From a0c513f309ddfde1fbb0d64ed35631ad156312a3 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 22:44:22 +0100 Subject: [PATCH 1/9] Update base64. --- sasl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 46e5717..af0f340 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -18,7 +18,7 @@ default = ["scram"] scram = ["openssl"] [dependencies] -base64 = "0.9.1" +base64 = "0.10" [dependencies.openssl] version = "0.10.7" From 03923d488578e3474f0c1b3a1377b576c0bf73be Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 22:54:32 +0100 Subject: [PATCH 2/9] Update to Edition 2018. --- sasl/Cargo.toml | 1 + sasl/src/client/mechanisms/anonymous.rs | 4 ++-- sasl/src/client/mechanisms/plain.rs | 4 ++-- sasl/src/client/mechanisms/scram.rs | 14 +++++++------- sasl/src/client/mod.rs | 2 +- sasl/src/common/scram.rs | 4 ++-- sasl/src/lib.rs | 7 +------ sasl/src/secret.rs | 8 ++++---- sasl/src/server/mechanisms/plain.rs | 6 +++--- sasl/src/server/mechanisms/scram.rs | 10 +++++----- sasl/src/server/mod.rs | 4 ++-- 11 files changed, 30 insertions(+), 34 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index af0f340..225e9f7 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -9,6 +9,7 @@ documentation = "https://docs.rs/sasl" readme = "README.md" keywords = ["sasl", "authentication"] license = "LGPL-3.0+" +edition = "2018" [badges] gitlab = { repository = "lumi/sasl-rs" } diff --git a/sasl/src/client/mechanisms/anonymous.rs b/sasl/src/client/mechanisms/anonymous.rs index 4be4d87..6c5c7de 100644 --- a/sasl/src/client/mechanisms/anonymous.rs +++ b/sasl/src/client/mechanisms/anonymous.rs @@ -1,7 +1,7 @@ //! Provides the SASL "ANONYMOUS" mechanism. -use client::Mechanism; -use common::{Secret, Credentials}; +use crate::client::Mechanism; +use crate::common::{Secret, Credentials}; /// A struct for the SASL ANONYMOUS mechanism. pub struct Anonymous; diff --git a/sasl/src/client/mechanisms/plain.rs b/sasl/src/client/mechanisms/plain.rs index d4eeadf..213fb78 100644 --- a/sasl/src/client/mechanisms/plain.rs +++ b/sasl/src/client/mechanisms/plain.rs @@ -1,7 +1,7 @@ //! Provides the SASL "PLAIN" mechanism. -use client::Mechanism; -use common::{Secret, Credentials, Password, Identity}; +use crate::client::Mechanism; +use crate::common::{Secret, Credentials, Password, Identity}; /// A struct for the SASL PLAIN mechanism. pub struct Plain { diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index 0c1ef3f..fb2d696 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -2,11 +2,11 @@ use base64; -use client::Mechanism; -use common::{ChannelBinding, parse_frame, xor, Password, Credentials, Secret, Identity}; -use common::scram::{ScramProvider, generate_nonce}; +use crate::client::Mechanism; +use crate::common::{ChannelBinding, parse_frame, xor, Password, Credentials, Secret, Identity}; +use crate::common::scram::{ScramProvider, generate_nonce}; -use error::Error; +use crate::error::Error; use std::marker::PhantomData; @@ -168,9 +168,9 @@ impl Mechanism for Scram { #[cfg(test)] mod tests { - use client::Mechanism; - use client::mechanisms::Scram; - use common::scram::{Sha1, Sha256}; + use crate::client::Mechanism; + use crate::client::mechanisms::Scram; + use crate::common::scram::{Sha1, Sha256}; #[test] fn scram_sha1_works() { // Source: https://wiki.xmpp.org/web/SASLandSCRAM-SHA-1 diff --git a/sasl/src/client/mod.rs b/sasl/src/client/mod.rs index 6e69e47..a6cd093 100644 --- a/sasl/src/client/mod.rs +++ b/sasl/src/client/mod.rs @@ -1,4 +1,4 @@ -use common::Credentials; +use crate::common::Credentials; /// A trait which defines SASL mechanisms. pub trait Mechanism { diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index f9bae91..94d8bd6 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -6,9 +6,9 @@ use openssl::pkey::PKey; use openssl::rand::rand_bytes; use openssl::error::ErrorStack; -use common::Password; +use crate::common::Password; -use secret; +use crate::secret; use base64; diff --git a/sasl/src/lib.rs b/sasl/src/lib.rs index 87ce976..4aa8265 100644 --- a/sasl/src/lib.rs +++ b/sasl/src/lib.rs @@ -163,11 +163,6 @@ //! sasl = "*" //! ``` -extern crate base64; - -#[cfg(feature = "scram")] -extern crate openssl; - mod error; pub mod client; @@ -175,4 +170,4 @@ pub mod client; pub mod common; pub mod secret; -pub use error::Error; +pub use crate::error::Error; diff --git a/sasl/src/secret.rs b/sasl/src/secret.rs index dc6c112..eb915c4 100644 --- a/sasl/src/secret.rs +++ b/sasl/src/secret.rs @@ -21,8 +21,8 @@ pub struct Pbkdf2Sha1 { impl Pbkdf2Sha1 { #[cfg(feature = "openssl")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { - use common::scram::{ScramProvider, Sha1}; - use common::Password; + use crate::common::scram::{ScramProvider, Sha1}; + use crate::common::Password; let digest = Sha1::derive(&Password::Plain(password.to_owned()), salt, iterations)?; Ok(Pbkdf2Sha1 { salt: salt.to_vec(), @@ -50,8 +50,8 @@ pub struct Pbkdf2Sha256 { impl Pbkdf2Sha256 { #[cfg(feature = "openssl")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { - use common::scram::{ScramProvider, Sha256}; - use common::Password; + use crate::common::scram::{ScramProvider, Sha256}; + use crate::common::Password; let digest = Sha256::derive(&Password::Plain(password.to_owned()), salt, iterations)?; Ok(Pbkdf2Sha256 { salt: salt.to_vec(), diff --git a/sasl/src/server/mechanisms/plain.rs b/sasl/src/server/mechanisms/plain.rs index 95b16b5..48d6a69 100644 --- a/sasl/src/server/mechanisms/plain.rs +++ b/sasl/src/server/mechanisms/plain.rs @@ -1,6 +1,6 @@ -use server::{Validator, Response, Mechanism}; -use common::Identity; -use secret; +use crate::server::{Validator, Response, Mechanism}; +use crate::common::Identity; +use crate::secret; pub struct Plain> { validator: V, diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index f6c8f8e..a595d38 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -2,11 +2,11 @@ use std::marker::PhantomData; use base64; -use server::{Provider, Response, Mechanism}; -use common::{Identity, ChannelBinding, parse_frame, xor}; -use common::scram::{ScramProvider, generate_nonce}; -use secret; -use secret::Pbkdf2Secret; +use crate::server::{Provider, Response, Mechanism}; +use crate::common::{Identity, ChannelBinding, parse_frame, xor}; +use crate::common::scram::{ScramProvider, generate_nonce}; +use crate::secret; +use crate::secret::Pbkdf2Secret; enum ScramState { Init, diff --git a/sasl/src/server/mod.rs b/sasl/src/server/mod.rs index 926ed98..68fff98 100644 --- a/sasl/src/server/mod.rs +++ b/sasl/src/server/mod.rs @@ -1,5 +1,5 @@ -use common::Identity; -use secret::Secret; +use crate::common::Identity; +use crate::secret::Secret; #[macro_export] macro_rules! impl_validator_using_provider { From a661868099f3521601f259405668353d1de5cb79 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:32:39 +0100 Subject: [PATCH 3/9] Switch to RustCrypto for hashes. --- sasl/Cargo.toml | 2 ++ sasl/src/common/scram.rs | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 225e9f7..8fc9bfc 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -20,6 +20,8 @@ scram = ["openssl"] [dependencies] base64 = "0.10" +sha-1 = "0.8" +sha2 = "0.8" [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 94d8bd6..e087fb3 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,10 +1,11 @@ use openssl::pkcs5::pbkdf2_hmac; -use openssl::hash::hash; use openssl::hash::MessageDigest; use openssl::sign::Signer; use openssl::pkey::PKey; use openssl::rand::rand_bytes; use openssl::error::ErrorStack; +use sha1::{Sha1 as Sha1_hash, Digest}; +use sha2::Sha256 as Sha256_hash; use crate::common::Password; @@ -46,7 +47,10 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps fn name() -> &'static str { "SHA-1" } fn hash(data: &[u8]) -> Vec { - hash(MessageDigest::sha1(), data).unwrap().to_vec() + let hash = Sha1_hash::digest(data); + let mut vec = Vec::with_capacity(Sha1_hash::output_size()); + vec.extend_from_slice(hash.as_slice()); + vec } fn hmac(data: &[u8], key: &[u8]) -> Vec { @@ -90,7 +94,10 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps fn name() -> &'static str { "SHA-256" } fn hash(data: &[u8]) -> Vec { - hash(MessageDigest::sha256(), data).unwrap().to_vec() + let hash = Sha256_hash::digest(data); + let mut vec = Vec::with_capacity(Sha256_hash::output_size()); + vec.extend_from_slice(hash.as_slice()); + vec } fn hmac(data: &[u8], key: &[u8]) -> Vec { From 4a94ac3fe7680495c6b90315033cc2439e7e92bf Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:40:46 +0100 Subject: [PATCH 4/9] Switch to RustCrypto for Hmac. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 25 +++++++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 8fc9bfc..663b103 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -22,6 +22,7 @@ scram = ["openssl"] base64 = "0.10" sha-1 = "0.8" sha2 = "0.8" +hmac = "0.7" [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index e087fb3..6d15322 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,11 +1,10 @@ use openssl::pkcs5::pbkdf2_hmac; use openssl::hash::MessageDigest; -use openssl::sign::Signer; -use openssl::pkey::PKey; use openssl::rand::rand_bytes; use openssl::error::ErrorStack; use sha1::{Sha1 as Sha1_hash, Digest}; use sha2::Sha256 as Sha256_hash; +use hmac::{Hmac, Mac}; use crate::common::Password; @@ -54,10 +53,13 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha1(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha1 = Hmac; + let mut mac = HmacSha1::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha1_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -101,10 +103,13 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps } fn hmac(data: &[u8], key: &[u8]) -> Vec { - let pkey = PKey::hmac(key).unwrap(); - let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - signer.update(data).unwrap(); - signer.sign_to_vec().unwrap() + type HmacSha256 = Hmac; + let mut mac = HmacSha256::new_varkey(key).unwrap(); + mac.input(data); + let result = mac.result(); + let mut vec = Vec::with_capacity(Sha256_hash::output_size()); + vec.extend_from_slice(result.code().as_slice()); + vec } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { From 288a2a04895792084db5f2c19fa987c4b6548d97 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:53:29 +0100 Subject: [PATCH 5/9] Switch to rand_os for random bytes. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 10 +++++----- sasl/src/error.rs | 12 ++++++------ 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 663b103..9152711 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -20,6 +20,7 @@ scram = ["openssl"] [dependencies] base64 = "0.10" +rand_os = "0.1" sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 6d15322..f8bd070 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,7 +1,6 @@ use openssl::pkcs5::pbkdf2_hmac; use openssl::hash::MessageDigest; -use openssl::rand::rand_bytes; -use openssl::error::ErrorStack; +use rand_os::{OsRng, rand_core::{RngCore, Error as RngError}}; use sha1::{Sha1 as Sha1_hash, Digest}; use sha2::Sha256 as Sha256_hash; use hmac::{Hmac, Mac}; @@ -13,9 +12,10 @@ use crate::secret; use base64; /// Generate a nonce for SCRAM authentication. -pub fn generate_nonce() -> Result { - let mut data = vec![0; 32]; - rand_bytes(&mut data)?; +pub fn generate_nonce() -> Result { + let mut data = [0u8; 32]; + let mut rng = OsRng::new()?; + rng.fill_bytes(&mut data); Ok(base64::encode(&data)) } diff --git a/sasl/src/error.rs b/sasl/src/error.rs index 6d79df2..b528707 100644 --- a/sasl/src/error.rs +++ b/sasl/src/error.rs @@ -1,19 +1,19 @@ #[cfg(feature = "scram")] -use openssl::error::ErrorStack; +use rand_os::rand_core::Error as RngError; /// A wrapper enum for things that could go wrong in this crate. #[derive(Debug)] pub enum Error { #[cfg(feature = "scram")] - /// An error in OpenSSL. - OpenSslErrorStack(ErrorStack), + /// An error while initializing the Rng. + RngError(RngError), /// An error in a SASL mechanism. SaslError(String), } #[cfg(feature = "scram")] -impl From for Error { - fn from(err: ErrorStack) -> Error { - Error::OpenSslErrorStack(err) +impl From for Error { + fn from(err: RngError) -> Error { + Error::RngError(err) } } From 511eb47be9fbc78c29e7388f7bf5713efc213a02 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:59:31 +0100 Subject: [PATCH 6/9] Switch to RustCrypto for pbkdf2. --- sasl/Cargo.toml | 1 + sasl/src/common/scram.rs | 7 +++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 9152711..10c12e9 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -24,6 +24,7 @@ rand_os = "0.1" sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" +pbkdf2 = { version = "0.3", default-features = false } [dependencies.openssl] version = "0.10.7" diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index f8bd070..cc48b43 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -1,9 +1,8 @@ -use openssl::pkcs5::pbkdf2_hmac; -use openssl::hash::MessageDigest; use rand_os::{OsRng, rand_core::{RngCore, Error as RngError}}; use sha1::{Sha1 as Sha1_hash, Digest}; use sha2::Sha256 as Sha256_hash; use hmac::{Hmac, Mac}; +use pbkdf2::pbkdf2; use crate::common::Password; @@ -66,7 +65,7 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps match *password { Password::Plain(ref plain) => { let mut result = vec![0; 20]; - pbkdf2_hmac(plain.as_bytes(), salt, iterations, MessageDigest::sha1(), &mut result).unwrap(); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); Ok(result) }, Password::Pbkdf2 { ref method, salt: ref my_salt, iterations: my_iterations, ref data } => { @@ -116,7 +115,7 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps match *password { Password::Plain(ref plain) => { let mut result = vec![0; 32]; - pbkdf2_hmac(plain.as_bytes(), salt, iterations, MessageDigest::sha256(), &mut result).unwrap(); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); Ok(result) }, Password::Pbkdf2 { ref method, salt: ref my_salt, iterations: my_iterations, ref data } => { From 16b416a6d0ff773f689512058fb74ebb9fac7664 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Fri, 18 Jan 2019 00:04:14 +0100 Subject: [PATCH 7/9] Remove the openssl dependency, fixes #4. --- sasl/Cargo.toml | 6 +----- sasl/src/secret.rs | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 10c12e9..284b8f9 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -16,7 +16,7 @@ gitlab = { repository = "lumi/sasl-rs" } [features] default = ["scram"] -scram = ["openssl"] +scram = [] [dependencies] base64 = "0.10" @@ -25,7 +25,3 @@ sha-1 = "0.8" sha2 = "0.8" hmac = "0.7" pbkdf2 = { version = "0.3", default-features = false } - -[dependencies.openssl] -version = "0.10.7" -optional = true diff --git a/sasl/src/secret.rs b/sasl/src/secret.rs index eb915c4..fe329ca 100644 --- a/sasl/src/secret.rs +++ b/sasl/src/secret.rs @@ -19,7 +19,7 @@ pub struct Pbkdf2Sha1 { } impl Pbkdf2Sha1 { - #[cfg(feature = "openssl")] + #[cfg(feature = "scram")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { use crate::common::scram::{ScramProvider, Sha1}; use crate::common::Password; @@ -48,7 +48,7 @@ pub struct Pbkdf2Sha256 { } impl Pbkdf2Sha256 { - #[cfg(feature = "openssl")] + #[cfg(feature = "scram")] pub fn derive(password: &str, salt: &[u8], iterations: usize) -> Result { use crate::common::scram::{ScramProvider, Sha256}; use crate::common::Password; From 0fddc9c7179882f309c876b2facba2d167f75faf Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Fri, 18 Jan 2019 00:26:41 +0100 Subject: [PATCH 8/9] Remove .unwrap() in SCRAM code. --- sasl/src/client/mechanisms/scram.rs | 8 ++++---- sasl/src/common/scram.rs | 24 +++++++++++++++--------- sasl/src/server/mechanisms/scram.rs | 8 ++++---- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index fb2d696..58eb2be 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -118,8 +118,8 @@ impl Mechanism for Scram { client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); let salted_password = S::derive(&self.password, &salt, iterations)?; - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_message); auth_message.push(b','); @@ -127,9 +127,9 @@ impl Mechanism for Scram { auth_message.push(b','); auth_message.extend(&client_final_message_bare); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut client_final_message = Vec::new(); client_final_message.extend(&client_final_message_bare); client_final_message.extend(b",p="); diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index cc48b43..975c95b 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -30,7 +30,7 @@ pub trait ScramProvider { fn hash(data: &[u8]) -> Vec; /// A function which performs an HMAC using the hash function. - fn hmac(data: &[u8], key: &[u8]) -> Vec; + fn hmac(data: &[u8], key: &[u8]) -> Result, String>; /// A function which does PBKDF2 key derivation using the hash function. fn derive(data: &Password, salt: &[u8], iterations: usize) -> Result, String>; @@ -39,7 +39,7 @@ pub trait ScramProvider { /// A `ScramProvider` which provides SCRAM-SHA-1 and SCRAM-SHA-1-PLUS pub struct Sha1; -impl ScramProvider for Sha1 { // TODO: look at all these unwraps +impl ScramProvider for Sha1 { type Secret = secret::Pbkdf2Sha1; fn name() -> &'static str { "SHA-1" } @@ -51,14 +51,17 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha1 = Hmac; - let mut mac = HmacSha1::new_varkey(key).unwrap(); + let mut mac = match HmacSha1::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha1_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -89,7 +92,7 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps /// A `ScramProvider` which provides SCRAM-SHA-256 and SCRAM-SHA-256-PLUS pub struct Sha256; -impl ScramProvider for Sha256 { // TODO: look at all these unwraps +impl ScramProvider for Sha256 { type Secret = secret::Pbkdf2Sha256; fn name() -> &'static str { "SHA-256" } @@ -101,14 +104,17 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha256 = Hmac; - let mut mac = HmacSha256::new_varkey(key).unwrap(); + let mut mac = match HmacSha256::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha256_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index a595d38..920b095 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -134,8 +134,8 @@ impl Mechanism for Scram client_final_message_bare.extend(base64::encode(&cb_data).bytes()); client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_client_message); auth_message.extend(b","); @@ -143,14 +143,14 @@ impl Mechanism for Scram auth_message.extend(b","); auth_message.extend(client_final_message_bare.clone()); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); let sent_proof = frame.get("p").ok_or_else(|| "no proof".to_owned())?; let sent_proof = base64::decode(sent_proof).map_err(|_| "can't decode proof".to_owned())?; if client_proof != sent_proof { return Err("authentication failed".to_owned()); } - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut buf = Vec::new(); buf.extend(b"v="); buf.extend(base64::encode(&server_signature).bytes()); From bdd65539dbf2de08b113358e6575767fdcf50316 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Thu, 17 Jan 2019 23:15:06 +0100 Subject: [PATCH 9/9] Bump version to 0.4.3. --- sasl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 284b8f9..79483d7 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sasl" -version = "0.4.2" +version = "0.4.3" authors = ["lumi "] description = "A crate for SASL authentication. Currently only does the client side." homepage = "https://gitlab.com/lumi/sasl-rs"