This PR adds support for a new encryption format for exchanging access
tokens during the authentication flow.
The new format uses Optimal Asymmetric Encryption Padding (OAEP) instead
of PKCS#1 v1.5, which is known to be vulnerable to side-channel attacks.
**Note: We are not yet encrypting access tokens using the new format, as
this is a breaking change between the client and the server. This PR
only adds support for it, and makes it so the client and server can
decrypt either format moving forward.**
This required bumping the RSA key size from 1024 bits to 2048 bits. This
is necessary to be able to encode the access token into the ciphertext
when using OAEP.
This also follows OWASP recommendations:
> If ECC is not available and RSA must be used, then ensure that the key
is at least 2048 bits.
>
> —
[source](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms)
Release Notes:
- N/A
This PR upgrades the `rsa` crate to v0.9.6.
The version we were using was rather old, and for something
security-sensitive we should be using a recent version.
No behavioral changes have been made, just updates to account for
changes in the crate's API.
Release Notes:
- N/A
This PR adds some tests to ensure we don't regress in our public key
encoding/decoding capabilities when making changes in this area.
Release Notes:
- N/A
