From 4a83c1047f51e39d30e2b27d1a7982177879dc7a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 20 Apr 2022 17:00:22 +0200
Subject: [PATCH] Fix RC4 multipart PSA

RC4 doesn't take an IV.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/psa-rc4.txt                              | 3 +++
 library/psa_crypto.c                                 | 2 ++
 tests/suites/test_suite_psa_crypto_op_fail.misc.data | 6 ++++++
 3 files changed, 11 insertions(+)
 create mode 100644 ChangeLog.d/psa-rc4.txt

diff --git a/ChangeLog.d/psa-rc4.txt b/ChangeLog.d/psa-rc4.txt
new file mode 100644
index 000000000..852dd3ecc
--- /dev/null
+++ b/ChangeLog.d/psa-rc4.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix PSA cipher multipart operations using RC4. Previously, an IV was
+     required but discarded. Now, an IV is rejected, as it should be.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9446ea9f2..7db30575d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3359,6 +3359,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
     operation->iv_set = 0;
     if( alg == PSA_ALG_ECB_NO_PADDING )
         operation->iv_required = 0;
+    else if( slot->attr.type == PSA_KEY_TYPE_ARC4 )
+        operation->iv_required = 0;
     else
         operation->iv_required = 1;
     operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
diff --git a/tests/suites/test_suite_psa_crypto_op_fail.misc.data b/tests/suites/test_suite_psa_crypto_op_fail.misc.data
index b25053dcc..e82763912 100644
--- a/tests/suites/test_suite_psa_crypto_op_fail.misc.data
+++ b/tests/suites/test_suite_psa_crypto_op_fail.misc.data
@@ -11,21 +11,27 @@ hash_fail:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
 # The RC4 construction allows any whole number of bytes from 1 to 256 bytes
 # (8 to 2048 bits).
 PSA cipher STREAM_CIPHER: 8-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"41":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 PSA cipher STREAM_CIPHER: 40-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"4152433420":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 PSA cipher STREAM_CIPHER: 120-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"41524334206b657941524334206b65":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 PSA cipher STREAM_CIPHER: 136-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"41524334206b657941524334206b657941":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 PSA cipher STREAM_CIPHER: 256-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"41524334206b657941524334206b657941524334206b657941524334206b6579":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 PSA cipher STREAM_CIPHER: 2048-bit ARC4 never supported
+depends_on:PSA_WANT_KEY_TYPE_ARC4
 cipher_fail:PSA_KEY_TYPE_ARC4:"41524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b657941524334206b6579":PSA_ALG_STREAM_CIPHER:PSA_ERROR_NOT_SUPPORTED
 
 # Redundant, to help debugging the test code