Raise an exception if a tag is provided 2x: (#9861)

Once in GCM() and a second time via finalize_with_tag
pyca · Nov 11, 2023 · dafb7fd · dafb7fd
1 parent 9836c11
commit dafb7fd
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py
@@ -250,6 +250,11 @@ class _AEADDecryptionContext(_AEADCipherContext, AEADDecryptionContext):
     def finalize_with_tag(self, tag: bytes) -> bytes:
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized.")
+        if self._ctx._tag is not None:
+            raise ValueError(
+                "tag provided both in mode and in call with finalize_with_tag:"
+                " tag should only be provided once"
+            )
         data = self._ctx.finalize_with_tag(tag)
         self._tag = self._ctx.tag
         self._ctx = None

diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
@@ -290,6 +290,21 @@ def test_finalize_with_tag_already_finalized(self, backend):
         with pytest.raises(AlreadyFinalized):
             decryptor.finalize_with_tag(encryptor.tag)
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            AES(b"\x00" * 16), modes.GCM(b"0" * 12)
+        ),
+        skip_message="Does not support AES GCM",
+    )
+    def test_finalize_with_tag_duplicate_tag(self, backend):
+        decryptor = ciphers.Cipher(
+            AES(b"\x00" * 16),
+            modes.GCM(b"\x00" * 12, tag=b"\x00" * 16),
+            backend,
+        ).decryptor()
+        with pytest.raises(ValueError):
+            decryptor.finalize_with_tag(b"\x00" * 16)
+
     @pytest.mark.parametrize(
         "params",
         load_vectors_from_file(