diff options
Diffstat (limited to 'securecookie.go')
| -rw-r--r-- | securecookie.go | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/securecookie.go b/securecookie.go index 912d64c..ddd3a69 100644 --- a/securecookie.go +++ b/securecookie.go @@ -124,7 +124,7 @@ type Codec interface { // GenerateRandomKey(). It is recommended to use a key with 32 or 64 bytes. // // blockKey is optional, used to encrypt values. Create it using -// GenerateRandomKey(). The key length must correspond to the block size +// GenerateRandomKey(). The key length must correspond to the key size // of the encryption algorithm. For AES, used by default, valid lengths are // 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. // The default encoder used for cookie serialization is encoding/gob. @@ -141,7 +141,7 @@ func New(hashKey, blockKey []byte) *SecureCookie { maxLength: 4096, sz: GobEncoder{}, } - if hashKey == nil { + if len(hashKey) == 0 { s.err = errHashKeyNotSet } if blockKey != nil { @@ -286,7 +286,7 @@ func (s *SecureCookie) Encode(name string, value interface{}) (string, error) { b = encode(b) // 5. Check length. if s.maxLength != 0 && len(b) > s.maxLength { - return "", errEncodedValueTooLong + return "", fmt.Errorf("%s: %d", errEncodedValueTooLong, len(b)) } // Done. return string(b), nil @@ -310,7 +310,7 @@ func (s *SecureCookie) Decode(name, value string, dst interface{}, maxAges ...in } // 1. Check length. if s.maxLength != 0 && len(value) > s.maxLength { - return errValueToDecodeTooLong + return fmt.Errorf("%s: %d", errValueToDecodeTooLong, len(value)) } // 2. Decode from base64. b, err := decode([]byte(value)) @@ -395,7 +395,7 @@ func verifyMac(h hash.Hash, value []byte, mac []byte) error { // encrypt encrypts a value using the given block in counter mode. // -// A random initialization vector (http://goo.gl/zF67k) with the length of the +// A random initialization vector ( https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV) ) with the length of the // block size is prepended to the resulting ciphertext. func encrypt(block cipher.Block, value []byte) ([]byte, error) { iv := GenerateRandomKey(block.BlockSize()) @@ -412,7 +412,7 @@ func encrypt(block cipher.Block, value []byte) ([]byte, error) { // decrypt decrypts a value using the given block in counter mode. // // The value to be decrypted must be prepended by a initialization vector -// (http://goo.gl/zF67k) with the length of the block size. +// ( https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV) ) with the length of the block size. func decrypt(block cipher.Block, value []byte) ([]byte, error) { size := block.BlockSize() if len(value) > size { @@ -510,6 +510,10 @@ func decode(value []byte) ([]byte, error) { // GenerateRandomKey creates a random key with the given length in bytes. // On failure, returns nil. // +// Note that keys created using `GenerateRandomKey()` are not automatically +// persisted. New keys will be created when the application is restarted, and +// previously issued cookies will not be able to be decoded. +// // Callers should explicitly check for the possibility of a nil return, treat // it as a failure of the system random number generator, and not continue. func GenerateRandomKey(length int) []byte { @@ -529,22 +533,21 @@ func GenerateRandomKey(length int) []byte { // // Example: // -// codecs := securecookie.CodecsFromPairs( -// []byte("new-hash-key"), -// []byte("new-block-key"), -// []byte("old-hash-key"), -// []byte("old-block-key"), -// ) -// -// // Modify each instance. -// for _, s := range codecs { -// if cookie, ok := s.(*securecookie.SecureCookie); ok { -// cookie.MaxAge(86400 * 7) -// cookie.SetSerializer(securecookie.JSONEncoder{}) -// cookie.HashFunc(sha512.New512_256) -// } -// } +// codecs := securecookie.CodecsFromPairs( +// []byte("new-hash-key"), +// []byte("new-block-key"), +// []byte("old-hash-key"), +// []byte("old-block-key"), +// ) // +// // Modify each instance. +// for _, s := range codecs { +// if cookie, ok := s.(*securecookie.SecureCookie); ok { +// cookie.MaxAge(86400 * 7) +// cookie.SetSerializer(securecookie.JSONEncoder{}) +// cookie.HashFunc(sha512.New512_256) +// } +// } func CodecsFromPairs(keyPairs ...[]byte) []Codec { codecs := make([]Codec, len(keyPairs)/2+len(keyPairs)%2) for i := 0; i < len(keyPairs); i += 2 { |