mirror of
https://gitlab.com/xmpp-rs/xmpp-rs.git
synced 2024-07-12 22:21:53 +00:00
Remove .unwrap() in SCRAM code.
This commit is contained in:
parent
16b416a6d0
commit
0fddc9c717
3 changed files with 23 additions and 17 deletions
|
@ -118,8 +118,8 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
||||||
client_final_message_bare.extend(b",r=");
|
client_final_message_bare.extend(b",r=");
|
||||||
client_final_message_bare.extend(server_nonce.bytes());
|
client_final_message_bare.extend(server_nonce.bytes());
|
||||||
let salted_password = S::derive(&self.password, &salt, iterations)?;
|
let salted_password = S::derive(&self.password, &salt, iterations)?;
|
||||||
let client_key = S::hmac(b"Client Key", &salted_password);
|
let client_key = S::hmac(b"Client Key", &salted_password)?;
|
||||||
let server_key = S::hmac(b"Server Key", &salted_password);
|
let server_key = S::hmac(b"Server Key", &salted_password)?;
|
||||||
let mut auth_message = Vec::new();
|
let mut auth_message = Vec::new();
|
||||||
auth_message.extend(initial_message);
|
auth_message.extend(initial_message);
|
||||||
auth_message.push(b',');
|
auth_message.push(b',');
|
||||||
|
@ -127,9 +127,9 @@ impl<S: ScramProvider> Mechanism for Scram<S> {
|
||||||
auth_message.push(b',');
|
auth_message.push(b',');
|
||||||
auth_message.extend(&client_final_message_bare);
|
auth_message.extend(&client_final_message_bare);
|
||||||
let stored_key = S::hash(&client_key);
|
let stored_key = S::hash(&client_key);
|
||||||
let client_signature = S::hmac(&auth_message, &stored_key);
|
let client_signature = S::hmac(&auth_message, &stored_key)?;
|
||||||
let client_proof = xor(&client_key, &client_signature);
|
let client_proof = xor(&client_key, &client_signature);
|
||||||
let server_signature = S::hmac(&auth_message, &server_key);
|
let server_signature = S::hmac(&auth_message, &server_key)?;
|
||||||
let mut client_final_message = Vec::new();
|
let mut client_final_message = Vec::new();
|
||||||
client_final_message.extend(&client_final_message_bare);
|
client_final_message.extend(&client_final_message_bare);
|
||||||
client_final_message.extend(b",p=");
|
client_final_message.extend(b",p=");
|
||||||
|
|
|
@ -30,7 +30,7 @@ pub trait ScramProvider {
|
||||||
fn hash(data: &[u8]) -> Vec<u8>;
|
fn hash(data: &[u8]) -> Vec<u8>;
|
||||||
|
|
||||||
/// A function which performs an HMAC using the hash function.
|
/// A function which performs an HMAC using the hash function.
|
||||||
fn hmac(data: &[u8], key: &[u8]) -> Vec<u8>;
|
fn hmac(data: &[u8], key: &[u8]) -> Result<Vec<u8>, String>;
|
||||||
|
|
||||||
/// A function which does PBKDF2 key derivation using the hash function.
|
/// A function which does PBKDF2 key derivation using the hash function.
|
||||||
fn derive(data: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String>;
|
fn derive(data: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String>;
|
||||||
|
@ -39,7 +39,7 @@ pub trait ScramProvider {
|
||||||
/// A `ScramProvider` which provides SCRAM-SHA-1 and SCRAM-SHA-1-PLUS
|
/// A `ScramProvider` which provides SCRAM-SHA-1 and SCRAM-SHA-1-PLUS
|
||||||
pub struct Sha1;
|
pub struct Sha1;
|
||||||
|
|
||||||
impl ScramProvider for Sha1 { // TODO: look at all these unwraps
|
impl ScramProvider for Sha1 {
|
||||||
type Secret = secret::Pbkdf2Sha1;
|
type Secret = secret::Pbkdf2Sha1;
|
||||||
|
|
||||||
fn name() -> &'static str { "SHA-1" }
|
fn name() -> &'static str { "SHA-1" }
|
||||||
|
@ -51,14 +51,17 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps
|
||||||
vec
|
vec
|
||||||
}
|
}
|
||||||
|
|
||||||
fn hmac(data: &[u8], key: &[u8]) -> Vec<u8> {
|
fn hmac(data: &[u8], key: &[u8]) -> Result<Vec<u8>, String> {
|
||||||
type HmacSha1 = Hmac<Sha1_hash>;
|
type HmacSha1 = Hmac<Sha1_hash>;
|
||||||
let mut mac = HmacSha1::new_varkey(key).unwrap();
|
let mut mac = match HmacSha1::new_varkey(key) {
|
||||||
|
Ok(mac) => mac,
|
||||||
|
Err(err) => return Err(format!("{}", err)),
|
||||||
|
};
|
||||||
mac.input(data);
|
mac.input(data);
|
||||||
let result = mac.result();
|
let result = mac.result();
|
||||||
let mut vec = Vec::with_capacity(Sha1_hash::output_size());
|
let mut vec = Vec::with_capacity(Sha1_hash::output_size());
|
||||||
vec.extend_from_slice(result.code().as_slice());
|
vec.extend_from_slice(result.code().as_slice());
|
||||||
vec
|
Ok(vec)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String> {
|
fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String> {
|
||||||
|
@ -89,7 +92,7 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps
|
||||||
/// A `ScramProvider` which provides SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
|
/// A `ScramProvider` which provides SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
|
||||||
pub struct Sha256;
|
pub struct Sha256;
|
||||||
|
|
||||||
impl ScramProvider for Sha256 { // TODO: look at all these unwraps
|
impl ScramProvider for Sha256 {
|
||||||
type Secret = secret::Pbkdf2Sha256;
|
type Secret = secret::Pbkdf2Sha256;
|
||||||
|
|
||||||
fn name() -> &'static str { "SHA-256" }
|
fn name() -> &'static str { "SHA-256" }
|
||||||
|
@ -101,14 +104,17 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps
|
||||||
vec
|
vec
|
||||||
}
|
}
|
||||||
|
|
||||||
fn hmac(data: &[u8], key: &[u8]) -> Vec<u8> {
|
fn hmac(data: &[u8], key: &[u8]) -> Result<Vec<u8>, String> {
|
||||||
type HmacSha256 = Hmac<Sha256_hash>;
|
type HmacSha256 = Hmac<Sha256_hash>;
|
||||||
let mut mac = HmacSha256::new_varkey(key).unwrap();
|
let mut mac = match HmacSha256::new_varkey(key) {
|
||||||
|
Ok(mac) => mac,
|
||||||
|
Err(err) => return Err(format!("{}", err)),
|
||||||
|
};
|
||||||
mac.input(data);
|
mac.input(data);
|
||||||
let result = mac.result();
|
let result = mac.result();
|
||||||
let mut vec = Vec::with_capacity(Sha256_hash::output_size());
|
let mut vec = Vec::with_capacity(Sha256_hash::output_size());
|
||||||
vec.extend_from_slice(result.code().as_slice());
|
vec.extend_from_slice(result.code().as_slice());
|
||||||
vec
|
Ok(vec)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String> {
|
fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result<Vec<u8>, String> {
|
||||||
|
|
|
@ -134,8 +134,8 @@ impl<S, P> Mechanism for Scram<S, P>
|
||||||
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
|
client_final_message_bare.extend(base64::encode(&cb_data).bytes());
|
||||||
client_final_message_bare.extend(b",r=");
|
client_final_message_bare.extend(b",r=");
|
||||||
client_final_message_bare.extend(server_nonce.bytes());
|
client_final_message_bare.extend(server_nonce.bytes());
|
||||||
let client_key = S::hmac(b"Client Key", &salted_password);
|
let client_key = S::hmac(b"Client Key", &salted_password)?;
|
||||||
let server_key = S::hmac(b"Server Key", &salted_password);
|
let server_key = S::hmac(b"Server Key", &salted_password)?;
|
||||||
let mut auth_message = Vec::new();
|
let mut auth_message = Vec::new();
|
||||||
auth_message.extend(initial_client_message);
|
auth_message.extend(initial_client_message);
|
||||||
auth_message.extend(b",");
|
auth_message.extend(b",");
|
||||||
|
@ -143,14 +143,14 @@ impl<S, P> Mechanism for Scram<S, P>
|
||||||
auth_message.extend(b",");
|
auth_message.extend(b",");
|
||||||
auth_message.extend(client_final_message_bare.clone());
|
auth_message.extend(client_final_message_bare.clone());
|
||||||
let stored_key = S::hash(&client_key);
|
let stored_key = S::hash(&client_key);
|
||||||
let client_signature = S::hmac(&auth_message, &stored_key);
|
let client_signature = S::hmac(&auth_message, &stored_key)?;
|
||||||
let client_proof = xor(&client_key, &client_signature);
|
let client_proof = xor(&client_key, &client_signature);
|
||||||
let sent_proof = frame.get("p").ok_or_else(|| "no proof".to_owned())?;
|
let sent_proof = frame.get("p").ok_or_else(|| "no proof".to_owned())?;
|
||||||
let sent_proof = base64::decode(sent_proof).map_err(|_| "can't decode proof".to_owned())?;
|
let sent_proof = base64::decode(sent_proof).map_err(|_| "can't decode proof".to_owned())?;
|
||||||
if client_proof != sent_proof {
|
if client_proof != sent_proof {
|
||||||
return Err("authentication failed".to_owned());
|
return Err("authentication failed".to_owned());
|
||||||
}
|
}
|
||||||
let server_signature = S::hmac(&auth_message, &server_key);
|
let server_signature = S::hmac(&auth_message, &server_key)?;
|
||||||
let mut buf = Vec::new();
|
let mut buf = Vec::new();
|
||||||
buf.extend(b"v=");
|
buf.extend(b"v=");
|
||||||
buf.extend(base64::encode(&server_signature).bytes());
|
buf.extend(base64::encode(&server_signature).bytes());
|
||||||
|
|
Loading…
Reference in a new issue