From a652be805e1562948aff4dc232bd1c516ff01d00 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 21 Oct 2021 14:47:29 +0200 Subject: configfile: replace broken switch/case logic with if Because switch only matches once, we could have missed invalid cases. Replace the switch statements with a straight if rake. --- internal/configfile/validate.go | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'internal/configfile') diff --git a/internal/configfile/validate.go b/internal/configfile/validate.go index 511f704..1611ab0 100644 --- a/internal/configfile/validate.go +++ b/internal/configfile/validate.go @@ -23,22 +23,23 @@ func (cf *ConfFile) Validate() error { } // File content encryption { - switch { - case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV): + if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV) { return fmt.Errorf("Can't have both XChaCha20Poly1305 and AESSIV feature flags") - case cf.IsFeatureFlagSet(FlagAESSIV): - if !cf.IsFeatureFlagSet(FlagGCMIV128) { - return fmt.Errorf("AESSIV requires GCMIV128 feature flag") - } - case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305): + } + if cf.IsFeatureFlagSet(FlagAESSIV) && !cf.IsFeatureFlagSet(FlagGCMIV128) { + + return fmt.Errorf("AESSIV requires GCMIV128 feature flag") + } + if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) { if cf.IsFeatureFlagSet(FlagGCMIV128) { return fmt.Errorf("XChaCha20Poly1305 conflicts with GCMIV128 feature flag") } if !cf.IsFeatureFlagSet(FlagHKDF) { return fmt.Errorf("XChaCha20Poly1305 requires HKDF feature flag") } + } // The absence of other flags means AES-GCM (oldest algorithm) - case !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV): + if !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV) { if !cf.IsFeatureFlagSet(FlagGCMIV128) { return fmt.Errorf("AES-GCM requires GCMIV128 feature flag") } @@ -46,10 +47,10 @@ func (cf *ConfFile) Validate() error { } // Filename encryption { - switch { - case cf.IsFeatureFlagSet(FlagPlaintextNames) && cf.IsFeatureFlagSet(FlagEMENames): + if cf.IsFeatureFlagSet(FlagPlaintextNames) && cf.IsFeatureFlagSet(FlagEMENames) { return fmt.Errorf("Can't have both PlaintextNames and EMENames feature flags") - case cf.IsFeatureFlagSet(FlagPlaintextNames): + } + if cf.IsFeatureFlagSet(FlagPlaintextNames) { if cf.IsFeatureFlagSet(FlagDirIV) { return fmt.Errorf("PlaintextNames conflicts with DirIV feature flag") } @@ -59,7 +60,8 @@ func (cf *ConfFile) Validate() error { if cf.IsFeatureFlagSet(FlagRaw64) { return fmt.Errorf("PlaintextNames conflicts with Raw64 feature flag") } - case cf.IsFeatureFlagSet(FlagEMENames): + } + if cf.IsFeatureFlagSet(FlagEMENames) { // All combinations of DirIV, LongNames, Raw64 allowed } } -- cgit v1.2.3