From c500c80b3410912c4d88e5d75bf038cde17a4d73 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 3 Mar 2024 14:05:38 +0800
Subject: [PATCH] Use published dalek crate

Uses ~120 bytes more stack. Can be replaced once PR is merged
https://github.com/dalek-cryptography/curve25519-dalek/pull/556
---
 Cargo.lock  | 24 ++++++++++++++----------
 Cargo.toml  | 12 ++++--------
 src/sign.rs | 53 +++++++++++++++++++++++++++++++++++------------------
 3 files changed, 53 insertions(+), 36 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 43f2ced..d34511d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -516,8 +516,9 @@ dependencies = [
 
 [[package]]
 name = "curve25519-dalek"
-version = "4.0.0"
-source = "git+https://github.com/mkj/curve25519-dalek?branch=sunset#e4d2869ade3a2e511d54293a74e28be1d6125bdd"
+version = "4.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -532,8 +533,9 @@ dependencies = [
 
 [[package]]
 name = "curve25519-dalek-derive"
-version = "0.1.0"
-source = "git+https://github.com/mkj/curve25519-dalek?branch=sunset#e4d2869ade3a2e511d54293a74e28be1d6125bdd"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -746,8 +748,9 @@ dependencies = [
 
 [[package]]
 name = "ed25519-dalek"
-version = "2.0.0-rc.3"
-source = "git+https://github.com/mkj/curve25519-dalek?branch=sunset#e4d2869ade3a2e511d54293a74e28be1d6125bdd"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
 dependencies = [
  "curve25519-dalek",
  "ed25519",
@@ -1219,9 +1222,9 @@ dependencies = [
 
 [[package]]
 name = "fiat-crypto"
-version = "0.1.20"
+version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
+checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382"
 
 [[package]]
 name = "fixed"
@@ -3347,8 +3350,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
 
 [[package]]
 name = "x25519-dalek"
-version = "2.0.0-rc.3"
-source = "git+https://github.com/mkj/curve25519-dalek?branch=sunset#e4d2869ade3a2e511d54293a74e28be1d6125bdd"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"
 dependencies = [
  "curve25519-dalek",
  "rand_core",
diff --git a/Cargo.toml b/Cargo.toml
index 570f11e..9fe0df9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -79,14 +79,10 @@ anyhow = { version = "1.0" }
 pretty-hex = "0.4"
 simplelog = { version = "0.12", features = ["test"] }
 
-
-[patch.crates-io]
-curve25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
-ed25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
-x25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
-# curve25519-dalek = { path = "/home/matt/3rd/rs/crypto/curve25519-dalek/curve25519-dalek" }
-# ed25519-dalek = { path = "/home/matt/3rd/rs/crypto/curve25519-dalek/ed25519-dalek" }
-# x25519-dalek = { path = "/home/matt/3rd/rs/crypto/curve25519-dalek/x25519-dalek" }
+#[patch.crates-io]
+#curve25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
+#ed25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
+#x25519-dalek = { git = "https://github.com/mkj/curve25519-dalek", branch = "sunset" }
 
 # these are mostly applicable to picow, but can't hurt generally
 [profile.dev]
diff --git a/src/sign.rs b/src/sign.rs
index 4c26bd7..3443d5b 100644
--- a/src/sign.rs
+++ b/src/sign.rs
@@ -21,6 +21,11 @@ use core::mem::discriminant;
 
 use digest::Digest;
 
+// TODO remove once we use byupdate.
+// signatures are for hostkey (32 byte sessiid) or pubkey (auth packet || sessid).
+// we assume a max 40 character username here.
+const MAX_SIG_MSG: usize = 1+4+40+4+14+4+9+1+4+SSH_NAME_CURVE25519_LIBSSH.len()+4+32+32;
+
 // RSA requires alloc.
 #[cfg(feature = "rsa")]
 use packets::RSAPubKey;
@@ -108,14 +113,20 @@ impl SigType {
 
         let s: &[u8; 64] = s.sig.0.try_into().map_err(|_| Error::BadSig)?;
         let s: dalek::Signature = s.into();
-        dalek::hazmat::raw_verify_byupdate(
-            &k,
-            |h: &mut sha2::Sha512| {
-                sshwire::hash_ser(h, msg).map_err(|_| dalek::SignatureError::new())
-            },
-            &s,
-        )
-        .map_err(|_| Error::BadSig)
+        // TODO: pending merge of https://github.com/dalek-cryptography/curve25519-dalek/pull/556
+        // In the interim we use a fixed buffer.
+        // dalek::hazmat::raw_verify_byupdate(
+        //     &k,
+        //     |h: &mut sha2::Sha512| {
+        //         sshwire::hash_ser(h, msg).map_err(|_| dalek::SignatureError::new())
+        //     },
+        //     &s,
+        // )
+        // .map_err(|_| Error::BadSig)
+        let mut buf = [0; MAX_SIG_MSG];
+        let l = sshwire::write_ssh(&mut buf, msg)?;
+        let buf = &buf[..l];
+        k.verify(buf, &s).map_err(|_| Error::BadSig)
     }
 
     #[cfg(feature = "rsa")]
@@ -300,16 +311,22 @@ impl SignKey {
     pub(crate) fn sign(&self, msg: &impl SSHEncode) -> Result<OwnedSig> {
         let sig: OwnedSig = match self {
             SignKey::Ed25519(k) => {
-                let exk: dalek::hazmat::ExpandedSecretKey = (&k.to_bytes()).into();
-                let sig = dalek::hazmat::raw_sign_byupdate(
-                    &exk,
-                    |h: &mut sha2::Sha512| {
-                        sshwire::hash_ser(h, msg)
-                            .map_err(|_| dalek::SignatureError::new())
-                    },
-                    &k.verifying_key(),
-                )
-                .trap()?;
+                // TODO: pending merge of https://github.com/dalek-cryptography/curve25519-dalek/pull/556
+                // let exk: dalek::hazmat::ExpandedSecretKey = (&k.to_bytes()).into();
+                // let sig = dalek::hazmat::raw_sign_byupdate(
+                //     &exk,
+                //     |h: &mut sha2::Sha512| {
+                //         sshwire::hash_ser(h, msg)
+                //             .map_err(|_| dalek::SignatureError::new())
+                //     },
+                //     &k.verifying_key(),
+                // )
+                // .trap()?;
+                let mut buf = [0; MAX_SIG_MSG];
+                let l = sshwire::write_ssh(&mut buf, msg)?;
+                let buf = &buf[..l];
+                let sig = k.sign(buf);
+
                 OwnedSig::Ed25519(sig.to_bytes())
             }
 
-- 
GitLab