diff options
| -rw-r--r-- | cryptography/fernet.py | 9 | ||||
| -rw-r--r-- | tests/test_fernet.py | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 4220e0cb..2de4a622 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -25,7 +25,9 @@ class Fernet(object): def _encrypt_from_parts(self, data, current_time, iv): padder = padding.PKCS7(ciphers.AES.block_size).padder() padded_data = padder.update(data) + padder.finalize() - encryptor = BlockCipher(ciphers.AES(self.encryption_key), modes.CBC(iv)).encryptor() + encryptor = BlockCipher( + ciphers.AES(self.encryption_key), modes.CBC(iv) + ).encryptor() ciphertext = encryptor.update(padded_data) + encryptor.finalize() h = HMAC(self.signing_key, digestmod=hashes.SHA256) @@ -55,11 +57,14 @@ class Fernet(object): hmac = h.digest() if not constant_time_compare(hmac, data[-32:]): raise ValueError - decryptor = BlockCipher(ciphers.AES(self.encryption_key), modes.CBC(iv)).decryptor() + decryptor = BlockCipher( + ciphers.AES(self.encryption_key), modes.CBC(iv) + ).decryptor() plaintext_padded = decryptor.update(ciphertext) + decryptor.finalize() unpadder = padding.PKCS7(ciphers.AES.block_size).unpadder() return unpadder.update(plaintext_padded) + unpadder.finalize() + def constant_time_compare(a, b): # TOOD: replace with a cffi function assert isinstance(a, bytes) and isinstance(b, bytes) diff --git a/tests/test_fernet.py b/tests/test_fernet.py index f7c06b95..27d24182 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,5 +1,7 @@ import base64 +import six + from cryptography.fernet import Fernet @@ -11,10 +13,10 @@ class TestFernet(object): token = f._encrypt_from_parts( b"hello", 499162800, - b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + b"".join(map(six.int2byte, range(16))), ) assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( @@ -22,7 +24,7 @@ class TestFernet(object): )) payload = f.decrypt( (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), ttl=60, current_time=499162801 ) |