From 81bf7cdcdc0a871ef3a3a3f1430f17d0ca217b9d Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 23 May 2023 15:37:06 +0200
Subject: [PATCH] nts: initialize unused part of server key

Initialize the unused part of shorter server NTS keys (AES-128-GCM-SIV)
loaded from ntsdumpdir to avoid sending uninitialized data in requests
to the NTS-KE helper process.

Do that also for newly generated keys in case the memory will be
allocated dynamically.

Fixes: b1230efac333 ("nts: add support for encrypting cookies with AES-128-GCM-SIV")
---
 nts_ke_server.c           |  2 ++
 test/unit/nts_ke_server.c | 10 +++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/nts_ke_server.c b/nts_ke_server.c
index 6c60a5b..67cc3d4 100644
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -512,6 +512,7 @@ generate_key(int index)
     assert(0);
 
   UTI_GetRandomBytesUrandom(key->key, key_length);
+  memset(key->key + key_length, 0, sizeof (key->key) - key_length);
   UTI_GetRandomBytes(&key->id, sizeof (key->id));
 
   /* Encode the index in the lowest bits of the ID */
@@ -628,6 +629,7 @@ load_keys(void)
         key_length <= 0 ||
         UTI_HexToBytes(words[1], new_keys[i].key, sizeof (new_keys[i].key)) != key_length)
       goto error;
+    memset(new_keys[i].key + key_length, 0, sizeof (new_keys[i].key) - key_length);
   }
 
   if (i < MAX_SERVER_KEYS)
diff --git a/test/unit/nts_ke_server.c b/test/unit/nts_ke_server.c
index 01156c1..3d2f295 100644
--- a/test/unit/nts_ke_server.c
+++ b/test/unit/nts_ke_server.c
@@ -139,7 +139,7 @@ test_unit(void)
   NKSN_Instance session;
   NKE_Context context, context2;
   NKE_Cookie cookie;
-  int i, valid, l;
+  int i, j, valid, l;
   uint32_t sum, sum2;
 
   char conf[][100] = {
@@ -200,7 +200,9 @@ test_unit(void)
   save_keys();
 
   for (i = 0, sum = 0; i < MAX_SERVER_KEYS; i++) {
-    sum += server_keys[i].id + server_keys[i].key[0];
+    sum += server_keys[i].id;
+    for (j = 0; j < sizeof (server_keys[i].key); j++)
+      sum += server_keys[i].key[j];
     generate_key(i);
   }
 
@@ -208,7 +210,9 @@ test_unit(void)
   TEST_CHECK(unlink("ntskeys") == 0);
 
   for (i = 0, sum2 = 0; i < MAX_SERVER_KEYS; i++) {
-    sum2 += server_keys[i].id + server_keys[i].key[0];
+    sum2 += server_keys[i].id;
+    for (j = 0; j < sizeof (server_keys[i].key); j++)
+      sum2 += server_keys[i].key[j];
   }
 
   TEST_CHECK(sum == sum2);