Finish / Verify state checks

Ensure finish only called when encrypting and verify only called for decrypting, and add tests to ensure this. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 19:15:20 +01:00 · 2021-06-22 19:15:20 +01:00 · 534d0b4484
commit 534d0b4484
parent f88a565f18
2 changed files with 37 additions and 2 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3780,7 +3780,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
        goto exit;
    }

-    if( !operation->nonce_set )
+    if( !operation->nonce_set || operation->is_encrypt == 0 )
    {
        status = PSA_ERROR_BAD_STATE;
        goto exit;
@ -3829,7 +3829,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
        goto exit;
    }

-    if( !operation->nonce_set )
+    if( !operation->nonce_set || operation->is_encrypt == 1 )
    {
        status = PSA_ERROR_BAD_STATE;
        goto exit;
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -4037,6 +4037,41 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,

    psa_aead_abort( &operation );

+    /* Test calling finish on decryption. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_finish( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer, tag_length,
+                                 &tag_size ),
+                PSA_ERROR_BAD_STATE );
+
+    psa_aead_abort( &operation );
+
+    /* Test calling verify on encryption. */
+
+    operation = psa_aead_operation_init( );
+
+    PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+    PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+    TEST_EQUAL( psa_aead_verify( &operation, final_data,
+                                 finish_output_size,
+                                 &output_part_length,
+                                 tag_buffer,
+                                 tag_length ),
+                PSA_ERROR_BAD_STATEcd );
+
+    psa_aead_abort( &operation );
+
+
 exit:
    psa_destroy_key( key );
    psa_aead_abort( &operation );