diff options
| -rw-r--r-- | cryptography/hazmat/primitives/ciphers/base.py | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index d1ca6d2a..1da0802c 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -30,30 +30,32 @@ class Cipher(object): self._backend = backend def encryptor(self): + if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if self.mode.tag is not None: + raise ValueError( + "Authentication tag must be None when encrypting" + ) ctx = self._backend.create_symmetric_encryption_ctx( self.algorithm, self.mode ) - return self._wrap_ctx(ctx, True) + return self._wrap_ctx(ctx, encrypt=True) def decryptor(self): + if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if self.mode.tag is None: + raise ValueError( + "Authentication tag must be provided when decrypting" + ) ctx = self._backend.create_symmetric_decryption_ctx( self.algorithm, self.mode ) - return self._wrap_ctx(ctx, False) + return self._wrap_ctx(ctx, encrypt=False) def _wrap_ctx(self, ctx, encrypt): if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): if encrypt: - if self.mode.tag is not None: - raise ValueError( - "Authentication tag must be None when encrypting" - ) return _AEADEncryptionContext(ctx) else: - if self.mode.tag is None: - raise ValueError( - "Authentication tag must be provided when decrypting" - ) return _AEADCipherContext(ctx) else: return _CipherContext(ctx) |