Skip to content

Commit 34659ac

Browse files
armfazharmfazh
committed
Enforces passing slices of the exact size when unmarshaling KEM keys.
1 parent b13d523 commit 34659ac

File tree

2 files changed

+18
-14
lines changed

2 files changed

+18
-14
lines changed

hpke/shortkem.go

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
5353
bitmask = 0x01
5454
}
5555

56+
Nsk := s.PrivateKeySize()
5657
dkpPrk := s.labeledExtract([]byte(""), []byte("dkp_prk"), seed)
5758
var bytes []byte
5859
ctr := 0
@@ -64,14 +65,12 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
6465
dkpPrk,
6566
[]byte("candidate"),
6667
[]byte{byte(ctr)},
67-
uint16(s.byteSize()),
68+
uint16(Nsk),
6869
)
6970
bytes[0] &= bitmask
7071
skBig.SetBytes(bytes)
7172
}
72-
l := s.PrivateKeySize()
73-
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
74-
copy(sk.priv[l-len(bytes):], bytes)
73+
sk := &shortKEMPrivKey{s, bytes, nil}
7574
return sk.Public(), sk
7675
}
7776

@@ -83,11 +82,11 @@ func (s shortKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) {
8382

8483
func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
8584
l := s.PrivateKeySize()
86-
if len(data) < l {
87-
return nil, ErrInvalidKEMPrivateKey
85+
if len(data) != l {
86+
return nil, kem.ErrPrivKeySize
8887
}
8988
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
90-
copy(sk.priv[l-len(data):l], data[:l])
89+
copy(sk.priv, data[:l])
9190
if !sk.validate() {
9291
return nil, ErrInvalidKEMPrivateKey
9392
}
@@ -96,7 +95,11 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
9695
}
9796

9897
func (s shortKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
99-
x, y := elliptic.Unmarshal(s, data)
98+
l := s.PublicKeySize()
99+
if len(data) != l {
100+
return nil, kem.ErrPubKeySize
101+
}
102+
x, y := elliptic.Unmarshal(s, data[:l])
100103
if x == nil {
101104
return nil, ErrInvalidKEMPublicKey
102105
}

hpke/xkem.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -58,13 +58,14 @@ func (x xKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
5858
if len(seed) != x.SeedSize() {
5959
panic(kem.ErrSeedSize)
6060
}
61-
sk := &xKEMPrivKey{scheme: x, priv: make([]byte, x.size)}
61+
Nsk := x.PrivateKeySize()
62+
sk := &xKEMPrivKey{scheme: x, priv: make([]byte, Nsk)}
6263
dkpPrk := x.labeledExtract([]byte(""), []byte("dkp_prk"), seed)
6364
bytes := x.labeledExpand(
6465
dkpPrk,
6566
[]byte("sk"),
6667
nil,
67-
uint16(x.PrivateKeySize()),
68+
uint16(Nsk),
6869
)
6970
copy(sk.priv, bytes)
7071
return sk.Public(), sk
@@ -81,8 +82,8 @@ func (x xKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) {
8182

8283
func (x xKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
8384
l := x.PrivateKeySize()
84-
if len(data) < l {
85-
return nil, ErrInvalidKEMPrivateKey
85+
if len(data) != l {
86+
return nil, kem.ErrPrivKeySize
8687
}
8788
sk := &xKEMPrivKey{x, make([]byte, l), nil}
8889
copy(sk.priv, data[:l])
@@ -94,8 +95,8 @@ func (x xKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
9495

9596
func (x xKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
9697
l := x.PublicKeySize()
97-
if len(data) < l {
98-
return nil, ErrInvalidKEMPublicKey
98+
if len(data) != l {
99+
return nil, kem.ErrPubKeySize
99100
}
100101
pk := &xKEMPubKey{x, make([]byte, l)}
101102
copy(pk.pub, data[:l])

0 commit comments

Comments
 (0)