diff options
Diffstat (limited to 'lib/Crypto/SelfTest/Cipher/common.py')
-rw-r--r-- | lib/Crypto/SelfTest/Cipher/common.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py index c48cb7f..9afa147 100644 --- a/lib/Crypto/SelfTest/Cipher/common.py +++ b/lib/Crypto/SelfTest/Cipher/common.py @@ -74,6 +74,11 @@ class CipherSelfTest(unittest.TestCase): self.mode = getattr(self.module, "MODE_" + mode) self.iv = _extract(params, 'iv', None) if self.iv is not None: self.iv = b(self.iv) + + # Only relevant for OPENPGP mode + self.encrypted_iv = _extract(params, 'encrypted_iv', None) + if self.encrypted_iv is not None: + self.encrypted_iv = b(self.encrypted_iv) else: # Stream cipher self.mode = None @@ -84,7 +89,7 @@ class CipherSelfTest(unittest.TestCase): def shortDescription(self): return self.description - def _new(self): + def _new(self, do_decryption=0): params = self.extra_params.copy() # Handle CTR mode parameters. By default, we use Counter.new(self.module.block_size) @@ -106,16 +111,30 @@ class CipherSelfTest(unittest.TestCase): return self.module.new(a2b_hex(self.key), self.mode, **params) else: # Block cipher with iv - return self.module.new(a2b_hex(self.key), self.mode, a2b_hex(self.iv), **params) + if do_decryption and self.mode == self.module.MODE_OPENPGP: + # In PGP mode, the IV to feed for decryption is the *encrypted* one + return self.module.new(a2b_hex(self.key), self.mode, a2b_hex(self.encrypted_iv), **params) + else: + return self.module.new(a2b_hex(self.key), self.mode, a2b_hex(self.iv), **params) def runTest(self): plaintext = a2b_hex(self.plaintext) ciphertext = a2b_hex(self.ciphertext) ct1 = b2a_hex(self._new().encrypt(plaintext)) - pt1 = b2a_hex(self._new().decrypt(ciphertext)) + pt1 = b2a_hex(self._new(1).decrypt(ciphertext)) ct2 = b2a_hex(self._new().encrypt(plaintext)) - pt2 = b2a_hex(self._new().decrypt(ciphertext)) + pt2 = b2a_hex(self._new(1).decrypt(ciphertext)) + + if hasattr(self.module, "MODE_OPENPGP") and self.mode == self.module.MODE_OPENPGP: + # In PGP mode, data returned by the first encrypt() + # is prefixed with the encrypted IV. + # Here we check it and then remove it from the ciphertexts. + eilen = len(self.encrypted_iv) + self.assertEqual(self.encrypted_iv, ct1[:eilen]) + self.assertEqual(self.encrypted_iv, ct2[:eilen]) + ct1 = ct1[eilen:] + ct2 = ct2[eilen:] self.assertEqual(self.ciphertext, ct1) # encrypt self.assertEqual(self.ciphertext, ct2) # encrypt (second time) |