Update dependencies to latest (#117)

Author: ereOn

Cargo-1.65.lock

@@ -40,19 +40,19 @@ log = "0.4"
 oauth2 = { version = "4.4.1", default-features = false }
 rand = "0.8.5"
 hmac = "0.12.1"
-rsa = "0.7.2"
+rsa = "0.9.2"
 sha2 = { version = "0.10.6", features = ["oid"] } # Object ID needed for pkcs1v15 padding
-p256 = "0.11.1"
-p384 = "0.11.2"
+p256 = "0.13.2"
+p384 = "0.13.0"
 dyn-clone = "1.0.10"
 serde = "1.0"
 serde_derive = "1.0"
 serde_json = "1.0"
 serde_path_to_error = "0.1"
 serde_plain = "1.0"
-serde_with = "1.13"
+serde_with = "3"
 serde-value = "0.7"
-url = { version = "2.1", features = ["serde"] }
+url = { version = "2.4", features = ["serde"] }
 subtle = "2.4"
 
 [dev-dependencies]

Cargo.toml

@@ -54,12 +54,10 @@ fn ec_public_key(
 
 pub fn verify_rsa_signature(
     key: &CoreJsonWebKey,
-    padding: rsa::PaddingScheme,
+    padding: impl rsa::traits::SignatureScheme,
     msg: &[u8],
     signature: &[u8],
 ) -> Result<(), SignatureVerificationError> {
-    use rsa::PublicKey;
-
     let (n, e) = rsa_public_key(key).map_err(SignatureVerificationError::InvalidKey)?;
     // let's n and e as a big integers to prevent issues with leading zeros
     // according to https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1
@@ -86,7 +84,7 @@ pub fn verify_ec_signature(
     msg: &[u8],
     signature: &[u8],
 ) -> Result<(), SignatureVerificationError> {
-    use p256::ecdsa::signature::{Signature, Verifier};
+    use p256::ecdsa::signature::Verifier;
 
     let (x, y, crv) = ec_public_key(key).map_err(SignatureVerificationError::InvalidKey)?;
     let mut pk = vec![0x04];
@@ -99,7 +97,7 @@ pub fn verify_ec_signature(
             public_key
                 .verify(
                     msg,
-                    &p256::ecdsa::Signature::from_bytes(signature).map_err(|_| {
+                    &p256::ecdsa::Signature::from_slice(signature).map_err(|_| {
                         SignatureVerificationError::CryptoError("Invalid signature".to_string())
                     })?,
                 )
@@ -113,7 +111,7 @@ pub fn verify_ec_signature(
             public_key
                 .verify(
                     msg,
-                    &p384::ecdsa::Signature::from_bytes(signature).map_err(|_| {
+                    &p384::ecdsa::Signature::from_slice(signature).map_err(|_| {
                         SignatureVerificationError::CryptoError("Invalid signature".to_string())
                     })?,
                 )
@@ -157,7 +155,7 @@ mod tests {
         assert! {
             verify_rsa_signature(
                 &key,
-                rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
+                rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
                 &hash,
                 &signature,
             ).is_ok()

src/core/crypto.rs

@@ -182,7 +182,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
+                    rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
                     message,
                     signature,
                 )
@@ -195,7 +195,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha384>(),
+                    rsa::Pkcs1v15Sign::new::<sha2::Sha384>(),
                     message,
                     signature,
                 )
@@ -208,7 +208,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha512>(),
+                    rsa::Pkcs1v15Sign::new::<sha2::Sha512>(),
                     message,
                     signature,
                 )
@@ -221,7 +221,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pss::<sha2::Sha256>(),
+                    rsa::Pss::new::<sha2::Sha256>(),
                     message,
                     signature,
                 )
@@ -234,7 +234,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pss::<sha2::Sha384>(),
+                    rsa::Pss::new::<sha2::Sha384>(),
                     message,
                     signature,
                 )
@@ -247,7 +247,7 @@ impl JsonWebKey<CoreJwsSigningAlgorithm, CoreJsonWebKeyType, CoreJsonWebKeyUse>
                 };
                 crypto::verify_rsa_signature(
                     self,
-                    rsa::PaddingScheme::new_pss::<sha2::Sha512>(),
+                    rsa::Pss::new::<sha2::Sha512>(),
                     message,
                     signature,
                 )
@@ -449,82 +449,99 @@ impl
         signature_alg: &CoreJwsSigningAlgorithm,
         msg: &[u8],
     ) -> Result<Vec<u8>, SigningError> {
-        let (padding_alg, hash) = match *signature_alg {
+        match *signature_alg {
             CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha256 => {
                 let mut hasher = sha2::Sha256::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>(),
-                    hash,
-                )
+
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pkcs1v15Sign::new::<sha2::Sha256>(),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
             }
             CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha384 => {
                 let mut hasher = sha2::Sha384::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha384>(),
-                    hash,
-                )
+
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pkcs1v15Sign::new::<sha2::Sha384>(),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
             }
             CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha512 => {
                 let mut hasher = sha2::Sha512::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pkcs1v15_sign::<sha2::Sha512>(),
-                    hash,
-                )
+
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pkcs1v15Sign::new::<sha2::Sha512>(),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
             }
             CoreJwsSigningAlgorithm::RsaSsaPssSha256 => {
                 let mut hasher = sha2::Sha256::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256>(hash.len()),
-                    hash,
-                )
+
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pss::new_with_salt::<sha2::Sha256>(hash.len()),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
             }
             CoreJwsSigningAlgorithm::RsaSsaPssSha384 => {
                 let mut hasher = sha2::Sha384::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha384>(hash.len()),
-                    hash,
-                )
+
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pss::new_with_salt::<sha2::Sha384>(hash.len()),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
             }
             CoreJwsSigningAlgorithm::RsaSsaPssSha512 => {
                 let mut hasher = sha2::Sha512::new();
                 hasher.update(msg);
                 let hash = hasher.finalize().to_vec();
-                (
-                    rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha512>(hash.len()),
-                    hash,
-                )
-            }
-            ref other => {
-                return Err(SigningError::UnsupportedAlg(
-                    serde_plain::to_string(other).unwrap_or_else(|err| {
-                        panic!(
-                            "signature alg {:?} failed to serialize to a string: {}",
-                            other, err
-                        )
-                    }),
-                ))
-            }
-        };
 
-        let sig = self
-            .key_pair
-            .sign_blinded(&mut dyn_clone::clone_box(&self.rng), padding_alg, &hash)
-            .map_err(|_| SigningError::CryptoError)?;
-        Ok(sig)
+                self.key_pair
+                    .sign_with_rng(
+                        &mut dyn_clone::clone_box(&self.rng),
+                        rsa::Pss::new_with_salt::<sha2::Sha512>(hash.len()),
+                        &hash,
+                    )
+                    .map_err(|_| SigningError::CryptoError)
+            }
+            ref other => Err(SigningError::UnsupportedAlg(
+                serde_plain::to_string(other).unwrap_or_else(|err| {
+                    panic!(
+                        "signature alg {:?} failed to serialize to a string: {}",
+                        other, err
+                    )
+                }),
+            )),
+        }
     }
 
     fn as_verification_key(&self) -> CoreJsonWebKey {
-        use rsa::PublicKeyParts;
+        use rsa::traits::PublicKeyParts;
+
         let public_key = self.key_pair.to_public_key();
         CoreJsonWebKey {
             kty: CoreJsonWebKeyType::RSA,

src/core/jwk.rs

@@ -483,8 +483,18 @@ mod tests {
             *claims.audiences(),
             vec![Audience::new("s6BhdRkqt3".to_string())]
         );
-        assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0));
-        assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0));
+        assert_eq!(
+            claims.expiration(),
+            Utc.timestamp_opt(1311281970, 0)
+                .single()
+                .expect("valid timestamp")
+        );
+        assert_eq!(
+            claims.issue_time(),
+            Utc.timestamp_opt(1311280970, 0)
+                .single()
+                .expect("valid timestamp")
+        );
         assert_eq!(
             *claims.subject(),
             SubjectIdentifier::new("24400320".to_string())
@@ -524,8 +534,18 @@ mod tests {
             *claims.audiences(),
             vec![Audience::new("s6BhdRkqt3".to_string())]
         );
-        assert_eq!(claims.expiration(), Utc.timestamp(1311281970, 0));
-        assert_eq!(claims.issue_time(), Utc.timestamp(1311280970, 0));
+        assert_eq!(
+            claims.expiration(),
+            Utc.timestamp_opt(1311281970, 0)
+                .single()
+                .expect("valid timestamp")
+        );
+        assert_eq!(
+            claims.issue_time(),
+            Utc.timestamp_opt(1311280970, 0)
+                .single()
+                .expect("valid timestamp")
+        );
         assert_eq!(
             *claims.subject(),
             SubjectIdentifier::new("24400320".to_string())
@@ -542,8 +562,12 @@ mod tests {
         let new_claims = CoreIdTokenClaims::new(
             IssuerUrl::new("https://server.example.com".to_string()).unwrap(),
             vec![Audience::new("s6BhdRkqt3".to_string())],
-            Utc.timestamp(1311281970, 0),
-            Utc.timestamp(1311280970, 0),
+            Utc.timestamp_opt(1311281970, 0)
+                .single()
+                .expect("valid timestamp"),
+            Utc.timestamp_opt(1311280970, 0)
+                .single()
+                .expect("valid timestamp"),
             StandardClaims::new(SubjectIdentifier::new("24400320".to_string())),
             EmptyAdditionalClaims {},
         );
@@ -666,8 +690,12 @@ mod tests {
         let new_claims = CoreIdTokenClaims::new(
             IssuerUrl::new("https://server.example.com".to_string()).unwrap(),
             vec![Audience::new("s6BhdRkqt3".to_string())],
-            Utc.timestamp(1311281970, 0),
-            Utc.timestamp(1311280970, 0),
+            Utc.timestamp_opt(1311281970, 0)
+                .single()
+                .expect("valid timestamp"),
+            Utc.timestamp_opt(1311280970, 0)
+                .single()
+                .expect("valid timestamp"),
             StandardClaims {
                 sub: SubjectIdentifier::new("24400320".to_string()),
                 name: Some(
@@ -794,11 +822,19 @@ mod tests {
                     postal_code: Some(AddressPostalCode::new("90210".to_string())),
                     country: Some(AddressCountry::new("US".to_string())),
                 }),
-                updated_at: Some(Utc.timestamp(1311283970, 0)),
+                updated_at: Some(
+                    Utc.timestamp_opt(1311283970, 0)
+                        .single()
+                        .expect("valid timestamp"),
+                ),
             },
             EmptyAdditionalClaims {},
         )
-        .set_auth_time(Some(Utc.timestamp(1311282970, 0)))
+        .set_auth_time(Some(
+            Utc.timestamp_opt(1311282970, 0)
+                .single()
+                .expect("valid timestamp"),
+        ))
         .set_nonce(Some(Nonce::new("Zm9vYmFy".to_string())))
         .set_auth_context_ref(Some(AuthenticationContextClass::new(
             "urn:mace:incommon:iap:silver".to_string(),
@@ -884,7 +920,14 @@ mod tests {
             }",
         )
         .expect("failed to deserialize");
-        assert_eq!(claims.updated_at(), Some(Utc.timestamp(1640139037, 0)));
+        assert_eq!(
+            claims.updated_at(),
+            Some(
+                Utc.timestamp_opt(1640139037, 0)
+                    .single()
+                    .expect("valid timestamp")
+            )
+        );
     }
 
     #[test]