MCPcopy
hub / github.com/pyca/cryptography / test_aes_gcm

Function test_aes_gcm

tests/wycheproof/test_aes.py:46–86  ·  view source on GitHub ↗
(backend, wycheproof)

Source from the content-addressed store, hash-verified

44
45@wycheproof_tests("aes_gcm_test.json")
46def test_aes_gcm(backend, wycheproof):
47 key = binascii.unhexlify(wycheproof.testcase["key"])
48 iv = binascii.unhexlify(wycheproof.testcase["iv"])
49 aad = binascii.unhexlify(wycheproof.testcase["aad"])
50 msg = binascii.unhexlify(wycheproof.testcase["msg"])
51 ct = binascii.unhexlify(wycheproof.testcase["ct"])
52 tag = binascii.unhexlify(wycheproof.testcase["tag"])
53 if len(iv) < 8 or len(iv) > 128:
54 pytest.skip(
55 "Less than 64-bit IVs (and greater than 1024-bit) are no longer "
56 "supported"
57 )
58 if backend._fips_enabled and len(iv) != 12:
59 # Red Hat disables non-96-bit IV support as part of its FIPS
60 # patches.
61 pytest.skip("Non-96-bit IVs unsupported in FIPS mode.")
62 if wycheproof.valid or wycheproof.acceptable:
63 enc = Cipher(algorithms.AES(key), modes.GCM(iv), backend).encryptor()
64 enc.authenticate_additional_data(aad)
65 computed_ct = enc.update(msg) + enc.finalize()
66 computed_tag = enc.tag
67 assert computed_ct == ct
68 assert computed_tag == tag
69 dec = Cipher(
70 algorithms.AES(key),
71 modes.GCM(iv, tag, min_tag_length=len(tag)),
72 backend,
73 ).decryptor()
74 dec.authenticate_additional_data(aad)
75 computed_msg = dec.update(ct) + dec.finalize()
76 assert computed_msg == msg
77 else:
78 dec = Cipher(
79 algorithms.AES(key),
80 modes.GCM(iv, tag, min_tag_length=len(tag)),
81 backend,
82 ).decryptor()
83 dec.authenticate_additional_data(aad)
84 dec.update(ct)
85 with pytest.raises(InvalidTag):
86 dec.finalize()
87
88
89@wycheproof_tests("aes_gcm_test.json")

Callers

nothing calls this directly

Calls 7

CipherClass · 0.90
unhexlifyMethod · 0.80
encryptorMethod · 0.80
decryptorMethod · 0.80
updateMethod · 0.45
finalizeMethod · 0.45

Tested by

no test coverage detected