Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

psa_cipher_decrypt with CCM* rejects very short messages #9314

Open
gilles-peskine-arm opened this issue Jun 26, 2024 · 0 comments · May be fixed by #9315
Open

psa_cipher_decrypt with CCM* rejects very short messages #9314

gilles-peskine-arm opened this issue Jun 26, 2024 · 0 comments · May be fixed by #9315
Assignees
@gilles-peskine-arm
Labels
bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most)
Projects
EPICs for Mbed TLS

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Jun 26, 2024
edited
Loading

psa_cipher_decrypt takes an input which is the IV concatenated with the ciphertext proper. It validates that the input is at least as large as the IV. This validation is wrong for PSA_ALG_CCM_STAR_NO_TAG: the length enforcement is for 16 bytes but the IV length is actually 13. As a consequence, psa_cipher_decrypt incorrectly returns PSA_ERROR_INVALID_ARGUMENT when the message is 3 bytes or less.

Workaround: the multipart interface works fine.

Found by Cryptofuzz.
@gilles-peskine-arm gilles-peskine-arm added bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most) labels Jun 26, 2024
@gilles-peskine-arm gilles-peskine-arm self-assigned this Jun 26, 2024
@gilles-peskine-arm gilles-peskine-arm added this to 3.6.1 patch release in EPICs for Mbed TLS Jun 26, 2024
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Jun 26, 2024
Open
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Jun 26, 2024
@gilles-peskine-arm
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
7b6ddfc 
Credit to Cryptofuzz. Fixes Mbed-TLS#9314.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm linked a pull request Jun 26, 2024 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gilles-peskine-arm gilles-peskine-arm

Labels
bug component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most)
Projects
EPICs for Mbed TLS
3.6.1 patch release
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes gilles-peskine-arm/mbedtls
1 participant
@gilles-peskine-arm