fix(core): zeroize keyfile decode intermediate + clearer errors + error-arm tests
This commit is contained in:
@@ -40,15 +40,21 @@ pub fn keyfile_decode(bytes: &[u8]) -> Result<Zeroizing<[u8; 32]>> {
|
||||
if lines.next() != Some(HEADER) {
|
||||
return Err(RelicarioError::Format("bad key-file header".into()));
|
||||
}
|
||||
let b64 = lines.next().unwrap_or("").trim();
|
||||
let decoded = STANDARD
|
||||
.decode(b64)
|
||||
.map_err(|_| RelicarioError::Format("key-file body not base64".into()))?;
|
||||
let arr: [u8; 32] = decoded
|
||||
.as_slice()
|
||||
.try_into()
|
||||
.map_err(|_| RelicarioError::Format("key-file secret must be 32 bytes".into()))?;
|
||||
Ok(Zeroizing::new(arr))
|
||||
let b64 = match lines.next() {
|
||||
Some(line) => line.trim(),
|
||||
None => return Err(RelicarioError::Format("key-file missing body line".into())),
|
||||
};
|
||||
let decoded: Zeroizing<Vec<u8>> = Zeroizing::new(
|
||||
STANDARD
|
||||
.decode(b64)
|
||||
.map_err(|_| RelicarioError::Format("key-file body not base64".into()))?,
|
||||
);
|
||||
if decoded.len() != 32 {
|
||||
return Err(RelicarioError::Format("key-file secret must be 32 bytes".into()));
|
||||
}
|
||||
let mut arr = Zeroizing::new([0u8; 32]);
|
||||
arr.copy_from_slice(&decoded);
|
||||
Ok(arr)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
@@ -70,4 +76,12 @@ mod tests {
|
||||
fn rejects_wrong_length() {
|
||||
assert!(keyfile_decode(b"relicario-keyfile-v1\nAAAA\n").is_err()); // decodes to <32 bytes
|
||||
}
|
||||
#[test]
|
||||
fn rejects_non_utf8() {
|
||||
assert!(keyfile_decode(b"\xff\xfe\nAAAA\n").is_err());
|
||||
}
|
||||
#[test]
|
||||
fn rejects_missing_body() {
|
||||
assert!(keyfile_decode(b"relicario-keyfile-v1\n").is_err());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user