Enforce minimum length for padlock generation secret

src/secrets.rs

@@ -1,8 +1,10 @@
-use std::{convert::Infallible, fmt::Debug};
+use std::fmt::Debug;
 
 use hex::FromHex;
+use rand::{thread_rng, Rng};
 use secrecy::{ExposeSecret, SecretString, SecretVec};
 use serde::{Deserialize, Serialize};
+use thiserror::Error;
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct Password(pub SecretString);
@@ -52,8 +54,18 @@ impl From<String> for ServerPadlock {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct ServerHash(pub String);
 
-#[derive(Deserialize)]
 pub struct PadlockGenerationSecret(pub SecretVec<u8>);
+
+impl PadlockGenerationSecret {
+    /// Entirely arbitrary
+    const MIN_LENGTH_BYTES: usize = 32;
+
+    fn get_random_secret() -> Vec<u8> {
+        let mut rng = thread_rng();
+        (0..Self::MIN_LENGTH_BYTES).map(|_| rng.gen()).collect()
+    }
+}
+
 impl Debug for PadlockGenerationSecret {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_tuple("PadlockGenerationSecret")
@@ -67,10 +79,22 @@ impl Clone for PadlockGenerationSecret {
     }
 }
 
+#[derive(Debug, Clone, Error)]
+#[error(
+    "Padlock secret too short, must be at least {} bytes - here's a fresh secret for you: {}",
+    PadlockGenerationSecret::MIN_LENGTH_BYTES,
+    hex::encode(PadlockGenerationSecret::get_random_secret())
+)]
+pub struct PadlockSecretTooShort;
 impl FromHex for PadlockGenerationSecret {
-    type Error = Infallible;
+    type Error = PadlockSecretTooShort;
 
     fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error> {
-        Ok(Self(hex.as_ref().to_vec().into()))
+        let hex = hex.as_ref();
+        if hex.len() < Self::MIN_LENGTH_BYTES {
+            Err(PadlockSecretTooShort)
+        } else {
+            Ok(Self(hex.to_vec().into()))
+        }
     }
 }