Return MBEDTLS_ERR_CCM_BAD_INPUT on invalid key

Ron Eldor · Ron Eldor · commit 5ed3a64527a7 · 2018-11-26T15:33:16.000+02:00
Return `MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE` only for valid key lengths,
that are not supported by Cryptocell 310. For other key sizes, return
`MBEDTLS_ERR_CCM_BAD_INPUT`
diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c
@@ -44,14 +44,26 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
     if( ctx == NULL )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( cipher != MBEDTLS_CIPHER_ID_AES ||
-         keybits != 128 )
+    if( cipher != MBEDTLS_CIPHER_ID_AES )
     {
         return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
     }
 
-    memcpy( ctx->cipher_key , key, keybits / 8 );
-    ctx->key_size = CRYS_AES_Key128BitSize;
+    switch( keybits )
+    {
+        case 128:
+        {
+            memcpy( ctx->cipher_key , key, keybits / 8 );
+            ctx->key_size = CRYS_AES_Key128BitSize;
+        }
+        break;
+        case 192:
+        case 256:
+            return( MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE );
+        default:
+            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    }
+
 
     return( 0 );
 
