change OFB iv to nonce to reflect dstufft nomenclature pitch

* Namely, we should try to call things IV if reuse leaks a small amount of data and nonce if reuse can result in a complete break. This can be somewhat ambiguous, but we'll track in #58
2026-05-14 20:37:55 +00:00 · 2013-09-10 22:15:00 -05:00 · 2013-09-10 22:15:00 -05:00 · c507412ec0
commit c507412ec0
parent 6f412a0fc3
4 changed files with 15 additions and 11 deletions
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@ -76,6 +76,8 @@ class API(object):
        assert evp_cipher != self._ffi.NULL
        if isinstance(mode, interfaces.ModeWithInitializationVector):
            iv_nonce = mode.initialization_vector
+        elif isinstance(mode, interfaces.ModeWithNonce):
+            iv_nonce = mode.nonce
        else:
            iv_nonce = self._ffi.NULL

--- a/cryptography/primitives/block/modes.py
+++ b/cryptography/primitives/block/modes.py
@ -31,10 +31,10 @@ class ECB(object):
 class OFB(object):
    name = "OFB"

-    def __init__(self, initialization_vector):
+    def __init__(self, nonce):
        super(OFB, self).__init__()
-        self.initialization_vector = initialization_vector
+        self.nonce = nonce


 interfaces.ModeWithInitializationVector.register(CBC)
-interfaces.ModeWithInitializationVector.register(OFB)
+interfaces.ModeWithNonce.register(OFB)
--- a/cryptography/primitives/interfaces.py
+++ b/cryptography/primitives/interfaces.py
@ -20,3 +20,7 @@ import six

 class ModeWithInitializationVector(six.with_metaclass(abc.ABCMeta)):
    pass
+
+
+class ModeWithNonce(six.with_metaclass(abc.ABCMeta)):
+    pass
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@ -68,18 +68,16 @@ Modes
                                        reuse an ``initialization_vector`` with
                                        a given ``key``.

-.. class:: cryptography.primitives.block.modes.OFB(initialization_vector)
+.. class:: cryptography.primitives.block.modes.OFB(nonce)

    OFB (Output Feedback) is a mode of operation for block ciphers. It
    transforms a block cipher into a stream cipher.

-    :param bytes initialization_vector: Must be random bytes. They do not need
-                                        to be kept secret (they can be included
-                                        in a transmitted message). Must be the
-                                        same number of bytes as the
-                                        ``block_size`` of the cipher. Do not
-                                        reuse an ``initialization_vector`` with
-                                        a given ``key``.
+    :param bytes nonce: Must be random bytes. They do not need to be kept
+                        secret (they can be included in a transmitted message).
+                        Must be the same number of bytes as the ``block_size``
+                        of the cipher.  Reuse of a ``nonce`` with a given
+                        ``key`` can allow recovery of the original plaintext.


 Insecure Modes