From 0153c9436b3f69778dfe5fefc4dde13648ba6bba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Thu, 4 Mar 2021 10:32:59 +0100
Subject: [PATCH] Correct the maximum generated nonce length for CCM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

psa_aead_generate_nonce() could generate a nonce of up to 13 bytes,
depending on the inputs to psa_aead_set_lengths().

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 include/psa/crypto_sizes.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index a87492f83..14b990700 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -351,9 +351,10 @@
  *         or the parameters are incompatible, return 0.
  */
 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
-    (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
-         (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
-          PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
+    (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
+          PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM ? 13 : \
+          PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM ? 12 : \
+          0 : \
      (key_type) == PSA_KEY_TYPE_CHACHA20 && \
           PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
      0)
@@ -369,7 +370,7 @@
  *       just the largest size that may be generated by
  *       #psa_aead_generate_nonce().
  */
-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_AEAD_NONCE_MAX_SIZE 13
 
 /** A sufficient output buffer size for psa_aead_update().
  *