From 231c488ddfc1809b66f8f25d99844029d195fc69 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 20 Apr 2020 13:44:41 -0600
Subject: [PATCH] check on tag length for AES-CCM

---
 wolfcrypt/src/aes.c   | 24 ++++++++++++++++++++++++
 wolfcrypt/test/test.c | 12 ++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 4b5b437ca..d1f7dda1c 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -6996,6 +6996,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
             || authTag == NULL || nonceSz < 7 || nonceSz > 13)
         return BAD_FUNC_ARG;
 
+    /* sanity check on tag size */
+    if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
+            authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
+            authTagSz != 16) {
+        WOLFSSL_MSG("Bad auth tag size AES-CCM");
+        return BAD_FUNC_ARG;
+    }
+
     key = (byte*)aes->key;
 
     status = wc_AesGetKeySize(aes, &keySize);
@@ -7184,6 +7192,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
             authTagSz > AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
+    /* sanity check on tag size */
+    if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
+            authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
+            authTagSz != 16) {
+        WOLFSSL_MSG("Bad auth tag size AES-CCM");
+        return BAD_FUNC_ARG;
+    }
+
     XMEMSET(A, 0, sizeof(A));
     XMEMCPY(B+1, nonce, nonceSz);
     lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
@@ -7280,6 +7296,14 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
             authTagSz > AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
+    /* sanity check on tag size */
+    if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
+            authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
+            authTagSz != 16) {
+        WOLFSSL_MSG("Bad auth tag size AES-CCM");
+        return BAD_FUNC_ARG;
+    }
+
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index b30576db8..b96c245a4 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -9157,6 +9157,18 @@ int aesccm_test(void)
         return -6313;
 #endif
 
+    /* test fail on invalid IV sizes */
+    result = wc_AesCcmSetKey(&enc, k, sizeof(k));
+    if (result != 0)
+        return -6314;
+
+    /* AES-CCM encrypt and decrypt both use AES encrypt internally */
+    result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
+            t2, 1, a, sizeof(a));
+    if (result == 0) {
+        return -6315;
+    }
+
     return 0;
 }
 #endif /* HAVE_AESCCM WOLFSSL_AES_128 */