def test_invalid_nonce_length(self, backend):
key = AESOCB3.generate_key(128)
aesocb3 = AESOCB3(key)
with pytest.raises(ValueError):
aesocb3.encrypt(b"\x00" * 11, b"hi", None)
with pytest.raises(ValueError):
aesocb3.encrypt(b"\x00" * 13, b"hi", None)
def test_params_not_bytes(self, nonce, data, associated_data, backend):
key = AESOCB3.generate_key(128)
aesocb3 = AESOCB3(key)
with pytest.raises(TypeError):
aesocb3.encrypt(nonce, data, associated_data)
with pytest.raises(TypeError):
aesocb3.decrypt(nonce, data, associated_data)
def test_associated_data_none_equal_to_empty_bytestring(self, backend):
key = AESOCB3.generate_key(128)
aesocb3 = AESOCB3(key)
nonce = os.urandom(12)
ct1 = aesocb3.encrypt(nonce, b"some_data", None)
ct2 = aesocb3.encrypt(nonce, b"some_data", b"")
assert ct1 == ct2
pt1 = aesocb3.decrypt(nonce, ct1, None)
pt2 = aesocb3.decrypt(nonce, ct2, b"")
assert pt1 == pt2
def test_data_too_large(self):
key = AESOCB3.generate_key(128)
aesocb3 = AESOCB3(key)
nonce = b"0" * 12
with pytest.raises(OverflowError):
aesocb3.encrypt(nonce, FakeData(), b"")
with pytest.raises(OverflowError):
aesocb3.encrypt(nonce, b"", FakeData())
def test_buffer_protocol(self, backend):
key = AESOCB3.generate_key(128)
aesocb3 = AESOCB3(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesocb3.encrypt(nonce, pt, ad)
computed_pt = aesocb3.decrypt(nonce, ct, ad)
assert computed_pt == pt
aesocb3_ = AESOCB3(bytearray(key))
ct2 = aesocb3_.encrypt(bytearray(nonce), pt, ad)
assert ct2 == ct
computed_pt2 = aesocb3_.decrypt(bytearray(nonce), ct2, ad)
assert computed_pt2 == pt
def test_vectors(self, backend, subtests):
vectors = []
for f in [
"rfc7253.txt",
"test-vector-1-nonce104.txt",
"test-vector-1-nonce112.txt",
"test-vector-1-nonce120.txt",
]:
vectors.extend(
load_vectors_from_file(
os.path.join("ciphers", "AES", "OCB3", f),
load_nist_vectors,
)
)
for vector in vectors:
with subtests.test():
nonce = binascii.unhexlify(vector["nonce"])
key = binascii.unhexlify(vector["key"])
aad = binascii.unhexlify(vector["aad"])
ct = binascii.unhexlify(vector["ciphertext"])
pt = binascii.unhexlify(vector.get("plaintext", b""))
aesocb3 = AESOCB3(key)
computed_ct = aesocb3.encrypt(nonce, pt, aad)
assert computed_ct == ct
computed_pt = aesocb3.decrypt(nonce, ct, aad)
assert computed_pt == pt
def test_vectors_invalid(self, backend, subtests):
vectors = load_vectors_from_file(
os.path.join("ciphers", "AES", "OCB3", "rfc7253.txt"),
load_nist_vectors,
)
for vector in vectors:
with subtests.test():
nonce = binascii.unhexlify(vector["nonce"])
key = binascii.unhexlify(vector["key"])
aad = binascii.unhexlify(vector["aad"])
ct = binascii.unhexlify(vector["ciphertext"])
aesocb3 = AESOCB3(key)
with pytest.raises(InvalidTag):
badkey = AESOCB3(AESOCB3.generate_key(128))
badkey.decrypt(nonce, ct, aad)
with pytest.raises(InvalidTag):
aesocb3.decrypt(nonce, b"nonsense", aad)
with pytest.raises(InvalidTag):
aesocb3.decrypt(b"\x00" * 12, ct, aad)
with pytest.raises(InvalidTag):
aesocb3.decrypt(nonce, ct, b"nonsense")
def test_bad_generate_key(self, backend):
with pytest.raises(TypeError):
AESOCB3.generate_key(object()) # type:ignore[arg-type]
with pytest.raises(ValueError):
AESOCB3.generate_key(129)
def test_bad_key(self, backend):
with pytest.raises(TypeError):
AESOCB3(object()) # type:ignore[arg-type]
with pytest.raises(ValueError):
AESOCB3(b"0" * 31)
def test_aesocb3_unsupported_on_older_openssl(backend):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
AESOCB3(AESOCB3.generate_key(128))
