-
Notifications
You must be signed in to change notification settings - Fork 570
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FFI: Loading of raw FrodoKEM keys & FIX: "insufficient buffer handling" in FFI's decapsulate #4373
Conversation
When passing an insufficiently sized buffer into botan_pk_op_kem_decrypt_shared_key() it returned BOTAN_FFI_SUCCESS instead of BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE.
... the assertion replaced by this was easily triggerable via the public API, simply by trying to create a FrodoKEM key pair of a mode that is not available in the particular build of Botan.
... this will be used as a base class to test other (PQ)-KEMs
df60ea1
to
102e1ac
Compare
102e1ac
to
7e2b1a6
Compare
Thanks for adding these missing functions. I've successfully tested public key de-/encoding for FrodoKEM via the I've not tested private key loading because our KAT vectors are currently based on a DRBG seed and the FrodoKEM private key format is not just the seeds ( |
src/lib/ffi/ffi_pkey_algs.cpp
Outdated
return BOTAN_FFI_SUCCESS; | ||
}); | ||
#else | ||
BOTAN_UNUSED(key, privkey, key_len, frodo_mode); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copy & paste issue:
BOTAN_UNUSED(key, privkey, key_len, frodo_mode); | |
BOTAN_UNUSED(key, pubkey, key_len, frodo_mode); |
7e2b1a6
to
cb9b92b
Compare
@reneme Fine to include the fix in this PR, don't see a need to split it out. Also fine to make the loader function algorithm specific; we may well want a generic approach in the long run but that has been the status quo for FFI up until now, and designing something at the last minute (wrt 3.6.0) doesn't seem wise. |
Drive-by fixes
botan_pk_op_kem_decrypt_shared_key()
. When provided with an insufficiently large buffer to output the shared key, this function would fail to returnBOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE
and instead claim success. This gets fixed in the first commit of this pull request.Not_Implemented
.@randombit Should we create an independent PRs for these fixes? I dropped it in here, as I don't expect that many people actually used the KEM interface prior to PQC.
Description
This introduces
botan_privkey_load_frodokem()
, andbotan_pubkey_load_frodokem()
to conveniently decode raw FrodoKEM keys via the FFI (see discussion in #4366). Note that raw encoding is implemented generically, see #4368.I opted to not implement the loading generically, for consistency with the existing low-level "raw" decodings of RSA, ECC and friends. But technically (for the PQC-algos), we could also go for a generic approach along those lines:
load_generic_*(&key, encoded_key, encoded_key_len, algo_name, algo_mode_descriptor)
. @randombit What's your view on this?Also, this adds a fairly extensive and generic test for the KEM support in FFI that I'm planning to re-use for ML-KEM (#3893) and Classic McEliece (#3883).