Skip to content

Update to latest `x25519-dalek`

In #807 (closed) we found that a new x25519-dalek broke the build. We should update, in a more controlled fashion.

On the face of it this is just a matter of changing the version pin in crates/tor-llcrypto/Cargo.toml. However:

In the x25519-dalek changelog, we see this:

2.0.0-rc.3

  • Change: StaticSecret serialization and to_bytes() no longer returns clamped integers. Clamping is still always done during scalar-point multiplication.

A cursory inspection found me convert_curve25519_to_ed25519_private in crates/tor-llcrypto/src/pk/keymanip.rs which takes the output of StaticSecret::to_bytes and feeds it into a hash. IDK if we ever create an unclamped StaticSecret. (Perhaps an unclamped one is useful for a vanity .onion address...) If we do, then this behavioural change would matter to us.

Options seem to be:

  1. Somehow audit our code's use of StaticSecret::to_bytes.
  2. Wrap up StaticSecret in a type of our own

Possibly (1) could be achieved by temporarily doing (2). In any case, this doesn't seem trivial so I'm filing a ticket rather than just doing this as a routine update.