upgrade some dependencies (#272)
- upgrade `rsa`, `zeroize` crates, closes #268 - switch to parrallelized pbkdf2, closes #271 - cargo update
This commit is contained in:
parent
d5218d770e
commit
969baeed4c
9 changed files with 649 additions and 492 deletions
1075
Cargo.lock
generated
1075
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -38,8 +38,8 @@ rpassword = "5.0"
|
||||||
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] }
|
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
rsa = "0.5.0"
|
rsa = "0.9.2"
|
||||||
rand = "0.8.4"
|
rand = "0.8.5"
|
||||||
standback = "0.2.17" # required to fix a compilation error on a transient dependency
|
standback = "0.2.17" # required to fix a compilation error on a transient dependency
|
||||||
clap = { version = "3.1.18", features = ["derive", "cargo", "env"] }
|
clap = { version = "3.1.18", features = ["derive", "cargo", "env"] }
|
||||||
clap_complete = "3.2.1"
|
clap_complete = "3.2.1"
|
||||||
|
@ -51,14 +51,13 @@ lazy_static = "1.4.0"
|
||||||
uuid = { version = "0.8", features = ["v4"] }
|
uuid = { version = "0.8", features = ["v4"] }
|
||||||
steamguard = { version = "^0.9.5", path = "./steamguard" }
|
steamguard = { version = "^0.9.5", path = "./steamguard" }
|
||||||
dirs = "3.0.2"
|
dirs = "3.0.2"
|
||||||
ring = { version = "0.16.20", features = ["std"] }
|
|
||||||
aes = "0.8.3"
|
aes = "0.8.3"
|
||||||
thiserror = "1.0.26"
|
thiserror = "1.0.26"
|
||||||
crossterm = { version = "0.23.2", features = ["event-stream"] }
|
crossterm = { version = "0.23.2", features = ["event-stream"] }
|
||||||
qrcode = { version = "0.12.0", optional = true }
|
qrcode = { version = "0.12.0", optional = true }
|
||||||
gethostname = "0.4.3"
|
gethostname = "0.4.3"
|
||||||
secrecy = { version = "0.8", features = ["serde"] }
|
secrecy = { version = "0.8", features = ["serde"] }
|
||||||
zeroize = "^1.4.3"
|
zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
|
||||||
serde_path_to_error = "0.1.11"
|
serde_path_to_error = "0.1.11"
|
||||||
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
|
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
|
||||||
phonenumber = "0.3"
|
phonenumber = "0.3"
|
||||||
|
@ -66,6 +65,8 @@ cbc = { version = "0.1.2", features = ["std"] }
|
||||||
inout = { version = "0.1.3", features = ["std"] }
|
inout = { version = "0.1.3", features = ["std"] }
|
||||||
keyring = { version = "2.0.4", optional = true }
|
keyring = { version = "2.0.4", optional = true }
|
||||||
argon2 = { version = "0.5.0", features = ["std"] }
|
argon2 = { version = "0.5.0", features = ["std"] }
|
||||||
|
pbkdf2 = { version = "0.12.1", features = ["parallel"] }
|
||||||
|
sha1 = "0.10.5"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
tempdir = "0.3"
|
tempdir = "0.3"
|
||||||
|
|
|
@ -10,7 +10,7 @@ use log::debug;
|
||||||
use secrecy::{CloneableSecret, DebugSecret, ExposeSecret};
|
use secrecy::{CloneableSecret, DebugSecret, ExposeSecret};
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
use steamguard::{token::TwoFactorSecret, SecretString, SteamGuardAccount};
|
use steamguard::{token::TwoFactorSecret, SecretString, SteamGuardAccount};
|
||||||
use zeroize::Zeroize;
|
use zeroize::{Zeroize, ZeroizeOnDrop};
|
||||||
|
|
||||||
use crate::encryption::{EntryEncryptor, LegacySdaCompatible};
|
use crate::encryption::{EntryEncryptor, LegacySdaCompatible};
|
||||||
|
|
||||||
|
@ -139,8 +139,7 @@ pub struct SdaAccount {
|
||||||
pub session: Option<secrecy::Secret<Session>>,
|
pub session: Option<secrecy::Secret<Session>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Zeroize)]
|
#[derive(Debug, Clone, Deserialize, Zeroize, ZeroizeOnDrop)]
|
||||||
#[zeroize(drop)]
|
|
||||||
#[deprecated(note = "this is not used anymore, the closest equivalent is `Tokens`")]
|
#[deprecated(note = "this is not used anymore, the closest equivalent is `Tokens`")]
|
||||||
pub struct Session {
|
pub struct Session {
|
||||||
#[serde(default, rename = "SessionID")]
|
#[serde(default, rename = "SessionID")]
|
||||||
|
|
|
@ -2,7 +2,6 @@ use aes::cipher::InvalidLength;
|
||||||
|
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
|
|
||||||
use ring::rand::SecureRandom;
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use thiserror::Error;
|
use thiserror::Error;
|
||||||
|
|
||||||
|
|
|
@ -44,11 +44,11 @@ impl Argon2idAes256 {
|
||||||
|
|
||||||
impl EntryEncryptor for Argon2idAes256 {
|
impl EntryEncryptor for Argon2idAes256 {
|
||||||
fn generate() -> Self {
|
fn generate() -> Self {
|
||||||
let rng = ring::rand::SystemRandom::new();
|
let mut rng = rand::rngs::OsRng;
|
||||||
let mut salt = [0u8; Self::SALT_LENGTH];
|
let mut salt = [0u8; Self::SALT_LENGTH];
|
||||||
let mut iv = [0u8; Self::IV_LENGTH];
|
let mut iv = [0u8; Self::IV_LENGTH];
|
||||||
rng.fill(&mut salt).expect("Unable to generate salt.");
|
rng.fill(&mut salt);
|
||||||
rng.fill(&mut iv).expect("Unable to generate IV.");
|
rng.fill(&mut iv);
|
||||||
Argon2idAes256 {
|
Argon2idAes256 {
|
||||||
iv: base64::encode(iv),
|
iv: base64::encode(iv),
|
||||||
salt: base64::encode(salt),
|
salt: base64::encode(salt),
|
||||||
|
|
|
@ -2,7 +2,7 @@ use aes::cipher::block_padding::Pkcs7;
|
||||||
use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
|
use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
|
||||||
use aes::Aes256;
|
use aes::Aes256;
|
||||||
use log::*;
|
use log::*;
|
||||||
use ring::pbkdf2;
|
use sha1::Sha1;
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
|
@ -23,11 +23,10 @@ impl LegacySdaCompatible {
|
||||||
let password_bytes = passkey.as_bytes();
|
let password_bytes = passkey.as_bytes();
|
||||||
let salt_bytes = base64::decode(salt)?;
|
let salt_bytes = base64::decode(salt)?;
|
||||||
let mut full_key: [u8; Self::KEY_SIZE_BYTES] = [0u8; Self::KEY_SIZE_BYTES];
|
let mut full_key: [u8; Self::KEY_SIZE_BYTES] = [0u8; Self::KEY_SIZE_BYTES];
|
||||||
pbkdf2::derive(
|
pbkdf2::pbkdf2_hmac::<Sha1>(
|
||||||
pbkdf2::PBKDF2_HMAC_SHA1,
|
|
||||||
std::num::NonZeroU32::new(Self::PBKDF2_ITERATIONS).unwrap(),
|
|
||||||
&salt_bytes,
|
|
||||||
password_bytes,
|
password_bytes,
|
||||||
|
&salt_bytes,
|
||||||
|
Self::PBKDF2_ITERATIONS,
|
||||||
&mut full_key,
|
&mut full_key,
|
||||||
);
|
);
|
||||||
Ok(full_key)
|
Ok(full_key)
|
||||||
|
@ -36,11 +35,11 @@ impl LegacySdaCompatible {
|
||||||
|
|
||||||
impl EntryEncryptor for LegacySdaCompatible {
|
impl EntryEncryptor for LegacySdaCompatible {
|
||||||
fn generate() -> LegacySdaCompatible {
|
fn generate() -> LegacySdaCompatible {
|
||||||
let rng = ring::rand::SystemRandom::new();
|
let mut rng = rand::rngs::OsRng;
|
||||||
let mut salt = [0u8; Self::SALT_LENGTH];
|
let mut salt = [0u8; Self::SALT_LENGTH];
|
||||||
let mut iv = [0u8; Self::IV_LENGTH];
|
let mut iv = [0u8; Self::IV_LENGTH];
|
||||||
rng.fill(&mut salt).expect("Unable to generate salt.");
|
rng.fill(&mut salt);
|
||||||
rng.fill(&mut iv).expect("Unable to generate IV.");
|
rng.fill(&mut iv);
|
||||||
LegacySdaCompatible {
|
LegacySdaCompatible {
|
||||||
iv: base64::encode(iv),
|
iv: base64::encode(iv),
|
||||||
salt: base64::encode(salt),
|
salt: base64::encode(salt),
|
||||||
|
|
|
@ -21,7 +21,6 @@ extern crate base64;
|
||||||
extern crate dirs;
|
extern crate dirs;
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
extern crate proptest;
|
extern crate proptest;
|
||||||
extern crate ring;
|
|
||||||
mod accountmanager;
|
mod accountmanager;
|
||||||
mod commands;
|
mod commands;
|
||||||
mod debug;
|
mod debug;
|
||||||
|
|
|
@ -17,7 +17,7 @@ base64 = "0.13.0"
|
||||||
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
|
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
rsa = "0.5.0"
|
rsa = "0.9.2"
|
||||||
rand = "0.8.4"
|
rand = "0.8.4"
|
||||||
standback = "0.2.17" # required to fix a compilation error on a transient dependency
|
standback = "0.2.17" # required to fix a compilation error on a transient dependency
|
||||||
cookie = "0.14"
|
cookie = "0.14"
|
||||||
|
|
|
@ -18,7 +18,7 @@ use crate::steamapi::EResult;
|
||||||
use crate::token::Tokens;
|
use crate::token::Tokens;
|
||||||
use crate::transport::Transport;
|
use crate::transport::Transport;
|
||||||
use log::*;
|
use log::*;
|
||||||
use rsa::{PublicKey, RsaPublicKey};
|
use rsa::{Pkcs1v15Encrypt, RsaPublicKey};
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -272,13 +272,12 @@ fn encrypt_password(
|
||||||
let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod().as_bytes(), 16).unwrap();
|
let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod().as_bytes(), 16).unwrap();
|
||||||
let public_key = RsaPublicKey::new(rsa_modulus, rsa_exponent).unwrap();
|
let public_key = RsaPublicKey::new(rsa_modulus, rsa_exponent).unwrap();
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
let mut rng = rand::rngs::mock::StepRng::new(2, 1);
|
let mut rng = tests::MockStepRng(rand::rngs::mock::StepRng::new(2, 1));
|
||||||
#[cfg(not(test))]
|
#[cfg(not(test))]
|
||||||
let mut rng = rand::rngs::OsRng;
|
let mut rng = rand::rngs::OsRng;
|
||||||
let padding = rsa::PaddingScheme::new_pkcs1v15_encrypt();
|
|
||||||
base64::encode(
|
base64::encode(
|
||||||
public_key
|
public_key
|
||||||
.encrypt(&mut rng, padding, password.as_ref())
|
.encrypt(&mut rng, Pkcs1v15Encrypt, password.as_ref())
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -406,6 +405,26 @@ impl From<anyhow::Error> for UpdateAuthSessionError {
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
|
pub(crate) struct MockStepRng(pub rand::rngs::mock::StepRng);
|
||||||
|
impl rand::RngCore for MockStepRng {
|
||||||
|
fn next_u32(&mut self) -> u32 {
|
||||||
|
self.0.next_u32()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn next_u64(&mut self) -> u64 {
|
||||||
|
self.0.next_u64()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn fill_bytes(&mut self, dest: &mut [u8]) {
|
||||||
|
self.0.fill_bytes(dest)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
|
||||||
|
self.0.try_fill_bytes(dest)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
impl rand::CryptoRng for MockStepRng {}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_encrypt_password() {
|
fn test_encrypt_password() {
|
||||||
let mut rsa_resp = CAuthentication_GetPasswordRSAPublicKey_Response::new();
|
let mut rsa_resp = CAuthentication_GetPasswordRSAPublicKey_Response::new();
|
||||||
|
|
Loading…
Reference in a new issue