From 358e0ea464881cbffc6322942803ff2a7d7e9d23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 17 Nov 2021 14:03:08 +0100 Subject: [PATCH] Indicate nonce sizes invalid for ChaCha20-Poly1305 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- .../chacha20-poly1305-invalid-nonce.txt | 3 +++ library/psa_crypto_aead.c | 22 +++++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 4 ++-- 3 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/chacha20-poly1305-invalid-nonce.txt diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt new file mode 100644 index 000000000..ca3f9acee --- /dev/null +++ b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt @@ -0,0 +1,3 @@ +Changes + * Indicate in the error returned if the nonce length used with + ChaCha20-Poly1305 is invalid, and not just unsupported. diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 356679c38..99f2e4d3a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -224,7 +224,16 @@ psa_status_t mbedtls_psa_aead_encrypt( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( nonce_length != 12 ) + { + if( nonce_length == 8 ) + status = PSA_ERROR_NOT_SUPPORTED; + else + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -331,7 +340,16 @@ psa_status_t mbedtls_psa_aead_decrypt( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( nonce_length != 12 ) + { + if( nonce_length == 8 ) + status = PSA_ERROR_NOT_SUPPORTED; + else + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 332845b12..87b271f33 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2413,11 +2413,11 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C