diff options
| author | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2012-05-24 07:51:41 -0400 |
|---|---|---|
| committer | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2012-05-24 08:44:49 -0400 |
| commit | 411f60f58cea79f7e93476ba0c069b80a2a4c1a0 (patch) | |
| tree | 146fc6e92e2b1a12dad03cb9e1f1046821149de0 | |
| parent | b382f9f9229121054ae6a87678ee3601381de099 (diff) | |
| download | pycrypto-411f60f58cea79f7e93476ba0c069b80a2a4c1a0.tar.gz | |
Fix block ciphers allowing empty string as IV
Bug report: https://bugs.launchpad.net/pycrypto/+bug/997464
| -rw-r--r-- | lib/Crypto/SelfTest/Cipher/common.py | 27 | ||||
| -rw-r--r-- | src/block_template.c | 2 |
2 files changed, 27 insertions, 2 deletions
diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py index e56fa1b..8bebed9 100644 --- a/lib/Crypto/SelfTest/Cipher/common.py +++ b/lib/Crypto/SelfTest/Cipher/common.py @@ -223,7 +223,7 @@ class CFBSegmentSizeTest(unittest.TestCase): """Regression test: m.new(key, m.MODE_CFB, segment_size=N) should require segment_size to be a multiple of 8 bits""" for i in range(1, 8): self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_CFB, segment_size=i) - self.module.new(a2b_hex(self.key), self.module.MODE_CFB, segment_size=8) # should succeed + self.module.new(a2b_hex(self.key), self.module.MODE_CFB, "\0"*self.module.block_size, segment_size=8) # should succeed class RoundtripTest(unittest.TestCase): def __init__(self, module, params): @@ -265,6 +265,30 @@ class PGPTest(unittest.TestCase): self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_PGP) +class IVLengthTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) + self.module = module + self.key = b(params['key']) + + def shortDescription(self): + return "Check that all modes except MODE_ECB and MODE_CTR require an IV of the proper length" + + def runTest(self): + self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), + self.module.MODE_CBC, "") + self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), + self.module.MODE_CFB, "") + self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), + self.module.MODE_OFB, "") + self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), + self.module.MODE_OPENPGP, "") + self.module.new(a2b_hex(self.key), self.module.MODE_ECB, "") + self.module.new(a2b_hex(self.key), self.module.MODE_CTR, "", counter=self._dummy_counter) + + def _dummy_counter(self): + return "\0" * self.module.block_size + def make_block_tests(module, module_name, test_data): tests = [] extra_tests_added = 0 @@ -311,6 +335,7 @@ def make_block_tests(module, module_name, test_data): CFBSegmentSizeTest(module, params), RoundtripTest(module, params), PGPTest(module, params), + IVLengthTest(module, params), ] extra_tests_added = 1 diff --git a/src/block_template.c b/src/block_template.c index bc7aa74..c36b316 100644 --- a/src/block_template.c +++ b/src/block_template.c @@ -170,7 +170,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) "Key cannot be the null string"); return NULL; } - if (IVlen != BLOCK_SIZE && IVlen != 0) + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) { PyErr_Format(PyExc_ValueError, "IV must be %i bytes long", BLOCK_SIZE); |