diff --git a/package.json b/package.json index d5b87f6..a3fc50d 100644 --- a/package.json +++ b/package.json @@ -95,7 +95,7 @@ "path-to-regexp@>=8.0.0 <8.4.0": ">=8.4.0" } }, - "packageManager": "pnpm@10.30.1", + "packageManager": "pnpm@10.33.0", "lint-staged": { "**/*.{js,jsx,ts,tsx,json,css}": [ "biome check --fix" diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index 34aadd5..8197898 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -497,7 +497,7 @@ dependencies = [ "serde_json", "serde_path_to_error", "serde_urlencoded", - "sha1 0.10.6", + "sha1", "sync_wrapper", "tokio", "tokio-tungstenite 0.28.0", @@ -1816,19 +1816,18 @@ dependencies = [ "objc2", "objc2-app-kit", "once_cell", - "pbkdf2", "playwright", "quick-xml 0.39.2", "rand 0.10.0", "regex-lite", "reqwest 0.13.2", "resvg", + "ring", "rusqlite", "serde", "serde_json", "serde_yaml", "serial_test", - "sha1 0.11.0", "sha2 0.11.0", "smoltcp", "sys-locale", @@ -6221,17 +6220,6 @@ dependencies = [ "digest 0.10.7", ] -[[package]] -name = "sha1" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aacc4cc499359472b4abe1bf11d0b12e688af9a805fa5e3016f9a386dc2d0214" -dependencies = [ - "cfg-if", - "cpufeatures 0.3.0", - "digest 0.11.2", -] - [[package]] name = "sha2" version = "0.10.9" @@ -7698,7 +7686,7 @@ dependencies = [ "httparse", "log", "rand 0.9.2", - "sha1 0.10.6", + "sha1", "thiserror 2.0.18", "utf-8", ] @@ -7716,7 +7704,7 @@ dependencies = [ "log", "native-tls", "rand 0.9.2", - "sha1 0.10.6", + "sha1", "thiserror 2.0.18", ] @@ -9305,7 +9293,7 @@ dependencies = [ "lzma-rs", "memchr", "pbkdf2", - "sha1 0.10.6", + "sha1", "thiserror 2.0.18", "time", "xz2", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 617aaf9..c144559 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -83,8 +83,7 @@ argon2 = "0.5" aes-gcm = "0.10" aes = "0.9" cbc = "0.2" -pbkdf2 = "0.12" -sha1 = "0.11" +ring = "0.17" sha2 = "0.11" hyper = { version = "1.8", features = ["full"] } hyper-util = { version = "0.1", features = ["full"] } diff --git a/src-tauri/src/cookie_manager.rs b/src-tauri/src/cookie_manager.rs index 7e7a241..426e4aa 100644 --- a/src-tauri/src/cookie_manager.rs +++ b/src-tauri/src/cookie_manager.rs @@ -12,8 +12,10 @@ use tauri::AppHandle; /// so no encryption path is needed here — Chromium reads plaintext when /// `encrypted_value` is empty, regardless of what other cookies store. pub mod chrome_decrypt { - use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit}; + use aes::cipher::{block_padding::Pkcs7, BlockModeDecrypt, KeyIvInit}; + use ring::pbkdf2; use sha2::{Digest, Sha256}; + use std::num::NonZeroU32; use std::path::Path; type Aes128CbcDec = cbc::Decryptor; @@ -35,7 +37,16 @@ pub mod chrome_decrypt { fn derive_key(password: &[u8]) -> [u8; KEY_LEN] { let mut key = [0u8; KEY_LEN]; - pbkdf2::pbkdf2_hmac::(password, SALT, PBKDF2_ITERATIONS, &mut key); + // Using ring::pbkdf2 instead of the `pbkdf2` crate to avoid digest + // version conflicts between sha1 0.11 (digest 0.11) and pbkdf2 0.12 + // (digest 0.10). ring's implementation is self-contained. + pbkdf2::derive( + pbkdf2::PBKDF2_HMAC_SHA1, + NonZeroU32::new(PBKDF2_ITERATIONS).expect("iterations must be non-zero"), + SALT, + password, + &mut key, + ); key } @@ -88,7 +99,7 @@ pub mod chrome_decrypt { let mut buf = ciphertext.to_vec(); let decrypted = Aes128CbcDec::new(key.into(), &IV.into()) - .decrypt_padded_mut::(&mut buf) + .decrypt_padded::(&mut buf) .ok()?; // Strip the SHA-256(host_key) integrity prefix if present. Older cookies