diff --git a/Cargo.lock b/Cargo.lock index 92de2b14e0..9b91b03d74 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -131,7 +131,7 @@ dependencies = [ "cipher 0.2.5", "ctr 0.6.0", "ghash 0.3.1", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -145,7 +145,7 @@ dependencies = [ "cipher 0.3.0", "ctr 0.8.0", "ghash 0.4.4", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -560,6 +560,12 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" +[[package]] +name = "base64ct" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dea908e7347a8c64e378c17e30ef880ad73e3b4498346b055c2c00ea342f3179" + [[package]] name = "bcs" version = "0.1.3" @@ -1528,16 +1534,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "crypto-mac" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" -dependencies = [ - "generic-array 0.12.4", - "subtle 1.0.0", -] - [[package]] name = "crypto-mac" version = "0.8.0" @@ -1545,7 +1541,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -1555,7 +1551,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -1664,7 +1660,7 @@ dependencies = [ "byteorder 1.4.3", "digest 0.9.0", "rand_core 0.5.1", - "subtle 2.4.1", + "subtle", "zeroize", ] @@ -1678,7 +1674,7 @@ dependencies = [ "digest 0.9.0", "fiat-crypto", "rand_core 0.6.3", - "subtle 2.4.1", + "subtle", "zeroize", ] @@ -2084,6 +2080,7 @@ checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" dependencies = [ "block-buffer 0.10.2", "crypto-common", + "subtle", ] [[package]] @@ -3151,16 +3148,6 @@ dependencies = [ "hmac 0.10.1", ] -[[package]] -name = "hmac" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695" -dependencies = [ - "crypto-mac 0.7.0", - "digest 0.8.1", -] - [[package]] name = "hmac" version = "0.8.1" @@ -3181,6 +3168,15 @@ dependencies = [ "digest 0.9.0", ] +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.3", +] + [[package]] name = "hmac-drbg" version = "0.3.0" @@ -4586,7 +4582,7 @@ checksum = "5be9b9bb642d8522a44d533eab56c16c738301965504753b03ad1de3425d5451" dependencies = [ "crunchy", "digest 0.9.0", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -6656,6 +6652,17 @@ dependencies = [ "regex", ] +[[package]] +name = "password-hash" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa26fd5c3cd6e6bb83dd9c0cef40fbeb77d7596339ca46c18a6f66919bb07769" +dependencies = [ + "base64ct", + "rand_core 0.6.3", + "subtle", +] + [[package]] name = "paste" version = "1.0.7" @@ -6679,17 +6686,14 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.3.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "006c038a43a45995a9670da19e67600114740e8511d4333bf97a56e66a7542d9" +checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" dependencies = [ - "base64 0.9.3", - "byteorder 1.4.3", - "crypto-mac 0.7.0", - "hmac 0.7.1", - "rand 0.5.6", - "sha2 0.8.2", - "subtle 1.0.0", + "digest 0.10.3", + "hmac 0.12.1", + "password-hash", + "sha2 0.10.2", ] [[package]] @@ -7382,19 +7386,6 @@ dependencies = [ "winapi 0.3.9", ] -[[package]] -name = "rand" -version = "0.5.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c618c47cd3ebd209790115ab837de41425723956ad3ce2e6a7f09890947cacb9" -dependencies = [ - "cloudabi", - "fuchsia-cprng", - "libc", - "rand_core 0.3.1", - "winapi 0.3.9", -] - [[package]] name = "rand" version = "0.6.5" @@ -8597,18 +8588,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" -[[package]] -name = "sha2" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69" -dependencies = [ - "block-buffer 0.7.3", - "digest 0.8.1", - "fake-simd", - "opaque-debug 0.2.3", -] - [[package]] name = "sha2" version = "0.9.9" @@ -8840,7 +8819,7 @@ dependencies = [ "ring", "rustc_version 0.3.3", "sha2 0.9.9", - "subtle 2.4.1", + "subtle", "x25519-dalek", ] @@ -9376,11 +9355,11 @@ dependencies = [ "aes-gcm 0.9.4", "anyhow", "byteorder 1.4.3", - "hmac 0.7.1", + "hmac 0.12.1", "pbkdf2", "rand 0.8.5", "rand_core 0.6.3", - "sha2 0.8.2", + "sha2 0.10.2", ] [[package]] @@ -10749,7 +10728,7 @@ dependencies = [ "move-prover", "once_cell", "serde 1.0.136", - "sha2 0.9.9", + "sha2 0.10.2", "simplelog", "starcoin-crypto", "starcoin-framework", @@ -10898,12 +10877,6 @@ dependencies = [ "syn 1.0.90", ] -[[package]] -name = "subtle" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" - [[package]] name = "subtle" version = "2.4.1" @@ -12051,7 +12024,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] diff --git a/commons/decrypt/Cargo.toml b/commons/decrypt/Cargo.toml index 74db5cd259..2af2b89f47 100644 --- a/commons/decrypt/Cargo.toml +++ b/commons/decrypt/Cargo.toml @@ -6,9 +6,9 @@ license = "Apache-2.0" edition = "2021" [dependencies] -pbkdf2="0.3" -hmac = "0.7" -sha2 = "0.8" +pbkdf2 = "0.11" +hmac = "0.12.1" +sha2 = "0.10.2" aes-gcm = "0.9" rand = "0.8.5" rand_core = { version = "0.6.3", default-features = false } diff --git a/commons/decrypt/src/lib.rs b/commons/decrypt/src/lib.rs index fad4acf8e7..552298ec8c 100644 --- a/commons/decrypt/src/lib.rs +++ b/commons/decrypt/src/lib.rs @@ -89,7 +89,7 @@ fn derive_key(derivation_param: &KeyDerivationParams, secret: &[u8]) -> [u8; 32] pbkdf2::pbkdf2::>( secret, &derivation_param.pbkdf2_salt, - derivation_param.pbkdf2_iterations as usize, + derivation_param.pbkdf2_iterations, &mut dk, ); dk diff --git a/vm/stdlib/Cargo.toml b/vm/stdlib/Cargo.toml index 4beeb5937f..76934afe1a 100644 --- a/vm/stdlib/Cargo.toml +++ b/vm/stdlib/Cargo.toml @@ -18,7 +18,7 @@ move-prover = { git = "https://github.com/starcoinorg/move", rev = "0b4655469084 move-compiler = { git = "https://github.com/starcoinorg/move", rev = "0b4655469084eb2fb6b8a6a7690342d767f05e5b" } once_cell = "1.10.0" include_dir = "0.6.2" -sha2 = "0.9.1" +sha2 = "0.10.2" log = "0.4.16" simplelog = "0.9.0" fs_extra = "1.2.0"