From 5375fd9a3ff67333e0b0a8c187a7d151f4cfa12f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 2 Dec 2021 09:29:49 +0100 Subject: [PATCH] Return an error for IV lengths other than 12 with ChaCha20 The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek --- library/cipher.c | 6 +++ tests/suites/test_suite_cipher.chacha20.data | 20 +++++++ tests/suites/test_suite_cipher.function | 57 +++++++++++++++++--- 3 files changed, 77 insertions(+), 6 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index d51ccd77f..4a4a3e40b 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -386,6 +386,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CHACHA20_C) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) { + /* Even though the actual_iv_size is overwritten with a correct value + * of 12 from the cipher info, return an error to indicate that + * the input iv_len is wrong. */ + if( iv_len != 12 ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, iv, 0U ) ) /* Initial counter value */ diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data index 11de1038a..117fce339 100644 --- a/tests/suites/test_suite_cipher.chacha20.data +++ b/tests/suites/test_suite_cipher.chacha20.data @@ -109,3 +109,23 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:6:16:-1:6:16:6:16 ChaCha20 Encrypt and decrypt 32 bytes in multiple parts depends_on:MBEDTLS_CHACHA20_C enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16 + +ChaCha20 IV Length 0 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 11 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 12 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":12:0 + +ChaCha20 IV Length 13 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + +ChaCha20 IV Length 16 +depends_on:MBEDTLS_CHACHA20_C +check_iv:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 76e474f21..73e548de5 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -702,7 +702,7 @@ exit: void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, int length_val, int pad_mode ) { - size_t length = length_val, outlen, total_len, i, block_size; + size_t length = length_val, outlen, total_len, i, block_size, iv_len; unsigned char key[64]; unsigned char iv[16]; unsigned char ad[13]; @@ -758,8 +758,13 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, memset( decbuf, 0, sizeof( decbuf ) ); memset( tag, 0, sizeof( tag ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) ); + if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) + iv_len = 12; + else + iv_len = sizeof(iv); + + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); @@ -953,7 +958,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, size_t first_length = first_length_val; size_t second_length = second_length_val; size_t length = first_length + second_length; - size_t block_size; + size_t block_size, iv_len; unsigned char key[32]; unsigned char iv[16]; @@ -998,8 +1003,13 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, (void) pad_mode; #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) ); + if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) + iv_len = 12; + else + iv_len = sizeof(iv); + + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); @@ -1578,3 +1588,38 @@ void check_padding( int pad_mode, data_t * input, int ret, int dlen_check TEST_ASSERT( dlen == (size_t) dlen_check ); } /* END_CASE */ + +/* BEGIN_CASE */ +void check_iv( int cipher_id, char * cipher_string, + int iv_len_val, int ret ) +{ + size_t iv_len = iv_len_val; + unsigned char iv[16]; + + const mbedtls_cipher_info_t *cipher_info; + mbedtls_cipher_context_t ctx_dec; + mbedtls_cipher_context_t ctx_enc; + + /* + * Prepare contexts + */ + mbedtls_cipher_init( &ctx_dec ); + mbedtls_cipher_init( &ctx_enc ); + + /* Check and get info structures */ + cipher_info = mbedtls_cipher_info_from_type( cipher_id ); + TEST_ASSERT( NULL != cipher_info ); + TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); + + /* Initialise enc and dec contexts */ + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); + + TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); + +exit: + mbedtls_cipher_free( &ctx_dec ); + mbedtls_cipher_free( &ctx_enc ); +} +/* END_CASE */