From 19e87b75b75d3b93b1afbda92f26362a3acecd19 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Tue, 2 Feb 2021 13:51:35 +0100 Subject: [PATCH] cmd/age: expand test vectors suite --- cmd/age/age.go | 3 +- cmd/age/age_test.go | 35 ++++++++++++++-- cmd/age/testdata/default_key.txt | 6 +++ cmd/age/testdata/default_password.txt | 1 + cmd/age/testdata/ed25519.age | 5 +++ cmd/age/testdata/ed25519_key.txt | 7 ++++ cmd/age/testdata/ed25519_key.txt.pub | 1 + cmd/age/testdata/empty_recipient_body_key.txt | 1 - .../testdata/fail_large_filekey_scrypt.age | 11 ++--- .../fail_large_filekey_scrypt_password.txt | 1 - .../testdata/fail_large_filekey_x25519.age | 10 ++--- .../fail_large_filekey_x25519_key.txt | 3 -- cmd/age/testdata/fail_scrypt_and_x25519.age | Bin 0 -> 283 bytes .../testdata/fail_scrypt_work_factor_23.age | 5 +++ cmd/age/testdata/nomatch_scrypt.age | 5 +++ cmd/age/testdata/nomatch_x25519.age | 5 +++ cmd/age/testdata/rsa.age | 13 ++++++ cmd/age/testdata/rsa_key.txt | 38 ++++++++++++++++++ cmd/age/testdata/rsa_key.txt.pub | 1 + cmd/age/testdata/scrypt_work_factor_10.age | 5 +++ primitives.go | 6 ++- scrypt.go | 4 +- testdata/keys.txt | 2 +- x25519.go | 4 +- 24 files changed, 146 insertions(+), 26 deletions(-) create mode 100644 cmd/age/testdata/default_key.txt create mode 100644 cmd/age/testdata/default_password.txt create mode 100644 cmd/age/testdata/ed25519.age create mode 100644 cmd/age/testdata/ed25519_key.txt create mode 100644 cmd/age/testdata/ed25519_key.txt.pub delete mode 100644 cmd/age/testdata/empty_recipient_body_key.txt delete mode 100644 cmd/age/testdata/fail_large_filekey_scrypt_password.txt delete mode 100644 cmd/age/testdata/fail_large_filekey_x25519_key.txt create mode 100644 cmd/age/testdata/fail_scrypt_and_x25519.age create mode 100644 cmd/age/testdata/fail_scrypt_work_factor_23.age create mode 100644 cmd/age/testdata/nomatch_scrypt.age create mode 100644 cmd/age/testdata/nomatch_x25519.age create mode 100644 cmd/age/testdata/rsa.age create mode 100644 cmd/age/testdata/rsa_key.txt create mode 100644 cmd/age/testdata/rsa_key.txt.pub create mode 100644 cmd/age/testdata/scrypt_work_factor_10.age diff --git a/cmd/age/age.go b/cmd/age/age.go index acfa1f8..953fbaf 100644 --- a/cmd/age/age.go +++ b/cmd/age/age.go @@ -264,7 +264,6 @@ func encryptPass(pass string, in io.Reader, out io.Writer, armor bool) { } func encrypt(recipients []age.Recipient, in io.Reader, out io.Writer, withArmor bool) { - ageEncrypt := age.Encrypt if withArmor { a := armor.NewWriter(out) defer func() { @@ -274,7 +273,7 @@ func encrypt(recipients []age.Recipient, in io.Reader, out io.Writer, withArmor }() out = a } - w, err := ageEncrypt(out, recipients...) + w, err := age.Encrypt(out, recipients...) if err != nil { logFatalf("Error: %v", err) } diff --git a/cmd/age/age_test.go b/cmd/age/age_test.go index ddbcaf8..8e1517e 100644 --- a/cmd/age/age_test.go +++ b/cmd/age/age_test.go @@ -7,6 +7,7 @@ package main import ( + "errors" "io/ioutil" "os" "path/filepath" @@ -17,24 +18,40 @@ import ( ) func TestVectors(t *testing.T) { + defaultIDs, err := parseIdentitiesFile("testdata/default_key.txt") + if err != nil { + t.Fatal(err) + } + password, err := ioutil.ReadFile("testdata/default_password.txt") + if err == nil { + p := strings.TrimSpace(string(password)) + i, err := age.NewScryptIdentity(p) + if err != nil { + t.Fatal(err) + } + defaultIDs = append(defaultIDs, i) + } + files, _ := filepath.Glob("testdata/*.age") for _, f := range files { _, name := filepath.Split(f) name = strings.TrimSuffix(name, ".age") expectFailure := strings.HasPrefix(name, "fail_") + expectNoMatch := strings.HasPrefix(name, "nomatch_") t.Run(name, func(t *testing.T) { - var identities []age.Identity + identities := defaultIDs ids, err := parseIdentitiesFile("testdata/" + name + "_key.txt") if err == nil { - identities = append(identities, ids...) + identities = ids } password, err := ioutil.ReadFile("testdata/" + name + "_password.txt") if err == nil { - i, err := age.NewScryptIdentity(string(password)) + p := strings.TrimSpace(string(password)) + i, err := age.NewScryptIdentity(p) if err != nil { t.Fatal(err) } - identities = append(identities, i) + identities = []age.Identity{i} } in, err := os.Open("testdata/" + name + ".age") @@ -46,6 +63,16 @@ func TestVectors(t *testing.T) { if err == nil { t.Fatal("expected Decrypt failure") } + if e := (&age.NoIdentityMatchError{}); errors.As(err, &e) { + t.Errorf("got ErrIncorrectIdentity, expected more specific error") + } + } else if expectNoMatch { + if err == nil { + t.Fatal("expected Decrypt failure") + } + if e := (&age.NoIdentityMatchError{}); !errors.As(err, &e) { + t.Errorf("expected ErrIncorrectIdentity, got %v", err) + } } else { if err != nil { t.Fatal(err) diff --git a/cmd/age/testdata/default_key.txt b/cmd/age/testdata/default_key.txt new file mode 100644 index 0000000..3195a61 --- /dev/null +++ b/cmd/age/testdata/default_key.txt @@ -0,0 +1,6 @@ +# created: 2021-02-02T13:09:43+01:00 +# public key: age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef +AGE-SECRET-KEY-1EGTZVFFV20835NWYV6270LXYVK2VKNX2MMDKWYKLMGR48UAWX40Q2P2LM0 + +# TODO: regenerate empty_recipient_body.age +AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX diff --git a/cmd/age/testdata/default_password.txt b/cmd/age/testdata/default_password.txt new file mode 100644 index 0000000..adc6efa --- /dev/null +++ b/cmd/age/testdata/default_password.txt @@ -0,0 +1 @@ +now-major-idea-author-clerk-bronze-all-soul-uncover-glad diff --git a/cmd/age/testdata/ed25519.age b/cmd/age/testdata/ed25519.age new file mode 100644 index 0000000..d6ddc32 --- /dev/null +++ b/cmd/age/testdata/ed25519.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 cp09gQ Kf5JDNFFDUaOvups2MDfP47PlrpJthnmz0WNMfGj+C8 +hQ76lMAsG2pjR8GHTU+XU0giePyzE3prVmAw5MbMxSk +--- CjO8qf3vd83otqHSflgWP5gQoe2Roo9tf/zgWEy9t0U +ٮ%Jnj scrypt qeKad+OgIkBbr/ndSa7J3Q 1 -C2tmV7/uZjRafxqaQd1JhYkM2KxuHHBy3/d2dJNEZEh8rZCqYfvE/eJUXqiqZsZa -6kWgG1qa6Q6sXPz0vIIpYHGf4gzxG9oTVonMke2kHC4 ---- FQeacPQobvFBd0tuIQnQDd/NEDR4G4MfylkXiq9ZqZ0 -ptt3q)vQo̚K7)%a \ No newline at end of file +-> scrypt z8U9dYMQuK1fFdvtpQYLEQ 10 +5SVjw1bbFCZLdI1FR7RqfTd3yWo4KS1ikOjvz60Bpqhrv0W6o6/2oszxZEm1gEUC + +--- YXxSwONGPBbV7woMuEFTYuA03qTYUF1k0Y8j/NDEu1o + +! i.f{dIE] n$!b2 \ No newline at end of file diff --git a/cmd/age/testdata/fail_large_filekey_scrypt_password.txt b/cmd/age/testdata/fail_large_filekey_scrypt_password.txt deleted file mode 100644 index 0249b11..0000000 --- a/cmd/age/testdata/fail_large_filekey_scrypt_password.txt +++ /dev/null @@ -1 +0,0 @@ -dog-old-little-breeze-novel-razor-battle-replace-lake-horse \ No newline at end of file diff --git a/cmd/age/testdata/fail_large_filekey_x25519.age b/cmd/age/testdata/fail_large_filekey_x25519.age index 100234e..e724828 100644 --- a/cmd/age/testdata/fail_large_filekey_x25519.age +++ b/cmd/age/testdata/fail_large_filekey_x25519.age @@ -1,6 +1,6 @@ age-encryption.org/v1 --> X25519 /Gt0E6JT7yuYHlwsGW5LbpEEJawOc+QMeMAS+hoOIgw -XU/4Zkz4MksDhge0kosiMTJF8tHnOP0ZSi+6aaMqLMS1PlMIs95nKz3H7JGesTwA -tsxuQrj+TuoGouNB1O0VshA9vsHGurn0Dtw5e7bkw9Q ---- jQNSF6blozj2QFYJ/2iqy0wUcPuz/8vCS7RgKH8wjNI -9y_R\m\Uv6QȶmKav2 \ No newline at end of file +-> X25519 UkSgrxSETNpdkHY8EwiiRivqks2QJLUzsNsVjUTDcmw +8yB9TqsBo4Ypchw07AtemV5TW4sGwyPDPMIfRg8Ve8rbDXt4tCwnnKcMq2K6aoqx + +--- vUhLU0U9Dc8YhbKy4SxKuq0iSqqjBWGnHfZG+9+O4v4 +ghWSIfƆDQ;Rhw \ No newline at end of file diff --git a/cmd/age/testdata/fail_large_filekey_x25519_key.txt b/cmd/age/testdata/fail_large_filekey_x25519_key.txt deleted file mode 100644 index 39c1631..0000000 --- a/cmd/age/testdata/fail_large_filekey_x25519_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -# created: 2020-09-19T18:42:11+02:00 -# public key: age1uc8zlurjyjpenrslc2thyl28u7ylz6x8c2g9yphvjha6xm8ppf3slq0l25 -AGE-SECRET-KEY-1D8JAD8SXNFVQEFHAUNNAX4QCE3K5CUKMT7YYHNGTUSSP97YGWL4STV89UH diff --git a/cmd/age/testdata/fail_scrypt_and_x25519.age b/cmd/age/testdata/fail_scrypt_and_x25519.age new file mode 100644 index 0000000000000000000000000000000000000000..25f39f0816e16b497a0d47c1af51570fd97111c5 GIT binary patch literal 283 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Wc?3NDH?EiO)S3NkDAC=My{ z2yo2}Of3(~4vGp(OAAiU4+u5ROe;2V$>;L(O|Hx{E6WN@3QS4N4bsnz@GMM9EYI>v z&j<^0H46%;^m7d=&kZ;9%m&#|47ODv+ux_8L_5jf+anHIpk`1y6%w_`s`RiWt literal 0 HcmV?d00001 diff --git a/cmd/age/testdata/fail_scrypt_work_factor_23.age b/cmd/age/testdata/fail_scrypt_work_factor_23.age new file mode 100644 index 0000000..16846b1 --- /dev/null +++ b/cmd/age/testdata/fail_scrypt_work_factor_23.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> scrypt 1Q6WlGmsRulbN7bmUw8A1Q 23 +GP2lnzFuk1dgEkcMPmK6KkmuOm5gIWJzLeuwGcRsvAY +--- vXvOsVbDbMc0x5Js1FS6k1ViOJ3H2ZdSUZo9bfvbzmU +=œv>vhKM'NeS\(_ \ No newline at end of file diff --git a/cmd/age/testdata/nomatch_scrypt.age b/cmd/age/testdata/nomatch_scrypt.age new file mode 100644 index 0000000..49f0cbc --- /dev/null +++ b/cmd/age/testdata/nomatch_scrypt.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> scrypt X6oOTRAjCR1xid0PlnNMFA 10 +hszKAHhyFVpUgt9niYpdYXVhhN+r+oiCLPZukDdQZBQ +--- 7BRJPVjbIC1JntvHrA13PQrnsa3lkwhnNF/Pbo4BPs4 +4|)S|ۋҿD}2%e=6Z \ No newline at end of file diff --git a/cmd/age/testdata/nomatch_x25519.age b/cmd/age/testdata/nomatch_x25519.age new file mode 100644 index 0000000..a16845f --- /dev/null +++ b/cmd/age/testdata/nomatch_x25519.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> X25519 Rp86RQ3LgUJpQy4X2RMUhURlBP28tCaLQ2ssysJfRhg +83YXad/lj3/wFM4n7vlGIiBSgfhG8lfiP5U7ajjK3HM +--- O2+UpzetsP2+7BPyGQ4C6VMTY6zwp5TiNpVcFy4qdyM + 话gu(Q:|cLɈ=f6b}! \ No newline at end of file diff --git a/cmd/age/testdata/rsa.age b/cmd/age/testdata/rsa.age new file mode 100644 index 0000000..a693af3 --- /dev/null +++ b/cmd/age/testdata/rsa.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-rsa jw/33g +xv12FD3f2d7snIcuXBznTOWAlgCovW1Dqttk9uljWKy3GtRZ3t8jEWkQEOYkOk0M +EHA6sHWfdPLdlS3DjQYjcaLFvwh3+XVKYNzP9MhLg8P8xvxVkn4aiCKd8ivEisp0 +bKGi4g/TJz/JKUg1SGbqDg966to0P5AWrkwAD7OMykQToqo56flrKXgFPleSWVWu +umiwbxFYs7ltbRYvjzdpIj9l30lXkzrADP3RrrvTu/qT0IN3PMi3bOqm0kKz0vkd +p4NpxKmfqQXavU+YZiyQL637V3cbKIAEJ1qmpkd2Tr2oUhfD5IgAoT1nC5tCIzRb +DkPwM4k2FJgVX0KKvW3i0+k5tve4XWg82vq2OCj8+sl3A8cLX3g5zhh53DovUBVm +qDU2HWf++3q9kUy1al0sFb2es4ih+tK74nPjBJZtX0n+4lMngz557+XuYnzZ2OkW +QEq3b7Trdidw7Ak9S14tdXhj8oy7J1jdHsQ8/wehAc1v8MuBb1O7LxVIFxzBEBCA + +--- QdCY4BN4vwp5jb+AFsyoHkvKW+EneZsZjPURH2tCF18 +)KVMARsSM؂K>ի` ~T0n \ No newline at end of file diff --git a/cmd/age/testdata/rsa_key.txt b/cmd/age/testdata/rsa_key.txt new file mode 100644 index 0000000..e7bd862 --- /dev/null +++ b/cmd/age/testdata/rsa_key.txt @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEA1C04rdClHoW4oG4bEGmaNqFy4DLoPJ0358w4XH+XBM3TiWcheouW +kUG6m1yDmHk0t0oaaf4hOnetKovdyQQX73gGaq++rSu5VSvH7LbwABoG6PS/UbuZ4Vl9B0 +5WVDqHVE9hNK4AHqBc373GU2mo8z5opKxEprmiS3HSd3K2wiMqL5E8XPOSm0p/isuYK57X +VUexl73tB7iIMLklxjcjtP4REMoQhHKOMOdy2Q15dw5cYG+drtEArBRYkCZmd0Vp2ws9pj +YzPVaOSkbdqSeLu+JVbH1wrwKhuBrA3eVlwjUTWkO4FHcNXkp773Mt4cXhKizTfbR2hQox +Lsj31301Xd7dEpV63sqDW1e+a2L2dhemi8cjDMrPuW6Z19Lbti0quAb4+cSLAaJI4BHd1F +8o9XhK7EHVCdIIIQDKVzo1WyEsDwBjL1LB9rpxm4732sZyue0uygFzmM544QX+WsiJXgHP +uC1Q/ynjLRm6ZMl16MwvY8B/XGQWxlOAbRJQG84fAAAFmEwAjV1MAI1dAAAAB3NzaC1yc2 +EAAAGBANQtOK3QpR6FuKBuGxBpmjahcuAy6DydN+fMOFx/lwTN04lnIXqLlpFBuptcg5h5 +NLdKGmn+ITp3rSqL3ckEF+94Bmqvvq0ruVUrx+y28AAaBuj0v1G7meFZfQdOVlQ6h1RPYT +SuAB6gXN+9xlNpqPM+aKSsRKa5oktx0ndytsIjKi+RPFzzkptKf4rLmCue11VHsZe97Qe4 +iDC5JcY3I7T+ERDKEIRyjjDnctkNeXcOXGBvna7RAKwUWJAmZndFadsLPaY2Mz1WjkpG3a +kni7viVWx9cK8CobgawN3lZcI1E1pDuBR3DV5Ke+9zLeHF4Sos0320doUKMS7I99d9NV3e +3RKVet7Kg1tXvmti9nYXpovHIwzKz7lumdfS27YtKrgG+PnEiwGiSOAR3dRfKPV4SuxB1Q +nSCCEAylc6NVshLA8AYy9Swfa6cZuO99rGcrntLsoBc5jOeOEF/lrIiV4Bz7gtUP8p4y0Z +umTJdejML2PAf1xkFsZTgG0SUBvOHwAAAAMBAAEAAAGBAKytAOu0Wi009sTZ1vzMdMzxJ+ +R+ibKK4Oysr1HYJLesKvQwEncBE1C0BYJbEF4OhnCExmpsf+5tZ2iw25a01iX1sIMy9CNK +6lH+h36Gg1wR0n3Ucb+6xck4YyCHCIsT9v8OezW8Riympe8RK07HNtB/gfpCmLx3ZzWvNH +Ix0bq9k5+Su2WKdU4cmyACAZ2+b9DfwBCWaUlXTL8abzuZtF2gR5M6X6bq8/2o3zb2WFwk +O9nf/JxBTCK/jDQEjG+U9MyGxZIW5DeG1nNFtOzJoT8krIkeSOjQ5XQrkjCw+yihSCWMG+ +s+SKO77u30SO7OCENsFIXpUzpt6+JmazlXjLW/OdYNooQMHtqCZzVMRgxiy3gDGF35YvgV +VnP5gVEW9HEZ0kD+x4Rl2kB6bV7jMi8BXrazQ1EmTasJFg1pv6iRJWzY1JoP2kRfgiHGL6 +OqgrXakqo3hMJuz+JRU2/hlF13743MiIxpcbaaRqURoWuNRLHitVWE35/XVCez0C6OwQAA +AMEAoh106+3JbiZI19iRICR247IoOLpSSed98eQj+l3OYfJ86cQipSjxdSPWcP58yyyElY +d9q6K16sDTLAlRJzF7MFxSc80JY6RgFq/Sy4Jm0/Z10wwJhTgOkxq6IynzLnO7goRirE31 +jxGif4nI2IYEQvv6MOD8TWA4axxGMw2StYB6P4R5peozf81oR6m79ERIDSkrm0RYYn931r +gVuxvo3ABVxMtg1lV80LJMayy87Oi8BehGBxMBgsKtQaH8+5h7AAAAwQD+8lJpBcrrHQKk +3o2XAZxB5Fool4f2iuZWTxA1vq0/TCUcEodrdWfLuDeVbDsFemW0vBSkKzf4NlZSs2DAKl +YWT6y18eyDyJXn0TNVTeO3F5mkkX5spqbjDcESSs3whIuDqXU++3sII7iMzGw50tDP4Dw6 +TViEVM3anpeqlAbkciR5o9IJx3nRcGh81Bs4gticcRF0vqiJoAhNlSZXR1XMjevwt68i+4 +RKPPQsTM7uJLm236VUhDivO1OJcBTLW7MAAADBANUNqH+//G4gIruBO3BsIvbzDw0DgRam +R1tqqn4g53boiv1RPtUJ2GbkCsisy5pU+JdTN7ekFEF8KWuunjImkfVyAiTFsHHmOoXV3Z +EX0mNDXOlKOP2YAIMrDt5CkPdEh6qQG21LCZXTWmwheZ9iN2vOl/fKqUW9lqd/kTe6WsON +hIpZhs2+oz54Riq1ZwzO9NkcYrvZoDKbDopL1r2ibw0mkgCJrxpWi0Yt2Iooh4GXXqP5C9 +T8hrZCbrVJkjKd5QAAABtmaWxpcHBvQEJpc3Ryb21hdGgtTTEubG9jYWwBAgMEBQY= +-----END OPENSSH PRIVATE KEY----- diff --git a/cmd/age/testdata/rsa_key.txt.pub b/cmd/age/testdata/rsa_key.txt.pub new file mode 100644 index 0000000..6c63ce8 --- /dev/null +++ b/cmd/age/testdata/rsa_key.txt.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULTit0KUehbigbhsQaZo2oXLgMug8nTfnzDhcf5cEzdOJZyF6i5aRQbqbXIOYeTS3Shpp/iE6d60qi93JBBfveAZqr76tK7lVK8fstvAAGgbo9L9Ru5nhWX0HTlZUOodUT2E0rgAeoFzfvcZTaajzPmikrESmuaJLcdJ3crbCIyovkTxc85KbSn+Ky5grntdVR7GXve0HuIgwuSXGNyO0/hEQyhCEco4w53LZDXl3Dlxgb52u0QCsFFiQJmZ3RWnbCz2mNjM9Vo5KRt2pJ4u74lVsfXCvAqG4GsDd5WXCNRNaQ7gUdw1eSnvvcy3hxeEqLNN9tHaFCjEuyPfXfTVd3t0SlXreyoNbV75rYvZ2F6aLxyMMys+5bpnX0tu2LSq4Bvj5xIsBokjgEd3UXyj1eErsQdUJ0gghAMpXOjVbISwPAGMvUsH2unGbjvfaxnK57S7KAXOYznjhBf5ayIleAc+4LVD/KeMtGbpkyXXozC9jwH9cZBbGU4BtElAbzh8= diff --git a/cmd/age/testdata/scrypt_work_factor_10.age b/cmd/age/testdata/scrypt_work_factor_10.age new file mode 100644 index 0000000..0e1d6eb --- /dev/null +++ b/cmd/age/testdata/scrypt_work_factor_10.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> scrypt qEa/WztCd2KJ4mKwNf1Yrw 10 +TQZ4GpAaH4aR4oSDWZTgeRT4wRby4jwmtB02dElWmVQ +--- kOiEP6uoMyK9GKIsV77o4oaPuEr2Q0vdcu+1RKC3lLU +hoPV w\5~4nEod>rOmۨ \ No newline at end of file diff --git a/primitives.go b/primitives.go index 0351345..daed63b 100644 --- a/primitives.go +++ b/primitives.go @@ -9,7 +9,7 @@ package age import ( "crypto/hmac" "crypto/sha256" - "fmt" + "errors" "io" "filippo.io/age/internal/format" @@ -32,6 +32,8 @@ func aeadEncrypt(key, plaintext []byte) ([]byte, error) { return aead.Seal(nil, nonce, plaintext, nil), nil } +var errIncorrectCiphertextSize = errors.New("encrypted value has unexpected length") + // aeadDecrypt decrypts a message of an expected fixed size. // // The message size is limited to mitigate multi-key attacks, where a ciphertext @@ -43,7 +45,7 @@ func aeadDecrypt(key []byte, size int, ciphertext []byte) ([]byte, error) { return nil, err } if len(ciphertext) != size+aead.Overhead() { - return nil, fmt.Errorf("encrypted message has unexpected length") + return nil, errIncorrectCiphertextSize } nonce := make([]byte, chacha20poly1305.NonceSize) return aead.Open(nil, nonce, ciphertext, nil) diff --git a/scrypt.go b/scrypt.go index 4ce5d35..6986c57 100644 --- a/scrypt.go +++ b/scrypt.go @@ -164,7 +164,9 @@ func (i *ScryptIdentity) unwrap(block *Stanza) ([]byte, error) { // only one bit. This also does not bypass any scrypt work, although that work // can be precomputed in an online oracle scenario. fileKey, err := aeadDecrypt(k, fileKeySize, block.Body) - if err != nil { + if err == errIncorrectCiphertextSize { + return nil, errors.New("invalid scrypt recipient block: incorrect file key size") + } else if err != nil { return nil, ErrIncorrectIdentity } return fileKey, nil diff --git a/testdata/keys.txt b/testdata/keys.txt index 5d30bcd..c243a77 100644 --- a/testdata/keys.txt +++ b/testdata/keys.txt @@ -1,2 +1,2 @@ -# Test key for ExampleParseX25519Identities. +# Test key for ExampleParseIdentities. AGE-SECRET-KEY-184JMZMVQH3E6U0PSL869004Y3U2NYV7R30EU99CSEDNPH02YUVFSZW44VU diff --git a/x25519.go b/x25519.go index 3cda6d2..fc70070 100644 --- a/x25519.go +++ b/x25519.go @@ -188,7 +188,9 @@ func (i *X25519Identity) unwrap(block *Stanza) ([]byte, error) { } fileKey, err := aeadDecrypt(wrappingKey, fileKeySize, block.Body) - if err != nil { + if err == errIncorrectCiphertextSize { + return nil, errors.New("invalid X25519 recipient block: incorrect file key size") + } else if err != nil { return nil, ErrIncorrectIdentity } return fileKey, nil