Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
new file mode 100644
index 0000000..ca3f9ac
--- /dev/null
+++ b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
@@ -0,0 +1,3 @@
+Changes
+ * Indicate in the error returned if the nonce length used with
+ ChaCha20-Poly1305 is invalid, and not just unsupported.
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 356679c..99f2e4d 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -224,7 +224,16 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
{
- if( nonce_length != 12 || operation.tag_length != 16 )
+ if( nonce_length != 12 )
+ {
+ if( nonce_length == 8 )
+ status = PSA_ERROR_NOT_SUPPORTED;
+ else
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if( operation.tag_length != 16 )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
@@ -331,7 +340,16 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
{
- if( nonce_length != 12 || operation.tag_length != 16 )
+ if( nonce_length != 12 )
+ {
+ if( nonce_length == 8 )
+ status = PSA_ERROR_NOT_SUPPORTED;
+ else
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if( operation.tag_length != 16 )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 332845b..87b271f 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2413,11 +2413,11 @@
PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short)
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long)
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C