Merge pull request #5072 from mprse/issue_5065

Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
This commit is contained in:
Gilles Peskine 2021-10-18 17:51:50 +02:00 committed by GitHub
commit bf21c07923
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 65 additions and 48 deletions

View file

@ -0,0 +1,3 @@
Bugfix
* Fix compile-time or run-time errors in PSA
AEAD functions when ChachaPoly is disabled. Fixes #5065.

View file

@ -3621,34 +3621,35 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
{
psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
#if defined(PSA_WANT_ALG_GCM)
if( base_alg == PSA_ALG_GCM )
switch(base_alg)
{
/* Not checking max nonce size here as GCM spec allows almost
* arbitrarily large nonces. Please note that we do not generally
* recommend the usage of nonces of greater length than
* PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
* size, which can then lead to collisions if you encrypt a very
* large number of messages.*/
if( nonce_length != 0 )
return( PSA_SUCCESS );
}
#if defined(PSA_WANT_ALG_GCM)
case PSA_ALG_GCM:
/* Not checking max nonce size here as GCM spec allows almost
* arbitrarily large nonces. Please note that we do not generally
* recommend the usage of nonces of greater length than
* PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
* size, which can then lead to collisions if you encrypt a very
* large number of messages.*/
if( nonce_length != 0 )
return( PSA_SUCCESS );
break;
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM)
if( base_alg == PSA_ALG_CCM )
{
if( nonce_length >= 7 && nonce_length <= 13 )
return( PSA_SUCCESS );
}
else
case PSA_ALG_CCM:
if( nonce_length >= 7 && nonce_length <= 13 )
return( PSA_SUCCESS );
break;
#endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
{
if( nonce_length == 12 )
return( PSA_SUCCESS );
}
case PSA_ALG_CHACHA20_POLY1305:
if( nonce_length == 12 )
return( PSA_SUCCESS );
break;
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
break;
}
return( PSA_ERROR_NOT_SUPPORTED );
}
@ -3950,40 +3951,40 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
goto exit;
}
#if defined(PSA_WANT_ALG_GCM)
if( operation->alg == PSA_ALG_GCM )
switch(operation->alg)
{
/* Lengths can only be too large for GCM if size_t is bigger than 32
* bits. Without the guard this code will generate warnings on 32bit
* builds. */
#if defined(PSA_WANT_ALG_GCM)
case PSA_ALG_GCM:
/* Lengths can only be too large for GCM if size_t is bigger than 32
* bits. Without the guard this code will generate warnings on 32bit
* builds. */
#if SIZE_MAX > UINT32_MAX
if( (( uint64_t ) ad_length ) >> 61 != 0 ||
(( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
if( (( uint64_t ) ad_length ) >> 61 != 0 ||
(( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
#endif
}
else
break;
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM)
if( operation->alg == PSA_ALG_CCM )
{
if( ad_length > 0xFF00 )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
}
else
case PSA_ALG_CCM:
if( ad_length > 0xFF00 )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
break;
#endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{
/* No length restrictions for ChaChaPoly. */
}
case PSA_ALG_CHACHA20_POLY1305:
/* No length restrictions for ChaChaPoly. */
break;
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
break;
}
status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
plaintext_length );

View file

@ -1596,6 +1596,19 @@ component_test_psa_crypto_config_no_driver() {
make test
}
component_test_psa_crypto_config_chachapoly_disabled() {
# full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
make test
}
# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
component_build_psa_accel_alg_ecdsa() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA