diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7a7238cc6..c1071b0f3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3780,7 +3780,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set ) + if( !operation->nonce_set || operation->is_encrypt == 0 ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3829,7 +3829,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set ) + if( !operation->nonce_set || operation->is_encrypt == 1 ) { status = PSA_ERROR_BAD_STATE; goto exit; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 38545bccc..67f239523 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4037,6 +4037,41 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test calling finish on decryption. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling verify on encryption. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATEcd ); + + psa_aead_abort( &operation ); + + exit: psa_destroy_key( key ); psa_aead_abort( &operation );