From 4b1bd32e4a17fe6ecda43f3d8c67ce0726d37690 Mon Sep 17 00:00:00 2001
From: Dmitry Ivanov <ivadmi5@gmail.com>
Date: Tue, 12 Apr 2022 01:04:02 +0300
Subject: [PATCH] Drop `Debug` impl for `ScramKey` and `ServerSecret`

There's a notion that accidental misuse of those implementations
might reveal authentication secrets.
---
 proxy/src/scram/exchange.rs | 3 ---
 proxy/src/scram/key.rs      | 2 +-
 proxy/src/scram/secret.rs   | 1 -
 3 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/proxy/src/scram/exchange.rs b/proxy/src/scram/exchange.rs
index 5a986b965a..802fe61db5 100644
--- a/proxy/src/scram/exchange.rs
+++ b/proxy/src/scram/exchange.rs
@@ -8,7 +8,6 @@ use super::signature::SignatureBuilder;
 use crate::sasl::{self, ChannelBinding, Error as SaslError};
 
 /// The only channel binding mode we currently support.
-#[derive(Debug)]
 struct TlsServerEndPoint;
 
 impl std::fmt::Display for TlsServerEndPoint {
@@ -28,7 +27,6 @@ impl std::str::FromStr for TlsServerEndPoint {
     }
 }
 
-#[derive(Debug)]
 enum ExchangeState {
     /// Waiting for [`ClientFirstMessage`].
     Initial,
@@ -41,7 +39,6 @@ enum ExchangeState {
 }
 
 /// Server's side of SCRAM auth algorithm.
-#[derive(Debug)]
 pub struct Exchange<'a> {
     state: ExchangeState,
     secret: &'a ServerSecret,
diff --git a/proxy/src/scram/key.rs b/proxy/src/scram/key.rs
index 1c13471bc3..73dd5e1d5c 100644
--- a/proxy/src/scram/key.rs
+++ b/proxy/src/scram/key.rs
@@ -6,7 +6,7 @@ pub const SCRAM_KEY_LEN: usize = 32;
 /// One of the keys derived from the [password](super::password::SaltedPassword).
 /// We use the same structure for all keys, i.e.
 /// `ClientKey`, `StoredKey`, and `ServerKey`.
-#[derive(Default, Debug, PartialEq, Eq)]
+#[derive(Default, PartialEq, Eq)]
 #[repr(transparent)]
 pub struct ScramKey {
     bytes: [u8; SCRAM_KEY_LEN],
diff --git a/proxy/src/scram/secret.rs b/proxy/src/scram/secret.rs
index e8d180bcdd..bf935d3510 100644
--- a/proxy/src/scram/secret.rs
+++ b/proxy/src/scram/secret.rs
@@ -5,7 +5,6 @@ use super::key::ScramKey;
 
 /// Server secret is produced from [password](super::password::SaltedPassword)
 /// and is used throughout the authentication process.
-#[derive(Debug)]
 pub struct ServerSecret {
     /// Number of iterations for `PBKDF2` function.
     pub iterations: u32,