Make caller enforce invariants when setting AES encryption key #702
Commits on Oct 24, 2018
-
Make caller enforce invariants when setting AES encryption key
`GFp_AES_set_encrypt_key` can fail if and only if the following invariants are violated. * All pointer arguments must be non-null. * The key size must be either 128 or 256 bits (192 bit keys aren't supported). The first invariant should not be checked at runtime (except via assertion) as it is the responsibility of the caller. The second could be expressed statically by accepting an enum with the valid key lengths, but enums don't provide any type safety in C. Instead, we document the acceptable key lengths and make them the responsibility of the caller. As a result of these changes, `GFp_AES_set_encrypt_key` (as well as `GFp_aes_c_set_encrypt_key`) no longer needs to return an error code. The assembly functions still return an error code and do input validation. This commit also corrects the signature of `GFp_AES_set_encrypt_key`. I agree to license my contributions to each file under the terms given at the top of each file I changed.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.