From e20ca686ffc9177e6cd6c18596d4a8c833c18f00 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Tue, 29 Aug 2023 12:58:59 +0200 Subject: [PATCH 1/2] fix: enable `cargo test` to run Signed-off-by: Roman Volosatovs --- Cargo.toml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 24a7443..5d9d52c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,7 +50,7 @@ atty = { version = "0.2", optional = true } base64 = "0.13.0" bcrypt = "0.13" bytes = "1.1.0" -clap = { version = "3", features = ["derive", "env", "cargo"], optional = true } +clap = { workspace = true, features = ["derive", "env", "cargo"], optional = true } dirs = { version = "4.0.0", optional = true } ed25519-dalek = "1.0.1" either = { version = "1.6.1", optional = true } @@ -89,8 +89,12 @@ warp = { version = "0.3", features = ["tls"], optional = true } remove_dir_all = "0.8" [dev-dependencies] +clap = { workspace = true, features = ["cargo"] } rstest = "0.15.0" +[workspace.dependencies] +clap = "3" + [[bin]] name = "bindle-server" path = "bin/server.rs" From 90373bd60c63ebbb9dbbb5ec6577a81eacab3365 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Wed, 23 Aug 2023 11:19:55 +0200 Subject: [PATCH 2/2] build: update `ed25519-dalek` and `base64` Signed-off-by: Roman Volosatovs --- Cargo.lock | 297 +++++++++++++++--------------------- Cargo.toml | 7 +- bin/client/main.rs | 6 +- src/authn/http_basic.rs | 5 +- src/authn/oidc.rs | 13 +- src/client/tokens.rs | 4 +- src/invoice/mod.rs | 11 +- src/invoice/signature.rs | 73 +++++---- src/invoice/verification.rs | 18 ++- src/server/mod.rs | 11 +- 10 files changed, 215 insertions(+), 230 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 27dbff5..3901094 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -14,7 +14,7 @@ version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" dependencies = [ - "getrandom 0.2.8", + "getrandom", "once_cell", "version_check", ] @@ -82,7 +82,7 @@ checksum = "1e805d94e6b5001b651426cf4cd446b1ab5f319d27bab5c644f61de0a804360c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -114,6 +114,12 @@ version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + [[package]] name = "bcrypt" version = "0.13.0" @@ -122,7 +128,7 @@ checksum = "a7e7c93a3fb23b2fdde989b2c9ec4dd153063ec81f408507f84c090cd91c6641" dependencies = [ "base64 0.13.1", "blowfish", - "getrandom 0.2.8", + "getrandom", "zeroize", ] @@ -134,7 +140,7 @@ dependencies = [ "async-compression", "async-trait", "atty", - "base64 0.13.1", + "base64 0.21.0", "bcrypt", "bytes", "clap", @@ -149,7 +155,7 @@ dependencies = [ "mime_guess", "oauth2", "openid", - "rand 0.7.3", + "rand", "remove_dir_all 0.8.1", "reqwest", "rstest", @@ -157,7 +163,7 @@ dependencies = [ "serde", "serde_cbor", "serde_json", - "sha2 0.10.6", + "sha2", "sled", "tempfile", "thiserror", @@ -195,15 +201,6 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" -[[package]] -name = "block-buffer" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" -dependencies = [ - "generic-array", -] - [[package]] name = "block-buffer" version = "0.10.3" @@ -316,7 +313,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -338,6 +335,12 @@ dependencies = [ "unicode-width", ] +[[package]] +name = "const-oid" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" + [[package]] name = "core-foundation" version = "0.9.3" @@ -356,9 +359,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" [[package]] name = "cpufeatures" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" dependencies = [ "libc", ] @@ -406,17 +409,32 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "3.2.0" +version = "4.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" +checksum = "f711ade317dd348950a9910f81c5947e3d8907ebd2b83f76203ff1807e6a2bc2" dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "platforms", + "rustc_version", "subtle", "zeroize", ] +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.29", +] + [[package]] name = "cvt" version = "0.1.2" @@ -450,7 +468,7 @@ dependencies = [ "proc-macro2", "quote", "scratch", - "syn", + "syn 1.0.103", ] [[package]] @@ -467,7 +485,7 @@ checksum = "309e4fb93eed90e1e14bea0da16b209f81813ba9fc7830c20ed151dd7bc0a4d7" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -477,12 +495,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" [[package]] -name = "digest" -version = "0.9.0" +name = "der" +version = "0.7.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" dependencies = [ - "generic-array", + "const-oid", + "zeroize", ] [[package]] @@ -491,7 +510,7 @@ version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" dependencies = [ - "block-buffer 0.10.3", + "block-buffer", "crypto-common", ] @@ -517,24 +536,25 @@ dependencies = [ [[package]] name = "ed25519" -version = "1.5.2" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e9c280362032ea4203659fc489832d0204ef09f247a0506f170dafcac08c369" +checksum = "60f6d271ca33075c88028be6f04d502853d63a5ece419d269c15315d4fc1cf1d" dependencies = [ + "pkcs8", "signature", ] [[package]] name = "ed25519-dalek" -version = "1.0.1" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980" dependencies = [ "curve25519-dalek", "ed25519", - "rand 0.7.3", + "rand_core", "serde", - "sha2 0.9.9", + "sha2", "zeroize", ] @@ -562,6 +582,12 @@ dependencies = [ "instant", ] +[[package]] +name = "fiat-crypto" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" + [[package]] name = "filetime" version = "0.2.18" @@ -695,7 +721,7 @@ checksum = "bdfb8ce053d86b91919aad980c220b1fb8401a9394410e1c289ed7e66b61835d" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -753,17 +779,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.8" @@ -1177,7 +1192,7 @@ dependencies = [ "mime", "mime_guess", "quick-error", - "rand 0.8.5", + "rand", "safemem", "tempfile", "twoway", @@ -1346,14 +1361,14 @@ checksum = "eeaf26a72311c087f8c5ba617c96fac67a5c04f430e716ac8d8ab2de62e23368" dependencies = [ "base64 0.13.1", "chrono", - "getrandom 0.2.8", + "getrandom", "http", - "rand 0.8.5", + "rand", "reqwest", "serde", "serde_json", "serde_path_to_error", - "sha2 0.10.6", + "sha2", "thiserror", "url", ] @@ -1364,12 +1379,6 @@ version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" -[[package]] -name = "opaque-debug" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" - [[package]] name = "openid" version = "0.10.1" @@ -1411,7 +1420,7 @@ checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -1525,7 +1534,7 @@ checksum = "069bdb1e05adc7a8990dce9cc75370895fbe4e3d58b9b73bf1aee56359344a55" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -1540,12 +1549,28 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +[[package]] +name = "platforms" +version = "3.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630" + [[package]] name = "ppv-lite86" version = "0.2.16" @@ -1561,7 +1586,7 @@ dependencies = [ "proc-macro-error-attr", "proc-macro2", "quote", - "syn", + "syn 1.0.103", "version_check", ] @@ -1578,9 +1603,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.47" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725" +checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" dependencies = [ "unicode-ident", ] @@ -1593,26 +1618,13 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.21" +version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ "proc-macro2", ] -[[package]] -name = "rand" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -dependencies = [ - "getrandom 0.1.16", - "libc", - "rand_chacha 0.2.2", - "rand_core 0.5.1", - "rand_hc", -] - [[package]] name = "rand" version = "0.8.5" @@ -1620,18 +1632,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", - "rand_chacha 0.3.1", - "rand_core 0.6.4", -] - -[[package]] -name = "rand_chacha" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" -dependencies = [ - "ppv-lite86", - "rand_core 0.5.1", + "rand_chacha", + "rand_core", ] [[package]] @@ -1641,16 +1643,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.4", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", + "rand_core", ] [[package]] @@ -1659,16 +1652,7 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.8", -] - -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", + "getrandom", ] [[package]] @@ -1686,7 +1670,7 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" dependencies = [ - "getrandom 0.2.8", + "getrandom", "redox_syscall", "thiserror", ] @@ -1823,7 +1807,7 @@ dependencies = [ "proc-macro2", "quote", "rustc_version", - "syn", + "syn 1.0.103", ] [[package]] @@ -1974,7 +1958,7 @@ checksum = "4f1d362ca8fc9c3e3a7484440752472d68a6caa98f1ab81d99b5dfe517cec852" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -2018,7 +2002,7 @@ checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.5", + "digest", ] [[package]] @@ -2029,20 +2013,7 @@ checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.5", -] - -[[package]] -name = "sha2" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", + "digest", ] [[package]] @@ -2053,7 +2024,7 @@ checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.5", + "digest", ] [[package]] @@ -2076,9 +2047,9 @@ dependencies = [ [[package]] name = "signature" -version = "1.6.4" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" +checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" [[package]] name = "simple_asn1" @@ -2131,7 +2102,7 @@ checksum = "133659a15339456eeeb07572eb02a91c91e9815e9cbc89566944d2c8d3efdbf6" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -2150,6 +2121,16 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spki" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -2186,15 +2167,14 @@ dependencies = [ ] [[package]] -name = "synstructure" -version = "0.12.6" +name = "syn" +version = "2.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a" dependencies = [ "proc-macro2", "quote", - "syn", - "unicode-xid", + "unicode-ident", ] [[package]] @@ -2243,7 +2223,7 @@ checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -2338,7 +2318,7 @@ checksum = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -2450,7 +2430,7 @@ checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -2520,7 +2500,7 @@ dependencies = [ "http", "httparse", "log", - "rand 0.8.5", + "rand", "sha-1", "thiserror", "url", @@ -2578,12 +2558,6 @@ version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - [[package]] name = "untrusted" version = "0.7.1" @@ -2636,7 +2610,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "syn", + "syn 1.0.103", "validator_types", ] @@ -2647,7 +2621,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2ddf34293296847abfc1493b15c6e2f5d3cd19f57ad7d22673bf4c6278da329" dependencies = [ "proc-macro2", - "syn", + "syn 1.0.103", ] [[package]] @@ -2710,12 +2684,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.0+wasi-snapshot-preview1" @@ -2749,7 +2717,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn", + "syn 1.0.103", "wasm-bindgen-shared", ] @@ -2783,7 +2751,7 @@ checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3014,18 +2982,3 @@ name = "zeroize" version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] diff --git a/Cargo.toml b/Cargo.toml index 5d9d52c..0e883bc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -47,12 +47,12 @@ anyhow = "1.0.44" async-compression = { version = "0.3", default-features = false, features = ["tokio", "gzip"], optional = true } async-trait = "0.1.51" atty = { version = "0.2", optional = true } -base64 = "0.13.0" +base64 = "0.21" bcrypt = "0.13" bytes = "1.1.0" clap = { workspace = true, features = ["derive", "env", "cargo"], optional = true } dirs = { version = "4.0.0", optional = true } -ed25519-dalek = "1.0.1" +ed25519-dalek = { version = "2", features = ["pkcs8", "rand_core"] } either = { version = "1.6.1", optional = true } futures = "0.3.17" hyper = { version = "0.14.12", optional = true } @@ -62,8 +62,7 @@ mime = { version = "0.3.16", optional = true } mime_guess = { version = "2.0.3", optional = true } oauth2 = { version = "4.1.0", features = ["reqwest"], optional = true } openid = { version = "0.10", default-features = false, optional = true } -# We need the older version of rand for dalek -rand = "0.7" +rand = "0.8" reqwest = { version = "0.11.4", features = ["stream"], default-features = false, optional = true } semver = { version = "1.0.4", features = ["serde"] } serde = { version = "1.0.130", features = ["derive"] } diff --git a/bin/client/main.rs b/bin/client/main.rs index a2817c3..de18fd1 100644 --- a/bin/client/main.rs +++ b/bin/client/main.rs @@ -19,6 +19,7 @@ use bindle::{ provider::Provider, }; +use base64::Engine; use clap::Parser; use sha2::Digest; use tokio::io::AsyncWriteExt; @@ -423,9 +424,10 @@ async fn run() -> std::result::Result<(), ClientError> { .await .unwrap_or_else(|_| KeyRing::default()); // First, check that the key is actually valid - let raw = base64::decode(&opts.key) + let key = base64::engine::general_purpose::STANDARD + .decode(&opts.key) .map_err(|_| SignatureError::CorruptKey(opts.key.clone()))?; - ed25519_dalek::PublicKey::from_bytes(&raw) + ed25519_dalek::VerifyingKey::try_from(key.as_slice()) .map_err(|_| SignatureError::CorruptKey(opts.key.clone()))?; keyring.add_entry(KeyEntry { label: opts.label, diff --git a/src/authn/http_basic.rs b/src/authn/http_basic.rs index 0ac47ce..40a5c42 100644 --- a/src/authn/http_basic.rs +++ b/src/authn/http_basic.rs @@ -1,5 +1,7 @@ use std::{collections::HashMap, path::Path}; +use base64::Engine; + use super::Authenticator; use crate::authz::Authorizable; @@ -99,7 +101,8 @@ fn parse_basic(auth_data: &str) -> anyhow::Result<(String, String)> { None => anyhow::bail!("Wrong auth type. Only Basic auth is supported"), Some(suffix) => { // suffix should be base64 string - let decoded = String::from_utf8(base64::decode(suffix)?)?; + let decoded = + String::from_utf8(base64::engine::general_purpose::STANDARD.decode(suffix)?)?; let pair: Vec<&str> = decoded.splitn(2, ':').collect(); if pair.len() != 2 { anyhow::bail!("Malformed Basic header") diff --git a/src/authn/oidc.rs b/src/authn/oidc.rs index c0a5ca1..2a4afac 100644 --- a/src/authn/oidc.rs +++ b/src/authn/oidc.rs @@ -1,4 +1,5 @@ //! An authenticator that validates OIDC issued JWTs +use base64::Engine; use jsonwebtoken::{Algorithm, DecodingKey, Validation}; use openid::biscuit::jwk::{AlgorithmParameters, KeyType, PublicKeyUse}; use serde::Deserialize; @@ -151,7 +152,7 @@ impl OidcAuthenticator { // that key is malformed (which should be a rare instance because it would mean // misconfiguration on the OIDC provider's part), just skip it let raw = - base64::decode(k.common.x509_chain.unwrap_or_default().pop()?).ok()?; + base64::engine::general_purpose::STANDARD.decode(k.common.x509_chain.unwrap_or_default().pop()?).ok()?; DecodingKey::from_ec_der(&raw) } KeyType::RSA => { @@ -159,14 +160,8 @@ impl OidcAuthenticator { // NOTE: jsonwebtoken expects a base64 encoded component (big endian) so // we are reencoding it here DecodingKey::from_rsa_components( - &base64::encode_config( - rsa.n.to_bytes_be(), - base64::URL_SAFE_NO_PAD, - ), - &base64::encode_config( - rsa.e.to_bytes_be(), - base64::URL_SAFE_NO_PAD, - ), + &base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(rsa.n.to_bytes_be()), + &base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(rsa.e.to_bytes_be()), ).map_or_else(|e| { tracing::error!(error = %e, "Unable to parse decoding key from discovery client, skipping"); None diff --git a/src/client/tokens.rs b/src/client/tokens.rs index 411f85a..f248de6 100644 --- a/src/client/tokens.rs +++ b/src/client/tokens.rs @@ -6,6 +6,7 @@ use std::{ sync::Arc, }; +use base64::Engine; use oauth2::reqwest::async_http_client; use oauth2::{ basic::*, devicecode::DeviceAuthorizationResponse, AuthUrl, Client as Oauth2Client, ClientId, @@ -110,7 +111,8 @@ impl HttpBasic { #[async_trait::async_trait] impl TokenManager for HttpBasic { async fn apply_auth_header(&self, builder: RequestBuilder) -> Result { - let data = base64::encode(format!("{}:{}", self.username, self.password)); + let data = base64::engine::general_purpose::STANDARD + .encode(format!("{}:{}", self.username, self.password)); let mut header_val = HeaderValue::from_str(&format!("Basic {}", data)) .map_err(|e| ClientError::Other(e.to_string()))?; header_val.set_sensitive(true); diff --git a/src/invoice/mod.rs b/src/invoice/mod.rs index 34f3ebb..d21e32d 100644 --- a/src/invoice/mod.rs +++ b/src/invoice/mod.rs @@ -22,6 +22,7 @@ pub use api::{ ErrorResponse, HealthResponse, InvoiceCreateResponse, KeyOptions, MissingParcelsResponse, QueryOptions, }; +use base64::Engine; #[doc(inline)] pub use bindle_spec::BindleSpec; #[doc(inline)] @@ -203,7 +204,8 @@ impl Invoice { let key = keyfile.key()?; // The spec says it is illegal for the a single key to sign the same invoice // more than once. - let encoded_key = base64::encode(key.public.to_bytes()); + let encoded_key = + base64::engine::general_purpose::STANDARD.encode(key.verifying_key().as_bytes()); if let Some(sigs) = self.signature.as_ref() { for s in sigs { if s.key == encoded_key { @@ -223,7 +225,7 @@ impl Invoice { let signature_entry = Signature { by: signer_name, key: encoded_key, - signature: base64::encode(signature.to_bytes()), + signature: base64::engine::general_purpose::STANDARD.encode(signature.to_bytes()), role: signer_role, at: ts.as_secs(), }; @@ -270,7 +272,8 @@ fn sign_one( let key = keyfile.key()?; // The spec says it is illegal for the a single key to sign the same invoice // more than once. - let encoded_key = base64::encode(key.public.to_bytes()); + let encoded_key = + base64::engine::general_purpose::STANDARD.encode(key.verifying_key().as_bytes()); if let Some(sigs) = inv.signature.as_ref() { for s in sigs { if s.key == encoded_key { @@ -290,7 +293,7 @@ fn sign_one( let signature_entry = Signature { by: signer_name, key: encoded_key, - signature: base64::encode(signature.to_bytes()), + signature: base64::engine::general_purpose::STANDARD.encode(signature.to_bytes()), role: signer_role, at: ts.as_secs(), }; diff --git a/src/invoice/signature.rs b/src/invoice/signature.rs index 6d2a2f2..242ece7 100644 --- a/src/invoice/signature.rs +++ b/src/invoice/signature.rs @@ -1,6 +1,14 @@ //! Contains the Signature type along with associated types and Roles -pub use ed25519_dalek::{Keypair, PublicKey, Signature as EdSignature, Signer}; +use base64::Engine; +pub use ed25519_dalek::{ + Signature as EdSignature, + Signer, + SigningKey as Keypair, // re-export under old name for backwards compatibility + SigningKey, + VerifyingKey as PublicKey, // re-export under old name for backwards compatibility + VerifyingKey, +}; use serde::{Deserialize, Serialize}; use thiserror::Error; #[cfg(not(target_arch = "wasm32"))] @@ -197,7 +205,7 @@ impl KeyRing { self.key.push(entry) } - pub fn contains(&self, key: &PublicKey) -> bool { + pub fn contains(&self, key: &VerifyingKey) -> bool { // This could definitely be optimized. for k in self.key.iter() { // Note that we are skipping malformed keys because they don't matter @@ -246,8 +254,8 @@ impl KeyEntry { /// In most cases, it is fine to construct a KeyEntry struct manually. This /// constructor merely encapsulates the logic to store the public key in its /// canonical encoded format (as a String). - pub fn new(label: &str, roles: Vec, public_key: PublicKey) -> Self { - let key = base64::encode(public_key.to_bytes()); + pub fn new(label: &str, roles: Vec, public_key: VerifyingKey) -> Self { + let key = base64::engine::general_purpose::STANDARD.encode(public_key.to_bytes()); KeyEntry { label: label.to_owned(), roles, @@ -255,31 +263,34 @@ impl KeyEntry { label_signature: None, } } - pub fn sign_label(&mut self, key: Keypair) { + pub fn sign_label(&mut self, key: SigningKey) { let sig = key.sign(self.label.as_bytes()); - self.label_signature = Some(base64::encode(sig.to_bytes())); + self.label_signature = + Some(base64::engine::general_purpose::STANDARD.encode(sig.to_bytes())); } - pub fn verify_label(self, key: PublicKey) -> anyhow::Result<()> { + pub fn verify_label(self, key: VerifyingKey) -> anyhow::Result<()> { match self.label_signature { None => { tracing::log::info!("Label was not signed. Skipping."); Ok(()) } Some(txt) => { - let decoded_txt = base64::decode(txt)?; + let decoded_txt = base64::engine::general_purpose::STANDARD.decode(txt)?; let sig = EdSignature::try_from(decoded_txt.as_slice())?; key.verify_strict(self.label.as_bytes(), &sig)?; Ok(()) } } } - pub(crate) fn public_key(&self) -> Result { - let rawbytes = base64::decode(&self.key).map_err(|_e| { - // We swallow the source error because it could disclose information about - // the secret key. - SignatureError::CorruptKey("Base64 decoding of the public key failed".to_owned()) - })?; - let pk = PublicKey::from_bytes(rawbytes.as_slice()).map_err(|e| { + pub(crate) fn public_key(&self) -> Result { + let rawbytes = base64::engine::general_purpose::STANDARD + .decode(&self.key) + .map_err(|_e| { + // We swallow the source error because it could disclose information about + // the secret key. + SignatureError::CorruptKey("Base64 decoding of the public key failed".to_owned()) + })?; + let pk = VerifyingKey::try_from(rawbytes.as_slice()).map_err(|e| { error!(%e, "Error loading public key"); // Don't leak information about the key, because this could be sent to // a remote. A generic error is all the user should see. @@ -297,7 +308,7 @@ impl TryFrom for KeyEntry { let mut s = Self { label: secret.label, roles: secret.roles, - key: base64::encode(skey.public.to_bytes()), + key: base64::engine::general_purpose::STANDARD.encode(skey.verifying_key().as_bytes()), label_signature: None, }; s.sign_label(skey); @@ -312,7 +323,7 @@ impl TryFrom<&SecretKeyEntry> for KeyEntry { let mut s = Self { label: secret.label.clone(), roles: secret.roles.clone(), - key: base64::encode(skey.public.to_bytes()), + key: base64::engine::general_purpose::STANDARD.encode(skey.verifying_key().as_bytes()), label_signature: None, }; s.sign_label(skey); @@ -337,8 +348,8 @@ pub struct SecretKeyEntry { impl SecretKeyEntry { pub fn new(label: &str, roles: Vec) -> Self { let mut rng = rand::rngs::OsRng {}; - let rawkey = Keypair::generate(&mut rng); - let keypair = base64::encode(rawkey.to_bytes()); + let rawkey = SigningKey::generate(&mut rng); + let keypair = base64::engine::general_purpose::STANDARD.encode(rawkey.to_keypair_bytes()); Self { label: label.to_owned(), keypair, @@ -346,19 +357,25 @@ impl SecretKeyEntry { } } - pub(crate) fn key(&self) -> Result { - let rawbytes = base64::decode(&self.keypair).map_err(|_e| { + pub(crate) fn key(&self) -> Result { + let rawbytes = base64::engine::general_purpose::STANDARD + .decode(&self.keypair) + .map_err(|_e| { + // We swallow the source error because it could disclose information about + // the secret key. + SignatureError::CorruptKey("Base64 decoding of the keypair failed".to_owned()) + })?; + let rawbytes = rawbytes.try_into().map_err(|_e| { // We swallow the source error because it could disclose information about // the secret key. - SignatureError::CorruptKey("Base64 decoding of the keypair failed".to_owned()) + SignatureError::CorruptKey("Invalid keypair length".to_owned()) })?; - let keypair = Keypair::from_bytes(&rawbytes).map_err(|e| { + SigningKey::from_keypair_bytes(&rawbytes).map_err(|e| { tracing::log::error!("Error loading key: {}", e); // Don't leak information about the key, because this could be sent to // a remote. A generic error is all the user should see. SignatureError::CorruptKey("Could not load keypair".to_owned()) - })?; - Ok(keypair) + }) } } @@ -481,7 +498,7 @@ impl SecretKeyStorage for SecretKeyFile { #[cfg(test)] mod test { use super::*; - use ed25519_dalek::Keypair; + use ed25519_dalek::SigningKey; #[test] fn test_parse_role() { @@ -508,7 +525,7 @@ mod test { #[test] fn test_sign_label() { let mut rng = rand::rngs::OsRng {}; - let keypair = Keypair::generate(&mut rng); + let keypair = SigningKey::generate(&mut rng); let mut ke = KeyEntry { label: "Matt Butcher ".to_owned(), @@ -517,7 +534,7 @@ mod test { label_signature: None, }; - let pubkey = keypair.public; + let pubkey = keypair.verifying_key(); ke.sign_label(keypair); assert!(ke.label_signature.is_some()); diff --git a/src/invoice/verification.rs b/src/invoice/verification.rs index 9ac2851..30fa44d 100644 --- a/src/invoice/verification.rs +++ b/src/invoice/verification.rs @@ -2,7 +2,8 @@ use crate::invoice::Signed; use super::signature::KeyRing; use super::{Invoice, Signature, SignatureError, SignatureRole}; -use ed25519_dalek::{PublicKey, Signature as EdSignature}; +use base64::Engine; +use ed25519_dalek::{Signature as EdSignature, VerifyingKey}; use tracing::debug; use std::borrow::{Borrow, BorrowMut}; @@ -136,13 +137,15 @@ fn parse_roles(r: Option<&&str>) -> Result, &'static str> { /// A strategy for verifying an invoice. impl VerificationStrategy { fn verify_signature(&self, sig: &Signature, cleartext: &[u8]) -> Result<(), SignatureError> { - let pk = base64::decode(sig.key.as_bytes()) + let pk = base64::engine::general_purpose::STANDARD + .decode(sig.key.as_bytes()) .map_err(|_| SignatureError::CorruptKey(sig.key.clone()))?; - let sig_block = base64::decode(sig.signature.as_bytes()) + let sig_block = base64::engine::general_purpose::STANDARD + .decode(sig.signature.as_bytes()) .map_err(|_| SignatureError::CorruptSignature(sig.key.clone()))?; - let pubkey = - PublicKey::from_bytes(&pk).map_err(|_| SignatureError::CorruptKey(sig.key.clone()))?; + let pubkey = VerifyingKey::try_from(pk.as_slice()) + .map_err(|_| SignatureError::CorruptKey(sig.key.clone()))?; let ed_sig = EdSignature::try_from(sig_block.as_slice()) .map_err(|_| SignatureError::CorruptSignature(sig.key.clone()))?; pubkey @@ -231,9 +234,10 @@ impl VerificationStrategy { filled_roles.push(role); } // See if the public key is known to us - let pubkey = base64::decode(&s.key) + let pubkey = base64::engine::general_purpose::STANDARD + .decode(&s.key) .map_err(|_| SignatureError::CorruptKey(s.key.to_string()))?; - let pko = PublicKey::from_bytes(pubkey.as_slice()) + let pko = VerifyingKey::try_from(pubkey.as_slice()) .map_err(|_| SignatureError::CorruptKey(s.key.to_string()))?; debug!("Looking for key"); diff --git a/src/server/mod.rs b/src/server/mod.rs index c3291a8..d5e72df 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -106,6 +106,7 @@ mod test { use crate::NoopSigned; use crate::{signature::SecretKeyStorage, SignatureRole}; + use base64::Engine; use rstest::rstest; use testing::Scaffold; use tokio_util::codec::{BytesCodec, FramedRead}; @@ -774,7 +775,10 @@ mod test { .header("Content-Type", "application/toml") .header( "Authorization", - format!("Basic {}", base64::encode(b"admin:sw0rdf1sh")), + format!( + "Basic {}", + base64::engine::general_purpose::STANDARD.encode(b"admin:sw0rdf1sh") + ), ) .path("/v1/_i") .body(&scaffold.invoice) @@ -795,7 +799,10 @@ mod test { .method("GET") .header( "Authorization", - format!("Basic {}", base64::encode(b"admin:sw0rdf1sh")), + format!( + "Basic {}", + base64::engine::general_purpose::STANDARD.encode(b"admin:sw0rdf1sh") + ), ) .path(&format!("/v1/_i/{}", scaffold.invoice.bindle.id)) .reply(&api)