Skip to content
Permalink
Browse files

Fix block ciphers allowing empty string as IV

  • Loading branch information...
dlitz committed May 24, 2012
1 parent b382f9f commit 411f60f58cea79f7e93476ba0c069b80a2a4c1a0
Showing with 27 additions and 2 deletions.
  1. +26 −1 lib/Crypto/SelfTest/Cipher/common.py
  2. +1 −1 src/block_template.c
@@ -223,7 +223,7 @@ def runTest(self):
"""Regression test: m.new(key, m.MODE_CFB, segment_size=N) should require segment_size to be a multiple of 8 bits"""
for i in range(1, 8):
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_CFB, segment_size=i)
self.module.new(a2b_hex(self.key), self.module.MODE_CFB, segment_size=8) # should succeed
self.module.new(a2b_hex(self.key), self.module.MODE_CFB, "\0"*self.module.block_size, segment_size=8) # should succeed

class RoundtripTest(unittest.TestCase):
def __init__(self, module, params):
@@ -265,6 +265,30 @@ def runTest(self):
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_PGP)

class IVLengthTest(unittest.TestCase):
def __init__(self, module, params):
unittest.TestCase.__init__(self)
self.module = module
self.key = b(params['key'])

def shortDescription(self):
return "Check that all modes except MODE_ECB and MODE_CTR require an IV of the proper length"

def runTest(self):
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_CBC, "")
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_CFB, "")
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_OFB, "")
self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
self.module.MODE_OPENPGP, "")
self.module.new(a2b_hex(self.key), self.module.MODE_ECB, "")
self.module.new(a2b_hex(self.key), self.module.MODE_CTR, "", counter=self._dummy_counter)

def _dummy_counter(self):
return "\0" * self.module.block_size

def make_block_tests(module, module_name, test_data):
tests = []
extra_tests_added = 0
@@ -311,6 +335,7 @@ def make_block_tests(module, module_name, test_data):
CFBSegmentSizeTest(module, params),
RoundtripTest(module, params),
PGPTest(module, params),
IVLengthTest(module, params),
]
extra_tests_added = 1

@@ -170,7 +170,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
"Key cannot be the null string");
return NULL;
}
if (IVlen != BLOCK_SIZE && IVlen != 0)
if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
{
PyErr_Format(PyExc_ValueError,
"IV must be %i bytes long", BLOCK_SIZE);

0 comments on commit 411f60f

Please sign in to comment.
You can’t perform that action at this time.