aboutsummaryrefslogtreecommitdiffstats
path: root/cryptography/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'cryptography/hazmat')
-rw-r--r--cryptography/hazmat/backends/commoncrypto/backend.py14
-rw-r--r--cryptography/hazmat/backends/multibackend.py34
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py35
-rw-r--r--cryptography/hazmat/primitives/asymmetric/rsa.py14
-rw-r--r--cryptography/hazmat/primitives/ciphers/base.py7
-rw-r--r--cryptography/hazmat/primitives/hashes.py8
-rw-r--r--cryptography/hazmat/primitives/hmac.py6
-rw-r--r--cryptography/hazmat/primitives/kdf/hkdf.py6
-rw-r--r--cryptography/hazmat/primitives/kdf/pbkdf2.py9
9 files changed, 87 insertions, 46 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index f45c91da..4faca73e 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,7 +17,7 @@ from collections import namedtuple
from cryptography import utils
from cryptography.exceptions import (
- InternalError, InvalidTag, UnsupportedAlgorithm
+ InternalError, InvalidTag, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend
@@ -276,7 +276,8 @@ class _CipherContext(object):
raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
ctx = self._backend._ffi.new("CCCryptorRef *")
@@ -349,7 +350,8 @@ class _GCMCipherContext(object):
raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
ctx = self._backend._ffi.new("CCCryptorRef *")
@@ -422,7 +424,8 @@ class _HashContext(object):
except KeyError:
raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
ctx = self._backend._ffi.new(methods.ctx)
res = methods.hash_init(ctx)
@@ -465,7 +468,8 @@ class _HMACContext(object):
except KeyError:
raise UnsupportedAlgorithm(
"{0} is not a supported HMAC hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
self._backend._lib.CCHmacInit(ctx, alg, key, len(key))
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 35769ac1..2a1ec439 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -14,7 +14,7 @@
from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
)
@@ -49,7 +49,9 @@ class MultiBackend(object):
except UnsupportedAlgorithm:
pass
raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
+ "cipher {0} in {1} mode is not supported by this backend".format(
+ algorithm.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
def create_symmetric_decryption_ctx(self, algorithm, mode):
@@ -59,7 +61,9 @@ class MultiBackend(object):
except UnsupportedAlgorithm:
pass
raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
+ "cipher {0} in {1} mode is not supported by this backend".format(
+ algorithm.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
def hash_supported(self, algorithm):
@@ -75,7 +79,9 @@ class MultiBackend(object):
except UnsupportedAlgorithm:
pass
raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
def hmac_supported(self, algorithm):
@@ -91,7 +97,9 @@ class MultiBackend(object):
except UnsupportedAlgorithm:
pass
raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
def pbkdf2_hmac_supported(self, algorithm):
@@ -110,28 +118,24 @@ class MultiBackend(object):
except UnsupportedAlgorithm:
pass
raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
def generate_rsa_private_key(self, public_exponent, key_size):
for b in self._filtered_backends(RSABackend):
return b.generate_rsa_private_key(public_exponent, key_size)
- raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
- )
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_signature_ctx(private_key, padding, algorithm)
- raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
- )
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_verification_ctx(public_key, signature,
padding, algorithm)
- raise UnsupportedAlgorithm(
- "None of the constituents backends support this algorithm."
- )
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index eb5f0e12..753717d4 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -22,7 +22,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
- UnsupportedAlgorithm
+ UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
@@ -222,7 +222,8 @@ class Backend(object):
if not isinstance(algorithm, hashes.SHA1):
raise UnsupportedAlgorithm(
"This version of OpenSSL only supports PBKDF2HMAC with "
- "SHA1"
+ "SHA1",
+ _Reasons.UNSUPPORTED_HASH
)
res = self._lib.PKCS5_PBKDF2_HMAC_SHA1(
key_material,
@@ -267,14 +268,17 @@ class Backend(object):
def _bn_to_int(self, bn):
if six.PY3:
# Python 3 has constant time from_bytes, so use that.
+
bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8
bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes)
bin_len = self._lib.BN_bn2bin(bn, bin_ptr)
assert bin_len > 0
assert bin_ptr != self._ffi.NULL
return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big")
+
else:
# Under Python 2 the best we can do is hex()
+
hex_cdata = self._lib.BN_bn2hex(bn)
assert hex_cdata != self._ffi.NULL
hex_str = self._ffi.string(hex_cdata)
@@ -291,10 +295,12 @@ class Backend(object):
if six.PY3:
# Python 3 has constant time to_bytes, so use that.
+
binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big")
bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL)
assert bn_ptr != self._ffi.NULL
return bn_ptr
+
else:
# Under Python 2 the best we can do is hex()
@@ -450,7 +456,8 @@ class _CipherContext(object):
raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
evp_cipher = adapter(self._backend, cipher, mode)
@@ -458,7 +465,8 @@ class _CipherContext(object):
raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
if isinstance(mode, interfaces.ModeWithInitializationVector):
@@ -598,7 +606,8 @@ class _HashContext(object):
if evp_md == self._backend._ffi.NULL:
raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
self._backend._ffi.NULL)
@@ -648,7 +657,8 @@ class _HMACContext(object):
if evp_md == self._backend._ffi.NULL:
raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
res = self._backend._lib.Cryptography_HMAC_Init_ex(
ctx, key, len(key), evp_md, self._backend._ffi.NULL
@@ -734,7 +744,8 @@ class _RSASignatureContext(object):
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1."
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
)
if self._backend._lib.Cryptography_HAS_PKEY_CTX:
@@ -744,7 +755,8 @@ class _RSASignatureContext(object):
self._finalize_method = self._finalize_pss
else:
raise UnsupportedAlgorithm(
- "{0} is not supported by this backend".format(padding.name)
+ "{0} is not supported by this backend".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
)
self._padding = padding
@@ -918,7 +930,8 @@ class _RSAVerificationContext(object):
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1."
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
)
if self._backend._lib.Cryptography_HAS_PKEY_CTX:
@@ -928,8 +941,8 @@ class _RSAVerificationContext(object):
self._verify_method = self._verify_pss
else:
raise UnsupportedAlgorithm(
- "OpenSSL backend doesn't support {0} for padding. Only PSS "
- "(recommended) and PKCS1v15 are supported."
+ "{0} is not supported by this backend".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
)
self._padding = padding
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index 6fe6a265..94cc4645 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function
import six
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import RSABackend
from cryptography.hazmat.primitives import interfaces
@@ -45,7 +45,9 @@ class RSAPublicKey(object):
def verifier(self, signature, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend")
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.create_rsa_verification_ctx(self, signature, padding,
algorithm)
@@ -136,14 +138,18 @@ class RSAPrivateKey(object):
def generate(cls, public_exponent, key_size, backend):
if not isinstance(backend, RSABackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend")
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.generate_rsa_private_key(public_exponent, key_size)
def signer(self, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend")
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.create_rsa_signature_ctx(self, padding, algorithm)
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index f6c964d3..2274e945 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -15,7 +15,8 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm
+ AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm,
+ _Reasons
)
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives import interfaces
@@ -25,7 +26,9 @@ class Cipher(object):
def __init__(self, algorithm, mode, backend):
if not isinstance(backend, CipherBackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement CipherBackend")
+ "Backend object does not implement CipherBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.CipherAlgorithm):
raise TypeError("Expected interface of interfaces.CipherAlgorithm")
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index d110c822..35b677b0 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -16,7 +16,9 @@ from __future__ import absolute_import, division, print_function
import six
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
+from cryptography.exceptions import (
+ AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+)
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import interfaces
@@ -26,7 +28,9 @@ class Hash(object):
def __init__(self, algorithm, backend, ctx=None):
if not isinstance(backend, HashBackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement HashBackend")
+ "Backend object does not implement HashBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 3dfabef3..afbb2f75 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -28,7 +28,9 @@ class HMAC(object):
def __init__(self, key, algorithm, backend, ctx=None):
if not isinstance(backend, HMACBackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement HMACBackend")
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 2a733b93..03500aaa 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac, interfaces
@@ -28,7 +28,9 @@ class HKDF(object):
def __init__(self, algorithm, length, salt, info, backend):
if not isinstance(backend, HMACBackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement HMACBackend")
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index ab1e3687..bec35bb2 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -28,12 +28,15 @@ class PBKDF2HMAC(object):
def __init__(self, algorithm, length, salt, iterations, backend):
if not isinstance(backend, PBKDF2HMACBackend):
raise UnsupportedAlgorithm(
- "Backend object does not implement PBKDF2HMACBackend")
+ "Backend object does not implement PBKDF2HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not backend.pbkdf2_hmac_supported(algorithm):
raise UnsupportedAlgorithm(
"{0} is not supported for PBKDF2 by this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
self._used = False
self._algorithm = algorithm
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 18:34:07 +0000