dnim/rust-postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #761 from sfackler/dependabot/cargo/hmac-0.11

Browse Source 
Update hmac requirement from 0.10 to 0.11
This commit is contained in:
Steven Fackler 2021-04-29 17:14:45 -04:00 committed by GitHub
commit 3073435009
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
postgres-protocol/Cargo.toml
View File

@ -13,7 +13,7 @@ base64 = "0.13"
byteorder = "1.0" byteorder = "1.0"
bytes = "1.0" bytes = "1.0"
fallible-iterator = "0.2" fallible-iterator = "0.2"
hmac = "0.10" hmac = "0.11"
md-5 = "0.9" md-5 = "0.9"
memchr = "2.0" memchr = "2.0"
rand = "0.8" rand = "0.8"

17
postgres-protocol/src/authentication/sasl.rs
View File

@ -33,7 +33,8 @@ fn normalize(pass: &[u8]) -> Vec<u8> {
} }
pub(crate) fn hi(str: &[u8], salt: &[u8], i: u32) -> [u8; 32] { pub(crate) fn hi(str: &[u8], salt: &[u8], i: u32) -> [u8; 32] {
let mut hmac = Hmac::<Sha256>::new_varkey(str).expect("HMAC is able to accept all key sizes"); let mut hmac =
Hmac::<Sha256>::new_from_slice(str).expect("HMAC is able to accept all key sizes");
hmac.update(salt); hmac.update(salt);
hmac.update(&[0, 0, 0, 1]); hmac.update(&[0, 0, 0, 1]);
let mut prev = hmac.finalize().into_bytes(); let mut prev = hmac.finalize().into_bytes();
@ -41,7 +42,7 @@ pub(crate) fn hi(str: &[u8], salt: &[u8], i: u32) -> [u8; 32] {
let mut hi = prev; let mut hi = prev;
for _ in 1..i { for _ in 1..i {
let mut hmac = Hmac::<Sha256>::new_varkey(str).expect("already checked above"); let mut hmac = Hmac::<Sha256>::new_from_slice(str).expect("already checked above");
hmac.update(&prev); hmac.update(&prev);
prev = hmac.finalize().into_bytes(); prev = hmac.finalize().into_bytes();
@ -195,7 +196,7 @@ impl ScramSha256 {
let salted_password = hi(&password, &salt, parsed.iteration_count); let salted_password = hi(&password, &salt, parsed.iteration_count);
let mut hmac = Hmac::<Sha256>::new_varkey(&salted_password) let mut hmac = Hmac::<Sha256>::new_from_slice(&salted_password)
.expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(b"Client Key"); hmac.update(b"Client Key");
let client_key = hmac.finalize().into_bytes(); let client_key = hmac.finalize().into_bytes();
@ -214,8 +215,8 @@ impl ScramSha256 {
let auth_message = format!("n=,r={},{},{}", client_nonce, message, self.message); let auth_message = format!("n=,r={},{},{}", client_nonce, message, self.message);
let mut hmac = let mut hmac = Hmac::<Sha256>::new_from_slice(&stored_key)
Hmac::<Sha256>::new_varkey(&stored_key).expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(auth_message.as_bytes()); hmac.update(auth_message.as_bytes());
let client_signature = hmac.finalize().into_bytes(); let client_signature = hmac.finalize().into_bytes();
@ -266,13 +267,13 @@ impl ScramSha256 {
Err(e) => return Err(io::Error::new(io::ErrorKind::InvalidInput, e)), Err(e) => return Err(io::Error::new(io::ErrorKind::InvalidInput, e)),
}; };
let mut hmac = Hmac::<Sha256>::new_varkey(&salted_password) let mut hmac = Hmac::<Sha256>::new_from_slice(&salted_password)
.expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(b"Server Key"); hmac.update(b"Server Key");
let server_key = hmac.finalize().into_bytes(); let server_key = hmac.finalize().into_bytes();
let mut hmac = let mut hmac = Hmac::<Sha256>::new_from_slice(&server_key)
Hmac::<Sha256>::new_varkey(&server_key).expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(auth_message.as_bytes()); hmac.update(auth_message.as_bytes());
hmac.verify(&verifier) hmac.verify(&verifier)
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "SCRAM verification error")) .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "SCRAM verification error"))

8
postgres-protocol/src/password/mod.rs
View File

@ -61,8 +61,8 @@ pub(crate) fn scram_sha_256_salt(password: &[u8], salt: [u8; SCRAM_DEFAULT_SALT_
let salted_password = sasl::hi(&prepared, &salt, SCRAM_DEFAULT_ITERATIONS); let salted_password = sasl::hi(&prepared, &salt, SCRAM_DEFAULT_ITERATIONS);
// client key // client key
let mut hmac = let mut hmac = Hmac::<Sha256>::new_from_slice(&salted_password)
Hmac::<Sha256>::new_varkey(&salted_password).expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(b"Client Key"); hmac.update(b"Client Key");
let client_key = hmac.finalize().into_bytes(); let client_key = hmac.finalize().into_bytes();
@ -72,8 +72,8 @@ pub(crate) fn scram_sha_256_salt(password: &[u8], salt: [u8; SCRAM_DEFAULT_SALT_
let stored_key = hash.finalize_fixed(); let stored_key = hash.finalize_fixed();
// server key // server key
let mut hmac = let mut hmac = Hmac::<Sha256>::new_from_slice(&salted_password)
Hmac::<Sha256>::new_varkey(&salted_password).expect("HMAC is able to accept all key sizes"); .expect("HMAC is able to accept all key sizes");
hmac.update(b"Server Key"); hmac.update(b"Server Key");
let server_key = hmac.finalize().into_bytes(); let server_key = hmac.finalize().into_bytes();