commit f881601c912b608a7fa62c100b2d0aa7352996ee
author Andrzej Kurek <Andrzej.Kurek@arm.com> Sun Dec 19 17:00:12 2021 +0100
committer Andrzej Kurek <andrzej.kurek@arm.com> Thu Jan 20 07:40:12 2022 -0500
tree a51395ee86c9d03d1448acb69b698c41a4f77f2d
parent d2da19b8eb60b75962f45c38e0b8222d917696f6

Detect invalid tag lengths in psa_aead_setup

Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e021f8a..642fc13 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3829,6 +3829,47 @@
     return( status );
 }
 
+static psa_status_t psa_validate_tag_length( psa_aead_operation_t *operation,
+                                             psa_algorithm_t alg ) {
+    uint8_t tag_len = 0;
+    if( psa_driver_get_tag_len( operation, &tag_len ) != PSA_SUCCESS )
+    {
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
+    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
+    {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+            /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/
+            if( tag_len < 4 || tag_len > 16 || tag_len % 2 )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+            /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */
+            if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+            /* We only support the default tag length. */
+            if( tag_len != 16 )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+        default:
+            (void) tag_len;
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+    return( PSA_SUCCESS );
+}
+
 /* Set the key for a multipart authenticated operation. */
 static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
                                     int is_encrypt,
@@ -3886,6 +3927,9 @@
     if( status != PSA_SUCCESS )
         goto exit;
 
+    if( ( status = psa_validate_tag_length( operation, alg ) ) != PSA_SUCCESS )
+        goto exit;
+
     operation->key_type = psa_get_key_type( &attributes );
 
 exit: