Skip to content

Commit 33efd8c

Browse files
authored
Merge pull request wolfSSL#10050 from anhu/pbkdf_max
Add upper limit to PBKDF iteration count
2 parents 7cfc9e9 + 717ce03 commit 33efd8c

6 files changed

Lines changed: 254 additions & 46 deletions

File tree

.wolfssl_known_macro_extras

Lines changed: 4 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ ARDUINO_UNOR4_WIFI
3030
ASN_DUMP_OID
3131
ASN_TEMPLATE_SKIP_ISCA_CHECK
3232
ATCAPRINTF
33-
ATCA_HAL_I2C
3433
ATCA_ENABLE_DEPRECATED
34+
ATCA_HAL_I2C
3535
ATCA_TFLEX_SUPPORT
3636
ATECC_DEV_TYPE
3737
AVR
@@ -471,7 +471,6 @@ NO_WOLFSSL_RENESAS_FSPSM_AES
471471
NO_WOLFSSL_RENESAS_FSPSM_HASH
472472
NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
473473
NO_WOLFSSL_SHA256
474-
NO_WOLFSSL_SHA256_INTERLEAVE
475474
NO_WOLFSSL_SHA512_INTERLEAVE
476475
NO_WOLFSSL_SKIP_TRAILING_PAD
477476
NO_WOLFSSL_SMALL_STACK_STATIC
@@ -628,7 +627,6 @@ USS_API
628627
WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
629628
WC_AES_BS_WORD_SIZE
630629
WC_AES_GCM_DEC_AUTH_EARLY
631-
WC_ALLOW_ECC_ZERO_HASH
632630
WC_ASN_HASH_SHA256
633631
WC_ASN_RUNTIME_DATE_CHECK_CONTROL
634632
WC_ASYNC_ENABLE_ECC_KEYGEN
@@ -653,8 +651,6 @@ WC_ASYNC_NO_SHA512
653651
WC_ASYNC_NO_X25519
654652
WC_ASYNC_THREAD_BIND
655653
WC_CACHE_RESISTANT_BASE64_TABLE
656-
WC_DILITHIUM_CACHE_PRIV_VECTORS
657-
WC_DILITHIUM_CACHE_PUB_VECTORS
658654
WC_DILITHIUM_FIXED_ARRAY
659655
WC_DISABLE_RADIX_ZERO_PAD
660656
WC_FLAG_DONT_USE_AESNI
@@ -718,11 +714,9 @@ WOLFSSL_ASN_EXTRA
718714
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
719715
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
720716
WOLFSSL_ATECC508
721-
WOLFSSL_ATECC508A_NOIDLE
722717
WOLFSSL_ATECC508A_NOSOFTECC
723718
WOLFSSL_ATECC508A_TLS
724719
WOLFSSL_ATECC_ECDH_IOENC
725-
WOLFSSL_ATECC_NO_ECDH_ENC
726720
WOLFSSL_ATECC_RNG
727721
WOLFSSL_ATECC_TFLXTLS
728722
WOLFSSL_ATECC_TNGTLS
@@ -743,15 +737,11 @@ WOLFSSL_CLIENT_EXAMPLE
743737
WOLFSSL_CONTIKI
744738
WOLFSSL_CRL_ALLOW_MISSING_CDP
745739
WOLFSSL_DILITHIUM_ASSIGN_KEY
746-
WOLFSSL_DILITHIUM_NO_ASN1
747740
WOLFSSL_DILITHIUM_NO_CHECK_KEY
748741
WOLFSSL_DILITHIUM_NO_MAKE
749742
WOLFSSL_DILITHIUM_REVERSE_HASH_OID
750743
WOLFSSL_DILITHIUM_SIGN_CHECK_W0
751744
WOLFSSL_DILITHIUM_SIGN_CHECK_Y
752-
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
753-
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
754-
WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
755745
WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
756746
WOLFSSL_DRBG_SHA256
757747
WOLFSSL_DTLS_DISALLOW_FUTURE
@@ -808,10 +798,8 @@ WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE
808798
WOLFSSL_LINUXKM_USE_MUTEXES
809799
WOLFSSL_LMS_CACHE_BITS
810800
WOLFSSL_LMS_FULL_HASH
811-
WOLFSSL_LMS_LARGE_CACHES
812801
WOLFSSL_LMS_MAX_HEIGHT
813802
WOLFSSL_LMS_MAX_LEVELS
814-
WOLFSSL_LMS_NO_SIG_CACHE
815803
WOLFSSL_LMS_ROOT_LEVELS
816804
WOLFSSL_LPC43xx
817805
WOLFSSL_MAKE_SYSTEM_NAME_LINUX
@@ -868,16 +856,10 @@ WOLFSSL_NO_TICKET_EXPIRE
868856
WOLFSSL_NO_TRUSTED_CERTS_VERIFY
869857
WOLFSSL_NO_WORD64_OPS
870858
WOLFSSL_NO_XOR_OPS
871-
WOLFSSL_NXP_LPC55S6X
872-
WOLFSSL_NXP_CASPER
873-
WOLFSSL_NXP_CASPER_ECC_MULMOD
874-
WOLFSSL_NXP_CASPER_ECC_MUL2ADD
875-
WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD
876-
WOLFSSL_NXP_HASHCRYPT
877-
WOLFSSL_NXP_HASHCRYPT_AES
878-
WOLFSSL_NXP_HASHCRYPT_SHA
879-
WOLFSSL_NXP_RNG_1
880859
WOLFSSL_NRF51_AES
860+
WOLFSSL_NXP_CASPER_ECC_MUL2ADD
861+
WOLFSSL_NXP_CASPER_ECC_MULMOD
862+
WOLFSSL_NXP_LPC55S6X
881863
WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
882864
WOLFSSL_OLD_SET_CURVES_LIST
883865
WOLFSSL_OLD_TIMINGPADVERIFY
@@ -970,10 +952,8 @@ WOLFSSL_USE_FLASHMEM
970952
WOLFSSL_USE_FORCE_ZERO
971953
WOLFSSL_USE_OPTIONS_H
972954
WOLFSSL_VALIDATE_DH_KEYGEN
973-
WOLFSSL_WC_LMS_SERIALIZE_STATE
974955
WOLFSSL_WC_SLHDSA_RECURSIVE
975956
WOLFSSL_WC_XMSS_NO_SHA256
976-
WOLFSSL_WC_XMSS_NO_SHAKE256
977957
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
978958
WOLFSSL_X509_STORE_ALLOW_NON_CA_INTERMEDIATE
979959
WOLFSSL_X509_STORE_CERTS
@@ -982,7 +962,6 @@ WOLFSSL_XFREE_NO_NULLNESS_CHECK
982962
WOLFSSL_XILINX_CRYPTO_OLD
983963
WOLFSSL_XILINX_PATCH
984964
WOLFSSL_XIL_MSG_NO_SLEEP
985-
WOLFSSL_XMSS_LARGE_SECRET_KEY
986965
WOLFSSL_ZEPHYR
987966
WOLF_ALLOW_BUILTIN
988967
WOLF_CRYPTO_CB_CMD

doc/dox_comments/header_files/pwdbased.h

Lines changed: 53 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,8 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
174174
\brief Extended version of PBKDF1 with heap hint.
175175
176176
\return 0 on success
177-
\return BAD_FUNC_ARG on invalid arguments
177+
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
178+
current_wc_pbkdf_max_iterations
178179
\return MEMORY_E on memory allocation error
179180
180181
\param key Output key buffer
@@ -199,6 +200,8 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
199200
\endcode
200201
201202
\sa wc_PBKDF1
203+
\sa wc_PBKDF_max_iterations_set
204+
\sa wc_PBKDF_max_iterations_get
202205
*/
203206
int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
204207
const byte* passwd, int passwdLen, const byte* salt, int saltLen,
@@ -209,7 +212,8 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
209212
\brief Extended version of PBKDF2 with heap hint and device ID.
210213
211214
\return 0 on success
212-
\return BAD_FUNC_ARG on invalid arguments
215+
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
216+
current_wc_pbkdf_max_iterations
213217
\return MEMORY_E on memory allocation error
214218
215219
\param output Output key buffer
@@ -234,6 +238,8 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
234238
\endcode
235239
236240
\sa wc_PBKDF2
241+
\sa wc_PBKDF_max_iterations_set
242+
\sa wc_PBKDF_max_iterations_get
237243
*/
238244
int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
239245
const byte* salt, int sLen, int iterations, int kLen,
@@ -244,7 +250,8 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
244250
\brief Extended version of PKCS12_PBKDF with heap hint.
245251
246252
\return 0 on success
247-
\return BAD_FUNC_ARG on invalid arguments
253+
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
254+
current_wc_pbkdf_max_iterations
248255
\return MEMORY_E on memory allocation error
249256
250257
\param output Output key buffer
@@ -268,6 +275,8 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
268275
\endcode
269276
270277
\sa wc_PKCS12_PBKDF
278+
\sa wc_PBKDF_max_iterations_set
279+
\sa wc_PBKDF_max_iterations_get
271280
*/
272281
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
273282
const byte* salt, int saltLen, int iterations, int kLen,
@@ -338,3 +347,44 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
338347
int wc_scrypt_ex(byte* output, const byte* passwd, int passLen,
339348
const byte* salt, int saltLen, word32 iterations, int blockSize,
340349
int parallel, int dkLen);
350+
351+
/*!
352+
\ingroup Password
353+
\brief Set the current iteration limit for PBKDF.
354+
355+
By default, the iteration limit is set to WC_PBKDF_DEFAULT_MAX_ITERATIONS,
356+
which can be overridden at build time. This function allows runtime
357+
override of the limit.
358+
359+
Note that `wc_PBKDF_max_iterations_set()` has no provisions for thread
360+
synchronization. Users should arrange to call it at startup or idle times,
361+
when there are no other PBKDF calls in progress.
362+
363+
\return Previous iteration limit on success
364+
\return BAD_FUNC_ARG on invalid arguments
365+
366+
\param iters The new iteration limit.
367+
368+
_Example_
369+
\code
370+
int prev_iter_limit = wc_PBKDF_max_iterations_set(100000000);
371+
\endcode
372+
373+
\sa wc_scrypt
374+
*/
375+
int wc_PBKDF_max_iterations_set(int iters);
376+
377+
/*!
378+
\ingroup Password
379+
\brief Get the current iteration limit for PBKDF.
380+
381+
\return Current iteration limit
382+
383+
_Example_
384+
\code
385+
int cur_iter_limit = wc_PBKDF_max_iterations_get();
386+
\endcode
387+
388+
\sa wc_scrypt
389+
*/
390+
int wc_PBKDF_max_iterations_get(void);

wolfcrypt/src/pwdbased.c

Lines changed: 45 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,24 @@
5454
}
5555
#endif
5656

57+
static int current_wc_pbkdf_max_iterations = WC_PBKDF_DEFAULT_MAX_ITERATIONS;
58+
59+
int wc_PBKDF_max_iterations_set(int iters)
60+
{
61+
if (iters <= 0)
62+
return BAD_FUNC_ARG;
63+
else {
64+
int prev = current_wc_pbkdf_max_iterations;
65+
current_wc_pbkdf_max_iterations = iters;
66+
return prev;
67+
}
68+
}
69+
70+
int wc_PBKDF_max_iterations_get(void)
71+
{
72+
return current_wc_pbkdf_max_iterations;
73+
}
74+
5775
#ifdef HAVE_PBKDF1
5876

5977
/* PKCS#5 v1.5 with non standard extension to optionally derive the extra data (IV) */
@@ -82,6 +100,11 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
82100
if (iterations <= 0)
83101
iterations = 1;
84102

103+
if (iterations > current_wc_pbkdf_max_iterations) {
104+
WOLFSSL_MSG("PBKDF1 iteration count exceeds current_wc_pbkdf_max_iterations");
105+
return BAD_FUNC_ARG;
106+
}
107+
85108
hashT = wc_HashTypeConvert(hashType);
86109
err = wc_HashGetDigestSize(hashT);
87110
if (err < 0)
@@ -218,6 +241,11 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
218241
if (iterations <= 0)
219242
iterations = 1;
220243

244+
if (iterations > current_wc_pbkdf_max_iterations) {
245+
WOLFSSL_MSG("PBKDF2 iteration count exceeds current_wc_pbkdf_max_iterations");
246+
return BAD_FUNC_ARG;
247+
}
248+
221249
hashT = wc_HashTypeConvert(hashType);
222250
hLen = wc_HashGetDigestSize(hashT);
223251
if (hLen < 0)
@@ -406,6 +434,12 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
406434
if (iterations <= 0)
407435
iterations = 1;
408436

437+
if (iterations > current_wc_pbkdf_max_iterations) {
438+
WOLFSSL_MSG("PKCS12 PBKDF iteration count exceeds "
439+
"current_wc_pbkdf_max_iterations");
440+
return BAD_FUNC_ARG;
441+
}
442+
409443
hashT = wc_HashTypeConvert(hashType);
410444
ret = wc_HashGetDigestSize(hashT);
411445
if (ret < 0)
@@ -443,22 +477,17 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
443477
* must be 1 or greater here and is always 'true' */
444478
pLen = v * (((word32)passLen + v - 1) / v);
445479

446-
/* Guard against overflow in iLen = sLen + pLen and totalLen = dLen + iLen.
447-
* Individual sLen/pLen values fit in word32 (max 0x80000000 for INT_MAX
448-
* inputs), but their sum can overflow. */
449-
if (sLen > 0xFFFFFFFFU - pLen) {
480+
if (! WC_SAFE_SUM_UNSIGNED(word32, sLen, pLen, iLen)) {
450481
WC_FREE_VAR_EX(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
451482
WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
452483
return BAD_FUNC_ARG;
453484
}
454-
iLen = sLen + pLen;
455485

456-
if (iLen > 0xFFFFFFFFU - dLen) {
486+
if (! WC_SAFE_SUM_UNSIGNED(word32, dLen, sLen, totalLen)) {
457487
WC_FREE_VAR_EX(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
458488
WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
459489
return BAD_FUNC_ARG;
460490
}
461-
totalLen = dLen + sLen + pLen;
462491

463492
if (totalLen > sizeof(staticBuffer)) {
464493
buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY);
@@ -634,6 +663,12 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
634663
iterations = 1;
635664
}
636665

666+
if (iterations > current_wc_pbkdf_max_iterations) {
667+
WOLFSSL_MSG("PKCS12 PBKDF iteration count exceeds "
668+
"current_wc_pbkdf_max_iterations");
669+
return BAD_FUNC_ARG;
670+
}
671+
637672
/* u = hash output size. */
638673
hashT = wc_HashTypeConvert(hashType);
639674
ret = wc_HashGetDigestSize(hashT);
@@ -656,19 +691,14 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
656691
/* RFC 7292 B.2 step 3: P = password repeated to ceil(passLen/v)*v bytes */
657692
pLen = v * (((word32)passLen + v - 1) / v);
658693

659-
/* Guard against overflow in iLen = sLen + pLen and totalLen = v + iLen.
660-
* Individual sLen/pLen values fit in word32 (max 0x80000000 for INT_MAX
661-
* inputs), but their sum can overflow. */
662-
if (sLen > 0xFFFFFFFFU - pLen) {
694+
/* RFC 7292 B.2 step 4: I = S || P */
695+
if (! WC_SAFE_SUM_UNSIGNED(word32, sLen, pLen, iLen)) {
663696
return BAD_FUNC_ARG;
664697
}
665-
/* RFC 7292 B.2 step 4: I = S || P */
666-
iLen = sLen + pLen;
667698

668-
if (iLen > 0xFFFFFFFFU - v) {
699+
if (! WC_SAFE_SUM_UNSIGNED(word32, v, iLen, totalLen)) {
669700
return BAD_FUNC_ARG;
670701
}
671-
totalLen = v + iLen;
672702

673703
nwc = v / (word32)sizeof(PKCS12_WORD);
674704
nBlocks = iLen / v;

0 commit comments

Comments
 (0)