Merge pull request #1201 from alex/no-more-truncation

Fixes #1200 -- disallow GCM truncation by default
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-07-01 09:59:54 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-07-01 09:59:54 -0600
commit: 8e2dabd263ba57d7ca0fd60274b1273d83a17b6f (patch)
tree: 8a91738c6257885aaaf6f1819c1128696ab4bf8d /tests/hazmat
parent: af924ee5088af510934bb76efc6bd8ba584e68c0 (diff)
parent: a94775925595bf21c849af6eca1a833e51d12e4e (diff)
download: cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.tar.gz
cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.tar.bz2
cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.zip
2 files changed, 11 insertions, 6 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 173075d6..5bde7d3c 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -225,6 +225,6 @@ class TestAESModeGCM(object):
             "gcmEncryptExtIV192.rsp",
             "gcmEncryptExtIV256.rsp",
         ],
-        lambda key: algorithms.AES(key),
-        lambda iv, tag: modes.GCM(iv, tag),
+        algorithms.AES,
+        modes.GCM,
     )
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 49b73f01..6428b03e 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -90,7 +90,8 @@ def aead_test(backend, cipher_factory, mode_factory, params):
         cipher = Cipher(
             cipher_factory(binascii.unhexlify(params["key"])),
             mode_factory(binascii.unhexlify(params["iv"]),
-                         binascii.unhexlify(params["tag"])),
+                         binascii.unhexlify(params["tag"]),
+                         len(binascii.unhexlify(params["tag"]))),
             backend
         )
         decryptor = cipher.decryptor()
@@ -108,12 +109,13 @@ def aead_test(backend, cipher_factory, mode_factory, params):
         encryptor.authenticate_additional_data(binascii.unhexlify(aad))
         actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
         actual_ciphertext += encryptor.finalize()
-        tag_len = len(params["tag"])
-        assert binascii.hexlify(encryptor.tag)[:tag_len] == params["tag"]
+        tag_len = len(binascii.unhexlify(params["tag"]))
+        assert binascii.hexlify(encryptor.tag[:tag_len]) == params["tag"]
         cipher = Cipher(
             cipher_factory(binascii.unhexlify(params["key"])),
             mode_factory(binascii.unhexlify(params["iv"]),
-                         binascii.unhexlify(params["tag"])),
+                         binascii.unhexlify(params["tag"]),
+                         min_tag_length=tag_len),
             backend
         )
         decryptor = cipher.decryptor()
@@ -309,6 +311,9 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory):
     with pytest.raises(ValueError):
         mode_factory(binascii.unhexlify(b"0" * 24), b"000")
 
+    with pytest.raises(ValueError):
+        mode_factory(binascii.unhexlify(b"0" * 24), b"000000", 2)
+
     cipher = Cipher(
         cipher_factory(binascii.unhexlify(b"0" * 32)),
         mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-07-01 09:59:54 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-07-01 09:59:54 -0600
commit	8e2dabd263ba57d7ca0fd60274b1273d83a17b6f (patch)
tree	8a91738c6257885aaaf6f1819c1128696ab4bf8d /tests/hazmat
parent	af924ee5088af510934bb76efc6bd8ba584e68c0 (diff)
parent	a94775925595bf21c849af6eca1a833e51d12e4e (diff)
download	cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.tar.gz cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.tar.bz2 cryptography-8e2dabd263ba57d7ca0fd60274b1273d83a17b6f.zip