From 392b1c66b1ffce9fa9f744de08bd61824f5a8543 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:40:46 +0100 Subject: [PATCH] Switch to RustCrypto for Hmac. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 25 +++++++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 8fc9bfc..663b103 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -22,6 +22,7 @@ scram = ["openssl"] base64 = "0.10" sha-1 = "0.8" sha2 = "0.8" +hmac = "0.7" [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index ab5dd94..6b88e02 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,9 +1,8 @@ +use hmac::{Hmac, Mac}; use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; -use openssl::pkey::PKey; use openssl::rand::rand_bytes; -use openssl::sign::Signer; use sha1::{Digest, Sha1 as Sha1_hash}; use sha2::Sha256 as Sha256_hash; @@ -57,10 +56,13 @@ impl ScramProvider for Sha1 { } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha1(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha1 = Hmac; + let mut mac = HmacSha1::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha1_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -123,10 +125,13 @@ impl ScramProvider for Sha256 { } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha256 = Hmac; + let mut mac = HmacSha256::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha256_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> {