arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix use of MaxDerivedKeyLength (GH #874)

pull/877/head
Jeffrey Walton 2019-08-16 07:12:14 -04:00
parent c0a5a06a82
commit e22700f741
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
7 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cryptlib.cpp
View File

@ -344,10 +344,10 @@ size_t KeyDerivationFunction::MaxDerivedKeyLength() const
return static_cast<size_t>(-1); return static_cast<size_t>(-1);
} }
void KeyDerivationFunction::ThrowIfInvalidDerivedLength(size_t length) const void KeyDerivationFunction::ThrowIfInvalidDerivedKeyLength(size_t length) const
{ {
if (!IsValidDerivedLength(length)) if (!IsValidDerivedLength(length))
throw InvalidDerivedLength(GetAlgorithm().AlgorithmName(), length); throw InvalidDerivedKeyLength(GetAlgorithm().AlgorithmName(), length);
} }
void KeyDerivationFunction::SetParameters(const NameValuePairs& params) { void KeyDerivationFunction::SetParameters(const NameValuePairs& params) {

4
cryptlib.h
View File

@ -1503,7 +1503,7 @@ public:
/// \param secretLen the size of the secret buffer, in bytes /// \param secretLen the size of the secret buffer, in bytes
/// \param params additional initialization parameters to configure this object /// \param params additional initialization parameters to configure this object
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a secret seed and other parameters. Each class that derives from KeyDerivationFunction /// a secret seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
@ -1525,7 +1525,7 @@ protected:
/// \brief Validates the derived key length /// \brief Validates the derived key length
/// \param length the size of the derived key material, in bytes /// \param length the size of the derived key material, in bytes
/// \throws InvalidKeyLength if the key length is invalid /// \throws InvalidKeyLength if the key length is invalid
void ThrowIfInvalidDerivedLength(size_t length) const; void ThrowIfInvalidDerivedKeyLength(size_t length) const;
}; };
/// \brief Interface for password based key derivation functions /// \brief Interface for password based key derivation functions

14
hkdf.h
View File

@ -39,7 +39,7 @@ public:
} }
// KeyDerivationFunction interface // KeyDerivationFunction interface
size_t MaxDerivedLength() const { size_t MaxDerivedKeyLength() const {
return static_cast<size_t>(T::DIGESTSIZE) * 255; return static_cast<size_t>(T::DIGESTSIZE) * 255;
} }
@ -60,7 +60,7 @@ public:
/// \param info the additional input buffer /// \param info the additional input buffer
/// \param infoLen the size of the info buffer, in bytes /// \param infoLen the size of the info buffer, in bytes
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
@ -92,8 +92,8 @@ protected:
template <class T> template <class T>
size_t HKDF<T>::GetValidDerivedLength(size_t keylength) const size_t HKDF<T>::GetValidDerivedLength(size_t keylength) const
{ {
if (keylength > MaxDerivedLength()) if (keylength > MaxDerivedKeyLength())
return MaxDerivedLength(); return MaxDerivedKeyLength();
return keylength; return keylength;
} }
@ -103,7 +103,7 @@ size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen,
{ {
CRYPTOPP_ASSERT(secret && secretLen); CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derived && derivedLen); CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
ConstByteArrayParameter p; ConstByteArrayParameter p;
SecByteBlock salt, info; SecByteBlock salt, info;
@ -127,9 +127,9 @@ size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret,
{ {
CRYPTOPP_ASSERT(secret && secretLen); CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derived && derivedLen); CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
ThrowIfInvalidDerivedLength(derivedLen); ThrowIfInvalidDerivedKeyLength(derivedLen);
// HKDF business logic. NULL is different than empty. // HKDF business logic. NULL is different than empty.
if (salt == NULLPTR) if (salt == NULLPTR)

12
pwdbased.h
View File

@ -61,7 +61,7 @@ public:
/// \param iterations the number of iterations /// \param iterations the number of iterations
/// \param timeInSeconds the in seconds /// \param timeInSeconds the in seconds
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
@ -116,7 +116,7 @@ size_t PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
CRYPTOPP_UNUSED(purpose); CRYPTOPP_UNUSED(purpose);
ThrowIfInvalidDerivedLength(derivedLen); ThrowIfInvalidDerivedKeyLength(derivedLen);
// Business logic // Business logic
if (!iterations) { iterations = 1; } if (!iterations) { iterations = 1; }
@ -187,7 +187,7 @@ public:
/// \param iterations the number of iterations /// \param iterations the number of iterations
/// \param timeInSeconds the in seconds /// \param timeInSeconds the in seconds
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
@ -241,7 +241,7 @@ size_t PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte pu
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
CRYPTOPP_UNUSED(purpose); CRYPTOPP_UNUSED(purpose);
ThrowIfInvalidDerivedLength(derivedLen); ThrowIfInvalidDerivedKeyLength(derivedLen);
// Business logic // Business logic
if (!iterations) { iterations = 1; } if (!iterations) { iterations = 1; }
@ -344,7 +344,7 @@ public:
/// \param iterations the number of iterations /// \param iterations the number of iterations
/// \param timeInSeconds the in seconds /// \param timeInSeconds the in seconds
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
@ -398,7 +398,7 @@ size_t PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
ThrowIfInvalidDerivedLength(derivedLen); ThrowIfInvalidDerivedKeyLength(derivedLen);
// Business logic // Business logic
if (!iterations) { iterations = 1; } if (!iterations) { iterations = 1; }

10
scrypt.cpp
View File

@ -177,8 +177,8 @@ NAMESPACE_BEGIN(CryptoPP)
size_t Scrypt::GetValidDerivedLength(size_t keylength) const size_t Scrypt::GetValidDerivedLength(size_t keylength) const
{ {
if (keylength > MaxDerivedLength()) if (keylength > MaxDerivedKeyLength())
return MaxDerivedLength(); return MaxDerivedKeyLength();
return keylength; return keylength;
} }
@ -261,7 +261,7 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen,
{ {
CRYPTOPP_ASSERT(secret /*&& secretLen*/); CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen); CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
word64 cost=0, blockSize=0, parallelization=0; word64 cost=0, blockSize=0, parallelization=0;
if(params.GetValue("Cost", cost) == false) if(params.GetValue("Cost", cost) == false)
@ -284,9 +284,9 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz
{ {
CRYPTOPP_ASSERT(secret /*&& secretLen*/); CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen); CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
ThrowIfInvalidDerivedLength(derivedLen); ThrowIfInvalidDerivedKeyLength(derivedLen);
ValidateParameters(derivedLen, cost, blockSize, parallel); ValidateParameters(derivedLen, cost, blockSize, parallel);
AlignedSecByteBlock B(static_cast<size_t>(blockSize * parallel * 128U)); AlignedSecByteBlock B(static_cast<size_t>(blockSize * parallel * 128U));

6
scrypt.h
View File

@ -45,8 +45,8 @@ public:
} }
// KeyDerivationFunction interface // KeyDerivationFunction interface
size_t MaxDerivedLength() const { size_t MaxDerivedKeyLength() const {
return static_cast<size_t>(-1); return static_cast<size_t>(0)-1;
} }
// KeyDerivationFunction interface // KeyDerivationFunction interface
@ -67,7 +67,7 @@ public:
/// \param blockSize the block size /// \param blockSize the block size
/// \param parallelization the parallelization factor /// \param parallelization the parallelization factor
/// \returns the number of iterations performed /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.

4
simple.h
View File

@ -70,10 +70,10 @@ public:
}; };
/// \brief Exception thrown when an invalid derived key length is encountered /// \brief Exception thrown when an invalid derived key length is encountered
class CRYPTOPP_DLL InvalidDerivedLength : public InvalidArgument class CRYPTOPP_DLL InvalidDerivedKeyLength : public InvalidArgument
{ {
public: public:
explicit InvalidDerivedLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid derived key length") {} explicit InvalidDerivedKeyLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid derived key length") {}
}; };
/// \brief Exception thrown when an invalid personalization string length is encountered /// \brief Exception thrown when an invalid personalization string length is encountered