From 845b4003bdd0dd9e6f604ab5d4f0e8ccd1dc45e0 Mon Sep 17 00:00:00 2001 From: Elvis Pranskevichus Date: Thu, 15 Feb 2024 15:38:31 -0800 Subject: [PATCH] Bump `base64` and `pem` --- Cargo.lock | 99 +++++++++++----------------------- Cargo.toml | 8 +-- src/cloud/client.rs | 5 +- src/commands/ui.rs | 31 +++++------ src/portable/link.rs | 10 +--- src/portable/reset_password.rs | 9 ++-- 6 files changed, 62 insertions(+), 100 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 033254c3e..e2a6e6bf5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -338,9 +338,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.2" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -1008,7 +1008,7 @@ dependencies = [ "async-listen", "backtrace", "base32", - "base64 0.13.1", + "base64 0.21.7", "bigdecimal", "bitvec", "blake2b_simd", @@ -1059,7 +1059,7 @@ dependencies = [ "open", "openssl", "os-release", - "pem 1.1.1", + "pem 3.0.3", "predicates 2.1.5", "pretty_assertions", "prettytable-rs", @@ -1069,9 +1069,9 @@ dependencies = [ "rexpect", "ring 0.17.7", "rpassword", - "rustls 0.22.2", + "rustls", "rustyline", - "scram", + "scram 0.7.0", "semver", "serde", "serde_json", @@ -1132,7 +1132,6 @@ dependencies = [ [[package]] name = "edgedb-derive" version = "0.5.1" -source = "git+https://github.com/edgedb/edgedb-rust/#a1094916fe28d090156c006722ca660cc29e06ad" dependencies = [ "proc-macro2", "quote", @@ -1143,7 +1142,6 @@ dependencies = [ [[package]] name = "edgedb-errors" version = "0.4.1" -source = "git+https://github.com/edgedb/edgedb-rust/#a1094916fe28d090156c006722ca660cc29e06ad" dependencies = [ "bytes", ] @@ -1151,7 +1149,6 @@ dependencies = [ [[package]] name = "edgedb-protocol" version = "0.6.0" -source = "git+https://github.com/edgedb/edgedb-rust/#a1094916fe28d090156c006722ca660cc29e06ad" dependencies = [ "bigdecimal", "bitflags 2.4.0", @@ -1167,13 +1164,12 @@ dependencies = [ [[package]] name = "edgedb-tokio" version = "0.5.0" -source = "git+https://github.com/edgedb/edgedb-rust/#a1094916fe28d090156c006722ca660cc29e06ad" dependencies = [ "anyhow", "arc-swap", "async-trait", "base16ct", - "base64 0.21.2", + "base64 0.21.7", "bytes", "crc16", "dirs 5.0.1", @@ -1183,11 +1179,11 @@ dependencies = [ "log", "once_cell", "rand", - "rustls 0.22.2", + "rustls", "rustls-native-certs", - "rustls-pemfile 2.1.0", - "rustls-webpki 0.102.2", - "scram", + "rustls-pemfile", + "rustls-webpki", + "scram 0.6.0", "serde", "serde_json", "sha1", @@ -2422,11 +2418,12 @@ dependencies = [ [[package]] name = "pem" -version = "1.1.1" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" dependencies = [ - "base64 0.13.1", + "base64 0.21.7", + "serde", ] [[package]] @@ -2768,7 +2765,7 @@ version = "0.11.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cde824a14b7c14f85caff81225f411faacc04a2013f41670f41443742b1c1c55" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "bytes", "encoding_rs", "futures-core", @@ -2891,18 +2888,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "rustls" -version = "0.21.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" -dependencies = [ - "log", - "ring 0.17.7", - "rustls-webpki 0.101.7", - "sct", -] - [[package]] name = "rustls" version = "0.22.2" @@ -2912,7 +2897,7 @@ dependencies = [ "log", "ring 0.17.7", "rustls-pki-types", - "rustls-webpki 0.102.2", + "rustls-webpki", "subtle", "zeroize", ] @@ -2924,28 +2909,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" dependencies = [ "openssl-probe", - "rustls-pemfile 2.1.0", + "rustls-pemfile", "rustls-pki-types", "schannel", "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b" -dependencies = [ - "base64 0.21.2", -] - [[package]] name = "rustls-pemfile" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c333bb734fcdedcea57de1602543590f545f127dc8b533324318fd492c5c70b" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "rustls-pki-types", ] @@ -2955,16 +2931,6 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "048a63e5b3ac996d78d402940b5fa47973d2d080c6c6fffa1d0f19c4445310b7" -[[package]] -name = "rustls-webpki" -version = "0.101.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" -dependencies = [ - "ring 0.17.7", - "untrusted 0.9.0", -] - [[package]] name = "rustls-webpki" version = "0.102.2" @@ -3052,13 +3018,13 @@ dependencies = [ ] [[package]] -name = "sct" +name = "scram" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +source = "git+https://github.com/elprans/scram#b1f594638f1022ed7e6550a63ad94bb95256a097" dependencies = [ - "ring 0.16.20", - "untrusted 0.7.1", + "base64 0.21.7", + "rand", + "ring 0.17.7", ] [[package]] @@ -3554,8 +3520,8 @@ version = "0.10.0-pre" source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "anyhow", - "rustls 0.22.2", - "rustls-webpki 0.102.2", + "rustls", + "rustls-webpki", "thiserror", "tls-api", "tls-api-test", @@ -3620,11 +3586,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ - "rustls 0.21.10", + "rustls", + "rustls-pki-types", "tokio", ] @@ -3876,8 +3843,7 @@ dependencies = [ [[package]] name = "warp" version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1e92e22e03ff1230c03a1a8ee37d2f89cd489e2e541b7550d6afad96faed169" +source = "git+https://github.com/seanmonstar/warp.git?rev=7b07043cee0ca24e912155db4e8f6d9ab7c049ed#7b07043cee0ca24e912155db4e8f6d9ab7c049ed" dependencies = [ "bytes", "futures-channel", @@ -3890,14 +3856,13 @@ dependencies = [ "mime_guess", "percent-encoding", "pin-project", - "rustls-pemfile 1.0.2", + "rustls-pemfile", "scoped-tls", "serde", "serde_json", "serde_urlencoded", "tokio", "tokio-rustls", - "tokio-stream", "tokio-util", "tower-service", "tracing", diff --git a/Cargo.toml b/Cargo.toml index ee57b4271..02aa18613 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,7 +30,7 @@ color-print = "0.3.5" strsim = "0.10.0" whoami = "1.1" is-terminal = "0.4.4" -scram = "0.6.0" +scram = { git="https://github.com/elprans/scram" } rpassword = "6.0.1" colorful = "0.2.1" terminal_size = "0.2.5" @@ -76,7 +76,7 @@ sha2 = "0.10.2" base32 = "0.4.0" rand = "0.8.2" downcast-rs = "1.2.0" -base64 = "0.13" +base64 = "0.21.7" ring = {version="0.17.7", features=["std"]} shell-escape = "0.1.5" wait-timeout = "0.2.0" @@ -89,7 +89,7 @@ termimad = "0.20.1" minimad = "0.9.0" edgedb-cli-derive = { path="edgedb-cli-derive" } fs-err = "2.6.0" -pem = "1.0.2" +pem = "3.0.3" rustls = {version="0.22.2"} tokio-stream = "0.1.11" futures-util = "0.3.15" # used for signals @@ -121,7 +121,7 @@ shutdown_hooks = "0.1.0" test-case = "2.0.0" openssl = "0.10.30" tokio = {version="1.1.0", features=["rt-multi-thread"]} -warp = {version="0.3.6", default-features=false, features=["tls"]} +warp = {git="https://github.com/seanmonstar/warp.git", rev="7b07043cee0ca24e912155db4e8f6d9ab7c049ed", default-features=false, features=["tls"]} [build-dependencies] serde_json = "1.0" diff --git a/src/cloud/client.rs b/src/cloud/client.rs index f91267719..aaea35108 100644 --- a/src/cloud/client.rs +++ b/src/cloud/client.rs @@ -5,6 +5,9 @@ use std::io; use std::path::PathBuf; use std::time::Duration; +use base64::Engine; +use base64::engine::general_purpose::URL_SAFE_NO_PAD; + use anyhow::Context; use reqwest::{header, StatusCode}; @@ -96,7 +99,7 @@ impl CloudClient { .skip(1) .next() .context("malformed secret key: invalid JWT format")?; - let claims = base64::decode_config(claims_b64, base64::URL_SAFE_NO_PAD) + let claims = URL_SAFE_NO_PAD.decode(claims_b64) .context("malformed secret key: invalid base64 data")?; let claims: Claims = serde_json::from_slice(&claims) .context("malformed secret key: invalid JSON data")?; diff --git a/src/commands/ui.rs b/src/commands/ui.rs index 432242e54..764dcbdb1 100644 --- a/src/commands/ui.rs +++ b/src/commands/ui.rs @@ -179,6 +179,9 @@ mod jwt { use std::env; use std::path::PathBuf; + use base64::Engine; + use base64::engine::general_purpose::URL_SAFE_NO_PAD; + use fs_err as fs; use ring::rand::SecureRandom; use ring::signature::KeyPair; @@ -261,25 +264,19 @@ mod jwt { let jws = signature::EcdsaKeyPair::from_pkcs8( &signature::ECDSA_P256_SHA256_FIXED_SIGNING, - jws_pem.contents.as_slice(), + jws_pem.contents(), &rand, )?; let message = format!( "{}.{}", - base64::encode_config( - b"{\"typ\":\"JWT\",\"alg\":\"ES256\"}", - base64::URL_SAFE_NO_PAD, - ), - base64::encode_config( - b"{\"edgedb.server.any_role\":true}", - base64::URL_SAFE_NO_PAD, - ), + URL_SAFE_NO_PAD.encode(b"{\"typ\":\"JWT\",\"alg\":\"ES256\"}"), + URL_SAFE_NO_PAD.encode(b"{\"edgedb.server.any_role\":true}"), ); let signature = jws.sign(&self.rng, message.as_bytes())?; Ok(format!( "{}.{}", message, - base64::encode_config(signature, base64::URL_SAFE_NO_PAD), + URL_SAFE_NO_PAD.encode(signature), )) } @@ -291,7 +288,7 @@ mod jwt { let jwe = signature::EcdsaKeyPair::from_pkcs8( &signature::ECDSA_P256_SHA256_FIXED_SIGNING, - jwe_pem.contents.as_slice(), + jwe_pem.contents(), &rand, )?; @@ -314,8 +311,8 @@ mod jwt { .map_err(|_| anyhow::anyhow!("Error occurred while deriving key for JWT"))?; let enc_key = aead::LessSafeKey::new(aead::UnboundKey::new(&aead::AES_256_GCM, cek.as_ref())?); - let x = base64::encode_config(&epk[1..33], base64::URL_SAFE_NO_PAD); - let y = base64::encode_config(&epk[33..], base64::URL_SAFE_NO_PAD); + let x = URL_SAFE_NO_PAD.encode(&epk[1..33]); + let y = URL_SAFE_NO_PAD.encode(&epk[33..]); let protected = format!( "{{\ \"alg\":\"ECDH-ES\",\"enc\":\"A256GCM\",\"epk\":{{\ @@ -324,7 +321,7 @@ mod jwt { }}", x, y ); - let protected = base64::encode_config(protected.as_bytes(), base64::URL_SAFE_NO_PAD); + let protected = URL_SAFE_NO_PAD.encode(protected.as_bytes()); let mut nonce = vec![0; 96 / 8]; self.rng.fill(&mut nonce)?; let mut in_out = signed_token.as_bytes().to_vec(); @@ -337,9 +334,9 @@ mod jwt { Ok(format!( "{}..{}.{}.{}", protected, - base64::encode_config(nonce, base64::URL_SAFE_NO_PAD), - base64::encode_config(in_out, base64::URL_SAFE_NO_PAD), - base64::encode_config(tag.as_ref(), base64::URL_SAFE_NO_PAD), + URL_SAFE_NO_PAD.encode(nonce), + URL_SAFE_NO_PAD.encode(in_out), + URL_SAFE_NO_PAD.encode(tag.as_ref()), )) } } diff --git a/src/portable/link.rs b/src/portable/link.rs index c1b36d914..89dbde44d 100644 --- a/src/portable/link.rs +++ b/src/portable/link.rs @@ -216,10 +216,7 @@ pub fn link(cmd: &Link, opts: &Options) -> anyhow::Result<()> { config = config.with_password(&password); creds.password = Some(password); if let Some(cert) = &*verifier.cert_out.lock().unwrap() { - let pem = pem::encode(&pem::Pem { - tag: "CERTIFICATE".into(), - contents: cert.to_vec(), - }); + let pem = pem::encode(&pem::Pem::new("CERTIFICATE", cert.to_vec())); config = config.with_pem_certificates(&pem)?; } connect(&config)?; @@ -228,10 +225,7 @@ pub fn link(cmd: &Link, opts: &Options) -> anyhow::Result<()> { } } if let Some(cert) = &*verifier.cert_out.lock().unwrap() { - creds.tls_ca = Some(pem::encode(&pem::Pem { - tag: "CERTIFICATE".into(), - contents: cert.to_vec(), - })); + creds.tls_ca = Some(pem::encode(&pem::Pem::new("CERTIFICATE", cert.to_vec()))); } let (cred_path, instance_name) = match &cmd.name { diff --git a/src/portable/reset_password.rs b/src/portable/reset_password.rs index 24218bd32..e27b07ea8 100644 --- a/src/portable/reset_password.rs +++ b/src/portable/reset_password.rs @@ -122,8 +122,8 @@ pub fn reset_password(options: &ResetPassword) -> anyhow::Result<()> { Ok(()) } -fn _b64(s: &[u8]) -> Base64Display { - Base64Display::with_config(s, base64::STANDARD) +fn _b64(s: &[u8]) -> Base64Display { + Base64Display::new(s, &base64::engine::general_purpose::STANDARD) } pub fn password_hash(password: &str) -> String { @@ -155,8 +155,11 @@ fn _build_verifier(password: &str, salt: &[u8], iterations: u32) -> String { #[test] fn test_verifier() { + use base64::Engine; + use base64::engine::general_purpose::STANDARD; + let salt = "W22ZaJ0SNY7soEsUEjb6gQ=="; - let raw_salt = base64::decode(salt).unwrap(); + let raw_salt = STANDARD.decode(salt).unwrap(); let password = "pencil"; let verifier = _build_verifier(password, &raw_salt, 4096); let stored_key = "WG5d8oPm3OtcPnkdi4Uo7BkeZkBFzpcXkuLmtbsT4qY=";