Simplify code and add test
diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py
index f09478f..509b4de 100644
--- a/cryptography/hazmat/primitives/ciphers/modes.py
+++ b/cryptography/hazmat/primitives/ciphers/modes.py
@@ -101,6 +101,8 @@
# len(initialization_vector) must in [1, 2 ** 64), but it's impossible
# to actually construct a bytes object that large, so we don't check
# for it
+ if min_tag_length < 4:
+ raise ValueError("min_tag_length must be >= 4")
if tag is not None and len(tag) < min_tag_length:
raise ValueError(
"Authentication tag must be {0} bytes or longer.".format(
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 003b3ba..5bde7d3 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -225,6 +225,6 @@
"gcmEncryptExtIV192.rsp",
"gcmEncryptExtIV256.rsp",
],
- lambda key: algorithms.AES(key),
- lambda iv, tag, min_tag_length=16: modes.GCM(iv, tag, min_tag_length),
+ algorithms.AES,
+ modes.GCM,
)
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 4640c2e..6428b03 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -311,6 +311,9 @@
with pytest.raises(ValueError):
mode_factory(binascii.unhexlify(b"0" * 24), b"000")
+ with pytest.raises(ValueError):
+ mode_factory(binascii.unhexlify(b"0" * 24), b"000000", 2)
+
cipher = Cipher(
cipher_factory(binascii.unhexlify(b"0" * 32)),
mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),