trashmodern/vaultwarden
1
0
Fork 1
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-06-16 08:45:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update ring to 0.14, jwt to 6.0, and u2f

Browse Source
This commit is contained in:
Daniel García
2019-03-09 14:42:16 +01:00
parent 2a4cd24c60
commit 4f45cc081f
4 changed files with 117 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

9
Cargo.toml
View File

@ -54,7 +54,7 @@ diesel_migrations = { version = "1.4.0", features = ["sqlite"] }
libsqlite3-sys = { version = "0.12.0", features = ["bundled"] }
# Crypto library
ring = { version = "0.13.5", features = ["rsa_signing"] }
ring = "0.14.6"
# UUID generation
uuid = { version = "0.7.4", features = ["v4"] }
@ -69,10 +69,10 @@ oath = "0.10.2"
data-encoding = "2.1.2"
# JWT library
jsonwebtoken = "5.0.1"
jsonwebtoken = "6.0.1"
# U2F library
u2f = "0.1.4"
u2f = "0.1.5"
# Yubico Library
yubico = { version = "0.5.1", features = ["online"], default-features = false }
@ -106,3 +106,6 @@ regex = "1.1.6"
[patch.crates-io]
# Add support for Timestamp type
rmp = { git = 'https://github.com/dani-garcia/msgpack-rust' }
rocket = { git = 'https://github.com/brndnmtthws/Rocket', rev = '7eda4bc09828160f30df6ffe07963993bd2e4651' }
rocket_contrib = { git = 'https://github.com/brndnmtthws/Rocket', rev = '7eda4bc09828160f30df6ffe07963993bd2e4651' }

1
src/auth.rs
View File

@ -40,7 +40,6 @@ fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T, Err
let validation = jsonwebtoken::Validation {
leeway: 30, // 30 seconds
validate_exp: true,
validate_iat: false, // IssuedAt is the same as NotBefore
validate_nbf: true,
aud: None,
iss: Some(issuer),

3
src/crypto.rs
View File

@ -3,6 +3,7 @@
//
use ring::{digest, hmac, pbkdf2};
use std::num::NonZeroU32;
static DIGEST_ALG: &digest::Algorithm = &digest::SHA256;
const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN;
@ -10,12 +11,14 @@ const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN;
pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec<u8> {
let mut out = vec![0u8; OUTPUT_LEN]; // Initialize array with zeros
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
pbkdf2::derive(DIGEST_ALG, iterations, salt, secret, &mut out);
out
}
pub fn verify_password_hash(secret: &[u8], salt: &[u8], previous: &[u8], iterations: u32) -> bool {
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
pbkdf2::verify(DIGEST_ALG, iterations, salt, secret, previous).is_ok()
}