From 077e76e697ebf25aa9fd757f0ef1fd1251b7d408 Mon Sep 17 00:00:00 2001 From: David Reid Date: Tue, 5 Nov 2013 12:59:37 -0800 Subject: Explicit backend --- cryptography/hazmat/primitives/ciphers/base.py | 7 +------ cryptography/hazmat/primitives/hashes.py | 6 +----- cryptography/hazmat/primitives/hmac.py | 8 ++------ tests/hazmat/primitives/test_block.py | 16 ++++++---------- tests/hazmat/primitives/test_hashes.py | 21 ++++++--------------- tests/hazmat/primitives/test_hmac.py | 13 ++++++------- tests/hazmat/primitives/utils.py | 10 +++++----- 7 files changed, 27 insertions(+), 54 deletions(-) diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index 3d733afc..48e6da6f 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -19,12 +19,7 @@ from cryptography.hazmat.primitives import interfaces class Cipher(object): - def __init__(self, algorithm, mode, backend=None): - if backend is None: - from cryptography.hazmat.bindings import ( - _default_backend as backend, - ) - + def __init__(self, algorithm, mode, backend): if not isinstance(algorithm, interfaces.CipherAlgorithm): raise TypeError("Expected interface of interfaces.CipherAlgorithm") diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 93fc8c42..bee188b3 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -22,15 +22,11 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class Hash(object): - def __init__(self, algorithm, backend=None, ctx=None): + def __init__(self, algorithm, backend, ctx=None): if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm - if backend is None: - from cryptography.hazmat.bindings import _default_backend - backend = _default_backend - self._backend = backend if ctx is None: diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 08dfae01..2bd8e4d3 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -22,15 +22,11 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class HMAC(object): - def __init__(self, key, algorithm, ctx=None, backend=None): + def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm - if backend is None: - from cryptography.hazmat.bindings import _default_backend - backend = _default_backend - self._backend = backend self._key = key if ctx is None: @@ -51,7 +47,7 @@ class HMAC(object): return HMAC( self._key, self.algorithm, - backend=self._backend, + self._backend, ctx=self._ctx.copy() ) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 9460c53d..70d7098b 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -31,23 +31,19 @@ class DummyCipher(object): class TestCipher(object): - def test_instantiate_without_backend(self): - Cipher( - algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) - ) - - def test_creates_encryptor(self): + def test_creates_encryptor(self, backend): cipher = Cipher( algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) + modes.CBC(binascii.unhexlify(b"0" * 32)), + backend ) assert isinstance(cipher.encryptor(), interfaces.CipherContext) - def test_creates_decryptor(self): + def test_creates_decryptor(self, backend): cipher = Cipher( algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) + modes.CBC(binascii.unhexlify(b"0" * 32)), + backend ) assert isinstance(cipher.decryptor(), interfaces.CipherContext) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 367e764f..321082f6 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,7 +20,6 @@ import pytest import six from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.bindings import _default_backend from cryptography.hazmat.primitives import hashes from .utils import generate_base_hash_test @@ -28,7 +27,7 @@ from .utils import generate_base_hash_test class TestHashContext(object): def test_hash_reject_unicode(self, backend): - m = hashes.Hash(hashes.SHA1(), backend=backend) + m = hashes.Hash(hashes.SHA1(), backend) with pytest.raises(TypeError): m.update(six.u("\u00FC")) @@ -36,24 +35,16 @@ class TestHashContext(object): pretend_backend = pretend.stub() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, - ctx=pretend_ctx) + h = hashes.Hash(hashes.SHA1(), pretend_backend, ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is h._backend - def test_default_backend_creation(self): - """ - This test assumes the presence of SHA1 in the default backend. - """ - h = hashes.Hash(hashes.SHA1()) - assert h._backend is _default_backend - - def test_hash_algorithm_instance(self): + def test_hash_algorithm_instance(self, backend): with pytest.raises(TypeError): - hashes.Hash(hashes.SHA1) + hashes.Hash(hashes.SHA1, backend) - def test_raises_after_finalize(self): - h = hashes.Hash(hashes.SHA1()) + def test_raises_after_finalize(self, backend): + h = hashes.Hash(hashes.SHA1(), backend) h.finalize() with pytest.raises(AlreadyFinalized): diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index d17049e3..622f186a 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -33,7 +33,7 @@ class TestHMAC(object): ) def test_hmac_reject_unicode(self, backend): - h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) + h = hmac.HMAC(b"mykey", hashes.SHA1(), backend) with pytest.raises(TypeError): h.update(six.u("\u00FC")) @@ -42,17 +42,16 @@ class TestHMAC(object): pretend_backend = pretend.stub(hmacs=pretend_hmac) copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend, - ctx=pretend_ctx) + h = hmac.HMAC(b"key", hashes.SHA1(), pretend_backend, ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is pretend_backend - def test_hmac_algorithm_instance(self): + def test_hmac_algorithm_instance(self, backend): with pytest.raises(TypeError): - hmac.HMAC(b"key", hashes.SHA1) + hmac.HMAC(b"key", hashes.SHA1, backend) - def test_raises_after_finalize(self): - h = hmac.HMAC(b"key", hashes.SHA1()) + def test_raises_after_finalize(self, backend): + h = hmac.HMAC(b"key", hashes.SHA1(), backend) h.finalize() with pytest.raises(AlreadyFinalized): diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 9327b0eb..c476a75c 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -121,7 +121,7 @@ def hash_test(backend, algorithm, params, only_if, skip_message): pytest.skip(skip_message) msg = params[0] md = params[1] - m = hashes.Hash(algorithm, backend=backend) + m = hashes.Hash(algorithm, backend) m.update(binascii.unhexlify(msg)) expected_md = md.replace(" ", "").lower().encode("ascii") assert m.finalize() == binascii.unhexlify(expected_md) @@ -148,7 +148,7 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, if only_if is not None and not only_if(backend): pytest.skip(skip_message) - m = hashes.Hash(algorithm, backend=backend) + m = hashes.Hash(algorithm, backend) assert m.algorithm.digest_size == digest_size assert m.algorithm.block_size == block_size m_copy = m.copy() @@ -180,7 +180,7 @@ def generate_long_string_hash_test(hash_factory, md, only_if=None, def long_string_hash_test(backend, algorithm, md, only_if, skip_message): if only_if is not None and not only_if(backend): pytest.skip(skip_message) - m = hashes.Hash(algorithm, backend=backend) + m = hashes.Hash(algorithm, backend) m.update(b"a" * 1000000) assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) @@ -211,7 +211,7 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): msg = params[0] md = params[1] key = params[2] - h = hmac.HMAC(binascii.unhexlify(key), algorithm) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend) h.update(binascii.unhexlify(msg)) assert h.finalize() == binascii.unhexlify(md.encode("ascii")) @@ -233,7 +233,7 @@ def base_hmac_test(backend, algorithm, only_if, skip_message): if only_if is not None and not only_if(backend): pytest.skip(skip_message) key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend) h_copy = h.copy() assert h != h_copy assert h._ctx != h_copy._ctx -- cgit v1.2.3 From ef0fcf26c920c011948f078481739f4e2c31535f Mon Sep 17 00:00:00 2001 From: David Reid Date: Wed, 6 Nov 2013 11:12:45 -0800 Subject: Add a default_backend and start updating docs. --- cryptography/hazmat/bindings/__init__.py | 5 ++++- docs/hazmat/primitives/cryptographic-hashes.rst | 6 +++--- docs/hazmat/primitives/hmac.rst | 5 +++-- docs/hazmat/primitives/symmetric-encryption.rst | 9 ++++++--- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/bindings/__init__.py index eb828999..bd158198 100644 --- a/cryptography/hazmat/bindings/__init__.py +++ b/cryptography/hazmat/bindings/__init__.py @@ -14,7 +14,10 @@ from cryptography.hazmat.bindings import openssl -_default_backend = openssl.backend _ALL_BACKENDS = [ openssl.backend ] + + +def default_backend(): + return openssl.backend diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 52e87702..b3db9f19 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -5,7 +5,7 @@ Message Digests .. currentmodule:: cryptography.hazmat.primitives.hashes -.. class:: Hash(algorithm) +.. class:: Hash(algorithm, backend) A cryptographic hash function takes an arbitrary block of data and calculates a fixed-size bit string (a digest), such that different data @@ -19,9 +19,9 @@ Message Digests various message digests. .. doctest:: - + >>> from cryptography.hazmat.bindings import default_backend >>> from cryptography.hazmat.primitives import hashes - >>> digest = hashes.Hash(hashes.SHA256()) + >>> digest = hashes.Hash(hashes.SHA256(), default_backend()) >>> digest.update(b"abc") >>> digest.update(b"123") >>> digest.finalize() diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index cff2dbf1..7d87ca7e 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -15,7 +15,7 @@ message authentication codes using a cryptographic hash function coupled with a secret key. You can use an HMAC to verify integrity as well as authenticate a message. -.. class:: HMAC(key, algorithm) +.. class:: HMAC(key, algorithm, backend) HMAC objects take a ``key`` and a provider of :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`. @@ -27,8 +27,9 @@ message. .. doctest:: + >>> from cryptography.hazmat.bindings import default_backend >>> from cryptography.hazmat.primitives import hashes, hmac - >>> h = hmac.HMAC(key, hashes.SHA256()) + >>> h = hmac.HMAC(key, hashes.SHA256(), default_backend()) >>> h.update(b"message to hash") >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index eef359d6..42d2090c 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -12,6 +12,9 @@ Symmetric Encryption key = binascii.unhexlify(b"0" * 32) iv = binascii.unhexlify(b"0" * 32) + from cryptography.hazmat.bindings import default_backend + backend = default_backend() + Symmetric encryption is a way to encrypt (hide the plaintext value) material where the sender and receiver both use the same key. Note that symmetric @@ -22,7 +25,7 @@ For this reason it is *strongly* recommended to combine encryption with a message authentication code, such as :doc:`HMAC `, in an "encrypt-then-MAC" formulation as `described by Colin Percival`_. -.. class:: Cipher(algorithm, mode) +.. class:: Cipher(algorithm, mode, backend) Cipher objects combine an algorithm (such as :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`) with a @@ -33,8 +36,8 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. doctest:: - >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes - >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) + >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, mode + >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend) >>> encryptor = cipher.encryptor() >>> ct = encryptor.update(b"a secret message") + encryptor.finalize() >>> decryptor = cipher.decryptor() -- cgit v1.2.3 From 846460ae25554cbf007c0b65f8d7997d543ea53e Mon Sep 17 00:00:00 2001 From: David Reid Date: Wed, 6 Nov 2013 11:24:50 -0800 Subject: Fix doctests. --- docs/hazmat/primitives/cryptographic-hashes.rst | 1 + docs/hazmat/primitives/symmetric-encryption.rst | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index b3db9f19..f05b45a5 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -19,6 +19,7 @@ Message Digests various message digests. .. doctest:: + >>> from cryptography.hazmat.bindings import default_backend >>> from cryptography.hazmat.primitives import hashes >>> digest = hashes.Hash(hashes.SHA256(), default_backend()) diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 42d2090c..e7d019da 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -36,7 +36,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. doctest:: - >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, mode + >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend) >>> encryptor = cipher.encryptor() >>> ct = encryptor.update(b"a secret message") + encryptor.finalize() -- cgit v1.2.3 From 63fa19ace98c2c88a6065acc9e944a71480ff651 Mon Sep 17 00:00:00 2001 From: David Reid Date: Wed, 20 Nov 2013 10:49:13 -0800 Subject: Use backend as keyword argument everywhere. --- docs/hazmat/primitives/cryptographic-hashes.rst | 2 +- docs/hazmat/primitives/hmac.rst | 2 +- docs/hazmat/primitives/symmetric-encryption.rst | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index f05b45a5..92f8fa30 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -22,7 +22,7 @@ Message Digests >>> from cryptography.hazmat.bindings import default_backend >>> from cryptography.hazmat.primitives import hashes - >>> digest = hashes.Hash(hashes.SHA256(), default_backend()) + >>> digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) >>> digest.update(b"abc") >>> digest.update(b"123") >>> digest.finalize() diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 7d87ca7e..10db40ee 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -29,7 +29,7 @@ message. >>> from cryptography.hazmat.bindings import default_backend >>> from cryptography.hazmat.primitives import hashes, hmac - >>> h = hmac.HMAC(key, hashes.SHA256(), default_backend()) + >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend()) >>> h.update(b"message to hash") >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index e7d019da..76f68a12 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -37,7 +37,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. doctest:: >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes - >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend) + >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) >>> encryptor = cipher.encryptor() >>> ct = encryptor.update(b"a secret message") + encryptor.finalize() >>> decryptor = cipher.decryptor() @@ -179,7 +179,7 @@ Weak Ciphers >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes >>> algorithm = algorithms.ARC4(key) - >>> cipher = Cipher(algorithm, mode=None) + >>> cipher = Cipher(algorithm, mode=None, backend=backend) >>> encryptor = cipher.encryptor() >>> ct = encryptor.update(b"a secret message") >>> decryptor = cipher.decryptor() -- cgit v1.2.3 From 5a4aa42542c952905fbf83582bff4bb2b328c4e1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 20 Nov 2013 11:05:39 -0800 Subject: Travis now has an up to date pypy --- .travis/install.sh | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.travis/install.sh b/.travis/install.sh index fdd71907..4aa39799 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -5,24 +5,8 @@ set -x if [[ "${OPENSSL}" == "0.9.8" ]]; then sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" -fi - -if [[ "${TOX_ENV}" == "pypy" ]]; then - sudo add-apt-repository -y ppa:pypy/ppa -fi - -sudo apt-get -y update - -if [[ "${OPENSSL}" == "0.9.8" ]]; then + sudo apt-get -y update sudo apt-get install -y --force-yes libssl-dev/lucid fi -if [[ "${TOX_ENV}" == "pypy" ]]; then - sudo apt-get install -y pypy - - # This is required because we need to get rid of the Travis installed PyPy - # or it'll take precedence over the PPA installed one. - sudo rm -rf /usr/local/pypy/bin -fi - pip install tox coveralls -- cgit v1.2.3 From 663295d015d4aa65258f14d91c6350726604350c Mon Sep 17 00:00:00 2001 From: David Reid Date: Wed, 20 Nov 2013 13:55:08 -0800 Subject: Document all the parameters including cross references to specific providers where appropriate. --- docs/hazmat/primitives/cryptographic-hashes.rst | 10 ++++++++++ docs/hazmat/primitives/hmac.rst | 10 ++++++++++ docs/hazmat/primitives/symmetric-encryption.rst | 14 ++++++++++++-- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 92f8fa30..312d7e69 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -34,6 +34,14 @@ Message Digests upgrading the hash algorithm you use over time. For more information, see `Lifetimes of cryptographic hash functions`_. + :param algorithm: A + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider such as those described in + :ref:`below `. + :param backend: A + :class:`~cryptography.hazmat.bindings.interfaces.HashBackend` + provider. + .. method:: update(data) :param bytes data: The bytes you wish to hash. @@ -60,6 +68,8 @@ Message Digests :return bytes: The message digest as bytes. +.. _cryptographic-hash-algorithms: + SHA-1 ~~~~~ diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 10db40ee..db5e98d3 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -34,6 +34,16 @@ message. >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' + + :param key: Secret key as ``bytes``. + :param algorithm: A + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider such as those described in + :ref:`Cryptographic Hashes `. + :param backend: A + :class:`~cryptography.hazmat.bindings.interfaces.HMACBackend` + provider. + .. method:: update(msg) :param bytes msg: The bytes to hash and authenticate. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 76f68a12..f63ad90a 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -44,8 +44,16 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. >>> decryptor.update(ct) + decryptor.finalize() 'a secret message' - :param algorithms: One of the algorithms described below. - :param mode: One of the modes described below. + :param algorithms: A + :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` + provider such as those described + :ref:`below `. + :param mode: A :class:`~cryptography.hazmat.primitives.interfaces.Mode` + provider such as those described + :ref:`below `. + :param backend: A + :class:`~cryptography.hazmat.bindings.interfaces.CipherBackend` + provider. .. method:: encryptor() @@ -98,6 +106,8 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. :meth:`update` and :meth:`finalize` will raise :class:`~cryptography.exceptions.AlreadyFinalized`. +.. _symmetric-encryption-algorithms: + Algorithms ~~~~~~~~~~ -- cgit v1.2.3 From cf3ad610b2530af2a56f99197ae85718fa90f439 Mon Sep 17 00:00:00 2001 From: David Reid Date: Wed, 20 Nov 2013 14:34:45 -0800 Subject: Test that openssl is the default backend. --- tests/hazmat/bindings/test_openssl.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 9f27aab7..e6604e6b 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -15,6 +15,7 @@ import pytest from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.bindings import default_backend from cryptography.hazmat.bindings.openssl.backend import backend, Backend from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import Cipher @@ -35,6 +36,9 @@ class TestOpenSSL(object): def test_backend_exists(self): assert backend + def test_is_default(self): + assert backend == default_backend() + def test_openssl_version_text(self): """ This test checks the value of OPENSSL_VERSION_TEXT. -- cgit v1.2.3 From 0ab3e44b0512a6cbab845a65759a21787bf15d27 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 12:52:18 -0800 Subject: Raise a correct error when content isn't padded correctly --- cryptography/exceptions.py | 4 ++++ cryptography/hazmat/bindings/openssl/backend.py | 22 ++++++++++++++++++++-- cryptography/hazmat/bindings/openssl/err.py | 7 +++++++ tests/hazmat/primitives/test_block.py | 20 +++++++++++++++++++- 4 files changed, 50 insertions(+), 3 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index c2e71493..a39674f9 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -18,3 +18,7 @@ class UnsupportedAlgorithm(Exception): class AlreadyFinalized(Exception): pass + + +class IncorrectPadding(Exception): + pass diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index db4d18e7..0071da5d 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -19,7 +19,7 @@ import sys import cffi from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm, IncorrectPadding from cryptography.hazmat.bindings.interfaces import ( CipherBackend, HashBackend, HMACBackend ) @@ -193,6 +193,22 @@ class Backend(object): def create_symmetric_decryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT) + def _handle_error(self): + code = self.lib.ERR_get_error() + assert code != 0 + lib = self.lib.ERR_GET_LIB(code) + func = self.lib.ERR_GET_FUNC(code) + reason = self.lib.ERR_GET_REASON(code) + + if lib == self.lib.ERR_LIB_EVP: + if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX: + if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: + raise IncorrectPadding + elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: + if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: + raise IncorrectPadding + assert False + class GetCipherByName(object): def __init__(self, fmt): @@ -268,7 +284,9 @@ class _CipherContext(object): buf = self._backend.ffi.new("unsigned char[]", self._cipher.block_size) outlen = self._backend.ffi.new("int *") res = self._backend.lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) - assert res != 0 + if res == 0: + self._backend._handle_error() + res = self._backend.lib.EVP_CIPHER_CTX_cleanup(self._ctx) assert res == 1 return self._backend.ffi.buffer(buf)[:outlen[0]] diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 6a36dee0..3dac6948 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -21,6 +21,13 @@ struct ERR_string_data_st { const char *string; }; typedef struct ERR_string_data_st ERR_STRING_DATA; + +static const int ERR_LIB_EVP; + +static const int EVP_F_EVP_ENCRYPTFINAL_EX; +static const int EVP_F_EVP_DECRYPTFINAL_EX; + +static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; """ FUNCTIONS = """ diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 9460c53d..4c756203 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,7 +18,9 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, AlreadyFinalized +from cryptography.exceptions import ( + UnsupportedAlgorithm, AlreadyFinalized, IncorrectPadding +) from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -108,3 +110,19 @@ class TestCipherContext(object): with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() + + def test_incorrectly_padded(self, backend): + cipher = Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend + ) + encryptor = cipher.encryptor() + encryptor.update(b"1") + with pytest.raises(IncorrectPadding): + encryptor.finalize() + + decryptor = cipher.decryptor() + decryptor.update(b"1") + with pytest.raises(IncorrectPadding): + decryptor.finalize() -- cgit v1.2.3 From 797dd83d81915d5bab8791e513fcb26051870eb7 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 13:08:58 -0800 Subject: Documentation! --- docs/hazmat/primitives/symmetric-encryption.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index eef359d6..35b0d9a8 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -75,6 +75,15 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. everything into the context. Once that is done call ``finalize()`` to finish the operation and obtain the remainder of the data. + Block ciphers require that plaintext or ciphertext always be a multiple of + their block size, because of that **padding** is often required to make a + message the correct size. ``CipherContext`` will not automatically apply + any padding; you'll need to add your own. For block ciphers the reccomended + padding is :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you + are using a stream cipher mode (such as + :class:`cryptography.hazmat.primitives.modes.CTR`) you don't have to worry + about this. + .. method:: update(data) :param bytes data: The data you wish to pass into the context. @@ -90,6 +99,13 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. method:: finalize() :return bytes: Returns the remainder of the data. + :raises cryptography.exceptions.IncorrectPadding: This is raised when + the data provided + isn't correctly + padded to be a + multiple of the + algorithm's block + size. Once ``finalize`` is called this object can no longer be used and :meth:`update` and :meth:`finalize` will raise -- cgit v1.2.3 From f1569b6abbba6920ca343c62721098e0ce8c7f9c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 13:09:38 -0800 Subject: One more documentation --- docs/exceptions.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/exceptions.rst b/docs/exceptions.rst index ab1b28fe..b0435b0c 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -13,3 +13,7 @@ Exceptions This is raised when a backend doesn't support the requested algorithm (or combination of algorithms). + +.. class:: IncorrectPadding + + This is raised when a block cipher's content isn't correctly padded. -- cgit v1.2.3 From d203710bba3f2eb15a2e2db38a20305540af2eea Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 13:12:02 -0800 Subject: Better, but still not covered --- cryptography/hazmat/bindings/openssl/backend.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index 0071da5d..99f11f45 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -207,7 +207,9 @@ class Backend(object): elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: raise IncorrectPadding - assert False + raise SystemError( + "Unknown error code from OpenSSL, you should probably file a bug" + ) class GetCipherByName(object): -- cgit v1.2.3 From 3edffe25ab91702842a7553b028d50086c58eef1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 14:31:52 -0800 Subject: include the error message --- cryptography/hazmat/bindings/openssl/backend.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index 99f11f45..ae951717 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -207,8 +207,11 @@ class Backend(object): elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: raise IncorrectPadding + + message = self.ffi.string(self.lib.ERR_reason_error_string(code)) raise SystemError( - "Unknown error code from OpenSSL, you should probably file a bug" + "Unknown error code from OpenSSL, you should probably file a bug. " + "Cause: %s" % message ) -- cgit v1.2.3 From e247d0be584c52e25694918ad2345dadde3fefa9 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 16:24:06 -0800 Subject: Coverage --- cryptography/hazmat/bindings/openssl/backend.py | 6 +++--- tests/hazmat/bindings/test_openssl.py | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index ae951717..77ecf277 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -199,7 +199,9 @@ class Backend(object): lib = self.lib.ERR_GET_LIB(code) func = self.lib.ERR_GET_FUNC(code) reason = self.lib.ERR_GET_REASON(code) + return self._handle_error_code(lib, func, reason) + def _handle_error_code(self, lib, func, reason): if lib == self.lib.ERR_LIB_EVP: if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: @@ -208,10 +210,8 @@ class Backend(object): if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: raise IncorrectPadding - message = self.ffi.string(self.lib.ERR_reason_error_string(code)) raise SystemError( - "Unknown error code from OpenSSL, you should probably file a bug. " - "Cause: %s" % message + "Unknown error code from OpenSSL, you should probably file a bug." ) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 9f27aab7..7ad1ea75 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -70,3 +70,7 @@ class TestOpenSSL(object): ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() + + def test_handle_unknown_error(self): + with pytest.raises(SystemError): + backend._handle_error_code(0, 0, 0) -- cgit v1.2.3 From bae899ad36bcb99dbec94aaf026ef1650f2b1242 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 16:54:55 -0800 Subject: Change teh exception --- cryptography/exceptions.py | 4 ---- cryptography/hazmat/bindings/openssl/backend.py | 6 +++--- docs/exceptions.rst | 5 ----- docs/hazmat/primitives/padding.rst | 8 +++++++- docs/hazmat/primitives/symmetric-encryption.rst | 10 +++------- tests/hazmat/primitives/test_block.py | 8 +++----- 6 files changed, 16 insertions(+), 25 deletions(-) diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index a39674f9..c2e71493 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -18,7 +18,3 @@ class UnsupportedAlgorithm(Exception): class AlreadyFinalized(Exception): pass - - -class IncorrectPadding(Exception): - pass diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index 77ecf277..b2599d22 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -19,7 +19,7 @@ import sys import cffi from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, IncorrectPadding +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.bindings.interfaces import ( CipherBackend, HashBackend, HMACBackend ) @@ -205,10 +205,10 @@ class Backend(object): if lib == self.lib.ERR_LIB_EVP: if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: - raise IncorrectPadding + raise ValueError elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: - raise IncorrectPadding + raise ValueError raise SystemError( "Unknown error code from OpenSSL, you should probably file a bug." diff --git a/docs/exceptions.rst b/docs/exceptions.rst index b0435b0c..c6f5a7cc 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -12,8 +12,3 @@ Exceptions This is raised when a backend doesn't support the requested algorithm (or combination of algorithms). - - -.. class:: IncorrectPadding - - This is raised when a block cipher's content isn't correctly padded. diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst index aebb4d4d..4d79ac8f 100644 --- a/docs/hazmat/primitives/padding.rst +++ b/docs/hazmat/primitives/padding.rst @@ -25,8 +25,14 @@ multiple of the block size. >>> padder = padding.PKCS7(128).padder() >>> padder.update(b"1111111111") '' - >>> padder.finalize() + >>> padded_data = padder.finalize() + >>> padded_data '1111111111\x06\x06\x06\x06\x06\x06' + >>> unpadder = padding.PKCS7(128).unpadder() + >>> unpadder.update(padded_data) + '' + >>> unpadder.finalize() + '1111111111' :param block_size: The size of the block in bits that the data is being padded to. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 35b0d9a8..732af33c 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -99,13 +99,9 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. method:: finalize() :return bytes: Returns the remainder of the data. - :raises cryptography.exceptions.IncorrectPadding: This is raised when - the data provided - isn't correctly - padded to be a - multiple of the - algorithm's block - size. + :raises ValueError: This is raised when the data provided isn't + correctly padded to be a multiple of the + algorithm's block size. Once ``finalize`` is called this object can no longer be used and :meth:`update` and :meth:`finalize` will raise diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 4c756203..ea40127e 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,9 +18,7 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, AlreadyFinalized, IncorrectPadding -) +from cryptography.exceptions import UnsupportedAlgorithm, AlreadyFinalized from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -119,10 +117,10 @@ class TestCipherContext(object): ) encryptor = cipher.encryptor() encryptor.update(b"1") - with pytest.raises(IncorrectPadding): + with pytest.raises(ValueError): encryptor.finalize() decryptor = cipher.decryptor() decryptor.update(b"1") - with pytest.raises(IncorrectPadding): + with pytest.raises(ValueError): decryptor.finalize() -- cgit v1.2.3 From b7e8990aabb46ac6c0511530d7a67f69e08f1788 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 16:58:34 -0800 Subject: Useful error message --- cryptography/hazmat/bindings/openssl/backend.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index b2599d22..9f8ea939 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -205,10 +205,16 @@ class Backend(object): if lib == self.lib.ERR_LIB_EVP: if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: - raise ValueError + raise ValueError( + "The length of the provided data is not a multiple of " + "the block length" + ) elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: - raise ValueError + raise ValueError( + "The length of the provided data is not a multiple of " + "the block length" + ) raise SystemError( "Unknown error code from OpenSSL, you should probably file a bug." -- cgit v1.2.3 From 87e113f2705b11fc395d7070d7ca8b89f2954631 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 23 Nov 2013 07:54:36 -0800 Subject: Fixed branch coverage --- tests/hazmat/bindings/test_openssl.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 7ad1ea75..0ebf38af 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -74,3 +74,20 @@ class TestOpenSSL(object): def test_handle_unknown_error(self): with pytest.raises(SystemError): backend._handle_error_code(0, 0, 0) + + with pytest.raises(SystemError): + backend._handle_error_code(backend.lib.ERR_LIB_EVP, 0, 0) + + with pytest.raises(SystemError): + backend._handle_error_code( + backend.lib.ERR_LIB_EVP, + backend.lib.EVP_F_EVP_ENCRYPTFINAL_EX, + 0 + ) + + with pytest.raises(SystemError): + backend._handle_error_code( + backend.lib.ERR_LIB_EVP, + backend.lib.EVP_F_EVP_DECRYPTFINAL_EX, + 0 + ) -- cgit v1.2.3 From 9a1b0c75518e6eb2b4c0cb8fd35d94dad124ccd6 Mon Sep 17 00:00:00 2001 From: David Reid Date: Mon, 25 Nov 2013 09:14:02 -0800 Subject: Use keyword argument forms everywhere. --- tests/hazmat/primitives/test_hashes.py | 8 ++++---- tests/hazmat/primitives/test_hmac.py | 9 +++++---- tests/hazmat/primitives/utils.py | 14 +++++++------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 321082f6..c8719b0a 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -27,7 +27,7 @@ from .utils import generate_base_hash_test class TestHashContext(object): def test_hash_reject_unicode(self, backend): - m = hashes.Hash(hashes.SHA1(), backend) + m = hashes.Hash(hashes.SHA1(), backend=backend) with pytest.raises(TypeError): m.update(six.u("\u00FC")) @@ -35,16 +35,16 @@ class TestHashContext(object): pretend_backend = pretend.stub() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hashes.Hash(hashes.SHA1(), pretend_backend, ctx=pretend_ctx) + h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is h._backend def test_hash_algorithm_instance(self, backend): with pytest.raises(TypeError): - hashes.Hash(hashes.SHA1, backend) + hashes.Hash(hashes.SHA1, backend=backend) def test_raises_after_finalize(self, backend): - h = hashes.Hash(hashes.SHA1(), backend) + h = hashes.Hash(hashes.SHA1(), backend=backend) h.finalize() with pytest.raises(AlreadyFinalized): diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 622f186a..992bcb1a 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -33,7 +33,7 @@ class TestHMAC(object): ) def test_hmac_reject_unicode(self, backend): - h = hmac.HMAC(b"mykey", hashes.SHA1(), backend) + h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) with pytest.raises(TypeError): h.update(six.u("\u00FC")) @@ -42,16 +42,17 @@ class TestHMAC(object): pretend_backend = pretend.stub(hmacs=pretend_hmac) copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hmac.HMAC(b"key", hashes.SHA1(), pretend_backend, ctx=pretend_ctx) + h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend, + ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is pretend_backend def test_hmac_algorithm_instance(self, backend): with pytest.raises(TypeError): - hmac.HMAC(b"key", hashes.SHA1, backend) + hmac.HMAC(b"key", hashes.SHA1, backend=backend) def test_raises_after_finalize(self, backend): - h = hmac.HMAC(b"key", hashes.SHA1(), backend) + h = hmac.HMAC(b"key", hashes.SHA1(), backend=backend) h.finalize() with pytest.raises(AlreadyFinalized): diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index c476a75c..6c67ddb3 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -42,7 +42,7 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, cipher = Cipher( cipher_factory(**params), mode_factory(**params), - backend + backend=backend ) encryptor = cipher.encryptor() actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext)) @@ -82,7 +82,7 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, plaintext = params.pop("plaintext") ciphertext = params.pop("ciphertext") offset = params.pop("offset") - cipher = Cipher(cipher_factory(**params), None, backend) + cipher = Cipher(cipher_factory(**params), None, backend=backend) encryptor = cipher.encryptor() # throw away offset bytes encryptor.update(b"\x00" * int(offset)) @@ -121,7 +121,7 @@ def hash_test(backend, algorithm, params, only_if, skip_message): pytest.skip(skip_message) msg = params[0] md = params[1] - m = hashes.Hash(algorithm, backend) + m = hashes.Hash(algorithm, backend=backend) m.update(binascii.unhexlify(msg)) expected_md = md.replace(" ", "").lower().encode("ascii") assert m.finalize() == binascii.unhexlify(expected_md) @@ -148,7 +148,7 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, if only_if is not None and not only_if(backend): pytest.skip(skip_message) - m = hashes.Hash(algorithm, backend) + m = hashes.Hash(algorithm, backend=backend) assert m.algorithm.digest_size == digest_size assert m.algorithm.block_size == block_size m_copy = m.copy() @@ -180,7 +180,7 @@ def generate_long_string_hash_test(hash_factory, md, only_if=None, def long_string_hash_test(backend, algorithm, md, only_if, skip_message): if only_if is not None and not only_if(backend): pytest.skip(skip_message) - m = hashes.Hash(algorithm, backend) + m = hashes.Hash(algorithm, backend=backend) m.update(b"a" * 1000000) assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) @@ -211,7 +211,7 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): msg = params[0] md = params[1] key = params[2] - h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) h.update(binascii.unhexlify(msg)) assert h.finalize() == binascii.unhexlify(md.encode("ascii")) @@ -233,7 +233,7 @@ def base_hmac_test(backend, algorithm, only_if, skip_message): if only_if is not None and not only_if(backend): pytest.skip(skip_message) key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) h_copy = h.copy() assert h != h_copy assert h._ctx != h_copy._ctx -- cgit v1.2.3 From d5d085e056936ffec5461f313edda195690cd636 Mon Sep 17 00:00:00 2001 From: David Reid Date: Mon, 25 Nov 2013 09:45:52 -0800 Subject: Put some docs for default_backend in a place. --- docs/hazmat/bindings/index.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst index 11355bfa..746f4596 100644 --- a/docs/hazmat/bindings/index.rst +++ b/docs/hazmat/bindings/index.rst @@ -8,3 +8,27 @@ Bindings openssl interfaces + + +Getting a Backend Provider +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. currentmodule:: cryptography.hazmat.bindings + +``cryptography`` aims to support multiple backends to ensure it can provide +the widest number of supported cryptographic algorithms as well as supporting +platform specific implementations. + +You can get the default backend by calling +:func:`~default_backend`. + +The default backend will change over time as we implement new backends and +the libraries we use in those backends changes. + + +.. function:: default_backend() + + :returns: An object that provides at least + :class:`~interfaces.CipherBackend`, :class:`~interfaces.HashBackend`, and + :class:`~interfaces.HMACBackend`. + -- cgit v1.2.3 From 03fdce3a8db9bd6924640eafa17296b26a34eafb Mon Sep 17 00:00:00 2001 From: David Reid Date: Mon, 25 Nov 2013 09:51:32 -0800 Subject: Use backend as keyword even when copying hmacs. --- cryptography/hazmat/primitives/hmac.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 2bd8e4d3..618bccc5 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -47,7 +47,7 @@ class HMAC(object): return HMAC( self._key, self.algorithm, - self._backend, + backend=self._backend, ctx=self._ctx.copy() ) -- cgit v1.2.3 From 6dc73a9bd475dfb7a3c18c65afaeb644cce3749f Mon Sep 17 00:00:00 2001 From: David Reid Date: Mon, 25 Nov 2013 12:58:27 -0800 Subject: Fix pep8 --- tests/hazmat/primitives/test_hashes.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index c8719b0a..ff42e8f4 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -35,7 +35,8 @@ class TestHashContext(object): pretend_backend = pretend.stub() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, ctx=pretend_ctx) + h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, + ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is h._backend -- cgit v1.2.3