[minor] validate auth material returned from database before use

2016-07-12 09:10:58 -05:00 · 2016-07-12 09:10:58 -05:00 · 5c4a5deceb
--- a/database/loader.go
+++ b/database/loader.go
@ -36,6 +36,10 @@ func (db *DB) GetLoaderAuthDetails(prefix string) (lad mig.LoaderAuthDetails, er
 		err = fmt.Errorf("Unable to locate loader from prefix")
 		return
 	}
+	err = lad.Validate()
+	if err != nil {
+		return
+	}
 	return
 }

--- a/loader.go
+++ b/loader.go
@ -41,6 +41,14 @@ type LoaderAuthDetails struct {
 	Salt []byte
 }

+func (lad *LoaderAuthDetails) Validate() error {
+	if len(lad.Hash) != LoaderHashedKeyLength ||
+		len(lad.Salt) != LoaderSaltLength {
+		return fmt.Errorf("contents of LoaderAuthDetails are invalid")
+	}
+	return nil
+}
+
 // Generate a new loader prefix value
 func GenerateLoaderPrefix() string {
 	return RandLoaderKeyString(LoaderPrefixLength)
@ -68,6 +76,8 @@ func RandLoaderKeyString(length int) string {
 const LoaderPrefixAndKeyLength = 40 // Key length including prefix
 const LoaderPrefixLength = 8        // Prefix length
 const LoaderKeyLength = 32          // Length excluding prefix
+const LoaderHashedKeyLength = 32    // Length of hashed key in the database
+const LoaderSaltLength = 16         // Length of salt

 // Validate a loader key, returns nil if it is valid
 func ValidateLoaderKey(key string) error {
--- a/mig-api/loaderkey.go
+++ b/mig-api/loaderkey.go
@ -20,7 +20,7 @@ import (

 func hashLoaderKey(key string, salt []byte) (ret []byte, retsalt []byte, err error) {
 	if salt == nil {
-		retsalt = make([]byte, 16)
+		retsalt = make([]byte, mig.LoaderSaltLength)
 		_, err = rand.Read(retsalt)
 		if err != nil {
 			return
@ -28,7 +28,7 @@ func hashLoaderKey(key string, salt []byte) (ret []byte, retsalt []byte, err err
 	} else {
 		retsalt = salt
 	}
-	ret = pbkdf2.Key([]byte(key), retsalt, 4096, 32, sha256.New)
+	ret = pbkdf2.Key([]byte(key), retsalt, 4096, mig.LoaderHashedKeyLength, sha256.New)
 	return ret, retsalt, nil
 }