aes-gcm: only return the real mac (which is only 128b, 16B)

code using id_hash output still expects 256b (32B), thus added a workaround for GHASH/GMAC.

attic/crypto.pyx

@@ -179,8 +179,7 @@ cdef class AES:
                 # Get tag (mac) - only GCM mode. for CTR, the returned mac is undefined
                 if not EVP_CIPHER_CTX_ctrl(&self.ctx, EVP_CTRL_GCM_GET_TAG, MAC_SIZE, mac):
                     raise Exception('EVP_CIPHER_CTX_ctrl GET TAG failed')
-            # hack: caller wants 32B tags (256b), so we give back that amount
-            return (mac[:MAC_SIZE] + b'\x00'*16), out[:ctl]
+            return (mac[:MAC_SIZE]), out[:ctl]
         finally:
             free(mac)
             free(out)

attic/key.py

@@ -112,7 +112,7 @@ class GHASH:
         # GMAC = aes-gcm with all data as AAD, no data as to-be-encrypted data
         mac_cipher.add(bytes(self.data))
         hash, _ = mac_cipher.compute_mac_and_encrypt(b'')
-        return hash
+        return hash + b'\0'*16  # XXX hashindex code wants 32 bytes (256 bit)
 
 
 class HMAC_SHA256(HMAC):

attic/testsuite/crypto.py

@@ -48,7 +48,7 @@ class CryptoTestCase(AtticTestCase):
         # encrypt
         aes = AES(mode=AES_GCM_MODE, is_encrypt=True, key=key, iv=iv)
         mac, cdata = aes.compute_mac_and_encrypt(data)
-        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb00000000000000000000000000000000')
+        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb')
         self.assert_equal(hexlify(cdata), b'841bcce405df769d22ee9f7f012edf5dc7fb2594d924c7400ffd050f2741')
         # decrypt (correct mac/cdata)
         aes = AES(mode=AES_GCM_MODE, is_encrypt=False, key=key, iv=iv)