From f28261fc14da5f52b460c903e027aff187f9cf5f Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 30 Sep 2021 16:39:07 +0200 Subject: [PATCH] Remove output buffer limitation for PSA with GCM. The requirement of minimum 15 bytes for output buffer in psa_aead_finish() and psa_aead_verify() does not apply to the built-in implementation of the GCM. Alternative implementations are expected to verify the length of the provided output buffers and to return the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. Signed-off-by: Mateusz Starzyk --- ChangeLog.d/psa_gcm_buffer_limitation.txt | 11 +++++++++++ include/mbedtls/gcm.h | 2 ++ library/psa_crypto.c | 2 ++ library/psa_crypto_aead.c | 3 --- tests/suites/test_suite_psa_crypto.data | 2 +- 5 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/psa_gcm_buffer_limitation.txt diff --git a/ChangeLog.d/psa_gcm_buffer_limitation.txt b/ChangeLog.d/psa_gcm_buffer_limitation.txt new file mode 100644 index 000000000..7259e5068 --- /dev/null +++ b/ChangeLog.d/psa_gcm_buffer_limitation.txt @@ -0,0 +1,11 @@ +Bugfix + * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. + The requirement of minimum 15 bytes for output buffer in + psa_aead_finish() and psa_aead_verify() does not apply to the built-in + implementation of GCM. + +API changes + * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. + Alternative GCM implementations are expected to verify + the length of the provided output buffers and to return the + MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 9d9155fc5..a4de9191d 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -45,6 +45,8 @@ #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /** Bad input parameters to function. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 +/** An output buffer is too small. */ +#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0018 #ifdef __cplusplus extern "C" { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ece64b100..5978b6ac5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -201,6 +201,8 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_GCM_AUTH_FAILED: return( PSA_ERROR_INVALID_SIGNATURE ); + case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: + return( PSA_ERROR_BUFFER_TOO_SMALL ); case MBEDTLS_ERR_GCM_BAD_INPUT: return( PSA_ERROR_INVALID_ARGUMENT ); diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index a72865c04..673cdf344 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -567,9 +567,6 @@ psa_status_t mbedtls_psa_aead_finish( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - if( ciphertext_size < 15 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, ciphertext, ciphertext_size, ciphertext_length, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 063629e59..3a3e67821 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3348,7 +3348,7 @@ aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES