Use PSA_ERROR_INVALID_ARGUMENT for invalid cipher input sizes
... as opposed to PSA_ERROR_BAD_STATE. The spec on psa_cipher_finish() states that PSA_ERROR_INVALID_ARGUMENT should be returned when: "The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size." Currently, there is a distinction between encryption and decryption on whether INVALID_ARGUMENT or BAD_STATE is returned, but this is not a part of the spec. This fix ensures that PSA_ERROR_INVALID_ARGUMENT is returned consistently on invalid cipher input sizes. Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
This commit is contained in:
parent
7829748cd4
commit
f90e3019dd
@ -199,7 +199,7 @@ psa_status_t mbedtls_to_psa_error( int ret )
|
|||||||
case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
|
case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
|
||||||
return( PSA_ERROR_INVALID_PADDING );
|
return( PSA_ERROR_INVALID_PADDING );
|
||||||
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
|
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
|
||||||
return( PSA_ERROR_BAD_STATE );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
|
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
return( PSA_ERROR_INVALID_SIGNATURE );
|
||||||
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
|
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
|
||||||
@ -4473,8 +4473,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
|
|||||||
if( operation->ctx.cipher.unprocessed_len != 0 )
|
if( operation->ctx.cipher.unprocessed_len != 0 )
|
||||||
{
|
{
|
||||||
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
|
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
|
||||||
( operation->alg == PSA_ALG_CBC_NO_PADDING &&
|
operation->alg == PSA_ALG_CBC_NO_PADDING )
|
||||||
operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) )
|
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
goto exit;
|
goto exit;
|
||||||
|
@ -1240,7 +1240,7 @@ cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4
|
|||||||
|
|
||||||
PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
|
PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||||
cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
|
cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
PSA symmetric decrypt: AES-CTR, 16 bytes, good
|
PSA symmetric decrypt: AES-CTR, 16 bytes, good
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
|
||||||
@ -1252,7 +1252,7 @@ cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf71588
|
|||||||
|
|
||||||
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
|
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||||
cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
|
cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
|
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
|
||||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||||
|
Loading…
Reference in New Issue
Block a user