Improve state logic
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 14ef6e5..fb74a0d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3254,8 +3254,8 @@
goto exit;
}
- if( operation->nonce_set || operation->ad_started ||
- operation->body_started )
+ if( operation->nonce_set || operation->lengths_set ||
+ operation->ad_started || operation->body_started )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3316,9 +3316,8 @@
goto exit;
}
- if( operation->nonce_set || operation->ad_started ||
-
- operation->body_started )
+ if( operation->nonce_set || operation->lengths_set ||
+ operation->ad_started || operation->body_started )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3375,8 +3374,8 @@
goto exit;
}
- if( operation->nonce_set || operation->ad_started ||
- operation->body_started )
+ if( operation->nonce_set || operation->lengths_set ||
+ operation->ad_started || operation->body_started )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3430,11 +3429,11 @@
goto exit;
}
- /* Not checking nonce size here as GCM spec allows almost abitrarily large
- * nonces. Please note that we do not generally recommend the usage of
- * nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces
- * are hashed to a shorter size, which can then lead to collisions if you
- encrypt a very large number of messages. */
+ /* Not checking nonce size here as GCM spec allows almost arbitrarily
+ * large nonces. Please note that we do not generally recommend the usage
+ * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large
+ * nonces are hashed to a shorter size, which can then lead to collisions
+ * if you encrypt a very large number of messages.*/
status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
nonce_length );
@@ -3462,7 +3461,8 @@
goto exit;
}
- if( operation->lengths_set )
+ if( operation->lengths_set || operation->ad_started ||
+ operation->body_started)
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3497,7 +3497,7 @@
goto exit;
}
- if( !operation->nonce_set )
+ if( !operation->nonce_set || operation->body_started )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3505,7 +3505,7 @@
if( operation->lengths_set )
{
- if ( operation->ad_remaining < input_length )
+ if( operation->ad_remaining < input_length )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -3546,7 +3546,7 @@
goto exit;
}
- if( !operation->nonce_set || !operation->ad_started )
+ if( !operation->nonce_set )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3606,8 +3606,7 @@
goto exit;
}
- if( !operation->nonce_set || !operation->ad_started ||
- !operation->body_started )
+ if( !operation->nonce_set )
{
status = PSA_ERROR_BAD_STATE;
goto exit;
@@ -3616,7 +3615,7 @@
if( operation->lengths_set && (operation->ad_remaining != 0 ||
operation->body_remaining != 0 ) )
{
- status = PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3651,8 +3650,7 @@
goto exit;
}
- if( !operation->nonce_set || !operation->ad_started ||
- !operation->body_started )
+ if( !operation->nonce_set )
{
status = PSA_ERROR_BAD_STATE;
goto exit;