77 lines
3.6 KiB
Diff
77 lines
3.6 KiB
Diff
From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
|
|
From: Paul Kehrer <paul.l.kehrer@gmail.com>
|
|
Date: Tue, 17 Jul 2018 10:47:57 +0800
|
|
Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
|
|
|
|
---
|
|
docs/hazmat/primitives/symmetric-encryption.rst | 1 +
|
|
src/cryptography/hazmat/backends/openssl/ciphers.py | 5 +++++
|
|
src/cryptography/hazmat/primitives/ciphers/modes.py | 1 +
|
|
tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++
|
|
5 files changed, 28 insertions(+)
|
|
|
|
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
|
|
index 5ebcca754..5b6000902 100644
|
|
--- a/docs/hazmat/primitives/symmetric-encryption.rst
|
|
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
|
|
@@ -670,6 +670,7 @@ Interfaces
|
|
:raises ValueError: This is raised when the data provided isn't
|
|
a multiple of the algorithm's block size, if ``min_tag_length`` is
|
|
less than 4, or if ``len(tag) < min_tag_length``.
|
|
+ ``min_tag_length`` is an argument to the ``GCM`` constructor.
|
|
:raises NotImplementedError: This is raised if the version of the
|
|
OpenSSL backend used is 1.0.1 or earlier.
|
|
|
|
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
index 462ffea25..e0ee06ee2 100644
|
|
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
|
|
"finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
|
|
"method please update OpenSSL"
|
|
)
|
|
+ if len(tag) < self._mode._min_tag_length:
|
|
+ raise ValueError(
|
|
+ "Authentication tag must be {0} bytes or longer.".format(
|
|
+ self._mode._min_tag_length)
|
|
+ )
|
|
res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
|
|
self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
|
|
len(tag), tag
|
|
diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
|
|
index 598dfaa4a..543015fef 100644
|
|
--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
|
|
+++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
|
|
@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
|
|
min_tag_length)
|
|
)
|
|
self._tag = tag
|
|
+ self._min_tag_length = min_tag_length
|
|
|
|
tag = utils.read_only_property("_tag")
|
|
initialization_vector = utils.read_only_property("_initialization_vector")
|
|
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
|
|
index d6f83ebc2..4ceccf155 100644
|
|
--- a/tests/hazmat/primitives/test_aes.py
|
|
+++ b/tests/hazmat/primitives/test_aes.py
|
|
@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
|
|
decryptor.finalize()
|
|
else:
|
|
decryptor.finalize_with_tag(tag)
|
|
+
|
|
+ @pytest.mark.supported(
|
|
+ only_if=lambda backend: (
|
|
+ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
|
|
+ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
|
|
+ ),
|
|
+ skip_message="Not supported on OpenSSL 1.0.1",
|
|
+ )
|
|
+ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
|
|
+ decryptor = base.Cipher(
|
|
+ algorithms.AES(b"0" * 16),
|
|
+ modes.GCM(b"0" * 12),
|
|
+ backend=backend
|
|
+ ).decryptor()
|
|
+ with pytest.raises(ValueError):
|
|
+ decryptor.finalize_with_tag(b"tagtooshort")
|