diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-12 14:48:29 -0800 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-12 14:48:29 -0800 |
| commit | a2fdd5270b274c934fff64d66b110943d97460ca (patch) | |
| tree | e95ecbbf787fd990e543fbbcc63b68ce7ea50aa6 | |
| parent | 64209e1303481488925bb39bcc63feb186d643f6 (diff) | |
| parent | 007e5e11d761a9d05adf7f074c8fdda427c38b10 (diff) | |
| download | cryptography-a2fdd5270b274c934fff64d66b110943d97460ca.tar.gz cryptography-a2fdd5270b274c934fff64d66b110943d97460ca.tar.bz2 cryptography-a2fdd5270b274c934fff64d66b110943d97460ca.zip | |
Merge pull request #467 from alex/validate-tag-len
Verify the tag len for GCM (docs)
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 83165690..7d954046 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -324,6 +324,11 @@ Modes return (iv, ciphertext, encryptor.tag) def decrypt(key, associated_data, iv, ciphertext, tag): + if len(tag) != 16: + raise ValueError( + "tag must be 16 bytes -- truncation not supported" + ) + # Construct a Cipher object, with the key, iv, and additionally the # GCM tag used for authenticating the message. decryptor = Cipher( |