Add more checks befor decrypting data

backend/local.go

@@ -24,6 +24,8 @@ const (
 	versionFileName = "version"
 )
 
+var ErrWrongData = errors.New("wrong data returned by backend, checksum does not match")
+
 type Local struct {
 	p   string
 	ver uint
@@ -218,7 +220,8 @@ func (b *Local) filename(t Type, id ID) string {
 	return filepath.Join(b.dir(t), id.String())
 }
 
-// Get returns the content stored under the given ID.
+// Get returns the content stored under the given ID. If the data doesn't match
+// the requested ID, ErrWrongData is returned.
 func (b *Local) Get(t Type, id ID) ([]byte, error) {
 	// try to open file
 	file, err := os.Open(b.filename(t, id))
@@ -233,6 +236,11 @@ func (b *Local) Get(t Type, id ID) ([]byte, error) {
 		return nil, err
 	}
 
+	// check id
+	if !Hash(buf).Equal(id) {
+		return nil, ErrWrongData
+	}
+
 	return buf, nil
 }
 

backend/sftp.go

@@ -292,7 +292,8 @@ func (r *SFTP) filename(t Type, id ID) string {
 	return filepath.Join(r.dir(t), id.String())
 }
 
-// Get returns the content stored under the given ID.
+// Get returns the content stored under the given ID. If the data doesn't match
+// the requested ID, ErrWrongData is returned.
 func (r *SFTP) Get(t Type, id ID) ([]byte, error) {
 	// try to open file
 	file, err := r.c.Open(r.filename(t, id))
@@ -307,6 +308,11 @@ func (r *SFTP) Get(t Type, id ID) ([]byte, error) {
 		return nil, err
 	}
 
+	// check id
+	if !Hash(buf).Equal(id) {
+		return nil, ErrWrongData
+	}
+
 	return buf, nil
 }
 

key.go

@@ -304,6 +304,11 @@ func (k *Key) Encrypt(ciphertext, plaintext []byte) (int, error) {
 // Decrypt verifes and decrypts the ciphertext. Ciphertext must be in the form
 // IV || Ciphertext || HMAC.
 func (k *Key) decrypt(ks *keys, ciphertext []byte) ([]byte, error) {
+	// check for plausible length
+	if len(ciphertext) <= ivSize+hmacSize {
+		panic("trying to decryipt invalid data: ciphertext too small")
+	}
+
 	hm := hmac.New(sha256.New, ks.Sign)
 
 	// extract hmac