Skip to content

Commit

Permalink
use an instance in aead_cipher_supported (pyca#3772)
Browse files Browse the repository at this point in the history
* use an instance in aead_cipher_supported

* test for chacha20poly1305 compatibility via init exception

* pep8
  • Loading branch information
reaperhulk authored and alex committed Jul 9, 2017
1 parent 0c9aed9 commit 9d5fc3e
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 25 deletions.
19 changes: 8 additions & 11 deletions src/cryptography/hazmat/backends/openssl/aead.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,11 @@
_DECRYPT = 0


def _aead_cipher_name(cls, key_length):
def _aead_cipher_name(cipher):
from cryptography.hazmat.primitives.ciphers.aead import (
ChaCha20Poly1305
)
assert cls is ChaCha20Poly1305
assert key_length == 32 or key_length is None
assert isinstance(cipher, ChaCha20Poly1305)
return b"chacha20-poly1305"


Expand Down Expand Up @@ -78,11 +77,10 @@ def _process_data(backend, ctx, data):
return backend._ffi.buffer(buf, outlen[0])[:]


def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
tag_length):
cipher_name = _aead_cipher_name(cipher_cls, len(key))
def _encrypt(backend, cipher, nonce, data, associated_data, tag_length):
cipher_name = _aead_cipher_name(cipher)
ctx = _aead_setup(
backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT
backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT
)

_process_aad(backend, ctx, associated_data)
Expand All @@ -101,15 +99,14 @@ def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
return processed_data + tag


def _decrypt(backend, cipher_cls, key, nonce, data, associated_data,
tag_length):
def _decrypt(backend, cipher, nonce, data, associated_data, tag_length):
if len(data) < tag_length:
raise InvalidTag
tag = data[-tag_length:]
data = data[:-tag_length]
cipher_name = _aead_cipher_name(cipher_cls, len(key))
cipher_name = _aead_cipher_name(cipher)
ctx = _aead_setup(
backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT
backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT
)
_process_aad(backend, ctx, associated_data)
processed_data = _process_data(backend, ctx, data)
Expand Down
4 changes: 2 additions & 2 deletions src/cryptography/hazmat/backends/openssl/backend.py
Original file line number Diff line number Diff line change
Expand Up @@ -1924,8 +1924,8 @@ def derive_scrypt(self, key_material, salt, length, n, r, p):
self.openssl_assert(res == 1)
return self._ffi.buffer(buf)[:]

def aead_cipher_supported(self, cls):
cipher_name = aead._aead_cipher_name(cls, None)
def aead_cipher_supported(self, cipher):
cipher_name = aead._aead_cipher_name(cipher)
return (
self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL
)
Expand Down
6 changes: 3 additions & 3 deletions src/cryptography/hazmat/primitives/ciphers/aead.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

class ChaCha20Poly1305(object):
def __init__(self, key):
if not backend.aead_cipher_supported(type(self)):
if not backend.aead_cipher_supported(self):
raise exceptions.UnsupportedAlgorithm(
"ChaCha20Poly1305 is not supported by this version of OpenSSL",
exceptions._Reasons.UNSUPPORTED_CIPHER
Expand All @@ -35,7 +35,7 @@ def encrypt(self, nonce, data, associated_data):

self._check_params(nonce, data, associated_data)
return aead._encrypt(
backend, type(self), self._key, nonce, data, associated_data, 16
backend, self, nonce, data, associated_data, 16
)

def decrypt(self, nonce, data, associated_data):
Expand All @@ -44,7 +44,7 @@ def decrypt(self, nonce, data, associated_data):

self._check_params(nonce, data, associated_data)
return aead._decrypt(
backend, type(self), self._key, nonce, data, associated_data, 16
backend, self, nonce, data, associated_data, 16
)

def _check_params(self, nonce, data, associated_data):
Expand Down
24 changes: 15 additions & 9 deletions tests/hazmat/primitives/test_aead.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

import pytest

from cryptography.exceptions import InvalidTag, _Reasons
from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305

Expand All @@ -18,21 +18,27 @@
)


@pytest.mark.supported(
only_if=lambda backend: (
not backend.aead_cipher_supported(ChaCha20Poly1305)
),
skip_message="Requires OpenSSL without ChaCha20Poly1305 support"
def _chacha20poly1305_supported():
try:
ChaCha20Poly1305(b"0" * 32)
return True
except UnsupportedAlgorithm:
return False


@pytest.mark.skipif(
_chacha20poly1305_supported(),
reason="Requires OpenSSL without ChaCha20Poly1305 support"
)
@pytest.mark.requires_backend_interface(interface=CipherBackend)
def test_chacha20poly1305_unsupported_on_older_openssl(backend):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
ChaCha20Poly1305(ChaCha20Poly1305.generate_key())


@pytest.mark.supported(
only_if=lambda backend: backend.aead_cipher_supported(ChaCha20Poly1305),
skip_message="Does not support ChaCha20Poly1305"
@pytest.mark.skipif(
not _chacha20poly1305_supported(),
reason="Does not support ChaCha20Poly1305"
)
@pytest.mark.requires_backend_interface(interface=CipherBackend)
class TestChaCha20Poly1305(object):
Expand Down

0 comments on commit 9d5fc3e

Please sign in to comment.