From 666f960a66a30d2b3e899ee97add2ab6071cfe39 Mon Sep 17 00:00:00 2001
From: Gianluca Scopelliti <gianlu.1033@gmail.com>
Date: Fri, 8 Oct 2021 15:19:25 +0200
Subject: [PATCH] add check on cipher_len inside `sancus_unwrap_with_key`

Normally, `sancus_unwrap_with_key` always fails if cipher_len is zero.
This commit solves this issue by leveraging `sancus_untag_with_key`
---
 src/sancus_support/sm_support.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/sancus_support/sm_support.h b/src/sancus_support/sm_support.h
index 9d17595..2b36635 100644
--- a/src/sancus_support/sm_support.h
+++ b/src/sancus_support/sm_support.h
@@ -560,6 +560,11 @@ always_inline int sancus_unwrap_with_key(const void* key,
                                          size_t cipher_len,
                                          const void* tag, void* body)
 {
+    // fix: if cipher_len is zero, just compare the MACs using sancus_untag
+    if(cipher_len == 0) {
+      return sancus_untag_with_key(key, ad, ad_len, tag);
+    }
+
     void* ad_end = (char*)ad + ad_len;
     void* cipher_end = (char*)cipher + cipher_len;
     int ret;