chore: cargo update

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

Cargo.toml

@@ -17,9 +17,9 @@ homepage = "https://github.com/matter-labs/teepot"
 
 [workspace.dependencies]
 actix-http = "3"
-actix-web = { version = "4.5", features = ["rustls-0_22"] }
+actix-web = { version = "4.5", features = ["rustls-0_23"] }
 anyhow = "1.0.82"
-awc = { version = "3.4", features = ["rustls-0_22-webpki-roots"] }
+awc = { version = "3.4", features = ["rustls-0_23-webpki-roots"] }
 base64 = "0.22.0"
 bytemuck = { version = "1.15.0", features = ["derive", "min_const_generics", "extern_crate_std"] }
 bytes = "1"
@@ -36,12 +36,12 @@ jsonrpsee-types = { version = "0.23", default-features = false }
 num-integer = "0.1.46"
 num-traits = "0.2.18"
 p256 = "0.13.2"
-pgp = "0.13"
+pgp = "0.14.2"
 pkcs8 = { version = "0.10" }
 rand = "0.8"
 reqwest = { version = "0.12", features = ["json"] }
 rsa = { version = "0.9.6", features = ["sha2", "pem"] }
-rustls = { version = "0.22" }
+rustls = { version = "0.23.20" }
 secp256k1 = { version = "0.29", features = ["rand-std", "global-context"] }
 serde = { version = "1", features = ["derive", "rc"] }
 serde_json = "1"

bin/tee-vault-admin/src/main.rs

@@ -95,7 +95,7 @@ async fn main() -> Result<()> {
             .service(web::resource(SignRequest::URL).route(web::post().to(post_sign)))
             .service(web::resource(DIGEST_URL).route(web::get().to(get_digest)))
     })
-    .bind_rustls_0_22((Ipv6Addr::UNSPECIFIED, args.port), config)
+    .bind_rustls_0_23((Ipv6Addr::UNSPECIFIED, args.port), config)
     {
         Ok(c) => c,
         Err(e) => {

bin/tee-vault-unseal/src/main.rs

@@ -186,7 +186,7 @@ async fn main() -> Result<()> {
             .service(web::resource(Init::URL).route(web::post().to(post_init)))
             .service(web::resource(Unseal::URL).route(web::post().to(post_unseal)))
     })
-    .bind_rustls_0_22((Ipv6Addr::UNSPECIFIED, args.port), config)
+    .bind_rustls_0_23((Ipv6Addr::UNSPECIFIED, args.port), config)
     {
         Ok(c) => c,
         Err(e) => {

bin/vault-admin/src/main.rs

@@ -3,23 +3,25 @@
 
 use anyhow::{anyhow, bail, Context, Result};
 use clap::{Args, Parser, Subcommand};
-use pgp::types::KeyTrait;
+use pgp::{types::PublicKeyTrait, Deserializable, SignedPublicKey};
-use pgp::{Deserializable, SignedPublicKey};
 use serde_json::Value;
-use std::default::Default;
+use std::{
-use std::fs::{File, OpenOptions};
+    default::Default,
-use std::io::{Read, Write};
+    fs::{File, OpenOptions},
-use std::path::{Path, PathBuf};
+    io::{Read, Write},
-use teepot::client::{AttestationArgs, TeeConnection};
+    path::{Path, PathBuf},
-use teepot::json::http::{
-    SignRequest, SignRequestData, SignResponse, VaultCommandRequest, VaultCommands,
-    VaultCommandsResponse, DIGEST_URL,
 };
-use teepot::log::{setup_logging, LogLevelParser};
+use teepot::{
-use teepot::server::signatures::verify_sig;
+    client::{AttestationArgs, TeeConnection},
-use teepot::sgx::sign::Signature;
+    json::http::{
-use tracing::level_filters::LevelFilter;
+        SignRequest, SignRequestData, SignResponse, VaultCommandRequest, VaultCommands,
-use tracing::{error, info};
+        VaultCommandsResponse, DIGEST_URL,
+    },
+    log::{setup_logging, LogLevelParser},
+    server::signatures::verify_sig,
+    sgx::sign::Signature,
+};
+use tracing::{error, info, level_filters::LevelFilter};
 
 #[derive(Args, Debug)]
 struct SendArgs {
@@ -190,7 +192,7 @@ fn verify(
         let ident_pos = verify_sig(&sig, &cmd_buf, &idents)?;
         println!(
             "Verified signature for `{}`",
-            hex::encode_upper(idents.get(ident_pos).unwrap().fingerprint())
+            hex::encode_upper(idents.get(ident_pos).unwrap().fingerprint().as_bytes())
         );
         // Remove the identity from the list of identities to verify
         idents.remove(ident_pos);

crates/teepot/src/client/mod.rs

@@ -73,7 +73,7 @@ impl TeeConnection {
         let agent = Client::builder()
             .add_default_header((header::USER_AGENT, "teepot/1.0"))
             // a "connector" wraps the stream into an encrypted connection
-            .connector(Connector::new().rustls_0_22(tls_config))
+            .connector(Connector::new().rustls_0_23(tls_config))
             .timeout(Duration::from_secs(12000))
             .finish();
 

crates/teepot/src/client/vault.rs

@@ -107,7 +107,7 @@ impl VaultConnection {
         let client = Client::builder()
             .add_default_header((header::USER_AGENT, "teepot/1.0"))
             // a "connector" wraps the stream into an encrypted connection
-            .connector(Connector::new().rustls_0_22(tls_config))
+            .connector(Connector::new().rustls_0_23(tls_config))
             .timeout(time::Duration::from_secs(12000))
             .finish();
 

crates/teepot/src/server/signatures.rs

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023 Matter Labs
+// Copyright (c) 2023-2024 Matter Labs
 
 //! Signature checking utilities
 
@@ -7,7 +7,7 @@ use crate::json::secrets::AdminConfig;
 use crate::server::{HttpResponseError, Status as _};
 use actix_web::http::StatusCode;
 use anyhow::{anyhow, bail, Context, Result};
-use pgp::types::KeyTrait;
+use pgp::types::PublicKeyTrait;
 use pgp::{Deserializable, SignedPublicKey, StandaloneSignature};
 use tracing::debug;
 

deny.toml

@@ -29,6 +29,7 @@ allow = [
   "Unlicense",
   "MPL-2.0",
   "Unicode-DFS-2016",
+  "Unicode-3.0",
   "BSD-2-Clause",
   "BSD-3-Clause",
   "OpenSSL",