From 9010d7bb3a13561b06b123a61a22e8bbce97053e Mon Sep 17 00:00:00 2001 From: Alexander Neumann Date: Fri, 1 May 2015 17:31:57 +0200 Subject: [PATCH] Add test for invalid (=zero) crypto keys --- crypto/crypto.go | 42 ++++++++++++++++++++++++++++++++++++++++++ server/key.go | 15 ++++++++++----- 2 files changed, 52 insertions(+), 5 deletions(-) diff --git a/crypto/crypto.go b/crypto/crypto.go index 0e21233cc..418d80f8a 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -179,6 +179,28 @@ func (m *MACKey) UnmarshalJSON(data []byte) error { return nil } +// Valid tests whether the key k is valid (i.e. not zero). +func (k *MACKey) Valid() bool { + nonzeroK := false + for i := 0; i < len(k.K); i++ { + if k.K[i] != 0 { + nonzeroK = true + } + } + + if !nonzeroK { + return false + } + + for i := 0; i < len(k.R); i++ { + if k.R[i] != 0 { + return true + } + } + + return false +} + func (k *EncryptionKey) MarshalJSON() ([]byte, error) { return json.Marshal(k[:]) } @@ -194,6 +216,17 @@ func (k *EncryptionKey) UnmarshalJSON(data []byte) error { return nil } +// Valid tests whether the key k is valid (i.e. not zero). +func (k *EncryptionKey) Valid() bool { + for i := 0; i < len(k); i++ { + if k[i] != 0 { + return true + } + } + + return false +} + // ErrInvalidCiphertext is returned when trying to encrypt into the slice that // holds the plaintext. var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext") @@ -304,3 +337,12 @@ func KDF(N, R, P int, salt []byte, password string) (*Key, error) { return derKeys, nil } + +// Valid tests if the key is valid. +func (k *Key) Valid() bool { + if k.ChunkerPolynomial != 0 && !k.ChunkerPolynomial.Irreducible() { + return false + } + + return k.Encrypt.Valid() && k.MAC.Valid() +} diff --git a/server/key.go b/server/key.go index f552c1ff2..bcecb7719 100644 --- a/server/key.go +++ b/server/key.go @@ -88,13 +88,13 @@ func OpenKey(s *Server, name string, password string) (*Key, error) { } k.name = name - // test if polynomial is valid and irreducible - if k.master.ChunkerPolynomial == 0 { - return nil, errors.New("Polynomial for content defined chunking is zero") + if !k.Valid() { + return nil, errors.New("Invalid key for repository") } - if !k.master.ChunkerPolynomial.Irreducible() { - return nil, errors.New("Polynomial for content defined chunking is invalid") + // test if the chunker polynomial is present in the master key + if k.master.ChunkerPolynomial == 0 { + return nil, errors.New("Polynomial for content defined chunking is zero") } debug.Log("OpenKey", "Master keys loaded, polynomial %v", k.master.ChunkerPolynomial) @@ -279,3 +279,8 @@ func (k *Key) String() string { func (k Key) Name() string { return k.name } + +// Valid tests whether the mac and encryption keys are valid (i.e. not zero) +func (k *Key) Valid() bool { + return k.user.Valid() && k.master.Valid() +}