sasl: Update base64 to 0.21

Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2023-08-20 21:18:49 +02:00
parent 2e3004f89e
commit 6efc67a198
4 changed files with 15 additions and 14 deletions

View file

@ -20,7 +20,7 @@ scram = ["base64", "getrandom", "sha-1", "sha2", "hmac", "pbkdf2"]
anonymous = ["getrandom"] anonymous = ["getrandom"]
[dependencies] [dependencies]
base64 = { version = "0.20", optional = true } base64 = { version = "0.21", optional = true }
getrandom = { version = "0.2", optional = true } getrandom = { version = "0.2", optional = true }
sha-1 = { version = "0.10", optional = true } sha-1 = { version = "0.10", optional = true }
sha2 = { version = "0.10", optional = true } sha2 = { version = "0.10", optional = true }

View file

@ -1,6 +1,6 @@
//! Provides the SASL "SCRAM-*" mechanisms and a way to implement more. //! Provides the SASL "SCRAM-*" mechanisms and a way to implement more.
use base64; use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::client::{Mechanism, MechanismError}; use crate::client::{Mechanism, MechanismError};
use crate::common::scram::{generate_nonce, ScramProvider}; use crate::common::scram::{generate_nonce, ScramProvider};
@ -122,7 +122,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let frame = let frame =
parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?; parse_frame(challenge).map_err(|_| MechanismError::CannotDecodeChallenge)?;
let server_nonce = frame.get("r"); let server_nonce = frame.get("r");
let salt = frame.get("s").and_then(|v| base64::decode(v).ok()); let salt = frame.get("s").and_then(|v| Base64.decode(v).ok());
let iterations = frame.get("i").and_then(|v| v.parse().ok()); let iterations = frame.get("i").and_then(|v| v.parse().ok());
let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?; let server_nonce = server_nonce.ok_or_else(|| MechanismError::NoServerNonce)?;
let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?; let salt = salt.ok_or_else(|| MechanismError::NoServerSalt)?;
@ -133,7 +133,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut cb_data: Vec<u8> = Vec::new(); let mut cb_data: Vec<u8> = Vec::new();
cb_data.extend(gs2_header); cb_data.extend(gs2_header);
cb_data.extend(self.channel_binding.data()); cb_data.extend(self.channel_binding.data());
client_final_message_bare.extend(base64::encode(&cb_data).bytes()); client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r="); client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes()); client_final_message_bare.extend(server_nonce.bytes());
let salted_password = S::derive(&self.password, &salt, iterations)?; let salted_password = S::derive(&self.password, &salt, iterations)?;
@ -152,7 +152,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
let mut client_final_message = Vec::new(); let mut client_final_message = Vec::new();
client_final_message.extend(&client_final_message_bare); client_final_message.extend(&client_final_message_bare);
client_final_message.extend(b",p="); client_final_message.extend(b",p=");
client_final_message.extend(base64::encode(&client_proof).bytes()); client_final_message.extend(Base64.encode(&client_proof).bytes());
next_state = ScramState::GotServerData { next_state = ScramState::GotServerData {
server_signature: server_signature, server_signature: server_signature,
}; };
@ -172,7 +172,7 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
ScramState::GotServerData { ScramState::GotServerData {
ref server_signature, ref server_signature,
} => { } => {
if let Some(sig) = frame.get("v").and_then(|v| base64::decode(&v).ok()) { if let Some(sig) = frame.get("v").and_then(|v| Base64.decode(&v).ok()) {
if sig == *server_signature { if sig == *server_signature {
Ok(()) Ok(())
} else { } else {

View file

@ -8,13 +8,13 @@ use crate::common::Password;
use crate::secret; use crate::secret;
use base64; use base64::{engine::general_purpose::STANDARD as Base64, Engine};
/// Generate a nonce for SCRAM authentication. /// Generate a nonce for SCRAM authentication.
pub fn generate_nonce() -> Result<String, RngError> { pub fn generate_nonce() -> Result<String, RngError> {
let mut data = [0u8; 32]; let mut data = [0u8; 32];
getrandom(&mut data)?; getrandom(&mut data)?;
Ok(base64::encode(&data)) Ok(Base64.encode(&data))
} }
#[derive(Debug, PartialEq)] #[derive(Debug, PartialEq)]

View file

@ -1,6 +1,6 @@
use std::marker::PhantomData; use std::marker::PhantomData;
use base64; use base64::{engine::general_purpose::STANDARD as Base64, Engine};
use crate::common::scram::{generate_nonce, ScramProvider}; use crate::common::scram::{generate_nonce, ScramProvider};
use crate::common::{parse_frame, xor, ChannelBinding, Identity}; use crate::common::{parse_frame, xor, ChannelBinding, Identity};
@ -120,7 +120,7 @@ where
buf.extend(b"r="); buf.extend(b"r=");
buf.extend(server_nonce.bytes()); buf.extend(server_nonce.bytes());
buf.extend(b",s="); buf.extend(b",s=");
buf.extend(base64::encode(pbkdf2.salt()).bytes()); buf.extend(Base64.encode(pbkdf2.salt()).bytes());
buf.extend(b",i="); buf.extend(b",i=");
buf.extend(pbkdf2.iterations().to_string().bytes()); buf.extend(pbkdf2.iterations().to_string().bytes());
ret = Response::Proceed(buf.clone()); ret = Response::Proceed(buf.clone());
@ -148,7 +148,7 @@ where
cb_data.extend(self.channel_binding.data()); cb_data.extend(self.channel_binding.data());
let mut client_final_message_bare = Vec::new(); let mut client_final_message_bare = Vec::new();
client_final_message_bare.extend(b"c="); client_final_message_bare.extend(b"c=");
client_final_message_bare.extend(base64::encode(&cb_data).bytes()); client_final_message_bare.extend(Base64.encode(&cb_data).bytes());
client_final_message_bare.extend(b",r="); client_final_message_bare.extend(b",r=");
client_final_message_bare.extend(server_nonce.bytes()); client_final_message_bare.extend(server_nonce.bytes());
let client_key = S::hmac(b"Client Key", &salted_password)?; let client_key = S::hmac(b"Client Key", &salted_password)?;
@ -163,15 +163,16 @@ where
let client_signature = S::hmac(&auth_message, &stored_key)?; let client_signature = S::hmac(&auth_message, &stored_key)?;
let client_proof = xor(&client_key, &client_signature); let client_proof = xor(&client_key, &client_signature);
let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?; let sent_proof = frame.get("p").ok_or_else(|| MechanismError::NoProof)?;
let sent_proof = let sent_proof = Base64
base64::decode(sent_proof).map_err(|_| MechanismError::CannotDecodeProof)?; .decode(sent_proof)
.map_err(|_| MechanismError::CannotDecodeProof)?;
if client_proof != sent_proof { if client_proof != sent_proof {
return Err(MechanismError::AuthenticationFailed); return Err(MechanismError::AuthenticationFailed);
} }
let server_signature = S::hmac(&auth_message, &server_key)?; let server_signature = S::hmac(&auth_message, &server_key)?;
let mut buf = Vec::new(); let mut buf = Vec::new();
buf.extend(b"v="); buf.extend(b"v=");
buf.extend(base64::encode(&server_signature).bytes()); buf.extend(Base64.encode(&server_signature).bytes());
ret = Response::Success(identity.clone(), buf); ret = Response::Success(identity.clone(), buf);
next_state = ScramState::Done; next_state = ScramState::Done;
} }