diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-17 21:49:03 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-17 09:49:03 -0400 |
| commit | d4378e42937b56f473ddade2667f919ce32208cb (patch) | |
| tree | f2374c70935a8b64e3b13d2d89314675d71cdeee /tests/hazmat/primitives/test_aes.py | |
| parent | c574e7554c7aa27c56f6478258a4e18f79457652 (diff) | |
| download | cryptography-d4378e42937b56f473ddade2667f919ce32208cb.tar.gz cryptography-d4378e42937b56f473ddade2667f919ce32208cb.tar.bz2 cryptography-d4378e42937b56f473ddade2667f919ce32208cb.zip | |
disallow implicit tag truncation with finalize_with_tag (#4342)
Diffstat (limited to 'tests/hazmat/primitives/test_aes.py')
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index d6f83ebc..4ceccf15 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -439,3 +439,19 @@ class TestAESModeGCM(object): decryptor.finalize() else: decryptor.finalize_with_tag(tag) + + @pytest.mark.supported( + only_if=lambda backend: ( + not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or + backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ), + skip_message="Not supported on OpenSSL 1.0.1", + ) + def test_gcm_tag_decrypt_finalize_tag_length(self, backend): + decryptor = base.Cipher( + algorithms.AES(b"0" * 16), + modes.GCM(b"0" * 12), + backend=backend + ).decryptor() + with pytest.raises(ValueError): + decryptor.finalize_with_tag(b"tagtooshort") |