Add validation for nonce size when we aren't in convergent encryption mode within transit backend (#13690)

* Add validation for nonce size when we aren't in convergent encryption mode within transit backend

* Add changelog entry

builtin/logical/transit/path_encrypt_test.go

@@ -578,6 +578,31 @@ func TestTransit_BatchEncryptionCase12(t *testing.T) {
 	}
 }
 
+// Case13: Incorrect input for nonce when we aren't in convergent encryption should fail the operation
+func TestTransit_BatchEncryptionCase13(t *testing.T) {
+	var err error
+
+	b, s := createBackendWithStorage(t)
+
+	batchInput := []interface{}{
+		map[string]interface{}{"plaintext": "bXkgc2VjcmV0IGRhdGE=", "nonce": "YmFkbm9uY2U="},
+	}
+
+	batchData := map[string]interface{}{
+		"batch_input": batchInput,
+	}
+	batchReq := &logical.Request{
+		Operation: logical.CreateOperation,
+		Path:      "encrypt/my-key",
+		Storage:   s,
+		Data:      batchData,
+	}
+	_, err = b.HandleRequest(context.Background(), batchReq)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
 // Test that the fast path function decodeBatchRequestItems behave like mapstructure.Decode() to decode []BatchRequestItem.
 func TestTransit_decodeBatchRequestItems(t *testing.T) {
 	tests := []struct {

changelog/13690.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/transit: Ensure that Vault does not panic for invalid nonce size when we aren't in convergent encryption mode.
+```

sdk/helper/keysutil/policy.go

@@ -1655,6 +1655,8 @@ func (p *Policy) SymmetricEncryptRaw(ver int, encKey, plaintext []byte, opts Sym
 		if err != nil {
 			return nil, errutil.InternalError{Err: err.Error()}
 		}
+	} else if len(nonce) != aead.NonceSize() {
+		return nil, errutil.UserError{Err: fmt.Sprintf("base64-decoded nonce must be %d bytes long but given %d bytes", aead.NonceSize(), len(nonce))}
 	}
 
 	// Encrypt and tag with AEAD