Skip to content
Snippets Groups Projects
Verified Commit b614f72f authored by Gabriel Zachmann's avatar Gabriel Zachmann
Browse files

drop deprecated math/rand.Read

parent bf2ac5b1
No related branches found
No related tags found
No related merge requests found
Pipeline #372579 passed
......@@ -38,9 +38,12 @@ type MytokenEntry struct {
}
// InitRefreshToken links a refresh token to this MytokenEntry
func (mte *MytokenEntry) InitRefreshToken(rt string) error {
func (mte *MytokenEntry) InitRefreshToken(rt string) (err error) {
mte.refreshToken = rt
mte.encryptionKey = cryptutils.RandomBytes(32)
mte.encryptionKey, err = cryptutils.RandomBytes(32)
if err != nil {
return
}
tmp, err := cryptutils.AESEncrypt(mte.refreshToken, mte.encryptionKey)
if err != nil {
return err
......
......@@ -7,12 +7,10 @@ import (
"crypto/sha512"
"encoding/base64"
"fmt"
mathRand "math/rand"
"strings"
"github.com/oidc-mytoken/utils/utils"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
"golang.org/x/crypto/pbkdf2"
)
......@@ -24,20 +22,21 @@ const (
const malFormedCiphertext = "malformed ciphertext"
// RandomBytes returns size random bytes
func RandomBytes(size int) []byte {
func RandomBytes(size int) ([]byte, error) {
r := make([]byte, size)
if _, err := rand.Read(r); err != nil {
log.WithError(err).Error()
_, _ = mathRand.Read(r)
}
return r
_, err := rand.Read(r)
return r, errors.WithStack(err)
}
func deriveKey(password string, salt []byte, size int) ([]byte, []byte) {
func deriveKey(password string, salt []byte, size int) ([]byte, []byte, error) {
if salt == nil {
salt = RandomBytes(saltLen)
var err error
salt, err = RandomBytes(saltLen)
if err != nil {
return nil, nil, err
}
}
return pbkdf2.Key([]byte(password), salt, keyIterations, size, sha512.New), salt
return pbkdf2.Key([]byte(password), salt, keyIterations, size, sha512.New), salt, nil
}
// AES128Encrypt encrypts a string using AES128 with the passed password
......@@ -71,7 +70,10 @@ func AES256Decrypt(cipher, password string) (string, error) {
}
func aesEncrypt(plain, password string, keyLen int) (string, error) {
key, salt := deriveKey(password, nil, keyLen)
key, salt, err := deriveKey(password, nil, keyLen)
if err != nil {
return "", err
}
ciph, err := AESEncrypt(plain, key)
if err != nil {
return "", err
......@@ -94,7 +96,10 @@ func aesDecrypt(cipher, password string, keyLen int) (string, error) {
if err != nil {
return "", errors.Wrap(err, malFormedCiphertext)
}
key, _ := deriveKey(password, salt, keyLen)
key, _, err := deriveKey(password, salt, keyLen)
if err != nil {
return "", err
}
return AESDecrypt(arr[1], key)
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment