From 4531b2383ab20d810d165d518cbe4bcf95274491 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 11 Nov 2023 11:17:40 -0500 Subject: [PATCH] Expand and improve tests for GCM limits refs #9859 --- tests/hazmat/primitives/test_aes_gcm.py | 46 +++++++++++++++++-------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/tests/hazmat/primitives/test_aes_gcm.py b/tests/hazmat/primitives/test_aes_gcm.py index c1154a96292b..7802a0e23d81 100644 --- a/tests/hazmat/primitives/test_aes_gcm.py +++ b/tests/hazmat/primitives/test_aes_gcm.py @@ -14,6 +14,14 @@ from .utils import generate_aead_test +def _advance(ctx, n): + ctx._bytes_processed += n + + +def _advance_aad(ctx, n): + ctx._aad_bytes_processed += n + + @pytest.mark.supported( only_if=lambda backend: backend.cipher_supported( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x00" * 12) @@ -66,35 +74,45 @@ def test_gcm_ciphertext_with_no_aad(self, backend): assert encryptor.tag == tag def test_gcm_ciphertext_limit(self, backend): - encryptor = base.Cipher( + cipher = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, - ).encryptor() - new_max = modes.GCM._MAX_ENCRYPTED_BYTES - 16 - encryptor._bytes_processed = new_max # type: ignore[attr-defined] + ) + encryptor = cipher.encryptor() + _advance(encryptor, modes.GCM._MAX_ENCRYPTED_BYTES - 16) encryptor.update(b"0" * 16) - max = modes.GCM._MAX_ENCRYPTED_BYTES - assert encryptor._bytes_processed == max # type: ignore[attr-defined] with pytest.raises(ValueError): encryptor.update(b"0") + with pytest.raises(ValueError): + encryptor.update_into(b"0", bytearray(1)) + + decryptor = cipher.decryptor() + _advance(decryptor, modes.GCM._MAX_ENCRYPTED_BYTES - 16) + decryptor.update(b"0" * 16) + with pytest.raises(ValueError): + decryptor.update(b"0") + with pytest.raises(ValueError): + decryptor.update_into(b"0", bytearray(1)) def test_gcm_aad_limit(self, backend): - encryptor = base.Cipher( + cipher = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, - ).encryptor() - new_max = modes.GCM._MAX_AAD_BYTES - 16 - encryptor._aad_bytes_processed = new_max # type: ignore[attr-defined] - encryptor.authenticate_additional_data(b"0" * 16) - max = modes.GCM._MAX_AAD_BYTES - assert ( - encryptor._aad_bytes_processed == max # type: ignore[attr-defined] ) + encryptor = cipher.encryptor() + _advance_aad(encryptor, modes.GCM._MAX_AAD_BYTES - 16) + encryptor.authenticate_additional_data(b"0" * 16) with pytest.raises(ValueError): encryptor.authenticate_additional_data(b"0") + decryptor = cipher.decryptor() + _advance_aad(decryptor, modes.GCM._MAX_AAD_BYTES - 16) + decryptor.authenticate_additional_data(b"0" * 16) + with pytest.raises(ValueError): + decryptor.authenticate_additional_data(b"0") + def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16),