From 98a1778ad62d61ac593bd22f729b1104cc90c709 Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Tue, 15 Oct 2024 00:04:52 -0400 Subject: [PATCH] Drop dependency on openssl --- .github/workflows/release.yml | 2 +- Cargo.lock | 257 +++++++++++++++++++++++----------- Cargo.toml | 6 +- src/key.rs | 18 +-- src/lib.rs | 15 +- 5 files changed, 193 insertions(+), 105 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 35a29c9..e86fe42 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: - name: build run: | cargo install cross --git https://github.com/cross-rs/cross - cross build --release --features vendored --target ${{ matrix.target }} + cross build --release --target ${{ matrix.target }} - uses: actions/upload-artifact@v3 with: name: ${{ matrix.target }} diff --git a/Cargo.lock b/Cargo.lock index c8e9331..23a63b7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -125,10 +125,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" [[package]] -name = "bitflags" -version = "2.6.0" +name = "block-buffer" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] [[package]] name = "bytes" @@ -136,15 +139,6 @@ version = "1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "428d9aa8fbc0670b7b8d6030a7fadd0f86151cae55e4dbbece15f3780a3dfaf3" -[[package]] -name = "cc" -version = "1.1.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16803a61b81d9eabb7eae2588776c4c1e584b738ede45fdbb4c972cec1e9945" -dependencies = [ - "shlex", -] - [[package]] name = "cfg-if" version = "1.0.0" @@ -203,6 +197,52 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +[[package]] +name = "cpufeatures" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote 1.0.37", + "syn 2.0.79", +] + [[package]] name = "der" version = "0.7.9" @@ -227,6 +267,40 @@ dependencies = [ "syn 2.0.79", ] +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + [[package]] name = "enum_index" version = "0.2.0" @@ -250,25 +324,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] -name = "flagset" -version = "0.4.6" +name = "fiat-crypto" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" +name = "flagset" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" [[package]] name = "futures" @@ -359,6 +424,27 @@ dependencies = [ "slab", ] +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + [[package]] name = "gimli" version = "0.31.1" @@ -523,54 +609,6 @@ version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" -[[package]] -name = "openssl" -version = "0.10.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" -dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote 1.0.37", - "syn 2.0.79", -] - -[[package]] -name = "openssl-src" -version = "300.3.2+3.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a211a18d945ef7e648cc6e0058f4c548ee46aab922ea203e0d30e966ea23647b" -dependencies = [ - "cc", -] - -[[package]] -name = "openssl-sys" -version = "0.9.103" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" -dependencies = [ - "cc", - "libc", - "openssl-src", - "pkg-config", - "vcpkg", -] - [[package]] name = "overload" version = "0.1.1" @@ -599,10 +637,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] -name = "pkg-config" -version = "0.3.31" +name = "pkcs8" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] [[package]] name = "proc-macro-crate" @@ -638,21 +680,31 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + [[package]] name = "ranet" version = "0.10.0" dependencies = [ "clap", "const-oid", + "ed25519-dalek", "futures", "hex", "indoc", "ipnet", - "openssl", "rsvici", "semver", "serde", "serde_json", + "sha2", "thiserror", "tokio", "tracing", @@ -727,6 +779,15 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "ryu" version = "1.0.18" @@ -784,6 +845,17 @@ dependencies = [ "serde", ] +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + [[package]] name = "sharded-slab" version = "0.1.7" @@ -794,10 +866,13 @@ dependencies = [ ] [[package]] -name = "shlex" -version = "1.3.0" +name = "signature" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "rand_core", +] [[package]] name = "slab" @@ -840,6 +915,12 @@ version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + [[package]] name = "syn" version = "0.11.11" @@ -1049,6 +1130,12 @@ dependencies = [ "tracing-log", ] +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + [[package]] name = "unicode-ident" version = "1.0.13" @@ -1074,10 +1161,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] -name = "vcpkg" -version = "0.2.15" +name = "version_check" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wasi" diff --git a/Cargo.toml b/Cargo.toml index 3343d4a..2809285 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,6 @@ serde = { version = "1", features = [ "derive" ] } serde_json = "1" rsvici = "*" clap = { version = "4", features = ["derive"] } -openssl = "*" hex = "*" ipnet = "*" semver = "*" @@ -20,9 +19,8 @@ tracing-subscriber = { version = "*", features = [ "env-filter" ] } futures = "*" const-oid = { version = "0.9.6", features = ["db"] } x509-cert = "0.2.5" - -[features] -vendored = ["openssl/vendored"] +ed25519-dalek = { version = "2.1.1", features = ["pkcs8", "pem"] } +sha2 = "0.10.8" [profile.release] lto = true diff --git a/src/key.rs b/src/key.rs index b83c48f..7132f62 100644 --- a/src/key.rs +++ b/src/key.rs @@ -1,10 +1,13 @@ -use openssl::error::ErrorStack; +use ed25519_dalek::{ + pkcs8::{DecodePrivateKey, EncodePublicKey, Error}, + SigningKey, +}; +use x509_cert::der::pem::LineEnding; - -pub fn private_key_to_public(pem: &[u8]) -> Result, ErrorStack> { - let private_key = openssl::pkey::PKey::private_key_from_pem(pem)?; - let public_key = private_key.public_key_to_pem()?; - Ok(public_key) +pub fn private_key_to_public(pem: &str) -> Result { + Ok(SigningKey::from_pkcs8_pem(pem)? + .verifying_key() + .to_public_key_pem(LineEnding::LF)?) } #[cfg(test)] @@ -19,7 +22,7 @@ mod test { -----END PRIVATE KEY----- "}; - let public_key = super::private_key_to_public(private_key.as_bytes()).unwrap(); + let public_key = super::private_key_to_public(private_key).unwrap(); assert_eq!( public_key, @@ -28,7 +31,6 @@ mod test { MCowBQYDK2VwAyEA29QaBk/rDPEAeC0nkc4agVCCCPh+D5eco9NoEX4CljU= -----END PUBLIC KEY----- "} - .as_bytes() ); } } diff --git a/src/lib.rs b/src/lib.rs index 9839691..bbd5f02 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,7 @@ use config::Config; -use openssl::sha::sha256; +use core::str; use registry::Registry; +use sha2::{Digest, Sha256}; use std::collections::HashSet; use tracing::{debug, debug_span, info, warn}; @@ -29,8 +30,8 @@ pub mod error { FromUtf8(#[from] FromUtf8Error), #[error("utf8 error")] Utf8(#[from] Utf8Error), - #[error("openssl error")] - Openssl(#[from] openssl::error::ErrorStack), + #[error("pkcs8 error")] + Openssl(#[from] ed25519_dalek::pkcs8::Error), #[error("serde json error")] Json(#[from] serde_json::Error), } @@ -52,8 +53,7 @@ pub async fn reconcile( debug!("loaded private key"); - let public_key = key::private_key_to_public(key)?; - let public_key = String::from_utf8(public_key)?; + let public_key = key::private_key_to_public(str::from_utf8(key)?)?; debug!("derived public key"); @@ -100,8 +100,9 @@ pub async fn reconcile( .unwrap(); let remote_addrs = address::remote(&remote.address_family, &remote.address); - let name = - hex::encode(sha256(format!("{}-{}", &local_id, &remote_id).as_bytes())); + let name = hex::encode(Sha256::digest( + format!("{}-{}", &local_id, &remote_id).as_bytes(), + )); desired.insert(name.clone()); let result = client .load_conn(