eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make LMS verification return VERIFY_FAILED more

Browse source 
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT

Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit is contained in:
Raef Coles 2022-10-10 15:40:56 +01:00
parent fbd60ec775
commit faf59babe8
No known key found for this signature in database
GPG key ID: 1AAF1B43DF2086F4
2 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/lmots.c
View file

@ -565,7 +565,7 @@ int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
NULL ); NULL );
if( ret ) if( ret )
{ {
return( ret ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
} }
if( memcmp( &Kc_public_key_candidate, ctx->public_key, if( memcmp( &Kc_public_key_candidate, ctx->public_key,

22
library/lms.c
View file

@ -322,11 +322,6 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
} }
if( sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) )
{
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
}
if( ctx->params.type if( ctx->params.type
!= MBEDTLS_LMS_SHA256_M32_H10 ) != MBEDTLS_LMS_SHA256_M32_H10 )
{ {
@ -339,6 +334,16 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
} }
if( sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) )
{
return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
}
if( sig_size < SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
{
return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
}
if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
sig + SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) sig + SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET )
!= MBEDTLS_LMOTS_SHA256_N32_W8 ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
@ -346,6 +351,11 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
} }
if( sig_size < SIG_TYPE_OFFSET(ctx->params.otstype) + MBEDTLS_LMS_TYPE_LEN )
{
return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
}
if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN,
sig + SIG_TYPE_OFFSET(ctx->params.otstype)) sig + SIG_TYPE_OFFSET(ctx->params.otstype))
!= MBEDTLS_LMS_SHA256_M32_H10 ) != MBEDTLS_LMS_SHA256_M32_H10 )
@ -376,7 +386,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
sizeof( Kc_candidate_ots_pub_key ), NULL ); sizeof( Kc_candidate_ots_pub_key ), NULL );
if( ret != 0 ) if( ret != 0 )
{ {
return( ret ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
} }
create_merkle_leaf_value( create_merkle_leaf_value(