Fix RSA signing - it should use PSS signatures.

lightspark/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+# v0.9.2
+- RSA signing should be PSS signatures.
+
 # v0.9.1
 - Fix a signing issue with RSA keys.
 

lightspark/Cargo.toml

@@ -2,7 +2,7 @@
 name = "lightspark"
 description = "Lightspark Rust SDK"
 authors = ["Lightspark Group, Inc. <[email protected]>"]
-version = "0.9.1"
+version = "0.9.2"
 edition = "2021"
 documentation = "https://docs.lightspark.com/lightspark-sdk/getting-started?language=Rust"
 homepage = "https://www.lightspark.com/"

lightspark/README.md

@@ -1,8 +1,8 @@
-# Lightspark Rust SDK - v0.9.1
+# Lightspark Rust SDK - v0.9.2
 
 The Lightspark Rust SDK provides a convenient way to interact with the Lightspark services from applications written in the Rust language.
 
-***WARNING: This SDK is in version 0.9.1 (active development). It means that its APIs may not be fully stable. Please expect that changes to the APIs may happen until we move to v1.0.0.***
+***WARNING: This SDK is in version 0.9.2 (active development). It means that its APIs may not be fully stable. Please expect that changes to the APIs may happen until we move to v1.0.0.***
 
 ## Documentation
 

lightspark/examples/osk_test.rs

@@ -0,0 +1,73 @@
+use lightspark::{
+    client::LightsparkClient, key::RSASigningKey, request::auth_provider::AccountAuthProvider,
+};
+
+async fn create_invoice() {
+    let api_id = std::env::var("LIGHTSPARK_API_CLIENT_ID").unwrap();
+    let api_token = std::env::var("LIGHTSPARK_API_CLIENT_SECRET").unwrap();
+    let endpoint = std::env::var("LIGHTSPARK_API_ENDPOINT").unwrap();
+
+    let auth = AccountAuthProvider::new(api_id.to_string(), api_token.to_string());
+    let mut client = LightsparkClient::<RSASigningKey>::new(auth).unwrap();
+    client.requester.set_base_url(Some(endpoint));
+
+    let node_id = std::env::var("LIGHTSPARK_NODE_ID").unwrap();
+
+    let password = std::env::var("LIGHTSPARK_NODE_PASSWORD").unwrap();
+    let _ = client.recover_node_signing_key(&node_id, &password).await;
+
+    println!("API ID: {:?}", api_id);
+    println!("API Token: {:?}", api_token);
+    println!("Node ID: {:?}", node_id);
+
+    let account = client.get_current_account().await.unwrap();
+    println!("Account: {:?}", account.name);
+
+    let invoice = client.create_invoice(&node_id, 10000, None, None).await;
+    let payment_request = invoice.unwrap().data.encoded_payment_request;
+    println!("Invoice created: {:?}", payment_request);
+
+    let response = client
+        .create_test_mode_payment(&node_id, &payment_request, None)
+        .await;
+    println!("Payment response: {:?}", response.unwrap().id);
+}
+
+async fn test_payment() {
+    let api_id = std::env::var("LIGHTSPARK_API_CLIENT_ID").unwrap();
+    let api_token = std::env::var("LIGHTSPARK_API_CLIENT_SECRET").unwrap();
+    let endpoint = std::env::var("LIGHTSPARK_API_ENDPOINT").unwrap();
+
+    let auth = AccountAuthProvider::new(api_id.to_string(), api_token.to_string());
+    let mut client = LightsparkClient::<RSASigningKey>::new(auth).unwrap();
+    client.requester.set_base_url(Some(endpoint));
+
+    let node_id = std::env::var("LIGHTSPARK_NODE_ID").unwrap();
+
+    let password = std::env::var("LIGHTSPARK_NODE_PASSWORD").unwrap();
+    let _ = client.recover_node_signing_key(&node_id, &password).await;
+
+    println!("API ID: {:?}", api_id);
+    println!("API Token: {:?}", api_token);
+    println!("Node ID: {:?}", node_id);
+
+    let account = client.get_current_account().await.unwrap();
+    println!("Account: {:?}", account.name);
+
+    let invoice = client
+        .create_test_mode_invoice(&node_id, 10000, Some("test"), None)
+        .await;
+    let payment_request = invoice.unwrap().replace('\"', "");
+    println!("Invoice created: {:?}", payment_request);
+
+    let response = client
+        .pay_invoice(&node_id, &payment_request, 100, None, 1000)
+        .await;
+    println!("Payment response: {:?}", response.unwrap().id);
+}
+
+#[tokio::main]
+async fn main() {
+    create_invoice().await;
+    test_payment().await;
+}

lightspark/src/crypto.rs

@@ -8,9 +8,10 @@ use cbc::cipher::block_padding::Pkcs7;
 use cbc::cipher::{BlockDecryptMut, KeyIvInit};
 use pbkdf2::pbkdf2_hmac;
 use rand::RngCore;
+use rsa::pss::BlindedSigningKey;
 use rsa::sha2::Sha256;
 use rsa::signature::{RandomizedSigner, SignatureEncoding};
-use rsa::{pkcs1v15::SigningKey, pkcs8::DecodePrivateKey, RsaPrivateKey};
+use rsa::{pkcs8::DecodePrivateKey, RsaPrivateKey};
 use serde_json::{json, Error, Value};
 
 const KEY_LEN: usize = 32;
@@ -156,7 +157,7 @@ pub fn sign_payload(payload: &[u8], signing_key: &[u8]) -> Result<String, Crypto
     };
 
     let key = RsaPrivateKey::from_pkcs8_der(&signing_key).expect("Fail to generate key");
-    let signing_key = SigningKey::<Sha256>::new(key);
+    let signing_key = BlindedSigningKey::<Sha256>::new(key);
     let mut rng = rand::thread_rng();
 
     let signature = signing_key.sign_with_rng(&mut rng, payload);

lightspark/src/lib.rs

@@ -28,7 +28,7 @@
 //! See more examples in examples/example.rs
 //!
 /// The version of this library.
-pub const VERSION: &str = "0.9.1";
+pub const VERSION: &str = "0.9.2";
 
 #[cfg(feature = "client")]
 pub mod client;