mirrors
/
restic
mirror of https://github.com/restic/restic.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add test for invalid (=zero) crypto keys

This commit is contained in:
Alexander Neumann 2015-05-01 17:31:57 +02:00
parent 98dc811536
commit 9010d7bb3a
2 changed files with 52 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
crypto/crypto.go
View File

@ -179,6 +179,28 @@ func (m *MACKey) UnmarshalJSON(data []byte) error {
return nil return nil
} }
// Valid tests whether the key k is valid (i.e. not zero).
func (k *MACKey) Valid() bool {
nonzeroK := false
for i := 0; i < len(k.K); i++ {
if k.K[i] != 0 {
nonzeroK = true
}
}
if !nonzeroK {
return false
}
for i := 0; i < len(k.R); i++ {
if k.R[i] != 0 {
return true
}
}
return false
}
func (k *EncryptionKey) MarshalJSON() ([]byte, error) { func (k *EncryptionKey) MarshalJSON() ([]byte, error) {
return json.Marshal(k[:]) return json.Marshal(k[:])
} }
@ -194,6 +216,17 @@ func (k *EncryptionKey) UnmarshalJSON(data []byte) error {
return nil return nil
} }
// Valid tests whether the key k is valid (i.e. not zero).
func (k *EncryptionKey) Valid() bool {
for i := 0; i < len(k); i++ {
if k[i] != 0 {
return true
}
}
return false
}
// ErrInvalidCiphertext is returned when trying to encrypt into the slice that // ErrInvalidCiphertext is returned when trying to encrypt into the slice that
// holds the plaintext. // holds the plaintext.
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext") var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")
@ -304,3 +337,12 @@ func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
return derKeys, nil return derKeys, nil
} }
// Valid tests if the key is valid.
func (k *Key) Valid() bool {
if k.ChunkerPolynomial != 0 && !k.ChunkerPolynomial.Irreducible() {
return false
}
return k.Encrypt.Valid() && k.MAC.Valid()
}

15
server/key.go
View File

@ -88,13 +88,13 @@ func OpenKey(s *Server, name string, password string) (*Key, error) {
} }
k.name = name k.name = name
// test if polynomial is valid and irreducible if !k.Valid() {
if k.master.ChunkerPolynomial == 0 { return nil, errors.New("Invalid key for repository")
return nil, errors.New("Polynomial for content defined chunking is zero")
} }
if !k.master.ChunkerPolynomial.Irreducible() { // test if the chunker polynomial is present in the master key
return nil, errors.New("Polynomial for content defined chunking is invalid") if k.master.ChunkerPolynomial == 0 {
return nil, errors.New("Polynomial for content defined chunking is zero")
} }
debug.Log("OpenKey", "Master keys loaded, polynomial %v", k.master.ChunkerPolynomial) debug.Log("OpenKey", "Master keys loaded, polynomial %v", k.master.ChunkerPolynomial)
@ -279,3 +279,8 @@ func (k *Key) String() string {
func (k Key) Name() string { func (k Key) Name() string {
return k.name return k.name
} }
// Valid tests whether the mac and encryption keys are valid (i.e. not zero)
func (k *Key) Valid() bool {
return k.user.Valid() && k.master.Valid()
}