Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

psa_cipher_decrypt with CCM* rejects very short messages #9314

Closed
gilles-peskine-arm opened this issue Jun 26, 2024 · 0 comments · Fixed by #9315
Closed

psa_cipher_decrypt with CCM* rejects very short messages #9314

gilles-peskine-arm opened this issue Jun 26, 2024 · 0 comments · Fixed by #9315
Assignees
@gilles-peskine-arm
Labels
bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most)

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Jun 26, 2024
edited
Loading

psa_cipher_decrypt takes an input which is the IV concatenated with the ciphertext proper. It validates that the input is at least as large as the IV. This validation is wrong for PSA_ALG_CCM_STAR_NO_TAG: the length enforcement is for 16 bytes but the IV length is actually 13. As a consequence, psa_cipher_decrypt incorrectly returns PSA_ERROR_INVALID_ARGUMENT when the message is 3 bytes or less.

Workaround: the multipart interface works fine.

Found by Cryptofuzz.
@gilles-peskine-arm gilles-peskine-arm added bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most) labels Jun 26, 2024
@gilles-peskine-arm gilles-peskine-arm self-assigned this Jun 26, 2024
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Jun 26, 2024
@gilles-peskine-arm
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
7b6ddfc 
Credit to Cryptofuzz. Fixes Mbed-TLS#9314.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Jun 26, 2024
Merged
4 tasks
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Jul 3, 2024
@gilles-peskine-arm
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
b47c3b3 
Credit to Cryptofuzz. Fixes Mbed-TLS#9314.

Signed-off-by: Gilles Peskine <[email protected]>
sezrab pushed a commit to sezrab/mbedtls-fork that referenced this issue Jul 31, 2024
@gilles-peskine-arm @sezrab
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
43cd7ae 
Credit to Cryptofuzz. Fixes Mbed-TLS#9314.

Signed-off-by: Gilles Peskine <[email protected]>
sezrab pushed a commit to sezrab/mbedtls-fork that referenced this issue Jul 31, 2024
@gilles-peskine-arm @sezrab
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
c0a198d 
Credit to Cryptofuzz. Fixes Mbed-TLS#9314.

Signed-off-by: Gilles Peskine <[email protected]>
@minosgalanakis minosgalanakis moved this to 3.6.1 patch release in Mbed TLS Epics Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gilles-peskine-arm gilles-peskine-arm

Labels
bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most)
Projects
Mbed TLS Epics
Status: 3.6.1 patch release
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes gilles-peskine-arm/mbedtls
1 participant
@gilles-peskine-arm