summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDwayne C. Litzenberger <dlitz@dlitz.net>2012-05-24 07:51:41 -0400
committerDwayne C. Litzenberger <dlitz@dlitz.net>2012-05-24 08:44:49 -0400
commit411f60f58cea79f7e93476ba0c069b80a2a4c1a0 (patch)
tree146fc6e92e2b1a12dad03cb9e1f1046821149de0
parentb382f9f9229121054ae6a87678ee3601381de099 (diff)
downloadpycrypto-411f60f58cea79f7e93476ba0c069b80a2a4c1a0.tar.gz
Fix block ciphers allowing empty string as IV
Bug report: https://bugs.launchpad.net/pycrypto/+bug/997464
-rw-r--r--lib/Crypto/SelfTest/Cipher/common.py27
-rw-r--r--src/block_template.c2
2 files changed, 27 insertions, 2 deletions
diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py
index e56fa1b..8bebed9 100644
--- a/lib/Crypto/SelfTest/Cipher/common.py
+++ b/lib/Crypto/SelfTest/Cipher/common.py
@@ -223,7 +223,7 @@ class CFBSegmentSizeTest(unittest.TestCase):
"""Regression test: m.new(key, m.MODE_CFB, segment_size=N) should require segment_size to be a multiple of 8 bits"""
for i in range(1, 8):
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_CFB, segment_size=i)
- self.module.new(a2b_hex(self.key), self.module.MODE_CFB, segment_size=8) # should succeed
+ self.module.new(a2b_hex(self.key), self.module.MODE_CFB, "\0"*self.module.block_size, segment_size=8) # should succeed
class RoundtripTest(unittest.TestCase):
def __init__(self, module, params):
@@ -265,6 +265,30 @@ class PGPTest(unittest.TestCase):
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_PGP)
+class IVLengthTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
+ self.module = module
+ self.key = b(params['key'])
+
+ def shortDescription(self):
+ return "Check that all modes except MODE_ECB and MODE_CTR require an IV of the proper length"
+
+ def runTest(self):
+ self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+ self.module.MODE_CBC, "")
+ self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+ self.module.MODE_CFB, "")
+ self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+ self.module.MODE_OFB, "")
+ self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+ self.module.MODE_OPENPGP, "")
+ self.module.new(a2b_hex(self.key), self.module.MODE_ECB, "")
+ self.module.new(a2b_hex(self.key), self.module.MODE_CTR, "", counter=self._dummy_counter)
+
+ def _dummy_counter(self):
+ return "\0" * self.module.block_size
+
def make_block_tests(module, module_name, test_data):
tests = []
extra_tests_added = 0
@@ -311,6 +335,7 @@ def make_block_tests(module, module_name, test_data):
CFBSegmentSizeTest(module, params),
RoundtripTest(module, params),
PGPTest(module, params),
+ IVLengthTest(module, params),
]
extra_tests_added = 1
diff --git a/src/block_template.c b/src/block_template.c
index bc7aa74..c36b316 100644
--- a/src/block_template.c
+++ b/src/block_template.c
@@ -170,7 +170,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
"Key cannot be the null string");
return NULL;
}
- if (IVlen != BLOCK_SIZE && IVlen != 0)
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
{
PyErr_Format(PyExc_ValueError,
"IV must be %i bytes long", BLOCK_SIZE);