diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-07-09 07:34:58 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-07-09 08:34:58 -0400 |
| commit | 9d5fc3e5dbe581e1fea9303e684ec9248936df55 (patch) | |
| tree | 6a769a585ba9c2c5e121bb55c169dba17a814c77 | |
| parent | 0c9aed91697c5bc1eb16c2254406149e2395fdae (diff) | |
| download | cryptography-9d5fc3e5dbe581e1fea9303e684ec9248936df55.tar.gz cryptography-9d5fc3e5dbe581e1fea9303e684ec9248936df55.tar.bz2 cryptography-9d5fc3e5dbe581e1fea9303e684ec9248936df55.zip | |
use an instance in aead_cipher_supported (#3772)
* use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/aead.py | 19 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/aead.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_aead.py | 24 |
4 files changed, 28 insertions, 25 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py index 53b10e99..4fde6eae 100644 --- a/src/cryptography/hazmat/backends/openssl/aead.py +++ b/src/cryptography/hazmat/backends/openssl/aead.py @@ -11,12 +11,11 @@ _ENCRYPT = 1 _DECRYPT = 0 -def _aead_cipher_name(cls, key_length): +def _aead_cipher_name(cipher): from cryptography.hazmat.primitives.ciphers.aead import ( ChaCha20Poly1305 ) - assert cls is ChaCha20Poly1305 - assert key_length == 32 or key_length is None + assert isinstance(cipher, ChaCha20Poly1305) return b"chacha20-poly1305" @@ -78,11 +77,10 @@ def _process_data(backend, ctx, data): return backend._ffi.buffer(buf, outlen[0])[:] -def _encrypt(backend, cipher_cls, key, nonce, data, associated_data, - tag_length): - cipher_name = _aead_cipher_name(cipher_cls, len(key)) +def _encrypt(backend, cipher, nonce, data, associated_data, tag_length): + cipher_name = _aead_cipher_name(cipher) ctx = _aead_setup( - backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT + backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT ) _process_aad(backend, ctx, associated_data) @@ -101,15 +99,14 @@ def _encrypt(backend, cipher_cls, key, nonce, data, associated_data, return processed_data + tag -def _decrypt(backend, cipher_cls, key, nonce, data, associated_data, - tag_length): +def _decrypt(backend, cipher, nonce, data, associated_data, tag_length): if len(data) < tag_length: raise InvalidTag tag = data[-tag_length:] data = data[:-tag_length] - cipher_name = _aead_cipher_name(cipher_cls, len(key)) + cipher_name = _aead_cipher_name(cipher) ctx = _aead_setup( - backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT + backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT ) _process_aad(backend, ctx, associated_data) processed_data = _process_data(backend, ctx, data) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 28760aa8..878bbe43 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1924,8 +1924,8 @@ class Backend(object): self.openssl_assert(res == 1) return self._ffi.buffer(buf)[:] - def aead_cipher_supported(self, cls): - cipher_name = aead._aead_cipher_name(cls, None) + def aead_cipher_supported(self, cipher): + cipher_name = aead._aead_cipher_name(cipher) return ( self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL ) diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py index 7d2103d3..8df55fab 100644 --- a/src/cryptography/hazmat/primitives/ciphers/aead.py +++ b/src/cryptography/hazmat/primitives/ciphers/aead.py @@ -13,7 +13,7 @@ from cryptography.hazmat.backends.openssl.backend import backend class ChaCha20Poly1305(object): def __init__(self, key): - if not backend.aead_cipher_supported(type(self)): + if not backend.aead_cipher_supported(self): raise exceptions.UnsupportedAlgorithm( "ChaCha20Poly1305 is not supported by this version of OpenSSL", exceptions._Reasons.UNSUPPORTED_CIPHER @@ -35,7 +35,7 @@ class ChaCha20Poly1305(object): self._check_params(nonce, data, associated_data) return aead._encrypt( - backend, type(self), self._key, nonce, data, associated_data, 16 + backend, self, nonce, data, associated_data, 16 ) def decrypt(self, nonce, data, associated_data): @@ -44,7 +44,7 @@ class ChaCha20Poly1305(object): self._check_params(nonce, data, associated_data) return aead._decrypt( - backend, type(self), self._key, nonce, data, associated_data, 16 + backend, self, nonce, data, associated_data, 16 ) def _check_params(self, nonce, data, associated_data): diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py index bf1e8208..a1ca5ae7 100644 --- a/tests/hazmat/primitives/test_aead.py +++ b/tests/hazmat/primitives/test_aead.py @@ -9,7 +9,7 @@ import os import pytest -from cryptography.exceptions import InvalidTag, _Reasons +from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305 @@ -18,11 +18,17 @@ from ...utils import ( ) -@pytest.mark.supported( - only_if=lambda backend: ( - not backend.aead_cipher_supported(ChaCha20Poly1305) - ), - skip_message="Requires OpenSSL without ChaCha20Poly1305 support" +def _chacha20poly1305_supported(): + try: + ChaCha20Poly1305(b"0" * 32) + return True + except UnsupportedAlgorithm: + return False + + +@pytest.mark.skipif( + _chacha20poly1305_supported(), + reason="Requires OpenSSL without ChaCha20Poly1305 support" ) @pytest.mark.requires_backend_interface(interface=CipherBackend) def test_chacha20poly1305_unsupported_on_older_openssl(backend): @@ -30,9 +36,9 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend): ChaCha20Poly1305(ChaCha20Poly1305.generate_key()) -@pytest.mark.supported( - only_if=lambda backend: backend.aead_cipher_supported(ChaCha20Poly1305), - skip_message="Does not support ChaCha20Poly1305" +@pytest.mark.skipif( + not _chacha20poly1305_supported(), + reason="Does not support ChaCha20Poly1305" ) @pytest.mark.requires_backend_interface(interface=CipherBackend) class TestChaCha20Poly1305(object): |