Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT

If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

include/mbedtls/aes.h

@@ -60,6 +60,8 @@
 /* Error codes in range 0x0021-0x0025 */
 /** Invalid input data. */
 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021
+/** The requested feature is not available. */
+#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023
 
 #ifdef __cplusplus
 extern "C" {

library/aes.c

@@ -1061,15 +1061,16 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
 #endif
 
 #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
     if (mode == MBEDTLS_AES_ENCRYPT) {
         return mbedtls_internal_aes_encrypt(ctx, input, output);
     } else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
         return mbedtls_internal_aes_decrypt(ctx, input, output);
-    }
 #else
-    return mbedtls_internal_aes_encrypt(ctx, input, output);
+        return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
 #endif
+    }
+    return mbedtls_internal_aes_encrypt(ctx, input, output);
 #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */
 }
 

library/aesce.c

@@ -244,16 +244,15 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx,
     uint8x16_t block = vld1q_u8(&input[0]);
     unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset);
 
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
     if (mode == MBEDTLS_AES_ENCRYPT) {
         block = aesce_encrypt_block(block, keys, ctx->nr);
     } else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
         block = aesce_decrypt_block(block, keys, ctx->nr);
-    }
 #else
-    (void) mode;
+        return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
-    block = aesce_encrypt_block(block, keys, ctx->nr);
+#endif
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
+    }
     vst1q_u8(&output[0], block);
 
     return 0;

library/aesni.c

@@ -93,7 +93,6 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
     ++rk;
     --nr;
 
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
     if (mode == MBEDTLS_AES_ENCRYPT) {
         while (nr != 0) {
             state = _mm_aesenc_si128(state, *rk);
@@ -102,23 +101,17 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
         }
         state = _mm_aesenclast_si128(state, *rk);
     } else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
         while (nr != 0) {
             state = _mm_aesdec_si128(state, *rk);
             ++rk;
             --nr;
         }
         state = _mm_aesdeclast_si128(state, *rk);
-    }
 #else
-    (void) mode;
+        return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
-    while (nr != 0) {
+#endif
-
-        state = _mm_aesenc_si128(state, *rk);
-        ++rk;
-        --nr;
     }
-    state = _mm_aesenclast_si128(state, *rk);
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
 
     memcpy(output, &state, 16);
     return 0;
@@ -452,6 +445,12 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
                             const unsigned char input[16],
                             unsigned char output[16])
 {
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+    if (mode == MBEDTLS_AES_DECRYPT) {
+        return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+    }
+#endif
+
     asm ("movdqu    (%3), %%xmm0    \n\t" // load input
          "movdqu    (%1), %%xmm1    \n\t" // load round key 0
          "pxor      %%xmm1, %%xmm0  \n\t" // round 0

library/cipher.c

@@ -319,6 +319,17 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
     if (ctx->cipher_info == NULL) {
         return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+    /* CBC, XTS, KW and KWP mode always need decryption, return an error to
+     * indicate those modes are not available under
+     * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */
+    if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
+        MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
+        MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
+        MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    }
+#endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
     if (ctx->psa_enabled == 1) {
@@ -402,12 +413,14 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
         return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key,
                                                                           ctx->key_bitlen);
     }
+#else
+    if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) {
+        return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
+                                                                          ctx->key_bitlen);
+    }
+#endif
 
     return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-#else
-    return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
-                                                                      ctx->key_bitlen);
-#endif
 }
 
 int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,

library/psa_crypto.c

@@ -157,6 +157,7 @@ psa_status_t mbedtls_to_psa_error(int ret)
 #if defined(MBEDTLS_AES_C)
         case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
         case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
+        case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
             return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_AES_BAD_INPUT_DATA:
             return PSA_ERROR_INVALID_ARGUMENT;