From 6efc67a19846543e87e8a510d4d315ea0bbfae5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Sun, 20 Aug 2023 21:18:49 +0200 Subject: [PATCH] sasl: Update base64 to 0.21 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maxime “pep” Buquet --- sasl/Cargo.toml | 2 +- sasl/src/client/mechanisms/scram.rs | 10 +++++----- sasl/src/common/scram.rs | 4 ++-- sasl/src/server/mechanisms/scram.rs | 13 +++++++------ 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index 5ca04e07..c22a369b 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -20,7 +20,7 @@ scram = ["base64", "getrandom", "sha-1", "sha2", "hmac", "pbkdf2"] anonymous = ["getrandom"] [dependencies] -base64 = { version = "0.20", optional = true } +base64 = { version = "0.21", optional = true } getrandom = { version = "0.2", optional = true } sha-1 = { version = "0.10", optional = true } sha2 = { version = "0.10", optional = true } diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index 10f828d8..bec1fda3 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -1,6 +1,6 @@ //! Provides the SASL "SCRAM-*" mechanisms and a way to implement more. -use base64; +use base64::{engine::general_purpose::STANDARD as Base64, Engine}; use crate::client::{Mechanism, MechanismError}; use crate::common::scram::{generate_nonce, ScramProvider}; @@ -122,7 +122,7 @@ impl Mechanism for Scram { let frame = parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?; let server_nonce = frame.get("r"); - let salt = frame.get("s").and_then(|v| base64::decode(v).ok()); + let salt = frame.get("s").and_then(|v| Base64.decode(v).ok()); let iterations = frame.get("i").and_then(|v| v.parse().ok()); let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?; let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?; @@ -133,7 +133,7 @@ impl Mechanism for Scram { let mut cb_data: Vec = Vec::new(); cb_data.extend(gs2_header); cb_data.extend(self.channel_binding.data()); - client_final_message_bare.extend(base64::encode(&cb_data).bytes()); + client_final_message_bare.extend(Base64.encode(&cb_data).bytes()); client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); let salted_password = S::derive(&self.password, &salt, iterations)?; @@ -152,7 +152,7 @@ impl Mechanism for Scram { let mut client_final_message = Vec::new(); client_final_message.extend(&client_final_message_bare); client_final_message.extend(b",p="); - client_final_message.extend(base64::encode(&client_proof).bytes()); + client_final_message.extend(Base64.encode(&client_proof).bytes()); next_state = ScramState::GotServerData { server_signature: server_signature, }; @@ -172,7 +172,7 @@ impl Mechanism for Scram { ScramState::GotServerData { ref server_signature, } => { - if let Some(sig) = frame.get("v").and_then(|v| base64::decode(&v).ok()) { + if let Some(sig) = frame.get("v").and_then(|v| Base64.decode(&v).ok()) { if sig == *server_signature { Ok(()) } else { diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index b39f2914..40e2ab69 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -8,13 +8,13 @@ use crate::common::Password; use crate::secret; -use base64; +use base64::{engine::general_purpose::STANDARD as Base64, Engine}; /// Generate a nonce for SCRAM authentication. pub fn generate_nonce() -> Result { let mut data = [0u8; 32]; getrandom(&mut data)?; - Ok(base64::encode(&data)) + Ok(Base64.encode(&data)) } #[derive(Debug, PartialEq)] diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index 41d7ac7f..09a4fc97 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -1,6 +1,6 @@ use std::marker::PhantomData; -use base64; +use base64::{engine::general_purpose::STANDARD as Base64, Engine}; use crate::common::scram::{generate_nonce, ScramProvider}; use crate::common::{parse_frame, xor, ChannelBinding, Identity}; @@ -120,7 +120,7 @@ where buf.extend(b"r="); buf.extend(server_nonce.bytes()); buf.extend(b",s="); - buf.extend(base64::encode(pbkdf2.salt()).bytes()); + buf.extend(Base64.encode(pbkdf2.salt()).bytes()); buf.extend(b",i="); buf.extend(pbkdf2.iterations().to_string().bytes()); ret = Response::Proceed(buf.clone()); @@ -148,7 +148,7 @@ where cb_data.extend(self.channel_binding.data()); let mut client_final_message_bare = Vec::new(); client_final_message_bare.extend(b"c="); - client_final_message_bare.extend(base64::encode(&cb_data).bytes()); + client_final_message_bare.extend(Base64.encode(&cb_data).bytes()); client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); let client_key = S::hmac(b"Client Key", &salted_password)?; @@ -163,15 +163,16 @@ where let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?; - let sent_proof = - base64::decode(sent_proof).map_err(|_| MechanismError::CannotDecodeProof)?; + let sent_proof = Base64 + .decode(sent_proof) + .map_err(|_| MechanismError::CannotDecodeProof)?; if client_proof != sent_proof { return Err(MechanismError::AuthenticationFailed); } let server_signature = S::hmac(&auth_message, &server_key)?; let mut buf = Vec::new(); buf.extend(b"v="); - buf.extend(base64::encode(&server_signature).bytes()); + buf.extend(Base64.encode(&server_signature).bytes()); ret = Response::Success(identity.clone(), buf); next_state = ScramState::Done; }