| 88 | |
| 89 | @wycheproof_tests("aes_gcm_test.json") |
| 90 | def test_aes_gcm_aead_api(backend, wycheproof): |
| 91 | key = binascii.unhexlify(wycheproof.testcase["key"]) |
| 92 | iv = binascii.unhexlify(wycheproof.testcase["iv"]) |
| 93 | aad = binascii.unhexlify(wycheproof.testcase["aad"]) |
| 94 | msg = binascii.unhexlify(wycheproof.testcase["msg"]) |
| 95 | ct = binascii.unhexlify(wycheproof.testcase["ct"]) |
| 96 | tag = binascii.unhexlify(wycheproof.testcase["tag"]) |
| 97 | if len(iv) < 8 or len(iv) > 128: |
| 98 | pytest.skip( |
| 99 | "Less than 64-bit IVs (and greater than 1024-bit) are no longer " |
| 100 | "supported" |
| 101 | ) |
| 102 | |
| 103 | if backend._fips_enabled and len(iv) != 12: |
| 104 | # Red Hat disables non-96-bit IV support as part of its FIPS |
| 105 | # patches. |
| 106 | pytest.skip("Non-96-bit IVs unsupported in FIPS mode.") |
| 107 | aesgcm = AESGCM(key) |
| 108 | if wycheproof.valid or wycheproof.acceptable: |
| 109 | computed_ct = aesgcm.encrypt(iv, msg, aad) |
| 110 | assert computed_ct == ct + tag |
| 111 | computed_msg = aesgcm.decrypt(iv, ct + tag, aad) |
| 112 | assert computed_msg == msg |
| 113 | else: |
| 114 | with pytest.raises(InvalidTag): |
| 115 | aesgcm.decrypt(iv, ct + tag, aad) |
| 116 | |
| 117 | |
| 118 | @pytest.mark.skipif( |