diff options
Diffstat (limited to 'cryptography/hazmat')
| -rw-r--r-- | cryptography/hazmat/backends/commoncrypto/backend.py | 22 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/multibackend.py | 50 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 48 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/rsa.py | 20 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/ciphers/base.py | 9 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hashes.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 8 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/hkdf.py | 8 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/pbkdf2.py | 13 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/twofactor/hotp.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/twofactor/totp.py | 10 |
11 files changed, 134 insertions, 74 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index dc0534ee..4faca73e 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -17,7 +17,7 @@ from collections import namedtuple from cryptography import utils from cryptography.exceptions import ( - InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash + InternalError, InvalidTag, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend @@ -273,10 +273,11 @@ class _CipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) ctx = self._backend._ffi.new("CCCryptorRef *") @@ -346,10 +347,11 @@ class _GCMCipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) ctx = self._backend._ffi.new("CCCryptorRef *") @@ -420,9 +422,10 @@ class _HashContext(object): try: methods = self._backend._hash_mapping[self.algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) ctx = self._backend._ffi.new(methods.ctx) res = methods.hash_init(ctx) @@ -463,9 +466,10 @@ class _HMACContext(object): try: alg = self._backend._supported_hmac_algorithms[algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported HMAC hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) self._backend._lib.CCHmacInit(ctx, alg, key, len(key)) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 6c57b3df..2a1ec439 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -14,9 +14,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -48,17 +46,25 @@ class MultiBackend(object): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_encryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "cipher {0} in {1} mode is not supported by this backend".format( + algorithm.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER + ) def create_symmetric_decryption_ctx(self, algorithm, mode): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_decryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "cipher {0} in {1} mode is not supported by this backend".format( + algorithm.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER + ) def hash_supported(self, algorithm): return any( @@ -70,9 +76,13 @@ class MultiBackend(object): for b in self._filtered_backends(HashBackend): try: return b.create_hash_ctx(algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH + ) def hmac_supported(self, algorithm): return any( @@ -84,9 +94,13 @@ class MultiBackend(object): for b in self._filtered_backends(HMACBackend): try: return b.create_hmac_ctx(key, algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH + ) def pbkdf2_hmac_supported(self, algorithm): return any( @@ -101,23 +115,27 @@ class MultiBackend(object): return b.derive_pbkdf2_hmac( algorithm, length, salt, iterations, key_material ) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH + ) def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): return b.generate_rsa_private_key(public_exponent, key_size) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("RSA is not supported by the backend") def create_rsa_signature_ctx(self, private_key, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_signature_ctx(private_key, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("RSA is not supported by the backend") def create_rsa_verification_ctx(self, public_key, signature, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_verification_ctx(public_key, signature, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("RSA is not supported by the backend") diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d2744cf3..753717d4 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -22,8 +22,7 @@ import six from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InternalError, InvalidSignature, InvalidTag, - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash, - UnsupportedPadding + UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend @@ -221,9 +220,10 @@ class Backend(object): assert res == 1 else: if not isinstance(algorithm, hashes.SHA1): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "This version of OpenSSL only supports PBKDF2HMAC with " - "SHA1" + "SHA1", + _Reasons.UNSUPPORTED_HASH ) res = self._lib.PKCS5_PBKDF2_HMAC_SHA1( key_material, @@ -453,18 +453,20 @@ class _CipherContext(object): try: adapter = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) evp_cipher = adapter(self._backend, cipher, mode) if evp_cipher == self._backend._ffi.NULL: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) if isinstance(mode, interfaces.ModeWithInitializationVector): @@ -602,9 +604,10 @@ class _HashContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode("ascii")) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md, self._backend._ffi.NULL) @@ -652,9 +655,10 @@ class _HMACContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) res = self._backend._lib.Cryptography_HMAC_Init_ex( ctx, key, len(key), evp_md, self._backend._ffi.NULL @@ -738,9 +742,10 @@ class _RSASignatureContext(object): "key.") if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1." + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH ) if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -749,8 +754,9 @@ class _RSASignatureContext(object): else: self._finalize_method = self._finalize_pss else: - raise UnsupportedPadding( - "{0} is not supported by this backend".format(padding.name) + raise UnsupportedAlgorithm( + "{0} is not supported by this backend".format(padding.name), + _Reasons.UNSUPPORTED_PADDING ) self._padding = padding @@ -922,9 +928,10 @@ class _RSAVerificationContext(object): ) if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1." + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH ) if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -933,7 +940,10 @@ class _RSAVerificationContext(object): else: self._verify_method = self._verify_pss else: - raise UnsupportedPadding + raise UnsupportedAlgorithm( + "{0} is not supported by this backend".format(padding.name), + _Reasons.UNSUPPORTED_PADDING + ) self._padding = padding self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index cbef8e32..94cc4645 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import UnsupportedInterface +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -44,8 +44,10 @@ class RSAPublicKey(object): def verifier(self, signature, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( - "Backend object does not implement RSABackend") + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.create_rsa_verification_ctx(self, signature, padding, algorithm) @@ -135,15 +137,19 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( - "Backend object does not implement RSABackend") + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( - "Backend object does not implement RSABackend") + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.create_rsa_signature_ctx(self, padding, algorithm) diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index f5dd2ed5..2274e945 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,7 +15,8 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface + AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm, + _Reasons ) from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces @@ -24,8 +25,10 @@ from cryptography.hazmat.primitives import interfaces class Cipher(object): def __init__(self, algorithm, mode, backend): if not isinstance(backend, CipherBackend): - raise UnsupportedInterface( - "Backend object does not implement CipherBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement CipherBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.CipherAlgorithm): raise TypeError("Expected interface of interfaces.CipherAlgorithm") diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 409f564e..35b677b0 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,7 +16,9 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface +from cryptography.exceptions import ( + AlreadyFinalized, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @@ -25,8 +27,10 @@ from cryptography.hazmat.primitives import interfaces class Hash(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, HashBackend): - raise UnsupportedInterface( - "Backend object does not implement HashBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HashBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 0bcbb3cd..afbb2f75 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,8 +27,10 @@ from cryptography.hazmat.primitives import constant_time, interfaces class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index 95396fe1..03500aaa 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @@ -27,8 +27,10 @@ from cryptography.hazmat.primitives import constant_time, hmac, interfaces class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 705e45d7..bec35bb2 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,13 +27,16 @@ from cryptography.hazmat.primitives import constant_time, interfaces class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement PBKDF2HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement PBKDF2HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not backend.pbkdf2_hmac_supported(algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not supported for PBKDF2 by this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) self._used = False self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 34f820c0..41c467c8 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,7 +17,9 @@ import struct import six -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import ( + InvalidToken, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 @@ -26,8 +28,10 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 08510ef5..e55ba00d 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,7 +13,9 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import ( + InvalidToken, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP @@ -22,8 +24,10 @@ from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) |