }
|
||||||
signal-crypto = { path = "../crypto" }
|
signal-crypto = { path = "../crypto" }
|
||||||
|
|
||||||
array-concat = "0.5.2"
|
array-concat = { workspace = true }
|
||||||
assert_cmd = "2.0.13"
|
assert_cmd = "2.0.13"
|
||||||
assert_matches = "1.5.0"
|
assert_matches = { workspace = true }
|
||||||
dir-test = "0.2.0"
|
dir-test = "0.2.0"
|
||||||
futures = { version = "0.3.29", features = ["executor"] }
|
futures = { workspace = true, features = ["executor"] }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
json5 = "0.4.1"
|
json5 = "0.4.1"
|
||||||
nonzero_ext = "0.3.0"
|
nonzero_ext = { workspace = true }
|
||||||
once_cell = "1.19"
|
once_cell = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
test-log = "0.2.14"
|
test-log = "0.2.14"
|
||||||
testing_logger = "0.1.1"
|
testing_logger = { workspace = true }
|
||||||
pretty_assertions = "1.4.0"
|
pretty_assertions = "1.4.0"
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
|
@ -13,10 +13,10 @@ license = "AGPL-3.0-only"
|
|||||||
proc-macro = true
|
proc-macro = true
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
heck = "0.5"
|
heck = { workspace = true }
|
||||||
proc-macro2 = "1.0.74"
|
proc-macro2 = { workspace = true }
|
||||||
quote = "1.0.35"
|
quote = { workspace = true }
|
||||||
syn = { version = "2.0.46", features = ["full", "extra-traits"] }
|
syn = { workspace = true, features = ["full", "extra-traits"] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
|
@ -14,69 +14,72 @@ libsignal-core = { path = "../core" }
|
|||||||
libsignal-protocol = { path = "../protocol" }
|
libsignal-protocol = { path = "../protocol" }
|
||||||
libsignal-svr3 = { path = "../svr3" }
|
libsignal-svr3 = { path = "../svr3" }
|
||||||
|
|
||||||
async-trait = "0.1.41"
|
async-trait = { workspace = true }
|
||||||
base64 = "0.21"
|
base64 = { workspace = true }
|
||||||
bincode = "1.0"
|
bincode = { workspace = true }
|
||||||
bitstream-io = "1.10.0"
|
bitstream-io = "1.10.0"
|
||||||
boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0" }
|
boring-signal = { workspace = true }
|
||||||
bytes = "1.4.0"
|
bytes = "1.4.0"
|
||||||
const-str = { version = "0.5.6", features = ["std"] }
|
const-str = { version = "0.5.6", features = ["std"] }
|
||||||
derive-where = "1.2.7"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
either = "1.10.0"
|
either = "1.10.0"
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
hmac = "0.12"
|
hmac = { workspace = true }
|
||||||
http = "1.0.0"
|
http = { workspace = true }
|
||||||
http-body-util = "0.1.1"
|
http-body-util = "0.1.1"
|
||||||
hyper = { version = "1.3.1", features = ["http2", "client"] }
|
hyper = { version = "1.3.1", features = ["http2", "client"] }
|
||||||
hyper-util = { version = "0.1.3", features = ["tokio"] }
|
hyper-util = { version = "0.1.3", features = ["tokio"] }
|
||||||
indexmap = "2.1.0"
|
indexmap = { workspace = true }
|
||||||
itertools = "0.13.0"
|
itertools = { workspace = true }
|
||||||
log = "0.4.19"
|
log = { workspace = true }
|
||||||
nonzero_ext = "0.3.0"
|
nonzero_ext = { workspace = true }
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
prost = "0.13.1"
|
prost = { workspace = true }
|
||||||
rand = "0.8.0"
|
rand = { workspace = true }
|
||||||
rand_core = "0.6"
|
rand_core = { workspace = true }
|
||||||
rustls = { version = "0.23.4", default-features = false, features = ["ring", "std", "tls12"] }
|
rustls = { version = "0.23.4", default-features = false, features = ["ring", "std", "tls12"] }
|
||||||
rustls-platform-verifier = "0.3.1"
|
rustls-platform-verifier = { workspace = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { workspace = true, features = ["derive"] }
|
||||||
serde_json = "1.0"
|
serde_json = { workspace = true }
|
||||||
sha2 = "0.10.8"
|
sha2 = { workspace = true }
|
||||||
snow = { version = "0.9.5", default-features = false }
|
snow = { workspace = true }
|
||||||
static_assertions = "1.1"
|
static_assertions = { workspace = true }
|
||||||
strum = { version = "0.26", features = ["derive"] }
|
strum = { workspace = true, features = ["derive"] }
|
||||||
thiserror = "1.0.38"
|
thiserror = { workspace = true }
|
||||||
tokio = { version = "1", features = ["rt", "time", "macros"] }
|
tokio = { workspace = true, features = ["rt", "time", "macros"] }
|
||||||
tokio-boring = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0" }
|
tokio-boring-signal = { workspace = true }
|
||||||
tokio-stream = "0.1.14"
|
tokio-stream = "0.1.14"
|
||||||
tokio-tungstenite = "0.23.0"
|
tokio-tungstenite = "0.23.0"
|
||||||
tokio-util = "0.7.9"
|
tokio-util = "0.7.9"
|
||||||
tungstenite = { version = "0.23.0", features = ["url"] }
|
tungstenite = { version = "0.23.0", features = ["url"] }
|
||||||
url = "2.4.1"
|
url = "2.4.1"
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
zerocopy = { version = "0.7", features = ["derive"] }
|
zerocopy = { workspace = true }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13.1"
|
prost-build = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5.0"
|
assert_matches = { workspace = true }
|
||||||
clap = { version = "4.4.11", features = ["derive"] }
|
clap = { workspace = true, features = ["derive"] }
|
||||||
colored = "2.1"
|
colored = "2.1"
|
||||||
env_logger = "0.11.4"
|
env_logger = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
hickory-proto = "0.24.1"
|
hickory-proto = "0.24.1"
|
||||||
lazy_static = "1.4.0"
|
lazy_static = { workspace = true }
|
||||||
proptest = "1.4.0"
|
proptest = { workspace = true }
|
||||||
proptest-state-machine = "0.1.0"
|
proptest-state-machine = "0.1.0"
|
||||||
rcgen = "0.13.0"
|
rcgen = "0.13.0"
|
||||||
snow = "0.9.5"
|
snow = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
tls-parser = "0.11.0"
|
tls-parser = "0.11.0"
|
||||||
tokio = { version = "1", features = ["test-util", "io-std", "rt-multi-thread"] }
|
tokio = { workspace = true, features = [
|
||||||
url = "2.4.1"
|
"test-util",
|
||||||
|
"io-std",
|
||||||
|
"rt-multi-thread",
|
||||||
|
] }
|
||||||
warp = { version = "0.3.6", features = ["tls"] }
|
warp = { version = "0.3.6", features = ["tls"] }
|
||||||
|
|
||||||
[[example]]
|
[[example]]
|
||||||
|
@ -13,7 +13,7 @@ use libsignal_core::{Aci, Pni};
|
|||||||
use prost::Message as _;
|
use prost::Message as _;
|
||||||
use thiserror::Error;
|
use thiserror::Error;
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
use tokio_boring::SslStream;
|
use tokio_boring_signal::SslStream;
|
||||||
use tungstenite::protocol::frame::coding::CloseCode;
|
use tungstenite::protocol::frame::coding::CloseCode;
|
||||||
use tungstenite::protocol::CloseFrame;
|
use tungstenite::protocol::CloseFrame;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
@ -439,7 +439,7 @@ mod test {
|
|||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
use nonzero_ext::nonzero;
|
use nonzero_ext::nonzero;
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
use tokio_boring::SslStream;
|
use tokio_boring_signal::SslStream;
|
||||||
|
|
||||||
use crate::auth::Auth;
|
use crate::auth::Auth;
|
||||||
use crate::infra::connection_manager::ConnectionAttemptOutcome;
|
use crate::infra::connection_manager::ConnectionAttemptOutcome;
|
||||||
|
@ -5,10 +5,10 @@
|
|||||||
|
|
||||||
use std::borrow::Cow;
|
use std::borrow::Cow;
|
||||||
|
|
||||||
use boring::error::ErrorStack;
|
use boring_signal::error::ErrorStack;
|
||||||
use boring::ssl::{SslAlert, SslConnectorBuilder, SslVerifyError, SslVerifyMode};
|
use boring_signal::ssl::{SslAlert, SslConnectorBuilder, SslVerifyError, SslVerifyMode};
|
||||||
use boring::x509::store::X509StoreBuilder;
|
use boring_signal::x509::store::X509StoreBuilder;
|
||||||
use boring::x509::X509;
|
use boring_signal::x509::X509;
|
||||||
use rustls::client::danger::ServerCertVerifier;
|
use rustls::client::danger::ServerCertVerifier;
|
||||||
|
|
||||||
const SIGNAL_ROOT_CERT_DER: &[u8] = include_bytes!("../../res/signal.cer");
|
const SIGNAL_ROOT_CERT_DER: &[u8] = include_bytes!("../../res/signal.cer");
|
||||||
@ -93,7 +93,7 @@ fn set_up_platform_verifier(
|
|||||||
|
|
||||||
// The rest of the chain should be valid intermediate certificates.
|
// The rest of the chain should be valid intermediate certificates.
|
||||||
let intermediates: Vec<_> = cert_chain
|
let intermediates: Vec<_> = cert_chain
|
||||||
.collect::<Result<_, boring::error::ErrorStack>>()
|
.collect::<Result<_, boring_signal::error::ErrorStack>>()
|
||||||
.map_err(|_| SslVerifyError::Invalid(SslAlert::BAD_CERTIFICATE))?;
|
.map_err(|_| SslVerifyError::Invalid(SslAlert::BAD_CERTIFICATE))?;
|
||||||
|
|
||||||
// We don't do our own OCSP. Either the platform will do its own checks, or it won't.
|
// We don't do our own OCSP. Either the platform will do its own checks, or it won't.
|
||||||
@ -168,7 +168,7 @@ mod test {
|
|||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use assert_matches::assert_matches;
|
use assert_matches::assert_matches;
|
||||||
use boring::ssl::{ErrorCode, SslConnector, SslMethod};
|
use boring_signal::ssl::{ErrorCode, SslConnector, SslMethod};
|
||||||
use rustls::RootCertStore;
|
use rustls::RootCertStore;
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
|
|
||||||
@ -201,7 +201,7 @@ mod test {
|
|||||||
.expect("valid");
|
.expect("valid");
|
||||||
|
|
||||||
let transport = TcpStream::connect(addr).await.expect("can connect");
|
let transport = TcpStream::connect(addr).await.expect("can connect");
|
||||||
let connection = tokio_boring::connect(
|
let connection = tokio_boring_signal::connect(
|
||||||
ssl.build().configure().expect("valid"),
|
ssl.build().configure().expect("valid"),
|
||||||
SERVER_HOSTNAME,
|
SERVER_HOSTNAME,
|
||||||
transport,
|
transport,
|
||||||
@ -236,7 +236,7 @@ mod test {
|
|||||||
|
|
||||||
let transport = TcpStream::connect(addr).await.expect("can connect");
|
let transport = TcpStream::connect(addr).await.expect("can connect");
|
||||||
assert_matches!(
|
assert_matches!(
|
||||||
tokio_boring::connect(
|
tokio_boring_signal::connect(
|
||||||
ssl.build().configure().expect("valid"),
|
ssl.build().configure().expect("valid"),
|
||||||
SERVER_HOSTNAME,
|
SERVER_HOSTNAME,
|
||||||
transport,
|
transport,
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
use std::fmt::Display;
|
use std::fmt::Display;
|
||||||
|
|
||||||
use tokio_boring::HandshakeError;
|
use tokio_boring_signal::HandshakeError;
|
||||||
|
|
||||||
use crate::infra::certs;
|
use crate::infra::certs;
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ pub enum TransportConnectError {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct SslErrorReasons(boring::error::ErrorStack);
|
pub struct SslErrorReasons(boring_signal::error::ErrorStack);
|
||||||
|
|
||||||
impl Display for SslErrorReasons {
|
impl Display for SslErrorReasons {
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||||
@ -38,7 +38,7 @@ impl Display for SslErrorReasons {
|
|||||||
self.0
|
self.0
|
||||||
.errors()
|
.errors()
|
||||||
.iter()
|
.iter()
|
||||||
.flat_map::<Option<&'static str>, _>(boring::error::Error::reason),
|
.flat_map::<Option<&'static str>, _>(boring_signal::error::Error::reason),
|
||||||
)
|
)
|
||||||
.finish()
|
.finish()
|
||||||
}
|
}
|
||||||
@ -47,7 +47,7 @@ impl Display for SslErrorReasons {
|
|||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct FailedHandshakeReason {
|
pub struct FailedHandshakeReason {
|
||||||
io: Option<std::io::ErrorKind>,
|
io: Option<std::io::ErrorKind>,
|
||||||
code: Option<boring::ssl::ErrorCode>,
|
code: Option<boring_signal::ssl::ErrorCode>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<S> From<HandshakeError<S>> for FailedHandshakeReason {
|
impl<S> From<HandshakeError<S>> for FailedHandshakeReason {
|
||||||
@ -77,8 +77,8 @@ impl Display for FailedHandshakeReason {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl From<boring::error::ErrorStack> for TransportConnectError {
|
impl From<boring_signal::error::ErrorStack> for TransportConnectError {
|
||||||
fn from(value: boring::error::ErrorStack) -> Self {
|
fn from(value: boring_signal::error::ErrorStack) -> Self {
|
||||||
Self::SslError(SslErrorReasons(value))
|
Self::SslError(SslErrorReasons(value))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -9,11 +9,11 @@ use std::sync::Arc;
|
|||||||
|
|
||||||
use crate::timeouts::TCP_CONNECTION_ATTEMPT_DELAY;
|
use crate::timeouts::TCP_CONNECTION_ATTEMPT_DELAY;
|
||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
use boring::ssl::{ConnectConfiguration, SslConnector, SslMethod};
|
use boring_signal::ssl::{ConnectConfiguration, SslConnector, SslMethod};
|
||||||
use futures_util::TryFutureExt;
|
use futures_util::TryFutureExt;
|
||||||
use tokio::io::{AsyncRead, AsyncWrite};
|
use tokio::io::{AsyncRead, AsyncWrite};
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
use tokio_boring::SslStream;
|
use tokio_boring_signal::SslStream;
|
||||||
use tokio_util::either::Either;
|
use tokio_util::either::Either;
|
||||||
|
|
||||||
use crate::infra::certs::RootCertificates;
|
use crate::infra::certs::RootCertificates;
|
||||||
@ -130,7 +130,9 @@ impl TransportConnector for ProxyConnector {
|
|||||||
self.proxy_port
|
self.proxy_port
|
||||||
);
|
);
|
||||||
let ssl_config = ssl_config(&self.proxy_certs, &self.proxy_host, None)?;
|
let ssl_config = ssl_config(&self.proxy_certs, &self.proxy_host, None)?;
|
||||||
Either::Left(tokio_boring::connect(ssl_config, &self.proxy_host, tcp_stream).await?)
|
Either::Left(
|
||||||
|
tokio_boring_signal::connect(ssl_config, &self.proxy_host, tcp_stream).await?,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
ShouldUseTls::No => {
|
ShouldUseTls::No => {
|
||||||
log::debug!(
|
log::debug!(
|
||||||
@ -209,7 +211,7 @@ async fn connect_tls<S: AsyncRead + AsyncWrite + Unpin>(
|
|||||||
) -> Result<SslStream<S>, TransportConnectError> {
|
) -> Result<SslStream<S>, TransportConnectError> {
|
||||||
let ssl_config = ssl_config(&connection_params.certs, &connection_params.sni, Some(alpn))?;
|
let ssl_config = ssl_config(&connection_params.certs, &connection_params.sni, Some(alpn))?;
|
||||||
|
|
||||||
Ok(tokio_boring::connect(ssl_config, &connection_params.sni, transport).await?)
|
Ok(tokio_boring_signal::connect(ssl_config, &connection_params.sni, transport).await?)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn connect_tcp(
|
async fn connect_tcp(
|
||||||
@ -349,9 +351,9 @@ pub(crate) mod testutil {
|
|||||||
use std::net::{Ipv6Addr, SocketAddr};
|
use std::net::{Ipv6Addr, SocketAddr};
|
||||||
|
|
||||||
use assert_matches::assert_matches;
|
use assert_matches::assert_matches;
|
||||||
use boring::pkey::PKey;
|
use boring_signal::pkey::PKey;
|
||||||
use boring::ssl::{SslAcceptor, SslMethod};
|
use boring_signal::ssl::{SslAcceptor, SslMethod};
|
||||||
use boring::x509::X509;
|
use boring_signal::x509::X509;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use rcgen::CertifiedKey;
|
use rcgen::CertifiedKey;
|
||||||
use tls_parser::{ClientHello, TlsExtension, TlsMessage, TlsMessageHandshake, TlsPlaintext};
|
use tls_parser::{ClientHello, TlsExtension, TlsMessage, TlsMessageHandshake, TlsPlaintext};
|
||||||
@ -458,7 +460,7 @@ pub(crate) mod testutil {
|
|||||||
let (tcp_stream, _remote_addr) =
|
let (tcp_stream, _remote_addr) =
|
||||||
tcp_listener.accept().await.expect("incoming connection");
|
tcp_listener.accept().await.expect("incoming connection");
|
||||||
let mut input_stream = if let Some(ssl_acceptor) = &ssl_acceptor {
|
let mut input_stream = if let Some(ssl_acceptor) = &ssl_acceptor {
|
||||||
let ssl_stream = tokio_boring::accept(ssl_acceptor, tcp_stream)
|
let ssl_stream = tokio_boring_signal::accept(ssl_acceptor, tcp_stream)
|
||||||
.await
|
.await
|
||||||
.expect("handshake successful");
|
.expect("handshake successful");
|
||||||
|
|
||||||
|
@ -479,7 +479,7 @@ impl From<attest::client_connection::Error> for AttestedConnectionError {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub type DefaultStream = tokio_boring::SslStream<tokio::net::TcpStream>;
|
pub type DefaultStream = tokio_boring_signal::SslStream<tokio::net::TcpStream>;
|
||||||
|
|
||||||
/// Encrypted connection to an attested host.
|
/// Encrypted connection to an attested host.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -13,16 +13,17 @@ license = "AGPL-3.0-only"
|
|||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
argon2 = { version = "0.5.0", features = ["zeroize"] }
|
argon2 = { version = "0.5.0", features = ["zeroize"] }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
sha2 = "0.10"
|
rand_core = { workspace = true, features = ["getrandom"] }
|
||||||
static_assertions = "1.1"
|
sha2 = { workspace = true }
|
||||||
thiserror = "1.0.57"
|
static_assertions = { workspace = true }
|
||||||
|
thiserror = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
hmac = { version = "0.12", features = ["reset"] }
|
hmac = { workspace = true, features = ["reset"] }
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
|
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
|
@ -11,16 +11,16 @@ edition = "2021"
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
curve25519-dalek = "4.1.3"
|
curve25519-dalek = { workspace = true }
|
||||||
hmac = { version = "0.12", features = ["reset"] }
|
hmac = { workspace = true, features = ["reset"] }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
|
|
||||||
# For benchmarking
|
# For benchmarking
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
name = "sho"
|
name = "sho"
|
||||||
|
@ -14,32 +14,32 @@ license = "AGPL-3.0-only"
|
|||||||
libsignal-core = { path = "../core" }
|
libsignal-core = { path = "../core" }
|
||||||
signal-crypto = { path = "../crypto" }
|
signal-crypto = { path = "../crypto" }
|
||||||
|
|
||||||
aes = { version = "0.8.3", features = ["zeroize"] }
|
aes = { workspace = true, features = ["zeroize"] }
|
||||||
aes-gcm-siv = "0.11.1"
|
aes-gcm-siv = { workspace = true }
|
||||||
arrayref = "0.3.6"
|
arrayref = "0.3.6"
|
||||||
async-trait = "0.1.41"
|
async-trait = { workspace = true }
|
||||||
ctr = { version = "0.9.2", features = ["zeroize"] }
|
ctr = { workspace = true, features = ["zeroize"] }
|
||||||
curve25519-dalek = { version = "4.1.3", features = ["digest"] }
|
curve25519-dalek = { workspace = true, features = ["digest"] }
|
||||||
derive-where = "1.2.5"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
hmac = "0.12"
|
hmac = { workspace = true }
|
||||||
indexmap = "2.1.0"
|
indexmap = { workspace = true }
|
||||||
itertools = "0.13.0"
|
itertools = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
pqcrypto-kyber = { version = "0.7.6", default-features = false, features = ["std"] }
|
pqcrypto-kyber = { version = "0.7.6", default-features = false, features = ["std"] }
|
||||||
pqcrypto-traits = "0.3.4"
|
pqcrypto-traits = "0.3.4"
|
||||||
prost = "0.13.1"
|
prost = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
rayon = "1.8.0"
|
rayon = { workspace = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { workspace = true, features = ["derive"] }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
subtle = "2.3"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.30"
|
thiserror = { workspace = true }
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
x25519-dalek = { version = "2.0.0", features = ["static_secrets"] }
|
x25519-dalek = { workspace = true, features = ["static_secrets"] }
|
||||||
|
|
||||||
# WARNING: pqcrypto-kyber 0.8 and 0.7 don't actually coexist, they both depend on the same C symbols.
|
# WARNING: pqcrypto-kyber 0.8 and 0.7 don't actually coexist, they both depend on the same C symbols.
|
||||||
# We keep this here for if/when that gets cleared up.
|
# We keep this here for if/when that gets cleared up.
|
||||||
@ -53,15 +53,15 @@ kyber768 = []
|
|||||||
mlkem1024 = ["pqcrypto-ml-kem"]
|
mlkem1024 = ["pqcrypto-ml-kem"]
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
clap = { version = "4.4.11", features = ["derive"] }
|
clap = { workspace = true, features = ["derive"] }
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
proptest = "1.0"
|
proptest = { workspace = true }
|
||||||
futures-util = "0.3.7"
|
futures-util = { workspace = true }
|
||||||
env_logger = "0.11.4"
|
env_logger = { workspace = true }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13.1"
|
prost-build = { workspace = true }
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
name = "curve"
|
name = "curve"
|
||||||
|
@ -10,24 +10,24 @@ authors = ["Signal Messenger LLC"]
|
|||||||
license = "AGPL-3.0-only"
|
license = "AGPL-3.0-only"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
curve25519-dalek = { version = "4.1.3", features = ["rand_core"] }
|
curve25519-dalek = { workspace = true, features = ["rand_core"] }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
prost = "0.13.1"
|
prost = { workspace = true }
|
||||||
rand_core = { version = "0.6", features = ["getrandom"] }
|
rand_core = { workspace = true, features = ["getrandom"] }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
strum_macros = "0.26"
|
strum = { workspace = true, features = ["derive"] }
|
||||||
subtle = "2.5"
|
subtle = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_matches = "1.5"
|
assert_matches = { workspace = true }
|
||||||
zerocopy = "0.7.34"
|
zerocopy = { workspace = true }
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
nonzero_ext = "0.3.0"
|
nonzero_ext = { workspace = true }
|
||||||
test-case = "3.2.1"
|
test-case = { workspace = true }
|
||||||
proptest = "1.0"
|
proptest = { workspace = true }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13.1"
|
prost-build = { workspace = true }
|
||||||
|
@ -38,7 +38,7 @@ impl std::fmt::Display for svr4::response4::Status {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Represents an erroneous SVR3 response status
|
/// Represents an erroneous SVR3 response status
|
||||||
#[derive(Debug, strum_macros::Display, PartialEq)]
|
#[derive(Debug, strum::Display, PartialEq)]
|
||||||
pub enum ErrorStatus {
|
pub enum ErrorStatus {
|
||||||
Unset,
|
Unset,
|
||||||
Missing,
|
Missing,
|
||||||
|
@ -15,27 +15,27 @@ license = "AGPL-3.0-only"
|
|||||||
poksho = { path = "../poksho" }
|
poksho = { path = "../poksho" }
|
||||||
signal-crypto = { path = "../crypto" }
|
signal-crypto = { path = "../crypto" }
|
||||||
|
|
||||||
curve25519-dalek = { version = "4.1.3", features = ["digest"] }
|
curve25519-dalek = { workspace = true, features = ["digest"] }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
hmac = "0.12"
|
hmac = { workspace = true }
|
||||||
lazy_static = "1.4.0"
|
lazy_static = { workspace = true }
|
||||||
log = "0.4"
|
log = { workspace = true }
|
||||||
prost = "0.13.1"
|
prost = { workspace = true }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
subtle = "2.5.0"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.40"
|
thiserror = { workspace = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
zkgroup = { path = "../zkgroup" }
|
zkgroup = { path = "../zkgroup" }
|
||||||
|
|
||||||
proptest = "1.0"
|
proptest = { workspace = true }
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
name = "usernames_benchmarks"
|
name = "usernames_benchmarks"
|
||||||
harness = false
|
harness = false
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
prost-build = "0.13.1"
|
prost-build = { workspace = true }
|
||||||
|
@ -13,27 +13,27 @@ license = "AGPL-3.0-only"
|
|||||||
[dependencies]
|
[dependencies]
|
||||||
poksho = { path = "../poksho" }
|
poksho = { path = "../poksho" }
|
||||||
|
|
||||||
cfg-if = "1.0.0"
|
cfg-if = { workspace = true }
|
||||||
curve25519-dalek = { version = "4.1.3", features = ["serde"] }
|
curve25519-dalek = { workspace = true, features = ["serde"] }
|
||||||
derive-where = "1.2.5"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
lazy_static = "1.4.0"
|
lazy_static = { workspace = true }
|
||||||
partial-default = { version = "0.1.0", features = ["derive"] }
|
partial-default = { workspace = true, features = ["derive"] }
|
||||||
serde = { version = "1.0.106", features = ["derive"] }
|
serde = { workspace = true, features = ["derive"] }
|
||||||
sha2 = "0.10"
|
sha2 = { workspace = true }
|
||||||
subtle = "2.3"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.57"
|
thiserror = { workspace = true }
|
||||||
|
|
||||||
# If rayon is enabled, certain operations will use rayon's thread pool.
|
# If rayon is enabled, certain operations will use rayon's thread pool.
|
||||||
rayon = { version = "1.8.0", optional = true }
|
rayon = { version = "1.8.0", optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
bincode = "1.2.1"
|
bincode = { workspace = true }
|
||||||
hex = "0.4"
|
hex = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
|
|
||||||
# For benchmarking
|
# For benchmarking
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
|
|
||||||
# Many of zkcredential's tests live in the zkgroup crate,
|
# Many of zkcredential's tests live in the zkgroup crate,
|
||||||
# since zkcredential was designed to work with existing verifiably encrypted attribute types.
|
# since zkcredential was designed to work with existing verifiably encrypted attribute types.
|
||||||
|
@ -17,35 +17,36 @@ poksho = { path = "../poksho" }
|
|||||||
signal-crypto = { path = "../crypto" }
|
signal-crypto = { path = "../crypto" }
|
||||||
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
zkcredential = { path = "../zkcredential", features = ["rayon"] }
|
||||||
|
|
||||||
curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3', version = "4.1.1", features = ["serde"] }
|
# Use our fork of curve25519-dalek for zkgroup support.
|
||||||
|
curve25519-dalek-signal = { workspace = true, features = ["serde"] }
|
||||||
|
|
||||||
aes-gcm-siv = "0.11.1"
|
aes-gcm-siv = { workspace = true }
|
||||||
bincode = "1.2.1"
|
bincode = { workspace = true }
|
||||||
derive-where = "1.2.5"
|
derive-where = { workspace = true }
|
||||||
displaydoc = "0.2"
|
displaydoc = { workspace = true }
|
||||||
hex = "0.4.0"
|
hex = { workspace = true }
|
||||||
hex-literal = "0.4.1"
|
hex-literal = { workspace = true }
|
||||||
hkdf = "0.12"
|
hkdf = { workspace = true }
|
||||||
lazy_static = "1.4.0"
|
lazy_static = { workspace = true }
|
||||||
num_enum = "0.7.2"
|
num_enum = { workspace = true }
|
||||||
partial-default = { version = "0.1.0", features = ["derive"] }
|
partial-default = { workspace = true, features = ["derive"] }
|
||||||
rand = "0.8"
|
rand = { workspace = true }
|
||||||
rayon = "1.8.0"
|
rayon = { workspace = true }
|
||||||
serde = { version = "1.0.106", features = ["derive"] }
|
serde = { workspace = true, features = ["derive"] }
|
||||||
sha2 = "0.10.0"
|
sha2 = { workspace = true }
|
||||||
subtle = "2.3"
|
subtle = { workspace = true }
|
||||||
thiserror = "1.0.57"
|
thiserror = { workspace = true }
|
||||||
uuid = "1.1.2"
|
uuid = { workspace = true }
|
||||||
|
|
||||||
# For generation
|
# For generation
|
||||||
base64 = { version = "0.21", optional = true }
|
base64 = { workspace = true, optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
uuid = { version = "1", features = ["v5"] }
|
uuid = { workspace = true, features = ["v5"] }
|
||||||
|
|
||||||
# For benchmarking
|
# For benchmarking
|
||||||
criterion = "0.5"
|
criterion = { workspace = true }
|
||||||
test-case = "3.3.1"
|
test-case = { workspace = true }
|
||||||
|
|
||||||
[[bench]]
|
[[bench]]
|
||||||
name = "zkgroup_benchmarks"
|
name = "zkgroup_benchmarks"
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
//! The BackupAuthCredential has the additional constraint that it should be deterministically reproducible. Rather than a randomly
|
//! The BackupAuthCredential has the additional constraint that it should be deterministically reproducible. Rather than a randomly
|
||||||
//! seeded blinding key pair, the key pair is derived from, you guessed it, the client's master key.
|
//! seeded blinding key pair, the key pair is derived from, you guessed it, the client's master key.
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use hkdf::Hkdf;
|
use hkdf::Hkdf;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use poksho::ShoApi;
|
use poksho::ShoApi;
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
//! - the user's ACI (provided by the chat server at issuance, passed encrypted to the calling server for verification)
|
//! - the user's ACI (provided by the chat server at issuance, passed encrypted to the calling server for verification)
|
||||||
//! - a timestamp, truncated to day granularity (chosen by the chat server at issuance, passed publicly to the calling server for verification)
|
//! - a timestamp, truncated to day granularity (chosen by the chat server at issuance, passed publicly to the calling server for verification)
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use poksho::ShoApi;
|
use poksho::ShoApi;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
@ -93,9 +93,9 @@ impl GroupSendEndorsementsResponse {
|
|||||||
/// it.
|
/// it.
|
||||||
///
|
///
|
||||||
/// The `usize` in each pair must be the original index of the point.
|
/// The `usize` in each pair must be the original index of the point.
|
||||||
fn sort_points(points: &mut [(usize, curve25519_dalek::RistrettoPoint)]) {
|
fn sort_points(points: &mut [(usize, curve25519_dalek_signal::RistrettoPoint)]) {
|
||||||
debug_assert!(points.iter().enumerate().all(|(i, (j, _))| i == *j));
|
debug_assert!(points.iter().enumerate().all(|(i, (j, _))| i == *j));
|
||||||
let sort_keys = curve25519_dalek::RistrettoPoint::double_and_compress_batch(
|
let sort_keys = curve25519_dalek_signal::RistrettoPoint::double_and_compress_batch(
|
||||||
points.iter().map(|(_i, point)| point),
|
points.iter().map(|(_i, point)| point),
|
||||||
);
|
);
|
||||||
points.sort_unstable_by_key(|(i, _point)| sort_keys[*i].as_bytes());
|
points.sort_unstable_by_key(|(i, _point)| sort_keys[*i].as_bytes());
|
||||||
@ -112,11 +112,12 @@ impl GroupSendEndorsementsResponse {
|
|||||||
// Note: we could save some work here by pulling the single point we need out of the
|
// Note: we could save some work here by pulling the single point we need out of the
|
||||||
// serialized bytes, and operating directly on that. However, we'd have to remember to
|
// serialized bytes, and operating directly on that. However, we'd have to remember to
|
||||||
// update that if the serialization format ever changes.
|
// update that if the serialization format ever changes.
|
||||||
let mut points_to_sign: Vec<(usize, curve25519_dalek::RistrettoPoint)> = member_ciphertexts
|
let mut points_to_sign: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> =
|
||||||
.into_iter()
|
member_ciphertexts
|
||||||
.map(|ciphertext| ciphertext.ciphertext.as_points()[0])
|
.into_iter()
|
||||||
.enumerate()
|
.map(|ciphertext| ciphertext.ciphertext.as_points()[0])
|
||||||
.collect();
|
.enumerate()
|
||||||
|
.collect();
|
||||||
Self::sort_points(&mut points_to_sign);
|
Self::sort_points(&mut points_to_sign);
|
||||||
|
|
||||||
let endorsements = zkcredential::endorsements::EndorsementResponse::issue(
|
let endorsements = zkcredential::endorsements::EndorsementResponse::issue(
|
||||||
@ -194,7 +195,7 @@ impl GroupSendEndorsementsResponse {
|
|||||||
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
||||||
// would be much more expensive).
|
// would be much more expensive).
|
||||||
// We zip the results together with a set of indexes so we can un-sort the results later.
|
// We zip the results together with a set of indexes so we can un-sort the results later.
|
||||||
let mut member_points: Vec<(usize, curve25519_dalek::RistrettoPoint)> = user_ids
|
let mut member_points: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> = user_ids
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.map(|user_id| {
|
.map(|user_id| {
|
||||||
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
||||||
@ -251,7 +252,7 @@ impl GroupSendEndorsementsResponse {
|
|||||||
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
// We have to compute the ciphertexts (expensive), but we can skip the second point (which
|
||||||
// would be much more expensive).
|
// would be much more expensive).
|
||||||
// We zip the results together with a set of indexes so we can un-sort the results later.
|
// We zip the results together with a set of indexes so we can un-sort the results later.
|
||||||
let mut member_points: Vec<(usize, curve25519_dalek::RistrettoPoint)> = user_ids
|
let mut member_points: Vec<(usize, curve25519_dalek_signal::RistrettoPoint)> = user_ids
|
||||||
.into_par_iter()
|
.into_par_iter()
|
||||||
.map(|user_id| {
|
.map(|user_id| {
|
||||||
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
group_params.uid_enc_key_pair.a1 * crypto::uid_struct::UidStruct::calc_M1(user_id)
|
||||||
@ -340,18 +341,18 @@ impl GroupSendEndorsementsResponse {
|
|||||||
|
|
||||||
/// A single endorsement, for one or multiple group members.
|
/// A single endorsement, for one or multiple group members.
|
||||||
///
|
///
|
||||||
/// `Storage` is usually [`curve25519_dalek::RistrettoPoint`], but the `receive` APIs on
|
/// `Storage` is usually [`curve25519_dalek_signal::RistrettoPoint`], but the `receive` APIs on
|
||||||
/// [`GroupSendEndorsementsResponse`] produce "compressed" endorsements, since they are usually
|
/// [`GroupSendEndorsementsResponse`] produce "compressed" endorsements, since they are usually
|
||||||
/// immediately serialized.
|
/// immediately serialized.
|
||||||
#[derive(Serialize, Deserialize, PartialDefault, Clone, Copy)]
|
#[derive(Serialize, Deserialize, PartialDefault, Clone, Copy)]
|
||||||
#[partial_default(bound = "Storage: curve25519_dalek::traits::Identity")]
|
#[partial_default(bound = "Storage: curve25519_dalek_signal::traits::Identity")]
|
||||||
#[derive_where(PartialEq; Storage: subtle::ConstantTimeEq)]
|
#[derive_where(PartialEq; Storage: subtle::ConstantTimeEq)]
|
||||||
pub struct GroupSendEndorsement<Storage = curve25519_dalek::RistrettoPoint> {
|
pub struct GroupSendEndorsement<Storage = curve25519_dalek_signal::RistrettoPoint> {
|
||||||
reserved: ReservedByte,
|
reserved: ReservedByte,
|
||||||
endorsement: zkcredential::endorsements::Endorsement<Storage>,
|
endorsement: zkcredential::endorsements::Endorsement<Storage>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Debug for GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
impl Debug for GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint> {
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||||
f.debug_struct("GroupSendEndorsement")
|
f.debug_struct("GroupSendEndorsement")
|
||||||
.field("reserved", &self.reserved)
|
.field("reserved", &self.reserved)
|
||||||
@ -360,7 +361,7 @@ impl Debug for GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Debug for GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
impl Debug for GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||||
f.debug_struct("GroupSendEndorsement")
|
f.debug_struct("GroupSendEndorsement")
|
||||||
.field("reserved", &self.reserved)
|
.field("reserved", &self.reserved)
|
||||||
@ -388,11 +389,11 @@ pub struct ReceivedEndorsement {
|
|||||||
// existing memory allocation isn't sufficient anyway, and thus we're better off constructing a
|
// existing memory allocation isn't sufficient anyway, and thus we're better off constructing a
|
||||||
// single big Vec rather than two smaller ones, especially since we have to un-permute the
|
// single big Vec rather than two smaller ones, especially since we have to un-permute the
|
||||||
// results. (It's close, though, only a 3-6% difference at the largest group sizes.)
|
// results. (It's close, though, only a 3-6% difference at the largest group sizes.)
|
||||||
pub compressed: GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto>,
|
pub compressed: GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto>,
|
||||||
pub decompressed: GroupSendEndorsement,
|
pub decompressed: GroupSendEndorsement,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
impl GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||||
/// Attempts to decompress the GroupSendEndorsement.
|
/// Attempts to decompress the GroupSendEndorsement.
|
||||||
///
|
///
|
||||||
/// Produces [`ZkGroupDeserializationFailure`] if the compressed storage isn't a valid
|
/// Produces [`ZkGroupDeserializationFailure`] if the compressed storage isn't a valid
|
||||||
@ -402,8 +403,10 @@ impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
|||||||
/// `GroupSendEndorsement<CompressedRistretto>` and then calling `decompress`.
|
/// `GroupSendEndorsement<CompressedRistretto>` and then calling `decompress`.
|
||||||
pub fn decompress(
|
pub fn decompress(
|
||||||
self,
|
self,
|
||||||
) -> Result<GroupSendEndorsement<curve25519_dalek::RistrettoPoint>, ZkGroupDeserializationFailure>
|
) -> Result<
|
||||||
{
|
GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint>,
|
||||||
|
ZkGroupDeserializationFailure,
|
||||||
|
> {
|
||||||
Ok(GroupSendEndorsement {
|
Ok(GroupSendEndorsement {
|
||||||
reserved: self.reserved,
|
reserved: self.reserved,
|
||||||
endorsement: self
|
endorsement: self
|
||||||
@ -414,14 +417,14 @@ impl GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl GroupSendEndorsement<curve25519_dalek::RistrettoPoint> {
|
impl GroupSendEndorsement<curve25519_dalek_signal::RistrettoPoint> {
|
||||||
/// Compresses the GroupSendEndorsement for storage.
|
/// Compresses the GroupSendEndorsement for storage.
|
||||||
///
|
///
|
||||||
/// Serializing an `GroupSendEndorsement<RistrettoPoint>` is equivalent to calling `compress` and
|
/// Serializing an `GroupSendEndorsement<RistrettoPoint>` is equivalent to calling `compress` and
|
||||||
/// serializing the resulting `GroupSendEndorsement<CompressedRistretto>`.
|
/// serializing the resulting `GroupSendEndorsement<CompressedRistretto>`.
|
||||||
pub fn compress(
|
pub fn compress(
|
||||||
self,
|
self,
|
||||||
) -> GroupSendEndorsement<curve25519_dalek::ristretto::CompressedRistretto> {
|
) -> GroupSendEndorsement<curve25519_dalek_signal::ristretto::CompressedRistretto> {
|
||||||
GroupSendEndorsement {
|
GroupSendEndorsement {
|
||||||
reserved: self.reserved,
|
reserved: self.reserved,
|
||||||
endorsement: self.endorsement.compress(),
|
endorsement: self.endorsement.compress(),
|
||||||
@ -567,7 +570,7 @@ impl GroupSendFullToken {
|
|||||||
"wrong key pair used for this token"
|
"wrong key pair used for this token"
|
||||||
);
|
);
|
||||||
|
|
||||||
let user_id_sum: curve25519_dalek::RistrettoPoint = user_ids
|
let user_id_sum: curve25519_dalek_signal::RistrettoPoint = user_ids
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.map(crypto::uid_struct::UidStruct::calc_M1)
|
.map(crypto::uid_struct::UidStruct::calc_M1)
|
||||||
.sum();
|
.sum();
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use poksho::ShoApi;
|
use poksho::ShoApi;
|
||||||
|
|
||||||
pub struct Sho {
|
pub struct Sho {
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use zkcredential::attributes::PublicAttribute;
|
use zkcredential::attributes::PublicAttribute;
|
||||||
|
@ -5,9 +5,9 @@
|
|||||||
|
|
||||||
#![allow(non_snake_case)]
|
#![allow(non_snake_case)]
|
||||||
|
|
||||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -9,8 +9,8 @@ use crate::common::constants::*;
|
|||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::common::simple_types::*;
|
use crate::common::simple_types::*;
|
||||||
use crate::crypto::profile_key_struct;
|
use crate::crypto::profile_key_struct;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -10,9 +10,9 @@ use crate::crypto::credentials::{
|
|||||||
BlindedExpiringProfileKeyCredential, ExpiringProfileKeyCredential,
|
BlindedExpiringProfileKeyCredential, ExpiringProfileKeyCredential,
|
||||||
};
|
};
|
||||||
use crate::crypto::profile_key_struct;
|
use crate::crypto::profile_key_struct;
|
||||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@ use crate::common::errors::*;
|
|||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::common::simple_types::*;
|
use crate::common::simple_types::*;
|
||||||
use crate::crypto::profile_key_struct;
|
use crate::crypto::profile_key_struct;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
use crate::common::constants::*;
|
use crate::common::constants::*;
|
||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::common::simple_types::*;
|
use crate::common::simple_types::*;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -5,9 +5,9 @@
|
|||||||
|
|
||||||
#![allow(non_snake_case)]
|
#![allow(non_snake_case)]
|
||||||
|
|
||||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::traits::Identity;
|
use curve25519_dalek_signal::traits::Identity;
|
||||||
|
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
@ -5,9 +5,9 @@
|
|||||||
|
|
||||||
#![allow(non_snake_case)]
|
#![allow(non_snake_case)]
|
||||||
|
|
||||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
use crate::common::sho::Sho;
|
use crate::common::sho::Sho;
|
||||||
|
@ -7,9 +7,9 @@ use crate::common::constants::*;
|
|||||||
use crate::common::errors::*;
|
use crate::common::errors::*;
|
||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::common::simple_types::*;
|
use crate::common::simple_types::*;
|
||||||
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
|
use curve25519_dalek_signal::constants::RISTRETTO_BASEPOINT_POINT;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use curve25519_dalek::scalar::Scalar;
|
use curve25519_dalek_signal::scalar::Scalar;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
use crate::common::sho::Sho;
|
use crate::common::sho::Sho;
|
||||||
|
@ -9,7 +9,7 @@ use crate::common::errors::*;
|
|||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::crypto::uid_struct;
|
use crate::crypto::uid_struct;
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
use crate::common::sho::*;
|
use crate::common::sho::*;
|
||||||
use crate::common::simple_types::*;
|
use crate::common::simple_types::*;
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use libsignal_core::ServiceId;
|
use libsignal_core::ServiceId;
|
||||||
use partial_default::PartialDefault;
|
use partial_default::PartialDefault;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
//!
|
//!
|
||||||
//! Has to live in zkgroup because they implement zkcredential traits on zkgroup types.
|
//! Has to live in zkgroup because they implement zkcredential traits on zkgroup types.
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use poksho::{ShoApi, ShoSha256};
|
use poksho::{ShoApi, ShoSha256};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use zkcredential::attributes::{Attribute, Domain, RevealedAttribute};
|
use zkcredential::attributes::{Attribute, Domain, RevealedAttribute};
|
||||||
@ -453,8 +453,8 @@ struct InverseUidDecryptionKey;
|
|||||||
impl zkcredential::attributes::Domain for InverseUidDecryptionKey {
|
impl zkcredential::attributes::Domain for InverseUidDecryptionKey {
|
||||||
type Attribute = uid_encryption::Ciphertext;
|
type Attribute = uid_encryption::Ciphertext;
|
||||||
const ID: &'static str = "InverseUidEncryptionDomain_20231011";
|
const ID: &'static str = "InverseUidEncryptionDomain_20231011";
|
||||||
fn G_a() -> [curve25519_dalek::RistrettoPoint; 2] {
|
fn G_a() -> [curve25519_dalek_signal::RistrettoPoint; 2] {
|
||||||
static STORAGE: std::sync::OnceLock<[curve25519_dalek::RistrettoPoint; 2]> =
|
static STORAGE: std::sync::OnceLock<[curve25519_dalek_signal::RistrettoPoint; 2]> =
|
||||||
std::sync::OnceLock::new();
|
std::sync::OnceLock::new();
|
||||||
*zkcredential::attributes::derive_default_generator_points::<Self>(&STORAGE)
|
*zkcredential::attributes::derive_default_generator_points::<Self>(&STORAGE)
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
// SPDX-License-Identifier: AGPL-3.0-only
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||||||
//
|
//
|
||||||
|
|
||||||
use curve25519_dalek::ristretto::RistrettoPoint;
|
use curve25519_dalek_signal::ristretto::RistrettoPoint;
|
||||||
use hex_literal::hex;
|
use hex_literal::hex;
|
||||||
use sha2::Sha256;
|
use sha2::Sha256;
|
||||||
use zkgroup::{Timestamp, SECONDS_PER_DAY};
|
use zkgroup::{Timestamp, SECONDS_PER_DAY};
|
||||||
|
Loading…
Reference in New Issue
Block a user