2
0

Limit subkeys to 128-512 bit.

This commit is contained in:
Maarten Billemont 2017-08-10 12:45:25 -04:00
parent 4f7c28563d
commit c3bb896f40
2 changed files with 6 additions and 3 deletions

View File

@ -190,8 +190,8 @@ static const char *mpw_sitePasswordFromDerive_v0(
return NULL; return NULL;
} }
int resultParamInt = atoi( resultParam ); int resultParamInt = atoi( resultParam );
if (resultParamInt <= 0 || resultParamInt > UINT16_MAX || resultParamInt % 8 != 0) { if (resultParamInt < 128 || resultParamInt > 512 || resultParamInt % 8 != 0) {
err( "Parameter is not a valid key size: %s\n", resultParam ); err( "Parameter is not a valid key size (should be 128 - 512): %s\n", resultParam );
return NULL; return NULL;
} }
uint16_t keySize = (uint16_t)(resultParamInt / 8); uint16_t keySize = (uint16_t)(resultParamInt / 8);

View File

@ -164,7 +164,10 @@ uint8_t const *mpw_kdf_blake2b(const size_t subkeySize, const uint8_t *key, cons
return NULL; return NULL;
#if HAS_SODIUM #if HAS_SODIUM
if (personal && strlen( personal ) > crypto_generichash_blake2b_PERSONALBYTES) { if (keySize < crypto_generichash_blake2b_KEYBYTES_MIN || keySize > crypto_generichash_blake2b_KEYBYTES_MAX ||
subkeySize < crypto_generichash_blake2b_KEYBYTES_MIN || subkeySize > crypto_generichash_blake2b_KEYBYTES_MAX ||
contextSize < crypto_generichash_blake2b_BYTES_MIN || contextSize > crypto_generichash_blake2b_BYTES_MAX ||
(personal && strlen( personal ) > crypto_generichash_blake2b_PERSONALBYTES)) {
errno = EINVAL; errno = EINVAL;
free( subkey ); free( subkey );
return NULL; return NULL;