Fix issues in Cryptocell 310 ccm_alt discovered by On Target Testing #8704
Conversation
|
Note: This PR will conflict with #8643 |
What order they should be integrated? I assume first 8643 and this one rebased afterwards? |
|
@0xc0170 Actually they are not dependent on each other. This PR fixes exiting bugs, while 8643 resolves future issues ( after newer version of Mbed TLS will be merged) |
From my review, those are the one from SDK, not our functions, so should be good. @RonEld Please recheck |
|
@ARMmbed/mbed-os-crypto Please review the latest update |
|
I wil change all the camelcase variables that are changeable: |
|
@RonEld The first commit fixes 6 unrelated issues. Could you please split it up to 6 different commits? |
RonEld
force-pushed
the
cryptocell_ccm_alt_fixes
branch
5 times, most recently
from
77d64ef to
ce86f0f
Compare
|
Updated, @yanesca please rereview |
|
@yanesca I rebased to split the first commit to 6 different commits. |
|
Thank you very much, I'll have a look at it as soon as I can! |
|
@yanesca Thanks! |
|
I agree, that would be a nice improvement! |
|
@RonEld Please also rebase with the fixing the review above Once done, we'll start CI |
It could be. |
1. Change camelcase variables to Mbed OS style. 2. Remove functions declarations from the `_alt` header, since they are now added from the module header regardless whether an alternative implementation exists. 3. Remove the `extern "c"` declaration from the `_alt` headers. 4. Remove whitespaces before opening parenthesis. 5. Fix alignment of function parameters. 6. Fix indentations. 7. Limit lines to 80 characters.
Return `MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE` only for valid key lengths, that are not supported by Cryptocell 310. For other key sizes, return `MBEDTLS_ERR_CCM_BAD_INPUT`
Replace the module specific errors with the `MBEDTLS_ERR_PLATFORM_XXX` errors.
RonEld
force-pushed
the
cryptocell_ccm_alt_fixes
branch
from
b6b1e49 to
5e0223f
Compare
|
@0xc0170 I have rebased to resolve conflicts, and put fixes from review from @dgreen-arm in 1b34927 |
|
@RonEld do you still have the branch before the rebase? Can you post a link to it so that I can compare? |
|
All the PRs need to be engineering ready (marked as "needs: CI") by the end of the day (Austin time). Otherwise it won't make 5.11 and will need to come in the next release (5.12 for features, 5.11.1 for fixes and new platforms). |
|
@yanesca UnfortunatelyI don't.. I am working on making a reference branch |
|
@yanesca I believe the branch before the rebase and style fixes from @dgreen-arm is in https://github.com/RonEld/mbed-os/tree/ccm_alt_reference_brach |
Test run: SUCCESSSummary: 4 of 4 test jobs passed |
|
@ARMmbed/mbed-os-maintainers IF we're ignoring the |
|
Thanks @cmonr for heads-up! This is ready for merge |
Description
Fix issues discovered by On Target Testing on the NRF52840_DK platform:
1. Check add len is not too big.2. Fix memory overflow, by adding a local buffer for the tag result.
3. Return
MBEDTLS_ERR_CCM_AUTH_FAILEDwhere needed.4. Add unsupported functions for CCM*.
5. Zeroize output buffer, upon authentication faliure.
6. Use
mbedtls_platform_zeroize()instead ofmbedtls_zeroize()Pull request type