Merge pull request #2093 from reaperhulk/gcm-fix-forever-maybe

GCM AAD and encrypted byte limit checks in AEADCipherContext
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-07-01 22:23:14 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-07-01 22:23:14 -0400
commit: fed316361545660e6161f9b4981971b5abf72b93 (patch)
tree: 50d286f6104fbae075b9432d11b70754a4cb5925 /tests
parent: ec3cc9bd730b6799424dc3f69b79d490eaa2f07d (diff)
parent: 326502a8535e72fe76fdf61762cdf66198370799 (diff)
download: cryptography-fed316361545660e6161f9b4981971b5abf72b93.tar.gz
cryptography-fed316361545660e6161f9b4981971b5abf72b93.tar.bz2
cryptography-fed316361545660e6161f9b4981971b5abf72b93.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 4d48e8ad..2c3e5f90 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -253,3 +253,53 @@ class TestAESModeGCM(object):
         computed_ct = encryptor.update(pt) + encryptor.finalize()
         assert computed_ct == ct
         assert encryptor.tag == tag
+
+    def test_gcm_ciphertext_limit(self, backend):
+        encryptor = base.Cipher(
+            algorithms.AES(b"\x00" * 16),
+            modes.GCM(b"\x01" * 16),
+            backend=backend
+        ).encryptor()
+        encryptor._bytes_processed = modes.GCM._MAX_ENCRYPTED_BYTES - 16
+        encryptor.update(b"0" * 16)
+        assert (
+            encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES
+        )
+        with pytest.raises(ValueError):
+            encryptor.update(b"0")
+
+    def test_gcm_aad_limit(self, backend):
+        encryptor = base.Cipher(
+            algorithms.AES(b"\x00" * 16),
+            modes.GCM(b"\x01" * 16),
+            backend=backend
+        ).encryptor()
+        encryptor._aad_bytes_processed = modes.GCM._MAX_AAD_BYTES - 16
+        encryptor.authenticate_additional_data(b"0" * 16)
+        assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES
+        with pytest.raises(ValueError):
+            encryptor.authenticate_additional_data(b"0")
+
+    def test_gcm_ciphertext_increments(self, backend):
+        encryptor = base.Cipher(
+            algorithms.AES(b"\x00" * 16),
+            modes.GCM(b"\x01" * 16),
+            backend=backend
+        ).encryptor()
+        encryptor.update(b"0" * 8)
+        assert encryptor._bytes_processed == 8
+        encryptor.update(b"0" * 7)
+        assert encryptor._bytes_processed == 15
+        encryptor.update(b"0" * 18)
+        assert encryptor._bytes_processed == 33
+
+    def test_gcm_aad_increments(self, backend):
+        encryptor = base.Cipher(
+            algorithms.AES(b"\x00" * 16),
+            modes.GCM(b"\x01" * 16),
+            backend=backend
+        ).encryptor()
+        encryptor.authenticate_additional_data(b"0" * 8)
+        assert encryptor._aad_bytes_processed == 8
+        encryptor.authenticate_additional_data(b"0" * 18)
+        assert encryptor._aad_bytes_processed == 26
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-07-01 22:23:14 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-07-01 22:23:14 -0400
commit	fed316361545660e6161f9b4981971b5abf72b93 (patch)
tree	50d286f6104fbae075b9432d11b70754a4cb5925 /tests
parent	ec3cc9bd730b6799424dc3f69b79d490eaa2f07d (diff)
parent	326502a8535e72fe76fdf61762cdf66198370799 (diff)
download	cryptography-fed316361545660e6161f9b4981971b5abf72b93.tar.gz cryptography-fed316361545660e6161f9b4981971b5abf72b93.tar.bz2 cryptography-fed316361545660e6161f9b4981971b5abf72b93.zip