use an instance in aead_cipher_supported (#3772)

* use an instance in aead_cipher_supported * test for chacha20poly1305 compatibility via init exception * pep8
2026-05-14 20:37:55 +00:00 · 2017-07-09 07:34:58 -05:00 · 2017-07-09 07:34:58 -05:00 · 9d5fc3e5db
commit 9d5fc3e5db
parent 0c9aed9169
4 changed files with 28 additions and 25 deletions
--- a/src/cryptography/hazmat/backends/openssl/aead.py
+++ b/src/cryptography/hazmat/backends/openssl/aead.py
@ -11,12 +11,11 @@ _ENCRYPT = 1
 _DECRYPT = 0


-def _aead_cipher_name(cls, key_length):
+def _aead_cipher_name(cipher):
    from cryptography.hazmat.primitives.ciphers.aead import (
        ChaCha20Poly1305
    )
-    assert cls is ChaCha20Poly1305
-    assert key_length == 32 or key_length is None
+    assert isinstance(cipher, ChaCha20Poly1305)
    return b"chacha20-poly1305"


@ -78,11 +77,10 @@ def _process_data(backend, ctx, data):
    return backend._ffi.buffer(buf, outlen[0])[:]


-def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
-             tag_length):
-    cipher_name = _aead_cipher_name(cipher_cls, len(key))
+def _encrypt(backend, cipher, nonce, data, associated_data, tag_length):
+    cipher_name = _aead_cipher_name(cipher)
    ctx = _aead_setup(
-        backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT
+        backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT
    )

    _process_aad(backend, ctx, associated_data)
@ -101,15 +99,14 @@ def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
    return processed_data + tag


-def _decrypt(backend, cipher_cls, key, nonce, data, associated_data,
-             tag_length):
+def _decrypt(backend, cipher, nonce, data, associated_data, tag_length):
    if len(data) < tag_length:
        raise InvalidTag
    tag = data[-tag_length:]
    data = data[:-tag_length]
-    cipher_name = _aead_cipher_name(cipher_cls, len(key))
+    cipher_name = _aead_cipher_name(cipher)
    ctx = _aead_setup(
-        backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT
+        backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT
    )
    _process_aad(backend, ctx, associated_data)
    processed_data = _process_data(backend, ctx, data)
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@ -1924,8 +1924,8 @@ class Backend(object):
        self.openssl_assert(res == 1)
        return self._ffi.buffer(buf)[:]

-    def aead_cipher_supported(self, cls):
-        cipher_name = aead._aead_cipher_name(cls, None)
+    def aead_cipher_supported(self, cipher):
+        cipher_name = aead._aead_cipher_name(cipher)
        return (
            self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL
        )
--- a/src/cryptography/hazmat/primitives/ciphers/aead.py
+++ b/src/cryptography/hazmat/primitives/ciphers/aead.py
@ -13,7 +13,7 @@ from cryptography.hazmat.backends.openssl.backend import backend

 class ChaCha20Poly1305(object):
    def __init__(self, key):
-        if not backend.aead_cipher_supported(type(self)):
+        if not backend.aead_cipher_supported(self):
            raise exceptions.UnsupportedAlgorithm(
                "ChaCha20Poly1305 is not supported by this version of OpenSSL",
                exceptions._Reasons.UNSUPPORTED_CIPHER
@ -35,7 +35,7 @@ class ChaCha20Poly1305(object):

        self._check_params(nonce, data, associated_data)
        return aead._encrypt(
-            backend, type(self), self._key, nonce, data, associated_data, 16
+            backend, self, nonce, data, associated_data, 16
        )

    def decrypt(self, nonce, data, associated_data):
@ -44,7 +44,7 @@ class ChaCha20Poly1305(object):

        self._check_params(nonce, data, associated_data)
        return aead._decrypt(
-            backend, type(self), self._key, nonce, data, associated_data, 16
+            backend, self, nonce, data, associated_data, 16
        )

    def _check_params(self, nonce, data, associated_data):
--- a/tests/hazmat/primitives/test_aead.py
+++ b/tests/hazmat/primitives/test_aead.py
@ -9,7 +9,7 @@ import os

 import pytest

-from cryptography.exceptions import InvalidTag, _Reasons
+from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
 from cryptography.hazmat.backends.interfaces import CipherBackend
 from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305

@ -18,11 +18,17 @@ from ...utils import (
 )


-@pytest.mark.supported(
-    only_if=lambda backend: (
-        not backend.aead_cipher_supported(ChaCha20Poly1305)
-    ),
-    skip_message="Requires OpenSSL without ChaCha20Poly1305 support"
+def _chacha20poly1305_supported():
+    try:
+        ChaCha20Poly1305(b"0" * 32)
+        return True
+    except UnsupportedAlgorithm:
+        return False
+
+
+@pytest.mark.skipif(
+    _chacha20poly1305_supported(),
+    reason="Requires OpenSSL without ChaCha20Poly1305 support"
 )
@pytest.mark.requires_backend_interface(interface=CipherBackend)
 def test_chacha20poly1305_unsupported_on_older_openssl(backend):
@ -30,9 +36,9 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend):
        ChaCha20Poly1305(ChaCha20Poly1305.generate_key())


-@pytest.mark.supported(
-    only_if=lambda backend: backend.aead_cipher_supported(ChaCha20Poly1305),
-    skip_message="Does not support ChaCha20Poly1305"
+@pytest.mark.skipif(
+    not _chacha20poly1305_supported(),
+    reason="Does not support ChaCha20Poly1305"
 )
@pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestChaCha20Poly1305(object):