From 85c7545ef82c1c65eb21333c6041df09378be0f4 Mon Sep 17 00:00:00 2001 From: Sergi Delgado Segura Date: Fri, 26 Jul 2024 14:29:56 -0400 Subject: [PATCH] Bumps rcgen to version 0.13.1 and updates tls.rs accordingly --- Cargo.lock | 149 +++++++++++++++++++++++++++--------------------- teos/Cargo.toml | 2 +- teos/src/tls.rs | 29 +++++----- 3 files changed, 100 insertions(+), 80 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 02e85ba2..a8ace649 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -72,9 +72,9 @@ checksum = "08f9b8508dccb7687a1d6c4ce66b2b0ecef467c94667de27d8d7fe1f8d2a9cdc" [[package]] name = "asn1-rs" -version = "0.5.2" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0" +checksum = "22ad1373757efa0f70ec53939aabc7152e1591cb485208052993070ac8d2429d" dependencies = [ "asn1-rs-derive", "asn1-rs-impl", @@ -88,25 +88,25 @@ dependencies = [ [[package]] name = "asn1-rs-derive" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" +checksum = "7378575ff571966e99a744addeff0bff98b8ada0dedf1956d59e634db95eaac1" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", - "synstructure", + "syn 2.0.43", + "synstructure 0.13.1", ] [[package]] name = "asn1-rs-impl" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.43", ] [[package]] @@ -590,9 +590,9 @@ checksum = "eaa37046cc0f6c3cc6090fbdbf73ef0b8ef4cfcc37f6befc0020f63e8cf121e1" [[package]] name = "der-parser" -version = "8.2.0" +version = "9.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e" +checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553" dependencies = [ "asn1-rs", "displaydoc", @@ -602,6 +602,15 @@ dependencies = [ "rusticata-macros", ] +[[package]] +name = "deranged" +version = "0.3.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" +dependencies = [ + "powerfmt", +] + [[package]] name = "derive_more" version = "0.99.17" @@ -1609,7 +1618,7 @@ dependencies = [ "log", "memchr", "mime", - "spin 0.9.8", + "spin", "version_check", ] @@ -1669,6 +1678,12 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-integer" version = "0.1.45" @@ -1718,9 +1733,9 @@ dependencies = [ [[package]] name = "oid-registry" -version = "0.6.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff" +checksum = "1c958dd45046245b9c3c2547369bb634eb461670b2e7e0de552905801a648d1d" dependencies = [ "asn1-rs", ] @@ -1911,6 +1926,12 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.16" @@ -2124,12 +2145,13 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.12.1" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48406db8ac1f3cbc7dcdb56ec355343817958a356ff430259bb07baf7607e1e1" +checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" dependencies = [ "pem", - "ring 0.17.7", + "ring", + "rustls-pki-types", "time", "x509-parser", "yasna", @@ -2235,21 +2257,6 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4389f1d5789befaf6029ebd9f7dac4af7f7e3d61b69d4f30e2ac02b57e7712b0" -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi 0.3.9", -] - [[package]] name = "ring" version = "0.17.7" @@ -2259,8 +2266,8 @@ dependencies = [ "cc", "getrandom 0.2.11", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "spin", + "untrusted", "windows-sys 0.48.0", ] @@ -2324,7 +2331,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" dependencies = [ "log", - "ring 0.17.7", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -2352,9 +2359,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.3.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" @@ -2362,9 +2369,9 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring 0.17.7", + "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -2451,22 +2458,22 @@ checksum = "8cb243bdfdb5936c8dc3c45762a19d12ab4550cdc753bc247637d4ec35a040fd" [[package]] name = "serde" -version = "1.0.136" +version = "1.0.193" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce31e24b01e1e524df96f1c2fdd054405f8d7376249a5110886fb4b658484789" +checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.136" +version = "1.0.193" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08597e7152fcd306f41838ed3e37be9eaeed2b61c42e2117266a554fab4662f9" +checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.43", ] [[package]] @@ -2607,12 +2614,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -2695,6 +2696,17 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "synstructure" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.43", +] + [[package]] name = "tempdir" version = "0.3.7" @@ -2809,21 +2821,36 @@ dependencies = [ [[package]] name = "time" -version = "0.3.7" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "004cbc98f30fa233c61a38bc77e96a9106e65c88f2d3bef182ae952027e5753d" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ + "deranged", "itoa 1.0.10", "libc", + "num-conv", "num_threads", + "powerfmt", + "serde", + "time-core", "time-macros", ] +[[package]] +name = "time-core" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" + [[package]] name = "time-macros" -version = "0.2.3" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" +checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" +dependencies = [ + "num-conv", + "time-core", +] [[package]] name = "tinyvec" @@ -3223,12 +3250,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -3728,9 +3749,9 @@ dependencies = [ [[package]] name = "x509-parser" -version = "0.15.1" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da" +checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69" dependencies = [ "asn1-rs", "data-encoding", @@ -3738,7 +3759,7 @@ dependencies = [ "lazy_static", "nom", "oid-registry", - "ring 0.16.20", + "ring", "rusticata-macros", "thiserror", "time", @@ -3771,5 +3792,5 @@ dependencies = [ "proc-macro2", "quote", "syn 1.0.98", - "synstructure", + "synstructure 0.12.6", ] diff --git a/teos/Cargo.toml b/teos/Cargo.toml index 7a4696ba..0fe9339c 100644 --- a/teos/Cargo.toml +++ b/teos/Cargo.toml @@ -20,7 +20,7 @@ hex = { version = "0.4.3", features = [ "serde" ] } home = "0.5.3" log = "0.4" prost = "0.12" -rcgen = { version = "0.12", features = ["pem", "x509-parser"] } +rcgen = { version = "0.13.1", features = ["pem", "x509-parser"] } rusqlite = { version = "0.26.0", features = [ "bundled", "limits" ] } serde = "1.0.130" serde_json = "1.0" diff --git a/teos/src/tls.rs b/teos/src/tls.rs index 1cdee4c8..e5bbdb32 100644 --- a/teos/src/tls.rs +++ b/teos/src/tls.rs @@ -35,16 +35,15 @@ pub struct Identity { pub certificate: Vec, } -impl TryFrom<&Identity> for Certificate { +impl TryFrom<&Identity> for (Certificate, KeyPair) { type Error = Error; - fn try_from(id: &Identity) -> Result { - let keystr = String::from_utf8_lossy(&id.key); - let key = KeyPair::from_pem(&keystr)?; - let certstr = String::from_utf8_lossy(&id.certificate); - let params = rcgen::CertificateParams::from_ca_cert_pem(&certstr, key)?; - let cert = Certificate::from_params(params)?; - Ok(cert) + fn try_from(id: &Identity) -> Result<(Certificate, KeyPair), Error> { + let key = KeyPair::from_pem(&String::from_utf8_lossy(&id.key))?; + let params = + rcgen::CertificateParams::from_ca_cert_pem(&String::from_utf8_lossy(&id.certificate))?; + let cert = params.self_signed(&key)?; + Ok((cert, key)) } } @@ -72,15 +71,13 @@ fn generate_or_load_identity( // Did we have to generate a new key? In that case we also need to regenerate the certificate. if !key_path.exists() || !cert_path.exists() { log::debug!("Generating a new keypair in {key_path:?}, it didn't exist",); - let keypair = KeyPair::generate(&rcgen::PKCS_ECDSA_P256_SHA256)?; + let keypair = KeyPair::generate()?; std::fs::write(&key_path, keypair.serialize_pem())?; log::debug!("Generating a new certificate for key {key_path:?} at {cert_path:?}",); // Configure the certificate we want. let subject_alt_names = vec!["teos".to_string(), "localhost".to_string()]; - let mut params = rcgen::CertificateParams::new(subject_alt_names); - params.key_pair = Some(keypair); - params.alg = &rcgen::PKCS_ECDSA_P256_SHA256; + let mut params = rcgen::CertificateParams::new(subject_alt_names)?; if parent.is_none() { params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained); } else { @@ -90,12 +87,14 @@ fn generate_or_load_identity( .distinguished_name .push(rcgen::DnType::CommonName, name); - let cert = Certificate::from_params(params)?; std::fs::write( &cert_path, match parent { - None => cert.serialize_pem()?, - Some(ca) => cert.serialize_pem_with_signer(&Certificate::try_from(ca)?)?, + None => params.self_signed(&keypair)?.pem(), + Some(ca) => { + let (ca_cert, ca_key) = <(Certificate, KeyPair)>::try_from(ca)?; + params.signed_by(&keypair, &ca_cert, &ca_key)?.pem() + } }, )?; }