build(deps): bump the crypto group across 1 directory with 3 updates #388
Conversation
dependabot
bot
added
dependencies
dependabot
bot
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
2 times, most recently
from
0cfea09 to
277a3ca
Compare
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
dependabot
bot
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
from
277a3ca to
9d36f57
Compare
dependabot
bot
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
2 times, most recently
from
d5e3800 to
b64b8e4
Compare
dependabot
bot
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
from
b64b8e4 to
e8a8207
Compare
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
RRRadicalEdward
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
from
e8a8207 to
abce7ff
Compare
|
|
||
| let min_bits = low_bound.bits(); | ||
| let max_bits = high_bound.bits(); | ||
| loop { |
There was a problem hiding this comment.
crypto_bigint::BoxedUint does not implement that trait, which can generate a random number in a range.
So, I had to rewrite the old logic by doing a little bit of brute force.
| } | ||
|
|
||
| // Copied from `rsa` crate: https://github.com/RustCrypto/RSA/blob/eb1cca7b7ea42445dc874c1c1ce38873e4adade7/src/algorithms/rsa.rs#L232-L241 | ||
| fn pow_mod_params(base: &BoxedUint, exp: &BoxedUint, n_params: &BoxedMontyParams) -> BoxedUint { |
There was a problem hiding this comment.
There is no modpov for BoxedUint. So I looked up how it's done in rsa and just did the same.
| let g = BigUint::from_bytes_be(base); | ||
| let p = BigUint::from_bytes_be(modulus); | ||
| pub fn compute_public_key(private_key: &[u8], modulus: &[u8], base: &[u8]) -> DiffieHellmanResult<Vec<u8>> { | ||
| generate_dh_shared_secret(base, private_key, modulus) |
There was a problem hiding this comment.
The function body looked the same as generate_dh_shared_secret, so I added direct use of generate_dh_shared_secret.
picky/src/jose/jwe.rs
Outdated
| let cek = generate_cek(jwe.header.enc); | ||
|
|
||
| let encrypted_key = match rsa_public_key.encrypt(&mut rand::rngs::OsRng, padding, &cek) { | ||
| let encrypted_key = match rsa_public_key.encrypt(&mut ChaCha20Rng::from_os_rng(), padding, &cek) { |
There was a problem hiding this comment.
encrypt accepts a non-failable random, so OsRng doesn't suit anymore.
|
|
||
| /// EC field's BigUint -> bytes conversion does not include leading zeros, therefore we need to | ||
| /// expand the bytes to the curve's field size. | ||
| fn expand_ec_field(bytes: Vec<u8>, curve: EcCurve) -> Vec<u8> { |
There was a problem hiding this comment.
It's no longer needed. BoxedUnit::to_be_bytes_trimmed_vartime gives the number of bytes, the size of the curve.
|
|
||
| let inout = InOutBufReserved::from_mut_slice(message, message.len())?; | ||
| encryptor | ||
| .encrypt_padded_mut::<NoPadding>(message, len) |
There was a problem hiding this comment.
encrypt_padded_mut is gone. Now, we have to use encrypt_padded_inout.
|
Hi @CBenoit! I updated the RustCrypto crates in picky-rs to the latest versions. The CI fails because some of the RustCrypto crates moved to the 2024 edition, but picky-rs still uses the 2021 edition. Should I upgrade the project to the 2024 edition first? |
Yes, I think it’s a good timing for that. Maybe you can open a PR dedicated to that first, and then we rebase this? |
Bumps the crypto group with 3 updates in the / directory: [rand](https://github.com/rust-random/rand), [rand_core](https://github.com/rust-random/rand) and [rand_chacha](https://github.com/rust-random/rand). Updates `rand` from 0.8.5 to 0.9.1 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...rand_core-0.9.1) Updates `rand_core` from 0.6.4 to 0.9.3 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand/commits) Updates `rand_chacha` from 0.3.1 to 0.9.0 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@rand_chacha-0.3.1...0.9.0) --- updated-dependencies: - dependency-name: rand dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto - dependency-name: rand_core dependency-version: 0.9.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto - dependency-name: rand_chacha dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto ... Signed-off-by: dependabot[bot] <[email protected]>
RRRadicalEdward
force-pushed
the
dependabot/cargo/crypto-dddbb8626f
branch
from
abce7ff to
3ede611
Compare
|
Looks like these dependencies are no longer updatable, so this is no longer needed. |
|
@dependabot reopen |
|
Hi @CBenoit. Does it look good? I wonder if there is anything left blocking this PR from being merged |
It’s okay, but the CI is red |
Give me a second |
Fixed. |
| dh_shared_secret: &[u8], | ||
| mut dh_shared_secret: Vec<u8>, |
There was a problem hiding this comment.
issue: This is a breaking change. I’m not against it, but I would prefer a separate PR so we can evaluate it properly.
There was a problem hiding this comment.
Right, I overlooked that
| pub fn generate_dh_shared_secret(public_key: &[u8], private_key: &[u8], p: &[u8]) -> Vec<u8> { | ||
| let public_key = BigUint::from_bytes_be(public_key); | ||
| let private_key = BigUint::from_bytes_be(private_key); | ||
| let p = BigUint::from_bytes_be(p); | ||
| fn generate_dh_shared_secret(public_key: &[u8], private_key: &[u8], p: &[u8]) -> DiffieHellmanResult<Vec<u8>> { |
There was a problem hiding this comment.
question: The pub was removed here, is it because this was supposed to be an implementation detail? Maybe mark it as deprecated as a first step.
There was a problem hiding this comment.
It is an implementation detail. It's not used in sspi-rs or outside this file in general. So, I guess it shouldn't have been a pub in the first place
|
Thank you!! |
Bumps the crypto group with 3 updates in the / directory: rand, rand_core and rand_chacha.
Updates
randfrom 0.8.5 to 0.9.1Changelog
Sourced from rand's changelog.
... (truncated)
Commits
ec6d5c0Prepare rand_core v0.9.1 (#1591)6a06056rand_core: introduce an UnwrapMut wrapper (#1589)8929123AddAlphabeticdistribution (#1587)06b1642Remove unnecessary underscore from `impl<T, const N: usize> Distribution<[T; ...49d76cdrename extract to extract_lane (#1586)e0a70fdChange to usearray::from_fninDistribution\<[T; N]> for StandardUniform...0bc3f65Move rand distr (#1577)2677c49Revise "not a crypto library" policy and SECURITY.md (#1565)bfd1826SeedableRng docs: add note on (lack of) reproducibility (#1572)c01aee7Fix some links (#1571)Updates
rand_corefrom 0.6.4 to 0.9.3Release notes
Sourced from rand_core's releases.
... (truncated)
Changelog
Sourced from rand_core's changelog.
... (truncated)
Commits
Updates
rand_chachafrom 0.3.1 to 0.9.0Release notes
Sourced from rand_chacha's releases.
... (truncated)
Changelog
Sourced from rand_chacha's changelog.
... (truncated)
Commits
96f8df6Prepare 0.9.0 release (#1558)34da321Enablestdarch_x86_avx512for cpu hasavx512bw(#1551)b4b1eb7Re-org with distr::slice, distr::weighted modules (#1548)16eb7deAdd thethread_rngfeature flag (#1547)afa24e4Fix test status badges (#1544)c681dfcCreate FUNDING.yml9f05e22Update: getrandom v0.3.0 rc.0 (#1541)88c310bFix docs.rs build options (#1539)b879689Adjust GH Actions (#1538)3fac49fPrepare 0.9.0-beta.0 (#1535)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions