Add flag to AES CCM testvectors for invalid tag size
alex opened this issue · comments
Alex Gaynor commented
Right now the way to programatically detect these tests is to look at the comment
key. It'd be great if there were a flag for this.
Daniel Bleichenbacher commented
I'll add flags.
Since the size of the flags and the size of nonce is encoded using 3 bits each in the block B0
encryption with invalid values is essentially undefined.
Alex Gaynor commented
For what it's worth, the reason this is desired by us is that we use a different error type for bad nonce
length than we do for other failures, since bad nonce
length is generally a programming bug, as opposed to bad data.