diff --git a/Cargo.toml b/Cargo.toml index 51f75819..92a45e1d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,6 +5,8 @@ package.version = "0.10.0" [workspace.dependencies] beam-lib = { path = "./beam-lib", features = [ "strict-ids" ] } +rsa = "0.10.0-rc.9" +rand = "0.9" # Command Line Interface clap = { version = "4", features = ["env", "derive"] } diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index f1b8a0b6..0950efc6 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -30,7 +30,7 @@ serde = "1" serde_json = "1" # Encryption handling -rsa = "0.9" +rsa.workspace = true # Server-sent Events (SSE) support tokio-util = { version = "0.7", features = ["io"] } @@ -51,4 +51,4 @@ sockets = ["dep:chacha20poly1305", "dep:dashmap", "tokio-util/codec", "tokio-uti build-data = "0" [dev-dependencies] -rand = "0.8.5" +rand.workspace = true diff --git a/shared/Cargo.toml b/shared/Cargo.toml index 4c2cb596..5dec9d56 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -28,11 +28,11 @@ tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["env-filter"] } # Crypto -rand = "0.8" -rsa = "0.9" -sha2 = "0.10" +rand.workspace = true +rsa.workspace = true +sha2 = "0.11.0-rc.2" +chacha20poly1305 = "0.11.0-rc.1" openssl = "0.10" -chacha20poly1305 = "0.10" itertools = "0.14.0" jwt-simple = "0.11" diff --git a/shared/src/crypto.rs b/shared/src/crypto.rs index 1140a0d2..232089f6 100644 --- a/shared/src/crypto.rs +++ b/shared/src/crypto.rs @@ -823,10 +823,8 @@ pub fn load_certificates_from_dir(ca_dir: Option) -> Result Result { let cert_rsa = cert.public_key()?.rsa()?; - let cert_mod = cert_rsa.n(); - let key_mod = key.n(); - let key_mod_bignum = openssl::bn::BigNum::from_slice(&key_mod.to_bytes_be())?; - let is_equal = cert_mod.ucmp(&key_mod_bignum) == std::cmp::Ordering::Equal; + let cert_mod = rsa::BoxedUint::from_be_slice_vartime(&cert_rsa.n().to_vec()); + let is_equal = cert_mod.cmp(&key.n()) == std::cmp::Ordering::Equal; if !is_equal { match ProxyCertInfo::try_from(cert) { Ok(x) => { diff --git a/shared/src/lib.rs b/shared/src/lib.rs index 2ce85383..1ef6422c 100644 --- a/shared/src/lib.rs +++ b/shared/src/lib.rs @@ -2,7 +2,7 @@ use beam_lib::{AppId, AppOrProxyId, ProxyId, FailureStrategy, WorkStatus}; use chacha20poly1305::{ - aead::{Aead, AeadCore, KeyInit, OsRng}, + aead::{Aead, AeadCore, KeyInit}, XChaCha20Poly1305, XNonce, }; use crypto_jwt::extract_jwt; @@ -21,7 +21,7 @@ use std::{ time::{Duration, Instant, SystemTime}, net::SocketAddr, error::Error, }; -use rand::Rng; +use rand::{rng, rngs::OsRng, Rng}; use serde::{ de::{DeserializeOwned, Visitor}, Deserialize, Serialize, @@ -302,9 +302,9 @@ pub trait EncryptableMsg: Msg + Serialize + Sized { receivers_public_keys: &Vec, ) -> Result { // Generate Symmetric Key and Nonce - let mut rng = rand::thread_rng(); - let symmetric_key = XChaCha20Poly1305::generate_key(&mut rng); - let nonce = XChaCha20Poly1305::generate_nonce(&mut rng); + let mut rng = rng(); + let symmetric_key = XChaCha20Poly1305::generate_key_with_rng(&mut rng); + let nonce = XChaCha20Poly1305::generate_nonce_with_rng(&mut rng); // Encrypt symmetric key with receivers' public keys let Ok(encrypted_keys) = receivers_public_keys @@ -753,7 +753,7 @@ mod tests { }; //Setup Keypairs - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let rsa_length: usize = 2048; let p1_private = RsaPrivateKey::new(&mut rng, rsa_length) .expect("Failed to generate private key for proxy 1"); @@ -799,7 +799,7 @@ mod tests { }; //Setup Keypairs - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let rsa_length: usize = 2048; let p1_private = RsaPrivateKey::new(&mut rng, rsa_length) .expect("Failed to generate private key for proxy 1"); diff --git a/tests/Cargo.toml b/tests/Cargo.toml index abaa9860..8ce2aefe 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -11,7 +11,7 @@ beam-lib = { workspace = true, features = ["http-util"] } once_cell = "1" serde_json = "1" anyhow = "1" -rand = "0.8" +rand.workspace = true serde = { version = "1", features = ["derive"] } reqwest = { version = "0.12", features = ["stream"], default-features = false } futures = "0.3.28"