Update crypto ecosystem

Cargo.toml

@@ -5,6 +5,8 @@ package.version = "0.10.0"
 
 [workspace.dependencies]
 beam-lib = { path = "./beam-lib", features = [ "strict-ids" ] }
+rsa = "0.10.0-rc.9"
+rand = "0.9"
 # Command Line Interface
 clap = { version = "4", features = ["env", "derive"] }
 

proxy/Cargo.toml

@@ -30,7 +30,7 @@ serde = "1"
 serde_json = "1"
 
 # Encryption handling
-rsa = "0.9"
+rsa.workspace = true
 
 # Server-sent Events (SSE) support
 tokio-util = { version = "0.7", features = ["io"] }
@@ -51,4 +51,4 @@ sockets = ["dep:chacha20poly1305", "dep:dashmap", "tokio-util/codec", "tokio-uti
 build-data = "0"
 
 [dev-dependencies]
-rand = "0.8.5"
+rand.workspace = true

shared/Cargo.toml

@@ -28,11 +28,11 @@ tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 
 # Crypto
-rand = "0.8"
-rsa = "0.9"
-sha2 = "0.10"
+rand.workspace = true
+rsa.workspace = true
+sha2 = "0.11.0-rc.2"
+chacha20poly1305 = "0.11.0-rc.1"
 openssl = "0.10"
-chacha20poly1305 = "0.10"
 itertools = "0.14.0"
 jwt-simple = "0.11"
 

shared/src/crypto.rs

@@ -823,10 +823,8 @@ pub fn load_certificates_from_dir(ca_dir: Option<PathBuf>) -> Result<Vec<reqwest
 /// Checks whether or not a x509 certificate matches a private key by comparing the (public) modulus
 pub fn is_cert_from_privkey(cert: &X509, key: &RsaPrivateKey) -> Result<bool, ErrorStack> {
     let cert_rsa = cert.public_key()?.rsa()?;
-    let cert_mod = cert_rsa.n();
-    let key_mod = key.n();
-    let key_mod_bignum = openssl::bn::BigNum::from_slice(&key_mod.to_bytes_be())?;
-    let is_equal = cert_mod.ucmp(&key_mod_bignum) == std::cmp::Ordering::Equal;
+    let cert_mod = rsa::BoxedUint::from_be_slice_vartime(&cert_rsa.n().to_vec());
+    let is_equal = cert_mod.cmp(&key.n()) == std::cmp::Ordering::Equal;
     if !is_equal {
         match ProxyCertInfo::try_from(cert) {
             Ok(x) => {

shared/src/lib.rs

@@ -2,7 +2,7 @@
 
 use beam_lib::{AppId, AppOrProxyId, ProxyId, FailureStrategy, WorkStatus};
 use chacha20poly1305::{
-    aead::{Aead, AeadCore, KeyInit, OsRng},
+    aead::{Aead, AeadCore, KeyInit},
     XChaCha20Poly1305, XNonce,
 };
 use crypto_jwt::extract_jwt;
@@ -21,7 +21,7 @@ use std::{
     time::{Duration, Instant, SystemTime}, net::SocketAddr, error::Error,
 };
 
-use rand::Rng;
+use rand::{rng, rngs::OsRng, Rng};
 use serde::{
     de::{DeserializeOwned, Visitor},
     Deserialize, Serialize,
@@ -302,9 +302,9 @@ pub trait EncryptableMsg: Msg + Serialize + Sized {
         receivers_public_keys: &Vec<RsaPublicKey>,
     ) -> Result<Self::Output, SamplyBeamError> {
         // Generate Symmetric Key and Nonce
-        let mut rng = rand::thread_rng();
-        let symmetric_key = XChaCha20Poly1305::generate_key(&mut rng);
-        let nonce = XChaCha20Poly1305::generate_nonce(&mut rng);
+        let mut rng = rng();
+        let symmetric_key = XChaCha20Poly1305::generate_key_with_rng(&mut rng);
+        let nonce = XChaCha20Poly1305::generate_nonce_with_rng(&mut rng);
 
         // Encrypt symmetric key with receivers' public keys
         let Ok(encrypted_keys) = receivers_public_keys
@@ -753,7 +753,7 @@ mod tests {
         };
 
         //Setup Keypairs
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
         let rsa_length: usize = 2048;
         let p1_private = RsaPrivateKey::new(&mut rng, rsa_length)
             .expect("Failed to generate private key for proxy 1");
@@ -799,7 +799,7 @@ mod tests {
         };
 
         //Setup Keypairs
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
         let rsa_length: usize = 2048;
         let p1_private = RsaPrivateKey::new(&mut rng, rsa_length)
             .expect("Failed to generate private key for proxy 1");

tests/Cargo.toml

@@ -11,7 +11,7 @@ beam-lib = { workspace = true, features = ["http-util"] }
 once_cell = "1"
 serde_json = "1"
 anyhow = "1"
-rand = "0.8"
+rand.workspace = true
 serde = { version = "1", features = ["derive"] }
 reqwest = { version = "0.12", features = ["stream"], default-features = false }
 futures = "0.3.28"