diff --git a/keyfork-shard/src/bin/keyfork-shard-decrypt-openpgp.rs b/keyfork-shard/src/bin/keyfork-shard-decrypt-openpgp.rs index 381b8db..d3b1b1e 100644 --- a/keyfork-shard/src/bin/keyfork-shard-decrypt-openpgp.rs +++ b/keyfork-shard/src/bin/keyfork-shard-decrypt-openpgp.rs @@ -92,7 +92,7 @@ fn run() -> Result<()> { .to_bytes(); let share = decrypt_one(encrypted_messages.into(), &cert_list, encrypted_metadata)?; - assert_eq!(share.len(), 65, "non-constant share length"); + assert!(share.len() <= 65, "invalid share length (too long)"); const LEN: u8 = 24 * 3; let mut encrypted_payload = [(LEN - share.len() as u8); LEN as usize]; encrypted_payload[..share.len()].copy_from_slice(&share); @@ -100,12 +100,13 @@ fn run() -> Result<()> { let shared_key = Aes256Gcm::new_from_slice(&shared_secret)?; let bytes = shared_key.encrypt(their_nonce, share.as_slice()).unwrap(); + // NOTE: Padding length is less than u8::MAX because 24 * 4 < u8::MAX const ENC_LEN: u8 = 24 * 4; let mut out_bytes = [(ENC_LEN - bytes.len() as u8); ENC_LEN as usize]; assert!(bytes.len() < out_bytes.len(), "encrypted payload larger than acceptable limit"); out_bytes[..bytes.len()].clone_from_slice(&bytes); - // safety: size of out_bytes is immutable and always % 32 == 0 + // safety: size of out_bytes is constant and always % 4 == 0 let mnemonic = unsafe { Mnemonic::from_raw_entropy(&out_bytes, Default::default()) }; pm.prompt_message(&format!("Our payload: {mnemonic}"))?;