yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix PSA AEAD GCM's update output buffer length verification.

Browse source 
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk 2021-10-04 13:46:38 +02:00
parent f28261fc14
commit c48f43b44d
6 changed files with 37 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog.d/psa_gcm_buffer_limitation.txt
View file

@ -3,6 +3,11 @@ Bugfix
The requirement of minimum 15 bytes for output buffer in The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply to the built-in psa_aead_finish() and psa_aead_verify() does not apply to the built-in
implementation of GCM. implementation of GCM.
* Move GCM's update output buffer length verification from PSA AEAD to
the built-in implementation of the GCM.
The requirement for output buffer size to be equal or greater then
input buffer size is valid only for the built-in implementation of GCM.
Alternative GCM implementations can process whole blocks only.
API changes API changes
* New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.

2
library/gcm.c
View file

@ -431,7 +431,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
unsigned char ectr[16]; unsigned char ectr[16];
if( output_size < input_length ) if( output_size < input_length )
return( MBEDTLS_ERR_GCM_BAD_INPUT ); return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
GCM_VALIDATE_RET( output_length != NULL ); GCM_VALIDATE_RET( output_length != NULL );
*output_length = input_length; *output_length = input_length;

3
library/psa_crypto_aead.c
View file

@ -510,9 +510,6 @@ psa_status_t mbedtls_psa_aead_update(
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
if( operation->alg == PSA_ALG_GCM ) if( operation->alg == PSA_ALG_GCM )
{ {
if( output_size < input_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_gcm_update( &operation->ctx.gcm, mbedtls_gcm_update( &operation->ctx.gcm,
input, input_length, input, input_length,

4
tests/suites/test_suite_gcm.aes128_de.data
View file

@ -726,6 +726,10 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b"
AES-GCM Selftest AES-GCM Selftest
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
gcm_selftest: gcm_selftest:

3
tests/suites/test_suite_gcm.aes128_en.data
View file

@ -726,6 +726,9 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0
gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"ce0f8cfe9d64c4f4c045d11b97c2d918":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"ad4c3627a494fc628316dc03faf81db8"
AES-GCM Selftest AES-GCM Selftest
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
gcm_selftest: gcm_selftest:

24
tests/suites/test_suite_gcm.function
View file

@ -431,6 +431,30 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void gcm_update_output_buffer_too_small( int cipher_id, int mode,
data_t * key_str, const data_t *input,
const data_t *iv )
{
mbedtls_gcm_context ctx;
uint8_t *output = NULL;
size_t olen;
size_t output_len = input->len - 1;
mbedtls_gcm_init( &ctx );
TEST_EQUAL( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_gcm_starts( &ctx, mode, iv->x, iv->len ) );
ASSERT_ALLOC( output, output_len );
olen = 0xdeadbeef;
TEST_EQUAL( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update( &ctx, input->x, input->len, output, output_len, &olen ) );
exit:
mbedtls_free( output );
mbedtls_gcm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void gcm_selftest( ) void gcm_selftest( )
{ {