phayes · jalil-salame · Oct 1, 2024 · Oct 1, 2024
diff --git a/Cargo.toml b/Cargo.toml
@@ -11,25 +11,25 @@ repository = "https://github.com/phayes/ecies-ed25519"
 readme = "README.md"
 
 [dependencies]
-rand = "0.7.3"
-curve25519-dalek = "3.1.0"
-thiserror = "1.0.24"
+rand = "0.8.5"
+curve25519-dalek = { version = "4.1.3", features = ["legacy_compatibility"] }
+thiserror = "1.0.64"
 hex = "0.4.3"
-zeroize = "1.3.0"
+zeroize = "1.8.1"
 # "serde" feature
-serde = { version = "1.0.125", optional = true }
+serde = { version = "1.0.210", optional = true }
 # "ring" feature
-ring = { version = "0.16.20", optional = true, features = [] }
+ring = { version = "0.17.8", optional = true, features = [] }
 # "pure_rust" feature
-aes-gcm = { version = "0.8.0", optional = true }
-sha2 = { version = "0.9.3", optional = true }
-digest = { version = "0.9.0", optional = true }
-hkdf = { version = "0.10.0", optional = true }
+aes-gcm = { version = "0.10.3", optional = true }
+sha2 = { version = "0.10.8", optional = true }
+digest = { version = "0.10.7", optional = true }
+hkdf = { version = "0.12.4", optional = true }
 
 [features]
 default = ["pure_rust"]
 pure_rust = ["aes-gcm", "sha2", "digest", "hkdf"]
 
 [dev-dependencies]
-serde_json = "1.0.64"
-serde_cbor = "0.11.1"
+serde_json = "1.0.128"
+serde_cbor = "0.11.2"
diff --git a/src/keys.rs b/src/keys.rs
@@ -134,11 +134,8 @@ impl PublicKey {
     /// Will return None if the bytes are invalid
     #[inline]
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
-        if bytes.len() != PUBLIC_KEY_LENGTH {
-            return Err(Error::InvalidPublicKeyBytes);
-        }
-
-        let point = CompressedEdwardsY::from_slice(bytes);
+        let point =
+            CompressedEdwardsY::from_slice(bytes).map_err(|_| Error::InvalidPublicKeyBytes)?;
 
         if point.decompress().is_none() {
             return Err(Error::InvalidPublicKeyBytes);
@@ -148,15 +145,16 @@ impl PublicKey {
 
     /// Derive a public key from a private key
     pub fn from_secret(sk: &SecretKey) -> Self {
-        let point = &Scalar::from_bits(sk.to_bytes()) * &constants::ED25519_BASEPOINT_TABLE;
+        #[allow(deprecated)]
+        let point = &Scalar::from_bits(sk.to_bytes()) * constants::ED25519_BASEPOINT_TABLE;
         PublicKey(point.compress())
     }
 
     /// Get the Edwards Point for this public key
     pub fn to_point(&self) -> EdwardsPoint {
-        CompressedEdwardsY::from_slice(self.0.as_bytes())
+        self.0
             .decompress()
-            .expect("ecies-ed25519: unexpect error decompressing public key")
+            .expect("ecies-ed25519: unexpected error decompressing public key")
     }
 }
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -82,7 +82,7 @@ pub fn encrypt<R: CryptoRng + RngCore>(
 ) -> Result<Vec<u8>, Error> {
     let (ephemeral_sk, ephemeral_pk) = generate_keypair(rng);
 
-    let aes_key = encapsulate(&ephemeral_sk, &receiver_pub);
+    let aes_key = encapsulate(&ephemeral_sk, receiver_pub);
     let encrypted = aes_encrypt(&aes_key, msg, rng)?;
 
     let mut cipher_text = Vec::with_capacity(PUBLIC_KEY_LENGTH + encrypted.len());
@@ -100,7 +100,7 @@ pub fn decrypt(receiver_sec: &SecretKey, ciphertext: &[u8]) -> Result<Vec<u8>, E
 
     let ephemeral_pk = PublicKey::from_bytes(&ciphertext[..PUBLIC_KEY_LENGTH])?;
     let encrypted = &ciphertext[PUBLIC_KEY_LENGTH..];
-    let aes_key = decapsulate(&receiver_sec, &ephemeral_pk);
+    let aes_key = decapsulate(receiver_sec, &ephemeral_pk);
 
     let decrypted = aes_decrypt(&aes_key, encrypted).map_err(|_| Error::DecryptionFailed)?;
 
@@ -109,6 +109,7 @@ pub fn decrypt(receiver_sec: &SecretKey, ciphertext: &[u8]) -> Result<Vec<u8>, E
 
 fn generate_shared(secret: &SecretKey, public: &PublicKey) -> SharedSecret {
     let public = public.to_point();
+    #[allow(deprecated)]
     let secret = Scalar::from_bits(secret.to_bytes());
     let shared_point = public * secret;
     let shared_point_compressed = shared_point.compress();
@@ -222,7 +223,7 @@ pub mod tests {
 
         // Test bad secret key
         let bad_secret = SecretKey::generate(&mut thread_rng());
-        assert!(aes_decrypt(&bad_secret.as_bytes(), &encrypted).is_err());
+        assert!(aes_decrypt(bad_secret.as_bytes(), &encrypted).is_err());
     }
 
     #[test]
@@ -257,10 +258,10 @@ pub mod tests {
 
     #[test]
     fn test_aes_interop() {
-        let mut test_rng = rand::rngs::StdRng::from_seed([0u8; 32]);
-
-        let mut key = [0u8; 32];
-        test_rng.fill_bytes(&mut key);
+        let key = [
+            118, 184, 224, 173, 160, 241, 61, 144, 64, 93, 106, 229, 83, 134, 189, 40, 189, 210,
+            25, 184, 160, 141, 237, 26, 168, 54, 239, 204, 139, 119, 13, 199,
+        ];
 
         let plaintext = b"ABC";
 
@@ -275,9 +276,10 @@ pub mod tests {
 
     #[test]
     fn test_ecies_ed25519_interop() {
-        let mut test_rng = rand::rngs::StdRng::from_seed([0u8; 32]);
-
-        let (peer_sk, _peer_pk) = generate_keypair(&mut test_rng);
+        let peer_sk = SecretKey([
+            118, 184, 224, 173, 160, 241, 61, 144, 64, 93, 106, 229, 83, 134, 189, 40, 189, 210,
+            25, 184, 160, 141, 237, 26, 168, 54, 239, 204, 139, 119, 13, 199,
+        ]);
 
         let plaintext = b"ABC";
         let known_encrypted: Vec<u8> = vec![
@@ -397,8 +399,8 @@ pub mod tests {
         assert_eq!(public.as_bytes(), deserialized_public.as_bytes());
 
         // Test errors - mangle some bits and confirm it doesn't work:
-        let mut serialized_public = serde_cbor::to_vec(&public).unwrap();
-        serialized_public[6] = 120;
+        let mut serialized_public = serialized_public;
+        serialized_public[6] ^= 0xFF;
         assert!(serde_cbor::from_slice::<PublicKey>(&serialized_public).is_err());
     }
 }
diff --git a/src/pure_rust_backend.rs b/src/pure_rust_backend.rs
@@ -1,4 +1,4 @@
-use aes_gcm::aead::{self, generic_array::GenericArray, Aead, NewAead};
+use aes_gcm::aead::{self, generic_array::GenericArray, Aead, KeyInit};
 use aes_gcm::Aes256Gcm;
 use hkdf::Hkdf;
 use rand::{CryptoRng, RngCore};