diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-12-10 12:13:31 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-12-09 23:13:31 -0500 |
| commit | 3c68250ad9bfb275c760fcce4c72c78c99b57c34 (patch) | |
| tree | 06c6f5b1e513d9d16ec25ab25ae927b47172a7ca /src | |
| parent | c2d16370f00e42fae13e492c0b1c7b3a83a5e495 (diff) | |
| download | cryptography-3c68250ad9bfb275c760fcce4c72c78c99b57c34.tar.gz cryptography-3c68250ad9bfb275c760fcce4c72c78c99b57c34.tar.bz2 cryptography-3c68250ad9bfb275c760fcce4c72c78c99b57c34.zip | |
allow bytes-like for key/iv/data for symmetric encryption (#4621)
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 21 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/algorithms.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/modes.py | 14 | ||||
| -rw-r--r-- | src/cryptography/utils.py | 7 |
4 files changed, 29 insertions, 17 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index e0ee06ee..fe5715b2 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -56,13 +56,15 @@ class _CipherContext(object): ) if isinstance(mode, modes.ModeWithInitializationVector): - iv_nonce = mode.initialization_vector + iv_nonce = self._backend._ffi.from_buffer( + mode.initialization_vector + ) elif isinstance(mode, modes.ModeWithTweak): - iv_nonce = mode.tweak + iv_nonce = self._backend._ffi.from_buffer(mode.tweak) elif isinstance(mode, modes.ModeWithNonce): - iv_nonce = mode.nonce + iv_nonce = self._backend._ffi.from_buffer(mode.nonce) elif isinstance(cipher, modes.ModeWithNonce): - iv_nonce = cipher.nonce + iv_nonce = self._backend._ffi.from_buffer(cipher.nonce) else: iv_nonce = self._backend._ffi.NULL # begin init with cipher and operation type @@ -105,7 +107,7 @@ class _CipherContext(object): ctx, self._backend._ffi.NULL, self._backend._ffi.NULL, - cipher.key, + self._backend._ffi.from_buffer(cipher.key), iv_nonce, operation ) @@ -131,8 +133,10 @@ class _CipherContext(object): "unsigned char *", self._backend._ffi.from_buffer(buf) ) outlen = self._backend._ffi.new("int *") - res = self._backend._lib.EVP_CipherUpdate(self._ctx, buf, outlen, - data, len(data)) + res = self._backend._lib.EVP_CipherUpdate( + self._ctx, buf, outlen, + self._backend._ffi.from_buffer(data), len(data) + ) self._backend.openssl_assert(res != 0) return outlen[0] @@ -215,7 +219,8 @@ class _CipherContext(object): def authenticate_additional_data(self, data): outlen = self._backend._ffi.new("int *") res = self._backend._lib.EVP_CipherUpdate( - self._ctx, self._backend._ffi.NULL, outlen, data, len(data) + self._ctx, self._backend._ffi.NULL, outlen, + self._backend._ffi.from_buffer(data), len(data) ) self._backend.openssl_assert(res != 0) diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py index 21d9ecf0..1f49fd9d 100644 --- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -13,7 +13,7 @@ from cryptography.hazmat.primitives.ciphers.modes import ModeWithNonce def _verify_key_size(algorithm, key): # Verify that the key is instance of bytes - utils._check_bytes("key", key) + utils._check_byteslike("key", key) # Verify that the key size matches the expected key size if len(key) * 8 not in algorithm.key_sizes: @@ -153,7 +153,7 @@ class ChaCha20(object): def __init__(self, key, nonce): self.key = _verify_key_size(self, key) - utils._check_bytes("nonce", nonce) + utils._check_byteslike("nonce", nonce) if len(nonce) != 16: raise ValueError("nonce must be 128-bits (16 bytes)") diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py index d2444580..ad91a6e1 100644 --- a/src/cryptography/hazmat/primitives/ciphers/modes.py +++ b/src/cryptography/hazmat/primitives/ciphers/modes.py @@ -88,7 +88,7 @@ class CBC(object): name = "CBC" def __init__(self, initialization_vector): - utils._check_bytes("initialization_vector", initialization_vector) + utils._check_byteslike("initialization_vector", initialization_vector) self._initialization_vector = initialization_vector initialization_vector = utils.read_only_property("_initialization_vector") @@ -101,7 +101,7 @@ class XTS(object): name = "XTS" def __init__(self, tweak): - utils._check_bytes("tweak", tweak) + utils._check_byteslike("tweak", tweak) if len(tweak) != 16: raise ValueError("tweak must be 128-bits (16 bytes)") @@ -131,7 +131,7 @@ class OFB(object): name = "OFB" def __init__(self, initialization_vector): - utils._check_bytes("initialization_vector", initialization_vector) + utils._check_byteslike("initialization_vector", initialization_vector) self._initialization_vector = initialization_vector initialization_vector = utils.read_only_property("_initialization_vector") @@ -144,7 +144,7 @@ class CFB(object): name = "CFB" def __init__(self, initialization_vector): - utils._check_bytes("initialization_vector", initialization_vector) + utils._check_byteslike("initialization_vector", initialization_vector) self._initialization_vector = initialization_vector initialization_vector = utils.read_only_property("_initialization_vector") @@ -157,7 +157,7 @@ class CFB8(object): name = "CFB8" def __init__(self, initialization_vector): - utils._check_bytes("initialization_vector", initialization_vector) + utils._check_byteslike("initialization_vector", initialization_vector) self._initialization_vector = initialization_vector initialization_vector = utils.read_only_property("_initialization_vector") @@ -170,7 +170,7 @@ class CTR(object): name = "CTR" def __init__(self, nonce): - utils._check_bytes("nonce", nonce) + utils._check_byteslike("nonce", nonce) self._nonce = nonce nonce = utils.read_only_property("_nonce") @@ -195,7 +195,7 @@ class GCM(object): # len(initialization_vector) must in [1, 2 ** 64), but it's impossible # to actually construct a bytes object that large, so we don't check # for it - utils._check_bytes("initialization_vector", initialization_vector) + utils._check_byteslike("initialization_vector", initialization_vector) if len(initialization_vector) == 0: raise ValueError("initialization_vector must be at least 1 byte") self._initialization_vector = initialization_vector diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 3d45a771..65a4ee71 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -30,6 +30,13 @@ def _check_bytes(name, value): raise TypeError("{0} must be bytes".format(name)) +def _check_byteslike(name, value): + try: + memoryview(value) + except TypeError: + raise TypeError("{0} must be bytes-like".format(name)) + + def read_only_property(name): return property(lambda self: getattr(self, name)) |