From 545b15da9743f99901aa787c1f70b41e953c680c Mon Sep 17 00:00:00 2001 From: Ionut Mihalcea Date: Wed, 29 Jun 2022 15:56:12 +0100 Subject: [PATCH] Add invalid padding warnings to decryption ops Adding `PsaErrorInvalidPadding` and a related warning on `psa_asymmetric_decrypt` and `psa_cipher_decrypt` to notify clients of the need for mitigations. Signed-off-by: Ionut Mihalcea --- src/parsec_client/operations/psa_asymmetric_decrypt.md | 6 ++++++ src/parsec_client/operations/psa_cipher_decrypt.md | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/src/parsec_client/operations/psa_asymmetric_decrypt.md b/src/parsec_client/operations/psa_asymmetric_decrypt.md index 7601ecbb..15706dce 100644 --- a/src/parsec_client/operations/psa_asymmetric_decrypt.md +++ b/src/parsec_client/operations/psa_asymmetric_decrypt.md @@ -27,11 +27,17 @@ Decrypt a short message with a private key. Opcode: 11 (`0x000B`) - `PsaErrorNotPermitted`: The key does not have the `decrypt` flag, or it does not permit the requested algorithm. +- `PsaErrorInvalidPadding`: The decrypted padding is incorrect. See Warning below. ## Description This function will decrypt a short message with the private key of the provided key pair. +**WARNING:** In some protocols, when decrypting data, it is essential that the behavior of the +application does not depend on whether the padding is correct, down to precise timing. If the +application must perform a decryption of unauthenticated data, the application writer must take care +not to reveal whether the padding is invalid. + ## Contract [Protobuf](https://github.com/parallaxsecond/parsec-operations/blob/master/protobuf/psa_asymmetric_decrypt.proto) diff --git a/src/parsec_client/operations/psa_cipher_decrypt.md b/src/parsec_client/operations/psa_cipher_decrypt.md index f85083c9..b5e8a398 100644 --- a/src/parsec_client/operations/psa_cipher_decrypt.md +++ b/src/parsec_client/operations/psa_cipher_decrypt.md @@ -23,11 +23,18 @@ Decrypt a short message with a symmetric cipher. Opcode: 21 (`0x0015`) - `PsaErrorNotPermitted`: The key does not have the `decrypt` flag, or it does not permit the requested algorithm. +- `PsaErrorInvalidPadding`: The decrypted padding is incorrect. See Warning below. ## Description This function will decrypt a short message using the provided initialisation vector (IV). +**Warning:** In some protocols, when decrypting data, it is essential that the behavior of the +application does not depend on whether the padding is correct, down to precise timing. Protocols +that use authenticated encryption are recommended for use by applications, rather than plain +encryption. If the application must perform a decryption of unauthenticated data, the application +writer must take care not to reveal whether the padding is invalid. + ## Contract [Protobuf](https://github.com/parallaxsecond/parsec-operations/blob/master/protobuf/psa_cipher_decrypt.proto)