diff options
| -rw-r--r-- | cryptography/exceptions.py | 4 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/err.py | 20 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/twofactor/hotp.py | 8 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/twofactor/totp.py | 8 | ||||
| -rw-r--r-- | docs/development/custom-vectors/idea/generate_idea.py | 2 | ||||
| -rw-r--r-- | docs/development/custom-vectors/idea/verify_idea.py | 2 | ||||
| -rw-r--r-- | docs/exceptions.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/twofactor.rst | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/twofactor/test_hotp.py | 11 | ||||
| -rw-r--r-- | tests/hazmat/primitives/twofactor/test_totp.py | 11 |
10 files changed, 70 insertions, 8 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index d7c867d6..88766cc1 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -60,3 +60,7 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass + + +class UnsupportedInterface(Exception): + pass diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 1c8bdd15..551d8217 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -20,6 +20,7 @@ INCLUDES = """ TYPES = """ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; +static const int Cryptography_HAS_098C_CAMELLIA_CODES; struct ERR_string_data_st { unsigned long error; @@ -100,7 +101,6 @@ static const int ASN1_R_WRONG_TAG; static const int ASN1_R_WRONG_TYPE; static const int EVP_F_AES_INIT_KEY; -static const int EVP_F_CAMELLIA_INIT_KEY; static const int EVP_F_D2I_PKEY; static const int EVP_F_DSA_PKEY2PKCS8; static const int EVP_F_DSAPKEY2PKCS8; @@ -141,7 +141,6 @@ static const int EVP_R_BAD_BLOCK_LENGTH; static const int EVP_R_BAD_KEY_LENGTH; static const int EVP_R_BN_DECODE_ERROR; static const int EVP_R_BN_PUBKEY_ERROR; -static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; static const int EVP_R_CIPHER_PARAMETER_ERROR; static const int EVP_R_CTRL_NOT_IMPLEMENTED; static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED; @@ -266,6 +265,9 @@ static const int ASN1_F_SMIME_TEXT; static const int ASN1_R_NO_CONTENT_TYPE; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE; static const int ASN1_R_NO_MULTIPART_BOUNDARY; +/* These were added in OpenSSL 0.9.8c. */ +static const int EVP_F_CAMELLIA_INIT_KEY; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; """ CUSTOMIZATIONS = """ @@ -290,6 +292,16 @@ static const int ASN1_R_NO_CONTENT_TYPE = 0; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0; static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0; #endif + +// OpenSSL 0.9.8c+ +#ifdef EVP_F_CAMELLIA_INIT_KEY +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 1; +#else +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 0; +static const int EVP_F_CAMELLIA_INIT_KEY = 0; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0; +#endif + """ CONDITIONAL_NAMES = { @@ -305,4 +317,8 @@ CONDITIONAL_NAMES = { "ASN1_R_NO_MULTIPART_BODY_FAILURE", "ASN1_R_NO_MULTIPART_BOUNDARY", ], + "Cryptography_HAS_098C_CAMELLIA_CODES": [ + "EVP_F_CAMELLIA_INIT_KEY", + "EVP_R_CAMELLIA_KEY_SETUP_FAILED" + ] } diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 83260225..27476fd9 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,13 +17,19 @@ import struct import six -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): + + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 0630de69..0ce3adaf 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,13 +13,19 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): + + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) diff --git a/docs/development/custom-vectors/idea/generate_idea.py b/docs/development/custom-vectors/idea/generate_idea.py index 544d7ea4..70b9f87f 100644 --- a/docs/development/custom-vectors/idea/generate_idea.py +++ b/docs/development/custom-vectors/idea/generate_idea.py @@ -18,7 +18,7 @@ def encrypt(mode, key, iv, plaintext): def build_vectors(mode, filename): with open(filename, "r") as f: - vector_file = f.read() + vector_file = f.read().splitlines() count = 0 output = [] diff --git a/docs/development/custom-vectors/idea/verify_idea.py b/docs/development/custom-vectors/idea/verify_idea.py index f7e22763..89713c80 100644 --- a/docs/development/custom-vectors/idea/verify_idea.py +++ b/docs/development/custom-vectors/idea/verify_idea.py @@ -18,7 +18,7 @@ def encrypt(mode, key, iv, plaintext): def verify_vectors(mode, filename): with open(filename, "r") as f: - vector_file = f.read() + vector_file = f.read().splitlines() vectors = load_nist_vectors(vector_file) for vector in vectors: diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 48c4bca8..e5010ebe 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -56,3 +56,9 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. +.. class:: UnsupportedInterface + + .. versionadded:: 0.3 + + This is raised when the provided backend does not support the required + interface. diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 3912d483..124d0ef5 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -52,6 +52,9 @@ codes (HMAC). :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` .. method:: generate(counter) @@ -148,6 +151,9 @@ similar to the following code. :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` .. method:: generate(time) diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index bc907c9f..548c6264 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -17,7 +17,7 @@ import os import pytest -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives.twofactor.hotp import HOTP from cryptography.hazmat.primitives import hashes from tests.utils import load_vectors_from_file, load_nist_vectors @@ -95,3 +95,12 @@ class TestHOTP(object): with pytest.raises(TypeError): HOTP(secret, b"foo", SHA1(), backend) + + +def test_invalid_backend(): + secret = b"12345678901234567890" + + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + HOTP(secret, 8, hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index f3bddb88..294c19ab 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -15,7 +15,7 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP from tests.utils import load_vectors_from_file, load_nist_vectors @@ -129,3 +129,12 @@ class TestTOTP(object): totp = TOTP(secret, 8, hashes.SHA1(), 30, backend) assert totp.generate(time) == b"94287082" + + +def test_invalid_backend(): + secret = b"12345678901234567890" + + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend) |