Update rsa-pem, properly use RSA crate

This commit is contained in:
asonix 2020-03-16 20:41:00 -05:00
parent 979b2a14f8
commit ea64843a59
4 changed files with 22 additions and 8 deletions

11
Cargo.lock generated
View File

@ -529,6 +529,12 @@ dependencies = [
"tokio-postgres",
]
[[package]]
name = "bit-vec"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4523a10839ffae575fb08aa3423026c8cb4687eef43952afb956229d4f246f7"
[[package]]
name = "bitflags"
version = "1.2.1"
@ -1711,8 +1717,10 @@ dependencies = [
[[package]]
name = "rsa-pem"
version = "0.1.0"
source = "git+https://git.asonix.dog/Aardwolf/rsa-pem#6c47c3fc377375a5bfedbb7457832fc013d3227d"
source = "git+https://git.asonix.dog/Aardwolf/rsa-pem#8dc04bd060d7993058c120f5cbfa654890113614"
dependencies = [
"bit-vec",
"log",
"num-bigint",
"num-bigint-dig",
"num-traits",
@ -2469,6 +2477,7 @@ version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a563d10ead87e2d798e357d44f40f495ad70bcee4d5c0d3f77a5b1b7376645d9"
dependencies = [
"bit-vec",
"num-bigint",
]

View File

@ -308,7 +308,7 @@ where
&key_id,
&mut digest,
item_string,
|signing_string| state.sign(signing_string.as_bytes()),
|signing_string| state.sign(signing_string),
)?
.send()
.await

View File

@ -97,11 +97,13 @@ impl Settings {
format!("relay@{}", self.hostname)
}
fn sign(&self, bytes: &[u8]) -> Result<String, crate::error::MyError> {
fn sign(&self, signing_string: &str) -> Result<String, crate::error::MyError> {
use rsa::{hash::Hashes, padding::PaddingScheme};
use sha2::{Digest, Sha256};
let hashed = Sha256::digest(signing_string.as_bytes());
let bytes =
self.private_key
.sign(PaddingScheme::PKCS1v15, Some(&Hashes::SHA2_256), bytes)?;
.sign(PaddingScheme::PKCS1v15, Some(&Hashes::SHA2_256), &hashed)?;
Ok(base64::encode_config(bytes, base64::URL_SAFE))
}
}
@ -115,8 +117,8 @@ impl State {
self.settings.generate_resource()
}
pub fn sign(&self, bytes: &[u8]) -> Result<String, crate::error::MyError> {
self.settings.sign(bytes)
pub fn sign(&self, signing_string: &str) -> Result<String, crate::error::MyError> {
self.settings.sign(signing_string)
}
pub async fn bust_whitelist(&self, whitelist: &str) {

View File

@ -1,8 +1,9 @@
use crate::{error::MyError, state::State};
use actix_web::client::Client;
use http_signature_normalization_actix::prelude::*;
use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
use rsa::{hash::Hashes, padding::PaddingScheme, PublicKey, RSAPublicKey};
use rsa_pem::KeyExt;
use sha2::{Digest, Sha256};
use std::{future::Future, pin::Pin, sync::Arc};
#[derive(Clone)]
@ -35,16 +36,18 @@ impl SignatureVerify for MyVerify {
match algorithm {
Some(Algorithm::Hs2019) => (),
Some(Algorithm::Deprecated(DeprecatedAlgorithm::RsaSha256)) => (),
_ => return Err(MyError::Algorithm),
};
let decoded = base64::decode(signature)?;
let hashed = Sha256::digest(signing_string.as_bytes());
public_key.verify(
PaddingScheme::PKCS1v15,
Some(&Hashes::SHA2_256),
&hashed,
&decoded,
signing_string.as_bytes(),
)?;
Ok(true)