Python cryptography.exceptions.UnsupportedAlgorithm() Examples

The following are 30 code examples of cryptography.exceptions.UnsupportedAlgorithm(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module cryptography.exceptions , or try the search function .
Example #1
Source File: hashes.py    From oss-ftp with MIT License 6 votes vote down vote up
def __init__(self, backend, algorithm, ctx=None):
        self._algorithm = algorithm
        self._backend = backend

        if ctx is None:
            try:
                methods = self._backend._hash_mapping[self.algorithm.name]
            except KeyError:
                raise UnsupportedAlgorithm(
                    "{0} is not a supported hash on this backend.".format(
                        algorithm.name),
                    _Reasons.UNSUPPORTED_HASH
                )
            ctx = self._backend._ffi.new(methods.ctx)
            res = methods.hash_init(ctx)
            assert res == 1

        self._ctx = ctx 
Example #2
Source File: test_transport.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def test_checkBad_KEX_INIT_CurveName(self):
        """
        Test that if the server received a bad name for a curve
        we raise an UnsupportedAlgorithm error.
        """
        kexmsg = (
            b"\xAA" * 16 +
            common.NS(b'ecdh-sha2-nistp256') +
            common.NS(b'ssh-rsa') +
            common.NS(b'aes256-ctr') +
            common.NS(b'aes256-ctr') +
            common.NS(b'hmac-sha1') +
            common.NS(b'hmac-sha1') +
            common.NS(b'none') +
            common.NS(b'none') +
            common.NS(b'') +
            common.NS(b'') +
            b'\x00' + b'\x00\x00\x00\x00')

        self.proto.ssh_KEXINIT(kexmsg)
        self.assertRaises(AttributeError)
        self.assertRaises(UnsupportedAlgorithm) 
Example #3
Source File: transport.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def _getSupportedCiphers():
    """
    Build a list of ciphers that are supported by the backend in use.

    @return: a list of supported ciphers.
    @rtype: L{list} of L{str}
    """
    supportedCiphers = []
    cs = [b'aes256-ctr', b'aes256-cbc', b'aes192-ctr', b'aes192-cbc',
          b'aes128-ctr', b'aes128-cbc', b'cast128-ctr', b'cast128-cbc',
          b'blowfish-ctr', b'blowfish-cbc', b'3des-ctr', b'3des-cbc']
    for cipher in cs:
        algorithmClass, keySize, modeClass = SSHCiphers.cipherMap[cipher]
        try:
            Cipher(
                algorithmClass(b' ' * keySize),
                modeClass(b' ' * (algorithmClass.block_size // 8)),
                backend=default_backend(),
            ).encryptor()
        except UnsupportedAlgorithm:
            pass
        else:
            supportedCiphers.append(cipher)
    return supportedCiphers 
Example #4
Source File: hashes.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def __init__(self, backend, algorithm, ctx=None):
        self._algorithm = algorithm
        self._backend = backend

        if ctx is None:
            try:
                methods = self._backend._hash_mapping[self.algorithm.name]
            except KeyError:
                raise UnsupportedAlgorithm(
                    "{0} is not a supported hash on this backend.".format(
                        algorithm.name),
                    _Reasons.UNSUPPORTED_HASH
                )
            ctx = self._backend._ffi.new(methods.ctx)
            res = methods.hash_init(ctx)
            assert res == 1

        self._ctx = ctx 
Example #5
Source File: hashes.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def __init__(self, backend, algorithm, ctx=None):
        self._algorithm = algorithm

        self._backend = backend

        if ctx is None:
            ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
            ctx = self._backend._ffi.gc(
                ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
            )
            name = self._backend._build_openssl_digest_name(algorithm)
            evp_md = self._backend._lib.EVP_get_digestbyname(name)
            if evp_md == self._backend._ffi.NULL:
                raise UnsupportedAlgorithm(
                    "{0} is not a supported hash on this backend.".format(
                        name),
                    _Reasons.UNSUPPORTED_HASH
                )
            res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
                                                       self._backend._ffi.NULL)
            self._backend.openssl_assert(res != 0)

        self._ctx = ctx 
Example #6
Source File: backend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def _elliptic_curve_to_nid(self, curve):
        """
        Get the NID for a curve name.
        """

        curve_aliases = {
            "secp192r1": "prime192v1",
            "secp256r1": "prime256v1"
        }

        curve_name = curve_aliases.get(curve.name, curve.name)

        curve_nid = self._lib.OBJ_sn2nid(curve_name.encode())
        if curve_nid == self._lib.NID_undef:
            raise UnsupportedAlgorithm(
                "{0} is not a supported elliptic curve".format(curve.name),
                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
            )
        return curve_nid 
Example #7
Source File: backend.py    From oss-ftp with MIT License 6 votes vote down vote up
def _elliptic_curve_to_nid(self, curve):
        """
        Get the NID for a curve name.
        """

        curve_aliases = {
            "secp192r1": "prime192v1",
            "secp256r1": "prime256v1"
        }

        curve_name = curve_aliases.get(curve.name, curve.name)

        curve_nid = self._lib.OBJ_sn2nid(curve_name.encode())
        if curve_nid == self._lib.NID_undef:
            raise UnsupportedAlgorithm(
                "{0} is not a supported elliptic curve".format(curve.name),
                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
            )
        return curve_nid 
Example #8
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_pem_private_key(self, data, password):
        for b in self._filtered_backends(PEMSerializationBackend):
            return b.load_pem_private_key(data, password)

        raise UnsupportedAlgorithm(
            "This backend does not support this key serialization.",
            _Reasons.UNSUPPORTED_SERIALIZATION
        ) 
Example #9
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def generate_rsa_private_key(self, public_exponent, key_size):
        for b in self._filtered_backends(RSABackend):
            return b.generate_rsa_private_key(public_exponent, key_size)
        raise UnsupportedAlgorithm("RSA is not supported by the backend.",
                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) 
Example #10
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def generate_rsa_parameters_supported(self, public_exponent, key_size):
        for b in self._filtered_backends(RSABackend):
            return b.generate_rsa_parameters_supported(
                public_exponent, key_size
            )
        raise UnsupportedAlgorithm("RSA is not supported by the backend.",
                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) 
Example #11
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def rsa_padding_supported(self, padding):
        for b in self._filtered_backends(RSABackend):
            return b.rsa_padding_supported(padding)
        raise UnsupportedAlgorithm("RSA is not supported by the backend.",
                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) 
Example #12
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_der_private_key(self, data, password):
        for b in self._filtered_backends(DERSerializationBackend):
            return b.load_der_private_key(data, password)

        raise UnsupportedAlgorithm(
            "This backend does not support this key serialization.",
            _Reasons.UNSUPPORTED_SERIALIZATION
        ) 
Example #13
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_elliptic_curve_private_numbers(self, numbers):
        for b in self._filtered_backends(EllipticCurveBackend):
            try:
                return b.load_elliptic_curve_private_numbers(numbers)
            except UnsupportedAlgorithm:
                continue

        raise UnsupportedAlgorithm(
            "This backend does not support this elliptic curve.",
            _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
        ) 
Example #14
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def derive_elliptic_curve_private_key(self, private_value, curve):
        for b in self._filtered_backends(EllipticCurveBackend):
            try:
                return b.derive_elliptic_curve_private_key(private_value,
                                                           curve)
            except UnsupportedAlgorithm:
                continue

        raise UnsupportedAlgorithm(
            "This backend does not support this elliptic curve.",
            _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
        ) 
Example #15
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def create_symmetric_encryption_ctx(self, cipher, mode):
        for b in self._filtered_backends(CipherBackend):
            try:
                return b.create_symmetric_encryption_ctx(cipher, mode)
            except UnsupportedAlgorithm:
                pass
        raise UnsupportedAlgorithm(
            "cipher {0} in {1} mode is not supported by this backend.".format(
                cipher.name, mode.name if mode else mode),
            _Reasons.UNSUPPORTED_CIPHER
        ) 
Example #16
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_pem_public_key(self, data):
        for b in self._filtered_backends(PEMSerializationBackend):
            return b.load_pem_public_key(data)

        raise UnsupportedAlgorithm(
            "This backend does not support this key serialization.",
            _Reasons.UNSUPPORTED_SERIALIZATION
        ) 
Example #17
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_der_x509_certificate(self, data):
        for b in self._filtered_backends(X509Backend):
            return b.load_der_x509_certificate(data)

        raise UnsupportedAlgorithm(
            "This backend does not support X.509.",
            _Reasons.UNSUPPORTED_X509
        ) 
Example #18
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_der_x509_crl(self, data):
        for b in self._filtered_backends(X509Backend):
            return b.load_der_x509_crl(data)

        raise UnsupportedAlgorithm(
            "This backend does not support X.509.",
            _Reasons.UNSUPPORTED_X509
        ) 
Example #19
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def load_pem_x509_crl(self, data):
        for b in self._filtered_backends(X509Backend):
            return b.load_pem_x509_crl(data)

        raise UnsupportedAlgorithm(
            "This backend does not support X.509.",
            _Reasons.UNSUPPORTED_X509
        ) 
Example #20
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
                           key_material):
        for b in self._filtered_backends(PBKDF2HMACBackend):
            try:
                return b.derive_pbkdf2_hmac(
                    algorithm, length, salt, iterations, key_material
                )
            except UnsupportedAlgorithm:
                pass
        raise UnsupportedAlgorithm(
            "{0} is not a supported hash on this backend.".format(
                algorithm.name),
            _Reasons.UNSUPPORTED_HASH
        ) 
Example #21
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def create_hash_ctx(self, algorithm):
        for b in self._filtered_backends(HashBackend):
            try:
                return b.create_hash_ctx(algorithm)
            except UnsupportedAlgorithm:
                pass
        raise UnsupportedAlgorithm(
            "{0} is not a supported hash on this backend.".format(
                algorithm.name),
            _Reasons.UNSUPPORTED_HASH
        ) 
Example #22
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def create_symmetric_decryption_ctx(self, cipher, mode):
        for b in self._filtered_backends(CipherBackend):
            try:
                return b.create_symmetric_decryption_ctx(cipher, mode)
            except UnsupportedAlgorithm:
                pass
        raise UnsupportedAlgorithm(
            "cipher {0} in {1} mode is not supported by this backend.".format(
                cipher.name, mode.name if mode else mode),
            _Reasons.UNSUPPORTED_CIPHER
        ) 
Example #23
Source File: multibackend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def generate_dsa_parameters(self, key_size):
        for b in self._filtered_backends(DSABackend):
            return b.generate_dsa_parameters(key_size)
        raise UnsupportedAlgorithm("DSA is not supported by the backend.",
                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) 
Example #24
Source File: backend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def elliptic_curve_supported(self, curve):
        if self._lib.Cryptography_HAS_EC != 1:
            return False

        try:
            curve_nid = self._elliptic_curve_to_nid(curve)
        except UnsupportedAlgorithm:
            curve_nid = self._lib.NID_undef

        ctx = self._lib.EC_GROUP_new_by_curve_name(curve_nid)

        if ctx == self._ffi.NULL:
            errors = self._consume_errors()
            self.openssl_assert(
                curve_nid == self._lib.NID_undef or
                errors[0][1:] == (
                    self._lib.ERR_LIB_EC,
                    self._lib.EC_F_EC_GROUP_NEW_BY_CURVE_NAME,
                    self._lib.EC_R_UNKNOWN_GROUP
                )
            )
            return False
        else:
            self.openssl_assert(curve_nid != self._lib.NID_undef)
            self._lib.EC_GROUP_free(ctx)
            return True 
Example #25
Source File: backend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def _evp_pkey_to_public_key(self, evp_pkey):
        """
        Return the appropriate type of PublicKey given an evp_pkey cdata
        pointer.
        """

        key_type = self._lib.EVP_PKEY_id(evp_pkey)

        if key_type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            self.openssl_assert(rsa_cdata != self._ffi.NULL)
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPublicKey(self, rsa_cdata, evp_pkey)
        elif key_type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            self.openssl_assert(dsa_cdata != self._ffi.NULL)
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPublicKey(self, dsa_cdata, evp_pkey)
        elif (self._lib.Cryptography_HAS_EC == 1 and
              key_type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            self.openssl_assert(ec_cdata != self._ffi.NULL)
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.") 
Example #26
Source File: backend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def _evp_pkey_to_private_key(self, evp_pkey):
        """
        Return the appropriate type of PrivateKey given an evp_pkey cdata
        pointer.
        """

        key_type = self._lib.EVP_PKEY_id(evp_pkey)

        if key_type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            self.openssl_assert(rsa_cdata != self._ffi.NULL)
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
        elif key_type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            self.openssl_assert(dsa_cdata != self._ffi.NULL)
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPrivateKey(self, dsa_cdata, evp_pkey)
        elif (self._lib.Cryptography_HAS_EC == 1 and
              key_type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            self.openssl_assert(ec_cdata != self._ffi.NULL)
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.") 
Example #27
Source File: x509.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def signature_hash_algorithm(self):
        oid = self.signature_algorithm_oid
        try:
            return x509._SIG_OIDS_TO_HASH[oid]
        except KeyError:
            raise UnsupportedAlgorithm(
                "Signature algorithm OID:{0} not recognized".format(oid)
            ) 
Example #28
Source File: x509.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def signature_hash_algorithm(self):
        oid = self.signature_algorithm_oid
        try:
            return x509._SIG_OIDS_TO_HASH[oid]
        except KeyError:
            raise UnsupportedAlgorithm(
                "Signature algorithm OID:{0} not recognized".format(oid)
            ) 
Example #29
Source File: test_transport.py    From Safejumper-for-Desktop with GNU General Public License v2.0 5 votes vote down vote up
def test_checkBad_KEX_ECDH_INIT_CurveName(self):
        """
        Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message
        and the key exchange algorithm is not set, we raise a ConchError.
        """
        self.proto.kexAlg = b'bad-curve'
        self.proto.keyAlg = b'ssh-rsa'
        self.assertRaises(UnsupportedAlgorithm,
                          self.proto._ssh_KEX_ECDH_INIT,
                          common.NS(b'unused-key')) 
Example #30
Source File: serialization.py    From oss-ftp with MIT License 5 votes vote down vote up
def load_ssh_public_key(data, backend):
    key_parts = data.split(b' ', 2)

    if len(key_parts) < 2:
        raise ValueError(
            'Key is not in the proper format or contains extra data.')

    key_type = key_parts[0]

    if key_type == b'ssh-rsa':
        loader = _load_ssh_rsa_public_key
    elif key_type == b'ssh-dss':
        loader = _load_ssh_dss_public_key
    elif key_type in [
        b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521',
    ]:
        loader = _load_ssh_ecdsa_public_key
    else:
        raise UnsupportedAlgorithm('Key type is not supported.')

    key_body = key_parts[1]

    try:
        decoded_data = base64.b64decode(key_body)
    except TypeError:
        raise ValueError('Key is not in the proper format.')

    inner_key_type, rest = _read_next_string(decoded_data)

    if inner_key_type != key_type:
        raise ValueError(
            'Key header and key body contain different key type values.'
        )

    return loader(key_type, rest, backend)