From c48abb09571f7ade75612c8f254ca76df41ac80d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 11 Sep 2014 19:52:19 -0500
Subject: moved GCM tests to be run against all backends, added radar bug
 numbers

---
 .../hazmat/backends/commoncrypto/ciphers.py        |  2 ++
 tests/hazmat/backends/test_commoncrypto.py         | 31 -------------------
 tests/hazmat/primitives/test_aes.py                | 35 +++++++++++++++++++++-
 3 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/cryptography/hazmat/backends/commoncrypto/ciphers.py b/cryptography/hazmat/backends/commoncrypto/ciphers.py
index 4f723487..6d3ba863 100644
--- a/cryptography/hazmat/backends/commoncrypto/ciphers.py
+++ b/cryptography/hazmat/backends/commoncrypto/ciphers.py
@@ -155,6 +155,7 @@ class _GCMCipherContext(object):
         # call to authenticate_additional_data will result in null byte output
         # for ciphertext. The following empty byte string call prevents the
         # issue, which is present in at least 10.8 and 10.9.
+        # Filed as rdar://18314544
         self.authenticate_additional_data(b"")
 
     def update(self, data):
@@ -173,6 +174,7 @@ class _GCMCipherContext(object):
         # call to update. If you pass just AAD and call finalize without a call
         # to update you'll get null bytes for tag. The following update call
         # prevents this issue, which is present in at least 10.8 and 10.9.
+        # Filed as rdar://18314580
         self.update(b"")
         tag_size = self._cipher.block_size // 8
         tag_buf = self._backend._ffi.new("unsigned char[]", tag_size)
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 5f2e9aab..28d1a6ca 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -13,8 +13,6 @@
 
 from __future__ import absolute_import, division, print_function
 
-import binascii
-
 import pytest
 
 from cryptography import utils
@@ -70,32 +68,3 @@ class TestCommonCrypto(object):
         )
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
             cipher.encryptor()
-
-    def test_gcm_tag_with_only_aad(self):
-        from cryptography.hazmat.backends.commoncrypto.backend import Backend
-        b = Backend()
-        key = binascii.unhexlify(b"1dde380d6b04fdcb004005b8a77bd5e3")
-        iv = binascii.unhexlify(b"5053bf901463f97decd88c33")
-        aad = binascii.unhexlify(b"f807f5f6133021d15cb6434d5ad95cf7d8488727")
-        tag = binascii.unhexlify(b"4bebf3ff2cb67bb5444dda53bd039e22")
-
-        cipher = Cipher(AES(key), GCM(iv), backend=b)
-        encryptor = cipher.encryptor()
-        encryptor.authenticate_additional_data(aad)
-        encryptor.finalize()
-        assert encryptor.tag == tag
-
-    def test_gcm_ciphertext_with_no_aad(self):
-        from cryptography.hazmat.backends.commoncrypto.backend import Backend
-        b = Backend()
-        key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a")
-        iv = binascii.unhexlify(b"8b23299fde174053f3d652ba")
-        ct = binascii.unhexlify(b"5a3c1cf1985dbb8bed818036fdd5ab42")
-        tag = binascii.unhexlify(b"23c7ab0f952b7091cd324835043b5eb5")
-        pt = binascii.unhexlify(b"28286a321293253c3e0aa2704a278032")
-
-        cipher = Cipher(AES(key), GCM(iv), backend=b)
-        encryptor = cipher.encryptor()
-        computed_ct = encryptor.update(pt) + encryptor.finalize()
-        assert computed_ct == ct
-        assert encryptor.tag == tag
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 5bde7d3c..13682753 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -18,7 +18,7 @@ import os
 
 import pytest
 
-from cryptography.hazmat.primitives.ciphers import algorithms, modes
+from cryptography.hazmat.primitives.ciphers import algorithms, base, modes
 
 from .utils import generate_aead_test, generate_encrypt_test
 from ...utils import load_nist_vectors
@@ -228,3 +228,36 @@ class TestAESModeGCM(object):
         algorithms.AES,
         modes.GCM,
     )
+
+    def test_gcm_tag_with_only_aad(self, backend):
+        key = binascii.unhexlify(b"1dde380d6b04fdcb004005b8a77bd5e3")
+        iv = binascii.unhexlify(b"5053bf901463f97decd88c33")
+        aad = binascii.unhexlify(b"f807f5f6133021d15cb6434d5ad95cf7d8488727")
+        tag = binascii.unhexlify(b"4bebf3ff2cb67bb5444dda53bd039e22")
+
+        cipher = base.Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv),
+            backend=backend
+        )
+        encryptor = cipher.encryptor()
+        encryptor.authenticate_additional_data(aad)
+        encryptor.finalize()
+        assert encryptor.tag == tag
+
+    def test_gcm_ciphertext_with_no_aad(self, backend):
+        key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a")
+        iv = binascii.unhexlify(b"8b23299fde174053f3d652ba")
+        ct = binascii.unhexlify(b"5a3c1cf1985dbb8bed818036fdd5ab42")
+        tag = binascii.unhexlify(b"23c7ab0f952b7091cd324835043b5eb5")
+        pt = binascii.unhexlify(b"28286a321293253c3e0aa2704a278032")
+
+        cipher = base.Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv),
+            backend=backend
+        )
+        encryptor = cipher.encryptor()
+        computed_ct = encryptor.update(pt) + encryptor.finalize()
+        assert computed_ct == ct
+        assert encryptor.tag == tag
-- 
cgit v1.2.3