From fcaf9761d1a2a570b2249c2ef3fff322dbb0b37b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:23:57 -0800 Subject: Initial work on a prioritized multibackend for which implements CipherBackend --- cryptography/hazmat/backends/__init__.py | 7 +++-- cryptography/hazmat/backends/multibackend.py | 45 ++++++++++++++++++++++++++++ tests/conftest.py | 5 +++- 3 files changed, 53 insertions(+), 4 deletions(-) create mode 100644 cryptography/hazmat/backends/multibackend.py diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index cb1fee90..b4ef210d 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -12,16 +12,17 @@ # limitations under the License. from cryptography.hazmat.backends import openssl +from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend from cryptography.hazmat.bindings.commoncrypto.binding import ( - Binding as CCBinding + Binding as CommonCryptoBinding ) _ALL_BACKENDS = [openssl.backend] -if CCBinding.is_available(): +if CommonCryptoBinding.is_available(): from cryptography.hazmat.backends import commoncrypto _ALL_BACKENDS.append(commoncrypto.backend) def default_backend(): - return openssl.backend + return PrioritizedMultiBackend(_ALL_BACKENDS) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py new file mode 100644 index 00000000..9b91ff45 --- /dev/null +++ b/cryptography/hazmat/backends/multibackend.py @@ -0,0 +1,45 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import CipherBackend + + +@utils.register_interface(CipherBackend) +class PrioritizedMultiBackend(object): + name = "multibackend" + + def __init__(self, backends): + self._backends = backends + + def cipher_supported(self, algorithm, mode): + return any(b.cipher_supported(algorithm, mode) for b in self._backends) + + def create_symmetric_encryption_ctx(self, algorithm, mode): + for b in self._backends: + try: + return b.create_symmetric_encryption_ctx(algorithm, mode) + except UnsupportedAlgorithm: + pass + raise UnsupportedAlgorithm + + def create_symmetric_decryption_ctx(self, algorithm, mode): + for b in self._backends: + try: + return b.create_symmetric_decryption_ctx(algorithm, mode) + except UnsupportedAlgorithm: + pass + raise UnsupportedAlgorithm diff --git a/tests/conftest.py b/tests/conftest.py index ecad1b23..00c44ca9 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,13 +4,16 @@ from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend ) +from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend from .utils import check_for_iface, check_backend_support, select_backends def pytest_generate_tests(metafunc): names = metafunc.config.getoption("--backend") - selected_backends = select_backends(names, _ALL_BACKENDS) + selected_backends = select_backends( + names, _ALL_BACKENDS + [PrioritizedMultiBackend(_ALL_BACKENDS)] + ) if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", selected_backends) -- cgit v1.2.3 From 2b8b415a0aadf6a1a1c78a7b474d8b1dbcbc544f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:32:35 -0800 Subject: HashBackend is now supported by PrioritizedMultiBackend --- cryptography/hazmat/backends/multibackend.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 9b91ff45..210efbe8 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -15,10 +15,11 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm -from cryptography.hazmat.backends.interfaces import CipherBackend +from cryptography.hazmat.backends.interfaces import CipherBackend, HashBackend @utils.register_interface(CipherBackend) +@utils.register_interface(HashBackend) class PrioritizedMultiBackend(object): name = "multibackend" @@ -43,3 +44,14 @@ class PrioritizedMultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm + + def hash_supported(self, algorithm): + return any(b.hash_supported(algorithm) for b in self._backends) + + def create_hash_ctx(self, algorithm): + for b in self._backends: + try: + return b.create_hash_ctx(algorithm) + except UnsupportedAlgorithm: + pass + raise UnsupportedAlgorithm -- cgit v1.2.3 From 2d02857b4b1d6d8adbdd1fa1a753a2c464860bcf Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:36:10 -0800 Subject: Added support for HMAC backend --- cryptography/hazmat/backends/multibackend.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 210efbe8..035517ea 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -15,11 +15,14 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm -from cryptography.hazmat.backends.interfaces import CipherBackend, HashBackend +from cryptography.hazmat.backends.interfaces import ( + CipherBackend, HashBackend, HMACBackend +) @utils.register_interface(CipherBackend) @utils.register_interface(HashBackend) +@utils.register_interface(HMACBackend) class PrioritizedMultiBackend(object): name = "multibackend" @@ -55,3 +58,14 @@ class PrioritizedMultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm + + def hmac_supported(self, algorithm): + return any(b.hmac_supported(algorithm) for b in self._backends) + + def create_hmac_ctx(self, key, algorithm): + for b in self._backends: + try: + return b.create_hmac_ctx(key, algorithm) + except UnsupportedAlgorithm: + pass + raise UnsupportedAlgorithm -- cgit v1.2.3 From 020ae0fa11bd5e33863b3944ad14bb18ec748645 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:38:43 -0800 Subject: Added PBKDF2HMAC support --- cryptography/hazmat/backends/multibackend.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 035517ea..e560c7df 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -16,13 +16,14 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( - CipherBackend, HashBackend, HMACBackend + CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend ) @utils.register_interface(CipherBackend) @utils.register_interface(HashBackend) @utils.register_interface(HMACBackend) +@utils.register_interface(PBKDF2HMACBackend) class PrioritizedMultiBackend(object): name = "multibackend" @@ -69,3 +70,17 @@ class PrioritizedMultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm + + def pbkdf2_hmac_supported(self, algorithm): + return any(b.pbkdf2_hmac_supported(algorithm) for b in self._backends) + + def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, + key_material): + for b in self._backends: + try: + return b.derive_pbkdf2_hmac( + algorithm, length, salt, iterations, key_material + ) + except UnsupportedAlgorithm: + pass + raise UnsupportedAlgorithm -- cgit v1.2.3 From 19e19ae75385f652e1161e1153e9aea599cd6a07 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:46:01 -0800 Subject: Replace re-running all tests with some unit tests --- tests/conftest.py | 5 +---- tests/hazmat/backends/test_multibackend.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 tests/hazmat/backends/test_multibackend.py diff --git a/tests/conftest.py b/tests/conftest.py index 00c44ca9..ecad1b23 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,16 +4,13 @@ from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend ) -from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend from .utils import check_for_iface, check_backend_support, select_backends def pytest_generate_tests(metafunc): names = metafunc.config.getoption("--backend") - selected_backends = select_backends( - names, _ALL_BACKENDS + [PrioritizedMultiBackend(_ALL_BACKENDS)] - ) + selected_backends = select_backends(names, _ALL_BACKENDS) if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", selected_backends) diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py new file mode 100644 index 00000000..aaf6d7c1 --- /dev/null +++ b/tests/hazmat/backends/test_multibackend.py @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class TestPrioritizedMultiBackend(object): + pass -- cgit v1.2.3 From 6ced2f6444c956b88d42cc61fe9a38751b912c9a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:53:44 -0800 Subject: Direct tests for the cipher support --- tests/hazmat/backends/test_multibackend.py | 50 +++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index aaf6d7c1..dc58a585 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -11,6 +11,54 @@ # See the License for the specific language governing permissions and # limitations under the License. +import pytest + +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + + +class DummyCipherBackend(object): + def __init__(self, supported_ciphers): + self._ciphers = supported_ciphers + + def cipher_supported(self, algorithm, mode): + return (type(algorithm), type(mode)) in self._ciphers + + def create_symmetric_encryption_ctx(self, algorithm, mode): + if not self.cipher_supported(algorithm, mode): + raise UnsupportedAlgorithm + + def create_symmetric_decryption_ctx(self, algorithm, mode): + if not self.cipher_supported(algorithm, mode): + raise UnsupportedAlgorithm + class TestPrioritizedMultiBackend(object): - pass + def test_ciphers(self): + backend = PrioritizedMultiBackend([ + DummyCipherBackend([ + (algorithms.AES, modes.CBC), + ]) + ]) + assert backend.cipher_supported( + algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16) + ) + + cipher = Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend=backend + ) + cipher.encryptor() + cipher.decryptor() + + cipher = Cipher( + algorithms.Camellia(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend=backend + ) + with pytest.raises(UnsupportedAlgorithm): + cipher.encryptor() + with pytest.raises(UnsupportedAlgorithm): + cipher.decryptor() -- cgit v1.2.3 From 87899d4fd55881a4dbec1ee32b79a5bd315ec33f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:58:40 -0800 Subject: Direct tests for the hash support --- tests/hazmat/backends/test_multibackend.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index dc58a585..f300b6c8 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -15,6 +15,7 @@ import pytest from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend +from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes @@ -34,6 +35,19 @@ class DummyCipherBackend(object): raise UnsupportedAlgorithm +class DummyHashBackend(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def hash_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def create_hash_ctx(self, algorithm): + if not self.hash_supported(algorithm): + raise UnsupportedAlgorithm + + + class TestPrioritizedMultiBackend(object): def test_ciphers(self): backend = PrioritizedMultiBackend([ @@ -62,3 +76,14 @@ class TestPrioritizedMultiBackend(object): cipher.encryptor() with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() + + def test_hashes(self): + backend = PrioritizedMultiBackend([ + DummyHashBackend([hashes.MD5]) + ]) + assert backend.hash_supported(hashes.MD5()) + + hashes.Hash(hashes.MD5(), backend=backend) + + with pytest.raises(UnsupportedAlgorithm): + hashes.Hash(hashes.SHA1(), backend=backend) -- cgit v1.2.3 From b3564a0bf0b93d71adad8d8fef7799bab0e0b67b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 11:59:55 -0800 Subject: Only make teh default once --- cryptography/hazmat/backends/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index b4ef210d..e4fd94ed 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -24,5 +24,6 @@ if CommonCryptoBinding.is_available(): _ALL_BACKENDS.append(commoncrypto.backend) +_default_backend = PrioritizedMultiBackend(_ALL_BACKENDS) def default_backend(): - return PrioritizedMultiBackend(_ALL_BACKENDS) + return _default_backend -- cgit v1.2.3 From 723bb9675b7f78e8515be0a80305f6fd009a80fa Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 15:14:25 -0800 Subject: Not true anymore --- tests/hazmat/backends/test_openssl.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index f01c3f64..f3b0bb15 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -40,9 +40,6 @@ class TestOpenSSL(object): def test_backend_exists(self): assert backend - def test_is_default(self): - assert backend == default_backend() - def test_openssl_version_text(self): """ This test checks the value of OPENSSL_VERSION_TEXT. -- cgit v1.2.3 From 0929f8ff07e71410bd2ce89d407805bd476c1761 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 15:23:17 -0800 Subject: More direct tests --- tests/hazmat/backends/test_multibackend.py | 50 +++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index f300b6c8..03b3187b 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -15,8 +15,9 @@ import pytest from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend -from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC class DummyCipherBackend(object): @@ -47,6 +48,31 @@ class DummyHashBackend(object): raise UnsupportedAlgorithm +class DummyHMACBackend(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def hmac_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def create_hmac_ctx(self, key, algorithm): + if not self.hmac_supported(algorithm): + raise UnsupportedAlgorithm + + +class DummyPBKDF2HMAC(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def pbkdf2_hmac_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, + key_material): + if not self.pbkdf2_hmac_supported(algorithm): + raise UnsupportedAlgorithm + + class TestPrioritizedMultiBackend(object): def test_ciphers(self): @@ -87,3 +113,25 @@ class TestPrioritizedMultiBackend(object): with pytest.raises(UnsupportedAlgorithm): hashes.Hash(hashes.SHA1(), backend=backend) + + def test_hmac(self): + backend = PrioritizedMultiBackend([ + DummyHMACBackend([hashes.MD5]) + ]) + assert backend.hmac_supported(hashes.MD5()) + + hmac.HMAC(b"", hashes.MD5(), backend=backend) + + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"", hashes.SHA1(), backend=backend) + + def test_pbkdf2(self): + backend = PrioritizedMultiBackend([ + DummyPBKDF2HMAC([hashes.MD5]) + ]) + assert backend.pbkdf2_hmac_supported(hashes.MD5()) + + backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") + + with pytest.raises(UnsupportedAlgorithm): + backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") -- cgit v1.2.3 From ebc5161f606fe1ac7d51b6ab997f663cfcf9be9b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Jan 2014 15:42:37 -0800 Subject: Fix --- cryptography/hazmat/backends/multibackend.py | 35 +++++++++++++++++++++------- tests/hazmat/backends/test_multibackend.py | 10 +++++++- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index e560c7df..94152370 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -30,11 +30,19 @@ class PrioritizedMultiBackend(object): def __init__(self, backends): self._backends = backends + def _filtered_backends(self, interface): + for b in self._backends: + if isinstance(b, interface): + yield b + def cipher_supported(self, algorithm, mode): - return any(b.cipher_supported(algorithm, mode) for b in self._backends) + return any( + b.cipher_supported(algorithm, mode) + for b in self._filtered_backends(CipherBackend) + ) def create_symmetric_encryption_ctx(self, algorithm, mode): - for b in self._backends: + for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_encryption_ctx(algorithm, mode) except UnsupportedAlgorithm: @@ -42,7 +50,7 @@ class PrioritizedMultiBackend(object): raise UnsupportedAlgorithm def create_symmetric_decryption_ctx(self, algorithm, mode): - for b in self._backends: + for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_decryption_ctx(algorithm, mode) except UnsupportedAlgorithm: @@ -50,10 +58,13 @@ class PrioritizedMultiBackend(object): raise UnsupportedAlgorithm def hash_supported(self, algorithm): - return any(b.hash_supported(algorithm) for b in self._backends) + return any( + b.hash_supported(algorithm) + for b in self._filtered_backends(HashBackend) + ) def create_hash_ctx(self, algorithm): - for b in self._backends: + for b in self._filtered_backends(HashBackend): try: return b.create_hash_ctx(algorithm) except UnsupportedAlgorithm: @@ -61,10 +72,13 @@ class PrioritizedMultiBackend(object): raise UnsupportedAlgorithm def hmac_supported(self, algorithm): - return any(b.hmac_supported(algorithm) for b in self._backends) + return any( + b.hmac_supported(algorithm) + for b in self._filtered_backends(HMACBackend) + ) def create_hmac_ctx(self, key, algorithm): - for b in self._backends: + for b in self._filtered_backends(HMACBackend): try: return b.create_hmac_ctx(key, algorithm) except UnsupportedAlgorithm: @@ -72,11 +86,14 @@ class PrioritizedMultiBackend(object): raise UnsupportedAlgorithm def pbkdf2_hmac_supported(self, algorithm): - return any(b.pbkdf2_hmac_supported(algorithm) for b in self._backends) + return any( + b.pbkdf2_hmac_supported(algorithm) + for b in self._filtered_backends(PBKDF2HMACBackend) + ) def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): - for b in self._backends: + for b in self._filtered_backends(PBKDF2HMACBackend): try: return b.derive_pbkdf2_hmac( algorithm, length, salt, iterations, key_material diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 03b3187b..127c0d3e 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -13,13 +13,17 @@ import pytest +from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import ( + CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend +) from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes -from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +@utils.register_interface(CipherBackend) class DummyCipherBackend(object): def __init__(self, supported_ciphers): self._ciphers = supported_ciphers @@ -36,6 +40,7 @@ class DummyCipherBackend(object): raise UnsupportedAlgorithm +@utils.register_interface(HashBackend) class DummyHashBackend(object): def __init__(self, supported_algorithms): self._algorithms = supported_algorithms @@ -48,6 +53,7 @@ class DummyHashBackend(object): raise UnsupportedAlgorithm +@utils.register_interface(HMACBackend) class DummyHMACBackend(object): def __init__(self, supported_algorithms): self._algorithms = supported_algorithms @@ -60,6 +66,7 @@ class DummyHMACBackend(object): raise UnsupportedAlgorithm +@utils.register_interface(PBKDF2HMACBackend) class DummyPBKDF2HMAC(object): def __init__(self, supported_algorithms): self._algorithms = supported_algorithms @@ -77,6 +84,7 @@ class DummyPBKDF2HMAC(object): class TestPrioritizedMultiBackend(object): def test_ciphers(self): backend = PrioritizedMultiBackend([ + DummyHashBackend([]), DummyCipherBackend([ (algorithms.AES, modes.CBC), ]) -- cgit v1.2.3 From a45a770f88ad4444c80e52966f5022c4fb287ce5 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 31 Jan 2014 07:51:41 -0800 Subject: pep8 fixes --- cryptography/hazmat/backends/__init__.py | 2 ++ tests/hazmat/backends/test_multibackend.py | 1 - tests/hazmat/backends/test_openssl.py | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index e4fd94ed..0818033f 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -25,5 +25,7 @@ if CommonCryptoBinding.is_available(): _default_backend = PrioritizedMultiBackend(_ALL_BACKENDS) + + def default_backend(): return _default_backend diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 127c0d3e..f77d2680 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -80,7 +80,6 @@ class DummyPBKDF2HMAC(object): raise UnsupportedAlgorithm - class TestPrioritizedMultiBackend(object): def test_ciphers(self): backend = PrioritizedMultiBackend([ diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index f3b0bb15..0aff41e5 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -15,7 +15,6 @@ import pytest from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, InternalError -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.openssl.backend import backend, Backend from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import Cipher -- cgit v1.2.3 From 450bb4c6609d246ded86959de3d925df81afdba9 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 3 Feb 2014 15:42:04 -0800 Subject: Rename and document --- cryptography/hazmat/backends/__init__.py | 4 ++-- cryptography/hazmat/backends/multibackend.py | 2 +- docs/hazmat/backends/multibackend.rst | 14 ++++++++++++++ tests/hazmat/backends/test_multibackend.py | 12 ++++++------ 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 docs/hazmat/backends/multibackend.rst diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index 0818033f..41d260a8 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -12,7 +12,7 @@ # limitations under the License. from cryptography.hazmat.backends import openssl -from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend +from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.bindings.commoncrypto.binding import ( Binding as CommonCryptoBinding ) @@ -24,7 +24,7 @@ if CommonCryptoBinding.is_available(): _ALL_BACKENDS.append(commoncrypto.backend) -_default_backend = PrioritizedMultiBackend(_ALL_BACKENDS) +_default_backend = MultiBackend(_ALL_BACKENDS) def default_backend(): diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 94152370..49a4014d 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -24,7 +24,7 @@ from cryptography.hazmat.backends.interfaces import ( @utils.register_interface(HashBackend) @utils.register_interface(HMACBackend) @utils.register_interface(PBKDF2HMACBackend) -class PrioritizedMultiBackend(object): +class MultiBackend(object): name = "multibackend" def __init__(self, backends): diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst new file mode 100644 index 00000000..23e6d48f --- /dev/null +++ b/docs/hazmat/backends/multibackend.rst @@ -0,0 +1,14 @@ +.. hazmat:: + +MultiBackend +============ + +.. currentmodule:: cryptography.hazmat.backends.multibackend + +.. class:: MultiBackend(backends) + + This class allows you to combine multiple backends into a single backend + which offers the combined features of all of its constituents. + + :param backends: A ``list`` of backend objects. Backends are checked for + feature support in the other they exist in this list. diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index f77d2680..ca21c9fc 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -18,7 +18,7 @@ from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.interfaces import ( CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend ) -from cryptography.hazmat.backends.multibackend import PrioritizedMultiBackend +from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes @@ -80,9 +80,9 @@ class DummyPBKDF2HMAC(object): raise UnsupportedAlgorithm -class TestPrioritizedMultiBackend(object): +class TestMultiBackend(object): def test_ciphers(self): - backend = PrioritizedMultiBackend([ + backend = MultiBackend([ DummyHashBackend([]), DummyCipherBackend([ (algorithms.AES, modes.CBC), @@ -111,7 +111,7 @@ class TestPrioritizedMultiBackend(object): cipher.decryptor() def test_hashes(self): - backend = PrioritizedMultiBackend([ + backend = MultiBackend([ DummyHashBackend([hashes.MD5]) ]) assert backend.hash_supported(hashes.MD5()) @@ -122,7 +122,7 @@ class TestPrioritizedMultiBackend(object): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): - backend = PrioritizedMultiBackend([ + backend = MultiBackend([ DummyHMACBackend([hashes.MD5]) ]) assert backend.hmac_supported(hashes.MD5()) @@ -133,7 +133,7 @@ class TestPrioritizedMultiBackend(object): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): - backend = PrioritizedMultiBackend([ + backend = MultiBackend([ DummyPBKDF2HMAC([hashes.MD5]) ]) assert backend.pbkdf2_hmac_supported(hashes.MD5()) -- cgit v1.2.3 From 7ceacba2f3c24e7333bf9af901541055bb3a51ab Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 3 Feb 2014 15:50:03 -0800 Subject: Added to toctree --- docs/hazmat/backends/index.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index dbc0724e..983a44e9 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -32,4 +32,5 @@ Individual Backends openssl commoncrypto + multibackend interfaces -- cgit v1.2.3 From 2b1752ed68a08255ddacf1800c6cb6b406ce5e4b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 3 Feb 2014 16:11:23 -0800 Subject: Typo fix --- docs/hazmat/backends/multibackend.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst index 23e6d48f..971c7671 100644 --- a/docs/hazmat/backends/multibackend.rst +++ b/docs/hazmat/backends/multibackend.rst @@ -11,4 +11,4 @@ MultiBackend which offers the combined features of all of its constituents. :param backends: A ``list`` of backend objects. Backends are checked for - feature support in the other they exist in this list. + feature support in the order they appear in this list. -- cgit v1.2.3 From 559885087728c0233b243756fe698e4071fab971 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 3 Feb 2014 16:15:06 -0800 Subject: Added an example usage --- cryptography/hazmat/backends/__init__.py | 6 +----- docs/hazmat/backends/multibackend.rst | 12 ++++++++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index 41d260a8..d1b95f2a 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -12,7 +12,6 @@ # limitations under the License. from cryptography.hazmat.backends import openssl -from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.bindings.commoncrypto.binding import ( Binding as CommonCryptoBinding ) @@ -24,8 +23,5 @@ if CommonCryptoBinding.is_available(): _ALL_BACKENDS.append(commoncrypto.backend) -_default_backend = MultiBackend(_ALL_BACKENDS) - - def default_backend(): - return _default_backend + return openssl.backend diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst index 971c7671..f1a88006 100644 --- a/docs/hazmat/backends/multibackend.rst +++ b/docs/hazmat/backends/multibackend.rst @@ -10,5 +10,17 @@ MultiBackend This class allows you to combine multiple backends into a single backend which offers the combined features of all of its constituents. + .. code-block:: pycon + + >>> from cryptography.hazmat.backends.multibackend import MultiBackend + >>> from cryptography.hazmat.primitives import hashes + >>> backend1.hash_supported(hashes.SHA256()) + False + >>> backend2.hash_supported(hashes.SHA1()) + True + >>> multi_backend = MultiBackend([backend1, backend2]) + >>> multi_backend.hash_supported(hashes.SHA1()) + True + :param backends: A ``list`` of backend objects. Backends are checked for feature support in the order they appear in this list. -- cgit v1.2.3 From db80954cf1448f88fae78568dbd3d833da04054a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 3 Feb 2014 16:19:32 -0800 Subject: Chanloge + versionadded --- docs/changelog.rst | 1 + docs/hazmat/backends/multibackend.rst | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/changelog.rst b/docs/changelog.rst index 2de9a329..e322b145 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -16,6 +16,7 @@ Changelog available, such as CentOS. * Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`. * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. +* Added :doc:`/hazmat/backends/multibackend`. 0.1 - 2014-01-08 ~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst index f1a88006..63177bef 100644 --- a/docs/hazmat/backends/multibackend.rst +++ b/docs/hazmat/backends/multibackend.rst @@ -7,6 +7,8 @@ MultiBackend .. class:: MultiBackend(backends) + .. versionadded:: 0.2 + This class allows you to combine multiple backends into a single backend which offers the combined features of all of its constituents. -- cgit v1.2.3