Check KBKDF parameters on key-manager side

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Wed, 9 Aug 2023 15:39:38 +0000 (17:39 +0200)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Wed, 9 Aug 2023 16:08:46 +0000 (18:08 +0200)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 9 Aug 2023 15:39:38 +0000 (17:39 +0200)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 9 Aug 2023 16:08:46 +0000 (18:08 +0200)
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp

index b41c5cb..2a5d83c 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -842,19 +842,38 @@ void deriveKBKDF(const RawBuffer &secretId,
                                  const RawBuffer &keyHash)
  {
         RawBuffer label, context, fixed;
-       size_t length;
+       KbkdfCounterLocation counterLocation;
+       KdfPrf prf;
+       KbkdfMode mode;
+       size_t length, rlenBits = 32, llenBits = 32, tmp;
+       bool hasLabel = alg.getParam(ParamName::KBKDF_LABEL, label);
+       bool hasContext = alg.getParam(ParamName::KBKDF_CONTEXT, context);
+       bool hasFixed = alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
+       alg.getParam(ParamName::KBKDF_COUNTER_LOCATION, counterLocation);
+       alg.getParam(ParamName::KBKDF_MODE, mode);
+       alg.getParam(ParamName::KDF_PRF, prf);
         alg.getParam(ParamName::KDF_LEN, length);
-       alg.getParam(ParamName::KBKDF_LABEL, label);
-       alg.getParam(ParamName::KBKDF_CONTEXT, context);
-       alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
-       auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
-       auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
-       auto location = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
-
-       size_t rlen = 32, llen = 32, dummy;
-       alg.getParam(ParamName::KBKDF_RLEN, rlen);
-       alg.getParam(ParamName::KBKDF_LLEN, llen);
-       bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, dummy);
+       alg.getParam(ParamName::KBKDF_RLEN, rlenBits);
+       bool hasLLen = alg.getParam(ParamName::KBKDF_LLEN, llenBits);
+       bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, tmp);
+
+       RawBuffer key;
+       if (hasFixed) {
+               if (hasLabel || hasContext || noSeparator || hasLLen ||
+                       counterLocation == KbkdfCounterLocation::MIDDLE_FIXED)
+                       ThrowErr(Exc::Crypto::InputParam, "Unexpected parameters for fixed input mode.");
+       } else {
+               if (!hasLabel || !hasContext)
+                       ThrowErr(Exc::Crypto::InputParam, "Missing label and/or context.");
+
+               if (llenBits != 0 && llenBits != 8 && llenBits != 16 && llenBits != 24 && llenBits != 32)
+                       ThrowErr(Exc::Crypto::InputParam, "Invalid llen value");
+       }
+       if (length != 16 && length != 24 && length != 32)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid key length");
+
+       if (rlenBits != 8 && rlenBits != 16 && rlenBits != 24 && rlenBits != 32)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid rlen value");
  
         RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
  
@@ -866,9 +885,9 @@ void deriveKBKDF(const RawBuffer &secretId,
                                                                                           fixed,
                                                                                           toTzPrf(prf),
                                                                                           toTzKbkdfMode(mode),
-                                                                                         toTzCtrLoc(location),
-                                                                                         rlen,
-                                                                                         llen,
+                                                                                         toTzCtrLoc(counterLocation),
+                                                                                         rlenBits,
+                                                                                         llenBits,
                                                                                           noSeparator,
                                                                                           keyPwdBuf,
                                                                                           keyPwdIV,
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Wed, 9 Aug 2023 15:39:38 +0000 (17:39 +0200)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Wed, 9 Aug 2023 16:08:46 +0000 (18:08 +0200)