aes-gcm: only return the real mac (which is only 128b, 16B)

code using id_hash output still expects 256b (32B), thus added a workaround for GHASH/GMAC.
2026-06-10 17:32:13 -04:00 · 2015-03-23 00:36:49 +01:00 · 2015-03-23 00:36:49 +01:00 · 7e1aa163a3
commit 7e1aa163a3
parent c759eeee1e
3 changed files with 3 additions and 4 deletions
--- a/attic/crypto.pyx
+++ b/attic/crypto.pyx
@ -179,8 +179,7 @@ cdef class AES:
                # Get tag (mac) - only GCM mode. for CTR, the returned mac is undefined
                if not EVP_CIPHER_CTX_ctrl(&self.ctx, EVP_CTRL_GCM_GET_TAG, MAC_SIZE, mac):
                    raise Exception('EVP_CIPHER_CTX_ctrl GET TAG failed')
-            # hack: caller wants 32B tags (256b), so we give back that amount
-            return (mac[:MAC_SIZE] + b'\x00'*16), out[:ctl]
+            return (mac[:MAC_SIZE]), out[:ctl]
        finally:
            free(mac)
            free(out)
--- a/attic/key.py
+++ b/attic/key.py
@ -112,7 +112,7 @@ class GHASH:
        # GMAC = aes-gcm with all data as AAD, no data as to-be-encrypted data
        mac_cipher.add(bytes(self.data))
        hash, _ = mac_cipher.compute_mac_and_encrypt(b'')
-        return hash
+        return hash + b'\0'*16  # XXX hashindex code wants 32 bytes (256 bit)


 class HMAC_SHA256(HMAC):
--- a/attic/testsuite/crypto.py
+++ b/attic/testsuite/crypto.py
@ -48,7 +48,7 @@ class CryptoTestCase(AtticTestCase):
        # encrypt
        aes = AES(mode=AES_GCM_MODE, is_encrypt=True, key=key, iv=iv)
        mac, cdata = aes.compute_mac_and_encrypt(data)
-        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb00000000000000000000000000000000')
+        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb')
        self.assert_equal(hexlify(cdata), b'841bcce405df769d22ee9f7f012edf5dc7fb2594d924c7400ffd050f2741')
        # decrypt (correct mac/cdata)
        aes = AES(mode=AES_GCM_MODE, is_encrypt=False, key=key, iv=iv)