Maxime “pep” Buquet created
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>sasl/Cargo.toml | 2 +-
sasl/src/client/mechanisms/scram.rs | 10 +++++-----
sasl/src/common/scram.rs | 4 ++--
sasl/src/server/mechanisms/scram.rs | 13 +++++++------
4 files changed, 15 insertions(+), 14 deletions(-)
@@ -20,7 +20,7 @@ scram = ["base64", "getrandom", "sha-1", "sha2", "hmac", "pbkdf2"]
anonymous = ["getrandom"]
[dependencies]
-base64 = { version = "0.20", optional = true }
+base64 = { version = "0.21", optional = true }
getrandom = { version = "0.2", optional = true }
sha-1 = { version = "0.10", optional = true }
sha2 = { version = "0.10", optional = true }
@@ -1,6 +1,6 @@
//! Provides the SASL "SCRAM-*" mechanisms and a way to implement more.
-use base64;
+use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::client::{Mechanism, MechanismError};
use crate::common::scram::{generate_nonce, ScramProvider};
@@ -122,7 +122,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let frame =
parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?;
let server_nonce = frame.get("r");
- let salt = frame.get("s").and_then(|v| base64::decode(v).ok());
+ let salt = frame.get("s").and_then(|v| Base64.decode(v).ok());
let iterations = frame.get("i").and_then(|v| v.parse().ok());
let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?;
let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?;
@@ -133,7 +133,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut cb_data: Vec<u8> = Vec::new();
cb_data.extend(gs2_header);
cb_data.extend(self.channel_binding.data());
- client_final_message_bare.extend(base64::encode(&cb_data).bytes());
+ client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes());
let salted_password = S::derive(&self.password, &salt, iterations)?;
@@ -152,7 +152,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut client_final_message = Vec::new();
client_final_message.extend(&client_final_message_bare);
client_final_message.extend(b",p=");
- client_final_message.extend(base64::encode(&client_proof).bytes());
+ client_final_message.extend(Base64.encode(&client_proof).bytes());
next_state = ScramState::GotServerData {
server_signature: server_signature,
};
@@ -172,7 +172,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
ScramState::GotServerData {
ref server_signature,
} => {
- if let Some(sig) = frame.get("v").and_then(|v| base64::decode(&v).ok()) {
+ if let Some(sig) = frame.get("v").and_then(|v| Base64.decode(&v).ok()) {
if sig == *server_signature {
Ok(())
} else {
@@ -8,13 +8,13 @@ use crate::common::Password;
use crate::secret;
-use base64;
+use base64::{engine::general_purpose::STANDARD as Base64, Engine};
/// Generate a nonce for SCRAM authentication.
pub fn generate_nonce() -> Result<String, RngError> {
let mut data = [0u8; 32];
getrandom(&mut data)?;
- Ok(base64::encode(&data))
+ Ok(Base64.encode(&data))
}
#[derive(Debug, PartialEq)]
@@ -1,6 +1,6 @@
use std::marker::PhantomData;
-use base64;
+use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::common::scram::{generate_nonce, ScramProvider};
use crate::common::{parse_frame, xor, ChannelBinding, Identity};
@@ -120,7 +120,7 @@ where
buf.extend(b"r=");
buf.extend(server_nonce.bytes());
buf.extend(b",s=");
- buf.extend(base64::encode(pbkdf2.salt()).bytes());
+ buf.extend(Base64.encode(pbkdf2.salt()).bytes());
buf.extend(b",i=");
buf.extend(pbkdf2.iterations().to_string().bytes());
ret = Response::Proceed(buf.clone());
@@ -148,7 +148,7 @@ where
cb_data.extend(self.channel_binding.data());
let mut client_final_message_bare = Vec::new();
client_final_message_bare.extend(b"c=");
- client_final_message_bare.extend(base64::encode(&cb_data).bytes());
+ client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes());
let client_key = S::hmac(b"Client Key", &salted_password)?;
@@ -163,15 +163,16 @@ where
let client_signature = S::hmac(&auth_message, &stored_key)?;
let client_proof = xor(&client_key, &client_signature);
let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?;
- let sent_proof =
- base64::decode(sent_proof).map_err(|_| MechanismError::CannotDecodeProof)?;
+ let sent_proof = Base64
+ .decode(sent_proof)
+ .map_err(|_| MechanismError::CannotDecodeProof)?;
if client_proof != sent_proof {
return Err(MechanismError::AuthenticationFailed);
}
let server_signature = S::hmac(&auth_message, &server_key)?;
let mut buf = Vec::new();
buf.extend(b"v=");
- buf.extend(base64::encode(&server_signature).bytes());
+ buf.extend(Base64.encode(&server_signature).bytes());
ret = Response::Success(identity.clone(), buf);
next_state = ScramState::Done;
}