sasl: Update base64 to 0.21

Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2023-08-20 21:18:49 +02:00
parent 2e3004f89e
commit 6efc67a198
4 changed files with 15 additions and 14 deletions

View file

@ -20,7 +20,7 @@ scram = ["base64", "getrandom", "sha-1", "sha2", "hmac", "pbkdf2"]
anonymous = ["getrandom"]
[dependencies]
base64 = { version = "0.20", optional = true }
base64 = { version = "0.21", optional = true }
getrandom = { version = "0.2", optional = true }
sha-1 = { version = "0.10", optional = true }
sha2 = { version = "0.10", optional = true }

View file

@ -1,6 +1,6 @@
//! Provides the SASL "SCRAM-*" mechanisms and a way to implement more.
use base64;
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::client::{Mechanism, MechanismError};
use crate::common::scram::{generate_nonce, ScramProvider};
@ -122,7 +122,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let frame =
parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?;
let server_nonce = frame.get("r");
let salt = frame.get("s").and_then(|v| base64::decode(v).ok());
let salt = frame.get("s").and_then(|v| Base64.decode(v).ok());
let iterations = frame.get("i").and_then(|v| v.parse().ok());
let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?;
let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?;
@ -133,7 +133,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut cb_data: Vec<u8> = Vec::new();
cb_data.extend(gs2_header);
cb_data.extend(self.channel_binding.data());
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes());
let salted_password = S::derive(&self.password, &salt, iterations)?;
@ -152,7 +152,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut client_final_message = Vec::new();
client_final_message.extend(&client_final_message_bare);
client_final_message.extend(b",p=");
client_final_message.extend(base64::encode(&client_proof).bytes());
client_final_message.extend(Base64.encode(&client_proof).bytes());
next_state = ScramState::GotServerData {
server_signature: server_signature,
};
@ -172,7 +172,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
ScramState::GotServerData {
ref server_signature,
} => {
if let Some(sig) = frame.get("v").and_then(|v| base64::decode(&v).ok()) {
if let Some(sig) = frame.get("v").and_then(|v| Base64.decode(&v).ok()) {
if sig == *server_signature {
Ok(())
} else {

View file

@ -8,13 +8,13 @@ use crate::common::Password;
use crate::secret;
use base64;
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
/// Generate a nonce for SCRAM authentication.
pub fn generate_nonce() -> Result<String, RngError> {
let mut data = [0u8; 32];
getrandom(&mut data)?;
Ok(base64::encode(&data))
Ok(Base64.encode(&data))
}
#[derive(Debug, PartialEq)]

View file

@ -1,6 +1,6 @@
use std::marker::PhantomData;
use base64;
use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::common::scram::{generate_nonce, ScramProvider};
use crate::common::{parse_frame, xor, ChannelBinding, Identity};
@ -120,7 +120,7 @@ where
buf.extend(b"r=");
buf.extend(server_nonce.bytes());
buf.extend(b",s=");
buf.extend(base64::encode(pbkdf2.salt()).bytes());
buf.extend(Base64.encode(pbkdf2.salt()).bytes());
buf.extend(b",i=");
buf.extend(pbkdf2.iterations().to_string().bytes());
ret = Response::Proceed(buf.clone());
@ -148,7 +148,7 @@ where
cb_data.extend(self.channel_binding.data());
let mut client_final_message_bare = Vec::new();
client_final_message_bare.extend(b"c=");
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes());
let client_key = S::hmac(b"Client Key", &salted_password)?;
@ -163,15 +163,16 @@ where
let client_signature = S::hmac(&auth_message, &stored_key)?;
let client_proof = xor(&client_key, &client_signature);
let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?;
let sent_proof =
base64::decode(sent_proof).map_err(|_| MechanismError::CannotDecodeProof)?;
let sent_proof = Base64
.decode(sent_proof)
.map_err(|_| MechanismError::CannotDecodeProof)?;
if client_proof != sent_proof {
return Err(MechanismError::AuthenticationFailed);
}
let server_signature = S::hmac(&auth_message, &server_key)?;
let mut buf = Vec::new();
buf.extend(b"v=");
buf.extend(base64::encode(&server_signature).bytes());
buf.extend(Base64.encode(&server_signature).bytes());
ret = Response::Success(identity.clone(), buf);
next_state = ScramState::Done;
}