Fix test_mac_with_cryptographic_failure unit test.

This test is meant to intentionally trigger an exception in the cryptography library by creating a CMAC with a non-block cipher algorithm, IDEA. That doesn't work any more because IDEA is now treated as a block cipher algorithm. To fix this, we now use the ARC4 algorithm instead, which does trigger the expected exception.
OpenKMIP · Aug 11, 2023 · 0b63de9 · 0b63de9
1 parent f0a44b2
commit 0b63de9
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py
@@ -269,8 +269,7 @@ def mac(self, algorithm, key, data):
             )
             cipher_algorithm = self._symmetric_key_algorithms.get(algorithm)
             try:
-                # ARC4 and IDEA algorithms will raise exception as CMAC
-                # requires block ciphers
+                # ARC4 and other non-block cipher algorithms will raise TypeError exceptions
                 c = cmac.CMAC(cipher_algorithm(key), backend=default_backend())
                 c.update(data)
                 mac_data = c.finalize()

diff --git a/kmip/tests/unit/services/server/crypto/test_engine.py b/kmip/tests/unit/services/server/crypto/test_engine.py
@@ -247,8 +247,8 @@ def __init__(self):
 
         engine = crypto.CryptographyEngine()
 
-        # IDEA is not block cipher so cmac should raise exception
-        args = [enums.CryptographicAlgorithm.IDEA, key, data]
+        # RC4 is not block cipher so cmac should raise exception
+        args = [enums.CryptographicAlgorithm.RC4, key, data]
         self.assertRaises(
             exceptions.CryptographicFailure,
             engine.mac,