0.8.1 depends on a version of generic_array that has an unsoundness
bug.
The VarBlake2b hasher now gives us a Box<[u8]> instead of a Vec, which
meant it could no longer be passed straight to Identity::truncate in
ratman-identity. I noticed that that method took an Into<&Vec<u8>>,
which I don't think anything other than Vec actually implements --
other things implement Into, but not Into<&Vec<u8>>. I think
the correct type to use here to allow a vec to be borrowed is
AsRef<[u8]> (which types like Box<[u8]> do actually implement), so
I've changed it to take that instead.
---
Cargo.lock | 94 +++++----------------------
irdest-core/Cargo.toml | 2 +-
irdest-core/src/auth/pwhash.rs | 4 +-
irdest-core/src/messages/generator.rs | 2 +-
ratman/identity/Cargo.toml | 2 +-
ratman/identity/src/lib.rs | 15 +++--
6 files changed, 31 insertions(+), 88 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 2f1dfdd1..724cd098 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -313,27 +313,15 @@ version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
-[[package]]
-name = "blake2"
-version = "0.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330"
-dependencies = [
- "byte-tools",
- "crypto-mac 0.7.0",
- "digest 0.8.1",
- "opaque-debug 0.2.3",
-]
-
[[package]]
name = "blake2"
version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a5720225ef5daecf08657f23791354e1685a8c91a4c60c7f3d3b2892f978f4"
dependencies = [
- "crypto-mac 0.8.0",
- "digest 0.9.0",
- "opaque-debug 0.3.0",
+ "crypto-mac",
+ "digest",
+ "opaque-debug",
]
[[package]]
@@ -342,7 +330,7 @@ version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
dependencies = [
- "generic-array 0.14.4",
+ "generic-array",
]
[[package]]
@@ -365,12 +353,6 @@ version = "3.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "63396b8a4b9de3f4fdfb320ab6080762242f66a8ef174c49d8e19b674db4cdbe"
-[[package]]
-name = "byte-tools"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
-
[[package]]
name = "byteorder"
version = "1.4.3"
@@ -538,24 +520,14 @@ dependencies = [
"lazy_static",
]
-[[package]]
-name = "crypto-mac"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5"
-dependencies = [
- "generic-array 0.12.4",
- "subtle 1.0.0",
-]
-
[[package]]
name = "crypto-mac"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab"
dependencies = [
- "generic-array 0.14.4",
- "subtle 2.4.0",
+ "generic-array",
+ "subtle",
]
[[package]]
@@ -575,28 +547,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3"
dependencies = [
"byteorder",
- "digest 0.9.0",
+ "digest",
"rand_core 0.5.1",
- "subtle 2.4.0",
+ "subtle",
"zeroize",
]
-[[package]]
-name = "digest"
-version = "0.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
-dependencies = [
- "generic-array 0.12.4",
-]
-
[[package]]
name = "digest"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
dependencies = [
- "generic-array 0.14.4",
+ "generic-array",
]
[[package]]
@@ -858,15 +821,6 @@ dependencies = [
"system-deps",
]
-[[package]]
-name = "generic-array"
-version = "0.12.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd"
-dependencies = [
- "typenum",
-]
-
[[package]]
name = "generic-array"
version = "0.14.4"
@@ -1084,8 +1038,8 @@ version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840"
dependencies = [
- "crypto-mac 0.8.0",
- "digest 0.9.0",
+ "crypto-mac",
+ "digest",
]
[[package]]
@@ -1123,7 +1077,7 @@ dependencies = [
"async-trait",
"base64",
"bincode",
- "blake2 0.8.1",
+ "blake2",
"hex",
"ircore-types",
"irpc-sdk",
@@ -1284,7 +1238,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae8038be446bbffb5bebe247ab05a1b1cb4c33363e204102a01e44f5933e7451"
dependencies = [
"base64",
- "blake2 0.9.1",
+ "blake2",
"hmac",
"pbkdf2",
"rand 0.7.3",
@@ -1476,12 +1430,6 @@ version = "1.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3"
-[[package]]
-name = "opaque-debug"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
-
[[package]]
name = "opaque-debug"
version = "0.3.0"
@@ -1536,12 +1484,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "216eaa586a190f0a738f2f918511eecfa90f13295abec0e457cdebcceda80cbd"
dependencies = [
"base64",
- "crypto-mac 0.8.0",
+ "crypto-mac",
"hmac",
"rand 0.7.3",
"rand_core 0.5.1",
"sha2",
- "subtle 2.4.0",
+ "subtle",
]
[[package]]
@@ -1817,7 +1765,7 @@ name = "ratman-identity"
version = "0.6.2"
dependencies = [
"bincode",
- "blake2 0.8.1",
+ "blake2",
"cfg-if 1.0.0",
"hex",
"rand 0.7.3",
@@ -1980,8 +1928,8 @@ dependencies = [
"block-buffer",
"cfg-if 1.0.0",
"cpuid-bool",
- "digest 0.9.0",
- "opaque-debug 0.3.0",
+ "digest",
+ "opaque-debug",
]
[[package]]
@@ -2098,12 +2046,6 @@ dependencies = [
"syn 1.0.69",
]
-[[package]]
-name = "subtle"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee"
-
[[package]]
name = "subtle"
version = "2.4.0"
diff --git a/irdest-core/Cargo.toml b/irdest-core/Cargo.toml
index ca894c73..3b2767bd 100644
--- a/irdest-core/Cargo.toml
+++ b/irdest-core/Cargo.toml
@@ -16,7 +16,7 @@ async-std = { version = "1.0", features = ["attributes", "unstable"] }
async-trait = "0.1"
base64 = "0.12"
bincode = "1.0"
-blake2 = "0.8"
+blake2 = "0.9"
hex = "0.4"
jni = { version = "0.14", optional = true, default-features = false }
rand = "0.7"
diff --git a/irdest-core/src/auth/pwhash.rs b/irdest-core/src/auth/pwhash.rs
index 35723157..0a916af6 100644
--- a/irdest-core/src/auth/pwhash.rs
+++ b/irdest-core/src/auth/pwhash.rs
@@ -28,7 +28,7 @@ impl PwHash {
let new = Blake2b::new()
.chain(pw.into())
.chain(&self.salt)
- .result()
+ .finalize()
.to_vec();
self.hash == new
@@ -54,7 +54,7 @@ impl PwHash {
let hash = Blake2b::new()
.chain(pw.into())
.chain(&salt)
- .result()
+ .finalize()
.to_vec();
Self { hash, salt }
diff --git a/irdest-core/src/messages/generator.rs b/irdest-core/src/messages/generator.rs
index 351177e6..af7f0b89 100644
--- a/irdest-core/src/messages/generator.rs
+++ b/irdest-core/src/messages/generator.rs
@@ -72,7 +72,7 @@ impl MsgBuilder {
pub(crate) fn generate(&self) -> Message {
let mut rng = rand::thread_rng();
let sender = self.sender.clone().unwrap_or_else(|| {
- Identity::truncate(&Standard.sample_iter(rng).take(ID_LEN).collect())
+ Identity::truncate(Standard.sample_iter(rng).take(ID_LEN).collect::>())
});
let associator = self.associator.clone().unwrap_or("".into());
let id = self.id.clone().unwrap_or_else(|| MsgId::random());
diff --git a/ratman/identity/Cargo.toml b/ratman/identity/Cargo.toml
index f4eb957d..28200d5b 100644
--- a/ratman/identity/Cargo.toml
+++ b/ratman/identity/Cargo.toml
@@ -16,7 +16,7 @@ aligned = []
[dependencies]
serde = { version = "1.0", features = ["derive"] }
-blake2 = { version = "0.8.0", optional = true }
+blake2 = { version = "0.9.0", optional = true }
rand = { version = "0.7", optional = true }
cfg-if = "1.0"
hex = "0.4"
diff --git a/ratman/identity/src/lib.rs b/ratman/identity/src/lib.rs
index f0c7b674..7c7192f1 100644
--- a/ratman/identity/src/lib.rs
+++ b/ratman/identity/src/lib.rs
@@ -72,12 +72,13 @@ impl Identity {
///
/// This function will panic, if the provided vector isn't long
/// enough, but extra data will simply be discarded.
- pub fn truncate<'vec, V: Into<&'vec Vec<u8>>>(vec: V) -> Self {
- let vec = vec.into();
- assert!(vec.len() >= ID_LEN);
+ pub fn truncate(bytes: impl AsRef<[u8]>) -> Self {
+ let bytes = bytes.as_ref();
+ assert!(bytes.len() >= ID_LEN);
Self(
- vec.into_iter()
+ bytes
+ .into_iter()
.enumerate()
.take(ID_LEN)
.fold([0; ID_LEN], |mut buf, (i, u)| {
@@ -136,13 +137,13 @@ impl Identity {
#[cfg(feature = "digest")]
pub fn with_digest<'vec, V: Into<&'vec Vec<u8>>>(vec: V) -> Self {
use blake2::{
- digest::{Input, VariableOutput},
+ digest::{Update, VariableOutput},
VarBlake2b,
};
let mut hasher = VarBlake2b::new(ID_LEN).unwrap();
- hasher.input(vec.into());
- Self::truncate(&hasher.vec_result())
+ hasher.update(vec.into());
+ Self::truncate(hasher.finalize_boxed())
}
/// Generate a new random Identity
--
2.30.0