Return MBEDTLS_ERR_CCM_BAD_INPUT on invalid key

Return `MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE` only for valid key lengths, that are not supported by Cryptocell 310. For other key sizes, return `MBEDTLS_ERR_CCM_BAD_INPUT`
2018-11-18 08:39:33 +02:00 · 2018-11-18 08:39:33 +02:00 · 5ed3a64527
parent 1b34927e83
commit 5ed3a64527
1 changed files with 16 additions and 4 deletions
--- a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
+++ b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
@ -44,14 +44,26 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
    if( ctx == NULL )
        return( MBEDTLS_ERR_CCM_BAD_INPUT );

-    if( cipher != MBEDTLS_CIPHER_ID_AES ||
-         keybits != 128 )
+    if( cipher != MBEDTLS_CIPHER_ID_AES )
    {
        return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
    }

-    memcpy( ctx->cipher_key , key, keybits / 8 );
-    ctx->key_size = CRYS_AES_Key128BitSize;
+    switch( keybits )
+    {
+        case 128:
+        {
+            memcpy( ctx->cipher_key , key, keybits / 8 );
+            ctx->key_size = CRYS_AES_Key128BitSize;
+        }
+        break;
+        case 192:
+        case 256:
+            return( MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE );
+        default:
+            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    }
+

    return( 0 );