From 33ca6af8a3bd770cb454793b9f6fc52e5d43bb21 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 1 Dec 2021 21:58:05 +0100 Subject: [PATCH] Return an error for IV lengths other than 12 with ChaCha20 The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek --- library/cipher.c | 6 +++ tests/suites/test_suite_cipher.chacha20.data | 20 ++++++++++ tests/suites/test_suite_cipher.function | 41 ++++++++++++++++++++ 3 files changed, 67 insertions(+) diff --git a/library/cipher.c b/library/cipher.c index 03e84c6c8..39c105cfb 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -386,6 +386,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CHACHA20_C) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) { + /* Even though the actual_iv_size is overwritten with a correct value + * of 12 from the cipher info, return an error to indicate that + * the input iv_len is wrong. */ + if( iv_len != 12 ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, iv, 0U ) ) /* Initial counter value */ diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data index 11de1038a..117fce339 100644 --- a/tests/suites/test_suite_cipher.chacha20.data +++ b/tests/suites/test_suite_cipher.chacha20.data @@ -109,3 +109,23 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:6:16:-1:6:16:6:16 ChaCha20 Encrypt and decrypt 32 bytes in multiple parts depends_on:MBEDTLS_CHACHA20_C enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16 + +ChaCha20 IV Length 0 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 11 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 12 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":12:0 + +ChaCha20 IV Length 13 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 16 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index fd2985b5e..c837a69bd 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -442,6 +442,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ + else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) + iv_len = 12; else iv_len = sizeof(iv); @@ -689,6 +691,8 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ + else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) + iv_len = 12; else iv_len = sizeof(iv); @@ -1130,3 +1134,40 @@ void check_padding( int pad_mode, data_t * input, int ret, int dlen_check TEST_ASSERT( dlen == (size_t) dlen_check ); } /* END_CASE */ + +/* BEGIN_CASE */ +void check_iv( int cipher_id, char * cipher_string, + int iv_len_val, int ret ) +{ + size_t iv_len = iv_len_val; + unsigned char iv[16]; + + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx_dec; + mbedtls_cipher_context_t ctx_enc; + + /* + * Prepare contexts + */ + mbedtls_cipher_init( &ctx_dec ); + mbedtls_cipher_init( &ctx_enc ); + + /* Check and get info structures */ + cipher_info = mbedtls_cipher_info_from_type( cipher_id ); + TEST_ASSERT( NULL != cipher_info ); + TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); + TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ), + cipher_string ) == 0 ); + + /* Initialise enc and dec contexts */ + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); + + TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); + +exit: + mbedtls_cipher_free( &ctx_dec ); + mbedtls_cipher_free( &ctx_enc ); +} +/* END_CASE */