Update rsa

2023-01-23 08:56:18 -06:00 · 2023-01-23 08:56:18 -06:00 · 34dc1a2281
commit 34dc1a2281
parent 9cdebeae4c
6 changed files with 30 additions and 29 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -349,8 +349,6 @@ dependencies = [
 "rustls-pemfile",
 "serde",
 "serde_json",
- "sha2",
- "signature",
 "sled",
 "teloxide",
 "thiserror",
@ -2617,9 +2615,9 @@ dependencies = [

 [[package]]
 name = "rsa"
-version = "0.7.2"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
+checksum = "89b3896c9b7790b70a9aa314a30e4ae114200992a19c96cbe0ca6070edd32ab8"
 dependencies = [
 "byteorder",
 "digest",
@ -2630,19 +2628,19 @@ dependencies = [
 "pkcs1",
 "pkcs8",
 "rand_core",
+ "sha2",
 "signature",
- "smallvec",
 "subtle",
 "zeroize",
 ]

 [[package]]
 name = "rsa-magic-public-key"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8dc035c92400b90ee471e0ea7e041bfadd4da26dd3e716a84053d0075ed9c159"
+checksum = "a86cb93425d6e176cfa39d63e226289f13154173f18274fab609c71ff35ba3a0"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.0",
 "num-bigint-dig",
 "rsa",
 "thiserror",
@ -2871,9 +2869,9 @@ dependencies = [

 [[package]]
 name = "signature"
-version = "1.6.4"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d"
 dependencies = [
 "digest",
 "rand_core",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -54,14 +54,12 @@ opentelemetry-otlp = "0.11"
 pin-project-lite = "0.2.9"
 quanta = "0.10.1"
 rand = "0.8"
-rsa = "0.7"
-rsa-magic-public-key = "0.6.0"
+rsa = { version = "0.8", features = ["sha2"] }
+rsa-magic-public-key = "0.7.0"
 rustls = "0.20.7"
 rustls-pemfile = "1.0.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-sha2 = { version = "0.10", features = ["oid"] }
-signature = "1.6.4"
 sled = "0.34.7"
 teloxide = { version = "0.11.1", default-features = false, features = [
  "ctrlc_handler",
--- a/src/config.rs
+++ b/src/config.rs
@ -12,8 +12,8 @@ use activitystreams::{
 };
 use config::Environment;
 use http_signature_normalization_actix::prelude::VerifyDigest;
+use rsa::sha2::{Digest, Sha256};
 use rustls::{Certificate, PrivateKey};
-use sha2::{Digest, Sha256};
 use std::{
    io::BufReader,
    net::{IpAddr, SocketAddr},
--- a/src/error.rs
+++ b/src/error.rs
@ -99,13 +99,13 @@ pub(crate) enum ErrorKind {
    PrepareSign(#[from] PrepareSignError),

    #[error("Couldn't sign digest")]
-    Signature(#[from] signature::Error),
+    Signature(#[from] rsa::signature::Error),

    #[error("Couldn't read signature")]
-    ReadSignature(signature::Error),
+    ReadSignature(rsa::signature::Error),

    #[error("Couldn't verify signature")]
-    VerifySignature(signature::Error),
+    VerifySignature(rsa::signature::Error),

    #[error("Couldn't parse the signature header")]
    HeaderValidation(#[from] actix_web::http::header::InvalidHeaderValue),
--- a/src/middleware/verifier.rs
+++ b/src/middleware/verifier.rs
@ -8,9 +8,10 @@ use activitystreams::{base::BaseExt, iri, iri_string::types::IriString};
 use actix_web::web;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
-use rsa::{pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, RsaPublicKey};
-use sha2::{Digest, Sha256};
-use signature::{DigestVerifier, Signature};
+use rsa::{
+    pkcs1v15::Signature, pkcs1v15::VerifyingKey, pkcs8::DecodePublicKey, sha2::Sha256,
+    signature::Verifier, RsaPublicKey,
+};
 use std::{future::Future, pin::Pin};

 #[derive(Clone, Debug)]
@ -129,12 +130,12 @@ async fn do_verify(
    web::block(move || {
        span.in_scope(|| {
            let decoded = STANDARD.decode(signature)?;
-            let signature = Signature::from_bytes(&decoded).map_err(ErrorKind::ReadSignature)?;
-            let hashed = Sha256::new_with_prefix(signing_string.as_bytes());
+            let signature =
+                Signature::try_from(decoded.as_slice()).map_err(ErrorKind::ReadSignature)?;

-            let verifying_key = VerifyingKey::new_with_prefix(public_key);
+            let verifying_key = VerifyingKey::<Sha256>::new_with_prefix(public_key);
            verifying_key
-                .verify_digest(hashed, &signature)
+                .verify(signing_string.as_bytes(), &signature)
                .map_err(ErrorKind::VerifySignature)?;

            Ok(()) as Result<(), Error>
--- a/src/requests.rs
+++ b/src/requests.rs
@ -9,9 +9,12 @@ use base64::{engine::general_purpose::STANDARD, Engine};
 use dashmap::DashMap;
 use http_signature_normalization_actix::prelude::*;
 use rand::thread_rng;
-use rsa::{pkcs1v15::SigningKey, RsaPrivateKey};
-use sha2::{Digest, Sha256};
-use signature::RandomizedSigner;
+use rsa::{
+    pkcs1v15::SigningKey,
+    sha2::{Digest, Sha256},
+    signature::RandomizedSigner,
+    RsaPrivateKey,
+};
 use std::{
    cell::RefCell,
    rc::Rc,
@ -391,7 +394,8 @@ struct Signer {
 impl Signer {
    fn sign(&self, signing_string: &str) -> Result<String, Error> {
        let signing_key = SigningKey::<Sha256>::new_with_prefix(self.private_key.clone());
-        let signature = signing_key.try_sign_with_rng(thread_rng(), signing_string.as_bytes())?;
+        let signature =
+            signing_key.try_sign_with_rng(&mut thread_rng(), signing_string.as_bytes())?;
        Ok(STANDARD.encode(signature.as_ref()))
    }
 }