Upgrade dependencies

Signed-off-by: Mathias Hall-Andersen <mathias@hall-andersen.dk>

4 files changed, 34 insertions, 30 deletions

diff --git a/src/wireguard/handshake/device.rs b/src/wireguard/handshake/device.rs
index d71f351..47ca401 100644
--- a/src/wireguard/handshake/device.rs
+++ b/src/wireguard/handshake/device.rs
@@ -8,8 +8,8 @@ use dashmap::mapref::entry::Entry;
 use dashmap::DashMap;
 use zerocopy::AsBytes;
 
-use rand::prelude::{CryptoRng, RngCore};
 use rand::Rng;
+use rand_core::{CryptoRng, RngCore};
 
 use clear_on_drop::clear::Clear;
 
diff --git a/src/wireguard/handshake/macs.rs b/src/wireguard/handshake/macs.rs
index cb5d7d4..8d79c5e 100644
--- a/src/wireguard/handshake/macs.rs
+++ b/src/wireguard/handshake/macs.rs
@@ -1,5 +1,5 @@
 use generic_array::GenericArray;
-use rand::{CryptoRng, RngCore};
+use rand_core::{CryptoRng, RngCore};
 use spin::RwLock;
 use std::time::{Duration, Instant};
 
@@ -8,6 +8,7 @@ use std::net::SocketAddr;
 use x25519_dalek::PublicKey;
 
 // AEAD
+
 use aead::{Aead, NewAead, Payload};
 use chacha20poly1305::XChaCha20Poly1305;
 
@@ -33,30 +34,29 @@ macro_rules! HASH {
         use blake2::Digest;
         let mut hsh = Blake2s::new();
         $(
-            hsh.input($input);
+            hsh.update($input);
         )*
-        hsh.result()
+        hsh.finalize()
     }};
 }
 
 macro_rules! MAC {
     ( $key:expr, $($input:expr),* ) => {{
         use blake2::VarBlake2s;
-        use digest::Input;
-        use digest::VariableOutput;
+        use blake2::digest::{Update, VariableOutput};
         let mut tag = [0u8; SIZE_MAC];
         let mut mac = VarBlake2s::new_keyed($key, SIZE_MAC);
         $(
-            mac.input($input);
+            mac.update($input);
         )*
-        mac.variable_result(|buf| tag.copy_from_slice(buf));
+        mac.finalize_variable(|buf| tag.copy_from_slice(buf));
         tag
     }};
 }
 
 macro_rules! XSEAL {
     ($key:expr, $nonce:expr, $ad:expr, $pt:expr, $ct:expr) => {{
-        let ct = XChaCha20Poly1305::new(*GenericArray::from_slice($key))
+        let ct = XChaCha20Poly1305::new(GenericArray::from_slice($key))
             .encrypt(
                 GenericArray::from_slice($nonce),
                 Payload { msg: $pt, aad: $ad },
@@ -70,7 +70,7 @@ macro_rules! XSEAL {
 macro_rules! XOPEN {
     ($key:expr, $nonce:expr, $ad:expr, $pt:expr, $ct:expr) => {{
         debug_assert_eq!($ct.len(), $pt.len() + SIZE_TAG);
-        XChaCha20Poly1305::new(*GenericArray::from_slice($key))
+        XChaCha20Poly1305::new(GenericArray::from_slice($key))
             .decrypt(
                 GenericArray::from_slice($nonce),
                 Payload { msg: $ct, aad: $ad },
diff --git a/src/wireguard/handshake/noise.rs b/src/wireguard/handshake/noise.rs
index 475b159..92c8c5f 100644
--- a/src/wireguard/handshake/noise.rs
+++ b/src/wireguard/handshake/noise.rs
@@ -11,13 +11,13 @@ use hmac::Hmac;
 use aead::{Aead, NewAead, Payload};
 use chacha20poly1305::ChaCha20Poly1305;
 
-use rand::prelude::{CryptoRng, RngCore};
+use rand_core::{CryptoRng, RngCore};
 
 use generic_array::typenum::*;
 use generic_array::*;
 
 use clear_on_drop::clear::Clear;
-use clear_on_drop::clear_stack_on_return;
+use clear_on_drop::clear_stack_on_return_fnonce;
 
 use subtle::ConstantTimeEq;
 
@@ -63,20 +63,20 @@ macro_rules! HASH {
         use blake2::Digest;
         let mut hsh = Blake2s::new();
         $(
-            hsh.input($input);
+            hsh.update($input);
         )*
-        hsh.result()
+        hsh.finalize()
     }};
 }
 
 macro_rules! HMAC {
     ($key:expr, $($input:expr),*) => {{
-        use hmac::Mac;
+        use hmac::{Mac, NewMac};
         let mut mac = HMACBlake2s::new_varkey($key).unwrap();
         $(
-            mac.input($input);
+            mac.update($input);
         )*
-        mac.result().code()
+        mac.finalize().into_bytes()
     }};
 }
 
@@ -112,7 +112,7 @@ macro_rules! KDF3 {
 
 macro_rules! SEAL {
     ($key:expr, $ad:expr, $pt:expr, $ct:expr) => {
-        ChaCha20Poly1305::new(*GenericArray::from_slice($key))
+        ChaCha20Poly1305::new(GenericArray::from_slice($key))
             .encrypt(&ZERO_NONCE.into(), Payload { msg: $pt, aad: $ad })
             .map(|ct| $ct.copy_from_slice(&ct))
             .unwrap()
@@ -121,7 +121,7 @@ macro_rules! SEAL {
 
 macro_rules! OPEN {
     ($key:expr, $ad:expr, $pt:expr, $ct:expr) => {
-        ChaCha20Poly1305::new(*GenericArray::from_slice($key))
+        ChaCha20Poly1305::new(GenericArray::from_slice($key))
             .decrypt(&ZERO_NONCE.into(), Payload { msg: $ct, aad: $ad })
             .map_err(|_| HandshakeError::DecryptionFailure)
             .map(|pt| $pt.copy_from_slice(&pt))
@@ -242,7 +242,7 @@ pub(super) fn create_initiation<R: RngCore + CryptoRng, O>(
         return Err(HandshakeError::InvalidSharedSecret);
     }
 
-    clear_stack_on_return(CLEAR_PAGES, || {
+    clear_stack_on_return_fnonce(CLEAR_PAGES, || {
         // initialize state
 
         let ck = INITIAL_CK;
@@ -323,7 +323,7 @@ pub(super) fn consume_initiation<'a, O>(
 ) -> Result<(&'a Peer<O>, PublicKey, TemporaryState), HandshakeError> {
     log::debug!("consume initiation");
 
-    clear_stack_on_return(CLEAR_PAGES, || {
+    clear_stack_on_return_fnonce(CLEAR_PAGES, || {
         // initialize new state
 
         let ck = INITIAL_CK;
@@ -412,7 +412,7 @@ pub(super) fn create_response<R: RngCore + CryptoRng, O>(
     msg: &mut NoiseResponse, // resulting response
 ) -> Result<KeyPair, HandshakeError> {
     log::debug!("create response");
-    clear_stack_on_return(CLEAR_PAGES, || {
+    clear_stack_on_return_fnonce(CLEAR_PAGES, || {
         // unpack state
 
         let (receiver, eph_r_pk, hs, ck) = state;
@@ -497,7 +497,7 @@ pub(super) fn consume_response<'a, O>(
     msg: &NoiseResponse,
 ) -> Result<Output<'a, O>, HandshakeError> {
     log::debug!("consume response");
-    clear_stack_on_return(CLEAR_PAGES, || {
+    clear_stack_on_return_fnonce(CLEAR_PAGES, || {
         // retrieve peer and copy initiation state
         let (peer, _) = device.lookup_id(msg.f_receiver.get())?;
 
diff --git a/src/wireguard/handshake/tests.rs b/src/wireguard/handshake/tests.rs
index 5174d2e..35ff152 100644
--- a/src/wireguard/handshake/tests.rs
+++ b/src/wireguard/handshake/tests.rs
@@ -6,8 +6,8 @@ use std::time::Duration;
 
 use hex;
 
-use rand::prelude::{CryptoRng, RngCore};
 use rand::rngs::OsRng;
+use rand_core::{CryptoRng, RngCore};
 
 use x25519_dalek::PublicKey;
 use x25519_dalek::StaticSecret;
@@ -15,20 +15,22 @@ use x25519_dalek::StaticSecret;
 use super::messages::{Initiation, Response};
 
 fn setup_devices<R: RngCore + CryptoRng, O: Default>(
-    rng: &mut R,
+    rng1: &mut R,
+    rng2: &mut R,
+    rng3: &mut R,
 ) -> (PublicKey, Device<O>, PublicKey, Device<O>) {
     // generate new key pairs
 
-    let sk1 = StaticSecret::new(rng);
+    let sk1 = StaticSecret::new(rng1);
     let pk1 = PublicKey::from(&sk1);
 
-    let sk2 = StaticSecret::new(rng);
+    let sk2 = StaticSecret::new(rng2);
     let pk2 = PublicKey::from(&sk2);
 
     // pick random psk
 
     let mut psk = [0u8; 32];
-    rng.fill_bytes(&mut psk[..]);
+    rng3.fill_bytes(&mut psk[..]);
 
     // initialize devices on both ends
 
@@ -63,7 +65,8 @@ fn wait() {
  */
 #[test]
 fn handshake_under_load() {
-    let (_pk1, dev1, pk2, dev2): (_, Device<usize>, _, _) = setup_devices(&mut OsRng);
+    let (_pk1, dev1, pk2, dev2): (_, Device<usize>, _, _) =
+        setup_devices(&mut OsRng, &mut OsRng, &mut OsRng);
 
     let src1: SocketAddr = "172.16.0.1:8080".parse().unwrap();
     let src2: SocketAddr = "172.16.0.2:7070".parse().unwrap();
@@ -140,7 +143,8 @@ fn handshake_under_load() {
 
 #[test]
 fn handshake_no_load() {
-    let (pk1, mut dev1, pk2, mut dev2): (_, Device<usize>, _, _) = setup_devices(&mut OsRng);
+    let (pk1, mut dev1, pk2, mut dev2): (_, Device<usize>, _, _) =
+        setup_devices(&mut OsRng, &mut OsRng, &mut OsRng);
 
     // do a few handshakes (every handshake should succeed)