Skip to content

Commit

Permalink
Refactoring: update deps, improve local macros usage, etc (#83)
Browse files Browse the repository at this point in the history 
* feat: crypto: replaces `hmac_sha256` and `hmac_sha512` crates with `hmac` and `sha2` crates;

* feat(crypto-helper): small refactoring;

* refactor: fix clippy warnings;

* refactor(crypto-helper): refactor modules structure;

* chose: update deps;
  • Loading branch information
@TheBestTvarynka
TheBestTvarynka authored Dec 6, 2024
1 parent 53fc841 commit 69dd4cd
Show file tree
Hide file tree
Showing 21 changed files with 417 additions and 389 deletions.
609 changes: 290 additions & 319 deletions Cargo.lock
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ tracing = "0.1"
hex = "0.4"
gloo-timers = "0.3"
serde = { version = "1.0", features = ["derive"] }
serde_qs = "0.12"
serde_qs = "0.13"
serde_json = "1.0"
base64 = "0.22"
time = { version = "0.3", features = ["local-offset", "wasm-bindgen"] }
Expand All @@ -52,11 +52,11 @@ time = { version = "0.3", features = ["local-offset", "wasm-bindgen"] }
picky-krb = { git = "https://github.com/TheBestTravynka/picky-rs.git", rev = "604a246" }
picky = { version = "7.0.0-rc.8", default-features = false }
md5 = "0.7"
sha1 = "0.11.0-pre.3"
hmac-sha256 = "1.1"
hmac-sha512 = { version = "1.1", features = ["sha384"] }
sha1 = "0.10"
sha2 = "0.10.8"
hmac = "0.12.1"
rsa = "0.9"
bcrypt = "0.15"
bcrypt = "0.16"
flate2 = { version = "1.0", features = ["zlib"] }
rand = { version = "0.9.0-alpha.0", features = ["small_rng"] }
rand_chacha = "0.9.0-alpha.0"
Expand All @@ -69,4 +69,4 @@ oid = { version = "0.2", default-features = false }
paste = "1.0"

# diff
similar = { version = "2.4", features = ["serde"] }
similar = { version = "2.6", features = ["serde"] }
12 changes: 6 additions & 6 deletions crates/asn1-parser/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@ std = []
[dev-dependencies]
tracing-subscriber = { version = "0.3", default-features = false, features = ["std", "fmt", "ansi"] }
prop-strategies = { path = "../prop-strategies" }
proptest = "1.2.0"
proptest = "1.2"

[dependencies]
tracing = "0.1"
num-bigint-dig = { version = "0.8.4", default-features = false }
num-traits = { version = "0.2.17", default-features = false }
oid = { version = "0.2.1", default-features = false }
paste = "1.0.14"
env_logger = "0.11.3"
num-bigint-dig = { version = "0.8", default-features = false }
num-traits = { version = "0.2", default-features = false }
oid = { version = "0.2", default-features = false }
paste = "1.0"
env_logger = "0.11"
2 changes: 1 addition & 1 deletion crates/asn1-parser/src/string/validators.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ pub fn validate_general(_: &str) -> bool {
}

pub fn validate_printable(data: &str) -> bool {
const ALLOWED_SPECIAL: &[u8] = &[b' ', b'\'', b'(', b')', b'+', b',', b'-', b'.', b'/', b':', b'=', b'?'];
const ALLOWED_SPECIAL: &[u8] = b" '()+,-./:=?";

for c in data.as_bytes() {
if !(c.is_ascii_lowercase() || c.is_ascii_uppercase() || c.is_ascii_digit() || ALLOWED_SPECIAL.contains(c)) {
Expand Down
2 changes: 1 addition & 1 deletion rust-toolchain.toml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
[toolchain]
channel = "1.80.1"
channel = "1.83"
components = [ "rustfmt", "clippy" ]
0 src/asn1.rs → src/asn1/mod.rs
View file
File renamed without changes.
0 src/asn1/scheme.rs → src/asn1/scheme/mod.rs
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions src/crypto_helper/algorithm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,15 +412,15 @@ pub enum Argon2Error<'a> {
InvalidVariant(&'a str),
}

impl<'a> std::fmt::Display for Argon2Error<'a> {
impl std::fmt::Display for Argon2Error<'_> {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Self::InvalidVersion(version) => write!(f, "InvalidVersion({version})"),
Self::InvalidVariant(variant) => write!(f, "InvalidVariant({variant})"),
}
}
}
impl<'a> std::error::Error for Argon2Error<'a> {}
impl std::error::Error for Argon2Error<'_> {}

impl Argon2Input {
pub fn with_variant(&self, variant: Argon2Variant) -> Self {
Expand Down
1 change: 0 additions & 1 deletion src/crypto_helper/info.rs → src/crypto_helper/info/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ use yew::{function_component, html, use_state, Callback, Html, Properties, Targe
use super::algorithm::Algorithm;
use crate::crypto_helper::algorithm::{COMPRESSION_ALGOS, ENCRYPTION_ALGOS, HASHING_ALGOS, HMAC_ALGOS};
use crate::crypto_helper::info::algo_search::AlgoSearch;
use crate::generate_algo_list_for_yew;

#[derive(PartialEq, Properties)]
pub struct InfoProps {
Expand Down
0 src/crypto_helper/input.rs → src/crypto_helper/input/mod.rs
View file
File renamed without changes.
1 change: 0 additions & 1 deletion src/crypto_helper/macros.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
#[macro_export]
macro_rules! generate_algo_list_for_yew {
(algo_list: $algo_list:expr, props: $props:expr) => {{
let mut sorted_algo_list = $algo_list.to_vec();
Expand Down
28 changes: 24 additions & 4 deletions src/crypto_helper.rs → src/crypto_helper/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
#[macro_use]
pub mod macros;

mod algorithm;
mod computations;
mod info;
mod input;
mod macros;
mod output;

pub use algorithm::Algorithm;
Expand Down Expand Up @@ -30,9 +32,27 @@ fn convert(algrithm: &Algorithm) -> Result<Vec<u8>, String> {
sha1.update(input);
Ok(sha1.finalize().to_vec())
}
Algorithm::Sha256(input) => Ok(hmac_sha256::Hash::hash(input).to_vec()),
Algorithm::Sha384(input) => Ok(hmac_sha512::sha384::Hash::hash(input).to_vec()),
Algorithm::Sha512(input) => Ok(hmac_sha512::Hash::hash(input).to_vec()),
Algorithm::Sha256(input) => Ok({
use sha2::Digest;

let mut hasher = sha2::Sha256::new();
hasher.update(input);
hasher.finalize().to_vec()
}),
Algorithm::Sha384(input) => Ok({
use sha2::Digest;

let mut hasher = sha2::Sha384::new();
hasher.update(input);
hasher.finalize().to_vec()
}),
Algorithm::Sha512(input) => Ok({
use sha2::Digest;

let mut hasher = sha2::Sha512::new();
hasher.update(input);
hasher.finalize().to_vec()
}),
Algorithm::Aes128CtsHmacSha196(input) => process_krb_cipher(CipherSuite::Aes128CtsHmacSha196.cipher(), input),
Algorithm::Aes256CtsHmacSha196(input) => process_krb_cipher(CipherSuite::Aes256CtsHmacSha196.cipher(), input),
Algorithm::HmacSha196Aes128(input) => process_krb_hmac(ChecksumSuite::HmacSha196Aes128.hasher(), input),
Expand Down
0 src/crypto_helper/output.rs → src/crypto_helper/output/mod.rs
View file
File renamed without changes.
0 src/diff.rs → src/diff/mod.rs
View file
File renamed without changes.
0 src/jwt/jwt.rs → src/jwt/jwt/mod.rs
View file
File renamed without changes.
84 changes: 48 additions & 36 deletions src/jwt/jwt_utils.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ use super::jwt::Jwt;
use super::signature::JwtSignatureAlgorithm;
use crate::common::{build_byte_input, build_simple_output, BytesFormat};
use crate::url_query_params::generate_jwt_link;
use crate::{check_asymmetric_key, check_symmetric_key, generate_placeholder, sign, verify};

const DEFAULT_TEXT_FOR_RSA_PLACEHOLDER: &str = "RSA private/public key in PEM (-----BEGIN RSA PRIVATE/PUBLIC KEY-----)";
const DEFAULT_TEXT_FOR_EC_PLACEHOLDER: &str = "EC private/public key in PEM (-----BEGIN EC PRIVATE/PUBLIC KEY-----)";
Expand Down Expand Up @@ -129,7 +128,11 @@ fn calculate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

Some(hmac_sha256::HMAC::mac(data_to_sign.as_bytes(), key).to_vec())
Some(sign_hmac!(
hash_alg: sha2::Sha256,
key: key,
msg: data_to_sign.as_bytes(),
))
}
JwtSignatureAlgorithm::Hs384(key) => {
check_symmetric_key!(
Expand All @@ -139,7 +142,11 @@ fn calculate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

Some(hmac_sha512::sha384::HMAC::mac(data_to_sign.as_bytes(), key).to_vec())
Some(sign_hmac!(
hash_alg: sha2::Sha384,
key: key,
msg: data_to_sign.as_bytes(),
))
}
JwtSignatureAlgorithm::Hs512(key) => {
check_symmetric_key!(
Expand All @@ -149,7 +156,11 @@ fn calculate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

Some(hmac_sha512::HMAC::mac(data_to_sign.as_bytes(), key).to_vec())
Some(sign_hmac!(
hash_alg: sha2::Sha512,
key: key,
msg: data_to_sign.as_bytes(),
))
}
JwtSignatureAlgorithm::Rs256(key) => {
let private_key = check_asymmetric_key!(
Expand Down Expand Up @@ -271,8 +282,8 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
STANDARD.encode(jwt.parsed_payload.as_bytes())
);

let calculated_signature = match &jwt.signature_algorithm {
JwtSignatureAlgorithm::None => Vec::new(),
Some(match &jwt.signature_algorithm {
JwtSignatureAlgorithm::None => Vec::<u8>::new() == jwt.signature,
JwtSignatureAlgorithm::Hs256(key) => {
check_symmetric_key!(
key: key,
Expand All @@ -281,7 +292,12 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

hmac_sha256::HMAC::mac(data_to_sign.as_bytes(), key).to_vec()
verify_hmac!(
hash_alg: sha2::Sha384,
key: key,
msg: data_to_sign.as_bytes(),
digest: jwt.signature.as_slice(),
)
}
JwtSignatureAlgorithm::Hs384(key) => {
check_symmetric_key!(
Expand All @@ -291,7 +307,12 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

hmac_sha512::sha384::HMAC::mac(data_to_sign.as_bytes(), key).to_vec()
verify_hmac!(
hash_alg: sha2::Sha384,
key: key,
msg: data_to_sign.as_bytes(),
digest: jwt.signature.as_slice(),
)
}
JwtSignatureAlgorithm::Hs512(key) => {
check_symmetric_key!(
Expand All @@ -301,7 +322,12 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
notificator: spawn_notification
);

hmac_sha512::HMAC::mac(data_to_sign.as_bytes(), key).to_vec()
verify_hmac!(
hash_alg: sha2::Sha512,
key: key,
msg: data_to_sign.as_bytes(),
digest: jwt.signature.as_slice(),
)
}
JwtSignatureAlgorithm::Rs256(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -311,16 +337,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::RsaPkcs1v15,
hash_algo: HashAlgorithm::SHA2_256,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Rs384(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -330,16 +354,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::RsaPkcs1v15,
hash_algo: HashAlgorithm::SHA2_384,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Rs512(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -349,16 +371,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::RsaPkcs1v15,
hash_algo: HashAlgorithm::SHA2_512,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Es256(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -368,16 +388,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::Ecdsa,
hash_algo: HashAlgorithm::SHA2_256,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Es384(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -387,16 +405,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::Ecdsa,
hash_algo: HashAlgorithm::SHA2_384,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Es512(key) => {
let public_key = check_asymmetric_key!(
Expand All @@ -406,16 +422,14 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->
key_kind: PublicKey,
);

let is_ok = verify!(
verify!(
signature_algo: SignatureAlgorithm::Ecdsa,
hash_algo: HashAlgorithm::SHA2_512,
public_key: &public_key,
data_to_sign: data_to_sign.as_bytes(),
jwt_signature: &jwt.signature,
notificator: spawn_notification
);

return Some(is_ok);
)
}
JwtSignatureAlgorithm::Unsupported(algo_name) => {
spawn_notification.emit(Notification::from_description_and_type(
Expand All @@ -425,9 +439,7 @@ fn validate_signature(jwt: &Jwt, spawn_notification: Callback<Notification>) ->

return None;
}
};

Some(jwt.signature == calculated_signature)
})
}

pub fn generate_jwt(jwt: &Jwt, spawn_notification: Callback<Notification>) -> Option<Vec<u8>> {
Expand Down
Loading

0 comments on commit 69dd4cd

Please sign in to comment.