Bump hmac and pbkdf2

This commit is contained in:
johannesd3 2021-05-01 10:46:34 +02:00
parent 6077a1ef4e
commit 1681574846
No known key found for this signature in database
GPG key ID: 8C2739E91D410F75
5 changed files with 15 additions and 14 deletions

12
Cargo.lock generated
View file

@ -306,9 +306,9 @@ checksum = "8aebca1129a03dc6dc2b127edd729435bbc4a37e1d5f4d7513165089ceb02634"
[[package]] [[package]]
name = "crypto-mac" name = "crypto-mac"
version = "0.10.0" version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6" checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e"
dependencies = [ dependencies = [
"generic-array", "generic-array",
"subtle", "subtle",
@ -768,9 +768,9 @@ checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35"
[[package]] [[package]]
name = "hmac" name = "hmac"
version = "0.10.1" version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15" checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
dependencies = [ dependencies = [
"crypto-mac", "crypto-mac",
"digest", "digest",
@ -1624,9 +1624,9 @@ checksum = "c5d65c4d95931acda4498f675e332fcbdc9a06705cd07086c510e9b6009cd1c1"
[[package]] [[package]]
name = "pbkdf2" name = "pbkdf2"
version = "0.7.3" version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "309c95c5f738c85920eb7062a2de29f3840d4f96974453fc9ac1ba078da9c627" checksum = "d95f5254224e617595d2cc3cc73ff0a5eaf2637519e25f03388154e9378b6ffa"
dependencies = [ dependencies = [
"crypto-mac", "crypto-mac",
"hmac", "hmac",

View file

@ -13,7 +13,7 @@ base64 = "0.13"
form_urlencoded = "1.0" form_urlencoded = "1.0"
futures-core = "0.3" futures-core = "0.3"
futures-util = { version = "0.3.5", default_features = false } futures-util = { version = "0.3.5", default_features = false }
hmac = "0.10" hmac = "0.11"
hyper = { version = "0.14", features = ["server", "http1", "tcp"] } hyper = { version = "0.14", features = ["server", "http1", "tcp"] }
libmdns = "0.6" libmdns = "0.6"
log = "0.4" log = "0.4"

View file

@ -102,18 +102,18 @@ impl Discovery {
let base_key = &base_key[..16]; let base_key = &base_key[..16];
let checksum_key = { let checksum_key = {
let mut h = HmacSha1::new_varkey(base_key).expect("HMAC can take key of any size"); let mut h = HmacSha1::new_from_slice(base_key).expect("HMAC can take key of any size");
h.update(b"checksum"); h.update(b"checksum");
h.finalize().into_bytes() h.finalize().into_bytes()
}; };
let encryption_key = { let encryption_key = {
let mut h = HmacSha1::new_varkey(&base_key).expect("HMAC can take key of any size"); let mut h = HmacSha1::new_from_slice(&base_key).expect("HMAC can take key of any size");
h.update(b"encryption"); h.update(b"encryption");
h.finalize().into_bytes() h.finalize().into_bytes()
}; };
let mut h = HmacSha1::new_varkey(&checksum_key).expect("HMAC can take key of any size"); let mut h = HmacSha1::new_from_slice(&checksum_key).expect("HMAC can take key of any size");
h.update(encrypted); h.update(encrypted);
if h.verify(cksum).is_err() { if h.verify(cksum).is_err() {
warn!("Login error for user {:?}: MAC mismatch", username); warn!("Login error for user {:?}: MAC mismatch", username);

View file

@ -20,7 +20,7 @@ bytes = "1.0"
form_urlencoded = "1.0" form_urlencoded = "1.0"
futures-core = { version = "0.3", default-features = false } futures-core = { version = "0.3", default-features = false }
futures-util = { version = "0.3", default-features = false, features = ["alloc", "bilock", "unstable", "sink"] } futures-util = { version = "0.3", default-features = false, features = ["alloc", "bilock", "unstable", "sink"] }
hmac = "0.10" hmac = "0.11"
httparse = "1.3" httparse = "1.3"
http = "0.2" http = "0.2"
hyper = { version = "0.14", optional = true, features = ["client", "tcp", "http1"] } hyper = { version = "0.14", optional = true, features = ["client", "tcp", "http1"] }
@ -30,7 +30,7 @@ num-bigint = { version = "0.4", features = ["rand"] }
num-integer = "0.1" num-integer = "0.1"
num-traits = "0.2" num-traits = "0.2"
once_cell = "1.5.2" once_cell = "1.5.2"
pbkdf2 = { version = "0.7", default-features = false, features = ["hmac"] } pbkdf2 = { version = "0.8", default-features = false, features = ["hmac"] }
priority-queue = "1.1" priority-queue = "1.1"
protobuf = "~2.14.0" protobuf = "~2.14.0"
rand = "0.8" rand = "0.8"

View file

@ -123,13 +123,14 @@ fn compute_keys(shared_secret: &[u8], packets: &[u8]) -> (Vec<u8>, Vec<u8>, Vec<
let mut data = Vec::with_capacity(0x64); let mut data = Vec::with_capacity(0x64);
for i in 1..6 { for i in 1..6 {
let mut mac = HmacSha1::new_varkey(&shared_secret).expect("HMAC can take key of any size"); let mut mac =
HmacSha1::new_from_slice(&shared_secret).expect("HMAC can take key of any size");
mac.update(packets); mac.update(packets);
mac.update(&[i]); mac.update(&[i]);
data.extend_from_slice(&mac.finalize().into_bytes()); data.extend_from_slice(&mac.finalize().into_bytes());
} }
let mut mac = HmacSha1::new_varkey(&data[..0x14]).expect("HMAC can take key of any size"); let mut mac = HmacSha1::new_from_slice(&data[..0x14]).expect("HMAC can take key of any size");
mac.update(packets); mac.update(packets);
( (