aboutsummaryrefslogtreecommitdiffstats
path: root/cryptography/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'cryptography/hazmat')
-rw-r--r--cryptography/hazmat/backends/commoncrypto/hashes.py4
-rw-r--r--cryptography/hazmat/backends/commoncrypto/hmac.py4
-rw-r--r--cryptography/hazmat/backends/openssl/cmac.py15
-rw-r--r--cryptography/hazmat/backends/openssl/hashes.py4
-rw-r--r--cryptography/hazmat/backends/openssl/hmac.py4
-rw-r--r--cryptography/hazmat/primitives/ciphers/modes.py29
-rw-r--r--cryptography/hazmat/primitives/cmac.py10
-rw-r--r--cryptography/hazmat/primitives/hashes.py4
-rw-r--r--cryptography/hazmat/primitives/hmac.py4
9 files changed, 53 insertions, 25 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/hashes.py b/cryptography/hazmat/backends/commoncrypto/hashes.py
index ebad7201..217f4e8c 100644
--- a/cryptography/hazmat/backends/commoncrypto/hashes.py
+++ b/cryptography/hazmat/backends/commoncrypto/hashes.py
@@ -21,7 +21,7 @@ from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.HashContext)
class _HashContext(object):
def __init__(self, backend, algorithm, ctx=None):
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
if ctx is None:
@@ -39,6 +39,8 @@ class _HashContext(object):
self._ctx = ctx
+ algorithm = utils.read_only_property("_algorithm")
+
def copy(self):
methods = self._backend._hash_mapping[self.algorithm.name]
new_ctx = self._backend._ffi.new(methods.ctx)
diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py
index c6e3f276..c2b6c379 100644
--- a/cryptography/hazmat/backends/commoncrypto/hmac.py
+++ b/cryptography/hazmat/backends/commoncrypto/hmac.py
@@ -22,7 +22,7 @@ from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.HashContext)
class _HMACContext(object):
def __init__(self, backend, key, algorithm, ctx=None):
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
if ctx is None:
ctx = self._backend._ffi.new("CCHmacContext *")
@@ -40,6 +40,8 @@ class _HMACContext(object):
self._ctx = ctx
self._key = key
+ algorithm = utils.read_only_property("_algorithm")
+
def copy(self):
copied_ctx = self._backend._ffi.new("CCHmacContext *")
# CommonCrypto has no APIs for copying HMACs, so we have to copy the
diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py
index da7b7484..113188ca 100644
--- a/cryptography/hazmat/backends/openssl/cmac.py
+++ b/cryptography/hazmat/backends/openssl/cmac.py
@@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import interfaces
+from cryptography.exceptions import (
+ InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import constant_time, interfaces
from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -50,6 +52,8 @@ class _CMACContext(object):
self._ctx = ctx
+ algorithm = utils.read_only_property("_algorithm")
+
def update(self, data):
res = self._backend._lib.CMAC_Update(self._ctx, data, len(data))
assert res == 1
@@ -78,3 +82,10 @@ class _CMACContext(object):
return _CMACContext(
self._backend, self._algorithm, ctx=copied_ctx
)
+
+ def verify(self, signature):
+ if not isinstance(signature, bytes):
+ raise TypeError("signature must be bytes.")
+ digest = self.finalize()
+ if not constant_time.bytes_eq(digest, signature):
+ raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/backends/openssl/hashes.py b/cryptography/hazmat/backends/openssl/hashes.py
index da91eef6..591c014a 100644
--- a/cryptography/hazmat/backends/openssl/hashes.py
+++ b/cryptography/hazmat/backends/openssl/hashes.py
@@ -22,7 +22,7 @@ from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.HashContext)
class _HashContext(object):
def __init__(self, backend, algorithm, ctx=None):
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
@@ -44,6 +44,8 @@ class _HashContext(object):
self._ctx = ctx
+ algorithm = utils.read_only_property("_algorithm")
+
def copy(self):
copied_ctx = self._backend._lib.EVP_MD_CTX_create()
copied_ctx = self._backend._ffi.gc(
diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py
index ca62184b..d5300ea0 100644
--- a/cryptography/hazmat/backends/openssl/hmac.py
+++ b/cryptography/hazmat/backends/openssl/hmac.py
@@ -23,7 +23,7 @@ from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.HashContext)
class _HMACContext(object):
def __init__(self, backend, key, algorithm, ctx=None):
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
if ctx is None:
@@ -48,6 +48,8 @@ class _HMACContext(object):
self._ctx = ctx
self._key = key
+ algorithm = utils.read_only_property("_algorithm")
+
def copy(self):
copied_ctx = self._backend._ffi.new("HMAC_CTX *")
self._backend._lib.HMAC_CTX_init(copied_ctx)
diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py
index 509b4de2..d995b876 100644
--- a/cryptography/hazmat/primitives/ciphers/modes.py
+++ b/cryptography/hazmat/primitives/ciphers/modes.py
@@ -17,10 +17,10 @@ from cryptography import utils
from cryptography.hazmat.primitives import interfaces
-def _check_iv_length(mode, algorithm):
- if len(mode.initialization_vector) * 8 != algorithm.block_size:
+def _check_iv_length(self, algorithm):
+ if len(self.initialization_vector) * 8 != algorithm.block_size:
raise ValueError("Invalid IV size ({0}) for {1}.".format(
- len(mode.initialization_vector), mode.name
+ len(self.initialization_vector), self.name
))
@@ -30,8 +30,9 @@ class CBC(object):
name = "CBC"
def __init__(self, initialization_vector):
- self.initialization_vector = initialization_vector
+ self._initialization_vector = initialization_vector
+ initialization_vector = utils.read_only_property("_initialization_vector")
validate_for_algorithm = _check_iv_length
@@ -49,8 +50,9 @@ class OFB(object):
name = "OFB"
def __init__(self, initialization_vector):
- self.initialization_vector = initialization_vector
+ self._initialization_vector = initialization_vector
+ initialization_vector = utils.read_only_property("_initialization_vector")
validate_for_algorithm = _check_iv_length
@@ -60,8 +62,9 @@ class CFB(object):
name = "CFB"
def __init__(self, initialization_vector):
- self.initialization_vector = initialization_vector
+ self._initialization_vector = initialization_vector
+ initialization_vector = utils.read_only_property("_initialization_vector")
validate_for_algorithm = _check_iv_length
@@ -71,8 +74,9 @@ class CFB8(object):
name = "CFB8"
def __init__(self, initialization_vector):
- self.initialization_vector = initialization_vector
+ self._initialization_vector = initialization_vector
+ initialization_vector = utils.read_only_property("_initialization_vector")
validate_for_algorithm = _check_iv_length
@@ -82,7 +86,9 @@ class CTR(object):
name = "CTR"
def __init__(self, nonce):
- self.nonce = nonce
+ self._nonce = nonce
+
+ nonce = utils.read_only_property("_nonce")
def validate_for_algorithm(self, algorithm):
if len(self.nonce) * 8 != algorithm.block_size:
@@ -109,8 +115,11 @@ class GCM(object):
min_tag_length)
)
- self.initialization_vector = initialization_vector
- self.tag = tag
+ self._initialization_vector = initialization_vector
+ self._tag = tag
+
+ tag = utils.read_only_property("_tag")
+ initialization_vector = utils.read_only_property("_initialization_vector")
def validate_for_algorithm(self, algorithm):
pass
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7ae5c118..a70a9a42 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
+ AlreadyFinalized, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import CMACBackend
-from cryptography.hazmat.primitives import constant_time, interfaces
+from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.MACContext)
@@ -57,11 +57,7 @@ class CMAC(object):
return digest
def verify(self, signature):
- if not isinstance(signature, bytes):
- raise TypeError("signature must be bytes.")
- digest = self.finalize()
- if not constant_time.bytes_eq(digest, signature):
- raise InvalidSignature("Signature did not match digest.")
+ self._ctx.verify(signature)
def copy(self):
if self._ctx is None:
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 04f7620a..8c2284e3 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -32,7 +32,7 @@ class Hash(object):
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
@@ -41,6 +41,8 @@ class Hash(object):
else:
self._ctx = ctx
+ algorithm = utils.read_only_property("_algorithm")
+
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index b85fb2aa..22a31391 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -33,7 +33,7 @@ class HMAC(object):
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
- self.algorithm = algorithm
+ self._algorithm = algorithm
self._backend = backend
self._key = key
@@ -42,6 +42,8 @@ class HMAC(object):
else:
self._ctx = ctx
+ algorithm = utils.read_only_property("_algorithm")
+
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-30 05:07:08 +0000