Additional fix for ccm_alt from On Target Testings

Ron Eldor · Ron Eldor · commit d487c80d76b2 · 2018-11-26T15:02:19.000+02:00
An additional fix for ccm_alt, when the message length is too big.
Check for specific error returned from CC310, and return
`MBEDTLS_ERR_CCM_BAD_INPUT`.
diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
@@ -24,6 +24,7 @@
 #include "mbedtls/platform.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/aes.h"
+#include "crys_aesccm_error.h"
 
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 {
@@ -69,6 +70,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
 {
     CRYSError_t CrysRet = CRYS_OK;
     CRYS_AESCCM_Mac_Res_t CC_Mac_Res = { 0 };
+    int ret = 0;
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -90,13 +92,22 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
 #endif
 
     CrysRet =  CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->keySize_ID, (uint8_t*)iv, iv_len,
-                            (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, CC_Mac_Res );
-    if ( CrysRet != CRYS_OK )
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+                           (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, CC_Mac_Res );
+    if( CrysRet == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR )
+    {
+       ret = MBEDTLS_ERR_CCM_BAD_INPUT;
+       goto exit;
+    }
+    else if ( CrysRet != CRYS_OK )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        goto exit;
+    }
 
     memcpy( tag, CC_Mac_Res, tag_len );
 
-    return ( 0 );
+exit:
+    return ( ret );
 
 }
 
@@ -111,6 +122,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 
 {
     CRYSError_t CrysRet = CRYS_OK;
+    int ret = 0;
     /*
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -130,7 +142,18 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 
     CrysRet =  CRYS_AESCCM( SASI_AES_DECRYPT, ctx->cipher_key, ctx->keySize_ID,(uint8_t*)iv, iv_len,
                             (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, (uint8_t*)tag );
-    if( CrysRet == CRYS_FATAL_ERROR )
+    if( CrysRet == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR )
+    {
+       /*
+        * When CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR is returned,
+        * no operation has occured, and no need to zeroize output.
+        * In addition, it could be that the message length is too big,
+        * returning this error code, and we don't want to overflow
+        * the output buffer.
+        */
+       return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    }
+    else if( CrysRet == CRYS_FATAL_ERROR )
     {
         /*
          * Unfortunately, Crys AESCCM returns CRYS_FATAL_ERROR when
@@ -158,7 +181,9 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
+
     return( MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE );
+
 }
 
 int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
@@ -168,6 +193,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *tag, size_t tag_len )
 {
     return( MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE );
+
 }
 
 #endif
