luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Don't allow providing original key shares once we've moved on to verification

Browse source
This commit is contained in:
Jeff Mitchell 2018-05-21 21:02:45 -04:00
parent 4464c3a65f
commit 0b4ead52a0
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
vault/rekey.go
View file

@ -327,6 +327,10 @@ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string)
return nil, logical.CodedError(http.StatusBadRequest, "no barrier rekey in progress") return nil, logical.CodedError(http.StatusBadRequest, "no barrier rekey in progress")
} }
if len(c.barrierRekeyConfig.VerificationKey) > 0 {
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("rekey operation already finished; verification must be performed; nonce for the verification operation is %q", c.barrierRekeyConfig.VerificationNonce))
}
if nonce != c.barrierRekeyConfig.Nonce { if nonce != c.barrierRekeyConfig.Nonce {
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.barrierRekeyConfig.Nonce)) return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.barrierRekeyConfig.Nonce))
} }
@ -554,6 +558,10 @@ func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string
return nil, logical.CodedError(http.StatusBadRequest, "no recovery rekey in progress") return nil, logical.CodedError(http.StatusBadRequest, "no recovery rekey in progress")
} }
if len(c.recoveryRekeyConfig.VerificationKey) > 0 {
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("rekey operation already finished; verification must be performed; nonce for the verification operation is %q", c.recoveryRekeyConfig.VerificationNonce))
}
if nonce != c.recoveryRekeyConfig.Nonce { if nonce != c.recoveryRekeyConfig.Nonce {
return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.recoveryRekeyConfig.Nonce)) return nil, logical.CodedError(http.StatusBadRequest, fmt.Sprintf("incorrect nonce supplied; nonce for this rekey operation is %q", c.recoveryRekeyConfig.Nonce))
} }