From 8eb9dafda1a298ef9113e8656c83b8c59ac2e147 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 4 Jun 2021 16:42:21 +0100
Subject: [PATCH] Add generate nonce test

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c                        |  2 +-
 tests/suites/test_suite_psa_crypto.data     | 20 +++++
 tests/suites/test_suite_psa_crypto.function | 98 +++++++++++++--------
 3 files changed, 82 insertions(+), 38 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e824123466..8dc6aad534 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3547,7 +3547,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t required_nonce_size;
 
-     *nonce_length = 0;
+    *nonce_length = 0;
 
     if( operation->id == 0 )
     {
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5f87774bbe..f9ce85e59d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2374,6 +2374,26 @@ PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
 depends_on:MBEDTLS_CHACHA20_C
 aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT
 
+PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:PSA_SUCCESS
+
+PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:PSA_SUCCESS
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL
+
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e42015833f..35b9760697 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3176,8 +3176,6 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
     size_t key_bits = 0;
     size_t tag_length = 0;
     size_t tag_size = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
@@ -3228,17 +3226,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data,
 
     PSA_ASSERT( status );
 
-    if( nonce->len == 0 )
-    {
-        PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
-                                             sizeof( nonce_buffer ),
-                                             &nonce_length ) );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
-    }
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
     if( operation.alg == PSA_ALG_GCM )
@@ -3450,17 +3438,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    if( nonce->len == 0 )
-    {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer,
-                                          sizeof( nonce_buffer ),
-                                          &nonce_length );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-    }
+    nonce_length = nonce->len;
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
 
     if( status != PSA_SUCCESS )
     {
@@ -3797,8 +3776,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
     size_t output_length = 0;
     size_t key_bits = 0;
     size_t tag_length = 0;
-    size_t nonce_length = 0;
-    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
     uint32_t part_offset = 0;
     size_t part_length = 0;
     size_t output_part_length = 0;
@@ -3849,17 +3826,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data,
         goto exit;
     }
 
-    if( nonce->len == 0 )
-    {
-        status = psa_aead_generate_nonce( &operation, nonce_buffer,
-                                          sizeof( nonce_buffer ),
-                                          &nonce_length );
-    }
-    else
-    {
-        nonce_length = nonce->len;
-        status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
-    }
+    status = psa_aead_set_nonce( &operation, nonce->x, nonce->len );
 
     if( status != PSA_SUCCESS )
     {
@@ -4022,6 +3989,63 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data,
+                                    int alg_arg,
+                                    int nonce_len,
+                                    int expected_result_arg )
+{
+
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_aead_operation_t operation;
+    uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE];
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    size_t nonce_generated_len = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( & attributes, alg );
+    psa_set_key_type( & attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+
+    operation = psa_aead_operation_init( );
+
+    status = psa_aead_encrypt_setup( &operation, key, alg );
+
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
+    {
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len );
+    }
+
+    PSA_ASSERT( status );
+
+    TEST_ASSERT( nonce_len < PSA_AEAD_NONCE_MAX_SIZE );
+
+    status = psa_aead_generate_nonce( &operation, nonce_buffer,
+                                      nonce_len,
+                                      &nonce_generated_len );
+
+    TEST_ASSERT( status == expected_result_arg );
+
+exit:
+    psa_destroy_key( key );
+    psa_aead_abort( &operation );
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void signature_size( int type_arg,
                      int bits,