diff --git a/dtls/Cargo.toml b/dtls/Cargo.toml index 80a657661..559d67e30 100644 --- a/dtls/Cargo.toml +++ b/dtls/Cargo.toml @@ -32,7 +32,7 @@ x25519-dalek = { version = "2", features = ["static_secrets"] } x509-parser = "0.15" der-parser = "8.1" rcgen = "0.11" -ring = "0.16.19" +ring = "0.17" rustls = { version = "0.21", features = ["dangerous_configuration"]} bincode = "1" serde = { version = "1", features = ["derive"] } diff --git a/dtls/src/crypto/crypto_test.rs b/dtls/src/crypto/crypto_test.rs index 55ae873bc..b47c4dc64 100644 --- a/dtls/src/crypto/crypto_test.rs +++ b/dtls/src/crypto/crypto_test.rs @@ -89,7 +89,8 @@ fn test_generate_key_signature() -> Result<()> { NamedCurve::X25519, &CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, + ring::rsa::KeyPair::from_der(&pem.contents) + .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der: pem.contents.clone(), }, //hashAlgorithmSHA256, diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index 63e933873..4ae949b87 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -12,7 +12,7 @@ use der_parser::oid; use der_parser::oid::Oid; use rcgen::KeyPair; use ring::rand::SystemRandom; -use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use ring::signature::{EcdsaKeyPair, Ed25519KeyPair}; use crate::curve::named_curve::*; use crate::error::*; @@ -139,7 +139,7 @@ pub(crate) fn value_key_message( pub enum CryptoPrivateKeyKind { Ed25519(Ed25519KeyPair), Ecdsa256(EcdsaKeyPair), - Rsa256(RsaKeyPair), + Rsa256(ring::rsa::KeyPair), } /// Private key. @@ -187,6 +187,7 @@ impl Clone for CryptoPrivateKey { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &self.serialized_der, + &SystemRandom::new(), ) .unwrap(), ), @@ -194,7 +195,7 @@ impl Clone for CryptoPrivateKey { }, CryptoPrivateKeyKind::Rsa256(_) => CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&self.serialized_der).unwrap(), + ring::rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(), ), serialized_der: self.serialized_der.clone(), }, @@ -206,37 +207,7 @@ impl TryFrom<&KeyPair> for CryptoPrivateKey { type Error = Error; fn try_from(key_pair: &KeyPair) -> Result { - let serialized_der = key_pair.serialize_der(); - if key_pair.is_compatible(&rcgen::PKCS_ED25519) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Ed25519( - Ed25519KeyPair::from_pkcs8(&serialized_der) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else if key_pair.is_compatible(&rcgen::PKCS_ECDSA_P256_SHA256) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Ecdsa256( - EcdsaKeyPair::from_pkcs8( - &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, - &serialized_der, - ) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else { - Err(Error::Other("Unsupported key_pair".to_owned())) - } + Self::from_key_pair(key_pair) } } @@ -257,6 +228,7 @@ impl CryptoPrivateKey { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::Other(e.to_string()))?, ), @@ -265,7 +237,7 @@ impl CryptoPrivateKey { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { Ok(CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + ring::rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der, @@ -300,7 +272,7 @@ pub(crate) fn generate_key_signature( } CryptoPrivateKeyKind::Rsa256(kp) => { let system_random = SystemRandom::new(); - let mut signature = vec![0; kp.public_modulus_len()]; + let mut signature = vec![0; kp.public().modulus_len()]; kp.sign( &ring::signature::RSA_PKCS1_SHA256, &system_random, @@ -422,7 +394,7 @@ pub(crate) fn generate_certificate_verify( } CryptoPrivateKeyKind::Rsa256(kp) => { let system_random = SystemRandom::new(); - let mut signature = vec![0; kp.public_modulus_len()]; + let mut signature = vec![0; kp.public().modulus_len()]; kp.sign( &ring::signature::RSA_PKCS1_SHA256, &system_random, @@ -537,7 +509,7 @@ mod test { #[cfg(feature = "pem")] #[test] - fn test_certificate_serialize_pem_and_from_pem() -> Result<()> { + fn test_certificate_serialize_pem_and_from_pem() -> crate::error::Result<()> { let cert = Certificate::generate_self_signed(vec!["webrtc.rs".to_owned()])?; let pem = cert.serialize_pem(); diff --git a/stun/Cargo.toml b/stun/Cargo.toml index ae7be9509..51eba6929 100644 --- a/stun/Cargo.toml +++ b/stun/Cargo.toml @@ -23,7 +23,7 @@ rand = "0.8" base64 = "0.21" subtle = "2.4" crc = "3" -ring = "0.16" +ring = "0.17" md-5 = "0.10" thiserror = "1" diff --git a/turn/Cargo.toml b/turn/Cargo.toml index 9c6f749bc..569833637 100644 --- a/turn/Cargo.toml +++ b/turn/Cargo.toml @@ -19,7 +19,7 @@ async-trait = "0.1" log = "0.4" base64 = "0.21" rand = "0.8" -ring = "0.16" +ring = "0.17" md-5 = "0.10" thiserror = "1" diff --git a/webrtc/Cargo.toml b/webrtc/Cargo.toml index 192fd03fd..45cf8f370 100644 --- a/webrtc/Cargo.toml +++ b/webrtc/Cargo.toml @@ -41,7 +41,7 @@ smol_str = { version = "0.2", features = ["serde"] } url = "2" rustls = { version = "0.21", features = ["dangerous_configuration"]} rcgen = { version = "0.11", features = ["pem", "x509-parser"]} -ring = "0.16" +ring = "0.17" sha2 = "0.10" lazy_static = "1.4" hex = "0.4" diff --git a/webrtc/src/peer_connection/certificate.rs b/webrtc/src/peer_connection/certificate.rs index 5928dbb35..6efa90528 100644 --- a/webrtc/src/peer_connection/certificate.rs +++ b/webrtc/src/peer_connection/certificate.rs @@ -3,7 +3,9 @@ use std::time::{Duration, SystemTime, UNIX_EPOCH}; use dtls::crypto::{CryptoPrivateKey, CryptoPrivateKeyKind}; use rcgen::{CertificateParams, KeyPair}; -use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use ring::rand::SystemRandom; +use ring::rsa; +use ring::signature::{EcdsaKeyPair, Ed25519KeyPair}; use sha2::{Digest, Sha256}; use crate::dtls_transport::dtls_fingerprint::RTCDtlsFingerprint; @@ -58,6 +60,7 @@ impl RTCCertificate { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::new(e.to_string()))?, ), @@ -66,7 +69,7 @@ impl RTCCertificate { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::new(e.to_string()))?, ), serialized_der,