Merge pull request #799 from Ayrx/add-backend-check-to-kdf

Added backend check to kdf primitives

4 files changed, 16 insertions, 5 deletions

diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 1a464413..10739178 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -16,13 +16,20 @@ from __future__ import absolute_import, division, print_function
 import six
 
 from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, InvalidKey
+from cryptography.exceptions import (
+    AlreadyFinalized, InvalidKey, UnsupportedInterface)
+
+from cryptography.hazmat.backends.interfaces import HMACBackend
 from cryptography.hazmat.primitives import constant_time, hmac, interfaces
 
 
 @utils.register_interface(interfaces.KeyDerivationFunction)
 class HKDF(object):
     def __init__(self, algorithm, length, salt, info, backend):
+        if not isinstance(backend, HMACBackend):
+            raise UnsupportedInterface(
+                "Backend object does not implement HMACBackend")
+
         self._algorithm = algorithm
 
         max_length = 255 * (algorithm.digest_size // 8)
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 39427780..fcfe601a 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,14 +17,20 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InvalidKey, UnsupportedHash, AlreadyFinalized
-)
+    InvalidKey, UnsupportedHash, AlreadyFinalized,
+    UnsupportedInterface)
+
+from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
 from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.KeyDerivationFunction)
 class PBKDF2HMAC(object):
     def __init__(self, algorithm, length, salt, iterations, backend):
+        if not isinstance(backend, PBKDF2HMACBackend):
+            raise UnsupportedInterface(
+                "Backend object does not implement PBKDF2HMACBackend")
+
         if not backend.pbkdf2_hmac_supported(algorithm):
             raise UnsupportedHash(
                 "{0} is not supported for PBKDF2 by this backend".format(
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 27476fd9..34f820c0 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -25,7 +25,6 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
 
 class HOTP(object):
     def __init__(self, key, length, algorithm, backend):
-
         if not isinstance(backend, HMACBackend):
             raise UnsupportedInterface(
                 "Backend object does not implement HMACBackend")
diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py
index 0ce3adaf..08510ef5 100644
--- a/cryptography/hazmat/primitives/twofactor/totp.py
+++ b/cryptography/hazmat/primitives/twofactor/totp.py
@@ -21,7 +21,6 @@ from cryptography.hazmat.primitives.twofactor.hotp import HOTP
 
 class TOTP(object):
     def __init__(self, key, length, algorithm, time_step, backend):
-
         if not isinstance(backend, HMACBackend):
             raise UnsupportedInterface(
                 "Backend object does not implement HMACBackend")