diff options
| -rw-r--r-- | cryptography/bindings/openssl/api.py | 2 | ||||
| -rw-r--r-- | cryptography/primitives/block/modes.py | 6 | ||||
| -rw-r--r-- | cryptography/primitives/interfaces.py | 4 | ||||
| -rw-r--r-- | docs/primitives/symmetric-encryption.rst | 14 |
4 files changed, 15 insertions, 11 deletions
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py index 917c1846..af7fe438 100644 --- a/cryptography/bindings/openssl/api.py +++ b/cryptography/bindings/openssl/api.py @@ -76,6 +76,8 @@ class API(object): assert evp_cipher != self._ffi.NULL if isinstance(mode, interfaces.ModeWithInitializationVector): iv_nonce = mode.initialization_vector + elif isinstance(mode, interfaces.ModeWithNonce): + iv_nonce = mode.nonce else: iv_nonce = self._ffi.NULL diff --git a/cryptography/primitives/block/modes.py b/cryptography/primitives/block/modes.py index 70ef8178..62a1c2c9 100644 --- a/cryptography/primitives/block/modes.py +++ b/cryptography/primitives/block/modes.py @@ -31,10 +31,10 @@ class ECB(object): class OFB(object): name = "OFB" - def __init__(self, initialization_vector): + def __init__(self, nonce): super(OFB, self).__init__() - self.initialization_vector = initialization_vector + self.nonce = nonce interfaces.ModeWithInitializationVector.register(CBC) -interfaces.ModeWithInitializationVector.register(OFB) +interfaces.ModeWithNonce.register(OFB) diff --git a/cryptography/primitives/interfaces.py b/cryptography/primitives/interfaces.py index 6f74ccf7..c1fc9910 100644 --- a/cryptography/primitives/interfaces.py +++ b/cryptography/primitives/interfaces.py @@ -20,3 +20,7 @@ import six class ModeWithInitializationVector(six.with_metaclass(abc.ABCMeta)): pass + + +class ModeWithNonce(six.with_metaclass(abc.ABCMeta)): + pass diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index 7ec42a30..587c94b4 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -68,18 +68,16 @@ Modes reuse an ``initialization_vector`` with a given ``key``. -.. class:: cryptography.primitives.block.modes.OFB(initialization_vector) +.. class:: cryptography.primitives.block.modes.OFB(nonce) OFB (Output Feedback) is a mode of operation for block ciphers. It transforms a block cipher into a stream cipher. - :param bytes initialization_vector: Must be random bytes. They do not need - to be kept secret (they can be included - in a transmitted message). Must be the - same number of bytes as the - ``block_size`` of the cipher. Do not - reuse an ``initialization_vector`` with - a given ``key``. + :param bytes nonce: Must be random bytes. They do not need to be kept + secret (they can be included in a transmitted message). + Must be the same number of bytes as the ``block_size`` + of the cipher. Reuse of a ``nonce`` with a given + ``key`` can allow recovery of the original plaintext. Insecure Modes |