1 files changed, 180 insertions, 4 deletions

diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index d9a07ff6..f29ba9a9 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -5,17 +5,21 @@
 from __future__ import absolute_import, division, print_function
 
 import binascii
+import os
 
 import pytest
 
-from cryptography.exceptions import _Reasons
+from cryptography.exceptions import AlreadyFinalized, _Reasons
+from cryptography.hazmat.backends.interfaces import CipherBackend
 from cryptography.hazmat.primitives import ciphers
+from cryptography.hazmat.primitives.ciphers import modes
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES, ARC4, Blowfish, CAST5, Camellia, IDEA, SEED, TripleDES
 )
-from cryptography.hazmat.primitives.ciphers.modes import ECB
 
-from ...utils import raises_unsupported_algorithm
+from ...utils import (
+    load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm
+)
 
 
 class TestAES(object):
@@ -32,6 +36,34 @@ class TestAES(object):
         with pytest.raises(ValueError):
             AES(binascii.unhexlify(b"0" * 12))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            AES(u"0" * 32)
+
+
+class TestAESXTS(object):
+    @pytest.mark.requires_backend_interface(interface=CipherBackend)
+    @pytest.mark.parametrize(
+        "mode",
+        (modes.CBC, modes.CTR, modes.CFB, modes.CFB8, modes.OFB)
+    )
+    def test_invalid_key_size_with_mode(self, mode, backend):
+        with pytest.raises(ValueError):
+            ciphers.Cipher(AES(b"0" * 64), mode(b"0" * 16), backend)
+
+    def test_xts_tweak_not_bytes(self):
+        with pytest.raises(TypeError):
+            modes.XTS(32)
+
+    def test_xts_tweak_too_small(self):
+        with pytest.raises(ValueError):
+            modes.XTS(b"0")
+
+    @pytest.mark.requires_backend_interface(interface=CipherBackend)
+    def test_xts_wrong_key_size(self, backend):
+        with pytest.raises(ValueError):
+            ciphers.Cipher(AES(b"0" * 16), modes.XTS(b"0" * 16), backend)
+
 
 class TestCamellia(object):
     @pytest.mark.parametrize(("key", "keysize"), [
@@ -47,6 +79,10 @@ class TestCamellia(object):
         with pytest.raises(ValueError):
             Camellia(binascii.unhexlify(b"0" * 12))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            Camellia(u"0" * 32)
+
 
 class TestTripleDES(object):
     @pytest.mark.parametrize("key", [
@@ -62,6 +98,10 @@ class TestTripleDES(object):
         with pytest.raises(ValueError):
             TripleDES(binascii.unhexlify(b"0" * 12))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            TripleDES(u"0" * 16)
+
 
 class TestBlowfish(object):
     @pytest.mark.parametrize(("key", "keysize"), [
@@ -75,6 +115,10 @@ class TestBlowfish(object):
         with pytest.raises(ValueError):
             Blowfish(binascii.unhexlify(b"0" * 6))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            Blowfish(u"0" * 8)
+
 
 class TestCAST5(object):
     @pytest.mark.parametrize(("key", "keysize"), [
@@ -88,6 +132,10 @@ class TestCAST5(object):
         with pytest.raises(ValueError):
             CAST5(binascii.unhexlify(b"0" * 34))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            CAST5(u"0" * 10)
+
 
 class TestARC4(object):
     @pytest.mark.parametrize(("key", "keysize"), [
@@ -107,6 +155,10 @@ class TestARC4(object):
         with pytest.raises(ValueError):
             ARC4(binascii.unhexlify(b"0" * 34))
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            ARC4(u"0" * 10)
+
 
 class TestIDEA(object):
     def test_key_size(self):
@@ -117,6 +169,10 @@ class TestIDEA(object):
         with pytest.raises(ValueError):
             IDEA(b"\x00" * 17)
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            IDEA(u"0" * 16)
+
 
 class TestSEED(object):
     def test_key_size(self):
@@ -127,9 +183,129 @@ class TestSEED(object):
         with pytest.raises(ValueError):
             SEED(b"\x00" * 17)
 
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            SEED(u"0" * 16)
+
 
 def test_invalid_backend():
     pretend_backend = object()
 
     with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
-        ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend)
+        ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), modes.ECB, pretend_backend)
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.cipher_supported(
+        AES(b"\x00" * 16), modes.ECB()
+    ),
+    skip_message="Does not support AES ECB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestCipherUpdateInto(object):
+    @pytest.mark.parametrize(
+        "params",
+        load_vectors_from_file(
+            os.path.join("ciphers", "AES", "ECB", "ECBGFSbox128.rsp"),
+            load_nist_vectors
+        )
+    )
+    def test_update_into(self, params, backend):
+        key = binascii.unhexlify(params["key"])
+        pt = binascii.unhexlify(params["plaintext"])
+        ct = binascii.unhexlify(params["ciphertext"])
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        buf = bytearray(len(pt) + 15)
+        res = encryptor.update_into(pt, buf)
+        assert res == len(pt)
+        assert bytes(buf)[:res] == ct
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            AES(b"\x00" * 16), modes.GCM(b"0" * 12)
+        ),
+        skip_message="Does not support AES GCM",
+    )
+    def test_update_into_gcm(self, backend):
+        key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a")
+        iv = binascii.unhexlify(b"8b23299fde174053f3d652ba")
+        ct = binascii.unhexlify(b"5a3c1cf1985dbb8bed818036fdd5ab42")
+        pt = binascii.unhexlify(b"28286a321293253c3e0aa2704a278032")
+        c = ciphers.Cipher(AES(key), modes.GCM(iv), backend)
+        encryptor = c.encryptor()
+        buf = bytearray(len(pt) + 15)
+        res = encryptor.update_into(pt, buf)
+        assert res == len(pt)
+        assert bytes(buf)[:res] == ct
+        encryptor.finalize()
+        c = ciphers.Cipher(AES(key), modes.GCM(iv, encryptor.tag), backend)
+        decryptor = c.decryptor()
+        res = decryptor.update_into(ct, buf)
+        decryptor.finalize()
+        assert res == len(pt)
+        assert bytes(buf)[:res] == pt
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            AES(b"\x00" * 16), modes.GCM(b"0" * 12)
+        ),
+        skip_message="Does not support AES GCM",
+    )
+    def test_finalize_with_tag_already_finalized(self, backend):
+        key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a")
+        iv = binascii.unhexlify(b"8b23299fde174053f3d652ba")
+        encryptor = ciphers.Cipher(
+            AES(key), modes.GCM(iv), backend
+        ).encryptor()
+        ciphertext = encryptor.update(b"abc") + encryptor.finalize()
+
+        decryptor = ciphers.Cipher(
+            AES(key), modes.GCM(iv, tag=encryptor.tag), backend
+        ).decryptor()
+        decryptor.update(ciphertext)
+        decryptor.finalize()
+        with pytest.raises(AlreadyFinalized):
+            decryptor.finalize_with_tag(encryptor.tag)
+
+    @pytest.mark.parametrize(
+        "params",
+        load_vectors_from_file(
+            os.path.join("ciphers", "AES", "ECB", "ECBGFSbox128.rsp"),
+            load_nist_vectors
+        )
+    )
+    def test_update_into_multiple_calls(self, params, backend):
+        key = binascii.unhexlify(params["key"])
+        pt = binascii.unhexlify(params["plaintext"])
+        ct = binascii.unhexlify(params["ciphertext"])
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        buf = bytearray(len(pt) + 15)
+        res = encryptor.update_into(pt[:3], buf)
+        assert res == 0
+        res = encryptor.update_into(pt[3:], buf)
+        assert res == len(pt)
+        assert bytes(buf)[:res] == ct
+
+    def test_update_into_buffer_too_small(self, backend):
+        key = b"\x00" * 16
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        buf = bytearray(16)
+        with pytest.raises(ValueError):
+            encryptor.update_into(b"testing", buf)
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
+        ),
+        skip_message="Does not support AES GCM",
+    )
+    def test_update_into_buffer_too_small_gcm(self, backend):
+        key = b"\x00" * 16
+        c = ciphers.Cipher(AES(key), modes.GCM(b"\x00" * 12), backend)
+        encryptor = c.encryptor()
+        buf = bytearray(5)
+        with pytest.raises(ValueError):
+            encryptor.update_into(b"testing", buf)