blockworks-foundation
/
solana-with-rpc-optimizations
mirror of https://github.com/blockworks-foundation/solana-with-rpc-optimizations.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[zk-token-sdk] Limit max seed length for key derivations (#33700) 

* limit max seed length for elgamal keypairs

* limit max seed length for authenticated encryption keys

* Apply suggestions from code review

Co-authored-by: Jon Cinque <me@jonc.dev>

* rename `SeedLengthTooLarge` to `SeedLengthTooLong`

---------

Co-authored-by: Jon Cinque <me@jonc.dev>
This commit is contained in:
samkim-crypto 2023-10-20 13:02:37 -07:00 committed by GitHub
parent a5c7c999e2
commit dd2b1bb5a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
zk-token-sdk/src/encryption/auth_encryption.rs
View File

@ -50,6 +50,8 @@ pub enum AuthenticatedEncryptionError {
DerivationMethodNotSupported,
#[error("seed length too short for derivation")]
SeedLengthTooShort,
#[error("seed length too long for derivation")]
SeedLengthTooLong,
}
struct AuthenticatedEncryption;
@ -172,10 +174,14 @@ impl EncodableKey for AeKey {
impl SeedDerivable for AeKey {
fn from_seed(seed: &[u8]) -> Result<Self, Box<dyn error::Error>> {
const MINIMUM_SEED_LEN: usize = AE_KEY_LEN;
const MAXIMUM_SEED_LEN: usize = 65535;
if seed.len() < MINIMUM_SEED_LEN {
return Err(AuthenticatedEncryptionError::SeedLengthTooShort.into());
}
if seed.len() > MAXIMUM_SEED_LEN {
return Err(AuthenticatedEncryptionError::SeedLengthTooLong.into());
}
let mut hasher = Sha3_512::new();
hasher.update(seed);
@ -278,4 +284,16 @@ mod tests {
let null_signer = NullSigner::new(&Pubkey::default());
assert!(AeKey::new_from_signer(&null_signer, Pubkey::default().as_ref()).is_err());
}
#[test]
fn test_aes_key_from_seed() {
let good_seed = vec![0; 32];
assert!(AeKey::from_seed(&good_seed).is_ok());
let too_short_seed = vec![0; 15];
assert!(AeKey::from_seed(&too_short_seed).is_err());
let too_long_seed = vec![0; 65536];
assert!(AeKey::from_seed(&too_long_seed).is_err());
}
}

9
zk-token-sdk/src/encryption/elgamal.rs
View File

@ -76,6 +76,8 @@ pub enum ElGamalError {
DerivationMethodNotSupported,
#[error("seed length too short for derivation")]
SeedLengthTooShort,
#[error("seed length too long for derivation")]
SeedLengthTooLong,
}
/// Algorithm handle for the twisted ElGamal encryption scheme
@ -449,10 +451,14 @@ impl ElGamalSecretKey {
/// Derive an ElGamal secret key from an entropy seed.
pub fn from_seed(seed: &[u8]) -> Result<Self, ElGamalError> {
const MINIMUM_SEED_LEN: usize = ELGAMAL_SECRET_KEY_LEN;
const MAXIMUM_SEED_LEN: usize = 65535;
if seed.len() < MINIMUM_SEED_LEN {
return Err(ElGamalError::SeedLengthTooShort);
}
if seed.len() > MAXIMUM_SEED_LEN {
return Err(ElGamalError::SeedLengthTooLong);
}
Ok(ElGamalSecretKey(Scalar::hash_from_bytes::<Sha3_512>(seed)))
}
@ -1026,6 +1032,9 @@ mod tests {
let too_short_seed = vec![0; 31];
assert!(ElGamalKeypair::from_seed(&too_short_seed).is_err());
let too_long_seed = vec![0; 65536];
assert!(ElGamalKeypair::from_seed(&too_long_seed).is_err());
}
#[test]