From 088008a030c91ab0d72ca9ea6d27f2ce3826cbf3 Mon Sep 17 00:00:00 2001 From: link2xt Date: Mon, 8 Jul 2024 17:09:07 +0000 Subject: [PATCH] chore(cargo): update rPGP from 0.11 to 0.13 --- Cargo.lock | 199 ++++++++++++++++++++++++++++++++++++++++------------- Cargo.toml | 2 +- deny.toml | 3 - src/key.rs | 32 +++++---- src/pgp.rs | 68 +++++++++--------- 5 files changed, 206 insertions(+), 98 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0a784f99c..c2074166d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -52,6 +52,20 @@ dependencies = [ "cpufeatures", ] +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "ahash" version = "0.8.11" @@ -181,6 +195,18 @@ dependencies = [ "backtrace", ] +[[package]] +name = "argon2" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" +dependencies = [ + "base64ct", + "blake2", + "cpufeatures", + "password-hash", +] + [[package]] name = "arrayref" version = "0.3.7" @@ -598,6 +624,15 @@ dependencies = [ "wyz", ] +[[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "blake3" version = "1.5.0" @@ -912,6 +947,17 @@ dependencies = [ "error-code", ] +[[package]] +name = "cmac" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8543454e3c3f5126effff9cd44d562af4e31fb8ce1cc0d3dcd8f084515dbc1aa" +dependencies = [ + "cipher", + "dbl", + "digest 0.10.7", +] + [[package]] name = "cobs" version = "0.2.3" @@ -1174,6 +1220,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + [[package]] name = "curve25519-dalek" version = "3.2.0" @@ -1224,16 +1279,6 @@ dependencies = [ "darling_macro 0.13.4", ] -[[package]] -name = "darling" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850" -dependencies = [ - "darling_core 0.14.4", - "darling_macro 0.14.4", -] - [[package]] name = "darling" version = "0.20.9" @@ -1258,20 +1303,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "darling_core" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0" -dependencies = [ - "fnv", - "ident_case", - "proc-macro2", - "quote", - "strsim 0.10.0", - "syn 1.0.109", -] - [[package]] name = "darling_core" version = "0.20.9" @@ -1297,17 +1328,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "darling_macro" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e" -dependencies = [ - "darling_core 0.14.4", - "quote", - "syn 1.0.109", -] - [[package]] name = "darling_macro" version = "0.20.9" @@ -1338,6 +1358,15 @@ version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2" +[[package]] +name = "dbl" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd2735a791158376708f9347fe8faba9667589d82427ef3aed6794a8981de3d9" +dependencies = [ + "generic-array", +] + [[package]] name = "default-net" version = "0.14.1" @@ -1623,33 +1652,33 @@ dependencies = [ [[package]] name = "derive_builder" -version = "0.12.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d67778784b508018359cbc8696edb3db78160bab2c2a28ba7f56ef6932997f8" +checksum = "0350b5cb0331628a5916d6c5c0b72e97393b8b6b03b47a9284f4e7f5a405ffd7" dependencies = [ "derive_builder_macro", ] [[package]] name = "derive_builder_core" -version = "0.12.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c11bdc11a0c47bc7d37d582b5285da6849c96681023680b906673c5707af7b0f" +checksum = "d48cda787f839151732d396ac69e3473923d54312c070ee21e9effcaa8ca0b1d" dependencies = [ - "darling 0.14.4", + "darling 0.20.9", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.68", ] [[package]] name = "derive_builder_macro" -version = "0.12.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebcda35c7a396850a55ffeac740804b40ffec779b98fffbb1738f4033f0ee79e" +checksum = "206868b8242f27cecce124c19fd88157fbd0dd334df2587f36417bafbc85097b" dependencies = [ "derive_builder_core", - "syn 1.0.109", + "syn 2.0.68", ] [[package]] @@ -1849,6 +1878,19 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" +[[package]] +name = "eax" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9954fabd903b82b9d7a68f65f97dc96dd9ad368e40ccc907a7c19d53e6bfac28" +dependencies = [ + "aead", + "cipher", + "cmac", + "ctr", + "subtle", +] + [[package]] name = "ecdsa" version = "0.14.8" @@ -2624,6 +2666,16 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "gif" version = "0.13.1" @@ -4087,6 +4139,18 @@ dependencies = [ "memchr", ] +[[package]] +name = "ocb3" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c196e0276c471c843dd5777e7543a36a298a4be942a2a688d8111cd43390dedb" +dependencies = [ + "aead", + "cipher", + "ctr", + "subtle", +] + [[package]] name = "oid-registry" version = "0.6.1" @@ -4299,6 +4363,17 @@ dependencies = [ "windows-targets 0.48.5", ] +[[package]] +name = "password-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +dependencies = [ + "base64ct", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "paste" version = "1.0.14" @@ -4395,12 +4470,14 @@ dependencies = [ [[package]] name = "pgp" -version = "0.11.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "031fa1e28c4cb54c90502ef0642a44ef10ec8349349ebe6372089f1b1ef4f297" +checksum = "aeab6e08a63a51a29a65e461d0b6fd0f8d350914712ec43773ca22ed51d5501c" dependencies = [ "aes", - "base64 0.21.7", + "aes-gcm", + "argon2", + "base64 0.22.1", "bitfield", "block-padding", "blowfish", @@ -4419,11 +4496,14 @@ dependencies = [ "des", "digest 0.10.7", "dsa", + "eax", + "ecdsa 0.16.9", "ed25519-dalek 2.1.1", "elliptic-curve 0.13.8", "flate2", "generic-array", "hex", + "hkdf", "idea", "iter-read", "k256", @@ -4433,12 +4513,15 @@ dependencies = [ "num-bigint-dig", "num-traits", "num_enum", + "ocb3", "p256 0.13.2", "p384 0.13.0", + "p521", "rand 0.8.5", "ripemd", "rsa 0.9.6", "sha1", + "sha1-checked", "sha2 0.10.8", "sha3", "signature 2.2.0", @@ -4641,6 +4724,18 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "portable-atomic" version = "1.6.0" @@ -5839,6 +5934,16 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha1-checked" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89f599ac0c323ebb1c6082821a54962b839832b03984598375bff3975b804423" +dependencies = [ + "digest 0.10.7", + "sha1", +] + [[package]] name = "sha2" version = "0.9.9" diff --git a/Cargo.toml b/Cargo.toml index afa69921e..0301419d1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -75,7 +75,7 @@ num-traits = { workspace = true } once_cell = { workspace = true } percent-encoding = "2.3" parking_lot = "0.12" -pgp = { version = "0.11", default-features = false } +pgp = { version = "0.13", default-features = false } qrcodegen = "1.7.0" quick-xml = "0.35" quoted_printable = "0.5" diff --git a/deny.toml b/deny.toml index dc2dc4a0a..54ad26359 100644 --- a/deny.toml +++ b/deny.toml @@ -47,9 +47,6 @@ skip = [ { name = "der", version = "0.6.1" }, { name = "digest", version = "<0.10" }, { name = "dlopen2", version = "0.4.1" }, - { name = "darling_core", version = "0.14.4" }, - { name = "darling_macro", version = "0.14.4" }, - { name = "darling", version = "0.14.4" }, { name = "ed25519-dalek", version = "1.0.1" }, { name = "ed25519", version = "1.5.3" }, { name = "event-listener", version = "2.5.3" }, diff --git a/src/key.rs b/src/key.rs index 21ef13fb6..bb053a95f 100644 --- a/src/key.rs +++ b/src/key.rs @@ -46,7 +46,19 @@ pub(crate) trait DcKey: Serialize + Deserializable + KeyTrait + Clone { /// the ASCII-armored representation. fn from_asc(data: &str) -> Result<(Self, BTreeMap)> { let bytes = data.as_bytes(); - Self::from_armor_single(Cursor::new(bytes)).context("rPGP error") + let (key, headers) = Self::from_armor_single(Cursor::new(bytes)).context("rPGP error")?; + let headers = headers + .into_iter() + .map(|(key, values)| { + ( + key.trim().to_lowercase(), + values + .last() + .map_or_else(String::new, |s| s.trim().to_string()), + ) + }) + .collect(); + Ok((key, headers)) } /// Serialise the key as bytes. @@ -168,13 +180,10 @@ impl DcKey for SignedPublicKey { // safe to ignore this error. // Because we write to a Vec the io::Write impls never // fail and we can hide this error. - let headers = header.map(|(key, value)| { - let mut m = BTreeMap::new(); - m.insert(key.to_string(), value.to_string()); - m - }); + let headers = + header.map(|(key, value)| BTreeMap::from([(key.to_string(), vec![value.to_string()])])); let mut buf = Vec::new(); - self.to_armored_writer(&mut buf, headers.as_ref()) + self.to_armored_writer(&mut buf, headers.as_ref().into()) .unwrap_or_default(); std::string::String::from_utf8(buf).unwrap_or_default() } @@ -186,13 +195,10 @@ impl DcKey for SignedSecretKey { // safe to do these unwraps. // Because we write to a Vec the io::Write impls never // fail and we can hide this error. The string is always ASCII. - let headers = header.map(|(key, value)| { - let mut m = BTreeMap::new(); - m.insert(key.to_string(), value.to_string()); - m - }); + let headers = + header.map(|(key, value)| BTreeMap::from([(key.to_string(), vec![value.to_string()])])); let mut buf = Vec::new(); - self.to_armored_writer(&mut buf, headers.as_ref()) + self.to_armored_writer(&mut buf, headers.as_ref().into()) .unwrap_or_default(); std::string::String::from_utf8(buf).unwrap_or_default() } diff --git a/src/pgp.rs b/src/pgp.rs index 17757e9bf..f1b032f27 100644 --- a/src/pgp.rs +++ b/src/pgp.rs @@ -11,6 +11,7 @@ use pgp::composed::{ Deserializable, KeyType as PgpKeyType, Message, SecretKeyParamsBuilder, SignedPublicKey, SignedPublicSubKey, SignedSecretKey, StandaloneSignature, SubkeyParamsBuilder, }; +use pgp::crypto::ecc_curve::ECCCurve; use pgp::crypto::hash::HashAlgorithm; use pgp::crypto::sym::SymmetricKeyAlgorithm; use pgp::types::{ @@ -115,7 +116,14 @@ pub fn split_armored_data(buf: &[u8]) -> Result<(BlockType, BTreeMap Res let (signing_key_type, encryption_key_type) = match keygen_type { KeyGenType::Rsa2048 => (PgpKeyType::Rsa(2048), PgpKeyType::Rsa(2048)), KeyGenType::Rsa4096 => (PgpKeyType::Rsa(4096), PgpKeyType::Rsa(4096)), - KeyGenType::Ed25519 | KeyGenType::Default => (PgpKeyType::EdDSA, PgpKeyType::ECDH), + KeyGenType::Ed25519 | KeyGenType::Default => { + (PgpKeyType::EdDSA, PgpKeyType::ECDH(ECCCurve::Curve25519)) + } }; let user_id = format!("<{addr}>"); @@ -262,7 +272,7 @@ pub async fn pk_encrypt( lit_msg.encrypt_to_keys(&mut rng, SYMMETRIC_KEY_ALGORITHM, &pkeys_refs)? }; - let encoded_msg = encrypted_msg.to_armored_string(None)?; + let encoded_msg = encrypted_msg.to_armored_string(Default::default())?; Ok(encoded_msg) }) @@ -279,7 +289,7 @@ pub fn pk_calc_signature( || "".into(), HASH_ALGORITHM, )?; - let signature = msg.into_signature().to_armored_string(None)?; + let signature = msg.into_signature().to_armored_string(Default::default())?; Ok(signature) } @@ -304,31 +314,26 @@ pub fn pk_decrypt( let skeys: Vec<&SignedSecretKey> = private_keys_for_decryption.iter().collect(); - let (decryptor, _) = msg.decrypt(|| "".into(), &skeys[..])?; - let msgs = decryptor.collect::>>()?; + let (msg, _) = msg.decrypt(|| "".into(), &skeys[..])?; - if let Some(msg) = msgs.into_iter().next() { - // get_content() will decompress the message if needed, - // but this avoids decompressing it again to check signatures - let msg = msg.decompress()?; + // get_content() will decompress the message if needed, + // but this avoids decompressing it again to check signatures + let msg = msg.decompress()?; - let content = match msg.get_content()? { - Some(content) => content, - None => bail!("The decrypted message is empty"), - }; + let content = match msg.get_content()? { + Some(content) => content, + None => bail!("The decrypted message is empty"), + }; - if let signed_msg @ pgp::composed::Message::Signed { .. } = msg { - for pkey in public_keys_for_validation { - if signed_msg.verify(&pkey.primary_key).is_ok() { - let fp = DcKey::fingerprint(pkey); - ret_signature_fingerprints.insert(fp); - } + if let signed_msg @ pgp::composed::Message::Signed { .. } = msg { + for pkey in public_keys_for_validation { + if signed_msg.verify(&pkey.primary_key).is_ok() { + let fp = DcKey::fingerprint(pkey); + ret_signature_fingerprints.insert(fp); } } - Ok((content, ret_signature_fingerprints)) - } else { - bail!("No valid messages found"); } + Ok((content, ret_signature_fingerprints)) } /// Validates detached signature. @@ -368,7 +373,7 @@ pub async fn symm_encrypt(passphrase: &str, plain: &[u8]) -> Result { let msg = lit_msg.encrypt_with_password(&mut rng, s2k, SYMMETRIC_KEY_ALGORITHM, || passphrase)?; - let encoded_msg = msg.to_armored_string(None)?; + let encoded_msg = msg.to_armored_string(Default::default())?; Ok(encoded_msg) }) @@ -384,16 +389,11 @@ pub async fn symm_decrypt( let passphrase = passphrase.to_string(); tokio::task::spawn_blocking(move || { - let decryptor = enc_msg.decrypt_with_password(|| passphrase)?; + let msg = enc_msg.decrypt_with_password(|| passphrase)?; - let msgs = decryptor.collect::>>()?; - if let Some(msg) = msgs.first() { - match msg.get_content()? { - Some(content) => Ok(content), - None => bail!("Decrypted message is empty"), - } - } else { - bail!("No valid messages found") + match msg.get_content()? { + Some(content) => Ok(content), + None => bail!("Decrypted message is empty"), } }) .await? @@ -410,7 +410,7 @@ mod tests { #[test] fn test_split_armored_data_1() { let (typ, _headers, base64) = split_armored_data( - b"-----BEGIN PGP MESSAGE-----\nNoVal:\n\naGVsbG8gd29ybGQ=\n-----END PGP MESSAGE----", + b"-----BEGIN PGP MESSAGE-----\nNoVal:\n\naGVsbG8gd29ybGQ=\n-----END PGP MESSAGE-----", ) .unwrap();