Move nonce size checking to PSA Core

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-12-24 17:41:01 +03:00 · 2021-09-27 18:09:28 +01:00
parent 325d374e3d
commit 4ed1ed18d2
2 changed files with 37 additions and 11 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3863,11 +3863,43 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
        goto exit;
    }

-    /* Not checking nonce size here as GCM spec allows almost arbitrarily
-     * large nonces. Please note that we do not generally recommend the usage
-     * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large
-     * nonces are hashed to a shorter size, which can then lead to collisions
-     * if you encrypt a very large number of messages.*/
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+    if( operation->alg == PSA_ALG_GCM )
+    {
+        /* Not checking max nonce size here as GCM spec allows almost
+         * arbitrarily large nonces. Please note that we do not generally
+         * recommend the usage of nonces of greater length than
+         * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+         * size, which can then lead to collisions if you encrypt a very
+         * large number of messages.*/
+        if( nonce_length == 0 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if( operation->alg == PSA_ALG_CCM )
+    {
+        if( nonce_length < 7 || nonce_length > 13 )
+        {
+            status = PSA_ERROR_INVALID_ARGUMENT;
+            goto exit;
+        }
+    }
+    else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
+        {
+            if( nonce_length != 12 )
+            {
+                status = PSA_ERROR_INVALID_ARGUMENT;
+                goto exit;
+            }
+        }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */

    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
                                                nonce_length );
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -438,12 +438,6 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

-    if( mbedtls_aead_check_nonce_length( operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
    if( operation->alg == PSA_ALG_GCM )
    {