diff --git a/Cargo.lock b/Cargo.lock index 7d9010c1..274e67f6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -487,6 +487,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + [[package]] name = "block2" version = "0.6.2" @@ -669,6 +678,12 @@ dependencies = [ "cc", ] +[[package]] +name = "cmov" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" + [[package]] name = "colorchoice" version = "1.0.4" @@ -714,6 +729,12 @@ dependencies = [ "yaml-rust2", ] +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + [[package]] name = "const-random" version = "0.1.18" @@ -835,6 +856,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + [[package]] name = "crypto-mac" version = "0.11.0" @@ -845,6 +875,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "ctutils" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e" +dependencies = [ + "cmov", +] + [[package]] name = "darling" version = "0.20.11" @@ -1083,10 +1122,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.4", - "crypto-common", + "crypto-common 0.1.7", "subtle", ] +[[package]] +name = "digest" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2" +dependencies = [ + "block-buffer 0.12.0", + "const-oid", + "crypto-common 0.2.1", + "ctutils", +] + [[package]] name = "dispatch2" version = "0.3.1" @@ -1656,11 +1707,11 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hkdf" -version = "0.12.4" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +checksum = "4aaa26c720c68b866f2c96ef5c1264b3e6f473fe5d4ce61cd44bbe913e553018" dependencies = [ - "hmac 0.12.1", + "hmac 0.13.0", ] [[package]] @@ -1682,6 +1733,15 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "hmac" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" +dependencies = [ + "digest 0.11.3", +] + [[package]] name = "home" version = "0.5.12" @@ -1764,6 +1824,15 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" +[[package]] +name = "hybrid-array" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9155a582abd142abc056962c29e3ce5ff2ad5469f4246b537ed42c5deba857da" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" version = "1.8.1" @@ -3498,7 +3567,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys 0.12.1", - "windows-sys 0.59.0", + "windows-sys 0.61.2", ] [[package]] @@ -3889,6 +3958,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.3", +] + [[package]] name = "shlex" version = "1.3.0" @@ -4152,7 +4232,7 @@ dependencies = [ "glean", "hawk", "hex", - "hmac 0.12.1", + "hmac 0.13.0", "hostname", "http 1.4.0", "lazy_static", @@ -4162,7 +4242,7 @@ dependencies = [ "sentry", "serde", "serde_json", - "sha2 0.10.9", + "sha2 0.11.0", "slog", "slog-async", "slog-envlogger", @@ -4205,7 +4285,7 @@ dependencies = [ "sentry", "sentry-backtrace", "serde_json", - "sha2 0.10.9", + "sha2 0.11.0", "slog", "slog-scope", ] @@ -4399,7 +4479,7 @@ dependencies = [ "getrandom 0.4.2", "once_cell", "rustix 1.1.4", - "windows-sys 0.59.0", + "windows-sys 0.61.2", ] [[package]] @@ -4552,7 +4632,7 @@ dependencies = [ "dyn-clone", "hex", "hkdf", - "hmac 0.12.1", + "hmac 0.13.0", "jsonwebtoken", "mockito", "pyo3", @@ -4560,7 +4640,7 @@ dependencies = [ "ring", "serde", "serde_json", - "sha2 0.10.9", + "sha2 0.11.0", "slog-scope", "syncserver-common", "thiserror 2.0.18", @@ -4894,9 +4974,9 @@ checksum = "bc7d623258602320d5c55d1bc22793b57daff0ec7efc270ea7d55ce1d5f5471c" [[package]] name = "typenum" -version = "1.19.0" +version = "1.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" [[package]] name = "ucd-trie" diff --git a/Cargo.toml b/Cargo.toml index fb14ceb8..080de607 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -52,8 +52,8 @@ futures-util = { version = "0.3", features = [ ] } hex = "0.4" hostname = "0.4" -hkdf = "0.12" -hmac = "0.12" +hkdf = "0.13" +hmac = "0.13" http = "1.4" jsonwebtoken = { version = "10.3", default-features = false, features = ["aws_lc_rs"] } lazy_static = "1.5" @@ -71,7 +71,7 @@ sentry-backtrace = "0.46.2" serde = "1.0" serde_derive = "1.0" serde_json = { version = "1.0", features = ["arbitrary_precision"] } -sha2 = "0.10" +sha2 = "0.11" slog = { version = "2.8", features = [ "max_level_trace", "release_max_level_info", diff --git a/syncserver/src/server/test.rs b/syncserver/src/server/test.rs index 46088547..2c4b6822 100644 --- a/syncserver/src/server/test.rs +++ b/syncserver/src/server/test.rs @@ -12,7 +12,7 @@ use actix_web::{ use base64::{Engine, engine}; use chrono::offset::Utc; use hawk::{self, Credentials, Key, RequestBuilder}; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use http::StatusCode; use lazy_static::lazy_static; use serde::de::DeserializeOwned; diff --git a/syncserver/src/tokenserver/extractors.rs b/syncserver/src/tokenserver/extractors.rs index 536acc03..f55478e0 100644 --- a/syncserver/src/tokenserver/extractors.rs +++ b/syncserver/src/tokenserver/extractors.rs @@ -15,7 +15,7 @@ use actix_web::{ use base64::{Engine, engine}; use futures::future::LocalBoxFuture; use hex; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use http::StatusCode; use lazy_static::lazy_static; use regex::Regex; diff --git a/syncserver/src/web/auth.rs b/syncserver/src/web/auth.rs index d7f44107..cbafef14 100644 --- a/syncserver/src/web/auth.rs +++ b/syncserver/src/web/auth.rs @@ -9,7 +9,7 @@ use base64::{Engine, engine}; use chrono::{TimeDelta, offset::Utc}; use hawk::{self, Header as HawkHeader, Key, RequestBuilder}; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use serde::{Deserialize, Serialize}; use sha2::Sha256; use syncserver_common; @@ -201,7 +201,7 @@ impl HawkPayload { fn verify_hmac(info: &[u8], key: &[u8], expected: &[u8]) -> ApiResult<()> { let mut hmac = Hmac::::new_from_slice(key)?; hmac.update(info); - hmac.verify(expected.into()).map_err(From::from) + hmac.verify_slice(expected).map_err(From::from) } #[cfg(test)] diff --git a/syncserver/src/web/extractors/test_utils.rs b/syncserver/src/web/extractors/test_utils.rs index 29c3f907..63c8d3fe 100644 --- a/syncserver/src/web/extractors/test_utils.rs +++ b/syncserver/src/web/extractors/test_utils.rs @@ -12,7 +12,7 @@ use base64::{Engine, engine}; use futures::executor::block_on; use glean::server_events::GleanEventsLogger; use hawk::{Credentials, Key, RequestBuilder}; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use lazy_static::lazy_static; use sha2::Sha256; use tokio::sync::RwLock; diff --git a/tokenserver-auth/src/crypto.rs b/tokenserver-auth/src/crypto.rs index cd7d3dfc..d2f86ef3 100644 --- a/tokenserver-auth/src/crypto.rs +++ b/tokenserver-auth/src/crypto.rs @@ -1,5 +1,5 @@ use hkdf::Hkdf; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use jsonwebtoken::{Algorithm, DecodingKey, Validation, errors::ErrorKind, jwk::Jwk}; use ring::rand::{SecureRandom, SystemRandom}; use serde::de::DeserializeOwned;