Skip to content

Commit

Permalink
Enable CCM encrypt/decrypt for 0 byte plaintext (project-chip#9973)
Browse files Browse the repository at this point in the history 
* Enable CCM encrypt/decrypt for 0 byte plaintext

* check for buffer allocation iff length > 0
  • Loading branch information
@pan-apple @mkardous-silabs
pan-apple authored and mkardous-silabs committed Oct 15, 2021
1 parent 78ca933 commit b33cf61
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 116 deletions.
4 changes: 0 additions & 4 deletions src/crypto/CHIPCryptoPALOpenSSL.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,6 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
int result = 1;
const EVP_CIPHER * type = nullptr;

VerifyOrExit(plaintext != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(plaintext_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(key != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(_isValidKeyLength(key_length), error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(iv != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -216,8 +214,6 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
int result = 1;
const EVP_CIPHER * type = nullptr;

VerifyOrExit(ciphertext != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(ciphertext_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(tag != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(_isValidTagLength(tag_length), error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(key != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
Expand Down
4 changes: 0 additions & 4 deletions src/crypto/CHIPCryptoPALmbedTLS.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,6 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
mbedtls_ccm_context context;
mbedtls_ccm_init(&context);

VerifyOrExit(plaintext != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(plaintext_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(key != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(_isValidKeyLength(key_length), error = CHIP_ERROR_UNSUPPORTED_ENCRYPTION_TYPE);
VerifyOrExit(iv != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -153,8 +151,6 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
mbedtls_ccm_context context;
mbedtls_ccm_init(&context);

VerifyOrExit(ciphertext != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(ciphertext_len > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(tag != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(_isValidTagLength(tag_length), error = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(key != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
Expand Down
118 changes: 10 additions & 108 deletions src/crypto/tests/CHIPCryptoPALTest.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,12 +162,15 @@ static void TestAES_CCM_256EncryptTestVectors(nlTestSuite * inSuite, void * inCo
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_test_vector * vector = ccm_test_vectors[vectorIndex];
if (vector->key_len == 32 && vector->pt_len > 0)
if (vector->key_len == 32)
{
numOfTestsRan++;
chip::Platform::ScopedMemoryBuffer<uint8_t> out_ct;
out_ct.Alloc(vector->ct_len);
NL_TEST_ASSERT(inSuite, out_ct);
if (vector->ct_len > 0)
{
NL_TEST_ASSERT(inSuite, out_ct);
}
chip::Platform::ScopedMemoryBuffer<uint8_t> out_tag;
out_tag.Alloc(vector->tag_len);
NL_TEST_ASSERT(inSuite, out_tag);
Expand Down Expand Up @@ -201,12 +204,15 @@ static void TestAES_CCM_256DecryptTestVectors(nlTestSuite * inSuite, void * inCo
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_test_vector * vector = ccm_test_vectors[vectorIndex];
if (vector->key_len == 32 && vector->pt_len > 0)
if (vector->key_len == 32)
{
numOfTestsRan++;
chip::Platform::ScopedMemoryBuffer<uint8_t> out_pt;
out_pt.Alloc(vector->pt_len);
NL_TEST_ASSERT(inSuite, out_pt);
if (vector->pt_len > 0)
{
NL_TEST_ASSERT(inSuite, out_pt);
}
CHIP_ERROR err = AES_CCM_decrypt(vector->ct, vector->ct_len, vector->aad, vector->aad_len, vector->tag, vector->tag_len,
vector->key, vector->key_len, vector->iv, vector->iv_len, out_pt.Get());

Expand All @@ -222,33 +228,6 @@ static void TestAES_CCM_256DecryptTestVectors(nlTestSuite * inSuite, void * inCo
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_256EncryptInvalidPlainText(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
int numOfTestVectors = ArraySize(ccm_test_vectors);
int numOfTestsRan = 0;
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_test_vector * vector = ccm_test_vectors[vectorIndex];
if (vector->key_len == 32 && vector->pt_len > 0)
{
numOfTestsRan++;
chip::Platform::ScopedMemoryBuffer<uint8_t> out_ct;
out_ct.Alloc(vector->ct_len);
NL_TEST_ASSERT(inSuite, out_ct);
chip::Platform::ScopedMemoryBuffer<uint8_t> out_tag;
out_tag.Alloc(vector->tag_len);
NL_TEST_ASSERT(inSuite, out_tag);

CHIP_ERROR err = AES_CCM_encrypt(vector->pt, 0, vector->aad, vector->aad_len, vector->key, vector->key_len, vector->iv,
vector->iv_len, out_ct.Get(), out_tag.Get(), vector->tag_len);
NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_ARGUMENT);
break;
}
}
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_256EncryptNilKey(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
Expand Down Expand Up @@ -330,29 +309,6 @@ static void TestAES_CCM_256EncryptInvalidTagLen(nlTestSuite * inSuite, void * in
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_256DecryptInvalidCipherText(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
int numOfTestVectors = ArraySize(ccm_test_vectors);
int numOfTestsRan = 0;
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_test_vector * vector = ccm_test_vectors[vectorIndex];
if (vector->key_len == 32 && vector->pt_len > 0)
{
numOfTestsRan++;
chip::Platform::ScopedMemoryBuffer<uint8_t> out_pt;
out_pt.Alloc(vector->pt_len);
NL_TEST_ASSERT(inSuite, out_pt);
CHIP_ERROR err = AES_CCM_decrypt(vector->ct, 0, vector->aad, vector->aad_len, vector->tag, vector->tag_len, vector->key,
vector->key_len, vector->iv, vector->iv_len, out_pt.Get());
NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_ARGUMENT);
break;
}
}
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_256DecryptInvalidKey(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
Expand Down Expand Up @@ -498,33 +454,6 @@ static void TestAES_CCM_128DecryptTestVectors(nlTestSuite * inSuite, void * inCo
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_128EncryptInvalidPlainText(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
int numOfTestVectors = ArraySize(ccm_128_test_vectors);
int numOfTestsRan = 0;
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_128_test_vector * vector = ccm_128_test_vectors[vectorIndex];
if (vector->pt_len > 0)
{
numOfTestsRan++;
chip::Platform::ScopedMemoryBuffer<uint8_t> out_ct;
out_ct.Alloc(vector->ct_len);
NL_TEST_ASSERT(inSuite, out_ct);
chip::Platform::ScopedMemoryBuffer<uint8_t> out_tag;
out_tag.Alloc(vector->tag_len);
NL_TEST_ASSERT(inSuite, out_tag);

CHIP_ERROR err = AES_CCM_encrypt(vector->pt, 0, vector->aad, vector->aad_len, vector->key, vector->key_len, vector->iv,
vector->iv_len, out_ct.Get(), out_tag.Get(), vector->tag_len);
NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_ARGUMENT);
break;
}
}
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_128EncryptNilKey(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
Expand Down Expand Up @@ -606,29 +535,6 @@ static void TestAES_CCM_128EncryptInvalidTagLen(nlTestSuite * inSuite, void * in
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_128DecryptInvalidCipherText(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
int numOfTestVectors = ArraySize(ccm_128_test_vectors);
int numOfTestsRan = 0;
for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
{
const ccm_128_test_vector * vector = ccm_128_test_vectors[vectorIndex];
if (vector->pt_len > 0)
{
numOfTestsRan++;
Platform::ScopedMemoryBuffer<uint8_t> out_pt;
out_pt.Alloc(vector->pt_len);
NL_TEST_ASSERT(inSuite, out_pt);
CHIP_ERROR err = AES_CCM_decrypt(vector->ct, 0, vector->aad, vector->aad_len, vector->tag, vector->tag_len, vector->key,
vector->key_len, vector->iv, vector->iv_len, out_pt.Get());
NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_ARGUMENT);
break;
}
}
NL_TEST_ASSERT(inSuite, numOfTestsRan > 0);
}

static void TestAES_CCM_128DecryptInvalidKey(nlTestSuite * inSuite, void * inContext)
{
HeapChecker heapChecker(inSuite);
Expand Down Expand Up @@ -2049,20 +1955,16 @@ static const nlTest sTests[] = {

NL_TEST_DEF("Test encrypting AES-CCM-128 test vectors", TestAES_CCM_128EncryptTestVectors),
NL_TEST_DEF("Test decrypting AES-CCM-128 test vectors", TestAES_CCM_128DecryptTestVectors),
NL_TEST_DEF("Test encrypting AES-CCM-128 invalid plain text", TestAES_CCM_128EncryptInvalidPlainText),
NL_TEST_DEF("Test encrypting AES-CCM-128 using nil key", TestAES_CCM_128EncryptNilKey),
NL_TEST_DEF("Test encrypting AES-CCM-128 using invalid IV", TestAES_CCM_128EncryptInvalidIVLen),
NL_TEST_DEF("Test encrypting AES-CCM-128 using invalid tag", TestAES_CCM_128EncryptInvalidTagLen),
NL_TEST_DEF("Test decrypting AES-CCM-128 invalid ct", TestAES_CCM_128DecryptInvalidCipherText),
NL_TEST_DEF("Test decrypting AES-CCM-128 invalid key", TestAES_CCM_128DecryptInvalidKey),
NL_TEST_DEF("Test decrypting AES-CCM-128 invalid IV", TestAES_CCM_128DecryptInvalidIVLen),
NL_TEST_DEF("Test encrypting AES-CCM-256 test vectors", TestAES_CCM_256EncryptTestVectors),
NL_TEST_DEF("Test decrypting AES-CCM-256 test vectors", TestAES_CCM_256DecryptTestVectors),
NL_TEST_DEF("Test encrypting AES-CCM-256 invalid plain text", TestAES_CCM_256EncryptInvalidPlainText),
NL_TEST_DEF("Test encrypting AES-CCM-256 using nil key", TestAES_CCM_256EncryptNilKey),
NL_TEST_DEF("Test encrypting AES-CCM-256 using invalid IV", TestAES_CCM_256EncryptInvalidIVLen),
NL_TEST_DEF("Test encrypting AES-CCM-256 using invalid tag", TestAES_CCM_256EncryptInvalidTagLen),
NL_TEST_DEF("Test decrypting AES-CCM-256 invalid ct", TestAES_CCM_256DecryptInvalidCipherText),
NL_TEST_DEF("Test decrypting AES-CCM-256 invalid key", TestAES_CCM_256DecryptInvalidKey),
NL_TEST_DEF("Test decrypting AES-CCM-256 invalid IV", TestAES_CCM_256DecryptInvalidIVLen),
NL_TEST_DEF("Test decrypting AES-CCM-256 invalid vectors", TestAES_CCM_256DecryptInvalidTestVectors),
Expand Down

0 comments on commit b33cf61

Please sign in to comment.