From 09c043c54af34c8765961d49c07243c3923ec7cb Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Wed, 22 Jun 2022 15:06:14 -0700 Subject: [PATCH] Revert "device transfer: replace `picky` with `boring`" We need to work out more kinks cross-compiling boring-sys, so revert this for now. (But keep the fix to use the correct Android NDK.) --- .github/workflows/build_and_test.yml | 18 +- Cargo.lock | 400 ++++++++++++++++++--------- Cargo.toml | 7 +- bin/verify_duplicate_crates | 8 + java/Dockerfile | 7 +- node/.eslintignore | 1 - rust/device-transfer/Cargo.toml | 5 +- rust/device-transfer/src/lib.rs | 91 +++--- rust/device-transfer/tests/tests.rs | 51 +--- 9 files changed, 339 insertions(+), 249 deletions(-) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 64ce73c678..b327e4a237 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -86,7 +86,7 @@ jobs: steps: - uses: actions/checkout@v2 - - run: sudo apt-get update && sudo apt-get install gcc-multilib g++-multilib + - run: sudo apt-get update && sudo apt-get install gcc-multilib - name: Install Rust run: rustup +stable target add i686-unknown-linux-gnu @@ -127,7 +127,7 @@ jobs: steps: - uses: actions/checkout@v2 - - run: sudo apt-get update && sudo apt-get install gcc-multilib g++-multilib + - run: sudo apt-get update && sudo apt-get install gcc-multilib - name: Install Rust uses: actions-rs/toolchain@v1 @@ -154,8 +154,10 @@ jobs: run: cargo test --all --verbose -- -Z unstable-options --include-ignored - name: Run tests (32-bit) + # Exclude device-transfer because OpenSSL, used for reference results, + # doesn't support the --target option. # Exclude signal-neon-futures because those tests run Node - run: cargo test --all --verbose --target i686-unknown-linux-gnu --exclude signal-neon-futures -- -Z unstable-options --include-ignored + run: cargo test --all --verbose --target i686-unknown-linux-gnu --exclude device-transfer --exclude signal-neon-futures -- -Z unstable-options --include-ignored - name: Build benches run: cargo build --benches --verbose @@ -178,9 +180,6 @@ jobs: - name: Install NDK run: sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install "ndk;${NDK_VERSION}" - - name: Install boring cross-compile dependencies - run: sudo apt-get update && sudo apt-get install gcc-multilib - - name: Install Rust uses: actions-rs/toolchain@v1 with: @@ -231,12 +230,6 @@ jobs: shell: bash run: echo "::set-output name=node-version::$(cat .nvmrc)" - # install nasm compiler for boring - - name: Install nasm - if: startsWith(matrix.os, 'windows') - run: choco install nasm - shell: cmd - - uses: actions/setup-node@v2 with: node-version: ${{ steps.get-nvm-version.outputs.node-version }} @@ -325,3 +318,4 @@ jobs: run: pod lib lint --verbose --platforms=ios --include-podspecs=SignalCoreKit/SignalCoreKit.podspec --skip-import-validation env: XCODE_XCCONFIG_FILE: swift/PodLibLint.xcconfig + diff --git a/Cargo.lock b/Cargo.lock index 4b70ab8471..f43ded6a85 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,6 +160,12 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" +[[package]] +name = "base64" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" + [[package]] name = "base64ct" version = "1.5.0" @@ -175,25 +181,6 @@ dependencies = [ "serde", ] -[[package]] -name = "bindgen" -version = "0.60.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6" -dependencies = [ - "bitflags", - "cexpr", - "clang-sys", - "lazy_static", - "lazycell", - "peeking_take_while", - "proc-macro2", - "quote", - "regex", - "rustc-hash", - "shlex", -] - [[package]] name = "bitflags" version = "1.3.2" @@ -217,6 +204,7 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" dependencies = [ + "block-padding", "generic-array", ] @@ -236,27 +224,6 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" -[[package]] -name = "boring" -version = "2.0.0" -source = "git+https://github.com/signalapp/boring?branch=libsignal#ceb140105bf34a163903539ed079f128d155f006" -dependencies = [ - "bitflags", - "boring-sys", - "foreign-types", - "lazy_static", - "libc", -] - -[[package]] -name = "boring-sys" -version = "2.0.0" -source = "git+https://github.com/signalapp/boring?branch=libsignal#ceb140105bf34a163903539ed079f128d155f006" -dependencies = [ - "bindgen", - "cmake", -] - [[package]] name = "bstr" version = "0.2.17" @@ -308,15 +275,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] - [[package]] name = "cfg-if" version = "1.0.0" @@ -349,23 +307,25 @@ dependencies = [ ] [[package]] -name = "cipher" -version = "0.3.0" +name = "chrono" +version = "0.4.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" dependencies = [ - "generic-array", + "libc", + "num-integer", + "num-traits", + "time", + "winapi", ] [[package]] -name = "clang-sys" -version = "1.3.2" +name = "cipher" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf6b561dcf059c85bbe388e0a7b0a1469acb3934cc0cfa148613a830629e3049" +checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" dependencies = [ - "glob", - "libc", - "libloading 0.7.3", + "generic-array", ] [[package]] @@ -379,15 +339,6 @@ dependencies = [ "unicode-width", ] -[[package]] -name = "cmake" -version = "0.1.48" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8ad8cef104ac57b68b89df3208164d228503abbdce70f6880ffa3d970e7443a" -dependencies = [ - "cc", -] - [[package]] name = "combine" version = "4.6.3" @@ -583,9 +534,10 @@ dependencies = [ name = "device-transfer" version = "0.1.0" dependencies = [ - "boring", + "chrono", "hex", - "libc", + "openssl", + "picky", ] [[package]] @@ -672,30 +624,18 @@ checksum = "279fb028e20b3c4c320317955b77c5e0c9701f05a1d309905d6fc702cdc5053e" [[package]] name = "foreign-types" -version = "0.5.0" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" dependencies = [ - "foreign-types-macros", "foreign-types-shared", ] -[[package]] -name = "foreign-types-macros" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8469d0d40519bc608ec6863f1cc88f3f1deee15913f2f3b3e573d81ed38cccc" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "foreign-types-shared" -version = "0.3.1" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "futures-core" @@ -782,12 +722,6 @@ version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" -[[package]] -name = "glob" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" - [[package]] name = "group" version = "0.11.0" @@ -931,16 +865,19 @@ dependencies = [ ] [[package]] -name = "lazy_static" -version = "1.4.0" +name = "keccak" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "67c21572b4949434e4fc1e1978b99c5f77064153c59d998bf13ecd96fb5ecba7" [[package]] -name = "lazycell" -version = "1.3.0" +name = "lazy_static" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin", +] [[package]] name = "libc" @@ -959,14 +896,10 @@ dependencies = [ ] [[package]] -name = "libloading" -version = "0.7.3" +name = "libm" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd" -dependencies = [ - "cfg-if", - "winapi", -] +checksum = "33a33a362ce288760ec6a508b94caaec573ae7d3bbbd91b87aa0bad4456839db" [[package]] name = "libsignal-bridge" @@ -1141,12 +1074,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "minimal-lexical" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" - [[package]] name = "miniz_oxide" version = "0.4.4" @@ -1200,18 +1127,58 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c4b1a7f8f569b4e43feff04931924cebe40a630fa258d2a28147525d247defe" dependencies = [ "cfg-if", - "libloading 0.6.7", + "libloading", "smallvec", ] [[package]] -name = "nom" -version = "7.1.1" +name = "num-bigint" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36" +checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" dependencies = [ - "memchr", - "minimal-lexical", + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint-dig" +version = "0.7.0" +source = "git+https://github.com/dignifiedquire/num-bigint?rev=56576b592fea6341b7e1711a1629e4cc1bfc419c#56576b592fea6341b7e1711a1629e4cc1bfc419c" +dependencies = [ + "autocfg", + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "serde", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" +dependencies = [ + "autocfg", + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", ] [[package]] @@ -1221,6 +1188,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -1263,6 +1231,21 @@ dependencies = [ "memchr", ] +[[package]] +name = "oid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2" +dependencies = [ + "serde", +] + +[[package]] +name = "once_cell" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9" + [[package]] name = "oorandom" version = "11.1.3" @@ -1275,6 +1258,33 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "openssl" +version = "0.10.38" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-sys", +] + +[[package]] +name = "openssl-sys" +version = "0.9.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e46109c383602735fa0a2e48dd2b7c892b048e1bf69e5c3b1d804b7d9c203cb" +dependencies = [ + "autocfg", + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "p256" version = "0.10.1" @@ -1294,10 +1304,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0744126afe1a6dd7f394cb50a716dbe086cb06e255e53d8d0185d82828358fb5" [[package]] -name = "peeking_take_while" -version = "0.1.2" +name = "pem" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" +checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb" +dependencies = [ + "base64", + "once_cell", + "regex", +] [[package]] name = "pest" @@ -1318,6 +1333,64 @@ dependencies = [ "indexmap", ] +[[package]] +name = "picky" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6b25b296bb2a45678748f61c51f5a548ea56b25b0ad4966183709b386eaecf" +dependencies = [ + "base64", + "digest", + "num-bigint-dig", + "oid", + "picky-asn1", + "picky-asn1-der", + "picky-asn1-x509", + "rand 0.8.5", + "rsa", + "serde", + "sha-1", + "sha2", + "sha3", + "thiserror", +] + +[[package]] +name = "picky-asn1" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "889bbb26c80acf919e89980dfc8e04eb19df272d8a9893ec9b748d3a1675abde" +dependencies = [ + "oid", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-der" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbbd5390ab967396cc7473e6e0848684aec7166e657c6088604e07b54a73dbe" +dependencies = [ + "picky-asn1", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-x509" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3033675030de806aba1d5470949701b7c9f1dbf77e3bb17bd12e5f945e560ba" +dependencies = [ + "base64", + "num-bigint-dig", + "oid", + "picky-asn1", + "picky-asn1-der", + "serde", +] + [[package]] name = "pin-project-lite" version = "0.2.8" @@ -1341,6 +1414,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "pkg-config" +version = "0.3.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" + [[package]] name = "plotters" version = "0.3.1" @@ -1638,16 +1717,30 @@ dependencies = [ ] [[package]] -name = "rustc-demangle" -version = "0.1.21" +name = "rsa" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" +checksum = "7b0aeddcca1082112a6eeb43bf25fd7820b066aaf6eaef776e19d0a1febe38fe" +dependencies = [ + "byteorder", + "digest", + "lazy_static", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pem", + "rand 0.8.5", + "simple_asn1", + "subtle", + "zeroize", +] [[package]] -name = "rustc-hash" -version = "1.1.0" +name = "rustc-demangle" +version = "0.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" [[package]] name = "rustc_version" @@ -1749,6 +1842,15 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "serde_bytes" +version = "0.11.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9" +dependencies = [ + "serde", +] + [[package]] name = "serde_cbor" version = "0.11.2" @@ -1808,10 +1910,16 @@ dependencies = [ ] [[package]] -name = "shlex" -version = "1.1.0" +name = "sha3" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" +checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809" +dependencies = [ + "block-buffer", + "digest", + "keccak", + "opaque-debug", +] [[package]] name = "signal-crypto" @@ -1859,6 +1967,18 @@ dependencies = [ "rand_core 0.6.3", ] +[[package]] +name = "simple_asn1" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eb4ea60fb301dc81dfc113df680571045d375ab7345d171c5dc7d7e13107a80" +dependencies = [ + "chrono", + "num-bigint", + "num-traits", + "thiserror", +] + [[package]] name = "slab" version = "0.4.5" @@ -1888,6 +2008,12 @@ dependencies = [ "x25519-dalek", ] +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + [[package]] name = "spki" version = "0.5.4" @@ -1987,6 +2113,16 @@ dependencies = [ "syn", ] +[[package]] +name = "time" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "tinytemplate" version = "1.2.1" @@ -2068,6 +2204,12 @@ dependencies = [ "syn", ] +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index 430c90c8ba..d27a769200 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,4 +22,9 @@ resolver = "2" # so that our dev-dependency features don't leak into products [patch.crates-io] # Use our fork of curve25519-dalek for eventual zkgroup support. curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', branch = 'lizard2' } -boring = { git = 'https://github.com/signalapp/boring', branch = 'libsignal'} + +# Use a num-bigint-dig that supports -Zbuild-std. +num-bigint-dig = { git = 'https://github.com/dignifiedquire/num-bigint', rev = '56576b592fea6341b7e1711a1629e4cc1bfc419c' } + +[profile.dev.package.num-bigint-dig] +opt-level = 2 # too slow otherwise! diff --git a/bin/verify_duplicate_crates b/bin/verify_duplicate_crates index 82081b3c47..95170f32a6 100755 --- a/bin/verify_duplicate_crates +++ b/bin/verify_duplicate_crates @@ -19,6 +19,14 @@ getrandom v0.1.16 getrandom v0.2.5 +rand v0.7.3 + +rand v0.8.5 + +rand_chacha v0.2.2 + +rand_chacha v0.3.1 + rand_core v0.5.1 rand_core v0.6.3 diff --git a/java/Dockerfile b/java/Dockerfile index 450f288732..061210de5f 100644 --- a/java/Dockerfile +++ b/java/Dockerfile @@ -13,12 +13,9 @@ RUN apt-get update \ && apt-get install -y \ apt-transport-https \ build-essential \ - cmake \ - curl \ - gcc-multilib \ git \ + curl \ gpg-agent \ - libclang-dev \ openjdk-11-jdk \ openssh-client \ unzip @@ -44,7 +41,7 @@ ARG ANDROID_API_LEVELS=android-30 ARG ANDROID_BUILD_TOOLS_VERSION=30.0.2 ARG NDK_VERSION=21.0.6113669 ENV ANDROID_HOME /home/libsignal/android-sdk -ENV ANDROID_NDK_HOME ${ANDROID_HOME}/ndk/${NDK_VERSION} +ENV NDK_HOME ${ANDROID_HOME}/ndk/${NDK_VERSION} ENV PATH ${PATH}:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools:${ANDROID_HOME}/cmdline-tools/bin RUN curl -O https://dl.google.com/android/repository/${ANDROID_SDK_FILENAME} \ diff --git a/node/.eslintignore b/node/.eslintignore index 7baec429e6..605f702712 100644 --- a/node/.eslintignore +++ b/node/.eslintignore @@ -1,4 +1,3 @@ -build/** dist/** .eslintrc.js Native.js diff --git a/rust/device-transfer/Cargo.toml b/rust/device-transfer/Cargo.toml index f38c5187f8..83e70f554c 100644 --- a/rust/device-transfer/Cargo.toml +++ b/rust/device-transfer/Cargo.toml @@ -6,8 +6,9 @@ edition = "2018" license = "AGPL-3.0-only" [dependencies] -boring = "2.0.0" -libc = "0.2" +picky = { version = "6", default-features = false, features = ["x509"] } +chrono = "0.4" [dev-dependencies] +openssl = "0.10" hex = "0.4" diff --git a/rust/device-transfer/src/lib.rs b/rust/device-transfer/src/lib.rs index c18a08d11d..ba8c04d335 100644 --- a/rust/device-transfer/src/lib.rs +++ b/rust/device-transfer/src/lib.rs @@ -8,16 +8,12 @@ #![deny(unsafe_code)] #![warn(missing_docs)] -use std::convert::TryInto; +use chrono::{Datelike, Duration, Utc}; +use picky::key::PrivateKey; +use picky::x509::name::{DirectoryName, NameAttr}; +use picky::x509::{certificate::CertificateBuilder, date::UTCDate}; +use picky::{hash::HashAlgorithm, signature::SignatureAlgorithm}; use std::fmt; -use std::time::{Duration, SystemTime}; - -use boring::asn1::Asn1Time; -use boring::error::ErrorStack; -use boring::hash::MessageDigest; -use boring::pkey::{PKey, Private}; -use boring::rsa::Rsa; -use boring::x509::{X509Builder, X509Name, X509NameBuilder, X509}; /// Error types for device transfer. #[derive(Copy, Clone, Debug)] @@ -39,11 +35,9 @@ impl fmt::Display for Error { /// Generate a private key of size `bits` and export to PKCS8 format. pub fn create_rsa_private_key(bits: usize) -> Result, Error> { - let rsa = Rsa::generate(bits as u32) + let key = PrivateKey::generate_rsa(bits) .map_err(|_| Error::InternalError("RSA key generation failed"))?; - let key = - PKey::from_rsa(rsa).map_err(|_| Error::InternalError("Private key generation failed"))?; - key.private_key_to_der() + key.to_pkcs8() .map_err(|_| Error::InternalError("Exporting to PKCS8 failed")) } @@ -55,54 +49,33 @@ pub fn create_self_signed_cert( name: &str, days_to_expire: u32, ) -> Result, Error> { - let rsa_key = - PKey::private_key_from_der(rsa_key_pkcs8).map_err(|_| Error::KeyDecodingFailed)?; - - let valid_after_timestamp: libc::time_t = (SystemTime::now() - - Duration::from_secs(60 * 60 * 24)) - .duration_since(SystemTime::UNIX_EPOCH) - .map_err(|_| Error::InternalError("Could not generate valid start timestamp"))? - .as_secs() - .try_into() - .map_err(|_| Error::InternalError("Could not generate valid start timestamp"))?; - - let cert = build_cert(rsa_key, name, valid_after_timestamp, days_to_expire) + let rsa_key = PrivateKey::from_pkcs8(rsa_key_pkcs8).map_err(|_| Error::KeyDecodingFailed)?; + + let mut dn = DirectoryName::new_common_name(name); + dn.add_attr(NameAttr::OrganizationName, "Signal Foundation"); + dn.add_attr(NameAttr::OrganizationalUnitName, "Device Transfer"); + + let now = Utc::now(); + let expires = now + Duration::days(days_to_expire.into()); + + let started_at = UTCDate::ymd(now.year() as u16, now.month() as u8, now.day() as u8) + .ok_or(Error::InternalError("Cannot map current time to UTCDate"))?; + let ends_at = UTCDate::ymd( + expires.year() as u16, + expires.month() as u8, + expires.day() as u8, + ) + .ok_or(Error::InternalError( + "Cannot map expiration time to UTCDate", + ))?; + + let cert = CertificateBuilder::new() + .validity(started_at, ends_at) + .self_signed(dn, &rsa_key) + .signature_hash_type(SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA2_256)) + .build() .map_err(|_| Error::InternalError("Creating certificate failed"))?; cert.to_der() .map_err(|_| Error::InternalError("Converting cert to DER failed")) } - -fn build_cert( - rsa_key: PKey, - name: &str, - valid_after_timestamp: libc::time_t, - days_to_expire: u32, -) -> Result { - let mut cert_builder = X509Builder::new()?; - - let issuer_name = build_self_signed_name(name)?; - let subject_name = build_self_signed_name(name)?; - cert_builder.set_issuer_name(&issuer_name)?; - cert_builder.set_subject_name(&subject_name)?; - - let started_at = Asn1Time::from_unix(valid_after_timestamp)?; - let ends_at = Asn1Time::days_from_now(days_to_expire)?; - - cert_builder.set_not_before(&started_at)?; - cert_builder.set_not_after(&ends_at)?; - - cert_builder.set_pubkey(&rsa_key)?; - cert_builder.sign(&rsa_key, MessageDigest::sha256())?; - - Ok(cert_builder.build()) -} - -fn build_self_signed_name(name: &str) -> Result { - let mut name_builder = X509NameBuilder::new()?; - name_builder.append_entry_by_text("CN", name)?; - name_builder.append_entry_by_text("O", "Signal Foundation")?; - name_builder.append_entry_by_text("OU", "Device Transfer")?; - - Ok(name_builder.build()) -} diff --git a/rust/device-transfer/tests/tests.rs b/rust/device-transfer/tests/tests.rs index 79dcac70b4..29ac10b95f 100644 --- a/rust/device-transfer/tests/tests.rs +++ b/rust/device-transfer/tests/tests.rs @@ -3,68 +3,39 @@ // SPDX-License-Identifier: AGPL-3.0-only // -use std::cmp::Ordering; -use std::convert::TryInto; -use std::time::{Duration, SystemTime}; - -use boring::asn1::Asn1Time; -use boring::pkey::PKey; -use boring::rsa::Padding; -use boring::x509::X509; - use device_transfer::*; +use openssl::pkey::PKey; +use openssl::rsa::Padding; +use openssl::x509::X509; #[test] fn test_generate_and_parse() -> Result<(), Error> { let bit_size = 4096; let key = create_rsa_private_key(bit_size)?; - let days_to_expire = 10; - let cert = create_self_signed_cert(&key, "test", days_to_expire)?; + let cert = create_self_signed_cert(&key, "test", 10)?; println!("key = {}", hex::encode(&key)); println!("cert = {}", hex::encode(&cert)); - let boring_key = PKey::private_key_from_der(&key).expect("BoringSSL can parse our PKCS8 key"); + let openssl_key = PKey::private_key_from_der(&key).expect("OpenSSL can parse our PKCS8 key"); // Try to use the key - let boring_rsa = boring_key.rsa().expect("This is a RSA key"); + let openssl_rsa = openssl_key.rsa().expect("This is a RSA key"); let mut signature = vec![0; bit_size / 8]; let digest = vec![0x23; 20]; - let sig_len = boring_rsa + let sig_len = openssl_rsa .private_encrypt(&digest, &mut signature, Padding::PKCS1) .unwrap(); assert_eq!(sig_len, bit_size / 8); - assert!(boring_rsa.check_key().unwrap()); + assert!(openssl_rsa.check_key().unwrap()); - let boring_cert = X509::from_der(&cert).expect("BoringSSL can parse our certificate"); - let pubkey = boring_cert.public_key().expect("Can extract public key"); + let openssl_cert = X509::from_der(&cert).expect("OpenSSL can parse our certificate"); + let pubkey = openssl_cert.public_key().expect("Can extract public key"); // Self-signature verifies: - assert!(boring_cert.verify(&pubkey).unwrap()); - - // Cert should be valid an hour ago, to allow for clock skew - let one_hour_ago: libc::time_t = (SystemTime::now() - Duration::from_secs(60 * 60)) - .duration_since(SystemTime::UNIX_EPOCH) - .expect("Valid duration") - .as_secs() - .try_into() - .expect("Duration seconds should fit in i64"); - let one_hour_ago = Asn1Time::from_unix(one_hour_ago).expect("Valid timestamp"); - - let start = boring_cert.not_before(); - let start_ordering = start - .compare(&one_hour_ago) - .expect("comparison should not fail"); - assert_eq!(Ordering::Less, start_ordering); - - let after_expiration = Asn1Time::days_from_now(days_to_expire + 1).expect("Should not fail"); - let expires = boring_cert.not_after(); - let expires_ordering = expires - .compare(&after_expiration) - .expect("comparison should not fail"); - assert_eq!(Ordering::Less, expires_ordering); + assert!(openssl_cert.verify(&pubkey).unwrap()); Ok(()) }