forked from TrueCloudLab/restic
Add test for invalid (=zero) crypto keys
This commit is contained in:
parent
98dc811536
commit
9010d7bb3a
2 changed files with 52 additions and 5 deletions
|
@ -179,6 +179,28 @@ func (m *MACKey) UnmarshalJSON(data []byte) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Valid tests whether the key k is valid (i.e. not zero).
|
||||||
|
func (k *MACKey) Valid() bool {
|
||||||
|
nonzeroK := false
|
||||||
|
for i := 0; i < len(k.K); i++ {
|
||||||
|
if k.K[i] != 0 {
|
||||||
|
nonzeroK = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !nonzeroK {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
for i := 0; i < len(k.R); i++ {
|
||||||
|
if k.R[i] != 0 {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func (k *EncryptionKey) MarshalJSON() ([]byte, error) {
|
func (k *EncryptionKey) MarshalJSON() ([]byte, error) {
|
||||||
return json.Marshal(k[:])
|
return json.Marshal(k[:])
|
||||||
}
|
}
|
||||||
|
@ -194,6 +216,17 @@ func (k *EncryptionKey) UnmarshalJSON(data []byte) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Valid tests whether the key k is valid (i.e. not zero).
|
||||||
|
func (k *EncryptionKey) Valid() bool {
|
||||||
|
for i := 0; i < len(k); i++ {
|
||||||
|
if k[i] != 0 {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// ErrInvalidCiphertext is returned when trying to encrypt into the slice that
|
// ErrInvalidCiphertext is returned when trying to encrypt into the slice that
|
||||||
// holds the plaintext.
|
// holds the plaintext.
|
||||||
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")
|
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")
|
||||||
|
@ -304,3 +337,12 @@ func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
|
||||||
|
|
||||||
return derKeys, nil
|
return derKeys, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Valid tests if the key is valid.
|
||||||
|
func (k *Key) Valid() bool {
|
||||||
|
if k.ChunkerPolynomial != 0 && !k.ChunkerPolynomial.Irreducible() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return k.Encrypt.Valid() && k.MAC.Valid()
|
||||||
|
}
|
||||||
|
|
|
@ -88,13 +88,13 @@ func OpenKey(s *Server, name string, password string) (*Key, error) {
|
||||||
}
|
}
|
||||||
k.name = name
|
k.name = name
|
||||||
|
|
||||||
// test if polynomial is valid and irreducible
|
if !k.Valid() {
|
||||||
if k.master.ChunkerPolynomial == 0 {
|
return nil, errors.New("Invalid key for repository")
|
||||||
return nil, errors.New("Polynomial for content defined chunking is zero")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !k.master.ChunkerPolynomial.Irreducible() {
|
// test if the chunker polynomial is present in the master key
|
||||||
return nil, errors.New("Polynomial for content defined chunking is invalid")
|
if k.master.ChunkerPolynomial == 0 {
|
||||||
|
return nil, errors.New("Polynomial for content defined chunking is zero")
|
||||||
}
|
}
|
||||||
|
|
||||||
debug.Log("OpenKey", "Master keys loaded, polynomial %v", k.master.ChunkerPolynomial)
|
debug.Log("OpenKey", "Master keys loaded, polynomial %v", k.master.ChunkerPolynomial)
|
||||||
|
@ -279,3 +279,8 @@ func (k *Key) String() string {
|
||||||
func (k Key) Name() string {
|
func (k Key) Name() string {
|
||||||
return k.name
|
return k.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Valid tests whether the mac and encryption keys are valid (i.e. not zero)
|
||||||
|
func (k *Key) Valid() bool {
|
||||||
|
return k.user.Valid() && k.master.Valid()
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue