fixup! Add the TLS13-KDF OpenSSL Key Derivation Function

latchset · Sep 30, 2024 · a814a72 · a814a72
1 parent 6cfcc95
commit a814a72
Showing 1 changed file with 26 additions and 5 deletions.
diff --git a/src/kdf.c b/src/kdf.c
@@ -261,6 +261,28 @@ static int p11prov_hkdf_derive(void *ctx, unsigned char *key, size_t keylen,
     return RET_OSSL_OK;
 }
 
+/* ref: RFC 8446 - 7.1 Key Schedule
+ * Citation:
+ *   HKDF-Expand-Label(Secret, Label, Context, Length) =
+            HKDF-Expand(Secret, HkdfLabel, Length)
+ *
+ *   Where HkdfLabel is specified as:
+ *
+ *     struct {
+ *         uint16 length = Length;
+ *         opaque label<7..255> = "tls13 " + Label;
+ *         opaque context<0..255> = Context;
+ *     } HkdfLabel;
+ */
+#define TLS13_HL_LENGTH_SIZE 2
+#define TLS13_HL_LABEL_SIZE 1
+#define TLS13_HL_LABEL_MAX_LENGTH 255
+#define TLS13_HL_CONTEXT_SIZE 1
+#define TLS13_HL_CONTEXT_MAX_LENGTH 255
+#define TLS13_HKDF_LABEL_MAX_SIZE \
+    (TLS13_HL_LENGTH_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \
+     + TLS13_HL_CONTEXT_SIZE + TLS13_HL_CONTEXT_MAX_LENGTH)
+
 static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx,
                                         P11PROV_OBJ *keyobj, uint8_t *prefix,
                                         size_t prefixlen, uint8_t *label,
@@ -282,7 +304,7 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx,
         .pParameter = &params,
         .ulParameterLen = sizeof(params),
     };
-    uint8_t info[2 + 1 + 255 + 1 + 255];
+    uint8_t info[TLS13_HKDF_LABEL_MAX_SIZE];
     size_t infolen, i;
     uint16_t keysize;
     CK_RV ret;
@@ -292,13 +314,12 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx,
         prefix, prefixlen, label, labellen, data, datalen);
 
     if (prefix == NULL || prefixlen == 0 || label == NULL || labellen == 0
-        || (prefixlen + labellen > 255) || (datalen > 0 && data == NULL)
-        || (datalen == 0 && data != NULL) || (datalen > 255)
-        || (keylen > 65535)) {
+        || (prefixlen + labellen > TLS13_HL_LABEL_MAX_LENGTH)
+        || (datalen > 0 && data == NULL) || (datalen == 0 && data != NULL)
+        || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH)) {
         return CKR_ARGUMENTS_BAD;
     }
 
-    /* ref: RFC 8446 - 7.1 Key Schedule */
     infolen = 2 + 1 + prefixlen + labellen + 1 + datalen;
     i = 0;
     keysize = htobe16(keylen);