Skip to content

Commit

Permalink
Merge pull request #280 from whisperfish/deps
Browse files Browse the repository at this point in the history
Dependency updates
  • Loading branch information
rubdos authored Jan 17, 2024
2 parents 54ce3c4 + bcae066 commit 823f17b
Show file tree
Hide file tree
Showing 17 changed files with 116 additions and 78 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ jobs:
features: "unsend-futures"
steps:
- uses: actions/checkout@v3
- name: Install protobuf
run: |
sudo apt-get update
sudo apt-get install -y libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -65,10 +69,14 @@ jobs:
toolchain: "nightly"
include:
- project: "libsignal-service-actix"
toolchain: "1.70"
toolchain: "1.75"
coverage: false
steps:
- uses: actions/checkout@v3
- name: Install protobuf
run: |
sudo apt-get update
sudo apt-get install -y libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler
- uses: actions-rs/toolchain@v1
with:
toolchain: ${{ matrix.toolchain }}
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ If you're using a Cargo workspace, you should add the `[patch.crates.io]` sectio

### Note on supported Rust versions

`libsignal-service-rs` is the at the core of [Whisperfish][whisperfish], a SailfishOS application. The SailfishOS Rust compiler updates seldomly, and therefore the MSRV maps on the compiler for that operating system. At moment of writing, this is **Rust 1.72**.
`libsignal-service-rs` is the at the core of [Whisperfish][whisperfish], a SailfishOS application. The SailfishOS Rust compiler updates seldomly, and therefore the MSRV maps on the compiler for that operating system. At moment of writing, this is **Rust 1.75**.

For other platforms, we don't mandate MSRV. In practice, however, it is **Rust 1.70**.
For other platforms, we don't mandate MSRV. In practice, however, it is **Rust 1.75**.

## Contributing

Expand Down
1 change: 0 additions & 1 deletion libsignal-service-actix/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ rand = "0.8"

thiserror = "1.0"
async-trait = "0.1"
base64 = "0.13"

phonenumber = "0.3"

Expand Down
10 changes: 6 additions & 4 deletions libsignal-service-hyper/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,20 @@ serde_json = "1.0"
thiserror = "1.0"
url = "2.1"

# hyper rustls 0.25 is not compatible with hyper 1 yet
# https://github.com/rustls/hyper-rustls/issues/234
hyper = { version = "0.14", features = ["client", "stream"] }
hyper-rustls = "0.24"
hyper-rustls = { version = "0.25", features=["http1", "http2"] }
hyper-timeout = "0.4"
headers = "0.3"

# for websocket support
async-tungstenite = { version = "0.23", features = ["tokio-rustls-native-certs"] }
async-tungstenite = { version = "0.24", features = ["tokio-rustls-native-certs"] }

tokio = { version = "1.0", features = ["macros"] }
tokio-rustls = "0.24"
tokio-rustls = "0.25"

rustls-pemfile = "0.3"
rustls-pemfile = "2.0"

[dev-dependencies]
rand = "0.8"
Expand Down
25 changes: 11 additions & 14 deletions libsignal-service-hyper/src/push_service.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,11 @@ impl HyperPushService {
let cfg = cfg.into();
let tls_config = Self::tls_config(&cfg);

let mut http = HttpConnector::new();
http.enforce_http(false);
let https = HttpsConnector::from((http, tls_config));
let https = hyper_rustls::HttpsConnectorBuilder::new()
.with_tls_config(tls_config)
.https_only()
.enable_http1()
.build();

// as in Signal-Android
let mut timeout_connector = TimeoutConnector::new(https);
Expand All @@ -66,21 +68,16 @@ impl HyperPushService {

fn tls_config(cfg: &ServiceConfiguration) -> rustls::ClientConfig {
let mut cert_bytes = std::io::Cursor::new(&cfg.certificate_authority);
let roots = rustls_pemfile::certs(&mut cert_bytes)
.expect("parseable PEM files");
let roots = roots.iter().map(|v| rustls::Certificate(v.clone()));
let roots = rustls_pemfile::certs(&mut cert_bytes);

let mut root_certs = rustls::RootCertStore::empty();
for root in roots {
root_certs.add(&root).unwrap();
}
root_certs.add_parsable_certificates(
roots.map(|c| c.expect("parsable PEM files")),
);

let mut tls_config = rustls::ClientConfig::builder()
.with_safe_defaults()
rustls::ClientConfig::builder()
.with_root_certificates(root_certs)
.with_no_client_auth();
tls_config.alpn_protocols = vec![b"http/1.1".to_vec()];
tls_config
.with_no_client_auth()
}

#[tracing::instrument(skip(self, path, body), fields(path = %path.as_ref()))]
Expand Down
6 changes: 3 additions & 3 deletions libsignal-service-hyper/src/websocket.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ use std::sync::Arc;
use async_tungstenite::{
tokio::connect_async_with_tls_connector,
tungstenite::{
client::IntoClientRequest, http::HeaderName, Error as TungsteniteError,
Message,
client::IntoClientRequest,
http::{HeaderName, StatusCode},
Error as TungsteniteError, Message,
},
};
use bytes::Bytes;
use futures::{channel::mpsc::*, prelude::*};
use hyper::StatusCode;
use tokio::time::Instant;
use tokio_rustls::rustls;
use url::Url;
Expand Down
8 changes: 4 additions & 4 deletions libsignal-service/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ aes-gcm = "0.10"
cbc = "0.1"
ctr = "0.9"
async-trait = "0.1"
base64 = "0.13"
base64 = "0.21"
bincode = "1.3"
bytes = "1"
chrono = { version = "0.4", features = ["serde", "clock"], default-features = false }
Expand All @@ -25,7 +25,7 @@ hex = "0.4"
hkdf = "0.12"
hmac = "0.12"
phonenumber = "0.3"
prost = "0.10"
prost = "> 0.10, <= 0.12"
rand = "0.8"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0.85"
Expand All @@ -38,13 +38,13 @@ tracing = { version = "0.1", features = ["log"] }
tracing-futures = "0.2"

[build-dependencies]
prost-build = "0.10"
prost-build = "> 0.10, <= 0.12"

[dev-dependencies]
anyhow = "1.0"
tokio = { version = "1.0", features = ["macros", "rt"] }

rustls = "0.21"
rustls = "0.22"

[features]
unsend-futures = []
32 changes: 20 additions & 12 deletions libsignal-service/src/account_manager.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use base64::prelude::*;
use std::collections::HashMap;
use std::convert::{TryFrom, TryInto};
use std::time::SystemTime;
Expand Down Expand Up @@ -296,7 +297,7 @@ impl<Service: PushService> AccountManager<Service> {
&[],
HttpAuthOverride::NoOverride,
&ProvisioningMessage {
body: base64::encode(body),
body: BASE64_STANDARD.encode(body),
},
)
.await
Expand Down Expand Up @@ -326,7 +327,8 @@ impl<Service: PushService> AccountManager<Service> {
let ephemeral_id = query.get("uuid").ok_or(LinkError::InvalidUuid)?;
let pub_key =
query.get("pub_key").ok_or(LinkError::InvalidPublicKey)?;
let pub_key = base64::decode(&**pub_key)
let pub_key = BASE64_STANDARD
.decode(&**pub_key)
.map_err(|_e| LinkError::InvalidPublicKey)?;
let pub_key = PublicKey::deserialize(&pub_key)
.map_err(|_e| LinkError::InvalidPublicKey)?;
Expand Down Expand Up @@ -640,6 +642,7 @@ pub fn decrypt_device_name(

#[cfg(test)]
mod tests {
use base64::prelude::*;
use libsignal_protocol::{KeyPair, PrivateKey, PublicKey};

use super::DeviceName;
Expand All @@ -666,19 +669,24 @@ mod tests {

#[test]
fn decrypt_device_name() -> anyhow::Result<()> {
let ephemeral_private_key = PrivateKey::deserialize(&base64::decode(
"0CgxHjwwblXjvX8sD5wZDWdYToMRf+CZSlgaUrxCGVo=",
)?)?;
let ephemeral_public_key = PublicKey::deserialize(&base64::decode(
"BcZS+Lt6yAKbEpXnRX+I5wHqesuvu93Q2V+fjidwW8R6",
)?)?;
let ephemeral_private_key = PrivateKey::deserialize(
&BASE64_STANDARD
.decode("0CgxHjwwblXjvX8sD5wZDWdYToMRf+CZSlgaUrxCGVo=")?,
)?;
let ephemeral_public_key = PublicKey::deserialize(
&BASE64_STANDARD
.decode("BcZS+Lt6yAKbEpXnRX+I5wHqesuvu93Q2V+fjidwW8R6")?,
)?;

let device_name = DeviceName {
ephemeral_public: Some(ephemeral_public_key.serialize().to_vec()),
synthetic_iv: Some(base64::decode("86gekHGmltnnZ9QARhiFcg==")?),
ciphertext: Some(base64::decode(
"MtJ9/9KBWLBVAxfZJD4pLKzP4q+iodRJeCc+/A==",
)?),
synthetic_iv: Some(
BASE64_STANDARD.decode("86gekHGmltnnZ9QARhiFcg==")?,
),
ciphertext: Some(
BASE64_STANDARD
.decode("MtJ9/9KBWLBVAxfZJD4pLKzP4q+iodRJeCc+/A==")?,
),
};

let decrypted_device_name =
Expand Down
5 changes: 3 additions & 2 deletions libsignal-service/src/cipher.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use std::{convert::TryFrom, fmt, time::SystemTime};

use aes::cipher::block_padding::{Iso7816, RawPadding};
use base64::prelude::*;
use libsignal_protocol::{
group_decrypt, message_decrypt_prekey, message_decrypt_signal,
message_encrypt, process_sender_key_distribution_message,
Expand Down Expand Up @@ -364,7 +365,7 @@ where
r#type: Type::UnidentifiedSender as u32,
destination_device_id: address.device_id().into(),
destination_registration_id,
content: base64::encode(message),
content: BASE64_STANDARD.encode(message),
})
} else {
let message = message_encrypt(
Expand All @@ -379,7 +380,7 @@ where
let destination_registration_id =
session_record.remote_registration_id()?;

let body = base64::encode(message.serialize());
let body = BASE64_STANDARD.encode(message.serialize());

use crate::proto::envelope::Type;
let message_type = match message.message_type() {
Expand Down
9 changes: 5 additions & 4 deletions libsignal-service/src/configuration.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
use std::{collections::HashMap, str::FromStr};

use base64::prelude::*;
use libsignal_protocol::PublicKey;
use serde::{Deserialize, Serialize};
use url::Url;
Expand Down Expand Up @@ -129,8 +130,8 @@ impl From<&SignalServers> for ServiceConfiguration {
"https://api-staging.directory.signal.org".parse().unwrap(),
certificate_authority: include_str!(concat!(env!("CARGO_MANIFEST_DIR"), "/certs/staging-root-ca.pem")).to_string(),
unidentified_sender_trust_root:
PublicKey::deserialize(&base64::decode("BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx").unwrap()).unwrap(),
zkgroup_server_public_params: bincode::deserialize(&base64::decode("ABSY21VckQcbSXVNCGRYJcfWHiAMZmpTtTELcDmxgdFbtp/bWsSxZdMKzfCp8rvIs8ocCU3B37fT3r4Mi5qAemeGeR2X+/YmOGR5ofui7tD5mDQfstAI9i+4WpMtIe8KC3wU5w3Inq3uNWVmoGtpKndsNfwJrCg0Hd9zmObhypUnSkfYn2ooMOOnBpfdanRtrvetZUayDMSC5iSRcXKpdlukrpzzsCIvEwjwQlJYVPOQPj4V0F4UXXBdHSLK05uoPBCQG8G9rYIGedYsClJXnbrgGYG3eMTG5hnx4X4ntARBgELuMWWUEEfSK0mjXg+/2lPmWcTZWR9nkqgQQP0tbzuiPm74H2wMO4u1Wafe+UwyIlIT9L7KLS19Aw8r4sPrXZSSsOZ6s7M1+rTJN0bI5CKY2PX29y5Ok3jSWufIKcgKOnWoP67d5b2du2ZVJjpjfibNIHbT/cegy/sBLoFwtHogVYUewANUAXIaMPyCLRArsKhfJ5wBtTminG/PAvuBdJ70Z/bXVPf8TVsR292zQ65xwvWTejROW6AZX6aqucUj").unwrap()).unwrap(),
PublicKey::deserialize(&BASE64_STANDARD.decode("BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx").unwrap()).unwrap(),
zkgroup_server_public_params: bincode::deserialize(&BASE64_STANDARD.decode("ABSY21VckQcbSXVNCGRYJcfWHiAMZmpTtTELcDmxgdFbtp/bWsSxZdMKzfCp8rvIs8ocCU3B37fT3r4Mi5qAemeGeR2X+/YmOGR5ofui7tD5mDQfstAI9i+4WpMtIe8KC3wU5w3Inq3uNWVmoGtpKndsNfwJrCg0Hd9zmObhypUnSkfYn2ooMOOnBpfdanRtrvetZUayDMSC5iSRcXKpdlukrpzzsCIvEwjwQlJYVPOQPj4V0F4UXXBdHSLK05uoPBCQG8G9rYIGedYsClJXnbrgGYG3eMTG5hnx4X4ntARBgELuMWWUEEfSK0mjXg+/2lPmWcTZWR9nkqgQQP0tbzuiPm74H2wMO4u1Wafe+UwyIlIT9L7KLS19Aw8r4sPrXZSSsOZ6s7M1+rTJN0bI5CKY2PX29y5Ok3jSWufIKcgKOnWoP67d5b2du2ZVJjpjfibNIHbT/cegy/sBLoFwtHogVYUewANUAXIaMPyCLRArsKhfJ5wBtTminG/PAvuBdJ70Z/bXVPf8TVsR292zQ65xwvWTejROW6AZX6aqucUj").unwrap()).unwrap(),
},
// configuration with the Signal API production endpoints
// https://github.com/signalapp/Signal-Desktop/blob/master/config/production.json
Expand All @@ -147,9 +148,9 @@ impl From<&SignalServers> for ServiceConfiguration {
contact_discovery_url: "https://api.directory.signal.org".parse().unwrap(),
certificate_authority: include_str!(concat!(env!("CARGO_MANIFEST_DIR"), "/certs/production-root-ca.pem")).to_string(),
unidentified_sender_trust_root:
PublicKey::deserialize(&base64::decode("BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF").unwrap()).unwrap(),
PublicKey::deserialize(&BASE64_STANDARD.decode("BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF").unwrap()).unwrap(),
zkgroup_server_public_params: bincode::deserialize(
&base64::decode("AMhf5ywVwITZMsff/eCyudZx9JDmkkkbV6PInzG4p8x3VqVJSFiMvnvlEKWuRob/1eaIetR31IYeAbm0NdOuHH8Qi+Rexi1wLlpzIo1gstHWBfZzy1+qHRV5A4TqPp15YzBPm0WSggW6PbSn+F4lf57VCnHF7p8SvzAA2ZZJPYJURt8X7bbg+H3i+PEjH9DXItNEqs2sNcug37xZQDLm7X36nOoGPs54XsEGzPdEV+itQNGUFEjY6X9Uv+Acuks7NpyGvCoKxGwgKgE5XyJ+nNKlyHHOLb6N1NuHyBrZrgtY/JYJHRooo5CEqYKBqdFnmbTVGEkCvJKxLnjwKWf+fEPoWeQFj5ObDjcKMZf2Jm2Ae69x+ikU5gBXsRmoF94GXTLfN0/vLt98KDPnxwAQL9j5V1jGOY8jQl6MLxEs56cwXN0dqCnImzVH3TZT1cJ8SW1BRX6qIVxEzjsSGx3yxF3suAilPMqGRp4ffyopjMD1JXiKR2RwLKzizUe5e8XyGOy9fplzhw3jVzTRyUZTRSZKkMLWcQ/gv0E4aONNqs4P").unwrap()).unwrap(),
&BASE64_STANDARD.decode("AMhf5ywVwITZMsff/eCyudZx9JDmkkkbV6PInzG4p8x3VqVJSFiMvnvlEKWuRob/1eaIetR31IYeAbm0NdOuHH8Qi+Rexi1wLlpzIo1gstHWBfZzy1+qHRV5A4TqPp15YzBPm0WSggW6PbSn+F4lf57VCnHF7p8SvzAA2ZZJPYJURt8X7bbg+H3i+PEjH9DXItNEqs2sNcug37xZQDLm7X36nOoGPs54XsEGzPdEV+itQNGUFEjY6X9Uv+Acuks7NpyGvCoKxGwgKgE5XyJ+nNKlyHHOLb6N1NuHyBrZrgtY/JYJHRooo5CEqYKBqdFnmbTVGEkCvJKxLnjwKWf+fEPoWeQFj5ObDjcKMZf2Jm2Ae69x+ikU5gBXsRmoF94GXTLfN0/vLt98KDPnxwAQL9j5V1jGOY8jQl6MLxEs56cwXN0dqCnImzVH3TZT1cJ8SW1BRX6qIVxEzjsSGx3yxF3suAilPMqGRp4ffyopjMD1JXiKR2RwLKzizUe5e8XyGOy9fplzhw3jVzTRyUZTRSZKkMLWcQ/gv0E4aONNqs4P").unwrap()).unwrap(),
},
}
}
Expand Down
3 changes: 2 additions & 1 deletion libsignal-service/src/groups_v2/manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ use crate::{
push_service::{HttpAuth, HttpAuthOverride, ServiceIds},
};

use base64::prelude::*;
use bytes::Bytes;
use chrono::{Days, NaiveDate, NaiveTime, Utc};
use futures::AsyncReadExt;
Expand Down Expand Up @@ -40,7 +41,7 @@ impl CredentialResponse {
self.credentials
.into_iter()
.map(|c| {
let bytes = base64::decode(c.credential)?;
let bytes = BASE64_STANDARD.decode(c.credential)?;
let data = bincode::deserialize(&bytes)?;
Ok((c.redemption_time, data))
})
Expand Down
24 changes: 12 additions & 12 deletions libsignal-service/src/groups_v2/model.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,11 +143,11 @@ impl TryFrom<i32> for Role {

fn try_from(value: i32) -> Result<Self, Self::Error> {
use crate::proto::member::Role::*;
match crate::proto::member::Role::from_i32(value) {
Some(Unknown) => Ok(Role::Unknown),
Some(Default) => Ok(Role::Default),
Some(Administrator) => Ok(Role::Administrator),
None => Err(GroupDecodingError::WrongEnumValue),
match crate::proto::member::Role::try_from(value) {
Ok(Unknown) => Ok(Role::Unknown),
Ok(Default) => Ok(Role::Default),
Ok(Administrator) => Ok(Role::Administrator),
Err(_e) => Err(GroupDecodingError::WrongEnumValue),
}
}
}
Expand All @@ -169,13 +169,13 @@ impl TryFrom<i32> for AccessRequired {

fn try_from(value: i32) -> Result<Self, Self::Error> {
use crate::proto::access_control::AccessRequired::*;
match crate::proto::access_control::AccessRequired::from_i32(value) {
Some(Unknown) => Ok(AccessRequired::Unknown),
Some(Any) => Ok(AccessRequired::Any),
Some(Member) => Ok(AccessRequired::Member),
Some(Administrator) => Ok(AccessRequired::Administrator),
Some(Unsatisfiable) => Ok(AccessRequired::Unsatisfiable),
None => Err(GroupDecodingError::WrongEnumValue),
match crate::proto::access_control::AccessRequired::try_from(value) {
Ok(Unknown) => Ok(AccessRequired::Unknown),
Ok(Any) => Ok(AccessRequired::Any),
Ok(Member) => Ok(AccessRequired::Member),
Ok(Administrator) => Ok(AccessRequired::Administrator),
Ok(Unsatisfiable) => Ok(AccessRequired::Unsatisfiable),
Err(_e) => Err(GroupDecodingError::WrongEnumValue),
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions libsignal-service/src/groups_v2/operations.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
use std::convert::TryInto;

use base64::prelude::*;
use bytes::Bytes;
use libsignal_protocol::{Aci, ServiceId};
use prost::Message;
Expand Down Expand Up @@ -402,9 +403,9 @@ impl GroupOperations {

let modify_invite_link_password =
actions.modify_invite_link_password.into_iter().map(|m| {
Ok(GroupChange::InviteLinkPassword(base64::encode(
m.invite_link_password,
)))
Ok(GroupChange::InviteLinkPassword(
BASE64_STANDARD.encode(m.invite_link_password),
))
});

let modify_announcements_only = actions
Expand Down
3 changes: 2 additions & 1 deletion libsignal-service/src/provisioning/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ use std::{array::TryFromSliceError, borrow::Cow};

pub use cipher::ProvisioningCipher;

use base64::prelude::*;
use derivative::Derivative;
use futures::StreamExt;
use futures::{channel::mpsc::Sender, pin_mut, SinkExt};
Expand Down Expand Up @@ -222,7 +223,7 @@ pub async fn link_device<
let pni_signed_pre_key =
generate_signed_pre_key(pni_store, csprng, &pni_key_pair).await?;

let encrypted_device_name = base64::encode(
let encrypted_device_name = BASE64_STANDARD.encode(
encrypt_device_name(csprng, device_name, &aci_public_key)?
.encode_to_vec(),
);
Expand Down
3 changes: 2 additions & 1 deletion libsignal-service/src/provisioning/pipe.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use base64::prelude::*;
use bytes::Bytes;
use futures::{
channel::{
Expand Down Expand Up @@ -97,7 +98,7 @@ impl ProvisioningPipe {
.append_pair("uuid", &uuid.uuid.unwrap())
.append_pair(
"pub_key",
&base64::encode(
&BASE64_STANDARD.encode(
self.provisioning_cipher.public_key().serialize(),
),
);
Expand Down
Loading

0 comments on commit 823f17b

Please sign in to comment.