mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
5d60cff21e
* refactor backend, implement encrypted store * refactor in-memory store * wip * wip * wip * add syncer test * fix redis expiry * fix linting issues * fix test by skipping non-config records * fix backoff import * fix init issues * fix query * wait for initial sync before starting directory sync * add type to SyncLatest * add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest * update sync types and tests * add redis tests * skip macos in github actions * add comments to proto * split getBackend into separate methods * handle errors in initVersion * return different error for not found vs other errors in get * use exponential backoff for redis transaction retry * rename raw to result * use context instead of close channel * store type urls as constants in databroker * use timestampb instead of ptypes * fix group merging not waiting * change locked names * update GetAll to return latest record version * add method to grpcutil to get the type url for a protobuf type
53 lines
1.2 KiB
Go
53 lines
1.2 KiB
Go
package cryptutil
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"encoding/binary"
|
|
)
|
|
|
|
// DefaultKeySize is the default key size in bytes.
|
|
const DefaultKeySize = 32
|
|
|
|
// NewKey generates a random 32-byte (256 bit) key.
|
|
//
|
|
// Panics if source of randomness fails.
|
|
func NewKey() []byte {
|
|
return randomBytes(DefaultKeySize)
|
|
}
|
|
|
|
// NewBase64Key generates a random base64 encoded 32-byte key.
|
|
//
|
|
// Panics if source of randomness fails.
|
|
func NewBase64Key() string {
|
|
return NewRandomStringN(DefaultKeySize)
|
|
}
|
|
|
|
// NewRandomStringN returns base64 encoded random string of a given num of bytes.
|
|
//
|
|
// Panics if source of randomness fails.
|
|
func NewRandomStringN(c int) string {
|
|
return base64.StdEncoding.EncodeToString(randomBytes(c))
|
|
}
|
|
|
|
// NewRandomUInt64 returns a random uint64.
|
|
//
|
|
// Panics if source of randomness fails.
|
|
func NewRandomUInt64() uint64 {
|
|
return binary.LittleEndian.Uint64(randomBytes(8))
|
|
}
|
|
|
|
// randomBytes generates C number of random bytes suitable for cryptographic
|
|
// operations.
|
|
//
|
|
// Panics if source of randomness fails.
|
|
func randomBytes(c int) []byte {
|
|
if c < 0 {
|
|
c = DefaultKeySize
|
|
}
|
|
b := make([]byte, c)
|
|
if _, err := rand.Read(b); err != nil {
|
|
panic(err)
|
|
}
|
|
return b
|
|
}
|