forgejo/modules/crypto/ssh/handshake.go

// Copyright 2013 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package ssh

import (
	"crypto/rand"
	"errors"
	"fmt"
	"io"
	"log"
	"net"
	"sync"
)

// debugHandshake, if set, prints messages sent and received.  Key
// exchange messages are printed as if DH were used, so the debug
// messages are wrong when using ECDH.
const debugHandshake = false

// keyingTransport is a packet based transport that supports key
// changes. It need not be thread-safe. It should pass through
// msgNewKeys in both directions.
type keyingTransport interface {
	packetConn

	// prepareKeyChange sets up a key change. The key change for a
	// direction will be effected if a msgNewKeys message is sent
	// or received.
	prepareKeyChange(*algorithms, *kexResult) error

	// getSessionID returns the session ID. prepareKeyChange must
	// have been called once.
	getSessionID() []byte
}

// rekeyingTransport is the interface of handshakeTransport that we
// (internally) expose to ClientConn and ServerConn.
type rekeyingTransport interface {
	packetConn

	// requestKeyChange asks the remote side to change keys. All
	// writes are blocked until the key change succeeds, which is
	// signaled by reading a msgNewKeys.
	requestKeyChange() error

	// getSessionID returns the session ID. This is only valid
	// after the first key change has completed.
	getSessionID() []byte
}

// handshakeTransport implements rekeying on top of a keyingTransport
// and offers a thread-safe writePacket() interface.
type handshakeTransport struct {
	conn   keyingTransport
	config *Config

	serverVersion []byte
	clientVersion []byte

	// hostKeys is non-empty if we are the server. In that case,
	// it contains all host keys that can be used to sign the
	// connection.
	hostKeys []Signer

	// hostKeyAlgorithms is non-empty if we are the client. In that case,
	// we accept these key types from the server as host key.
	hostKeyAlgorithms []string

	// On read error, incoming is closed, and readError is set.
	incoming  chan []byte
	readError error

	// data for host key checking
	hostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
	dialAddress     string
	remoteAddr      net.Addr

	readSinceKex uint64

	// Protects the writing side of the connection
	mu              sync.Mutex
	cond            *sync.Cond
	sentInitPacket  []byte
	sentInitMsg     *kexInitMsg
	writtenSinceKex uint64
	writeError      error
}

func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion, serverVersion []byte) *handshakeTransport {
	t := &handshakeTransport{
		conn:          conn,
		serverVersion: serverVersion,
		clientVersion: clientVersion,
		incoming:      make(chan []byte, 16),
		config:        config,
	}
	t.cond = sync.NewCond(&t.mu)
	return t
}

func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ClientConfig, dialAddr string, addr net.Addr) *handshakeTransport {
	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
	t.dialAddress = dialAddr
	t.remoteAddr = addr
	t.hostKeyCallback = config.HostKeyCallback
	if config.HostKeyAlgorithms != nil {
		t.hostKeyAlgorithms = config.HostKeyAlgorithms
	} else {
		t.hostKeyAlgorithms = supportedHostKeyAlgos
	}
	go t.readLoop()
	return t
}

func newServerTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ServerConfig) *handshakeTransport {
	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
	t.hostKeys = config.hostKeys
	go t.readLoop()
	return t
}

func (t *handshakeTransport) getSessionID() []byte {
	return t.conn.getSessionID()
}

func (t *handshakeTransport) id() string {
	if len(t.hostKeys) > 0 {
		return "server"
	}
	return "client"
}

func (t *handshakeTransport) readPacket() ([]byte, error) {
	p, ok := <-t.incoming
	if !ok {
		return nil, t.readError
	}
	return p, nil
}

func (t *handshakeTransport) readLoop() {
	for {
		p, err := t.readOnePacket()
		if err != nil {
			t.readError = err
			close(t.incoming)
			break
		}
		if p[0] == msgIgnore || p[0] == msgDebug {
			continue
		}
		t.incoming <- p
	}

	// If we can't read, declare the writing part dead too.
	t.mu.Lock()
	defer t.mu.Unlock()
	if t.writeError == nil {
		t.writeError = t.readError
	}
	t.cond.Broadcast()
}

func (t *handshakeTransport) readOnePacket() ([]byte, error) {
	if t.readSinceKex > t.config.RekeyThreshold {
		if err := t.requestKeyChange(); err != nil {
			return nil, err
		}
	}

	p, err := t.conn.readPacket()
	if err != nil {
		return nil, err
	}

	t.readSinceKex += uint64(len(p))
	if debugHandshake {
		msg, err := decode(p)
		log.Printf("%s got %T %v (%v)", t.id(), msg, msg, err)
	}
	if p[0] != msgKexInit {
		return p, nil
	}
	err = t.enterKeyExchange(p)

	t.mu.Lock()
	if err != nil {
		// drop connection
		t.conn.Close()
		t.writeError = err
	}

	if debugHandshake {
		log.Printf("%s exited key exchange, err %v", t.id(), err)
	}

	// Unblock writers.
	t.sentInitMsg = nil
	t.sentInitPacket = nil
	t.cond.Broadcast()
	t.writtenSinceKex = 0
	t.mu.Unlock()

	if err != nil {
		return nil, err
	}

	t.readSinceKex = 0
	return []byte{msgNewKeys}, nil
}

// sendKexInit sends a key change message, and returns the message
// that was sent. After initiating the key change, all writes will be
// blocked until the change is done, and a failed key change will
// close the underlying transport. This function is safe for
// concurrent use by multiple goroutines.
func (t *handshakeTransport) sendKexInit() (*kexInitMsg, []byte, error) {
	t.mu.Lock()
	defer t.mu.Unlock()
	return t.sendKexInitLocked()
}

func (t *handshakeTransport) requestKeyChange() error {
	_, _, err := t.sendKexInit()
	return err
}

// sendKexInitLocked sends a key change message. t.mu must be locked
// while this happens.
func (t *handshakeTransport) sendKexInitLocked() (*kexInitMsg, []byte, error) {
	// kexInits may be sent either in response to the other side,
	// or because our side wants to initiate a key change, so we
	// may have already sent a kexInit. In that case, don't send a
	// second kexInit.
	if t.sentInitMsg != nil {
		return t.sentInitMsg, t.sentInitPacket, nil
	}
	msg := &kexInitMsg{
		KexAlgos:                t.config.KeyExchanges,
		CiphersClientServer:     t.config.Ciphers,
		CiphersServerClient:     t.config.Ciphers,
		MACsClientServer:        t.config.MACs,
		MACsServerClient:        t.config.MACs,
		CompressionClientServer: supportedCompressions,
		CompressionServerClient: supportedCompressions,
	}
	io.ReadFull(rand.Reader, msg.Cookie[:])

	if len(t.hostKeys) > 0 {
		for _, k := range t.hostKeys {
			msg.ServerHostKeyAlgos = append(
				msg.ServerHostKeyAlgos, k.PublicKey().Type())
		}
	} else {
		msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
	}
	packet := Marshal(msg)

	// writePacket destroys the contents, so save a copy.
	packetCopy := make([]byte, len(packet))
	copy(packetCopy, packet)

	if err := t.conn.writePacket(packetCopy); err != nil {
		return nil, nil, err
	}

	t.sentInitMsg = msg
	t.sentInitPacket = packet
	return msg, packet, nil
}

func (t *handshakeTransport) writePacket(p []byte) error {
	t.mu.Lock()
	defer t.mu.Unlock()

	if t.writtenSinceKex > t.config.RekeyThreshold {
		t.sendKexInitLocked()
	}
	for t.sentInitMsg != nil && t.writeError == nil {
		t.cond.Wait()
	}
	if t.writeError != nil {
		return t.writeError
	}
	t.writtenSinceKex += uint64(len(p))

	switch p[0] {
	case msgKexInit:
		return errors.New("ssh: only handshakeTransport can send kexInit")
	case msgNewKeys:
		return errors.New("ssh: only handshakeTransport can send newKeys")
	default:
		return t.conn.writePacket(p)
	}
}

func (t *handshakeTransport) Close() error {
	return t.conn.Close()
}

// enterKeyExchange runs the key exchange.
func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
	if debugHandshake {
		log.Printf("%s entered key exchange", t.id())
	}
	myInit, myInitPacket, err := t.sendKexInit()
	if err != nil {
		return err
	}

	otherInit := &kexInitMsg{}
	if err := Unmarshal(otherInitPacket, otherInit); err != nil {
		return err
	}

	magics := handshakeMagics{
		clientVersion: t.clientVersion,
		serverVersion: t.serverVersion,
		clientKexInit: otherInitPacket,
		serverKexInit: myInitPacket,
	}

	clientInit := otherInit
	serverInit := myInit
	if len(t.hostKeys) == 0 {
		clientInit = myInit
		serverInit = otherInit

		magics.clientKexInit = myInitPacket
		magics.serverKexInit = otherInitPacket
	}

	algs, err := findAgreedAlgorithms(clientInit, serverInit)
	if err != nil {
		return err
	}

	// We don't send FirstKexFollows, but we handle receiving it.
	if otherInit.FirstKexFollows && algs.kex != otherInit.KexAlgos[0] {
		// other side sent a kex message for the wrong algorithm,
		// which we have to ignore.
		if _, err := t.conn.readPacket(); err != nil {
			return err
		}
	}

	kex, ok := kexAlgoMap[algs.kex]
	if !ok {
		return fmt.Errorf("ssh: unexpected key exchange algorithm %v", algs.kex)
	}

	var result *kexResult
	if len(t.hostKeys) > 0 {
		result, err = t.server(kex, algs, &magics)
	} else {
		result, err = t.client(kex, algs, &magics)
	}

	if err != nil {
		return err
	}

	t.conn.prepareKeyChange(algs, result)
	if err = t.conn.writePacket([]byte{msgNewKeys}); err != nil {
		return err
	}
	if packet, err := t.conn.readPacket(); err != nil {
		return err
	} else if packet[0] != msgNewKeys {
		return unexpectedMessageError(msgNewKeys, packet[0])
	}
	return nil
}

func (t *handshakeTransport) server(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) {
	var hostKey Signer
	for _, k := range t.hostKeys {
		if algs.hostKey == k.PublicKey().Type() {
			hostKey = k
		}
	}

	r, err := kex.Server(t.conn, t.config.Rand, magics, hostKey)
	return r, err
}

func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) {
	result, err := kex.Client(t.conn, t.config.Rand, magics)
	if err != nil {
		return nil, err
	}

	hostKey, err := ParsePublicKey(result.HostKey)
	if err != nil {
		return nil, err
	}

	if err := verifyHostKeySignature(hostKey, result); err != nil {
		return nil, err
	}

	if t.hostKeyCallback != nil {
		err = t.hostKeyCallback(t.dialAddress, t.remoteAddr, hostKey)
		if err != nil {
			return nil, err
		}
	}

	return result, nil
}
fix subrepo break change 2015-09-24 21:55:01 +00:00			`// Copyright 2013 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package ssh`

			`import (`
			`"crypto/rand"`
			`"errors"`
			`"fmt"`
			`"io"`
			`"log"`
			`"net"`
			`"sync"`
			`)`

			`// debugHandshake, if set, prints messages sent and received. Key`
			`// exchange messages are printed as if DH were used, so the debug`
			`// messages are wrong when using ECDH.`
			`const debugHandshake = false`

			`// keyingTransport is a packet based transport that supports key`
			`// changes. It need not be thread-safe. It should pass through`
			`// msgNewKeys in both directions.`
			`type keyingTransport interface {`
			`packetConn`

			`// prepareKeyChange sets up a key change. The key change for a`
			`// direction will be effected if a msgNewKeys message is sent`
			`// or received.`
			`prepareKeyChange(algorithms, kexResult) error`

			`// getSessionID returns the session ID. prepareKeyChange must`
			`// have been called once.`
			`getSessionID() []byte`
			`}`

			`// rekeyingTransport is the interface of handshakeTransport that we`
			`// (internally) expose to ClientConn and ServerConn.`
			`type rekeyingTransport interface {`
			`packetConn`

			`// requestKeyChange asks the remote side to change keys. All`
			`// writes are blocked until the key change succeeds, which is`
			`// signaled by reading a msgNewKeys.`
			`requestKeyChange() error`

			`// getSessionID returns the session ID. This is only valid`
			`// after the first key change has completed.`
			`getSessionID() []byte`
			`}`

			`// handshakeTransport implements rekeying on top of a keyingTransport`
			`// and offers a thread-safe writePacket() interface.`
			`type handshakeTransport struct {`
			`conn keyingTransport`
			`config *Config`

			`serverVersion []byte`
			`clientVersion []byte`

			`// hostKeys is non-empty if we are the server. In that case,`
			`// it contains all host keys that can be used to sign the`
			`// connection.`
			`hostKeys []Signer`

			`// hostKeyAlgorithms is non-empty if we are the client. In that case,`
			`// we accept these key types from the server as host key.`
			`hostKeyAlgorithms []string`

			`// On read error, incoming is closed, and readError is set.`
			`incoming chan []byte`
			`readError error`

			`// data for host key checking`
			`hostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error`
			`dialAddress string`
			`remoteAddr net.Addr`

			`readSinceKex uint64`

			`// Protects the writing side of the connection`
			`mu sync.Mutex`
			`cond *sync.Cond`
			`sentInitPacket []byte`
			`sentInitMsg *kexInitMsg`
			`writtenSinceKex uint64`
			`writeError error`
			`}`

			`func newHandshakeTransport(conn keyingTransport, config Config, clientVersion, serverVersion []byte) handshakeTransport {`
			`t := &handshakeTransport{`
			`conn: conn,`
			`serverVersion: serverVersion,`
			`clientVersion: clientVersion,`
			`incoming: make(chan []byte, 16),`
			`config: config,`
			`}`
			`t.cond = sync.NewCond(&t.mu)`
			`return t`
			`}`

			`func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byte, config ClientConfig, dialAddr string, addr net.Addr) handshakeTransport {`
			`t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)`
			`t.dialAddress = dialAddr`
			`t.remoteAddr = addr`
			`t.hostKeyCallback = config.HostKeyCallback`
			`if config.HostKeyAlgorithms != nil {`
			`t.hostKeyAlgorithms = config.HostKeyAlgorithms`
			`} else {`
			`t.hostKeyAlgorithms = supportedHostKeyAlgos`
			`}`
			`go t.readLoop()`
			`return t`
			`}`

			`func newServerTransport(conn keyingTransport, clientVersion, serverVersion []byte, config ServerConfig) handshakeTransport {`
			`t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)`
			`t.hostKeys = config.hostKeys`
			`go t.readLoop()`
			`return t`
			`}`

			`func (t *handshakeTransport) getSessionID() []byte {`
			`return t.conn.getSessionID()`
			`}`

			`func (t *handshakeTransport) id() string {`
			`if len(t.hostKeys) > 0 {`
			`return "server"`
			`}`
			`return "client"`
			`}`

			`func (t *handshakeTransport) readPacket() ([]byte, error) {`
			`p, ok := <-t.incoming`
			`if !ok {`
			`return nil, t.readError`
			`}`
			`return p, nil`
			`}`

			`func (t *handshakeTransport) readLoop() {`
			`for {`
			`p, err := t.readOnePacket()`
			`if err != nil {`
			`t.readError = err`
			`close(t.incoming)`
			`break`
			`}`
			`if p[0] == msgIgnore \|\| p[0] == msgDebug {`
			`continue`
			`}`
			`t.incoming <- p`
			`}`

			`// If we can't read, declare the writing part dead too.`
			`t.mu.Lock()`
			`defer t.mu.Unlock()`
			`if t.writeError == nil {`
			`t.writeError = t.readError`
			`}`
			`t.cond.Broadcast()`
			`}`

			`func (t *handshakeTransport) readOnePacket() ([]byte, error) {`
			`if t.readSinceKex > t.config.RekeyThreshold {`
			`if err := t.requestKeyChange(); err != nil {`
			`return nil, err`
			`}`
			`}`

			`p, err := t.conn.readPacket()`
			`if err != nil {`
			`return nil, err`
			`}`

			`t.readSinceKex += uint64(len(p))`
			`if debugHandshake {`
			`msg, err := decode(p)`
			`log.Printf("%s got %T %v (%v)", t.id(), msg, msg, err)`
			`}`
			`if p[0] != msgKexInit {`
			`return p, nil`
			`}`
			`err = t.enterKeyExchange(p)`

			`t.mu.Lock()`
			`if err != nil {`
			`// drop connection`
			`t.conn.Close()`
			`t.writeError = err`
			`}`

			`if debugHandshake {`
			`log.Printf("%s exited key exchange, err %v", t.id(), err)`
			`}`

			`// Unblock writers.`
			`t.sentInitMsg = nil`
			`t.sentInitPacket = nil`
			`t.cond.Broadcast()`
			`t.writtenSinceKex = 0`
			`t.mu.Unlock()`

			`if err != nil {`
			`return nil, err`
			`}`

			`t.readSinceKex = 0`
			`return []byte{msgNewKeys}, nil`
			`}`

			`// sendKexInit sends a key change message, and returns the message`
			`// that was sent. After initiating the key change, all writes will be`
			`// blocked until the change is done, and a failed key change will`
			`// close the underlying transport. This function is safe for`
			`// concurrent use by multiple goroutines.`
			`func (t handshakeTransport) sendKexInit() (kexInitMsg, []byte, error) {`
			`t.mu.Lock()`
			`defer t.mu.Unlock()`
			`return t.sendKexInitLocked()`
			`}`

			`func (t *handshakeTransport) requestKeyChange() error {`
			`_, _, err := t.sendKexInit()`
			`return err`
			`}`

			`// sendKexInitLocked sends a key change message. t.mu must be locked`
			`// while this happens.`
			`func (t handshakeTransport) sendKexInitLocked() (kexInitMsg, []byte, error) {`
			`// kexInits may be sent either in response to the other side,`
			`// or because our side wants to initiate a key change, so we`
			`// may have already sent a kexInit. In that case, don't send a`
			`// second kexInit.`
			`if t.sentInitMsg != nil {`
			`return t.sentInitMsg, t.sentInitPacket, nil`
			`}`
			`msg := &kexInitMsg{`
			`KexAlgos: t.config.KeyExchanges,`
			`CiphersClientServer: t.config.Ciphers,`
			`CiphersServerClient: t.config.Ciphers,`
			`MACsClientServer: t.config.MACs,`
			`MACsServerClient: t.config.MACs,`
			`CompressionClientServer: supportedCompressions,`
			`CompressionServerClient: supportedCompressions,`
			`}`
			`io.ReadFull(rand.Reader, msg.Cookie[:])`

			`if len(t.hostKeys) > 0 {`
			`for _, k := range t.hostKeys {`
			`msg.ServerHostKeyAlgos = append(`
			`msg.ServerHostKeyAlgos, k.PublicKey().Type())`
			`}`
			`} else {`
			`msg.ServerHostKeyAlgos = t.hostKeyAlgorithms`
			`}`
			`packet := Marshal(msg)`

			`// writePacket destroys the contents, so save a copy.`
			`packetCopy := make([]byte, len(packet))`
			`copy(packetCopy, packet)`

			`if err := t.conn.writePacket(packetCopy); err != nil {`
			`return nil, nil, err`
			`}`

			`t.sentInitMsg = msg`
			`t.sentInitPacket = packet`
			`return msg, packet, nil`
			`}`

			`func (t *handshakeTransport) writePacket(p []byte) error {`
			`t.mu.Lock()`
			`defer t.mu.Unlock()`

			`if t.writtenSinceKex > t.config.RekeyThreshold {`
			`t.sendKexInitLocked()`
			`}`
			`for t.sentInitMsg != nil && t.writeError == nil {`
			`t.cond.Wait()`
			`}`
			`if t.writeError != nil {`
			`return t.writeError`
			`}`
			`t.writtenSinceKex += uint64(len(p))`

			`switch p[0] {`
			`case msgKexInit:`
			`return errors.New("ssh: only handshakeTransport can send kexInit")`
			`case msgNewKeys:`
			`return errors.New("ssh: only handshakeTransport can send newKeys")`
			`default:`
			`return t.conn.writePacket(p)`
			`}`
			`}`

			`func (t *handshakeTransport) Close() error {`
			`return t.conn.Close()`
			`}`

			`// enterKeyExchange runs the key exchange.`
			`func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {`
			`if debugHandshake {`
			`log.Printf("%s entered key exchange", t.id())`
			`}`
			`myInit, myInitPacket, err := t.sendKexInit()`
			`if err != nil {`
			`return err`
			`}`

			`otherInit := &kexInitMsg{}`
			`if err := Unmarshal(otherInitPacket, otherInit); err != nil {`
			`return err`
			`}`

			`magics := handshakeMagics{`
			`clientVersion: t.clientVersion,`
			`serverVersion: t.serverVersion,`
			`clientKexInit: otherInitPacket,`
			`serverKexInit: myInitPacket,`
			`}`

			`clientInit := otherInit`
			`serverInit := myInit`
			`if len(t.hostKeys) == 0 {`
			`clientInit = myInit`
			`serverInit = otherInit`

			`magics.clientKexInit = myInitPacket`
			`magics.serverKexInit = otherInitPacket`
			`}`

			`algs, err := findAgreedAlgorithms(clientInit, serverInit)`
			`if err != nil {`
			`return err`
			`}`

			`// We don't send FirstKexFollows, but we handle receiving it.`
			`if otherInit.FirstKexFollows && algs.kex != otherInit.KexAlgos[0] {`
			`// other side sent a kex message for the wrong algorithm,`
			`// which we have to ignore.`
			`if _, err := t.conn.readPacket(); err != nil {`
			`return err`
			`}`
			`}`

			`kex, ok := kexAlgoMap[algs.kex]`
			`if !ok {`
			`return fmt.Errorf("ssh: unexpected key exchange algorithm %v", algs.kex)`
			`}`

			`var result *kexResult`
			`if len(t.hostKeys) > 0 {`
			`result, err = t.server(kex, algs, &magics)`
			`} else {`
			`result, err = t.client(kex, algs, &magics)`
			`}`

			`if err != nil {`
			`return err`
			`}`

			`t.conn.prepareKeyChange(algs, result)`
			`if err = t.conn.writePacket([]byte{msgNewKeys}); err != nil {`
			`return err`
			`}`
			`if packet, err := t.conn.readPacket(); err != nil {`
			`return err`
			`} else if packet[0] != msgNewKeys {`
			`return unexpectedMessageError(msgNewKeys, packet[0])`
			`}`
			`return nil`
			`}`

			`func (t handshakeTransport) server(kex kexAlgorithm, algs algorithms, magics handshakeMagics) (kexResult, error) {`
			`var hostKey Signer`
			`for _, k := range t.hostKeys {`
			`if algs.hostKey == k.PublicKey().Type() {`
			`hostKey = k`
			`}`
			`}`

			`r, err := kex.Server(t.conn, t.config.Rand, magics, hostKey)`
			`return r, err`
			`}`

			`func (t handshakeTransport) client(kex kexAlgorithm, algs algorithms, magics handshakeMagics) (kexResult, error) {`
			`result, err := kex.Client(t.conn, t.config.Rand, magics)`
			`if err != nil {`
			`return nil, err`
			`}`

			`hostKey, err := ParsePublicKey(result.HostKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if err := verifyHostKeySignature(hostKey, result); err != nil {`
			`return nil, err`
			`}`

			`if t.hostKeyCallback != nil {`
			`err = t.hostKeyCallback(t.dialAddress, t.remoteAddr, hostKey)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

			`return result, nil`
			`}`