commit f903da081b3eac3bc84a2e596591e7e634c3355d
author Paul Kehrer <paul.l.kehrer@gmail.com> Tue Mar 20 13:33:57 2018 -0400
committer Alex Gaynor <alex.gaynor@gmail.com> Tue Mar 20 13:33:57 2018 -0400
tree 720fc1607b0e0ae1a3d9d9f3a88a2a49e1a3e34a
parent 79748a9e84b8084559e9a2794ed2d88e05259611

fix bug with n % 8 length wrapping on AESKWP (#4160)

* fix bug with n % 8 length wrapping on AESKWP

* review feedback

src/cryptography/hazmat/primitives/keywrap.py

diff --git a/src/cryptography/hazmat/primitives/keywrap.py b/src/cryptography/hazmat/primitives/keywrap.py
index 3b53131..2b7955f 100644
--- a/src/cryptography/hazmat/primitives/keywrap.py
+++ b/src/cryptography/hazmat/primitives/keywrap.py
@@ -118,11 +118,16 @@
     b = (8 * n) - mli
     if (
         not bytes_eq(a[:4], b"\xa6\x59\x59\xa6") or not
-        8 * (n - 1) < mli <= 8 * n or not bytes_eq(data[-b:], b"\x00" * b)
+        8 * (n - 1) < mli <= 8 * n or (
+            b != 0 and not bytes_eq(data[-b:], b"\x00" * b)
+        )
     ):
         raise InvalidUnwrap()
 
-    return data[:-b]
+    if b == 0:
+        return data
+    else:
+        return data[:-b]
 
 
 def aes_key_unwrap(wrapping_key, wrapped_key, backend):

tests/hazmat/primitives/test_keywrap.py

diff --git a/tests/hazmat/primitives/test_keywrap.py b/tests/hazmat/primitives/test_keywrap.py
index 8311c2a..9b1e43e 100644
--- a/tests/hazmat/primitives/test_keywrap.py
+++ b/tests/hazmat/primitives/test_keywrap.py
@@ -143,6 +143,18 @@
 
     @pytest.mark.parametrize(
         "params",
+        _load_all_params("keywrap", ["kwp_botan.txt"], load_nist_vectors)
+    )
+    def test_wrap_additional_vectors(self, backend, params):
+        wrapping_key = binascii.unhexlify(params["key"])
+        key_to_wrap = binascii.unhexlify(params["input"])
+        wrapped_key = keywrap.aes_key_wrap_with_padding(
+            wrapping_key, key_to_wrap, backend
+        )
+        assert wrapped_key == binascii.unhexlify(params["output"])
+
+    @pytest.mark.parametrize(
+        "params",
         _load_all_params(
             os.path.join("keywrap", "kwtestvectors"),
             ["KWP_AD_128.txt", "KWP_AD_192.txt", "KWP_AD_256.txt"],
@@ -163,6 +175,18 @@
             )
             assert params["p"] == binascii.hexlify(unwrapped_key)
 
+    @pytest.mark.parametrize(
+        "params",
+        _load_all_params("keywrap", ["kwp_botan.txt"], load_nist_vectors)
+    )
+    def test_unwrap_additional_vectors(self, backend, params):
+        wrapping_key = binascii.unhexlify(params["key"])
+        wrapped_key = binascii.unhexlify(params["output"])
+        unwrapped_key = keywrap.aes_key_unwrap_with_padding(
+            wrapping_key, wrapped_key, backend
+        )
+        assert unwrapped_key == binascii.unhexlify(params["input"])
+
     def test_unwrap_invalid_wrapped_key_length(self, backend):
         # Keys to unwrap must be at least 16 bytes
         with pytest.raises(ValueError, match='Must be at least 16 bytes'):