Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to ring 0.17 #335

Merged
merged 10 commits into from
Oct 5, 2023
Merged

Upgrade to ring 0.17 #335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
95b69ba
Upgrade to latest `ring` version
thomaseizinger Oct 31, 2022
829e1d9
Fix deprecation warnings
thomaseizinger Oct 31, 2022
dc8d896
Temporarily pin `ring` version
thomaseizinger Oct 31, 2022
6da3ae8
Merge remote-tracking branch 'upstream/master' into bump-ring
thomaseizinger Nov 10, 2022
e4dad31
Fix warning
thomaseizinger Nov 10, 2022
bff1ecb
Remove duplicated code
thomaseizinger Nov 10, 2022
e47ef3e
Merge branch 'master' into bump-ring
thomaseizinger Oct 3, 2023
8070343
Bump ring to 0.17
thomaseizinger Oct 3, 2023
a3f7c6d
Fix formatting
thomaseizinger Oct 3, 2023
1ccc71b
Merge branch 'master' into bump-ring
thomaseizinger Oct 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dtls/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ x25519-dalek = { version = "2", features = ["static_secrets"] }
x509-parser = "0.15"
der-parser = "8.1"
rcgen = "0.11"
ring = "0.16.19"
ring = "0.17"
rustls = { version = "0.21", features = ["dangerous_configuration"]}
bincode = "1"
serde = { version = "1", features = ["derive"] }
Expand Down
3 changes: 2 additions & 1 deletion dtls/src/crypto/crypto_test.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ fn test_generate_key_signature() -> Result<()> {
NamedCurve::X25519,
&CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Rsa256(
RsaKeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?,
ring::rsa::KeyPair::from_der(&pem.contents)
.map_err(|e| Error::Other(e.to_string()))?,
),
serialized_der: pem.contents.clone(),
}, //hashAlgorithmSHA256,
Expand Down
48 changes: 10 additions & 38 deletions dtls/src/crypto/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use der_parser::oid;
use der_parser::oid::Oid;
use rcgen::KeyPair;
use ring::rand::SystemRandom;
use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
use ring::signature::{EcdsaKeyPair, Ed25519KeyPair};

use crate::curve::named_curve::*;
use crate::error::*;
Expand Down Expand Up @@ -139,7 +139,7 @@ pub(crate) fn value_key_message(
pub enum CryptoPrivateKeyKind {
Ed25519(Ed25519KeyPair),
Ecdsa256(EcdsaKeyPair),
Rsa256(RsaKeyPair),
Rsa256(ring::rsa::KeyPair),
}

/// Private key.
Expand Down Expand Up @@ -187,14 +187,15 @@ impl Clone for CryptoPrivateKey {
EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
&self.serialized_der,
&SystemRandom::new(),
)
.unwrap(),
),
serialized_der: self.serialized_der.clone(),
},
CryptoPrivateKeyKind::Rsa256(_) => CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Rsa256(
RsaKeyPair::from_pkcs8(&self.serialized_der).unwrap(),
ring::rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(),
),
serialized_der: self.serialized_der.clone(),
},
Expand All @@ -206,37 +207,7 @@ impl TryFrom<&KeyPair> for CryptoPrivateKey {
type Error = Error;

fn try_from(key_pair: &KeyPair) -> Result<Self> {
let serialized_der = key_pair.serialize_der();
if key_pair.is_compatible(&rcgen::PKCS_ED25519) {
Ok(CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Ed25519(
Ed25519KeyPair::from_pkcs8(&serialized_der)
.map_err(|e| Error::Other(e.to_string()))?,
),
serialized_der,
})
} else if key_pair.is_compatible(&rcgen::PKCS_ECDSA_P256_SHA256) {
Ok(CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Ecdsa256(
EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
&serialized_der,
)
.map_err(|e| Error::Other(e.to_string()))?,
),
serialized_der,
})
} else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
Ok(CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Rsa256(
RsaKeyPair::from_pkcs8(&serialized_der)
.map_err(|e| Error::Other(e.to_string()))?,
),
serialized_der,
})
} else {
Err(Error::Other("Unsupported key_pair".to_owned()))
}
Self::from_key_pair(key_pair)
}
}

Expand All @@ -257,6 +228,7 @@ impl CryptoPrivateKey {
EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
&serialized_der,
&SystemRandom::new(),
)
.map_err(|e| Error::Other(e.to_string()))?,
),
Expand All @@ -265,7 +237,7 @@ impl CryptoPrivateKey {
} else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
Ok(CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Rsa256(
RsaKeyPair::from_pkcs8(&serialized_der)
ring::rsa::KeyPair::from_pkcs8(&serialized_der)
.map_err(|e| Error::Other(e.to_string()))?,
),
serialized_der,
Expand Down Expand Up @@ -300,7 +272,7 @@ pub(crate) fn generate_key_signature(
}
CryptoPrivateKeyKind::Rsa256(kp) => {
let system_random = SystemRandom::new();
let mut signature = vec![0; kp.public_modulus_len()];
let mut signature = vec![0; kp.public().modulus_len()];
kp.sign(
&ring::signature::RSA_PKCS1_SHA256,
&system_random,
Expand Down Expand Up @@ -422,7 +394,7 @@ pub(crate) fn generate_certificate_verify(
}
CryptoPrivateKeyKind::Rsa256(kp) => {
let system_random = SystemRandom::new();
let mut signature = vec![0; kp.public_modulus_len()];
let mut signature = vec![0; kp.public().modulus_len()];
kp.sign(
&ring::signature::RSA_PKCS1_SHA256,
&system_random,
Expand Down Expand Up @@ -537,7 +509,7 @@ mod test {

#[cfg(feature = "pem")]
#[test]
fn test_certificate_serialize_pem_and_from_pem() -> Result<()> {
fn test_certificate_serialize_pem_and_from_pem() -> crate::error::Result<()> {
let cert = Certificate::generate_self_signed(vec!["webrtc.rs".to_owned()])?;

let pem = cert.serialize_pem();
Expand Down
2 changes: 1 addition & 1 deletion stun/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ rand = "0.8"
base64 = "0.21"
subtle = "2.4"
crc = "3"
ring = "0.16"
ring = "0.17"
md-5 = "0.10"
thiserror = "1"

Expand Down
2 changes: 1 addition & 1 deletion turn/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ async-trait = "0.1"
log = "0.4"
base64 = "0.21"
rand = "0.8"
ring = "0.16"
ring = "0.17"
md-5 = "0.10"
thiserror = "1"

Expand Down
2 changes: 1 addition & 1 deletion webrtc/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ smol_str = { version = "0.2", features = ["serde"] }
url = "2"
rustls = { version = "0.21", features = ["dangerous_configuration"]}
rcgen = { version = "0.11", features = ["pem", "x509-parser"]}
ring = "0.16"
ring = "0.17"
sha2 = "0.10"
lazy_static = "1.4"
hex = "0.4"
Expand Down
7 changes: 5 additions & 2 deletions webrtc/src/peer_connection/certificate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ use std::time::{Duration, SystemTime, UNIX_EPOCH};

use dtls::crypto::{CryptoPrivateKey, CryptoPrivateKeyKind};
use rcgen::{CertificateParams, KeyPair};
use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
use ring::rand::SystemRandom;
use ring::rsa;
use ring::signature::{EcdsaKeyPair, Ed25519KeyPair};
use sha2::{Digest, Sha256};

use crate::dtls_transport::dtls_fingerprint::RTCDtlsFingerprint;
Expand Down Expand Up @@ -58,6 +60,7 @@ impl RTCCertificate {
EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
&serialized_der,
&SystemRandom::new(),
)
.map_err(|e| Error::new(e.to_string()))?,
),
Expand All @@ -66,7 +69,7 @@ impl RTCCertificate {
} else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
CryptoPrivateKey {
kind: CryptoPrivateKeyKind::Rsa256(
RsaKeyPair::from_pkcs8(&serialized_der)
rsa::KeyPair::from_pkcs8(&serialized_der)
.map_err(|e| Error::new(e.to_string()))?,
),
serialized_der,
Expand Down