diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/aead.py | 15 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/aead.py | 9 |
3 files changed, 20 insertions, 22 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py index 5eb2e997..53b10e99 100644 --- a/src/cryptography/hazmat/backends/openssl/aead.py +++ b/src/cryptography/hazmat/backends/openssl/aead.py @@ -11,6 +11,15 @@ _ENCRYPT = 1 _DECRYPT = 0 +def _aead_cipher_name(cls, key_length): + from cryptography.hazmat.primitives.ciphers.aead import ( + ChaCha20Poly1305 + ) + assert cls is ChaCha20Poly1305 + assert key_length == 32 or key_length is None + return b"chacha20-poly1305" + + def _aead_setup(backend, cipher_name, key, nonce, tag, tag_len, operation): evp_cipher = backend._lib.EVP_get_cipherbyname(cipher_name) backend.openssl_assert(evp_cipher != backend._ffi.NULL) @@ -69,8 +78,9 @@ def _process_data(backend, ctx, data): return backend._ffi.buffer(buf, outlen[0])[:] -def _encrypt(backend, cipher_name, key, nonce, data, associated_data, +def _encrypt(backend, cipher_cls, key, nonce, data, associated_data, tag_length): + cipher_name = _aead_cipher_name(cipher_cls, len(key)) ctx = _aead_setup( backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT ) @@ -91,12 +101,13 @@ def _encrypt(backend, cipher_name, key, nonce, data, associated_data, return processed_data + tag -def _decrypt(backend, cipher_name, key, nonce, data, associated_data, +def _decrypt(backend, cipher_cls, key, nonce, data, associated_data, tag_length): if len(data) < tag_length: raise InvalidTag tag = data[-tag_length:] data = data[:-tag_length] + cipher_name = _aead_cipher_name(cipher_cls, len(key)) ctx = _aead_setup( backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT ) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 98c79be6..28760aa8 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1924,24 +1924,10 @@ class Backend(object): self.openssl_assert(res == 1) return self._ffi.buffer(buf)[:] - def chacha20poly1305_encrypt(self, key, nonce, data, associated_data): - return aead._encrypt( - self, b"chacha20-poly1305", key, nonce, data, associated_data, 16 - ) - - def chacha20poly1305_decrypt(self, key, nonce, data, associated_data): - return aead._decrypt( - self, b"chacha20-poly1305", key, nonce, data, associated_data, 16 - ) - def aead_cipher_supported(self, cls): - from cryptography.hazmat.primitives.ciphers.aead import ( - ChaCha20Poly1305 - ) - assert cls is ChaCha20Poly1305 + cipher_name = aead._aead_cipher_name(cls, None) return ( - self._lib.EVP_get_cipherbyname(b"chacha20-poly1305") != - self._ffi.NULL + self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL ) diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py index 8b2e20c4..7d2103d3 100644 --- a/src/cryptography/hazmat/primitives/ciphers/aead.py +++ b/src/cryptography/hazmat/primitives/ciphers/aead.py @@ -7,6 +7,7 @@ from __future__ import absolute_import, division, print_function import os from cryptography import exceptions, utils +from cryptography.hazmat.backends.openssl import aead from cryptography.hazmat.backends.openssl.backend import backend @@ -33,8 +34,8 @@ class ChaCha20Poly1305(object): associated_data = b"" self._check_params(nonce, data, associated_data) - return backend.chacha20poly1305_encrypt( - self._key, nonce, data, associated_data + return aead._encrypt( + backend, type(self), self._key, nonce, data, associated_data, 16 ) def decrypt(self, nonce, data, associated_data): @@ -42,8 +43,8 @@ class ChaCha20Poly1305(object): associated_data = b"" self._check_params(nonce, data, associated_data) - return backend.chacha20poly1305_decrypt( - self._key, nonce, data, associated_data + return aead._decrypt( + backend, type(self), self._key, nonce, data, associated_data, 16 ) def _check_params(self, nonce, data, associated_data): |