cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-14 01:25:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add common nonce checking to oneshot encrypt

Browse Source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-07-16 17:00:26 +01:00
parent a561444561
commit 96b0173cec
1 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
library/psa_crypto_aead.c
View File

@ -136,6 +136,22 @@ static psa_status_t psa_aead_setup(
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
/* Perform common nonce length checks */
static psa_status_t mbedtls_aead_check_nonce_length(
mbedtls_psa_aead_operation_t *operation,
size_t nonce_length )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{
if( nonce_length != 12 )
return( PSA_ERROR_NOT_SUPPORTED );
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_aead_encrypt( psa_status_t mbedtls_psa_aead_encrypt(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size, const uint8_t *key_buffer, size_t key_buffer_size,
@ -164,6 +180,13 @@ psa_status_t mbedtls_psa_aead_encrypt(
} }
tag = ciphertext + plaintext_length; tag = ciphertext + plaintext_length;
if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
!= PSA_SUCCESS )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
if( operation.alg == PSA_ALG_CCM ) if( operation.alg == PSA_ALG_CCM )
{ {
@ -195,7 +218,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
{ {
if( nonce_length != 12 || operation.tag_length != 16 ) if( operation.tag_length != 16 )
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -247,21 +270,6 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
static psa_status_t mbedtls_aead_check_nonce_length(
mbedtls_psa_aead_operation_t *operation,
size_t nonce_length )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{
if( nonce_length != 12 )
return( PSA_ERROR_NOT_SUPPORTED );
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
return PSA_SUCCESS;
}
psa_status_t mbedtls_psa_aead_decrypt( psa_status_t mbedtls_psa_aead_decrypt(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size, const uint8_t *key_buffer, size_t key_buffer_size,