feat: Add aead test for missing last auth tag

openpgp/packet/symmetric_key_encrypted_data_test.go

@@ -4,9 +4,10 @@ package packet
 // by an integrity protected packet (SEIPD v1 or v2).
 
 type packetSequence struct {
-	password string
-	packets  string
-	contents string
+	password         string
+	packets          string
+	contents         string
+	faultyDataPacket string
 }
 
 func keyAndIpePackets() []*packetSequence {
@@ -35,6 +36,8 @@ var symEncRFC9580 = &packetSequence{
 	password: "password",
 	packets:  "c340061e07010b0308a5ae579d1fc5d82bff69224f919993b3506fa3b59a6a73cff8c5efc5f41c57fb54e1c226815d7828f5f92c454eb65ebe00ab5986c68e6e7c55d269020701069ff90e3b321964f3a42913c8dcc6619325015227efb7eaeaa49f04c2e674175d4a3d226ed6afcb9ca9ac122c1470e11c63d4c0ab241c6a938ad48bf99a5a99b90bba8325de61047540258ab7959a95ad051dda96eb15431dfef5f5e2255ca78261546e339a",
 	contents: "cb1362000000000048656c6c6f2c20776f726c6421d50eae5bf0cd6705500355816cb0c8ff",
+	// Missing last authentication chunk
+	faultyDataPacket: "d259020701069ff90e3b321964f3a42913c8dcc6619325015227efb7eaeaa49f04c2e674175d4a3d226ed6afcb9ca9ac122c1470e11c63d4c0ab241c6a938ad48bf99a5a99b90bba8325de61047540258ab7959a95ad051dda96eb",
 }
 
 // From the OpenPGP interoperability test suite (Test: S2K mechanisms, iterated min + esk)

openpgp/packet/symmetric_key_encrypted_test.go

@@ -73,6 +73,16 @@ func TestTagVerificationError(t *testing.T) {
 		packet = readSymmetricallyEncrypted(t, dataPacket)
 		// Decrypt contents and check integrity
 		checkIntegrityError(t, packet, cipherFunc, key)
+
+		if len(testCase.faultyDataPacket) > 0 {
+			dataPacket, err := hex.DecodeString(testCase.faultyDataPacket)
+			if err != nil {
+				t.Fatal(err)
+			}
+			packet = readSymmetricallyEncrypted(t, dataPacket)
+			// Decrypt contents and check integrity
+			checkIntegrityError(t, packet, cipherFunc, key)
+		}
 	}
 }