Add support for base16-encoded (a.k.a. hex-encoded) secret keys.

2019-03-28 14:06:01 -07:00 · 2019-03-28 14:06:01 -07:00 · 121210c55c
parent 96235615ce
commit 121210c55c
3 changed files with 27 additions and 15 deletions
--- a/core/lib/Cargo.toml
+++ b/core/lib/Cargo.toml
@ -34,6 +34,7 @@ state = "0.4.1"
 time = "0.1"
 memchr = "2" # TODO: Use pear instead.
 base64 = "0.10"
+base16 = "0.2"
 pear = "0.1"
 atty = "0.2"

--- a/core/lib/src/config/config.rs
+++ b/core/lib/src/config/config.rs
@ -10,7 +10,7 @@ use crate::config::{Table, Value, Array, Datetime};
 use crate::http::private::Key;

 use super::custom_values::*;
-use {num_cpus, base64};
+use {num_cpus, base16, base64};

 /// Structure for Rocket application configuration.
 ///
@ -298,7 +298,7 @@ impl Config {
    ///   * **workers**: Integer (16-bit unsigned)
    ///   * **keep_alive**: Integer
    ///   * **log**: String
-    ///   * **secret_key**: String (256-bit base64)
+    ///   * **secret_key**: String (256-bit base64 or base16)
    ///   * **tls**: Table (`certs` (path as String), `key` (path as String))
    pub(crate) fn set_raw(&mut self, name: &str, val: &Value) -> Result<()> {
        let (id, ok) = (|val| val, |_| Ok(()));
@ -423,11 +423,11 @@ impl Config {
    }

    /// Sets the `secret_key` in `self` to `key` which must be a 256-bit base64
-    /// encoded string.
+    /// or base16 encoded string.
    ///
    /// # Errors
    ///
-    /// If `key` is not a valid 256-bit base64 encoded string, returns a
+    /// If `key` is not a valid 256-bit encoded string, returns a
    /// `BadType` error.
    ///
    /// # Example
@ -438,20 +438,31 @@ impl Config {
    /// let mut config = Config::new(Environment::Staging);
    /// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=";
    /// assert!(config.set_secret_key(key).is_ok());
+    /// let key = "fe4c5b09a9ac372156e44ce133bc940685ef5e0394d6e9274aadacc21e4f2643";
+    /// assert!(config.set_secret_key(key).is_ok());
    /// assert!(config.set_secret_key("hello? anyone there?").is_err());
    /// ```
    pub fn set_secret_key<K: Into<String>>(&mut self, key: K) -> Result<()> {
        let key = key.into();
        let error = self.bad_type("secret_key", "string",
-                                  "a 256-bit base64 encoded string");
+                                  "a 256-bit base16 or base64 encoded string");

-        if key.len() != 44 {
-            return Err(error);
-        }
-
-        let bytes = match base64::decode(&key) {
+        let bytes = match key.len() {
+            44 => {
+                match base64::decode(&key) {
                    Ok(bytes) => bytes,
                    Err(_) => return Err(error)
+                }
+            }
+            64 => {
+                match base16::decode(&key) {
+                    Ok(bytes) => bytes,
+                    Err(_) => return Err(error)
+                }
+            }
+            _ => {
+                return Err(error)
+            }
        };

        self.secret_key = SecretKey::Provided(Key::from_master(&bytes));
--- a/site/guide/9-configuration.md
+++ b/site/guide/9-configuration.md
@ -92,9 +92,9 @@ limits = { forms = 32768 }
 The `workers` and `secret_key` default parameters are computed by Rocket
 automatically; the values above are not valid TOML syntax. When manually
 specifying the number of workers, the value should be an integer: `workers =
-10`. When manually specifying the secret key, the value should a 256-bit base64
-encoded string. Such a string can be generated using a tool such as openssl:
-`openssl rand -base64 32`.
+10`. When manually specifying the secret key, the value should a random 256-bit
+value, encoded as a base64 or base16 string. Such a string can be generated
+using a tool like openssl: `openssl rand -base64 32`.

 The "global" pseudo-environment can be used to set and/or override configuration
 parameters globally. A parameter defined in a `[global]` table sets, or