From: Thomas Jarosch Date: Mon, 27 Jan 2020 17:21:50 +0000 (+0100) Subject: Document source of the AES GCM size limit X-Git-Tag: v2.2~7^2~10 X-Git-Url: http://developer.intra2net.com/git/?p=python-delta-tar;a=commitdiff_plain;h=c89d123c85b30fc81e89d144c5a4e5fea5c7e127 Document source of the AES GCM size limit Also verified our bit left shift operations match the numbers. --- diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 2567c29..8928737 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -315,7 +315,11 @@ FMT_I2N_HDR = ("<" # host byte order # aes+gcm AES_KEY_SIZE = 16 # b"0123456789abcdef" AES_KEY_SIZE_B64 = 24 # b'MDEyMzQ1Njc4OWFiY2RlZg==' -AES_GCM_MAX_SIZE = (1 << 36) - (1 << 5) # 2^39 - 2^8 b ≅ 64 GB + +AES_GCM_MAX_SIZE = (1 << 36) - (1 << 5) # 2^39 - 2^8 b ≅ 64 GB. + # Source: NIST SP 800-38D section 5.2.1.1 +# https://crypto.stackexchange.com/questions/31793/plain-text-size-limits-for-aes-gcm-mode-just-64gb + PDTCRYPT_MAX_OBJ_SIZE_DEFAULT = 63 * (1 << 30) # 63 GB PDTCRYPT_MAX_OBJ_SIZE = PDTCRYPT_MAX_OBJ_SIZE_DEFAULT