Merge pull request #849 from public/changeup-exceptions-2-electric-boogaloo
Use a single tagged exception instead of a hierarchy
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index 88766cc..4b4d4c3 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -14,20 +14,17 @@
from __future__ import absolute_import, division, print_function
+class _Reasons(object):
+ BACKEND_MISSING_INTERFACE = object()
+ UNSUPPORTED_HASH = object()
+ UNSUPPORTED_CIPHER = object()
+ UNSUPPORTED_PADDING = object()
+
+
class UnsupportedAlgorithm(Exception):
- pass
-
-
-class UnsupportedCipher(UnsupportedAlgorithm):
- pass
-
-
-class UnsupportedHash(UnsupportedAlgorithm):
- pass
-
-
-class UnsupportedPadding(UnsupportedAlgorithm):
- pass
+ def __init__(self, message, reason=None):
+ super(UnsupportedAlgorithm, self).__init__(message)
+ self._reason = reason
class AlreadyFinalized(Exception):
@@ -60,7 +57,3 @@
class InvalidToken(Exception):
pass
-
-
-class UnsupportedInterface(Exception):
- pass
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index dc0534e..4faca73 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash
+ InternalError, InvalidTag, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend
@@ -273,10 +273,11 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
ctx = self._backend._ffi.new("CCCryptorRef *")
@@ -346,10 +347,11 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
ctx = self._backend._ffi.new("CCCryptorRef *")
@@ -420,9 +422,10 @@
try:
methods = self._backend._hash_mapping[self.algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
ctx = self._backend._ffi.new(methods.ctx)
res = methods.hash_init(ctx)
@@ -463,9 +466,10 @@
try:
alg = self._backend._supported_hmac_algorithms[algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported HMAC hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
self._backend._lib.CCHmacInit(ctx, alg, key, len(key))
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 6c57b3d..2a1ec43 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -14,9 +14,7 @@
from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
-)
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
)
@@ -48,17 +46,25 @@
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_encryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "cipher {0} in {1} mode is not supported by this backend".format(
+ algorithm.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
+ )
def create_symmetric_decryption_ctx(self, algorithm, mode):
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_decryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "cipher {0} in {1} mode is not supported by this backend".format(
+ algorithm.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
+ )
def hash_supported(self, algorithm):
return any(
@@ -70,9 +76,13 @@
for b in self._filtered_backends(HashBackend):
try:
return b.create_hash_ctx(algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
+ )
def hmac_supported(self, algorithm):
return any(
@@ -84,9 +94,13 @@
for b in self._filtered_backends(HMACBackend):
try:
return b.create_hmac_ctx(key, algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
+ )
def pbkdf2_hmac_supported(self, algorithm):
return any(
@@ -101,23 +115,27 @@
return b.derive_pbkdf2_hmac(
algorithm, length, salt, iterations, key_material
)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "{0} is not a supported hash on this backend".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
+ )
def generate_rsa_private_key(self, public_exponent, key_size):
for b in self._filtered_backends(RSABackend):
return b.generate_rsa_private_key(public_exponent, key_size)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_signature_ctx(private_key, padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_verification_ctx(public_key, signature,
padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm("RSA is not supported by the backend")
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index d2744cf..753717d 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -22,8 +22,7 @@
from cryptography import utils
from cryptography.exceptions import (
AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash,
- UnsupportedPadding
+ UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
@@ -221,9 +220,10 @@
assert res == 1
else:
if not isinstance(algorithm, hashes.SHA1):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"This version of OpenSSL only supports PBKDF2HMAC with "
- "SHA1"
+ "SHA1",
+ _Reasons.UNSUPPORTED_HASH
)
res = self._lib.PKCS5_PBKDF2_HMAC_SHA1(
key_material,
@@ -453,18 +453,20 @@
try:
adapter = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
evp_cipher = adapter(self._backend, cipher, mode)
if evp_cipher == self._backend._ffi.NULL:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
- cipher.name, mode.name if mode else mode)
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
)
if isinstance(mode, interfaces.ModeWithInitializationVector):
@@ -602,9 +604,10 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode("ascii"))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
self._backend._ffi.NULL)
@@ -652,9 +655,10 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode('ascii'))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
res = self._backend._lib.Cryptography_HMAC_Init_ex(
ctx, key, len(key), evp_md, self._backend._ffi.NULL
@@ -738,9 +742,10 @@
"key.")
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1."
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
)
if self._backend._lib.Cryptography_HAS_PKEY_CTX:
@@ -749,8 +754,9 @@
else:
self._finalize_method = self._finalize_pss
else:
- raise UnsupportedPadding(
- "{0} is not supported by this backend".format(padding.name)
+ raise UnsupportedAlgorithm(
+ "{0} is not supported by this backend".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
)
self._padding = padding
@@ -922,9 +928,10 @@
)
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1."
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
)
if self._backend._lib.Cryptography_HAS_PKEY_CTX:
@@ -933,7 +940,10 @@
else:
self._verify_method = self._verify_pss
else:
- raise UnsupportedPadding
+ raise UnsupportedAlgorithm(
+ "{0} is not supported by this backend".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
+ )
self._padding = padding
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index cbef8e3..94cc464 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -16,7 +16,7 @@
import six
from cryptography import utils
-from cryptography.exceptions import UnsupportedInterface
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import RSABackend
from cryptography.hazmat.primitives import interfaces
@@ -44,8 +44,10 @@
def verifier(self, signature, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
- "Backend object does not implement RSABackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.create_rsa_verification_ctx(self, signature, padding,
algorithm)
@@ -135,15 +137,19 @@
@classmethod
def generate(cls, public_exponent, key_size, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
- "Backend object does not implement RSABackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.generate_rsa_private_key(public_exponent, key_size)
def signer(self, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
- "Backend object does not implement RSABackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement RSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
return backend.create_rsa_signature_ctx(self, padding, algorithm)
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index f5dd2ed..2274e94 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -15,7 +15,8 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface
+ AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm,
+ _Reasons
)
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives import interfaces
@@ -24,8 +25,10 @@
class Cipher(object):
def __init__(self, algorithm, mode, backend):
if not isinstance(backend, CipherBackend):
- raise UnsupportedInterface(
- "Backend object does not implement CipherBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement CipherBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.CipherAlgorithm):
raise TypeError("Expected interface of interfaces.CipherAlgorithm")
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 409f564..35b677b 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -16,7 +16,9 @@
import six
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface
+from cryptography.exceptions import (
+ AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+)
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import interfaces
@@ -25,8 +27,10 @@
class Hash(object):
def __init__(self, algorithm, backend, ctx=None):
if not isinstance(backend, HashBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HashBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HashBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 0bcbb3c..afbb2f7 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,8 +27,10 @@
class HMAC(object):
def __init__(self, key, algorithm, backend, ctx=None):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 95396fe..03500aa 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac, interfaces
@@ -27,8 +27,10 @@
class HKDF(object):
def __init__(self, algorithm, length, salt, info, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 705e45d..bec35bb 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,13 +27,16 @@
class PBKDF2HMAC(object):
def __init__(self, algorithm, length, salt, iterations, backend):
if not isinstance(backend, PBKDF2HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement PBKDF2HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement PBKDF2HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if not backend.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not supported for PBKDF2 by this backend".format(
- algorithm.name)
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
)
self._used = False
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 34f820c..41c467c 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -17,7 +17,9 @@
import six
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import (
+ InvalidToken, UnsupportedAlgorithm, _Reasons
+)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac
from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
@@ -26,8 +28,10 @@
class HOTP(object):
def __init__(self, key, length, algorithm, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
if len(key) < 16:
raise ValueError("Key length has to be at least 128 bits.")
diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py
index 08510ef..e55ba00 100644
--- a/cryptography/hazmat/primitives/twofactor/totp.py
+++ b/cryptography/hazmat/primitives/twofactor/totp.py
@@ -13,7 +13,9 @@
from __future__ import absolute_import, division, print_function
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import (
+ InvalidToken, UnsupportedAlgorithm, _Reasons
+)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
@@ -22,8 +24,10 @@
class TOTP(object):
def __init__(self, key, length, algorithm, time_step, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
self._time_step = time_step
self._hotp = HOTP(key, length, algorithm, backend)
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index e5010eb..28da8ec 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -3,6 +3,13 @@
.. currentmodule:: cryptography.exceptions
+
+.. class:: UnsupportedAlgorithm
+
+ Raised when the requested algorithm, or combination of algorithms is not
+ supported.
+
+
.. class:: AlreadyFinalized
This is raised when a context is used after being finalized.
@@ -25,25 +32,6 @@
This is raised when additional data is added to a context after update
has already been called.
-.. class:: UnsupportedCipher
-
- .. versionadded:: 0.3
-
- This is raised when a backend doesn't support the requested cipher
- algorithm and mode combination.
-
-.. class:: UnsupportedHash
-
- .. versionadded:: 0.3
-
- This is raised when a backend doesn't support the requested hash algorithm.
-
-.. class:: UnsupportedPadding
-
- .. versionadded:: 0.3
-
- This is raised when the requested padding is not supported by the backend.
-
.. class:: InvalidKey
@@ -55,10 +43,3 @@
This is raised when the verify method of a one time password function's
computed token does not match the expected token.
-
-.. class:: UnsupportedInterface
-
- .. versionadded:: 0.3
-
- This is raised when the provided backend does not support the required
- interface.
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 57c8eec..182e35d 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -50,7 +50,7 @@
provider.
:return: A new instance of ``RSAPrivateKey``.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.RSABackend`
@@ -100,9 +100,16 @@
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if
+ the backend does not support the chosen hash or padding algorithm.
+ If the padding is
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+ with the
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+ mask generation function it may also refer to the ``MGF1`` hash
+ algorithm.
:raises TypeError: This is raised when the padding is not an
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
@@ -111,17 +118,6 @@
:raises ValueError: This is raised when the chosen hash algorithm is
too large for the key size.
- :raises UnsupportedHash: This is raised when the backend does not
- support the chosen hash algorithm. If the padding is
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
- with the
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
- mask generation function it may also refer to the `MGF1` hash
- algorithm.
-
- :raises UnsupportedPadding: This is raised when the backend does not
- support the chosen padding.
-
.. class:: RSAPublicKey(public_exponent, modulus)
@@ -205,9 +201,16 @@
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if
+ the backend does not support the chosen hash or padding algorithm.
+ If the padding is
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+ with the
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+ mask generation function it may also refer to the ``MGF1`` hash
+ algorithm.
:raises TypeError: This is raised when the padding is not an
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
@@ -216,16 +219,6 @@
:raises ValueError: This is raised when the chosen hash algorithm is
too large for the key size.
- :raises UnsupportedHash: This is raised when the backend does not
- support the chosen hash algorithm. If the padding is
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
- with the
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
- mask generation function it may also refer to the `MGF1` hash
- algorithm.
-
- :raises UnsupportedPadding: This is raised when the backend does not
- support the chosen padding.
.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index c318fee..773d97f 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -29,7 +29,8 @@
'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised.
+ :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
+ raised.
Keep in mind that attacks against cryptographic hashes only get stronger
with time, and that often algorithms that were once thought to be strong,
@@ -45,7 +46,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst
index 5d511bc..11b1073 100644
--- a/docs/hazmat/primitives/hmac.rst
+++ b/docs/hazmat/primitives/hmac.rst
@@ -35,7 +35,8 @@
'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised.
+ :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
+ raised.
To check that a given signature is correct use the :meth:`verify` method.
You will receive an exception if the signature is wrong:
@@ -56,7 +57,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index 6196d95..269f949 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -84,7 +84,7 @@
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
@@ -187,7 +187,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index f7e8d5b..28de611 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -56,7 +56,7 @@
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
@@ -67,7 +67,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher`
+ and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. method:: decryptor()
@@ -77,7 +77,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher`
+ and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. _symmetric-encryption-algorithms:
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst
index e9f5c7f..f19cf0e 100644
--- a/docs/hazmat/primitives/twofactor.rst
+++ b/docs/hazmat/primitives/twofactor.rst
@@ -52,7 +52,7 @@
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
:class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
``length`` parameter is not an integer.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
@@ -151,7 +151,7 @@
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
:class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
``length`` parameter is not an integer.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 72ed61c..7c703f6 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -16,13 +16,15 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import InternalError, UnsupportedCipher
+from cryptography.exceptions import InternalError, _Reasons
from cryptography.hazmat.bindings.commoncrypto.binding import Binding
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers.algorithms import AES
from cryptography.hazmat.primitives.ciphers.base import Cipher
from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM
+from ...utils import raises_unsupported_algorithm
+
@utils.register_interface(interfaces.CipherAlgorithm)
class DummyCipher(object):
@@ -63,5 +65,5 @@
cipher = Cipher(
DummyCipher(), GCM(b"fake_iv_here"), backend=b,
)
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index c5c0d82..b7bcaf6 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
+ UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
@@ -27,6 +27,8 @@
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from ...utils import raises_unsupported_algorithm
+
@utils.register_interface(CipherBackend)
class DummyCipherBackend(object):
@@ -38,11 +40,11 @@
def create_symmetric_encryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER)
def create_symmetric_decryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER)
@utils.register_interface(HashBackend)
@@ -55,7 +57,7 @@
def create_hash_ctx(self, algorithm):
if not self.hash_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH)
@utils.register_interface(HMACBackend)
@@ -68,7 +70,7 @@
def create_hmac_ctx(self, key, algorithm):
if not self.hmac_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH)
@utils.register_interface(PBKDF2HMACBackend)
@@ -82,7 +84,7 @@
def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
key_material):
if not self.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH)
@utils.register_interface(RSABackend)
@@ -123,9 +125,9 @@
modes.CBC(b"\x00" * 16),
backend=backend
)
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.decryptor()
def test_hashes(self):
@@ -136,7 +138,7 @@
hashes.Hash(hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
@@ -147,7 +149,7 @@
hmac.HMAC(b"", hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_pbkdf2(self):
@@ -158,7 +160,7 @@
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_rsa(self):
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 3747f43..016da0f 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- InternalError, UnsupportedCipher, UnsupportedHash
+ InternalError, _Reasons
)
from cryptography.hazmat.backends.openssl.backend import Backend, backend
from cryptography.hazmat.primitives import hashes, interfaces
@@ -26,6 +26,8 @@
from cryptography.hazmat.primitives.ciphers.algorithms import AES
from cryptography.hazmat.primitives.ciphers.modes import CBC
+from ...utils import raises_unsupported_algorithm
+
@utils.register_interface(interfaces.Mode)
class DummyMode(object):
@@ -78,7 +80,7 @@
cipher = Cipher(
DummyCipher(), mode, backend=b,
)
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
def test_consume_errors(self):
@@ -140,7 +142,7 @@
def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self):
if backend.pbkdf2_hmac_supported(hashes.SHA256()):
pytest.skip("Requires an older OpenSSL")
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
@pytest.mark.skipif(
@@ -153,7 +155,7 @@
key_size=512,
backend=backend
)
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
private_key.signer(
padding.PSS(
mgf=padding.MGF1(
@@ -165,7 +167,7 @@
backend
)
public_key = private_key.public_key()
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
public_key.verifier(
b"sig",
padding.PSS(
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index f2dab6c..68d6c84 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -18,7 +18,9 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher
+from cryptography.exceptions import (
+ AlreadyFinalized, _Reasons
+)
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers import (
Cipher, algorithms, modes
@@ -27,6 +29,7 @@
from .utils import (
generate_aead_exception_test, generate_aead_tag_exception_test
)
+from ...utils import raises_unsupported_algorithm
@utils.register_interface(interfaces.Mode)
@@ -114,10 +117,10 @@
cipher = Cipher(
DummyCipher(), mode, backend
)
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
- with pytest.raises(UnsupportedCipher):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.decryptor()
def test_incorrectly_padded(self, backend):
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index 1bea0bd..9f8123e 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -17,13 +17,15 @@
import pytest
-from cryptography.exceptions import UnsupportedInterface
+from cryptography.exceptions import _Reasons
from cryptography.hazmat.primitives import ciphers
from cryptography.hazmat.primitives.ciphers.algorithms import (
AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES
)
from cryptography.hazmat.primitives.ciphers.modes import ECB
+from ...utils import raises_unsupported_algorithm
+
class TestAES(object):
@pytest.mark.parametrize(("key", "keysize"), [
@@ -128,5 +130,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend)
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 5b318f6..ffd65bd 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -21,12 +21,13 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, _Reasons
)
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import hashes, interfaces
from .utils import generate_base_hash_test
+from ...utils import raises_unsupported_algorithm
@utils.register_interface(interfaces.HashAlgorithm)
@@ -72,7 +73,7 @@
h.finalize()
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hashes.Hash(UnsupportedDummyHash(), backend)
@@ -183,5 +184,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
hashes.Hash(hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py
index 367addc..2e3c0c3 100644
--- a/tests/hazmat/primitives/test_hkdf.py
+++ b/tests/hazmat/primitives/test_hkdf.py
@@ -18,11 +18,13 @@
import six
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, _Reasons
)
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+from ...utils import raises_unsupported_algorithm
+
@pytest.mark.hmac
class TestHKDF(object):
@@ -152,5 +154,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
HKDF(hashes.SHA256(), 16, None, None, pretend_backend)
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 1065359..77dfb6b 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -21,12 +21,13 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import hashes, hmac, interfaces
from .utils import generate_base_hmac_test
+from ...utils import raises_unsupported_algorithm
@utils.register_interface(interfaces.HashAlgorithm)
@@ -106,12 +107,12 @@
h.verify(six.u(''))
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hmac.HMAC(b"key", UnsupportedDummyHash(), backend)
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
hmac.HMAC(b"key", hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py
index 585693e..62ca092 100644
--- a/tests/hazmat/primitives/test_pbkdf2hmac.py
+++ b/tests/hazmat/primitives/test_pbkdf2hmac.py
@@ -18,12 +18,14 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, _Reasons
)
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from ...utils import raises_unsupported_algorithm
+
@utils.register_interface(interfaces.HashAlgorithm)
class DummyHash(object):
@@ -48,7 +50,7 @@
kdf.verify(b"password", key)
def test_unsupported_algorithm(self):
- with pytest.raises(UnsupportedHash):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend())
def test_invalid_key(self):
@@ -72,5 +74,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index eb7e1e6..5d94e79 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -22,15 +22,14 @@
import pytest
from cryptography import exceptions, utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedInterface
-)
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from .utils import generate_rsa_verification_test
from ...utils import (
- load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
+ load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,
+ raises_unsupported_algorithm
)
@@ -398,7 +397,7 @@
def test_rsa_generate_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
@@ -605,7 +604,7 @@
key_size=512,
backend=backend
)
- with pytest.raises(exceptions.UnsupportedPadding):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.signer(DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
@@ -621,7 +620,7 @@
pretend_backend = object()
private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
private_key.signer(
padding.PKCS1v15(), hashes.SHA256, pretend_backend)
@@ -853,7 +852,7 @@
backend=backend
)
public_key = private_key.public_key()
- with pytest.raises(exceptions.UnsupportedPadding):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
@@ -871,7 +870,7 @@
private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
public_key = private_key.public_key()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
public_key.verifier(
b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index 4bb7c6b..803f96f 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -17,12 +17,14 @@
import pytest
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, _Reasons
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.hashes import MD5, SHA1
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
-from ....utils import load_nist_vectors, load_vectors_from_file
+from ....utils import (
+ load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm
+)
vectors = load_vectors_from_file(
"twofactor/rfc-4226.txt", load_nist_vectors)
@@ -103,5 +105,5 @@
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
HOTP(secret, 8, hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
index d5b0a8e..518d3ce 100644
--- a/tests/hazmat/primitives/twofactor/test_totp.py
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -15,11 +15,13 @@
import pytest
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, _Reasons
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.twofactor.totp import TOTP
-from ....utils import load_nist_vectors, load_vectors_from_file
+from ....utils import (
+ load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm
+)
vectors = load_vectors_from_file(
"twofactor/rfc-6238.txt", load_nist_vectors)
@@ -137,5 +139,5 @@
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend)
diff --git a/tests/test_utils.py b/tests/test_utils.py
index b63f1ba..d0b7066 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -21,13 +21,15 @@
import pytest
import cryptography
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+
import cryptography_vectors
from .utils import (
check_backend_support, check_for_iface, load_cryptrec_vectors,
load_fips_dsa_key_pair_vectors, load_hash_vectors, load_nist_vectors,
load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,
- select_backends
+ raises_unsupported_algorithm, select_backends
)
@@ -1608,3 +1610,40 @@
def test_vector_version():
assert cryptography.__version__ == cryptography_vectors.__version__
+
+
+def test_raises_unsupported_algorithm_wrong_type():
+ # Check that it raises if the wrong type of exception is raised.
+ class TestException(Exception):
+ pass
+
+ with pytest.raises(TestException):
+ with raises_unsupported_algorithm(None):
+ raise TestException
+
+
+def test_raises_unsupported_algorithm_wrong_reason():
+ # Check that it fails if the wrong reason code is raised.
+ with pytest.raises(AssertionError):
+ with raises_unsupported_algorithm(None):
+ raise UnsupportedAlgorithm("An error.",
+ _Reasons.BACKEND_MISSING_INTERFACE)
+
+
+def test_raises_unsupported_no_exc():
+ # Check that it fails if no exception is raised.
+ with pytest.raises(pytest.fail.Exception):
+ with raises_unsupported_algorithm(
+ _Reasons.BACKEND_MISSING_INTERFACE
+ ):
+ pass
+
+
+def test_raises_unsupported_algorithm():
+ # Check that it doesnt assert if the right things are raised.
+ with raises_unsupported_algorithm(
+ _Reasons.BACKEND_MISSING_INTERFACE
+ ) as exc_info:
+ raise UnsupportedAlgorithm("An error.",
+ _Reasons.BACKEND_MISSING_INTERFACE)
+ assert exc_info.type is UnsupportedAlgorithm
diff --git a/tests/utils.py b/tests/utils.py
index 3e35970..bdbf996 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -14,11 +14,13 @@
from __future__ import absolute_import, division, print_function
import collections
+from contextlib import contextmanager
import pytest
import six
+from cryptography.exceptions import UnsupportedAlgorithm
import cryptography_vectors
@@ -67,6 +69,14 @@
"backend")
+@contextmanager
+def raises_unsupported_algorithm(reason):
+ with pytest.raises(UnsupportedAlgorithm) as exc_info:
+ yield exc_info
+
+ assert exc_info.value._reason is reason
+
+
def load_vectors_from_file(filename, loader):
with cryptography_vectors.open_vector_file(filename) as vector_file:
return loader(vector_file)