also check iv length for GCM nonce in AEAD (#4350)

reaperhulk · alex · commit db62ec9967d9 · 2018-07-17T12:06:10.000-04:00
* also check iv length for GCM nonce in AEAD

* ugh
diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py
@@ -184,3 +184,5 @@ def _check_params(self, nonce, data, associated_data):
         utils._check_bytes("nonce", nonce)
         utils._check_bytes("data", data)
         utils._check_bytes("associated_data", associated_data)
+        if len(nonce) == 0:
+            raise ValueError("Nonce must be at least 1 byte")
diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
@@ -383,6 +383,12 @@ def test_params_not_bytes(self, nonce, data, associated_data, backend):
         with pytest.raises(TypeError):
             aesgcm.decrypt(nonce, data, associated_data)
 
+    def test_invalid_nonce_length(self, backend):
+        key = AESGCM.generate_key(128)
+        aesgcm = AESGCM(key)
+        with pytest.raises(ValueError):
+            aesgcm.encrypt(b"", b"hi", None)
+
     def test_bad_key(self, backend):
         with pytest.raises(TypeError):
             AESGCM(object())
