decrypt.rb in rapid-vaults-1.2.0

- old
+ new

@@ -2,26 +2,30 @@
 class Decrypt
   # decrypts a string with openssl
   def self.openssl(settings)
     require 'openssl'
 
-    # check tag size
+    # validate key, nonce, encrypted, and tag
+    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
+    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
+    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
     raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
 
     # setup the decryption parameters
     decipher = OpenSSL::Cipher.new('aes-256-gcm').decrypt
     decipher.key = settings[:key]
     decipher.iv = settings[:nonce]
     decipher.auth_tag = settings[:tag]
     decipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", decipher.update(settings[:file]) + decipher.final)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       decipher.update(settings[:file]) + decipher.final
     end
   end
 
@@ -35,14 +39,15 @@
     # setup the decryption parameters
     encrypted = GPGME::Data.new(settings[:file])
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", crypto.decrypt(encrypted, password: settings[:pw]).read)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       crypto.decrypt(encrypted, password: settings[:pw]).read
     end
   end
 end