3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-23 05:57:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

cryptutil: more explicit decryption error (#1607)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2020-11-23 07:57:30 -08:00 committed by GitHub
parent 7e19780d70
commit f980517b7c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/cryptutil/encrypt.go
View file

@ -44,7 +44,7 @@ func Decrypt(a cipher.AEAD, data, ad []byte) ([]byte, error) {
nonce := data[size:]
plaintext, err := a.Open(nil, nonce, ciphertext, ad)
if err != nil {
return nil, err
return nil, fmt.Errorf("cryptutil: decryption failed (mismatched keys?): %w", err)
}
return plaintext, nil
}

22
pkg/cryptutil/encrypt_test.go
View file

@ -23,22 +23,22 @@ func TestEncodeAndDecodeAccessToken(t *testing.T) {
t.Fatalf("plaintext is not encrypted plaintext:%v ciphertext:%x", plaintext, ciphertext)
}
got, err := Decrypt(c, ciphertext, nil)
diffKey, err := NewAEADCipher(NewKey())
if err != nil {
t.Fatalf("unexpected err decrypting: %v", err)
t.Fatalf("unexpected err: %v", err)
}
// key mismatch
_, err = Decrypt(diffKey, ciphertext, nil)
assert.Error(t, err)
// if less than 32 bytes, fail
// bad data size
_, err = Decrypt(c, []byte("oh"), nil)
if err == nil {
t.Fatalf("should fail if <32 bytes output: %v", err)
}
assert.Error(t, err)
if !reflect.DeepEqual(got, plaintext) {
t.Logf(" got: %v", got)
t.Logf("want: %v", plaintext)
t.Fatal("got unexpected decrypted value")
}
// good
got, err := Decrypt(c, ciphertext, nil)
assert.NoError(t, err)
assert.Equal(t, got, plaintext)
}
func TestNewAEADCipher(t *testing.T) {