From c9e595e61bcde6a0b90fbebe0becb39bf1c6f618 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 20 Jul 2017 23:54:15 +0200 Subject: Don't panic --- ask/ask.go | 4 ++-- bhash/bhash.go | 20 +++++++++++++------- bhash/bhash_test.go | 10 ++++++++-- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/ask/ask.go b/ask/ask.go index 205ad4c..f021ffd 100644 --- a/ask/ask.go +++ b/ask/ask.go @@ -28,7 +28,7 @@ func (Passphrase) Derive(salt []byte, rounds int, length int) ([]byte, error) { if err != nil { return nil, err } - return bhash.Pbkdf([]byte(pass), salt, rounds, length), nil + return bhash.Pbkdf([]byte(pass), salt, rounds, length) } type Confirmed struct{} @@ -38,7 +38,7 @@ func (Confirmed) Derive(salt []byte, rounds int, length int) ([]byte, error) { if err != nil { return nil, err } - return bhash.Pbkdf([]byte(pass), salt, rounds, length), nil + return bhash.Pbkdf([]byte(pass), salt, rounds, length) } // confirmed asks for password twice diff --git a/bhash/bhash.go b/bhash/bhash.go index 0c1d659..614a30c 100644 --- a/bhash/bhash.go +++ b/bhash/bhash.go @@ -20,10 +20,10 @@ const ( ) // Hash computes bcrypt hash -func Hash(pass, salt []byte) []byte { +func Hash(pass, salt []byte) ([]byte, error) { c, err := blowfish.NewSaltedCipher(pass, salt) if err != nil { - panic(err) + return nil, err } // key expansion for i := 0; i < rounds; i++ { @@ -42,11 +42,11 @@ func Hash(pass, salt []byte) []byte { binary.Read(bytes.NewReader(v), binary.LittleEndian, &u) binary.Write(buf, binary.BigEndian, u) } - return buf.Bytes() + return buf.Bytes(), nil } // Pbkdf returns derivated key -func Pbkdf(pass, salt []byte, iter, keyLen int) []byte { +func Pbkdf(pass, salt []byte, iter, keyLen int) ([]byte, error) { // collapse password h := sha512.New() h.Write(pass) @@ -61,13 +61,19 @@ func Pbkdf(pass, salt []byte, iter, keyLen int) []byte { h.Reset() h.Write(salt) binary.Write(h, binary.BigEndian, uint32(n)) - tmp := Hash(sha2pass, h.Sum(nil)) + tmp, err := Hash(sha2pass, h.Sum(nil)) + if err != nil { + return nil, err + } copy(out, tmp) for i := 1; i < iter; i++ { h.Reset() h.Write(tmp) - tmp = Hash(sha2pass, h.Sum(nil)) + tmp, err = Hash(sha2pass, h.Sum(nil)) + if err != nil { + return nil, err + } for x := range tmp { out[x] ^= tmp[x] } @@ -78,5 +84,5 @@ func Pbkdf(pass, salt []byte, iter, keyLen int) []byte { key[dst] = out[x] } } - return key[:keyLen] + return key[:keyLen], nil } diff --git a/bhash/bhash_test.go b/bhash/bhash_test.go index bce8313..a8870eb 100644 --- a/bhash/bhash_test.go +++ b/bhash/bhash_test.go @@ -14,7 +14,10 @@ func TestHash(t *testing.T) { 0x4d, 0x84, 0x22, 0xba, 0xc0, 0xa7, 0x92, 0x6c, } zero := make([]byte, 32) - res := Hash(zero, zero) + res, err := Hash(zero, zero) + if err != nil { + t.Fatal(err) + } if !bytes.Equal(res, golden) { t.Errorf("got %x, want %x", res, golden) } @@ -108,7 +111,10 @@ func TestPbkdf(t *testing.T) { tc := tc t.Run(fmt.Sprint(len(tc)), func(t *testing.T) { t.Parallel() - res := Pbkdf(zero, zero, rounds, len(tc)) + res, err := Pbkdf(zero, zero, rounds, len(tc)) + if err != nil { + t.Fatal(err) + } if !bytes.Equal(res, tc) { t.Errorf("got %x, want %x", res, tc) } -- cgit v1.2.3