psa: Disallow repeated setup

Calling psa_*_setup() twice on a MAC, cipher, or hash context should result in a PSA_ERROR_BAD_STATE error because the operation has already been set up. Fixes #10
2025-07-30 22:43:08 +03:00 · 2019-02-19 09:25:10 +00:00
parent 11aa7ee189
commit 36ee5d0fbf
2 changed files with 45 additions and 1 deletions
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -2012,6 +2012,12 @@ void hash_bad_order( )

    PSA_ASSERT( psa_crypto_init( ) );

+    /* Call setup twice in a row. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    TEST_EQUAL( psa_hash_setup( &operation, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
    /* Call update without calling setup beforehand. */
    TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
                PSA_ERROR_BAD_STATE );
@ -2336,6 +2342,14 @@ void mac_bad_order( )
                PSA_ERROR_BAD_STATE );
    PSA_ASSERT( psa_mac_abort( &operation ) );

+    /* Call setup twice in a row. */
+    PSA_ASSERT( psa_mac_sign_setup( &operation,
+                                    handle, alg ) );
+    TEST_EQUAL( psa_mac_sign_setup( &operation,
+                                    handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
    /* Call update after sign finish. */
    PSA_ASSERT( psa_mac_sign_setup( &operation,
                                    handle, alg ) );
@ -2601,6 +2615,18 @@ void cipher_bad_order( )
                                key, sizeof(key) ) );


+    /* Call encrypt setup twice in a row. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call decrypt setup twice in a row. */
+    PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) );
+    TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
    /* Generate an IV without calling setup beforehand. */
    TEST_EQUAL( psa_cipher_generate_iv( &operation,
                                        buffer, sizeof( buffer ),