#3 | Add AES key length validation

alan-null · alan-null · commit 16c0bea7be00 · 2025-03-16T18:49:09.000+01:00
diff --git a/Crypto.AES/Public/Protect-Data.ps1 b/Crypto.AES/Public/Protect-Data.ps1
@@ -31,6 +31,9 @@ function Protect-Data {
         $tag = [byte[]]::new(16)
 
         if ($PSCmdlet.ParameterSetName -eq 'Key') {
+            if ($Key.Length -notin @(16, 24, 32)) {
+                throw "Invalid AES key length. Must be 16, 24, or 32 bytes."
+            }
             $GCM = [System.Security.Cryptography.AesGcm]::new($Key)
             try {
                 $GCM.Encrypt($Nonce, $Data, $cipherOutput, $tag)
diff --git a/Tests/Crypto.AES.Tests.ps1 b/Tests/Crypto.AES.Tests.ps1
@@ -17,6 +17,12 @@ Describe 'Crypto.AES.Tests' {
         }
     }
 
+    Context "Protect-Data - parameter validation" {
+        It "Throws error for invalid key length" {
+            { Protect-Data -Key ([byte[]]::new(10)) -Data ([byte[]]::new(16)) } | Should -Throw "Invalid AES key length. Must be 16, 24, or 32 bytes."
+        }
+    }
+
     Context "Protect-Data - Result" {
         $Key = [byte[]]::new(32)
         $nonce = [byte[]]::new(12)

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,12 @@ Describe 'Crypto.AES.Tests' {`
`17`	`17`	`}`
`18`	`18`	`}`
`19`	`19`
	`20`	`+ Context "Protect-Data - parameter validation" {`
	`21`	`+ It "Throws error for invalid key length" {`
	`22`	`+ { Protect-Data -Key ([byte[]]::new(10)) -Data ([byte[]]::new(16)) } \| Should -Throw "Invalid AES key length. Must be 16, 24, or 32 bytes."`
	`23`	`+ }`
	`24`	`+ }`
	`25`	`+`
`20`	`26`	`Context "Protect-Data - Result" {`
`21`	`27`	`$Key = [byte[]]::new(32)`
`22`	`28`	`$nonce = [byte[]]::new(12)`