From 1aaff0e389f193db843c36f04d040c62126de990 Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Thu, 15 Nov 2018 17:21:58 +0200
Subject: [PATCH] Return `MBEDTLS_ERR_CCM_AUTH_FAILED` where needed.

On authentication decryption, when the driver returns the relevant error,
return `MBEDTLS_ERR_CCM_AUTH_FAILED`.
---
 .../FEATURE_CRYPTOCELL310/ccm_alt.c           | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
index 4f57692aba..07b4ea67e6 100644
--- a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
+++ b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
@@ -130,10 +130,23 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
 
     CrysRet =  CRYS_AESCCM( SASI_AES_DECRYPT, ctx->cipher_key, ctx->keySize_ID,(uint8_t*)iv, iv_len,
                             (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, (uint8_t*)tag );
-    if ( CrysRet != CRYS_OK )
-        return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    if( CrysRet == CRYS_FATAL_ERROR )
+    {
+        /*
+         * Unfortunately, Crys AESCCM returns CRYS_FATAL_ERROR when
+         * MAC isn't as expected.
+         */
+        ret = MBEDTLS_ERR_CCM_AUTH_FAILED;
+        goto exit;
+    }
+    else if ( CrysRet != CRYS_OK )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        goto exit;
+    }
 
-    return ( 0 );
+exit:
+    return( ret );
 
 }