Update other outdated dependencies

RSA had a few changes in 0.8->0.9 that needed handling ssh-key's algorithm name is no longer 'static.
mkj · Jan 19, 2024 · be668c5 · be668c5
1 parent e769b8a
commit be668c5
Show file tree

Hide file tree

Showing 9 changed files with 262 additions and 396 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -21,7 +21,7 @@ members = [
 [dependencies]
 sunset-sshwire-derive = { version = "0.1", path = "sshwire-derive" }
 
-snafu = { version = "0.7", default-features = false, features = ["rust_1_61"] }
+snafu = { version = "0.8", default-features = false, features = ["rust_1_61"] }
 # TODO: check that log macro calls disappear in no_std builds
 log = { version = "0.4" }
 heapless = "0.8"
@@ -49,14 +49,14 @@ ed25519-dalek = { version = "2.0.0-rc.3", default-features = false, features = [
 x25519-dalek = { version = "2.0.0-rc.3", default-features = false, features = ["zeroize"] }
 curve25519-dalek = { version = "4.0.0", default-features = false, features = ["zeroize"] }
 # p521 = { version = "0.13.2", default-features = false, features = ["ecdh", "ecdsa"] }
-rsa = { version = "0.8", default-features = false, optional = true, features = ["sha2"] }
+rsa = { version = "0.9", default-features = false, optional = true, features = ["sha2"] }
 # TODO: getrandom feature is a workaround for missing ssh-key dependency with rsa. fixed in pending 0.6
-ssh-key = { version = "0.5", default-features = false, optional = true, features = ["getrandom"] }
+ssh-key = { version = "0.6", default-features = false, optional = true, features = ["getrandom"] }
 
 embedded-io = { version = "0.6", optional = true }
 
 # for debug printing
-pretty-hex = { version = "0.3", default-features = false }
+pretty-hex = { version = "0.4", default-features = false }
 
 # for non_async
 futures = { version = "0.3", default-features = false }
@@ -74,9 +74,9 @@ defmt = ["dep:defmt"]
 
 [dev-dependencies]
 # examples want std::error
-snafu = { version = "0.7", default-features = true }
+snafu = { version = "0.8", default-features = true }
 anyhow = { version = "1.0" }
-pretty-hex = "0.3"
+pretty-hex = "0.4"
 simplelog = { version = "0.12", features = ["test"] }
 
 

diff --git a/async/Cargo.toml b/async/Cargo.toml
@@ -14,7 +14,7 @@ log = { version = "0.4", features = ["release_max_level_trace"] }
 rpassword = "7.2"
 argh = "0.1"
 
-ssh-key = { version = "0.5", default-features = false, features = [ "std"] }
+ssh-key = { version = "0.6", default-features = false, features = [ "std"] }
 
 embassy-sync = { version = "0.5" }
 embassy-futures = { version = "0.1" }
@@ -31,16 +31,15 @@ nix = "0.26"
 heapless = "0.8"
 
 # TODO
-pretty-hex = "0.3"
-# snafu = { version = "0.7", default-features = true }
+pretty-hex = "0.4"
 
 [features]
 # rsa is implied by sunset/std
 # rsa = ["sunset/rsa"]
 
 [dev-dependencies]
 anyhow = { version = "1.0" }
-pretty-hex = "0.3"
+pretty-hex = "0.4"
 whoami = "1.3"
 zeroize = "1.5"
 

diff --git a/async/src/cmdline_client.rs b/async/src/cmdline_client.rs
@@ -22,8 +22,6 @@ use tokio::signal::unix::{signal, SignalKind};
 use futures::{select_biased, future::Fuse};
 use futures::FutureExt;
 
-use pretty_hex::PrettyHex;
-
 use crate::*;
 use crate::AgentClient;
 use crate::{raw_pty, RawPtyGuard};

diff --git a/embassy/demos/common/Cargo.toml b/embassy/demos/common/Cargo.toml
@@ -26,7 +26,7 @@ ed25519-dalek = { version = "2.0.0-rc.2", default-features = false }
 
 defmt = { version = "0.3", optional = true }
 log = "0.4"
-pretty-hex = { version = "0.3", default-features = false }
+pretty-hex = { version = "0.4", default-features = false }
 
 [dev-dependencies]
 anyhow = { version = "1.0" }

diff --git a/embassy/demos/picow/Cargo.toml b/embassy/demos/picow/Cargo.toml
@@ -31,11 +31,11 @@ static_cell = { version = "1.0", features = [ "nightly" ] }
 defmt = { version  = "0.3", optional = true }
 defmt-rtt = "0.3"
 panic-probe = { version = "0.3", features = ["print-defmt"] }
-pretty-hex = { version = "0.3", default-features = false }
+pretty-hex = { version = "0.4", default-features = false }
 log = { version = "0.4" }
 futures = { version = "0.3", default-features = false }
 
-snafu = { version = "0.7", default-features = false, features = ["rust_1_61"] }
+snafu = { version = "0.8", default-features = false, features = ["rust_1_65"] }
 
 cortex-m = { version = "0.7.6", features = ["critical-section-single-core"]}
 cortex-m-rt = "0.7.0"
@@ -47,7 +47,7 @@ embedded-io-async = "0.6"
 embedded-storage-async = "0.4"
 heapless = "0.8"
 
-caprand = { git = "https://github.com/mkj/caprand" }
+caprand = "0.1"
 getrandom = { version = "0.2", features = ["custom"] }
 
 critical-section = "1.1"

diff --git a/src/packets.rs b/src/packets.rs
@@ -27,7 +27,7 @@ use sshwire::{SSHEncode, SSHDecode, SSHSource, SSHSink, WireResult, WireError};
 use sshwire::{SSHEncodeEnum, SSHDecodeEnum};
 
 #[cfg(feature = "rsa")]
-use rsa::PublicKeyParts;
+use rsa::traits::PublicKeyParts;
 
 // Any `enum` needs to have special handling to select a variant when deserializing.
 // This is mostly done with `#[sshwire(...)]` attributes.
@@ -385,7 +385,6 @@ pub struct RSAPubKey {
 #[cfg(feature = "rsa")]
 impl SSHEncode for RSAPubKey {
     fn enc(&self, s: &mut dyn SSHSink) -> WireResult<()> {
-        use rsa::PublicKeyParts;
         self.key.e().enc(s)?;
         self.key.n().enc(s)?;
         Ok(())
@@ -395,7 +394,6 @@ impl SSHEncode for RSAPubKey {
 #[cfg(feature = "rsa")]
 impl<'de> SSHDecode<'de> for RSAPubKey {
     fn dec<S>(s: &mut S) -> WireResult<Self> where S: SSHSource<'de> {
-        use rsa::PublicKeyParts;
         let e = SSHDecode::dec(s)?;
         let n = SSHDecode::dec(s)?;
         let key = rsa::RsaPublicKey::new(n, e)

diff --git a/src/sign.rs b/src/sign.rs
@@ -21,16 +21,12 @@ use core::mem::discriminant;
 
 use digest::Digest;
 
+// RSA requires alloc.
 #[cfg(feature = "rsa")]
 use packets::RSAPubKey;
 #[cfg(feature = "rsa")]
 use rsa::signature::{DigestSigner, DigestVerifier};
 
-// #[cfg(feature = "rsa")]
-// use rsa::{PublicKey, RsaPrivateKey, RsaPublicKey, PaddingScheme};
-
-// RSA requires alloc.
-
 #[derive(Debug, Clone, Copy)]
 pub enum SigType {
     Ed25519,
@@ -129,16 +125,18 @@ impl SigType {
         s: &packets::RSASig,
     ) -> Result<()> {
         let verifying_key =
-            rsa::pkcs1v15::VerifyingKey::<sha2::Sha256>::new_with_prefix(
+            rsa::pkcs1v15::VerifyingKey::<sha2::Sha256>::new(
                 k.key.clone(),
             );
-        let s: Box<[u8]> = s.sig.0.into();
-        let signature = s.into();
+        let signature = s.sig.0.try_into().map_err(|e| {
+            trace!("RSA bad signature: {e}");
+            Error::BadSig
+        })?;
 
         let mut h = sha2::Sha256::new();
         sshwire::hash_ser(&mut h, msg)?;
         verifying_key.verify_digest(h, &signature).map_err(|e| {
-            trace!("RSA signature failed: {e}");
+            trace!("RSA verify failed: {e}");
             Error::BadSig
         })
     }
@@ -148,13 +146,13 @@ pub enum OwnedSig {
     // just store raw bytes here.
     Ed25519([u8; 64]),
     #[cfg(feature = "rsa")]
-    RSA(rsa::pkcs1v15::Signature),
+    RSA(Box<[u8]>),
 }
 
 #[cfg(feature = "rsa")]
 impl From<rsa::pkcs1v15::Signature> for OwnedSig {
     fn from(s: rsa::pkcs1v15::Signature) -> Self {
-        OwnedSig::RSA(s)
+        OwnedSig::RSA(s.into())
     }
 }
 
@@ -168,8 +166,8 @@ impl TryFrom<Signature<'_>> for OwnedSig {
             }
             #[cfg(feature = "rsa")]
             Signature::RSA(s) => {
-                let s: Box<[u8]> = s.sig.0.into();
-                Ok(OwnedSig::RSA(s.into()))
+                let s = s.sig.0.try_into().map_err(|_| Error::BadSig)?;
+                Ok(OwnedSig::RSA(s))
             }
             Signature::Unknown(u) => {
                 debug!("Unknown {u} signature");
@@ -255,7 +253,7 @@ impl SignKey {
             }
 
             #[cfg(feature = "rsa")]
-            SignKey::RSA(k) => PubKey::RSA(RSAPubKey { key: k.deref().clone() }),
+            SignKey::RSA(k) => PubKey::RSA(RSAPubKey { key: k.into() }),
 
             #[cfg(feature = "rsa")]
             SignKey::AgentRSA(pk) => PubKey::RSA(RSAPubKey { key: pk.clone() }),
@@ -318,7 +316,7 @@ impl SignKey {
             #[cfg(feature = "rsa")]
             SignKey::RSA(k) => {
                 let signing_key =
-                    rsa::pkcs1v15::SigningKey::<sha2::Sha256>::new_with_prefix(
+                    rsa::pkcs1v15::SigningKey::<sha2::Sha256>::new(
                         k.clone(),
                     );
                 let mut h = sha2::Sha256::new();
@@ -327,7 +325,7 @@ impl SignKey {
                     trace!("RSA signing failed: {e:?}");
                     Error::bug()
                 })?;
-                sig.into()
+                OwnedSig::RSA(sig.into())
             }
 
             // callers should check for agent keys first
@@ -399,7 +397,10 @@ impl TryFrom<ssh_key::PrivateKey> for SignKey {
                 .map_err(|_| Error::BadKey)?;
                 Ok(SignKey::RSA(key))
             }
-            _ => Err(Error::NotAvailable { what: k.algorithm().as_str() }),
+            _ => {
+                debug!("Unknown ssh-key algorithm {}", k.algorithm().as_str());
+                Err(Error::NotAvailable { what: "ssh key algorithm" })
+            },
         }
     }
 }

diff --git a/sshwire-derive/Cargo.toml b/sshwire-derive/Cargo.toml
@@ -10,4 +10,4 @@ description = "Derive macros for Sunset SSH packet encoder/decoder"
 proc-macro = true
 
 [dependencies]
-virtue = "0.0.13"
+virtue = "0.0.16"