From 316d1fad8c389e0bfdcd3cf299bbf893c371c3f3 Mon Sep 17 00:00:00 2001 From: Helder Eijs Date: Sun, 11 Dec 2022 19:31:32 +0100 Subject: [PATCH] Reduce the minimum length of the EAX MAC tag to 2 bytes --- AUTHORS.rst | 1 + Changelog.rst | 4 ++++ Doc/src/cipher/modern.rst | 9 +++++---- lib/Crypto/Cipher/_mode_eax.py | 4 ++-- lib/Crypto/SelfTest/Cipher/test_EAX.py | 4 ++-- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/AUTHORS.rst b/AUTHORS.rst index 79adf3ce..f110c81a 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -48,3 +48,4 @@ Eric Young Hannes van Niekerk Stefan Seering Koki Takahashi +Lauro de Lima diff --git a/Changelog.rst b/Changelog.rst index b1d64140..faba95a9 100644 --- a/Changelog.rst +++ b/Changelog.rst @@ -4,6 +4,10 @@ Changelog 3.17.0 (under development) ++++++++++++++++++++++++++ +New features +--------------- +* Reduce the minimum tag length for the EAX cipher to 2 bytes. + Resolved issues --------------- * GH#526: improved typing for ``RSA.contruct``. diff --git a/Doc/src/cipher/modern.rst b/Doc/src/cipher/modern.rst index 9a6a6254..eded0fa4 100644 --- a/Doc/src/cipher/modern.rst +++ b/Doc/src/cipher/modern.rst @@ -188,16 +188,17 @@ a new EAX cipher object for the relevant base algorithm. .. function:: Crypto.Cipher..new(key, mode, *, nonce=None, mac_len=None) Create a new EAX object, using as the base block cipher. - + :param bytes key: the cryptographic key :param mode: the constant ``Crypto.Cipher..MODE_EAX`` :param bytes nonce: the value of the fixed nonce. It must be unique for the combination message/key. If not present, the library creates a random nonce (16 bytes long for AES). - :param integer mac_len: the desired length of the - MAC tag (default if not present: the cipher's block size, 16 bytes for AES). + :param integer mac_len: the length of the MAC tag, in bytes. + At least 2, and not larger than the cipher's block size (default), + which is 16 bytes for AES. :return: an EAX cipher object - + The cipher object has a read-only attribute :attr:`nonce`. Example (encryption):: diff --git a/lib/Crypto/Cipher/_mode_eax.py b/lib/Crypto/Cipher/_mode_eax.py index 34e007ca..62cf4d8b 100644 --- a/lib/Crypto/Cipher/_mode_eax.py +++ b/lib/Crypto/Cipher/_mode_eax.py @@ -94,8 +94,8 @@ class EaxMode(object): "digest", "verify"] # MAC tag length - if not (4 <= self._mac_len <= self.block_size): - raise ValueError("Parameter 'mac_len' must not be larger than %d" + if not (2 <= self._mac_len <= self.block_size): + raise ValueError("'mac_len' must be at least 2 and not larger than %d" % self.block_size) # Nonce cannot be empty and must be a byte string diff --git a/lib/Crypto/SelfTest/Cipher/test_EAX.py b/lib/Crypto/SelfTest/Cipher/test_EAX.py index fe93d719..7dbee2be 100644 --- a/lib/Crypto/SelfTest/Cipher/test_EAX.py +++ b/lib/Crypto/SelfTest/Cipher/test_EAX.py @@ -151,12 +151,12 @@ class EaxTests(unittest.TestCase): def test_mac_len(self): # Invalid MAC length self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_EAX, - nonce=self.nonce_96, mac_len=3) + nonce=self.nonce_96, mac_len=2-1) self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_EAX, nonce=self.nonce_96, mac_len=16+1) # Valid MAC length - for mac_len in range(5, 16 + 1): + for mac_len in range(2, 16 + 1): cipher = AES.new(self.key_128, AES.MODE_EAX, nonce=self.nonce_96, mac_len=mac_len) _, mac = cipher.encrypt_and_digest(self.data_128)