| 44 | |
| 45 | @wycheproof_tests("aes_gcm_test.json") |
| 46 | def test_aes_gcm(backend, wycheproof): |
| 47 | key = binascii.unhexlify(wycheproof.testcase["key"]) |
| 48 | iv = binascii.unhexlify(wycheproof.testcase["iv"]) |
| 49 | aad = binascii.unhexlify(wycheproof.testcase["aad"]) |
| 50 | msg = binascii.unhexlify(wycheproof.testcase["msg"]) |
| 51 | ct = binascii.unhexlify(wycheproof.testcase["ct"]) |
| 52 | tag = binascii.unhexlify(wycheproof.testcase["tag"]) |
| 53 | if len(iv) < 8 or len(iv) > 128: |
| 54 | pytest.skip( |
| 55 | "Less than 64-bit IVs (and greater than 1024-bit) are no longer " |
| 56 | "supported" |
| 57 | ) |
| 58 | if backend._fips_enabled and len(iv) != 12: |
| 59 | # Red Hat disables non-96-bit IV support as part of its FIPS |
| 60 | # patches. |
| 61 | pytest.skip("Non-96-bit IVs unsupported in FIPS mode.") |
| 62 | if wycheproof.valid or wycheproof.acceptable: |
| 63 | enc = Cipher(algorithms.AES(key), modes.GCM(iv), backend).encryptor() |
| 64 | enc.authenticate_additional_data(aad) |
| 65 | computed_ct = enc.update(msg) + enc.finalize() |
| 66 | computed_tag = enc.tag |
| 67 | assert computed_ct == ct |
| 68 | assert computed_tag == tag |
| 69 | dec = Cipher( |
| 70 | algorithms.AES(key), |
| 71 | modes.GCM(iv, tag, min_tag_length=len(tag)), |
| 72 | backend, |
| 73 | ).decryptor() |
| 74 | dec.authenticate_additional_data(aad) |
| 75 | computed_msg = dec.update(ct) + dec.finalize() |
| 76 | assert computed_msg == msg |
| 77 | else: |
| 78 | dec = Cipher( |
| 79 | algorithms.AES(key), |
| 80 | modes.GCM(iv, tag, min_tag_length=len(tag)), |
| 81 | backend, |
| 82 | ).decryptor() |
| 83 | dec.authenticate_additional_data(aad) |
| 84 | dec.update(ct) |
| 85 | with pytest.raises(InvalidTag): |
| 86 | dec.finalize() |
| 87 | |
| 88 | |
| 89 | @wycheproof_tests("aes_gcm_test.json") |