From bb23c6c7cbb3f62f1b1b2480f9dc07c6beba3398 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 15 Jul 2018 09:15:16 +0530
Subject: document one shot AEAD length restrictions (#4322)

* document one shot AEAD length restrictions

* write a test that won't consume infinity ram

continue to raise OverflowError since that's what cffi did.

* this applies to associated_data too

* remove unneeded arg

* review feedback on docs
---
 tests/hazmat/primitives/test_aead.py | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
index dc2f357b..a0cc79e1 100644
--- a/tests/hazmat/primitives/test_aead.py
+++ b/tests/hazmat/primitives/test_aead.py
@@ -22,6 +22,11 @@ from ...utils import (
 )
 
 
+class FakeData(object):
+    def __len__(self):
+        return 2 ** 32 + 1
+
+
 def _aead_supported(cls):
     try:
         cls(b"0" * 32)
@@ -46,6 +51,17 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend):
 )
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestChaCha20Poly1305(object):
+    def test_data_too_large(self):
+        key = ChaCha20Poly1305.generate_key()
+        chacha = ChaCha20Poly1305(key)
+        nonce = b"0" * 12
+
+        with pytest.raises(OverflowError):
+            chacha.encrypt(nonce, FakeData(), b"")
+
+        with pytest.raises(OverflowError):
+            chacha.encrypt(nonce, b"", FakeData())
+
     def test_generate_key(self):
         key = ChaCha20Poly1305.generate_key()
         assert len(key) == 32
@@ -168,6 +184,17 @@ def test_aesccm_unsupported_on_older_openssl(backend):
 )
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestAESCCM(object):
+    def test_data_too_large(self):
+        key = AESCCM.generate_key(128)
+        aesccm = AESCCM(key)
+        nonce = b"0" * 12
+
+        with pytest.raises(OverflowError):
+            aesccm.encrypt(nonce, FakeData(), b"")
+
+        with pytest.raises(OverflowError):
+            aesccm.encrypt(nonce, b"", FakeData())
+
     def test_default_tag_length(self, backend):
         key = AESCCM.generate_key(128)
         aesccm = AESCCM(key)
@@ -309,6 +336,17 @@ def _load_gcm_vectors():
 
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestAESGCM(object):
+    def test_data_too_large(self):
+        key = AESGCM.generate_key(128)
+        aesgcm = AESGCM(key)
+        nonce = b"0" * 12
+
+        with pytest.raises(OverflowError):
+            aesgcm.encrypt(nonce, FakeData(), b"")
+
+        with pytest.raises(OverflowError):
+            aesgcm.encrypt(nonce, b"", FakeData())
+
     @pytest.mark.parametrize("vector", _load_gcm_vectors())
     def test_vectors(self, vector):
         key = binascii.unhexlify(vector["key"])
-- 
cgit v1.2.3