From 7a489dbd116edd4ca5a6104b74748f3a4f712d15 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 22 Mar 2014 15:09:34 -0700 Subject: Fixed #809 -- switch back to always using UnsupportedAlgorithm --- cryptography/exceptions.py | 22 +++-------- .../hazmat/backends/commoncrypto/backend.py | 10 ++--- cryptography/hazmat/backends/multibackend.py | 46 ++++++++++++++-------- cryptography/hazmat/backends/openssl/backend.py | 29 ++++++-------- cryptography/hazmat/bindings/openssl/ssl.py | 4 +- cryptography/hazmat/primitives/asymmetric/rsa.py | 8 ++-- cryptography/hazmat/primitives/ciphers/base.py | 4 +- cryptography/hazmat/primitives/hashes.py | 4 +- cryptography/hazmat/primitives/hmac.py | 4 +- cryptography/hazmat/primitives/kdf/hkdf.py | 4 +- cryptography/hazmat/primitives/kdf/pbkdf2.py | 6 +-- cryptography/hazmat/primitives/twofactor/hotp.py | 8 ++-- cryptography/hazmat/primitives/twofactor/totp.py | 8 ++-- docs/exceptions.rst | 33 ++++------------ docs/hazmat/primitives/asymmetric/rsa.rst | 45 +++++++++------------ docs/hazmat/primitives/cryptographic-hashes.rst | 5 ++- docs/hazmat/primitives/hmac.rst | 5 ++- .../hazmat/primitives/key-derivation-functions.rst | 4 +- docs/hazmat/primitives/symmetric-encryption.rst | 6 +-- docs/hazmat/primitives/twofactor.rst | 4 +- tests/hazmat/backends/test_commoncrypto.py | 4 +- tests/hazmat/backends/test_multibackend.py | 24 ++++++----- tests/hazmat/backends/test_openssl.py | 12 +++--- tests/hazmat/primitives/test_block.py | 6 +-- tests/hazmat/primitives/test_ciphers.py | 4 +- tests/hazmat/primitives/test_hashes.py | 8 ++-- tests/hazmat/primitives/test_hkdf.py | 4 +- tests/hazmat/primitives/test_hmac.py | 6 +-- tests/hazmat/primitives/test_pbkdf2hmac.py | 6 +-- tests/hazmat/primitives/test_rsa.py | 34 ++++++++-------- tests/hazmat/primitives/twofactor/test_hotp.py | 8 ++-- tests/hazmat/primitives/twofactor/test_totp.py | 8 ++-- tests/utils.py | 9 +++++ 33 files changed, 190 insertions(+), 202 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 88766cc1..d97f20cc 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -14,20 +14,14 @@ from __future__ import absolute_import, division, print_function -class UnsupportedAlgorithm(Exception): - pass +class _Causes(object): + BACKEND_MISSING_INTERFACE = 0 -class UnsupportedCipher(UnsupportedAlgorithm): - pass - - -class UnsupportedHash(UnsupportedAlgorithm): - pass - - -class UnsupportedPadding(UnsupportedAlgorithm): - pass +class UnsupportedAlgorithm(Exception): + def __init__(self, message, cause=None): + super(UnsupportedAlgorithm, self).__init__(message) + self._cause = cause class AlreadyFinalized(Exception): @@ -60,7 +54,3 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass - - -class UnsupportedInterface(Exception): - pass diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index dc0534ee..f45c91da 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -17,7 +17,7 @@ from collections import namedtuple from cryptography import utils from cryptography.exceptions import ( - InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash + InternalError, InvalidTag, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend @@ -273,7 +273,7 @@ class _CipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -346,7 +346,7 @@ class _GCMCipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -420,7 +420,7 @@ class _HashContext(object): try: methods = self._backend._hash_mapping[self.algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -463,7 +463,7 @@ class _HMACContext(object): try: alg = self._backend._supported_hmac_algorithms[algorithm.name] except KeyError: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported HMAC hash on this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 6c57b3df..35769ac1 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -14,9 +14,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -48,17 +46,21 @@ class MultiBackend(object): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_encryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_symmetric_decryption_ctx(self, algorithm, mode): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_decryption_ctx(algorithm, mode) - except UnsupportedCipher: + except UnsupportedAlgorithm: pass - raise UnsupportedCipher + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def hash_supported(self, algorithm): return any( @@ -70,9 +72,11 @@ class MultiBackend(object): for b in self._filtered_backends(HashBackend): try: return b.create_hash_ctx(algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def hmac_supported(self, algorithm): return any( @@ -84,9 +88,11 @@ class MultiBackend(object): for b in self._filtered_backends(HMACBackend): try: return b.create_hmac_ctx(key, algorithm) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def pbkdf2_hmac_supported(self, algorithm): return any( @@ -101,23 +107,31 @@ class MultiBackend(object): return b.derive_pbkdf2_hmac( algorithm, length, salt, iterations, key_material ) - except UnsupportedHash: + except UnsupportedAlgorithm: pass - raise UnsupportedHash + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): return b.generate_rsa_private_key(public_exponent, key_size) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_rsa_signature_ctx(self, private_key, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_signature_ctx(private_key, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) def create_rsa_verification_ctx(self, public_key, signature, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_verification_ctx(public_key, signature, padding, algorithm) - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm( + "None of the constituents backends support this algorithm." + ) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d2744cf3..eb5f0e12 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -22,8 +22,7 @@ import six from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InternalError, InvalidSignature, InvalidTag, - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash, - UnsupportedPadding + UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend @@ -221,7 +220,7 @@ class Backend(object): assert res == 1 else: if not isinstance(algorithm, hashes.SHA1): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "This version of OpenSSL only supports PBKDF2HMAC with " "SHA1" ) @@ -268,17 +267,14 @@ class Backend(object): def _bn_to_int(self, bn): if six.PY3: # Python 3 has constant time from_bytes, so use that. - bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8 bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes) bin_len = self._lib.BN_bn2bin(bn, bin_ptr) assert bin_len > 0 assert bin_ptr != self._ffi.NULL return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") - else: # Under Python 2 the best we can do is hex() - hex_cdata = self._lib.BN_bn2hex(bn) assert hex_cdata != self._ffi.NULL hex_str = self._ffi.string(hex_cdata) @@ -295,12 +291,10 @@ class Backend(object): if six.PY3: # Python 3 has constant time to_bytes, so use that. - binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big") bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL) assert bn_ptr != self._ffi.NULL return bn_ptr - else: # Under Python 2 the best we can do is hex() @@ -453,7 +447,7 @@ class _CipherContext(object): try: adapter = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -461,7 +455,7 @@ class _CipherContext(object): evp_cipher = adapter(self._backend, cipher, mode) if evp_cipher == self._backend._ffi.NULL: - raise UnsupportedCipher( + raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -602,7 +596,7 @@ class _HashContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode("ascii")) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -652,7 +646,7 @@ class _HMACContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) if evp_md == self._backend._ffi.NULL: - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -738,7 +732,7 @@ class _RSASignatureContext(object): "key.") if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " "supported with MGF1." ) @@ -749,7 +743,7 @@ class _RSASignatureContext(object): else: self._finalize_method = self._finalize_pss else: - raise UnsupportedPadding( + raise UnsupportedAlgorithm( "{0} is not supported by this backend".format(padding.name) ) @@ -922,7 +916,7 @@ class _RSAVerificationContext(object): ) if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " "supported with MGF1." ) @@ -933,7 +927,10 @@ class _RSAVerificationContext(object): else: self._verify_method = self._verify_pss else: - raise UnsupportedPadding + raise UnsupportedAlgorithm( + "OpenSSL backend doesn't support {0} for padding. Only PSS " + "(recommended) and PKCS1v15 are supported." + ) self._padding = padding self._algorithm = algorithm diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index eb1f018b..fed74857 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -319,7 +319,7 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); RHEL/CentOS 5 this can be moved back to FUNCTIONS. */ SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); -const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*); +const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *); """ CUSTOMIZATIONS = """ @@ -423,7 +423,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; #endif // Workaround for #794 caused by cffi const** bug. -const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { +const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) { return ctx->method; } """ diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index cbef8e32..6fe6a265 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import UnsupportedInterface +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -44,7 +44,7 @@ class RSAPublicKey(object): def verifier(self, signature, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.create_rsa_verification_ctx(self, signature, padding, @@ -135,14 +135,14 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): if not isinstance(backend, RSABackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement RSABackend") return backend.create_rsa_signature_ctx(self, padding, algorithm) diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index f5dd2ed5..f6c964d3 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,7 +15,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface + AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces @@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import interfaces class Cipher(object): def __init__(self, algorithm, mode, backend): if not isinstance(backend, CipherBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement CipherBackend") if not isinstance(algorithm, interfaces.CipherAlgorithm): diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 409f564e..d110c822 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @@ -25,7 +25,7 @@ from cryptography.hazmat.primitives import interfaces class Hash(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, HashBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HashBackend") if not isinstance(algorithm, interfaces.HashAlgorithm): diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 0bcbb3cd..3dfabef3 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, interfaces class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend") if not isinstance(algorithm, interfaces.HashAlgorithm): diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index 95396fe1..2a733b93 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @@ -27,7 +27,7 @@ from cryptography.hazmat.primitives import constant_time, hmac, interfaces class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend") self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 705e45d7..ab1e3687 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -27,11 +27,11 @@ from cryptography.hazmat.primitives import constant_time, interfaces class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): - raise UnsupportedInterface( + raise UnsupportedAlgorithm( "Backend object does not implement PBKDF2HMACBackend") if not backend.pbkdf2_hmac_supported(algorithm): - raise UnsupportedHash( + raise UnsupportedAlgorithm( "{0} is not supported for PBKDF2 by this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 34f820c0..bac23d1b 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,7 +17,7 @@ import struct import six -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 @@ -26,8 +26,10 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Causes.BACKEND_MISSING_INTERFACE + ) if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 08510ef5..d0162395 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,7 +13,7 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP @@ -22,8 +22,10 @@ from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): if not isinstance(backend, HMACBackend): - raise UnsupportedInterface( - "Backend object does not implement HMACBackend") + raise UnsupportedAlgorithm( + "Backend object does not implement HMACBackend", + _Causes.BACKEND_MISSING_INTERFACE + ) self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) diff --git a/docs/exceptions.rst b/docs/exceptions.rst index e5010ebe..28da8ecc 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -3,6 +3,13 @@ Exceptions .. currentmodule:: cryptography.exceptions + +.. class:: UnsupportedAlgorithm + + Raised when the requested algorithm, or combination of algorithms is not + supported. + + .. class:: AlreadyFinalized This is raised when a context is used after being finalized. @@ -25,25 +32,6 @@ Exceptions This is raised when additional data is added to a context after update has already been called. -.. class:: UnsupportedCipher - - .. versionadded:: 0.3 - - This is raised when a backend doesn't support the requested cipher - algorithm and mode combination. - -.. class:: UnsupportedHash - - .. versionadded:: 0.3 - - This is raised when a backend doesn't support the requested hash algorithm. - -.. class:: UnsupportedPadding - - .. versionadded:: 0.3 - - This is raised when the requested padding is not supported by the backend. - .. class:: InvalidKey @@ -55,10 +43,3 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. - -.. class:: UnsupportedInterface - - .. versionadded:: 0.3 - - This is raised when the provided backend does not support the required - interface. diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 57c8eec2..182e35d2 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -50,7 +50,7 @@ RSA provider. :return: A new instance of ``RSAPrivateKey``. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.RSABackend` @@ -100,9 +100,16 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. :raises TypeError: This is raised when the padding is not an :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` @@ -111,17 +118,6 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. - :raises UnsupportedHash: This is raised when the backend does not - support the chosen hash algorithm. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the `MGF1` hash - algorithm. - - :raises UnsupportedPadding: This is raised when the backend does not - support the chosen padding. - .. class:: RSAPublicKey(public_exponent, modulus) @@ -205,9 +201,16 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - :raises cryptography.exceptions.UnsupportedInterface: This is raised if + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. :raises TypeError: This is raised when the padding is not an :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` @@ -216,16 +219,6 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. - :raises UnsupportedHash: This is raised when the backend does not - support the chosen hash algorithm. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the `MGF1` hash - algorithm. - - :raises UnsupportedPadding: This is raised when the backend does not - support the chosen padding. .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index c318feeb..773d97f6 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -29,7 +29,8 @@ Message digests 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. + :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be + raised. Keep in mind that attacks against cryptographic hashes only get stronger with time, and that often algorithms that were once thought to be strong, @@ -45,7 +46,7 @@ Message digests :class:`~cryptography.hazmat.backends.interfaces.HashBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HashBackend` diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 5d511bc4..11b10735 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -35,7 +35,8 @@ of a message. '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. + :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be + raised. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: @@ -56,7 +57,7 @@ of a message. :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 6196d951..269f949d 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -84,7 +84,7 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` @@ -187,7 +187,7 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f7e8d5b7..28de611e 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -56,7 +56,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` provider. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` @@ -67,7 +67,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be raised. .. method:: decryptor() @@ -77,7 +77,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher` + and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` exception will be raised. .. _symmetric-encryption-algorithms: diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index e9f5c7ff..f19cf0e6 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -52,7 +52,7 @@ codes (HMAC). :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` @@ -151,7 +151,7 @@ similar to the following code. :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. - :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 72ed61c0..dc6c8c5b 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import InternalError, UnsupportedCipher +from cryptography.exceptions import InternalError, UnsupportedAlgorithm from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES @@ -63,5 +63,5 @@ class TestCommonCrypto(object): cipher = Cipher( DummyCipher(), GCM(b"fake_iv_here"), backend=b, ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index c5c0d82a..7ab9e446 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -16,9 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -38,11 +36,11 @@ class DummyCipherBackend(object): def create_symmetric_encryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedCipher + raise UnsupportedAlgorithm(None) def create_symmetric_decryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedCipher + raise UnsupportedAlgorithm(None) @utils.register_interface(HashBackend) @@ -55,7 +53,7 @@ class DummyHashBackend(object): def create_hash_ctx(self, algorithm): if not self.hash_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(HMACBackend) @@ -68,7 +66,7 @@ class DummyHMACBackend(object): def create_hmac_ctx(self, key, algorithm): if not self.hmac_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(PBKDF2HMACBackend) @@ -82,7 +80,7 @@ class DummyPBKDF2HMACBackend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): if not self.pbkdf2_hmac_supported(algorithm): - raise UnsupportedHash + raise UnsupportedAlgorithm(None) @utils.register_interface(RSABackend) @@ -123,9 +121,9 @@ class TestMultiBackend(object): modes.CBC(b"\x00" * 16), backend=backend ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() def test_hashes(self): @@ -136,7 +134,7 @@ class TestMultiBackend(object): hashes.Hash(hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): @@ -147,7 +145,7 @@ class TestMultiBackend(object): hmac.HMAC(b"", hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): @@ -158,7 +156,7 @@ class TestMultiBackend(object): backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") def test_rsa(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 3747f436..fdc661f0 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -16,9 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import ( - InternalError, UnsupportedCipher, UnsupportedHash -) +from cryptography.exceptions import InternalError, UnsupportedAlgorithm from cryptography.hazmat.backends.openssl.backend import Backend, backend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -78,7 +76,7 @@ class TestOpenSSL(object): cipher = Cipher( DummyCipher(), mode, backend=b, ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() def test_consume_errors(self): @@ -140,7 +138,7 @@ class TestOpenSSL(object): def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): if backend.pbkdf2_hmac_supported(hashes.SHA256()): pytest.skip("Requires an older OpenSSL") - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") @pytest.mark.skipif( @@ -153,7 +151,7 @@ class TestOpenSSL(object): key_size=512, backend=backend ) - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): private_key.signer( padding.PSS( mgf=padding.MGF1( @@ -165,7 +163,7 @@ class TestOpenSSL(object): backend ) public_key = private_key.public_key() - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier( b"sig", padding.PSS( diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index f2dab6cf..e9ea7fb0 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -114,10 +114,10 @@ class TestCipherContext(object): cipher = Cipher( DummyCipher(), mode, backend ) - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() - with pytest.raises(UnsupportedCipher): + with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() def test_incorrectly_padded(self, backend): diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 1bea0bdb..827b3b90 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -17,7 +17,7 @@ import binascii import pytest -from cryptography.exceptions import UnsupportedInterface +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES @@ -128,5 +128,5 @@ class TestIDEA(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 5b318f64..ce8e92a3 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,9 +20,7 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedHash, UnsupportedInterface -) +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces @@ -72,7 +70,7 @@ class TestHashContext(object): h.finalize() def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(UnsupportedDummyHash(), backend) @@ -183,5 +181,5 @@ class TestMD5(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): hashes.Hash(hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index 367addc9..b3d412c5 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -18,7 +18,7 @@ import pytest import six from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF @@ -152,5 +152,5 @@ class TestHKDF(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): HKDF(hashes.SHA256(), 16, None, None, pretend_backend) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 1065359a..cdf8909d 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,7 +21,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces @@ -106,12 +106,12 @@ class TestHMAC(object): h.verify(six.u('')) def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"key", UnsupportedDummyHash(), backend) def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): hmac.HMAC(b"key", hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index 585693ea..ebc5fbf5 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,7 +18,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm ) from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, interfaces @@ -48,7 +48,7 @@ class TestPBKDF2HMAC(object): kdf.verify(b"password", key) def test_unsupported_algorithm(self): - with pytest.raises(UnsupportedHash): + with pytest.raises(UnsupportedAlgorithm): PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) def test_invalid_key(self): @@ -72,5 +72,5 @@ class TestPBKDF2HMAC(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index eb7e1e60..2d3ce092 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -21,9 +21,9 @@ import os import pytest -from cryptography import exceptions, utils +from cryptography import utils from cryptography.exceptions import ( - UnsupportedAlgorithm, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm ) from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -398,7 +398,7 @@ class TestRSA(object): def test_rsa_generate_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) @@ -594,9 +594,9 @@ class TestRSASignature(object): signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signer.finalize() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): signer.finalize() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): signer.update(b"more data") def test_unsupported_padding(self, backend): @@ -605,7 +605,7 @@ class TestRSASignature(object): key_size=512, backend=backend ) - with pytest.raises(exceptions.UnsupportedPadding): + with pytest.raises(UnsupportedAlgorithm): private_key.signer(DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -621,7 +621,7 @@ class TestRSASignature(object): pretend_backend = object() private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): private_key.signer( padding.PKCS1v15(), hashes.SHA256, pretend_backend) @@ -678,7 +678,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pkcs1v15_signature_wrong_key(self, backend): @@ -703,7 +703,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() @pytest.mark.parametrize( @@ -759,7 +759,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pss_signature_wrong_key(self, backend): @@ -789,7 +789,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_invalid_pss_signature_data_too_large_for_modulus(self, backend): @@ -819,7 +819,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() def test_use_after_finalize(self, backend): @@ -841,9 +841,9 @@ class TestRSAVerification(object): ) verifier.update(b"sign me") verifier.verify() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): verifier.verify() - with pytest.raises(exceptions.AlreadyFinalized): + with pytest.raises(AlreadyFinalized): verifier.update(b"more data") def test_unsupported_padding(self, backend): @@ -853,7 +853,7 @@ class TestRSAVerification(object): backend=backend ) public_key = private_key.public_key() - with pytest.raises(exceptions.UnsupportedPadding): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -871,7 +871,7 @@ class TestRSAVerification(object): private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) public_key = private_key.public_key() - with pytest.raises(UnsupportedInterface): + with pytest.raises(UnsupportedAlgorithm): public_key.verifier( b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) @@ -939,7 +939,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidSignature): + with pytest.raises(InvalidSignature): verifier.verify() diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 4bb7c6b3..b2b2677c 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -17,12 +17,14 @@ import os import pytest -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, _Causes from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.hashes import MD5, SHA1 from cryptography.hazmat.primitives.twofactor.hotp import HOTP -from ....utils import load_nist_vectors, load_vectors_from_file +from ....utils import ( + load_nist_vectors, load_vectors_from_file, raises_unsupported +) vectors = load_vectors_from_file( "twofactor/rfc-4226.txt", load_nist_vectors) @@ -103,5 +105,5 @@ def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): HOTP(secret, 8, hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index d5b0a8ed..208b0eea 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -15,11 +15,13 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.exceptions import InvalidToken, _Causes from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP -from ....utils import load_nist_vectors, load_vectors_from_file +from ....utils import ( + load_nist_vectors, load_vectors_from_file, raises_unsupported +) vectors = load_vectors_from_file( "twofactor/rfc-6238.txt", load_nist_vectors) @@ -137,5 +139,5 @@ def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedInterface): + with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend) diff --git a/tests/utils.py b/tests/utils.py index 3e35970e..fbe448fe 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -14,11 +14,13 @@ from __future__ import absolute_import, division, print_function import collections +from contextlib import contextmanager import pytest import six +from cryptography.exceptions import UnsupportedAlgorithm import cryptography_vectors @@ -67,6 +69,13 @@ def check_backend_support(item): "backend") +@contextmanager +def raises_unsupported(cause): + with pytest.raises(UnsupportedAlgorithm) as exc_info: + yield + assert exc_info.value._cause == cause + + def load_vectors_from_file(filename, loader): with cryptography_vectors.open_vector_file(filename) as vector_file: return loader(vector_file) -- cgit v1.2.3 From 112963e296aadfdeaa4e2624c3b81b6b8c726a06 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 26 Mar 2014 17:39:29 +0000 Subject: Address most of my own comments --- cryptography/exceptions.py | 4 +-- cryptography/hazmat/primitives/twofactor/hotp.py | 6 +++-- cryptography/hazmat/primitives/twofactor/totp.py | 6 +++-- tests/hazmat/primitives/twofactor/test_hotp.py | 6 ++--- tests/hazmat/primitives/twofactor/test_totp.py | 6 ++--- tests/test_utils.py | 33 +++++++++++++++++++++++- tests/utils.py | 6 ++--- 7 files changed, 51 insertions(+), 16 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index d97f20cc..8825d3b4 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -14,8 +14,8 @@ from __future__ import absolute_import, division, print_function -class _Causes(object): - BACKEND_MISSING_INTERFACE = 0 +class _Reasons(object): + BACKEND_MISSING_INTERFACE = object() class UnsupportedAlgorithm(Exception): diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index bac23d1b..41c467c8 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,7 +17,9 @@ import struct import six -from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes +from cryptography.exceptions import ( + InvalidToken, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 @@ -28,7 +30,7 @@ class HOTP(object): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend", - _Causes.BACKEND_MISSING_INTERFACE + _Reasons.BACKEND_MISSING_INTERFACE ) if len(key) < 16: diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index d0162395..e55ba00d 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,7 +13,9 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes +from cryptography.exceptions import ( + InvalidToken, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP @@ -24,7 +26,7 @@ class TOTP(object): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( "Backend object does not implement HMACBackend", - _Causes.BACKEND_MISSING_INTERFACE + _Reasons.BACKEND_MISSING_INTERFACE ) self._time_step = time_step diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index b2b2677c..803f96f3 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -17,13 +17,13 @@ import os import pytest -from cryptography.exceptions import InvalidToken, _Causes +from cryptography.exceptions import InvalidToken, _Reasons from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.hashes import MD5, SHA1 from cryptography.hazmat.primitives.twofactor.hotp import HOTP from ....utils import ( - load_nist_vectors, load_vectors_from_file, raises_unsupported + load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm ) vectors = load_vectors_from_file( @@ -105,5 +105,5 @@ def test_invalid_backend(): pretend_backend = object() - with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): HOTP(secret, 8, hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index 208b0eea..518d3ce8 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -15,12 +15,12 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.exceptions import InvalidToken, _Causes +from cryptography.exceptions import InvalidToken, _Reasons from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP from ....utils import ( - load_nist_vectors, load_vectors_from_file, raises_unsupported + load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm ) vectors = load_vectors_from_file( @@ -139,5 +139,5 @@ def test_invalid_backend(): pretend_backend = object() - with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend) diff --git a/tests/test_utils.py b/tests/test_utils.py index b63f1bab..a8046dc3 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -21,13 +21,15 @@ import pretend import pytest import cryptography +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons + import cryptography_vectors from .utils import ( check_backend_support, check_for_iface, load_cryptrec_vectors, load_fips_dsa_key_pair_vectors, load_hash_vectors, load_nist_vectors, load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file, - select_backends + raises_unsupported_algorithm, select_backends ) @@ -1608,3 +1610,32 @@ de61329a78d526f65245380ce877e979c5b50de66c9c30d66382c8f254653d25a1eb1d3a4897d7\ def test_vector_version(): assert cryptography.__version__ == cryptography_vectors.__version__ + + +def test_raises_unsupported_algorithm_wrong_type(): + # Check that it asserts if the wrong type of exception is raised. + + class TestException(Exception): + pass + + with pytest.raises(TestException): + with raises_unsupported_algorithm(None): + raise TestException + + +def test_raises_unsupported_algorithm_wrong_reason(): + # Check that it asserts if the wrong reason code is raised. + with pytest.raises(AssertionError): + with raises_unsupported_algorithm(None): + raise UnsupportedAlgorithm("An error.", + _Reasons.BACKEND_MISSING_INTERFACE) + + +def test_raises_unsupported_algorithm(): + # Check that it doesnt assert if the right things are raised. + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE + ) as exc: + raise UnsupportedAlgorithm("An error.", + _Reasons.BACKEND_MISSING_INTERFACE) + assert exc diff --git a/tests/utils.py b/tests/utils.py index fbe448fe..f948642e 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -70,10 +70,10 @@ def check_backend_support(item): @contextmanager -def raises_unsupported(cause): +def raises_unsupported_algorithm(cause): with pytest.raises(UnsupportedAlgorithm) as exc_info: - yield - assert exc_info.value._cause == cause + yield exc_info + assert exc_info.value._cause is cause def load_vectors_from_file(filename, loader): -- cgit v1.2.3 From f33ccfcc8e611359a65235d72423fc9c62b438da Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 26 Mar 2014 17:44:14 +0000 Subject: Add additional reason tags --- cryptography/exceptions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 8825d3b4..86082e4a 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -16,6 +16,9 @@ from __future__ import absolute_import, division, print_function class _Reasons(object): BACKEND_MISSING_INTERFACE = object() + UNSUPPORTED_HASH = object() + UNSUPPORTED_CIPHER = object() + UNSUPPORTED_PADDING = object() class UnsupportedAlgorithm(Exception): -- cgit v1.2.3 From 4c1401a3745af97fcd398ff5b7f0dcb94f5292a0 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 26 Mar 2014 20:26:49 +0000 Subject: Update tests and raise sites --- .../hazmat/backends/commoncrypto/backend.py | 14 +++++--- cryptography/hazmat/backends/multibackend.py | 34 ++++++++++--------- cryptography/hazmat/backends/openssl/backend.py | 35 +++++++++++++------ cryptography/hazmat/primitives/asymmetric/rsa.py | 14 +++++--- cryptography/hazmat/primitives/ciphers/base.py | 7 ++-- cryptography/hazmat/primitives/hashes.py | 8 +++-- cryptography/hazmat/primitives/hmac.py | 6 ++-- cryptography/hazmat/primitives/kdf/hkdf.py | 6 ++-- cryptography/hazmat/primitives/kdf/pbkdf2.py | 9 +++-- tests/hazmat/backends/test_commoncrypto.py | 8 +++-- tests/hazmat/backends/test_multibackend.py | 26 +++++++++------ tests/hazmat/backends/test_openssl.py | 14 +++++--- tests/hazmat/primitives/test_block.py | 9 +++-- tests/hazmat/primitives/test_ciphers.py | 6 ++-- tests/hazmat/primitives/test_hashes.py | 9 +++-- tests/hazmat/primitives/test_hkdf.py | 6 ++-- tests/hazmat/primitives/test_hmac.py | 7 ++-- tests/hazmat/primitives/test_pbkdf2hmac.py | 8 +++-- tests/hazmat/primitives/test_rsa.py | 39 +++++++++++----------- 19 files changed, 165 insertions(+), 100 deletions(-) diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index f45c91da..4faca73e 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -17,7 +17,7 @@ from collections import namedtuple from cryptography import utils from cryptography.exceptions import ( - InternalError, InvalidTag, UnsupportedAlgorithm + InternalError, InvalidTag, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend @@ -276,7 +276,8 @@ class _CipherContext(object): raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) ctx = self._backend._ffi.new("CCCryptorRef *") @@ -349,7 +350,8 @@ class _GCMCipherContext(object): raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) ctx = self._backend._ffi.new("CCCryptorRef *") @@ -422,7 +424,8 @@ class _HashContext(object): except KeyError: raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) ctx = self._backend._ffi.new(methods.ctx) res = methods.hash_init(ctx) @@ -465,7 +468,8 @@ class _HMACContext(object): except KeyError: raise UnsupportedAlgorithm( "{0} is not a supported HMAC hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) self._backend._lib.CCHmacInit(ctx, alg, key, len(key)) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 35769ac1..2a1ec439 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -14,7 +14,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -49,7 +49,9 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." + "cipher {0} in {1} mode is not supported by this backend".format( + algorithm.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) def create_symmetric_decryption_ctx(self, algorithm, mode): @@ -59,7 +61,9 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." + "cipher {0} in {1} mode is not supported by this backend".format( + algorithm.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) def hash_supported(self, algorithm): @@ -75,7 +79,9 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) def hmac_supported(self, algorithm): @@ -91,7 +97,9 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) def pbkdf2_hmac_supported(self, algorithm): @@ -110,28 +118,24 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." + "{0} is not a supported hash on this backend".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): return b.generate_rsa_private_key(public_exponent, key_size) - raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." - ) + raise UnsupportedAlgorithm("RSA is not supported by the backend") def create_rsa_signature_ctx(self, private_key, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_signature_ctx(private_key, padding, algorithm) - raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." - ) + raise UnsupportedAlgorithm("RSA is not supported by the backend") def create_rsa_verification_ctx(self, public_key, signature, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_verification_ctx(public_key, signature, padding, algorithm) - raise UnsupportedAlgorithm( - "None of the constituents backends support this algorithm." - ) + raise UnsupportedAlgorithm("RSA is not supported by the backend") diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index eb5f0e12..753717d4 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -22,7 +22,7 @@ import six from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InternalError, InvalidSignature, InvalidTag, - UnsupportedAlgorithm + UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend @@ -222,7 +222,8 @@ class Backend(object): if not isinstance(algorithm, hashes.SHA1): raise UnsupportedAlgorithm( "This version of OpenSSL only supports PBKDF2HMAC with " - "SHA1" + "SHA1", + _Reasons.UNSUPPORTED_HASH ) res = self._lib.PKCS5_PBKDF2_HMAC_SHA1( key_material, @@ -267,14 +268,17 @@ class Backend(object): def _bn_to_int(self, bn): if six.PY3: # Python 3 has constant time from_bytes, so use that. + bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8 bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes) bin_len = self._lib.BN_bn2bin(bn, bin_ptr) assert bin_len > 0 assert bin_ptr != self._ffi.NULL return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") + else: # Under Python 2 the best we can do is hex() + hex_cdata = self._lib.BN_bn2hex(bn) assert hex_cdata != self._ffi.NULL hex_str = self._ffi.string(hex_cdata) @@ -291,10 +295,12 @@ class Backend(object): if six.PY3: # Python 3 has constant time to_bytes, so use that. + binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big") bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL) assert bn_ptr != self._ffi.NULL return bn_ptr + else: # Under Python 2 the best we can do is hex() @@ -450,7 +456,8 @@ class _CipherContext(object): raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) evp_cipher = adapter(self._backend, cipher, mode) @@ -458,7 +465,8 @@ class _CipherContext(object): raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend".format( - cipher.name, mode.name if mode else mode) + cipher.name, mode.name if mode else mode), + _Reasons.UNSUPPORTED_CIPHER ) if isinstance(mode, interfaces.ModeWithInitializationVector): @@ -598,7 +606,8 @@ class _HashContext(object): if evp_md == self._backend._ffi.NULL: raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md, self._backend._ffi.NULL) @@ -648,7 +657,8 @@ class _HMACContext(object): if evp_md == self._backend._ffi.NULL: raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) res = self._backend._lib.Cryptography_HMAC_Init_ex( ctx, key, len(key), evp_md, self._backend._ffi.NULL @@ -734,7 +744,8 @@ class _RSASignatureContext(object): if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1." + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH ) if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -744,7 +755,8 @@ class _RSASignatureContext(object): self._finalize_method = self._finalize_pss else: raise UnsupportedAlgorithm( - "{0} is not supported by this backend".format(padding.name) + "{0} is not supported by this backend".format(padding.name), + _Reasons.UNSUPPORTED_PADDING ) self._padding = padding @@ -918,7 +930,8 @@ class _RSAVerificationContext(object): if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): raise UnsupportedAlgorithm( "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1." + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH ) if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -928,8 +941,8 @@ class _RSAVerificationContext(object): self._verify_method = self._verify_pss else: raise UnsupportedAlgorithm( - "OpenSSL backend doesn't support {0} for padding. Only PSS " - "(recommended) and PKCS1v15 are supported." + "{0} is not supported by this backend".format(padding.name), + _Reasons.UNSUPPORTED_PADDING ) self._padding = padding diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 6fe6a265..94cc4645 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -45,7 +45,9 @@ class RSAPublicKey(object): def verifier(self, signature, padding, algorithm, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend") + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.create_rsa_verification_ctx(self, signature, padding, algorithm) @@ -136,14 +138,18 @@ class RSAPrivateKey(object): def generate(cls, public_exponent, key_size, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend") + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend") + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) return backend.create_rsa_signature_ctx(self, padding, algorithm) diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index f6c964d3..2274e945 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,7 +15,8 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm + AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm, + _Reasons ) from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces @@ -25,7 +26,9 @@ class Cipher(object): def __init__(self, algorithm, mode, backend): if not isinstance(backend, CipherBackend): raise UnsupportedAlgorithm( - "Backend object does not implement CipherBackend") + "Backend object does not implement CipherBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.CipherAlgorithm): raise TypeError("Expected interface of interfaces.CipherAlgorithm") diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index d110c822..35b677b0 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,7 +16,9 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.exceptions import ( + AlreadyFinalized, UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @@ -26,7 +28,9 @@ class Hash(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, HashBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HashBackend") + "Backend object does not implement HashBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 3dfabef3..afbb2f75 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -28,7 +28,9 @@ class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend") + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index 2a733b93..03500aaa 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @@ -28,7 +28,9 @@ class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend") + "Backend object does not implement HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) self._algorithm = algorithm diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index ab1e3687..bec35bb2 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @@ -28,12 +28,15 @@ class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement PBKDF2HMACBackend") + "Backend object does not implement PBKDF2HMACBackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) if not backend.pbkdf2_hmac_supported(algorithm): raise UnsupportedAlgorithm( "{0} is not supported for PBKDF2 by this backend".format( - algorithm.name) + algorithm.name), + _Reasons.UNSUPPORTED_HASH ) self._used = False self._algorithm = algorithm diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index dc6c8c5b..40a9f4a1 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -16,13 +16,17 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import InternalError, UnsupportedAlgorithm +from cryptography.exceptions import ( + InternalError, _Reasons +) from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.base import Cipher from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM +from ...utils import raises_unsupported_algorithm + @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): @@ -63,5 +67,5 @@ class TestCommonCrypto(object): cipher = Cipher( DummyCipher(), GCM(b"fake_iv_here"), backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 7ab9e446..b7bcaf69 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -16,7 +16,9 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import ( + UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -25,6 +27,8 @@ from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from ...utils import raises_unsupported_algorithm + @utils.register_interface(CipherBackend) class DummyCipherBackend(object): @@ -36,11 +40,11 @@ class DummyCipherBackend(object): def create_symmetric_encryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm(None) + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) def create_symmetric_decryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm(None) + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) @utils.register_interface(HashBackend) @@ -53,7 +57,7 @@ class DummyHashBackend(object): def create_hash_ctx(self, algorithm): if not self.hash_supported(algorithm): - raise UnsupportedAlgorithm(None) + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(HMACBackend) @@ -66,7 +70,7 @@ class DummyHMACBackend(object): def create_hmac_ctx(self, key, algorithm): if not self.hmac_supported(algorithm): - raise UnsupportedAlgorithm(None) + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(PBKDF2HMACBackend) @@ -80,7 +84,7 @@ class DummyPBKDF2HMACBackend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): if not self.pbkdf2_hmac_supported(algorithm): - raise UnsupportedAlgorithm(None) + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(RSABackend) @@ -121,9 +125,9 @@ class TestMultiBackend(object): modes.CBC(b"\x00" * 16), backend=backend ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.decryptor() def test_hashes(self): @@ -134,7 +138,7 @@ class TestMultiBackend(object): hashes.Hash(hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): @@ -145,7 +149,7 @@ class TestMultiBackend(object): hmac.HMAC(b"", hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): @@ -156,7 +160,7 @@ class TestMultiBackend(object): backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") def test_rsa(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index fdc661f0..016da0fc 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -16,7 +16,9 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import InternalError, UnsupportedAlgorithm +from cryptography.exceptions import ( + InternalError, _Reasons +) from cryptography.hazmat.backends.openssl.backend import Backend, backend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -24,6 +26,8 @@ from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC +from ...utils import raises_unsupported_algorithm + @utils.register_interface(interfaces.Mode) class DummyMode(object): @@ -76,7 +80,7 @@ class TestOpenSSL(object): cipher = Cipher( DummyCipher(), mode, backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() def test_consume_errors(self): @@ -138,7 +142,7 @@ class TestOpenSSL(object): def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): if backend.pbkdf2_hmac_supported(hashes.SHA256()): pytest.skip("Requires an older OpenSSL") - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") @pytest.mark.skipif( @@ -151,7 +155,7 @@ class TestOpenSSL(object): key_size=512, backend=backend ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.signer( padding.PSS( mgf=padding.MGF1( @@ -163,7 +167,7 @@ class TestOpenSSL(object): backend ) public_key = private_key.public_key() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): public_key.verifier( b"sig", padding.PSS( diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index e9ea7fb0..68d6c849 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,7 +18,9 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.exceptions import ( + AlreadyFinalized, _Reasons +) from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -27,6 +29,7 @@ from cryptography.hazmat.primitives.ciphers import ( from .utils import ( generate_aead_exception_test, generate_aead_tag_exception_test ) +from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.Mode) @@ -114,10 +117,10 @@ class TestCipherContext(object): cipher = Cipher( DummyCipher(), mode, backend ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.decryptor() def test_incorrectly_padded(self, backend): diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 827b3b90..9f8123eb 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -17,13 +17,15 @@ import binascii import pytest -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import _Reasons from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES ) from cryptography.hazmat.primitives.ciphers.modes import ECB +from ...utils import raises_unsupported_algorithm + class TestAES(object): @pytest.mark.parametrize(("key", "keysize"), [ @@ -128,5 +130,5 @@ class TestIDEA(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index ce8e92a3..ffd65bde 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,11 +20,14 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.exceptions import ( + AlreadyFinalized, _Reasons +) from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test +from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.HashAlgorithm) @@ -70,7 +73,7 @@ class TestHashContext(object): h.finalize() def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hashes.Hash(UnsupportedDummyHash(), backend) @@ -181,5 +184,5 @@ class TestMD5(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): hashes.Hash(hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index b3d412c5..2e3c0c3d 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -18,11 +18,13 @@ import pytest import six from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm + AlreadyFinalized, InvalidKey, _Reasons ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF +from ...utils import raises_unsupported_algorithm + @pytest.mark.hmac class TestHKDF(object): @@ -152,5 +154,5 @@ class TestHKDF(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): HKDF(hashes.SHA256(), 16, None, None, pretend_backend) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index cdf8909d..77dfb6be 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,12 +21,13 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm + AlreadyFinalized, InvalidSignature, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test +from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.HashAlgorithm) @@ -106,12 +107,12 @@ class TestHMAC(object): h.verify(six.u('')) def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hmac.HMAC(b"key", UnsupportedDummyHash(), backend) def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): hmac.HMAC(b"key", hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index ebc5fbf5..62ca0921 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,12 +18,14 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm + AlreadyFinalized, InvalidKey, _Reasons ) from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from ...utils import raises_unsupported_algorithm + @utils.register_interface(interfaces.HashAlgorithm) class DummyHash(object): @@ -48,7 +50,7 @@ class TestPBKDF2HMAC(object): kdf.verify(b"password", key) def test_unsupported_algorithm(self): - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) def test_invalid_key(self): @@ -72,5 +74,5 @@ class TestPBKDF2HMAC(object): def test_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 2d3ce092..5d94e790 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -21,16 +21,15 @@ import os import pytest -from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm -) +from cryptography import exceptions, utils +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa from .utils import generate_rsa_verification_test from ...utils import ( - load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file + load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file, + raises_unsupported_algorithm ) @@ -398,7 +397,7 @@ class TestRSA(object): def test_rsa_generate_invalid_backend(): pretend_backend = object() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) @@ -594,9 +593,9 @@ class TestRSASignature(object): signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signer.finalize() - with pytest.raises(AlreadyFinalized): + with pytest.raises(exceptions.AlreadyFinalized): signer.finalize() - with pytest.raises(AlreadyFinalized): + with pytest.raises(exceptions.AlreadyFinalized): signer.update(b"more data") def test_unsupported_padding(self, backend): @@ -605,7 +604,7 @@ class TestRSASignature(object): key_size=512, backend=backend ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): private_key.signer(DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -621,7 +620,7 @@ class TestRSASignature(object): pretend_backend = object() private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): private_key.signer( padding.PKCS1v15(), hashes.SHA256, pretend_backend) @@ -678,7 +677,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_invalid_pkcs1v15_signature_wrong_key(self, backend): @@ -703,7 +702,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() @pytest.mark.parametrize( @@ -759,7 +758,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"incorrect data") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_invalid_pss_signature_wrong_key(self, backend): @@ -789,7 +788,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_invalid_pss_signature_data_too_large_for_modulus(self, backend): @@ -819,7 +818,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_use_after_finalize(self, backend): @@ -841,9 +840,9 @@ class TestRSAVerification(object): ) verifier.update(b"sign me") verifier.verify() - with pytest.raises(AlreadyFinalized): + with pytest.raises(exceptions.AlreadyFinalized): verifier.verify() - with pytest.raises(AlreadyFinalized): + with pytest.raises(exceptions.AlreadyFinalized): verifier.update(b"more data") def test_unsupported_padding(self, backend): @@ -853,7 +852,7 @@ class TestRSAVerification(object): backend=backend ) public_key = private_key.public_key() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): @@ -871,7 +870,7 @@ class TestRSAVerification(object): private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) public_key = private_key.public_key() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): public_key.verifier( b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) @@ -939,7 +938,7 @@ class TestRSAVerification(object): backend ) verifier.update(b"sign me") - with pytest.raises(InvalidSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() -- cgit v1.2.3 From d80195e1712469ae59d1f9adc306ebfa23cfb59c Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 26 Mar 2014 20:41:31 +0000 Subject: Update tests --- tests/test_utils.py | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/tests/test_utils.py b/tests/test_utils.py index a8046dc3..b430f567 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1612,23 +1612,28 @@ def test_vector_version(): assert cryptography.__version__ == cryptography_vectors.__version__ +@pytest.mark.xfail def test_raises_unsupported_algorithm_wrong_type(): # Check that it asserts if the wrong type of exception is raised. - - class TestException(Exception): - pass - - with pytest.raises(TestException): - with raises_unsupported_algorithm(None): - raise TestException + with raises_unsupported_algorithm(None): + raise Exception +@pytest.mark.xfail def test_raises_unsupported_algorithm_wrong_reason(): # Check that it asserts if the wrong reason code is raised. - with pytest.raises(AssertionError): - with raises_unsupported_algorithm(None): - raise UnsupportedAlgorithm("An error.", - _Reasons.BACKEND_MISSING_INTERFACE) + with raises_unsupported_algorithm(None): + raise UnsupportedAlgorithm("An error.", + _Reasons.BACKEND_MISSING_INTERFACE) + + +@pytest.mark.xfail +def test_raises_unsupported_no_exc(): + # Check that it raises if no exception is raised. + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE + ): + pass def test_raises_unsupported_algorithm(): -- cgit v1.2.3 From 5e4c8c3666860fbe7320ea2227428f530cc8f176 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 27 Mar 2014 16:38:00 +0000 Subject: Fixes to @alex's comments --- cryptography/exceptions.py | 4 ++-- tests/hazmat/backends/test_commoncrypto.py | 4 +--- tests/test_utils.py | 37 ++++++++++++++++-------------- tests/utils.py | 6 +++-- 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 86082e4a..4b4d4c37 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -22,9 +22,9 @@ class _Reasons(object): class UnsupportedAlgorithm(Exception): - def __init__(self, message, cause=None): + def __init__(self, message, reason=None): super(UnsupportedAlgorithm, self).__init__(message) - self._cause = cause + self._reason = reason class AlreadyFinalized(Exception): diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 40a9f4a1..7c703f67 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -16,9 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import ( - InternalError, _Reasons -) +from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES diff --git a/tests/test_utils.py b/tests/test_utils.py index b430f567..939845fc 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1612,35 +1612,38 @@ def test_vector_version(): assert cryptography.__version__ == cryptography_vectors.__version__ -@pytest.mark.xfail def test_raises_unsupported_algorithm_wrong_type(): - # Check that it asserts if the wrong type of exception is raised. - with raises_unsupported_algorithm(None): - raise Exception + # Check that it raises if the wrong type of exception is raised. + class TestException(Exception): + pass + + with pytest.raises(TestException): + with raises_unsupported_algorithm(None): + raise TestException -@pytest.mark.xfail def test_raises_unsupported_algorithm_wrong_reason(): - # Check that it asserts if the wrong reason code is raised. - with raises_unsupported_algorithm(None): - raise UnsupportedAlgorithm("An error.", - _Reasons.BACKEND_MISSING_INTERFACE) + # Check that it fails if the wrong reason code is raised. + with pytest.raises(pytest.fail.Exception): + with raises_unsupported_algorithm(None): + raise UnsupportedAlgorithm("An error.", + _Reasons.BACKEND_MISSING_INTERFACE) -@pytest.mark.xfail def test_raises_unsupported_no_exc(): - # Check that it raises if no exception is raised. - with raises_unsupported_algorithm( - _Reasons.BACKEND_MISSING_INTERFACE - ): - pass + # Check that it fails if no exception is raised. + with pytest.raises(pytest.fail.Exception): + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE + ): + pass def test_raises_unsupported_algorithm(): # Check that it doesnt assert if the right things are raised. with raises_unsupported_algorithm( _Reasons.BACKEND_MISSING_INTERFACE - ) as exc: + ) as exc_info: raise UnsupportedAlgorithm("An error.", _Reasons.BACKEND_MISSING_INTERFACE) - assert exc + assert exc_info.type is UnsupportedAlgorithm diff --git a/tests/utils.py b/tests/utils.py index f948642e..3e5ea5f3 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -70,10 +70,12 @@ def check_backend_support(item): @contextmanager -def raises_unsupported_algorithm(cause): +def raises_unsupported_algorithm(reason): with pytest.raises(UnsupportedAlgorithm) as exc_info: yield exc_info - assert exc_info.value._cause is cause + + if exc_info.value._reason is not reason: + pytest.fail("Did not get expected reason tag for UnsupportedAlgorithm") def load_vectors_from_file(filename, loader): -- cgit v1.2.3 From a2aacf72744d515095ebe09d013e9348226ba0fe Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 27 Mar 2014 16:42:20 +0000 Subject: Remove change to bindings --- cryptography/hazmat/bindings/openssl/ssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index fed74857..eb1f018b 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -319,7 +319,7 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); RHEL/CentOS 5 this can be moved back to FUNCTIONS. */ SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); -const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *); +const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*); """ CUSTOMIZATIONS = """ @@ -423,7 +423,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; #endif // Workaround for #794 caused by cffi const** bug. -const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) { +const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { return ctx->method; } """ -- cgit v1.2.3 From 85a791f0fa061ec644f5bfca41ee6038eeef38eb Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 27 Mar 2014 16:55:41 +0000 Subject: Pain the bikeshed a different colour --- tests/test_utils.py | 2 +- tests/utils.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/test_utils.py b/tests/test_utils.py index 939845fc..d0b70663 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1624,7 +1624,7 @@ def test_raises_unsupported_algorithm_wrong_type(): def test_raises_unsupported_algorithm_wrong_reason(): # Check that it fails if the wrong reason code is raised. - with pytest.raises(pytest.fail.Exception): + with pytest.raises(AssertionError): with raises_unsupported_algorithm(None): raise UnsupportedAlgorithm("An error.", _Reasons.BACKEND_MISSING_INTERFACE) diff --git a/tests/utils.py b/tests/utils.py index 3e5ea5f3..bdbf996f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -74,8 +74,7 @@ def raises_unsupported_algorithm(reason): with pytest.raises(UnsupportedAlgorithm) as exc_info: yield exc_info - if exc_info.value._reason is not reason: - pytest.fail("Did not get expected reason tag for UnsupportedAlgorithm") + assert exc_info.value._reason is reason def load_vectors_from_file(filename, loader): -- cgit v1.2.3