cipher: GCM: check that length of supplied tag is one of valid lengths
authorJussi Kivilinna <jussi.kivilinna@iki.fi>
Sun, 27 Mar 2016 08:17:39 +0000 (11:17 +0300)
committerJussi Kivilinna <jussi.kivilinna@iki.fi>
Sun, 27 Mar 2016 08:17:39 +0000 (11:17 +0300)
commitf2260e3a2e962ac80124ef938e54041bbea08561
treecc3443018415bac407e62570e7c47b375a6ec3be
parent4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9
cipher: GCM: check that length of supplied tag is one of valid lengths

* cipher/cipher-gcm.c (is_tag_length_valid): New.
(_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length.
* tests/basic.c (_check_gcm_cipher): Add test-vectors with different
valid tag lengths and negative test vectors with invalid lengths.
--

NIST SP 800-38D allows following tag lengths:
 128, 120, 112, 104, 96, 64 and 32 bits.

[v2: allow larger buffer when outputting tag. 128-bit tag is written
     to target buffer in this case]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
cipher/cipher-gcm.c
tests/basic.c