diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-07-16 17:34:42 +0200 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-07-16 11:34:42 -0400 |
| commit | 165743ee63d05b343bf7e6b6b0afe0c23be71ca2 (patch) | |
| tree | 85ebacc097353917b1a838403cd929ff94f4ec26 /src | |
| parent | 1a2e817f14a9c72eac90c747a4f30ef71260ea0a (diff) | |
| download | cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.tar.gz cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.tar.bz2 cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.zip | |
move tag_length to the AESCCM constructor (#3783)
* move tag_length to the AESCCM constructor
* review feedback
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/aead.py | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py index 189cb5b1..e2c5e381 100644 --- a/src/cryptography/hazmat/primitives/ciphers/aead.py +++ b/src/cryptography/hazmat/primitives/ciphers/aead.py @@ -56,12 +56,20 @@ class ChaCha20Poly1305(object): class AESCCM(object): - def __init__(self, key): + def __init__(self, key, tag_length=16): utils._check_bytes("key", key) if len(key) not in (16, 24, 32): raise ValueError("AESCCM key must be 128, 192, or 256 bits.") self._key = key + if not isinstance(tag_length, int): + raise TypeError("tag_length must be an integer") + + if tag_length not in (4, 6, 8, 12, 14, 16): + raise ValueError("Invalid tag_length") + + self._tag_length = tag_length + if not backend.aead_cipher_supported(self): raise exceptions.UnsupportedAlgorithm( "AESCCM is not supported by this version of OpenSSL", @@ -78,23 +86,23 @@ class AESCCM(object): return os.urandom(bit_length // 8) - def encrypt(self, nonce, data, associated_data, tag_length=16): + def encrypt(self, nonce, data, associated_data): if associated_data is None: associated_data = b"" - self._check_params(nonce, data, associated_data, tag_length) + self._check_params(nonce, data, associated_data) self._validate_lengths(nonce, len(data)) return aead._encrypt( - backend, self, nonce, data, associated_data, tag_length + backend, self, nonce, data, associated_data, self._tag_length ) - def decrypt(self, nonce, data, associated_data, tag_length=16): + def decrypt(self, nonce, data, associated_data): if associated_data is None: associated_data = b"" - self._check_params(nonce, data, associated_data, tag_length) + self._check_params(nonce, data, associated_data) return aead._decrypt( - backend, self, nonce, data, associated_data, tag_length + backend, self, nonce, data, associated_data, self._tag_length ) def _validate_lengths(self, nonce, data_len): @@ -104,13 +112,7 @@ class AESCCM(object): if 2 ** (8 * l) < data_len: raise ValueError("Nonce too long for data") - def _check_params(self, nonce, data, associated_data, tag_length): - if not isinstance(tag_length, int): - raise TypeError("tag_length must be an integer") - - if tag_length not in (4, 6, 8, 12, 14, 16): - raise ValueError("Invalid tag_length") - + def _check_params(self, nonce, data, associated_data): utils._check_bytes("nonce", nonce) utils._check_bytes("data", data) utils._check_bytes("associated_data", associated_data) |