ReadMasterKey: strict tpm option match

ReadMasterKey should return an error if the TPM option is selected,
but the master key was created without the TPM.

Author: rthellend

crypto/aes.go

@@ -156,8 +156,12 @@ func ReadAESMasterKey(passphrase []byte, file string, opts ...Option) (MasterKey
 		opt.logger.Debugf("ReadMasterKey: unexpected version: %d", version)
 		return nil, ErrDecryptFailed
 	}
+	if version == 1 && opt.tpm != nil {
+		opt.logger.Error("ReadMasterKey: TPM option selected but master key was created without TPM")
+		return nil, ErrDecryptFailed
+	}
 	if version == 3 && opt.tpm == nil {
-		opt.logger.Debug("ReadMasterKey: missing WithTPM option")
+		opt.logger.Error("ReadMasterKey: master key was created with TPM but TPM option not selected")
 		return nil, ErrDecryptFailed
 	}
 	salt := make([]byte, 16)

crypto/chacha20poly1305.go

@@ -137,6 +137,10 @@ func ReadChacha20Poly1305MasterKey(passphrase []byte, file string, opts ...Optio
 		opt.logger.Debugf("ReadMasterKey: unexpected version: %d", version)
 		return nil, ErrDecryptFailed
 	}
+	if opt.tpm != nil {
+		opt.logger.Error("ReadMasterKey: TPM option selected but master key was created without TPM")
+		return nil, ErrDecryptFailed
+	}
 	salt, b := b[:16], b[16:]
 	time, b := uint32(b[0]), b[1:]
 	memory, b := binary.LittleEndian.Uint32(b[:4]), b[4:]