Update rsa

Cargo.lock

@@ -349,8 +349,6 @@ dependencies = [
  "rustls-pemfile",
  "serde",
  "serde_json",
- "sha2",
- "signature",
  "sled",
  "teloxide",
  "thiserror",
@@ -2617,9 +2615,9 @@ dependencies = [
 
 [[package]]
 name = "rsa"
-version = "0.7.2"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
+checksum = "89b3896c9b7790b70a9aa314a30e4ae114200992a19c96cbe0ca6070edd32ab8"
 dependencies = [
  "byteorder",
  "digest",
@@ -2630,19 +2628,19 @@ dependencies = [
  "pkcs1",
  "pkcs8",
  "rand_core",
+ "sha2",
  "signature",
- "smallvec",
  "subtle",
  "zeroize",
 ]
 
 [[package]]
 name = "rsa-magic-public-key"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8dc035c92400b90ee471e0ea7e041bfadd4da26dd3e716a84053d0075ed9c159"
+checksum = "a86cb93425d6e176cfa39d63e226289f13154173f18274fab609c71ff35ba3a0"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.0",
  "num-bigint-dig",
  "rsa",
  "thiserror",
@@ -2871,9 +2869,9 @@ dependencies = [
 
 [[package]]
 name = "signature"
-version = "1.6.4"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d"
 dependencies = [
  "digest",
  "rand_core",

Cargo.toml

@@ -54,14 +54,12 @@ opentelemetry-otlp = "0.11"
 pin-project-lite = "0.2.9"
 quanta = "0.10.1"
 rand = "0.8"
-rsa = "0.7"
-rsa-magic-public-key = "0.6.0"
+rsa = { version = "0.8", features = ["sha2"] }
+rsa-magic-public-key = "0.7.0"
 rustls = "0.20.7"
 rustls-pemfile = "1.0.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-sha2 = { version = "0.10", features = ["oid"] }
-signature = "1.6.4"
 sled = "0.34.7"
 teloxide = { version = "0.11.1", default-features = false, features = [
   "ctrlc_handler",

src/config.rs

@@ -12,8 +12,8 @@ use activitystreams::{
 };
 use config::Environment;
 use http_signature_normalization_actix::prelude::VerifyDigest;
+use rsa::sha2::{Digest, Sha256};
 use rustls::{Certificate, PrivateKey};
-use sha2::{Digest, Sha256};
 use std::{
     io::BufReader,
     net::{IpAddr, SocketAddr},

src/error.rs

@@ -99,13 +99,13 @@ pub(crate) enum ErrorKind {
     PrepareSign(#[from] PrepareSignError),
 
     #[error("Couldn't sign digest")]
-    Signature(#[from] signature::Error),
+    Signature(#[from] rsa::signature::Error),
 
     #[error("Couldn't read signature")]
-    ReadSignature(signature::Error),
+    ReadSignature(rsa::signature::Error),
 
     #[error("Couldn't verify signature")]
-    VerifySignature(signature::Error),
+    VerifySignature(rsa::signature::Error),
 
     #[error("Couldn't parse the signature header")]
     HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue),

src/middleware/verifier.rs

@@ -8,9 +8,10 @@ use activitystreams::{base::BaseExt, iri, iri_string::types::IriString};
 use actix_web::web;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
-use rsa::{pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, RsaPublicKey};
-use sha2::{Digest, Sha256};
-use signature::{DigestVerifier, Signature};
+use rsa::{
+    pkcs1v15::Signature, pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, sha2::Sha256,
+    signature::Verifier, RsaPublicKey,
+};
 use std::{future::Future, pin::Pin};
 
 #[derive(Clone, Debug)]
@@ -129,12 +130,12 @@ async fn do_verify(
     web::block(move || {
         span.in_scope(|| {
             let decoded = STANDARD.decode(signature)?;
-            let signature = Signature::from_bytes(&decoded).map_err(ErrorKind::ReadSignature)?;
-            let hashed = Sha256::new_with_prefix(signing_string.as_bytes());
+            let signature =
+                Signature::try_from(decoded.as_slice()).map_err(ErrorKind::ReadSignature)?;
 
-            let verifying_key = VerifyingKey::new_with_prefix(public_key);
+            let verifying_key = VerifyingKey::<Sha256>::new_with_prefix(public_key);
             verifying_key
-                .verify_digest(hashed, &signature)
+                .verify(signing_string.as_bytes(), &signature)
                 .map_err(ErrorKind::VerifySignature)?;
 
             Ok(()) as Result<(), Error>

src/requests.rs

@@ -9,9 +9,12 @@ use base64::{engine::general_purpose::STANDARD, Engine};
 use dashmap::DashMap;
 use http_signature_normalization_actix::prelude::*;
 use rand::thread_rng;
-use rsa::{pkcs1v15::SigningKey, RsaPrivateKey};
-use sha2::{Digest, Sha256};
-use signature::RandomizedSigner;
+use rsa::{
+    pkcs1v15::SigningKey,
+    sha2::{Digest, Sha256},
+    signature::RandomizedSigner,
+    RsaPrivateKey,
+};
 use std::{
     cell::RefCell,
     rc::Rc,
@@ -391,7 +394,8 @@ struct Signer {
 impl Signer {
     fn sign(&self, signing_string: &str) -> Result<String, Error> {
         let signing_key = SigningKey::<Sha256>::new_with_prefix(self.private_key.clone());
-        let signature = signing_key.try_sign_with_rng(thread_rng(), signing_string.as_bytes())?;
+        let signature =
+            signing_key.try_sign_with_rng(&mut thread_rng(), signing_string.as_bytes())?;
         Ok(STANDARD.encode(signature.as_ref()))
     }
 }