Skip to content

Commit

Permalink
Update crypto dependencies.
Browse files Browse the repository at this point in the history
Closes #171.
SergioBenitez committed Mar 2, 2021

Verified

This commit was signed with the committer’s verified signature.
targos Michaël Zasso
1 parent 92db001 commit 3cdb632
Showing 3 changed files with 14 additions and 14 deletions.
12 changes: 6 additions & 6 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -23,12 +23,12 @@ time = "0.1"
percent-encoding = { version = "2.0", optional = true }

# dependencies for secure (private/signed) functionality
aes-gcm = { version = "0.5.0", optional = true }
hmac = { version = "0.7.1", optional = true }
sha2 = { version = "0.8.2", optional = true }
base64 = { version = "0.12.1", optional = true }
rand = { version = "0.7.3", optional = true }
hkdf = { version = "0.8.0", optional = true }
aes-gcm = { version = "0.8.0", optional = true }
hmac = { version = "0.10.1", optional = true }
sha2 = { version = "0.9.3", optional = true }
base64 = { version = "0.13.0", optional = true }
rand = { version = "0.8.3", optional = true }
hkdf = { version = "0.10.0", optional = true }

[package.metadata.docs.rs]
all-features = true
8 changes: 4 additions & 4 deletions src/secure/private.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
extern crate aes_gcm;

use self::aes_gcm::Aes256Gcm;
use self::aes_gcm::aead::{Aead, NewAead, generic_array::GenericArray, Payload};
use self::aes_gcm::aead::{Aead, AeadInPlace, NewAead, generic_array::GenericArray, Payload};

use crate::secure::{base64, rand, Key};
use crate::{Cookie, CookieJar};
@@ -48,7 +48,7 @@ impl<'a> PrivateJar<'a> {
let (nonce, cipher) = data.split_at(NONCE_LEN);
let payload = Payload { msg: cipher, aad: name.as_bytes() };

let aead = Aes256Gcm::new(GenericArray::clone_from_slice(&self.key));
let aead = Aes256Gcm::new(GenericArray::from_slice(&self.key));
aead.decrypt(GenericArray::from_slice(nonce), payload)
.map_err(|_| "invalid key/nonce/value: bad seal")
.and_then(|s| String::from_utf8(s).map_err(|_| "bad unsealed utf8"))
@@ -147,12 +147,12 @@ impl<'a> PrivateJar<'a> {
// Fill nonce piece with random data.
let mut rng = self::rand::thread_rng();
rng.try_fill_bytes(nonce).expect("couldn't random fill nonce");
let nonce = GenericArray::clone_from_slice(nonce);
let nonce = GenericArray::from_slice(nonce);

// Perform the actual sealing operation, using the cookie's name as
// associated data to prevent value swapping.
let aad = cookie.name().as_bytes();
let aead = Aes256Gcm::new(GenericArray::clone_from_slice(&self.key));
let aead = Aes256Gcm::new(GenericArray::from_slice(&self.key));
let aad_tag = aead.encrypt_in_place_detached(&nonce, aad, in_out)
.expect("encryption failure!");

8 changes: 4 additions & 4 deletions src/secure/signed.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use sha2::Sha256;
use hmac::{Hmac, Mac};
use hmac::{Hmac, Mac, NewMac};

use crate::secure::{base64, Key};
use crate::{Cookie, CookieJar};
@@ -34,10 +34,10 @@ impl<'a> SignedJar<'a> {
fn sign_cookie(&self, cookie: &mut Cookie) {
// Compute HMAC-SHA256 of the cookie's value.
let mut mac = Hmac::<Sha256>::new_varkey(&self.key).expect("good key");
mac.input(cookie.value().as_bytes());
mac.update(cookie.value().as_bytes());

// Cookie's new value is [MAC | original-value].
let mut new_value = base64::encode(&mac.result().code());
let mut new_value = base64::encode(&mac.finalize().into_bytes());
new_value.push_str(cookie.value());
cookie.set_value(new_value);
}
@@ -56,7 +56,7 @@ impl<'a> SignedJar<'a> {

// Perform the verification.
let mut mac = Hmac::<Sha256>::new_varkey(&self.key).expect("good key");
mac.input(value.as_bytes());
mac.update(value.as_bytes());
mac.verify(&digest)
.map(|_| value.to_string())
.map_err(|_| "value did not verify")

0 comments on commit 3cdb632

Please sign in to comment.