Remove extra key length check and improve error message

marc · marc · commit 59a089378453 · 2017-12-14T08:37:32.000-05:00
diff --git a/c-deps/libroach/ccl/key_manager.cc b/c-deps/libroach/ccl/key_manager.cc
@@ -7,7 +7,6 @@
 //     https://github.com/cockroachdb/cockroach/blob/master/licenses/CCL.txt
 
 #include "key_manager.h"
-#include <cryptopp/aes.h>
 #include <cryptopp/modes.h>
 #include <google/protobuf/stubs/stringprintf.h>
 
@@ -35,17 +34,8 @@ static rocksdb::Status KeyFromFile(rocksdb::Env* env, const std::string& path, E
   // Check that the length is valid for AES.
   auto key_length = contents.size();
   if (key_length != 16 && key_length != 24 && key_length != 32) {
-    return rocksdb::Status::InvalidArgument(
-        StringPrintf("key in file %s has length %llu, want 16, 24, or 32", path.c_str(), key_length));
-  }
-
-  // Let's make sure CryptoPP::AES is ok with it, this returns a valid key length based on the
-  // passed-in one (eg: 32 for 31).
-  size_t accepted = CryptoPP::AES::Encryption::StaticGetValidKeyLength(key_length);
-  if (accepted != key_length) {
-    return rocksdb::Status::InvalidArgument(
-        StringPrintf("key in file %s has length %llu, but CryptoPP::AES says the nearest acceptable is %llu",
-                     path.c_str(), key_length, accepted));
+    return rocksdb::Status::InvalidArgument(StringPrintf(
+        "key in file %s is %llu bytes long, AES keys can be 16, 24, or 32 bytes", path.c_str(), key_length));
   }
 
   // Fill in the key.
diff --git a/c-deps/libroach/ccl/key_manager_test.cc b/c-deps/libroach/ccl/key_manager_test.cc
@@ -44,13 +44,13 @@ TEST(FileKeyManager, ReadKeyFiles) {
       {"missing_new.key", "missing_old.key", "missing_new.key: File not found"},
       {"plain", "missing_old.key", "missing_old.key: File not found"},
       {"plain", "plain", ""},
-      {"empty.key", "plain", "key in file empty.key has length 0, want 16, 24, or 32"},
-      {"8.key", "plain", "key in file 8.key has length 8, want 16, 24, or 32"},
+      {"empty.key", "plain", "key in file empty.key is 0 bytes long, AES keys can be 16, 24, or 32 bytes"},
+      {"8.key", "plain", "key in file 8.key is 8 bytes long, AES keys can be 16, 24, or 32 bytes"},
       {"16.key", "plain", ""},
       {"24.key", "plain", ""},
       {"32.key", "plain", ""},
-      {"64.key", "plain", "key in file 64.key has length 64, want 16, 24, or 32"},
-      {"16.key", "8.key", "key in file 8.key has length 8, want 16, 24, or 32"},
+      {"64.key", "plain", "key in file 64.key is 64 bytes long, AES keys can be 16, 24, or 32 bytes"},
+      {"16.key", "8.key", "key in file 8.key is 8 bytes long, AES keys can be 16, 24, or 32 bytes"},
       {"16.key", "32.key", ""},
   };
 
