diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-11-22 19:57:37 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-11-29 17:19:45 -0600 |
| commit | a4bfc08b8d2ed312eeb1b0558ac20f285feb8cc2 (patch) | |
| tree | 3548f67d5eb42eaf5ca5b4eda3d661f369fcc399 | |
| parent | ce9c611feb4db781fcab5b7bbc68b936816d6a73 (diff) | |
| download | cryptography-a4bfc08b8d2ed312eeb1b0558ac20f285feb8cc2.tar.gz cryptography-a4bfc08b8d2ed312eeb1b0558ac20f285feb8cc2.tar.bz2 cryptography-a4bfc08b8d2ed312eeb1b0558ac20f285feb8cc2.zip | |
invalidtag exception for gcm
This exception is probably not safe. It depends on the assumption that
if ERR_get_error returns a 0 then it is an AEAD tag error.
| -rw-r--r-- | cryptography/exceptions.py | 4 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/backend.py | 5 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 4 |
3 files changed, 9 insertions, 4 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index d56db214..e9d88199 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -26,3 +26,7 @@ class AlreadyUpdated(Exception): class NotYetFinalized(Exception): pass + + +class InvalidTag(Exception): + pass diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index fdb67628..527706bc 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -19,7 +19,7 @@ import sys import cffi from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm, InvalidTag from cryptography.hazmat.bindings.interfaces import ( CipherBackend, HashBackend, HMACBackend ) @@ -200,7 +200,8 @@ class Backend(object): def _handle_error(self): code = self.lib.ERR_get_error() - assert code != 0 + if not code: + raise InvalidTag lib = self.lib.ERR_GET_LIB(code) func = self.lib.ERR_GET_FUNC(code) reason = self.lib.ERR_GET_REASON(code) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 8df02e78..39f5ae82 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -7,7 +7,7 @@ from cryptography.hazmat.bindings import _ALL_BACKENDS from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.exceptions import ( - AlreadyFinalized, NotYetFinalized, AlreadyUpdated, + AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag, ) from ...utils import load_vectors_from_file @@ -95,7 +95,7 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, decryptor = cipher.decryptor() decryptor.add_data(binascii.unhexlify(aad)) actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext)) - with pytest.raises(AssertionError): + with pytest.raises(InvalidTag): decryptor.finalize() else: cipher = Cipher( |