Skip to content

Commit

Permalink
Correct plaintext size limitation
Browse files Browse the repository at this point in the history
  • Loading branch information
tbrezot committed Sep 20, 2022
1 parent c702042 commit 3e92015
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
11 changes: 6 additions & 5 deletions src/symmetric_crypto/aes_256_gcm_pure/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ const NONCE_LENGTH: usize = 12;
/// Use a 128-bit MAC tag
const MAC_LENGTH: usize = 16;

/// A 96-bit nonce restricts the plaintext size to 4096 bytes
const MAX_PLAINTEXT_LENGTH: usize = 4096;
/// Plaintext size restriction from the NIST
/// https://csrc.nist.gov/publications/detail/sp/800-38d/final
const MAX_PLAINTEXT_LENGTH: u64 = (2u64.pow(39) - 256) / 8;

/// Structure implementing `SymmetricCrypto` and the `DEM` interfaces based on
/// AES 256 GCM.
Expand All @@ -47,7 +48,7 @@ impl Dem<KEY_LENGTH> for Aes256GcmCrypto {
plaintext: &[u8],
additional_data: Option<&[u8]>,
) -> Result<Vec<u8>, CryptoCoreError> {
if plaintext.len() > MAX_PLAINTEXT_LENGTH {
if plaintext.len() as u64 > MAX_PLAINTEXT_LENGTH {
return Err(CryptoCoreError::InvalidSize(format!(
"Plaintext is too large ({} bytes), max size: {} ",
plaintext.len(),
Expand Down Expand Up @@ -79,11 +80,11 @@ impl Dem<KEY_LENGTH> for Aes256GcmCrypto {
Self::ENCRYPTION_OVERHEAD
)));
}
if ciphertext.len() > MAX_PLAINTEXT_LENGTH + Self::ENCRYPTION_OVERHEAD {
if ciphertext.len() as u64 > MAX_PLAINTEXT_LENGTH + Self::ENCRYPTION_OVERHEAD as u64 {
return Err(CryptoCoreError::InvalidSize(format!(
"Ciphertext is too large ({} bytes), max size: {} ",
ciphertext.len(),
MAX_PLAINTEXT_LENGTH + Self::ENCRYPTION_OVERHEAD
MAX_PLAINTEXT_LENGTH + Self::ENCRYPTION_OVERHEAD as u64
)));
}
// The ciphertext is of the form: nonce || AEAS ciphertext
Expand Down
2 changes: 1 addition & 1 deletion src/symmetric_crypto/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ pub trait Dem<const KEY_LENGTH: usize>: Debug + PartialEq {
///
/// - `rng` : secure random number generator
/// - `secret_key` : secret symmetric key
/// - `plaintext` : plaintext message
/// - `plaintext` : plaintext message
/// - `aad` : optional data to use in the authentication method,
/// must use the same for decryption
fn encrypt<R: RngCore + CryptoRng>(
Expand Down

0 comments on commit 3e92015

Please sign in to comment.