diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-28 23:46:49 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-28 11:46:49 -0400 |
| commit | 62ebb429fe94693e5b94480025f3f3e0556b83b1 (patch) | |
| tree | d4ecaceab10179e4ead9fc21e20b873dfe1fcbb9 /src | |
| parent | ba61c2738e5a79480d135c280316e29080a4a777 (diff) | |
| download | cryptography-62ebb429fe94693e5b94480025f3f3e0556b83b1.tar.gz cryptography-62ebb429fe94693e5b94480025f3f3e0556b83b1.tar.bz2 cryptography-62ebb429fe94693e5b94480025f3f3e0556b83b1.zip | |
add ChaCha20 support (#3919)
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 7 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/algorithms.py | 24 |
3 files changed, 32 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ede35ec0..2cbfca2c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -58,7 +58,7 @@ from cryptography.hazmat.primitives.asymmetric.padding import ( MGF1, OAEP, PKCS1v15, PSS ) from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, ARC4, Blowfish, CAST5, Camellia, IDEA, SEED, TripleDES + AES, ARC4, Blowfish, CAST5, Camellia, ChaCha20, IDEA, SEED, TripleDES ) from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CFB, CFB8, CTR, ECB, GCM, OFB @@ -258,6 +258,11 @@ class Backend(object): type(None), GetCipherByName("rc4") ) + self.register_cipher_adapter( + ChaCha20, + type(None), + GetCipherByName("chacha20") + ) def create_symmetric_encryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT) diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index e141e8ec..dfb33a07 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -59,6 +59,8 @@ class _CipherContext(object): iv_nonce = mode.initialization_vector elif isinstance(mode, modes.ModeWithNonce): iv_nonce = mode.nonce + elif isinstance(cipher, modes.ModeWithNonce): + iv_nonce = cipher.nonce else: iv_nonce = self._backend._ffi.NULL # begin init with cipher and operation type diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py index c193f797..6e5eb313 100644 --- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -8,6 +8,7 @@ from cryptography import utils from cryptography.hazmat.primitives.ciphers import ( BlockCipherAlgorithm, CipherAlgorithm ) +from cryptography.hazmat.primitives.ciphers.modes import ModeWithNonce def _verify_key_size(algorithm, key): @@ -138,3 +139,26 @@ class SEED(object): @property def key_size(self): return len(self.key) * 8 + + +@utils.register_interface(CipherAlgorithm) +@utils.register_interface(ModeWithNonce) +class ChaCha20(object): + name = "ChaCha20" + key_sizes = frozenset([256]) + + def __init__(self, key, nonce): + self.key = _verify_key_size(self, key) + if not isinstance(nonce, bytes): + raise TypeError("nonce must be bytes") + + if len(nonce) != 16: + raise ValueError("nonce must be 128-bits (16 bytes)") + + self._nonce = nonce + + nonce = utils.read_only_property("_nonce") + + @property + def key_size(self): + return len(self.key) * 8 |