From 34dc1a22814150d84ce7b5593d2c57b62bc6334a Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 23 Jan 2023 08:56:18 -0600 Subject: [PATCH] Update rsa --- Cargo.lock | 18 ++++++++---------- Cargo.toml | 6 ++---- src/config.rs | 2 +- src/error.rs | 6 +++--- src/middleware/verifier.rs | 15 ++++++++------- src/requests.rs | 12 ++++++++---- 6 files changed, 30 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 68428c3..0ff61c8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -349,8 +349,6 @@ dependencies = [ "rustls-pemfile", "serde", "serde_json", - "sha2", - "signature", "sled", "teloxide", "thiserror", @@ -2617,9 +2615,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.7.2" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c" +checksum = "89b3896c9b7790b70a9aa314a30e4ae114200992a19c96cbe0ca6070edd32ab8" dependencies = [ "byteorder", "digest", @@ -2630,19 +2628,19 @@ dependencies = [ "pkcs1", "pkcs8", "rand_core", + "sha2", "signature", - "smallvec", "subtle", "zeroize", ] [[package]] name = "rsa-magic-public-key" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8dc035c92400b90ee471e0ea7e041bfadd4da26dd3e716a84053d0075ed9c159" +checksum = "a86cb93425d6e176cfa39d63e226289f13154173f18274fab609c71ff35ba3a0" dependencies = [ - "base64 0.13.1", + "base64 0.21.0", "num-bigint-dig", "rsa", "thiserror", @@ -2871,9 +2869,9 @@ dependencies = [ [[package]] name = "signature" -version = "1.6.4" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" +checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d" dependencies = [ "digest", "rand_core", diff --git a/Cargo.toml b/Cargo.toml index 70eae4e..5d57dd0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,14 +54,12 @@ opentelemetry-otlp = "0.11" pin-project-lite = "0.2.9" quanta = "0.10.1" rand = "0.8" -rsa = "0.7" -rsa-magic-public-key = "0.6.0" +rsa = { version = "0.8", features = ["sha2"] } +rsa-magic-public-key = "0.7.0" rustls = "0.20.7" rustls-pemfile = "1.0.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -sha2 = { version = "0.10", features = ["oid"] } -signature = "1.6.4" sled = "0.34.7" teloxide = { version = "0.11.1", default-features = false, features = [ "ctrlc_handler", diff --git a/src/config.rs b/src/config.rs index 848cc5b..78caaf5 100644 --- a/src/config.rs +++ b/src/config.rs @@ -12,8 +12,8 @@ use activitystreams::{ }; use config::Environment; use http_signature_normalization_actix::prelude::VerifyDigest; +use rsa::sha2::{Digest, Sha256}; use rustls::{Certificate, PrivateKey}; -use sha2::{Digest, Sha256}; use std::{ io::BufReader, net::{IpAddr, SocketAddr}, diff --git a/src/error.rs b/src/error.rs index 2f9e658..4818e3f 100644 --- a/src/error.rs +++ b/src/error.rs @@ -99,13 +99,13 @@ pub(crate) enum ErrorKind { PrepareSign(#[from] PrepareSignError), #[error("Couldn't sign digest")] - Signature(#[from] signature::Error), + Signature(#[from] rsa::signature::Error), #[error("Couldn't read signature")] - ReadSignature(signature::Error), + ReadSignature(rsa::signature::Error), #[error("Couldn't verify signature")] - VerifySignature(signature::Error), + VerifySignature(rsa::signature::Error), #[error("Couldn't parse the signature header")] HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue), diff --git a/src/middleware/verifier.rs b/src/middleware/verifier.rs index 3bc3eaa..e9aa321 100644 --- a/src/middleware/verifier.rs +++ b/src/middleware/verifier.rs @@ -8,9 +8,10 @@ use activitystreams::{base::BaseExt, iri, iri_string::types::IriString}; use actix_web::web; use base64::{engine::general_purpose::STANDARD, Engine}; use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm}; -use rsa::{pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, RsaPublicKey}; -use sha2::{Digest, Sha256}; -use signature::{DigestVerifier, Signature}; +use rsa::{ + pkcs1v15::Signature, pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, sha2::Sha256, + signature::Verifier, RsaPublicKey, +}; use std::{future::Future, pin::Pin}; #[derive(Clone, Debug)] @@ -129,12 +130,12 @@ async fn do_verify( web::block(move || { span.in_scope(|| { let decoded = STANDARD.decode(signature)?; - let signature = Signature::from_bytes(&decoded).map_err(ErrorKind::ReadSignature)?; - let hashed = Sha256::new_with_prefix(signing_string.as_bytes()); + let signature = + Signature::try_from(decoded.as_slice()).map_err(ErrorKind::ReadSignature)?; - let verifying_key = VerifyingKey::new_with_prefix(public_key); + let verifying_key = VerifyingKey::::new_with_prefix(public_key); verifying_key - .verify_digest(hashed, &signature) + .verify(signing_string.as_bytes(), &signature) .map_err(ErrorKind::VerifySignature)?; Ok(()) as Result<(), Error> diff --git a/src/requests.rs b/src/requests.rs index 121b566..d948a22 100644 --- a/src/requests.rs +++ b/src/requests.rs @@ -9,9 +9,12 @@ use base64::{engine::general_purpose::STANDARD, Engine}; use dashmap::DashMap; use http_signature_normalization_actix::prelude::*; use rand::thread_rng; -use rsa::{pkcs1v15::SigningKey, RsaPrivateKey}; -use sha2::{Digest, Sha256}; -use signature::RandomizedSigner; +use rsa::{ + pkcs1v15::SigningKey, + sha2::{Digest, Sha256}, + signature::RandomizedSigner, + RsaPrivateKey, +}; use std::{ cell::RefCell, rc::Rc, @@ -391,7 +394,8 @@ struct Signer { impl Signer { fn sign(&self, signing_string: &str) -> Result { let signing_key = SigningKey::::new_with_prefix(self.private_key.clone()); - let signature = signing_key.try_sign_with_rng(thread_rng(), signing_string.as_bytes())?; + let signature = + signing_key.try_sign_with_rng(&mut thread_rng(), signing_string.as_bytes())?; Ok(STANDARD.encode(signature.as_ref())) } }