Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate KEY_DATA_BLOB_VERSION1 content in ExtractHKDF #71

Merged
merged 1 commit into from
Oct 31, 2024
Merged

Validate KEY_DATA_BLOB_VERSION1 content in ExtractHKDF #71

merged 1 commit into from
Oct 31, 2024

Conversation

qmuntal
Copy link
Member

@qmuntal qmuntal commented Oct 29, 2024

Validate that KEY_DATA_BLOB_VERSION1.cbHashName fits in the blob, else return an error instead of panic'ing.

This case shouldn't happen, and I don't know how to trigger it. Yet, #70 reported a corrupted KEY_DATA_BLOB_VERSION1 when using an old Windows 10 version.

dagood
dagood approved these changes Oct 29, 2024
View reviewed changes
cng/hkdf.go
Comment on lines 158 to 161
// KEY_DATA_BLOB_VERSION1 format is:
// cbHash uint32 // Big-endian
// hashName [cbHash]byte
// cbHashName uint32 // Big-endian
// pHashName [cbHash]byte
// key []byte // Rest of the blob
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does this format come from? I'm not able to find it anywhere.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I don't remember where the definition came from. Maybe I just inspected the content of the data and figured it out? I'll ask the CNG team to document this payload, just as other algorithm payloads are.

@qmuntal qmuntal merged commit 6d46b29 into main Oct 31, 2024
17 checks passed
@qmuntal qmuntal deleted the dev/qmuntal/hkdfcheck branch October 31, 2024 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagood dagood dagood approved these changes

@karianna karianna karianna approved these changes

@mertakman mertakman Awaiting requested review from mertakman

@gdams gdams Awaiting requested review from gdams

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qmuntal @karianna @dagood