chore: update crypto crates

Signed-off-by: Henry <mail@henrygressmann.de>

Author: explodingcamera

Cargo.lock

@@ -27,17 +27,21 @@ hex={version="0.4"}
 bs58="0.5"
 serde={version="1.0", features=["derive"]}
 serde_json={version="1.0"}
-md5={package="md-5", version="0.10.6"}
+md-5={version="0.10"}
 async-compression={version="0.4", default-features=false, features=["gzip", "tokio"]}
 tokio-tar={package="astral-tokio-tar", version="0.5"}
-sha3={version="0.10"}
-argon2={version="0.5", features=["rand"]}
-password-hash={version="0.5", features=["rand_core", "getrandom"]} # required for getrandom feature
+blake3={version="1.8"}
+argon2={version="0.6.0-rc.7", features=[]}
+password-hash={version="0.6.0-rc.12", features=[
+    "rand_core",
+    "getrandom",
+]} # required for getrandom feature
 zstd={version="0.13", default-features=false}
 
 # general
 argh={version="0.1", default-features=false, features=["help"]}
 anyhow={version="1.0"}
+rand_core={version="0.10"}
 rand={version="0.9", default-features=false, features=["std", "thread_rng"]}
 chrono={version="0.4", default-features=false, features=["std", "now", "serde"]}
 figment={version="0.10", features=["toml", "env"]}

Cargo.toml

@@ -3,22 +3,22 @@ use std::sync::Arc;
 use anyhow::{Result, bail};
 use arc_swap::ArcSwap;
 use chrono::{DateTime, Utc};
+use password_hash::try_generate_salt;
 use std::sync::mpsc::Receiver;
 
 use crate::app::models::{Event, event_params};
 use crate::app::{DuckDBPool, EVENT_BATCH_INTERVAL, SqlitePool};
-use crate::utils::hash::generate_salt;
 
 #[derive(Clone)]
 pub struct LiwanEvents {
     duckdb: DuckDBPool,
     sqlite: SqlitePool,
-    daily_salt: Arc<ArcSwap<(String, DateTime<Utc>)>>,
+    daily_salt: Arc<ArcSwap<([u8; 16], DateTime<Utc>)>>,
 }
 
 impl LiwanEvents {
     pub fn try_new(duckdb: DuckDBPool, sqlite: SqlitePool) -> Result<Self> {
-        let daily_salt: (String, DateTime<Utc>) = {
+        let daily_salt: ([u8; 16], DateTime<Utc>) = {
             tracing::debug!("Loading daily salt");
             sqlite.get()?.query_row("select salt, updated_at from salts where id = 1", [], |row| {
                 Ok((row.get(0)?, row.get(1)?))
@@ -28,13 +28,13 @@ impl LiwanEvents {
     }
 
     /// Get the daily salt, generating a new one if the current one is older than 24 hours
-    pub fn get_salt(&self) -> Result<String> {
+    pub fn get_salt(&self) -> Result<[u8; 16]> {
         let (salt, updated_at) = &**self.daily_salt.load();
 
         // if the salt is older than 24 hours, replace it with a new one (utils::generate_salt)
         if (Utc::now() - updated_at) > chrono::Duration::hours(24) {
             tracing::debug!("Daily salt expired, generating a new one");
-            let new_salt = generate_salt();
+            let new_salt = try_generate_salt()?;
             let now = Utc::now();
             let conn = self.sqlite.get()?;
             conn.execute("update salts set salt = ?, updated_at = ? where id = 1", rusqlite::params![&new_salt, now])?;

data/licenses-cargo.json

@@ -11,7 +11,7 @@ use crate::app::SqlitePool;
 use anyhow::{Context, Result, anyhow};
 use arc_swap::ArcSwapOption;
 use futures_lite::StreamExt;
-use md5::{Digest, Md5};
+use md5::Digest;
 use tokio_tar::Archive;
 use tokio_util::io::StreamReader;
 
@@ -232,7 +232,7 @@ async fn get_latest_md5(edition: &str, account_id: &str, license_key: &str) -> R
 fn file_md5(path: &Path) -> Result<String> {
     let file = std::fs::File::open(path)?;
     let mut reader = std::io::BufReader::new(file);
-    let mut hasher = Md5::new();
+    let mut hasher = md5::Md5::new();
     std::io::copy(&mut reader, &mut hasher)?;
     Ok(format!("{:x}", hasher.finalize()))
 }

src/app/core/events.rs

@@ -1,38 +1,31 @@
+use anyhow::Context;
 use argon2::Argon2;
 use argon2::PasswordVerifier;
-use argon2::password_hash::{PasswordHasher, SaltString, rand_core};
+use argon2::password_hash::PasswordHasher;
 
 use anyhow::Result;
 use rand::RngCore;
-use sha3::Digest;
 use std::net::IpAddr;
 
 pub fn hash_password(password: &str) -> Result<String> {
-    let salt = SaltString::generate(&mut rand_core::OsRng);
-    let hash = Argon2::default()
-        .hash_password(password.as_bytes(), &salt)
-        .map_err(|_| anyhow::anyhow!("Failed to hash password"))?;
+    let hash = Argon2::default().hash_password(password.as_bytes()).context("Failed to hash password")?;
     Ok(hash.to_string())
 }
 
 pub fn verify_password(password: &str, hash: &str) -> Result<()> {
-    let hash = argon2::PasswordHash::new(hash).map_err(|_| anyhow::anyhow!("Invalid hash"))?;
+    let hash = argon2::PasswordHash::new(hash).context("Invalid hash")?;
     let argon2 = Argon2::default();
-    argon2.verify_password(password.as_bytes(), &hash).map_err(|_| anyhow::anyhow!("Failed to verify password"))
+    argon2.verify_password(password.as_bytes(), &hash).context("Failed to verify password")
 }
 
-pub fn generate_salt() -> String {
-    SaltString::generate(&mut rand_core::OsRng).to_string()
-}
-
-pub fn hash_ip(ip: &IpAddr, user_agent: &str, daily_salt: &str, entity_id: &str) -> String {
-    let mut hasher = sha3::Sha3_256::new();
-    hasher.update(ip.to_string());
-    hasher.update(user_agent);
-    hasher.update(daily_salt);
-    hasher.update(entity_id);
+pub fn hash_ip(ip: &IpAddr, user_agent: &str, daily_salt: [u8; 16], entity_id: &str) -> String {
+    let mut hasher = blake3::Hasher::new();
+    hasher.update(ip.to_string().as_bytes());
+    hasher.update(user_agent.as_bytes());
+    hasher.update(&daily_salt);
+    hasher.update(entity_id.as_bytes());
     let hash = hasher.finalize();
-    hex::encode(hash)[..32].to_string()
+    hex::encode(hash.as_bytes())[..32].to_string()
 }
 
 pub fn visitor_id() -> String {

src/app/core/geoip.rs

@@ -1,8 +1,7 @@
+use crate::app::models::Event;
 use chrono::{DateTime, Duration, Utc};
 use rand::Rng;
 
-use crate::app::models::Event;
-
 const PATHS: &[&str] = &["/", "/about", "/contact", "/pricing", "/blog", "/login", "/signup"];
 const REFERRERS: &[&str] = &["", "google.com", "twitter.com", "liwan.dev", "example.com", "henrygressmann.de"];
 const PLATFORMS: &[&str] = &["", "Windows", "macOS", "Linux", "Android", "iOS"];

src/utils/hash.rs

@@ -94,7 +94,7 @@ fn process_event(
     }
 
     let visitor_id = match ip {
-        Some(ip) => hash_ip(&ip, user_agent.as_str(), &app.events.get_salt()?, &event.entity_id),
+        Some(ip) => hash_ip(&ip, user_agent.as_str(), app.events.get_salt()?, &event.entity_id),
         None => visitor_id(),
     };