From ad9d82cc0e675ae2daec00d31d19b123998f2a23 Mon Sep 17 00:00:00 2001
From: Moran Peker <moran.peker@arm.com>
Date: Mon, 30 Apr 2018 12:31:04 +0300
Subject: [PATCH] add iv_required field to psa_cipher_operation_s and fix
 relevant functions

---
 include/psa/crypto_struct.h |  1 +
 library/psa_crypto.c        | 21 ++++++++++++---------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 2975bdcb0..639c15e76 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -101,6 +101,7 @@ struct psa_cipher_operation_s
 {
     psa_algorithm_t alg;
     int key_set : 1;
+    int iv_required : 1;
     int iv_set : 1;
     uint8_t iv_size;
     uint8_t block_size;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b29b763f6..c5a845664 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1309,9 +1309,10 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
     mbedtls_cipher_padding_t mode = MBEDTLS_PADDING_NONE;
 
     operation->alg = alg;
-    operation->key_set = 0;	
-    operation->iv_set = 0;	
-    operation->iv_size = 0;	
+    operation->key_set = 0;
+    operation->iv_set = 0;
+    operation->iv_required = 1;
+    operation->iv_size = 0;
     operation->block_size = 0;
 
     status = psa_get_key_information( key, &key_type, &key_bits );
@@ -1397,7 +1398,7 @@ psa_status_t psa_encrypt_generate_iv(psa_cipher_operation_t *operation,
                                      size_t *iv_length)
 {
     int ret = PSA_SUCCESS;
-    if( operation->iv_set )
+    if( operation->iv_set || !( operation->iv_required ) )
         return( PSA_ERROR_BAD_STATE );
     if( iv_size < operation->iv_size )
     {
@@ -1425,7 +1426,7 @@ psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation,
                                 size_t iv_length)
 {
     int ret = PSA_SUCCESS;
-    if( operation->iv_set )
+    if( operation->iv_set || !( operation->iv_required ) )
         return( PSA_ERROR_BAD_STATE );
     if (iv_length != operation->iv_size)
     {
@@ -1442,6 +1443,7 @@ psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation,
     }
 
     operation->iv_set = 1;
+    operation->iv_required = 0;
 
     return ( PSA_SUCCESS );
 }
@@ -1480,7 +1482,7 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
 
     if( ! operation->key_set )
         return( PSA_ERROR_BAD_STATE );
-    if( ! operation->iv_set )
+    if ( operation->iv_required && ! operation->iv_set )
         return( PSA_ERROR_BAD_STATE );
     if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT )
     {
@@ -1515,10 +1517,11 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
     mbedtls_cipher_free( &operation->ctx.cipher );
     
     operation->alg = 0;
-    operation->key_set = 0;	
-    operation->iv_set = 0;	
-    operation->iv_size = 0;	
+    operation->key_set = 0;
+    operation->iv_set = 0;
+    operation->iv_size = 0;
     operation->block_size = 0;
+    operation->iv_required = 0;
 
     return ( PSA_SUCCESS );
 }