From 357b78e42c2e5ce6cd3f56e3aac2bd58669ac814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 Nov 2021 13:17:17 +0100 Subject: [PATCH 1/2] Indicate if we know that a nonce length is invalid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This restores the behaviour found in the previously released versions and development_2.x. Signed-off-by: Bence Szépkúti --- library/psa_crypto.c | 6 +++--- tests/scripts/test_psa_compliance.py | 5 ----- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7591b6bb1..4677ea9e4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3658,13 +3658,13 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, case PSA_ALG_CHACHA20_POLY1305: if( nonce_length == 12 ) return( PSA_SUCCESS ); - break; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ default: - break; + return( PSA_ERROR_NOT_SUPPORTED ); } - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_INVALID_ARGUMENT ); } psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 11b0c6a43..ea52c93eb 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -33,11 +33,6 @@ import sys # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx EXPECTED_FAILURES = { - # psa_aead_[encrypt/decrypt]() returns PSA_ERROR_NOT_SUPPORTED instead of - # PSA_ERROR_INVALID_ARGUMENT when called with an invalid nonce. - # - Tracked in issue #5144 - 224, 225, - # Multipart CCM is not supported. # - Tracked in issue #3721 252, 253, 254, 255, 256, 257, 258, 259, 261, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9060159f5..0904f630a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2537,19 +2537,19 @@ aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WI PSA AEAD decrypt: AES-CCM, invalid nonce length 6 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: AES-CCM, invalid nonce length 14 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES @@ -2705,11 +2705,11 @@ aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WI PSA AEAD decrypt: AES-GCM, nonce=0 (bad) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES From 6d48e20d4ba04e641e71b9181e7d694383aba873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 15 Nov 2021 20:04:15 +0100 Subject: [PATCH 2/2] Indicate nonce sizes invalid for ChaCha20-Poly1305 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- ChangeLog.d/chacha20-poly1305-invalid-nonce.txt | 3 +++ library/psa_crypto.c | 4 +++- tests/suites/test_suite_psa_crypto.data | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/chacha20-poly1305-invalid-nonce.txt diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt new file mode 100644 index 000000000..ca3f9acee --- /dev/null +++ b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt @@ -0,0 +1,3 @@ +Changes + * Indicate in the error returned if the nonce length used with + ChaCha20-Poly1305 is invalid, and not just unsupported. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4677ea9e4..0a04ba106 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3658,7 +3658,9 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, case PSA_ALG_CHACHA20_POLY1305: if( nonce_length == 12 ) return( PSA_SUCCESS ); - return( PSA_ERROR_NOT_SUPPORTED ); + else if( nonce_length == 8 ) + return( PSA_ERROR_NOT_SUPPORTED ); + break; #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ default: return( PSA_ERROR_NOT_SUPPORTED ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0904f630a..2c5537f39 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2821,11 +2821,11 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C