From b1708823de33d0a33e07f61c82ef9e0d18812774 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 22:44:22 +0100 Subject: [PATCH 1/9] Update base64. --- sasl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 46e5717b7ac5fa26fe43a5ca317a08a2c45b7ccd..af0f340e388ea8b3f852218997dda2244358ec53 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -18,7 +18,7 @@ default = ["scram"] scram = ["openssl"] [dependencies] -base64 = "0.9.1" +base64 = "0.10" [dependencies.openssl] version = "0.10.7" From 9e9f09a9a531bb47a559fe2a38e55544a0861a74 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 22:54:32 +0100 Subject: [PATCH 2/9] Update to Edition 2018. --- sasl/Cargo.toml | 1 + sasl/src/client/mechanisms/anonymous.rs | 4 ++-- sasl/src/client/mechanisms/plain.rs | 4 ++-- sasl/src/client/mechanisms/scram.rs | 14 +++++++------- sasl/src/client/mod.rs | 2 +- sasl/src/common/scram.rs | 4 ++-- sasl/src/lib.rs | 7 +------ sasl/src/secret.rs | 8 ++++---- sasl/src/server/mechanisms/plain.rs | 6 +++--- sasl/src/server/mechanisms/scram.rs | 10 +++++----- sasl/src/server/mod.rs | 4 ++-- 11 files changed, 30 insertions(+), 34 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index af0f340e388ea8b3f852218997dda2244358ec53..225e9f7dc28eb4dbb0b18b18caf7f256db78bfbc 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -9,6 +9,7 @@ documentation = "https://docs.rs/sasl" readme = "README.md" keywords = ["sasl", "authentication"] license = "LGPL-3.0+" +edition = "2018" [badges] gitlab = { repository = "lumi/sasl-rs" } diff --git a/sasl/src/client/mechanisms/anonymous.rs b/sasl/src/client/mechanisms/anonymous.rs index d95245a8b05bb09dbbdd78c72573f32e55892ffd..45361377669803f30b95a1cd58662cc36a7f1c66 100644 --- a/sasl/src/client/mechanisms/anonymous.rs +++ b/sasl/src/client/mechanisms/anonymous.rs @@ -1,7 +1,7 @@ //! Provides the SASL "ANONYMOUS" mechanism. -use client::Mechanism; -use common::{Credentials, Secret}; +use crate::client::Mechanism; +use crate::common::{Credentials, Secret}; /// A struct for the SASL ANONYMOUS mechanism. pub struct Anonymous; diff --git a/sasl/src/client/mechanisms/plain.rs b/sasl/src/client/mechanisms/plain.rs index 786978da1f3eaee817ece5a624d818f0f17a9672..1c5bd1a310db0acf62a5bd0b43da5d28462a0f22 100644 --- a/sasl/src/client/mechanisms/plain.rs +++ b/sasl/src/client/mechanisms/plain.rs @@ -1,7 +1,7 @@ //! Provides the SASL "PLAIN" mechanism. -use client::Mechanism; -use common::{Credentials, Identity, Password, Secret}; +use crate::client::Mechanism; +use crate::common::{Credentials, Identity, Password, Secret}; /// A struct for the SASL PLAIN mechanism. pub struct Plain { diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index b19ed48c8b2f58cdec96626e4ce408177c7a0607..abc5472ae8c7c5833322bb591c73b88156a3206d 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -2,11 +2,11 @@ use base64; -use client::Mechanism; -use common::scram::{generate_nonce, ScramProvider}; -use common::{parse_frame, xor, ChannelBinding, Credentials, Identity, Password, Secret}; +use crate::client::Mechanism; +use crate::common::scram::{generate_nonce, ScramProvider}; +use crate::common::{parse_frame, xor, ChannelBinding, Credentials, Identity, Password, Secret}; -use error::Error; +use crate::error::Error; use std::marker::PhantomData; @@ -189,9 +189,9 @@ impl Mechanism for Scram { #[cfg(test)] mod tests { - use client::mechanisms::Scram; - use client::Mechanism; - use common::scram::{Sha1, Sha256}; + use crate::client::mechanisms::Scram; + use crate::client::Mechanism; + use crate::common::scram::{Sha1, Sha256}; #[test] fn scram_sha1_works() { diff --git a/sasl/src/client/mod.rs b/sasl/src/client/mod.rs index d8655d543cea5816c55d63317dca9ffbdfb94efa..2acf9cff2d7b941f8a6100205301c99d5d08c369 100644 --- a/sasl/src/client/mod.rs +++ b/sasl/src/client/mod.rs @@ -1,4 +1,4 @@ -use common::Credentials; +use crate::common::Credentials; /// A trait which defines SASL mechanisms. pub trait Mechanism { diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 6833a8994fbf52c8ed7ce487be04384f7ccf66d2..2ccba1fcdd93787234257a1911fe91b6ee2f5677 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -6,9 +6,9 @@ use openssl::pkey::PKey; use openssl::rand::rand_bytes; use openssl::sign::Signer; -use common::Password; +use crate::common::Password; -use secret; +use crate::secret; use base64; diff --git a/sasl/src/lib.rs b/sasl/src/lib.rs index 9e1379715c77e1cf9df3e659faca72815c43f3ba..2a64e7621d873abdc29ca6130e070e0b96aab961 100644 --- a/sasl/src/lib.rs +++ b/sasl/src/lib.rs @@ -163,11 +163,6 @@ //! sasl = "*" //! ``` -extern crate base64; - -#[cfg(feature = "scram")] -extern crate openssl; - mod error; pub mod client; @@ -176,4 +171,4 @@ pub mod server; pub mod common; pub mod secret; -pub use error::Error; +pub use crate::error::Error; diff --git a/sasl/src/secret.rs b/sasl/src/secret.rs index 54c94c8494b14e84ce30d93bb4efa230a4468232..690bf36d5db639903e459874e35422f88cdc6721 100644 --- a/sasl/src/secret.rs +++ b/sasl/src/secret.rs @@ -21,8 +21,8 @@ pub struct Pbkdf2Sha1 { impl Pbkdf2Sha1 { #[cfg(feature = "openssl")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { - use common::scram::{ScramProvider, Sha1}; - use common::Password; + use crate::common::scram::{ScramProvider, Sha1}; + use crate::common::Password; let digest = Sha1::derive(&Password::Plain(password.to_owned()), salt, iterations)?; Ok(Pbkdf2Sha1 { salt: salt.to_vec(), @@ -56,8 +56,8 @@ pub struct Pbkdf2Sha256 { impl Pbkdf2Sha256 { #[cfg(feature = "openssl")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { - use common::scram::{ScramProvider, Sha256}; - use common::Password; + use crate::common::scram::{ScramProvider, Sha256}; + use crate::common::Password; let digest = Sha256::derive(&Password::Plain(password.to_owned()), salt, iterations)?; Ok(Pbkdf2Sha256 { salt: salt.to_vec(), diff --git a/sasl/src/server/mechanisms/plain.rs b/sasl/src/server/mechanisms/plain.rs index 1deebbe5a7408667cfca74bd7de0ccedd89e5227..8df0e76fdab603de5091ec4220befff49ead4324 100644 --- a/sasl/src/server/mechanisms/plain.rs +++ b/sasl/src/server/mechanisms/plain.rs @@ -1,6 +1,6 @@ -use common::Identity; -use secret; -use server::{Mechanism, Response, Validator}; +use crate::common::Identity; +use crate::secret; +use crate::server::{Mechanism, Response, Validator}; pub struct Plain> { validator: V, diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index 5f6feaec6d57b3cdc4711aa9dd59cf3ca9ed808e..ad027686c0274442682bd5b90a4e763bd1af0305 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -2,11 +2,11 @@ use std::marker::PhantomData; use base64; -use common::scram::{generate_nonce, ScramProvider}; -use common::{parse_frame, xor, ChannelBinding, Identity}; -use secret; -use secret::Pbkdf2Secret; -use server::{Mechanism, Provider, Response}; +use crate::common::scram::{generate_nonce, ScramProvider}; +use crate::common::{parse_frame, xor, ChannelBinding, Identity}; +use crate::secret; +use crate::secret::Pbkdf2Secret; +use crate::server::{Mechanism, Provider, Response}; enum ScramState { Init, diff --git a/sasl/src/server/mod.rs b/sasl/src/server/mod.rs index 87b4b07be1725886bb3384c74b892da91a13d585..020e88b208d0363b80562bd4436d8367f4e5a984 100644 --- a/sasl/src/server/mod.rs +++ b/sasl/src/server/mod.rs @@ -1,5 +1,5 @@ -use common::Identity; -use secret::Secret; +use crate::common::Identity; +use crate::secret::Secret; #[macro_export] macro_rules! impl_validator_using_provider { From 13d63402983eb18af54174f616ec8d8f5416a150 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:32:39 +0100 Subject: [PATCH 3/9] Switch to RustCrypto for hashes. --- sasl/Cargo.toml | 2 ++ sasl/src/common/scram.rs | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 225e9f7dc28eb4dbb0b18b18caf7f256db78bfbc..8fc9bfc5fca4be740187607c8b5e33cefd26fd0a 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -20,6 +20,8 @@ scram = ["openssl"] [dependencies] base64 = "0.10" +sha-1 = "0.8" +sha2 = "0.8" [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 2ccba1fcdd93787234257a1911fe91b6ee2f5677..ab5dd94c0563804e43a908e8b9cde7437b229cdb 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,10 +1,11 @@ use openssl::error::ErrorStack; -use openssl::hash::hash; use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; use openssl::pkey::PKey; use openssl::rand::rand_bytes; use openssl::sign::Signer; +use sha1::{Digest, Sha1 as Sha1_hash}; +use sha2::Sha256 as Sha256_hash; use crate::common::Password; @@ -49,7 +50,10 @@ impl ScramProvider for Sha1 { } fn hash(data: &[u8]) -> Vec { - hash(MessageDigest::sha1(), data).unwrap().to_vec() + let hash = Sha1_hash::digest(data); + let mut vec = Vec::with_capacity(Sha1_hash::output_size()); + vec.extend_from_slice(hash.as_slice()); + vec } fn hmac(data: &[u8], key: &[u8]) -> Vec { @@ -112,7 +116,10 @@ impl ScramProvider for Sha256 { } fn hash(data: &[u8]) -> Vec { - hash(MessageDigest::sha256(), data).unwrap().to_vec() + let hash = Sha256_hash::digest(data); + let mut vec = Vec::with_capacity(Sha256_hash::output_size()); + vec.extend_from_slice(hash.as_slice()); + vec } fn hmac(data: &[u8], key: &[u8]) -> Vec { From 392b1c66b1ffce9fa9f744de08bd61824f5a8543 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:40:46 +0100 Subject: [PATCH 4/9] Switch to RustCrypto for Hmac. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 25 +++++++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 8fc9bfc5fca4be740187607c8b5e33cefd26fd0a..663b1031af986a27c2235f5adf59f06c46b98fe5 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -22,6 +22,7 @@ scram = ["openssl"] base64 = "0.10" sha-1 = "0.8" sha2 = "0.8" +hmac = "0.7" [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index ab5dd94c0563804e43a908e8b9cde7437b229cdb..6b88e0249f308991b2fe2dfbae347ea1333686d2 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,9 +1,8 @@ +use hmac::{Hmac, Mac}; use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; -use openssl::pkey::PKey; use openssl::rand::rand_bytes; -use openssl::sign::Signer; use sha1::{Digest, Sha1 as Sha1_hash}; use sha2::Sha256 as Sha256_hash; @@ -57,10 +56,13 @@ impl ScramProvider for Sha1 { } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha1(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha1 = Hmac; + let mut mac = HmacSha1::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha1_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -123,10 +125,13 @@ impl ScramProvider for Sha256 { } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha256 = Hmac; + let mut mac = HmacSha256::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha256_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { From 506d0b17fc2b157d91efe75e914c28d0712e861b Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:53:29 +0100 Subject: [PATCH 5/9] Switch to rand_os for random bytes. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 13 ++++++++----- sasl/src/error.rs | 12 ++++++------ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 663b1031af986a27c2235f5adf59f06c46b98fe5..915271167c79b753e869c8221afd0a3eabc9f009 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -20,6 +20,7 @@ scram = ["openssl"] [dependencies] base64 = "0.10" +rand_os = "0.1" sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 6b88e0249f308991b2fe2dfbae347ea1333686d2..681524b2d1a2271773ed53203aeb8eb0f9402435 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,8 +1,10 @@ use hmac::{Hmac, Mac}; -use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; -use openssl::rand::rand_bytes; +use rand_os::{ + rand_core::{Error as RngError, RngCore}, + OsRng, +}; use sha1::{Digest, Sha1 as Sha1_hash}; use sha2::Sha256 as Sha256_hash; @@ -13,9 +15,10 @@ use crate::secret; use base64; /// Generate a nonce for SCRAM authentication. -pub fn generate_nonce() -> Result { - let mut data = vec![0; 32]; - rand_bytes(&mut data)?; +pub fn generate_nonce() -> Result { + let mut data = [0u8; 32]; + let mut rng = OsRng::new()?; + rng.fill_bytes(&mut data); Ok(base64::encode(&data)) } diff --git a/sasl/src/error.rs b/sasl/src/error.rs index 6d79df25b8e7bf130a3b6fd6a9219e142558025c..b5287073753dccf6de443bc0835961aaa24ab9f6 100644 --- a/sasl/src/error.rs +++ b/sasl/src/error.rs @@ -1,19 +1,19 @@ #[cfg(feature = "scram")] -use openssl::error::ErrorStack; +use rand_os::rand_core::Error as RngError; /// A wrapper enum for things that could go wrong in this crate. #[derive(Debug)] pub enum Error { #[cfg(feature = "scram")] - /// An error in OpenSSL. - OpenSslErrorStack(ErrorStack), + /// An error while initializing the Rng. + RngError(RngError), /// An error in a SASL mechanism. SaslError(String), } #[cfg(feature = "scram")] -impl From for Error { - fn from(err: ErrorStack) -> Error { - Error::OpenSslErrorStack(err) +impl From for Error { + fn from(err: RngError) -> Error { + Error::RngError(err) } } From 5892caa4a847c37b8f30f24b492f9e36c6ee1b26 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:59:31 +0100 Subject: [PATCH 6/9] Switch to RustCrypto for pbkdf2. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 21 +++------------------ 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 915271167c79b753e869c8221afd0a3eabc9f009..10c12e9935bd98c3721a05db84843f791209865d 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -24,6 +24,7 @@ rand_os = "0.1" sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" +pbkdf2 = { version = "0.3", default-features = false } [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 681524b2d1a2271773ed53203aeb8eb0f9402435..405afafb752ae4d64c1ba525b9809fe66dba0b19 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,6 +1,5 @@ use hmac::{Hmac, Mac}; -use openssl::hash::MessageDigest; -use openssl::pkcs5::pbkdf2_hmac; +use pbkdf2::pbkdf2; use rand_os::{ rand_core::{Error as RngError, RngCore}, OsRng, @@ -72,14 +71,7 @@ impl ScramProvider for Sha1 { match *password { Password::Plain(ref plain) => { let mut result = vec![0; 20]; - pbkdf2_hmac( - plain.as_bytes(), - salt, - iterations, - MessageDigest::sha1(), - &mut result, - ) - .unwrap(); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); Ok(result) } Password::Pbkdf2 { @@ -141,14 +133,7 @@ impl ScramProvider for Sha256 { match *password { Password::Plain(ref plain) => { let mut result = vec![0; 32]; - pbkdf2_hmac( - plain.as_bytes(), - salt, - iterations, - MessageDigest::sha256(), - &mut result, - ) - .unwrap(); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); Ok(result) } Password::Pbkdf2 { From 5337a0a14983e547cb4005f68834ebf4ec4c13f8 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Fri, 18 Jan 2019 00:04:14 +0100 Subject: [PATCH 7/9] Remove the openssl dependency, fixes #4. --- sasl/Cargo.toml | 6 +----- sasl/src/secret.rs | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 10c12e9935bd98c3721a05db84843f791209865d..284b8f9633784875a75293f789cadf877a0fde23 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -16,7 +16,7 @@ gitlab = { repository = "lumi/sasl-rs" } [features] default = ["scram"] -scram = ["openssl"] +scram = [] [dependencies] base64 = "0.10" @@ -25,7 +25,3 @@ sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" pbkdf2 = { version = "0.3", default-features = false } - -[dependencies.openssl] -version = "0.10.7" -optional = true diff --git a/sasl/src/secret.rs b/sasl/src/secret.rs index 690bf36d5db639903e459874e35422f88cdc6721..31f42dd9e00123d325baee445361dc3f836d522e 100644 --- a/sasl/src/secret.rs +++ b/sasl/src/secret.rs @@ -19,7 +19,7 @@ pub struct Pbkdf2Sha1 { } impl Pbkdf2Sha1 { - #[cfg(feature = "openssl")] + #[cfg(feature = "scram")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { use crate::common::scram::{ScramProvider, Sha1}; use crate::common::Password; @@ -54,7 +54,7 @@ pub struct Pbkdf2Sha256 { } impl Pbkdf2Sha256 { - #[cfg(feature = "openssl")] + #[cfg(feature = "scram")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { use crate::common::scram::{ScramProvider, Sha256}; use crate::common::Password; From 0c426b4d17e654e061eddd777875544e0c881748 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Fri, 18 Jan 2019 00:26:41 +0100 Subject: [PATCH 8/9] Remove .unwrap() in SCRAM code. --- sasl/src/client/mechanisms/scram.rs | 8 ++++---- sasl/src/common/scram.rs | 22 +++++++++++++--------- sasl/src/server/mechanisms/scram.rs | 8 ++++---- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index abc5472ae8c7c5833322bb591c73b88156a3206d..a3bd35c97e8d8db6e649291e90abe14389b005c0 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -137,8 +137,8 @@ impl Mechanism for Scram { client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); let salted_password = S::derive(&self.password, &salt, iterations)?; - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_message); auth_message.push(b','); @@ -146,9 +146,9 @@ impl Mechanism for Scram { auth_message.push(b','); auth_message.extend(&client_final_message_bare); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut client_final_message = Vec::new(); client_final_message.extend(&client_final_message_bare); client_final_message.extend(b",p="); diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 405afafb752ae4d64c1ba525b9809fe66dba0b19..860e441d8f42908e1eabe9581c7c52aa8b9c5357 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -33,7 +33,7 @@ pub trait ScramProvider { fn hash(data: &[u8]) -> Vec; /// A function which performs an HMAC using the hash function. - fn hmac(data: &[u8], key: &[u8]) -> Vec; + fn hmac(data: &[u8], key: &[u8]) -> Result, String>; /// A function which does PBKDF2 key derivation using the hash function. fn derive(data: &Password, salt: &[u8], iterations: usize) -> Result, String>; @@ -43,7 +43,6 @@ pub trait ScramProvider { pub struct Sha1; impl ScramProvider for Sha1 { - // TODO: look at all these unwraps type Secret = secret::Pbkdf2Sha1; fn name() -> &'static str { @@ -57,14 +56,17 @@ impl ScramProvider for Sha1 { vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha1 = Hmac; - let mut mac = HmacSha1::new_varkey(key).unwrap(); + let mut mac = match HmacSha1::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha1_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -105,7 +107,6 @@ impl ScramProvider for Sha1 { pub struct Sha256; impl ScramProvider for Sha256 { - // TODO: look at all these unwraps type Secret = secret::Pbkdf2Sha256; fn name() -> &'static str { @@ -119,14 +120,17 @@ impl ScramProvider for Sha256 { vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha256 = Hmac; - let mut mac = HmacSha256::new_varkey(key).unwrap(); + let mut mac = match HmacSha256::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha256_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index ad027686c0274442682bd5b90a4e763bd1af0305..a53e97ed3c88bdb0d3c0d05b1fb1a49f64f1a356 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -150,8 +150,8 @@ where client_final_message_bare.extend(base64::encode(&cb_data).bytes()); client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_client_message); auth_message.extend(b","); @@ -159,7 +159,7 @@ where auth_message.extend(b","); auth_message.extend(client_final_message_bare.clone()); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); let sent_proof = frame.get("p").ok_or_else(|| "no proof".to_owned())?; let sent_proof = @@ -167,7 +167,7 @@ where if client_proof != sent_proof { return Err("authentication failed".to_owned()); } - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut buf = Vec::new(); buf.extend(b"v="); buf.extend(base64::encode(&server_signature).bytes()); From 4bc768c0168e543714f9264b90088ac74faba7d5 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:15:06 +0100 Subject: [PATCH 9/9] Bump version to 0.4.3. --- sasl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 284b8f9633784875a75293f789cadf877a0fde23..79483d7bd62ab77998b94cbd4d4901dbd6ed5fb3 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sasl" -version = "0.4.2" +version = "0.4.3" authors = ["lumi "] description = "A crate for SASL authentication. Currently only does the client side." homepage = "https://gitlab.com/lumi/sasl-rs"