The process() method signals the caller that the maximum data length
has been reached by returning a ciphertext that is shorter than
the plaintext. The caller must then continue by finalizing the
current object and starting a new one.
The behavior in this case was changed in
cb7a3911f8 to not
propagate the exception from Cryptography, but the unit test
retained the erroneous description.
def test_crypto_aes_gcm_enc_length_cap (self):
"""
Artificially lower the maximum allowable data length and attempt to
- encrypt a larger object. Verify that the crypto handler aborts with and
- exception.
+ encrypt a larger object. Verify that the crypto handler only encrypts
+ data up to the size limit. A downstream user detects that condition by
+ testing whether the encryption step yielded less bytes than the
+ plaintext.
The sibling to this test is test_restore_backup_max_file_length()
in test_delatar.py. Deltatar will transparently create a splitted object
assert (len (rest) == 0)
if len (pt) > new_max:
- assert n < len (pt)
+ # If the plaintext was longer than the artificially lowered
+ # maximum, then the number of ciphertext bytes must be clamped
+ # to the maximum.
+ assert n == new_max
else:
assert n == len (pt) == len (ct)