commit f494bcd31347456c58362efa606832de14e8f461
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Mar 01 15:11:46 2021 +0100
committer gabor-mezei-arm <gabor.mezei@arm.com> Tue Jun 29 19:48:59 2021 +0200
tree 8c2beb2cab04c53fbc2d536e2fde0010e16ce88d
parent ba0fa75eae8cd6a5b48a6cb36826f972193226b5

Add tests for one-shot hash cipher functions

Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

tests/suites/test_suite_psa_crypto.function

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 41e2972..ad9decf 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2413,10 +2413,221 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void cipher_encrypt( int alg_arg, int key_type_arg,
-                     data_t *key_data, data_t *iv,
-                     data_t *input, data_t *expected_output,
-                     int expected_status_arg )
+void cipher_encrypt_error( int alg_arg,
+                           int key_type_arg,
+                           data_t *key_data,
+                           data_t *input,
+                           int expected_status_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_status_t status;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *output = NULL;
+    size_t output_buffer_size = 0;
+    size_t output_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    if ( PSA_ERROR_BAD_STATE != expected_status )
+    {
+        PSA_ASSERT( psa_crypto_init( ) );
+
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+        psa_set_key_algorithm( &attributes, alg );
+        psa_set_key_type( &attributes, key_type );
+
+        output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+                                                             input->len );
+        ASSERT_ALLOC( output, output_buffer_size );
+
+        PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                    &key ) );
+    }
+
+    status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
+                                 output_buffer_size, &output_length );
+
+    TEST_EQUAL( status, expected_status );
+
+exit:
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_noiv( int alg_arg,
+                          int key_type_arg,
+                          data_t *key_data,
+                          data_t *input,
+                          data_t *expected_output )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    unsigned char *output = NULL;
+    size_t output_buffer_size = 0;
+    size_t output_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+    ASSERT_ALLOC( output, output_buffer_size );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
+                                    output_buffer_size, &output_length ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+
+    ASSERT_COMPARE( expected_output->x, expected_output->len,
+                    output, output_length );
+exit:
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_sanity( int alg_arg,
+                            int key_type_arg,
+                            data_t *key_data,
+                            data_t *input )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    unsigned char *output = NULL;
+    size_t output_buffer_size = 0;
+    size_t output_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+    ASSERT_ALLOC( output, output_buffer_size );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
+                                    output_buffer_size, &output_length ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+
+    /* The one-shot cipher encryption uses generated iv so validating
+       the output is not possible. Only sanity checking is done here. */
+exit:
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_validation( int alg_arg,
+                                int key_type_arg,
+                                data_t *key_data,
+                                data_t *input )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
+    unsigned char *output1 = NULL;
+    size_t output1_buffer_size = 0;
+    size_t output1_length = 0;
+    unsigned char *output2 = NULL;
+    size_t output2_buffer_size = 0;
+    size_t output2_length = 0;
+    size_t function_output_length = 0;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+    output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+                          PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
+    ASSERT_ALLOC( output1, output1_buffer_size );
+    ASSERT_ALLOC( output2, output2_buffer_size );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
+                                    output1_buffer_size, &output1_length ) );
+    TEST_ASSERT( output1_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+    TEST_ASSERT( output1_length <=
+                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
+
+    PSA_ASSERT( psa_cipher_update( &operation,
+                                   input->x, input->len,
+                                   output2, output2_buffer_size,
+                                   &function_output_length ) );
+    TEST_ASSERT( function_output_length <=
+                 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+    TEST_ASSERT( function_output_length <=
+                 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+    output2_length += function_output_length;
+
+    PSA_ASSERT( psa_cipher_finish( &operation,
+                                   output2 + output2_length,
+                                   output2_buffer_size - output2_length,
+                                   &function_output_length ) );
+    TEST_ASSERT( function_output_length <=
+                 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+    TEST_ASSERT( function_output_length <=
+                 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+    output2_length += function_output_length;
+
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+    ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
+                    output2, output2_length );
+
+exit:
+    psa_cipher_abort( &operation );
+    mbedtls_free( output1 );
+    mbedtls_free( output2 );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_simple_multipart( int alg_arg,
+                                      int key_type_arg,
+                                      data_t *key_data,
+                                      data_t *iv,
+                                      data_t *input,
+                                      data_t *expected_output,
+                                      int expected_status_arg )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
@@ -2446,9 +2657,8 @@
         PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     }
 
-    output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
-    TEST_ASSERT( output_buffer_size <=
-                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+    output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+                         PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
     ASSERT_ALLOC( output, output_buffer_size );
 
     PSA_ASSERT( psa_cipher_update( &operation,
@@ -2525,9 +2735,8 @@
         PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     }
 
-    output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
-    TEST_ASSERT( output_buffer_size <=
-                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+    output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+                         PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
     ASSERT_ALLOC( output, output_buffer_size );
 
     TEST_ASSERT( first_part_size <= input->len );
@@ -2617,9 +2826,8 @@
         PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     }
 
-    output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
-    TEST_ASSERT( output_buffer_size <=
-                 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
+    output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+                         PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
     ASSERT_ALLOC( output, output_buffer_size );
 
     TEST_ASSERT( first_part_size <= input->len );
@@ -2674,10 +2882,13 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void cipher_decrypt( int alg_arg, int key_type_arg,
-                     data_t *key_data, data_t *iv,
-                     data_t *input, data_t *expected_output,
-                     int expected_status_arg )
+void cipher_decrypt_simple_multipart( int alg_arg,
+                                      int key_type_arg,
+                                      data_t *key_data,
+                                      data_t *iv,
+                                      data_t *input,
+                                      data_t *expected_output,
+                                      int expected_status_arg )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
@@ -2707,9 +2918,8 @@
         PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     }
 
-    output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
-    TEST_ASSERT( output_buffer_size <=
-                 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
+    output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+                         PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
     ASSERT_ALLOC( output, output_buffer_size );
 
     PSA_ASSERT( psa_cipher_update( &operation,
@@ -2750,25 +2960,132 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void cipher_verify_output( int alg_arg, int key_type_arg,
+void cipher_decrypt_error( int alg_arg,
+                           int key_type_arg,
+                           data_t *key_data,
+                           data_t *iv,
+                           data_t *input_arg,
+                           int expected_status_arg )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_status_t status;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_status_t expected_status = expected_status_arg;
+    unsigned char *input = NULL;
+    size_t input_buffer_size = 0;
+    unsigned char *output = NULL;
+    size_t output_buffer_size = 0;
+    size_t output_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    if ( PSA_ERROR_BAD_STATE != expected_status )
+    {
+        PSA_ASSERT( psa_crypto_init( ) );
+
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+        psa_set_key_algorithm( &attributes, alg );
+        psa_set_key_type( &attributes, key_type );
+
+        PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                    &key ) );
+    }
+
+    /* Allocate input buffer and copy the iv and the plaintext */
+    input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
+    if ( input_buffer_size > 0 )
+    {
+        ASSERT_ALLOC( input, input_buffer_size );
+        memcpy( input, iv->x, iv->len );
+        memcpy( input + iv->len, input_arg->x, input_arg->len );
+    }
+
+    output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
+    ASSERT_ALLOC( output, output_buffer_size );
+
+    status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
+                                 output_buffer_size, &output_length );
+    TEST_EQUAL( status, expected_status );
+
+exit:
+    mbedtls_free( input );
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt( int alg_arg,
+                     int key_type_arg,
+                     data_t *key_data,
+                     data_t *iv,
+                     data_t *input_arg,
+                     data_t *expected_output )
+{
+    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_algorithm_t alg = alg_arg;
+    unsigned char *input = NULL;
+    size_t input_buffer_size = 0;
+    unsigned char *output = NULL;
+    size_t output_buffer_size = 0;
+    size_t output_length = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    /* Allocate input buffer and copy the iv and the plaintext */
+    input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
+    if ( input_buffer_size > 0 )
+    {
+        ASSERT_ALLOC( input, input_buffer_size );
+        memcpy( input, iv->x, iv->len );
+        memcpy( input + iv->len, input_arg->x, input_arg->len );
+    }
+
+    output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
+    ASSERT_ALLOC( output, output_buffer_size );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &key ) );
+
+    PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
+                                    output_buffer_size, &output_length ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
+    TEST_ASSERT( output_length <=
+                 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
+
+    ASSERT_COMPARE( expected_output->x, expected_output->len,
+                    output, output_length );
+exit:
+    mbedtls_free( input );
+    mbedtls_free( output );
+    psa_destroy_key( key );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_verify_output( int alg_arg,
+                           int key_type_arg,
                            data_t *key_data,
                            data_t *input )
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    unsigned char iv[16] = {0};
-    size_t iv_size = 16;
-    size_t iv_length = 0;
     unsigned char *output1 = NULL;
     size_t output1_size = 0;
     size_t output1_length = 0;
     unsigned char *output2 = NULL;
     size_t output2_size = 0;
     size_t output2_length = 0;
-    size_t function_output_length = 0;
-    psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
-    psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -2779,82 +3096,31 @@
 
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &key ) );
-
-    PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
-    PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
-
-    if( alg != PSA_ALG_ECB_NO_PADDING )
-    {
-        PSA_ASSERT( psa_cipher_generate_iv( &operation1,
-                                            iv, iv_size,
-                                            &iv_length ) );
-    }
     output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
-    TEST_ASSERT( output1_size <=
-                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
     ASSERT_ALLOC( output1, output1_size );
 
-    PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
-                                   output1, output1_size,
-                                   &output1_length ) );
+    PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
+                                    output1, output1_size,
+                                    &output1_length ) );
     TEST_ASSERT( output1_length <=
-                 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+                 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
     TEST_ASSERT( output1_length <=
-                 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
-
-    PSA_ASSERT( psa_cipher_finish( &operation1,
-                                   output1 + output1_length,
-                                   output1_size - output1_length,
-                                   &function_output_length ) );
-    TEST_ASSERT( function_output_length <=
-                 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
-    TEST_ASSERT( function_output_length <=
-                 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
-
-    output1_length += function_output_length;
-
-    PSA_ASSERT( psa_cipher_abort( &operation1 ) );
+                 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
 
     output2_size = output1_length;
-    TEST_ASSERT( output2_size <=
-                 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
-    TEST_ASSERT( output2_size <=
-                 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
     ASSERT_ALLOC( output2, output2_size );
 
-    if( iv_length > 0 )
-    {
-        PSA_ASSERT( psa_cipher_set_iv( &operation2,
-                                       iv, iv_length ) );
-    }
-
-    PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
-                                   output2, output2_size,
-                                   &output2_length ) );
+    PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
+                                    output2, output2_size,
+                                    &output2_length ) );
     TEST_ASSERT( output2_length <=
-                 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) );
+                 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
     TEST_ASSERT( output2_length <=
-                 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) );
-
-    function_output_length = 0;
-    PSA_ASSERT( psa_cipher_finish( &operation2,
-                                   output2 + output2_length,
-                                   output2_size - output2_length,
-                                   &function_output_length ) );
-    TEST_ASSERT( function_output_length <=
-                 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
-    TEST_ASSERT( function_output_length <=
-                 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
-
-    output2_length += function_output_length;
-
-    PSA_ASSERT( psa_cipher_abort( &operation2 ) );
+                 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
 
     ASSERT_COMPARE( input->x, input->len, output2, output2_length );
 
 exit:
-    psa_cipher_abort( &operation1 );
-    psa_cipher_abort( &operation2 );
     mbedtls_free( output1 );
     mbedtls_free( output2 );
     psa_destroy_key( key );