matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Bump Crypto crates

Browse Source
This commit is contained in:
Quentin Gliech
2022-09-27 18:07:16 +02:00
parent 19721959f8
commit 348912b3fb
26 changed files with 430 additions and 626 deletions
Download Patch File Download Diff File Expand all files Collapse all files

588
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

4
Cargo.toml
View File

@ -2,3 +2,7 @@
default-members = ["crates/cli"] default-members = ["crates/cli"]
members = ["crates/*"] members = ["crates/*"]
[patch.crates-io]
# XXX: temporary override waiting on a new version of the sha2 crate
sha2 = { git = "https://github.com/RustCrypto/hashes.git", rev = "f9af45fdde84bb24c25f90011d7b2316783eb29f" }

6
crates/axum-utils/Cargo.toml
View File

@ -18,12 +18,12 @@ http = "0.2.8"
http-body = "0.4.5" http-body = "0.4.5"
mime = "0.3.16" mime = "0.3.16"
rand = "0.8.5" rand = "0.8.5"
serde = "1.0.144" serde = "1.0.145"
serde_with = "2.0.1" serde_with = "2.0.1"
serde_urlencoded = "0.7.1" serde_urlencoded = "0.7.1"
serde_json = "1.0.85" serde_json = "1.0.85"
sqlx = "0.6.1" sqlx = "0.6.2"
thiserror = "1.0.35" thiserror = "1.0.36"
tokio = "1.21.1" tokio = "1.21.1"
tower = { version = "0.4.13", features = ["util"] } tower = { version = "0.4.13", features = ["util"] }
tracing = "0.1.36" tracing = "0.1.36"

8
crates/cli/Cargo.toml
View File

@ -8,17 +8,17 @@ license = "Apache-2.0"
[dependencies] [dependencies]
tokio = { version = "1.21.1", features = ["full"] } tokio = { version = "1.21.1", features = ["full"] }
futures = "0.3.24" futures = "0.3.24"
anyhow = "1.0.64" anyhow = "1.0.65"
clap = { version = "3.2.21", features = ["derive"] } clap = { version = "3.2.22", features = ["derive"] }
dotenv = "0.15.0" dotenv = "0.15.0"
schemars = { version = "0.8.10", features = ["url", "chrono"] } schemars = { version = "0.8.10", features = ["url", "chrono"] }
tower = { version = "0.4.13", features = ["full"] } tower = { version = "0.4.13", features = ["full"] }
hyper = { version = "0.14.20", features = ["full"] } hyper = { version = "0.14.20", features = ["full"] }
serde_yaml = "0.9.11" serde_yaml = "0.9.13"
serde_json = "1.0.85" serde_json = "1.0.85"
url = "2.3.1" url = "2.3.1"
argon2 = { version = "0.4.1", features = ["password-hash"] } argon2 = { version = "0.4.1", features = ["password-hash"] }
reqwest = { version = "0.11.11", features = ["rustls-tls"], default-features = false, optional = true } reqwest = { version = "0.11.12", features = ["rustls-tls"], default-features = false, optional = true }
watchman_client = "0.8.0" watchman_client = "0.8.0"
atty = "0.2.14" atty = "0.2.14"

8
crates/config/Cargo.toml
View File

@ -10,18 +10,18 @@ tokio = { version = "1.21.1", features = [] }
tracing = { version = "0.1.36", features = ["log"] } tracing = { version = "0.1.36", features = ["log"] }
async-trait = "0.1.57" async-trait = "0.1.57"
thiserror = "1.0.35" thiserror = "1.0.36"
anyhow = "1.0.64" anyhow = "1.0.65"
schemars = { version = "0.8.10", features = ["url", "chrono"] } schemars = { version = "0.8.10", features = ["url", "chrono"] }
figment = { version = "0.10.7", features = ["env", "yaml", "test"] } figment = { version = "0.10.7", features = ["env", "yaml", "test"] }
chrono = { version = "0.4.22", features = ["serde"] } chrono = { version = "0.4.22", features = ["serde"] }
url = { version = "2.3.1", features = ["serde"] } url = { version = "2.3.1", features = ["serde"] }
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_with = { version = "2.0.1", features = ["hex", "chrono"] } serde_with = { version = "2.0.1", features = ["hex", "chrono"] }
serde_json = "1.0.85" serde_json = "1.0.85"
sqlx = { version = "0.6.1", features = ["runtime-tokio-rustls", "postgres"] } sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres"] }
lettre = { version = "0.10.1", default-features = false, features = ["serde", "builder"] } lettre = { version = "0.10.1", default-features = false, features = ["serde", "builder"] }
pem-rfc7468 = "0.6.0" pem-rfc7468 = "0.6.0"

4
crates/data-model/Cargo.toml
View File

@ -7,8 +7,8 @@ license = "Apache-2.0"
[dependencies] [dependencies]
chrono = "0.4.22" chrono = "0.4.22"
thiserror = "1.0.35" thiserror = "1.0.36"
serde = "1.0.144" serde = "1.0.145"
url = { version = "2.3.1", features = ["serde"] } url = { version = "2.3.1", features = ["serde"] }
crc = "3.0.0" crc = "3.0.0"
rand = "0.8.5" rand = "0.8.5"

2
crates/email/Cargo.toml
View File

@ -6,7 +6,7 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
async-trait = "0.1.57" async-trait = "0.1.57"
tokio = { version = "1.21.1", features = ["macros"] } tokio = { version = "1.21.1", features = ["macros"] }
tracing = "0.1.36" tracing = "0.1.36"

8
crates/handlers/Cargo.toml
View File

@ -13,8 +13,8 @@ tokio = { version = "1.21.1", features = ["macros"] }
tracing = "0.1.36" tracing = "0.1.36"
# Error management # Error management
thiserror = "1.0.35" thiserror = "1.0.36"
anyhow = "1.0.64" anyhow = "1.0.65"
# Web server # Web server
hyper = { version = "0.14.20", features = ["full"] } hyper = { version = "0.14.20", features = ["full"] }
@ -28,10 +28,10 @@ axum-extra = { version = "0.4.0-rc.1", features = ["cookie-private"] }
lettre = { version = "0.10.1", default-features = false, features = ["builder"] } lettre = { version = "0.10.1", default-features = false, features = ["builder"] }
# Database access # Database access
sqlx = { version = "0.6.1", features = ["runtime-tokio-rustls", "postgres"] } sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres"] }
# Various structure (de)serialization # Various structure (de)serialization
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_with = { version = "2.0.1", features = ["hex", "chrono"] } serde_with = { version = "2.0.1", features = ["hex", "chrono"] }
serde_json = "1.0.85" serde_json = "1.0.85"
serde_urlencoded = "0.7.1" serde_urlencoded = "0.7.1"

10
crates/http/Cargo.toml
View File

@ -14,15 +14,15 @@ http = "0.2.8"
http-body = "0.4.5" http-body = "0.4.5"
hyper = "0.14.20" hyper = "0.14.20"
hyper-rustls = { version = "0.23.0", features = ["http1", "http2", "rustls-native-certs"], default-features = false, optional = true } hyper-rustls = { version = "0.23.0", features = ["http1", "http2", "rustls-native-certs"], default-features = false, optional = true }
once_cell = "1.14.0" once_cell = "1.15.0"
opentelemetry = "0.17.0" opentelemetry = "0.17.0"
opentelemetry-http = "0.6.0" opentelemetry-http = "0.6.0"
opentelemetry-semantic-conventions = "0.9.0" opentelemetry-semantic-conventions = "0.9.0"
rustls = "0.20.6" rustls = "0.20.6"
serde = "1.0.144" serde = "1.0.145"
serde_json = "1.0.85" serde_json = "1.0.85"
serde_urlencoded = "0.7.1" serde_urlencoded = "0.7.1"
thiserror = "1.0.35" thiserror = "1.0.36"
tokio = { version = "1.21.1", optional = true } tokio = { version = "1.21.1", optional = true }
tower = { version = "0.4.13", features = ["timeout", "limit"] } tower = { version = "0.4.13", features = ["timeout", "limit"] }
tower-http = { version = "0.3.4", features = ["follow-redirect", "decompression-full", "set-header", "compression-full", "cors", "util"] } tower-http = { version = "0.3.4", features = ["follow-redirect", "decompression-full", "set-header", "compression-full", "cors", "util"] }
@ -30,8 +30,8 @@ tracing = "0.1.36"
tracing-opentelemetry = "0.17.4" tracing-opentelemetry = "0.17.4"
[dev-dependencies] [dev-dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
tokio = { version = "1.21.1", features = ["macros", "rt"] } tokio = { version = "1.21.1", features = ["macros", "rt"] }
tower = { version = "0.4.13", features = ["util"] } tower = { version = "0.4.13", features = ["util"] }

6
crates/iana-codegen/Cargo.toml
View File

@ -6,13 +6,13 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
async-trait = "0.1.57" async-trait = "0.1.57"
convert_case = "0.6.0" convert_case = "0.6.0"
csv = "1.1.6" csv = "1.1.6"
futures-util = "0.3.24" futures-util = "0.3.24"
reqwest = { version = "0.11.11", features = ["blocking", "rustls-tls"], default-features = false } reqwest = { version = "0.11.12", features = ["blocking", "rustls-tls"], default-features = false }
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
tokio = { version = "1.21.1", features = ["full"] } tokio = { version = "1.21.1", features = ["full"] }
tracing = "0.1.36" tracing = "0.1.36"
tracing-subscriber = "0.3.15" tracing-subscriber = "0.3.15"

2
crates/iana/Cargo.toml
View File

@ -6,6 +6,6 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
serde = "1.0.144" serde = "1.0.145"
schemars = "0.8.10" schemars = "0.8.10"
parse-display = "0.6.0" parse-display = "0.6.0"

18
crates/jose/Cargo.toml
View File

@ -6,27 +6,27 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
base64ct = { version = "1.5.2", features = ["std"] } base64ct = { version = "1.5.2", features = ["std"] }
chrono = { version = "0.4.22", features = ["serde"] } chrono = { version = "0.4.22", features = ["serde"] }
digest = "0.10.3" digest = "0.10.5"
ecdsa = { version = "0.14.5", features = ["sign", "verify"] } ecdsa = { version = "0.14.7", features = ["sign", "verify"] }
elliptic-curve = "0.12.3" elliptic-curve = "0.12.3"
generic-array = "0.14.6" generic-array = "0.14.6"
hmac = "0.12.1" hmac = "0.12.1"
k256 = { version = "0.11.2", features = ["ecdsa"] } k256 = { version = "0.11.5", features = ["ecdsa"] }
p256 = { version = "0.11.1", features = ["ecdsa"] } p256 = { version = "0.11.1", features = ["ecdsa"] }
p384 = { version = "0.11.2", features = ["ecdsa"] } p384 = { version = "0.11.2", features = ["ecdsa"] }
rand = "0.8.5" rand = "0.8.5"
rsa = "0.7.0-pre" rsa = "0.7.0-rc.0"
schemars = "0.8.10" schemars = "0.8.10"
sec1 = "0.3.0" sec1 = "0.3.0"
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_json = "1.0.85" serde_json = "1.0.85"
serde_with = { version = "2.0.1", features = ["base64"] } serde_with = { version = "2.0.1", features = ["base64"] }
sha2 = "0.10.5" sha2 = { version = "0.10.6", features = ["oid"] }
signature = "1.6.1" signature = "1.6.3"
thiserror = "1.0.35" thiserror = "1.0.36"
tracing = "0.1.36" tracing = "0.1.36"
url = { version = "2.3.1", features = ["serde"] } url = { version = "2.3.1", features = ["serde"] }

50
crates/jose/src/jwa/asymmetric.rs
View File

@ -13,6 +13,8 @@
// limitations under the License. // limitations under the License.
use mas_iana::jose::{JsonWebKeyEcEllipticCurve, JsonWebSignatureAlg}; use mas_iana::jose::{JsonWebKeyEcEllipticCurve, JsonWebSignatureAlg};
use rand::thread_rng;
use signature::RandomizedSigner;
use thiserror::Error; use thiserror::Error;
use super::signature::Signature; use super::signature::Signature;
@ -60,18 +62,15 @@ impl AsymmetricSigningKey {
alg: JsonWebSignatureAlg, alg: JsonWebSignatureAlg,
) -> Result<Self, AsymmetricKeyFromJwkError> { ) -> Result<Self, AsymmetricKeyFromJwkError> {
match (params, alg) { match (params, alg) {
(JsonWebKeyPrivateParameters::Rsa(params), alg) => { (JsonWebKeyPrivateParameters::Rsa(params), alg) => match alg {
let key = rsa::RsaPrivateKey::try_from(params)?; JsonWebSignatureAlg::Rs256 => Ok(Self::Rs256(params.try_into()?)),
match alg { JsonWebSignatureAlg::Rs384 => Ok(Self::Rs384(params.try_into()?)),
JsonWebSignatureAlg::Rs256 => Ok(Self::Rs256(key.into())), JsonWebSignatureAlg::Rs512 => Ok(Self::Rs512(params.try_into()?)),
JsonWebSignatureAlg::Rs384 => Ok(Self::Rs384(key.into())), JsonWebSignatureAlg::Ps256 => Ok(Self::Ps256(params.try_into()?)),
JsonWebSignatureAlg::Rs512 => Ok(Self::Rs512(key.into())), JsonWebSignatureAlg::Ps384 => Ok(Self::Ps384(params.try_into()?)),
JsonWebSignatureAlg::Ps256 => Ok(Self::Ps256(key.into())), JsonWebSignatureAlg::Ps512 => Ok(Self::Ps512(params.try_into()?)),
JsonWebSignatureAlg::Ps384 => Ok(Self::Ps384(key.into())), _ => Err(AsymmetricKeyFromJwkError::KeyNotSuitable { alg }),
JsonWebSignatureAlg::Ps512 => Ok(Self::Ps512(key.into())), },
_ => Err(AsymmetricKeyFromJwkError::KeyNotSuitable { alg }),
}
}
(JsonWebKeyPrivateParameters::Ec(params), JsonWebSignatureAlg::Es256) (JsonWebKeyPrivateParameters::Ec(params), JsonWebSignatureAlg::Es256)
if params.crv == JsonWebKeyEcEllipticCurve::P256 => if params.crv == JsonWebKeyEcEllipticCurve::P256 =>
@ -176,15 +175,15 @@ impl signature::Signer<Signature> for AsymmetricSigningKey {
Ok(Signature::from_signature(&signature)) Ok(Signature::from_signature(&signature))
} }
Self::Ps256(key) => { Self::Ps256(key) => {
let signature = key.try_sign(msg)?; let signature = key.try_sign_with_rng(thread_rng(), msg)?;
Ok(Signature::from_signature(&signature)) Ok(Signature::from_signature(&signature))
} }
Self::Ps384(key) => { Self::Ps384(key) => {
let signature = key.try_sign(msg)?; let signature = key.try_sign_with_rng(thread_rng(), msg)?;
Ok(Signature::from_signature(&signature)) Ok(Signature::from_signature(&signature))
} }
Self::Ps512(key) => { Self::Ps512(key) => {
let signature = key.try_sign(msg)?; let signature = key.try_sign_with_rng(thread_rng(), msg)?;
Ok(Signature::from_signature(&signature)) Ok(Signature::from_signature(&signature))
} }
Self::Es256(key) => { Self::Es256(key) => {
@ -223,18 +222,15 @@ impl AsymmetricVerifyingKey {
alg: JsonWebSignatureAlg, alg: JsonWebSignatureAlg,
) -> Result<Self, AsymmetricKeyFromJwkError> { ) -> Result<Self, AsymmetricKeyFromJwkError> {
match (params, alg) { match (params, alg) {
(JsonWebKeyPublicParameters::Rsa(params), alg) => { (JsonWebKeyPublicParameters::Rsa(params), alg) => match alg {
let key = rsa::RsaPublicKey::try_from(params)?; JsonWebSignatureAlg::Rs256 => Ok(Self::Rs256(params.try_into()?)),
match alg { JsonWebSignatureAlg::Rs384 => Ok(Self::Rs384(params.try_into()?)),
JsonWebSignatureAlg::Rs256 => Ok(Self::Rs256(key.into())), JsonWebSignatureAlg::Rs512 => Ok(Self::Rs512(params.try_into()?)),
JsonWebSignatureAlg::Rs384 => Ok(Self::Rs384(key.into())), JsonWebSignatureAlg::Ps256 => Ok(Self::Ps256(params.try_into()?)),
JsonWebSignatureAlg::Rs512 => Ok(Self::Rs512(key.into())), JsonWebSignatureAlg::Ps384 => Ok(Self::Ps384(params.try_into()?)),
JsonWebSignatureAlg::Ps256 => Ok(Self::Ps256(key.into())), JsonWebSignatureAlg::Ps512 => Ok(Self::Ps512(params.try_into()?)),
JsonWebSignatureAlg::Ps384 => Ok(Self::Ps384(key.into())), _ => Err(AsymmetricKeyFromJwkError::KeyNotSuitable { alg }),
JsonWebSignatureAlg::Ps512 => Ok(Self::Ps512(key.into())), },
_ => Err(AsymmetricKeyFromJwkError::KeyNotSuitable { alg }),
}
}
(JsonWebKeyPublicParameters::Ec(params), JsonWebSignatureAlg::Es256) (JsonWebKeyPublicParameters::Ec(params), JsonWebSignatureAlg::Es256)
if params.crv == JsonWebKeyEcEllipticCurve::P256 => if params.crv == JsonWebKeyEcEllipticCurve::P256 =>

25
crates/jose/src/jwa/mod.rs
View File

@ -17,7 +17,6 @@ use sha2::{Sha256, Sha384, Sha512};
mod asymmetric; mod asymmetric;
pub(crate) mod hmac; pub(crate) mod hmac;
pub(crate) mod rsa;
pub(self) mod signature; pub(self) mod signature;
mod symmetric; mod symmetric;
@ -30,19 +29,19 @@ pub type Hs256Key = self::hmac::Hmac<Sha256>;
pub type Hs384Key = self::hmac::Hmac<Sha384>; pub type Hs384Key = self::hmac::Hmac<Sha384>;
pub type Hs512Key = self::hmac::Hmac<Sha512>; pub type Hs512Key = self::hmac::Hmac<Sha512>;
pub type Rs256SigningKey = self::rsa::pkcs1v15::SigningKey<Sha256>; pub type Rs256SigningKey = rsa::pkcs1v15::SigningKey<Sha256>;
pub type Rs256VerifyingKey = self::rsa::pkcs1v15::VerifyingKey<Sha256>; pub type Rs256VerifyingKey = rsa::pkcs1v15::VerifyingKey<Sha256>;
pub type Rs384SigningKey = self::rsa::pkcs1v15::SigningKey<Sha384>; pub type Rs384SigningKey = rsa::pkcs1v15::SigningKey<Sha384>;
pub type Rs384VerifyingKey = self::rsa::pkcs1v15::VerifyingKey<Sha384>; pub type Rs384VerifyingKey = rsa::pkcs1v15::VerifyingKey<Sha384>;
pub type Rs512SigningKey = self::rsa::pkcs1v15::SigningKey<Sha512>; pub type Rs512SigningKey = rsa::pkcs1v15::SigningKey<Sha512>;
pub type Rs512VerifyingKey = self::rsa::pkcs1v15::VerifyingKey<Sha512>; pub type Rs512VerifyingKey = rsa::pkcs1v15::VerifyingKey<Sha512>;
pub type Ps256SigningKey = self::rsa::pss::SigningKey<Sha256>; pub type Ps256SigningKey = rsa::pss::SigningKey<Sha256>;
pub type Ps256VerifyingKey = self::rsa::pss::VerifyingKey<Sha256>; pub type Ps256VerifyingKey = rsa::pss::VerifyingKey<Sha256>;
pub type Ps384SigningKey = self::rsa::pss::SigningKey<Sha384>; pub type Ps384SigningKey = rsa::pss::SigningKey<Sha384>;
pub type Ps384VerifyingKey = self::rsa::pss::VerifyingKey<Sha384>; pub type Ps384VerifyingKey = rsa::pss::VerifyingKey<Sha384>;
pub type Ps512SigningKey = self::rsa::pss::SigningKey<Sha512>; pub type Ps512SigningKey = rsa::pss::SigningKey<Sha512>;
pub type Ps512VerifyingKey = self::rsa::pss::VerifyingKey<Sha512>; pub type Ps512VerifyingKey = rsa::pss::VerifyingKey<Sha512>;
pub type Es256SigningKey = ecdsa::SigningKey<p256::NistP256>; pub type Es256SigningKey = ecdsa::SigningKey<p256::NistP256>;
pub type Es256VerifyingKey = ecdsa::VerifyingKey<p256::NistP256>; pub type Es256VerifyingKey = ecdsa::VerifyingKey<p256::NistP256>;

167
crates/jose/src/jwa/rsa.rs
View File

@ -1,167 +0,0 @@
// Copyright 2022 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// This is a temporary wrapper until the RSA crate actually hashes the input
// See <https://github.com/RustCrypto/RSA/pull/174#issuecomment-1227330296>
use super::signature::Signature;
pub(crate) trait RsaHashIdentifier {
const HASH: rsa::Hash;
}
impl RsaHashIdentifier for sha2::Sha224 {
const HASH: rsa::Hash = rsa::Hash::SHA2_224;
}
impl RsaHashIdentifier for sha2::Sha256 {
const HASH: rsa::Hash = rsa::Hash::SHA2_256;
}
impl RsaHashIdentifier for sha2::Sha384 {
const HASH: rsa::Hash = rsa::Hash::SHA2_384;
}
impl RsaHashIdentifier for sha2::Sha512 {
const HASH: rsa::Hash = rsa::Hash::SHA2_512;
}
pub(crate) mod pkcs1v15 {
use std::marker::PhantomData;
use digest::Digest;
use rsa::{PaddingScheme, PublicKey, RsaPrivateKey, RsaPublicKey};
use super::{RsaHashIdentifier, Signature};
pub struct VerifyingKey<H> {
inner: RsaPublicKey,
hash: PhantomData<H>,
}
impl<H> From<RsaPublicKey> for VerifyingKey<H> {
fn from(inner: RsaPublicKey) -> Self {
Self {
inner,
hash: PhantomData,
}
}
}
impl<H> signature::Verifier<Signature> for VerifyingKey<H>
where
H: Digest + RsaHashIdentifier,
{
fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), signature::Error> {
let digest = H::digest(msg);
let padding = PaddingScheme::new_pkcs1v15_sign(Some(H::HASH));
self.inner
.verify(padding, &digest, signature.as_ref())
.map_err(signature::Error::from_source)
}
}
pub struct SigningKey<H> {
inner: RsaPrivateKey,
hash: PhantomData<H>,
}
impl<H> From<RsaPrivateKey> for SigningKey<H> {
fn from(inner: RsaPrivateKey) -> Self {
Self {
inner,
hash: PhantomData,
}
}
}
impl<H> signature::Signer<Signature> for SigningKey<H>
where
H: Digest + RsaHashIdentifier,
{
fn try_sign(&self, msg: &[u8]) -> Result<Signature, signature::Error> {
let digest = H::digest(msg);
let padding = PaddingScheme::new_pkcs1v15_sign(Some(H::HASH));
self.inner
.sign(padding, &digest)
.map_err(signature::Error::from_source)
.map(Signature::new)
}
}
}
pub(crate) mod pss {
use std::marker::PhantomData;
use digest::{Digest, DynDigest};
use rand::thread_rng;
use rsa::{PaddingScheme, PublicKey, RsaPrivateKey, RsaPublicKey};
use super::Signature;
pub struct VerifyingKey<H> {
inner: RsaPublicKey,
hash: PhantomData<H>,
}
impl<H> From<RsaPublicKey> for VerifyingKey<H> {
fn from(inner: RsaPublicKey) -> Self {
Self {
inner,
hash: PhantomData,
}
}
}
impl<H> signature::Verifier<Signature> for VerifyingKey<H>
where
H: Digest + DynDigest + 'static,
{
fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), signature::Error> {
let digest = H::digest(msg);
let padding = PaddingScheme::new_pss::<H, _>(thread_rng());
self.inner
.verify(padding, &digest, signature.as_ref())
.map_err(signature::Error::from_source)
}
}
pub struct SigningKey<H> {
inner: RsaPrivateKey,
hash: PhantomData<H>,
}
impl<H> From<RsaPrivateKey> for SigningKey<H> {
fn from(inner: RsaPrivateKey) -> Self {
Self {
inner,
hash: PhantomData,
}
}
}
impl<H> signature::Signer<Signature> for SigningKey<H>
where
H: Digest + DynDigest + 'static,
{
fn try_sign(&self, msg: &[u8]) -> Result<Signature, signature::Error> {
let digest = H::digest(msg);
let padding = PaddingScheme::new_pss::<H, _>(thread_rng());
self.inner
.sign(padding, &digest)
.map_err(signature::Error::from_source)
.map(Signature::new)
}
}
}

25
crates/jose/src/jwk/private_parameters.rs
View File

@ -228,15 +228,14 @@ struct RsaOtherPrimeInfo {
} }
mod rsa_impls { mod rsa_impls {
use digest::DynDigest; use digest::{const_oid::AssociatedOid, Digest};
use rsa::{BigUint, RsaPrivateKey}; use rsa::{BigUint, RsaPrivateKey};
use super::RsaPrivateParameters; use super::RsaPrivateParameters;
use crate::jwa::rsa::RsaHashIdentifier;
impl<H> TryFrom<RsaPrivateParameters> for crate::jwa::rsa::pkcs1v15::SigningKey<H> impl<H> TryFrom<RsaPrivateParameters> for rsa::pkcs1v15::SigningKey<H>
where where
H: RsaHashIdentifier, H: Digest + AssociatedOid,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: RsaPrivateParameters) -> Result<Self, Self::Error> { fn try_from(value: RsaPrivateParameters) -> Result<Self, Self::Error> {
@ -244,20 +243,20 @@ mod rsa_impls {
} }
} }
impl<H> TryFrom<&RsaPrivateParameters> for crate::jwa::rsa::pkcs1v15::SigningKey<H> impl<H> TryFrom<&RsaPrivateParameters> for rsa::pkcs1v15::SigningKey<H>
where where
H: RsaHashIdentifier, H: Digest + AssociatedOid,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: &RsaPrivateParameters) -> Result<Self, Self::Error> { fn try_from(value: &RsaPrivateParameters) -> Result<Self, Self::Error> {
let key: RsaPrivateKey = value.try_into()?; let key: RsaPrivateKey = value.try_into()?;
Ok(Self::from(key)) Ok(Self::new_with_prefix(key))
} }
} }
impl<H> TryFrom<RsaPrivateParameters> for crate::jwa::rsa::pss::SigningKey<H> impl<H> TryFrom<RsaPrivateParameters> for rsa::pss::SigningKey<H>
where where
H: DynDigest + Default + 'static, H: Digest,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: RsaPrivateParameters) -> Result<Self, Self::Error> { fn try_from(value: RsaPrivateParameters) -> Result<Self, Self::Error> {
@ -265,14 +264,14 @@ mod rsa_impls {
} }
} }
impl<H> TryFrom<&RsaPrivateParameters> for crate::jwa::rsa::pss::SigningKey<H> impl<H> TryFrom<&RsaPrivateParameters> for rsa::pss::SigningKey<H>
where where
H: DynDigest + Default + 'static, H: Digest,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: &RsaPrivateParameters) -> Result<Self, Self::Error> { fn try_from(value: &RsaPrivateParameters) -> Result<Self, Self::Error> {
let key: RsaPrivateKey = value.try_into()?; let key: RsaPrivateKey = value.try_into()?;
Ok(Self::from(key)) Ok(Self::new(key))
} }
} }
@ -298,7 +297,7 @@ mod rsa_impls {
.map(|i| BigUint::from_bytes_be(i)) .map(|i| BigUint::from_bytes_be(i))
.collect(); .collect();
let key = RsaPrivateKey::from_components(n, e, d, primes); let key = RsaPrivateKey::from_components(n, e, d, primes)?;
key.validate()?; key.validate()?;

23
crates/jose/src/jwk/public_parameters.rs
View File

@ -188,11 +188,10 @@ impl OkpPublicParameters {
} }
mod rsa_impls { mod rsa_impls {
use digest::DynDigest; use digest::{const_oid::AssociatedOid, Digest};
use rsa::{BigUint, PublicKeyParts, RsaPublicKey}; use rsa::{BigUint, PublicKeyParts, RsaPublicKey};
use super::{JsonWebKeyPublicParameters, RsaPublicParameters}; use super::{JsonWebKeyPublicParameters, RsaPublicParameters};
use crate::jwa::rsa::RsaHashIdentifier;
impl From<RsaPublicKey> for JsonWebKeyPublicParameters { impl From<RsaPublicKey> for JsonWebKeyPublicParameters {
fn from(key: RsaPublicKey) -> Self { fn from(key: RsaPublicKey) -> Self {
@ -221,9 +220,9 @@ mod rsa_impls {
} }
} }
impl<H> TryFrom<RsaPublicParameters> for crate::jwa::rsa::pkcs1v15::VerifyingKey<H> impl<H> TryFrom<RsaPublicParameters> for rsa::pkcs1v15::VerifyingKey<H>
where where
H: RsaHashIdentifier, H: Digest + AssociatedOid,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: RsaPublicParameters) -> Result<Self, Self::Error> { fn try_from(value: RsaPublicParameters) -> Result<Self, Self::Error> {
@ -231,20 +230,20 @@ mod rsa_impls {
} }
} }
impl<H> TryFrom<&RsaPublicParameters> for crate::jwa::rsa::pkcs1v15::VerifyingKey<H> impl<H> TryFrom<&RsaPublicParameters> for rsa::pkcs1v15::VerifyingKey<H>
where where
H: RsaHashIdentifier, H: Digest + AssociatedOid,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: &RsaPublicParameters) -> Result<Self, Self::Error> { fn try_from(value: &RsaPublicParameters) -> Result<Self, Self::Error> {
let key: RsaPublicKey = value.try_into()?; let key: RsaPublicKey = value.try_into()?;
Ok(Self::from(key)) Ok(Self::new_with_prefix(key))
} }
} }
impl<H> TryFrom<RsaPublicParameters> for crate::jwa::rsa::pss::VerifyingKey<H> impl<H> TryFrom<RsaPublicParameters> for rsa::pss::VerifyingKey<H>
where where
H: DynDigest + Default + 'static, H: Digest,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: RsaPublicParameters) -> Result<Self, Self::Error> { fn try_from(value: RsaPublicParameters) -> Result<Self, Self::Error> {
@ -252,14 +251,14 @@ mod rsa_impls {
} }
} }
impl<H> TryFrom<&RsaPublicParameters> for crate::jwa::rsa::pss::VerifyingKey<H> impl<H> TryFrom<&RsaPublicParameters> for rsa::pss::VerifyingKey<H>
where where
H: DynDigest + Default + 'static, H: Digest,
{ {
type Error = rsa::errors::Error; type Error = rsa::errors::Error;
fn try_from(value: &RsaPublicParameters) -> Result<Self, Self::Error> { fn try_from(value: &RsaPublicParameters) -> Result<Self, Self::Error> {
let key: RsaPublicKey = value.try_into()?; let key: RsaPublicKey = value.try_into()?;
Ok(Self::from(key)) Ok(Self::new(key))
} }
} }

14
crates/keystore/Cargo.toml
View File

@ -6,24 +6,24 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
aead = { version = "0.5.1", features = ["std"] } aead = { version = "0.5.1", features = ["std"] }
const-oid = { version = "0.9.0", features = ["std"] } const-oid = { version = "0.9.0", features = ["std"] }
cookie = { version = "0.16.0", features = ["key-expansion", "private"] } cookie = { version = "0.16.1", features = ["key-expansion", "private"] }
der = { version = "0.6.0", features = ["std"] } der = { version = "0.6.0", features = ["std"] }
ecdsa = { version = "0.14.5", features = ["std"] } ecdsa = { version = "0.14.7", features = ["std"] }
elliptic-curve = { version = "0.12.3", features = ["std", "pem", "sec1"] } elliptic-curve = { version = "0.12.3", features = ["std", "pem", "sec1"] }
k256 = { version = "0.11.1", features = ["std"] } k256 = { version = "0.11.5", features = ["std"] }
p256 = { version = "0.11.1", features = ["std"] } p256 = { version = "0.11.1", features = ["std"] }
p384 = { version = "0.11.1", features = ["std"] } p384 = { version = "0.11.2", features = ["std"] }
pem-rfc7468 = { version = "0.6.0", features = ["std"] } pem-rfc7468 = { version = "0.6.0", features = ["std"] }
pkcs1 = { version = "0.4.0", features = ["std"] } pkcs1 = { version = "0.4.0", features = ["std"] }
pkcs8 = { version = "0.9.0", features = ["std", "pkcs5", "encryption"] } pkcs8 = { version = "0.9.0", features = ["std", "pkcs5", "encryption"] }
rand = "0.8.5" rand = "0.8.5"
rsa = { version = "0.7.0-pre", features = ["std", "pem"] } rsa = { version = "0.7.0-rc.0", features = ["std", "pem"] }
sec1 = { version = "0.3.0", features = ["std"] } sec1 = { version = "0.3.0", features = ["std"] }
spki = { version = "0.6.0", features = ["std"] } spki = { version = "0.6.0", features = ["std"] }
thiserror = "1.0.35" thiserror = "1.0.36"
generic-array = "0.14.6" generic-array = "0.14.6"
chacha20poly1305 = { version = "0.10.1", features = ["std"] } chacha20poly1305 = { version = "0.10.1", features = ["std"] }
base64ct = "1.5.2" base64ct = "1.5.2"

50
crates/keystore/src/lib.rs
View File

@ -162,7 +162,7 @@ impl PrivateKey {
let first_prime = BigUint::from_bytes_be(pkcs1_key.prime1.as_bytes()); let first_prime = BigUint::from_bytes_be(pkcs1_key.prime1.as_bytes());
let second_prime = BigUint::from_bytes_be(pkcs1_key.prime2.as_bytes()); let second_prime = BigUint::from_bytes_be(pkcs1_key.prime2.as_bytes());
let primes = vec![first_prime, second_prime]; let primes = vec![first_prime, second_prime];
let key = rsa::RsaPrivateKey::from_components(n, e, d, primes); let key = rsa::RsaPrivateKey::from_components(n, e, d, primes)?;
Ok(Self::Rsa(Box::new(key))) Ok(Self::Rsa(Box::new(key)))
} }
@ -421,12 +421,24 @@ impl PrivateKey {
(Self::Rsa(key), _) => { (Self::Rsa(key), _) => {
let key: rsa::RsaPublicKey = key.to_public_key(); let key: rsa::RsaPublicKey = key.to_public_key();
match alg { match alg {
JsonWebSignatureAlg::Rs256 => AsymmetricVerifyingKey::Rs256(key.into()), JsonWebSignatureAlg::Rs256 => {
JsonWebSignatureAlg::Rs384 => AsymmetricVerifyingKey::Rs384(key.into()), AsymmetricVerifyingKey::Rs256(rsa::pkcs1v15::VerifyingKey::new(key))
JsonWebSignatureAlg::Rs512 => AsymmetricVerifyingKey::Rs512(key.into()), }
JsonWebSignatureAlg::Ps256 => AsymmetricVerifyingKey::Ps256(key.into()), JsonWebSignatureAlg::Rs384 => {
JsonWebSignatureAlg::Ps384 => AsymmetricVerifyingKey::Ps384(key.into()), AsymmetricVerifyingKey::Rs384(rsa::pkcs1v15::VerifyingKey::new(key))
JsonWebSignatureAlg::Ps512 => AsymmetricVerifyingKey::Ps512(key.into()), }
JsonWebSignatureAlg::Rs512 => {
AsymmetricVerifyingKey::Rs512(rsa::pkcs1v15::VerifyingKey::new(key))
}
JsonWebSignatureAlg::Ps256 => {
AsymmetricVerifyingKey::Ps256(rsa::pss::VerifyingKey::new(key))
}
JsonWebSignatureAlg::Ps384 => {
AsymmetricVerifyingKey::Ps384(rsa::pss::VerifyingKey::new(key))
}
JsonWebSignatureAlg::Ps512 => {
AsymmetricVerifyingKey::Ps512(rsa::pss::VerifyingKey::new(key))
}
_ => return Err(WrongAlgorithmError), _ => return Err(WrongAlgorithmError),
} }
} }
@ -463,12 +475,24 @@ impl PrivateKey {
(Self::Rsa(key), _) => { (Self::Rsa(key), _) => {
let key: rsa::RsaPrivateKey = *key.clone(); let key: rsa::RsaPrivateKey = *key.clone();
match alg { match alg {
JsonWebSignatureAlg::Rs256 => AsymmetricSigningKey::Rs256(key.into()), JsonWebSignatureAlg::Rs256 => {
JsonWebSignatureAlg::Rs384 => AsymmetricSigningKey::Rs384(key.into()), AsymmetricSigningKey::Rs256(rsa::pkcs1v15::SigningKey::new(key))
JsonWebSignatureAlg::Rs512 => AsymmetricSigningKey::Rs512(key.into()), }
JsonWebSignatureAlg::Ps256 => AsymmetricSigningKey::Ps256(key.into()), JsonWebSignatureAlg::Rs384 => {
JsonWebSignatureAlg::Ps384 => AsymmetricSigningKey::Ps384(key.into()), AsymmetricSigningKey::Rs384(rsa::pkcs1v15::SigningKey::new(key))
JsonWebSignatureAlg::Ps512 => AsymmetricSigningKey::Ps512(key.into()), }
JsonWebSignatureAlg::Rs512 => {
AsymmetricSigningKey::Rs512(rsa::pkcs1v15::SigningKey::new(key))
}
JsonWebSignatureAlg::Ps256 => {
AsymmetricSigningKey::Ps256(rsa::pss::SigningKey::new(key))
}
JsonWebSignatureAlg::Ps384 => {
AsymmetricSigningKey::Ps384(rsa::pss::SigningKey::new(key))
}
JsonWebSignatureAlg::Ps512 => {
AsymmetricSigningKey::Ps512(rsa::pss::SigningKey::new(key))
}
_ => return Err(WrongAlgorithmError), _ => return Err(WrongAlgorithmError),
} }
} }

8
crates/oauth2-types/Cargo.toml
View File

@ -7,7 +7,7 @@ license = "Apache-2.0"
[dependencies] [dependencies]
http = "0.2.8" http = "0.2.8"
serde = "1.0.144" serde = "1.0.145"
serde_json = "1.0.85" serde_json = "1.0.85"
language-tags = { version = "0.3.2", features = ["serde"] } language-tags = { version = "0.3.2", features = ["serde"] }
url = { version = "2.3.1", features = ["serde"] } url = { version = "2.3.1", features = ["serde"] }
@ -15,10 +15,10 @@ parse-display = "0.6.0"
indoc = "1.0.7" indoc = "1.0.7"
serde_with = { version = "2.0.1", features = ["chrono"] } serde_with = { version = "2.0.1", features = ["chrono"] }
chrono = "0.4.22" chrono = "0.4.22"
sha2 = "0.10.5" sha2 = "0.10.6"
data-encoding = "2.3.2" data-encoding = "2.3.2"
thiserror = "1.0.35" thiserror = "1.0.36"
itertools = "0.10.3" itertools = "0.10.5"
mas-iana = { path = "../iana" } mas-iana = { path = "../iana" }
mas-jose = { path = "../jose" } mas-jose = { path = "../jose" }

6
crates/policy/Cargo.toml
View File

@ -6,11 +6,11 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.64" anyhow = "1.0.65"
opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git" } opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git" }
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_json = "1.0.85" serde_json = "1.0.85"
thiserror = "1.0.35" thiserror = "1.0.36"
tokio = { version = "1.21.1", features = ["io-util", "rt"] } tokio = { version = "1.21.1", features = ["io-util", "rt"] }
tracing = "0.1.36" tracing = "0.1.36"
wasmtime = "0.40.1" wasmtime = "0.40.1"

2
crates/router/Cargo.toml
View File

@ -7,7 +7,7 @@ license = "Apache-2.0"
[dependencies] [dependencies]
axum = { version = "0.6.0-rc.2", default-features = false } axum = { version = "0.6.0-rc.2", default-features = false }
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_urlencoded = "0.7.1" serde_urlencoded = "0.7.1"
serde_with = "2.0.1" serde_with = "2.0.1"
url = "2.3.1" url = "2.3.1"

2
crates/static-files/Cargo.toml
View File

@ -10,7 +10,7 @@ dev = []
[dependencies] [dependencies]
axum = { version = "0.6.0-rc.2", features = ["headers"] } axum = { version = "0.6.0-rc.2", features = ["headers"] }
headers = "0.3.7" headers = "0.3.8"
http = "0.2.8" http = "0.2.8"
http-body = "0.4.5" http-body = "0.4.5"
mime_guess = "2.0.4" mime_guess = "2.0.4"

8
crates/storage/Cargo.toml
View File

@ -7,12 +7,12 @@ license = "Apache-2.0"
[dependencies] [dependencies]
tokio = "1.21.1" tokio = "1.21.1"
sqlx = { version = "0.6.1", features = ["runtime-tokio-rustls", "postgres", "migrate", "chrono", "offline", "json"] } sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres", "migrate", "chrono", "offline", "json"] }
chrono = { version = "0.4.22", features = ["serde"] } chrono = { version = "0.4.22", features = ["serde"] }
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_json = "1.0.85" serde_json = "1.0.85"
thiserror = "1.0.35" thiserror = "1.0.36"
anyhow = "1.0.64" anyhow = "1.0.65"
tracing = "0.1.36" tracing = "0.1.36"
# Password hashing # Password hashing

4
crates/tasks/Cargo.toml
View File

@ -8,9 +8,9 @@ license = "Apache-2.0"
[dependencies] [dependencies]
tokio = "1.21.1" tokio = "1.21.1"
async-trait = "0.1.57" async-trait = "0.1.57"
tokio-stream = "0.1.9" tokio-stream = "0.1.10"
futures-util = "0.3.24" futures-util = "0.3.24"
tracing = "0.1.36" tracing = "0.1.36"
sqlx = { version = "0.6.1", features = ["runtime-tokio-rustls", "postgres"] } sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres"] }
mas-storage = { path = "../storage" } mas-storage = { path = "../storage" }

8
crates/templates/Cargo.toml
View File

@ -12,11 +12,11 @@ dev = []
tracing = "0.1.36" tracing = "0.1.36"
tokio = { version = "1.21.1", features = ["macros"] } tokio = { version = "1.21.1", features = ["macros"] }
anyhow = "1.0.64" anyhow = "1.0.65"
thiserror = "1.0.35" thiserror = "1.0.36"
tera = "1.17.0" tera = "1.17.1"
serde = { version = "1.0.144", features = ["derive"] } serde = { version = "1.0.145", features = ["derive"] }
serde_json = "1.0.85" serde_json = "1.0.85"
serde_urlencoded = "0.7.1" serde_urlencoded = "0.7.1"