chore: upgrade rsa to 0.9 (denoland#21016)

Cargo.toml

@@ -153,7 +153,7 @@ p256 = { version = "0.13.2", features = ["ecdh"] }
 p384 = { version = "0.13.0", features = ["ecdh"] }
 
 # crypto
-rsa = { version = "0.7.0", default-features = false, features = ["std", "pem", "hazmat"] } # hazmat needed for PrehashSigner in ext/node
+rsa = { version = "0.9.3", default-features = false, features = ["std", "pem", "hazmat"] } # hazmat needed for PrehashSigner in ext/node
 hkdf = "0.12.3"
 
 # macros

ext/crypto/00_crypto.js

@@ -1313,6 +1313,7 @@ class SubtleCrypto {
  algorithm: "RSA-PSS",
  hash: hashAlgorithm,
  signature,
+ saltLength: normalizedAlgorithm.saltLength,
  }, data);
  }
  case "HMAC": {

ext/crypto/decrypt.rs

@@ -24,9 +24,7 @@ use deno_core::unsync::spawn_blocking;
 use deno_core::JsBuffer;
 use deno_core::ToJsBuffer;
 use rsa::pkcs1::DecodeRsaPrivateKey;
-use rsa::PaddingScheme;
 use serde::Deserialize;
-use sha1::Digest;
 use sha1::Sha1;
 use sha2::Sha256;
 use sha2::Sha384;
@@ -117,24 +115,24 @@ fn decrypt_rsa_oaep(
  let label = Some(String::from_utf8_lossy(&label).to_string());
 
  let padding = match hash {
- ShaHash::Sha1 => PaddingScheme::OAEP {
- digest: Box::new(Sha1::new()),
- mgf_digest: Box::new(Sha1::new()),
+ ShaHash::Sha1 => rsa::Oaep {
+ digest: Box::<Sha1>::default(),
+ mgf_digest: Box::<Sha1>::default(),
  label,
  },
- ShaHash::Sha256 => PaddingScheme::OAEP {
- digest: Box::new(Sha256::new()),
- mgf_digest: Box::new(Sha256::new()),
+ ShaHash::Sha256 => rsa::Oaep {
+ digest: Box::<Sha256>::default(),
+ mgf_digest: Box::<Sha256>::default(),
  label,
  },
- ShaHash::Sha384 => PaddingScheme::OAEP {
- digest: Box::new(Sha384::new()),
- mgf_digest: Box::new(Sha384::new()),
+ ShaHash::Sha384 => rsa::Oaep {
+ digest: Box::<Sha384>::default(),
+ mgf_digest: Box::<Sha384>::default(),
  label,
  },
- ShaHash::Sha512 => PaddingScheme::OAEP {
- digest: Box::new(Sha512::new()),
- mgf_digest: Box::new(Sha512::new()),
+ ShaHash::Sha512 => rsa::Oaep {
+ digest: Box::<Sha512>::default(),
+ mgf_digest: Box::<Sha512>::default(),
  label,
  },
  };

ext/crypto/ed25519.rs

@@ -2,6 +2,7 @@
 
 use base64::prelude::BASE64_URL_SAFE_NO_PAD;
 use base64::Engine;
+use deno_core::error::custom_error;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::ToJsBuffer;
@@ -123,26 +124,37 @@ pub fn op_crypto_export_spki_ed25519(
  },
  subject_public_key: pubkey,
  };
- Ok(key_info.to_vec()?.into())
+ Ok(
+ key_info
+ .to_vec()
+ .map_err(|_| {
+ custom_error("DOMExceptionOperationError", "Failed to export key")
+ })?
+ .into(),
+ )
 }
 
 #[op2]
 #[serde]
 pub fn op_crypto_export_pkcs8_ed25519(
  #[buffer] pkey: &[u8],
 ) -> Result<ToJsBuffer, AnyError> {
+ use rsa::pkcs1::der::Encode;
+
  // This should probably use OneAsymmetricKey instead
  let pk_info = rsa::pkcs8::PrivateKeyInfo {
  public_key: None,
- algorithm: rsa::pkcs8::AlgorithmIdentifier {
+ algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
  // id-Ed25519
  oid: ED25519_OID,
  parameters: None,
  },
  private_key: pkey, // OCTET STRING
  };
 
- Ok(pk_info.to_vec()?.into())
+ let mut buf = Vec::new();
+ pk_info.encode_to_vec(&mut buf)?;
+ Ok(buf.into())
 }
 
 // 'x' from Section 2 of RFC 8037

ext/crypto/encrypt.rs

@@ -24,10 +24,7 @@ use deno_core::JsBuffer;
 use deno_core::ToJsBuffer;
 use rand::rngs::OsRng;
 use rsa::pkcs1::DecodeRsaPublicKey;
-use rsa::PaddingScheme;
-use rsa::PublicKey;
 use serde::Deserialize;
-use sha1::Digest;
 use sha1::Sha1;
 use sha2::Sha256;
 use sha2::Sha384;
@@ -119,24 +116,24 @@ fn encrypt_rsa_oaep(
  .map_err(|_| operation_error("failed to decode public key"))?;
  let mut rng = OsRng;
  let padding = match hash {
- ShaHash::Sha1 => PaddingScheme::OAEP {
- digest: Box::new(Sha1::new()),
- mgf_digest: Box::new(Sha1::new()),
+ ShaHash::Sha1 => rsa::Oaep {
+ digest: Box::<Sha1>::default(),
+ mgf_digest: Box::<Sha1>::default(),
  label: Some(label),
  },
- ShaHash::Sha256 => PaddingScheme::OAEP {
- digest: Box::new(Sha256::new()),
- mgf_digest: Box::new(Sha256::new()),
+ ShaHash::Sha256 => rsa::Oaep {
+ digest: Box::<Sha256>::default(),
+ mgf_digest: Box::<Sha256>::default(),
  label: Some(label),
  },
- ShaHash::Sha384 => PaddingScheme::OAEP {
- digest: Box::new(Sha384::new()),
- mgf_digest: Box::new(Sha384::new()),
+ ShaHash::Sha384 => rsa::Oaep {
+ digest: Box::<Sha384>::default(),
+ mgf_digest: Box::<Sha384>::default(),
  label: Some(label),
  },
- ShaHash::Sha512 => PaddingScheme::OAEP {
- digest: Box::new(Sha512::new()),
- mgf_digest: Box::new(Sha512::new()),
+ ShaHash::Sha512 => rsa::Oaep {
+ digest: Box::<Sha512>::default(),
+ mgf_digest: Box::<Sha512>::default(),
  label: Some(label),
  },
  };

ext/crypto/export_key.rs

@@ -10,12 +10,12 @@ use deno_core::op2;
 use deno_core::ToJsBuffer;
 use elliptic_curve::sec1::ToEncodedPoint;
 use p256::pkcs8::DecodePrivateKey;
-use rsa::pkcs1::UIntRef;
+use rsa::pkcs1::der::Decode;
+use rsa::pkcs8::der::asn1::UintRef;
+use rsa::pkcs8::der::Encode;
 use serde::Deserialize;
 use serde::Serialize;
 use spki::der::asn1;
-use spki::der::Decode;
-use spki::der::Encode;
 use spki::AlgorithmIdentifier;
 
 use crate::shared::*;
@@ -112,7 +112,7 @@ pub fn op_crypto_export_key(
  }
 }
 
-fn uint_to_b64(bytes: UIntRef) -> String {
+fn uint_to_b64(bytes: UintRef) -> String {
  BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes())
 }
 
@@ -126,6 +126,7 @@ fn export_key_rsa(
 ) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
  match format {
  ExportKeyFormat::Spki => {
+ use spki::der::Encode;
  let subject_public_key = &key_data.as_rsa_public_key()?;
 
  // the SPKI structure
@@ -158,18 +159,21 @@ fn export_key_rsa(
 
  let pk_info = rsa::pkcs8::PrivateKeyInfo {
  public_key: None,
- algorithm: rsa::pkcs8::AlgorithmIdentifier {
+ algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
  // rsaEncryption(1)
  oid: rsa::pkcs8::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"),
  // parameters field should not be omitted (None).
  // It MUST have ASN.1 type NULL as per defined in RFC 3279 Section 2.3.1
- parameters: Some(asn1::AnyRef::from(asn1::Null)),
+ parameters: Some(rsa::pkcs8::der::asn1::AnyRef::from(
+ rsa::pkcs8::der::asn1::Null,
+ )),
  },
  private_key,
  };
 
  // Infallible because we know the private key is valid.
- let pkcs8_der = pk_info.to_vec().unwrap();
+ let mut pkcs8_der = Vec::new();
+ pk_info.encode_to_vec(&mut pkcs8_der)?;
 
  Ok(ExportKeyResult::Pkcs8(pkcs8_der.into()))
  }
@@ -255,6 +259,8 @@ fn export_key_ec(
  Ok(ExportKeyResult::Raw(subject_public_key.into()))
  }
  ExportKeyFormat::Spki => {
+ use spki::der::Encode;
+
  let subject_public_key = match named_curve {
  EcNamedCurve::P256 => {
  let point = key_data.as_ec_public_key_p256()?;