From e926b69bb57602f9e63c49ae8db868b9e3bf0aad Mon Sep 17 00:00:00 2001
From: Simon Eisenmann <simon@struktur.de>
Date: Mon, 23 Jun 2014 15:22:32 +0200
Subject: [PATCH] Validate secret lengths on startup.

---
 src/app/spreed-webrtc-server/main.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/app/spreed-webrtc-server/main.go b/src/app/spreed-webrtc-server/main.go
index 3f1111b3..4a1c289b 100644
--- a/src/app/spreed-webrtc-server/main.go
+++ b/src/app/spreed-webrtc-server/main.go
@@ -209,11 +209,23 @@ func runner(runtime phoenix.Runtime) error {
 	sessionSecret, err := runtime.GetString("app", "sessionSecret")
 	if err != nil {
 		return fmt.Errorf("No sessionSecret in config file.")
+	} else {
+		if len(sessionSecret) < 32 {
+			return fmt.Errorf("Length of sessionSecret must be at least 32 bytes.")
+		}
 	}
 
 	encryptionSecret, err := runtime.GetString("app", "encryptionSecret")
 	if err != nil {
 		return fmt.Errorf("No encryptionSecret in config file.")
+	} else {
+		switch l := len(encryptionSecret); {
+		case l == 16:
+		case l == 24:
+		case l == 32:
+		default:
+			return fmt.Errorf("Length of encryptionSecret must be exactly 16, 24 or 32 bytes to select AES-128, AES-192 or AES-256.")
+		}
 	}
 
 	tokenFile, err := runtime.GetString("app", "tokenFile")