Skip to content
This repository has been archived by the owner on Mar 30, 2021. It is now read-only.

Commit

Permalink
driver: only check hmac if present
Browse files Browse the repository at this point in the history 
avoids a panic()
  • Loading branch information
@tmc
tmc committed Dec 2, 2018
1 parent 9081ef6 commit fcc7d62
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions src/gcredstash/driver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ package gcredstash

import (
"fmt"
"strings"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/dynamodb"
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbiface"
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
"strings"
)

type Driver struct {
Expand Down Expand Up @@ -79,10 +80,12 @@ func (driver *Driver) DecryptMaterial(name string, material map[string]*dynamodb
}

contents := B64Decode(*material["contents"].S)
hmac := HexDecode(*material["hmac"].S)
if material["hmac"].S != nil {
hmac := HexDecode(*material["hmac"].S)

if !ValidateHMAC(contents, hmac, hmacKey) {
return "", fmt.Errorf("Computed HMAC on %s does not match stored HMAC", name)
if !ValidateHMAC(contents, hmac, hmacKey) {
return "", fmt.Errorf("Computed HMAC on %s does not match stored HMAC", name)
}
}

decrypted := Crypt(contents, dataKey)
Expand Down

0 comments on commit fcc7d62

Please sign in to comment.