Finish / Verify state checks
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7a7238c..c1071b0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3780,7 +3780,7 @@
goto exit;
}
- if( !operation->nonce_set )
+ if( !operation->nonce_set || operation->is_encrypt == 0 )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3829,7 +3829,7 @@
goto exit;
}
- if( !operation->nonce_set )
+ if( !operation->nonce_set || operation->is_encrypt == 1 )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 38545bc..67f2395 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4037,6 +4037,41 @@
psa_aead_abort( &operation );
+ /* Test calling finish on decryption. */
+
+ operation = psa_aead_operation_init( );
+
+ PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ TEST_EQUAL( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ),
+ PSA_ERROR_BAD_STATE );
+
+ psa_aead_abort( &operation );
+
+ /* Test calling verify on encryption. */
+
+ operation = psa_aead_operation_init( );
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ TEST_EQUAL( psa_aead_verify( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer,
+ tag_length ),
+ PSA_ERROR_BAD_STATEcd );
+
+ psa_aead_abort( &operation );
+
+
exit:
psa_destroy_key( key );
psa_aead_abort( &operation );