deprecate backend part 14 of...probably 15? (#6534)

* * CMAC * HMAC * * hashes * * keywrap
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2021-11-03 19:29:57 +0800
committer: GitHub <noreply@github.com> 2021-11-03 07:29:57 -0400
commit: 9d10f1f47d6a67d32a3ce2452a67f31fa214c075 (patch)
tree: dc63a59d971e47f0fb054938deaeb3af73328a25
parent: 4ab8ccea5ba3bf78d8e865954c9eb3c306cef25d (diff)
download: cryptography-9d10f1f47d6a67d32a3ce2452a67f31fa214c075.tar.gz
7 files changed, 32 insertions, 94 deletions
diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py
index d6dc7cff6..4a148ecef 100644
--- a/src/cryptography/hazmat/primitives/cmac.py
+++ b/src/cryptography/hazmat/primitives/cmac.py
@@ -8,11 +8,7 @@ import typing
 from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized,
-    UnsupportedAlgorithm,
-    _Reasons,
 )
-from cryptography.hazmat.backends import _get_backend
-from cryptography.hazmat.backends.interfaces import Backend, CMACBackend
 from cryptography.hazmat.primitives import ciphers
 
 
@@ -20,23 +16,19 @@ class CMAC(object):
     def __init__(
         self,
         algorithm: ciphers.BlockCipherAlgorithm,
-        backend: typing.Optional[Backend] = None,
+        backend: typing.Any = None,
         ctx=None,
     ):
-        backend = _get_backend(backend)
-        if not isinstance(backend, CMACBackend):
-            raise UnsupportedAlgorithm(
-                "Backend object does not implement CMACBackend.",
-                _Reasons.BACKEND_MISSING_INTERFACE,
-            )
-
         if not isinstance(algorithm, ciphers.BlockCipherAlgorithm):
             raise TypeError("Expected instance of BlockCipherAlgorithm.")
         self._algorithm = algorithm
 
-        self._backend = backend
         if ctx is None:
-            self._ctx = self._backend.create_cmac_ctx(self._algorithm)
+            from cryptography.hazmat.backends.openssl.backend import (
+                backend as ossl,
+            )
+
+            self._ctx = ossl.create_cmac_ctx(self._algorithm)
         else:
             self._ctx = ctx
 
@@ -65,6 +57,4 @@ class CMAC(object):
     def copy(self) -> "CMAC":
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized.")
-        return CMAC(
-            self._algorithm, backend=self._backend, ctx=self._ctx.copy()
-        )
+        return CMAC(self._algorithm, ctx=self._ctx.copy())
diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py
index 898017692..fee4e0eea 100644
--- a/src/cryptography/hazmat/primitives/hashes.py
+++ b/src/cryptography/hazmat/primitives/hashes.py
@@ -8,11 +8,7 @@ import typing
 from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized,
-    UnsupportedAlgorithm,
-    _Reasons,
 )
-from cryptography.hazmat.backends import _get_backend
-from cryptography.hazmat.backends.interfaces import Backend, HashBackend
 
 
 class HashAlgorithm(metaclass=abc.ABCMeta):
@@ -72,16 +68,9 @@ class Hash(HashContext):
     def __init__(
         self,
         algorithm: HashAlgorithm,
-        backend: typing.Optional[Backend] = None,
+        backend: typing.Any = None,
         ctx: typing.Optional["HashContext"] = None,
     ):
-        backend = _get_backend(backend)
-        if not isinstance(backend, HashBackend):
-            raise UnsupportedAlgorithm(
-                "Backend object does not implement HashBackend.",
-                _Reasons.BACKEND_MISSING_INTERFACE,
-            )
-
         if not isinstance(algorithm, HashAlgorithm):
             raise TypeError("Expected instance of hashes.HashAlgorithm.")
         self._algorithm = algorithm
@@ -89,7 +78,11 @@ class Hash(HashContext):
         self._backend = backend
 
         if ctx is None:
-            self._ctx = self._backend.create_hash_ctx(self.algorithm)
+            from cryptography.hazmat.backends.openssl.backend import (
+                backend as ossl,
+            )
+
+            self._ctx = ossl.create_hash_ctx(self.algorithm)
         else:
             self._ctx = ctx
 
@@ -106,9 +99,7 @@ class Hash(HashContext):
     def copy(self) -> "Hash":
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized.")
-        return Hash(
-            self.algorithm, backend=self._backend, ctx=self._ctx.copy()
-        )
+        return Hash(self.algorithm, ctx=self._ctx.copy())
 
     def finalize(self) -> bytes:
         if self._ctx is None:
diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py
index 540d6a24b..a2436f837 100644
--- a/src/cryptography/hazmat/primitives/hmac.py
+++ b/src/cryptography/hazmat/primitives/hmac.py
@@ -8,11 +8,7 @@ import typing
 from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized,
-    UnsupportedAlgorithm,
-    _Reasons,
 )
-from cryptography.hazmat.backends import _get_backend
-from cryptography.hazmat.backends.interfaces import Backend, HMACBackend
 from cryptography.hazmat.primitives import hashes
 
 
@@ -21,24 +17,20 @@ class HMAC(hashes.HashContext):
         self,
         key: bytes,
         algorithm: hashes.HashAlgorithm,
-        backend: typing.Optional[Backend] = None,
+        backend: typing.Any = None,
         ctx=None,
     ):
-        backend = _get_backend(backend)
-        if not isinstance(backend, HMACBackend):
-            raise UnsupportedAlgorithm(
-                "Backend object does not implement HMACBackend.",
-                _Reasons.BACKEND_MISSING_INTERFACE,
-            )
-
         if not isinstance(algorithm, hashes.HashAlgorithm):
             raise TypeError("Expected instance of hashes.HashAlgorithm.")
         self._algorithm = algorithm
 
-        self._backend = backend
         self._key = key
         if ctx is None:
-            self._ctx = self._backend.create_hmac_ctx(key, self.algorithm)
+            from cryptography.hazmat.backends.openssl.backend import (
+                backend as ossl,
+            )
+
+            self._ctx = ossl.create_hmac_ctx(key, self.algorithm)
         else:
             self._ctx = ctx
 
@@ -58,7 +50,6 @@ class HMAC(hashes.HashContext):
         return HMAC(
             self._key,
             self.algorithm,
-            backend=self._backend,
             ctx=self._ctx.copy(),
         )
 
diff --git a/src/cryptography/hazmat/primitives/keywrap.py b/src/cryptography/hazmat/primitives/keywrap.py
index b8de85dd4..123db376a 100644
--- a/src/cryptography/hazmat/primitives/keywrap.py
+++ b/src/cryptography/hazmat/primitives/keywrap.py
@@ -6,8 +6,6 @@
 import struct
 import typing
 
-from cryptography.hazmat.backends import _get_backend
-from cryptography.hazmat.backends.interfaces import Backend
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import ECB
@@ -18,10 +16,9 @@ def _wrap_core(
     wrapping_key: bytes,
     a: bytes,
     r: typing.List[bytes],
-    backend: Backend,
 ) -> bytes:
     # RFC 3394 Key Wrap - 2.2.1 (index method)
-    encryptor = Cipher(AES(wrapping_key), ECB(), backend).encryptor()
+    encryptor = Cipher(AES(wrapping_key), ECB()).encryptor()
     n = len(r)
     for j in range(6):
         for i in range(n):
@@ -43,9 +40,8 @@ def _wrap_core(
 def aes_key_wrap(
     wrapping_key: bytes,
     key_to_wrap: bytes,
-    backend: typing.Optional[Backend] = None,
+    backend: typing.Any = None,
 ) -> bytes:
-    backend = _get_backend(backend)
     if len(wrapping_key) not in [16, 24, 32]:
         raise ValueError("The wrapping key must be a valid AES key length")
 
@@ -57,17 +53,16 @@ def aes_key_wrap(
 
     a = b"\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6"
     r = [key_to_wrap[i : i + 8] for i in range(0, len(key_to_wrap), 8)]
-    return _wrap_core(wrapping_key, a, r, backend)
+    return _wrap_core(wrapping_key, a, r)
 
 
 def _unwrap_core(
     wrapping_key: bytes,
     a: bytes,
     r: typing.List[bytes],
-    backend: Backend,
 ) -> typing.Tuple[bytes, typing.List[bytes]]:
     # Implement RFC 3394 Key Unwrap - 2.2.2 (index method)
-    decryptor = Cipher(AES(wrapping_key), ECB(), backend).decryptor()
+    decryptor = Cipher(AES(wrapping_key), ECB()).decryptor()
     n = len(r)
     for j in reversed(range(6)):
         for i in reversed(range(n)):
@@ -91,9 +86,8 @@ def _unwrap_core(
 def aes_key_wrap_with_padding(
     wrapping_key: bytes,
     key_to_wrap: bytes,
-    backend: typing.Optional[Backend] = None,
+    backend: typing.Any = None,
 ) -> bytes:
-    backend = _get_backend(backend)
     if len(wrapping_key) not in [16, 24, 32]:
         raise ValueError("The wrapping key must be a valid AES key length")
 
@@ -103,21 +97,20 @@ def aes_key_wrap_with_padding(
     key_to_wrap = key_to_wrap + b"\x00" * pad
     if len(key_to_wrap) == 8:
         # RFC 5649 - 4.1 - exactly 8 octets after padding
-        encryptor = Cipher(AES(wrapping_key), ECB(), backend).encryptor()
+        encryptor = Cipher(AES(wrapping_key), ECB()).encryptor()
         b = encryptor.update(aiv + key_to_wrap)
         assert encryptor.finalize() == b""
         return b
     else:
         r = [key_to_wrap[i : i + 8] for i in range(0, len(key_to_wrap), 8)]
-        return _wrap_core(wrapping_key, aiv, r, backend)
+        return _wrap_core(wrapping_key, aiv, r)
 
 
 def aes_key_unwrap_with_padding(
     wrapping_key: bytes,
     wrapped_key: bytes,
-    backend: typing.Optional[Backend] = None,
+    backend: typing.Any = None,
 ) -> bytes:
-    backend = _get_backend(backend)
     if len(wrapped_key) < 16:
         raise InvalidUnwrap("Must be at least 16 bytes")
 
@@ -126,7 +119,7 @@ def aes_key_unwrap_with_padding(
 
     if len(wrapped_key) == 16:
         # RFC 5649 - 4.2 - exactly two 64-bit blocks
-        decryptor = Cipher(AES(wrapping_key), ECB(), backend).decryptor()
+        decryptor = Cipher(AES(wrapping_key), ECB()).decryptor()
         b = decryptor.update(wrapped_key)
         assert decryptor.finalize() == b""
         a = b[:8]
@@ -136,7 +129,7 @@ def aes_key_unwrap_with_padding(
         r = [wrapped_key[i : i + 8] for i in range(0, len(wrapped_key), 8)]
         encrypted_aiv = r.pop(0)
         n = len(r)
-        a, r = _unwrap_core(wrapping_key, encrypted_aiv, r, backend)
+        a, r = _unwrap_core(wrapping_key, encrypted_aiv, r)
         data = b"".join(r)
 
     # 1) Check that MSB(32,A) = A65959A6.
@@ -162,9 +155,8 @@ def aes_key_unwrap_with_padding(
 def aes_key_unwrap(
     wrapping_key: bytes,
     wrapped_key: bytes,
-    backend: typing.Optional[Backend] = None,
+    backend: typing.Any = None,
 ) -> bytes:
-    backend = _get_backend(backend)
     if len(wrapped_key) < 24:
         raise InvalidUnwrap("Must be at least 24 bytes")
 
@@ -177,7 +169,7 @@ def aes_key_unwrap(
     aiv = b"\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6"
     r = [wrapped_key[i : i + 8] for i in range(0, len(wrapped_key), 8)]
     a = r.pop(0)
-    a, r = _unwrap_core(wrapping_key, a, r, backend)
+    a, r = _unwrap_core(wrapping_key, a, r)
     if not bytes_eq(a, aiv):
         raise InvalidUnwrap()
 
diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py
index 1d6892540..1dfd2b3fd 100644
--- a/tests/hazmat/primitives/test_cmac.py
+++ b/tests/hazmat/primitives/test_cmac.py
@@ -10,7 +10,6 @@ import pytest
 from cryptography.exceptions import (
     AlreadyFinalized,
     InvalidSignature,
-    _Reasons,
 )
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES,
@@ -22,7 +21,6 @@ from cryptography.hazmat.primitives.cmac import CMAC
 from ...utils import (
     load_nist_vectors,
     load_vectors_from_file,
-    raises_unsupported_algorithm,
 )
 
 
@@ -210,11 +208,3 @@ class TestCMAC(object):
         assert cmac.finalize() == binascii.unhexlify(
             b"a21e6e647bfeaf5ca0a5e1bcd957dfad"
         )
-
-
-def test_invalid_backend():
-    key = b"2b7e151628aed2a6abf7158809cf4f3c"
-    pretend_backend = object()
-
-    with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
-        CMAC(AES(key), pretend_backend)  # type: ignore[arg-type]
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index e433d9c01..50875807f 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -155,13 +155,6 @@ class TestBLAKE2s(object):
             hashes.BLAKE2s(digest_size=-1)
 
 
-def test_invalid_backend():
-    pretend_backend = object()
-
-    with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
-        hashes.Hash(hashes.SHA1(), pretend_backend)  # type:ignore[arg-type]
-
-
 def test_buffer_protocol_hash(backend):
     data = binascii.unhexlify(b"b4190e")
     h = hashes.Hash(hashes.SHA256(), backend)
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 44dd94e05..5215b096d 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -88,12 +88,3 @@ class TestHMAC(object):
         assert h.finalize() == binascii.unhexlify(
             b"a1bf7169c56a501c6585190ff4f07cad6e492a3ee187c0372614fb444b9fc3f0"
         )
-
-
-def test_invalid_backend():
-    pretend_backend = object()
-
-    with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
-        hmac.HMAC(
-            b"key", hashes.SHA1(), pretend_backend  # type:ignore[arg-type]
-        )
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2021-11-03 19:29:57 +0800
committer	GitHub <noreply@github.com>	2021-11-03 07:29:57 -0400
commit	9d10f1f47d6a67d32a3ce2452a67f31fa214c075 (patch)
tree	dc63a59d971e47f0fb054938deaeb3af73328a25
parent	4ab8ccea5ba3bf78d8e865954c9eb3c306cef25d (diff)
download	cryptography-9d10f1f47d6a67d32a3ce2452a67f31fa214c075.tar.gz