From 8d46eafc90793282fb007ed3dde51d761edcf595 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 1 Aug 2018 06:53:39 -0400
Subject: Updated wycheproof tests for new upstream vectors (#4378)

* updated tests for upstream wycheproof changes

* Updated AES tests

* oops, flake8
---
 tests/wycheproof/test_aes.py  | 22 ++++++++++++++++------
 tests/wycheproof/test_ecdh.py |  4 ++--
 2 files changed, 18 insertions(+), 8 deletions(-)

(limited to 'tests/wycheproof')

diff --git a/tests/wycheproof/test_aes.py b/tests/wycheproof/test_aes.py
index 929ad8dc..a3d75123 100644
--- a/tests/wycheproof/test_aes.py
+++ b/tests/wycheproof/test_aes.py
@@ -8,6 +8,7 @@ import binascii
 
 import pytest
 
+from cryptography.exceptions import InvalidTag
 from cryptography.hazmat.backends.interfaces import CipherBackend
 from cryptography.hazmat.primitives import padding
 from cryptography.hazmat.primitives.ciphers import (
@@ -67,11 +68,19 @@ def test_aes_gcm(backend, wycheproof):
         dec.authenticate_additional_data(aad)
         computed_msg = dec.update(ct) + dec.finalize()
         assert computed_msg == msg
-    else:
-        # All invalid GCM tests are IV len 0 right now
-        assert len(iv) == 0
+    elif len(iv) == 0:
         with pytest.raises(ValueError):
             Cipher(algorithms.AES(key), modes.GCM(iv), backend)
+    else:
+        dec = Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv, tag, min_tag_length=len(tag)),
+            backend
+        ).decryptor()
+        dec.authenticate_additional_data(aad)
+        dec.update(ct)
+        with pytest.raises(InvalidTag):
+            dec.finalize()
 
 
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
@@ -89,8 +98,9 @@ def test_aes_gcm_aead_api(backend, wycheproof):
         assert computed_ct == ct + tag
         computed_msg = aesgcm.decrypt(iv, ct + tag, aad)
         assert computed_msg == msg
-    else:
-        # All invalid GCM tests are IV len 0 right now
-        assert len(iv) == 0
+    elif len(iv) == 0:
         with pytest.raises(ValueError):
             aesgcm.encrypt(iv, msg, aad)
+    else:
+        with pytest.raises(InvalidTag):
+            aesgcm.decrypt(iv, ct + tag, aad)
diff --git a/tests/wycheproof/test_ecdh.py b/tests/wycheproof/test_ecdh.py
index 0850b627..55be04ee 100644
--- a/tests/wycheproof/test_ecdh.py
+++ b/tests/wycheproof/test_ecdh.py
@@ -50,10 +50,10 @@ _CURVES = {
     "ecdh_secp521r1_test.json",
 )
 def test_ecdh(backend, wycheproof):
-    curve = _CURVES[wycheproof.testcase["curve"]]
+    curve = _CURVES[wycheproof.testgroup["curve"]]
     if curve is None:
         pytest.skip(
-            "Unsupported curve ({})".format(wycheproof.testcase["curve"])
+            "Unsupported curve ({})".format(wycheproof.testgroup["curve"])
         )
     _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve)
 
-- 
cgit v1.2.3