util: update dependencies

surban · Feb 6, 2024 · 8a11492 · 8a11492
1 parent ef036bc
commit 8a11492
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 34 deletions.
diff --git a/aggligator-util/Cargo.toml b/aggligator-util/Cargo.toml
@@ -35,7 +35,6 @@ cli = [
     "serde",
     "serde_json",
     "rustls-pemfile",
-    "rustls/dangerous_configuration",
     "axum-server",
     "gethostname",
     "socket2",
@@ -55,10 +54,10 @@ network-interface = "1"
 async-trait = "0.1"
 bytes = "1"
 
-bluer = { version = "0.16", default-features = false, optional = true }
-rustls = { version = "0.21", optional = true }
-rustls-pemfile = { version = "1.0", optional = true }
-tokio-rustls = { version = "0.24", optional = true }
+bluer = { version = "0.17", default-features = false, optional = true }
+rustls = { version = "0.22", optional = true }
+rustls-pemfile = { version = "2.0", optional = true }
+tokio-rustls = { version = "0.25", optional = true }
 rand = { version = "0.8", optional = true }
 rand_xoshiro = { version = "0.6", optional = true }
 clap = { version = "4", features = ["derive"], optional = true }
@@ -71,13 +70,13 @@ tracing-subscriber = { version = "0.3", default-features = false, features = [
     "fmt",
 ], optional = true }
 tracing-log = { version = "0.2", optional = true }
-axum = { version = "0.6", features = ["ws"], optional = true }
-tungstenite = { version = "0.20", optional = true }
-tokio-tungstenite = { version = "0.20", features = [
+axum = { version = "0.7", features = ["ws"], optional = true }
+tungstenite = { version = "0.21", optional = true }
+tokio-tungstenite = { version = "0.21", features = [
     "rustls-tls-webpki-roots",
 ], optional = true }
 url = { version = "2", optional = true }
-axum-server = { version = "0.5", optional = true }
+axum-server = { version = "0.6", optional = true }
 upc = { version = "0.4", optional = true }
 usb-gadget = { version = "0.6", optional = true }
 rusb = { version = "0.9", optional = true }

diff --git a/aggligator-util/src/bin/agg-speed.rs b/aggligator-util/src/bin/agg-speed.rs
@@ -4,10 +4,11 @@ use anyhow::{bail, Context, Result};
 use clap::{Parser, Subcommand};
 use crossterm::{style::Stylize, tty::IsTty};
 use rustls::{
-    client::{ServerCertVerified, ServerCertVerifier},
-    Certificate, ClientConfig, PrivateKey, RootCertStore, ServerConfig, ServerName,
+    client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
+    pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime},
+    ClientConfig, DigitallySignedStruct, RootCertStore, ServerConfig, SignatureScheme,
 };
-use rustls_pemfile::{certs, pkcs8_private_keys};
+use rustls_pemfile::{certs, private_key};
 use serde::Serialize;
 use std::{
     collections::HashSet,
@@ -71,45 +72,72 @@ static TLS_CERT_PEM: &[u8] = include_bytes!("agg-speed-cert.pem");
 static TLS_KEY_PEM: &[u8] = include_bytes!("agg-speed-key.pem");
 static TLS_SERVER_NAME: &str = "aggligator.rs";
 
-fn tls_cert() -> Certificate {
+fn tls_cert() -> CertificateDer<'static> {
     let mut reader = BufReader::new(TLS_CERT_PEM);
-    Certificate(certs(&mut reader).unwrap().pop().unwrap())
+    let mut certs = certs(&mut reader);
+    certs.next().unwrap().unwrap()
 }
 
-fn tls_key() -> PrivateKey {
+fn tls_key() -> PrivateKeyDer<'static> {
     let mut reader = BufReader::new(TLS_KEY_PEM);
-    PrivateKey(pkcs8_private_keys(&mut reader).unwrap().pop().unwrap())
+    private_key(&mut reader).unwrap().unwrap()
 }
 
 /// Accepts every TLS server certificate.
 ///
 /// For speed test only! Do not use in production code!
+#[derive(Debug)]
 struct TlsNullVerifier;
 
 impl ServerCertVerifier for TlsNullVerifier {
     fn verify_server_cert(
-        &self, _end_entity: &Certificate, _intermediates: &[Certificate], _server_name: &ServerName,
-        _scts: &mut dyn Iterator<Item = &[u8]>, _ocsp_response: &[u8], _now: std::time::SystemTime,
-    ) -> Result<ServerCertVerified, rustls::Error> {
+        &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>],
+        _server_name: &ServerName<'_>, _ocsp_response: &[u8], _now: UnixTime,
+    ) -> std::result::Result<ServerCertVerified, rustls::Error> {
         Ok(ServerCertVerified::assertion())
     }
+
+    fn verify_tls12_signature(
+        &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct,
+    ) -> std::result::Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct,
+    ) -> std::result::Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
+        vec![
+            SignatureScheme::RSA_PKCS1_SHA1,
+            SignatureScheme::ECDSA_SHA1_Legacy,
+            SignatureScheme::RSA_PKCS1_SHA256,
+            SignatureScheme::ECDSA_NISTP256_SHA256,
+            SignatureScheme::RSA_PKCS1_SHA384,
+            SignatureScheme::ECDSA_NISTP384_SHA384,
+            SignatureScheme::RSA_PKCS1_SHA512,
+            SignatureScheme::ECDSA_NISTP521_SHA512,
+            SignatureScheme::RSA_PSS_SHA256,
+            SignatureScheme::RSA_PSS_SHA384,
+            SignatureScheme::RSA_PSS_SHA512,
+            SignatureScheme::ED25519,
+            SignatureScheme::ED448,
+        ]
+    }
 }
 
 fn tls_client_config() -> ClientConfig {
     let mut root_store = RootCertStore::empty();
-    root_store.add(&tls_cert()).unwrap();
-    let mut cfg =
-        ClientConfig::builder().with_safe_defaults().with_root_certificates(root_store).with_no_client_auth();
+    root_store.add(tls_cert()).unwrap();
+    let mut cfg = ClientConfig::builder().with_root_certificates(root_store).with_no_client_auth();
     cfg.dangerous().set_certificate_verifier(Arc::new(TlsNullVerifier));
     cfg
 }
 
 fn tls_server_config() -> ServerConfig {
-    ServerConfig::builder()
-        .with_safe_defaults()
-        .with_no_client_auth()
-        .with_single_cert(vec![tls_cert()], tls_key())
-        .unwrap()
+    ServerConfig::builder().with_no_client_auth().with_single_cert(vec![tls_cert()], tls_key()).unwrap()
 }
 
 /// Run speed test using a connection consisting of aggregated TCP links.

diff --git a/aggligator-util/src/net/tls.rs b/aggligator-util/src/net/tls.rs
@@ -1,7 +1,7 @@
 //! TLS connection functions.
 
 use futures::Future;
-use rustls::{ClientConfig, ServerConfig, ServerName};
+use rustls::{pki_types::ServerName, ClientConfig, ServerConfig};
 use std::{io::Result, net::SocketAddr, sync::Arc};
 
 use crate::transport::{
@@ -68,7 +68,7 @@ use aggligator::alc::Stream;
 /// ```
 pub async fn tls_connect(
     target: impl IntoIterator<Item = String>, default_port: u16, tls_client_cfg: Arc<ClientConfig>,
-    server_name: ServerName,
+    server_name: ServerName<'static>,
 ) -> Result<Stream> {
     let mut connector = Connector::wrapped(TlsClient::new(tls_client_cfg, server_name));
     connector.add(TcpConnector::new(target, default_port).await?);

diff --git a/aggligator-util/src/transport/tls.rs b/aggligator-util/src/transport/tls.rs
@@ -1,7 +1,7 @@
 //! TLS wrapper.
 
 use async_trait::async_trait;
-use rustls::{ClientConfig, ServerConfig, ServerName};
+use rustls::{pki_types::ServerName, ClientConfig, ServerConfig};
 use std::{io::Result, sync::Arc};
 use tokio::io::split;
 use tokio_rustls::{TlsAcceptor, TlsConnector};
@@ -22,7 +22,7 @@ static NAME: &str = "tls";
 #[derive(Debug)]
 #[must_use = "you must pass this wrapper to the connector"]
 pub struct TlsClient {
-    server_name: ServerName,
+    server_name: ServerName<'static>,
     client_cfg: Arc<ClientConfig>,
 }
 
@@ -32,7 +32,7 @@ impl TlsClient {
     /// The identity of the server is verified using TLS against `server_name`.
     /// The outgoing link is encrypted using TLS with the configuration specified
     /// in `client_cfg`.
-    pub fn new(client_cfg: Arc<ClientConfig>, server_name: ServerName) -> Self {
+    pub fn new(client_cfg: Arc<ClientConfig>, server_name: ServerName<'static>) -> Self {
         Self { server_name, client_cfg }
     }
 }

diff --git a/aggligator-util/src/transport/websocket.rs b/aggligator-util/src/transport/websocket.rs
@@ -2,7 +2,7 @@
 
 use async_trait::async_trait;
 use axum::{
-    body::boxed,
+    body::Body,
     extract::{ConnectInfo, WebSocketUpgrade},
     http::StatusCode,
     response::Response,
@@ -440,7 +440,7 @@ impl WebSocketAcceptorBuilder {
                     }),
                     Err(_) => Response::builder()
                         .status(StatusCode::SERVICE_UNAVAILABLE)
-                        .body(boxed("WebSocketAcceptor was dropped".to_string()))
+                        .body(Body::from("WebSocketAcceptor was dropped"))
                         .unwrap(),
                 }
             }),