Skip to content

Commit

Permalink
Strengthen secret length checking.
Browse files Browse the repository at this point in the history
  • Loading branch information
@wolfmcnally
wolfmcnally committed Aug 13, 2021
1 parent 029d4a9 commit 718a3ab
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 15 deletions.
36 changes: 22 additions & 14 deletions src/encoding.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,19 @@
#include <string.h>
#include <stdbool.h>

static size_t check_secret_length(size_t len) {
if(len < MIN_STRENGTH_BYTES) {
return SSKR_ERROR_SECRET_TOO_SHORT;
}
if(len > MAX_STRENGTH_BYTES) {
return SSKR_ERROR_SECRET_TOO_LONG;
}
if(len & 1) {
return SSKR_ERROR_SECRET_LENGTH_NOT_EVEN;
}
return 0;
}

static size_t serialize_shard(
const sskr_shard *shard,
uint8_t *destination,
Expand Down Expand Up @@ -90,11 +103,9 @@ static int deserialize_shard(
shard->value_len = source_len - METADATA_LENGTH_BYTES;
memcpy(shard->value, source + METADATA_LENGTH_BYTES, shard->value_len);

if(shard->value_len < MIN_STRENGTH_BYTES) {
return SSKR_ERROR_SECRET_TOO_SHORT;
}
if(shard->value_len % 2) {
return SSKR_ERROR_INVALID_SECRET_LENGTH;
size_t err = check_secret_length(shard->value_len);
if(err) {
return err;
}
return shard->value_len;
}
Expand Down Expand Up @@ -137,13 +148,9 @@ static int generate_shards(
void* ctx,
void (*random_generator)(uint8_t *, size_t, void*)
) {

if(master_secret_len < MIN_STRENGTH_BYTES) {
return SSKR_ERROR_SECRET_TOO_SHORT;
}

if(master_secret_len % 2 == 1) {
return SSKR_ERROR_INVALID_SECRET_LENGTH;
size_t err = check_secret_length(master_secret_len);
if(err) {
return err;
}

// Figure out how many shards we are dealing with
Expand Down Expand Up @@ -220,8 +227,9 @@ int sskr_generate(
void* ctx,
void (*random_generator)(uint8_t *, size_t, void*)
) {
if(master_secret_len < MIN_STRENGTH_BYTES) {
return SSKR_ERROR_SECRET_TOO_SHORT;
size_t err = check_secret_length(master_secret_len);
if(err) {
return err;
}

// Figure out how many shards we are dealing with
Expand Down
1 change: 1 addition & 0 deletions src/encoding.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

#define METADATA_LENGTH_BYTES 5
#define MIN_STRENGTH_BYTES 16
#define MAX_STRENGTH_BYTES 32
#define MIN_SERIALIZED_LENGTH_BYTES (METADATA_LENGTH_BYTES + MIN_STRENGTH_BYTES)

int sskr_count_shards(
Expand Down
3 changes: 2 additions & 1 deletion src/sskr-errors.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
#define SSKR_ERROR_INVALID_SINGLETON_MEMBER (-4)
#define SSKR_ERROR_INSUFFICIENT_SPACE (-5)
#define SSKR_ERROR_INVALID_RESERVED_BITS (-6)
#define SSKR_ERROR_INVALID_SECRET_LENGTH (-7)
#define SSKR_ERROR_SECRET_LENGTH_NOT_EVEN (-7)
#define SSKR_ERROR_INVALID_SHARD_SET (-8)
#define SSKR_ERROR_EMPTY_SHARD_SET (-9)
#define SSKR_ERROR_DUPLICATE_MEMBER_INDEX (-10)
Expand All @@ -23,5 +23,6 @@
#define SSKR_ERROR_INVALID_PADDING (-13)
#define SSKR_ERROR_NOT_ENOUGH_GROUPS (-14)
#define SSKR_ERROR_INVALID_SHARD_BUFFER (-15)
#define SSKR_ERROR_SECRET_TOO_LONG (-16)

#endif /* SSKR_ERRORS_H */

0 comments on commit 718a3ab

Please sign in to comment.