From d261e9ae6a24bd56f4ba33ab721828d4457f3678 Mon Sep 17 00:00:00 2001 From: Eli Grubb Date: Wed, 17 Jun 2026 07:12:39 +0000 Subject: [PATCH 1/2] Use aes_gcm constants for maximums --- xaes-256-gcm/src/lib.rs | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/xaes-256-gcm/src/lib.rs b/xaes-256-gcm/src/lib.rs index ecd1e7f2..0864ac52 100644 --- a/xaes-256-gcm/src/lib.rs +++ b/xaes-256-gcm/src/lib.rs @@ -67,14 +67,10 @@ pub type Key = aes_gcm::Key; pub type Tag = aes_gcm::Tag; /// Maximum length of plaintext. -pub const P_MAX: u64 = 1 << 36; +pub const P_MAX: u64 = aes_gcm::P_MAX; /// Maximum length of associated data. -// pub const A_MAX: u64 = 1 << 61; -pub const A_MAX: u64 = 1 << 36; - -/// Maximum length of ciphertext. -pub const C_MAX: u64 = (1 << 36) + 16; +pub const A_MAX: u64 = aes_gcm::A_MAX; impl AeadCore for Xaes256Gcm { type NonceSize = NonceSize; @@ -133,7 +129,7 @@ impl AeadInOut for Xaes256Gcm { buffer: InOutBuf<'_, '_, u8>, tag: &Tag, ) -> Result<(), Error> { - if buffer.len() as u64 > C_MAX || associated_data.len() as u64 > A_MAX { + if buffer.len() as u64 > P_MAX || associated_data.len() as u64 > A_MAX { return Err(Error); } From 165df2f59424b5f1435b88ddb4fa70b8631a7491 Mon Sep 17 00:00:00 2001 From: Eli Grubb Date: Thu, 18 Jun 2026 16:36:49 +0000 Subject: [PATCH 2/2] include comment on why C_MAX == P_MAX --- xaes-256-gcm/src/lib.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xaes-256-gcm/src/lib.rs b/xaes-256-gcm/src/lib.rs index 0864ac52..efe1242f 100644 --- a/xaes-256-gcm/src/lib.rs +++ b/xaes-256-gcm/src/lib.rs @@ -129,6 +129,9 @@ impl AeadInOut for Xaes256Gcm { buffer: InOutBuf<'_, '_, u8>, tag: &Tag, ) -> Result<(), Error> { + // Operating in a detached state, where the tag is handled separately + // from the ciphertext, means the ciphertext is always the same length + // as the plaintext. So, checking `P_MAX` is acceptable. if buffer.len() as u64 > P_MAX || associated_data.len() as u64 > A_MAX { return Err(Error); }