test failures - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported for PBKDF2 by this backend

[jlec]

============================================== FAILURES ================================================
_________________________________ TestPBKDF2HMAC.test_already_finalized _________________________________

self = <tests.hazmat.primitives.test_pbkdf2hmac.TestPBKDF2HMAC object at 0x7fda4d258ad0>

    def test_already_finalized(self):
>       kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())

tests/hazmat/primitives/test_pbkdf2hmac.py:29:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC object at 0x7fda4d3e2490>
algorithm = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7fda4d3e2710>, length = 20
salt = b'salt', iterations = 10
backend = <cryptography.hazmat.backends.multibackend.MultiBackend object at 0x7fda4d3a9610>

    def __init__(self, algorithm, length, salt, iterations, backend):
        if not isinstance(backend, PBKDF2HMACBackend):
            raise UnsupportedAlgorithm(
                "Backend object does not implement PBKDF2HMACBackend.",
                _Reasons.BACKEND_MISSING_INTERFACE
            )

        if not backend.pbkdf2_hmac_supported(algorithm):
            raise UnsupportedAlgorithm(
                "{0} is not supported for PBKDF2 by this backend.".format(
                    algorithm.name),
>               _Reasons.UNSUPPORTED_HASH
            )
E           cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported for PBKDF2 by this backend.

../cryptography-0.9-python3_3/lib/cryptography/hazmat/primitives/kdf/pbkdf2.py:29: UnsupportedAlgorithm
____________________________________ TestPBKDF2HMAC.test_invalid_key ____________________________________

self = <tests.hazmat.primitives.test_pbkdf2hmac.TestPBKDF2HMAC object at 0x7fda4d2c3410>

    def test_invalid_key(self):
>       kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())

tests/hazmat/primitives/test_pbkdf2hmac.py:49:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC object at 0x7fda4d2c3650>
algorithm = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7fda4d2c3fd0>, length = 20
salt = b'salt', iterations = 10
backend = <cryptography.hazmat.backends.multibackend.MultiBackend object at 0x7fda4d3a9610>

    def __init__(self, algorithm, length, salt, iterations, backend):
        if not isinstance(backend, PBKDF2HMACBackend):
            raise UnsupportedAlgorithm(
                "Backend object does not implement PBKDF2HMACBackend.",
                _Reasons.BACKEND_MISSING_INTERFACE
            )

        if not backend.pbkdf2_hmac_supported(algorithm):
            raise UnsupportedAlgorithm(
                "{0} is not supported for PBKDF2 by this backend.".format(
                    algorithm.name),
>               _Reasons.UNSUPPORTED_HASH
            )
E           cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported for PBKDF2 by this backend.

../cryptography-0.9-python3_3/lib/cryptography/hazmat/primitives/kdf/pbkdf2.py:29: UnsupportedAlgorithm
______________________________ TestPBKDF2HMAC.test_unicode_error_with_salt ______________________________

self = <tests.hazmat.primitives.test_pbkdf2hmac.TestPBKDF2HMAC object at 0x7fda4d27c810>

    def test_unicode_error_with_salt(self):
        with pytest.raises(TypeError):
>           PBKDF2HMAC(hashes.SHA1(), 20, u"salt", 10, default_backend())

tests/hazmat/primitives/test_pbkdf2hmac.py:58:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC object at 0x7fda4d27cc10>
algorithm = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7fda4d27c8d0>, length = 20
salt = 'salt', iterations = 10
backend = <cryptography.hazmat.backends.multibackend.MultiBackend object at 0x7fda4d3a9610>

    def __init__(self, algorithm, length, salt, iterations, backend):
        if not isinstance(backend, PBKDF2HMACBackend):
            raise UnsupportedAlgorithm(
                "Backend object does not implement PBKDF2HMACBackend.",
                _Reasons.BACKEND_MISSING_INTERFACE
            )

        if not backend.pbkdf2_hmac_supported(algorithm):
            raise UnsupportedAlgorithm(
                "{0} is not supported for PBKDF2 by this backend.".format(
                    algorithm.name),
>               _Reasons.UNSUPPORTED_HASH
            )
E           cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported for PBKDF2 by this backend.

../cryptography-0.9-python3_3/lib/cryptography/hazmat/primitives/kdf/pbkdf2.py:29: UnsupportedAlgorithm
__________________________ TestPBKDF2HMAC.test_unicode_error_with_key_material __________________________

self = <tests.hazmat.primitives.test_pbkdf2hmac.TestPBKDF2HMAC object at 0x7fda4d8b8bd0>

    def test_unicode_error_with_key_material(self):
>       kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())

tests/hazmat/primitives/test_pbkdf2hmac.py:61:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC object at 0x7fda4d202490>
algorithm = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7fda4d202410>, length = 20
salt = b'salt', iterations = 10
backend = <cryptography.hazmat.backends.multibackend.MultiBackend object at 0x7fda4d3a9610>

    def __init__(self, algorithm, length, salt, iterations, backend):
        if not isinstance(backend, PBKDF2HMACBackend):
            raise UnsupportedAlgorithm(
                "Backend object does not implement PBKDF2HMACBackend.",
                _Reasons.BACKEND_MISSING_INTERFACE
            )

        if not backend.pbkdf2_hmac_supported(algorithm):
            raise UnsupportedAlgorithm(
                "{0} is not supported for PBKDF2 by this backend.".format(
                    algorithm.name),
>               _Reasons.UNSUPPORTED_HASH
            )
E           cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported for PBKDF2 by this backend.

../cryptography-0.9-python3_3/lib/cryptography/hazmat/primitives/kdf/pbkdf2.py:29: UnsupportedAlgorithm
========================== 4 failed, 687 passed, 119 skipped in 18.04 seconds ==========================

[alex]

From a cryptography install can you do from cryptography.hazmat.backends import default_backend(); print default_backend()._backends?

[alex]

No feedback here, closing for now. Will reopen if there's more info.

[famoraes]

Hey Alex, I have the similar issue here UnsupportedAlgorithm: sha256 is not a supported hash on this backend., with every backend (SHA-1, SHA-256 ect), the output of the ._backends is a empty list.
I've tried to reinstall all the lib and packages, but have no effect. A funny thing is that I have another virtualenv (which is older) and everything works good.

[reaperhulk]

@famoraes What OS/distribution are you on? Would you mind cloning current master and seeing if installing that works?

[famoraes]

I'm using Fedora 21. I'm using cryptography through another python package Signxml. Maybe I have to create a issue there? or there is something with my packages installation maybe? Thanks for the quick reply @reaperhulk

[reaperhulk]

It's not likely to be signxml's issue. Be aware that to install master you'll need cffi 1.1+, so you won't be able to use the Fedora system packages for that.

[famoraes]

Hum, I see. Ok I'll try to install cffi and cryptography from the source and see what happens.

[famoraes]

Still without backends. These backends, there is a linux lib or something that "install" theses sources?

[reaperhulk]

No, the backends are part of the installation of the package, but they're discovered via entry points. cc @dstufft to see if he has any ideas why the entry points aren't working

[Ayrx]

@famoraes Just to be sure, you have libssl-dev and libffi-dev installed?

[famoraes]

@Ayrx yep, I have these two packages installed.

[jlec]

@alex Sorry for the delay,

print(default_backend()._backends)
[<cryptography.hazmat.backends.openssl.backend.Backend object at 0x2ab9abe93490>]

[wil3]

Im on ubuntu 14.04 and Im seeing the same thing, any solution to this? I have all the libs installed.

[wil3]

So I believe I found the problem at least for me.
The implementation here,
https://cryptography.io/en/latest/fernet/#using-passwords-with-fernet

Throws the error, while the implmentation here,
https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC

Works. The first does not call the method default_backend().

[reaperhulk]

@wil3 that is definitely a docs bug! Thanks for the report.

[hjwp]

I'm seeing this problem on a windows install.

  File "c:\Python27\lib\site-packages\cryptography\hazmat\backends\multibackend.py", line 101, in create_hmac_ctx
    _Reasons.UNSUPPORTED_HASH
UnsupportedAlgorithm: sha256 is not a supported hash on this backend.

And default_backend()._backends is giving []

[reaperhulk]

Can you provide the output of pip list and also a list of the files in the following directory: c:\Python27\lib\site-packages\cryptography\hazmat\bindings?

[hjwp]

Thanks! It certainly could be something weird with this particular vm (an old xp install). I've tested it on another windows server machine, and the backends do have something in them.

Here's pip list:

$ pip list
backports.ssl (0.0.7)
backports.ssl-match-hostname (3.4.0.2)
beanstalkc (0.4.0)
boto (2.29.1)
cffi (1.3.1)
configparser (3.3.0.post2)
cryptography (1.1.1)
cssselect (0.9.1)
Django (1.3.7)
dnspython (1.12.0)
docopt (0.6.2)
dropbox (2.1.0)
EasyProcess (0.1.6)
ecdsa (0.11)
enum34 (1.1.1)
Fabric (1.9.0)
feedparser (5.1)
funcsigs (0.4)
futures (3.0.3)
idna (2.0)
IMAPClient (1.0.0)
incf.countryutils (1.0)
ipaddress (1.0.15)
ipython (2.1.0)
lxml (3.3.5)
Markdown (2.4.1)
mechanize (0.2.5)
mock (1.3.0)
MySQL-python (1.2.5)
paramiko (1.14.0)
pbr (1.8.1)
pexpect (4.0.1)
pip (7.0.3)
psutil (2.2.1)
psycopg2 (2.5.3)
ptyprocess (0.5)
pwhich (0.1.0)
pyasn1 (0.1.9)
pycparser (2.14)
pycrypto (2.3)
pyflakes (0.8.1)
pyOpenSSL (0.15.1)
pyreadline (2.0)
python-dateutil (2.4.2)
python-magic (0.4.6)
PyVirtualDisplay (0.1.5)
pywin32 (216)
rdflib (3.1.0)
redis (2.10.1)
requests (2.8.1)
resolver-test (1.0.1)
secureconfig (0.1.2)
selenium (2.47.3)
setuptools (0.6rc11)
six (1.10.0)
sockjs-tornado (1.0.0)
South (1.0)
ssh (1.7.10)
stripe (1.11.0)
tornado (3.2.2)
urllib3 (1.8.3)

(sorry that's a little long)

And here's the directory listing:

$ ls "c:\Python27\lib\site-packages\cryptography\hazmat\bindings"
__init__.py  __init__.pyc  _constant_time.pyd  _openssl.pyd  _padding.pyd  commoncrypto  openssl

[hjwp]

ah. Just to be sure, I uninstalled cryptography and all its dependencies, and then reinstalled them, and now I do have a backend, and everything works.

So probably I installed cffi or something in some broken way, no doubt my fault. Thanks for the incredibly prompt response, sorry to waste anyone's time.