Skip to content

Commit

Permalink
Validate oeap_label len
Browse files Browse the repository at this point in the history
  • Loading branch information
aveenismail committed Aug 29, 2024
1 parent f2aa63e commit 7dd21bb
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
6 changes: 6 additions & 0 deletions lib/yubihsm.c
Original file line number Diff line number Diff line change
Expand Up @@ -2900,6 +2900,12 @@ do_rsa_wrap(yh_cmd cmd,
return YHR_INVALID_PARAMETERS;
}

if (oaep_label_len != 20 && oaep_label_len != 32 && oaep_label_len != 48 &&
oaep_label_len != 64) {
DBG_ERR("Wrong digest length. %s", yh_strerror(YHR_INVALID_PARAMETERS));
return YHR_INVALID_PARAMETERS;
}

#pragma pack(push, 1)
union {
struct {
Expand Down
8 changes: 4 additions & 4 deletions resources/tests/bash/test_wrapkey.sh
Original file line number Diff line number Diff line change
Expand Up @@ -290,9 +290,9 @@ for k in ${RSA_KEYSIZE[@]}; do
rm data.enc

echo "=== Wrap and unwrap AES key material with generated RSA wrap key"
test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --out rsawrapped.key" " Export wrapped AES key material"
test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key --oaep rsa-oaep-sha384 --mgf1 mgf1-sha1 --out rsawrapped.key" " Export wrapped AES key material"
test "$BIN -p password -a delete-object -i $aeskey -t symmetric-key" " Delete AES key"
test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key -A aes128 -c exportable-under-wrap,decrypt-cbc,encrypt-cbc --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --in rsawrapped.key" " Import wrapped AES key material"
test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $keyid -i $aeskey -t symmetric-key -A aes128 -c exportable-under-wrap,decrypt-cbc,encrypt-cbc --oaep rsa-oaep-sha384 --mgf1 mgf1-sha1 --in rsawrapped.key" " Import wrapped AES key material"
info=$($BIN -p password -a get-object-info -i $aeskey -t symmetric-key 2> /dev/null)
seq_aes=$((seq_aes+1))
cmp_str_content "$info" "sequence: $seq_aes" "Sequence"
Expand Down Expand Up @@ -337,9 +337,9 @@ for k in ${RSA_KEYSIZE[@]}; do
rm rsawrapped.object

echo "=== Wrap and unwrap EC key material with imported RSA wrap key"
test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --out rsawrapped.key" " Export wrapped EC key material"
test "$BIN -p password -a get-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key --oaep rsa-oaep-sha512 --mgf1 mgf1-sha512 --out rsawrapped.key" " Export wrapped EC key material"
test "$BIN -p password -a delete-object -i $eckey -t asymmetric-key" " Delete EC key"
test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key -A ecp224 -c exportable-under-wrap,sign-ecdsa --oaep rsa-oaep-sha1 --mgf1 mgf1-sha384 --in rsawrapped.key" " Import wrapped EC key material"
test "$BIN -p password -a put-rsa-wrapped-key --wrap-id $import_keyid -i $eckey -t asymmetric-key -A ecp224 -c exportable-under-wrap,sign-ecdsa --oaep rsa-oaep-sha512 --mgf1 mgf1-sha512 --in rsawrapped.key" " Import wrapped EC key material"
info=$($BIN -p password -a get-object-info -i $eckey -t asymmetric-key 2> /dev/null)
seq_ec=$((seq_ec+1))
cmp_str_content "$info" "sequence: $seq_ec" "Sequence"
Expand Down

0 comments on commit 7dd21bb

Please sign in to comment.