diff --git a/sasl/src/client/mechanisms/scram.rs b/sasl/src/client/mechanisms/scram.rs index fb2d6964..58eb2bef 100644 --- a/sasl/src/client/mechanisms/scram.rs +++ b/sasl/src/client/mechanisms/scram.rs @@ -118,8 +118,8 @@ impl Mechanism for Scram { client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); let salted_password = S::derive(&self.password, &salt, iterations)?; - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_message); auth_message.push(b','); @@ -127,9 +127,9 @@ impl Mechanism for Scram { auth_message.push(b','); auth_message.extend(&client_final_message_bare); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut client_final_message = Vec::new(); client_final_message.extend(&client_final_message_bare); client_final_message.extend(b",p="); diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs index cc48b439..975c95be 100644 --- a/sasl/src/common/scram.rs +++ b/sasl/src/common/scram.rs @@ -30,7 +30,7 @@ pub trait ScramProvider { fn hash(data: &[u8]) -> Vec; /// A function which performs an HMAC using the hash function. - fn hmac(data: &[u8], key: &[u8]) -> Vec; + fn hmac(data: &[u8], key: &[u8]) -> Result, String>; /// A function which does PBKDF2 key derivation using the hash function. fn derive(data: &Password, salt: &[u8], iterations: usize) -> Result, String>; @@ -39,7 +39,7 @@ pub trait ScramProvider { /// A `ScramProvider` which provides SCRAM-SHA-1 and SCRAM-SHA-1-PLUS pub struct Sha1; -impl ScramProvider for Sha1 { // TODO: look at all these unwraps +impl ScramProvider for Sha1 { type Secret = secret::Pbkdf2Sha1; fn name() -> &'static str { "SHA-1" } @@ -51,14 +51,17 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha1 = Hmac; - let mut mac = HmacSha1::new_varkey(key).unwrap(); + let mut mac = match HmacSha1::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha1_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { @@ -89,7 +92,7 @@ impl ScramProvider for Sha1 { // TODO: look at all these unwraps /// A `ScramProvider` which provides SCRAM-SHA-256 and SCRAM-SHA-256-PLUS pub struct Sha256; -impl ScramProvider for Sha256 { // TODO: look at all these unwraps +impl ScramProvider for Sha256 { type Secret = secret::Pbkdf2Sha256; fn name() -> &'static str { "SHA-256" } @@ -101,14 +104,17 @@ impl ScramProvider for Sha256 { // TODO: look at all these unwraps vec } - fn hmac(data: &[u8], key: &[u8]) -> Vec { + fn hmac(data: &[u8], key: &[u8]) -> Result, String> { type HmacSha256 = Hmac; - let mut mac = HmacSha256::new_varkey(key).unwrap(); + let mut mac = match HmacSha256::new_varkey(key) { + Ok(mac) => mac, + Err(err) => return Err(format!("{}", err)), + }; mac.input(data); let result = mac.result(); let mut vec = Vec::with_capacity(Sha256_hash::output_size()); vec.extend_from_slice(result.code().as_slice()); - vec + Ok(vec) } fn derive(password: &Password, salt: &[u8], iterations: usize) -> Result, String> { diff --git a/sasl/src/server/mechanisms/scram.rs b/sasl/src/server/mechanisms/scram.rs index a595d383..920b0955 100644 --- a/sasl/src/server/mechanisms/scram.rs +++ b/sasl/src/server/mechanisms/scram.rs @@ -134,8 +134,8 @@ impl Mechanism for Scram client_final_message_bare.extend(base64::encode(&cb_data).bytes()); client_final_message_bare.extend(b",r="); client_final_message_bare.extend(server_nonce.bytes()); - let client_key = S::hmac(b"Client Key", &salted_password); - let server_key = S::hmac(b"Server Key", &salted_password); + let client_key = S::hmac(b"Client Key", &salted_password)?; + let server_key = S::hmac(b"Server Key", &salted_password)?; let mut auth_message = Vec::new(); auth_message.extend(initial_client_message); auth_message.extend(b","); @@ -143,14 +143,14 @@ impl Mechanism for Scram auth_message.extend(b","); auth_message.extend(client_final_message_bare.clone()); let stored_key = S::hash(&client_key); - let client_signature = S::hmac(&auth_message, &stored_key); + let client_signature = S::hmac(&auth_message, &stored_key)?; let client_proof = xor(&client_key, &client_signature); let sent_proof = frame.get("p").ok_or_else(|| "no proof".to_owned())?; let sent_proof = base64::decode(sent_proof).map_err(|_| "can't decode proof".to_owned())?; if client_proof != sent_proof { return Err("authentication failed".to_owned()); } - let server_signature = S::hmac(&auth_message, &server_key); + let server_signature = S::hmac(&auth_message, &server_key)?; let mut buf = Vec::new(); buf.extend(b"v="); buf.extend(base64::encode(&server_signature).bytes());