commit 7220cae93c9dc5a820c18e1a9a2329f97c6256ec
author Paul Elliott <paul.elliott@arm.com> Tue Jun 22 17:25:57 2021 +0100
committer Paul Elliott <paul.elliott@arm.com> Tue Jun 22 22:14:47 2021 +0100
tree 7804838a01cc9221f29070030d89b56bcdf8d62e
parent 5e3bb131114fd6c72794ac46c3a050395ea9a3e9

Ensure generate nonce unavailable in decrypt

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

include/psa/crypto_struct.h

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 0f74c54..e05c846 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -172,11 +172,12 @@
     unsigned int lengths_set : 1;
     unsigned int ad_started : 1;
     unsigned int body_started : 1;
+    unsigned int is_encrypt : 1;
 
     psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8dc6aad..aec22c7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3469,7 +3469,10 @@
         status = unlock_status;
 
     if( status == PSA_SUCCESS )
+    {
         operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->is_encrypt = 1;
+    }
     else
         psa_aead_abort( operation );
 
@@ -3531,7 +3534,10 @@
         status = unlock_status;
 
     if( status == PSA_SUCCESS )
+    {
         operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->is_encrypt = 0;
+    }
     else
         psa_aead_abort( operation );
 
@@ -3556,7 +3562,7 @@
     }
 
     if( operation->nonce_set || operation->ad_started ||
-        operation->body_started )
+        operation->body_started  || operation->is_encrypt == 0 )
     {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3881,6 +3887,7 @@
     operation->lengths_set = 0;
     operation->ad_started = 0;
     operation->body_started = 0;
+    operation->is_encrypt = 0;
 
     return( status );
 }

tests/suites/test_suite_psa_crypto.function

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2a2f2e6..38545bc 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3913,6 +3913,19 @@
 
     psa_aead_abort( &operation );
 
+    /* Test for generating nonce in decrypt setup. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+                                         PSA_AEAD_NONCE_MAX_SIZE,
+                                         &nonce_length ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
     /* Test for setting lengths twice. */
 
     operation = psa_aead_operation_init( );