forked from TrueCloudLab/restic
crypto: check key for validity
This commit is contained in:
parent
4f6bc754b8
commit
b841eb4c54
1 changed files with 8 additions and 0 deletions
|
@ -233,6 +233,10 @@ var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for p
|
||||||
// necessary. ciphertext and plaintext may not point to (exactly) the same
|
// necessary. ciphertext and plaintext may not point to (exactly) the same
|
||||||
// slice or non-intersecting slices.
|
// slice or non-intersecting slices.
|
||||||
func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error) {
|
func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error) {
|
||||||
|
if !ks.Valid() {
|
||||||
|
return nil, errors.New("invalid key")
|
||||||
|
}
|
||||||
|
|
||||||
ciphertext = ciphertext[:cap(ciphertext)]
|
ciphertext = ciphertext[:cap(ciphertext)]
|
||||||
|
|
||||||
// test for same slice, if possible
|
// test for same slice, if possible
|
||||||
|
@ -271,6 +275,10 @@ func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error) {
|
||||||
// IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the
|
// IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the
|
||||||
// same slice.
|
// same slice.
|
||||||
func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error) {
|
func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error) {
|
||||||
|
if !ks.Valid() {
|
||||||
|
return nil, errors.New("invalid key")
|
||||||
|
}
|
||||||
|
|
||||||
// check for plausible length
|
// check for plausible length
|
||||||
if len(ciphertextWithMac) < ivSize+macSize {
|
if len(ciphertextWithMac) < ivSize+macSize {
|
||||||
panic("trying to decrypt invalid data: ciphertext too small")
|
panic("trying to decrypt invalid data: ciphertext too small")
|
||||||
|
|
Loading…
Reference in a new issue