From bb23c6c7cbb3f62f1b1b2480f9dc07c6beba3398 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 15 Jul 2018 09:15:16 +0530 Subject: document one shot AEAD length restrictions (#4322) * document one shot AEAD length restrictions * write a test that won't consume infinity ram continue to raise OverflowError since that's what cffi did. * this applies to associated_data too * remove unneeded arg * review feedback on docs --- docs/hazmat/primitives/aead.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst index ee4214a1..a54cc6fa 100644 --- a/docs/hazmat/primitives/aead.rst +++ b/docs/hazmat/primitives/aead.rst @@ -60,6 +60,8 @@ also support providing integrity for associated data which is not encrypted. authenticated with the key, but does not need to be encrypted. Can be ``None``. :returns bytes: The ciphertext bytes with the 16 byte tag appended. + :raises OverflowError: If ``data`` or ``associated_data`` is larger + than 2\ :sup:`32` bytes. .. method:: decrypt(nonce, data, associated_data) @@ -128,6 +130,8 @@ also support providing integrity for associated data which is not encrypted. :param bytes associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. :returns bytes: The ciphertext bytes with the 16 byte tag appended. + :raises OverflowError: If ``data`` or ``associated_data`` is larger + than 2\ :sup:`32` bytes. .. method:: decrypt(nonce, data, associated_data) @@ -212,6 +216,8 @@ also support providing integrity for associated data which is not encrypted. :param bytes associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. :returns bytes: The ciphertext bytes with the tag appended. + :raises OverflowError: If ``data`` or ``associated_data`` is larger + than 2\ :sup:`32` bytes. .. method:: decrypt(nonce, data, associated_data) -- cgit v1.2.3