# aes+gcm
AES_GCM_IV_LEN = 12
AES_GCM_MAX_SIZE = (1 << 36) - (1 << 5) # 2^39 - 2^8 b ≅ 64 GB
+AES_GCM_FMT_TAG = "<16s"
# scrypt
SCRYPT_dkLen = 16
hex_spaced_of_bytes (struct.pack (FMT_UINT64_LE, h["ctsize"])))
+def tag_fmt (t):
+ return struct.pack (AES_GCM_FMT_TAG, t)
+
+def tag_read (data):
+ try:
+ tag, = struct.unpack (AES_GCM_FMT_TAG, data)
+ except Exception as exn:
+ return False, "error reading tag from [%r]: %s" % (data, str (exn))
+ return True, tag
###############################################################################
## {de,en}cryption
nacl = binascii.unhexlify(b"0011223344556677"
b"8899aabbccddeeff")
- def test_scrypt_keygen (self):
- nacl, k = crypto.scrypt_derive (TEST_PASSPHRASE, self.nacl)
- assert len (k) == CRYPTO_KEY_SIZE
- assert nacl == self.nacl
+# def test_scrypt_keygen (self):
+# nacl, k = crypto.scrypt_derive (TEST_PASSPHRASE, self.nacl)
+# assert len (k) == CRYPTO_KEY_SIZE
+# assert nacl == self.nacl
## excessively slow, so disabled
# def test_scrypt_keygen_salt_random (self):
assert ok is False
assert msg.startswith ("error reading header from")
+class TagTest (CryptoLayerTest):
+
+ def test_crypto_tag_fmt (self):
+ key = os.urandom (CRYPTO_KEY_SIZE)
+ enc = crypto.AES_GCM_context (crypto.ENCRYPT, key, TEST_AES_GCM_AAD)
+ ok, _ = enc.process_chunk (TEST_PLAINTEXT)
+ assert ok
+ ok, _, tag = enc.done ()
+ assert ok
+ assert tag
+ tagged = crypto.tag_fmt (tag)
+ assert len (tagged) == CRYPTO_TAG_SIZE
+
+
+ def test_crypto_tag_read (self):
+ key = os.urandom (CRYPTO_KEY_SIZE)
+ enc = crypto.AES_GCM_context (crypto.ENCRYPT, key, TEST_AES_GCM_AAD)
+ ok, _ = enc.process_chunk (TEST_PLAINTEXT)
+ assert ok
+ ok, _, tag = enc.done ()
+ assert ok
+ assert tag
+ tagged = crypto.tag_fmt (tag)
+ (ok, ttag) = crypto.tag_read (tagged)
+ assert ok
+ assert tag == ttag
+
+