luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Failure to provide correct key shares isn't an internal error, it's a

Browse source 
user error
This commit is contained in:
Jeff Mitchell 2018-05-21 21:06:38 -04:00
parent 0b4ead52a0
commit 3caf193707
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
vault/rekey.go
View file

@ -372,12 +372,12 @@ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string)
if useRecovery {
if err := c.seal.VerifyRecoveryKey(ctx, recoveredKey); err != nil {
c.logger.Error("rekey recovery key verification failed", "error", err)
return nil, logical.CodedError(http.StatusInternalServerError, errwrap.Wrapf("recovery key verification failed: {{err}}", err).Error())
return nil, logical.CodedError(http.StatusBadRequest, errwrap.Wrapf("recovery key verification failed: {{err}}", err).Error())
}
} else {
if err := c.barrier.VerifyMaster(recoveredKey); err != nil {
c.logger.Error("master key verification failed", "error", err)
return nil, logical.CodedError(http.StatusInternalServerError, errwrap.Wrapf("master key verification failed: {{err}}", err).Error())
return nil, logical.CodedError(http.StatusBadRequest, errwrap.Wrapf("master key verification failed: {{err}}", err).Error())
}
}
@ -603,7 +603,7 @@ func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string
// Verify the recovery key
if err := c.seal.VerifyRecoveryKey(ctx, recoveryKey); err != nil {
c.logger.Error("recovery key verification failed", "error", err)
return nil, logical.CodedError(http.StatusInternalServerError, errwrap.Wrapf("recovery key verification failed: {{err}}", err).Error())
return nil, logical.CodedError(http.StatusBadRequest, errwrap.Wrapf("recovery key verification failed: {{err}}", err).Error())
}
// Generate a new master key
@ -807,7 +807,7 @@ func (c *Core) RekeyVerify(ctx context.Context, key []byte, nonce string, recove
if subtle.ConstantTimeCompare(recoveredKey, config.VerificationKey) != 1 {
c.logger.Error("rekey verification failed")
return nil, logical.CodedError(http.StatusInternalServerError, "rekey verification failed")
return nil, logical.CodedError(http.StatusBadRequest, "rekey verification failed; incorrect key shares supplied")
}
switch recovery {