diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-09-09 22:09:21 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-09-10 19:47:50 -0500 |
commit | fe9b82d1526113f6f08e5de9b8d5e75ab1527bbd (patch) | |
tree | b118b0daa9b433c4a10099aca73faef20c3189f0 | |
parent | 13f108f926a84eec9c0598164f25cedaece567e3 (diff) | |
download | cryptography-fe9b82d1526113f6f08e5de9b8d5e75ab1527bbd.tar.gz cryptography-fe9b82d1526113f6f08e5de9b8d5e75ab1527bbd.tar.bz2 cryptography-fe9b82d1526113f6f08e5de9b8d5e75ab1527bbd.zip |
add ECB support to create_block_cipher_context
* This is a basic refactor to support ECB and CBC mode in this method.
We can use this as a starting point to discuss a better solution.
-rw-r--r-- | cryptography/bindings/openssl/api.py | 14 | ||||
-rw-r--r-- | tests/bindings/test_openssl.py | 6 |
2 files changed, 19 insertions, 1 deletions
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py index 54a74d03..17823786 100644 --- a/cryptography/bindings/openssl/api.py +++ b/cryptography/bindings/openssl/api.py @@ -74,9 +74,11 @@ class API(object): assert evp_cipher != self._ffi.NULL # TODO: only use the key and initialization_vector as needed. Sometimes # this needs to be a DecryptInit, when? + iv = self._get_iv(mode) + res = self._lib.EVP_EncryptInit_ex( ctx, evp_cipher, self._ffi.NULL, cipher.key, - mode.initialization_vector + iv ) assert res != 0 @@ -85,6 +87,16 @@ class API(object): self._lib.EVP_CIPHER_CTX_set_padding(ctx, 0) return ctx + def _get_iv(self, mode): + # TODO: refactor this to visitor pattern + klass_name = mode.__class__.__name__ + if klass_name == 'CBC': + return mode.initialization_vector + elif klass_name == 'ECB': + return self._ffi.NULL + else: + raise NotImplementedError + def update_encrypt_context(self, ctx, plaintext): buf = self._ffi.new("unsigned char[]", len(plaintext)) outlen = self._ffi.new("int *") diff --git a/tests/bindings/test_openssl.py b/tests/bindings/test_openssl.py index 1579f002..e4b73460 100644 --- a/tests/bindings/test_openssl.py +++ b/tests/bindings/test_openssl.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +import pytest + from cryptography.bindings.openssl import api @@ -28,3 +30,7 @@ class TestOpenSSL(object): for every OpenSSL. """ assert api.openssl_version_text().startswith("OpenSSL") + + def test_get_iv_invalid_mode(self): + with pytest.raises(NotImplementedError): + api._get_iv(None) |