update ring to 0.14 (#10262)

* cargo upgrade hyper-rustls --all

* cargo upgrade parity-crypto --all

* update Cargo.lock

* propagate NonZeroU32

* use NonZeroU32::new_unchecked for crypto::KEY_ITERATIONS

* update Cargo.lock

* replace unsafe code with lazy_static

Author: Andronik Ordian

Cargo.lock

@@ -80,6 +80,7 @@ pretty_assertions = "0.1"
 ipnetwork = "0.12.6"
 tempdir = "0.3"
 fake-fetch = { path = "util/fake-fetch" }
+lazy_static = "1.2.0"
 
 [target.'cfg(windows)'.dependencies]
 winapi = { version = "0.3.4", features = ["winsock2", "winuser", "shellapi"] }

Cargo.toml

@@ -6,7 +6,7 @@ authors = ["Parity Technologies <[email protected]>"]
 [dependencies]
 byteorder = "1.0"
 edit-distance = "2.0"
-parity-crypto = "0.2"
+parity-crypto = "0.3.0"
 eth-secp256k1 = { git = "https://github.com/paritytech/rust-secp256k1" }
 ethereum-types = "0.4"
 lazy_static = "1.0"

accounts/ethkey/Cargo.toml

@@ -16,12 +16,13 @@ tiny-keccak = "1.4"
 time = "0.1.34"
 itertools = "0.5"
 parking_lot = "0.7"
-parity-crypto = "0.2"
+parity-crypto = "0.3.0"
 ethereum-types = "0.4"
 dir = { path = "../../util/dir" }
 smallvec = "0.6"
 parity-wordlist = "1.0"
 tempdir = "0.3"
+lazy_static = "1.2.0"
 
 [dev-dependencies]
 matches = "0.1"

accounts/ethstore/Cargo.toml

@@ -15,6 +15,7 @@
 // along with Parity Ethereum.  If not, see <http://www.gnu.org/licenses/>.
 
 use std::str;
+use std::num::NonZeroU32;
 use ethkey::{Password, Secret};
 use {json, Error, crypto};
 use crypto::Keccak256;
@@ -73,12 +74,12 @@ impl From<Crypto> for String {
 
 impl Crypto {
 	/// Encrypt account secret
-	pub fn with_secret(secret: &Secret, password: &Password, iterations: u32) -> Result<Self, crypto::Error> {
+	pub fn with_secret(secret: &Secret, password: &Password, iterations: NonZeroU32) -> Result<Self, crypto::Error> {
 		Crypto::with_plain(&*secret, password, iterations)
 	}
 
 	/// Encrypt custom plain data
-	pub fn with_plain(plain: &[u8], password: &Password, iterations: u32) -> Result<Self, crypto::Error> {
+	pub fn with_plain(plain: &[u8], password: &Password, iterations: NonZeroU32) -> Result<Self, crypto::Error> {
 		let salt: [u8; 32] = Random::random();
 		let iv: [u8; 16] = Random::random();
 
@@ -159,29 +160,33 @@ impl Crypto {
 #[cfg(test)]
 mod tests {
 	use ethkey::{Generator, Random};
-	use super::{Crypto, Error};
+	use super::{Crypto, Error, NonZeroU32};
+
+	lazy_static! {
+		static ref ITERATIONS: NonZeroU32 = NonZeroU32::new(10240).expect("10240 > 0; qed");
+	}
 
 	#[test]
 	fn crypto_with_secret_create() {
 		let keypair = Random.generate().unwrap();
 		let passwd = "this is sparta".into();
-		let crypto = Crypto::with_secret(keypair.secret(), &passwd, 10240).unwrap();
+		let crypto = Crypto::with_secret(keypair.secret(), &passwd, *ITERATIONS).unwrap();
 		let secret = crypto.secret(&passwd).unwrap();
 		assert_eq!(keypair.secret(), &secret);
 	}
 
 	#[test]
 	fn crypto_with_secret_invalid_password() {
 		let keypair = Random.generate().unwrap();
-		let crypto = Crypto::with_secret(keypair.secret(), &"this is sparta".into(), 10240).unwrap();
+		let crypto = Crypto::with_secret(keypair.secret(), &"this is sparta".into(), *ITERATIONS).unwrap();
 		assert_matches!(crypto.secret(&"this is sparta!".into()), Err(Error::InvalidPassword))
 	}
 
 	#[test]
 	fn crypto_with_null_plain_data() {
 		let original_data = b"";
 		let passwd = "this is sparta".into();
-		let crypto = Crypto::with_plain(&original_data[..], &passwd, 10240).unwrap();
+		let crypto = Crypto::with_plain(&original_data[..], &passwd, *ITERATIONS).unwrap();
 		let decrypted_data = crypto.decrypt(&passwd).unwrap();
 		assert_eq!(original_data[..], *decrypted_data);
 	}
@@ -190,7 +195,7 @@ mod tests {
 	fn crypto_with_tiny_plain_data() {
 		let original_data = b"{}";
 		let passwd = "this is sparta".into();
-		let crypto = Crypto::with_plain(&original_data[..], &passwd, 10240).unwrap();
+		let crypto = Crypto::with_plain(&original_data[..], &passwd, *ITERATIONS).unwrap();
 		let decrypted_data = crypto.decrypt(&passwd).unwrap();
 		assert_eq!(original_data[..], *decrypted_data);
 	}
@@ -199,7 +204,7 @@ mod tests {
 	fn crypto_with_huge_plain_data() {
 		let original_data: Vec<_> = (1..65536).map(|i| (i % 256) as u8).collect();
 		let passwd = "this is sparta".into();
-		let crypto = Crypto::with_plain(&original_data, &passwd, 10240).unwrap();
+		let crypto = Crypto::with_plain(&original_data, &passwd, *ITERATIONS).unwrap();
 		let decrypted_data = crypto.decrypt(&passwd).unwrap();
 		assert_eq!(&original_data, &decrypted_data);
 	}

accounts/ethstore/src/account/crypto.rs

@@ -15,6 +15,7 @@
 // along with Parity Ethereum.  If not, see <http://www.gnu.org/licenses/>.
 
 use json;
+use std::num::NonZeroU32;
 
 #[derive(Debug, PartialEq, Clone)]
 pub enum Prf {
@@ -23,7 +24,7 @@ pub enum Prf {
 
 #[derive(Debug, PartialEq, Clone)]
 pub struct Pbkdf2 {
-	pub c: u32,
+	pub c: NonZeroU32,
 	pub dklen: u32,
 	pub prf: Prf,
 	pub salt: Vec<u8>,

accounts/ethstore/src/account/kdf.rs

@@ -20,6 +20,7 @@ use {json, Error};
 use account::Version;
 use crypto;
 use super::crypto::Crypto;
+use std::num::NonZeroU32;
 
 /// Account representation.
 #[derive(Debug, PartialEq, Clone)]
@@ -59,7 +60,7 @@ impl SafeAccount {
 		keypair: &KeyPair,
 		id: [u8; 16],
 		password: &Password,
-		iterations: u32,
+		iterations: NonZeroU32,
 		name: String,
 		meta: String
 	) -> Result<Self, crypto::Error> {
@@ -135,7 +136,7 @@ impl SafeAccount {
 	}
 
 	/// Create a new `VaultKeyFile` from the given `self`
-	pub fn into_vault_file(self, iterations: u32, password: &Password) -> Result<json::VaultKeyFile, Error> {
+	pub fn into_vault_file(self, iterations: NonZeroU32, password: &Password) -> Result<json::VaultKeyFile, Error> {
 		let meta_plain = json::VaultKeyMeta {
 			address: self.address.into(),
 			name: Some(self.name),
@@ -177,7 +178,7 @@ impl SafeAccount {
 	}
 
 	/// Change account's password.
-	pub fn change_password(&self, old_password: &Password, new_password: &Password, iterations: u32) -> Result<Self, Error> {
+	pub fn change_password(&self, old_password: &Password, new_password: &Password, iterations: NonZeroU32) -> Result<Self, Error> {
 		let secret = self.crypto.secret(old_password)?;
 		let result = SafeAccount {
 			id: self.id.clone(),
@@ -200,14 +201,19 @@ impl SafeAccount {
 #[cfg(test)]
 mod tests {
 	use ethkey::{Generator, Random, verify_public, Message};
-	use super::SafeAccount;
+	use super::{SafeAccount, NonZeroU32};
+
+	lazy_static! {
+		static ref ITERATIONS: NonZeroU32 = NonZeroU32::new(10240).expect("10240 > 0; qed");
+	}
+
 
 	#[test]
 	fn sign_and_verify_public() {
 		let keypair = Random.generate().unwrap();
 		let password = "hello world".into();
 		let message = Message::default();
-		let account = SafeAccount::create(&keypair, [0u8; 16], &password, 10240, "Test".to_owned(), "{}".to_owned());
+		let account = SafeAccount::create(&keypair, [0u8; 16], &password, *ITERATIONS, "Test".to_owned(), "{}".to_owned());
 		let signature = account.unwrap().sign(&password, &message).unwrap();
 		assert!(verify_public(keypair.public(), &signature, &message).unwrap());
 	}
@@ -217,10 +223,9 @@ mod tests {
 		let keypair = Random.generate().unwrap();
 		let first_password = "hello world".into();
 		let sec_password = "this is sparta".into();
-		let i = 10240;
 		let message = Message::default();
-		let account = SafeAccount::create(&keypair, [0u8; 16], &first_password, i, "Test".to_owned(), "{}".to_owned()).unwrap();
-		let new_account = account.change_password(&first_password, &sec_password, i).unwrap();
+		let account = SafeAccount::create(&keypair, [0u8; 16], &first_password, *ITERATIONS, "Test".to_owned(), "{}".to_owned()).unwrap();
+		let new_account = account.change_password(&first_password, &sec_password, *ITERATIONS).unwrap();
 		assert!(account.sign(&first_password, &message).is_ok());
 		assert!(account.sign(&sec_password, &message).is_err());
 		assert!(new_account.sign(&first_password, &message).is_err());

accounts/ethstore/src/account/safe_account.rs

@@ -356,11 +356,16 @@ mod test {
 	extern crate tempdir;
 
 	use std::{env, fs};
+	use std::num::NonZeroU32;
 	use super::{KeyDirectory, RootDiskDirectory, VaultKey};
 	use account::SafeAccount;
 	use ethkey::{Random, Generator};
 	use self::tempdir::TempDir;
 
+	lazy_static! {
+		static ref ITERATIONS: NonZeroU32 = NonZeroU32::new(1024).expect("1024 > 0; qed");
+	}
+
 	#[test]
 	fn should_create_new_account() {
 		// given
@@ -371,7 +376,7 @@ mod test {
 		let directory = RootDiskDirectory::create(dir.clone()).unwrap();
 
 		// when
-		let account = SafeAccount::create(&keypair, [0u8; 16], &password, 1024, "Test".to_owned(), "{}".to_owned());
+		let account = SafeAccount::create(&keypair, [0u8; 16], &password, *ITERATIONS, "Test".to_owned(), "{}".to_owned());
 		let res = directory.insert(account.unwrap());
 
 		// then
@@ -392,7 +397,7 @@ mod test {
 		let directory = RootDiskDirectory::create(dir.clone()).unwrap();
 
 		// when
-		let account = SafeAccount::create(&keypair, [0u8; 16], &password, 1024, "Test".to_owned(), "{}".to_owned()).unwrap();
+		let account = SafeAccount::create(&keypair, [0u8; 16], &password, *ITERATIONS, "Test".to_owned(), "{}".to_owned()).unwrap();
 		let filename = "test".to_string();
 		let dedup = true;
 
@@ -428,15 +433,15 @@ mod test {
 
 		// and when
 		let before_root_items_count = fs::read_dir(&dir).unwrap().count();
-		let vault = directory.as_vault_provider().unwrap().create(vault_name, VaultKey::new(&password, 1024));
+		let vault = directory.as_vault_provider().unwrap().create(vault_name, VaultKey::new(&password, *ITERATIONS));
 
 		// then
 		assert!(vault.is_ok());
 		let after_root_items_count = fs::read_dir(&dir).unwrap().count();
 		assert!(after_root_items_count > before_root_items_count);
 
 		// and when
-		let vault = directory.as_vault_provider().unwrap().open(vault_name, VaultKey::new(&password, 1024));
+		let vault = directory.as_vault_provider().unwrap().open(vault_name, VaultKey::new(&password, *ITERATIONS));
 
 		// then
 		assert!(vault.is_ok());
@@ -453,8 +458,9 @@ mod test {
 		let temp_path = TempDir::new("").unwrap();
 		let directory = RootDiskDirectory::create(&temp_path).unwrap();
 		let vault_provider = directory.as_vault_provider().unwrap();
-		vault_provider.create("vault1", VaultKey::new(&"password1".into(), 1)).unwrap();
-		vault_provider.create("vault2", VaultKey::new(&"password2".into(), 1)).unwrap();
+		let iter = NonZeroU32::new(1).expect("1 > 0; qed");
+		vault_provider.create("vault1", VaultKey::new(&"password1".into(), iter)).unwrap();
+		vault_provider.create("vault2", VaultKey::new(&"password2".into(), iter)).unwrap();
 
 		// then
 		let vaults = vault_provider.list_vaults().unwrap();
@@ -476,7 +482,7 @@ mod test {
 
 		let keypair = Random.generate().unwrap();
 		let password = "test pass".into();
-		let account = SafeAccount::create(&keypair, [0u8; 16], &password, 1024, "Test".to_owned(), "{}".to_owned());
+		let account = SafeAccount::create(&keypair, [0u8; 16], &password, *ITERATIONS, "Test".to_owned(), "{}".to_owned());
 		directory.insert(account.unwrap()).expect("Account should be inserted ok");
 
 		let new_hash = directory.files_hash().expect("New files hash should be calculated ok");

accounts/ethstore/src/accounts_dir/disk.rs

@@ -17,6 +17,7 @@
 //! Accounts Directory
 
 use ethkey::Password;
+use std::num::NonZeroU32;
 use std::path::{PathBuf};
 use {SafeAccount, Error};
 
@@ -41,7 +42,7 @@ pub struct VaultKey {
 	/// Vault password
 	pub password: Password,
 	/// Number of iterations to produce a derived key from password
-	pub iterations: u32,
+	pub iterations: NonZeroU32,
 }
 
 /// Keys directory
@@ -96,7 +97,7 @@ pub use self::vault::VaultDiskDirectory;
 
 impl VaultKey {
 	/// Create new vault key
-	pub fn new(password: &Password, iterations: u32) -> Self {
+	pub fn new(password: &Password, iterations: NonZeroU32) -> Self {
 		VaultKey {
 			password: password.clone(),
 			iterations: iterations,

accounts/ethstore/src/accounts_dir/mod.rs

@@ -282,11 +282,17 @@ mod test {
 
 	use std::fs;
 	use std::io::Write;
+	use std::num::NonZeroU32;
 	use std::path::PathBuf;
 	use super::VaultKey;
 	use super::{VAULT_FILE_NAME, check_vault_name, make_vault_dir_path, create_vault_file, read_vault_file, VaultDiskDirectory};
 	use self::tempdir::TempDir;
 
+	
+	lazy_static! {
+		static ref ITERATIONS: NonZeroU32 = NonZeroU32::new(1024).expect("1024 > 0; qed");
+	}
+
 	#[test]
 	fn check_vault_name_succeeds() {
 		assert!(check_vault_name("vault"));
@@ -325,7 +331,7 @@ mod test {
 	fn create_vault_file_succeeds() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password".into(), 1024);
+		let key = VaultKey::new(&"password".into(), *ITERATIONS);
 		let mut vault_dir: PathBuf = temp_path.path().into();
 		vault_dir.push("vault");
 		fs::create_dir_all(&vault_dir).unwrap();
@@ -344,7 +350,7 @@ mod test {
 	fn read_vault_file_succeeds() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password".into(), 1024);
+		let key = VaultKey::new(&"password".into(), *ITERATIONS);
 		let vault_file_contents = r#"{"crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"758696c8dc6378ab9b25bb42790da2f5"},"ciphertext":"54eb50683717d41caaeb12ea969f2c159daada5907383f26f327606a37dc7168","kdf":"pbkdf2","kdfparams":{"c":1024,"dklen":32,"prf":"hmac-sha256","salt":"3c320fa566a1a7963ac8df68a19548d27c8f40bf92ef87c84594dcd5bbc402b6"},"mac":"9e5c2314c2a0781962db85611417c614bd6756666b6b1e93840f5b6ed895f003"}}"#;
 		let dir: PathBuf = temp_path.path().into();
 		let mut vault_file_path: PathBuf = dir.clone();
@@ -365,7 +371,7 @@ mod test {
 	fn read_vault_file_fails() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password1".into(), 1024);
+		let key = VaultKey::new(&"password1".into(), *ITERATIONS);
 		let dir: PathBuf = temp_path.path().into();
 		let mut vault_file_path: PathBuf = dir.clone();
 		vault_file_path.push(VAULT_FILE_NAME);
@@ -394,7 +400,7 @@ mod test {
 	fn vault_directory_can_be_created() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password".into(), 1024);
+		let key = VaultKey::new(&"password".into(), *ITERATIONS);
 		let dir: PathBuf = temp_path.path().into();
 
 		// when
@@ -414,7 +420,7 @@ mod test {
 	fn vault_directory_cannot_be_created_if_already_exists() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password".into(), 1024);
+		let key = VaultKey::new(&"password".into(), *ITERATIONS);
 		let dir: PathBuf = temp_path.path().into();
 		let mut vault_dir = dir.clone();
 		vault_dir.push("vault");
@@ -431,7 +437,7 @@ mod test {
 	fn vault_directory_cannot_be_opened_if_not_exists() {
 		// given
 		let temp_path = TempDir::new("").unwrap();
-		let key = VaultKey::new(&"password".into(), 1024);
+		let key = VaultKey::new(&"password".into(), *ITERATIONS);
 		let dir: PathBuf = temp_path.path().into();
 
 		// when