diff --git a/Cargo.toml b/Cargo.toml index fbd7566..c162b5e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,6 +29,20 @@ nightly = [] # see https://github.com/ramosbugs/openidconnect-rs/pull/131#discussion_r1349786021 jwk-alg = [] +[patch.crates-io] + +# https://github.com/ramosbugs/oauth2-rs/pull/251 +oauth2 = { git = "https://github.com/baloo/oauth2-rs.git", branch = "baloo/sha2-prerelease" } + +p256 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p384 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } + +ed25519 = { git = "https://github.com/baloo/signatures.git", branch = "baloo/pkcs8-0.11.0-pre.0" } + +# https://github.com/dalek-cryptography/curve25519-dalek/pull/620 +curve25519-dalek = { git = "https://github.com/baloo/curve25519-dalek.git", branch = "baloo/rust-crypto/digest-sha2-bumps" } +ed25519-dalek = { git = "https://github.com/baloo/curve25519-dalek.git", branch = "baloo/rust-crypto/digest-sha2-bumps" } + [dependencies] base64 = "0.13" # Disable 'time' dependency since it triggers RUSTSEC-2020-0071 and we don't need it. @@ -43,11 +57,11 @@ itertools = "0.10" log = "0.4" oauth2 = { version = "4.4.1", default-features = false } rand = "0.8.5" -hmac = "0.12.1" -rsa = "0.9.2" -sha2 = { version = "0.10.6", features = ["oid"] } # Object ID needed for pkcs1v15 padding -p256 = "0.13.2" -p384 = "0.13.0" +hmac = "=0.13.0-pre.3" +rsa = "=0.10.0-pre.1" +sha2 = { version = "=0.11.0-pre.3", features = ["oid"] } # Object ID needed for pkcs1v15 padding +p256 = "=0.14.0-pre.0" +p384 = "=0.14.0-pre" dyn-clone = "1.0.10" serde = "1.0" serde_derive = "1.0" @@ -58,7 +72,7 @@ serde_with = "3" serde-value = "0.7" url = { version = "2.4", features = ["serde"] } subtle = "2.4" -ed25519-dalek = { version = "2.0.0", features = ["pem"] } +ed25519-dalek = { version = "=2.2.0-pre", features = ["pem"] } [dev-dependencies] color-backtrace = { version = "0.5" } diff --git a/src/core/jwk.rs b/src/core/jwk.rs index eb21c8d..158c866 100644 --- a/src/core/jwk.rs +++ b/src/core/jwk.rs @@ -1,5 +1,6 @@ use ed25519_dalek::pkcs8::DecodePrivateKey; use ed25519_dalek::Signer; +use hmac::KeyInit; use rsa::pkcs1::DecodeRsaPrivateKey; use sha2::Digest; @@ -301,7 +302,7 @@ impl JsonWebKey SignatureVerificationError::Other(format!("Could not create key: {}", e)) })?; mac.update(message); - mac.verify(signature.into()) + mac.verify_slice(signature) .map_err(|_| SignatureVerificationError::CryptoError("bad HMAC".to_string())) } CoreJwsSigningAlgorithm::HmacSha384 => { @@ -316,7 +317,7 @@ impl JsonWebKey SignatureVerificationError::Other(format!("Could not create key: {}", e)) })?; mac.update(message); - mac.verify(signature.into()) + mac.verify_slice(signature) .map_err(|_| SignatureVerificationError::CryptoError("bad HMAC".to_string())) } CoreJwsSigningAlgorithm::HmacSha512 => { @@ -331,7 +332,7 @@ impl JsonWebKey SignatureVerificationError::Other(format!("Could not create key: {}", e)) })?; mac.update(message); - mac.verify(signature.into()) + mac.verify_slice(signature) .map_err(|_| SignatureVerificationError::CryptoError("bad HMAC".to_string())) } CoreJwsSigningAlgorithm::EcdsaP256Sha256 => {