Skip to content

Commit

Permalink
Fixes unmarshaling KEM keys when passing a larger buffer fo data.
Browse files Browse the repository at this point in the history
  • Loading branch information
@armfazh
armfazh committed Mar 14, 2024
1 parent 3507683 commit 33575b0
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 10 deletions.
12 changes: 8 additions & 4 deletions hpke/hybridkem.go
View file
Expand Up @@ -200,11 +200,13 @@ func (h hybridKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) {
}

func (h hybridKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
skA, err := h.kemA.UnmarshalBinaryPrivateKey(data[0:h.kemA.PrivateKeySize()])
lenA := h.kemA.PrivateKeySize()
skA, err := h.kemA.UnmarshalBinaryPrivateKey(data[0:lenA])
if err != nil {
return nil, err
}
skB, err := h.kemB.UnmarshalBinaryPrivateKey(data[h.kemA.PrivateKeySize():])
lenB := h.kemB.PrivateKeySize()
skB, err := h.kemB.UnmarshalBinaryPrivateKey(data[lenA : lenA+lenB])
if err != nil {
return nil, err
}
Expand All @@ -216,11 +218,13 @@ func (h hybridKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error
}

func (h hybridKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
pkA, err := h.kemA.UnmarshalBinaryPublicKey(data[0:h.kemA.PublicKeySize()])
lenA := h.kemA.PublicKeySize()
pkA, err := h.kemA.UnmarshalBinaryPublicKey(data[0:lenA])
if err != nil {
return nil, err
}
pkB, err := h.kemB.UnmarshalBinaryPublicKey(data[h.kemA.PublicKeySize():])
lenB := h.kemB.PublicKeySize()
pkB, err := h.kemB.UnmarshalBinaryPublicKey(data[lenA : lenA+lenB])
if err != nil {
return nil, err
}
Expand Down
15 changes: 9 additions & 6 deletions hpke/shortkem.go
View file
Expand Up @@ -53,6 +53,7 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
bitmask = 0x01
}

Nsk := s.PrivateKeySize()
dkpPrk := s.labeledExtract([]byte(""), []byte("dkp_prk"), seed)
var bytes []byte
ctr := 0
Expand All @@ -64,14 +65,12 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
dkpPrk,
[]byte("candidate"),
[]byte{byte(ctr)},
uint16(s.byteSize()),
uint16(Nsk),
)
bytes[0] &= bitmask
skBig.SetBytes(bytes)
}
l := s.PrivateKeySize()
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
copy(sk.priv[l-len(bytes):], bytes)
sk := &shortKEMPrivKey{s, bytes, nil}
return sk.Public(), sk
}

Expand All @@ -87,7 +86,7 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
return nil, ErrInvalidKEMPrivateKey
}
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
copy(sk.priv[l-len(data):l], data[:l])
copy(sk.priv, data[:l])
if !sk.validate() {
return nil, ErrInvalidKEMPrivateKey
}
Expand All @@ -96,7 +95,11 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
}

func (s shortKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
x, y := elliptic.Unmarshal(s, data)
l := s.PublicKeySize()
if len(data) < l {
return nil, ErrInvalidKEMPublicKey
}
x, y := elliptic.Unmarshal(s, data[:l])
if x == nil {
return nil, ErrInvalidKEMPublicKey
}
Expand Down

0 comments on commit 33575b0

Please sign in to comment.