Merge pull request #263 from matter-labs/cargo_update

chore: cargo deps update

Cargo.toml

@@ -25,28 +25,27 @@ bytemuck = { version = "1.15.0", features = ["derive", "min_const_generics", "ex
 bytes = "1"
 clap = { version = "4.5", features = ["std", "derive", "env", "error-context", "help", "usage", "wrap_help"], default-features = false }
 const-oid = { version = "0.9", default-features = false }
-ctrlc = "3.4"
 enumset = { version = "1.1", features = ["serde"] }
 futures-core = { version = "0.3.30", features = ["alloc"], default-features = false }
-getrandom = "0.2.14"
+getrandom = { version = "0.3.1", features = ["std"] }
 gpt = "4.0.0"
 hex = { version = "0.4.3", features = ["std"], default-features = false }
 intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.3.0" }
 intel-tee-quote-verification-sys = { version = "0.2.1" }
-jsonrpsee-types = { version = "0.23", default-features = false }
+jsonrpsee-types = { version = "0.24", default-features = false }
 num-integer = "0.1.46"
 num-traits = "0.2.18"
 p256 = "0.13.2"
 pe-sign = "0.1.10"
-pgp = "0.14.2"
+pgp = "0.15"
 pkcs8 = { version = "0.10" }
-rand = "0.8"
+rand = { version = "0.8", features = ["std", "std_rng"] }
 reqwest = { version = "0.12", features = ["json"] }
 reqwest-middleware = "0.4.0"
 reqwest-retry = "0.7.0"
 rsa = { version = "0.9.6", features = ["sha2", "pem"] }
 rustls = { version = "0.23.20" }
-secp256k1 = { version = "0.29", features = ["rand-std", "global-context"] }
+secp256k1 = { version = "0.30", features = ["rand", "global-context"] }
 serde = { version = "1", features = ["derive", "rc"] }
 serde_json = "1"
 serde_with = { version = "3.8", features = ["base64", "hex"] }
@@ -56,7 +55,7 @@ signature = "2.2.0"
 tdx-attest-rs = { version = "0.1.2", git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", rev = "aa239d25a437a28f3f4de92c38f5b6809faac842" }
 teepot = { path = "crates/teepot" }
 testaso = "0.1.0"
-thiserror = "1.0.59"
+thiserror = "2.0.11"
 tokio = { version = "1", features = ["sync", "macros", "rt-multi-thread", "fs", "time"] }
 tracing = "0.1"
 tracing-actix-web = "0.7"

bin/verify-era-proof-attestation/Cargo.toml

@@ -10,7 +10,6 @@ version.workspace = true
 [dependencies]
 anyhow.workspace = true
 clap.workspace = true
-ctrlc.workspace = true
 hex.workspace = true
 jsonrpsee-types.workspace = true
 reqwest.workspace = true
@@ -20,7 +19,6 @@ serde_with = { workspace = true, features = ["hex"] }
 teepot.workspace = true
 tokio.workspace = true
 tracing.workspace = true
-tracing-log.workspace = true
 tracing-subscriber.workspace = true
 url.workspace = true
 zksync_basic_types.workspace = true

crates/teepot/src/ethereum/mod.rs

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 
 //! Ethereum-specific helper functions for on-chain verification of Intel SGX attestation.
 
@@ -15,7 +15,7 @@ use sha3::{Digest, Keccak256};
 pub fn recover_signer(sig: &[u8; 65], root_hash: &Message) -> Result<[u8; 20]> {
     let sig = RecoverableSignature::from_compact(
         &sig[0..64],
-        RecoveryId::from_i32(sig[64] as i32 - 27)?,
+        RecoveryId::try_from(sig[64] as i32 - 27)?,
     )?;
     let public = SECP256K1.recover_ecdsa(root_hash, &sig)?;
     Ok(public_key_to_ethereum_address(&public))
@@ -50,7 +50,7 @@ mod tests {
         signature[..64].copy_from_slice(&data);
         // as defined in the Ethereum Yellow Paper (Appendix F)
         // https://ethereum.github.io/yellowpaper/paper.pdf
-        signature[64] = 27 + rec_id.to_i32() as u8;
+        signature[64] = 27 + i32::from(rec_id) as u8;
 
         Ok(signature)
     }
@@ -63,7 +63,8 @@ mod tests {
         let secret_key_bytes =
             hex::decode("c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3")
                 .unwrap();
-        let secret_key = SecretKey::from_slice(&secret_key_bytes).unwrap();
+        let secret_key =
+            SecretKey::from_byte_array(secret_key_bytes.as_slice().try_into().unwrap()).unwrap();
         let public_key = PublicKey::from_secret_key(&secp, &secret_key);
         let expected_address = hex::decode("627306090abaB3A6e1400e9345bC60c78a8BEf57").unwrap();
         let address = public_key_to_ethereum_address(&public_key);
@@ -74,7 +75,7 @@ mod tests {
         // the secret key
         let root_hash = H256::random();
         let root_hash_bytes = root_hash.as_bytes();
-        let msg_to_sign = Message::from_digest_slice(root_hash_bytes).unwrap();
+        let msg_to_sign = Message::from_digest(root_hash_bytes.try_into().unwrap());
         let signature = sign_message(&secret_key, msg_to_sign).unwrap();
 
         // Recover the signer's Ethereum address from the signature and the message, and verify it

crates/teepot/src/server/pki.rs

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 
 //! Create a private key and a signed and self-signed certificates
 
@@ -10,10 +10,10 @@ use const_oid::{
     db::rfc5280::{ID_KP_CLIENT_AUTH, ID_KP_SERVER_AUTH},
     AssociatedOid,
 };
-use getrandom::getrandom;
 use intel_tee_quote_verification_rs::tee_qv_get_collateral;
 use p256::{ecdsa::DerSignature, pkcs8::EncodePrivateKey};
 use pkcs8::der;
+use rand::rngs::OsRng;
 use rustls::pki_types::PrivatePkcs8KeyDer;
 use sha2::{Digest, Sha256};
 use signature::Signer;
@@ -136,7 +136,7 @@ pub fn make_self_signed_cert(
     rustls::pki_types::PrivateKeyDer<'static>,
 )> {
     // Generate a keypair.
-    let mut rng = rand::thread_rng();
+    let mut rng = OsRng;
     let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
     let verifying_key = signing_key.verifying_key();
     let verifying_key_der = verifying_key
@@ -154,7 +154,7 @@ pub fn make_self_signed_cert(
     let collateral = tee_qv_get_collateral(&quote).context("Failed to get own collateral")?;
 
     let mut serial = [0u8; 16];
-    getrandom(&mut serial)?;
+    getrandom::fill(&mut serial)?;
 
     let mut builder = CertificateBuilder::new(
         Profile::Leaf {
@@ -223,7 +223,7 @@ where
     S::VerifyingKey: EncodePublicKey,
 {
     // Generate a keypair.
-    let mut rng = rand::thread_rng();
+    let mut rng = rand::rngs::OsRng;
     let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
     let verifying_key = signing_key.verifying_key();
     let verifying_key_der = verifying_key
@@ -240,7 +240,7 @@ where
     let subject = Name::from_str(dn)?;
 
     let mut serial = [0u8; 16];
-    getrandom(&mut serial)?;
+    getrandom::fill(&mut serial)?;
 
     let mut builder = CertificateBuilder::new(
         Profile::Leaf {

crates/teepot/src/sgx/sign.rs

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 
 // Copyright (c) The Enarx Project Developers https://github.com/enarx/sgx
 
@@ -12,14 +12,12 @@
 use bytemuck::{bytes_of, Pod, Zeroable};
 use num_integer::Integer;
 use num_traits::ToPrimitive;
-use rand::thread_rng;
 use rsa::{
     pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey, LineEnding},
     traits::PublicKeyParts,
     BigUint, Pkcs1v15Sign, RsaPrivateKey,
 };
-use sha2::Digest as _;
+use sha2::{Digest as _, Sha256};
-use sha2::Sha256;
 pub use zeroize::Zeroizing;
 
 /// Enclave CPU attributes
@@ -270,7 +268,7 @@ impl PrivateKey for RS256PrivateKey {
     type Error = rsa::errors::Error;
 
     fn generate(exponent: u8) -> Result<Self, Self::Error> {
-        let mut rng = thread_rng();
+        let mut rng = rand::rngs::OsRng;
         let exp = BigUint::from(exponent);
         let key = RsaPrivateKey::new_with_exp(&mut rng, 384 * 8, &exp)?;
         Ok(Self::new(key))