From 84ac5fc0bb6e9a3f2b6cd099ba84f8ad9cc97f55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= <newpavlov@gmail.com>
Date: Wed, 27 Mar 2024 17:03:29 +0300
Subject: [PATCH] ocb3: fix nonce and tag size bounds

---
 ocb3/README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/ocb3/README.md b/ocb3/README.md
index ea905899..17f02b48 100644
--- a/ocb3/README.md
+++ b/ocb3/README.md
@@ -33,6 +33,32 @@ let plaintext = cipher.decrypt(&nonce, ciphertext.as_ref()).unwrap();
 assert_eq!(&plaintext, b"plaintext message");
 ```
 
+Note that nonce size should be in the range of `6..=15` bytes and tag size in the range of
+`0..=16` bytes. Compilation will fail otherwise:
+
+```rust,compile_fail
+# use aes::Aes128;
+# use ocb3::{aead::{consts::U5, KeyInit}, Ocb3};
+# let key = [0; 16].into();
+// Invalid nonce size equal to 5 bytes
+let cipher = ocb3::Ocb3::<Aes128, U5>::new(&key);
+```
+
+```rust,compile_fail
+# use aes::Aes128;
+# use ocb3::aead::{consts::U16, KeyInit};
+# let key = [0; 16].into();
+// Invalid nonce size equal to 16 bytes
+let cipher = ocb3::Ocb3::<Aes128, U16>::new(&key);
+```
+
+```rust,compile_fail
+# use aes::Aes128;
+# use ocb3::aead::{consts::{U12, U20}, KeyInit};
+# let key = [0; 16].into();
+// Invalid tag size equal to 20 bytes
+let cipher = ocb3::Ocb3::<Aes128, U12, U20>::new(&key);
+```
 
 ## Security Notes