Adapt merlin on rand_core 0.4.2 to rand_core 0.5

Author: burdges

Cargo.toml

@@ -11,6 +11,7 @@ categories = ["cryptography", "no-std"]
 description = "Schnorr VRF, signatures, etc. using the Ristretto group"
 exclude = [ ".gitignore", "TESTVECTORS", "res/*" ]
 edition = "2018"
+cargo-features = ["rename-dependencies"]
 
 # [badges]
 # travis-ci = { repository = "dalek-cryptography/ed25519-dalek", branch = "master"}
@@ -35,22 +36,26 @@ version = "1.2"
 default-features = false
 
 [dependencies.rand]
-version = "0.6"
+version = "0.7"
 default-features = false
 optional = true
-features = ["i128_support"]
 
 [dependencies.rand_core]
-version = "0.4.2" # 0.5
+version = "0.5"
+default-features = false
+
+[dependencies.old_rand_core]
+package = "rand_core"
+version = "0.4.2"
 default-features = false
 
 [dependencies.rand_os]
-version = "0.1.3" # 0.2.1
+version = "0.2.1"
 default-features = false
 optional = true
 
 [dependencies.rand_chacha]
-version = "0.1" # 0.2
+version = "0.2"
 default-features = false
 optional = true
 
@@ -73,10 +78,10 @@ default-features = false
 # features = ["zeroize_derive"]
 
 [dev-dependencies]
-rand = "0.6"
-rand_chacha = "0.1.0"
+rand = "0.7"
+rand_chacha = "0.2"
 # hex = "0.3.2"
-hex-literal = "0.2.0"
+hex-literal = "0.2"
 sha2 = "^0.8"
 sha3 = "^0.8"
 bincode = "^0.9"

src/context.rs

@@ -150,14 +150,15 @@ impl SigningTranscript for Transcript {
         Transcript::challenge_bytes(self, label, dest)
     }
 
-    fn witness_bytes_rng<R>(&self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]], mut rng: R)
+    fn witness_bytes_rng<R>(&self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]], rng: R)
     where R: RngCore+CryptoRng
     {
+        use ::old_rand_core::RngCore;
         let mut br = self.build_rng();
         for ns in nonce_seeds {
             br = br.rekey_with_witness_bytes(label, ns);
         }
-        let mut r = br.finalize(&mut rng);
+        let mut r = br.finalize(&mut super::RngCore5As4(rng));
         r.fill_bytes(dest)
     }
 }

src/lib.rs

@@ -238,7 +238,7 @@ fn rand_hack() -> impl RngCore+CryptoRng {
 
 #[cfg(all(feature = "rand_os", not(feature = "rand")))] 
 fn rand_hack() -> impl RngCore+CryptoRng {
-    ::rand_os::OsRng::new().unwrap()
+    ::rand_os::OsRng
 }
 
 #[cfg(not(feature = "rand_os"))]
@@ -257,6 +257,27 @@ fn rand_hack() -> impl RngCore+CryptoRng {
     PanicRng
 }
 
+struct RngCore5As4<R: RngCore>(pub  R);
+
+impl<R: RngCore> ::old_rand_core::RngCore for RngCore5As4<R> {
+    fn next_u32(&mut self) -> u32 { self.0.next_u32() }
+    fn next_u64(&mut self) -> u64  { self.0.next_u64() }
+    fn fill_bytes(&mut self, dest: &mut [u8])  { self.0.fill_bytes(dest) }
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), ::old_rand_core::Error> {
+        self.0.try_fill_bytes(dest).map_err(|_err| {
+            let kind = ::old_rand_core::ErrorKind::Unavailable;
+            let msg = "Unknown error from another rand_core version";
+            // #[cfg(not(feature="std"))]
+            ::old_rand_core::Error::new(kind,msg)
+            // #[cfg(feature="std")]
+            // ::old_rand_core::Error::with_casue(kind,msg,_err.take_inner());
+        })
+    }
+}
+
+impl<R: RngCore+CryptoRng> ::old_rand_core::CryptoRng for RngCore5As4<R> {}
+
+
 #[macro_use]
 mod serdey;
 

src/sign.rs

@@ -313,13 +313,14 @@ where
         for pk in public_keys {
             t.commit_point(b"",pk.as_compressed());
         }
-        t.build_rng().finalize(&mut rand_hack())
+        t.build_rng().finalize(&mut RngCore5As4(rand_hack()))
     };
 
     // Select a random 128-bit scalar for each signature.
     // We may represent these as scalars because we use
     // variable time 256 bit multiplication below. 
     let rnd_128bit_scalar = |_| {
+        use ::old_rand_core::RngCore;
         let mut r = [0u8; 16];
         csprng.fill_bytes(&mut r);
         Scalar::from(u128::from_le_bytes(r))

src/vrf.rs

@@ -354,18 +354,18 @@ impl VRFInOut {
     pub fn make_merlin_rng(&self, context: &[u8]) -> merlin::TranscriptRng {
         // Very insecure hack except for our commit_witness_bytes below
         struct ZeroFakeRng;
-        impl ::rand_core::RngCore for ZeroFakeRng {
+        impl ::old_rand_core::RngCore for ZeroFakeRng {
             fn next_u32(&mut self) -> u32 {  panic!()  }
             fn next_u64(&mut self) -> u64 {  panic!()  }
             fn fill_bytes(&mut self, dest: &mut [u8]) {
                 for i in dest.iter_mut() {  *i = 0;  }
             }
-            fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), ::rand_core::Error> {
+            fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), ::old_rand_core::Error> {
                 self.fill_bytes(dest);
                 Ok(())
             }
         }
-        impl ::rand_core::CryptoRng for ZeroFakeRng {}
+        impl ::old_rand_core::CryptoRng for ZeroFakeRng {}
 
         let mut t = Transcript::new(b"VRFResult");
         t.append_message(b"",context);
@@ -829,13 +829,14 @@ pub fn dleq_verify_batch(
             t.commit_point(b"",pk.as_compressed());
             p.commit(&mut t);
         }
-        t.build_rng().finalize(&mut rand_hack())
+        t.build_rng().finalize(&mut RngCore5As4(rand_hack()))
     };
 
     // Select a random 128-bit scalar for each signature.
     // We may represent these as scalars because we use
     // variable time 256 bit multiplication below.
     let rnd_128bit_scalar = |_| {
+        use ::old_rand_core::RngCore;
         let mut r = [0u8; 16];
         csprng.fill_bytes(&mut r);
         Scalar::from(u128::from_le_bytes(r))