matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity

Bump all Rust dependencies to latest version (#828)

Browse Source
This commit is contained in:
Quentin Gliech
2023-01-27 15:23:59 +01:00
committed by GitHub
parent 1e78f37353
commit 6bda071e3f
28 changed files with 435 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crates/jose/src/jwa/asymmetric.rs
View File

@@ -15,6 +15,7 @@
use digest::Digest;
use mas_iana::jose::{JsonWebKeyEcEllipticCurve, JsonWebSignatureAlg};
use sha2::{Sha256, Sha384, Sha512};
use signature::rand_core::CryptoRngCore;
use thiserror::Error;
use super::signature::Signature;
@@ -215,7 +216,7 @@ impl From<super::Es256KSigningKey> for AsymmetricSigningKey {
impl signature::RandomizedSigner<Signature> for AsymmetricSigningKey {
fn try_sign_with_rng(
&self,
rng: impl rand::CryptoRng + rand::RngCore,
rng: &mut impl CryptoRngCore,
msg: &[u8],
) -> Result<Signature, signature::Error> {
match self {
@@ -244,15 +245,15 @@ impl signature::RandomizedSigner<Signature> for AsymmetricSigningKey {
Ok(Signature::from_signature(&signature))
}
Self::Es256(key) => {
let signature = key.try_sign_with_rng(rng, msg)?;
let signature: ecdsa::Signature<_> = key.try_sign_with_rng(rng, msg)?;
Ok(Signature::from_signature(&signature))
}
Self::Es384(key) => {
let signature = key.try_sign_with_rng(rng, msg)?;
let signature: ecdsa::Signature<_> = key.try_sign_with_rng(rng, msg)?;
Ok(Signature::from_signature(&signature))
}
Self::Es256K(key) => {
let signature = key.try_sign_with_rng(rng, msg)?;
let signature: ecdsa::Signature<_> = key.try_sign_with_rng(rng, msg)?;
Ok(Signature::from_signature(&signature))
}
}
@@ -449,15 +450,15 @@ impl signature::Verifier<Signature> for AsymmetricVerifyingKey {
key.verify(msg, &signature)
}
Self::Es256(key) => {
let signature = signature.to_signature()?;
let signature: ecdsa::Signature<_> = signature.to_signature()?;
key.verify(msg, &signature)
}
Self::Es384(key) => {
let signature = signature.to_signature()?;
let signature: ecdsa::Signature<_> = signature.to_signature()?;
key.verify(msg, &signature)
}
Self::Es256K(key) => {
let signature = signature.to_signature()?;
let signature: ecdsa::Signature<_> = signature.to_signature()?;
key.verify(msg, &signature)
}
}

35
crates/jose/src/jwa/hmac.rs
View File

@@ -40,18 +40,37 @@ impl<S: ArrayLength<u8>> std::fmt::Debug for Signature<S> {
}
}
impl<S: ArrayLength<u8>> signature::Signature for Signature<S> {
fn from_bytes(bytes: &[u8]) -> Result<Self, signature::Error> {
if bytes.len() != S::to_usize() {
return Err(signature::Error::new());
impl<S: ArrayLength<u8>> Clone for Signature<S> {
fn clone(&self) -> Self {
Self {
signature: self.signature.clone(),
}
Ok(Self {
signature: GenericArray::from_slice(bytes).clone(),
})
}
}
impl<S: ArrayLength<u8>> From<Signature<S>> for GenericArray<u8, S> {
fn from(val: Signature<S>) -> Self {
val.signature
}
}
impl<'a, S: ArrayLength<u8>> TryFrom<&'a [u8]> for Signature<S> {
type Error = InvalidLength;
fn try_from(value: &'a [u8]) -> Result<Self, Self::Error> {
if value.len() != S::to_usize() {
return Err(InvalidLength);
}
let mut signature = GenericArray::default();
signature.copy_from_slice(value);
Ok(Self { signature })
}
}
impl<S: ArrayLength<u8>> signature::SignatureEncoding for Signature<S> {
type Repr = GenericArray<u8, S>;
}
impl<S: ArrayLength<u8>> AsRef<[u8]> for Signature<S> {
fn as_ref(&self) -> &[u8] {
self.signature.as_ref()

38
crates/jose/src/jwa/signature.rs
View File

@@ -12,45 +12,51 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use signature::Signature as _;
use signature::SignatureEncoding as _;
#[derive(Debug)]
#[derive(Debug, Clone)]
pub struct Signature {
bytes: Vec<u8>,
bytes: Box<[u8]>,
}
impl AsRef<[u8]> for Signature {
fn as_ref(&self) -> &[u8] {
&self.bytes
impl From<Signature> for Box<[u8]> {
fn from(val: Signature) -> Self {
val.bytes
}
}
impl signature::Signature for Signature {
fn from_bytes(bytes: &[u8]) -> Result<Self, signature::Error> {
Ok(Self {
bytes: bytes.to_vec(),
})
impl<'a> From<&'a [u8]> for Signature {
fn from(value: &'a [u8]) -> Self {
Self {
bytes: value.into(),
}
}
}
impl signature::SignatureEncoding for Signature {
type Repr = Box<[u8]>;
}
impl Signature {
pub fn new(bytes: Vec<u8>) -> Self {
Self { bytes }
Self {
bytes: bytes.into(),
}
}
pub fn from_signature<S>(signature: &S) -> Self
where
S: signature::Signature,
S: signature::SignatureEncoding,
{
Self {
bytes: signature.as_bytes().to_vec(),
bytes: signature.to_vec().into(),
}
}
pub fn to_signature<S>(&self) -> Result<S, signature::Error>
where
S: signature::Signature,
S: signature::SignatureEncoding,
{
S::from_bytes(self.as_bytes())
S::try_from(&self.to_bytes()).map_err(|_| signature::Error::default())
}
}

2
crates/jose/src/jwa/symmetric.rs
View File

@@ -82,7 +82,7 @@ impl From<super::Hs512Key> for SymmetricKey {
impl signature::RandomizedSigner<Signature> for SymmetricKey {
fn try_sign_with_rng(
&self,
_rng: impl rand::CryptoRng + rand::RngCore,
_rng: &mut (impl rand::CryptoRng + rand::RngCore),
msg: &[u8],
) -> Result<Signature, signature::Error> {
// XXX: is that implementation alright?

39
crates/jose/src/jwt/signed.rs
View File

@@ -13,9 +13,9 @@
// limitations under the License.
use base64ct::{Base64UrlUnpadded, Encoding};
use rand::{thread_rng, CryptoRng, RngCore};
use rand::thread_rng;
use serde::{de::DeserializeOwned, Serialize};
use signature::{RandomizedSigner, Signature, Verifier};
use signature::{rand_core::CryptoRngCore, RandomizedSigner, SignatureEncoding, Verifier};
use thiserror::Error;
use super::{header::JsonWebSignatureHeader, raw::RawJwt};
@@ -165,10 +165,7 @@ where
#[derive(Debug, Error)]
pub enum JwtVerificationError {
#[error("failed to parse signature")]
ParseSignature {
#[source]
inner: signature::Error,
},
ParseSignature,
#[error("signature verification failed")]
Verify {
@@ -178,8 +175,9 @@ pub enum JwtVerificationError {
}
impl JwtVerificationError {
fn parse_signature(inner: signature::Error) -> Self {
Self::ParseSignature { inner }
#[allow(clippy::needless_pass_by_value)]
fn parse_signature<E>(_inner: E) -> Self {
Self::ParseSignature
}
fn verify(inner: signature::Error) -> Self {
@@ -214,10 +212,10 @@ impl<'a, T> Jwt<'a, T> {
pub fn verify<K, S>(&self, key: &K) -> Result<(), JwtVerificationError>
where
K: Verifier<S>,
S: Signature,
S: SignatureEncoding,
{
let signature =
S::from_bytes(&self.signature).map_err(JwtVerificationError::parse_signature)?;
S::try_from(&self.signature).map_err(JwtVerificationError::parse_signature)?;
key.verify(self.raw.signed_part().as_bytes(), &signature)
.map_err(JwtVerificationError::verify)
@@ -306,23 +304,23 @@ impl<T> Jwt<'static, T> {
) -> Result<Self, JwtSignatureError>
where
K: RandomizedSigner<S>,
S: Signature,
S: SignatureEncoding,
T: Serialize,
{
#[allow(clippy::disallowed_methods)]
Self::sign_with_rng(thread_rng(), header, payload, key)
Self::sign_with_rng(&mut thread_rng(), header, payload, key)
}
pub fn sign_with_rng<R, K, S>(
rng: R,
rng: &mut R,
header: JsonWebSignatureHeader,
payload: T,
key: &K,
) -> Result<Self, JwtSignatureError>
where
R: CryptoRng + RngCore,
R: CryptoRngCore,
K: RandomizedSigner<S>,
S: Signature,
S: SignatureEncoding,
T: Serialize,
{
let header_ = serde_json::to_vec(&header).map_err(JwtSignatureError::encode_header)?;
@@ -336,10 +334,7 @@ impl<T> Jwt<'static, T> {
let first_dot = header_.len();
let second_dot = inner.len();
let signature = key
.try_sign_with_rng(rng, inner.as_bytes())?
.as_bytes()
.to_vec();
let signature = key.try_sign_with_rng(rng, inner.as_bytes())?.to_vec();
let signature_ = Base64UrlUnpadded::encode_string(&signature);
inner.reserve_exact(1 + signature_.len());
inner.push('.');
@@ -386,7 +381,9 @@ mod tests {
let payload = serde_json::json!({"hello": "world"});
let key = ecdsa::SigningKey::<p256::NistP256>::random(&mut thread_rng());
let signed = Jwt::sign(header, payload, &key).unwrap();
signed.verify(&key.verifying_key()).unwrap();
let signed = Jwt::sign::<_, ecdsa::Signature<_>>(header, payload, &key).unwrap();
signed
.verify::<_, ecdsa::Signature<_>>(key.verifying_key())
.unwrap();
}
}