Re: [cryptopp-users] aes/gcm maximum plaintext size; handling of large files

Tue, 12 Aug 2025 05:10:04 -0700 

On Tue, Aug 12, 2025 at 7:45 AM Lana Deere <lana.de...@gmail.com> wrote:

> Using cryptopp 8.9 on debian 12.11 with gcc 14.2 I have an AES/GCM
> encryption program which I am running on a large file (75GB).  It is
> failing with the error "AES/GCM: message length exceeds maximum".  I
> searched around and found information which suggests the maximum file size
> should be 2**39-256, which is a bit less than 550GB.  So it is not clear to
> me why I am getting this error message.  Any ideas on what kind of bug I
> should be looking for?  As a second question, anyone have any advice on
> ways to handle large files which it is desirable to encrypt?  This is not
> the largest file I would like to encrypt and it is plausible I would hit
> the 2**39-256 limit.
>
> The relevant code looks like this:
>     CryptoPP::GCM<CryptoPP::AES>::Encryption encryptor;
>     encryptor.SetKeyWithIV(reinterpret_cast<const CryptoPP::byte
> *>(key.data())
>                           , KeyBytes
>                           , iv.bytes
>                           , IVBytes
>                           );
>
>     CryptoPP::AuthenticatedEncryptionFilter filter(encryptor);
>
>     CryptoPP::FileSource source(plainfile.c_str(), false);
>     CryptoPP::FileSink sink(cipherfile.c_str());
>
>     CryptoPP::ArraySource(iv.bytes, IVBytes, true, new
> CryptoPP::Redirector(sink));
>
>     source.Attach(new CryptoPP::Redirector(filter));
>     filter.Attach(new CryptoPP::Redirector(sink));
>
>     while (!EndOfFile(source) && !source.SourceExhausted())
>     {
>         source.Pump(TransferBytes);
>         filter.Flush(false);
>     }
>     filter.MessageEnd();
>

GCM plaintext maximum length is specified in bits, not bytes. See
SP800-39D, Section 5.2.1.1 Input Data, p. 8, <
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf>.
That leads to:

    2^39 - 256 = 549755813632
    549755813632 / 8 = 68719476704

The limit is declared in gcm.h, <
https://github.com/weidai11/cryptopp/blob/master/gcm.h#L61>. The maximum
plaintext limit is enforced in authenc.cpp, <
https://github.com/weidai11/cryptopp/blob/master/authenc.cpp#L109>.

Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8kdtNcJGPmkDBfOSLPAMn6RyNG0uEOEfpYPGgciMWqtww%40mail.gmail.com.

Reply via email to