Merge pull request #91 from freifunk-saar/deps

update dependencies
freifunk-saar · Dec 29, 2023 · 5a9da03 · 5a9da03
2 parents faade5d + d36fb59
commit 5a9da03
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 26 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,15 +13,15 @@ rocket_dyn_templates = { version = "0.1.0", features = ["handlebars"] }
 rocket_sync_db_pools = { version = "0.1.0", features = ["diesel_postgres_pool"] }
 diesel = { version = "2.0", features = ["postgres"] }
 diesel_migrations = "2.0"
-ring = "0.13" # tied to 0.13 due to Rocket
+ring = "0.17"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_repr = "0.1"
 rmp-serde = "1"
 anyhow = "1.0.31"
 thiserror = "1.0"
 url = { version = "2.2", features = ["serde"] }
-base64 = "0.13"
+base64 = "0.21"
 hex = "0.4.3"
 reqwest = { version = "0.11", features = ["json"] }
 chrono = { version = "0.4.2", features = ["serde"] }

diff --git a/src/action.rs b/src/action.rs
@@ -51,21 +51,21 @@ pub struct SignedAction {
 }
 
 impl Action {
-    fn compute_signature(&self, key: &hmac::SigningKey) -> hmac::Signature {
+    fn compute_signature(&self, key: &hmac::Key) -> hmac::Tag {
         let buf = serialize_to_vec(self).expect("failed to encode Action");
         hmac::sign(&key, buf.as_slice())
     }
 
     fn verify_signature(
         &self,
-        key: &hmac::SigningKey,
+        key: &hmac::Key,
         signature: &[u8],
     ) -> Result<(), error::Unspecified> {
         let buf = serialize_to_vec(self).expect("failed to encode Action");
-        hmac::verify_with_own_key(&key, buf.as_slice(), signature)
+        hmac::verify(&key, buf.as_slice(), signature)
     }
 
-    pub fn sign(self, key: &hmac::SigningKey) -> SignedAction {
+    pub fn sign(self, key: &hmac::Key) -> SignedAction {
         let signature = self.compute_signature(key);
         let signature = signature.as_ref().to_vec().into_boxed_slice();
         SignedAction {
@@ -107,7 +107,7 @@ impl Action {
 }
 
 impl SignedAction {
-    pub fn verify(self, key: &hmac::SigningKey) -> Result<Action, error::Unspecified> {
+    pub fn verify(self, key: &hmac::Key) -> Result<Action, error::Unspecified> {
         // Using a match to make it really clear we don't return the action in case of failure
         match self.action.verify_signature(key, &*self.signature) {
             Ok(_) => Ok(self.action),

diff --git a/src/config.rs b/src/config.rs
@@ -57,7 +57,7 @@ impl Urls {
 pub struct Secrets {
     pub smtp_host: Option<String>,
     #[serde(with = "util::hex_signing_key")]
-    pub action_signing_key: hmac::SigningKey,
+    pub action_signing_key: hmac::Key,
 }
 
 impl Secrets {

diff --git a/src/routes.rs b/src/routes.rs
@@ -16,6 +16,7 @@
 
 use std::collections::HashSet;
 
+use base64::Engine as _;
 use rocket::{form::Form, response::Debug, State};
 use rocket::{get, post, routes, uri};
 use rocket_dyn_templates::Template;
@@ -34,6 +35,9 @@ use crate::DbConn;
 
 type Result<T> = std::result::Result<T, Debug<anyhow::Error>>;
 
+const BASE64_ENGINE: base64::engine::GeneralPurpose =
+    base64::engine::general_purpose::URL_SAFE_NO_PAD;
+
 #[get("/")]
 fn index(renderer: Renderer) -> Result<Template> {
     Ok(renderer.render("index", json!({}))?)
@@ -95,7 +99,7 @@ async fn prepare_action(
     // obtain bytes for signed action payload
     let signed_action = action.clone().sign(&config.secrets.action_signing_key);
     let signed_action = serialize_to_vec(&signed_action).map_err(|e| Debug(e.into()))?;
-    let signed_action = base64::encode(&signed_action);
+    let signed_action = BASE64_ENGINE.encode(&signed_action);
 
     // compute some URLs
     let action_url = config
@@ -167,12 +171,14 @@ async fn run_action(
 ) -> Result<Template> {
     // Determine and verify action
     let action: Result<Action> = (|| {
-        let signed_action = base64::decode(signed_action.as_str()).map_err(|e| Debug(e.into()))?;
+        let signed_action = BASE64_ENGINE
+            .decode(signed_action.as_str())
+            .map_err(|e| Debug(e.into()))?;
         let signed_action: SignedAction =
             deserialize_from_slice(signed_action.as_slice()).map_err(|e| Debug(e.into()))?;
         Ok(signed_action
             .verify(&config.secrets.action_signing_key)
-            .map_err(|e| Debug(e.into()))?)
+            .map_err(|_| anyhow::anyhow!("signature verification failed"))?)
     })();
     let action = match action {
         Ok(a) => a,

diff --git a/src/util.rs b/src/util.rs
@@ -34,15 +34,15 @@ use crate::config::Config;
 /// Module for serde "with" to use hex encoding to byte arrays
 pub mod hex_signing_key {
     use hex;
-    use ring::{digest, hmac};
+    use ring::hmac;
     use serde::{de::Error, Deserialize, Deserializer};
 
-    pub fn deserialize<'de, D>(deserializer: D) -> Result<hmac::SigningKey, D::Error>
+    pub fn deserialize<'de, D>(deserializer: D) -> Result<hmac::Key, D::Error>
     where
         D: Deserializer<'de>,
     {
         let bytes = hex::decode(String::deserialize(deserializer)?).map_err(Error::custom)?;
-        Ok(hmac::SigningKey::new(&digest::SHA256, bytes.as_slice()))
+        Ok(hmac::Key::new(hmac::HMAC_SHA256, bytes.as_slice()))
     }
 }