chore(deps)!: use iota-sdk and remove dependency causing security a…

…lert (#1247) * Update ed25519-dalek and some other deps * Use iota-sdk * Update influxdb * fix doc CI * lint * remove unstable lints * Add zeroize feature to ed25519
iotaledger · Sep 12, 2023 · 02f0e0b · 02f0e0b
1 parent f716ea5
commit 02f0e0b
Show file tree

Hide file tree

Showing 72 changed files with 1,976 additions and 1,205 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,10 +32,10 @@ eyre = { version = "0.6", default-features = false, features = [ "track-caller",
 futures = { version = "0.3", default-features = false }
 humantime = { version = "2.1.0", default-features = false }
 humantime-serde = { version = "1.1", default-features = false }
-iota-crypto = { version = "0.17", default-features = false, features = [ "blake2b" ] }
-iota-types = { version = "1.0.0-rc.7", default-features = false, features = [ "api", "block", "std" ] }
+iota-crypto = { version = "0.23", default-features = false, features = [ "blake2b", "ed25519", "slip10", "bip39-en" ] }
+iota-sdk = { version = "1.0", default-features = false, features = [ "std", "serde" ] }
 mongodb = { version = "2.4", default-features = false, features = [ "tokio-runtime" ] }
-packable = { version = "0.7", default-features = false }
+packable = { version = "0.8", default-features = false }
 pin-project = { version = "1.0", default-features = false }
 prefix-hex = { version = "0.7.0", default-features = false, features = [ "primitive-types", "std" ] }
 primitive-types = { version = "0.12", default-features = false }
@@ -54,30 +54,30 @@ uuid = { version = "1.3", default-features = false, features = [ "v4" ] }
 
 # Optional
 chrono = { version = "0.4", default-features = false, features = [ "std" ], optional = true }
-influxdb = { version = "0.5", default-features = false, features = [ "use-serde", "reqwest-client-rustls", "derive" ], optional = true }
+influxdb = { version = "0.7", default-features = false, features = [ "use-serde", "reqwest-client-rustls", "derive" ], optional = true }
 
 # API
 auth-helper = { version = "0.3", default-features = false, optional = true }
 axum = { version = "0.5", default-features = false, features = [ "http1", "json", "query", "original-uri", "headers" ], optional = true }
-ed25519 = { version = "2.0", default-features = false, features = [ "alloc", "pkcs8", "pem" ], optional = true }
-ed25519-dalek = { version = "1.0", default-features = false, features = [ "u64_backend" ], optional = true }
+ed25519 = { version = "2.2", default-features = false, features = [ "zeroize" ] } # This is here simply to force this feature
+ed25519-zebra = { version = "4.0", default-features = false, features = [ "std", "pkcs8", "pem" ], optional = true }
 hex = { version = "0.4", default-features = false, optional = true }
 hyper = { version = "0.14", default-features = false, features = [ "server", "tcp", "stream" ], optional = true }
 rand = { version = "0.8", default-features = false, features = [ "std" ], optional = true }
 regex = { version = "1.7", default-features = false, features = [ "std" ], optional = true }
-rust-argon2 = { version = "1.0.0", default-features = false, optional = true }
+rust-argon2 = { version = "2.0.0", default-features = false, optional = true }
 serde_urlencoded = { version = "0.7", default-features = false, optional = true }
 tower = { version = "0.4", default-features = false, optional = true }
 tower-http = { version = "0.4", default-features = false, features = [ "cors", "catch-panic", "trace" ], optional = true }
-zeroize = { version = "1.5", default-features = false, features = [ "std" ], optional = true }
+zeroize = { version = "1.5", default-features = false, features = [ "std", "zeroize_derive" ], optional = true }
 
 # INX
 inx = { version = "1.0.0-beta.8", default-features = false, optional = true }
 tonic = { version = "0.8", default-features = false, optional = true }
 
 [dev-dependencies]
 bincode = { version = "1.3", default-features = false }
-iota-types = { version = "1.0.0-rc.7", default-features = false, features = [ "api", "block", "std", "rand" ] }
+iota-sdk = { version = "1.0", default-features = false, features = [ "std", "serde", "rand" ] }
 rand = { version = "0.8", default-features = false, features = [ "std" ] }
 ron = { version = "0.8", default-features = false }
 yazi = { version = "0.1", default-features = false }
@@ -96,8 +96,7 @@ analytics = [
 api = [
     "dep:auth-helper",
     "dep:axum",
-    "dep:ed25519",
-    "dep:ed25519-dalek",
+    "dep:ed25519-zebra",
     "dep:hex",
     "derive_more/from",
     "dep:hyper",
@@ -124,7 +123,7 @@ poi = [
     "api",
 ]
 rand = [
-    "iota-types/rand",
+    "iota-sdk/rand",
 ]
 
 [profile.production]

diff --git a/src/analytics/ledger/ledger_size.rs b/src/analytics/ledger/ledger_size.rs
@@ -1,6 +1,8 @@
 // Copyright 2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use iota_sdk::types::block::output::Rent;
+
 use super::*;
 use crate::model::{ledger::RentStructureBytes, ProtocolParameters, TryFromWithContext};
 
@@ -11,16 +13,13 @@ trait LedgerSize {
 impl LedgerSize for Output {
     fn ledger_size(&self, protocol_params: &ProtocolParameters) -> LedgerSizeMeasurement {
         // Unwrap: acceptable risk
-        let protocol_params = iota_types::block::protocol::ProtocolParameters::try_from(protocol_params.clone())
+        let protocol_params = iota_sdk::types::block::protocol::ProtocolParameters::try_from(protocol_params.clone())
             .expect("protocol parameters conversion error");
-        let output = iota_types::block::output::Output::try_from_with_context(&protocol_params, self.clone()).unwrap();
+        let output =
+            iota_sdk::types::block::output::Output::try_from_with_context(&protocol_params, self.clone()).unwrap();
         let rent_bytes = RentStructureBytes::compute(&output);
         LedgerSizeMeasurement {
-            total_storage_deposit_amount: iota_types::block::output::Rent::rent_cost(
-                &output,
-                protocol_params.rent_structure(),
-            )
-            .into(),
+            total_storage_deposit_amount: Rent::rent_cost(&output, protocol_params.rent_structure()).into(),
             total_key_bytes: rent_bytes.num_key_bytes,
             total_data_bytes: rent_bytes.num_data_bytes,
         }

diff --git a/src/analytics/ledger/mod.rs b/src/analytics/ledger/mod.rs
@@ -80,14 +80,14 @@ mod test {
 
     fn rand_output_with_amount(amount: TokenAmount) -> Output {
         // We use `BasicOutput`s in the genesis.
-        let mut output = BasicOutput::rand(&iota_types::block::protocol::protocol_parameters());
+        let mut output = BasicOutput::rand(&iota_sdk::types::block::protocol::protocol_parameters());
         output.amount = amount;
         Output::Basic(output)
     }
 
     #[test]
     fn test_claiming() {
-        let protocol_params = iota_types::block::protocol::protocol_parameters();
+        let protocol_params = iota_sdk::types::block::protocol::protocol_parameters();
 
         // All the unclaimed tokens
         let ledger_state = (1u32..=5)
@@ -170,7 +170,7 @@ mod test {
 
     #[test]
     fn test_alias_output_activity() {
-        let protocol_params = iota_types::block::protocol::protocol_parameters();
+        let protocol_params = iota_sdk::types::block::protocol::protocol_parameters();
 
         // The id of the spending transaction.
         let transaction_id = TransactionId::rand();
@@ -275,7 +275,7 @@ mod test {
 
     #[test]
     fn test_nft_output_activity() {
-        let protocol_params = iota_types::block::protocol::protocol_parameters();
+        let protocol_params = iota_sdk::types::block::protocol::protocol_parameters();
 
         // The id of the spending transaction.
         let transaction_id = TransactionId::rand();
@@ -434,28 +434,23 @@ mod test {
         assert_eq!(output_activity_measurement.nft.destroyed_count, 0);
     }
 
-    fn rand_output_with_address_and_amount(
-        address: Address,
-        amount: u64,
-        ctx: &iota_types::block::protocol::ProtocolParameters,
-    ) -> Output {
-        use iota_types::block::{
+    fn rand_output_with_address_and_amount(address: Address, amount: u64) -> Output {
+        use iota_sdk::types::block::{
             address::Address,
             output::{unlock_condition::AddressUnlockCondition, BasicOutput},
             rand::output::feature::rand_allowed_features,
         };
         let output = BasicOutput::build_with_amount(amount)
-            .unwrap()
             .with_features(rand_allowed_features(BasicOutput::ALLOWED_FEATURES))
-            .add_unlock_condition(AddressUnlockCondition::from(Address::from(address)).into())
-            .finish(ctx.token_supply())
+            .add_unlock_condition(AddressUnlockCondition::from(Address::from(address)))
+            .finish()
             .unwrap();
         Output::Basic(output.into())
     }
 
     #[test]
     fn test_base_tokens() {
-        let protocol_params = iota_types::block::protocol::protocol_parameters();
+        let protocol_params = iota_sdk::types::block::protocol::protocol_parameters();
 
         let address_1 = Address::rand_ed25519();
         let address_2 = Address::rand_ed25519();
@@ -483,7 +478,7 @@ mod test {
                     num_key_bytes: 0,
                     num_data_bytes: 100,
                 },
-                output: rand_output_with_address_and_amount(address, amount, &protocol_params),
+                output: rand_output_with_address_and_amount(address, amount),
                 block_id: BlockId::rand(),
                 booked: milestone,
             })
@@ -495,7 +490,7 @@ mod test {
                 num_key_bytes: 0,
                 num_data_bytes: 100,
             },
-            output: rand_output_with_address_and_amount(address, amount, &protocol_params),
+            output: rand_output_with_address_and_amount(address, amount),
             block_id: BlockId::rand(),
             booked: milestone,
         };

diff --git a/src/analytics/ledger/transaction_size.rs b/src/analytics/ledger/transaction_size.rs
@@ -40,7 +40,7 @@ impl TransactionSizeBuckets {
 
     /// Gets an enumerated iterator over the single buckets.
     pub(crate) fn single_buckets(&self) -> impl Iterator<Item = (usize, usize)> {
-        (1..8).zip(self.single.into_iter())
+        (1..8).zip(self.single)
     }
 }
 

diff --git a/src/analytics/mod.rs b/src/analytics/mod.rs
@@ -675,7 +675,7 @@ mod test {
             fn from(value: BsonBlockData) -> Self {
                 Self {
                     block_id: value.block_id,
-                    block: iota_types::block::Block::unpack_unverified(value.raw.clone())
+                    block: iota_sdk::types::block::Block::unpack_unverified(value.raw.clone())
                         .unwrap()
                         .into(),
                     raw: value.raw,

diff --git a/src/analytics/tangle/mod.rs b/src/analytics/tangle/mod.rs
@@ -32,7 +32,7 @@ mod test {
 
     #[test]
     fn test_block_analytics() {
-        let protocol_params = iota_types::block::protocol::protocol_parameters();
+        let protocol_params = iota_sdk::types::block::protocol::protocol_parameters();
 
         let blocks = vec![
             Block::rand_treasury_transaction(&protocol_params),
@@ -48,7 +48,7 @@ mod test {
             BlockData {
                 block_id: BlockId::rand(),
                 block,
-                raw: iota_types::block::rand::bytes::rand_bytes((i + 1) * 100),
+                raw: iota_sdk::types::block::rand::bytes::rand_bytes((i + 1) * 100),
                 metadata: BlockMetadata {
                     parents,
                     is_solid: true,

diff --git a/src/bin/inx-chronicle/api/config.rs b/src/bin/inx-chronicle/api/config.rs
@@ -82,9 +82,7 @@ impl TryFrom<ApiConfig> for ApiConfigData {
                 config.jwt_password.as_bytes(),
                 config.jwt_salt.as_bytes(),
                 &Into::into(&JwtArgonConfig::default()),
-            )
-            // TODO: Replace this once we switch to a better error lib
-            .expect("invalid JWT config"),
+            )?,
             jwt_password_salt: config.jwt_salt,
             jwt_secret_key: match &config.jwt_identity_file {
                 Some(path) => SecretKey::from_file(path)?,
@@ -200,7 +198,6 @@ impl<'a> From<&'a JwtArgonConfig> for argon2::Config<'a> {
             lanes: val.parallelism,
             mem_cost: val.mem_cost,
             secret: &[],
-            thread_mode: Default::default(),
             time_cost: val.iterations,
             variant: val.variant,
             version: val.version,

diff --git a/src/bin/inx-chronicle/api/core/responses.rs b/src/bin/inx-chronicle/api/core/responses.rs
@@ -1,7 +1,7 @@
 // Copyright 2022 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
-use iota_types::{api::core::response as iota, block::protocol::dto::ProtocolParametersDto};
+use iota_sdk::types::{api::core::response as iota, block::protocol::ProtocolParameters};
 use serde::{Deserialize, Serialize};
 
 use crate::api::responses::impl_success_response;
@@ -13,14 +13,14 @@ pub struct InfoResponse {
     pub name: String,
     pub version: String,
     pub status: iota::StatusResponse,
-    pub protocol: ProtocolParametersDto,
+    pub protocol: ProtocolParameters,
     pub base_token: iota::BaseTokenResponse,
 }
 
 impl_success_response!(InfoResponse);
 
 /// A wrapper struct that allows us to implement [`IntoResponse`](axum::response::IntoResponse) for the foreign
-/// responses from [`iota_types`](iota_types::api::core::response).
+/// responses from [`iota_types`](iota_sdk::types::api::core::response).
 #[derive(Clone, Debug, Serialize, derive_more::From)]
 pub struct IotaResponse<T: Serialize>(T);
 
@@ -31,7 +31,7 @@ impl<T: Serialize> axum::response::IntoResponse for IotaResponse<T> {
 }
 
 /// A wrapper struct that allows us to implement [`IntoResponse`](axum::response::IntoResponse) for the foreign
-/// raw responses from [`iota_types`](iota_types::api::core::response).
+/// raw responses from [`iota_types`](iota_sdk::types::api::core::response).
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(untagged)]
 pub enum IotaRawResponse<T: Serialize> {