Update x25519_dalek to 2.0.0-rc.2 (#341)

cloudflare · Apr 3, 2023 · 878385f · 878385f
1 parent be08af9
commit 878385f
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 75 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/boringtun/Cargo.toml b/boringtun/Cargo.toml
@@ -2,7 +2,11 @@
 name = "boringtun"
 description = "an implementation of the WireGuard® protocol designed for portability and speed"
 version = "0.5.2"
-authors = ["Noah Kennedy <nkennedy@cloudflare.com>", "Andy Grover <agrover@cloudflare.com>", "Jeff Hiner <jhiner@cloudflare.com>"]
+authors = [
+    "Noah Kennedy <nkennedy@cloudflare.com>",
+    "Andy Grover <agrover@cloudflare.com>",
+    "Jeff Hiner <jhiner@cloudflare.com>",
+]
 license = "BSD-3-Clause"
 repository = "https://github.com/cloudflare/boringtun"
 documentation = "https://docs.rs/boringtun/0.5.2/boringtun/"
@@ -27,7 +31,10 @@ tracing-subscriber = { version = "0.3", features = ["fmt"], optional = true }
 ip_network = "0.4.1"
 ip_network_table = "0.2.0"
 ring = "0.16"
-x25519-dalek = { version = "2.0.0-pre.1", features = ["reusable_secrets"] }
+x25519-dalek = { version = "=2.0.0-rc.2", features = [
+    "reusable_secrets",
+    "static_secrets",
+] }
 rand_core = { version = "0.6.3", features = ["getrandom"] }
 chacha20poly1305 = "0.10.0-pre.1"
 aead = "0.5.0-pre.2"

diff --git a/boringtun/benches/crypto_benches/x25519_public_key_benching.rs b/boringtun/benches/crypto_benches/x25519_public_key_benching.rs
@@ -8,7 +8,7 @@ pub fn bench_x25519_public_key(c: &mut Criterion) {
 
     group.bench_function("x25519_public_key_dalek", |b| {
         b.iter(|| {
-            let secret_key = x25519_dalek::StaticSecret::new(OsRng);
+            let secret_key = x25519_dalek::StaticSecret::random_from_rng(OsRng);
             let public_key = x25519_dalek::PublicKey::from(&secret_key);
 
             (secret_key, public_key)

diff --git a/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs b/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs
@@ -7,10 +7,11 @@ pub fn bench_x25519_shared_key(c: &mut Criterion) {
     group.sample_size(1000);
 
     group.bench_function("x25519_shared_key_dalek", |b| {
-        let public_key = x25519_dalek::PublicKey::from(&x25519_dalek::StaticSecret::new(OsRng));
+        let public_key =
+            x25519_dalek::PublicKey::from(&x25519_dalek::StaticSecret::random_from_rng(OsRng));
 
         b.iter_batched(
-            || x25519_dalek::StaticSecret::new(OsRng),
+            || x25519_dalek::StaticSecret::random_from_rng(OsRng),
             |secret_key| secret_key.diffie_hellman(&public_key),
             BatchSize::SmallInput,
         );

diff --git a/boringtun/src/device/integration_tests/mod.rs b/boringtun/src/device/integration_tests/mod.rs
@@ -87,7 +87,7 @@ mod tests {
         /// Create a new peer with a given endpoint and a list of allowed IPs
         fn new(endpoint: SocketAddr, allowed_ips: Vec<AllowedIp>) -> Peer {
             Peer {
-                key: StaticSecret::new(OsRng),
+                key: StaticSecret::random_from_rng(OsRng),
                 endpoint,
                 allowed_ips,
                 container_name: None,
@@ -476,7 +476,7 @@ mod tests {
     /// Test if wireguard starts and creates a unix socket that we can use to set settings
     fn test_wireguard_set() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let own_public_key = PublicKey::from(&private_key);
 
         let wg = WGHandle::init("192.0.2.0".parse().unwrap(), "::2".parse().unwrap());
@@ -494,7 +494,7 @@ mod tests {
             )
         );
 
-        let peer_key = StaticSecret::new(OsRng);
+        let peer_key = StaticSecret::random_from_rng(OsRng);
         let peer_pub_key = PublicKey::from(&peer_key);
         let endpoint = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(172, 0, 0, 1)), 50001);
         let allowed_ips = [
@@ -543,7 +543,7 @@ mod tests {
     #[ignore]
     fn test_wg_start_ipv4_non_connected() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -590,7 +590,7 @@ mod tests {
     #[ignore]
     fn test_wg_start_ipv4() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -626,7 +626,7 @@ mod tests {
     /// Test if wireguard can handle simple ipv6 connections
     fn test_wg_start_ipv6() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -662,7 +662,7 @@ mod tests {
     #[cfg(target_os = "linux")] // Can't make docker work with ipv6 on macOS ATM
     fn test_wg_start_ipv6_endpoint() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -701,7 +701,7 @@ mod tests {
     #[cfg(target_os = "linux")] // Can't make docker work with ipv6 on macOS ATM
     fn test_wg_start_ipv6_endpoint_not_connected() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -750,7 +750,7 @@ mod tests {
     #[ignore]
     fn test_wg_concurrent() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();
@@ -801,7 +801,7 @@ mod tests {
     #[ignore]
     fn test_wg_concurrent_v6() {
         let port = next_port();
-        let private_key = StaticSecret::new(OsRng);
+        let private_key = StaticSecret::random_from_rng(OsRng);
         let public_key = PublicKey::from(&private_key);
         let addr_v4 = next_ip();
         let addr_v6 = next_ip_v6();

diff --git a/boringtun/src/ffi/mod.rs b/boringtun/src/ffi/mod.rs
@@ -99,7 +99,7 @@ pub struct x25519_key {
 #[no_mangle]
 pub extern "C" fn x25519_secret_key() -> x25519_key {
     x25519_key {
-        key: StaticSecret::new(OsRng).to_bytes(),
+        key: StaticSecret::random_from_rng(OsRng).to_bytes(),
     }
 }
 

diff --git a/boringtun/src/noise/handshake.rs b/boringtun/src/noise/handshake.rs
@@ -729,7 +729,7 @@ impl Handshake {
         let mut hash = INITIAL_CHAIN_HASH;
         hash = b2s_hash(&hash, self.params.peer_static_public.as_bytes());
         // initiator.ephemeral_private = DH_GENERATE()
-        let ephemeral_private = x25519::ReusableSecret::new(OsRng);
+        let ephemeral_private = x25519::ReusableSecret::random_from_rng(OsRng);
         // msg.message_type = 1
         // msg.reserved_zero = { 0, 0, 0 }
         message_type.copy_from_slice(&super::HANDSHAKE_INIT.to_le_bytes());
@@ -815,7 +815,7 @@ impl Handshake {
         let (encrypted_nothing, _) = rest.split_at_mut(16);
 
         // responder.ephemeral_private = DH_GENERATE()
-        let ephemeral_private = x25519::ReusableSecret::new(OsRng);
+        let ephemeral_private = x25519::ReusableSecret::random_from_rng(OsRng);
         let local_index = self.inc_index();
         // msg.message_type = 2
         // msg.reserved_zero = { 0, 0, 0 }