GitLab-Mirror/hagrid
1
0
Fork 0
mirror of https://gitlab.com/keys.openpgp.org/hagrid.git synced 2025-10-06 00:23:08 +02:00
Code Issues Projects Releases Wiki Activity

hagrid: don't panic on short token size

Browse Source
This commit is contained in:
Vincent Breitmoser
2023-12-28 12:51:27 +01:00
parent 1d1eedc319
commit d11de8a354
2 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/sealed_state.rs
View File

@@ -29,9 +29,13 @@ impl SealedState {
}
}
pub fn unseal(&self, mut data: Vec<u8>) -> Result<String, &'static str> {
let (nonce, sealed) = data.split_at_mut(NONCE_LEN);
let unsealed = open_in_place(&self.opening_key, nonce, &[], 0, sealed)
pub fn unseal(&self, data: &[u8]) -> Result<String, &'static str> {
if data.len() < NONCE_LEN {
return Err("invalid sealed value: too short");
}
let (nonce, sealed) = data.split_at(NONCE_LEN);
let mut sealed_copy = sealed.to_vec();
let unsealed = open_in_place(&self.opening_key, nonce, &[], 0, &mut sealed_copy)
.map_err(|_| "invalid key/nonce/value: bad seal")?;
::std::str::from_utf8(unsealed)
@@ -67,8 +71,19 @@ mod tests {
let sv = SealedState::new("swag");
let sealed = sv.seal("test");
let unsealed = sv.unseal(sealed).unwrap();
let unsealed = sv.unseal(sealed.as_slice()).unwrap();
assert_eq!("test", unsealed);
}
#[test]
fn too_short() {
let sv = SealedState::new("swag");
let sealed = sv.seal("test");
let sealed_short = &sealed[0..8];
let unsealed_error = sv.unseal(sealed_short);
assert_eq!(Err("invalid sealed value: too short"), unsealed_error);
}
}

6
src/tokens.rs
View File

@@ -43,11 +43,11 @@ impl Service {
T: StatelessSerializable,
{
let token_sealed = base64::decode_config(&token_encoded, base64::URL_SAFE_NO_PAD)
.map_err(|_| anyhow!("invalid b64"))?;
.map_err(|_| anyhow!("Invalid base64. Did you follow a correct link?"))?;
let token_str = self
.sealed_state
.unseal(token_sealed)
.map_err(|_| anyhow!("failed to validate"))?;
.unseal(token_sealed.as_slice())
.map_err(|_| anyhow!("Failed to validate. Did you follow a correct link?"))?;
let token: Token =
serde_json::from_str(&token_str).map_err(|_| anyhow!("failed to deserialize"))?;