chore(deps): update sha2 requirement from 0.10 to 0.11

proxy/Cargo.toml

@@ -30,7 +30,7 @@ serde = "1"
 serde_json = "1"
 
 # Encryption handling
-rsa = "0.9"
+rsa = "0.10"
 
 # Server-sent Events (SSE) support
 tokio-util = { version = "0.7", features = ["io"] }

proxy/src/serve_sockets.rs

@@ -11,15 +11,15 @@ use chacha20poly1305::{
         self,
         generic_array::{typenum::Unsigned, GenericArray},
         stream::{DecryptorLE31, EncryptorLE31, NewStream, StreamLE31, StreamPrimitive},
-        Buffer, Nonce, OsRng,
+        Buffer, Nonce,
     },
     consts::{U20, U32},
     AeadCore, AeadInPlace, ChaCha20Poly1305, KeyInit, XChaCha20Poly1305,
 };
 use dashmap::DashMap;
 use futures::{stream::IntoAsyncRead, FutureExt, SinkExt, StreamExt, TryStreamExt};
 use hyper_util::rt::TokioIo;
-use rsa::rand_core::RngCore;
+use rsa::rand_core::{OsRng, RngCore};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 use beam_lib::AppOrProxyId;

shared/Cargo.toml

@@ -30,13 +30,13 @@ tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
 
 # Crypto
-rand = "0.8"
-rsa = "0.9"
-sha2 = "0.10"
+rand = "0.10"
+rsa = "0.10"
+sha2 = "0.11"
 openssl = "0.10"
 chacha20poly1305 = "0.10"
 itertools = "0.14.0"
-jwt-simple = "0.11"
+jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
 
 # Global variables
 once_cell = "1"

shared/src/crypto.rs

@@ -827,7 +827,7 @@ pub fn is_cert_from_privkey(cert: &X509, key: &RsaPrivateKey) -> Result<bool, Er
     let cert_rsa = cert.public_key()?.rsa()?;
     let cert_mod = cert_rsa.n();
     let key_mod = key.n();
-    let key_mod_bignum = openssl::bn::BigNum::from_slice(&key_mod.to_bytes_be())?;
+    let key_mod_bignum = openssl::bn::BigNum::from_slice(&key_mod.to_be_bytes())?;
     let is_equal = cert_mod.ucmp(&key_mod_bignum) == std::cmp::Ordering::Equal;
     if !is_equal {
         match ProxyCertInfo::try_from(cert) {

shared/src/lib.rs

@@ -2,7 +2,7 @@
 
 use beam_lib::{AppId, AppOrProxyId, ProxyId, FailureStrategy, WorkStatus};
 use chacha20poly1305::{
-    aead::{Aead, AeadCore, KeyInit, OsRng},
+    aead::{Aead, AeadCore, Key, KeyInit},
     XChaCha20Poly1305, XNonce,
 };
 use crypto_jwt::extract_jwt;
@@ -257,7 +257,7 @@ pub trait DecryptableMsg: Msg + Serialize + Sized {
 
         // Cryptographic Operations
         let cipher_engine = XChaCha20Poly1305::new_from_slice(&my_priv_key.decrypt(
-            Oaep::new::<sha2::Sha256>(),
+            Oaep::<sha2::Sha256>::new(),
             &encrypted_decryption_key,
         )?)
         .map_err(|e| {
@@ -302,17 +302,21 @@ pub trait EncryptableMsg: Msg + Serialize + Sized {
         receivers_public_keys: &Vec<RsaPublicKey>,
     ) -> Result<Self::Output, SamplyBeamError> {
         // Generate Symmetric Key and Nonce
-        let mut rng = rand::thread_rng();
-        let symmetric_key = XChaCha20Poly1305::generate_key(&mut rng);
-        let nonce = XChaCha20Poly1305::generate_nonce(&mut rng);
+        let mut rng = rand::rng();
+        let mut symmetric_key = Key::<XChaCha20Poly1305>::default();
+        openssl::rand::rand_bytes(&mut symmetric_key)
+            .map_err(|e| SamplyBeamError::SignEncryptError(e.to_string()))?;
+        let mut nonce = XNonce::default();
+        openssl::rand::rand_bytes(&mut nonce)
+            .map_err(|e| SamplyBeamError::SignEncryptError(e.to_string()))?;
 
         // Encrypt symmetric key with receivers' public keys
         let Ok(encrypted_keys) = receivers_public_keys
             .iter()
             .map(|key| {
                 key.encrypt(
                     &mut rng,
-                    Oaep::new::<sha2::Sha256>(),
+                    Oaep::<sha2::Sha256>::new(),
                     symmetric_key.as_slice(),
                 )
             })
@@ -767,7 +771,7 @@ mod tests {
         };
 
         //Setup Keypairs
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
         let rsa_length: usize = 2048;
         let p1_private = RsaPrivateKey::new(&mut rng, rsa_length)
             .expect("Failed to generate private key for proxy 1");
@@ -813,7 +817,7 @@ mod tests {
         };
 
         //Setup Keypairs
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
         let rsa_length: usize = 2048;
         let p1_private = RsaPrivateKey::new(&mut rng, rsa_length)
             .expect("Failed to generate private key for proxy 1");