From b073c8cd31f27af8002174999904556ec283ac7e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 19:55:07 -0500 Subject: put the AAD and encrypted byte limit checks in the parent context --- tests/hazmat/primitives/test_aes.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 4d48e8ad..32892678 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -253,3 +253,33 @@ class TestAESModeGCM(object): computed_ct = encryptor.update(pt) + encryptor.finalize() assert computed_ct == ct assert encryptor.tag == tag + + def test_gcm_ciphertext_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the encryption limit + near_limit_bytes = (2 ** 39 - 256 - 128) // 8 + encryptor._bytes_processed = near_limit_bytes + encryptor.update(b"0" * 16) + assert ( + encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES + ) + with pytest.raises(ValueError): + encryptor.update(b"0") + + def test_gcm_aad_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the AAD limit + near_limit_bytes = (2 ** 64 - 128) // 8 + encryptor._aad_bytes_processed = near_limit_bytes + encryptor.authenticate_additional_data(b"0" * 16) + assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES + with pytest.raises(ValueError): + encryptor.authenticate_additional_data(b"0") -- cgit v1.2.3 From 463de43d9cc05ae97e08b3d439b70d44c70f9f62 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:05:53 -0500 Subject: add additional increment tests --- tests/hazmat/primitives/test_aes.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 32892678..06e8adf8 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -270,16 +270,26 @@ class TestAESModeGCM(object): with pytest.raises(ValueError): encryptor.update(b"0") - def test_gcm_aad_limit(self, backend): + def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the AAD limit - near_limit_bytes = (2 ** 64 - 128) // 8 - encryptor._aad_bytes_processed = near_limit_bytes - encryptor.authenticate_additional_data(b"0" * 16) - assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES - with pytest.raises(ValueError): - encryptor.authenticate_additional_data(b"0") + encryptor.update(b"0" * 8) + assert encryptor._bytes_processed == 8 + encryptor.update(b"0" * 7) + assert encryptor._bytes_processed == 15 + encryptor.update(b"0" * 18) + assert encryptor._bytes_processed == 33 + + def test_gcm_aad_increments(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + encryptor.authenticate_additional_data(b"0" * 8) + assert encryptor._aad_bytes_processed == 8 + encryptor.authenticate_additional_data(b"0" * 18) + assert encryptor._aad_bytes_processed == 26 -- cgit v1.2.3 From d5119d530b4bd15cae9e758972e0407a5bcdd244 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:21:33 -0500 Subject: add missing test, simplify encrypted byte near limit calculation --- tests/hazmat/primitives/test_aes.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 06e8adf8..f079ae4f 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -260,9 +260,7 @@ class TestAESModeGCM(object): modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the encryption limit - near_limit_bytes = (2 ** 39 - 256 - 128) // 8 - encryptor._bytes_processed = near_limit_bytes + encryptor._bytes_processed = modes.GCM._MAX_ENCRYPTED_BYTES - 16 encryptor.update(b"0" * 16) assert ( encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES @@ -270,6 +268,20 @@ class TestAESModeGCM(object): with pytest.raises(ValueError): encryptor.update(b"0") + def test_gcm_aad_limit(self, backend): + encryptor = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(b"\x01" * 16), + backend=backend + ).encryptor() + # 16 bytes less than the AAD limit + near_limit_bytes = (2 ** 64 - 128) // 8 + encryptor._aad_bytes_processed = near_limit_bytes + encryptor.authenticate_additional_data(b"0" * 16) + assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES + with pytest.raises(ValueError): + encryptor.authenticate_additional_data(b"0") + def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), -- cgit v1.2.3 From 326502a8535e72fe76fdf61762cdf66198370799 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 1 Jul 2015 20:23:11 -0500 Subject: do the same simplification to the aad test --- tests/hazmat/primitives/test_aes.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index f079ae4f..2c3e5f90 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -274,9 +274,7 @@ class TestAESModeGCM(object): modes.GCM(b"\x01" * 16), backend=backend ).encryptor() - # 16 bytes less than the AAD limit - near_limit_bytes = (2 ** 64 - 128) // 8 - encryptor._aad_bytes_processed = near_limit_bytes + encryptor._aad_bytes_processed = modes.GCM._MAX_AAD_BYTES - 16 encryptor.authenticate_additional_data(b"0" * 16) assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES with pytest.raises(ValueError): -- cgit v1.2.3