diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-17 10:14:48 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-17 10:14:48 -0700 |
| commit | 506f65b47f52377b0144669cfb41835762b25bb4 (patch) | |
| tree | ffbb102fefa0297a145bb12d378d414fe8d1b0ad /tests/hazmat | |
| parent | 7a5629a718c787c671e0ed9573d0b8805758f660 (diff) | |
| parent | 9a11c00b464225f4aa3e761e103930c6b8b9115b (diff) | |
| download | cryptography-506f65b47f52377b0144669cfb41835762b25bb4.tar.gz cryptography-506f65b47f52377b0144669cfb41835762b25bb4.tar.bz2 cryptography-506f65b47f52377b0144669cfb41835762b25bb4.zip | |
Merge pull request #1330 from reaperhulk/fix-commoncrypto-gcm
Fix two bugs with CommonCrypto GCM that can result in invalid output.
Diffstat (limited to 'tests/hazmat')
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 5bde7d3c..e8e0eee4 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -18,7 +18,7 @@ import os import pytest -from cryptography.hazmat.primitives.ciphers import algorithms, modes +from cryptography.hazmat.primitives.ciphers import algorithms, base, modes from .utils import generate_aead_test, generate_encrypt_test from ...utils import load_nist_vectors @@ -228,3 +228,36 @@ class TestAESModeGCM(object): algorithms.AES, modes.GCM, ) + + def test_gcm_tag_with_only_aad(self, backend): + key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") + iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") + aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") + tag = binascii.unhexlify(b"0f247e7f9c2505de374006738018493b") + + cipher = base.Cipher( + algorithms.AES(key), + modes.GCM(iv), + backend=backend + ) + encryptor = cipher.encryptor() + encryptor.authenticate_additional_data(aad) + encryptor.finalize() + assert encryptor.tag == tag + + def test_gcm_ciphertext_with_no_aad(self, backend): + key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a") + iv = binascii.unhexlify(b"8b23299fde174053f3d652ba") + ct = binascii.unhexlify(b"5a3c1cf1985dbb8bed818036fdd5ab42") + tag = binascii.unhexlify(b"23c7ab0f952b7091cd324835043b5eb5") + pt = binascii.unhexlify(b"28286a321293253c3e0aa2704a278032") + + cipher = base.Cipher( + algorithms.AES(key), + modes.GCM(iv), + backend=backend + ) + encryptor = cipher.encryptor() + computed_ct = encryptor.update(pt) + encryptor.finalize() + assert computed_ct == ct + assert encryptor.tag == tag |