Fix an EAX bug in reset()

It failed to reset any data that had been fed into CMAC so far, so a sequence with eax->set_key(key); eax->start(nonce); eax->process(discarded_bits); eax->reset(); eax->start(second_nonce); eax->process(second_msg); would produce incorrect results
author: Jack Lloyd <[email protected]> 2018-08-17 17:09:26 -0400
committer: Jack Lloyd <[email protected]> 2018-08-17 17:09:26 -0400
commit: 18af8859a5c007c6df47181be0fabf2913204979 (patch)
tree: cafd241b6ec165eed109acd1086920f0e2f9cf92 /src/lib/modes
parent: cc96212bc6168fac918f071730bffbef7c0059c5 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/modes/aead/eax/eax.cpp b/src/lib/modes/aead/eax/eax.cpp
index dbd916db9..a03c5e802 100644
--- a/src/lib/modes/aead/eax/eax.cpp
+++ b/src/lib/modes/aead/eax/eax.cpp
@@ -57,6 +57,12 @@ void EAX_Mode::reset()
    {
    m_ad_mac.clear();
    m_nonce_mac.clear();
+
+   // Clear out any data added to the CMAC calculation
+   try {
+      m_cmac->final();
+   }
+   catch(Key_Not_Set&) {}
    }
 
 std::string EAX_Mode::name() const
@@ -115,6 +121,7 @@ void EAX_Mode::start_msg(const uint8_t nonce[], size_t nonce_len)
 
 size_t EAX_Encryption::process(uint8_t buf[], size_t sz)
    {
+   BOTAN_ASSERT_NOMSG(m_nonce_mac.empty() == false);
    m_ctr->cipher(buf, buf, sz);
    m_cmac->update(buf, sz);
    return sz;
@@ -122,6 +129,7 @@ size_t EAX_Encryption::process(uint8_t buf[], size_t sz)
 
 void EAX_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
    {
+   BOTAN_ASSERT_NOMSG(m_nonce_mac.empty() == false);
    update(buffer, offset);
 
    secure_vector<uint8_t> data_mac = m_cmac->final();
author	Jack Lloyd <[email protected]>	2018-08-17 17:09:26 -0400
committer	Jack Lloyd <[email protected]>	2018-08-17 17:09:26 -0400
commit	18af8859a5c007c6df47181be0fabf2913204979 (patch)
tree	cafd241b6ec165eed109acd1086920f0e2f9cf92 /src/lib/modes
parent	cc96212bc6168fac918f071730bffbef7c0059c5 (diff)