Skip to content

Commit 33575b0

Browse files
armfazharmfazh
committed
Fixes unmarshaling KEM keys when passing a larger buffer fo data.
1 parent 3507683 commit 33575b0

File tree

2 files changed

+17
-10
lines changed

2 files changed

+17
-10
lines changed

hpke/hybridkem.go

+8-4
Original file line numberDiff line numberDiff line change
@@ -200,11 +200,13 @@ func (h hybridKEM) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) {
200200
}
201201

202202
func (h hybridKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error) {
203-
skA, err := h.kemA.UnmarshalBinaryPrivateKey(data[0:h.kemA.PrivateKeySize()])
203+
lenA := h.kemA.PrivateKeySize()
204+
skA, err := h.kemA.UnmarshalBinaryPrivateKey(data[0:lenA])
204205
if err != nil {
205206
return nil, err
206207
}
207-
skB, err := h.kemB.UnmarshalBinaryPrivateKey(data[h.kemA.PrivateKeySize():])
208+
lenB := h.kemB.PrivateKeySize()
209+
skB, err := h.kemB.UnmarshalBinaryPrivateKey(data[lenA : lenA+lenB])
208210
if err != nil {
209211
return nil, err
210212
}
@@ -216,11 +218,13 @@ func (h hybridKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error
216218
}
217219

218220
func (h hybridKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
219-
pkA, err := h.kemA.UnmarshalBinaryPublicKey(data[0:h.kemA.PublicKeySize()])
221+
lenA := h.kemA.PublicKeySize()
222+
pkA, err := h.kemA.UnmarshalBinaryPublicKey(data[0:lenA])
220223
if err != nil {
221224
return nil, err
222225
}
223-
pkB, err := h.kemB.UnmarshalBinaryPublicKey(data[h.kemA.PublicKeySize():])
226+
lenB := h.kemB.PublicKeySize()
227+
pkB, err := h.kemB.UnmarshalBinaryPublicKey(data[lenA : lenA+lenB])
224228
if err != nil {
225229
return nil, err
226230
}

hpke/shortkem.go

+9-6
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
5353
bitmask = 0x01
5454
}
5555

56+
Nsk := s.PrivateKeySize()
5657
dkpPrk := s.labeledExtract([]byte(""), []byte("dkp_prk"), seed)
5758
var bytes []byte
5859
ctr := 0
@@ -64,14 +65,12 @@ func (s shortKEM) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) {
6465
dkpPrk,
6566
[]byte("candidate"),
6667
[]byte{byte(ctr)},
67-
uint16(s.byteSize()),
68+
uint16(Nsk),
6869
)
6970
bytes[0] &= bitmask
7071
skBig.SetBytes(bytes)
7172
}
72-
l := s.PrivateKeySize()
73-
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
74-
copy(sk.priv[l-len(bytes):], bytes)
73+
sk := &shortKEMPrivKey{s, bytes, nil}
7574
return sk.Public(), sk
7675
}
7776

@@ -87,7 +86,7 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
8786
return nil, ErrInvalidKEMPrivateKey
8887
}
8988
sk := &shortKEMPrivKey{s, make([]byte, l), nil}
90-
copy(sk.priv[l-len(data):l], data[:l])
89+
copy(sk.priv, data[:l])
9190
if !sk.validate() {
9291
return nil, ErrInvalidKEMPrivateKey
9392
}
@@ -96,7 +95,11 @@ func (s shortKEM) UnmarshalBinaryPrivateKey(data []byte) (kem.PrivateKey, error)
9695
}
9796

9897
func (s shortKEM) UnmarshalBinaryPublicKey(data []byte) (kem.PublicKey, error) {
99-
x, y := elliptic.Unmarshal(s, data)
98+
l := s.PublicKeySize()
99+
if len(data) < l {
100+
return nil, ErrInvalidKEMPublicKey
101+
}
102+
x, y := elliptic.Unmarshal(s, data[:l])
100103
if x == nil {
101104
return nil, ErrInvalidKEMPublicKey
102105
}

0 commit comments

Comments
 (0)