Implement AuthenticationTagMismatchException

Author: vcsjones

src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Aead.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.Apple;
@@ -36,6 +37,7 @@ internal static unsafe void ChaCha20Poly1305Encrypt(
 
                 if (result != Success)
                 {
+                    Debug.Assert(result == 0);
                     CryptographicOperations.ZeroMemory(ciphertext);
                     CryptographicOperations.ZeroMemory(tag);
                     throw new CryptographicException();
@@ -59,6 +61,7 @@ internal static unsafe void ChaCha20Poly1305Decrypt(
             fixed (byte* aadPtr = aad)
             {
                 const int Success = 1;
+                const int AuthTagMismatch = -1;
                 int result = AppleCryptoNative_ChaCha20Poly1305Decrypt(
                     keyPtr, key.Length,
                     noncePtr, nonce.Length,
@@ -67,12 +70,19 @@ internal static unsafe void ChaCha20Poly1305Decrypt(
                     plaintextPtr, plaintext.Length,
                     aadPtr, aad.Length);
 
-                // TODO: Need to throw the AuthenticationTagMismatchException when it gets merged.
-                // When there is an auth tag mismatch, -2 is returned.
                 if (result != Success)
                 {
                     CryptographicOperations.ZeroMemory(plaintext);
-                    throw new CryptographicException();
+
+                    if (result == AuthTagMismatch)
+                    {
+                        throw new AuthenticationTagMismatchException();
+                    }
+                    else
+                    {
+                        Debug.Assert(result == 0);
+                        throw new CryptographicException();
+                    }
                 }
             }
         }

src/libraries/System.Security.Cryptography/tests/ChaCha20Poly1305Tests.cs

@@ -457,8 +457,12 @@ public static void CheckIsSupported()
                 // OpenSSL is present, and a high enough version,
                 // but the distro build options turned off ChaCha/Poly.
             }
-            else if (PlatformDetection.OpenSslPresentOnSystem &&
-                (PlatformDetection.IsOSX || PlatformDetection.IsOpenSslSupported))
+            else if (PlatformDetection.IsOSX)
+            {
+                // CryptoKit is supported on macOS 10.15+, which is our minimum target.
+                expectedIsSupported = true;
+            }
+            else if (PlatformDetection.OpenSslPresentOnSystem && PlatformDetection.IsOpenSslSupported)
             {
                 const int OpenSslChaChaMinimumVersion = 0x1_01_00_00_F; //major_minor_fix_patch_status
                 expectedIsSupported = SafeEvpPKeyHandle.OpenSslVersion >= OpenSslChaChaMinimumVersion;

src/native/libs/System.Security.Cryptography.Native.Apple/pal_swiftbindings.swift

@@ -19,30 +19,26 @@ public func AppleCryptoNative_ChaCha20Poly1305Encrypt(
     aadPtr: UnsafeMutableRawPointer,
     aadLength: Int32
  ) -> Int32 {
-    if #available(macOS 10.15, *) {
-        let nonceData = Data(bytesNoCopy: noncePtr, count: Int(nonceLength), deallocator: Data.Deallocator.none)
-        let key = Data(bytesNoCopy: keyPtr, count: Int(keyLength), deallocator: Data.Deallocator.none)
-        let plaintext = Data(bytesNoCopy: plaintextPtr, count: Int(plaintextLength), deallocator: Data.Deallocator.none)
-        let aad = Data(bytesNoCopy: aadPtr, count: Int(aadLength), deallocator: Data.Deallocator.none)
-        let symmetricKey = SymmetricKey(data: key)
+    let nonceData = Data(bytesNoCopy: noncePtr, count: Int(nonceLength), deallocator: Data.Deallocator.none)
+    let key = Data(bytesNoCopy: keyPtr, count: Int(keyLength), deallocator: Data.Deallocator.none)
+    let plaintext = Data(bytesNoCopy: plaintextPtr, count: Int(plaintextLength), deallocator: Data.Deallocator.none)
+    let aad = Data(bytesNoCopy: aadPtr, count: Int(aadLength), deallocator: Data.Deallocator.none)
+    let symmetricKey = SymmetricKey(data: key)
 
-        guard let nonce = try? ChaChaPoly.Nonce(data: nonceData) else {
-            return 0
-        }
-
-        guard let result = try? ChaChaPoly.seal(plaintext, using: symmetricKey, nonce: nonce, authenticating: aad) else {
-            return 0
-        }
-
-        assert(ciphertextBufferLength >= result.ciphertext.count)
-        assert(tagBufferLength >= result.tag.count)
+    guard let nonce = try? ChaChaPoly.Nonce(data: nonceData) else {
+        return 0
+    }
 
-        result.ciphertext.copyBytes(to: ciphertextBuffer, count: result.ciphertext.count)
-        result.tag.copyBytes(to: tagBuffer, count: result.tag.count)
-        return 1
+    guard let result = try? ChaChaPoly.seal(plaintext, using: symmetricKey, nonce: nonce, authenticating: aad) else {
+        return 0
     }
 
-    return -1
+    assert(ciphertextBufferLength >= result.ciphertext.count)
+    assert(tagBufferLength >= result.tag.count)
+
+    result.ciphertext.copyBytes(to: ciphertextBuffer, count: result.ciphertext.count)
+    result.tag.copyBytes(to: tagBuffer, count: result.tag.count)
+    return 1
  }
 
 @_cdecl("AppleCryptoNative_ChaCha20Poly1305Decrypt")
@@ -61,36 +57,32 @@ public func AppleCryptoNative_ChaCha20Poly1305Decrypt(
     aadLength: Int32
 ) -> Int32
 {
-    if #available(macOS 10.15, *) {
-        let nonceData = Data(bytesNoCopy: noncePtr, count: Int(nonceLength), deallocator: Data.Deallocator.none)
-        let key = Data(bytesNoCopy: keyPtr, count: Int(keyLength), deallocator: Data.Deallocator.none)
-        let ciphertext = Data(bytesNoCopy: ciphertextPtr, count: Int(ciphertextLength), deallocator: Data.Deallocator.none)
-        let aad = Data(bytesNoCopy: aadPtr, count: Int(aadLength), deallocator: Data.Deallocator.none)
-        let tag = Data(bytesNoCopy: tagPtr, count: Int(tagLength), deallocator: Data.Deallocator.none)
-        let symmetricKey = SymmetricKey(data: key)
+    let nonceData = Data(bytesNoCopy: noncePtr, count: Int(nonceLength), deallocator: Data.Deallocator.none)
+    let key = Data(bytesNoCopy: keyPtr, count: Int(keyLength), deallocator: Data.Deallocator.none)
+    let ciphertext = Data(bytesNoCopy: ciphertextPtr, count: Int(ciphertextLength), deallocator: Data.Deallocator.none)
+    let aad = Data(bytesNoCopy: aadPtr, count: Int(aadLength), deallocator: Data.Deallocator.none)
+    let tag = Data(bytesNoCopy: tagPtr, count: Int(tagLength), deallocator: Data.Deallocator.none)
+    let symmetricKey = SymmetricKey(data: key)
 
-        guard let nonce = try? ChaChaPoly.Nonce(data: nonceData) else {
-            return 0
-        }
+    guard let nonce = try? ChaChaPoly.Nonce(data: nonceData) else {
+        return 0
+    }
 
-        guard let sealedBoxRestored = try? ChaChaPoly.SealedBox(nonce: nonce, ciphertext: ciphertext, tag: tag) else {
-            return 0
-        }
+    guard let sealedBoxRestored = try? ChaChaPoly.SealedBox(nonce: nonce, ciphertext: ciphertext, tag: tag) else {
+        return 0
+    }
 
-        do {
-            let result = try ChaChaPoly.open(sealedBoxRestored, using: symmetricKey, authenticating: aad)
+    do {
+        let result = try ChaChaPoly.open(sealedBoxRestored, using: symmetricKey, authenticating: aad)
 
-            assert(plaintextBufferLength >= result.count)
-            result.copyBytes(to: plaintextBuffer, count: result.count)
-            return 1
-        }
-        catch CryptoKitError.authenticationFailure {
-            return -2
-        }
-        catch {
-            return 0
-        }
+        assert(plaintextBufferLength >= result.count)
+        result.copyBytes(to: plaintextBuffer, count: result.count)
+        return 1
+    }
+    catch CryptoKitError.authenticationFailure {
+        return -1
+    }
+    catch {
+        return 0
     }
-
-    return -1
 }