diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml index c22a369b..04f8a089 100644 --- a/sasl/Cargo.toml +++ b/sasl/Cargo.toml @@ -25,4 +25,4 @@ getrandom = { version = "0.2", optional = true } sha-1 = { version = "0.10", optional = true } sha2 = { version = "0.10", optional = true } hmac = { version = "0.12", optional = true } -pbkdf2 = { version = "0.11", default-features = false, optional = true } +pbkdf2 = { version = "0.12", default-features = false, optional = true } diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index 40e2ab69..c899affc 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -21,6 +21,7 @@ pub fn generate_nonce() -> Result { pub enum DeriveError { IncompatibleHashingMethod(String, String), IncorrectSalt, + InvalidLength, IncompatibleIterationCount(u32, u32), } @@ -31,6 +32,7 @@ impl std::fmt::Display for DeriveError { write!(fmt, "incompatible hashing method, {} is not {}", one, two) } DeriveError::IncorrectSalt => write!(fmt, "incorrect salt"), + DeriveError::InvalidLength => write!(fmt, "invalid length"), DeriveError::IncompatibleIterationCount(one, two) => { write!(fmt, "incompatible iteration count, {} is not {}", one, two) } @@ -40,6 +42,12 @@ impl std::fmt::Display for DeriveError { impl std::error::Error for DeriveError {} +impl From for DeriveError { + fn from(_err: hmac::digest::InvalidLength) -> DeriveError { + DeriveError::InvalidLength + } +} + /// A trait which defines the needed methods for SCRAM. pub trait ScramProvider { /// The kind of secret this `ScramProvider` requires. @@ -89,7 +97,7 @@ impl ScramProvider for Sha1 { match *password { Password::Plain(ref plain) => { let mut result = vec![0; 20]; - pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result)?; Ok(result) } Password::Pbkdf2 { @@ -149,7 +157,7 @@ impl ScramProvider for Sha256 { match *password { Password::Plain(ref plain) => { let mut result = vec![0; 32]; - pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result); + pbkdf2::>(plain.as_bytes(), salt, iterations, &mut result)?; Ok(result) } Password::Pbkdf2 {