ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-12 19:18:57 +08:00
Code Issues Releases Wiki Activity

Built-in lms/lmots driver: Harden public key import against enum truncation

Browse Source 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
Minos Galanakis 2025-06-02 14:28:31 +01:00
parent 548e2dbf65
commit caaffc1e7e
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/lmots.c
View File

@ -401,8 +401,11 @@ int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx,
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
} }
ctx->params.type = (mbedtls_lmots_algorithm_type_t) uint32_t type = MBEDTLS_GET_UINT32_BE(key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
MBEDTLS_GET_UINT32_BE(key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET); if (type != (uint32_t) MBEDTLS_LMOTS_SHA256_N32_W8) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
ctx->params.type = (mbedtls_lmots_algorithm_type_t) type;
if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) { if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;

16
library/lms.c
View File

@ -239,29 +239,25 @@ void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx,
const unsigned char *key, size_t key_size) const unsigned char *key, size_t key_size)
{ {
mbedtls_lms_algorithm_type_t type;
mbedtls_lmots_algorithm_type_t otstype;
if (key_size < 4) { if (key_size < 4) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
} }
type = (mbedtls_lms_algorithm_type_t) MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_TYPE_OFFSET); uint32_t type = MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_TYPE_OFFSET);
if (type != MBEDTLS_LMS_SHA256_M32_H10) { if (type != (uint32_t) MBEDTLS_LMS_SHA256_M32_H10) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
} }
ctx->params.type = type; ctx->params.type = (mbedtls_lms_algorithm_type_t) type;
if (key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) { if (key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
} }
otstype = (mbedtls_lmots_algorithm_type_t) uint32_t otstype = MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_OTSTYPE_OFFSET);
MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_OTSTYPE_OFFSET); if (otstype != (uint32_t) MBEDTLS_LMOTS_SHA256_N32_W8) {
if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
} }
ctx->params.otstype = otstype; ctx->params.otstype = (mbedtls_lmots_algorithm_type_t) otstype;
memcpy(ctx->params.I_key_identifier, memcpy(ctx->params.I_key_identifier,
key + PUBLIC_KEY_I_KEY_ID_OFFSET, key + PUBLIC_KEY_I_KEY_ID_OFFSET,