deps!: migrate to ed25519-dalek

BastiDood · Dec 20, 2023 · cff01bd · cff01bd
1 parent 44b1fdd
commit cff01bd
Show file tree

Hide file tree

Showing 4 changed files with 148 additions and 9 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/api/Cargo.toml b/crates/api/Cargo.toml
@@ -6,11 +6,11 @@ edition = "2021"
 [dependencies]
 dashmap = { version = "5.5", default-features = false }
 db = { path = "../db", package = "quizzo-db" }
+ed25519-dalek = "2.1"
 hex = { version = "0.4", default-features = false }
 http-body-util = "0.1.0"
 hyper = { version = "1", default-features = false }
 log = "0.4"
-ring = { version = "0.17", default-features = false }
 serde_json = "1"
 twilight-model = "0.15"
 

diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs
@@ -7,20 +7,20 @@ use hyper::{
     body::{Bytes, Incoming},
     Request, Response, StatusCode,
 };
-use ring::signature::UnparsedPublicKey;
 
 pub use db::{Client, Config, Database, NoTls};
+pub use ed25519_dalek::VerifyingKey;
 
 pub struct App {
     /// Command handler.
     bot: Bot,
     /// Ed25519 public key.
-    public: UnparsedPublicKey<Box<[u8]>>,
+    public: VerifyingKey,
 }
 
 impl App {
-    pub fn new(db: Database, id: NonZeroU64, token: String, public: Box<[u8]>) -> Self {
-        Self { bot: Bot::new(db, id, token), public: UnparsedPublicKey::new(&ring::signature::ED25519, public) }
+    pub fn new(db: Database, id: NonZeroU64, token: String, public: VerifyingKey) -> Self {
+        Self { bot: Bot::new(db, id, token), public }
     }
 
     pub async fn try_respond(&self, req: Request<Incoming>) -> Result<Response<Full<Bytes>>, StatusCode> {
@@ -59,6 +59,7 @@ impl App {
         let (sig, timestamp) = signature.zip(timestamp).ok_or(StatusCode::UNAUTHORIZED)?;
         let mut signature = [0; 64];
         hex::decode_to_slice(sig, &mut signature).map_err(|_| StatusCode::BAD_REQUEST)?;
+        let signature = ed25519_dalek::Signature::from_bytes(&signature);
 
         // Append body after the timestamp
         use http_body_util::BodyExt;
@@ -79,7 +80,7 @@ impl App {
         log::debug!("Fully received payload body.");
 
         // Validate the challenge
-        self.public.verify(&message, &signature).map_err(|_| StatusCode::UNAUTHORIZED)?;
+        self.public.verify_strict(&message, &signature).map_err(|_| StatusCode::UNAUTHORIZED)?;
 
         // Parse incoming interaction
         let payload = message.get(start..).ok_or(StatusCode::BAD_REQUEST)?;

diff --git a/src/main.rs b/src/main.rs
@@ -13,8 +13,10 @@ fn main() -> anyhow::Result<()> {
 
     // Retrieve the public key
     use std::env::{var, VarError};
-    let key = var("PUB_KEY")?;
-    let pub_key = hex::decode(key)?.into_boxed_slice();
+    let pub_key = var("PUB_KEY")?.into_bytes();
+    let mut pub_bytes = [0; 32];
+    hex::decode_to_slice(pub_key, &mut pub_bytes)?;
+    let pub_key = api::VerifyingKey::from_bytes(&pub_bytes)?;
 
     // Set up Postgres driver configuration
     let app_port = var("PORT")?.parse()?;