mirror of
https://github.com/FiloSottile/age.git
synced 2026-01-03 10:55:14 +00:00
eaa4e03cfe
If the implementation re-encodes the header before checking the HMAC, that would mask malleability issues: the HMAC check would fail because the tests HMAC'd the original header, but an attacker could also produce the right HMAC. Instead of duplicating every parsing tests (with the original and re-encoded HMAC), we make the test framework distinguish HMAC errors, which ensures bad encodings are recognized as such and not bypassable HMAC errors.
25 lines
460 B
Go
25 lines
460 B
Go
// Copyright 2022 The age Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build ignore
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
|
|
"filippo.io/age/internal/testkit"
|
|
)
|
|
|
|
func main() {
|
|
f := testkit.NewTestFile()
|
|
f.VersionLine("v1")
|
|
f.X25519(testkit.TestX25519Recipient)
|
|
f.ArgsLine("stanza")
|
|
f.Body(bytes.Repeat([]byte("A"), 48*2))
|
|
f.HMAC()
|
|
f.Payload("age")
|
|
f.Generate()
|
|
}
|