diff --git a/embassy-boot/boot/Cargo.toml b/embassy-boot/boot/Cargo.toml index dd2ff815..3c84ffcd 100644 --- a/embassy-boot/boot/Cargo.toml +++ b/embassy-boot/boot/Cargo.toml @@ -26,25 +26,22 @@ features = ["defmt"] defmt = { version = "0.3", optional = true } digest = "0.10" log = { version = "0.4", optional = true } -ed25519-dalek = { version = "1.0.1", default_features = false, features = ["u32_backend"], optional = true } +ed25519-dalek = { version = "2", default_features = false, features = ["digest"], optional = true } embassy-embedded-hal = { version = "0.1.0", path = "../../embassy-embedded-hal" } embassy-sync = { version = "0.5.0", path = "../../embassy-sync" } embedded-storage = "0.3.1" embedded-storage-async = { version = "0.4.1" } -salty = { git = "https://github.com/ycrypto/salty.git", rev = "a9f17911a5024698406b75c0fac56ab5ccf6a8c7", optional = true } -signature = { version = "1.6.4", default-features = false } +salty = { version = "0.3", optional = true } +signature = { version = "2.0", default-features = false } [dev-dependencies] log = "0.4" env_logger = "0.9" -rand = "0.7" # ed25519-dalek v1.0.1 depends on this exact version +rand = "0.8" futures = { version = "0.3", features = ["executor"] } sha1 = "0.10.5" critical-section = { version = "1.1.1", features = ["std"] } - -[dev-dependencies.ed25519-dalek] -default_features = false -features = ["rand", "std", "u32_backend"] +ed25519-dalek = { version = "2", default_features = false, features = ["std", "rand_core", "digest"] } [features] ed25519-dalek = ["dep:ed25519-dalek", "_verify"] diff --git a/embassy-boot/boot/src/digest_adapters/ed25519_dalek.rs b/embassy-boot/boot/src/digest_adapters/ed25519_dalek.rs index a184d1c5..2e4e03da 100644 --- a/embassy-boot/boot/src/digest_adapters/ed25519_dalek.rs +++ b/embassy-boot/boot/src/digest_adapters/ed25519_dalek.rs @@ -1,6 +1,6 @@ use digest::typenum::U64; use digest::{FixedOutput, HashMarker, OutputSizeUser, Update}; -use ed25519_dalek::Digest as _; +use ed25519_dalek::Digest; pub struct Sha512(ed25519_dalek::Sha512); @@ -12,7 +12,7 @@ impl Default for Sha512 { impl Update for Sha512 { fn update(&mut self, data: &[u8]) { - self.0.update(data) + Digest::update(&mut self.0, data) } } diff --git a/embassy-boot/boot/src/firmware_updater/asynch.rs b/embassy-boot/boot/src/firmware_updater/asynch.rs index d8d85c3d..64a4b32e 100644 --- a/embassy-boot/boot/src/firmware_updater/asynch.rs +++ b/embassy-boot/boot/src/firmware_updater/asynch.rs @@ -79,8 +79,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { #[cfg(feature = "_verify")] pub async fn verify_and_mark_updated( &mut self, - _public_key: &[u8], - _signature: &[u8], + _public_key: &[u8; 32], + _signature: &[u8; 64], _update_len: u32, ) -> Result<(), FirmwareUpdaterError> { assert!(_update_len <= self.dfu.capacity() as u32); @@ -89,14 +89,14 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { #[cfg(feature = "ed25519-dalek")] { - use ed25519_dalek::{PublicKey, Signature, SignatureError, Verifier}; + use ed25519_dalek::{Signature, SignatureError, Verifier, VerifyingKey}; use crate::digest_adapters::ed25519_dalek::Sha512; let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into()); - let public_key = PublicKey::from_bytes(_public_key).map_err(into_signature_error)?; - let signature = Signature::from_bytes(_signature).map_err(into_signature_error)?; + let public_key = VerifyingKey::from_bytes(_public_key).map_err(into_signature_error)?; + let signature = Signature::from_bytes(_signature); let mut chunk_buf = [0; 2]; let mut message = [0; 64]; @@ -106,7 +106,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { } #[cfg(feature = "ed25519-salty")] { - use salty::constants::{PUBLICKEY_SERIALIZED_LENGTH, SIGNATURE_SERIALIZED_LENGTH}; use salty::{PublicKey, Signature}; use crate::digest_adapters::salty::Sha512; @@ -115,10 +114,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { FirmwareUpdaterError::Signature(signature::Error::default()) } - let public_key: [u8; PUBLICKEY_SERIALIZED_LENGTH] = _public_key.try_into().map_err(into_signature_error)?; - let public_key = PublicKey::try_from(&public_key).map_err(into_signature_error)?; - let signature: [u8; SIGNATURE_SERIALIZED_LENGTH] = _signature.try_into().map_err(into_signature_error)?; - let signature = Signature::try_from(&signature).map_err(into_signature_error)?; + let public_key = PublicKey::try_from(_public_key).map_err(into_signature_error)?; + let signature = Signature::try_from(_signature).map_err(into_signature_error)?; let mut message = [0; 64]; let mut chunk_buf = [0; 2]; diff --git a/embassy-boot/boot/src/firmware_updater/blocking.rs b/embassy-boot/boot/src/firmware_updater/blocking.rs index c4c14216..f1368540 100644 --- a/embassy-boot/boot/src/firmware_updater/blocking.rs +++ b/embassy-boot/boot/src/firmware_updater/blocking.rs @@ -86,8 +86,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> #[cfg(feature = "_verify")] pub fn verify_and_mark_updated( &mut self, - _public_key: &[u8], - _signature: &[u8], + _public_key: &[u8; 32], + _signature: &[u8; 64], _update_len: u32, ) -> Result<(), FirmwareUpdaterError> { assert!(_update_len <= self.dfu.capacity() as u32); @@ -96,14 +96,14 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> #[cfg(feature = "ed25519-dalek")] { - use ed25519_dalek::{PublicKey, Signature, SignatureError, Verifier}; + use ed25519_dalek::{Signature, SignatureError, Verifier, VerifyingKey}; use crate::digest_adapters::ed25519_dalek::Sha512; let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into()); - let public_key = PublicKey::from_bytes(_public_key).map_err(into_signature_error)?; - let signature = Signature::from_bytes(_signature).map_err(into_signature_error)?; + let public_key = VerifyingKey::from_bytes(_public_key).map_err(into_signature_error)?; + let signature = Signature::from_bytes(_signature); let mut message = [0; 64]; let mut chunk_buf = [0; 2]; @@ -113,7 +113,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> } #[cfg(feature = "ed25519-salty")] { - use salty::constants::{PUBLICKEY_SERIALIZED_LENGTH, SIGNATURE_SERIALIZED_LENGTH}; use salty::{PublicKey, Signature}; use crate::digest_adapters::salty::Sha512; @@ -122,10 +121,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> FirmwareUpdaterError::Signature(signature::Error::default()) } - let public_key: [u8; PUBLICKEY_SERIALIZED_LENGTH] = _public_key.try_into().map_err(into_signature_error)?; - let public_key = PublicKey::try_from(&public_key).map_err(into_signature_error)?; - let signature: [u8; SIGNATURE_SERIALIZED_LENGTH] = _signature.try_into().map_err(into_signature_error)?; - let signature = Signature::try_from(&signature).map_err(into_signature_error)?; + let public_key = PublicKey::try_from(_public_key).map_err(into_signature_error)?; + let signature = Signature::try_from(_signature).map_err(into_signature_error)?; let mut message = [0; 64]; let mut chunk_buf = [0; 2]; diff --git a/embassy-boot/boot/src/lib.rs b/embassy-boot/boot/src/lib.rs index 15b69f69..b4f03e01 100644 --- a/embassy-boot/boot/src/lib.rs +++ b/embassy-boot/boot/src/lib.rs @@ -275,21 +275,19 @@ mod tests { // The following key setup is based on: // https://docs.rs/ed25519-dalek/latest/ed25519_dalek/#example - use ed25519_dalek::Keypair; + use ed25519_dalek::{Digest, Sha512, Signature, Signer, SigningKey, VerifyingKey}; use rand::rngs::OsRng; let mut csprng = OsRng {}; - let keypair: Keypair = Keypair::generate(&mut csprng); + let keypair = SigningKey::generate(&mut csprng); - use ed25519_dalek::{Digest, Sha512, Signature, Signer}; let firmware: &[u8] = b"This are bytes that would otherwise be firmware bytes for DFU."; let mut digest = Sha512::new(); digest.update(&firmware); let message = digest.finalize(); let signature: Signature = keypair.sign(&message); - use ed25519_dalek::PublicKey; - let public_key: PublicKey = keypair.public; + let public_key = keypair.verifying_key(); // Setup flash let flash = BlockingTestFlash::new(BootLoaderConfig {