enable strict IV checking by default during decryption

[python-delta-tar] / testing / test_crypto.py

diff --git a/testing/test_crypto.py b/testing/test_crypto.py
index 3f444f9..496f2e5 100644 (file)
--- a/testing/test_crypto.py
+++ b/testing/test_crypto.py
@@ -171,7 +171,8 @@ class AESGCMTest (CryptoLayerTest):
                                              TEST_PARAMVERSION,
                                              password=password,
                                              nacl=TEST_STATIC_NACL,
-                                             counter=start_count)
+                                             counter=start_count,
+                                             strict_ivs=True)
 
             for i, blob in enumerate (data, 1):
                 fname = "%s_%d" % (TEST_DUMMY_FILENAME, i)
@@ -820,7 +821,7 @@ class AESGCMTest (CryptoLayerTest):
         """
         Meddle with encrypted content: extract the IV from one object
         and inject it into the header of another. This must be rejected
-        by the decryptor.
+        by the decryptor with paranoid IV checking enabled.
         """
         cnksiz         = 1 << 10
         orig_pt_1      = fill_mod (1 << 10)
@@ -829,7 +830,8 @@ class AESGCMTest (CryptoLayerTest):
         encryptor      = crypto.Encrypt (TEST_VERSION,
                                          TEST_PARAMVERSION,
                                          password=password,
-                                         nacl=TEST_STATIC_NACL)
+                                         nacl=TEST_STATIC_NACL,
+                                         strict_ivs=True)
 
         def enc (pt):
             header_dummy   = encryptor.next (TEST_DUMMY_FILENAME)