crypto: use RustCrypto utils over deprecated rust-crypto

This change started due to my unfortunate exposure to a bug impacting
the ability for my project to target aarch64:
DaGenix/rust-crypto#383.

In that issue (and in others) it is clear that rust-crypto is now
deprecated in favor of the RustCrypto crates (here we need sha2/hmac).
This change drops in this replacement for rust-crypto.

Signed-off-by: Paul Osborne <[email protected]>

Cargo.toml

@@ -18,10 +18,11 @@ chrono = "0.2.0"
 curl = "0.4.0"
 error-chain = "0.10"
 hex = "0.2.0"
-rust-crypto = "0.2.0"
+hmac = "0.1"
 serde_derive = "0.9"
 serde = "0.9"
 serde-xml-rs = "0.1.2"
 #serde_xml = "0.9"
+sha2 = "0.5"
 url = "1.2.4"
 

src/lib.rs

@@ -1,14 +1,15 @@
 //! Simple access to Amazon Web Service's (AWS) Simple Storage Service (S3)
 extern crate chrono;
-extern crate crypto;
 extern crate curl;
 #[macro_use]
 extern crate error_chain;
 extern crate hex;
+extern crate hmac;
 #[macro_use]
 extern crate serde_derive;
 extern crate serde;
 extern crate serde_xml_rs as serde_xml;
+extern crate sha2;
 extern crate url;
 
 
@@ -23,4 +24,4 @@ pub mod signing;
 
 const LONG_DATE: &'static str = "%Y%m%dT%H%M%SZ";
 const EMPTY_PAYLOAD_SHA: &'static str = "e3b0c44298fc1c149afbf4c8996fb924\
-                                         27ae41e4649b934ca495991b7852b855";
+                                         27ae41e4649b934ca495991b7852b855";

src/request.rs

@@ -5,10 +5,8 @@ use bucket::Bucket;
 use chrono::{DateTime, UTC};
 use command::Command;
 
-use crypto::digest::Digest;
-use crypto::hmac::Hmac;
-use crypto::mac::Mac;
-use crypto::sha2::Sha256;
+use hmac::{Hmac, Mac};
+use sha2::{Digest, Sha256};
 use curl::easy::{Easy, List, ReadError};
 use error::S3Result;
 use hex::ToHex;
@@ -90,9 +88,9 @@ impl<'a> Request<'a> {
     fn sha256(&self) -> String {
         match self.command {
             Command::Put { content, .. } => {
-                let mut sha = Sha256::new();
+                let mut sha = Sha256::default();
                 sha.input(content);
-                sha.result_str()
+                sha.result().as_slice().to_hex()
             }
             _ => EMPTY_PAYLOAD_SHA.into(),
         }
@@ -123,7 +121,7 @@ impl<'a> Request<'a> {
     fn authorization(&self, headers: &Headers) -> String {
         let canonical_request = self.canonical_request(headers);
         let string_to_sign = self.string_to_sign(&canonical_request);
-        let mut hmac = Hmac::new(Sha256::new(), &self.signing_key());
+        let mut hmac = Hmac::<Sha256>::new(&self.signing_key());
         hmac.input(string_to_sign.as_bytes());
         let signature = hmac.result().code().to_hex();
         let signed_header = signing::signed_header_string(headers);
@@ -210,4 +208,4 @@ impl<'a> Request<'a> {
         }
         Ok((dst, handle.response_code()?))
     }
-}
+}

src/signing.rs

@@ -5,13 +5,12 @@
 use std::str;
 
 use chrono::{DateTime, UTC};
-use crypto::digest::Digest;
-use crypto::hmac::Hmac;
-use crypto::mac::Mac;
-use crypto::sha2::Sha256;
+use hex::ToHex;
+use hmac::{Hmac, Mac};
 use url::Url;
 use region::Region;
 use request::Headers;
+use sha2::{Digest, Sha256};
 
 const SHORT_DATE: &'static str = "%Y%m%d";
 const LONG_DATETIME: &'static str = "%Y%m%dT%H%M%SZ";
@@ -87,12 +86,12 @@ pub fn scope_string(datetime: &DateTime<UTC>, region: Region) -> String {
 /// Generate the "string to sign" - the value to which the HMAC signing is
 /// applied to sign requests.
 pub fn string_to_sign(datetime: &DateTime<UTC>, region: Region, canonical_req: &str) -> String {
-    let mut hasher = Sha256::new();
+    let mut hasher = Sha256::default();
     hasher.input(canonical_req.as_bytes());
     format!("AWS4-HMAC-SHA256\n{timestamp}\n{scope}\n{hash}",
             timestamp = datetime.format(LONG_DATETIME),
             scope = scope_string(datetime, region),
-            hash = hasher.result_str())
+            hash = hasher.result().as_slice().to_hex())
 }
 
 /// Generate the AWS signing key, derived from the secret key, date, region,
@@ -102,15 +101,14 @@ pub fn signing_key(datetime: &DateTime<UTC>,
                    region: Region,
                    service: &str)
                    -> Vec<u8> {
-    let sha256 = Sha256::new();
     let secret = String::from("AWS4") + secret_key;
-    let mut date_hmac = Hmac::new(sha256, secret.as_bytes());
+    let mut date_hmac = Hmac::<Sha256>::new(secret.as_bytes());
     date_hmac.input(datetime.format(SHORT_DATE).to_string().as_bytes());
-    let mut region_hmac = Hmac::new(sha256, &date_hmac.result().code());
+    let mut region_hmac = Hmac::<Sha256>::new(&date_hmac.result().code());
     region_hmac.input(region.to_string().as_bytes());
-    let mut service_hmac = Hmac::new(sha256, &region_hmac.result().code());
+    let mut service_hmac = Hmac::<Sha256>::new(&region_hmac.result().code());
     service_hmac.input(service.as_bytes());
-    let mut signing_hmac = Hmac::new(sha256, &service_hmac.result().code());
+    let mut signing_hmac = Hmac::<Sha256>::new(&service_hmac.result().code());
     signing_hmac.input("aws4_request".as_bytes());
     signing_hmac.result().code().into()
 }
@@ -135,9 +133,6 @@ mod tests {
     use std::str;
 
     use chrono::{TimeZone, UTC};
-    use crypto::hmac::Hmac;
-    use crypto::mac::Mac;
-    use crypto::sha2::Sha256;
     use hex::ToHex;
     use url::Url;
 
@@ -238,7 +233,7 @@ mod tests {
         let expected = "f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41";
         let secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
         let signing_key = signing_key(&datetime, secret, "us-east-1".parse().unwrap(), "s3");
-        let mut hmac = Hmac::new(Sha256::new(), &signing_key);
+        let mut hmac = Hmac::<Sha256>::new(&signing_key);
         hmac.input(string_to_sign.as_bytes());
         assert_eq!(expected, hmac.result().code().to_hex());
     }