Document and implement the public API for when the backend doesn't support the requested algorithm

cryptography/exceptions.py

@@ -0,0 +1,15 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class NoSuchAlgorithm(Exception):
+    pass

cryptography/hazmat/bindings/openssl/backend.py

@@ -18,6 +18,7 @@ import sys
 
 import cffi
 
+from cryptography.exceptions import NoSuchAlgorithm
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.block.ciphers import (
     AES, Blowfish, Camellia, CAST5, TripleDES,
@@ -128,9 +129,12 @@ class _CipherContext(object):
         ctx = self._backend.ffi.gc(ctx, self._backend.lib.EVP_CIPHER_CTX_free)
 
         registry = self._backend.ciphers._cipher_registry
-        evp_cipher = registry[type(cipher), type(mode)](
-            self._backend, cipher, mode
-        )
+        try:
+            adapter = registry[type(cipher), type(mode)]
+        except KeyError:
+            raise NoSuchAlgorithm
+
+        evp_cipher = adapter(self._backend, cipher, mode)
         assert evp_cipher != self._backend.ffi.NULL
         if isinstance(mode, interfaces.ModeWithInitializationVector):
             iv_nonce = mode.initialization_vector

docs/exceptions.rst

@@ -0,0 +1,9 @@
+Exceptions
+==========
+
+.. currentmodule:: cryptography.exceptions
+
+.. class:: NoSuchAlgorithm
+
+    This is raised when a backend doesn't support the requested algorithm (or
+    combination of algorithms).

docs/hazmat/primitives/symmetric-encryption.rst

@@ -42,12 +42,21 @@ where the encrypter and decrypter both use the same key.
             :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
             provider.
 
+        If the backend doesn't support the requested combination of ``cipher``
+        and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will
+        be raised.
+
     .. method:: decryptor()
 
         :return: A decrypting
             :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
             provider.
 
+        If the backend doesn't support the requested combination of ``cipher``
+        and ``mode`` a :class:`cryptography.exceptions.NoSuchAlgorithm` will
+        be raised.
+
+
 .. currentmodule:: cryptography.hazmat.primitives.interfaces
 
 .. class:: CipherContext

docs/index.rst

@@ -31,6 +31,7 @@ Contents
     :maxdepth: 2
 
     architecture
+    exceptions
     contributing
     security
     community

tests/hazmat/primitives/test_block.py

@@ -17,6 +17,7 @@ import binascii
 
 import pytest
 
+from cryptography.exceptions import NoSuchAlgorithm
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.block import BlockCipher, ciphers, modes
 
@@ -84,3 +85,13 @@ class TestBlockCipherContext(object):
         assert len(pt) == 80
         assert pt == b"a" * 80
         decryptor.finalize()
+
+    def test_nonexistant_cipher(self, backend):
+        cipher = BlockCipher(
+            object(), object(), backend
+        )
+        with pytest.raises(NoSuchAlgorithm):
+            cipher.encryptor()
+
+        with pytest.raises(NoSuchAlgorithm):
+            cipher.decryptor()