Reduce and update dependencies

honzasp · Jul 3, 2022 · b5eec32 · b5eec32
1 parent 6bac2e8
commit b5eec32
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 37 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -25,10 +25,8 @@ aes-gcm = "^0.10.0-pre"
 bytes = "1.1"
 cbc = "0.1"
 chacha20 = "0.9"
-cipher = "0.4"
 ctr = "0.9"
 derivative = "2.2"
-digest = "0.10"
 ecdsa = {version = "0.14", features = ["sign", "verify"]}
 ed25519-dalek = "1.0"
 futures-core = "0.3"
@@ -48,11 +46,9 @@ rand_chacha = "0.3"
 rsa = {version = "0.6", default-features = false}
 sha-1 = {version = "0.10", default-features = false}
 sha2 = "0.10"
-subtle = "2.4"
 thiserror = "1.0"
 tokio = {version = "1", features = ["sync"]}
 tokio-util = {version = "0.7", features = []}
-typenum = "1.15"
 x25519-dalek = "1.1" # due to issue #89
 
 [dev-dependencies]

diff --git a/src/cipher/aes_gcm.rs b/src/cipher/aes_gcm.rs
@@ -1,8 +1,8 @@
-use aes_gcm::aead::{AeadInPlace as _, NewAead as _};
-use cipher::{BlockCipher, BlockEncrypt, KeyInit};
-use cipher::generic_array::GenericArray;
-use cipher::generic_array::sequence::Concat as _;
-use cipher::typenum::{U12, U16};
+use aes_gcm::aead::{AeadInPlace as _};
+use aes_gcm::aes::cipher::{BlockCipher, BlockEncrypt, KeyInit};
+use aes_gcm::aes::cipher::generic_array::GenericArray;
+use aes_gcm::aes::cipher::generic_array::sequence::Concat as _;
+use aes_gcm::aes::cipher::typenum::{U12, U16};
 use crate::{Result, Error};
 use crate::mac::MacVerified;
 use super::{CipherAlgo, CipherAlgoVariant, AeadCipherAlgo, AeadEncrypt, AeadDecrypt};

diff --git a/src/cipher/block.rs b/src/cipher/block.rs
@@ -1,5 +1,5 @@
-use cipher::{BlockEncryptMut, BlockDecryptMut, BlockCipher, KeyInit, InnerIvInit as _};
-use cipher::inout::InOutBuf;
+use aes::cipher::{self, BlockEncryptMut, BlockDecryptMut, BlockCipher, KeyInit, InnerIvInit as _};
+use aes::cipher::inout::InOutBuf;
 use super::{CipherAlgo, CipherAlgoVariant, StandardCipherAlgo, Encrypt, Decrypt};
 
 /// "aes128-cbc" cipher from RFC 4253.

diff --git a/src/cipher/chacha_poly.rs b/src/cipher/chacha_poly.rs
@@ -1,8 +1,7 @@
-use cipher::{KeyIvInit as _, StreamCipherCore as _};
-use cipher::generic_array::GenericArray;
-use cipher::inout::InOutBuf;
+use chacha20::cipher::{KeyIvInit as _, StreamCipherCore as _};
+use chacha20::cipher::generic_array::GenericArray;
+use chacha20::cipher::inout::InOutBuf;
 use poly1305::universal_hash::{NewUniversalHash as _};
-use subtle::ConstantTimeEq as _;
 use crate::{Result, Error};
 use crate::mac::MacVerified;
 use super::{CipherAlgo, CipherAlgoVariant, AeadCipherAlgo, AeadEncrypt, AeadDecrypt};
@@ -72,7 +71,8 @@ impl AeadDecrypt for ChachaPolyCipher {
         let poly = poly1305::Poly1305::new(poly_key);
         let poly_tag = poly.compute_unpadded(packet);
         let verified =
-            if poly_tag.ct_eq(&poly1305::Tag::new(*GenericArray::from_slice(tag))).into() {
+            // note that this is a constant-time comparison
+            if poly_tag == poly1305::Tag::new(*GenericArray::from_slice(tag)) {
                 MacVerified::assertion()
             } else {
                 return Err(Error::Mac)

diff --git a/src/cipher/stream.rs b/src/cipher/stream.rs
@@ -1,9 +1,9 @@
-use cipher::{
-    InnerIvInit as _, KeyInit, BlockSizeUser, BlockCipher,
+use aes::cipher::{
+    self, InnerIvInit as _, KeyInit, BlockSizeUser, BlockCipher,
     BlockEncrypt, StreamCipher as _, StreamCipherCore,
 };
-use cipher::consts::U256;
-use typenum::{IsLess, Le, NonZero};
+use aes::cipher::consts::U256;
+use aes::cipher::typenum::{IsLess, Le, NonZero};
 use super::{CipherAlgo, CipherAlgoVariant, StandardCipherAlgo, Encrypt, Decrypt};
 
 /// "aes128-ctr" cipher from RFC 4344.

diff --git a/src/kex/curve25519.rs b/src/kex/curve25519.rs
@@ -1,7 +1,6 @@
 use bytes::Bytes;
-use digest::Digest as _;
 use num_bigint_dig::BigUint;
-use sha2::Sha256;
+use sha2::digest::Digest as _;
 use std::task::Poll;
 use crate::codec::{PacketDecode, PacketEncode};
 use crate::codes::msg;
@@ -134,5 +133,5 @@ fn exchange(kex: &mut Curve25519Kex, input: KexInput) -> Result<KexOutput> {
 }
 
 fn compute_hash(data: &[u8]) -> Vec<u8> {
-    Sha256::digest(data).to_vec()
+    sha2::Sha256::digest(data).to_vec()
 }
diff --git a/src/kex/dh.rs b/src/kex/dh.rs
@@ -1,6 +1,5 @@
 use bytes::Bytes;
 use derivative::Derivative;
-use digest::Digest as _;
 use hex_literal::hex;
 use num_bigint_dig::{BigUint, RandBigInt as _};
 use std::task::Poll;
@@ -157,14 +156,17 @@ fn exchange(kex: &mut DiffieHellmanKex, input: KexInput) -> Result<KexOutput> {
 }
 
 fn compute_hash_sha1(data: &[u8]) -> Vec<u8> {
+    use sha1::digest::Digest as _;
     sha1::Sha1::digest(data).to_vec()
 }
 
 fn compute_hash_sha256(data: &[u8]) -> Vec<u8> {
+    use sha2::digest::Digest as _;
     sha2::Sha256::digest(data).to_vec()
 }
 
 fn compute_hash_sha512(data: &[u8]) -> Vec<u8> {
+    use sha2::digest::Digest as _;
     sha2::Sha512::digest(data).to_vec()
 }
 

diff --git a/src/mac/hmac.rs b/src/mac/hmac.rs
@@ -1,5 +1,5 @@
-use cipher::{KeySizeUser, KeyInit};
-use hmac::{digest, Hmac};
+use hmac::digest;
+use hmac::digest::crypto_common;
 use std::marker::PhantomData;
 use crate::error::{Result, Error};
 use super::{MacAlgo, MacAlgoVariant, Mac, MacVerified};
@@ -10,7 +10,7 @@ pub static HMAC_SHA2_256: MacAlgo = MacAlgo {
     tag_len: 32,
     key_len: 32,
     variant: MacAlgoVariant::EncryptAndMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha2::Sha256>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha2::Sha256>>::new(key)),
 };
 
 /// "hmac-sha2-512" MAC from RFC 6668.
@@ -19,7 +19,7 @@ pub static HMAC_SHA2_512: MacAlgo = MacAlgo {
     tag_len: 64,
     key_len: 64,
     variant: MacAlgoVariant::EncryptAndMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha2::Sha512>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha2::Sha512>>::new(key)),
 };
 
 /// "hmac-sha1" MAC from RFC 4253.
@@ -28,7 +28,7 @@ pub static HMAC_SHA1: MacAlgo = MacAlgo {
     tag_len: 20,
     key_len: 20,
     variant: MacAlgoVariant::EncryptAndMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha1::Sha1>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha1::Sha1>>::new(key)),
 };
 
 /// "hmac-sha2-256-etm@openssh.com" MAC from RFC 6668 in Encrypt-then-MAC variant.
@@ -37,7 +37,7 @@ pub static HMAC_SHA2_256_ETM: MacAlgo = MacAlgo {
     tag_len: 32,
     key_len: 32,
     variant: MacAlgoVariant::EncryptThenMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha2::Sha256>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha2::Sha256>>::new(key)),
 };
 
 /// "hmac-sha2-512-etm@openssh.com" MAC from RFC 6668 in Encrypt-then-MAC variant.
@@ -46,7 +46,7 @@ pub static HMAC_SHA2_512_ETM: MacAlgo = MacAlgo {
     tag_len: 64,
     key_len: 64,
     variant: MacAlgoVariant::EncryptThenMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha2::Sha512>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha2::Sha512>>::new(key)),
 };
 
 /// "hmac-sha1-etm@openssh.com" MAC from RFC 4253 in Encrypt-then-MAC variant.
@@ -55,7 +55,7 @@ pub static HMAC_SHA1_ETM: MacAlgo = MacAlgo {
     tag_len: 20,
     key_len: 20,
     variant: MacAlgoVariant::EncryptThenMac,
-    make_mac: |key| Box::new(HmacMac::<Hmac<sha1::Sha1>>::new(key)),
+    make_mac: |key| Box::new(HmacMac::<hmac::Hmac<sha1::Sha1>>::new(key)),
 };
 
 
@@ -64,15 +64,15 @@ struct HmacMac<M> {
     _phantom: PhantomData<M>,
 }
 
-impl<M: digest::Mac + KeySizeUser> HmacMac<M> {
+impl<M: hmac::Mac> HmacMac<M> {
     fn new(key: &[u8]) -> HmacMac<M> {
         HmacMac { key: key.into(), _phantom: PhantomData }
     }
 }
 
-impl<M: digest::Mac + KeySizeUser + KeyInit> Mac for HmacMac<M> {
+impl<M: hmac::Mac + crypto_common::KeyInit> Mac for HmacMac<M> {
     fn sign(&mut self, packet_seq: u32, data: &[u8], tag: &mut [u8]) {
-        let mut digest = <M as digest::Mac>::new_from_slice(&self.key).unwrap();
+        let mut digest = <M as hmac::Mac>::new_from_slice(&self.key).unwrap();
         digest.update(&packet_seq.to_be_bytes());
         digest.update(data);
         tag.copy_from_slice(&digest.finalize().into_bytes());

diff --git a/src/pubkey/ecdsa.rs b/src/pubkey/ecdsa.rs
@@ -1,8 +1,10 @@
 use bytes::Bytes;
-use digest::crypto_common;
 use ecdsa::elliptic_curve;
 use ecdsa::elliptic_curve::generic_array;
+use ecdsa::elliptic_curve::generic_array::typenum;
 use ecdsa::signature;
+use ecdsa::signature::digest;
+use ecdsa::signature::digest::crypto_common;
 use std::fmt;
 use num_bigint_dig::BigUint;
 use crate::codec::{PacketDecode, PacketEncode};
@@ -83,7 +85,7 @@ fn verify<C: Curve>(pubkey: &Pubkey, message: &[u8], signature: Bytes) -> Result
     }
 
     let to_field_bytes = |scalar: BigUint| -> Result<elliptic_curve::FieldBytes<C>> {
-        use typenum::Unsigned;
+        use typenum::Unsigned as _;
         let scalar = scalar.to_bytes_be();
         if scalar.len() <= elliptic_curve::FieldSize::<C>::to_usize() {
             let mut scalar_bytes = elliptic_curve::FieldBytes::<C>::default();

diff --git a/src/pubkey/rsa.rs b/src/pubkey/rsa.rs
@@ -1,6 +1,7 @@
 use bytes::Bytes;
 use guard::guard;
 use rsa::{PublicKey as _, PublicKeyParts as _};
+use sha1::digest;
 use std::fmt;
 use crate::codec::{PacketDecode, PacketEncode};
 use crate::error::{Result, Error};