Merge pull request #141 from matter-labs/use-secp256k1-instead-of-k256

Replace secp256k1 with k256 crate

Cargo.lock

@@ -2308,6 +2308,25 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "secp256k1"
+version = "0.29.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e0cc0f1cf93f4969faf3ea1c7d8a9faed25918d96affa959720823dfe86d4f3"
+dependencies = [
+ "rand",
+ "secp256k1-sys",
+]
+
+[[package]]
+name = "secp256k1-sys"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1433bd67156263443f14d603720b082dd3121779323fce20cba2aa07b874bc1b"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.23"
@@ -2538,8 +2557,8 @@ name = "tee-key-preexec"
 version = "0.1.2-alpha.1"
 dependencies = [
  "anyhow",
- "k256",
  "rand",
+ "secp256k1",
  "teepot",
  "tracing",
  "tracing-log",

Cargo.toml

@@ -34,7 +34,7 @@ getrandom = "0.2.14"
 hex = { version = "0.4.3", features = ["std"], default-features = false }
 intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.2.3-alpha.1" }
 intel-tee-quote-verification-sys = { version = "0.2.1" }
-k256 = "0.13"
+secp256k1 = { version = "0.29", features = ["rand-std"] }
 log = "0.4"
 num-integer = "0.1.46"
 num-traits = "0.2.18"

bin/tee-key-preexec/Cargo.toml

@@ -10,8 +10,8 @@ repository.workspace = true
 
 [dependencies]
 anyhow.workspace = true
-k256.workspace = true
 rand.workspace = true
+secp256k1.workspace = true
 teepot.workspace = true
 tracing.workspace = true
 tracing-log.workspace = true

bin/tee-key-preexec/src/main.rs

@@ -7,8 +7,7 @@
 #![deny(clippy::all)]
 
 use anyhow::{Context, Result};
-use k256::ecdsa::SigningKey;
+use secp256k1::{rand, Keypair, PublicKey, Secp256k1, SecretKey};
-use k256::pkcs8::{EncodePrivateKey, LineEnding};
 
 use std::env;
 use std::os::unix::process::CommandExt;
@@ -38,10 +37,12 @@ fn main_with_error() -> Result<()> {
     }
 
     let mut rng = rand::thread_rng();
-    let signing_key = SigningKey::random(&mut rng);
+    let secp = Secp256k1::new();
-    let verifying_key_bytes = signing_key.verifying_key().to_sec1_bytes();
+    let keypair = Keypair::new(&secp, &mut rng);
-    let signing_key_string = signing_key.to_pkcs8_pem(LineEnding::LF)?;
+    let signing_key = SecretKey::from_keypair(&keypair);
-    let tee_type = match get_quote(&verifying_key_bytes) {
+    let verifying_key = PublicKey::from_keypair(&keypair);
+    let verifying_key_bytes = verifying_key.serialize();
+    let tee_type = match get_quote(verifying_key_bytes.as_ref()) {
         Ok(quote) => {
             // save quote to file
             std::fs::write(TEE_QUOTE_FILE, quote)?;
@@ -56,7 +57,7 @@ fn main_with_error() -> Result<()> {
 
     let err = Command::new(&args[1])
         .args(&args[2..])
-        .env("TEE_SIGNING_KEY", signing_key_string)
+        .env("TEE_SIGNING_KEY", signing_key.display_secret().to_string())
         .env("TEE_QUOTE_FILE", TEE_QUOTE_FILE)
         .env("TEE_TYPE", tee_type)
         .exec();

deny.toml

@@ -29,11 +29,10 @@ allow = [
   "Unlicense",
   "MPL-2.0",
   "Unicode-DFS-2016",
-  #  "CC0-1.0", # not yet seen
   "BSD-2-Clause",
   "BSD-3-Clause",
   "OpenSSL",
-  "Unicode-3.0",
+  "CC0-1.0",
 ]
 deny = []
 allow-osi-fsf-free = "neither"