Fixed #809 -- switch back to always using UnsupportedAlgorithm
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index 88766cc..d97f20c 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -14,20 +14,14 @@
from __future__ import absolute_import, division, print_function
+class _Causes(object):
+ BACKEND_MISSING_INTERFACE = 0
+
+
class UnsupportedAlgorithm(Exception):
- pass
-
-
-class UnsupportedCipher(UnsupportedAlgorithm):
- pass
-
-
-class UnsupportedHash(UnsupportedAlgorithm):
- pass
-
-
-class UnsupportedPadding(UnsupportedAlgorithm):
- pass
+ def __init__(self, message, cause=None):
+ super(UnsupportedAlgorithm, self).__init__(message)
+ self._cause = cause
class AlreadyFinalized(Exception):
@@ -60,7 +54,3 @@
class InvalidToken(Exception):
pass
-
-
-class UnsupportedInterface(Exception):
- pass
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index dc0534e..f45c91d 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash
+ InternalError, InvalidTag, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend
@@ -273,7 +273,7 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -346,7 +346,7 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -420,7 +420,7 @@
try:
methods = self._backend._hash_mapping[self.algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -463,7 +463,7 @@
try:
alg = self._backend._supported_hmac_algorithms[algorithm.name]
except KeyError:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported HMAC hash on this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 6c57b3d..35769ac 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -14,9 +14,7 @@
from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
-)
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
)
@@ -48,17 +46,21 @@
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_encryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_symmetric_decryption_ctx(self, algorithm, mode):
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_decryption_ctx(algorithm, mode)
- except UnsupportedCipher:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def hash_supported(self, algorithm):
return any(
@@ -70,9 +72,11 @@
for b in self._filtered_backends(HashBackend):
try:
return b.create_hash_ctx(algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def hmac_supported(self, algorithm):
return any(
@@ -84,9 +88,11 @@
for b in self._filtered_backends(HMACBackend):
try:
return b.create_hmac_ctx(key, algorithm)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def pbkdf2_hmac_supported(self, algorithm):
return any(
@@ -101,23 +107,31 @@
return b.derive_pbkdf2_hmac(
algorithm, length, salt, iterations, key_material
)
- except UnsupportedHash:
+ except UnsupportedAlgorithm:
pass
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def generate_rsa_private_key(self, public_exponent, key_size):
for b in self._filtered_backends(RSABackend):
return b.generate_rsa_private_key(public_exponent, key_size)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_signature_ctx(private_key, padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
for b in self._filtered_backends(RSABackend):
return b.create_rsa_verification_ctx(public_key, signature,
padding, algorithm)
- raise UnsupportedAlgorithm
+ raise UnsupportedAlgorithm(
+ "None of the constituents backends support this algorithm."
+ )
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index d2744cf..eb5f0e1 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -22,8 +22,7 @@
from cryptography import utils
from cryptography.exceptions import (
AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash,
- UnsupportedPadding
+ UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
@@ -221,7 +220,7 @@
assert res == 1
else:
if not isinstance(algorithm, hashes.SHA1):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"This version of OpenSSL only supports PBKDF2HMAC with "
"SHA1"
)
@@ -268,17 +267,14 @@
def _bn_to_int(self, bn):
if six.PY3:
# Python 3 has constant time from_bytes, so use that.
-
bn_num_bytes = (self._lib.BN_num_bits(bn) + 7) // 8
bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes)
bin_len = self._lib.BN_bn2bin(bn, bin_ptr)
assert bin_len > 0
assert bin_ptr != self._ffi.NULL
return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big")
-
else:
# Under Python 2 the best we can do is hex()
-
hex_cdata = self._lib.BN_bn2hex(bn)
assert hex_cdata != self._ffi.NULL
hex_str = self._ffi.string(hex_cdata)
@@ -295,12 +291,10 @@
if six.PY3:
# Python 3 has constant time to_bytes, so use that.
-
binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big")
bn_ptr = self._lib.BN_bin2bn(binary, len(binary), self._ffi.NULL)
assert bn_ptr != self._ffi.NULL
return bn_ptr
-
else:
# Under Python 2 the best we can do is hex()
@@ -453,7 +447,7 @@
try:
adapter = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -461,7 +455,7 @@
evp_cipher = adapter(self._backend, cipher, mode)
if evp_cipher == self._backend._ffi.NULL:
- raise UnsupportedCipher(
+ raise UnsupportedAlgorithm(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -602,7 +596,7 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode("ascii"))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -652,7 +646,7 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode('ascii'))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -738,7 +732,7 @@
"key.")
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
"supported with MGF1."
)
@@ -749,7 +743,7 @@
else:
self._finalize_method = self._finalize_pss
else:
- raise UnsupportedPadding(
+ raise UnsupportedAlgorithm(
"{0} is not supported by this backend".format(padding.name)
)
@@ -922,7 +916,7 @@
)
if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"When OpenSSL is older than 1.0.1 then only SHA1 is "
"supported with MGF1."
)
@@ -933,7 +927,10 @@
else:
self._verify_method = self._verify_pss
else:
- raise UnsupportedPadding
+ raise UnsupportedAlgorithm(
+ "OpenSSL backend doesn't support {0} for padding. Only PSS "
+ "(recommended) and PKCS1v15 are supported."
+ )
self._padding = padding
self._algorithm = algorithm
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index eb1f018..fed7485 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -319,7 +319,7 @@
RHEL/CentOS 5 this can be moved back to FUNCTIONS. */
SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*);
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *);
"""
CUSTOMIZATIONS = """
@@ -423,7 +423,7 @@
#endif
// Workaround for #794 caused by cffi const** bug.
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) {
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) {
return ctx->method;
}
"""
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index cbef8e3..6fe6a26 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -16,7 +16,7 @@
import six
from cryptography import utils
-from cryptography.exceptions import UnsupportedInterface
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import RSABackend
from cryptography.hazmat.primitives import interfaces
@@ -44,7 +44,7 @@
def verifier(self, signature, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.create_rsa_verification_ctx(self, signature, padding,
@@ -135,14 +135,14 @@
@classmethod
def generate(cls, public_exponent, key_size, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.generate_rsa_private_key(public_exponent, key_size)
def signer(self, padding, algorithm, backend):
if not isinstance(backend, RSABackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement RSABackend")
return backend.create_rsa_signature_ctx(self, padding, algorithm)
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index f5dd2ed..f6c964d 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -15,7 +15,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface
+ AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives import interfaces
@@ -24,7 +24,7 @@
class Cipher(object):
def __init__(self, algorithm, mode, backend):
if not isinstance(backend, CipherBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement CipherBackend")
if not isinstance(algorithm, interfaces.CipherAlgorithm):
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 409f564..d110c82 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -16,7 +16,7 @@
import six
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface
+from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import interfaces
@@ -25,7 +25,7 @@
class Hash(object):
def __init__(self, algorithm, backend, ctx=None):
if not isinstance(backend, HashBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HashBackend")
if not isinstance(algorithm, interfaces.HashAlgorithm):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 0bcbb3c..3dfabef 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,7 +27,7 @@
class HMAC(object):
def __init__(self, key, algorithm, backend, ctx=None):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HMACBackend")
if not isinstance(algorithm, interfaces.HashAlgorithm):
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 95396fe..2a733b9 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac, interfaces
@@ -27,7 +27,7 @@
class HKDF(object):
def __init__(self, algorithm, length, salt, info, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement HMACBackend")
self._algorithm = algorithm
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 705e45d..ab1e368 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -27,11 +27,11 @@
class PBKDF2HMAC(object):
def __init__(self, algorithm, length, salt, iterations, backend):
if not isinstance(backend, PBKDF2HMACBackend):
- raise UnsupportedInterface(
+ raise UnsupportedAlgorithm(
"Backend object does not implement PBKDF2HMACBackend")
if not backend.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedHash(
+ raise UnsupportedAlgorithm(
"{0} is not supported for PBKDF2 by this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 34f820c..bac23d1 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -17,7 +17,7 @@
import six
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time, hmac
from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
@@ -26,8 +26,10 @@
class HOTP(object):
def __init__(self, key, length, algorithm, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Causes.BACKEND_MISSING_INTERFACE
+ )
if len(key) < 16:
raise ValueError("Key length has to be at least 128 bits.")
diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py
index 08510ef..d016239 100644
--- a/cryptography/hazmat/primitives/twofactor/totp.py
+++ b/cryptography/hazmat/primitives/twofactor/totp.py
@@ -13,7 +13,7 @@
from __future__ import absolute_import, division, print_function
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, UnsupportedAlgorithm, _Causes
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import constant_time
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
@@ -22,8 +22,10 @@
class TOTP(object):
def __init__(self, key, length, algorithm, time_step, backend):
if not isinstance(backend, HMACBackend):
- raise UnsupportedInterface(
- "Backend object does not implement HMACBackend")
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement HMACBackend",
+ _Causes.BACKEND_MISSING_INTERFACE
+ )
self._time_step = time_step
self._hotp = HOTP(key, length, algorithm, backend)
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index e5010eb..28da8ec 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -3,6 +3,13 @@
.. currentmodule:: cryptography.exceptions
+
+.. class:: UnsupportedAlgorithm
+
+ Raised when the requested algorithm, or combination of algorithms is not
+ supported.
+
+
.. class:: AlreadyFinalized
This is raised when a context is used after being finalized.
@@ -25,25 +32,6 @@
This is raised when additional data is added to a context after update
has already been called.
-.. class:: UnsupportedCipher
-
- .. versionadded:: 0.3
-
- This is raised when a backend doesn't support the requested cipher
- algorithm and mode combination.
-
-.. class:: UnsupportedHash
-
- .. versionadded:: 0.3
-
- This is raised when a backend doesn't support the requested hash algorithm.
-
-.. class:: UnsupportedPadding
-
- .. versionadded:: 0.3
-
- This is raised when the requested padding is not supported by the backend.
-
.. class:: InvalidKey
@@ -55,10 +43,3 @@
This is raised when the verify method of a one time password function's
computed token does not match the expected token.
-
-.. class:: UnsupportedInterface
-
- .. versionadded:: 0.3
-
- This is raised when the provided backend does not support the required
- interface.
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 57c8eec..182e35d 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -50,7 +50,7 @@
provider.
:return: A new instance of ``RSAPrivateKey``.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.RSABackend`
@@ -100,9 +100,16 @@
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if
+ the backend does not support the chosen hash or padding algorithm.
+ If the padding is
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+ with the
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+ mask generation function it may also refer to the ``MGF1`` hash
+ algorithm.
:raises TypeError: This is raised when the padding is not an
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
@@ -111,17 +118,6 @@
:raises ValueError: This is raised when the chosen hash algorithm is
too large for the key size.
- :raises UnsupportedHash: This is raised when the backend does not
- support the chosen hash algorithm. If the padding is
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
- with the
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
- mask generation function it may also refer to the `MGF1` hash
- algorithm.
-
- :raises UnsupportedPadding: This is raised when the backend does not
- support the chosen padding.
-
.. class:: RSAPublicKey(public_exponent, modulus)
@@ -205,9 +201,16 @@
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if
+ the backend does not support the chosen hash or padding algorithm.
+ If the padding is
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+ with the
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+ mask generation function it may also refer to the ``MGF1`` hash
+ algorithm.
:raises TypeError: This is raised when the padding is not an
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
@@ -216,16 +219,6 @@
:raises ValueError: This is raised when the chosen hash algorithm is
too large for the key size.
- :raises UnsupportedHash: This is raised when the backend does not
- support the chosen hash algorithm. If the padding is
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
- with the
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
- mask generation function it may also refer to the `MGF1` hash
- algorithm.
-
- :raises UnsupportedPadding: This is raised when the backend does not
- support the chosen padding.
.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index c318fee..773d97f 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -29,7 +29,8 @@
'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised.
+ :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
+ raised.
Keep in mind that attacks against cryptographic hashes only get stronger
with time, and that often algorithms that were once thought to be strong,
@@ -45,7 +46,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst
index 5d511bc..11b1073 100644
--- a/docs/hazmat/primitives/hmac.rst
+++ b/docs/hazmat/primitives/hmac.rst
@@ -35,7 +35,8 @@
'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised.
+ :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
+ raised.
To check that a given signature is correct use the :meth:`verify` method.
You will receive an exception if the signature is wrong:
@@ -56,7 +57,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index 6196d95..269f949 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -84,7 +84,7 @@
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
@@ -187,7 +187,7 @@
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index f7e8d5b..28de611 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -56,7 +56,7 @@
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
provider.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
@@ -67,7 +67,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher`
+ and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. method:: decryptor()
@@ -77,7 +77,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher`
+ and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. _symmetric-encryption-algorithms:
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst
index e9f5c7f..f19cf0e 100644
--- a/docs/hazmat/primitives/twofactor.rst
+++ b/docs/hazmat/primitives/twofactor.rst
@@ -52,7 +52,7 @@
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
:class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
``length`` parameter is not an integer.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
@@ -151,7 +151,7 @@
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
:class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
``length`` parameter is not an integer.
- :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 72ed61c..dc6c8c5 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -16,7 +16,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import InternalError, UnsupportedCipher
+from cryptography.exceptions import InternalError, UnsupportedAlgorithm
from cryptography.hazmat.bindings.commoncrypto.binding import Binding
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers.algorithms import AES
@@ -63,5 +63,5 @@
cipher = Cipher(
DummyCipher(), GCM(b"fake_iv_here"), backend=b,
)
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.encryptor()
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index c5c0d82..7ab9e44 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -16,9 +16,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
-)
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
)
@@ -38,11 +36,11 @@
def create_symmetric_encryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(None)
def create_symmetric_decryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedCipher
+ raise UnsupportedAlgorithm(None)
@utils.register_interface(HashBackend)
@@ -55,7 +53,7 @@
def create_hash_ctx(self, algorithm):
if not self.hash_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(None)
@utils.register_interface(HMACBackend)
@@ -68,7 +66,7 @@
def create_hmac_ctx(self, key, algorithm):
if not self.hmac_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(None)
@utils.register_interface(PBKDF2HMACBackend)
@@ -82,7 +80,7 @@
def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
key_material):
if not self.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedHash
+ raise UnsupportedAlgorithm(None)
@utils.register_interface(RSABackend)
@@ -123,9 +121,9 @@
modes.CBC(b"\x00" * 16),
backend=backend
)
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.encryptor()
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.decryptor()
def test_hashes(self):
@@ -136,7 +134,7 @@
hashes.Hash(hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
@@ -147,7 +145,7 @@
hmac.HMAC(b"", hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_pbkdf2(self):
@@ -158,7 +156,7 @@
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_rsa(self):
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 3747f43..fdc661f 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -16,9 +16,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import (
- InternalError, UnsupportedCipher, UnsupportedHash
-)
+from cryptography.exceptions import InternalError, UnsupportedAlgorithm
from cryptography.hazmat.backends.openssl.backend import Backend, backend
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
@@ -78,7 +76,7 @@
cipher = Cipher(
DummyCipher(), mode, backend=b,
)
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.encryptor()
def test_consume_errors(self):
@@ -140,7 +138,7 @@
def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self):
if backend.pbkdf2_hmac_supported(hashes.SHA256()):
pytest.skip("Requires an older OpenSSL")
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
@pytest.mark.skipif(
@@ -153,7 +151,7 @@
key_size=512,
backend=backend
)
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
private_key.signer(
padding.PSS(
mgf=padding.MGF1(
@@ -165,7 +163,7 @@
backend
)
public_key = private_key.public_key()
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
public_key.verifier(
b"sig",
padding.PSS(
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index f2dab6c..e9ea7fb 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -18,7 +18,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher
+from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers import (
Cipher, algorithms, modes
@@ -114,10 +114,10 @@
cipher = Cipher(
DummyCipher(), mode, backend
)
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.encryptor()
- with pytest.raises(UnsupportedCipher):
+ with pytest.raises(UnsupportedAlgorithm):
cipher.decryptor()
def test_incorrectly_padded(self, backend):
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index 1bea0bd..827b3b9 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -17,7 +17,7 @@
import pytest
-from cryptography.exceptions import UnsupportedInterface
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.primitives import ciphers
from cryptography.hazmat.primitives.ciphers.algorithms import (
AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES
@@ -128,5 +128,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend)
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 5b318f6..ce8e92a 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -20,9 +20,7 @@
import six
from cryptography import utils
-from cryptography.exceptions import (
- AlreadyFinalized, UnsupportedHash, UnsupportedInterface
-)
+from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import HashBackend
from cryptography.hazmat.primitives import hashes, interfaces
@@ -72,7 +70,7 @@
h.finalize()
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(UnsupportedDummyHash(), backend)
@@ -183,5 +181,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py
index 367addc..b3d412c 100644
--- a/tests/hazmat/primitives/test_hkdf.py
+++ b/tests/hazmat/primitives/test_hkdf.py
@@ -18,7 +18,7 @@
import six
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
@@ -152,5 +152,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
HKDF(hashes.SHA256(), 16, None, None, pretend_backend)
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 1065359..cdf8909 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -21,7 +21,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm
)
from cryptography.hazmat.backends.interfaces import HMACBackend
from cryptography.hazmat.primitives import hashes, hmac, interfaces
@@ -106,12 +106,12 @@
h.verify(six.u(''))
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"key", UnsupportedDummyHash(), backend)
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"key", hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py
index 585693e..ebc5fbf 100644
--- a/tests/hazmat/primitives/test_pbkdf2hmac.py
+++ b/tests/hazmat/primitives/test_pbkdf2hmac.py
@@ -18,7 +18,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
+ AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
)
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, interfaces
@@ -48,7 +48,7 @@
kdf.verify(b"password", key)
def test_unsupported_algorithm(self):
- with pytest.raises(UnsupportedHash):
+ with pytest.raises(UnsupportedAlgorithm):
PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend())
def test_invalid_key(self):
@@ -72,5 +72,5 @@
def test_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index eb7e1e6..2d3ce09 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -21,9 +21,9 @@
import pytest
-from cryptography import exceptions, utils
+from cryptography import utils
from cryptography.exceptions import (
- UnsupportedAlgorithm, UnsupportedInterface
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm
)
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
@@ -398,7 +398,7 @@
def test_rsa_generate_invalid_backend():
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
@@ -594,9 +594,9 @@
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(b"sign me")
signer.finalize()
- with pytest.raises(exceptions.AlreadyFinalized):
+ with pytest.raises(AlreadyFinalized):
signer.finalize()
- with pytest.raises(exceptions.AlreadyFinalized):
+ with pytest.raises(AlreadyFinalized):
signer.update(b"more data")
def test_unsupported_padding(self, backend):
@@ -605,7 +605,7 @@
key_size=512,
backend=backend
)
- with pytest.raises(exceptions.UnsupportedPadding):
+ with pytest.raises(UnsupportedAlgorithm):
private_key.signer(DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
@@ -621,7 +621,7 @@
pretend_backend = object()
private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
private_key.signer(
padding.PKCS1v15(), hashes.SHA256, pretend_backend)
@@ -678,7 +678,7 @@
backend
)
verifier.update(b"incorrect data")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
def test_invalid_pkcs1v15_signature_wrong_key(self, backend):
@@ -703,7 +703,7 @@
backend
)
verifier.update(b"sign me")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
@pytest.mark.parametrize(
@@ -759,7 +759,7 @@
backend
)
verifier.update(b"incorrect data")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
def test_invalid_pss_signature_wrong_key(self, backend):
@@ -789,7 +789,7 @@
backend
)
verifier.update(b"sign me")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
def test_invalid_pss_signature_data_too_large_for_modulus(self, backend):
@@ -819,7 +819,7 @@
backend
)
verifier.update(b"sign me")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
def test_use_after_finalize(self, backend):
@@ -841,9 +841,9 @@
)
verifier.update(b"sign me")
verifier.verify()
- with pytest.raises(exceptions.AlreadyFinalized):
+ with pytest.raises(AlreadyFinalized):
verifier.verify()
- with pytest.raises(exceptions.AlreadyFinalized):
+ with pytest.raises(AlreadyFinalized):
verifier.update(b"more data")
def test_unsupported_padding(self, backend):
@@ -853,7 +853,7 @@
backend=backend
)
public_key = private_key.public_key()
- with pytest.raises(exceptions.UnsupportedPadding):
+ with pytest.raises(UnsupportedAlgorithm):
public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
@@ -871,7 +871,7 @@
private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
public_key = private_key.public_key()
- with pytest.raises(UnsupportedInterface):
+ with pytest.raises(UnsupportedAlgorithm):
public_key.verifier(
b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
@@ -939,7 +939,7 @@
backend
)
verifier.update(b"sign me")
- with pytest.raises(exceptions.InvalidSignature):
+ with pytest.raises(InvalidSignature):
verifier.verify()
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index 4bb7c6b..b2b2677 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -17,12 +17,14 @@
import pytest
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, _Causes
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.hashes import MD5, SHA1
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
-from ....utils import load_nist_vectors, load_vectors_from_file
+from ....utils import (
+ load_nist_vectors, load_vectors_from_file, raises_unsupported
+)
vectors = load_vectors_from_file(
"twofactor/rfc-4226.txt", load_nist_vectors)
@@ -103,5 +105,5 @@
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE):
HOTP(secret, 8, hashes.SHA1(), pretend_backend)
diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
index d5b0a8e..208b0ee 100644
--- a/tests/hazmat/primitives/twofactor/test_totp.py
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -15,11 +15,13 @@
import pytest
-from cryptography.exceptions import InvalidToken, UnsupportedInterface
+from cryptography.exceptions import InvalidToken, _Causes
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.twofactor.totp import TOTP
-from ....utils import load_nist_vectors, load_vectors_from_file
+from ....utils import (
+ load_nist_vectors, load_vectors_from_file, raises_unsupported
+)
vectors = load_vectors_from_file(
"twofactor/rfc-6238.txt", load_nist_vectors)
@@ -137,5 +139,5 @@
pretend_backend = object()
- with pytest.raises(UnsupportedInterface):
+ with raises_unsupported(_Causes.BACKEND_MISSING_INTERFACE):
TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend)
diff --git a/tests/utils.py b/tests/utils.py
index 3e35970..fbe448f 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -14,11 +14,13 @@
from __future__ import absolute_import, division, print_function
import collections
+from contextlib import contextmanager
import pytest
import six
+from cryptography.exceptions import UnsupportedAlgorithm
import cryptography_vectors
@@ -67,6 +69,13 @@
"backend")
+@contextmanager
+def raises_unsupported(cause):
+ with pytest.raises(UnsupportedAlgorithm) as exc_info:
+ yield
+ assert exc_info.value._cause == cause
+
+
def load_vectors_from_file(filename, loader):
with cryptography_vectors.open_vector_file(filename) as vector_file:
return loader(vector_file)