...

Cargo.toml

@@ -12,16 +12,16 @@ readme = "README.md"
 
 [dependencies]
 anyhow = "1.0.98"
-base64 = "0.21.0"  # Base64 encoding/decoding
+base64 = "0.22.1"  # Base64 encoding/decoding
 cfg-if = "1.0"
 chacha20poly1305 = "0.10.1" # ChaCha20Poly1305 AEAD cipher
-clap = "2.33" # Command-line argument parsing
+clap = "2.34.0" # Command-line argument parsing
-dirs = "5.0.1"     # Directory paths
+dirs = "6.0.0"     # Directory paths
-env_logger = "0.10.0" # Logger implementation
+env_logger = "0.11.8" # Logger implementation
 ethers = { version = "2.0.7", features = ["legacy"] } # Ethereum library
 glob = "0.3.1" # For file pattern matching
 jsonrpsee = "0.25.1"
-k256 = { version = "0.13.1", features = ["ecdsa", "ecdh"] } # Elliptic curve cryptography
+k256 = { version = "0.13.4", features = ["ecdsa", "ecdh"] } # Elliptic curve cryptography
 lazy_static = "1.4.0" # For lazy initialization of static variables
 libc = "0.2"
 log = "0.4" # Logging facade
@@ -31,7 +31,7 @@ postgres-types = "0.2.5" # PostgreSQL type conversions
 r2d2 = "0.8.10"
 r2d2_postgres = "0.18.2"
 rand = "0.8.5" # Random number generation
-redis = "0.22.0" # Redis client
+redis = "0.31.0" # Redis client
 regex = "1.8.1" # For regex pattern matching
 rhai = { version = "1.12.0", features = ["sync"] } # Embedded scripting language
 serde = { version = "1.0", features = [
@@ -41,26 +41,25 @@ serde_json = "1.0" # For JSON handling
 sha2 = "0.10.7"    # SHA-2 hash functions
 tempfile = "3.5" # For temporary file operations
 tera = "1.19.0" # Template engine for text rendering
-thiserror = "1.0" # For error handling
+thiserror = "2.0.12" # For error handling
 tokio = "1.45.0"
 tokio-postgres = "0.7.8" # Async PostgreSQL client
 tokio-test = "0.4.4"
 uuid = { version = "1.16.0", features = ["v4"] }
 zinit-client = { git = "https://github.com/threefoldtech/zinit", branch = "json_rpc",  package = "zinit-client" }
-
 # Optional features for specific OS functionality
 [target.'cfg(unix)'.dependencies]
-nix = "0.26" # Unix-specific functionality
+nix = "0.30.1" # Unix-specific functionality
 
 [target.'cfg(windows)'.dependencies]
-windows = { version = "0.48", features = [
+windows = { version = "0.61.1", features = [
     "Win32_Foundation",
     "Win32_System_Threading",
     "Win32_Storage_FileSystem",
 ] }
 
 [dev-dependencies]
-mockall = "0.11.4" # For mocking in tests
+mockall = "0.13.1" # For mocking in tests
 tempfile = "3.5"   # For tests that need temporary files/directories
 tokio = { version = "1.28", features = ["full", "test-util"] } # For async testing
 

src/vault/keypair/keypair_types.rs

@@ -1,6 +1,7 @@
 /// Implementation of keypair functionality.
 
 use k256::ecdsa::{SigningKey, VerifyingKey, signature::{Signer, Verifier}, Signature};
+use k256::ecdh::EphemeralSecret;
 use rand::rngs::OsRng;
 use serde::{Serialize, Deserialize};
 use std::collections::HashMap;
@@ -214,22 +215,24 @@ impl KeyPair {
         let ephemeral_signing_key = SigningKey::random(&mut OsRng);
         let ephemeral_public_key = VerifyingKey::from(&ephemeral_signing_key);
         
-        // Derive shared secret (this is a simplified ECDH)
+        // Derive shared secret using ECDH
-        // In a real implementation, we would use proper ECDH, but for this example:
+        let ephemeral_secret = EphemeralSecret::random(&mut OsRng);
-        let shared_point = recipient_key.to_encoded_point(false);
+        let shared_secret = ephemeral_secret.diffie_hellman(&recipient_key.to_public_key());
-        let shared_secret = {
+        
+        // Derive encryption key from the shared secret (e.g., using HKDF or hashing)
+        // For simplicity, we'll hash the shared secret here
+        let encryption_key = {
             let mut hasher = Sha256::default();
-            hasher.update(ephemeral_signing_key.to_bytes());
+            hasher.update(shared_secret.raw_secret_bytes());
-            hasher.update(shared_point.as_bytes());
             hasher.finalize().to_vec()
         };
         
         // Encrypt the message using the derived key
-        let ciphertext = implementation::encrypt_with_key(&shared_secret, message)
+        let ciphertext = implementation::encrypt_with_key(&encryption_key, message)
             .map_err(|e| CryptoError::EncryptionFailed(e.to_string()))?;
         
         // Format: ephemeral_public_key || ciphertext
-        let mut result = ephemeral_public_key.to_sec1_bytes().to_vec();
+        let mut result = ephemeral_public_key.to_encoded_point(false).as_bytes().to_vec();
         result.extend_from_slice(&ciphertext);
         
         Ok(result)
@@ -252,17 +255,19 @@ impl KeyPair {
         let sender_key = VerifyingKey::from_sec1_bytes(ephemeral_public_key)
             .map_err(|_| CryptoError::InvalidKeyLength)?;
         
-        // Derive shared secret (simplified ECDH)
+        // Derive shared secret using ECDH
-        let shared_point = sender_key.to_encoded_point(false);
+        let recipient_secret = EphemeralSecret::random(&mut OsRng);
-        let shared_secret = {
+        let shared_secret = recipient_secret.diffie_hellman(&sender_key.to_public_key());
+        
+        // Derive decryption key from the shared secret (using the same method as encryption)
+        let decryption_key = {
             let mut hasher = Sha256::default();
-            hasher.update(self.signing_key.to_bytes());
+            hasher.update(shared_secret.raw_secret_bytes());
-            hasher.update(shared_point.as_bytes());
             hasher.finalize().to_vec()
         };
         
         // Decrypt the message using the derived key
-        implementation::decrypt_with_key(&shared_secret, actual_ciphertext)
+        implementation::decrypt_with_key(&decryption_key, actual_ciphertext)
             .map_err(|e| CryptoError::DecryptionFailed(e.to_string()))
     }
 }