kookie
/
irdest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update blake2 to 0.9.1 everywhere

Browse Source 
0.8.1 depends on a version of generic_array that has an unsoundness
bug.

The VarBlake2b hasher now gives us a Box<[u8]> instead of a Vec, which
meant it could no longer be passed straight to Identity::truncate in
ratman-identity.  I noticed that that method took an Into<&Vec<u8>>,
which I don't think anything other than Vec actually implements --
other things implement Into<Vec<u8>>, but not Into<&Vec<u8>>.  I think
the correct type to use here to allow a vec to be borrowed is
AsRef<[u8]> (which types like Box<[u8]> do actually implement), so
I've changed it to take that instead.
develop
Alyssa Ross 3 years ago committed by Katharina Fey
parent 8f008bee57
commit 384248f32c
Signed by: kookie
GPG Key ID: F972AEEA2887D547
6 changed files with 31 additions and 88 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 94
      Cargo.lock
  2. 2
      irdest-core/Cargo.toml
  3. 4
      irdest-core/src/auth/pwhash.rs
  4. 2
      irdest-core/src/messages/generator.rs
  5. 2
      ratman/identity/Cargo.toml
  6. 15
      ratman/identity/src/lib.rs

94
Cargo.lock generated
Unescape View File

@ -313,27 +313,15 @@ version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
[[package]]
name = "blake2"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330"
dependencies = [
"byte-tools",
"crypto-mac 0.7.0",
"digest 0.8.1",
"opaque-debug 0.2.3",
]
[[package]]
name = "blake2"
version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a5720225ef5daecf08657f23791354e1685a8c91a4c60c7f3d3b2892f978f4"
dependencies = [
"crypto-mac 0.8.0",
"digest 0.9.0",
"opaque-debug 0.3.0",
"crypto-mac",
"digest",
"opaque-debug",
]
[[package]]
@ -342,7 +330,7 @@ version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
dependencies = [
"generic-array 0.14.4",
"generic-array",
]
[[package]]
@ -365,12 +353,6 @@ version = "3.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "63396b8a4b9de3f4fdfb320ab6080762242f66a8ef174c49d8e19b674db4cdbe"
[[package]]
name = "byte-tools"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
[[package]]
name = "byteorder"
version = "1.4.3"
@ -538,24 +520,14 @@ dependencies = [
"lazy_static",
]
[[package]]
name = "crypto-mac"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5"
dependencies = [
"generic-array 0.12.4",
"subtle 1.0.0",
]
[[package]]
name = "crypto-mac"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab"
dependencies = [
"generic-array 0.14.4",
"subtle 2.4.0",
"generic-array",
"subtle",
]
[[package]]
@ -575,28 +547,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3"
dependencies = [
"byteorder",
"digest 0.9.0",
"digest",
"rand_core 0.5.1",
"subtle 2.4.0",
"subtle",
"zeroize",
]
[[package]]
name = "digest"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
dependencies = [
"generic-array 0.12.4",
]
[[package]]
name = "digest"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
dependencies = [
"generic-array 0.14.4",
"generic-array",
]
[[package]]
@ -858,15 +821,6 @@ dependencies = [
"system-deps",
]
[[package]]
name = "generic-array"
version = "0.12.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd"
dependencies = [
"typenum",
]
[[package]]
name = "generic-array"
version = "0.14.4"
@ -1084,8 +1038,8 @@ version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840"
dependencies = [
"crypto-mac 0.8.0",
"digest 0.9.0",
"crypto-mac",
"digest",
]
[[package]]
@ -1123,7 +1077,7 @@ dependencies = [
"async-trait",
"base64",
"bincode",
"blake2 0.8.1",
"blake2",
"hex",
"ircore-types",
"irpc-sdk",
@ -1284,7 +1238,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae8038be446bbffb5bebe247ab05a1b1cb4c33363e204102a01e44f5933e7451"
dependencies = [
"base64",
"blake2 0.9.1",
"blake2",
"hmac",
"pbkdf2",
"rand 0.7.3",
@ -1476,12 +1430,6 @@ version = "1.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3"
[[package]]
name = "opaque-debug"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
[[package]]
name = "opaque-debug"
version = "0.3.0"
@ -1536,12 +1484,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "216eaa586a190f0a738f2f918511eecfa90f13295abec0e457cdebcceda80cbd"
dependencies = [
"base64",
"crypto-mac 0.8.0",
"crypto-mac",
"hmac",
"rand 0.7.3",
"rand_core 0.5.1",
"sha2",
"subtle 2.4.0",
"subtle",
]
[[package]]
@ -1817,7 +1765,7 @@ name = "ratman-identity"
version = "0.6.2"
dependencies = [
"bincode",
"blake2 0.8.1",
"blake2",
"cfg-if 1.0.0",
"hex",
"rand 0.7.3",
@ -1980,8 +1928,8 @@ dependencies = [
"block-buffer",
"cfg-if 1.0.0",
"cpuid-bool",
"digest 0.9.0",
"opaque-debug 0.3.0",
"digest",
"opaque-debug",
]
[[package]]
@ -2098,12 +2046,6 @@ dependencies = [
"syn 1.0.69",
]
[[package]]
name = "subtle"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee"
[[package]]
name = "subtle"
version = "2.4.0"

2
irdest-core/Cargo.toml
Unescape View File

@ -16,7 +16,7 @@ async-std = { version = "1.0", features = ["attributes", "unstable"] }
async-trait = "0.1"
base64 = "0.12"
bincode = "1.0"
blake2 = "0.8"
blake2 = "0.9"
hex = "0.4"
jni = { version = "0.14", optional = true, default-features = false }
rand = "0.7"

4
irdest-core/src/auth/pwhash.rs
Unescape View File

@ -28,7 +28,7 @@ impl PwHash {
let new = Blake2b::new()
.chain(pw.into())
.chain(&self.salt)
.result()
.finalize()
.to_vec();
self.hash == new
@ -54,7 +54,7 @@ impl PwHash {
let hash = Blake2b::new()
.chain(pw.into())
.chain(&salt)
.result()
.finalize()
.to_vec();
Self { hash, salt }

2
irdest-core/src/messages/generator.rs
Unescape View File

@ -72,7 +72,7 @@ impl MsgBuilder {
pub(crate) fn generate(&self) -> Message {
let mut rng = rand::thread_rng();
let sender = self.sender.clone().unwrap_or_else(|| {
Identity::truncate(&Standard.sample_iter(rng).take(ID_LEN).collect())
Identity::truncate(Standard.sample_iter(rng).take(ID_LEN).collect::<Vec<_>>())
});
let associator = self.associator.clone().unwrap_or("".into());
let id = self.id.clone().unwrap_or_else(|| MsgId::random());

2
ratman/identity/Cargo.toml
Unescape View File

@ -16,7 +16,7 @@ aligned = []
[dependencies]
serde = { version = "1.0", features = ["derive"] }
blake2 = { version = "0.8.0", optional = true }
blake2 = { version = "0.9.0", optional = true }
rand = { version = "0.7", optional = true }
cfg-if = "1.0"
hex = "0.4"

15
ratman/identity/src/lib.rs
Unescape View File

@ -72,12 +72,13 @@ impl Identity {
///
/// This function will panic, if the provided vector isn't long
/// enough, but extra data will simply be discarded.
pub fn truncate<'vec, V: Into<&'vec Vec<u8>>>(vec: V) -> Self {
let vec = vec.into();
assert!(vec.len() >= ID_LEN);
pub fn truncate(bytes: impl AsRef<[u8]>) -> Self {
let bytes = bytes.as_ref();
assert!(bytes.len() >= ID_LEN);
Self(
vec.into_iter()
bytes
.into_iter()
.enumerate()
.take(ID_LEN)
.fold([0; ID_LEN], |mut buf, (i, u)| {
@ -136,13 +137,13 @@ impl Identity {
#[cfg(feature = "digest")]
pub fn with_digest<'vec, V: Into<&'vec Vec<u8>>>(vec: V) -> Self {
use blake2::{
digest::{Input, VariableOutput},
digest::{Update, VariableOutput},
VarBlake2b,
};
let mut hasher = VarBlake2b::new(ID_LEN).unwrap();
hasher.input(vec.into());
Self::truncate(&hasher.vec_result())
hasher.update(vec.into());
Self::truncate(hasher.finalize_boxed())
}
/// Generate a new random Identity

Write Preview
Loading…
Cancel
Save