aboutsummaryrefslogtreecommitdiffstats
path: root/cryptography/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'cryptography/hazmat')
-rw-r--r--cryptography/hazmat/backends/commoncrypto/backend.py10
-rw-r--r--cryptography/hazmat/backends/multibackend.py46
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py29
-rw-r--r--cryptography/hazmat/bindings/openssl/ssl.py4
-rw-r--r--cryptography/hazmat/primitives/asymmetric/rsa.py8
-rw-r--r--cryptography/hazmat/primitives/ciphers/base.py4
-rw-r--r--cryptography/hazmat/primitives/hashes.py4
-rw-r--r--cryptography/hazmat/primitives/hmac.py4
-rw-r--r--cryptography/hazmat/primitives/kdf/hkdf.py4
-rw-r--r--cryptography/hazmat/primitives/kdf/pbkdf2.py6
-rw-r--r--cryptography/hazmat/primitives/twofactor/hotp.py8
-rw-r--r--cryptography/hazmat/primitives/twofactor/totp.py8
12 files changed, 75 insertions, 60 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index dc0534ee..f45c91da 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,7 +17,7 @@ from collections import namedtuple
from cryptography import utils
from cryptography.exceptions import (
- InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash
+ InternalError, InvalidTag, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend
@@ -273,7 +273,7 @@ class _CipherContext(object):
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -346,7 +346,7 @@ class _GCMCipherContext(object):
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -420,7 +420,7 @@ class _HashContext(object):
try:
methods = self._backend._hash_mapping[self.algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -463,7 +463,7 @@ class _HMACContext(object):
try:
alg = self._backend._supported_hmac_algorithms[algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported HMAC hash on this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 6c57b3df..35769ac1 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -14,9 +14,7 @@
from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
-)
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
)
@@ -48,17 +46,21 @@ class MultiBackend(object):
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_encryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_symmetric_decryption_ctx(self, algorithm, mode):
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_decryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def hash_supported(self, algorithm):
return any(
@@ -70,9 +72,11 @@ class MultiBackend(object):
for b in self._filtered_backends(HashBackend):
try:
return b.create_hash_ctx(algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def hmac_supported(self, algorithm):
return any(
@@ -84,9 +88,11 @@ class MultiBackend(object):
for b in self._filtered_backends(HMACBackend):
try:
return b.create_hmac_ctx(key, algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def pbkdf2_hmac_supported(self, algorithm):
return any(
@@ -101,23 +107,31 @@ class MultiBackend(object):
return b.derive_pbkdf2_hmac(
algorithm, length, salt, iterations, key_material
)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def generate_rsa_private_key(self, public_exponent, key_size):
for b in self._filtered_backends(RSABackend):
return b.generate_rsa_private_key(public_exponent, key_size)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_signature_ctx(private_key, padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_verification_ctx(public_key, signature,
padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index d2744cf3..eb5f0e12 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -22,8 +22,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash,
- UnsupportedPadding
+ UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
@@ -221,7 +220,7 @@ class Backend(object):
assert res == 1
else:
if not isinstance(algorithm, hashes.SHA1):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"This version of OpenSSL only supports PBKDF2HMAC with "
"SHA1"
)
@@ -268,17 +267,14 @@ class Backend(object):
def _bn_to_int(self, bn):
if six.PY3:
# Python 3 has constant time from_bytes, so use that.
-
bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8
bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes)
bin_len = self._lib.BN_bn2bin(bn, bin_ptr)
assert bin_len > 0
assert bin_ptr != self._ffi.NULL
return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big")
-
else:
# Under Python 2 the best we can do is hex()
-
hex_cdata = self._lib.BN_bn2hex(bn)
assert hex_cdata != self._ffi.NULL
hex_str = self._ffi.string(hex_cdata)
@@ -295,12 +291,10 @@ class Backend(object):
if six.PY3:
# Python 3 has constant time to_bytes, so use that.
-
binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big")
bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL)
assert bn_ptr != self._ffi.NULL
return bn_ptr
-
else:
# Under Python 2 the best we can do is hex()
@@ -453,7 +447,7 @@ class _CipherContext(object):
try:
adapter = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -461,7 +455,7 @@ class _CipherContext(object):
evp_cipher = adapter(self._backend, cipher, mode)
if evp_cipher == self._backend._ffi.NULL:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -602,7 +596,7 @@ class _HashContext(object):
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode("ascii"))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -652,7 +646,7 @@ class _HMACContext(object):
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode('ascii'))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -738,7 +732,7 @@ class _RSASignatureContext(object):
"key.")
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
"supported with MGF1."
)
@@ -749,7 +743,7 @@ class _RSASignatureContext(object):
else:
self._finalize_method = self._finalize_pss
else:
- raise UnsupportedPadding(
+ raise UnsupportedAlgorithm(
"{0} is not supported by this backend".format(padding.name)
)
@@ -922,7 +916,7 @@ class _RSAVerificationContext(object):
)
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
"supported with MGF1."
)
@@ -933,7 +927,10 @@ class _RSAVerificationContext(object):
else:
self._verify_method = self._verify_pss
else:
- raise UnsupportedPadding
+ raise UnsupportedAlgorithm(
+ "OpenSSL backend doesn't support {0} for padding. Only PSS "
+ "(recommended) and PKCS1v15 are supported."
+ )
self._padding = padding
self._algorithm = algorithm
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index eb1f018b..fed74857 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -319,7 +319,7 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int);
RHEL/CentOS 5 this can be moved back to FUNCTIONS. */
SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*);
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *);
"""
CUSTOMIZATIONS = """
@@ -423,7 +423,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1;
#endif
// Workaround for #794 caused by cffi const** bug.
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) {
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) {
return ctx->method;
}
"""
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index cbef8e32..6fe6a265 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function
import six
from cryptography import utils
-from cryptography.exceptions import UnsupportedInterface
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import RSABackend
from cryptography.hazmat.primitives import interfaces
@@ -44,7 +44,7 @@ class RSAPublicKey(object):
def verifier(self, signature, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.create_rsa_verification_ctx(self, signature, padding,
@@ -135,14 +135,14 @@ class RSAPrivateKey(object):
@classmethod
def generate(cls, public_exponent, key_size, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.generate_rsa_private_key(public_exponent, key_size)
def signer(self, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.create_rsa_signature_ctx(self, padding, algorithm)
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index f5dd2ed5..f6c964d3 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -15,7 +15,7 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface
+ AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives import interfaces
@@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import interfaces
class Cipher(object):
def __init__(self, algorithm, mode, backend):
if not isinstance(backend, CipherBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement CipherBackend")
if not isinstance(algorithm, interfaces.CipherAlgorithm):
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 409f564e..d110c822 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function
import six
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface
+from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import interfaces
@@ -25,7 +25,7 @@ from cryptography.hazmat.primitives import interfaces
class Hash(object):
def __init__(self, algorithm, backend, ctx=None):
if not isinstance(backend, HashBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HashBackend")
if not isinstance(algorithm, interfaces.HashAlgorithm):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 0bcbb3cd..3dfabef3 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, interfaces
class HMAC(object):
def __init__(self, key, algorithm, backend, ctx=None):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HMACBackend")
if not isinstance(algorithm, interfaces.HashAlgorithm):
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 95396fe1..2a733b93 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac, interfaces
@@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, hmac, interfaces
class HKDF(object):
def __init__(self, algorithm, length, salt, info, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HMACBackend")
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 705e45d7..ab1e3687 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@ import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,11 +27,11 @@ from cryptography.hazmat.primitives import constant_time, interfaces
class PBKDF2HMAC(object):
def __init__(self, algorithm, length, salt, iterations, backend):
if not isinstance(backend, PBKDF2HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement PBKDF2HMACBackend")
if not backend.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not supported for PBKDF2 by this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 34f820c0..bac23d1b 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -17,7 +17,7 @@ import struct
import six
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac
from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
@@ -26,8 +26,10 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
class HOTP(object):
def __init__(self, key, length, algorithm, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Causes.BACKEND_MISSING_INTERFACE
+ )
if len(key) < 16:
raise ValueError("Key length has to be at least 128 bits.")
diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py
index 08510ef5..d0162395 100644
--- a/cryptography/hazmat/primitives/twofactor/totp.py
+++ b/cryptography/hazmat/primitives/twofactor/totp.py
@@ -13,7 +13,7 @@
from __future__ import absolute_import, division, print_function
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
@@ -22,8 +22,10 @@ from cryptography.hazmat.primitives.twofactor.hotp import HOTP
class TOTP(object):
def __init__(self, key, length, algorithm, time_step, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Causes.BACKEND_MISSING_INTERFACE
+ )
self._time_step = time_step
self._hotp = HOTP(key, length, algorithm, backend)
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-08 05:52:42 +0000