Remove duplicated crypto dependencies (#8605)

#8547 This unifies the following `crypto` dependencies to a single version each: - `sha2` - `hmac` - `pbkdf2` - `aes` - `cipher` - `ctr` - `scrypt` - `digest` Co-Authored-By: Mac L <mjladson@pm.me>
2026-04-30 03:03:45 +00:00 · 2026-01-07 23:38:31 +04:00
parent 2fe59405bc
commit 3662e1ab7f
7 changed files with 105 additions and 214 deletions
--- a/crypto/eth2_keystore/src/json_keystore/kdf_module.rs
+++ b/crypto/eth2_keystore/src/json_keystore/kdf_module.rs
@@ -5,9 +5,10 @@

 use super::hex_bytes::HexBytes;
 use crate::DKLEN;
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
+use sha2::digest::KeyInit;

 /// KDF module representation.
 #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
@@ -67,7 +68,7 @@ pub enum Prf {
 impl Prf {
    pub fn mac(&self, password: &[u8]) -> impl Mac {
        match &self {
-            Prf::HmacSha256 => Hmac::<Sha256>::new_from_slice(password)
+            Prf::HmacSha256 => <Hmac<Sha256> as KeyInit>::new_from_slice(password)
                .expect("Could not derive HMAC using SHA256."),
        }
    }
--- a/crypto/eth2_keystore/src/keystore.rs
+++ b/crypto/eth2_keystore/src/keystore.rs
@@ -7,10 +7,11 @@ use crate::json_keystore::{
    Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, EmptyString, JsonKeystore,
    Kdf, KdfModule, Scrypt, Sha256Checksum, Version,
 };
-use aes::Aes128Ctr as AesCtr;
-use aes::cipher::generic_array::GenericArray;
-use aes::cipher::{NewCipher, StreamCipher};
+use aes::Aes128;
 use bls::{Keypair, PublicKey, SecretKey, ZeroizeHash};
+use cipher::generic_array::GenericArray;
+use cipher::{KeyIvInit, StreamCipher};
+use ctr::Ctr64BE;
 use eth2_key_derivation::PlainText;
 use hmac::Hmac;
 use pbkdf2::pbkdf2;
@@ -350,7 +351,7 @@ pub fn encrypt(
            // AES Encrypt
            let key = GenericArray::from_slice(&derived_key.as_bytes()[0..16]);
            let nonce = GenericArray::from_slice(params.iv.as_bytes());
-            let mut cipher = AesCtr::new(key, nonce);
+            let mut cipher = Ctr64BE::<Aes128>::new(key, nonce);
            cipher.apply_keystream(&mut cipher_text);
        }
    };
@@ -396,7 +397,7 @@ pub fn decrypt(password: &[u8], crypto: &Crypto) -> Result<PlainText, Error> {
            // AES Decrypt
            let key = GenericArray::from_slice(&derived_key.as_bytes()[0..16]);
            let nonce = GenericArray::from_slice(params.iv.as_bytes());
-            let mut cipher = AesCtr::new(key, nonce);
+            let mut cipher = Ctr64BE::<Aes128>::new(key, nonce);
            cipher.apply_keystream(plain_text.as_mut_bytes());
        }
    };
@@ -444,13 +445,15 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result<DerivedKey, Error> {
                params.salt.as_bytes(),
                params.c,
                dk.as_mut_bytes(),
-            );
+            )
+            // `pbkdf2` accepts keys of any size so this error should never occur in practice.
+            .map_err(|_| Error::InvalidPassword)?;
        }
        Kdf::Scrypt(params) => {
            scrypt(
                password,
                params.salt.as_bytes(),
-                &ScryptParams::new(log2_int(params.n) as u8, params.r, params.p)
+                &ScryptParams::new(log2_int(params.n) as u8, params.r, params.p, DKLEN as usize)
                    .map_err(Error::ScryptInvalidParams)?,
                dk.as_mut_bytes(),
            )