matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Upgrade more crypto crates

Browse Source
This commit is contained in:
Quentin Gliech
2022-01-05 10:57:18 +01:00
parent 1377e09dbe
commit 767d7649ce
3 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Cargo.lock generated
View File

@ -1155,6 +1155,15 @@ dependencies = [
"digest 0.9.0", "digest 0.9.0",
] ]
[[package]]
name = "hmac"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2"
dependencies = [
"digest 0.10.1",
]
[[package]] [[package]]
name = "http" name = "http"
version = "0.2.6" version = "0.2.6"
@ -1562,10 +1571,10 @@ dependencies = [
"async-trait", "async-trait",
"base64ct", "base64ct",
"crypto-mac", "crypto-mac",
"digest 0.9.0", "digest 0.10.1",
"ecdsa", "ecdsa",
"elliptic-curve", "elliptic-curve",
"hmac", "hmac 0.12.0",
"p256", "p256",
"pkcs1", "pkcs1",
"pkcs8", "pkcs8",
@ -1575,7 +1584,7 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"serde_with", "serde_with",
"sha2 0.9.8", "sha2 0.10.0",
"signature", "signature",
"thiserror", "thiserror",
"tokio", "tokio",
@ -2582,7 +2591,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525" checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525"
dependencies = [ dependencies = [
"crypto-bigint", "crypto-bigint",
"hmac", "hmac 0.11.0",
"zeroize", "zeroize",
] ]
@ -3118,7 +3127,7 @@ dependencies = [
"futures-util", "futures-util",
"hashlink", "hashlink",
"hex", "hex",
"hmac", "hmac 0.11.0",
"indexmap", "indexmap",
"itoa 1.0.1", "itoa 1.0.1",
"libc", "libc",

6
crates/jose/Cargo.toml
View File

@ -10,10 +10,10 @@ anyhow = "1.0.52"
async-trait = "0.1.52" async-trait = "0.1.52"
base64ct = { version = "1.0.1", features = ["std"] } base64ct = { version = "1.0.1", features = ["std"] }
crypto-mac = { version = "0.11.1", features = ["std"] } crypto-mac = { version = "0.11.1", features = ["std"] }
digest = "0.9.0" digest = "0.10.1"
ecdsa = { version = "0.13.3", features = ["sign", "verify", "pem", "pkcs8"] } ecdsa = { version = "0.13.3", features = ["sign", "verify", "pem", "pkcs8"] }
elliptic-curve = { version = "0.11.6", features = ["ecdh", "pem"] } elliptic-curve = { version = "0.11.6", features = ["ecdh", "pem"] }
hmac = "0.11.0" hmac = "0.12.0"
p256 = { version = "0.10.0", features = ["ecdsa", "pem", "pkcs8"] } p256 = { version = "0.10.0", features = ["ecdsa", "pem", "pkcs8"] }
pkcs1 = { version = "0.3.1", features = ["pem", "pkcs8"] } pkcs1 = { version = "0.3.1", features = ["pem", "pkcs8"] }
pkcs8 = { version = "0.8.0", features = ["pem"] } pkcs8 = { version = "0.8.0", features = ["pem"] }
@ -23,7 +23,7 @@ sec1 = "0.2.1"
serde = { version = "1.0.133", features = ["derive"] } serde = { version = "1.0.133", features = ["derive"] }
serde_json = "1.0.74" serde_json = "1.0.74"
serde_with = { version = "1.11.0", features = ["base64"] } serde_with = { version = "1.11.0", features = ["base64"] }
sha2 = "0.9.8" sha2 = "0.10.0"
signature = "1.4.0" signature = "1.4.0"
thiserror = "1.0.30" thiserror = "1.0.30"
tokio = { version = "1.15.0", features = ["macros", "rt"] } tokio = { version = "1.15.0", features = ["macros", "rt"] }

8
crates/jose/src/keystore.rs
View File

@ -19,7 +19,7 @@ use async_trait::async_trait;
use base64ct::{Base64UrlUnpadded, Encoding}; use base64ct::{Base64UrlUnpadded, Encoding};
use digest::Digest; use digest::Digest;
use ecdsa::VerifyingKey; use ecdsa::VerifyingKey;
use hmac::{Hmac, Mac, NewMac}; use hmac::{Hmac, Mac};
use p256::{NistP256, PublicKey}; use p256::{NistP256, PublicKey};
use pkcs1::EncodeRsaPublicKey; use pkcs1::EncodeRsaPublicKey;
use pkcs8::EncodePublicKey; use pkcs8::EncodePublicKey;
@ -117,19 +117,19 @@ impl<'a> VerifyingKeystore for &SharedSecret<'a> {
JsonWebSignatureAlgorithm::Hs256 => { JsonWebSignatureAlgorithm::Hs256 => {
let mut mac = Hmac::<Sha256>::new_from_slice(self.inner)?; let mut mac = Hmac::<Sha256>::new_from_slice(self.inner)?;
mac.update(payload); mac.update(payload);
mac.verify(signature)?; mac.verify(signature.try_into()?)?;
} }
JsonWebSignatureAlgorithm::Hs384 => { JsonWebSignatureAlgorithm::Hs384 => {
let mut mac = Hmac::<Sha384>::new_from_slice(self.inner)?; let mut mac = Hmac::<Sha384>::new_from_slice(self.inner)?;
mac.update(payload); mac.update(payload);
mac.verify(signature)?; mac.verify(signature.try_into()?)?;
} }
JsonWebSignatureAlgorithm::Hs512 => { JsonWebSignatureAlgorithm::Hs512 => {
let mut mac = Hmac::<Sha512>::new_from_slice(self.inner)?; let mut mac = Hmac::<Sha512>::new_from_slice(self.inner)?;
mac.update(payload); mac.update(payload);
mac.verify(signature)?; mac.verify(signature.try_into()?)?;
} }
_ => bail!("unsupported algorithm"), _ => bail!("unsupported algorithm"),