secure key generation

pull/157/head
Henrique Dias 2017-07-25 09:01:29 +01:00
parent cc6652c8a0
commit eb01267643
No known key found for this signature in database
GPG Key ID: 936F5EB68D786730
2 changed files with 20 additions and 12 deletions

24
auth.go
View File

@ -1,8 +1,8 @@
package filemanager
import (
"crypto/rand"
"encoding/json"
"math/rand"
"net/http"
"strings"
"time"
@ -147,15 +147,17 @@ func checkPasswordHash(password, hash string) bool {
return err == nil
}
const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
// randomString creates a string with a defined length using the above charset.
func randomString(length int) string {
seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
b := make([]byte, length)
for i := range b {
b[i] = charset[seededRand.Intn(len(charset))]
// generateRandomBytes returns securely generated random bytes.
// It will return an error if the system's secure random
// number generator fails to function correctly, in which
// case the caller should not continue.
func generateRandomBytes(n int) ([]byte, error) {
b := make([]byte, n)
_, err := rand.Read(b)
// Note that err == nil only if we read len(b) bytes.
if err != nil {
return nil, err
}
return string(b)
return b, nil
}

View File

@ -163,7 +163,13 @@ func New(database string, base User) (*FileManager, error) {
// If it doesn't exist, create a new one of 256 bits.
err = db.Get("config", "key", &m.key)
if err != nil && err == storm.ErrNotFound {
m.key = []byte(randomString(64))
var bytes []byte
bytes, err = generateRandomBytes(64)
if err != nil {
return nil, err
}
m.key = bytes
err = db.Set("config", "key", m.key)
}