Merge pull request #386 from alex/move-gcm-tag-validation

Move GCM tag size/value validation farther forward

4 files changed, 20 insertions, 15 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index b25d86d0..a295d31a 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -233,18 +233,11 @@ class _CipherContext(object):
             )
             assert res != 0
             if operation == self._DECRYPT:
-                if not mode.tag or len(mode.tag) < 4:
-                    raise ValueError("Authentication tag must be provided and "
-                                     "be 4 bytes or longer when decrypting")
                 res = self._backend.lib.EVP_CIPHER_CTX_ctrl(
                     ctx, self._backend.lib.EVP_CTRL_GCM_SET_TAG,
                     len(mode.tag), mode.tag
                 )
                 assert res != 0
-            else:
-                if mode.tag:
-                    raise ValueError("Authentication tag must be None when "
-                                     "encrypting")
 
         # pass key/iv
         res = self._backend.lib.EVP_CipherInit_ex(ctx, self._backend.ffi.NULL,
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index b8615cb9..1da0802c 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -30,16 +30,26 @@ class Cipher(object):
         self._backend = backend
 
     def encryptor(self):
+        if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
+            if self.mode.tag is not None:
+                raise ValueError(
+                    "Authentication tag must be None when encrypting"
+                )
         ctx = self._backend.create_symmetric_encryption_ctx(
             self.algorithm, self.mode
         )
-        return self._wrap_ctx(ctx, True)
+        return self._wrap_ctx(ctx, encrypt=True)
 
     def decryptor(self):
+        if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
+            if self.mode.tag is None:
+                raise ValueError(
+                    "Authentication tag must be provided when decrypting"
+                )
         ctx = self._backend.create_symmetric_decryption_ctx(
             self.algorithm, self.mode
         )
-        return self._wrap_ctx(ctx, False)
+        return self._wrap_ctx(ctx, encrypt=False)
 
     def _wrap_ctx(self, ctx, encrypt):
         if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py
index e1c70185..ab8501c6 100644
--- a/cryptography/hazmat/primitives/ciphers/modes.py
+++ b/cryptography/hazmat/primitives/ciphers/modes.py
@@ -65,5 +65,10 @@ class GCM(object):
     name = "GCM"
 
     def __init__(self, initialization_vector, tag=None):
+        if tag is not None and len(tag) < 4:
+            raise ValueError(
+                "Authentication tag must be 4 bytes or longer"
+            )
+
         self.initialization_vector = initialization_vector
         self.tag = tag
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index cdcf84cb..6ecc70ff 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -264,13 +264,10 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory):
     )
     with pytest.raises(ValueError):
         cipher.decryptor()
-    cipher = Cipher(
-        cipher_factory(binascii.unhexlify(b"0" * 32)),
-        mode_factory(binascii.unhexlify(b"0" * 24), b"000"),
-        backend
-    )
+
     with pytest.raises(ValueError):
-        cipher.decryptor()
+        mode_factory(binascii.unhexlify(b"0" * 24), b"000")
+
     cipher = Cipher(
         cipher_factory(binascii.unhexlify(b"0" * 32)),
         mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),