Use CryptoWrapper provided by light-openid

2023-04-29 12:19:48 +02:00 · 2023-04-29 12:19:48 +02:00 · 2eaeb12835
commit 2eaeb12835
parent a1073b807c
5 changed files with 20 additions and 102 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -561,7 +561,6 @@ dependencies = [
 "actix-remote-ip",
 "actix-session",
 "actix-web",
- "aes-gcm",
 "askama",
 "base32",
 "base64 0.21.0",
@ -576,6 +575,7 @@ dependencies = [
 "jwt-simple",
 "lazy-regex",
 "lazy_static",
+ "light-openid",
 "log",
 "mime_guess",
 "qrcode-generator",
@ -1765,6 +1765,23 @@ version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"

+[[package]]
+name = "light-openid"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "608aa1b7148a6eeab631c6267deca33407ff851ab50eea115e52c13a9bb184ee"
+dependencies = [
+ "aes-gcm",
+ "base64 0.21.0",
+ "bincode",
+ "log",
+ "rand",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "urlencoding",
+]
+
 [[package]]
 name = "link-cplusplus"
 version = "1.0.8"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -35,7 +35,7 @@ base32 = "0.4.0"
 qrcode-generator = "4.1.8"
 webauthn-rs = { version = "0.4.8", features = ["danger-allow-state-serialisation"] }
 url = "2.3.1"
-aes-gcm = { version = "0.10.1", features = ["aes"] }
+light-openid = { version = "1.0.1", features=["crypto-wrapper"] }
 bincode = "2.0.0-rc.3"
 chrono = "0.4.24"
 lazy_static = "1.4.0"
--- a/src/data/crypto_wrapper.rs
+++ b/src/data/crypto_wrapper.rs
@ -1,98 +0,0 @@
-use std::io::ErrorKind;
-
-use aes_gcm::aead::{Aead, OsRng};
-use aes_gcm::{Aes256Gcm, Key, KeyInit, Nonce};
-use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
-use base64::Engine as _;
-use bincode::{Decode, Encode};
-use rand::Rng;
-
-use crate::utils::err::Res;
-
-const NONCE_LEN: usize = 12;
-
-pub struct CryptoWrapper {
-    key: Key<Aes256Gcm>,
-}
-
-impl CryptoWrapper {
-    /// Generate a new memory wrapper
-    pub fn new_random() -> Self {
-        Self {
-            key: Aes256Gcm::generate_key(&mut OsRng),
-        }
-    }
-
-    /// Encrypt some data
-    pub fn encrypt<T: Encode + Decode>(&self, data: &T) -> Res<String> {
-        let aes_key = Aes256Gcm::new(&self.key);
-        let nonce_bytes = rand::thread_rng().gen::<[u8; NONCE_LEN]>();
-
-        let serialized_data = bincode::encode_to_vec(data, bincode::config::standard())?;
-
-        let mut enc = aes_key
-            .encrypt(Nonce::from_slice(&nonce_bytes), serialized_data.as_slice())
-            .unwrap();
-        enc.extend_from_slice(&nonce_bytes);
-
-        Ok(BASE64_STANDARD.encode(enc))
-    }
-
-    /// Decrypt some data previously encrypted using the [`CryptoWrapper::encrypt`] method
-    pub fn decrypt<T: Decode>(&self, input: &str) -> Res<T> {
-        let bytes = BASE64_STANDARD.decode(input)?;
-
-        if bytes.len() < NONCE_LEN {
-            return Err(Box::new(std::io::Error::new(
-                ErrorKind::Other,
-                "Input string is smaller than nonce!",
-            )));
-        }
-
-        let (enc, nonce) = bytes.split_at(bytes.len() - NONCE_LEN);
-        assert_eq!(nonce.len(), NONCE_LEN);
-
-        let aes_key = Aes256Gcm::new(&self.key);
-
-        let dec = match aes_key.decrypt(Nonce::from_slice(nonce), enc) {
-            Ok(d) => d,
-            Err(e) => {
-                log::error!("Failed to decrypt wrapped data! {:#?}", e);
-                return Err(Box::new(std::io::Error::new(
-                    ErrorKind::Other,
-                    "Failed to decrypt wrapped data!",
-                )));
-            }
-        };
-
-        Ok(bincode::decode_from_slice(&dec, bincode::config::standard())?.0)
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use crate::data::crypto_wrapper::CryptoWrapper;
-    use bincode::{Decode, Encode};
-
-    #[derive(Encode, Decode, Eq, PartialEq, Debug)]
-    struct Message(String);
-
-    #[test]
-    fn encrypt_and_decrypt() {
-        let wrapper = CryptoWrapper::new_random();
-        let msg = Message("Pierre was here".to_string());
-        let enc = wrapper.encrypt(&msg).unwrap();
-        let dec: Message = wrapper.decrypt(&enc).unwrap();
-
-        assert_eq!(dec, msg)
-    }
-
-    #[test]
-    fn encrypt_and_decrypt_invalid() {
-        let wrapper_1 = CryptoWrapper::new_random();
-        let wrapper_2 = CryptoWrapper::new_random();
-        let msg = Message("Pierre was here".to_string());
-        let enc = wrapper_1.encrypt(&msg).unwrap();
-        wrapper_2.decrypt::<Message>(&enc).unwrap_err();
-    }
-}
--- a/src/data/mod.rs
+++ b/src/data/mod.rs
@ -3,7 +3,6 @@ pub mod action_logger;
 pub mod app_config;
 pub mod client;
 pub mod code_challenge;
-pub mod crypto_wrapper;
 pub mod current_user;
 pub mod entity_manager;
 pub mod id_token;
--- a/src/data/webauthn_manager.rs
+++ b/src/data/webauthn_manager.rs
@ -3,6 +3,7 @@ use std::sync::Arc;

 use actix_web::web;
 use bincode::{Decode, Encode};
+use light_openid::crypto_wrapper::CryptoWrapper;
 use uuid::Uuid;
 use webauthn_rs::prelude::{
    CreationChallengeResponse, Passkey, PublicKeyCredential, RegisterPublicKeyCredential,
@ -14,7 +15,6 @@ use crate::constants::{
    APP_NAME, WEBAUTHN_LOGIN_CHALLENGE_EXPIRE, WEBAUTHN_REGISTER_CHALLENGE_EXPIRE,
 };
 use crate::data::app_config::AppConfig;
-use crate::data::crypto_wrapper::CryptoWrapper;
 use crate::data::user::{User, UserID};
 use crate::utils::err::Res;
 use crate::utils::time::time;