diff options
| -rw-r--r-- | okupy/common/crypto.py | 2 | ||||
| -rw-r--r-- | okupy/tests/unit/test_cipher.py | 5 |
2 files changed, 7 insertions, 0 deletions
diff --git a/okupy/common/crypto.py b/okupy/common/crypto.py index 705f173..a50d3b6 100644 --- a/okupy/common/crypto.py +++ b/okupy/common/crypto.py @@ -50,6 +50,8 @@ class OkupyCipher(object): Decrypt the data block of given length. Removes padding if any. """ + if len(data) < length: + raise ValueError('Ciphertext too short for requested length') return self.cipher.decrypt(data)[:length] diff --git a/okupy/tests/unit/test_cipher.py b/okupy/tests/unit/test_cipher.py index 36615c3..a0eaab1 100644 --- a/okupy/tests/unit/test_cipher.py +++ b/okupy/tests/unit/test_cipher.py @@ -34,3 +34,8 @@ class OkupyCipherTests(TestCase): data = Random.get_random_bytes(45) hash = cipher.encrypt(data) self.assertEqual(cipher.decrypt(hash, len(data)), data) + + def test_ciphertext_shorter_than_req_output_raises_valueerror(self): + data = self._random_string[:cipher.block_size*2] + hash = cipher.encrypt(data)[:cipher.block_size] + self.assertRaises(ValueError, cipher.decrypt, hash, len(data)) |