From 884f6af590b7d256370f1bd9cb3f2609fe56bc78 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 12 Nov 2018 13:33:16 +0000 Subject: [PATCH] Always configure PSA-based keys for encryption and decryption Mbed TLS cipher layer allows usage of keys for other purposes than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`. The semantics of the PSA Crypto API, in contrast, checks key usage against the key policy. As a remedy, this commit modifies the PSA key slot setup to always allow both encryption and decryption. --- library/cipher.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/cipher.c b/library/cipher.c index a83d3c6a6e..243c73918e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -310,7 +310,13 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, /* Setup policy for the new key slot. */ psa_key_policy_init( &key_policy ); - key_usage = mbedtls_psa_translate_cipher_operation( operation ); + + /* Mbed TLS' cipher layer doesn't enforce the mode of operation + * (encrypt vs. decrypt): it is possible to setup a key for encryption + * and use it for AEAD decryption. Until tests relying on this + * are changed, allow any usage in PSA. */ + /* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */ + key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; psa_key_policy_set_usage( &key_policy, key_usage, cipher_psa->alg ); status = psa_set_key_policy( cipher_psa->slot, &key_policy ); if( status != PSA_SUCCESS )