Added backend check to rsa primitives

3 files changed, 51 insertions, 0 deletions

diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index dfb43340..cbef8e32 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function
 import six
 
 from cryptography import utils
+from cryptography.exceptions import UnsupportedInterface
+from cryptography.hazmat.backends.interfaces import RSABackend
 from cryptography.hazmat.primitives import interfaces
 
 
@@ -41,6 +43,10 @@ class RSAPublicKey(object):
         self._modulus = modulus
 
     def verifier(self, signature, padding, algorithm, backend):
+        if not isinstance(backend, RSABackend):
+            raise UnsupportedInterface(
+                "Backend object does not implement RSABackend")
+
         return backend.create_rsa_verification_ctx(self, signature, padding,
                                                    algorithm)
 
@@ -128,9 +134,17 @@ class RSAPrivateKey(object):
 
     @classmethod
     def generate(cls, public_exponent, key_size, backend):
+        if not isinstance(backend, RSABackend):
+            raise UnsupportedInterface(
+                "Backend object does not implement RSABackend")
+
         return backend.generate_rsa_private_key(public_exponent, key_size)
 
     def signer(self, padding, algorithm, backend):
+        if not isinstance(backend, RSABackend):
+            raise UnsupportedInterface(
+                "Backend object does not implement RSABackend")
+
         return backend.create_rsa_signature_ctx(self, padding, algorithm)
 
     @property
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 7943981e..03a7caed 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -50,6 +50,11 @@ RSA
             provider.
         :return: A new instance of ``RSAPrivateKey``.
 
+        :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+            the provided ``backend`` does not implement
+            :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+
+
     .. method:: signer(padding, algorithm, backend)
 
         .. versionadded:: 0.3
@@ -90,6 +95,9 @@ RSA
         :returns:
             :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
 
+        :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+            the provided ``backend`` does not implement
+            :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
 
 .. class:: RSAPublicKey(public_exponent, modulus)
 
@@ -154,6 +162,10 @@ RSA
         :returns:
             :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
 
+        :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+            the provided ``backend`` does not implement
+            :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
 .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 114dc415..f49507b4 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -16,6 +16,7 @@ from __future__ import absolute_import, division, print_function
 
 import binascii
 import itertools
+from cryptography.exceptions import UnsupportedInterface
 import os
 
 import pytest
@@ -385,6 +386,13 @@ class TestRSA(object):
             rsa.RSAPublicKey(public_exponent=6, modulus=15)
 
 
+def test_rsa_generate_invalid_backend():
+    pretend_backend = object()
+
+    with pytest.raises(UnsupportedInterface):
+        rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
+
+
 @pytest.mark.rsa
 class TestRSASignature(object):
     @pytest.mark.parametrize(
@@ -444,6 +452,14 @@ class TestRSASignature(object):
         with pytest.raises(TypeError):
             private_key.signer("notpadding", hashes.SHA1(), backend)
 
+    def test_rsa_signer_invalid_backend(self, backend):
+        pretend_backend = object()
+        private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+
+        with pytest.raises(UnsupportedInterface):
+            private_key.signer(
+                padding.PKCS1v15(), hashes.SHA256, pretend_backend)
+
 
 @pytest.mark.rsa
 class TestRSAVerification(object):
@@ -559,6 +575,15 @@ class TestRSAVerification(object):
         with pytest.raises(TypeError):
             public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend)
 
+    def test_rsa_verifier_invalid_backend(self, backend):
+        pretend_backend = object()
+        private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+        public_key = private_key.public_key()
+
+        with pytest.raises(UnsupportedInterface):
+            public_key.verifier(
+                b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
+
 
 class TestMGF1(object):
     def test_invalid_hash_algorithm(self):