From c2a198b821e285236b988001cce2df60580cad91 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Mon, 17 Oct 2022 16:27:23 +0200 Subject: [PATCH] Fix RSA JWT signature and add snapshot tests for JWT signature --- Cargo.lock | 68 ++++++++++++++++++- Cargo.toml | 4 -- crates/jose/Cargo.toml | 6 +- crates/jose/src/jwa/asymmetric.rs | 28 ++++---- crates/jose/src/jwa/symmetric.rs | 11 +++ crates/jose/src/jwk/private_parameters.rs | 2 +- crates/jose/src/jwt/signed.rs | 31 ++++++++- crates/jose/tests/jws.rs | 21 ++++++ .../tests/snapshots/jws__es256__sign_jwt.snap | 5 ++ .../snapshots/jws__es256k__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__es384__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__ps256__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__ps384__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__ps512__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__rs256__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__rs384__sign_jwt.snap | 5 ++ .../tests/snapshots/jws__rs512__sign_jwt.snap | 5 ++ crates/keystore/Cargo.toml | 2 +- 18 files changed, 194 insertions(+), 24 deletions(-) create mode 100644 crates/jose/tests/snapshots/jws__es256__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__es256k__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__es384__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__ps256__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__ps384__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__ps512__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__rs256__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__rs384__sign_jwt.snap create mode 100644 crates/jose/tests/snapshots/jws__rs512__sign_jwt.snap diff --git a/Cargo.lock b/Cargo.lock index ee6c89a5..80f025e7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -896,6 +896,19 @@ dependencies = [ "unicode-width", ] +[[package]] +name = "console" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c050367d967ced717c04b65d8c619d863ef9292ce0c5760028655a2fb298718c" +dependencies = [ + "encode_unicode", + "lazy_static", + "libc", + "terminal_size", + "winapi", +] + [[package]] name = "const-oid" version = "0.9.0" @@ -1455,6 +1468,12 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1b32a7a2580c4473f10f66b512c34bdd7d33c5e3473227ca833abdb5afe4809" +[[package]] +name = "encode_unicode" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" + [[package]] name = "encoding_rs" version = "0.8.31" @@ -2124,6 +2143,19 @@ dependencies = [ "generic-array", ] +[[package]] +name = "insta" +version = "1.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "581d4e3314cae4536e5d22ffd23189d4a374696c5ef733eadafae0ed273fd303" +dependencies = [ + "console", + "lazy_static", + "linked-hash-map", + "similar", + "yaml-rust", +] + [[package]] name = "instant" version = "0.1.12" @@ -2326,6 +2358,12 @@ dependencies = [ "cc", ] +[[package]] +name = "linked-hash-map" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" + [[package]] name = "linux-raw-sys" version = "0.0.46" @@ -2627,11 +2665,13 @@ dependencies = [ "elliptic-curve", "generic-array", "hmac", + "insta", "k256", "mas-iana", "p256", "p384", "rand", + "rand_chacha", "rsa", "schemars", "sec1", @@ -4380,7 +4420,8 @@ dependencies = [ [[package]] name = "sha2" version = "0.10.6" -source = "git+https://github.com/RustCrypto/hashes.git?rev=f9af45fdde84bb24c25f90011d7b2316783eb29f#f9af45fdde84bb24c25f90011d7b2316783eb29f" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ "cfg-if", "cpufeatures", @@ -4415,6 +4456,12 @@ dependencies = [ "rand_core", ] +[[package]] +name = "similar" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62ac7f900db32bf3fd12e0117dd3dc4da74bc52ebaac97f39668446d89694803" + [[package]] name = "siphasher" version = "0.3.10" @@ -4710,6 +4757,16 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "terminal_size" +version = "0.1.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "633c1a546cee861a1a6d0dc69ebeca693bf4296661ba7852b9d21d159e0506df" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "thiserror" version = "1.0.37" @@ -5832,6 +5889,15 @@ version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "114ba2b24d2167ef6d67d7d04c8cc86522b87f490025f39f0303b7db5bf5e3d8" +[[package]] +name = "yaml-rust" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85" +dependencies = [ + "linked-hash-map", +] + [[package]] name = "yansi" version = "0.5.1" diff --git a/Cargo.toml b/Cargo.toml index 9be79196..20704f87 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,3 @@ default-members = ["crates/cli"] members = ["crates/*"] - -[patch.crates-io] -# XXX: temporary override waiting on a new version of the sha2 crate -sha2 = { git = "https://github.com/RustCrypto/hashes.git", rev = "f9af45fdde84bb24c25f90011d7b2316783eb29f" } diff --git a/crates/jose/Cargo.toml b/crates/jose/Cargo.toml index 57423e9d..4fb8876f 100644 --- a/crates/jose/Cargo.toml +++ b/crates/jose/Cargo.toml @@ -18,7 +18,7 @@ k256 = { version = "0.11.6", features = ["ecdsa"] } p256 = { version = "0.11.1", features = ["ecdsa"] } p384 = { version = "0.11.2", features = ["ecdsa"] } rand = "0.8.5" -rsa = "0.7.0-rc.0" +rsa = "0.7.0" schemars = "0.8.10" sec1 = "0.3.0" serde = { version = "1.0.145", features = ["derive"] } @@ -31,3 +31,7 @@ tracing = "0.1.36" url = { version = "2.3.1", features = ["serde"] } mas-iana = { path = "../iana" } + +[dev-dependencies] +insta = { version = "1.21.0" } +rand_chacha = "0.3.1" diff --git a/crates/jose/src/jwa/asymmetric.rs b/crates/jose/src/jwa/asymmetric.rs index a2d5d776..e49d1c93 100644 --- a/crates/jose/src/jwa/asymmetric.rs +++ b/crates/jose/src/jwa/asymmetric.rs @@ -13,8 +13,6 @@ // limitations under the License. use mas_iana::jose::{JsonWebKeyEcEllipticCurve, JsonWebSignatureAlg}; -use rand::thread_rng; -use signature::RandomizedSigner; use thiserror::Error; use super::signature::Signature; @@ -159,43 +157,47 @@ impl From for AsymmetricSigningKey { } } -impl signature::Signer for AsymmetricSigningKey { - fn try_sign(&self, msg: &[u8]) -> Result { +impl signature::RandomizedSigner for AsymmetricSigningKey { + fn try_sign_with_rng( + &self, + rng: impl rand::CryptoRng + rand::RngCore, + msg: &[u8], + ) -> Result { match self { Self::Rs256(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Rs384(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Rs512(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Ps256(key) => { - let signature = key.try_sign_with_rng(thread_rng(), msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Ps384(key) => { - let signature = key.try_sign_with_rng(thread_rng(), msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Ps512(key) => { - let signature = key.try_sign_with_rng(thread_rng(), msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Es256(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Es384(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } Self::Es256K(key) => { - let signature = key.try_sign(msg)?; + let signature = key.try_sign_with_rng(rng, msg)?; Ok(Signature::from_signature(&signature)) } } diff --git a/crates/jose/src/jwa/symmetric.rs b/crates/jose/src/jwa/symmetric.rs index 66663587..973c56ac 100644 --- a/crates/jose/src/jwa/symmetric.rs +++ b/crates/jose/src/jwa/symmetric.rs @@ -79,6 +79,17 @@ impl From for SymmetricKey { } } +impl signature::RandomizedSigner for SymmetricKey { + fn try_sign_with_rng( + &self, + _rng: impl rand::CryptoRng + rand::RngCore, + msg: &[u8], + ) -> Result { + // XXX: is that implementation alright? + signature::Signer::try_sign(self, msg) + } +} + impl signature::Signer for SymmetricKey { fn try_sign(&self, msg: &[u8]) -> Result { match self { diff --git a/crates/jose/src/jwk/private_parameters.rs b/crates/jose/src/jwk/private_parameters.rs index 11a7c619..df9214bc 100644 --- a/crates/jose/src/jwk/private_parameters.rs +++ b/crates/jose/src/jwk/private_parameters.rs @@ -271,7 +271,7 @@ mod rsa_impls { type Error = rsa::errors::Error; fn try_from(value: &RsaPrivateParameters) -> Result { let key: RsaPrivateKey = value.try_into()?; - Ok(Self::new(key)) + Ok(Self::new_with_salt_len(key, ::output_size())) } } diff --git a/crates/jose/src/jwt/signed.rs b/crates/jose/src/jwt/signed.rs index 76120ada..c55a8e3c 100644 --- a/crates/jose/src/jwt/signed.rs +++ b/crates/jose/src/jwt/signed.rs @@ -13,8 +13,9 @@ // limitations under the License. use base64ct::{Base64UrlUnpadded, Encoding}; +use rand::{thread_rng, CryptoRng, RngCore}; use serde::{de::DeserializeOwned, Serialize}; -use signature::{Signature, Signer, Verifier}; +use signature::{RandomizedSigner, Signature, Verifier}; use thiserror::Error; use super::{header::JsonWebSignatureHeader, raw::RawJwt}; @@ -279,6 +280,12 @@ pub enum JwtSignatureError { #[source] inner: serde_json::Error, }, + + #[error("failed to sign")] + Signature { + #[from] + inner: signature::Error, + }, } impl JwtSignatureError { @@ -298,7 +305,22 @@ impl Jwt<'static, T> { key: &K, ) -> Result where - K: Signer, + K: RandomizedSigner, + S: Signature, + T: Serialize, + { + Self::sign_with_rng(thread_rng(), header, payload, key) + } + + pub fn sign_with_rng( + rng: R, + header: JsonWebSignatureHeader, + payload: T, + key: &K, + ) -> Result + where + R: CryptoRng + RngCore, + K: RandomizedSigner, S: Signature, T: Serialize, { @@ -313,7 +335,10 @@ impl Jwt<'static, T> { let first_dot = header_.len(); let second_dot = inner.len(); - let signature = key.sign(inner.as_bytes()).as_bytes().to_vec(); + let signature = key + .try_sign_with_rng(rng, inner.as_bytes())? + .as_bytes() + .to_vec(); let signature_ = Base64UrlUnpadded::encode_string(&signature); inner.reserve_exact(1 + signature_.len()); inner.push('.'); diff --git a/crates/jose/tests/jws.rs b/crates/jose/tests/jws.rs index c408052b..22dd13f7 100644 --- a/crates/jose/tests/jws.rs +++ b/crates/jose/tests/jws.rs @@ -95,6 +95,8 @@ macro_rules! asymetric_jwt_test { conditional! { $supported => use mas_jose::jwt::JsonWebSignatureHeader; + use rand_chacha::ChaCha8Rng; + use rand::SeedableRng; #[test] fn verify_jwt() { @@ -112,6 +114,25 @@ macro_rules! asymetric_jwt_test { jwt.verify(&key).unwrap(); } + #[test] + fn sign_jwt() { + let rng = ChaCha8Rng::seed_from_u64(42); + let alg = JsonWebSignatureAlg::$alg; + let payload = Payload { + hello: "world".to_string(), + }; + let header = JsonWebSignatureHeader::new(alg.clone()); + + let jwks = private_jwks(); + let key = jwks.signing_key_for_algorithm(&alg).unwrap(); + + let key = mas_jose::jwa::AsymmetricSigningKey::from_jwk_and_alg(key.params(), &alg) + .unwrap(); + + let jwt: Jwt<'_, Payload> = Jwt::sign_with_rng(rng, header, payload, &key).unwrap(); + insta::assert_snapshot!(jwt.as_str()); + } + #[test] fn sign_and_verify_jwt() { let alg = JsonWebSignatureAlg::$alg; diff --git a/crates/jose/tests/snapshots/jws__es256__sign_jwt.snap b/crates/jose/tests/snapshots/jws__es256__sign_jwt.snap new file mode 100644 index 00000000..ee4410b0 --- /dev/null +++ b/crates/jose/tests/snapshots/jws__es256__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJFUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0._3wYtQklt0l_fhcwpQUSWbySVA3uJjVNgoudkvUInWjPpS7tO0sgmPf8Bwb3Rv9oTJncQfavs4rEw2kmgouPBw diff --git a/crates/jose/tests/snapshots/jws__es256k__sign_jwt.snap b/crates/jose/tests/snapshots/jws__es256k__sign_jwt.snap new file mode 100644 index 00000000..9881aecf --- /dev/null +++ b/crates/jose/tests/snapshots/jws__es256k__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJFUzI1NksifQ.eyJoZWxsbyI6IndvcmxkIn0.-9Z19RYab_3Ym4Ork_lZUriouz5ktZFkT6B-DBGPYCJhVvSSNtG9Je9PEo0xpe9al0NhFcG5YJ4s4usDicsVjQ diff --git a/crates/jose/tests/snapshots/jws__es384__sign_jwt.snap b/crates/jose/tests/snapshots/jws__es384__sign_jwt.snap new file mode 100644 index 00000000..854b5924 --- /dev/null +++ b/crates/jose/tests/snapshots/jws__es384__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJFUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.QIX0_gN6orAY32t6gKiDnstNdnBAmf1D5y-000ym-C8Y_MGt-HReODkUIMl7k6FNS1kw1FSbNXhXAPnAfcfgg2rR7oWDWfdxY5D0u1DcFGmhIrU5mxcUG50I_5YHIbe2 diff --git a/crates/jose/tests/snapshots/jws__ps256__sign_jwt.snap b/crates/jose/tests/snapshots/jws__ps256__sign_jwt.snap new file mode 100644 index 00000000..44f7cfdd --- /dev/null +++ b/crates/jose/tests/snapshots/jws__ps256__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJQUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.CupFwPDQkECCpxd9y0y4hdPccVa387MXe8jMnI5Q0nWwdXqJ9PCyEGOfdBDwFqAfWGYlTkcDjTua81K6tV2ctnFRd9mqs_i1PyhLp8PFO9PcdxtqQKRgA0M4CEA_Yd-7mDFeh4raHgWX6xoNGnEoqrPrp-Vl4jQzdXVpY-J_PKuam_0PlXv-pk3uBW5RD8HU1J8injsUp2FRIJfnOGok4ZnXZqy4_jKkBgu35ymgn011MvLKjHnwTSWteHHc1CVUmJ-txiCaQGWL-6sz0tKdpEpekDCXyygaabn4rDtxm4Be2NeS1Nm852pwzg78SLgxgGPs9uxOx-cH66nWX6Ct9w diff --git a/crates/jose/tests/snapshots/jws__ps384__sign_jwt.snap b/crates/jose/tests/snapshots/jws__ps384__sign_jwt.snap new file mode 100644 index 00000000..be21c49f --- /dev/null +++ b/crates/jose/tests/snapshots/jws__ps384__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJQUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.IlvyM131OVgUdNUlnAFDC4ZgIUtF_rzM_mOYasKi9WMB6d83AD-CRSnpkCXjSRS6WXx8fcLl5WA5COAMTG7PiDZlCxQ2zWsBn4SF2e8ARAiCsEGkkHhY6r68mXq86bdVD_46RKOnpBBK_DGu_ZHFY7Cjo6SGYol57HKIoGhTi79qQd0tYPdqNYO02KOTsR83-ph5vdEdM4jLg81X7--rH08Zhtnywu1JnmtxEotTvtbwXB1tDTTZvgywzgP63krP44D5hH-PlKLw4Bia_LQkSE4OE1HfDsK1IK4Y7SniJTrTQXp5FVASPrQnF2-lJUz_oDqzTKAv7FXCcCz1iPKbvg diff --git a/crates/jose/tests/snapshots/jws__ps512__sign_jwt.snap b/crates/jose/tests/snapshots/jws__ps512__sign_jwt.snap new file mode 100644 index 00000000..62cef2df --- /dev/null +++ b/crates/jose/tests/snapshots/jws__ps512__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJQUzUxMiJ9.eyJoZWxsbyI6IndvcmxkIn0.Chyx9_a-dAyy2tB5hgj3SzLCoDSFx7GxO1PnFCrPN0z8pVRpOTrHaHDVlqPq0IjIGwPAcrTpNtwTIJdjNcpck9nyTShOUQya0tAGCrV1hbxR_QLGPayJydq8_treTKHeGxby4RaInM8k_hLz-6136FDiZXSxtZ6p4mCEcWeYiG5WGVqY15YptCuIipsY01Fyrew8djnIgW9bqS0aP9pakQWOIigYavFxhrLzyutgXiNxsNSH8OTCh9UQr62xEePJWsXkZIkSqtQlEnK68qhSgLffinyDtDMS7CAt82Lh0ac3vqRVyM0w4_l2C-auLE1aeAAroAhnc9YLVg0BufvydQ diff --git a/crates/jose/tests/snapshots/jws__rs256__sign_jwt.snap b/crates/jose/tests/snapshots/jws__rs256__sign_jwt.snap new file mode 100644 index 00000000..9c8824f9 --- /dev/null +++ b/crates/jose/tests/snapshots/jws__rs256__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.ji96-idJ7VHafGOGt22nJPVSDC6S2XvZSUFG7TLrjv-_ylINko_9YsI9_-9UZcB5ZtMeCX6Z5eO_9MTaq3Fhcj7mdn_hozZaNseTVgnwkFfTBlF7HcWhBdWbihAoY1YDvhTu-l_L6iBt1KhQh3J6fsfeGB-l3JfygZLKLtM1gsEz2qaZpnM90wESpphvpaJ_rGlWcTu61DGBBB3kOGCgaG2CJypCKp67m2vxFfi7J_2yE-1H2Y9ACWye73TWNuZubXNdo6azqqiJRe9o6oFmuPwkjgld66MdshQWjo3sGPHPI1_V-nhR9AtoizzF-3_YoS9oVwAzL6GiVUzeKpvZfQ diff --git a/crates/jose/tests/snapshots/jws__rs384__sign_jwt.snap b/crates/jose/tests/snapshots/jws__rs384__sign_jwt.snap new file mode 100644 index 00000000..e7e6c67e --- /dev/null +++ b/crates/jose/tests/snapshots/jws__rs384__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJSUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.UgY6PfaVQ3Rhz_RvS8YZmCjUIcchejdWcf5zvSRK0ANGB1r2yvcdvGkOeVsFdKW_z7oru_4jTOffLgm8NoYVvg_x44u_z63ENrQTGbO0QLOLZKI4fuEvKDrKpkf2BmSPa-2feKQECVXxCcIiR32Q_zTHJtTIaDV2-hk2W_CEJxCVqLZ4b6l5iI2qLKUS3vERDKdwA2igiA_NElv4KThCtNIoS8TBohwio-M-SV43i-aJHnyn2U6Uw3Gu1mCSIBeRUNoQPXFBFnWY1Pa5TrxPA2jekck9j_xCWOX_jWK1khBW1lMwzYC5Ry24S7QxOcg8l2x8I6J03gB4N651fhcKgQ diff --git a/crates/jose/tests/snapshots/jws__rs512__sign_jwt.snap b/crates/jose/tests/snapshots/jws__rs512__sign_jwt.snap new file mode 100644 index 00000000..f16ee078 --- /dev/null +++ b/crates/jose/tests/snapshots/jws__rs512__sign_jwt.snap @@ -0,0 +1,5 @@ +--- +source: crates/jose/tests/jws.rs +expression: jwt.as_str() +--- +eyJhbGciOiJSUzUxMiJ9.eyJoZWxsbyI6IndvcmxkIn0.HMs8F0DuJbLh0mjhXh5-PE66m8hwjdRP0_ixm_LKmeieAmJrerObyKHtstOdaLO0l_r3XXg2bHjzwGNSn3XF5Gj0RgqRqW6T5X8CO_Kf__0B-lTUfiXpxyLMhb3Vkt9fRa1YZjVix8hGsEx8oerA_xqv1DzgdKNvO4kK_Vzykuz5bgLn2oQR1w1NARCqazmjKh4S9q9XS8BZ-Ke2xTLSOpLP4g67IGyo79Y_BZ0-mOgBWZmPGzJnBGOrv4Lc-Vn3kPNZqREM9DA9IILw1hbCRG6x31pM5u1PESIV1dSuoIaab5A9yfBx1Fr9PRxV-1qHRaRYi06E_q_jxwtPG2oM7w diff --git a/crates/keystore/Cargo.toml b/crates/keystore/Cargo.toml index 51177afa..9822f20a 100644 --- a/crates/keystore/Cargo.toml +++ b/crates/keystore/Cargo.toml @@ -20,7 +20,7 @@ pem-rfc7468 = { version = "0.6.0", features = ["std"] } pkcs1 = { version = "0.4.0", features = ["std"] } pkcs8 = { version = "0.9.0", features = ["std", "pkcs5", "encryption"] } rand = "0.8.5" -rsa = { version = "0.7.0-rc.0", features = ["std", "pem"] } +rsa = { version = "0.7.0", features = ["std", "pem"] } sec1 = { version = "0.3.0", features = ["std"] } spki = { version = "0.6.0", features = ["std"] } thiserror = "1.0.37"