Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
ce8a6173f7
commit
33ca6af8a3
3 changed files with 67 additions and 0 deletions
|
@ -386,6 +386,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||||
#if defined(MBEDTLS_CHACHA20_C)
|
#if defined(MBEDTLS_CHACHA20_C)
|
||||||
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
|
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
|
||||||
{
|
{
|
||||||
|
/* Even though the actual_iv_size is overwritten with a correct value
|
||||||
|
* of 12 from the cipher info, return an error to indicate that
|
||||||
|
* the input iv_len is wrong. */
|
||||||
|
if( iv_len != 12 )
|
||||||
|
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
|
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
|
||||||
iv,
|
iv,
|
||||||
0U ) ) /* Initial counter value */
|
0U ) ) /* Initial counter value */
|
||||||
|
|
|
@ -109,3 +109,23 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:6:16:-1:6:16:6:16
|
||||||
ChaCha20 Encrypt and decrypt 32 bytes in multiple parts
|
ChaCha20 Encrypt and decrypt 32 bytes in multiple parts
|
||||||
depends_on:MBEDTLS_CHACHA20_C
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16
|
enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16
|
||||||
|
|
||||||
|
ChaCha20 IV Length 0
|
||||||
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
ChaCha20 IV Length 11
|
||||||
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
ChaCha20 IV Length 12
|
||||||
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":12:0
|
||||||
|
|
||||||
|
ChaCha20 IV Length 13
|
||||||
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
ChaCha20 IV Length 16
|
||||||
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||||
|
|
|
@ -442,6 +442,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
|
||||||
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
|
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
|
||||||
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
|
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
|
||||||
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
|
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
|
||||||
|
else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
|
||||||
|
iv_len = 12;
|
||||||
else
|
else
|
||||||
iv_len = sizeof(iv);
|
iv_len = sizeof(iv);
|
||||||
|
|
||||||
|
@ -689,6 +691,8 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
|
||||||
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
|
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
|
||||||
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
|
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
|
||||||
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
|
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
|
||||||
|
else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
|
||||||
|
iv_len = 12;
|
||||||
else
|
else
|
||||||
iv_len = sizeof(iv);
|
iv_len = sizeof(iv);
|
||||||
|
|
||||||
|
@ -1130,3 +1134,40 @@ void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
|
||||||
TEST_ASSERT( dlen == (size_t) dlen_check );
|
TEST_ASSERT( dlen == (size_t) dlen_check );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void check_iv( int cipher_id, char * cipher_string,
|
||||||
|
int iv_len_val, int ret )
|
||||||
|
{
|
||||||
|
size_t iv_len = iv_len_val;
|
||||||
|
unsigned char iv[16];
|
||||||
|
|
||||||
|
const mbedtls_cipher_info_t *cipher_info;
|
||||||
|
mbedtls_cipher_context_t ctx_dec;
|
||||||
|
mbedtls_cipher_context_t ctx_enc;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Prepare contexts
|
||||||
|
*/
|
||||||
|
mbedtls_cipher_init( &ctx_dec );
|
||||||
|
mbedtls_cipher_init( &ctx_enc );
|
||||||
|
|
||||||
|
/* Check and get info structures */
|
||||||
|
cipher_info = mbedtls_cipher_info_from_type( cipher_id );
|
||||||
|
TEST_ASSERT( NULL != cipher_info );
|
||||||
|
TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
|
||||||
|
TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
|
||||||
|
cipher_string ) == 0 );
|
||||||
|
|
||||||
|
/* Initialise enc and dec contexts */
|
||||||
|
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
|
||||||
|
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
|
||||||
|
|
||||||
|
TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
|
||||||
|
TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_cipher_free( &ctx_dec );
|
||||||
|
mbedtls_cipher_free( &ctx_enc );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
Loading…
Reference in a new issue