Fixes #1200 -- disallow GCM truncation by default

author: Alex Gaynor <alex.gaynor@gmail.com> 2014-06-29 20:43:29 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-06-29 20:43:29 -0700
commit: 8f1b8e88e6e9ed7d73661bb90f0e558059b610f3 (patch)
tree: 5b3fd5321c77e1f1b0da4d93497d03bd20f75282 /tests
parent: 2d6e91f81266129c48ae775228a18d92c2d0f2c7 (diff)
download: cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.tar.gz
cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.tar.bz2
cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.zip
2 files changed, 7 insertions, 5 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 173075d6..003b3ba0 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -226,5 +226,5 @@ class TestAESModeGCM(object):
             "gcmEncryptExtIV256.rsp",
         ],
         lambda key: algorithms.AES(key),
-        lambda iv, tag: modes.GCM(iv, tag),
+        lambda iv, tag, min_tag_length=16: modes.GCM(iv, tag, min_tag_length),
     )
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 49b73f01..4640c2ea 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -90,7 +90,8 @@ def aead_test(backend, cipher_factory, mode_factory, params):
         cipher = Cipher(
             cipher_factory(binascii.unhexlify(params["key"])),
             mode_factory(binascii.unhexlify(params["iv"]),
-                         binascii.unhexlify(params["tag"])),
+                         binascii.unhexlify(params["tag"]),
+                         len(binascii.unhexlify(params["tag"]))),
             backend
         )
         decryptor = cipher.decryptor()
@@ -108,12 +109,13 @@ def aead_test(backend, cipher_factory, mode_factory, params):
         encryptor.authenticate_additional_data(binascii.unhexlify(aad))
         actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
         actual_ciphertext += encryptor.finalize()
-        tag_len = len(params["tag"])
-        assert binascii.hexlify(encryptor.tag)[:tag_len] == params["tag"]
+        tag_len = len(binascii.unhexlify(params["tag"]))
+        assert binascii.hexlify(encryptor.tag[:tag_len]) == params["tag"]
         cipher = Cipher(
             cipher_factory(binascii.unhexlify(params["key"])),
             mode_factory(binascii.unhexlify(params["iv"]),
-                         binascii.unhexlify(params["tag"])),
+                         binascii.unhexlify(params["tag"]),
+                         min_tag_length=tag_len),
             backend
         )
         decryptor = cipher.decryptor()
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-06-29 20:43:29 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-06-29 20:43:29 -0700
commit	8f1b8e88e6e9ed7d73661bb90f0e558059b610f3 (patch)
tree	5b3fd5321c77e1f1b0da4d93497d03bd20f75282 /tests
parent	2d6e91f81266129c48ae775228a18d92c2d0f2c7 (diff)
download	cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.tar.gz cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.tar.bz2 cryptography-8f1b8e88e6e9ed7d73661bb90f0e558059b610f3.zip