Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_invalid_hash_algorithm(self):
req = _load_data(
os.path.join("x509", "ocsp", "req-invalid-hash-alg.der"),
ocsp.load_der_ocsp_request,
)
with pytest.raises(UnsupportedAlgorithm):
req.hash_algorithm
def test_unsupported_backend(self):
work_factor = 1024
block_size = 8
parallelization_factor = 16
length = 64
salt = b"NaCl"
backend = object()
with pytest.raises(UnsupportedAlgorithm):
Scrypt(salt, length, work_factor, block_size,
parallelization_factor, backend)
try:
return self.private_key.decrypt(
payload,
# OAEP (Optimal Asymmetric Encryption Padding) is a padding
# scheme defined in RFC 3447. It provides probabilistic
# encryption and is proven secure against several attack
# types. This is the recommended padding algorithm for RSA
# encryption.
padding.OAEP(
mgf=padding.MGF1(algorithm=_mgf1()),
algorithm=_alg(),
label=None
)
)
except UnsupportedAlgorithm as e:
# Decryption Failed
logger.error(
'Cryptography / decryption failed '
'(size=%d, alg=%s, mgf1=%s)' % (
len(payload), alg, mgf1,
)
)
logger.debug(
'Cryptography / Unsupported Algorithm: %s' % (
str(e),
)
)
except TypeError:
# Decryption Failed
logger.error(
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
self.openssl_assert(dsa_cdata != self._ffi.NULL)
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPublicKey(self, dsa_cdata, evp_pkey)
elif key_type == self._lib.EVP_PKEY_EC:
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
self.openssl_assert(ec_cdata != self._ffi.NULL)
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
elif key_type in self._dh_types:
dh_cdata = self._lib.EVP_PKEY_get1_DH(evp_pkey)
self.openssl_assert(dh_cdata != self._ffi.NULL)
dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
return _DHPublicKey(self, dh_cdata, evp_pkey)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def generate(cls):
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.x25519_supported():
raise UnsupportedAlgorithm(
"X25519 is not supported by this version of OpenSSL.",
_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
)
return backend.x25519_generate_key()
def __init__(self, backend, key, algorithm, ctx=None):
self._algorithm = algorithm
self._backend = backend
if ctx is None:
ctx = self._backend._lib.Cryptography_HMAC_CTX_new()
self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
ctx = self._backend._ffi.gc(
ctx, self._backend._lib.Cryptography_HMAC_CTX_free
)
name = self._backend._build_openssl_digest_name(algorithm)
evp_md = self._backend._lib.EVP_get_digestbyname(name)
if evp_md == self._backend._ffi.NULL:
raise UnsupportedAlgorithm(
"{0} is not a supported hash on this backend".format(name),
_Reasons.UNSUPPORTED_HASH
)
res = self._backend._lib.HMAC_Init_ex(
ctx, key, len(key), evp_md, self._backend._ffi.NULL
)
self._backend.openssl_assert(res != 0)
self._ctx = ctx
self._key = key
def _check_signature_algorithm(signature_algorithm):
if not isinstance(signature_algorithm, ec.ECDSA):
raise UnsupportedAlgorithm(
"Unsupported elliptic curve signature algorithm.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
raise ValueError("Bad decrypt. Incorrect password?")
elif errors[0][1:] in (
(
self._lib.ERR_LIB_PEM,
self._lib.PEM_F_PEM_GET_EVP_CIPHER_INFO,
self._lib.PEM_R_UNSUPPORTED_ENCRYPTION
),
(
self._lib.ERR_LIB_EVP,
self._lib.EVP_F_EVP_PBE_CIPHERINIT,
self._lib.EVP_R_UNKNOWN_PBE_ALGORITHM
)
):
raise UnsupportedAlgorithm(
"PEM data is encrypted with an unsupported cipher",
_Reasons.UNSUPPORTED_CIPHER
)
elif any(
error[1:] == (
self._lib.ERR_LIB_EVP,
self._lib.EVP_F_EVP_PKCS82PKEY,
self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM
)
for error in errors
):
raise UnsupportedAlgorithm(
"Unsupported public key algorithm.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
)
def _hash_algorithm(backend, cert_id):
asn1obj = backend._ffi.new("ASN1_OBJECT **")
res = backend._lib.OCSP_id_get0_info(
backend._ffi.NULL, asn1obj,
backend._ffi.NULL, backend._ffi.NULL, cert_id
)
backend.openssl_assert(res == 1)
backend.openssl_assert(asn1obj[0] != backend._ffi.NULL)
oid = _obj2txt(backend, asn1obj[0])
try:
return _OIDS_TO_HASH[oid]
except KeyError:
raise UnsupportedAlgorithm(
"Signature algorithm OID: {} not recognized".format(oid)
)
dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
return _DHPublicKey(self, dh_cdata, evp_pkey)
elif key_type == getattr(self._lib, "EVP_PKEY_ED25519", None):
# EVP_PKEY_ED25519 is not present in OpenSSL < 1.1.1
return _Ed25519PublicKey(self, evp_pkey)
elif key_type == getattr(self._lib, "EVP_PKEY_X448", None):
# EVP_PKEY_X448 is not present in OpenSSL < 1.1.1
return _X448PublicKey(self, evp_pkey)
elif key_type == getattr(self._lib, "EVP_PKEY_X25519", None):
# EVP_PKEY_X25519 is not present in OpenSSL < 1.1.0
return _X25519PublicKey(self, evp_pkey)
elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None):
# EVP_PKEY_X25519 is not present in OpenSSL < 1.1.1
return _Ed448PublicKey(self, evp_pkey)
else:
raise UnsupportedAlgorithm("Unsupported key type.")