From f1a3fc03dc7cecc7658620f342dfd7cf6bb98ba0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 2 Nov 2013 14:03:34 -0700 Subject: Document and implement the public API for when the backend doesn't support the requested algorithm --- cryptography/exceptions.py | 15 +++++++++++++++ cryptography/hazmat/bindings/openssl/backend.py | 10 +++++++--- docs/exceptions.rst | 9 +++++++++ docs/hazmat/primitives/symmetric-encryption.rst | 9 +++++++++ docs/index.rst | 1 + tests/hazmat/primitives/test_block.py | 11 +++++++++++ 6 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 cryptography/exceptions.py create mode 100644 docs/exceptions.rst diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py new file mode 100644 index 00000000..1821ceb7 --- /dev/null +++ b/cryptography/exceptions.py @@ -0,0 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class NoSuchAlgorithm(Exception): + pass diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index fc73dd39..ce8c6a55 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -18,6 +18,7 @@ import sys import cffi +from cryptography.exceptions import NoSuchAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.block.ciphers import ( AES, Blowfish, Camellia, CAST5, TripleDES, @@ -128,9 +129,12 @@ class _CipherContext(object): ctx = self._backend.ffi.gc(ctx, self._backend.lib.EVP_CIPHER_CTX_free) registry = self._backend.ciphers._cipher_registry - evp_cipher = registry[type(cipher), type(mode)]( - self._backend, cipher, mode - ) + try: + adapter = registry[type(cipher), type(mode)] + except KeyError: + raise NoSuchAlgorithm + + evp_cipher = adapter(self._backend, cipher, mode) assert evp_cipher != self._backend.ffi.NULL if isinstance(mode, interfaces.ModeWithInitializationVector): iv_nonce = mode.initialization_vector diff --git a/docs/exceptions.rst b/docs/exceptions.rst new file mode 100644 index 00000000..b391e620 --- /dev/null +++ b/docs/exceptions.rst @@ -0,0 +1,9 @@ +Exceptions +========== + +.. currentmodule:: cryptography.exceptions + +.. class:: NoSuchAlgorithm + + This is raised when a backend doesn't support the requested algorithm (or + combination of algorithms). diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index b8b1c839..48bad928 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -42,12 +42,21 @@ where the encrypter and decrypter both use the same key. :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` provider. + If the backend doesn't support the requested combination of ``cipher`` + and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will + be raised. + .. method:: decryptor() :return: A decrypting :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` provider. + If the backend doesn't support the requested combination of ``cipher`` + and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will + be raised. + + .. currentmodule:: cryptography.hazmat.primitives.interfaces .. class:: CipherContext diff --git a/docs/index.rst b/docs/index.rst index 4fd5d3be..eb30b5dd 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -31,6 +31,7 @@ Contents :maxdepth: 2 architecture + exceptions contributing security community diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index e0ed6697..2c0be1b5 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -17,6 +17,7 @@ import binascii import pytest +from cryptography.exceptions import NoSuchAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.block import BlockCipher, ciphers, modes @@ -84,3 +85,13 @@ class TestBlockCipherContext(object): assert len(pt) == 80 assert pt == b"a" * 80 decryptor.finalize() + + def test_nonexistant_cipher(self, backend): + cipher = BlockCipher( + object(), object(), backend + ) + with pytest.raises(NoSuchAlgorithm): + cipher.encryptor() + + with pytest.raises(NoSuchAlgorithm): + cipher.decryptor() -- cgit v1.2.3 From 738ac5a8e986dbba472232711be7fae804a01576 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 2 Nov 2013 14:10:38 -0700 Subject: pep8 --- cryptography/exceptions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 1821ceb7..f0a7baf2 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -11,5 +11,6 @@ # See the License for the specific language governing permissions and # limitations under the License. + class NoSuchAlgorithm(Exception): pass -- cgit v1.2.3 From 3949f1171084c2e1cfe43f638857ea0e0f8f246d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 2 Nov 2013 16:57:10 -0700 Subject: Changed excpetion name based on feedback from dreid --- cryptography/exceptions.py | 2 +- cryptography/hazmat/bindings/openssl/backend.py | 4 ++-- docs/exceptions.rst | 2 +- docs/hazmat/primitives/symmetric-encryption.rst | 8 ++++---- tests/hazmat/primitives/test_block.py | 6 +++--- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index f0a7baf2..391bed82 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -12,5 +12,5 @@ # limitations under the License. -class NoSuchAlgorithm(Exception): +class UnsupportedAlgorithm(Exception): pass diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index ce8c6a55..32adfed9 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -18,7 +18,7 @@ import sys import cffi -from cryptography.exceptions import NoSuchAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.block.ciphers import ( AES, Blowfish, Camellia, CAST5, TripleDES, @@ -132,7 +132,7 @@ class _CipherContext(object): try: adapter = registry[type(cipher), type(mode)] except KeyError: - raise NoSuchAlgorithm + raise UnsupportedAlgorithm evp_cipher = adapter(self._backend, cipher, mode) assert evp_cipher != self._backend.ffi.NULL diff --git a/docs/exceptions.rst b/docs/exceptions.rst index b391e620..6ac11b3c 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -3,7 +3,7 @@ Exceptions .. currentmodule:: cryptography.exceptions -.. class:: NoSuchAlgorithm +.. class:: UnsupportedAlgorithm This is raised when a backend doesn't support the requested algorithm (or combination of algorithms). diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 48bad928..c1c8d247 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -43,8 +43,8 @@ where the encrypter and decrypter both use the same key. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will - be raised. + and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + will be raised. .. method:: decryptor() @@ -53,8 +53,8 @@ where the encrypter and decrypter both use the same key. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will - be raised. + and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + will be raised. .. currentmodule:: cryptography.hazmat.primitives.interfaces diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 2c0be1b5..dd9c54c9 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -17,7 +17,7 @@ import binascii import pytest -from cryptography.exceptions import NoSuchAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.block import BlockCipher, ciphers, modes @@ -90,8 +90,8 @@ class TestBlockCipherContext(object): cipher = BlockCipher( object(), object(), backend ) - with pytest.raises(NoSuchAlgorithm): + with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() - with pytest.raises(NoSuchAlgorithm): + with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() -- cgit v1.2.3