search

project-chip / connectedhomeip

Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.
https://buildwithmatter.com
Apache License 2.0
7.53k stars 2.03k forks source link

[BUG] [PSA] Output buffer provided to AES_CCM_decrypt might not be wide enough #35155

Open axelnxp opened 3 months ago

axelnxp commented 3 months ago

Reproduction steps

When using CHIPCryptoPALPSA, I encountered a case where the plaintext buffer size is not large enough. When calling AES_CCM_decrypt from HandleSigma3a, the input and ouput buffer are the same location:

SuccessOrExit(err = AES_CCM_decrypt(msg_R3_Encrypted.Get(), msg_r3_encrypted_len, nullptr, 0,
                                            msg_R3_Encrypted.Get() + msg_r3_encrypted_len, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES,
                                            sr3k.KeyHandle(), kTBEData3_Nonce, kTBEDataNonceLength, msg_R3_Encrypted.Get()))

In my case, ciphertext_length is equal to 0x226, so when calling psa_aead_update, the output size is computed with PSA_AEAD_UPDATE_OUTPUT_SIZE macro, which rounds up 0x226 to 0x230. This is a problem, because the output buffer is the input buffer, so its size is 0x226. Here is the context in psa_aead_update: image

There is a risk of buffer overflow.

Bug prevalence

whenever the input length is not a multiple of a block size

GitHub hash of the SDK that was being used

ea01e21b18e54f6fedcd8c47b46c183a54ee3aea

Platform

core

Platform Version(s)

No response

Anything else?

No response

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Remove stale label or comment or this will be closed in 30 days.