mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-05-16 22:13:54 +02:00
Code Issues Actions6 Packages Projects Releases Wiki Activity

maint: updating rand and rand_chacha

Browse source
This commit is contained in:
James Hodgkinson 2025-04-22 14:35:44 +10:00
parent e353c13416
commit 0a38fcd812
No known key found for this signature in database
15 changed files with 51 additions and 47 deletions

15
Cargo.lock generated
View file

@ -3072,7 +3072,7 @@ dependencies = [
"md-5", "md-5",
"openssl", "openssl",
"openssl-sys", "openssl-sys",
"rand 0.8.5", "rand 0.9.1",
"serde", "serde",
"sha-crypt", "sha-crypt",
"sha2", "sha2",
@ -3302,7 +3302,7 @@ dependencies = [
"num_enum", "num_enum",
"openssl", "openssl",
"openssl-sys", "openssl-sys",
"rand 0.8.5", "rand 0.9.1",
"regex", "regex",
"rusqlite", "rusqlite",
"serde", "serde",
@ -4216,8 +4216,8 @@ dependencies = [
"kanidm_client", "kanidm_client",
"mathru", "mathru",
"mimalloc", "mimalloc",
"rand 0.8.5", "rand 0.9.1",
"rand_chacha 0.3.1", "rand_chacha 0.9.0",
"serde", "serde",
"serde_json", "serde_json",
"tokio", "tokio",
@ -4602,7 +4602,7 @@ checksum = "b820744eb4dc9b57a3398183639c511b5a26d2ed702cedd3febaa1393caa22cc"
dependencies = [ dependencies = [
"bytes", "bytes",
"getrandom 0.3.2", "getrandom 0.3.2",
"rand 0.9.0", "rand 0.9.1",
"ring", "ring",
"rustc-hash 2.1.1", "rustc-hash 2.1.1",
"rustls", "rustls",
@ -4656,13 +4656,12 @@ dependencies = [
[[package]] [[package]]
name = "rand" name = "rand"
version = "0.9.0" version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
dependencies = [ dependencies = [
"rand_chacha 0.9.0", "rand_chacha 0.9.0",
"rand_core 0.9.3", "rand_core 0.9.3",
"zerocopy 0.8.24",
] ]
[[package]] [[package]]

4
Cargo.toml
View file

@ -237,8 +237,8 @@ prctl = "1.0.0"
proc-macro2 = "1.0.93" proc-macro2 = "1.0.93"
qrcode = "^0.12.0" qrcode = "^0.12.0"
quote = "1" quote = "1"
rand = "^0.8.5" rand = "0.9.1"
rand_chacha = "0.3.1" rand_chacha = "0.9.0"
regex = "1.11.0" regex = "1.11.0"
reqwest = { version = "0.12.12", default-features = false, features = [ reqwest = { version = "0.12.12", default-features = false, features = [
"cookies", "cookies",

24
libs/crypto/src/lib.rs
View file

@ -834,9 +834,9 @@ impl TryFrom<&str> for Password {
impl Password { impl Password {
fn bench_pbkdf2(pbkdf2_cost: usize) -> Option<Duration> { fn bench_pbkdf2(pbkdf2_cost: usize) -> Option<Duration> {
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let salt: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.gen()).collect(); let salt: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.random()).collect();
let input: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.gen()).collect(); let input: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.random()).collect();
// This is 512 bits of output // This is 512 bits of output
let mut key: Vec<u8> = (0..PBKDF2_KEY_LEN).map(|_| 0).collect(); let mut key: Vec<u8> = (0..PBKDF2_KEY_LEN).map(|_| 0).collect();
@ -855,9 +855,9 @@ impl Password {
} }
fn bench_argon2id(params: Params) -> Option<Duration> { fn bench_argon2id(params: Params) -> Option<Duration> {
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.gen()).collect(); let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.random()).collect();
let input: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.gen()).collect(); let input: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.random()).collect();
let mut key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect(); let mut key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect();
let argon = Argon2::new(Algorithm::Argon2id, Version::V0x13, params); let argon = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
@ -873,8 +873,8 @@ impl Password {
pub fn new_pbkdf2(policy: &CryptoPolicy, cleartext: &str) -> Result<Self, CryptoError> { pub fn new_pbkdf2(policy: &CryptoPolicy, cleartext: &str) -> Result<Self, CryptoError> {
let pbkdf2_cost = policy.pbkdf2_cost; let pbkdf2_cost = policy.pbkdf2_cost;
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let salt: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.gen()).collect(); let salt: Vec<u8> = (0..PBKDF2_SALT_LEN).map(|_| rng.random()).collect();
let mut key: Vec<u8> = (0..PBKDF2_KEY_LEN).map(|_| 0).collect(); let mut key: Vec<u8> = (0..PBKDF2_KEY_LEN).map(|_| 0).collect();
pbkdf2_hmac( pbkdf2_hmac(
@ -897,8 +897,8 @@ impl Password {
let argon = Argon2::new(Algorithm::Argon2id, version, policy.argon2id_params.clone()); let argon = Argon2::new(Algorithm::Argon2id, version, policy.argon2id_params.clone());
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.gen()).collect(); let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.random()).collect();
let mut key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect(); let mut key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect();
argon argon
@ -925,8 +925,8 @@ impl Password {
let argon = Argon2::new(Algorithm::Argon2id, version, policy.argon2id_params.clone()); let argon = Argon2::new(Algorithm::Argon2id, version, policy.argon2id_params.clone());
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.gen()).collect(); let salt: Vec<u8> = (0..ARGON2_SALT_LEN).map(|_| rng.random()).collect();
let mut check_key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect(); let mut check_key: Vec<u8> = (0..ARGON2_KEY_LEN).map(|_| 0).collect();
argon argon

4
server/lib/src/credential/totp.rs
View file

@ -145,8 +145,8 @@ impl Totp {
// Create a new token with secure key and algo. // Create a new token with secure key and algo.
pub fn generate_secure(step: u64) -> Self { pub fn generate_secure(step: u64) -> Self {
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let secret: Vec<u8> = (0..SECRET_SIZE_BYTES).map(|_| rng.gen()).collect(); let secret: Vec<u8> = (0..SECRET_SIZE_BYTES).map(|_| rng.random()).collect();
let algo = TotpAlgo::Sha256; let algo = TotpAlgo::Sha256;
let digits = TotpDigits::Six; let digits = TotpDigits::Six;
Totp { Totp {

11
server/lib/src/idm/oauth2.rs
View file

@ -2992,11 +2992,12 @@ fn validate_scopes(req_scopes: &BTreeSet<String>) -> Result<(), Oauth2Error> {
#[cfg(any(feature = "dev-oauth2-device-flow", test))] #[cfg(any(feature = "dev-oauth2-device-flow", test))]
#[allow(dead_code)] #[allow(dead_code)]
fn gen_device_code() -> Result<[u8; 16], Oauth2Error> { fn gen_device_code() -> Result<[u8; 16], Oauth2Error> {
let mut rng = rand::thread_rng(); use rand::TryRngCore;
let mut rng = rand::rng();
let mut result = [0u8; 16]; let mut result = [0u8; 16];
// doing it here because of feature-shenanigans. // doing it here because of feature-shenanigans.
use rand::Rng; if let Err(err) = rng.try_fill_bytes(&mut result) {
if let Err(err) = rng.try_fill(&mut result) {
error!("Failed to generate device code! {:?}", err); error!("Failed to generate device code! {:?}", err);
return Err(Oauth2Error::ServerError(OperationError::Backend)); return Err(Oauth2Error::ServerError(OperationError::Backend));
} }
@ -3009,8 +3010,8 @@ fn gen_device_code() -> Result<[u8; 16], Oauth2Error> {
/// Returns (xxx-yyy-zzz, digits) where one's the human-facing code, the other is what we store in the DB. /// Returns (xxx-yyy-zzz, digits) where one's the human-facing code, the other is what we store in the DB.
fn gen_user_code() -> (String, u32) { fn gen_user_code() -> (String, u32) {
use rand::Rng; use rand::Rng;
let mut rng = rand::thread_rng(); let mut rng = rand::rng();
let num: u32 = rng.gen_range(0..=999999999); let num: u32 = rng.random_range(0..=999999999);
let result = format!("{:09}", num); let result = format!("{:09}", num);
( (
format!("{}-{}-{}", &result[0..3], &result[3..6], &result[6..9]), format!("{}-{}-{}", &result[0..3], &result[3..6], &result[6..9]),

4
server/lib/src/idm/server.rs
View file

@ -236,7 +236,7 @@ impl IdmServer {
let qs_read = self.qs.read().await?; let qs_read = self.qs.read().await?;
let mut sid = [0; 4]; let mut sid = [0; 4];
let mut rng = StdRng::from_entropy(); let mut rng = StdRng::from_os_rng();
rng.fill(&mut sid); rng.fill(&mut sid);
Ok(IdmServerAuthTransaction { Ok(IdmServerAuthTransaction {
@ -279,7 +279,7 @@ impl IdmServer {
let qs_write = self.qs.write(ts).await?; let qs_write = self.qs.write(ts).await?;
let mut sid = [0; 4]; let mut sid = [0; 4];
let mut rng = StdRng::from_entropy(); let mut rng = StdRng::from_os_rng();
rng.fill(&mut sid); rng.fill(&mut sid);
Ok(IdmServerProxyWriteTransaction { Ok(IdmServerProxyWriteTransaction {

10
server/lib/src/utils.rs
View file

@ -2,8 +2,8 @@
use crate::prelude::*; use crate::prelude::*;
use hashbrown::HashSet; use hashbrown::HashSet;
use rand::distributions::{Distribution, Uniform}; use rand::distr::{Distribution, Uniform};
use rand::{thread_rng, Rng}; use rand::{rng, Rng};
use std::ops::Range; use std::ops::Range;
#[derive(Debug)] #[derive(Debug)]
@ -35,7 +35,7 @@ pub fn uuid_from_duration(d: Duration, sid: Sid) -> Uuid {
} }
pub(crate) fn password_from_random_len(len: u32) -> String { pub(crate) fn password_from_random_len(len: u32) -> String {
thread_rng() rng()
.sample_iter(&DistinctAlpha) .sample_iter(&DistinctAlpha)
.take(len as usize) .take(len as usize)
.collect::<String>() .collect::<String>()
@ -52,7 +52,7 @@ pub fn backup_code_from_random() -> HashSet<String> {
pub fn readable_password_from_random() -> String { pub fn readable_password_from_random() -> String {
// 2^112 bits, means we need at least 55^20 to have as many bits of entropy. // 2^112 bits, means we need at least 55^20 to have as many bits of entropy.
// this leads us to 4 groups of 5 to create 55^20 // this leads us to 4 groups of 5 to create 55^20
let mut trng = thread_rng(); let mut trng = rng();
format!( format!(
"{}-{}-{}-{}", "{}-{}-{}-{}",
(&mut trng) (&mut trng)
@ -81,7 +81,7 @@ impl Distribution<char> for DistinctAlpha {
abcdefghjkpqrstuvwxyz\ abcdefghjkpqrstuvwxyz\
0123456789"; 0123456789";
let range = Uniform::new(0, RANGE); let range = Uniform::new(0, RANGE).expect("Failed to get a uniform range");
let n = range.sample(rng); let n = range.sample(rng);
GEN_ASCII_STR_CHARSET[n as usize] as char GEN_ASCII_STR_CHARSET[n as usize] as char

2
tools/orca/src/error.rs
View file

@ -8,4 +8,6 @@ pub enum Error {
Interrupt, Interrupt,
Crossbeam, Crossbeam,
InvalidState, InvalidState,
#[allow(dead_code)]
RandomNumber(String),
} }

8
tools/orca/src/generate.rs
View file

@ -4,8 +4,9 @@ use crate::model::ActorRole;
use crate::profile::Profile; use crate::profile::Profile;
use crate::state::{Credential, Flag, Group, GroupName, Person, PreflightState, State}; use crate::state::{Credential, Flag, Group, GroupName, Person, PreflightState, State};
use hashbrown::HashMap; use hashbrown::HashMap;
use rand::distributions::{Alphanumeric, DistString, Uniform}; use rand::distr::{Alphanumeric, SampleString, Uniform};
use rand::seq::{index, SliceRandom}; use rand::seq::{index, IndexedRandom};
use rand::{Rng, SeedableRng}; use rand::{Rng, SeedableRng};
use rand_chacha::ChaCha8Rng; use rand_chacha::ChaCha8Rng;
@ -171,7 +172,8 @@ pub async fn populate(_client: &KanidmOrcaClient, profile: Profile) -> Result<St
let baseline = persons.len() / 3; let baseline = persons.len() / 3;
let inverse = persons.len() - baseline; let inverse = persons.len() - baseline;
// Randomly add extra from the inverse // Randomly add extra from the inverse
let extra = Uniform::new(0, inverse); let extra =
Uniform::new(0, inverse).map_err(|err| Error::RandomNumber(err.to_string()))?;
baseline + seeded_rng.sample(extra) baseline + seeded_rng.sample(extra)
} }
}; };

2
tools/orca/src/models/basic.rs
View file

@ -27,7 +27,7 @@ impl ActorBasic {
pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self { pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self {
let max_backoff_time_in_ms = 2 * warmup_time_ms / 3; let max_backoff_time_in_ms = 2 * warmup_time_ms / 3;
let randomised_backoff_time = let randomised_backoff_time =
Duration::from_millis(cha_rng.gen_range(0..max_backoff_time_in_ms)); Duration::from_millis(cha_rng.random_range(0..max_backoff_time_in_ms));
ActorBasic { ActorBasic {
state: State::Unauthenticated, state: State::Unauthenticated,
randomised_backoff_time, randomised_backoff_time,

2
tools/orca/src/models/latency_measurer.rs
View file

@ -76,7 +76,7 @@ impl ActorLatencyMeasurer {
let max_backoff_time_in_ms = 2 * warmup_time_ms / 3; let max_backoff_time_in_ms = 2 * warmup_time_ms / 3;
let randomised_backoff_time = let randomised_backoff_time =
Duration::from_millis(cha_rng.gen_range(0..max_backoff_time_in_ms)); Duration::from_millis(cha_rng.random_range(0..max_backoff_time_in_ms));
Ok(ActorLatencyMeasurer { Ok(ActorLatencyMeasurer {
state: State::Unauthenticated, state: State::Unauthenticated,
randomised_backoff_time, randomised_backoff_time,

2
tools/orca/src/models/read.rs
View file

@ -25,7 +25,7 @@ impl ActorReader {
pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self { pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self {
let max_backoff_time_in_ms = warmup_time_ms - 1000; let max_backoff_time_in_ms = warmup_time_ms - 1000;
let randomised_backoff_time = let randomised_backoff_time =
Duration::from_millis(cha_rng.gen_range(0..max_backoff_time_in_ms)); Duration::from_millis(cha_rng.random_range(0..max_backoff_time_in_ms));
ActorReader { ActorReader {
state: State::Unauthenticated, state: State::Unauthenticated,
randomised_backoff_time, randomised_backoff_time,

2
tools/orca/src/models/write.rs
View file

@ -26,7 +26,7 @@ impl ActorWriter {
pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self { pub fn new(mut cha_rng: ChaCha8Rng, warmup_time_ms: u64) -> Self {
let max_backoff_time_in_ms = 2 * warmup_time_ms / 3; let max_backoff_time_in_ms = 2 * warmup_time_ms / 3;
let randomised_backoff_time = let randomised_backoff_time =
Duration::from_millis(cha_rng.gen_range(0..max_backoff_time_in_ms)); Duration::from_millis(cha_rng.random_range(0..max_backoff_time_in_ms));
ActorWriter { ActorWriter {
state: State::Unauthenticated, state: State::Unauthenticated,
randomised_backoff_time, randomised_backoff_time,

6
tools/orca/src/profile.rs
View file

@ -1,6 +1,6 @@
use crate::error::Error; use crate::error::Error;
use crate::state::{GroupName, Model}; use crate::state::{GroupName, Model};
use rand::{thread_rng, Rng}; use rand::{rng, Rng};
use serde::de::{value, IntoDeserializer}; use serde::de::{value, IntoDeserializer};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::BTreeMap; use std::collections::BTreeMap;
@ -200,8 +200,8 @@ impl ProfileBuilder {
} = self; } = self;
let seed: u64 = seed.unwrap_or_else(|| { let seed: u64 = seed.unwrap_or_else(|| {
let mut rng = thread_rng(); let mut rng = rng();
rng.gen() rng.random()
}); });
//TODO: Allow to specify group properties from the CLI //TODO: Allow to specify group properties from the CLI

2
tools/orca/src/run.rs
View file

@ -187,7 +187,7 @@ pub async fn execute(state: State, control_rx: broadcast::Receiver<Signal>) -> R
}) })
}) })
.collect::<Result<Vec<_>, _>>()?; .collect::<Result<Vec<_>, _>>()?;
let main_client_index = seeded_rng.gen_range(0..cloned_clients.len()); let main_client_index = seeded_rng.random_range(0..cloned_clients.len());
let main_client = cloned_clients.remove(main_client_index); let main_client = cloned_clients.remove(main_client_index);
//note that cloned_clients now contains all other clients except the first one //note that cloned_clients now contains all other clients except the first one