Upgrade dalek crates to new stable versions. (#993)

deny.toml

@@ -21,6 +21,7 @@
 # list here is effectively saying which targets you are building for.
 targets = [
     { triple = "x86_64-unknown-linux-gnu" },
+    { triple = "aarch64-unknown-linux-gnu" },
     { triple = "wasm32-unknown-unknown" }
     # The triple can be any string, but only the target triples built in to
     # rustc (as of 1.40) can be checked against actual config expressions
@@ -135,7 +136,7 @@ allow = [
     "BSD-3-Clause",
     "Apache-2.0 WITH LLVM-exception",
     "Unicode-DFS-2016",
-    "MPL-2.0"
+    # "MPL-2.0"
 ]
 # List of explicitly disallowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
@@ -273,14 +274,6 @@ skip = [
 # dependencies starting at the specified crate, up to a certain depth, which is
 # by default infinite.
 skip-tree = [
-    # while we're waiting for dalek to go to 2.0 we have
-    # duplicates of a whole lot of ECC dependencies due
-    # to k256
-    { name = "block-buffer", version = "=0.9.0" },
-    { name = "sha2", version = "=0.9.9" },
-    { name = "signature", version = "=1.6.4" },
-    { name = "rand_core", version = "=0.5.1"},
-    { name = "digest", version = "=0.9.0" }
 ]
 
 # This section is considered when running `cargo deny check sources`.

soroban-env-host/Cargo.toml

@@ -16,14 +16,14 @@ soroban-env-common = { workspace = true, features = ["std", "wasmi"] }
 stellar-strkey = { workspace = true }
 wasmi = { workspace = true }
 static_assertions = "1.1.0"
-sha2 = "0.9.0"
-ed25519-dalek = "1.0.1"
+sha2 = "0.10.0"
+ed25519-dalek = {version = "2.0.0", features = ["rand_core"] }
 # NB: this must match the same curve25519 version used by ed25519-dalek above
-curve25519-dalek = "3.0.0"
+curve25519-dalek = "4.0.0"
 # NB: this must match the same rand version used by ed25519-dalek above
-rand = "0.7.3"
+rand = "0.8.5"
 # NB: this must match the same rand_chacha version used by ed25519-dalek above
-rand_chacha = "0.2.2"
+rand_chacha = "0.3.1"
 hex = "0.4.3"
 num-traits = "0.2.15"
 num-integer = "0.1.45"

soroban-env-host/src/auth.rs

@@ -1409,7 +1409,7 @@ impl AccountAuthorizationTracker {
             false
         };
         let nonce = if !is_invoker {
-            let random_nonce: i64 = rand::thread_rng().gen_range(0, i64::MAX);
+            let random_nonce: i64 = rand::thread_rng().gen_range(0..=i64::MAX);
             host.consume_nonce(address, random_nonce, 0)?;
             Some((random_nonce, 0))
         } else {

soroban-env-host/src/cost_runner/cost_types/compute_ed25519_pubkey.rs

@@ -1,6 +1,6 @@
 use std::hint::black_box;
 
-use ed25519_dalek::PublicKey;
+use ed25519_dalek::VerifyingKey;
 
 use crate::{cost_runner::CostRunner, xdr::ContractCostType};
 
@@ -11,7 +11,7 @@ impl CostRunner for ComputeEd25519PubKeyRun {
 
     type SampleType = Vec<u8>;
 
-    type RecycledType = (Option<PublicKey>, Vec<u8>);
+    type RecycledType = (Option<VerifyingKey>, Vec<u8>);
 
     fn run_iter(host: &crate::Host, _iter: u64, sample: Self::SampleType) -> Self::RecycledType {
         let pk = black_box(

soroban-env-host/src/cost_runner/cost_types/verify_ed25519_sig.rs

@@ -1,13 +1,13 @@
 use std::hint::black_box;
 
 use crate::{cost_runner::CostRunner, xdr::ContractCostType};
-use ed25519_dalek::{PublicKey, Signature};
+use ed25519_dalek::{Signature, VerifyingKey};
 
 pub struct VerifyEd25519SigRun;
 
 #[derive(Clone)]
 pub struct VerifyEd25519SigSample {
-    pub key: PublicKey,
+    pub key: VerifyingKey,
     pub msg: Vec<u8>,
     pub sig: Signature,
 }

soroban-env-host/src/host/crypto.rs

@@ -1,7 +1,7 @@
 use crate::{
     err,
     xdr::{ContractCostType, Hash, ScBytes, ScErrorCode, ScErrorType},
-    BytesObject, Host, HostError, U32Val,
+    BytesObject, Host, HostError, U32Val, Val,
 };
 use sha2::Sha256;
 use sha3::Keccak256;
@@ -28,9 +28,17 @@ impl Host {
     pub(crate) fn ed25519_pub_key_from_bytes(
         &self,
         bytes: &[u8],
-    ) -> Result<ed25519_dalek::PublicKey, HostError> {
+    ) -> Result<ed25519_dalek::VerifyingKey, HostError> {
         self.charge_budget(ContractCostType::ComputeEd25519PubKey, None)?;
-        ed25519_dalek::PublicKey::from_bytes(bytes).map_err(|_| {
+        let vk_bytes = bytes.try_into().map_err(|_| {
+            self.err(
+                ScErrorType::Crypto,
+                ScErrorCode::InvalidInput,
+                "invalid length of ed25519 public key",
+                &[Val::from_u32(bytes.len() as u32).into()],
+            )
+        })?;
+        ed25519_dalek::VerifyingKey::from_bytes(vk_bytes).map_err(|_| {
             err!(
                 self,
                 (ScErrorType::Crypto, ScErrorCode::InvalidInput),
@@ -43,7 +51,7 @@ impl Host {
     pub fn ed25519_pub_key_from_bytesobj_input(
         &self,
         k: BytesObject,
-    ) -> Result<ed25519_dalek::PublicKey, HostError> {
+    ) -> Result<ed25519_dalek::VerifyingKey, HostError> {
         self.visit_obj(k, |bytes: &ScBytes| {
             self.ed25519_pub_key_from_bytes(bytes.as_slice())
         })
@@ -52,7 +60,7 @@ impl Host {
     pub(crate) fn verify_sig_ed25519_internal(
         &self,
         payload: &[u8],
-        public_key: &ed25519_dalek::PublicKey,
+        public_key: &ed25519_dalek::VerifyingKey,
         sig: &ed25519_dalek::Signature,
     ) -> Result<(), HostError> {
         let _span = tracy_span!("ed25519 verify");

soroban-env-host/src/native_contract/testutils.rs

@@ -1,5 +1,5 @@
 use crate::{Host, LedgerInfo};
-use ed25519_dalek::{Keypair, Signer};
+use ed25519_dalek::{Signer, SigningKey};
 use rand::{thread_rng, Rng};
 use soroban_env_common::xdr::{
     AccountEntry, AccountEntryExt, AccountEntryExtensionV1, AccountEntryExtensionV1Ext,
@@ -28,13 +28,13 @@ macro_rules! host_vec {
     };
 }
 
-pub(crate) fn generate_keypair() -> Keypair {
-    Keypair::generate(&mut thread_rng())
+pub(crate) fn generate_signing_key() -> SigningKey {
+    SigningKey::generate(&mut thread_rng())
 }
 
-pub(crate) fn keypair_to_account_id(key: &Keypair) -> AccountId {
+pub(crate) fn signing_key_to_account_id(key: &SigningKey) -> AccountId {
     AccountId(PublicKey::PublicKeyTypeEd25519(Uint256(
-        key.public.to_bytes(),
+        key.verifying_key().to_bytes(),
     )))
 }
 
@@ -73,22 +73,22 @@ pub(crate) struct AccountContractSigner<'a> {
 
 pub(crate) struct AccountSigner<'a> {
     pub(crate) account_id: AccountId,
-    pub(crate) signers: Vec<&'a Keypair>,
+    pub(crate) signers: Vec<&'a SigningKey>,
 }
 
 impl<'a> TestSigner<'a> {
-    pub(crate) fn account(kp: &'a Keypair) -> Self {
+    pub(crate) fn account(kp: &'a SigningKey) -> Self {
         TestSigner::Account(AccountSigner {
-            account_id: keypair_to_account_id(kp),
+            account_id: signing_key_to_account_id(kp),
             signers: vec![kp],
         })
     }
 
     pub(crate) fn account_with_multisig(
         account_id: &AccountId,
-        mut signers: Vec<&'a Keypair>,
+        mut signers: Vec<&'a SigningKey>,
     ) -> Self {
-        signers.sort_by_key(|k| k.public.as_bytes());
+        signers.sort_by_key(|k| k.verifying_key().as_bytes().clone());
         TestSigner::Account(AccountSigner {
             account_id: account_id.clone(),
             signers,
@@ -202,7 +202,7 @@ pub(crate) fn authorize_single_invocation(
     let nonce = match signer {
         TestSigner::AccountInvoker(_) => None,
         TestSigner::Account(_) | TestSigner::AccountContract(_) => {
-            Some((thread_rng().gen_range(0, i64::MAX), 10000))
+            Some((thread_rng().gen_range(0..=i64::MAX), 10000))
         }
         TestSigner::ContractInvoker(_) => {
             return;
@@ -220,14 +220,14 @@ pub(crate) fn authorize_single_invocation(
 
 pub(crate) fn sign_payload_for_account(
     host: &Host,
-    signer: &Keypair,
+    signer: &SigningKey,
     payload: &[u8],
 ) -> AccountEd25519Signature {
     AccountEd25519Signature {
         public_key: BytesN::<32>::try_from_val(
             host,
             &host
-                .bytes_new_from_slice(&signer.public.to_bytes())
+                .bytes_new_from_slice(&signer.verifying_key().to_bytes())
                 .unwrap(),
         )
         .unwrap(),
@@ -244,7 +244,7 @@ pub(crate) fn sign_payload_for_account(
 #[allow(dead_code)]
 pub(crate) fn sign_payload_for_ed25519(
     host: &Host,
-    signer: &Keypair,
+    signer: &SigningKey,
     payload: &[u8],
 ) -> BytesN<64> {
     BytesN::<64>::try_from_val(
@@ -260,7 +260,7 @@ pub(crate) fn sign_payload_for_ed25519(
 pub(crate) fn create_account(
     host: &Host,
     account_id: &AccountId,
-    signers: Vec<(&Keypair, u32)>,
+    signers: Vec<(&SigningKey, u32)>,
     balance: i64,
     num_sub_entries: u32,
     thresholds: [u8; 4],
@@ -278,7 +278,7 @@ pub(crate) fn create_account(
     let mut acc_signers = vec![];
     for (signer, weight) in signers {
         acc_signers.push(soroban_env_common::xdr::Signer {
-            key: SignerKey::Ed25519(Uint256(signer.public.to_bytes())),
+            key: SignerKey::Ed25519(Uint256(signer.verifying_key().to_bytes())),
             weight,
         });
     }

soroban-env-host/src/test/auth.rs

@@ -1,4 +1,4 @@
-use ed25519_dalek::Keypair;
+use ed25519_dalek::SigningKey;
 use rand::{thread_rng, Rng};
 use soroban_env_common::xdr::{
     AccountId, ContractDataDurability, HashIdPreimage, HashIdPreimageSorobanAuthorization,
@@ -13,7 +13,7 @@ use crate::auth::RecordedAuthPayload;
 use crate::budget::AsBudget;
 use crate::native_contract::base_types::Address;
 use crate::native_contract::testutils::{
-    create_account, generate_keypair, sign_payload_for_account,
+    create_account, generate_signing_key, sign_payload_for_account, signing_key_to_account_id,
 };
 use crate::{host_vec, Host, LedgerInfo};
 use soroban_env_common::{AddressObject, Env, Symbol, SymbolStr, TryFromVal, TryIntoVal};
@@ -30,7 +30,7 @@ pub struct ContractTreeNode {
 
 struct AuthTest {
     host: Host,
-    keys: Vec<Keypair>,
+    keys: Vec<SigningKey>,
     contracts: Vec<Address>,
     last_nonces: Vec<Vec<i64>>,
 }
@@ -99,15 +99,13 @@ impl AuthTest {
         .unwrap();
         let mut accounts = vec![];
         for _ in 0..signer_cnt {
-            accounts.push(generate_keypair());
+            accounts.push(generate_signing_key());
         }
-        for account in &accounts {
+        for signing_key in &accounts {
             create_account(
                 &host,
-                &AccountId(PublicKey::PublicKeyTypeEd25519(Uint256(
-                    account.public.to_bytes(),
-                ))),
-                vec![(&account, 1)],
+                &signing_key_to_account_id(signing_key),
+                vec![(&signing_key, 1)],
                 100_000_000,
                 1,
                 [1, 0, 0, 0],
@@ -169,7 +167,7 @@ impl AuthTest {
             let sc_address = self.key_to_sc_address(&self.keys[address_id]);
             let mut curr_nonces = vec![];
             for sign_root in &sign_payloads[address_id] {
-                let nonce = thread_rng().gen_range(0, i64::MAX);
+                let nonce = thread_rng().gen_range(0..=i64::MAX);
                 curr_nonces.push(nonce);
                 let root_invocation = self.convert_sign_node(sign_root);
                 let payload_preimage =
@@ -264,13 +262,13 @@ impl AuthTest {
         self.host.get_recorded_auth_payloads().unwrap()
     }
 
-    fn key_to_sc_address(&self, key: &Keypair) -> ScAddress {
+    fn key_to_sc_address(&self, key: &SigningKey) -> ScAddress {
         ScAddress::Account(AccountId(PublicKey::PublicKeyTypeEd25519(Uint256(
-            key.public.to_bytes(),
+            key.verifying_key().to_bytes(),
         ))))
     }
 
-    fn key_to_address(&self, key: &Keypair) -> AddressObject {
+    fn key_to_address(&self, key: &SigningKey) -> AddressObject {
         let sc_address = self.key_to_sc_address(key);
         self.host.add_host_object(sc_address).unwrap()
     }