Validate gossip encryption key before made persistent in local.keyring
This commit is contained in:
parent
567b354ed2
commit
291a468c87
|
@ -22,7 +22,9 @@ const (
|
||||||
func initKeyring(path, key string) error {
|
func initKeyring(path, key string) error {
|
||||||
var keys []string
|
var keys []string
|
||||||
|
|
||||||
if _, err := base64.StdEncoding.DecodeString(key); err != nil {
|
if keyBytes, err := base64.StdEncoding.DecodeString(key); err != nil {
|
||||||
|
return fmt.Errorf("Invalid key: %s", err)
|
||||||
|
} else if err := memberlist.ValidateKey(keyBytes); err != nil {
|
||||||
return fmt.Errorf("Invalid key: %s", err)
|
return fmt.Errorf("Invalid key: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
15
vendor/github.com/hashicorp/memberlist/keyring.go
generated
vendored
15
vendor/github.com/hashicorp/memberlist/keyring.go
generated
vendored
|
@ -58,6 +58,17 @@ func NewKeyring(keys [][]byte, primaryKey []byte) (*Keyring, error) {
|
||||||
return keyring, nil
|
return keyring, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ValidateKey will check to see if the key is valid and returns an error if not.
|
||||||
|
//
|
||||||
|
// key should be either 16, 24, or 32 bytes to select AES-128,
|
||||||
|
// AES-192, or AES-256.
|
||||||
|
func ValidateKey(key []byte) error {
|
||||||
|
if l := len(key); l != 16 && l != 24 && l != 32 {
|
||||||
|
return fmt.Errorf("key size must be 16, 24 or 32 bytes")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// AddKey will install a new key on the ring. Adding a key to the ring will make
|
// AddKey will install a new key on the ring. Adding a key to the ring will make
|
||||||
// it available for use in decryption. If the key already exists on the ring,
|
// it available for use in decryption. If the key already exists on the ring,
|
||||||
// this function will just return noop.
|
// this function will just return noop.
|
||||||
|
@ -65,8 +76,8 @@ func NewKeyring(keys [][]byte, primaryKey []byte) (*Keyring, error) {
|
||||||
// key should be either 16, 24, or 32 bytes to select AES-128,
|
// key should be either 16, 24, or 32 bytes to select AES-128,
|
||||||
// AES-192, or AES-256.
|
// AES-192, or AES-256.
|
||||||
func (k *Keyring) AddKey(key []byte) error {
|
func (k *Keyring) AddKey(key []byte) error {
|
||||||
if l := len(key); l != 16 && l != 24 && l != 32 {
|
if err := ValidateKey(key); err != nil {
|
||||||
return fmt.Errorf("key size must be 16, 24 or 32 bytes")
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// No-op if key is already installed
|
// No-op if key is already installed
|
||||||
|
|
Loading…
Reference in a new issue