add check on cipher_len inside sancus_unwrap_with_key

Normally, `sancus_unwrap_with_key` always fails if cipher_len is zero. This commit solves this issue by leveraging `sancus_untag_with_key`
sancus-tee · Oct 15, 2021 · 666f960 · 666f960
1 parent 7b26b35
commit 666f960
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/sancus_support/sm_support.h b/src/sancus_support/sm_support.h
@@ -560,6 +560,11 @@ always_inline int sancus_unwrap_with_key(const void* key,
                                          size_t cipher_len,
                                          const void* tag, void* body)
 {
+    // fix: if cipher_len is zero, just compare the MACs using sancus_untag
+    if(cipher_len == 0) {
+      return sancus_untag_with_key(key, ad, ad_len, tag);
+    }
+
     void* ad_end = (char*)ad + ad_len;
     void* cipher_end = (char*)cipher + cipher_len;
     int ret;