1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-01-08 10:45:04 +02:00
imgproxy/crypt.go

42 lines
858 B
Go
Raw Normal View History

2017-06-20 15:58:55 +02:00
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"errors"
)
2018-10-05 22:29:55 +02:00
var (
2018-11-20 15:05:16 +02:00
errInvalidSignature = errors.New("Invalid signature")
errInvalidSignatureEncoding = errors.New("Invalid signature encoding")
2018-10-05 22:29:55 +02:00
)
2018-11-15 14:35:06 +02:00
type securityKey []byte
2018-11-20 15:05:16 +02:00
func validatePath(signature, path string) error {
messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
2017-06-20 15:58:55 +02:00
if err != nil {
2018-11-20 15:05:16 +02:00
return errInvalidSignatureEncoding
2017-06-20 15:58:55 +02:00
}
2018-11-15 14:35:06 +02:00
for i := 0; i < len(conf.Keys); i++ {
if hmac.Equal(messageMAC, signatureFor(path, i)) {
return nil
}
2017-06-20 15:58:55 +02:00
}
2018-11-20 15:05:16 +02:00
return errInvalidSignature
2017-06-20 15:58:55 +02:00
}
2018-11-15 14:35:06 +02:00
func signatureFor(str string, pairInd int) []byte {
mac := hmac.New(sha256.New, conf.Keys[pairInd])
mac.Write(conf.Salts[pairInd])
mac.Write([]byte(str))
expectedMAC := mac.Sum(nil)
if conf.SignatureSize < 32 {
return expectedMAC[:conf.SignatureSize]
}
return expectedMAC
}