diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-18 00:06:10 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-17 12:06:10 -0400 |
commit | db62ec9967d95e666eb6898766944d9e50532b2d (patch) | |
tree | 9cf70453fad72b31c074d45e43d33298e2640166 | |
parent | 12a1cacb6ae6de51a003dcc884e769854a1345a8 (diff) | |
download | cryptography-db62ec9967d95e666eb6898766944d9e50532b2d.tar.gz |
also check iv length for GCM nonce in AEAD (#4350)
* also check iv length for GCM nonce in AEAD
* ugh
-rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/aead.py | 2 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_aead.py | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py index 9794d7682..e5197653f 100644 --- a/src/cryptography/hazmat/primitives/ciphers/aead.py +++ b/src/cryptography/hazmat/primitives/ciphers/aead.py @@ -184,3 +184,5 @@ class AESGCM(object): utils._check_bytes("nonce", nonce) utils._check_bytes("data", data) utils._check_bytes("associated_data", associated_data) + if len(nonce) == 0: + raise ValueError("Nonce must be at least 1 byte") diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py index a0cc79e14..5a5185583 100644 --- a/tests/hazmat/primitives/test_aead.py +++ b/tests/hazmat/primitives/test_aead.py @@ -383,6 +383,12 @@ class TestAESGCM(object): with pytest.raises(TypeError): aesgcm.decrypt(nonce, data, associated_data) + def test_invalid_nonce_length(self, backend): + key = AESGCM.generate_key(128) + aesgcm = AESGCM(key) + with pytest.raises(ValueError): + aesgcm.encrypt(b"", b"hi", None) + def test_bad_key(self, backend): with pytest.raises(TypeError): AESGCM(object()) |