Reject AES GCM nonces of other than 12 bytes in length.
Bug: 21614165
Change-Id: Ic938193babee9478ccf6779670e7f43b6e31335d
diff --git a/aes_operation.cpp b/aes_operation.cpp
index c71a1c3..1cc7c4d 100644
--- a/aes_operation.cpp
+++ b/aes_operation.cpp
@@ -318,6 +318,11 @@
iv_blob.data_length);
return KM_ERROR_INVALID_NONCE;
}
+ if (block_mode_ == KM_MODE_GCM && iv_blob.data_length != GCM_NONCE_SIZE) {
+ LOG_E("Expected %d-byte nonce for AES-GCM operation, but got %d bytes", GCM_NONCE_SIZE,
+ iv_blob.data_length);
+ return KM_ERROR_INVALID_NONCE;
+ }
iv_.reset(dup_array(iv_blob.data, iv_blob.data_length));
if (!iv_.get())
return KM_ERROR_MEMORY_ALLOCATION_FAILED;