Rearrange
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index d1ca6d2..1da0802 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -30,30 +30,32 @@
self._backend = backend
def encryptor(self):
+ if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
+ if self.mode.tag is not None:
+ raise ValueError(
+ "Authentication tag must be None when encrypting"
+ )
ctx = self._backend.create_symmetric_encryption_ctx(
self.algorithm, self.mode
)
- return self._wrap_ctx(ctx, True)
+ return self._wrap_ctx(ctx, encrypt=True)
def decryptor(self):
+ if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
+ if self.mode.tag is None:
+ raise ValueError(
+ "Authentication tag must be provided when decrypting"
+ )
ctx = self._backend.create_symmetric_decryption_ctx(
self.algorithm, self.mode
)
- return self._wrap_ctx(ctx, False)
+ return self._wrap_ctx(ctx, encrypt=False)
def _wrap_ctx(self, ctx, encrypt):
if isinstance(self.mode, interfaces.ModeWithAuthenticationTag):
if encrypt:
- if self.mode.tag is not None:
- raise ValueError(
- "Authentication tag must be None when encrypting"
- )
return _AEADEncryptionContext(ctx)
else:
- if self.mode.tag is None:
- raise ValueError(
- "Authentication tag must be provided when decrypting"
- )
return _AEADCipherContext(ctx)
else:
return _CipherContext(ctx)