forked from mirrors/relay
Update rsa-pem, properly use RSA crate
This commit is contained in:
parent
979b2a14f8
commit
ea64843a59
4 changed files with 22 additions and 8 deletions
11
Cargo.lock
generated
11
Cargo.lock
generated
|
@ -529,6 +529,12 @@ dependencies = [
|
|||
"tokio-postgres",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "bit-vec"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a4523a10839ffae575fb08aa3423026c8cb4687eef43952afb956229d4f246f7"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "1.2.1"
|
||||
|
@ -1711,8 +1717,10 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "rsa-pem"
|
||||
version = "0.1.0"
|
||||
source = "git+https://git.asonix.dog/Aardwolf/rsa-pem#6c47c3fc377375a5bfedbb7457832fc013d3227d"
|
||||
source = "git+https://git.asonix.dog/Aardwolf/rsa-pem#8dc04bd060d7993058c120f5cbfa654890113614"
|
||||
dependencies = [
|
||||
"bit-vec",
|
||||
"log",
|
||||
"num-bigint",
|
||||
"num-bigint-dig",
|
||||
"num-traits",
|
||||
|
@ -2469,6 +2477,7 @@ version = "0.3.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a563d10ead87e2d798e357d44f40f495ad70bcee4d5c0d3f77a5b1b7376645d9"
|
||||
dependencies = [
|
||||
"bit-vec",
|
||||
"num-bigint",
|
||||
]
|
||||
|
||||
|
|
|
@ -308,7 +308,7 @@ where
|
|||
&key_id,
|
||||
&mut digest,
|
||||
item_string,
|
||||
|signing_string| state.sign(signing_string.as_bytes()),
|
||||
|signing_string| state.sign(signing_string),
|
||||
)?
|
||||
.send()
|
||||
.await
|
||||
|
|
10
src/state.rs
10
src/state.rs
|
@ -97,11 +97,13 @@ impl Settings {
|
|||
format!("relay@{}", self.hostname)
|
||||
}
|
||||
|
||||
fn sign(&self, bytes: &[u8]) -> Result<String, crate::error::MyError> {
|
||||
fn sign(&self, signing_string: &str) -> Result<String, crate::error::MyError> {
|
||||
use rsa::{hash::Hashes, padding::PaddingScheme};
|
||||
use sha2::{Digest, Sha256};
|
||||
let hashed = Sha256::digest(signing_string.as_bytes());
|
||||
let bytes =
|
||||
self.private_key
|
||||
.sign(PaddingScheme::PKCS1v15, Some(&Hashes::SHA2_256), bytes)?;
|
||||
.sign(PaddingScheme::PKCS1v15, Some(&Hashes::SHA2_256), &hashed)?;
|
||||
Ok(base64::encode_config(bytes, base64::URL_SAFE))
|
||||
}
|
||||
}
|
||||
|
@ -115,8 +117,8 @@ impl State {
|
|||
self.settings.generate_resource()
|
||||
}
|
||||
|
||||
pub fn sign(&self, bytes: &[u8]) -> Result<String, crate::error::MyError> {
|
||||
self.settings.sign(bytes)
|
||||
pub fn sign(&self, signing_string: &str) -> Result<String, crate::error::MyError> {
|
||||
self.settings.sign(signing_string)
|
||||
}
|
||||
|
||||
pub async fn bust_whitelist(&self, whitelist: &str) {
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
use crate::{error::MyError, state::State};
|
||||
use actix_web::client::Client;
|
||||
use http_signature_normalization_actix::prelude::*;
|
||||
use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
|
||||
use rsa::{hash::Hashes, padding::PaddingScheme, PublicKey, RSAPublicKey};
|
||||
use rsa_pem::KeyExt;
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::{future::Future, pin::Pin, sync::Arc};
|
||||
|
||||
#[derive(Clone)]
|
||||
|
@ -35,16 +36,18 @@ impl SignatureVerify for MyVerify {
|
|||
|
||||
match algorithm {
|
||||
Some(Algorithm::Hs2019) => (),
|
||||
Some(Algorithm::Deprecated(DeprecatedAlgorithm::RsaSha256)) => (),
|
||||
_ => return Err(MyError::Algorithm),
|
||||
};
|
||||
|
||||
let decoded = base64::decode(signature)?;
|
||||
let hashed = Sha256::digest(signing_string.as_bytes());
|
||||
|
||||
public_key.verify(
|
||||
PaddingScheme::PKCS1v15,
|
||||
Some(&Hashes::SHA2_256),
|
||||
&hashed,
|
||||
&decoded,
|
||||
signing_string.as_bytes(),
|
||||
)?;
|
||||
|
||||
Ok(true)
|
||||
|
|
Loading…
Reference in a new issue