sasl: Update base64 to 0.21
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
parent
2e3004f89e
commit
6efc67a198
4 changed files with 15 additions and 14 deletions
|
@ -20,7 +20,7 @@ scram = ["base64", "getrandom", "sha-1", "sha2", "hmac", "pbkdf2"]
|
|||
anonymous = ["getrandom"]
|
||||
|
||||
[dependencies]
|
||||
base64 = { version = "0.20", optional = true }
|
||||
base64 = { version = "0.21", optional = true }
|
||||
getrandom = { version = "0.2", optional = true }
|
||||
sha-1 = { version = "0.10", optional = true }
|
||||
sha2 = { version = "0.10", optional = true }
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
//! Provides the SASL "SCRAM-*" mechanisms and a way to implement more.
|
||||
|
||||
use base64;
|
||||
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
|
||||
|
||||
use crate::client::{Mechanism, MechanismError};
|
||||
use crate::common::scram::{generate_nonce, ScramProvider};
|
||||
|
@ -122,7 +122,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
|||
let frame =
|
||||
parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?;
|
||||
let server_nonce = frame.get("r");
|
||||
let salt = frame.get("s").and_then(|v| base64::decode(v).ok());
|
||||
let salt = frame.get("s").and_then(|v| Base64.decode(v).ok());
|
||||
let iterations = frame.get("i").and_then(|v| v.parse().ok());
|
||||
let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?;
|
||||
let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?;
|
||||
|
@ -133,7 +133,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
|||
let mut cb_data: Vec<u8> = Vec::new();
|
||||
cb_data.extend(gs2_header);
|
||||
cb_data.extend(self.channel_binding.data());
|
||||
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
|
||||
client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
|
||||
client_final_message_bare.extend(b",r=");
|
||||
client_final_message_bare.extend(server_nonce.bytes());
|
||||
let salted_password = S::derive(&self.password, &salt, iterations)?;
|
||||
|
@ -152,7 +152,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
|||
let mut client_final_message = Vec::new();
|
||||
client_final_message.extend(&client_final_message_bare);
|
||||
client_final_message.extend(b",p=");
|
||||
client_final_message.extend(base64::encode(&client_proof).bytes());
|
||||
client_final_message.extend(Base64.encode(&client_proof).bytes());
|
||||
next_state = ScramState::GotServerData {
|
||||
server_signature: server_signature,
|
||||
};
|
||||
|
@ -172,7 +172,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
|||
ScramState::GotServerData {
|
||||
ref server_signature,
|
||||
} => {
|
||||
if let Some(sig) = frame.get("v").and_then(|v| base64::decode(&v).ok()) {
|
||||
if let Some(sig) = frame.get("v").and_then(|v| Base64.decode(&v).ok()) {
|
||||
if sig == *server_signature {
|
||||
Ok(())
|
||||
} else {
|
||||
|
|
|
@ -8,13 +8,13 @@ use crate::common::Password;
|
|||
|
||||
use crate::secret;
|
||||
|
||||
use base64;
|
||||
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
|
||||
|
||||
/// Generate a nonce for SCRAM authentication.
|
||||
pub fn generate_nonce() -> Result<String, RngError> {
|
||||
let mut data = [0u8; 32];
|
||||
getrandom(&mut data)?;
|
||||
Ok(base64::encode(&data))
|
||||
Ok(Base64.encode(&data))
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use std::marker::PhantomData;
|
||||
|
||||
use base64;
|
||||
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
|
||||
|
||||
use crate::common::scram::{generate_nonce, ScramProvider};
|
||||
use crate::common::{parse_frame, xor, ChannelBinding, Identity};
|
||||
|
@ -120,7 +120,7 @@ where
|
|||
buf.extend(b"r=");
|
||||
buf.extend(server_nonce.bytes());
|
||||
buf.extend(b",s=");
|
||||
buf.extend(base64::encode(pbkdf2.salt()).bytes());
|
||||
buf.extend(Base64.encode(pbkdf2.salt()).bytes());
|
||||
buf.extend(b",i=");
|
||||
buf.extend(pbkdf2.iterations().to_string().bytes());
|
||||
ret = Response::Proceed(buf.clone());
|
||||
|
@ -148,7 +148,7 @@ where
|
|||
cb_data.extend(self.channel_binding.data());
|
||||
let mut client_final_message_bare = Vec::new();
|
||||
client_final_message_bare.extend(b"c=");
|
||||
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
|
||||
client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
|
||||
client_final_message_bare.extend(b",r=");
|
||||
client_final_message_bare.extend(server_nonce.bytes());
|
||||
let client_key = S::hmac(b"Client Key", &salted_password)?;
|
||||
|
@ -163,15 +163,16 @@ where
|
|||
let client_signature = S::hmac(&auth_message, &stored_key)?;
|
||||
let client_proof = xor(&client_key, &client_signature);
|
||||
let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?;
|
||||
let sent_proof =
|
||||
base64::decode(sent_proof).map_err(|_| MechanismError::CannotDecodeProof)?;
|
||||
let sent_proof = Base64
|
||||
.decode(sent_proof)
|
||||
.map_err(|_| MechanismError::CannotDecodeProof)?;
|
||||
if client_proof != sent_proof {
|
||||
return Err(MechanismError::AuthenticationFailed);
|
||||
}
|
||||
let server_signature = S::hmac(&auth_message, &server_key)?;
|
||||
let mut buf = Vec::new();
|
||||
buf.extend(b"v=");
|
||||
buf.extend(base64::encode(&server_signature).bytes());
|
||||
buf.extend(Base64.encode(&server_signature).bytes());
|
||||
ret = Response::Success(identity.clone(), buf);
|
||||
next_state = ScramState::Done;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue