diff options
| author | Jesse Luehrs <doy@tozt.net> | 2021-04-17 22:45:29 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2021-04-17 23:50:43 -0400 |
| commit | 38f0cd43f2cb2f294c7d195481f78e58b35dfb44 (patch) | |
| tree | 67f0a40bf002c088896ed330e7008939a7b0e483 | |
| parent | c627737dfa6a30b71e3f7c32cca05675cc7e9b97 (diff) | |
| download | rbw-38f0cd43f2cb2f294c7d195481f78e58b35dfb44.tar.gz rbw-38f0cd43f2cb2f294c7d195481f78e58b35dfb44.zip | |
stop using openssl
| -rw-r--r-- | Cargo.lock | 184 | ||||
| -rw-r--r-- | Cargo.toml | 4 | ||||
| -rw-r--r-- | src/cipherstring.rs | 34 | ||||
| -rw-r--r-- | src/error.rs | 7 |
4 files changed, 203 insertions, 26 deletions
@@ -112,6 +112,12 @@ dependencies = [ [[package]] name = "autocfg" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d49d90015b3c36167a20fe2810c5cd875ad504b39cff3d4eae7977e6b7c1cb2" + +[[package]] +name = "autocfg" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" @@ -209,6 +215,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0919189ba800c7ffe8778278116b7e0de3905ab81c72abb69c85cbfef7991279" [[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] name = "bytes" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -238,6 +250,16 @@ dependencies = [ ] [[package]] +name = "chrono" +version = "0.4.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] name = "cipher" version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -296,7 +318,7 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7e9d99fa91428effe99c5c6d4634cdeba32b8cf784fc428a2a687f61a952c49" dependencies = [ - "autocfg", + "autocfg 1.0.1", "cfg-if", "lazy_static", ] @@ -790,7 +812,7 @@ version = "1.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "824845a0bf897a9042383849b02c1bc219c2383772efcd5c6f9766fa4b81aef3" dependencies = [ - "autocfg", + "autocfg 1.0.1", "hashbrown", ] @@ -829,6 +851,9 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin", +] [[package]] name = "libc" @@ -837,6 +862,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9385f66bf6105b241aa65a61cb923ef20efc665cb9f9bb50ac2f0c4b7f378d41" [[package]] +name = "libm" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7d73b3f436185384286bd8098d17ec07c9a7d2388a6599f824d8502b529702a" + +[[package]] name = "lock_api" version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -888,7 +919,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b" dependencies = [ "adler", - "autocfg", + "autocfg 1.0.1", ] [[package]] @@ -959,6 +990,66 @@ dependencies = [ ] [[package]] +name = "num-bigint" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d0a3d5e207573f948a9e5376662aa743a2ea13f7c50a554d7af443a73fbfeba" +dependencies = [ + "autocfg 1.0.1", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint-dig" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" +dependencies = [ + "autocfg 0.1.7", + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" +dependencies = [ + "autocfg 1.0.1", + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59" +dependencies = [ + "autocfg 1.0.1", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" +dependencies = [ + "autocfg 1.0.1", + "libm", +] + +[[package]] name = "num_cpus" version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -977,7 +1068,7 @@ dependencies = [ "digest 0.5.2", "hmac 0.1.1", "rustc-hex", - "sha-1", + "sha-1 0.3.4", "sha2 0.5.3", ] @@ -1025,7 +1116,7 @@ version = "0.9.61" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "313752393519e876837e09e1fa183ddef0be7735868dced3196f4472d536277f" dependencies = [ - "autocfg", + "autocfg 1.0.1", "cc", "libc", "pkg-config", @@ -1108,6 +1199,17 @@ dependencies = [ ] [[package]] +name = "pem" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb" +dependencies = [ + "base64", + "once_cell", + "regex", +] + +[[package]] name = "percent-encoding" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1250,6 +1352,7 @@ dependencies = [ "base32", "base64", "block-modes", + "block-padding", "chbs", "daemonize", "directories", @@ -1261,17 +1364,18 @@ dependencies = [ "log", "nix", "oath", - "openssl", "paw", "pbkdf2", "percent-encoding", "rand", "region", "reqwest", + "rsa", "serde", "serde_json", "serde_path_to_error", "serde_repr", + "sha-1 0.9.4", "sha2 0.9.3", "structopt", "tempfile", @@ -1384,6 +1488,26 @@ dependencies = [ ] [[package]] +name = "rsa" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28" +dependencies = [ + "byteorder", + "digest 0.9.0", + "lazy_static", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pem", + "rand", + "simple_asn1", + "subtle", + "zeroize", +] + +[[package]] name = "rust-argon2" version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1529,6 +1653,19 @@ dependencies = [ ] [[package]] +name = "sha-1" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dfebf75d25bd900fd1e7d11501efab59bc846dbc76196839663e6637bba9f25f" +dependencies = [ + "block-buffer", + "cfg-if", + "cpuid-bool", + "digest 0.9.0", + "opaque-debug", +] + +[[package]] name = "sha2" version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1564,6 +1701,18 @@ dependencies = [ ] [[package]] +name = "simple_asn1" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db8d597fce66eb0f19dd129b9956e4054cba21aeaf97d4116595027b670fac50" +dependencies = [ + "chrono", + "num-bigint", + "num-traits", + "thiserror", +] + +[[package]] name = "slab" version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1592,6 +1741,12 @@ dependencies = [ ] [[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] name = "strsim" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1751,7 +1906,7 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83f0c8e7c0addab50b663055baf787d0af7f413a46e6e7fb9559a4e4db7137a5" dependencies = [ - "autocfg", + "autocfg 1.0.1", "bytes", "libc", "memchr", @@ -2058,3 +2213,18 @@ name = "zeroize" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81a974bcdd357f0dca4d41677db03436324d45a4c9ed2d0b873a5a360ce41c36" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3f369ddb18862aba61aa49bf31e74d29f0f162dec753063200e1dc084345d16" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] @@ -19,6 +19,7 @@ async-trait = "0.1" base32 = "0.4" base64 = "0.13" block-modes = "0.7" +block-padding = "0.2" chbs = "0.1" daemonize = "0.4" directories = "3.0" @@ -30,17 +31,18 @@ libc = "0.2" log = "0.4" nix = "0.20" oath = "0.10" -openssl = "0.10" paw = "1.0" pbkdf2 = "0.7" percent-encoding = "2.1" rand = "0.8" region = "2.2" reqwest = { version = "0.11", features = ["blocking", "json"] } +rsa = "0.4" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" serde_path_to_error = "0.1" serde_repr = "0.1" +sha-1 = "0.9" sha2 = "0.9" structopt = { version = "0.3", features = ["paw", "wrap_help"] } tempfile = "3.2" diff --git a/src/cipherstring.rs b/src/cipherstring.rs index 72681f8..fc63ac9 100644 --- a/src/cipherstring.rs +++ b/src/cipherstring.rs @@ -1,8 +1,10 @@ use crate::prelude::*; use block_modes::BlockMode as _; +use block_padding::Padding as _; use hmac::{Mac as _, NewMac as _}; use rand::RngCore as _; +use zeroize::Zeroize as _; pub enum CipherString { Symmetric { @@ -181,24 +183,24 @@ impl CipherString { ) -> Result<crate::locked::Vec> { match self { Self::Asymmetric { ciphertext } => { - let pkey = openssl::pkey::PKey::private_key_from_pkcs8( - private_key.private_key(), - ) - .map_err(|source| Error::OpenSsl { source })?; - let rsa = - pkey.rsa().map_err(|source| Error::OpenSsl { source })?; - - let mut res = crate::locked::Vec::new(); - res.extend(std::iter::repeat(0).take(rsa.size() as usize)); - - let bytes = rsa - .private_decrypt( + let privkey_data = private_key.private_key(); + let privkey_data = block_padding::Pkcs7::unpad(privkey_data) + .map_err(|_| Error::Padding)?; + let pkey = rsa::RSAPrivateKey::from_pkcs8(privkey_data) + .map_err(|source| Error::Rsa { source })?; + let mut bytes = pkey + .decrypt( + rsa::padding::PaddingScheme::new_oaep::<sha1::Sha1>(), ciphertext, - res.data_mut(), - openssl::rsa::Padding::PKCS1_OAEP, ) - .map_err(|source| Error::OpenSsl { source })?; - res.truncate(bytes); + .map_err(|source| Error::Rsa { source })?; + + // XXX it'd be great if the rsa crate would let us decrypt + // into a preallocated buffer directly to avoid the + // intermediate vec that needs to be manually zeroized, etc + let mut res = crate::locked::Vec::new(); + res.extend(bytes.iter().copied()); + bytes.zeroize(); Ok(res) } diff --git a/src/error.rs b/src/error.rs index 7544e76..82fdb49 100644 --- a/src/error.rs +++ b/src/error.rs @@ -102,8 +102,8 @@ pub enum Error { file: std::path::PathBuf, }, - #[error("openssl error")] - OpenSsl { source: openssl::error::ErrorStack }, + #[error("invalid padding")] + Padding, #[error("failed to parse match type {s}")] ParseMatchType { s: String }, @@ -138,6 +138,9 @@ pub enum Error { #[error("error making api request")] Reqwest { source: reqwest::Error }, + #[error("failed to decrypt")] + Rsa { source: rsa::errors::Error }, + #[error("failed to save config to {}", .file.display())] SaveConfig { source: std::io::Error, |