aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat/primitives')
-rw-r--r--tests/hazmat/primitives/test_aes.py96
-rw-r--r--tests/hazmat/primitives/utils.py2
2 files changed, 96 insertions, 2 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 8826aae8..392a847f 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -303,3 +303,99 @@ class TestAESModeGCM(object):
assert encryptor._aad_bytes_processed == 8
encryptor.authenticate_additional_data(b"0" * 18)
assert encryptor._aad_bytes_processed == 26
+
+ def test_gcm_tag_decrypt_none(self, backend):
+ key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3")
+ iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d")
+ aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193")
+
+ encryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).encryptor()
+ encryptor.authenticate_additional_data(aad)
+ encryptor.finalize()
+
+ if backend.name == "openssl" and \
+ backend.openssl_version_number() < 0x10002000:
+ with pytest.raises(NotImplementedError):
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).decryptor()
+ else:
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).decryptor()
+ decryptor.authenticate_additional_data(aad)
+ with pytest.raises(ValueError):
+ decryptor.finalize()
+
+ def test_gcm_tag_decrypt_mode(self, backend):
+ key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3")
+ iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d")
+ aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193")
+
+ encryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).encryptor()
+ encryptor.authenticate_additional_data(aad)
+ encryptor.finalize()
+ tag = encryptor.tag
+
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv, tag),
+ backend=backend
+ ).decryptor()
+ decryptor.authenticate_additional_data(aad)
+ decryptor.finalize()
+
+ def test_gcm_tag_decrypt_finalize(self, backend):
+ key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3")
+ iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d")
+ aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193")
+
+ encryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).encryptor()
+ encryptor.authenticate_additional_data(aad)
+ encryptor.finalize()
+ tag = encryptor.tag
+
+ if backend.name == "openssl" and \
+ backend.openssl_version_number() < 0x10002000:
+ with pytest.raises(NotImplementedError):
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).decryptor()
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv, tag=encryptor.tag),
+ backend=backend
+ ).decryptor()
+ else:
+ decryptor = base.Cipher(
+ algorithms.AES(key),
+ modes.GCM(iv),
+ backend=backend
+ ).decryptor()
+ decryptor.authenticate_additional_data(aad)
+
+ if backend.name == "openssl" and \
+ backend.openssl_version_number() < 0x10002000:
+ with pytest.raises(NotImplementedError):
+ decryptor.finalize_with_tag(tag)
+ decryptor.finalize()
+ else:
+ decryptor.finalize_with_tag(tag)
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index d0e87a78..59326367 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -304,8 +304,6 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory):
mode_factory(binascii.unhexlify(b"0" * 24)),
backend
)
- with pytest.raises(ValueError):
- cipher.decryptor()
with pytest.raises(ValueError):
mode_factory(binascii.unhexlify(b"0" * 24), b"000")
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-01 18:27:26 +0000