From 7d6da7179b63b8b77dc30da5d66f918c3de3980f Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Thu, 5 Apr 2018 23:22:30 +0200 Subject: [PATCH] Crypto: replace ocaml-tweetnacl with ocaml-hacl --- src/lib_client_base/client_keys.ml | 3 +- src/lib_client_base/client_keys.mli | 2 +- .../client_signer_encrypted.ml | 6 +- src/lib_crypto/crypto_box.ml | 108 ++++++++------- src/lib_crypto/crypto_box.mli | 25 +--- src/lib_crypto/ed25519.ml | 126 +++++++++++------- src/lib_crypto/ed25519.mli | 9 -- src/lib_crypto/jbuild | 2 +- src/lib_crypto/rand.ml | 4 +- src/lib_crypto/s.ml | 2 +- src/lib_crypto/secp256k1.ml | 6 +- src/lib_crypto/signature.ml | 16 +-- src/lib_crypto/signature.mli | 2 +- src/lib_crypto/test/test_ed25519.ml | 6 +- src/lib_crypto/tezos-crypto.opam | 2 +- 15 files changed, 164 insertions(+), 155 deletions(-) diff --git a/src/lib_client_base/client_keys.ml b/src/lib_client_base/client_keys.ml index b96e293eb..2f9c387e7 100644 --- a/src/lib_client_base/client_keys.ml +++ b/src/lib_client_base/client_keys.ml @@ -207,9 +207,8 @@ let gen_keys_containing ?(prefix=false) ?(force=false) ~containing ~name (cctxt (fun key -> try ignore (Re.Str.search_forward re key 0); true with Not_found -> false) in let rec loop attempts = - let seed = Ed25519.Seed.generate () in let public_key_hash, public_key, secret_key = - Signature.generate_key ~seed () in + Signature.generate_key () in let hash = Signature.Public_key_hash.to_b58check @@ Signature.Public_key.hash public_key in if matches hash diff --git a/src/lib_client_base/client_keys.mli b/src/lib_client_base/client_keys.mli index 54214891c..d40e4247f 100644 --- a/src/lib_client_base/client_keys.mli +++ b/src/lib_client_base/client_keys.mli @@ -113,7 +113,7 @@ val append : val gen_keys : ?force:bool -> ?algo:Signature.algo -> - ?seed:Ed25519.Seed.t -> + ?seed:MBytes.t -> #Client_context.io_wallet -> string -> unit tzresult Lwt.t val register_key : diff --git a/src/lib_client_base_unix/client_signer_encrypted.ml b/src/lib_client_base_unix/client_signer_encrypted.ml index b81b4b260..db98a0db2 100644 --- a/src/lib_client_base_unix/client_signer_encrypted.ml +++ b/src/lib_client_base_unix/client_signer_encrypted.ml @@ -46,7 +46,7 @@ module Encrypted_signer : SIGNER = struct let rec decrypt_sk sk salt = function | [] -> None | password :: pws -> - let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in + let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in match Crypto_box.Secretbox.box_open key sk nonce with | None -> decrypt_sk sk salt pws | Some sk -> Some sk @@ -63,7 +63,7 @@ module Encrypted_signer : SIGNER = struct cctxt#prompt_password "Enter password for encrypted key %s: " name >>= fun password -> let password = MBytes.of_string password in let key = pbkdf ~salt ~password in - let key = Crypto_box.Secretbox.of_bytes_exn key in + let key = Crypto_box.Secretbox.unsafe_of_bytes key in match Crypto_box.Secretbox.box_open key skenc nonce with | None -> passwd_ask_loop cctxt ~name ~salt ~skenc | Some decrypted_sk -> @@ -111,7 +111,7 @@ module Encrypted_signer : SIGNER = struct input_new_passphrase cctxt >>=? fun password -> let password = MBytes.of_string password in let salt = Rand.generate salt_len in - let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in + let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in let msg = Data_encoding.Binary.to_bytes Signature.Secret_key.encoding sk in let encrypted_passwd = Crypto_box.Secretbox.box key msg nonce in let payload = MBytes.(to_string (concat "" [salt; encrypted_passwd])) in diff --git a/src/lib_crypto/crypto_box.ml b/src/lib_crypto/crypto_box.ml index 12fb6c41e..221ba7910 100644 --- a/src/lib_crypto/crypto_box.ml +++ b/src/lib_crypto/crypto_box.ml @@ -9,26 +9,36 @@ (** Tezos - X25519/XSalsa20-Poly1305 cryptography *) -open Tweetnacl +open Hacl -type secret_key = Box.secret Box.key -type public_key = Box.public Box.key +type secret_key = secret Box.key +type public_key = public Box.key type channel_key = Box.combined Box.key -type nonce = Nonce.t +type nonce = Bigstring.t type target = Z.t module Secretbox = struct include Secretbox - - let box key msg nonce = box ~key ~msg ~nonce - - let box_open key cmsg nonce = box_open ~key ~cmsg ~nonce - let box_noalloc key nonce msg = - box_noalloc ~key ~nonce ~msg + box ~key ~nonce ~msg ~cmsg:msg let box_open_noalloc key nonce cmsg = - box_open_noalloc ~key ~nonce ~cmsg + box_open ~key ~nonce ~cmsg ~msg:cmsg + + let box key msg nonce = + let msglen = MBytes.length msg in + let cmsg = MBytes.create (msglen + zerobytes) in + MBytes.fill cmsg '\x00' ; + MBytes.blit msg 0 cmsg zerobytes msglen ; + box ~key ~nonce ~msg:cmsg ~cmsg ; + cmsg + + let box_open key cmsg nonce = + let cmsglen = MBytes.length cmsg in + let msg = MBytes.create cmsglen in + match box_open ~key ~nonce ~cmsg ~msg with + | false -> None + | true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes)) end module Public_key_hash = Blake2B.Make (Base58) (struct @@ -42,7 +52,7 @@ let () = Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30 let hash pk = - Public_key_hash.hash_bytes [Box.to_bytes pk] + Public_key_hash.hash_bytes [Box.unsafe_to_bytes pk] let zerobytes = Box.zerobytes let boxzerobytes = Box.boxzerobytes @@ -51,33 +61,32 @@ let random_keypair () = let pk, sk = Box.keypair () in sk, pk, hash pk -let zero_nonce = Tweetnacl.Nonce.(of_bytes_exn (MBytes.make bytes '\x00')) +let zero_nonce = MBytes.make Nonce.bytes '\x00' let random_nonce = Nonce.gen let increment_nonce = Nonce.increment -let box sk pk msg nonce = Box.box ~sk ~pk ~msg ~nonce - -let box_open sk pk cmsg nonce = Box.box_open ~sk ~pk ~cmsg ~nonce - -let box_noalloc sk pk nonce msg = - Box.box_noalloc ~sk ~pk ~nonce ~msg - -let box_open_noalloc sk pk nonce cmsg = - Box.box_open_noalloc ~sk ~pk ~nonce ~cmsg - -let precompute sk pk = Box.combine pk sk - -let fast_box k msg nonce = - Box.box_combined ~k ~msg ~nonce - -let fast_box_open k cmsg nonce = - Box.box_open_combined ~k ~cmsg ~nonce +let precompute sk pk = Box.dh pk sk let fast_box_noalloc k nonce msg = - Box.box_combined_noalloc ~k ~nonce ~msg + Box.box ~k ~nonce ~msg ~cmsg:msg let fast_box_open_noalloc k nonce cmsg = - Box.box_open_combined_noalloc ~k ~nonce ~cmsg + Box.box_open ~k ~nonce ~cmsg ~msg:cmsg + +let fast_box k msg nonce = + let msglen = MBytes.length msg in + let cmsg = MBytes.create (msglen + zerobytes) in + MBytes.fill cmsg '\x00' ; + MBytes.blit msg 0 cmsg zerobytes msglen ; + Box.box ~k ~nonce ~msg:cmsg ~cmsg ; + cmsg + +let fast_box_open k cmsg nonce = + let cmsglen = MBytes.length cmsg in + let msg = MBytes.create cmsglen in + match Box.box_open ~k ~nonce ~cmsg ~msg with + | false -> None + | true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes)) let compare_target hash target = let hash = Z.of_bits (Blake2B.to_string hash) in @@ -106,8 +115,8 @@ let default_target = make_target 24. let check_proof_of_work pk nonce target = let hash = Blake2B.hash_bytes [ - Box.to_bytes pk ; - Nonce.to_bytes nonce ; + Box.unsafe_to_bytes pk ; + nonce ; ] in compare_target hash target @@ -124,16 +133,28 @@ let generate_proof_of_work ?max pk target = loop (Nonce.increment nonce) (cpt + 1) in loop (random_nonce ()) 0 -let public_key_to_bigarray = Box.to_bytes -let public_key_of_bigarray = Box.pk_of_bytes_exn +let public_key_to_bigarray pk = + let buf = MBytes.create Box.pkbytes in + Box.blit_to_bytes pk buf ; + buf + +let public_key_of_bigarray buf = + let pk = MBytes.copy buf in + Box.unsafe_pk_of_bytes pk + let public_key_size = Box.pkbytes -let secret_key_to_bigarray = Box.to_bytes -let secret_key_of_bigarray = Box.sk_of_bytes_exn +let secret_key_to_bigarray sk = + let buf = MBytes.create Box.skbytes in + Box.blit_to_bytes sk buf ; + buf + +let secret_key_of_bigarray buf = + let sk = MBytes.copy buf in + Box.unsafe_sk_of_bytes sk + let secret_key_size = Box.skbytes -let nonce_to_bigarray = Nonce.to_bytes -let nonce_of_bigarray = Nonce.of_bytes_exn let nonce_size = Nonce.bytes let public_key_encoding = @@ -151,9 +172,4 @@ let secret_key_encoding = (Fixed.bytes secret_key_size) let nonce_encoding = - let open Data_encoding in - conv - nonce_to_bigarray - nonce_of_bigarray - (Fixed.bytes nonce_size) - + Data_encoding.Fixed.bytes nonce_size diff --git a/src/lib_crypto/crypto_box.mli b/src/lib_crypto/crypto_box.mli index 21499d4f3..0ae438194 100644 --- a/src/lib_crypto/crypto_box.mli +++ b/src/lib_crypto/crypto_box.mli @@ -9,7 +9,8 @@ (** Tezos - X25519/XSalsa20-Poly1305 cryptography *) -type nonce +type nonce = Bigstring.t +val nonce_size : int val zero_nonce : nonce val random_nonce : unit -> nonce @@ -18,17 +19,13 @@ val increment_nonce : ?step:int -> nonce -> nonce module Secretbox : sig type key - val zerobytes : int - val boxzerobytes : int - - val of_bytes : MBytes.t -> key option - val of_bytes_exn : MBytes.t -> key - - val box : key -> MBytes.t -> nonce -> MBytes.t - val box_open : key -> MBytes.t -> nonce -> MBytes.t option + val unsafe_of_bytes : MBytes.t -> key val box_noalloc : key -> nonce -> MBytes.t -> unit val box_open_noalloc : key -> nonce -> MBytes.t -> bool + + val box : key -> MBytes.t -> nonce -> MBytes.t + val box_open : key -> MBytes.t -> nonce -> MBytes.t option end type target @@ -47,12 +44,6 @@ val boxzerobytes : int val random_keypair : unit -> secret_key * public_key * Public_key_hash.t -val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t -val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option - -val box_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> unit -val box_open_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> bool - val precompute : secret_key -> public_key -> channel_key val fast_box : channel_key -> MBytes.t -> nonce -> MBytes.t @@ -72,10 +63,6 @@ val secret_key_to_bigarray : secret_key -> Cstruct.buffer val secret_key_of_bigarray : Cstruct.buffer -> secret_key val secret_key_size : int -val nonce_to_bigarray : nonce -> Cstruct.buffer -val nonce_of_bigarray : Cstruct.buffer -> nonce -val nonce_size : int - val public_key_encoding : public_key Data_encoding.t val secret_key_encoding : secret_key Data_encoding.t val nonce_encoding : nonce Data_encoding.t diff --git a/src/lib_crypto/ed25519.ml b/src/lib_crypto/ed25519.ml index f493973b7..618b42524 100644 --- a/src/lib_crypto/ed25519.ml +++ b/src/lib_crypto/ed25519.ml @@ -19,20 +19,35 @@ module Public_key_hash = Blake2B.Make(Base58)(struct let () = Base58.check_encoded_prefix Public_key_hash.b58check_encoding "tz1" 36 -open Tweetnacl +open Hacl module Public_key = struct - type t = Sign.public Sign.key + type t = public Sign.key let name = "Ed25519.Public_key" let title = "Ed25519 public key" - let to_string s = MBytes.to_string (Sign.to_bytes s) - let of_string_opt s = Sign.pk_of_bytes (MBytes.of_string s) + let to_string s = MBytes.to_string (Sign.unsafe_to_bytes s) + let of_string_opt s = + if String.length s < Sign.pkbytes then None + else + let pk = MBytes.create Sign.pkbytes in + MBytes.blit_of_string s 0 pk 0 Sign.pkbytes ; + Some (Sign.unsafe_pk_of_bytes pk) - let to_bytes = Sign.to_bytes - let of_bytes_opt = Sign.pk_of_bytes + let to_bytes pk = + let buf = MBytes.create Sign.pkbytes in + Sign.blit_to_bytes pk buf ; + buf + + let of_bytes_opt buf = + let buflen = MBytes.length buf in + if buflen < Sign.pkbytes then None + else + let pk = MBytes.create Sign.pkbytes in + MBytes.blit buf 0 pk 0 Sign.pkbytes ; + Some (Sign.unsafe_pk_of_bytes pk) let size = Sign.pkbytes @@ -51,12 +66,12 @@ module Public_key = struct Base58.check_encoded_prefix b58check_encoding "edpk" 54 let hash v = - Public_key_hash.hash_bytes [ Sign.to_bytes v ] + Public_key_hash.hash_bytes [ Sign.unsafe_to_bytes v ] include Compare.Make(struct type nonrec t = t let compare a b = - MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b) + MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b) end) include Helpers.MakeRaw(struct @@ -94,24 +109,29 @@ end module Secret_key = struct - type t = Sign.secret Sign.key + type t = secret Sign.key let name = "Ed25519.Secret_key" let title = "An Ed25519 secret key" - let size = Sign.seedbytes + let size = Sign.skbytes + + let to_bytes sk = + let buf = MBytes.create Sign.skbytes in + Sign.blit_to_bytes sk buf ; + buf - let to_bytes = Sign.seed let of_bytes_opt s = - match MBytes.length s with - | 32 -> let _pk, sk = Sign.keypair ~seed:s () in Some sk - | 64 -> Sign.sk_of_bytes s - | _ -> None + if MBytes.length s > 64 then None + else + let sk = MBytes.create Sign.skbytes in + MBytes.blit s 0 sk 0 Sign.skbytes ; + Some (Sign.unsafe_sk_of_bytes sk) let to_string s = MBytes.to_string (to_bytes s) let of_string_opt s = of_bytes_opt (MBytes.of_string s) - let to_public_key = Sign.public + let to_public_key = Sign.neuterize type Base58.data += | Data of t @@ -120,20 +140,29 @@ module Secret_key = struct Base58.register_encoding ~prefix: Base58.Prefix.ed25519_seed ~length: size - ~to_raw: (fun sk -> MBytes.to_string (Sign.seed sk)) + ~to_raw: (fun sk -> MBytes.to_string (Sign.unsafe_to_bytes sk)) ~of_raw: (fun buf -> - let seed = MBytes.of_string buf in - match Sign.keypair ~seed () with - | exception _ -> None - | _pk, sk -> Some sk) + if String.length buf <> Sign.skbytes then None + else Some (Sign.unsafe_sk_of_bytes (MBytes.of_string buf))) ~wrap: (fun sk -> Data sk) + (* Legacy NaCl secret key encoding. Used to store both sk and pk. *) let secret_key_encoding = Base58.register_encoding ~prefix: Base58.Prefix.ed25519_secret_key - ~length: Sign.skbytes - ~to_raw: (fun sk -> MBytes.to_string (Sign.to_bytes sk)) - ~of_raw: (fun buf -> Sign.sk_of_bytes (MBytes.of_string buf)) + ~length: Sign.(skbytes + pkbytes) + ~to_raw: (fun sk -> + let pk = Sign.neuterize sk in + let buf = MBytes.create Sign.(skbytes + pkbytes) in + Sign.blit_to_bytes sk buf ; + Sign.blit_to_bytes pk ~pos:Sign.skbytes buf ; + MBytes.to_string buf) + ~of_raw: (fun buf -> + if String.length buf <> Sign.(skbytes + pkbytes) then None + else + let sk = MBytes.create Sign.skbytes in + MBytes.blit_of_string buf 0 sk 0 Sign.skbytes ; + Some (Sign.unsafe_sk_of_bytes sk)) ~wrap: (fun x -> Data x) let of_b58check_opt s = @@ -165,7 +194,7 @@ module Secret_key = struct include Compare.Make(struct type nonrec t = t let compare a b = - MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b) + MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b) end) include Helpers.MakeRaw(struct @@ -222,11 +251,6 @@ let b58check_encoding = let () = Base58.check_encoded_prefix b58check_encoding "edsig" 99 -include Compare.Make(struct - type nonrec t = t - let compare = MBytes.compare - end) - include Helpers.MakeRaw(struct type nonrec t = t let name = name @@ -260,30 +284,32 @@ let pp ppf t = Format.fprintf ppf "%s" (to_b58check t) let zero = MBytes.make size '\000' -let sign key msg = Sign.detached ~key msg +let sign sk msg = + let signature = MBytes.create Sign.bytes in + Sign.sign ~sk ~msg ~signature ; + signature -let check public_key signature msg = - Sign.verify_detached ~key:public_key ~signature msg +let check pk signature msg = + Sign.verify ~pk ~signature ~msg -module Seed = struct - - type t = Bigstring.t - - let generate () = Rand.gen 32 - let extract = Sign.seed - -end - -let generate_seeded_key seed = - let pk, sk = Sign.keypair ~seed () in - (Public_key.hash pk, pk, sk) - -let generate_key () = - let seed = Seed.generate () in - generate_seeded_key seed +let generate_key ?seed () = + match seed with + | None -> + let pk, sk = Sign.keypair () in + Public_key.hash pk, pk, sk + | Some seed -> + let seedlen = MBytes.length seed in + if seedlen < Sign.skbytes then + invalid_arg (Printf.sprintf "Ed25519.generate_key: seed must \ + be at least %d bytes long (got %d)" + Sign.skbytes seedlen) ; + let sk = MBytes.create Sign.skbytes in + MBytes.blit seed 0 sk 0 Sign.skbytes ; + let sk = Sign.unsafe_sk_of_bytes sk in + let pk = Sign.neuterize sk in + Public_key.hash pk, pk, sk include Compare.Make(struct type nonrec t = t let compare = MBytes.compare end) - diff --git a/src/lib_crypto/ed25519.mli b/src/lib_crypto/ed25519.mli index 50c87e6b2..6a866db93 100644 --- a/src/lib_crypto/ed25519.mli +++ b/src/lib_crypto/ed25519.mli @@ -10,13 +10,4 @@ (** Tezos - Ed25519 cryptography *) include S.SIGNATURE - include S.RAW_DATA with type t := t - -module Seed : sig - type t - val generate : unit -> t - val extract : Secret_key.t -> t -end - -val generate_seeded_key: Seed.t -> (Public_key_hash.t * Public_key.t * Secret_key.t) diff --git a/src/lib_crypto/jbuild b/src/lib_crypto/jbuild index 4061898fc..db8edd1c2 100644 --- a/src/lib_crypto/jbuild +++ b/src/lib_crypto/jbuild @@ -17,7 +17,7 @@ lwt nocrypto blake2 - tweetnacl + hacl secp256k1 zarith)))) diff --git a/src/lib_crypto/rand.ml b/src/lib_crypto/rand.ml index 5c4a7f3ca..57eefea56 100644 --- a/src/lib_crypto/rand.ml +++ b/src/lib_crypto/rand.ml @@ -7,7 +7,7 @@ (* *) (**************************************************************************) -let generate = Tweetnacl.Rand.gen +let generate = Hacl.Rand.gen let generate_into ?(pos=0) ?len buf = let buflen = MBytes.length buf in @@ -18,4 +18,4 @@ let generate_into ?(pos=0) ?len buf = invalid_arg (Printf.sprintf "Rand.generate_into: \ invalid slice (pos=%d len=%d)" pos len) ; let buf = MBytes.sub buf pos len in - Tweetnacl.Rand.write buf + Hacl.Rand.write buf diff --git a/src/lib_crypto/s.ml b/src/lib_crypto/s.ml index 5ed5bfef9..e379c2feb 100644 --- a/src/lib_crypto/s.ml +++ b/src/lib_crypto/s.ml @@ -208,6 +208,6 @@ module type SIGNATURE = sig val sign: Secret_key.t -> MBytes.t -> t val check: Public_key.t -> t -> MBytes.t -> bool - val generate_key: unit -> (Public_key_hash.t * Public_key.t * Secret_key.t) + val generate_key: ?seed:MBytes.t -> unit -> (Public_key_hash.t * Public_key.t * Secret_key.t) end diff --git a/src/lib_crypto/secp256k1.ml b/src/lib_crypto/secp256k1.ml index a809a7d66..217ab049a 100644 --- a/src/lib_crypto/secp256k1.ml +++ b/src/lib_crypto/secp256k1.ml @@ -245,9 +245,9 @@ let sign sk msg = let check public_key signature msg = Sign.verify_exn context ~pk:public_key ~msg ~signature -let generate_key () = - let sk = Key.read_sk_exn context (Rand.generate 32) in +let generate_key ?(seed=Rand.generate 32) () = + let sk = Key.read_sk_exn context seed in let pk = Key.neuterize_exn context sk in let pkh = Public_key.hash pk in - (pkh, pk, sk) + pkh, pk, sk diff --git a/src/lib_crypto/signature.ml b/src/lib_crypto/signature.ml index 1fbf60c9d..5fbeee731 100644 --- a/src/lib_crypto/signature.ml +++ b/src/lib_crypto/signature.ml @@ -486,18 +486,12 @@ let algo_param () = end let generate_key ?(algo = Ed25519) ?seed () = - match algo, seed with - | Secp256k1, Some _ -> - invalid_arg "Signature.generate_key" - | Secp256k1, None -> - let (pkh, pk, sk) = Secp256k1.generate_key () in + match algo with + | Secp256k1 -> + let pkh, pk, sk = Secp256k1.generate_key ?seed () in (Public_key_hash.Secp256k1 pkh, Public_key.Secp256k1 pk, Secret_key.Secp256k1 sk) - | Ed25519, seed -> - let seed = - match seed with - | None -> Ed25519.Seed.generate () - | Some seed -> seed in - let (pkh, pk, sk) = Ed25519.generate_seeded_key seed in + | Ed25519 -> + let pkh, pk, sk = Ed25519.generate_key ?seed () in (Public_key_hash.Ed25519 pkh, Public_key.Ed25519 pk, Secret_key.Ed25519 sk) diff --git a/src/lib_crypto/signature.mli b/src/lib_crypto/signature.mli index 6735d8c1e..370eae951 100644 --- a/src/lib_crypto/signature.mli +++ b/src/lib_crypto/signature.mli @@ -41,5 +41,5 @@ val algo_param: unit -> (algo, 'a) Clic.parameter val generate_key: ?algo:algo -> - ?seed:Ed25519.Seed.t -> + ?seed:MBytes.t -> unit -> public_key_hash * public_key * secret_key diff --git a/src/lib_crypto/test/test_ed25519.ml b/src/lib_crypto/test/test_ed25519.ml index b498b0edb..02799a3cd 100644 --- a/src/lib_crypto/test/test_ed25519.ml +++ b/src/lib_crypto/test/test_ed25519.ml @@ -7,10 +7,6 @@ (* *) (**************************************************************************) -let get_keys () = - let seed = Ed25519.Seed.generate () in - Ed25519.generate_seeded_key seed - module type B58CHECK = sig type t val pp: Format.formatter -> t -> unit @@ -29,7 +25,7 @@ let test_b58check_roundtrip input let test_b58check_roundtrips () = - let (pubkey_hash, pubkey, seckey) = get_keys () in + let pubkey_hash, pubkey, seckey = Ed25519.generate_key () in test_b58check_roundtrip (module Ed25519.Public_key_hash) pubkey_hash; test_b58check_roundtrip (module Ed25519.Public_key) pubkey; test_b58check_roundtrip (module Ed25519.Secret_key) seckey diff --git a/src/lib_crypto/tezos-crypto.opam b/src/lib_crypto/tezos-crypto.opam index 09c6ffc51..328c87e83 100644 --- a/src/lib_crypto/tezos-crypto.opam +++ b/src/lib_crypto/tezos-crypto.opam @@ -17,7 +17,7 @@ depends: [ "lwt" "nocrypto" "blake2" - "tweetnacl" + "hacl" "zarith" "secp256k1" "alcotest" { test & >= "0.8.3" }