create AEADEncryptionContext and DecryptionContext
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index e9ecc80..7d3eb3d 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -239,6 +239,8 @@
@utils.register_interface(interfaces.CipherContext)
@utils.register_interface(interfaces.AEADCipherContext)
+@utils.register_interface(interfaces.AEADEncryptionContext)
+@utils.register_interface(interfaces.AEADDecryptionContext)
class _CipherContext(object):
_ENCRYPT = 1
_DECRYPT = 0
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index a6f06b8..f24fd00 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -43,7 +43,10 @@
def _wrap_ctx(self, ctx, encrypt):
if isinstance(self.mode, interfaces.ModeWithAAD):
- return _AEADCipherContext(ctx, encrypt)
+ if encrypt:
+ return _AEADEncryptionContext(ctx)
+ else:
+ return _AEADDecryptionContext(ctx)
else:
return _CipherContext(ctx)
@@ -69,11 +72,10 @@
@utils.register_interface(interfaces.AEADCipherContext)
@utils.register_interface(interfaces.CipherContext)
class _AEADCipherContext(object):
- def __init__(self, ctx, encrypt):
+ def __init__(self, ctx):
self._ctx = ctx
self._tag = None
self._updated = False
- self._encrypt = encrypt
def update(self, data):
if self._ctx is None:
@@ -96,11 +98,16 @@
raise AlreadyUpdated("Update has been called on this context")
self._ctx.authenticate_additional_data(data)
+
+@utils.register_interface(interfaces.AEADDecryptionContext)
+class _AEADDecryptionContext(_AEADCipherContext):
+ pass
+
+
+@utils.register_interface(interfaces.AEADEncryptionContext)
+class _AEADEncryptionContext(_AEADCipherContext):
@property
def tag(self):
- if not self._encrypt:
- raise TypeError("The tag attribute is unavailable on a "
- "decryption context")
if self._ctx is not None:
raise NotYetFinalized("You must finalize encryption before "
"getting the tag")
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index c0548df..1884e56 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -79,17 +79,23 @@
class AEADCipherContext(six.with_metaclass(abc.ABCMeta)):
+ @abc.abstractmethod
+ def authenticate_additional_data(self, data):
+ """
+ authenticate_additional_data takes bytes and returns nothing.
+ """
+
+
+class AEADEncryptionContext(six.with_metaclass(abc.ABCMeta)):
@abc.abstractproperty
def tag(self):
"""
Returns tag bytes after finalizing encryption.
"""
- @abc.abstractmethod
- def authenticate_additional_data(self, data):
- """
- authenticate_additional_data takes bytes and returns nothing.
- """
+
+class AEADDecryptionContext(six.with_metaclass(abc.ABCMeta)):
+ pass
class PaddingContext(six.with_metaclass(abc.ABCMeta)):
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 58b9a91..9aa3a89 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -351,5 +351,5 @@
)
decryptor = cipher.decryptor()
decryptor.update(b"a" * 16)
- with pytest.raises(TypeError):
+ with pytest.raises(AttributeError):
decryptor.tag