github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(crypto): set max plaintext size

Browse Source
This commit is contained in:
Trong Huu Nguyen
2023-05-24 12:18:42 +02:00
parent 5097d40a1d
commit 021e7551f4
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/crypto/crypter.go
View File

@@ -13,6 +13,11 @@ import (
const (
KeySize = chacha20poly1305.KeySize
// MaxPlaintextSize is set to 64 MB, which is a fairly generous limit. The implementation in x/crypto/xchacha20poly1305 has a plaintext limit to 256 GB.
// We generally only handle data that is stored within a cookie or a session store, i.e. it should be reasonably small.
// In most cases the data is around 4 KB or less, mostly depending on the length of the tokens returned from the identity provider.
MaxPlaintextSize = 64 * 1024 * 1024
)
type crypter struct {
@@ -59,8 +64,13 @@ func (c *crypter) Encrypt(plaintext []byte) ([]byte, error) {
return nil, err
}
plaintextSize := len(plaintext)
if plaintextSize > MaxPlaintextSize {
return nil, fmt.Errorf("crypter: plaintext too large (%d > %d)", plaintextSize, MaxPlaintextSize)
}
// Select a random nonce, and leave capacity for the ciphertext.
nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(plaintext)+aead.Overhead())
nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+plaintextSize+aead.Overhead())
_, err = cryptorand.Read(nonce)
if err != nil {
return nil, err