drivers: crypto: stm32: make tag validation optionable

Allows enabling or disabling AES-CCM and AES-GCM tag
validation in the driver. This gives users the flexibility
to use an external, preferably constant-time tag validation
function if desired.

Signed-off-by: Georgij Černyšiov <geo.cgv@gmail.com>

Author: GeorgeCGV

drivers/crypto/crypto_stm32.c

@@ -426,15 +426,17 @@ static int crypto_stm32_gcm_decrypt(struct cipher_ctx *ctx, struct cipher_aead_p
 out:
 	k_sem_give(&data->device_sem);
 
-	if (ret < 0) {
-		return ret;
-	}
+	IF_ENABLED(CRYPTO_STM32_AES_CCM_GCM_VALIDATE_TAG, (
+		/* memcmp is vulnerable to timing attacks */
+		if ((ret >= 0) &&
+		    (memcmp(tag, apkt->tag, ctx->mode_params.ccm_info.tag_len) != 0)) {
+			/* auth/tag verification fails */
+			ret = -EFAULT;
+		}
+	));
 
-	/* memcmp is vulnerable to timing attacks */
-	if (memcmp(tag, apkt->tag, ctx->mode_params.gcm_info.tag_len) != 0) {
-		/* auth/tag verification fails */
+	if (ret < 0) {
 		apkt->pkt->out_len = 0;
-		ret = -EFAULT;
 	} else {
 		apkt->pkt->out_len = apkt->pkt->in_len;
 	}
@@ -592,11 +594,17 @@ static int crypto_stm32_ccm_decrypt(struct cipher_ctx *ctx, struct cipher_aead_p
 out:
 	k_sem_give(&data->device_sem);
 
-	/* memcmp is vulnerable to timing attacks */
-	if (memcmp(tag, apkt->tag, ctx->mode_params.ccm_info.tag_len) != 0) {
-		/* auth/tag verification fails */
+	IF_ENABLED(CRYPTO_STM32_AES_CCM_GCM_VALIDATE_TAG, (
+		/* memcmp is vulnerable to timing attacks */
+		if ((ret >= 0) &&
+		    (memcmp(tag, apkt->tag, ctx->mode_params.ccm_info.tag_len) != 0)) {
+			/* auth/tag verification fails */
+			ret = -EFAULT;
+		}
+	));
+
+	if (ret < 0) {
 		apkt->pkt->out_len = 0;
-		ret = -EFAULT;
 	} else {
 		apkt->pkt->out_len = apkt->pkt->in_len;
 	}