upgrade some dependencies (#272)

- upgrade `rsa`, `zeroize` crates, closes #268
- switch to parrallelized pbkdf2, closes #271
- cargo update
This commit is contained in:
Carson McManus 2023-07-03 11:42:10 -04:00 committed by GitHub
parent d5218d770e
commit 969baeed4c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 649 additions and 492 deletions

1075
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -38,8 +38,8 @@ rpassword = "5.0"
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] } reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] }
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
rsa = "0.5.0" rsa = "0.9.2"
rand = "0.8.4" rand = "0.8.5"
standback = "0.2.17" # required to fix a compilation error on a transient dependency standback = "0.2.17" # required to fix a compilation error on a transient dependency
clap = { version = "3.1.18", features = ["derive", "cargo", "env"] } clap = { version = "3.1.18", features = ["derive", "cargo", "env"] }
clap_complete = "3.2.1" clap_complete = "3.2.1"
@ -51,14 +51,13 @@ lazy_static = "1.4.0"
uuid = { version = "0.8", features = ["v4"] } uuid = { version = "0.8", features = ["v4"] }
steamguard = { version = "^0.9.5", path = "./steamguard" } steamguard = { version = "^0.9.5", path = "./steamguard" }
dirs = "3.0.2" dirs = "3.0.2"
ring = { version = "0.16.20", features = ["std"] }
aes = "0.8.3" aes = "0.8.3"
thiserror = "1.0.26" thiserror = "1.0.26"
crossterm = { version = "0.23.2", features = ["event-stream"] } crossterm = { version = "0.23.2", features = ["event-stream"] }
qrcode = { version = "0.12.0", optional = true } qrcode = { version = "0.12.0", optional = true }
gethostname = "0.4.3" gethostname = "0.4.3"
secrecy = { version = "0.8", features = ["serde"] } secrecy = { version = "0.8", features = ["serde"] }
zeroize = "^1.4.3" zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
serde_path_to_error = "0.1.11" serde_path_to_error = "0.1.11"
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] } update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
phonenumber = "0.3" phonenumber = "0.3"
@ -66,6 +65,8 @@ cbc = { version = "0.1.2", features = ["std"] }
inout = { version = "0.1.3", features = ["std"] } inout = { version = "0.1.3", features = ["std"] }
keyring = { version = "2.0.4", optional = true } keyring = { version = "2.0.4", optional = true }
argon2 = { version = "0.5.0", features = ["std"] } argon2 = { version = "0.5.0", features = ["std"] }
pbkdf2 = { version = "0.12.1", features = ["parallel"] }
sha1 = "0.10.5"
[dev-dependencies] [dev-dependencies]
tempdir = "0.3" tempdir = "0.3"

View file

@ -10,7 +10,7 @@ use log::debug;
use secrecy::{CloneableSecret, DebugSecret, ExposeSecret}; use secrecy::{CloneableSecret, DebugSecret, ExposeSecret};
use serde::Deserialize; use serde::Deserialize;
use steamguard::{token::TwoFactorSecret, SecretString, SteamGuardAccount}; use steamguard::{token::TwoFactorSecret, SecretString, SteamGuardAccount};
use zeroize::Zeroize; use zeroize::{Zeroize, ZeroizeOnDrop};
use crate::encryption::{EntryEncryptor, LegacySdaCompatible}; use crate::encryption::{EntryEncryptor, LegacySdaCompatible};
@ -139,8 +139,7 @@ pub struct SdaAccount {
pub session: Option<secrecy::Secret<Session>>, pub session: Option<secrecy::Secret<Session>>,
} }
#[derive(Debug, Clone, Deserialize, Zeroize)] #[derive(Debug, Clone, Deserialize, Zeroize, ZeroizeOnDrop)]
#[zeroize(drop)]
#[deprecated(note = "this is not used anymore, the closest equivalent is `Tokens`")] #[deprecated(note = "this is not used anymore, the closest equivalent is `Tokens`")]
pub struct Session { pub struct Session {
#[serde(default, rename = "SessionID")] #[serde(default, rename = "SessionID")]

View file

@ -2,7 +2,6 @@ use aes::cipher::InvalidLength;
use rand::Rng; use rand::Rng;
use ring::rand::SecureRandom;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use thiserror::Error; use thiserror::Error;

View file

@ -44,11 +44,11 @@ impl Argon2idAes256 {
impl EntryEncryptor for Argon2idAes256 { impl EntryEncryptor for Argon2idAes256 {
fn generate() -> Self { fn generate() -> Self {
let rng = ring::rand::SystemRandom::new(); let mut rng = rand::rngs::OsRng;
let mut salt = [0u8; Self::SALT_LENGTH]; let mut salt = [0u8; Self::SALT_LENGTH];
let mut iv = [0u8; Self::IV_LENGTH]; let mut iv = [0u8; Self::IV_LENGTH];
rng.fill(&mut salt).expect("Unable to generate salt."); rng.fill(&mut salt);
rng.fill(&mut iv).expect("Unable to generate IV."); rng.fill(&mut iv);
Argon2idAes256 { Argon2idAes256 {
iv: base64::encode(iv), iv: base64::encode(iv),
salt: base64::encode(salt), salt: base64::encode(salt),

View file

@ -2,7 +2,7 @@ use aes::cipher::block_padding::Pkcs7;
use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit}; use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
use aes::Aes256; use aes::Aes256;
use log::*; use log::*;
use ring::pbkdf2; use sha1::Sha1;
use super::*; use super::*;
@ -23,11 +23,10 @@ impl LegacySdaCompatible {
let password_bytes = passkey.as_bytes(); let password_bytes = passkey.as_bytes();
let salt_bytes = base64::decode(salt)?; let salt_bytes = base64::decode(salt)?;
let mut full_key: [u8; Self::KEY_SIZE_BYTES] = [0u8; Self::KEY_SIZE_BYTES]; let mut full_key: [u8; Self::KEY_SIZE_BYTES] = [0u8; Self::KEY_SIZE_BYTES];
pbkdf2::derive( pbkdf2::pbkdf2_hmac::<Sha1>(
pbkdf2::PBKDF2_HMAC_SHA1,
std::num::NonZeroU32::new(Self::PBKDF2_ITERATIONS).unwrap(),
&salt_bytes,
password_bytes, password_bytes,
&salt_bytes,
Self::PBKDF2_ITERATIONS,
&mut full_key, &mut full_key,
); );
Ok(full_key) Ok(full_key)
@ -36,11 +35,11 @@ impl LegacySdaCompatible {
impl EntryEncryptor for LegacySdaCompatible { impl EntryEncryptor for LegacySdaCompatible {
fn generate() -> LegacySdaCompatible { fn generate() -> LegacySdaCompatible {
let rng = ring::rand::SystemRandom::new(); let mut rng = rand::rngs::OsRng;
let mut salt = [0u8; Self::SALT_LENGTH]; let mut salt = [0u8; Self::SALT_LENGTH];
let mut iv = [0u8; Self::IV_LENGTH]; let mut iv = [0u8; Self::IV_LENGTH];
rng.fill(&mut salt).expect("Unable to generate salt."); rng.fill(&mut salt);
rng.fill(&mut iv).expect("Unable to generate IV."); rng.fill(&mut iv);
LegacySdaCompatible { LegacySdaCompatible {
iv: base64::encode(iv), iv: base64::encode(iv),
salt: base64::encode(salt), salt: base64::encode(salt),

View file

@ -21,7 +21,6 @@ extern crate base64;
extern crate dirs; extern crate dirs;
#[cfg(test)] #[cfg(test)]
extern crate proptest; extern crate proptest;
extern crate ring;
mod accountmanager; mod accountmanager;
mod commands; mod commands;
mod debug; mod debug;

View file

@ -17,7 +17,7 @@ base64 = "0.13.0"
reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] } reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
rsa = "0.5.0" rsa = "0.9.2"
rand = "0.8.4" rand = "0.8.4"
standback = "0.2.17" # required to fix a compilation error on a transient dependency standback = "0.2.17" # required to fix a compilation error on a transient dependency
cookie = "0.14" cookie = "0.14"

View file

@ -18,7 +18,7 @@ use crate::steamapi::EResult;
use crate::token::Tokens; use crate::token::Tokens;
use crate::transport::Transport; use crate::transport::Transport;
use log::*; use log::*;
use rsa::{PublicKey, RsaPublicKey}; use rsa::{Pkcs1v15Encrypt, RsaPublicKey};
use std::time::Duration; use std::time::Duration;
#[derive(Debug)] #[derive(Debug)]
@ -272,13 +272,12 @@ fn encrypt_password(
let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod().as_bytes(), 16).unwrap(); let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod().as_bytes(), 16).unwrap();
let public_key = RsaPublicKey::new(rsa_modulus, rsa_exponent).unwrap(); let public_key = RsaPublicKey::new(rsa_modulus, rsa_exponent).unwrap();
#[cfg(test)] #[cfg(test)]
let mut rng = rand::rngs::mock::StepRng::new(2, 1); let mut rng = tests::MockStepRng(rand::rngs::mock::StepRng::new(2, 1));
#[cfg(not(test))] #[cfg(not(test))]
let mut rng = rand::rngs::OsRng; let mut rng = rand::rngs::OsRng;
let padding = rsa::PaddingScheme::new_pkcs1v15_encrypt();
base64::encode( base64::encode(
public_key public_key
.encrypt(&mut rng, padding, password.as_ref()) .encrypt(&mut rng, Pkcs1v15Encrypt, password.as_ref())
.unwrap(), .unwrap(),
) )
} }
@ -406,6 +405,26 @@ impl From<anyhow::Error> for UpdateAuthSessionError {
mod tests { mod tests {
use super::*; use super::*;
pub(crate) struct MockStepRng(pub rand::rngs::mock::StepRng);
impl rand::RngCore for MockStepRng {
fn next_u32(&mut self) -> u32 {
self.0.next_u32()
}
fn next_u64(&mut self) -> u64 {
self.0.next_u64()
}
fn fill_bytes(&mut self, dest: &mut [u8]) {
self.0.fill_bytes(dest)
}
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
self.0.try_fill_bytes(dest)
}
}
impl rand::CryptoRng for MockStepRng {}
#[test] #[test]
fn test_encrypt_password() { fn test_encrypt_password() {
let mut rsa_resp = CAuthentication_GetPasswordRSAPublicKey_Response::new(); let mut rsa_resp = CAuthentication_GetPasswordRSAPublicKey_Response::new();