diff --git a/Cargo.toml b/Cargo.toml index 8da47c2..7987184 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -37,7 +37,7 @@ with_ctap1 = ["crypto/with_ctap1"] with_nfc = ["libtock_drivers/with_nfc"] vendor_hid = ["libtock_drivers/vendor_hid"] fuzz = ["arbitrary", "std"] -with_ed25519 = ["ed25519-dalek"] +ed25519 = ["ed25519-dalek"] [dev-dependencies] enum-iterator = "0.6.0" diff --git a/deploy.py b/deploy.py index 24c1817..e99a1b2 100755 --- a/deploy.py +++ b/deploy.py @@ -1090,9 +1090,9 @@ if __name__ == "__main__": ) main_parser.add_argument( - "--with_ed25519", + "--ed25519", action="append_const", - const="with_ed25519", + const="ed25519", dest="features", help=("Enable Ed25519 support"), ) diff --git a/src/ctap/crypto_wrapper.rs b/src/ctap/crypto_wrapper.rs index 68c7d01..baca32b 100644 --- a/src/ctap/crypto_wrapper.rs +++ b/src/ctap/crypto_wrapper.rs @@ -30,7 +30,7 @@ use crypto::sha256::Sha256; use rng256::Rng256; use sk_cbor as cbor; use sk_cbor::{cbor_array, cbor_bytes, cbor_int}; -#[cfg(feature = "with_ed25519")] +#[cfg(feature = "ed25519")] use ed25519_dalek::Signer; // Legacy credential IDs consist of @@ -45,13 +45,13 @@ pub const ECDSA_CREDENTIAL_ID_SIZE: usize = 113; pub const MAX_CREDENTIAL_ID_SIZE: usize = 113; const ECDSA_CREDENTIAL_ID_VERSION: u8 = 0x01; -#[cfg(feature = "with_ed25519")] +#[cfg(feature = "ed25519")] const ED25519_CREDENTIAL_ID_VERSION: u8 = 0x02; #[cfg(test)] -#[cfg(feature = "with_ed25519")] +#[cfg(feature = "ed25519")] const UNSUPPORTED_CREDENTIAL_ID_VERSION: u8 = 0x03; #[cfg(test)] -#[cfg(not(feature = "with_ed25519"))] +#[cfg(not(feature = "ed25519"))] const UNSUPPORTED_CREDENTIAL_ID_VERSION: u8 = 0x02; /// Wraps the AES256-CBC encryption to match what we need in CTAP. @@ -104,7 +104,7 @@ pub fn aes256_cbc_decrypt( #[derive(Debug)] pub enum PrivateKey { Ecdsa(ecdsa::SecKey), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] Ed25519(ed25519_dalek::Keypair), } @@ -112,7 +112,7 @@ impl Clone for PrivateKey { fn clone(&self) -> Self { match self { Self::Ecdsa(sk) => Self::Ecdsa (sk.clone ()), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] Self::Ed25519(keypair) => Self::Ed25519 (ed25519_dalek::Keypair::from_bytes (&keypair.to_bytes()).unwrap()), } } @@ -122,9 +122,9 @@ impl PartialEq for PrivateKey { fn eq(&self, other: &Self) -> bool { match (self, other) { (&Self::Ecdsa(ref a), &Self::Ecdsa(ref b)) => a == b, - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] (&Self::Ed25519(ref a), &Self::Ed25519(ref b)) => a.to_bytes() == b.to_bytes(), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] _ => false, } } @@ -141,7 +141,7 @@ impl PrivateKey { pub fn new(rng: &mut impl Rng256, alg: SignatureAlgorithm) -> Self { match alg { SignatureAlgorithm::ES256 => PrivateKey::Ecdsa(crypto::ecdsa::SecKey::gensk(rng)), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] SignatureAlgorithm::EDDSA => { let bytes = rng.gen_uniform_u8x32(); Self::new_ed25519_from_bytes(&bytes).unwrap() @@ -160,7 +160,7 @@ impl PrivateKey { ecdsa::SecKey::from_bytes(array_ref!(bytes, 0, 32)).map(PrivateKey::from) } - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] pub fn new_ed25519_from_bytes(bytes: &[u8]) -> Option { if bytes.len() != 32 { return None; @@ -177,7 +177,7 @@ impl PrivateKey { pub fn get_pub_key(&self) -> CoseKey { match self { PrivateKey::Ecdsa(ecdsa_key) => CoseKey::from(ecdsa_key.genpk()), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] PrivateKey::Ed25519(ed25519_keypair) => CoseKey::from(ed25519_keypair.public), } } @@ -186,7 +186,7 @@ impl PrivateKey { pub fn sign_and_encode(&self, message: &[u8]) -> Vec { match self { PrivateKey::Ecdsa(ecdsa_key) => ecdsa_key.sign_rfc6979::(message).to_asn1_der(), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] PrivateKey::Ed25519(ed25519_keypair) => ed25519_keypair.try_sign(message).unwrap().to_bytes().to_vec(), } } @@ -195,7 +195,7 @@ impl PrivateKey { pub fn signature_algorithm(&self) -> SignatureAlgorithm { match self { PrivateKey::Ecdsa(_) => SignatureAlgorithm::ES256, - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] PrivateKey::Ed25519(_) => SignatureAlgorithm::EDDSA, } } @@ -208,7 +208,7 @@ impl PrivateKey { ecdsa_key.to_bytes(array_mut_ref!(key_bytes, 0, 32)); key_bytes } - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] PrivateKey::Ed25519(ed25519_keypair) => ed25519_keypair.secret.to_bytes().to_vec(), } } @@ -235,7 +235,7 @@ impl TryFrom for PrivateKey { match SignatureAlgorithm::try_from(array.pop().unwrap())? { SignatureAlgorithm::ES256 => PrivateKey::new_ecdsa_from_bytes(&key_bytes) .ok_or(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] SignatureAlgorithm::EDDSA => PrivateKey::new_ed25519_from_bytes(&key_bytes) .ok_or(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR), _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR), @@ -285,7 +285,7 @@ pub fn encrypt_key_handle( ecdsa_key.to_bytes(array_mut_ref!(plaintext, 0, 32)); version = ECDSA_CREDENTIAL_ID_VERSION; } - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] PrivateKey::Ed25519(keypair) => { plaintext[0..32].copy_from_slice(&keypair.secret.to_bytes()); version = ED25519_CREDENTIAL_ID_VERSION; @@ -337,7 +337,7 @@ pub fn decrypt_credential_source( // Version number check match credential_id[0] { ECDSA_CREDENTIAL_ID_VERSION => algorithm = ES256_ALGORITHM, - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] ED25519_CREDENTIAL_ID_VERSION => algorithm = EDDSA_ALGORITHM, _ => return Ok(None), } @@ -357,9 +357,9 @@ pub fn decrypt_credential_source( let sk_option; match algorithm { ES256_ALGORITHM => sk_option = PrivateKey::new_ecdsa_from_bytes(&decrypted_id[..32]), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] EDDSA_ALGORITHM => sk_option = PrivateKey::new_ed25519_from_bytes(&decrypted_id[..32]), - #[cfg(not(feature = "with_ed25519"))] + #[cfg(not(feature = "ed25519"))] EDDSA_ALGORITHM => return Ok(None), _ => return Ok(None), } @@ -462,7 +462,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_new_ed25519_from_bytes() { let mut env = TestEnv::new(); let private_key = PrivateKey::new(env.rng(), SignatureAlgorithm::EDDSA); @@ -482,7 +482,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_new_ed25519_from_bytes_wrong_length() { assert_eq!(PrivateKey::new_ed25519_from_bytes(&[0x55; 16]), None); assert_eq!(PrivateKey::new_ed25519_from_bytes(&[0x55; 31]), None); @@ -521,7 +521,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_ed25519_private_key_signature_algorithm() { test_private_key_signature_algorithm(SignatureAlgorithm::EDDSA); } @@ -539,7 +539,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_ed25519_private_key_from_to_cbor() { test_private_key_from_to_cbor(SignatureAlgorithm::EDDSA); } @@ -557,7 +557,7 @@ mod test { Err(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR), ); - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] { let cbor = cbor_array![ cbor_int!(SignatureAlgorithm::EDDSA as i64), @@ -602,7 +602,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_encrypt_decrypt_ed25519_credential() { test_encrypt_decrypt_credential(SignatureAlgorithm::EDDSA); } @@ -652,7 +652,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_ed25519_encrypt_decrypt_bad_hmac() { test_encrypt_decrypt_bad_hmac(SignatureAlgorithm::EDDSA); } @@ -679,7 +679,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_ed25519_decrypt_credential_missing_blocks() { test_decrypt_credential_missing_blocks(SignatureAlgorithm::EDDSA); } diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs index e7c9cc4..337e5af 100644 --- a/src/ctap/data_formats.rs +++ b/src/ctap/data_formats.rs @@ -504,7 +504,7 @@ impl From for cbor::Value { #[cfg_attr(feature = "fuzz", derive(Arbitrary))] pub enum SignatureAlgorithm { ES256 = ES256_ALGORITHM as isize, - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] EDDSA = EDDSA_ALGORITHM as isize, // This is the default for all numbers not covered above. // Unknown types should be ignored, instead of returning errors. @@ -521,7 +521,7 @@ impl From for SignatureAlgorithm { fn from(int: i64) -> Self { match int { ES256_ALGORITHM => SignatureAlgorithm::ES256, - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] EDDSA_ALGORITHM => SignatureAlgorithm::EDDSA, _ => SignatureAlgorithm::Unknown, } @@ -736,11 +736,11 @@ impl CoseKey { const ECDH_ALGORITHM: i64 = -25; // The parameter behind map key 1. const EC2_KEY_TYPE: i64 = 2; - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] const OKP_KEY_TYPE: i64 = 1; // The parameter behind map key -1. const P_256_CURVE: i64 = 1; - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] const ED25519_CURVE: i64 = 6; } @@ -843,7 +843,7 @@ impl From for CoseKey { } } -#[cfg(feature = "with_ed25519")] +#[cfg(feature = "ed25519")] impl From for CoseKey { fn from(pk: ed25519_dalek::PublicKey) -> Self { CoseKey { @@ -943,7 +943,7 @@ impl TryFrom for ecdsa::Signature { match cose_signature.algorithm { SignatureAlgorithm::ES256 => ecdsa::Signature::from_bytes(&cose_signature.bytes) .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER), - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] SignatureAlgorithm::EDDSA => Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM), SignatureAlgorithm::Unknown => @@ -1607,7 +1607,7 @@ mod test { let signature_algorithm = SignatureAlgorithm::from(alg_int); assert_eq!(signature_algorithm, SignatureAlgorithm::ES256); - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] { let alg_int = SignatureAlgorithm::EDDSA as i64; let signature_algorithm = SignatureAlgorithm::from(alg_int); @@ -1628,7 +1628,7 @@ mod test { let created_cbor: cbor::Value = signature_algorithm.unwrap().into(); assert_eq!(created_cbor, cbor_signature_algorithm); - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] { let cbor_signature_algorithm: cbor::Value = cbor_int!(EDDSA_ALGORITHM); let signature_algorithm = SignatureAlgorithm::try_from(cbor_signature_algorithm.clone()); @@ -1723,7 +1723,7 @@ mod test { } #[test] - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] fn test_from_into_ed25519_public_key_credential_parameter() { test_from_into_public_key_credential_parameter(EDDSA_ALGORITHM, SignatureAlgorithm::EDDSA); } diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs index 547629d..43267cf 100644 --- a/src/ctap/mod.rs +++ b/src/ctap/mod.rs @@ -117,7 +117,7 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa alg: SignatureAlgorithm::ES256, }; -#[cfg(feature = "with_ed25519")] +#[cfg(feature = "ed25519")] pub const EDDSA_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialParameter { cred_type: PublicKeyCredentialType::PublicKey, alg: SignatureAlgorithm::EDDSA, @@ -126,7 +126,7 @@ pub const EDDSA_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa fn get_supported_cred_params() -> Vec { let mut ret_val = vec!(); ret_val.push(ES256_CRED_PARAM); - #[cfg(feature = "with_ed25519")] + #[cfg(feature = "ed25519")] ret_val.push(EDDSA_CRED_PARAM); ret_val }