RUST-682 Update encryption dependencies

Author: bugadani

Cargo.toml

@@ -40,15 +40,15 @@ derivative = "2.1.1"
 err-derive = "0.2.3"
 futures = "0.3.5"
 hex = "0.4.0"
-hmac = "~0.7.1"
+hmac = "0.10.1"
 lazy_static = "1.4.0"
-md-5 = "0.8.0"
+md-5 = "0.9.1"
 os_info = { version = "3.0.1", default-features = false }
 percent-encoding = "2.0.0"
 rand = { version = "0.7.2", features = ["small_rng"] }
 serde_with = "1.3.1"
-sha-1 = "0.8.1"
-sha2 = "0.8.0"
+sha-1 = "0.9.4"
+sha2 = "0.9.3"
 socket2 = "0.3.12"
 stringprep = "0.1.2"
 strsim = "0.10.0"
@@ -59,14 +59,14 @@ trust-dns-resolver = "0.19.5"
 typed-builder = "0.4.0"
 version_check = "0.9.1"
 webpki = "0.21.0"
-webpki-roots = "0.18.0"
+webpki-roots = "0.21.0"
 
 [dependencies.async-std]
 version = "1.6.2"
 optional = true
 
 [dependencies.pbkdf2]
-version = "0.3.0"
+version = "0.6.0"
 default-features = false
 
 [dependencies.reqwest]

src/client/auth/mod.rs

@@ -12,7 +12,7 @@ mod x509;
 
 use std::{borrow::Cow, fmt::Debug, str::FromStr};
 
-use hmac::Mac;
+use hmac::{Mac, NewMac};
 use rand::Rng;
 use serde::Deserialize;
 use typed_builder::TypedBuilder;
@@ -490,9 +490,13 @@ pub(crate) fn generate_nonce() -> String {
     base64::encode(&result)
 }
 
-fn mac<M: Mac>(key: &[u8], input: &[u8], auth_mechanism: &str) -> Result<impl AsRef<[u8]>> {
+fn mac<M: Mac + NewMac>(
+    key: &[u8],
+    input: &[u8],
+    auth_mechanism: &str,
+) -> Result<impl AsRef<[u8]>> {
     let mut mac =
         M::new_varkey(key).map_err(|_| Error::unknown_authentication_error(auth_mechanism))?;
-    mac.input(input);
-    Ok(mac.result().code())
+    mac.update(input);
+    Ok(mac.finalize().into_bytes())
 }

src/client/auth/scram.rs

@@ -7,10 +7,10 @@ use std::{
     sync::RwLock,
 };
 
-use hmac::{Hmac, Mac};
+use hmac::{digest::Digest, Hmac, Mac, NewMac};
 use lazy_static::lazy_static;
 use md5::Md5;
-use sha1::{Digest, Sha1};
+use sha1::Sha1;
 use sha2::Sha256;
 
 use crate::{
@@ -42,7 +42,7 @@ const USERNAME_KEY: char = 'n';
 const NO_CHANNEL_BINDING: char = 'n';
 
 /// The minimum number of iterations of the hash function that we will accept from the server.
-const MIN_ITERATION_COUNT: usize = 4096;
+const MIN_ITERATION_COUNT: u32 = 4096;
 
 lazy_static! {
     /// Cache of pre-computed salted passwords.
@@ -55,7 +55,7 @@ lazy_static! {
 struct CacheEntry {
     password: String,
     salt: Vec<u8>,
-    i: usize,
+    i: u32,
     mechanism: ScramVersion,
 }
 
@@ -298,7 +298,7 @@ impl ScramVersion {
     }
 
     /// The "h_i" function as defined in the SCRAM RFC.
-    fn h_i(&self, str: &str, salt: &[u8], iterations: usize) -> Vec<u8> {
+    fn h_i(&self, str: &str, salt: &[u8], iterations: u32) -> Vec<u8> {
         match self {
             ScramVersion::Sha1 => h_i::<Hmac<Sha1>>(str, salt, iterations, 160 / 8),
             ScramVersion::Sha256 => h_i::<Hmac<Sha256>>(str, salt, iterations, 256 / 8),
@@ -311,14 +311,14 @@ impl ScramVersion {
         &self,
         username: &str,
         password: &str,
-        i: usize,
+        i: u32,
         salt: &[u8],
     ) -> Result<Vec<u8>> {
         let normalized_password = match self {
             ScramVersion::Sha1 => {
                 let mut md5 = Md5::new();
-                md5.input(format!("{}:mongo:{}", username, password));
-                Cow::Owned(hex::encode(md5.result()))
+                md5.update(format!("{}:mongo:{}", username, password));
+                Cow::Owned(hex::encode(md5.finalize()))
             }
             ScramVersion::Sha256 => match stringprep::saslprep(password) {
                 Ok(p) => p,
@@ -353,9 +353,9 @@ fn xor(lhs: &[u8], rhs: &[u8]) -> Vec<u8> {
         .collect()
 }
 
-fn mac_verify<M: Mac>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
+fn mac_verify<M: Mac + NewMac>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
     let mut mac = M::new_varkey(key).map_err(|_| Error::unknown_authentication_error("SCRAM"))?;
-    mac.input(input);
+    mac.update(input);
     match mac.verify(signature) {
         Ok(_) => Ok(()),
         Err(_) => Err(Error::authentication_error(
@@ -367,11 +367,16 @@ fn mac_verify<M: Mac>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()>
 
 fn hash<D: Digest>(val: &[u8]) -> Vec<u8> {
     let mut hash = D::new();
-    hash.input(val);
-    hash.result().to_vec()
+    hash.update(val);
+    hash.finalize().to_vec()
 }
 
-fn h_i<M: Mac + Sync>(str: &str, salt: &[u8], iterations: usize, output_size: usize) -> Vec<u8> {
+fn h_i<M: Mac + NewMac + Sync>(
+    str: &str,
+    salt: &[u8],
+    iterations: u32,
+    output_size: usize,
+) -> Vec<u8> {
     let mut buf = vec![0u8; output_size];
     pbkdf2::pbkdf2::<M>(str.as_bytes(), salt, iterations, buf.as_mut_slice());
     buf
@@ -469,7 +474,7 @@ struct ServerFirst {
     message: String,
     nonce: String,
     salt: Vec<u8>,
-    i: usize,
+    i: u32,
 }
 
 impl ServerFirst {
@@ -494,7 +499,7 @@ impl ServerFirst {
         let salt = base64::decode(parse_kvp(parts[1], SALT_KEY)?.as_str())
             .map_err(|_| Error::invalid_authentication_response("SCRAM"))?;
 
-        let i: usize = match parse_kvp(parts[2], ITERATION_COUNT_KEY)?.parse() {
+        let i: u32 = match parse_kvp(parts[2], ITERATION_COUNT_KEY)?.parse() {
             Ok(num) => num,
             Err(_) => {
                 return Err(Error::authentication_error(
@@ -530,7 +535,7 @@ impl ServerFirst {
         self.salt.as_slice()
     }
 
-    fn i(&self) -> usize {
+    fn i(&self) -> u32 {
         self.i
     }