diff options
Diffstat (limited to 'internal/util')
| -rw-r--r-- | internal/util/secret.go | 47 | ||||
| -rw-r--r-- | internal/util/secret_test.go | 40 |
2 files changed, 87 insertions, 0 deletions
diff --git a/internal/util/secret.go b/internal/util/secret.go new file mode 100644 index 000000000..915cc77ba --- /dev/null +++ b/internal/util/secret.go @@ -0,0 +1,47 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package util + +import ( + "crypto/rand" + "encoding/base32" + "io" +) + +// crockfordBase32 is an encoding alphabet that misses characters I,L,O,U, +// to avoid confusion and abuse. See: http://www.crockford.com/wrmg/base32.html +const crockfordBase32 = "0123456789ABCDEFGHJKMNPQRSTVWXYZ" + +// base32enc is a pre-initialized CrockfordBase32 encoding without any padding. +var base32enc = base32.NewEncoding(crockfordBase32).WithPadding(base32.NoPadding) + +// MustGenerateSecret returns a cryptographically-secure, +// CrockfordBase32-encoded string of 32 chars in length +// (ie., 20-bytes/160 bits of entropy), or panics on error. +// +// The source of randomness is crypto/rand. +func MustGenerateSecret() string { + // Crockford base32 with no padding + // encodes 20 bytes to 32 characters. + const blen = 20 + b := make([]byte, blen) + if _, err := io.ReadFull(rand.Reader, b); err != nil { + panic(err) + } + return base32enc.EncodeToString(b) +} diff --git a/internal/util/secret_test.go b/internal/util/secret_test.go new file mode 100644 index 000000000..99b2df32c --- /dev/null +++ b/internal/util/secret_test.go @@ -0,0 +1,40 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package util_test + +import ( + "regexp" + "testing" + + "github.com/superseriousbusiness/gotosocial/internal/util" +) + +func TestMustGenerateSecret(t *testing.T) { + var ( + rStr = `^[0123456789ABCDEFGHJKMNPQRSTVWXYZ]{32}$` + r = regexp.MustCompile(rStr) + ) + + for i := 0; i < 10; i++ { + secret := util.MustGenerateSecret() + if !r.MatchString(secret) { + t.Logf("%d: secret %s does not match regex %s", i, secret, rStr) + t.Fail() + } + } +} |