diff options
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/hkdf.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/pbkdf2.py | 11 | ||||
| -rw-r--r-- | docs/hazmat/primitives/key-derivation-functions.rst | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hkdf.py | 9 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_pbkdf2hmac.py | 12 |
5 files changed, 44 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index 1a464413..dde1d94e 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -16,13 +16,21 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.exceptions import ( + AlreadyFinalized, InvalidKey, UnsupportedInterface) + +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): + + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._algorithm = algorithm max_length = 255 * (algorithm.digest_size // 8) diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 39427780..1c9e10b2 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,14 +17,21 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized -) + InvalidKey, UnsupportedHash, AlreadyFinalized, + UnsupportedInterface) + +from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): + + if not isinstance(backend, PBKDF2HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement PBKDF2HMACBackend") + if not backend.pbkdf2_hmac_supported(algorithm): raise UnsupportedHash( "{0} is not supported for PBKDF2 by this backend".format( diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 851dbb0b..174b68d2 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -84,6 +84,10 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` + .. method:: derive(key_material) :param bytes key_material: The input key material. For PBKDF2 this @@ -183,6 +187,10 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` + .. method:: derive(key_material) :param bytes key_material: The input key material. diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index e3e2a9df..3dea3f27 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -17,7 +17,7 @@ import six import pytest -from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.exceptions import AlreadyFinalized, InvalidKey, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF @@ -145,3 +145,10 @@ class TestHKDF(object): ) hkdf.verify(b"foo", six.u("bar")) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + HKDF(hashes.SHA256(), 16, None, None, pretend_backend) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index f895935b..a47d879e 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,8 +18,9 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized -) + InvalidKey, UnsupportedHash, AlreadyFinalized, + UnsupportedInterface) + from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.backends import default_backend @@ -67,3 +68,10 @@ class TestPBKDF2HMAC(object): kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) with pytest.raises(TypeError): kdf.derive(six.u("unicode here")) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend) |