From b073c8cd31f27af8002174999904556ec283ac7e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 19:55:07 -0500 Subject: put the AAD and encrypted byte limit checks in the parent context --- src/cryptography/hazmat/primitives/ciphers/base.py | 19 ++++++++++++++ .../hazmat/primitives/ciphers/modes.py | 2 ++ tests/hazmat/primitives/test_aes.py | 30 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py index 8f3028fc..dae93655 100644 --- a/src/cryptography/hazmat/primitives/ciphers/base.py +++ b/src/cryptography/hazmat/primitives/ciphers/base.py @@ -149,6 +149,8 @@ class _CipherContext(object): class _AEADCipherContext(object): def __init__(self, ctx): self._ctx = ctx + self._bytes_processed = 0 + self._aad_bytes_processed = 0 self._tag = None self._updated = False @@ -156,6 +158,14 @@ class _AEADCipherContext(object): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") self._updated = True + self._bytes_processed += len(data) + if self._bytes_processed > self._ctx._mode._MAX_ENCRYPTED_BYTES: + raise ValueError( + "{0} has a maximum encrypted byte limit of {1}".format( + self._ctx._mode.name, self._ctx._mode._MAX_ENCRYPTED_BYTES + ) + ) + return self._ctx.update(data) def finalize(self): @@ -171,6 +181,15 @@ class _AEADCipherContext(object): raise AlreadyFinalized("Context was already finalized.") if self._updated: raise AlreadyUpdated("Update has been called on this context.") + + self._aad_bytes_processed += len(data) + if self._aad_bytes_processed > self._ctx._mode._MAX_AAD_BYTES: + raise ValueError( + "{0} has a maximum AAD byte limit of {0}".format( + self._ctx._mode.name, self._ctx._mode._MAX_AAD_BYTES + ) + ) + self._ctx.authenticate_additional_data(data) diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py index e31c9060..4284042d 100644 --- a/src/cryptography/hazmat/primitives/ciphers/modes.py +++ b/src/cryptography/hazmat/primitives/ciphers/modes.py @@ -139,6 +139,8 @@ class CTR(object): @utils.register_interface(ModeWithAuthenticationTag) class GCM(object): name = "GCM" + _MAX_ENCRYPTED_BYTES = (2 ** 39 - 256) // 8 + _MAX_AAD_BYTES = (2 ** 64) // 8 def __init__(self, initialization_vector, tag=None, min_tag_length=16): # len(initialization_vector) must in [1, 2 ** 64), but it's impossible diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 4d48e8ad..32892678 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -253,3 +253,33 @@ class TestAESModeGCM(object): computed_ct = encryptor.update(pt) + encryptor.finalize() assert computed_ct == ct assert encryptor.tag == tag + + def test_gcm_ciphertext_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the encryption limit + near_limit_bytes = (2 ** 39 - 256 - 128) // 8 + encryptor._bytes_processed = near_limit_bytes + encryptor.update(b"0" * 16) + assert ( + encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES + ) + with pytest.raises(ValueError): + encryptor.update(b"0") + + def test_gcm_aad_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the AAD limit + near_limit_bytes = (2 ** 64 - 128) // 8 + encryptor._aad_bytes_processed = near_limit_bytes + encryptor.authenticate_additional_data(b"0" * 16) + assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES + with pytest.raises(ValueError): + encryptor.authenticate_additional_data(b"0") -- cgit v1.2.3 From 463de43d9cc05ae97e08b3d439b70d44c70f9f62 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:05:53 -0500 Subject: add additional increment tests --- tests/hazmat/primitives/test_aes.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 32892678..06e8adf8 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -270,16 +270,26 @@ class TestAESModeGCM(object): with pytest.raises(ValueError): encryptor.update(b"0") - def test_gcm_aad_limit(self, backend): + def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the AAD limit - near_limit_bytes = (2 ** 64 - 128) // 8 - encryptor._aad_bytes_processed = near_limit_bytes - encryptor.authenticate_additional_data(b"0" * 16) - assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES - with pytest.raises(ValueError): - encryptor.authenticate_additional_data(b"0") + encryptor.update(b"0" * 8) + assert encryptor._bytes_processed == 8 + encryptor.update(b"0" * 7) + assert encryptor._bytes_processed == 15 + encryptor.update(b"0" * 18) + assert encryptor._bytes_processed == 33 + + def test_gcm_aad_increments(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + encryptor.authenticate_additional_data(b"0" * 8) + assert encryptor._aad_bytes_processed == 8 + encryptor.authenticate_additional_data(b"0" * 18) + assert encryptor._aad_bytes_processed == 26 -- cgit v1.2.3 From d5119d530b4bd15cae9e758972e0407a5bcdd244 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:21:33 -0500 Subject: add missing test, simplify encrypted byte near limit calculation --- tests/hazmat/primitives/test_aes.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 06e8adf8..f079ae4f 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -260,9 +260,7 @@ class TestAESModeGCM(object): modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the encryption limit - near_limit_bytes = (2 ** 39 - 256 - 128) // 8 - encryptor._bytes_processed = near_limit_bytes + encryptor._bytes_processed = modes.GCM._MAX_ENCRYPTED_BYTES - 16 encryptor.update(b"0" * 16) assert ( encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES @@ -270,6 +268,20 @@ class TestAESModeGCM(object): with pytest.raises(ValueError): encryptor.update(b"0") + def test_gcm_aad_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the AAD limit + near_limit_bytes = (2 ** 64 - 128) // 8 + encryptor._aad_bytes_processed = near_limit_bytes + encryptor.authenticate_additional_data(b"0" * 16) + assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES + with pytest.raises(ValueError): + encryptor.authenticate_additional_data(b"0") + def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), -- cgit v1.2.3 From 326502a8535e72fe76fdf61762cdf66198370799 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:23:11 -0500 Subject: do the same simplification to the aad test --- tests/hazmat/primitives/test_aes.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index f079ae4f..2c3e5f90 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -274,9 +274,7 @@ class TestAESModeGCM(object): modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the AAD limit - near_limit_bytes = (2 ** 64 - 128) // 8 - encryptor._aad_bytes_processed = near_limit_bytes + encryptor._aad_bytes_processed = modes.GCM._MAX_AAD_BYTES - 16 encryptor.authenticate_additional_data(b"0" * 16) assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES with pytest.raises(ValueError): -- cgit v1.2.3