Check that function input lengths match expected values

open-quantum-safe / liboqs

C library for prototyping and experimenting with quantum-resistant cryptography

https://openquantumsafe.org/

Other

1.87k stars 459 forks source link

Check that function input lengths match expected values #185

Closed dstebila closed 6 years ago

dstebila commented 7 years ago

Functions like OQS_KEX_..._bob and OQS_KEX_..._alice1 take public messages as input and include a length field. Each implementation has its own expectations on what that length field should be. We are not consistently checking to make sure that the supplied length field is equal to the expected length field for that algorithm. We should check all our algorithms for this.

See forthcoming pull request from @mvd-ows for an example in kex_code_mcbits.

mvd-ows commented 7 years ago

https://github.com/open-quantum-safe/liboqs/pull/186

A proper analysis would have to examine how the public message is being processed by the KEX algorithm on the receiving end. Special focus should be on examining public message blobs to see if they include fields that contain offsets or sizes.

truth-quark commented 6 years ago

Should we close this issue as KEX is being removed?