diff options
author | Russ Housley <housley@vigilsec.com> | 2018-12-30 16:11:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-30 16:11:10 -0500 |
commit | c9fcdf41d60b34434e2d2888453542a4c76a516e (patch) | |
tree | c53755299372cfe691d1d1bb3a74fbf88e2aef95 | |
parent | f6c0d238039b8050bda0be3f482f0438ac6581e3 (diff) | |
download | pyasn1-modules-c9fcdf41d60b34434e2d2888453542a4c76a516e.tar.gz |
Update rfc5084.py
Add the INTEGER constraints for AES_CCM_ICVlen and AES_GCM_ICVlen.
-rw-r--r-- | pyasn1_modules/rfc5084.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/pyasn1_modules/rfc5084.py b/pyasn1_modules/rfc5084.py index 6dcaf33..d541df7 100644 --- a/pyasn1_modules/rfc5084.py +++ b/pyasn1_modules/rfc5084.py @@ -38,12 +38,19 @@ class CCMParameters(univ.Sequence): pass +AES_CCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(4, 16) + + +AES_GCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(12, 16) + + CCMParameters.componentType = namedtype.NamedTypes( namedtype.NamedType('aes-nonce', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(7, 13))), # The aes-nonce parameter contains 15-L octets, where L is the size of the length field. L=8 is RECOMMENDED. # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique. namedtype.DefaultedNamedType('aes-ICVlen', AES_CCM_ICVlen().subtype(value=12)) - # the programmer must make sure that the AES_CCM_ICVlen is 4, 6, 8, 10, 12, 14, or 16 + # The programmer must make sure that the AES_CCM_ICVlen is 4, 6, 8, 10, 12, 14, or 16. + # The contraint above will only limit it to 4..16, but will not prohibit the odd numbers. ) @@ -57,7 +64,6 @@ GCMParameters.componentType = namedtype.NamedTypes( # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique. # A nonce value of 12 octets can be processed more efficiently, so that length is RECOMMENDED. namedtype.DefaultedNamedType('aes-ICVlen', AES_GCM_ICVlen().subtype(value=12)) - # the programmer must make sure that the AES_GCM_ICVlen is 12, 13, 14, 15, or 16 ) |