Fix use of MaxDerivedKeyLength (GH #874)

2019-08-16 07:12:14 -04:00 · 2019-08-16 07:12:14 -04:00 · e22700f741
parent c0a5a06a82
commit e22700f741
7 changed files with 27 additions and 27 deletions
--- a/cryptlib.cpp
+++ b/cryptlib.cpp
@ -344,10 +344,10 @@ size_t KeyDerivationFunction::MaxDerivedKeyLength() const
 	return static_cast<size_t>(-1);
 }

-void KeyDerivationFunction::ThrowIfInvalidDerivedLength(size_t length) const
+void KeyDerivationFunction::ThrowIfInvalidDerivedKeyLength(size_t length) const
 {
 	if (!IsValidDerivedLength(length))
-		throw InvalidDerivedLength(GetAlgorithm().AlgorithmName(), length);
+		throw InvalidDerivedKeyLength(GetAlgorithm().AlgorithmName(), length);
 }

 void KeyDerivationFunction::SetParameters(const NameValuePairs& params) {
--- a/cryptlib.h
+++ b/cryptlib.h
@ -1503,7 +1503,7 @@ public:
 	/// \param secretLen the size of the secret buffer, in bytes
 	/// \param params additional initialization parameters to configure this object
 	/// \returns the number of iterations performed
-	/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a secret seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -1525,7 +1525,7 @@ protected:
 	/// \brief Validates the derived key length
 	/// \param length the size of the derived key material, in bytes
 	/// \throws InvalidKeyLength if the key length is invalid
-	void ThrowIfInvalidDerivedLength(size_t length) const;
+	void ThrowIfInvalidDerivedKeyLength(size_t length) const;
 };

 /// \brief Interface for password based key derivation functions
--- a/hkdf.h
+++ b/hkdf.h
@ -39,7 +39,7 @@ public:
 	}

 	// KeyDerivationFunction interface
-	size_t MaxDerivedLength() const {
+	size_t MaxDerivedKeyLength() const {
 		return static_cast<size_t>(T::DIGESTSIZE) * 255;
 	}

@ -60,7 +60,7 @@ public:
 	/// \param info the additional input buffer
 	/// \param infoLen the size of the info buffer, in bytes
 	/// \returns the number of iterations performed
-	/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -92,8 +92,8 @@ protected:
 template <class T>
 size_t HKDF<T>::GetValidDerivedLength(size_t keylength) const
 {
-	if (keylength > MaxDerivedLength())
-		return MaxDerivedLength();
+	if (keylength > MaxDerivedKeyLength())
+		return MaxDerivedKeyLength();
 	return keylength;
 }

@ -103,7 +103,7 @@ size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen,
 {
 	CRYPTOPP_ASSERT(secret && secretLen);
 	CRYPTOPP_ASSERT(derived && derivedLen);
-	CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
+	CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());

 	ConstByteArrayParameter p;
 	SecByteBlock salt, info;
@ -127,9 +127,9 @@ size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret,
 {
 	CRYPTOPP_ASSERT(secret && secretLen);
 	CRYPTOPP_ASSERT(derived && derivedLen);
-	CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
+	CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());

-	ThrowIfInvalidDerivedLength(derivedLen);
+	ThrowIfInvalidDerivedKeyLength(derivedLen);

 	// HKDF business logic. NULL is different than empty.
 	if (salt == NULLPTR)
--- a/pwdbased.h
+++ b/pwdbased.h
@ -61,7 +61,7 @@ public:
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
 	/// \returns the number of iterations performed
-	/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -116,7 +116,7 @@ size_t PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose
 	CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
 	CRYPTOPP_UNUSED(purpose);

-	ThrowIfInvalidDerivedLength(derivedLen);
+	ThrowIfInvalidDerivedKeyLength(derivedLen);

 	// Business logic
 	if (!iterations) { iterations = 1; }
@ -187,7 +187,7 @@ public:
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
 	/// \returns the number of iterations performed
-	/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -241,7 +241,7 @@ size_t PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte pu
 	CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
 	CRYPTOPP_UNUSED(purpose);

-	ThrowIfInvalidDerivedLength(derivedLen);
+	ThrowIfInvalidDerivedKeyLength(derivedLen);

 	// Business logic
 	if (!iterations) { iterations = 1; }
@ -344,7 +344,7 @@ public:
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
 	/// \returns the number of iterations performed
-	/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -398,7 +398,7 @@ size_t PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose
 	CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
 	CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);

-	ThrowIfInvalidDerivedLength(derivedLen);
+	ThrowIfInvalidDerivedKeyLength(derivedLen);

 	// Business logic
 	if (!iterations) { iterations = 1; }
--- a/scrypt.cpp
+++ b/scrypt.cpp
@ -177,8 +177,8 @@ NAMESPACE_BEGIN(CryptoPP)

 size_t Scrypt::GetValidDerivedLength(size_t keylength) const
 {
-    if (keylength > MaxDerivedLength())
-        return MaxDerivedLength();
+    if (keylength > MaxDerivedKeyLength())
+        return MaxDerivedKeyLength();
    return keylength;
 }

@ -261,7 +261,7 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen,
 {
    CRYPTOPP_ASSERT(secret /*&& secretLen*/);
    CRYPTOPP_ASSERT(derived && derivedLen);
-    CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
+    CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());

    word64 cost=0, blockSize=0, parallelization=0;
    if(params.GetValue("Cost", cost) == false)
@ -284,9 +284,9 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz
 {
    CRYPTOPP_ASSERT(secret /*&& secretLen*/);
    CRYPTOPP_ASSERT(derived && derivedLen);
-    CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
+    CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());

-    ThrowIfInvalidDerivedLength(derivedLen);
+    ThrowIfInvalidDerivedKeyLength(derivedLen);
    ValidateParameters(derivedLen, cost, blockSize, parallel);

    AlignedSecByteBlock B(static_cast<size_t>(blockSize * parallel * 128U));
--- a/scrypt.h
+++ b/scrypt.h
@ -45,8 +45,8 @@ public:
    }

    // KeyDerivationFunction interface
-    size_t MaxDerivedLength() const {
-        return static_cast<size_t>(-1);
+    size_t MaxDerivedKeyLength() const {
+        return static_cast<size_t>(0)-1;
    }

    // KeyDerivationFunction interface
@ -67,7 +67,7 @@ public:
    /// \param blockSize the block size
    /// \param parallelization the parallelization factor
    /// \returns the number of iterations performed
-    /// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
+    /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
    /// \details DeriveKey() provides a standard interface to derive a key from
    ///   a seed and other parameters. Each class that derives from KeyDerivationFunction
    ///   provides an overload that accepts most parameters used by the derivation function.
--- a/simple.h
+++ b/simple.h
@ -70,10 +70,10 @@ public:
 };

 /// \brief Exception thrown when an invalid derived key length is encountered
-class CRYPTOPP_DLL InvalidDerivedLength : public InvalidArgument
+class CRYPTOPP_DLL InvalidDerivedKeyLength : public InvalidArgument
 {
 public:
-	explicit InvalidDerivedLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid derived key length") {}
+	explicit InvalidDerivedKeyLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid derived key length") {}
 };

 /// \brief Exception thrown when an invalid personalization string length is encountered