Changes to salt to clean up HMAC stuff.

This commit is contained in:
Jeff Mitchell 2015-09-18 18:13:10 -04:00
parent 5dde76fa1c
commit 8d71601221

View file

@ -26,7 +26,6 @@ type Salt struct {
config *Config
salt string
generated bool
hmac hash.Hash
hmacType string
}
@ -49,10 +48,6 @@ type Config struct {
// String prepended to HMAC strings for identification.
// Required if using HMAC
HMACType string
// A static string to use if set. If not set, one will be
// generated and persisted. This value will *not* be persisted.
StaticSalt string
}
// NewSalt creates a new salt based on the configuration
@ -73,23 +68,15 @@ func NewSalt(view logical.Storage, config *Config) (*Salt, error) {
config: config,
}
var raw *logical.StorageEntry
var err error
if config.StaticSalt != "" {
s.salt = config.StaticSalt
} else {
if view != nil {
// Look for the salt
raw, err = view.Get(config.Location)
if err != nil {
return nil, fmt.Errorf("failed to read salt: %v", err)
}
// Look for the salt
raw, err := view.Get(config.Location)
if err != nil {
return nil, fmt.Errorf("failed to read salt: %v", err)
}
// Restore the salt if it exists
if raw != nil {
s.salt = string(raw.Value)
}
}
// Restore the salt if it exists
if raw != nil {
s.salt = string(raw.Value)
}
// Generate a new salt if necessary
@ -97,7 +84,7 @@ func NewSalt(view logical.Storage, config *Config) (*Salt, error) {
s.salt = uuid.GenerateUUID()
s.generated = true
if view != nil {
raw = &logical.StorageEntry{
raw := &logical.StorageEntry{
Key: config.Location,
Value: []byte(s.salt),
}
@ -111,10 +98,6 @@ func NewSalt(view logical.Storage, config *Config) (*Salt, error) {
if len(config.HMACType) == 0 {
return nil, fmt.Errorf("HMACType must be defined")
}
s.hmac = hmac.New(config.HMAC, []byte(s.salt))
if s.hmac == nil {
return nil, fmt.Errorf("failed to instantiate HMAC function")
}
s.hmacType = config.HMACType
}
@ -130,24 +113,15 @@ func (s *Salt) SaltID(id string) string {
// GetHMAC is used to apply a salt and hash function to an ID to make sure
// it is not reversible, with an additional HMAC
func (s *Salt) GetHMAC(id string) string {
if s.hmac == nil {
return ""
}
s.hmac.Reset()
s.hmac.Write([]byte(id))
return hex.EncodeToString(s.hmac.Sum(nil))
hm := hmac.New(s.config.HMAC, []byte(s.salt))
hm.Write([]byte(id))
return hex.EncodeToString(hm.Sum(nil))
}
// GetIdentifiedHMAC is used to apply a salt and hash function to an ID to make sure
// it is not reversible, with an additional HMAC, and ID prepended
func (s *Salt) GetIdentifiedHMAC(id string) string {
if s.hmac == nil {
return ""
}
s.hmac.Reset()
s.hmac.Write([]byte(id))
return s.hmacType + ":" + hex.EncodeToString(s.hmac.Sum(nil))
return s.hmacType + ":" + s.GetHMAC(id)
}
// DidGenerate returns if the underlying salt value was generated
@ -164,6 +138,16 @@ func SaltID(salt, id string, hash HashFunc) string {
return hex.EncodeToString(hashVal)
}
func HMACValue(salt, val string, hashFunc func() hash.Hash) string {
hm := hmac.New(hashFunc, []byte(salt))
hm.Write([]byte(val))
return hex.EncodeToString(hm.Sum(nil))
}
func HMACIdentifiedValue(salt, val, hmacType string, hashFunc func() hash.Hash) string {
return hmacType + ":" + HMACValue(salt, val, hashFunc)
}
// SHA1Hash returns the SHA1 of the input
func SHA1Hash(inp []byte) []byte {
hashed := sha1.Sum(inp)