Fix imports with oversized source

- also improve marshalling

Author: dorssel

UnitTests/UnitTests/ImportTests.cs

@@ -140,6 +140,17 @@ public void ImportRfcPublicKey_WrongSize()
         });
     }
 
+    [TestMethod]
+    public void ImportRfcPublicKey_Oversized()
+    {
+        using var xmss = new Xmss();
+
+        var oversized = new ReadOnlySpan<byte>([..ExampleCertificate.RfcPublicKey.Span, 0]);
+
+        xmss.ImportRfcPublicKey(oversized, out var bytesRead);
+        Assert.AreEqual(ExampleCertificate.RfcPublicKey.Length, bytesRead);
+    }
+
     [TestMethod]
     public void ImportRfcPublicKey_AfterPrivateKey()
     {
@@ -189,6 +200,51 @@ public void ImportAsnPublicKey_Invalid()
         });
     }
 
+    [TestMethod]
+    public void ImportAsnPublicKey_OversizedAsn()
+    {
+        byte[] asn;
+        {
+            using var tmpXmss = new Xmss();
+            tmpXmss.ImportFromPem(ExampleCertificate.Pem);
+            asn = tmpXmss.ExportAsnPublicKey();
+        }
+
+        using var xmss = new Xmss();
+
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+
+        xmss.ImportAsnPublicKey([..asn, 0], out var bytesRead);
+
+        Assert.AreEqual(asn.Length, bytesRead);
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsTrue(xmss.HasPublicKey);
+    }
+
+    [TestMethod]
+    public void ImportAsnPublicKey_OversizedKey()
+    {
+        byte[] asn;
+        {
+
+            using var tmpXmss = new Xmss();
+            tmpXmss.ImportFromPem(ExampleCertificate.Pem);
+            asn = [..tmpXmss.ExportAsnPublicKey(), 0];
+        }
+
+        using var xmss = new Xmss();
+
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+
+        xmss.ImportAsnPublicKey(asn, out var bytesRead);
+
+        Assert.AreEqual(asn.Length, bytesRead);
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsTrue(xmss.HasPublicKey);
+    }
+
     [TestMethod]
     public void ImportSubjectPublicKeyInfo()
     {

Xmss/Xmss.cs

@@ -812,7 +812,7 @@ public bool Verify(Stream data, ReadOnlySpan<byte> signature)
                 var buffer = possiblyOversizedBuffer.AsSpan(0, 15 * 1088);
                 fixed (byte* signaturePtr = signature)
                 fixed (byte* bufferPtr = buffer)
-                fixed (XmssPublicKey* publicKeyPtr = &PublicKey)
+                fixed (XmssPublicKey* publicKeyPin = &PublicKey)
                 {
                     var result = UnsafeNativeMethods.xmss_verification_init(out var context, PublicKey, *(XmssSignature*)signaturePtr, (nuint)signature.Length);
                     if (result == XmssError.XMSS_ERR_INVALID_SIGNATURE)
@@ -860,7 +860,7 @@ public bool Verify(ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature)
         {
             fixed (byte* signaturePtr = signature)
             fixed (byte* dataPtr = data)
-            fixed (XmssPublicKey* publicKeyPtr = &PublicKey)
+            fixed (XmssPublicKey* publicKeyPin = &PublicKey)
             {
                 var result = UnsafeNativeMethods.xmss_verification_init(out var context, PublicKey, *(XmssSignature*)signaturePtr, (nuint)signature.Length);
                 if (result == XmssError.XMSS_ERR_INVALID_SIGNATURE)
@@ -957,14 +957,7 @@ public bool TryExportRfcPublicKey(Span<byte> destination, out int bytesWritten)
             bytesWritten = 0;
             return false;
         }
-        unsafe
-        {
-            fixed (XmssPublicKey* publicKeyPtr = &PublicKey)
-            fixed (byte* destinationPtr = destination)
-            {
-                Buffer.MemoryCopy(publicKeyPtr, destinationPtr, destination.Length, Defines.XMSS_PUBLIC_KEY_SIZE);
-            }
-        }
+        MemoryMarshal.Write(destination, PublicKey);
         bytesWritten = Defines.XMSS_PUBLIC_KEY_SIZE;
         return true;
     }
@@ -981,15 +974,7 @@ public bool TryExportAsnPublicKey(Span<byte> destination, out int bytesWritten)
         ThrowIfNoPublicKey();
 
         var asnWriter = new AsnWriter(AsnEncodingRules.DER);
-        {
-            unsafe
-            {
-                fixed (XmssPublicKey* publicKeyPtr = &PublicKey)
-                {
-                    asnWriter.WriteOctetString(new(publicKeyPtr, sizeof(XmssPublicKey)));
-                }
-            }
-        }
+        asnWriter.WriteOctetString(MemoryMarshal.Cast<XmssPublicKey, byte>(new(ref PublicKey)));
         return asnWriter.TryEncode(destination, out bytesWritten);
     }
 
@@ -1027,13 +1012,7 @@ public override bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out i
                 asnWriter.WriteObjectIdentifier(IdAlgXmssHashsig.Value!);
                 // PARAMS ARE absent
             }
-            unsafe
-            {
-                fixed (XmssPublicKey* publicKeyPtr = &PublicKey)
-                {
-                    asnWriter.WriteBitString(new(publicKeyPtr, sizeof(XmssPublicKey)));
-                }
-            }
+            asnWriter.WriteBitString(MemoryMarshal.Cast<XmssPublicKey, byte>(new(ref PublicKey)));
         }
         return asnWriter.TryEncode(destination, out bytesWritten);
     }
@@ -1061,17 +1040,15 @@ static void DecodeXmssPublicKey(ReadOnlySpan<byte> source, out XmssPublicKey pub
         {
             throw new CryptographicException($"Unsupported parameter set ({parameterSetOID}).");
         }
-        if (source.Length != Defines.XMSS_PUBLIC_KEY_SIZE)
+        if (source.Length < Defines.XMSS_PUBLIC_KEY_SIZE)
         {
-            throw new CryptographicException("Key value wrong size.");
+            throw new CryptographicException("Key value too short.");
         }
-        unsafe
+        if (exact && (source.Length != Defines.XMSS_PUBLIC_KEY_SIZE))
         {
-            fixed (XmssPublicKey* xmssPublicKeyPtr = &publicKey)
-            {
-                source[..sizeof(XmssPublicKey)].CopyTo(new Span<byte>(xmssPublicKeyPtr, Defines.XMSS_PUBLIC_KEY_SIZE));
-            }
+            throw new CryptographicException("Key value wrong size.");
         }
+        XmssException.ThrowFaultDetectedIf(!MemoryMarshal.TryRead(source, out publicKey));
         bytesRead = Defines.XMSS_PUBLIC_KEY_SIZE;
         parameterSet = (XmssParameterSet)parameterSetOID;
     }
@@ -1085,13 +1062,17 @@ static void DecodeAsnPublicKey(ReadOnlySpan<byte> source, out XmssPublicKey publ
         try
         {
             xmssPublicKeyData = AsnDecoder.ReadOctetString(source, AsnEncodingRules.BER, out bytesConsumed);
+            if (exact && (source.Length != bytesConsumed))
+            {
+                throw new CryptographicException("ASN.1 wrong size.");
+            }
         }
         catch (AsnContentException ex)
         {
             throw new CryptographicException("Invalid ASN.1 format.", ex);
         }
 
-        DecodeXmssPublicKey(xmssPublicKeyData, out publicKey, out parameterSet, out _, exact);
+        DecodeXmssPublicKey(xmssPublicKeyData, out publicKey, out parameterSet, out _, true);
         bytesRead = bytesConsumed;
     }