Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HKDF: inconsistency regarding output key material of zero length #42230

Closed
andreimilto opened this issue Sep 14, 2020 · 12 comments · Fixed by #52260
Closed

HKDF: inconsistency regarding output key material of zero length #42230

andreimilto opened this issue Sep 14, 2020 · 12 comments · Fixed by #52260
Assignees
@ADustyOldMuffin
Labels
area-System.Security good first issue Issue should be easy to implement, good for first-time contributors help wanted [up-for-grabs] Good issue for external contributors
Milestone
6.0.0

Comments

@andreimilto
Copy link

There's an inconsistency in the way methods of the System.Security.Cryptography.HKDF class treat a request to derive an output key material (OKM) of zero length: one method throws and the other three methods work ok.
Example:

byte[] ikm = new byte[32];
byte[] salt = new byte[32];
byte[] prk = new byte[32];
byte[] info = new byte[32];
int outputLength = 0;
byte[] output = new byte[outputLength];


// Works fine:
HKDF.DeriveKey(HashAlgorithmName.SHA256, ikm, output, salt, info);

// Works fine:
HKDF.DeriveKey(HashAlgorithmName.SHA256, ikm, outputLength, salt, info);

// Works fine:
HKDF.Expand(HashAlgorithmName.SHA256, prk, output, info);

// Throws ArgumentOutOfRangeException because of invalid outputLength value:
HKDF.Expand(HashAlgorithmName.SHA256, prk, outputLength, info);

Instead there should be a clear policy on whether a request to derive an OKM of zero length is considered valid or not:

  • if valid, all four methods should work (i.e., byte overload of Expand should be fixed to return an empty byte array instead of throwing an exception)
  • otherwise, all four methods should throw an exception saying that the OKM's length can't be zero.

Windows 10 x64 Pro, dotnet 5.0.0-preview.8.
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added area-System.Security untriaged New issue has not been triaged by the area owner labels Sep 14, 2020
@ghost
Copy link

ghost commented Sep 14, 2020

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley
See info in area-owners.md if you want to be subscribed.

@krwq krwq self-assigned this Sep 15, 2020
@krwq krwq removed the untriaged New issue has not been triaged by the area owner label Sep 15, 2020
@krwq krwq added this to the 5.0.0 milestone Sep 15, 2020
@krwq
Copy link
Member

krwq commented Sep 15, 2020

Marking this initially as 5.0 since this shipped this release and it would be a breaking change to go from no throw -> throw.

I don't feel strongly opinionated if we should throw or not. This operation with length 0 doesn't make much sense. Can't think of scenario where it would make sense to want zero length key. Perhaps we should always throw? @bartonjs any thoughts?

@bartonjs
Copy link
Member

Apparently there are two of these, this one for zero and the other for negative... and I answered on the other.

I don't see any way where zero makes sense; we should throw AOORE for any length < 1. (Yeah, we can make it be no-op/Array.Empty, but it's not providing value)

@jeffhandley
Copy link
Member

I did a preemptive bar check on this and determined it won't meet the bar for 5.0.0 (since there are workarounds); moving to 6.0.0. Thanks for reporting this, @andreimilto!

@jeffhandley jeffhandley modified the milestones: 5.0.0, 6.0.0 Sep 15, 2020
@andreimilto
Copy link
Author

I was happy to help, @jeffhandley!

@krwq krwq removed their assignment Sep 16, 2020
@krwq
Copy link
Member

krwq commented Sep 16, 2020

I unassigned myself from both bugs and will pick this up somewhere in 6.0 timeline

@vcsjones
Copy link
Member

@krwq This and the other one would make a good [up-for-grabs] and [easy] tags if you wouldn't mind someone from the community picking these up.

@krwq krwq added good first issue Issue should be easy to implement, good for first-time contributors help wanted [up-for-grabs] Good issue for external contributors labels Sep 17, 2020
@vcsjones vcsjones mentioned this issue Sep 17, 2020
Closed
@vcsjones
Copy link
Member

Note to anyone picking this up: it probably makes sense to fix #42229 in the same pull request.

@tonycimaglia
Copy link

@vcsjones I'll also take a look at this along with #42229

@tonycimaglia
Copy link

@bartonjs / @krwq could you assign this to me as well as #42229 ?

@krwq
Copy link
Member

krwq commented Sep 18, 2020

Thank you @tonycimaglia!

@ADustyOldMuffin
Copy link
Contributor

I'll also be picking this one up with #42229 Since there hasn't been any action in around 8 months

@ADustyOldMuffin ADustyOldMuffin mentioned this issue May 4, 2021
Closed
@ghost ghost added in-pr There is an active PR which will close this issue when it is merged and removed in-pr There is an active PR which will close this issue when it is merged labels May 4, 2021
@ADustyOldMuffin ADustyOldMuffin mentioned this issue May 4, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label May 4, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label May 5, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Jun 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ADustyOldMuffin ADustyOldMuffin

Labels
area-System.Security good first issue Issue should be easy to implement, good for first-time contributors help wanted [up-for-grabs] Good issue for external contributors
Projects
None yet
Milestone
6.0.0
8 participants
@vcsjones @krwq @jeffhandley @bartonjs @tonycimaglia @ADustyOldMuffin @Dotnet-GitSync-Bot @andreimilto