use an instance in aead_cipher_supported (#3772)

* use an instance in aead_cipher_supported * test for chacha20poly1305 compatibility via init exception * pep8
pyca · Jul 9, 2017 · 9d5fc3e · 9d5fc3e
1 parent 0c9aed9
commit 9d5fc3e
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 25 deletions.
diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py
@@ -11,12 +11,11 @@
 _DECRYPT = 0
 
 
-def _aead_cipher_name(cls, key_length):
+def _aead_cipher_name(cipher):
     from cryptography.hazmat.primitives.ciphers.aead import (
         ChaCha20Poly1305
     )
-    assert cls is ChaCha20Poly1305
-    assert key_length == 32 or key_length is None
+    assert isinstance(cipher, ChaCha20Poly1305)
     return b"chacha20-poly1305"
 
 
@@ -78,11 +77,10 @@ def _process_data(backend, ctx, data):
     return backend._ffi.buffer(buf, outlen[0])[:]
 
 
-def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
-             tag_length):
-    cipher_name = _aead_cipher_name(cipher_cls, len(key))
+def _encrypt(backend, cipher, nonce, data, associated_data, tag_length):
+    cipher_name = _aead_cipher_name(cipher)
     ctx = _aead_setup(
-        backend, cipher_name, key, nonce, None, tag_length, _ENCRYPT
+        backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT
     )
 
     _process_aad(backend, ctx, associated_data)
@@ -101,15 +99,14 @@ def _encrypt(backend, cipher_cls, key, nonce, data, associated_data,
     return processed_data + tag
 
 
-def _decrypt(backend, cipher_cls, key, nonce, data, associated_data,
-             tag_length):
+def _decrypt(backend, cipher, nonce, data, associated_data, tag_length):
     if len(data) < tag_length:
         raise InvalidTag
     tag = data[-tag_length:]
     data = data[:-tag_length]
-    cipher_name = _aead_cipher_name(cipher_cls, len(key))
+    cipher_name = _aead_cipher_name(cipher)
     ctx = _aead_setup(
-        backend, cipher_name, key, nonce, tag, tag_length, _DECRYPT
+        backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT
     )
     _process_aad(backend, ctx, associated_data)
     processed_data = _process_data(backend, ctx, data)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1924,8 +1924,8 @@ def derive_scrypt(self, key_material, salt, length, n, r, p):
         self.openssl_assert(res == 1)
         return self._ffi.buffer(buf)[:]
 
-    def aead_cipher_supported(self, cls):
-        cipher_name = aead._aead_cipher_name(cls, None)
+    def aead_cipher_supported(self, cipher):
+        cipher_name = aead._aead_cipher_name(cipher)
         return (
             self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL
         )

diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py
@@ -13,7 +13,7 @@
 
 class ChaCha20Poly1305(object):
     def __init__(self, key):
-        if not backend.aead_cipher_supported(type(self)):
+        if not backend.aead_cipher_supported(self):
             raise exceptions.UnsupportedAlgorithm(
                 "ChaCha20Poly1305 is not supported by this version of OpenSSL",
                 exceptions._Reasons.UNSUPPORTED_CIPHER
@@ -35,7 +35,7 @@ def encrypt(self, nonce, data, associated_data):
 
         self._check_params(nonce, data, associated_data)
         return aead._encrypt(
-            backend, type(self), self._key, nonce, data, associated_data, 16
+            backend, self, nonce, data, associated_data, 16
         )
 
     def decrypt(self, nonce, data, associated_data):
@@ -44,7 +44,7 @@ def decrypt(self, nonce, data, associated_data):
 
         self._check_params(nonce, data, associated_data)
         return aead._decrypt(
-            backend, type(self), self._key, nonce, data, associated_data, 16
+            backend, self, nonce, data, associated_data, 16
         )
 
     def _check_params(self, nonce, data, associated_data):

diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
@@ -9,7 +9,7 @@
 
 import pytest
 
-from cryptography.exceptions import InvalidTag, _Reasons
+from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
 from cryptography.hazmat.backends.interfaces import CipherBackend
 from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
 
@@ -18,21 +18,27 @@
 )
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: (
-        not backend.aead_cipher_supported(ChaCha20Poly1305)
-    ),
-    skip_message="Requires OpenSSL without ChaCha20Poly1305 support"
+def _chacha20poly1305_supported():
+    try:
+        ChaCha20Poly1305(b"0" * 32)
+        return True
+    except UnsupportedAlgorithm:
+        return False
+
+
+@pytest.mark.skipif(
+    _chacha20poly1305_supported(),
+    reason="Requires OpenSSL without ChaCha20Poly1305 support"
 )
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 def test_chacha20poly1305_unsupported_on_older_openssl(backend):
     with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
         ChaCha20Poly1305(ChaCha20Poly1305.generate_key())
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.aead_cipher_supported(ChaCha20Poly1305),
-    skip_message="Does not support ChaCha20Poly1305"
+@pytest.mark.skipif(
+    not _chacha20poly1305_supported(),
+    reason="Does not support ChaCha20Poly1305"
 )
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestChaCha20Poly1305(object):