From 007e5e11d761a9d05adf7f074c8fdda427c38b10 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 12 Jan 2014 14:25:49 -0800
Subject: Verify the tag len for GCM

---
 docs/hazmat/primitives/symmetric-encryption.rst | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'docs/hazmat/primitives/symmetric-encryption.rst')

diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 83165690..7d954046 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -324,6 +324,11 @@ Modes
             return (iv, ciphertext, encryptor.tag)
 
         def decrypt(key, associated_data, iv, ciphertext, tag):
+            if len(tag) != 16:
+                raise ValueError(
+                    "tag must be 16 bytes -- truncation not supported"
+                )
+
             # Construct a Cipher object, with the key, iv, and additionally the
             # GCM tag used for authenticating the message.
             decryptor = Cipher(
-- 
cgit v1.2.3