fix(dht): use new DHKE shared secret type (#4844)

Description
---
Ensures safer use of ECDH shared secrets by switching to the new `DiffieHellmanSharedSecret` type. Updates `tari-crypto` to v0.15.7 to accomplish this.

Motivation and Context
---
Currently, an ECDH secret used for message keys is produced as a `RistrettoPublicKey`, converted to bytes, and returned as a byte array. However, neither the `RistrettoPublicKey` nor the byte array are cleared when dropped. In conjunction with `tari-crypto` [PR 137](tari-project/tari-crypto#137), this work ensures both the `RistrettoPublicKey` and byte array representations of the ECDH secret are zeroized on drop by using that PR's new `DiffieHellmanSharedSecret` type.

How Has This Been Tested?
---
Tested after applying `tari-crypto` [PR 137](tari-project/tari-crypto#137), which adds the new `DiffieHellmanSharedSecret` generic type.

applications/tari_app_grpc/Cargo.toml

@@ -11,7 +11,7 @@ edition = "2018"
 tari_common_types = { version = "^0.38", path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_core = { path = "../../base_layer/core" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_script = { path = "../../infrastructure/tari_script" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
 

applications/tari_app_utilities/Cargo.toml

@@ -7,7 +7,7 @@ license = "BSD-3-Clause"
 
 [dependencies]
 tari_comms = { path = "../../comms/core" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_common = { path = "../../common" }
 tari_common_types = { path = "../../base_layer/common_types" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }

applications/tari_base_node/Cargo.toml

@@ -15,7 +15,7 @@ tari_comms = { path = "../../comms/core", features = ["rpc"] }
 tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms_dht = { path = "../../comms/dht" }
 tari_core = { path = "../../base_layer/core", default-features = false, features = ["transactions"] }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_libtor = { path = "../../infrastructure/libtor", optional = true }
 tari_mmr = { path = "../../base_layer/mmr", features = ["native_bitmap"] }
 tari_p2p = { path = "../../base_layer/p2p", features = ["auto-update"] }

applications/tari_console_wallet/Cargo.toml

@@ -7,7 +7,7 @@ license = "BSD-3-Clause"
 
 [dependencies]
 tari_wallet = { path = "../../base_layer/wallet", features = ["bundled_sqlite"] }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_common = { path = "../../common" }
 tari_app_utilities = { path = "../tari_app_utilities" }
 tari_comms = { path = "../../comms/core" }

applications/tari_merge_mining_proxy/Cargo.toml

@@ -15,7 +15,7 @@ tari_common = { path = "../../common" }
 tari_comms = { path = "../../comms/core" }
 tari_core = { path = "../../base_layer/core", default-features = false, features = ["transactions"] }
 tari_app_utilities = { path = "../tari_app_utilities" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
 tari_base_node_grpc_client = {path="../../clients/rust/base_node_grpc_client" }
 tari_wallet_grpc_client = {path="../../clients/rust/wallet_grpc_client" }

applications/tari_miner/Cargo.toml

@@ -14,7 +14,7 @@ tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_app_utilities = { path = "../tari_app_utilities" }
 tari_app_grpc = { path = "../tari_app_grpc" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
 
 crossterm = { version = "0.25.0" }

base_layer/common_types/Cargo.toml

@@ -7,7 +7,7 @@ version = "0.38.8"
 edition = "2018"
 
 [dependencies]
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
 
 base64 = "0.13.0"

base_layer/core/Cargo.toml

@@ -24,7 +24,7 @@ tari_common_types = { version = "^0.38", path = "../../base_layer/common_types"
 tari_comms = { version = "^0.38", path = "../../comms/core" }
 tari_comms_dht = { version = "^0.38", path = "../../comms/dht" }
 tari_comms_rpc_macros = { version = "^0.38", path = "../../comms/rpc_macros" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_metrics = { path = "../../infrastructure/metrics" }
 tari_mmr = { version = "^0.38", path = "../../base_layer/mmr", optional = true, features = ["native_bitmap"] }
 tari_p2p = { version = "^0.38", path = "../../base_layer/p2p" }

base_layer/key_manager/Cargo.toml

@@ -13,7 +13,7 @@ crate-type = ["lib", "cdylib"]
 # NB: All dependencies must support or be gated for the WASM target.
 [dependencies]
 tari_common_types = { version = "^0.38", path = "../../base_layer/common_types", optional = true }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
 
 arrayvec = "0.7.1"
@@ -43,4 +43,4 @@ wasm-bindgen-test = "0.3.28"
 [features]
 avx2 = ["tari_crypto/simd_backend"]
 js = ["getrandom/js", "js-sys"]
-wasm = ["wasm-bindgen", "js", "tari_common_types", "console_error_panic_hook"]
+wasm = ["tari_crypto/wasm", "wasm-bindgen", "js", "tari_common_types", "console_error_panic_hook"]

base_layer/mmr/Cargo.toml

@@ -14,7 +14,7 @@ benches = ["criterion"]
 
 [dependencies]
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_common = {path = "../../common"}
 thiserror = "1.0.26"
 digest = "0.9.0"

base_layer/p2p/Cargo.toml

@@ -13,7 +13,7 @@ edition = "2018"
 tari_comms = { version = "^0.38", path = "../../comms/core" }
 tari_comms_dht = { version = "^0.38", path = "../../comms/dht" }
 tari_common = { version = "^0.38", path = "../../common" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_service_framework = { version = "^0.38", path = "../service_framework" }
 tari_shutdown = { version = "^0.38", path = "../../infrastructure/shutdown" }
 tari_storage = { version = "^0.38", path = "../../infrastructure/storage" }

base_layer/tari_mining_helper_ffi/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2018"
 
 [dependencies]
 tari_comms = { version = "^0.38", path = "../../comms/core" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_common = {  path = "../../common" }
 tari_core = {  path = "../core", default-features = false, features = ["transactions"]}
 tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", tag="v0.4.7" }

base_layer/wallet/Cargo.toml

@@ -12,7 +12,7 @@ tari_common = { path = "../../common" }
 tari_common_types = { version = "^0.38", path = "../../base_layer/common_types" }
 tari_comms = { version = "^0.38", path = "../../comms/core" }
 tari_comms_dht = { version = "^0.38", path = "../../comms/dht" }
-tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.6" }
+tari_crypto = { git = "https://github.com/tari-project/tari-crypto.git", tag = "v0.15.7" }
 tari_key_manager = { version = "^0.38", path = "../key_manager" }
 tari_p2p = { version = "^0.38", path = "../p2p", features = ["auto-update"] }
 tari_script = { path = "../../infrastructure/tari_script" }

base_layer/wallet/src/output_manager_service/service.rs

@@ -32,7 +32,7 @@ use tari_common_types::{
     transaction::TxId,
     types::{BlockHash, Commitment, HashOutput, PrivateKey, PublicKey},
 };
-use tari_comms::{types::CommsPublicKey, NodeIdentity};
+use tari_comms::{types::CommsDHKE, NodeIdentity};
 use tari_core::{
     consensus::{ConsensusConstants, ConsensusEncodingSized},
     covenants::Covenant,
@@ -62,7 +62,7 @@ use tari_core::{
 use tari_crypto::{
     commitment::HomomorphicCommitmentFactory,
     errors::RangeProofError,
-    keys::{DiffieHellmanSharedSecret, PublicKey as PublicKeyTrait, SecretKey},
+    keys::{PublicKey as PublicKeyTrait, SecretKey},
     ristretto::RistrettoSecretKey,
 };
 use tari_script::{inputs, script, Opcode, TariScript};
@@ -2322,7 +2322,7 @@ where
         fee_per_gram: MicroTari,
     ) -> Result<(TxId, MicroTari, MicroTari, Transaction), OutputManagerError> {
         let spending_key = PrivateKey::from_bytes(
-            CommsPublicKey::shared_secret(
+            CommsDHKE::new(
                 self.node_identity.as_ref().secret_key(),
                 &output.sender_offset_public_key,
             )
@@ -2558,11 +2558,7 @@ where
                         // match found
                         Some(matched_key) => {
                             match PrivateKey::from_bytes(
-                                CommsPublicKey::shared_secret(
-                                    &matched_key.private_key,
-                                    &output.sender_offset_public_key,
-                                )
-                                .as_bytes(),
+                                CommsDHKE::new(&matched_key.private_key, &output.sender_offset_public_key).as_bytes(),
                             ) {
                                 Ok(spending_sk) => scanned_outputs.push((
                                     output.clone(),
@@ -2591,7 +2587,7 @@ where
                     // computing shared secret
                     let shared_secret = PrivateKey::from_bytes(
                         WalletHasher::new_with_label("stealth_address")
-                            .chain(PublicKey::shared_secret(&wallet_sk, nonce.as_ref()).as_bytes())
+                            .chain(CommsDHKE::new(&wallet_sk, nonce.as_ref()).as_bytes())
                             .finalize()
                             .as_ref(),
                     )
@@ -2603,7 +2599,7 @@ where
                     }
 
                     match PrivateKey::from_bytes(
-                        CommsPublicKey::shared_secret(&wallet_sk, &output.sender_offset_public_key).as_bytes(),
+                        CommsDHKE::new(&wallet_sk, &output.sender_offset_public_key).as_bytes(),
                     ) {
                         Ok(spending_sk) => scanned_outputs.push((
                             output.clone(),