Forbid keys of size 0

Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".

Therefore, forbid keys of size 0. No implementation may accept them.
This commit is contained in:
Gilles Peskine 2019-09-12 18:29:43 +02:00
parent a170d927dd
commit 05c900b576

View file

@ -291,7 +291,8 @@ static void psa_set_key_type(psa_key_attributes_t *attributes,
* \param[out] attributes The attribute structure to write to. * \param[out] attributes The attribute structure to write to.
* \param bits The key size in bits. * \param bits The key size in bits.
* If this is 0, the key size in \p attributes * If this is 0, the key size in \p attributes
* becomes unspecified. * becomes unspecified. Keys of size 0 are
* not supported.
*/ */
static void psa_set_key_bits(psa_key_attributes_t *attributes, static void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits); size_t bits);
@ -468,6 +469,13 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
* and to the documentation of psa_export_key() for the format for * and to the documentation of psa_export_key() for the format for
* other key types. * other key types.
* *
* The key data determines the key size. The attributes may optionally
* specify a key size; in this case it must match the size determined
* from the key data. A key size of 0 in \p attributes indicates that
* the key size is solely determined by the key data.
*
* Implementations must reject an attempt to import a key of size 0.
*
* This specification supports a single format for each key type. * This specification supports a single format for each key type.
* Implementations may support other formats as long as the standard * Implementations may support other formats as long as the standard
* format is supported. Implementations that support other formats * format is supported. Implementations that support other formats
@ -3092,6 +3100,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
* - Clean up the key derivation operation object with * - Clean up the key derivation operation object with
* psa_key_derivation_abort(). * psa_key_derivation_abort().
* *
* Implementations must reject an attempt to derive a key of size 0.
*
* \param[in,out] operation The key derivation operation object * \param[in,out] operation The key derivation operation object
* to set up. It must * to set up. It must
* have been initialized but not set up yet. * have been initialized but not set up yet.
@ -3622,6 +3632,8 @@ psa_status_t psa_generate_random(uint8_t *output,
* The key is generated randomly. * The key is generated randomly.
* Its location, usage policy, type and size are taken from \p attributes. * Its location, usage policy, type and size are taken from \p attributes.
* *
* Implementations must reject an attempt to generate a key of size 0.
*
* The following type-specific considerations apply: * The following type-specific considerations apply:
* - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR), * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
* the public exponent is 65537. * the public exponent is 65537.