Return an error for IV lengths other than 12 with ChaCha20

The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2021-12-01 21:58:05 +01:00
parent ce8a6173f7
commit 33ca6af8a3
3 changed files with 67 additions and 0 deletions

View file

@ -386,6 +386,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CHACHA20_C) #if defined(MBEDTLS_CHACHA20_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
{ {
/* Even though the actual_iv_size is overwritten with a correct value
* of 12 from the cipher info, return an error to indicate that
* the input iv_len is wrong. */
if( iv_len != 12 )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
iv, iv,
0U ) ) /* Initial counter value */ 0U ) ) /* Initial counter value */

View file

@ -109,3 +109,23 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:6:16:-1:6:16:6:16
ChaCha20 Encrypt and decrypt 32 bytes in multiple parts ChaCha20 Encrypt and decrypt 32 bytes in multiple parts
depends_on:MBEDTLS_CHACHA20_C depends_on:MBEDTLS_CHACHA20_C
enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16
ChaCha20 IV Length 0
depends_on:MBEDTLS_CHACHA20_C
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
ChaCha20 IV Length 11
depends_on:MBEDTLS_CHACHA20_C
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
ChaCha20 IV Length 12
depends_on:MBEDTLS_CHACHA20_C
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":12:0
ChaCha20 IV Length 13
depends_on:MBEDTLS_CHACHA20_C
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
ChaCha20 IV Length 16
depends_on:MBEDTLS_CHACHA20_C
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA

View file

@ -442,6 +442,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
iv_len = 12;
else else
iv_len = sizeof(iv); iv_len = sizeof(iv);
@ -689,6 +691,8 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
iv_len = 12;
else else
iv_len = sizeof(iv); iv_len = sizeof(iv);
@ -1130,3 +1134,40 @@ void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
TEST_ASSERT( dlen == (size_t) dlen_check ); TEST_ASSERT( dlen == (size_t) dlen_check );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void check_iv( int cipher_id, char * cipher_string,
int iv_len_val, int ret )
{
size_t iv_len = iv_len_val;
unsigned char iv[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx_dec;
mbedtls_cipher_context_t ctx_enc;
/*
* Prepare contexts
*/
mbedtls_cipher_init( &ctx_dec );
mbedtls_cipher_init( &ctx_enc );
/* Check and get info structures */
cipher_info = mbedtls_cipher_info_from_type( cipher_id );
TEST_ASSERT( NULL != cipher_info );
TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
cipher_string ) == 0 );
/* Initialise enc and dec contexts */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
exit:
mbedtls_cipher_free( &ctx_dec );
mbedtls_cipher_free( &ctx_enc );
}
/* END_CASE */