diff --git a/src/kdf.c b/src/kdf.c index d4c23fe4..fd4fe218 100644 --- a/src/kdf.c +++ b/src/kdf.c @@ -261,6 +261,28 @@ static int p11prov_hkdf_derive(void *ctx, unsigned char *key, size_t keylen, return RET_OSSL_OK; } +/* ref: RFC 8446 - 7.1 Key Schedule + * Citation: + * HKDF-Expand-Label(Secret, Label, Context, Length) = + HKDF-Expand(Secret, HkdfLabel, Length) + * + * Where HkdfLabel is specified as: + * + * struct { + * uint16 length = Length; + * opaque label<7..255> = "tls13 " + Label; + * opaque context<0..255> = Context; + * } HkdfLabel; + */ +#define TLS13_HL_LENGTH_SIZE 2 +#define TLS13_HL_LABEL_SIZE 1 +#define TLS13_HL_LABEL_MAX_LENGTH 255 +#define TLS13_HL_CONTEXT_SIZE 1 +#define TLS13_HL_CONTEXT_MAX_LENGTH 255 +#define TLS13_HKDF_LABEL_MAX_SIZE \ + (TLS13_HL_LENGTH_SIZE + TLS13_HL_LABEL_SIZE + TLS13_HL_LABEL_MAX_LENGTH \ + + TLS13_HL_CONTEXT_SIZE + TLS13_HL_CONTEXT_MAX_LENGTH) + static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx, P11PROV_OBJ *keyobj, uint8_t *prefix, size_t prefixlen, uint8_t *label, @@ -282,7 +304,7 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx, .pParameter = ¶ms, .ulParameterLen = sizeof(params), }; - uint8_t info[2 + 1 + 255 + 1 + 255]; + uint8_t info[TLS13_HKDF_LABEL_MAX_SIZE]; size_t infolen, i; uint16_t keysize; CK_RV ret; @@ -292,13 +314,12 @@ static CK_RV p11prov_tls13_expand_label(P11PROV_KDF_CTX *hkdfctx, prefix, prefixlen, label, labellen, data, datalen); if (prefix == NULL || prefixlen == 0 || label == NULL || labellen == 0 - || (prefixlen + labellen > 255) || (datalen > 0 && data == NULL) - || (datalen == 0 && data != NULL) || (datalen > 255) - || (keylen > 65535)) { + || (prefixlen + labellen > TLS13_HL_LABEL_MAX_LENGTH) + || (datalen > 0 && data == NULL) || (datalen == 0 && data != NULL) + || (datalen > TLS13_HL_CONTEXT_MAX_LENGTH)) { return CKR_ARGUMENTS_BAD; } - /* ref: RFC 8446 - 7.1 Key Schedule */ infolen = 2 + 1 + prefixlen + labellen + 1 + datalen; i = 0; keysize = htobe16(keylen);