replace crates hmac-sha1 and hmac-sha256 with equivalent crates from …

…RustCrypto (#288)

Cargo.toml

@@ -31,7 +31,6 @@ path = "src/main.rs"
 
 [dependencies]
 anyhow = "^1.0"
-hmac-sha1 = "^0.1"
 base64 = "0.13.0"
 text_io = "0.1.8"
 rpassword = "5.0"

steamguard/Cargo.toml

@@ -12,7 +12,7 @@ license = "MIT OR Apache-2.0"
 
 [dependencies]
 anyhow = "^1.0"
-hmac-sha1 = "^0.1"
+sha1 = "^0.10"
 base64 = "0.13.0"
 reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
 serde = { version = "1.0", features = ["derive"] }
@@ -32,9 +32,10 @@ secrecy = { version = "0.8", features = ["serde"] }
 zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
 protobuf = "3.2.0"
 protobuf-json-mapping = "3.2.0"
-hmac-sha256 = "1.1.7"
 phonenumber = "0.3"
 serde_path_to_error = "0.1.11"
+hmac = "^0.12"
+sha2 = "^0.10"
 
 [build-dependencies]
 anyhow = "^1.0"

steamguard/src/confirmation.rs

@@ -1,6 +1,6 @@
 use std::borrow::Cow;
 
-use hmacsha1::hmac_sha1;
+use hmac::{Hmac, Mac};
 use log::*;
 use reqwest::{
 	cookie::CookieStore,
@@ -9,6 +9,7 @@ use reqwest::{
 };
 use secrecy::ExposeSecret;
 use serde::Deserialize;
+use sha1::Sha1;
 
 use crate::{
 	steamapi::{self},
@@ -403,10 +404,11 @@ fn generate_confirmation_hash_for_time(
 	identity_secret: impl AsRef<[u8]>,
 ) -> String {
 	let decode: &[u8] = &base64::decode(identity_secret).unwrap();
-	let time_bytes = build_time_bytes(time);
-	let tag_bytes = tag.as_bytes();
-	let array = [&time_bytes, tag_bytes].concat();
-	let hash = hmac_sha1(decode, &array);
+	let mut mac = Hmac::<Sha1>::new_from_slice(decode).unwrap();
+	mac.update(&build_time_bytes(time));
+	mac.update(tag.as_bytes());
+	let result = mac.finalize();
+	let hash = result.into_bytes();
 	base64::encode(hash)
 }
 

steamguard/src/lib.rs

@@ -32,7 +32,6 @@ pub mod userlogin;
 
 extern crate base64;
 extern crate cookie;
-extern crate hmacsha1;
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SteamGuardAccount {

steamguard/src/qrapprover.rs

@@ -1,5 +1,7 @@
+use hmac::{Hmac, Mac};
 use log::debug;
 use reqwest::IntoUrl;
+use sha2::Sha256;
 
 use crate::{
 	protobufs::steammessages_auth_steamclient::CAuthentication_UpdateAuthSessionWithMobileConfirmation_Request,
@@ -67,12 +69,12 @@ fn build_signature(
 	steam_id: u64,
 	challenge: &Challenge,
 ) -> [u8; 32] {
-	let mut data = Vec::<u8>::with_capacity(18);
-	data.extend_from_slice(&challenge.version.to_le_bytes());
-	data.extend_from_slice(&challenge.client_id.to_le_bytes());
-	data.extend_from_slice(&steam_id.to_le_bytes());
-
-	hmac_sha256::HMAC::mac(data, shared_secret.expose_secret())
+	let mut mac = Hmac::<Sha256>::new_from_slice(shared_secret.expose_secret()).unwrap();
+	mac.update(&challenge.version.to_le_bytes());
+	mac.update(&challenge.client_id.to_le_bytes());
+	mac.update(&steam_id.to_le_bytes());
+	let result = mac.finalize();
+	result.into_bytes().into()
 }
 
 fn parse_challenge_url(challenge_url: impl IntoUrl) -> Result<Challenge, QrApproverError> {

steamguard/src/token.rs

@@ -1,5 +1,7 @@
+use hmac::{Hmac, Mac};
 use secrecy::{ExposeSecret, Secret, SecretString};
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use sha1::Sha1;
 use std::convert::TryInto;
 
 #[derive(Debug, Clone)]
@@ -34,9 +36,11 @@ impl TwoFactorSecret {
 			86, 87, 88, 89,
 		];
 
+		let mut mac = Hmac::<Sha1>::new_from_slice(self.0.expose_secret()).unwrap();
 		// this effectively makes it so that it creates a new code every 30 seconds.
-		let time_bytes: [u8; 8] = build_time_bytes(time / 30u64);
-		let hashed_data = hmacsha1::hmac_sha1(self.0.expose_secret(), &time_bytes);
+		mac.update(&build_time_bytes(time / 30u64));
+		let result = mac.finalize();
+		let hashed_data = result.into_bytes();
 		let mut code_array: [u8; 5] = [0; 5];
 		let b = (hashed_data[19] & 0xF) as usize;
 		let mut code_point: i32 = ((hashed_data[b] & 0x7F) as i32) << 24