diff options
33 files changed, 190 insertions, 202 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 88766cc1..d97f20cc 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -14,20 +14,14 @@ from __future__ import absolute_import, division, print_function -class UnsupportedAlgorithm(Exception): - pass +class _Causes(object): + BACKEND_MISSING_INTERFACE = 0 -class UnsupportedCipher(UnsupportedAlgorithm): - pass - - -class UnsupportedHash(UnsupportedAlgorithm): - pass - - -class UnsupportedPadding(UnsupportedAlgorithm): - pass +class UnsupportedAlgorithm(Exception): + def __init__(self, message, cause=None): + super(UnsupportedAlgorithm, self).__init__(message) + self._cause = cause class AlreadyFinalized(Exception): @@ -60,7 +54,3 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass - - -class UnsupportedInterface(Exception): - pass diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index dc0534ee..f45c91da 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -17,7 +17,7 @@ from collections import namedtuple from cryptography import utils from cryptography.exceptions import ( - InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash + InternalError, InvalidTag, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend @@ -273,7 +273,7 @@ class _CipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -346,7 +346,7 @@ class _GCMCipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -420,7 +420,7 @@ class _HashContext(object): try: methods = self._backend._hash_mapping[self.algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -463,7 +463,7 @@ class _HMACContext(object): try: alg = self._backend._supported_hmac_algorithms[algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported HMAC hash on this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 6c57b3df..35769ac1 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -14,9 +14,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -48,17 +46,21 @@ class MultiBackend(object): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_encryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_symmetric_decryption_ctx(self, algorithm, mode): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_decryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def hash_supported(self, algorithm): return any( @@ -70,9 +72,11 @@ class MultiBackend(object): for b in self._filtered_backends(HashBackend): try: return b.create_hash_ctx(algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def hmac_supported(self, algorithm): return any( @@ -84,9 +88,11 @@ class MultiBackend(object): for b in self._filtered_backends(HMACBackend): try: return b.create_hmac_ctx(key, algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def pbkdf2_hmac_supported(self, algorithm): return any( @@ -101,23 +107,31 @@ class MultiBackend(object): return b.derive_pbkdf2_hmac( algorithm, length, salt, iterations, key_material ) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): return b.generate_rsa_private_key(public_exponent, key_size) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_rsa_signature_ctx(self, private_key, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_signature_ctx(private_key, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_rsa_verification_ctx(self, public_key, signature, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_verification_ctx(public_key, signature, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d2744cf3..eb5f0e12 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -22,8 +22,7 @@ import six from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InternalError, InvalidSignature, InvalidTag, - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash, - UnsupportedPadding + UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend @@ -221,7 +220,7 @@ class Backend(object): assert res == 1 else: if not isinstance(algorithm, hashes.SHA1): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "This version of OpenSSL only supports PBKDF2HMAC with " "SHA1" ) @@ -268,17 +267,14 @@ class Backend(object): def _bn_to_int(self, bn): if six.PY3: # Python 3 has constant time from_bytes, so use that. - bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8 bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes) bin_len = self._lib.BN_bn2bin(bn, bin_ptr) assert bin_len > 0 assert bin_ptr != self._ffi.NULL return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") - else: # Under Python 2 the best we can do is hex() - hex_cdata = self._lib.BN_bn2hex(bn) assert hex_cdata != self._ffi.NULL hex_str = self._ffi.string(hex_cdata) @@ -295,12 +291,10 @@ class Backend(object): if six.PY3: # Python 3 has constant time to_bytes, so use that. - binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big") bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL) assert bn_ptr != self._ffi.NULL return bn_ptr - else: # Under Python 2 the best we can do is hex() @@ -453,7 +447,7 @@ class _CipherContext(object): try: adapter = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -461,7 +455,7 @@ class _CipherContext(object): evp_cipher = adapter(self._backend, cipher, mode) if evp_cipher == self._backend._ffi.NULL: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -602,7 +596,7 @@ class _HashContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode("ascii")) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -652,7 +646,7 @@ class _HMACContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -738,7 +732,7 @@ class _RSASignatureContext(object): "key.") if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " "supported with MGF1." ) @@ -749,7 +743,7 @@ class _RSASignatureContext(object): else: self._finalize_method = self._finalize_pss else: - raise UnsupportedPadding( + raise UnsupportedAlgorithm( "{0} is not supported by this backend".format(padding.name) ) @@ -922,7 +916,7 @@ class _RSAVerificationContext(object): ) if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " "supported with MGF1." ) @@ -933,7 +927,10 @@ class _RSAVerificationContext(object): else: self._verify_method = self._verify_pss else: - raise UnsupportedPadding + raise UnsupportedAlgorithm( + "OpenSSL backend doesn't support {0} for padding. Only PSS " + "(recommended) and PKCS1v15 are supported." + ) self._padding = padding self._algorithm = algorithm diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index eb1f018b..fed74857 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -319,7 +319,7 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); RHEL/CentOS 5 this can be moved back to FUNCTIONS. */ SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); -const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*); +const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *); """ CUSTOMIZATIONS = """ @@ -423,7 +423,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; #endif // Workaround for #794 caused by cffi const** bug. -const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { +const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) { return ctx->method; } """ diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index cbef8e32..6fe6a265 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import UnsupportedInterface +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -44,7 +44,7 @@ class RSAPublicKey(object): def verifier(self, signature, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.create_rsa_verification_ctx(self, signature, padding, @@ -135,14 +135,14 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.create_rsa_signature_ctx(self, padding, algorithm) diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index f5dd2ed5..f6c964d3 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,7 +15,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface + AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces @@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import interfaces class Cipher(object): def __init__(self, algorithm, mode, backend): if not isinstance(backend, CipherBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement CipherBackend") if not isinstance(algorithm, interfaces.CipherAlgorithm): diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 409f564e..d110c822 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @@ -25,7 +25,7 @@ from cryptography.hazmat.primitives import interfaces class Hash(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, HashBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HashBackend") if not isinstance(algorithm, interfaces.HashAlgorithm): diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 0bcbb3cd..3dfabef3 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, interfaces class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend") if not isinstance(algorithm, interfaces.HashAlgorithm): diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index 95396fe1..2a733b93 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, hmac, interfaces class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend") self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 705e45d7..ab1e3687 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,11 +27,11 @@ from cryptography.hazmat.primitives import constant_time, interfaces class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement PBKDF2HMACBackend") if not backend.pbkdf2_hmac_supported(algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not supported for PBKDF2 by this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 34f820c0..bac23d1b 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,7 +17,7 @@ import struct import six -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 @@ -26,8 +26,10 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Causes.BACKEND_MISSING_INTERFACE + ) if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 08510ef5..d0162395 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,7 +13,7 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP @@ -22,8 +22,10 @@ from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Causes.BACKEND_MISSING_INTERFACE + ) self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) diff --git a/docs/exceptions.rst b/docs/exceptions.rst index e5010ebe..28da8ecc 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -3,6 +3,13 @@ Exceptions .. currentmodule:: cryptography.exceptions + +.. class:: UnsupportedAlgorithm + + Raised when the requested algorithm, or combination of algorithms is not + supported. + + .. class:: AlreadyFinalized This is raised when a context is used after being finalized. @@ -25,25 +32,6 @@ Exceptions This is raised when additional data is added to a context after update has already been called. -.. class:: UnsupportedCipher - - .. versionadded:: 0.3 - - This is raised when a backend doesn't support the requested cipher - algorithm and mode combination. - -.. class:: UnsupportedHash - - .. versionadded:: 0.3 - - This is raised when a backend doesn't support the requested hash algorithm. - -.. class:: UnsupportedPadding - - .. versionadded:: 0.3 - - This is raised when the requested padding is not supported by the backend. - .. class:: InvalidKey @@ -55,10 +43,3 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. - -.. class:: UnsupportedInterface - - .. versionadded:: 0.3 - - This is raised when the provided backend does not support the required - interface. diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 57c8eec2..182e35d2 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -50,7 +50,7 @@ RSA provider. :return: A new instance of ``RSAPrivateKey``. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.RSABackend` @@ -100,9 +100,16 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. :raises TypeError: This is raised when the padding is not an :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` @@ -111,17 +118,6 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. - :raises UnsupportedHash: This is raised when the backend does not - support the chosen hash algorithm. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the `MGF1` hash - algorithm. - - :raises UnsupportedPadding: This is raised when the backend does not - support the chosen padding. - .. class:: RSAPublicKey(public_exponent, modulus) @@ -205,9 +201,16 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. :raises TypeError: This is raised when the padding is not an :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` @@ -216,16 +219,6 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. - :raises UnsupportedHash: This is raised when the backend does not - support the chosen hash algorithm. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the `MGF1` hash - algorithm. - - :raises UnsupportedPadding: This is raised when the backend does not - support the chosen padding. .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index c318feeb..773d97f6 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -29,7 +29,8 @@ Message digests 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. + :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be + raised. Keep in mind that attacks against cryptographic hashes only get stronger with time, and that often algorithms that were once thought to be strong, @@ -45,7 +46,7 @@ Message digests :class:`~cryptography.hazmat.backends.interfaces.HashBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HashBackend` diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 5d511bc4..11b10735 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -35,7 +35,8 @@ of a message. '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. + :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be + raised. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: @@ -56,7 +57,7 @@ of a message. :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 6196d951..269f949d 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -84,7 +84,7 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` @@ -187,7 +187,7 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f7e8d5b7..28de611e 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -56,7 +56,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` @@ -67,7 +67,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be raised. .. method:: decryptor() @@ -77,7 +77,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher` + and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` exception will be raised. .. _symmetric-encryption-algorithms: diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index e9f5c7ff..f19cf0e6 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -52,7 +52,7 @@ codes (HMAC). :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` @@ -151,7 +151,7 @@ similar to the following code. :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 72ed61c0..dc6c8c5b 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import InternalError, UnsupportedCipher +from cryptography.exceptions import InternalError, UnsupportedAlgorithm from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES @@ -63,5 +63,5 @@ class TestCommonCrypto(object): cipher = Cipher( DummyCipher(), GCM(b"fake_iv_here"), backend=b, ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index c5c0d82a..7ab9e446 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -16,9 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -38,11 +36,11 @@ class DummyCipherBackend(object): def create_symmetric_encryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedCipher + raise UnsupportedAlgorithm(None) def create_symmetric_decryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedCipher + raise UnsupportedAlgorithm(None) @utils.register_interface(HashBackend) @@ -55,7 +53,7 @@ class DummyHashBackend(object): def create_hash_ctx(self, algorithm): if not self.hash_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(HMACBackend) @@ -68,7 +66,7 @@ class DummyHMACBackend(object): def create_hmac_ctx(self, key, algorithm): if not self.hmac_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(PBKDF2HMACBackend) @@ -82,7 +80,7 @@ class DummyPBKDF2HMACBackend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): if not self.pbkdf2_hmac_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(RSABackend) @@ -123,9 +121,9 @@ class TestMultiBackend(object): modes.CBC(b"\x00" * 16), backend=backend ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() def test_hashes(self): @@ -136,7 +134,7 @@ class TestMultiBackend(object): hashes.Hash(hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): @@ -147,7 +145,7 @@ class TestMultiBackend(object): hmac.HMAC(b"", hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): @@ -158,7 +156,7 @@ class TestMultiBackend(object): backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") def test_rsa(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 3747f436..fdc661f0 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -16,9 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import ( - InternalError, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import InternalError, UnsupportedAlgorithm from cryptography.hazmat.backends.openssl.backend import Backend, backend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -78,7 +76,7 @@ class TestOpenSSL(object): cipher = Cipher( DummyCipher(), mode, backend=b, ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() def test_consume_errors(self): @@ -140,7 +138,7 @@ class TestOpenSSL(object): def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): if backend.pbkdf2_hmac_supported(hashes.SHA256()): pytest.skip("Requires an older OpenSSL") - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") @pytest.mark.skipif( @@ -153,7 +151,7 @@ class TestOpenSSL(object): key_size=512, backend=backend ) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): private_key.signer( padding.PSS( mgf=padding.MGF1( @@ -165,7 +163,7 @@ class TestOpenSSL(object): backend ) public_key = private_key.public_key() - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier( b"sig", padding.PSS( diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index f2dab6cf..e9ea7fb0 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -114,10 +114,10 @@ class TestCipherContext(object): cipher = Cipher( DummyCipher(), mode, backend ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() def test_incorrectly_padded(self, backend): diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 1bea0bdb..827b3b90 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -17,7 +17,7 @@ import binascii import pytest -from cryptography.exceptions import UnsupportedInterface +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES @@ -128,5 +128,5 @@ class TestIDEA(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 5b318f64..ce8e92a3 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,9 +20,7 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedHash, UnsupportedInterface -) +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces @@ -72,7 +70,7 @@ class TestHashContext(object): h.finalize() def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(UnsupportedDummyHash(), backend) @@ -183,5 +181,5 @@ class TestMD5(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index 367addc9..b3d412c5 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -18,7 +18,7 @@ import pytest import six from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF @@ -152,5 +152,5 @@ class TestHKDF(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): HKDF(hashes.SHA256(), 16, None, None, pretend_backend) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 1065359a..cdf8909d 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,7 +21,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces @@ -106,12 +106,12 @@ class TestHMAC(object): h.verify(six.u('')) def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"key", UnsupportedDummyHash(), backend) def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"key", hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index 585693ea..ebc5fbf5 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,7 +18,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, interfaces @@ -48,7 +48,7 @@ class TestPBKDF2HMAC(object): kdf.verify(b"password", key) def test_unsupported_algorithm(self): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) def test_invalid_key(self): @@ -72,5 +72,5 @@ class TestPBKDF2HMAC(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index eb7e1e60..2d3ce092 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -21,9 +21,9 @@ import os import pytest -from cryptography import exceptions, utils +from cryptography import utils from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -398,7 +398,7 @@ class TestRSA(object): def test_rsa_generate_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) @@ -594,9 +594,9 @@ class TestRSASignature(object): signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signer.finalize() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): signer.finalize() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): signer.update(b"more data") def test_unsupported_padding(self, backend): @@ -605,7 +605,7 @@ class TestRSASignature(object): key_size=512, backend=backend ) - with pytest.raises(exceptions.UnsupportedPadding): + with pytest.raises(UnsupportedAlgorithm): private_key.signer(DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -621,7 +621,7 @@ class TestRSASignature(object): pretend_backend = object() private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): private_key.signer( padding.PKCS1v15(), hashes.SHA256, pretend_backend) @@ -678,7 +678,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pkcs1v15_signature_wrong_key(self, backend): @@ -703,7 +703,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() @pytest.mark.parametrize( @@ -759,7 +759,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pss_signature_wrong_key(self, backend): @@ -789,7 +789,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pss_signature_data_too_large_for_modulus(self, backend): @@ -819,7 +819,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_use_after_finalize(self, backend): @@ -841,9 +841,9 @@ class TestRSAVerification(object): ) verifier.update(b"sign me") verifier.verify() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): verifier.verify() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): verifier.update(b"more data") def test_unsupported_padding(self, backend): @@ -853,7 +853,7 @@ class TestRSAVerification(object): backend=backend ) public_key = private_key.public_key() - with pytest.raises(exceptions.UnsupportedPadding): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -871,7 +871,7 @@ class TestRSAVerification(object): private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) public_key = private_key.public_key() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier( b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) @@ -939,7 +939,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 4bb7c6b3..b2b2677c 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -17,12 +17,14 @@ import os import pytest -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, _Causes from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.hashes import MD5, SHA1 from cryptography.hazmat.primitives.twofactor.hotp import HOTP -from ....utils import load_nist_vectors, load_vectors_from_file +from ....utils import ( + load_nist_vectors, load_vectors_from_file, raises_unsupported +) vectors = load_vectors_from_file( "twofactor/rfc-4226.txt", load_nist_vectors) @@ -103,5 +105,5 @@ def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): HOTP(secret, 8, hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index d5b0a8ed..208b0eea 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -15,11 +15,13 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, _Causes from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP -from ....utils import load_nist_vectors, load_vectors_from_file +from ....utils import ( + load_nist_vectors, load_vectors_from_file, raises_unsupported +) vectors = load_vectors_from_file( "twofactor/rfc-6238.txt", load_nist_vectors) @@ -137,5 +139,5 @@ def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend) diff --git a/tests/utils.py b/tests/utils.py index 3e35970e..fbe448fe 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -14,11 +14,13 @@ from __future__ import absolute_import, division, print_function import collections +from contextlib import contextmanager import pytest import six +from cryptography.exceptions import UnsupportedAlgorithm import cryptography_vectors @@ -67,6 +69,13 @@ def check_backend_support(item): "backend") +@contextmanager +def raises_unsupported(cause): + with pytest.raises(UnsupportedAlgorithm) as exc_info: + yield + assert exc_info.value._cause == cause + + def load_vectors_from_file(filename, loader): with cryptography_vectors.open_vector_file(filename) as vector_file: return loader(vector_file) |