From 884f6af590b7d256370f1bd9cb3f2609fe56bc78 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 12 Nov 2018 13:33:16 +0000
Subject: [PATCH] Always configure PSA-based keys for encryption and decryption

Mbed TLS cipher layer allows usage of keys for other purposes
than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`.
The semantics of the PSA Crypto API, in contrast, checks key
usage against the key policy.

As a remedy, this commit modifies the PSA key slot setup to
always allow both encryption and decryption.
---
 library/cipher.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/library/cipher.c b/library/cipher.c
index a83d3c6a6..243c73918 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -310,7 +310,13 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
 
         /* Setup policy for the new key slot. */
         psa_key_policy_init( &key_policy );
-        key_usage = mbedtls_psa_translate_cipher_operation( operation );
+
+        /* Mbed TLS' cipher layer doesn't enforce the mode of operation
+         * (encrypt vs. decrypt): it is possible to setup a key for encryption
+         * and use it for AEAD decryption. Until tests relying on this
+         * are changed, allow any usage in PSA. */
+        /* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */
+        key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
         psa_key_policy_set_usage( &key_policy, key_usage, cipher_psa->alg );
         status = psa_set_key_policy( cipher_psa->slot, &key_policy );
         if( status != PSA_SUCCESS )