yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5272 from bensze01/psa_aead_setup_error

Browse source 
PSA: Return the same error in multipart and single shot AEAD operations
This commit is contained in:
Gilles Peskine 2022-01-13 21:16:20 +01:00 committed by GitHub
commit 6bfe4e263b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/psa_aead_singleshot_error.txt Normal file
View file

@ -0,0 +1,4 @@
Changes
* Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to singleshot
AEAD functions is not an AEAD algorithm. This aligns them with the
multipart functions, and the PSA Crypto API 1.1 spec.

24
library/psa_crypto.c
View file

@ -3719,6 +3719,14 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
} }
static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
{
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
return( PSA_SUCCESS );
}
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *nonce, const uint8_t *nonce,
@ -3736,8 +3744,9 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
*ciphertext_length = 0; *ciphertext_length = 0;
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) status = psa_aead_check_algorithm( alg );
return( PSA_ERROR_NOT_SUPPORTED ); if( status != PSA_SUCCESS )
return( status );
status = psa_get_and_lock_key_slot_with_policy( status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@ -3786,8 +3795,9 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
*plaintext_length = 0; *plaintext_length = 0;
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) status = psa_aead_check_algorithm( alg );
return( PSA_ERROR_NOT_SUPPORTED ); if( status != PSA_SUCCESS )
return( status );
status = psa_get_and_lock_key_slot_with_policy( status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@ -3830,11 +3840,9 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0; psa_key_usage_t key_usage = 0;
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) status = psa_aead_check_algorithm( alg );
{ if( status != PSA_SUCCESS )
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
}
if( operation->id != 0 ) if( operation->id != 0 )
{ {

2
tests/scripts/test_psa_compliance.py
View file

@ -47,7 +47,7 @@ EXPECTED_FAILURES = {
# #
# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3 # Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
PSA_ARCH_TESTS_REF = 'fix-multipart-aead' PSA_ARCH_TESTS_REF = 'fix-pr-5272'
#pylint: disable=too-many-branches,too-many-statements #pylint: disable=too-many-branches,too-many-statements
def main(): def main():

6
tests/suites/test_suite_psa_crypto.data
View file

@ -842,7 +842,7 @@ aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_
PSA key policy: AEAD, min-length policy used as algorithm PSA key policy: AEAD, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_SUPPORTED aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: AEAD, tag length > exact-length policy PSA key policy: AEAD, tag length > exact-length policy
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@ -2829,11 +2829,11 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495
PSA AEAD encrypt/decrypt: invalid algorithm (CTR) PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
depends_on:MBEDTLS_CHACHA20_C depends_on:MBEDTLS_CHACHA20_C
aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set) PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES