imgproxy/crypt.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"errors"
)

var (
	errInvalidSignature         = errors.New("Invalid signature")
	errInvalidSignatureEncoding = errors.New("Invalid signature encoding")
)

type securityKey []byte

func validatePath(signature, path string) error {
	messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
	if err != nil {
		return errInvalidSignatureEncoding
	}

	for i := 0; i < len(conf.Keys); i++ {
		if hmac.Equal(messageMAC, signatureFor(path, i)) {
			return nil
		}
	}

	return errInvalidSignature
}

func signatureFor(str string, pairInd int) []byte {
	mac := hmac.New(sha256.New, conf.Keys[pairInd])
	mac.Write(conf.Salts[pairInd])
	mac.Write([]byte(str))
	expectedMAC := mac.Sum(nil)
	if conf.SignatureSize < 32 {
		return expectedMAC[:conf.SignatureSize]
	}
	return expectedMAC
}
Initial commit 2017-06-20 15:58:55 +02:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"errors"`
			`)`

Predefine static errors 2018-10-05 22:29:55 +02:00			`var (`
Token => signature 2018-11-20 15:05:16 +02:00			`errInvalidSignature = errors.New("Invalid signature")`
			`errInvalidSignatureEncoding = errors.New("Invalid signature encoding")`
Predefine static errors 2018-10-05 22:29:55 +02:00			`)`

Multiple key/salt pairs support 2018-11-15 14:35:06 +02:00			`type securityKey []byte`

Token => signature 2018-11-20 15:05:16 +02:00			`func validatePath(signature, path string) error {`
			`messageMAC, err := base64.RawURLEncoding.DecodeString(signature)`
Initial commit 2017-06-20 15:58:55 +02:00			`if err != nil {`
Token => signature 2018-11-20 15:05:16 +02:00			`return errInvalidSignatureEncoding`
Initial commit 2017-06-20 15:58:55 +02:00			`}`

Multiple key/salt pairs support 2018-11-15 14:35:06 +02:00			`for i := 0; i < len(conf.Keys); i++ {`
			`if hmac.Equal(messageMAC, signatureFor(path, i)) {`
			`return nil`
			`}`
Initial commit 2017-06-20 15:58:55 +02:00			`}`

Token => signature 2018-11-20 15:05:16 +02:00			`return errInvalidSignature`
Initial commit 2017-06-20 15:58:55 +02:00			`}`
Option to use truncated signature (#88) * CircleCI * Fix docs resize_type -> resizing_type (#91) As noted in my issue... * Option to use truncated signature * Don't use 0 as no-limit for SignatureSize 2018-11-02 13:10:20 +02:00
Multiple key/salt pairs support 2018-11-15 14:35:06 +02:00			`func signatureFor(str string, pairInd int) []byte {`
			`mac := hmac.New(sha256.New, conf.Keys[pairInd])`
			`mac.Write(conf.Salts[pairInd])`
Option to use truncated signature (#88) * CircleCI * Fix docs resize_type -> resizing_type (#91) As noted in my issue... * Option to use truncated signature * Don't use 0 as no-limit for SignatureSize 2018-11-02 13:10:20 +02:00			`mac.Write([]byte(str))`
			`expectedMAC := mac.Sum(nil)`
			`if conf.SignatureSize < 32 {`
			`return expectedMAC[:conf.SignatureSize]`
			`}`
			`return expectedMAC`
			`}`