Skip to content

Commit

Permalink
Update dependencies to latest (#117)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ereOn
ereOn authored Jun 28, 2023
1 parent e9b1c53 commit 1bc4a2f
Show file tree
Hide file tree
Showing 9 changed files with 309 additions and 166 deletions.
235 changes: 152 additions & 83 deletions Cargo-1.65.lock
View file

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,19 +40,19 @@ log = "0.4"
oauth2 = { version = "4.4.1", default-features = false }
rand = "0.8.5"
hmac = "0.12.1"
rsa = "0.7.2"
rsa = "0.9.2"
sha2 = { version = "0.10.6", features = ["oid"] } # Object ID needed for pkcs1v15 padding
p256 = "0.11.1"
p384 = "0.11.2"
p256 = "0.13.2"
p384 = "0.13.0"
dyn-clone = "1.0.10"
serde = "1.0"
serde_derive = "1.0"
serde_json = "1.0"
serde_path_to_error = "0.1"
serde_plain = "1.0"
serde_with = "1.13"
serde_with = "3"
serde-value = "0.7"
url = { version = "2.1", features = ["serde"] }
url = { version = "2.4", features = ["serde"] }
subtle = "2.4"

[dev-dependencies]
Expand Down
12 changes: 5 additions & 7 deletions src/core/crypto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,10 @@ fn ec_public_key(

pub fn verify_rsa_signature(
key: &CoreJsonWebKey,
padding: rsa::PaddingScheme,
padding: impl rsa::traits::SignatureScheme,
msg: &[u8],
signature: &[u8],
) -> Result<(), SignatureVerificationError> {
use rsa::PublicKey;

let (n, e) = rsa_public_key(key).map_err(SignatureVerificationError::InvalidKey)?;
// let's n and e as a big integers to prevent issues with leading zeros
// according to https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1
Expand All @@ -86,7 +84,7 @@ pub fn verify_ec_signature(
msg: &[u8],
signature: &[u8],
) -> Result<(), SignatureVerificationError> {
use p256::ecdsa::signature::{Signature, Verifier};
use p256::ecdsa::signature::Verifier;

let (x, y, crv) = ec_public_key(key).map_err(SignatureVerificationError::InvalidKey)?;
let mut pk = vec![0x04];
Expand All @@ -99,7 +97,7 @@ pub fn verify_ec_signature(
public_key
.verify(
msg,
&p256::ecdsa::Signature::from_bytes(signature).map_err(|_| {
&p256::ecdsa::Signature::from_slice(signature).map_err(|_| {
SignatureVerificationError::CryptoError("Invalid signature".to_string())
})?,
)
Expand All @@ -113,7 +111,7 @@ pub fn verify_ec_signature(
public_key
.verify(
msg,
&p384::ecdsa::Signature::from_bytes(signature).map_err(|_| {
&p384::ecdsa::Signature::from_slice(signature).map_err(|_| {
SignatureVerificationError::CryptoError("Invalid signature".to_string())
})?,
)
Expand Down Expand Up @@ -157,7 +155,7 @@ mod tests {
assert! {
verify_rsa_signature(
&key,
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
&hash,
&signature,
).is_ok()
Expand Down
115 changes: 66 additions & 49 deletions src/core/jwk.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
message,
signature,
)
Expand All @@ -195,7 +195,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha384>(),
rsa::Pkcs1v15Sign::new::<sha2::Sha384>(),
message,
signature,
)
Expand All @@ -208,7 +208,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha512>(),
rsa::Pkcs1v15Sign::new::<sha2::Sha512>(),
message,
signature,
)
Expand All @@ -221,7 +221,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pss::<sha2::Sha256>(),
rsa::Pss::new::<sha2::Sha256>(),
message,
signature,
)
Expand All @@ -234,7 +234,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pss::<sha2::Sha384>(),
rsa::Pss::new::<sha2::Sha384>(),
message,
signature,
)
Expand All @@ -247,7 +247,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
};
crypto::verify_rsa_signature(
self,
rsa::PaddingScheme::new_pss::<sha2::Sha512>(),
rsa::Pss::new::<sha2::Sha512>(),
message,
signature,
)
Expand Down Expand Up @@ -449,82 +449,99 @@ impl
signature_alg: &CoreJwsSigningAlgorithm,
msg: &[u8],
) -> Result<Vec<u8>, SigningError> {
let (padding_alg, hash) = match *signature_alg {
match *signature_alg {
CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha256 => {
let mut hasher = sha2::Sha256::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
hash,
)

self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha384 => {
let mut hasher = sha2::Sha384::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha384>(),
hash,
)

self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pkcs1v15Sign::new::<sha2::Sha384>(),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha512 => {
let mut hasher = sha2::Sha512::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha512>(),
hash,
)

self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pkcs1v15Sign::new::<sha2::Sha512>(),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
CoreJwsSigningAlgorithm::RsaSsaPssSha256 => {
let mut hasher = sha2::Sha256::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256>(hash.len()),
hash,
)

self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pss::new_with_salt::<sha2::Sha256>(hash.len()),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
CoreJwsSigningAlgorithm::RsaSsaPssSha384 => {
let mut hasher = sha2::Sha384::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha384>(hash.len()),
hash,
)

self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pss::new_with_salt::<sha2::Sha384>(hash.len()),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
CoreJwsSigningAlgorithm::RsaSsaPssSha512 => {
let mut hasher = sha2::Sha512::new();
hasher.update(msg);
let hash = hasher.finalize().to_vec();
(
rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha512>(hash.len()),
hash,
)
}
ref other => {
return Err(SigningError::UnsupportedAlg(
serde_plain::to_string(other).unwrap_or_else(|err| {
panic!(
"signature alg {:?} failed to serialize to a string: {}",
other, err
)
}),
))
}
};

let sig = self
.key_pair
.sign_blinded(&mut dyn_clone::clone_box(&self.rng), padding_alg, &hash)
.map_err(|_| SigningError::CryptoError)?;
Ok(sig)
self.key_pair
.sign_with_rng(
&mut dyn_clone::clone_box(&self.rng),
rsa::Pss::new_with_salt::<sha2::Sha512>(hash.len()),
&hash,
)
.map_err(|_| SigningError::CryptoError)
}
ref other => Err(SigningError::UnsupportedAlg(
serde_plain::to_string(other).unwrap_or_else(|err| {
panic!(
"signature alg {:?} failed to serialize to a string: {}",
other, err
)
}),
)),
}
}

fn as_verification_key(&self) -> CoreJsonWebKey {
use rsa::PublicKeyParts;
use rsa::traits::PublicKeyParts;

let public_key = self.key_pair.to_public_key();
CoreJsonWebKey {
kty: CoreJsonWebKeyType::RSA,
Expand Down
65 changes: 54 additions & 11 deletions src/id_token.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,8 +483,18 @@ mod tests {
*claims.audiences(),
vec![Audience::new("s6BhdRkqt3".to_string())]
);
assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0));
assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0));
assert_eq!(
claims.expiration(),
Utc.timestamp_opt(1311281970, 0)
.single()
.expect("valid timestamp")
);
assert_eq!(
claims.issue_time(),
Utc.timestamp_opt(1311280970, 0)
.single()
.expect("valid timestamp")
);
assert_eq!(
*claims.subject(),
SubjectIdentifier::new("24400320".to_string())
Expand Down Expand Up @@ -524,8 +534,18 @@ mod tests {
*claims.audiences(),
vec![Audience::new("s6BhdRkqt3".to_string())]
);
assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0));
assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0));
assert_eq!(
claims.expiration(),
Utc.timestamp_opt(1311281970, 0)
.single()
.expect("valid timestamp")
);
assert_eq!(
claims.issue_time(),
Utc.timestamp_opt(1311280970, 0)
.single()
.expect("valid timestamp")
);
assert_eq!(
*claims.subject(),
SubjectIdentifier::new("24400320".to_string())
Expand All @@ -542,8 +562,12 @@ mod tests {
let new_claims = CoreIdTokenClaims::new(
IssuerUrl::new("https://server.example.com".to_string()).unwrap(),
vec![Audience::new("s6BhdRkqt3".to_string())],
Utc.timestamp(1311281970, 0),
Utc.timestamp(1311280970, 0),
Utc.timestamp_opt(1311281970, 0)
.single()
.expect("valid timestamp"),
Utc.timestamp_opt(1311280970, 0)
.single()
.expect("valid timestamp"),
StandardClaims::new(SubjectIdentifier::new("24400320".to_string())),
EmptyAdditionalClaims {},
);
Expand Down Expand Up @@ -666,8 +690,12 @@ mod tests {
let new_claims = CoreIdTokenClaims::new(
IssuerUrl::new("https://server.example.com".to_string()).unwrap(),
vec![Audience::new("s6BhdRkqt3".to_string())],
Utc.timestamp(1311281970, 0),
Utc.timestamp(1311280970, 0),
Utc.timestamp_opt(1311281970, 0)
.single()
.expect("valid timestamp"),
Utc.timestamp_opt(1311280970, 0)
.single()
.expect("valid timestamp"),
StandardClaims {
sub: SubjectIdentifier::new("24400320".to_string()),
name: Some(
Expand Down Expand Up @@ -794,11 +822,19 @@ mod tests {
postal_code: Some(AddressPostalCode::new("90210".to_string())),
country: Some(AddressCountry::new("US".to_string())),
}),
updated_at: Some(Utc.timestamp(1311283970, 0)),
updated_at: Some(
Utc.timestamp_opt(1311283970, 0)
.single()
.expect("valid timestamp"),
),
},
EmptyAdditionalClaims {},
)
.set_auth_time(Some(Utc.timestamp(1311282970, 0)))
.set_auth_time(Some(
Utc.timestamp_opt(1311282970, 0)
.single()
.expect("valid timestamp"),
))
.set_nonce(Some(Nonce::new("Zm9vYmFy".to_string())))
.set_auth_context_ref(Some(AuthenticationContextClass::new(
"urn:mace:incommon:iap:silver".to_string(),
Expand Down Expand Up @@ -884,7 +920,14 @@ mod tests {
}",
)
.expect("failed to deserialize");
assert_eq!(claims.updated_at(), Some(Utc.timestamp(1640139037, 0)));
assert_eq!(
claims.updated_at(),
Some(
Utc.timestamp_opt(1640139037, 0)
.single()
.expect("valid timestamp")
)
);
}

#[test]
Expand Down
Loading

0 comments on commit 1bc4a2f

Please sign in to comment.