Validate gossip encryption key before made persistent in local.keyring

This commit is contained in:
R.B. Boyer 2016-06-28 23:19:18 -05:00 committed by James Phillips
parent 567b354ed2
commit 291a468c87
No known key found for this signature in database
GPG key ID: 77183E682AC5FC11
2 changed files with 16 additions and 3 deletions

View file

@ -22,7 +22,9 @@ const (
func initKeyring(path, key string) error { func initKeyring(path, key string) error {
var keys []string var keys []string
if _, err := base64.StdEncoding.DecodeString(key); err != nil { if keyBytes, err := base64.StdEncoding.DecodeString(key); err != nil {
return fmt.Errorf("Invalid key: %s", err)
} else if err := memberlist.ValidateKey(keyBytes); err != nil {
return fmt.Errorf("Invalid key: %s", err) return fmt.Errorf("Invalid key: %s", err)
} }

View file

@ -58,6 +58,17 @@ func NewKeyring(keys [][]byte, primaryKey []byte) (*Keyring, error) {
return keyring, nil return keyring, nil
} }
// ValidateKey will check to see if the key is valid and returns an error if not.
//
// key should be either 16, 24, or 32 bytes to select AES-128,
// AES-192, or AES-256.
func ValidateKey(key []byte) error {
if l := len(key); l != 16 && l != 24 && l != 32 {
return fmt.Errorf("key size must be 16, 24 or 32 bytes")
}
return nil
}
// AddKey will install a new key on the ring. Adding a key to the ring will make // AddKey will install a new key on the ring. Adding a key to the ring will make
// it available for use in decryption. If the key already exists on the ring, // it available for use in decryption. If the key already exists on the ring,
// this function will just return noop. // this function will just return noop.
@ -65,8 +76,8 @@ func NewKeyring(keys [][]byte, primaryKey []byte) (*Keyring, error) {
// key should be either 16, 24, or 32 bytes to select AES-128, // key should be either 16, 24, or 32 bytes to select AES-128,
// AES-192, or AES-256. // AES-192, or AES-256.
func (k *Keyring) AddKey(key []byte) error { func (k *Keyring) AddKey(key []byte) error {
if l := len(key); l != 16 && l != 24 && l != 32 { if err := ValidateKey(key); err != nil {
return fmt.Errorf("key size must be 16, 24 or 32 bytes") return err
} }
// No-op if key is already installed // No-op if key is already installed