commit f7e7b01a252fd39fd8f21e4b68674c63db64dd76
author Gilles Peskine <Gilles.Peskine@arm.com> Mon May 06 15:27:16 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon May 06 15:59:44 2019 +0200
tree 11d43e4976ab2cc62dc1d187113f90439476c01f
parent ff2d200fa5e3238ff3271404fad3e23211a59854

Minor refactoring in AEAD code

Make it a little easier to add ChaCha20-Poly1305.

This also fixes the error code in case mbedtls_gcm_setkey() fails with
a status that doesn't map to INVALID_ARGUMENT.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 45ce313..3e3c5eb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3681,6 +3681,9 @@
         case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):
             operation->core_alg = PSA_ALG_CCM;
             operation->full_tag_length = 16;
+            /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
+             * The call to mbedtls_ccm_encrypt_and_tag or
+             * mbedtls_ccm_auth_decrypt will validate the tag length. */
             if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
                 return( PSA_ERROR_INVALID_ARGUMENT );
             mbedtls_ccm_init( &operation->ctx.ccm );
@@ -3697,6 +3700,9 @@
         case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
             operation->core_alg = PSA_ALG_GCM;
             operation->full_tag_length = 16;
+            /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
+             * The call to mbedtls_gcm_crypt_and_tag or
+             * mbedtls_gcm_auth_decrypt will validate the tag length. */
             if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
                 return( PSA_ERROR_INVALID_ARGUMENT );
             mbedtls_gcm_init( &operation->ctx.gcm );
@@ -3704,6 +3710,8 @@
                 mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
                                     operation->slot->data.raw.data,
                                     (unsigned int) key_bits ) );
+            if( status != 0 )
+                goto cleanup;
             break;
 #endif /* MBEDTLS_GCM_C */
 
@@ -3717,9 +3725,6 @@
         goto cleanup;
     }
     operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
-    /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
-     * GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
-     * In both cases, mbedtls_xxx will validate the tag length below. */
 
     return( PSA_SUCCESS );
 
@@ -3844,15 +3849,15 @@
     if( status != PSA_SUCCESS )
         return( status );
 
+    status = psa_aead_unpadded_locate_tag( operation.tag_length,
+                                           ciphertext, ciphertext_length,
+                                           plaintext_size, &tag );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
 #if defined(MBEDTLS_GCM_C)
     if( operation.core_alg == PSA_ALG_GCM )
     {
-        status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                               ciphertext, ciphertext_length,
-                                               plaintext_size, &tag );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
         status = mbedtls_to_psa_error(
             mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
                                       ciphertext_length - operation.tag_length,
@@ -3867,12 +3872,6 @@
 #if defined(MBEDTLS_CCM_C)
     if( operation.core_alg == PSA_ALG_CCM )
     {
-        status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                               ciphertext, ciphertext_length,
-                                               plaintext_size, &tag );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
         status = mbedtls_to_psa_error(
             mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
                                       ciphertext_length - operation.tag_length,