core: add encrypt key length in AES encrypt API

Adds size of expanded AES encryption key to crypto_aes_expand_enc_key()
and crypto_aes_enc_block() to make the functions more safe to call.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

1 files changed, 8 insertions, 3 deletions

diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
index cae91b7d..75373fac 100644
--- a/core/lib/libtomcrypt/src/tee_ltc_provider.c
+++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -1441,10 +1441,14 @@ TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data,
 #endif
 
 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
-				     void *enc_key, unsigned int *rounds)
+				     void *enc_key, size_t enc_keylen,
+				     unsigned int *rounds)
 {
 	symmetric_key skey;
 
+	if (enc_keylen < sizeof(skey.rijndael.eK))
+		return TEE_ERROR_BAD_PARAMETERS;
+
 	if (aes_setup(key, key_len, 0, &skey))
 		return TEE_ERROR_BAD_PARAMETERS;
 
@@ -1453,11 +1457,12 @@ TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
 	return TEE_SUCCESS;
 }
 
-void crypto_aes_enc_block(const void *enc_key, unsigned int rounds,
-			  const void *src, void *dst)
+void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen __maybe_unused,
+			  unsigned int rounds, const void *src, void *dst)
 {
 	symmetric_key skey;
 
+	assert(enc_keylen >= sizeof(skey.rijndael.eK));
 	memcpy(skey.rijndael.eK, enc_key, sizeof(skey.rijndael.eK));
 	skey.rijndael.Nr = rounds;
 	if (aes_ecb_encrypt(src, dst, &skey))