keyfork-shard: dynamic bit size for decrypted secret, up to 512 bits
This commit is contained in:
parent
11c9bd2ab3
commit
df7be182e4
|
@ -92,7 +92,7 @@ fn run() -> Result<()> {
|
|||
.to_bytes();
|
||||
|
||||
let share = decrypt_one(encrypted_messages.into(), &cert_list, encrypted_metadata)?;
|
||||
assert_eq!(share.len(), 65, "non-constant share length");
|
||||
assert!(share.len() <= 65, "invalid share length (too long)");
|
||||
const LEN: u8 = 24 * 3;
|
||||
let mut encrypted_payload = [(LEN - share.len() as u8); LEN as usize];
|
||||
encrypted_payload[..share.len()].copy_from_slice(&share);
|
||||
|
@ -100,12 +100,13 @@ fn run() -> Result<()> {
|
|||
let shared_key = Aes256Gcm::new_from_slice(&shared_secret)?;
|
||||
let bytes = shared_key.encrypt(their_nonce, share.as_slice()).unwrap();
|
||||
|
||||
// NOTE: Padding length is less than u8::MAX because 24 * 4 < u8::MAX
|
||||
const ENC_LEN: u8 = 24 * 4;
|
||||
let mut out_bytes = [(ENC_LEN - bytes.len() as u8); ENC_LEN as usize];
|
||||
assert!(bytes.len() < out_bytes.len(), "encrypted payload larger than acceptable limit");
|
||||
out_bytes[..bytes.len()].clone_from_slice(&bytes);
|
||||
|
||||
// safety: size of out_bytes is immutable and always % 32 == 0
|
||||
// safety: size of out_bytes is constant and always % 4 == 0
|
||||
let mnemonic = unsafe { Mnemonic::from_raw_entropy(&out_bytes, Default::default()) };
|
||||
|
||||
pm.prompt_message(&format!("Our payload: {mnemonic}"))?;
|
||||
|
|
Loading…
Reference in New Issue