TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / baff51c8b7d0e6d9e023fa4f0cea4410fc08f719^! / .
commitbaff51c8b7d0e6d9e023fa4f0cea4410fc08f719[log] [tgz]
authorPaul Elliott <paul.elliott@arm.com>Tue Sep 28 17:44:45 2021 +0100
committerPaul Elliott <paul.elliott@arm.com>Tue Sep 28 17:47:24 2021 +0100
treebacf8d214ddf46dec9a20ca74c6b2c25a0ee590c
parent814f0c5fb1e8c47aa7e27c8216e98a6393a8c56e [diff]
Make sure nonce length checks use base algorithm

Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 42abdf5..395a697 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3609,12 +3609,20 @@
 /* AEAD */
 /****************************************************************/
 
-/* Helper to perform common nonce length checks. */
+/* Helper function to get the base algorithm from its variants. */
+static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
+{
+    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
+}
+
+/* Helper function to perform common nonce length checks. */
 static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
                                                  size_t nonce_length )
 {
+    psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( alg == PSA_ALG_GCM )
+    if( base_alg == PSA_ALG_GCM )
     {
         /* Not checking max nonce size here as GCM spec allows almost
          * arbitrarily large nonces. Please note that we do not generally
@@ -3627,7 +3635,7 @@
     }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( alg == PSA_ALG_CCM )
+    if( base_alg == PSA_ALG_CCM )
     {
         if( nonce_length < 7 || nonce_length > 13 )
             return( PSA_ERROR_NOT_SUPPORTED );
@@ -3635,11 +3643,11 @@
     else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        if( alg == PSA_ALG_CHACHA20_POLY1305 )
-        {
-            if( nonce_length != 12 )
-                return( PSA_ERROR_NOT_SUPPORTED );
-        }
+    if( base_alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 )
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
     return PSA_SUCCESS;
@@ -3745,12 +3753,6 @@
     return( status );
 }
 
-/* Helper function to get the base algorithm from its variants. */
-static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
-{
-    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
-}
-
 /* Set the key for a multipart authenticated operation. */
 static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
                                     int is_encrypt,