Skip to content
Snippets Groups Projects
Commit ebaefab7 authored by Richard T. Carback III's avatar Richard T. Carback III
Browse files

Ensure that the transmissionSalt and receptionSalt are non-zero, and remove the double generation.

parent fdb5ba15
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 27 deletions
api/user.go
+ 22
27
View file @ ebaefab7
...@@ -39,32 +39,6 @@ func createNewUser(rng *fastRNG.StreamGenerator) user.Info { ...@@ -39,32 +39,6 @@ func createNewUser(rng *fastRNG.StreamGenerator) user.Info {
transmissionSalt, receptionSalt, transmissionSalt, receptionSalt,
transmissionRsaKey, receptionRsaKey = createKeys(rng) transmissionRsaKey, receptionRsaKey = createKeys(rng)
// Salt, UID, etc gen
stream := rng.GetStream()
transmissionSalt = make([]byte, SaltSize)
n, err := stream.Read(transmissionSalt)
if err != nil {
jww.FATAL.Panicf(err.Error())
}
if n != SaltSize {
jww.FATAL.Panicf("transmissionSalt size too small: %d", n)
}
receptionSalt = make([]byte, SaltSize)
n, err = stream.Read(receptionSalt)
if err != nil {
jww.FATAL.Panicf(err.Error())
}
if n != SaltSize {
jww.FATAL.Panicf("transmissionSalt size too small: %d", n)
}
stream.Close()
transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(), transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(),
transmissionSalt, id.User) transmissionSalt, id.User)
if err != nil { if err != nil {
...@@ -104,8 +78,11 @@ func createKeys(rng *fastRNG.StreamGenerator) ( ...@@ -104,8 +78,11 @@ func createKeys(rng *fastRNG.StreamGenerator) (
stream := rng.GetStream() stream := rng.GetStream()
transmissionRsaKey, err = rsa.GenerateKey(stream, transmissionRsaKey, err = rsa.GenerateKey(stream,
rsa.DefaultRSABitLen) rsa.DefaultRSABitLen)
if err != nil {
jww.FATAL.Panicf(err.Error())
}
transmissionSalt = make([]byte, 32) transmissionSalt = make([]byte, 32)
_, err = stream.Read(receptionSalt) _, err = stream.Read(transmissionSalt)
stream.Close() stream.Close()
if err != nil { if err != nil {
jww.FATAL.Panicf(err.Error()) jww.FATAL.Panicf(err.Error())
...@@ -118,6 +95,9 @@ func createKeys(rng *fastRNG.StreamGenerator) ( ...@@ -118,6 +95,9 @@ func createKeys(rng *fastRNG.StreamGenerator) (
stream := rng.GetStream() stream := rng.GetStream()
receptionRsaKey, err = rsa.GenerateKey(stream, receptionRsaKey, err = rsa.GenerateKey(stream,
rsa.DefaultRSABitLen) rsa.DefaultRSABitLen)
if err != nil {
jww.FATAL.Panicf(err.Error())
}
receptionSalt = make([]byte, 32) receptionSalt = make([]byte, 32)
_, err = stream.Read(receptionSalt) _, err = stream.Read(receptionSalt)
stream.Close() stream.Close()
...@@ -127,6 +107,21 @@ func createKeys(rng *fastRNG.StreamGenerator) ( ...@@ -127,6 +107,21 @@ func createKeys(rng *fastRNG.StreamGenerator) (
}() }()
wg.Wait() wg.Wait()
isZero := func(data []byte) bool {
if len(data) == 0 {
return true
}
for i := len(data) - 1; i != 0; i-- {
if data[i] != 0 {
return false
}
}
return true
}
if isZero(receptionSalt) || isZero(transmissionSalt) {
jww.FATAL.Panicf("empty salt generation detected")
}
return return
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment