use an instance in aead_cipher_supported (#3772)
* use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8
diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py
index 53b10e9..4fde6ea 100644
--- a/src/cryptography/hazmat/backends/openssl/aead.py
+++ b/src/cryptography/hazmat/backends/openssl/aead.py
@@ -11,12 +11,11 @@
_DECRYPT = 0
-def _aead_cipher_name(cls, key_length):
+def _aead_cipher_name(cipher):
from cryptography.hazmat.primitives.ciphers.aead import (
ChaCha20Poly1305
)
- assert cls is ChaCha20Poly1305
- assert key_length == 32 or key_length is None
+ assert isinstance(cipher, ChaCha20Poly1305)
return b"chacha20-poly1305"
@@ -78,11 +77,10 @@
return backend._ffi.buffer(buf, outlen[0])[:]
-def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
- tag_length):
- cipher_name = _aead_cipher_name(cipher_cls, len(key))
+def _encrypt(backend, cipher, nonce, data, associated_data, tag_length):
+ cipher_name = _aead_cipher_name(cipher)
ctx = _aead_setup(
- backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT
+ backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT
)
_process_aad(backend, ctx, associated_data)
@@ -101,15 +99,14 @@
return processed_data + tag
-def _decrypt(backend, cipher_cls, key, nonce, data, associated_data,
- tag_length):
+def _decrypt(backend, cipher, nonce, data, associated_data, tag_length):
if len(data) < tag_length:
raise InvalidTag
tag = data[-tag_length:]
data = data[:-tag_length]
- cipher_name = _aead_cipher_name(cipher_cls, len(key))
+ cipher_name = _aead_cipher_name(cipher)
ctx = _aead_setup(
- backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT
+ backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT
)
_process_aad(backend, ctx, associated_data)
processed_data = _process_data(backend, ctx, data)
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 28760aa..878bbe4 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1924,8 +1924,8 @@
self.openssl_assert(res == 1)
return self._ffi.buffer(buf)[:]
- def aead_cipher_supported(self, cls):
- cipher_name = aead._aead_cipher_name(cls, None)
+ def aead_cipher_supported(self, cipher):
+ cipher_name = aead._aead_cipher_name(cipher)
return (
self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL
)
diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py
index 7d2103d..8df55fa 100644
--- a/src/cryptography/hazmat/primitives/ciphers/aead.py
+++ b/src/cryptography/hazmat/primitives/ciphers/aead.py
@@ -13,7 +13,7 @@
class ChaCha20Poly1305(object):
def __init__(self, key):
- if not backend.aead_cipher_supported(type(self)):
+ if not backend.aead_cipher_supported(self):
raise exceptions.UnsupportedAlgorithm(
"ChaCha20Poly1305 is not supported by this version of OpenSSL",
exceptions._Reasons.UNSUPPORTED_CIPHER
@@ -35,7 +35,7 @@
self._check_params(nonce, data, associated_data)
return aead._encrypt(
- backend, type(self), self._key, nonce, data, associated_data, 16
+ backend, self, nonce, data, associated_data, 16
)
def decrypt(self, nonce, data, associated_data):
@@ -44,7 +44,7 @@
self._check_params(nonce, data, associated_data)
return aead._decrypt(
- backend, type(self), self._key, nonce, data, associated_data, 16
+ backend, self, nonce, data, associated_data, 16
)
def _check_params(self, nonce, data, associated_data):
diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
index bf1e820..a1ca5ae 100644
--- a/tests/hazmat/primitives/test_aead.py
+++ b/tests/hazmat/primitives/test_aead.py
@@ -9,7 +9,7 @@
import pytest
-from cryptography.exceptions import InvalidTag, _Reasons
+from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
@@ -18,11 +18,17 @@
)
-@pytest.mark.supported(
- only_if=lambda backend: (
- not backend.aead_cipher_supported(ChaCha20Poly1305)
- ),
- skip_message="Requires OpenSSL without ChaCha20Poly1305 support"
+def _chacha20poly1305_supported():
+ try:
+ ChaCha20Poly1305(b"0" * 32)
+ return True
+ except UnsupportedAlgorithm:
+ return False
+
+
+@pytest.mark.skipif(
+ _chacha20poly1305_supported(),
+ reason="Requires OpenSSL without ChaCha20Poly1305 support"
)
@pytest.mark.requires_backend_interface(interface=CipherBackend)
def test_chacha20poly1305_unsupported_on_older_openssl(backend):
@@ -30,9 +36,9 @@
ChaCha20Poly1305(ChaCha20Poly1305.generate_key())
-@pytest.mark.supported(
- only_if=lambda backend: backend.aead_cipher_supported(ChaCha20Poly1305),
- skip_message="Does not support ChaCha20Poly1305"
+@pytest.mark.skipif(
+ not _chacha20poly1305_supported(),
+ reason="Does not support ChaCha20Poly1305"
)
@pytest.mark.requires_backend_interface(interface=CipherBackend)
class TestChaCha20Poly1305(object):