v1.17: [zk-token-sdk] Limit max seed length for key derivations (back…

…port of #33700) (#33795) [zk-token-sdk] Limit max seed length for key derivations (#33700) * limit max seed length for elgamal keypairs * limit max seed length for authenticated encryption keys * Apply suggestions from code review Co-authored-by: Jon Cinque <[email protected]> * rename `SeedLengthTooLarge` to `SeedLengthTooLong` --------- Co-authored-by: Jon Cinque <[email protected]> (cherry picked from commit dd2b1bb) Co-authored-by: samkim-crypto <[email protected]>
solana-labs · Oct 20, 2023 · c9e8f9c · c9e8f9c
1 parent f3308f7
commit c9e8f9c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/zk-token-sdk/src/encryption/auth_encryption.rs b/zk-token-sdk/src/encryption/auth_encryption.rs
@@ -50,6 +50,8 @@ pub enum AuthenticatedEncryptionError {
     DerivationMethodNotSupported,
     #[error("seed length too short for derivation")]
     SeedLengthTooShort,
+    #[error("seed length too long for derivation")]
+    SeedLengthTooLong,
 }
 
 struct AuthenticatedEncryption;
@@ -172,10 +174,14 @@ impl EncodableKey for AeKey {
 impl SeedDerivable for AeKey {
     fn from_seed(seed: &[u8]) -> Result<Self, Box<dyn error::Error>> {
         const MINIMUM_SEED_LEN: usize = AE_KEY_LEN;
+        const MAXIMUM_SEED_LEN: usize = 65535;
 
         if seed.len() < MINIMUM_SEED_LEN {
             return Err(AuthenticatedEncryptionError::SeedLengthTooShort.into());
         }
+        if seed.len() > MAXIMUM_SEED_LEN {
+            return Err(AuthenticatedEncryptionError::SeedLengthTooLong.into());
+        }
 
         let mut hasher = Sha3_512::new();
         hasher.update(seed);
@@ -278,4 +284,16 @@ mod tests {
         let null_signer = NullSigner::new(&Pubkey::default());
         assert!(AeKey::new_from_signer(&null_signer, Pubkey::default().as_ref()).is_err());
     }
+
+    #[test]
+    fn test_aes_key_from_seed() {
+        let good_seed = vec![0; 32];
+        assert!(AeKey::from_seed(&good_seed).is_ok());
+
+        let too_short_seed = vec![0; 15];
+        assert!(AeKey::from_seed(&too_short_seed).is_err());
+
+        let too_long_seed = vec![0; 65536];
+        assert!(AeKey::from_seed(&too_long_seed).is_err());
+    }
 }
diff --git a/zk-token-sdk/src/encryption/elgamal.rs b/zk-token-sdk/src/encryption/elgamal.rs
@@ -76,6 +76,8 @@ pub enum ElGamalError {
     DerivationMethodNotSupported,
     #[error("seed length too short for derivation")]
     SeedLengthTooShort,
+    #[error("seed length too long for derivation")]
+    SeedLengthTooLong,
 }
 
 /// Algorithm handle for the twisted ElGamal encryption scheme
@@ -449,10 +451,14 @@ impl ElGamalSecretKey {
     /// Derive an ElGamal secret key from an entropy seed.
     pub fn from_seed(seed: &[u8]) -> Result<Self, ElGamalError> {
         const MINIMUM_SEED_LEN: usize = ELGAMAL_SECRET_KEY_LEN;
+        const MAXIMUM_SEED_LEN: usize = 65535;
 
         if seed.len() < MINIMUM_SEED_LEN {
             return Err(ElGamalError::SeedLengthTooShort);
         }
+        if seed.len() > MAXIMUM_SEED_LEN {
+            return Err(ElGamalError::SeedLengthTooLong);
+        }
         Ok(ElGamalSecretKey(Scalar::hash_from_bytes::<Sha3_512>(seed)))
     }
 
@@ -1026,6 +1032,9 @@ mod tests {
 
         let too_short_seed = vec![0; 31];
         assert!(ElGamalKeypair::from_seed(&too_short_seed).is_err());
+
+        let too_long_seed = vec![0; 65536];
+        assert!(ElGamalKeypair::from_seed(&too_long_seed).is_err());
     }
 
     #[test]