xmpp-rs/sasl/src/lib.rs

//#![deny(missing_docs)]
#![cfg_attr(docsrs, feature(doc_cfg))]

//! This crate provides a framework for SASL authentication and a few authentication mechanisms.
//!
//! # Examples
//!
//! ## Simple client-sided usage
//!
//! ```rust
//! use sasl::client::Mechanism;
//! use sasl::common::Credentials;
//! use sasl::client::mechanisms::Plain;
//!
//! let creds = Credentials::default()
//!                         .with_username("user")
//!                         .with_password("pencil");
//!
//! let mut mechanism = Plain::from_credentials(creds).unwrap();
//!
//! let initial_data = mechanism.initial();
//!
//! assert_eq!(initial_data, b"\0user\0pencil");
//! ```
//!
//! ## More complex usage
//!
//! ```rust,ignore
//! #[macro_use] extern crate sasl;
//!
//! use sasl::server::{Validator, Provider, Mechanism as ServerMechanism, Response};
//! use sasl::server::{ValidatorError, ProviderError, MechanismError as ServerMechanismError};
//! use sasl::server::mechanisms::{Plain as ServerPlain, Scram as ServerScram};
//! use sasl::client::{Mechanism as ClientMechanism, MechanismError as ClientMechanismError};
//! use sasl::client::mechanisms::{Plain as ClientPlain, Scram as ClientScram};
//! use sasl::common::{Identity, Credentials, Password, ChannelBinding};
//! use sasl::common::scram::{ScramProvider, Sha1, Sha256};
//! use sasl::secret;
//!
//! const USERNAME: &'static str = "user";
//! const PASSWORD: &'static str = "pencil";
//! const SALT: [u8; 8] = [35, 71, 92, 105, 212, 219, 114, 93];
//! const ITERATIONS: u32 = 4096;
//!
//! struct MyValidator;
//!
//! impl Validator<secret::Plain> for MyValidator {
//!     fn validate(&self, identity: &Identity, value: &secret::Plain) -> Result<(), ValidatorError> {
//!         let &secret::Plain(ref password) = value;
//!         if identity != &Identity::Username(USERNAME.to_owned()) {
//!             Err(ValidatorError::AuthenticationFailed)
//!         }
//!         else if password != PASSWORD {
//!             Err(ValidatorError::AuthenticationFailed)
//!         }
//!         else {
//!             Ok(())
//!         }
//!     }
//! }
//!
//! impl Provider<secret::Pbkdf2Sha1> for MyValidator {
//!     fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha1, ProviderError> {
//!         if identity != &Identity::Username(USERNAME.to_owned()) {
//!             Err(ProviderError::AuthenticationFailed)
//!         }
//!         else {
//!             let digest = sasl::common::scram::Sha1::derive
//!                 ( &Password::Plain((PASSWORD.to_owned()))
//!                 , &SALT[..]
//!                 , ITERATIONS )?;
//!             Ok(secret::Pbkdf2Sha1 {
//!                 salt: SALT.to_vec(),
//!                 iterations: ITERATIONS,
//!                 digest: digest,
//!             })
//!         }
//!     }
//! }
//!
//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha1);
//!
//! impl Provider<secret::Pbkdf2Sha256> for MyValidator {
//!     fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha256, ProviderError> {
//!         if identity != &Identity::Username(USERNAME.to_owned()) {
//!             Err(ProviderError::AuthenticationFailed)
//!         }
//!         else {
//!             let digest = sasl::common::scram::Sha256::derive
//!                 ( &Password::Plain((PASSWORD.to_owned()))
//!                 , &SALT[..]
//!                 , ITERATIONS )?;
//!             Ok(secret::Pbkdf2Sha256 {
//!                 salt: SALT.to_vec(),
//!                 iterations: ITERATIONS,
//!                 digest: digest,
//!             })
//!         }
//!     }
//! }
//!
//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha256);
//!
//! #[derive(Debug, PartialEq)]
//! enum MechanismError {
//!     Client(ClientMechanismError),
//!     Server(ServerMechanismError),
//! }
//!
//! impl From<ClientMechanismError> for MechanismError {
//!     fn from(err: ClientMechanismError) -> MechanismError {
//!         MechanismError::Client(err)
//!     }
//! }
//!
//! impl From<ServerMechanismError> for MechanismError {
//!     fn from(err: ServerMechanismError) -> MechanismError {
//!         MechanismError::Server(err)
//!     }
//! }
//!
//! fn finish<CM, SM>(cm: &mut CM, sm: &mut SM) -> Result<Identity, MechanismError>
//!     where CM: ClientMechanism,
//!           SM: ServerMechanism {
//!     let init = cm.initial();
//!     println!("C: {}", String::from_utf8_lossy(&init));
//!     let mut resp = sm.respond(&init)?;
//!     loop {
//!         let msg;
//!         match resp {
//!             Response::Proceed(ref data) => {
//!                 println!("S: {}", String::from_utf8_lossy(&data));
//!                 msg = cm.response(data)?;
//!                 println!("C: {}", String::from_utf8_lossy(&msg));
//!             },
//!             _ => break,
//!         }
//!         resp = sm.respond(&msg)?;
//!     }
//!     if let Response::Success(ret, fin) = resp {
//!         println!("S: {}", String::from_utf8_lossy(&fin));
//!         cm.success(&fin)?;
//!         Ok(ret)
//!     }
//!     else {
//!         unreachable!();
//!     }
//! }
//!
//! fn main() {
//!     let mut mech = ServerPlain::new(MyValidator);
//!     let expected_response = Response::Success(Identity::Username("user".to_owned()), Vec::new());
//!     assert_eq!(mech.respond(b"\0user\0pencil"), Ok(expected_response));
//!
//!     let mut mech = ServerPlain::new(MyValidator);
//!     assert_eq!(mech.respond(b"\0user\0marker"), Err(ServerMechanismError::ValidatorError(ValidatorError::AuthenticationFailed)));
//!
//!     let creds = Credentials::default()
//!                             .with_username(USERNAME)
//!                             .with_password(PASSWORD);
//!     let mut client_mech = ClientPlain::from_credentials(creds.clone()).unwrap();
//!     let mut server_mech = ServerPlain::new(MyValidator);
//!
//!     assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
//!
//!     let mut client_mech = ClientScram::<Sha1>::from_credentials(creds.clone()).unwrap();
//!     let mut server_mech = ServerScram::<Sha1, _>::new(MyValidator, ChannelBinding::Unsupported);
//!
//!     assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
//!
//!     let mut client_mech = ClientScram::<Sha256>::from_credentials(creds.clone()).unwrap();
//!     let mut server_mech = ServerScram::<Sha256, _>::new(MyValidator, ChannelBinding::Unsupported);
//!
//!     assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));
//! }
//! ```
//!
//! # Usage
//!
//! You can use this in your crate by adding this under `dependencies` in your `Cargo.toml`:
//!
//! ```toml,ignore
//! sasl = "*"
//! ```

mod error;

pub mod client;
#[macro_use]
pub mod server;
pub mod common;
pub mod secret;

pub use crate::error::Error;
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//#![deny(missing_docs)]`
sasl: make docs.rs emit nice feature tags on feature-gated items 2024-04-20 07:13:03 +00:00			`#![cfg_attr(docsrs, feature(doc_cfg))]`
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00
			`//! This crate provides a framework for SASL authentication and a few authentication mechanisms.`
			`//!`
			`//! # Examples`
			`//!`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! ## Simple client-sided usage`
			`//!`
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			//! ```rust
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! use sasl::client::Mechanism;`
			`//! use sasl::common::Credentials;`
			`//! use sasl::client::mechanisms::Plain;`
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			`//!`
clean up naming, add advertising that the client thinks channel binding is unsupported 2017-03-07 16:02:57 +00:00			`//! let creds = Credentials::default()`
			`//! .with_username("user")`
			`//! .with_password("pencil");`
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			`//!`
			`//! let mut mechanism = Plain::from_credentials(creds).unwrap();`
			`//!`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! let initial_data = mechanism.initial();`
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			`//!`
			`//! assert_eq!(initial_data, b"\0user\0pencil");`
			//! ```
			`//!`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! ## More complex usage`
			`//!`
Check build without default features in ci-cd. 2022-05-20 16:24:36 +00:00			//! ```rust,ignore
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! #[macro_use] extern crate sasl;`
			`//!`
			`//! use sasl::server::{Validator, Provider, Mechanism as ServerMechanism, Response};`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! use sasl::server::{ValidatorError, ProviderError, MechanismError as ServerMechanismError};`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! use sasl::server::mechanisms::{Plain as ServerPlain, Scram as ServerScram};`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! use sasl::client::{Mechanism as ClientMechanism, MechanismError as ClientMechanismError};`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! use sasl::client::mechanisms::{Plain as ClientPlain, Scram as ClientScram};`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! use sasl::common::{Identity, Credentials, Password, ChannelBinding};`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! use sasl::common::scram::{ScramProvider, Sha1, Sha256};`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! use sasl::secret;`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
			`//! const USERNAME: &'static str = "user";`
			`//! const PASSWORD: &'static str = "pencil";`
			`//! const SALT: [u8; 8] = [35, 71, 92, 105, 212, 219, 114, 93];`
Bump RustCrypto crates 2020-06-21 23:19:24 +00:00			`//! const ITERATIONS: u32 = 4096;`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
			`//! struct MyValidator;`
			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! impl Validator<secret::Plain> for MyValidator {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! fn validate(&self, identity: &Identity, value: &secret::Plain) -> Result<(), ValidatorError> {`
more API simplifications 2017-03-25 22:45:30 +00:00			`//! let &secret::Plain(ref password) = value;`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! if identity != &Identity::Username(USERNAME.to_owned()) {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! Err(ValidatorError::AuthenticationFailed)`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! }`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! else if password != PASSWORD {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! Err(ValidatorError::AuthenticationFailed)`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! }`
			`//! else {`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! Ok(())`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! }`
			`//! }`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! }`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! impl Provider<secret::Pbkdf2Sha1> for MyValidator {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha1, ProviderError> {`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! if identity != &Identity::Username(USERNAME.to_owned()) {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! Err(ProviderError::AuthenticationFailed)`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! }`
			`//! else {`
			`//! let digest = sasl::common::scram::Sha1::derive`
			`//! ( &Password::Plain((PASSWORD.to_owned()))`
			`//! , &SALT[..]`
			`//! , ITERATIONS )?;`
more API simplifications 2017-03-25 22:45:30 +00:00			`//! Ok(secret::Pbkdf2Sha1 {`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! salt: SALT.to_vec(),`
			`//! iterations: ITERATIONS,`
			`//! digest: digest,`
			`//! })`
			`//! }`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! }`
			`//! }`
			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha1);`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! impl Provider<secret::Pbkdf2Sha256> for MyValidator {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! fn provide(&self, identity: &Identity) -> Result<secret::Pbkdf2Sha256, ProviderError> {`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! if identity != &Identity::Username(USERNAME.to_owned()) {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! Err(ProviderError::AuthenticationFailed)`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! }`
			`//! else {`
			`//! let digest = sasl::common::scram::Sha256::derive`
			`//! ( &Password::Plain((PASSWORD.to_owned()))`
			`//! , &SALT[..]`
			`//! , ITERATIONS )?;`
more API simplifications 2017-03-25 22:45:30 +00:00			`//! Ok(secret::Pbkdf2Sha256 {`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! salt: SALT.to_vec(),`
			`//! iterations: ITERATIONS,`
			`//! digest: digest,`
			`//! })`
			`//! }`
			`//! }`
			`//! }`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! impl_validator_using_provider!(MyValidator, secret::Pbkdf2Sha256);`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! #[derive(Debug, PartialEq)]`
			`//! enum MechanismError {`
			`//! Client(ClientMechanismError),`
			`//! Server(ServerMechanismError),`
			`//! }`
			`//!`
			`//! impl From<ClientMechanismError> for MechanismError {`
			`//! fn from(err: ClientMechanismError) -> MechanismError {`
			`//! MechanismError::Client(err)`
			`//! }`
			`//! }`
			`//!`
			`//! impl From<ServerMechanismError> for MechanismError {`
			`//! fn from(err: ServerMechanismError) -> MechanismError {`
			`//! MechanismError::Server(err)`
			`//! }`
			`//! }`
			`//!`
			`//! fn finish<CM, SM>(cm: &mut CM, sm: &mut SM) -> Result<Identity, MechanismError>`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! where CM: ClientMechanism,`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! SM: ServerMechanism {`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! let init = cm.initial();`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//! println!("C: {}", String::from_utf8_lossy(&init));`
			`//! let mut resp = sm.respond(&init)?;`
			`//! loop {`
			`//! let msg;`
			`//! match resp {`
			`//! Response::Proceed(ref data) => {`
			`//! println!("S: {}", String::from_utf8_lossy(&data));`
			`//! msg = cm.response(data)?;`
			`//! println!("C: {}", String::from_utf8_lossy(&msg));`
			`//! },`
			`//! _ => break,`
			`//! }`
			`//! resp = sm.respond(&msg)?;`
			`//! }`
			`//! if let Response::Success(ret, fin) = resp {`
			`//! println!("S: {}", String::from_utf8_lossy(&fin));`
			`//! cm.success(&fin)?;`
			`//! Ok(ret)`
			`//! }`
			`//! else {`
			`//! unreachable!();`
			`//! }`
			`//! }`
			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! fn main() {`
			`//! let mut mech = ServerPlain::new(MyValidator);`
			`//! let expected_response = Response::Success(Identity::Username("user".to_owned()), Vec::new());`
			`//! assert_eq!(mech.respond(b"\0user\0pencil"), Ok(expected_response));`
			`//!`
			`//! let mut mech = ServerPlain::new(MyValidator);`
Use error structs for errors instead of plain strings. 2020-05-15 11:48:27 +00:00			`//! assert_eq!(mech.respond(b"\0user\0marker"), Err(ServerMechanismError::ValidatorError(ValidatorError::AuthenticationFailed)));`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! let creds = Credentials::default()`
			`//! .with_username(USERNAME)`
			`//! .with_password(PASSWORD);`
			`//! let mut client_mech = ClientPlain::from_credentials(creds.clone()).unwrap();`
			`//! let mut server_mech = ServerPlain::new(MyValidator);`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! let mut client_mech = ClientScram::<Sha1>::from_credentials(creds.clone()).unwrap();`
			`//! let mut server_mech = ServerScram::<Sha1, _>::new(MyValidator, ChannelBinding::Unsupported);`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`//!`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`//! let mut client_mech = ClientScram::<Sha256>::from_credentials(creds.clone()).unwrap();`
			`//! let mut server_mech = ServerScram::<Sha256, _>::new(MyValidator, ChannelBinding::Unsupported);`
			`//!`
			`//! assert_eq!(finish(&mut client_mech, &mut server_mech), Ok(Identity::Username(USERNAME.to_owned())));`
			`//! }`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			//! ```
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			`//!`
			`//! # Usage`
			`//!`
			//! You can use this in your crate by adding this under `dependencies` in your `Cargo.toml`:
			`//!`
			//! ```toml,ignore
			`//! sasl = "*"`
			//! ```
initial commit 2017-02-27 15:08:09 +00:00
#![deny(missing_docs)] and lots of documentation 2017-02-28 12:05:17 +00:00			`mod error;`

initial work towards server-side support 2017-03-16 19:04:22 +00:00			`pub mod client;`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`#[macro_use]`
initial work towards server-side support 2017-03-16 19:04:22 +00:00			`pub mod server;`
clean up lots of things, server-side API improved 2017-03-25 22:15:34 +00:00			`pub mod common;`
			`pub mod secret;`
cleaned up channel binding logic, cleaned up SaslCredentials, updated documentation 2017-03-07 14:02:38 +00:00
Update to Edition 2018. 2019-01-17 21:54:32 +00:00			`pub use crate::error::Error;`