diff options
| -rw-r--r-- | cryptography/exceptions.py | 16 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/commoncrypto/backend.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/multibackend.py | 24 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 14 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/pbkdf2.py | 4 | ||||
| -rw-r--r-- | docs/exceptions.rst | 23 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/hmac.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 4 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_commoncrypto.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_multibackend.py | 24 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_pbkdf2hmac.py | 4 |
17 files changed, 89 insertions, 68 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index b4962591..a26dbe18 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -16,6 +16,18 @@ class UnsupportedAlgorithm(Exception): pass +class UnsupportedCipher(UnsupportedAlgorithm): + pass + + +class UnsupportedHash(UnsupportedAlgorithm): + pass + + +class UnsupportedPadding(UnsupportedAlgorithm): + pass + + class AlreadyFinalized(Exception): pass @@ -46,7 +58,3 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass - - -class UnsupportedPadding(Exception): - pass diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index 4a451d34..53228b31 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -17,7 +17,7 @@ from collections import namedtuple from cryptography import utils from cryptography.exceptions import ( - UnsupportedAlgorithm, InvalidTag, InternalError + InvalidTag, InternalError, UnsupportedCipher, UnsupportedHash ) from cryptography.hazmat.backends.interfaces import ( HashBackend, HMACBackend, CipherBackend, PBKDF2HMACBackend @@ -273,7 +273,7 @@ class _CipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedAlgorithm( + raise UnsupportedCipher( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -346,7 +346,7 @@ class _GCMCipherContext(object): try: cipher_enum, mode_enum = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedAlgorithm( + raise UnsupportedCipher( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -420,7 +420,7 @@ class _HashContext(object): try: methods = self._backend._hash_mapping[self.algorithm.name] except KeyError: - raise UnsupportedAlgorithm( + raise UnsupportedHash( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -463,7 +463,7 @@ class _HMACContext(object): try: alg = self._backend._supported_hmac_algorithms[algorithm.name] except KeyError: - raise UnsupportedAlgorithm( + raise UnsupportedHash( "{0} is not a supported HMAC hash on this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index de1fff7c..cca82a59 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -14,7 +14,9 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import ( + UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash +) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend ) @@ -46,17 +48,17 @@ class MultiBackend(object): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_encryption_ctx(algorithm, mode) - except UnsupportedAlgorithm: + except UnsupportedCipher: pass - raise UnsupportedAlgorithm + raise UnsupportedCipher def create_symmetric_decryption_ctx(self, algorithm, mode): for b in self._filtered_backends(CipherBackend): try: return b.create_symmetric_decryption_ctx(algorithm, mode) - except UnsupportedAlgorithm: + except UnsupportedCipher: pass - raise UnsupportedAlgorithm + raise UnsupportedCipher def hash_supported(self, algorithm): return any( @@ -68,9 +70,9 @@ class MultiBackend(object): for b in self._filtered_backends(HashBackend): try: return b.create_hash_ctx(algorithm) - except UnsupportedAlgorithm: + except UnsupportedHash: pass - raise UnsupportedAlgorithm + raise UnsupportedHash def hmac_supported(self, algorithm): return any( @@ -82,9 +84,9 @@ class MultiBackend(object): for b in self._filtered_backends(HMACBackend): try: return b.create_hmac_ctx(key, algorithm) - except UnsupportedAlgorithm: + except UnsupportedHash: pass - raise UnsupportedAlgorithm + raise UnsupportedHash def pbkdf2_hmac_supported(self, algorithm): return any( @@ -99,9 +101,9 @@ class MultiBackend(object): return b.derive_pbkdf2_hmac( algorithm, length, salt, iterations, key_material ) - except UnsupportedAlgorithm: + except UnsupportedHash: pass - raise UnsupportedAlgorithm + raise UnsupportedHash def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index f05ee3d6..e37dba5a 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -18,8 +18,8 @@ import itertools from cryptography import utils from cryptography.exceptions import ( - UnsupportedAlgorithm, InvalidTag, InternalError, AlreadyFinalized, - UnsupportedPadding, InvalidSignature + InvalidTag, InternalError, AlreadyFinalized, UnsupportedCipher, + UnsupportedHash, UnsupportedPadding, InvalidSignature ) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend @@ -211,7 +211,7 @@ class Backend(object): assert res == 1 else: if not isinstance(algorithm, hashes.SHA1): - raise UnsupportedAlgorithm( + raise UnsupportedHash( "This version of OpenSSL only supports PBKDF2HMAC with " "SHA1" ) @@ -377,7 +377,7 @@ class _CipherContext(object): try: adapter = registry[type(cipher), type(mode)] except KeyError: - raise UnsupportedAlgorithm( + raise UnsupportedCipher( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -385,7 +385,7 @@ class _CipherContext(object): evp_cipher = adapter(self._backend, cipher, mode) if evp_cipher == self._backend._ffi.NULL: - raise UnsupportedAlgorithm( + raise UnsupportedCipher( "cipher {0} in {1} mode is not supported " "by this backend".format( cipher.name, mode.name if mode else mode) @@ -517,7 +517,7 @@ class _HashContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode("ascii")) if evp_md == self._backend._ffi.NULL: - raise UnsupportedAlgorithm( + raise UnsupportedHash( "{0} is not a supported hash on this backend".format( algorithm.name) ) @@ -567,7 +567,7 @@ class _HMACContext(object): evp_md = self._backend._lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) if evp_md == self._backend._ffi.NULL: - raise UnsupportedAlgorithm( + raise UnsupportedHash( "{0} is not a supported hash on this backend".format( algorithm.name) ) diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 71b88211..39427780 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,7 +17,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedAlgorithm, AlreadyFinalized + InvalidKey, UnsupportedHash, AlreadyFinalized ) from cryptography.hazmat.primitives import constant_time, interfaces @@ -26,7 +26,7 @@ from cryptography.hazmat.primitives import constant_time, interfaces class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not backend.pbkdf2_hmac_supported(algorithm): - raise UnsupportedAlgorithm( + raise UnsupportedHash( "{0} is not supported for PBKDF2 by this backend".format( algorithm.name) ) diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 7f9ae347..48c4bca8 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -25,11 +25,24 @@ Exceptions This is raised when additional data is added to a context after update has already been called. +.. class:: UnsupportedCipher -.. class:: UnsupportedAlgorithm + .. versionadded:: 0.3 - This is raised when a backend doesn't support the requested algorithm (or - combination of algorithms). + This is raised when a backend doesn't support the requested cipher + algorithm and mode combination. + +.. class:: UnsupportedHash + + .. versionadded:: 0.3 + + This is raised when a backend doesn't support the requested hash algorithm. + +.. class:: UnsupportedPadding + + .. versionadded:: 0.3 + + This is raised when the requested padding is not supported by the backend. .. class:: InvalidKey @@ -43,7 +56,3 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. - -.. class:: UnsupportedPadding - - This is raised when the chosen padding is not supported by the backend. diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index af19fbc6..a7a9661b 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -258,7 +258,7 @@ A specific ``backend`` may provide one or more of these interfaces. style key serialization. .. method:: load_openssl_pem_private_key(data, password) - + :param bytes data: PEM data to deserialize. :param bytes password: The password to use if this data is encrypted. diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 6c56acad..86b85852 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -29,7 +29,7 @@ Message Digests 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. + :class:`~cryptography.exceptions.UnsupportedHash` will be raised. Keep in mind that attacks against cryptographic hashes only get stronger with time, and that often algorithms that were once thought to be strong, diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 0118be78..1a2838f7 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -35,7 +35,7 @@ message. '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. + :class:`~cryptography.exceptions.UnsupportedHash` will be raised. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 2306c5b7..2bc25c50 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -61,7 +61,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher` will be raised. .. method:: decryptor() @@ -71,7 +71,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher` will be raised. .. _symmetric-encryption-algorithms: diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 7cc0f72f..7feb0c72 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -14,7 +14,7 @@ import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, InternalError +from cryptography.exceptions import UnsupportedCipher, InternalError from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES @@ -61,5 +61,5 @@ class TestCommonCrypto(object): cipher = Cipher( DummyCipher(), GCM(b"fake_iv_here"), backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.encryptor() diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 63168180..87ef0446 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -14,7 +14,9 @@ import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import ( + UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash +) from cryptography.hazmat.backends.interfaces import ( CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend ) @@ -34,11 +36,11 @@ class DummyCipherBackend(object): def create_symmetric_encryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm + raise UnsupportedCipher def create_symmetric_decryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm + raise UnsupportedCipher @utils.register_interface(HashBackend) @@ -51,7 +53,7 @@ class DummyHashBackend(object): def create_hash_ctx(self, algorithm): if not self.hash_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedHash @utils.register_interface(HMACBackend) @@ -64,7 +66,7 @@ class DummyHMACBackend(object): def create_hmac_ctx(self, key, algorithm): if not self.hmac_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedHash @utils.register_interface(PBKDF2HMACBackend) @@ -78,7 +80,7 @@ class DummyPBKDF2HMACBackend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): if not self.pbkdf2_hmac_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedHash @utils.register_interface(RSABackend) @@ -119,9 +121,9 @@ class TestMultiBackend(object): modes.CBC(b"\x00" * 16), backend=backend ) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.encryptor() - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.decryptor() def test_hashes(self): @@ -132,7 +134,7 @@ class TestMultiBackend(object): hashes.Hash(hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): @@ -143,7 +145,7 @@ class TestMultiBackend(object): hmac.HMAC(b"", hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): @@ -154,7 +156,7 @@ class TestMultiBackend(object): backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") def test_rsa(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 42c1b395..c6792185 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -14,7 +14,9 @@ import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, InternalError +from cryptography.exceptions import ( + UnsupportedCipher, UnsupportedHash, InternalError +) from cryptography.hazmat.backends.openssl.backend import backend, Backend from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.ciphers import Cipher @@ -68,7 +70,7 @@ class TestOpenSSL(object): cipher = Cipher( DummyCipher(), mode, backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.encryptor() def test_consume_errors(self): @@ -130,7 +132,7 @@ class TestOpenSSL(object): def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): if backend.pbkdf2_hmac_supported(hashes.SHA256()): pytest.skip("Requires an older OpenSSL") - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") # This test is not in the next class because to check if it's really diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index f758ffaa..8ff00fd9 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,9 +18,7 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import ( - UnsupportedAlgorithm, AlreadyFinalized, -) +from cryptography.exceptions import UnsupportedCipher, AlreadyFinalized from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes @@ -116,10 +114,10 @@ class TestCipherContext(object): cipher = Cipher( DummyCipher(), mode, backend ) - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.encryptor() - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedCipher): cipher.decryptor() def test_incorrectly_padded(self, backend): diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 9ca2feee..fc53d635 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,7 +20,7 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.exceptions import AlreadyFinalized, UnsupportedHash from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test @@ -65,7 +65,7 @@ class TestHashContext(object): h.finalize() def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): hashes.Hash(UnsupportedDummyHash(), backend) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index dd9cdaab..88bed52c 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,7 +21,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedAlgorithm, InvalidSignature + AlreadyFinalized, UnsupportedHash, InvalidSignature ) from cryptography.hazmat.primitives import hashes, hmac, interfaces @@ -102,5 +102,5 @@ class TestHMAC(object): h.verify(six.u('')) def test_unsupported_hash(self, backend): - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): hmac.HMAC(b"key", UnsupportedDummyHash(), backend) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index 6ad225a8..f895935b 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,7 +18,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedAlgorithm, AlreadyFinalized + InvalidKey, UnsupportedHash, AlreadyFinalized ) from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC @@ -48,7 +48,7 @@ class TestPBKDF2HMAC(object): kdf.verify(b"password", key) def test_unsupported_algorithm(self): - with pytest.raises(UnsupportedAlgorithm): + with pytest.raises(UnsupportedHash): PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) def test_invalid_key(self): |