From bde0301637c4c2cb08abc93e6dde4373c7626d64 Mon Sep 17 00:00:00 2001
From: Joachim Bauch <bauch@struktur.de>
Date: Mon, 7 Sep 2020 09:01:34 +0200
Subject: [PATCH] proxy: Generate random session hash keys.

This is to ensure that session ids are only valid until the proxy is restarted.
---
 proxy.conf.in             | 10 ----------
 src/proxy/proxy_server.go | 25 ++++++++-----------------
 2 files changed, 8 insertions(+), 27 deletions(-)

diff --git a/proxy.conf.in b/proxy.conf.in
index 98b0fde..cd62a60 100644
--- a/proxy.conf.in
+++ b/proxy.conf.in
@@ -20,16 +20,6 @@
 # - etcd: Token information are retrieved from an etcd cluster (see below).
 tokentype = static
 
-[sessions]
-# Secret value used to generate checksums of sessions. This should be a random
-# string of 32 or 64 bytes.
-hashkey = secret-for-session-checksums
-
-# Optional key for encrypting data in the sessions. Must be either 16, 24 or
-# 32 bytes.
-# If no key is specified, data will not be encrypted (not recommended).
-blockkey = -encryption-key-
-
 [nats]
 # Url of NATS backend to use. This can also be a list of URLs to connect to
 # multiple backends. For local development, this can be set to ":loopback:"
diff --git a/src/proxy/proxy_server.go b/src/proxy/proxy_server.go
index 4f6d8fc..fad2e90 100644
--- a/src/proxy/proxy_server.go
+++ b/src/proxy/proxy_server.go
@@ -23,6 +23,7 @@ package main
 
 import (
 	"context"
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -108,24 +109,14 @@ type ProxyServer struct {
 }
 
 func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, nats signaling.NatsClient) (*ProxyServer, error) {
-	hashKey, _ := config.GetString("sessions", "hashkey")
-	switch len(hashKey) {
-	case 32:
-	case 64:
-	default:
-		log.Printf("WARNING: The sessions hash key should be 32 or 64 bytes but is %d bytes", len(hashKey))
+	hashKey := make([]byte, 64)
+	if _, err := rand.Read(hashKey); err != nil {
+		return nil, fmt.Errorf("Could not generate random hash key: %s", err)
 	}
 
-	blockKey, _ := config.GetString("sessions", "blockkey")
-	blockBytes := []byte(blockKey)
-	switch len(blockKey) {
-	case 0:
-		blockBytes = nil
-	case 16:
-	case 24:
-	case 32:
-	default:
-		return nil, fmt.Errorf("The sessions block key must be 16, 24 or 32 bytes but is %d bytes", len(blockKey))
+	blockKey := make([]byte, 32)
+	if _, err := rand.Read(blockKey); err != nil {
+		return nil, fmt.Errorf("Could not generate random block key: %s", err)
 	}
 
 	var tokens ProxyTokens
@@ -191,7 +182,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, na
 		tokens:          tokens,
 		statsAllowedIps: statsAllowedIps,
 
-		cookie:   securecookie.New([]byte(hashKey), blockBytes).MaxAge(0),
+		cookie:   securecookie.New(hashKey, blockKey).MaxAge(0),
 		sessions: make(map[uint64]*ProxySession),
 
 		clients:   make(map[string]signaling.McuClient),