mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
a728a665e1
* In the random APIs, add a 'prng' param that causes a DRBG seeded from the selected source(s) to be the source of the returned bytes * fixes, unit test next * unit tests * changelog * memory ramifications * switch to using a string called drbg * Update helper/random/random_api.go * wrong changelog --------- Co-authored-by: Scott Miller <smiller@hashicorp.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
72 lines
2.2 KiB
Go
72 lines
2.2 KiB
Go
// Copyright IBM Corp. 2016, 2025
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package transit
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/helper/random"
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func (b *backend) pathRandom() *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: "random(/" + framework.GenericNameRegex("source") + ")?" + framework.OptionalParamRegex("urlbytes"),
|
|
|
|
DisplayAttrs: &framework.DisplayAttributes{
|
|
OperationPrefix: operationPrefixTransit,
|
|
OperationVerb: "generate",
|
|
OperationSuffix: "random|random-with-source|random-with-bytes|random-with-source-and-bytes",
|
|
},
|
|
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"urlbytes": {
|
|
Type: framework.TypeString,
|
|
Description: "The number of bytes to generate (POST URL parameter)",
|
|
},
|
|
|
|
"bytes": {
|
|
Type: framework.TypeInt,
|
|
Default: 32,
|
|
Description: "The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).",
|
|
},
|
|
|
|
"format": {
|
|
Type: framework.TypeString,
|
|
Default: "base64",
|
|
Description: `Encoding format to use. Can be "hex" or "base64". Defaults to "base64".`,
|
|
},
|
|
|
|
"source": {
|
|
Type: framework.TypeString,
|
|
Default: "platform",
|
|
Description: `Which system to source random data from, ether "platform", "seal", or "all".`,
|
|
},
|
|
"drbg": {
|
|
Type: framework.TypeString,
|
|
Default: "",
|
|
Description: "If set, seed a secure DRBG from the source and use it to generate the bytes. This can be more performant when using the seal source." +
|
|
" Possible values are unset (don't use a DRBG), \"auto\" and \"hmacdrbg\" which are equivalent.",
|
|
},
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: b.pathRandomWrite,
|
|
},
|
|
|
|
HelpSynopsis: pathRandomHelpSyn,
|
|
HelpDescription: pathRandomHelpDesc,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathRandomWrite(_ context.Context, _ *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
return random.HandleRandomAPI(d, b.GetRandomReader())
|
|
}
|
|
|
|
const pathRandomHelpSyn = `Generate random bytes`
|
|
|
|
const pathRandomHelpDesc = `
|
|
This function can be used to generate high-entropy random bytes.
|
|
`
|