Merge branch 'master' into pypy-2.3

author: Alex Gaynor <alex.gaynor@gmail.com> 2014-05-16 10:21:39 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-05-16 10:21:39 -0400
commit: 59bcae860e9b0b2d603608965e5ef3d913b2c92e (patch)
tree: e628e26852fa8692b45fc475fd83f6efb1ce4341 /cryptography
parent: e653e490b4d648daf3cb85d8050d04b47469a939 (diff)
parent: d1c0fb8bbe0984d54ba0f4b7a8861bca0e446e19 (diff)
download: cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.tar.gz
cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.tar.bz2
cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.zip
4 files changed, 71 insertions, 20 deletions
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 753f4fc6..c5c652db 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -146,6 +146,24 @@ class MultiBackend(object):
         raise UnsupportedAlgorithm("RSA is not supported by the backend",
                                    _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
 
+    def mgf1_hash_supported(self, algorithm):
+        for b in self._filtered_backends(RSABackend):
+            return b.mgf1_hash_supported(algorithm)
+        raise UnsupportedAlgorithm("RSA is not supported by the backend",
+                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+    def decrypt_rsa(self, private_key, ciphertext, padding):
+        for b in self._filtered_backends(RSABackend):
+            return b.decrypt_rsa(private_key, ciphertext, padding)
+        raise UnsupportedAlgorithm("RSA is not supported by the backend",
+                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+    def encrypt_rsa(self, public_key, plaintext, padding):
+        for b in self._filtered_backends(RSABackend):
+            return b.encrypt_rsa(public_key, plaintext, padding)
+        raise UnsupportedAlgorithm("RSA is not supported by the backend",
+                                   _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
     def generate_dsa_parameters(self, key_size):
         for b in self._filtered_backends(DSABackend):
             return b.generate_dsa_parameters(key_size)
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index cd8fa1cf..94b96d98 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -159,6 +159,7 @@ static const long TLSEXT_NAMETYPE_host_name;
 
 typedef ... SSL_CIPHER;
 typedef ... Cryptography_STACK_OF_SSL_CIPHER;
+typedef ... COMP_METHOD;
 """
 
 FUNCTIONS = """
@@ -198,6 +199,10 @@ int SSL_shutdown(SSL *);
 const char *SSL_get_cipher_list(const SSL *, int);
 Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *);
 
+const COMP_METHOD *SSL_get_current_compression(SSL *);
+const COMP_METHOD *SSL_get_current_expansion(SSL *);
+const char *SSL_COMP_get_name(const COMP_METHOD *);
+
 /*  context */
 void SSL_CTX_free(SSL_CTX *);
 long SSL_CTX_set_timeout(SSL_CTX *, long);
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 03500aaa..daa8fcc7 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,6 +34,51 @@ class HKDF(object):
 
         self._algorithm = algorithm
 
+        if isinstance(salt, six.text_type):
+            raise TypeError(
+                "Unicode-objects must be encoded before using them as a salt.")
+
+        if salt is None:
+            salt = b"\x00" * (self._algorithm.digest_size // 8)
+
+        self._salt = salt
+
+        self._backend = backend
+
+        self._hkdf_expand = HKDFExpand(self._algorithm, length, info, backend)
+
+    def _extract(self, key_material):
+        h = hmac.HMAC(self._salt, self._algorithm, backend=self._backend)
+        h.update(key_material)
+        return h.finalize()
+
+    def derive(self, key_material):
+        if isinstance(key_material, six.text_type):
+            raise TypeError(
+                "Unicode-objects must be encoded before using them as key "
+                "material."
+            )
+
+        return self._hkdf_expand.derive(self._extract(key_material))
+
+    def verify(self, key_material, expected_key):
+        if not constant_time.bytes_eq(self.derive(key_material), expected_key):
+            raise InvalidKey
+
+
+@utils.register_interface(interfaces.KeyDerivationFunction)
+class HKDFExpand(object):
+    def __init__(self, algorithm, length, info, backend):
+        if not isinstance(backend, HMACBackend):
+            raise UnsupportedAlgorithm(
+                "Backend object does not implement HMACBackend",
+                _Reasons.BACKEND_MISSING_INTERFACE
+            )
+
+        self._algorithm = algorithm
+
+        self._backend = backend
+
         max_length = 255 * (algorithm.digest_size // 8)
 
         if length > max_length:
@@ -44,15 +89,6 @@ class HKDF(object):
 
         self._length = length
 
-        if isinstance(salt, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as a salt.")
-
-        if salt is None:
-            salt = b"\x00" * (self._algorithm.digest_size // 8)
-
-        self._salt = salt
-
         if isinstance(info, six.text_type):
             raise TypeError(
                 "Unicode-objects must be encoded before using them as info.")
@@ -61,15 +97,9 @@ class HKDF(object):
             info = b""
 
         self._info = info
-        self._backend = backend
 
         self._used = False
 
-    def _extract(self, key_material):
-        h = hmac.HMAC(self._salt, self._algorithm, backend=self._backend)
-        h.update(key_material)
-        return h.finalize()
-
     def _expand(self, key_material):
         output = [b""]
         counter = 1
@@ -87,7 +117,7 @@ class HKDF(object):
     def derive(self, key_material):
         if isinstance(key_material, six.text_type):
             raise TypeError(
-                "Unicode-objects must be encoded before using them as key "
+                "Unicode-objects must be encoded before using them as key"
                 "material."
             )
 
@@ -95,7 +125,7 @@ class HKDF(object):
             raise AlreadyFinalized
 
         self._used = True
-        return self._expand(self._extract(key_material))
+        return self._expand(key_material)
 
     def verify(self, key_material, expected_key):
         if not constant_time.bytes_eq(self.derive(key_material), expected_key):
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 41c467c8..1a0f4472 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -64,8 +64,6 @@ class HOTP(object):
         ctx.update(struct.pack(">Q", counter))
         hmac_value = ctx.finalize()
 
-        offset_bits = six.indexbytes(hmac_value, len(hmac_value) - 1) & 0b1111
-
-        offset = int(offset_bits)
+        offset = six.indexbytes(hmac_value, len(hmac_value) - 1) & 0b1111
         p = hmac_value[offset:offset + 4]
         return struct.unpack(">I", p)[0] & 0x7fffffff
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-05-16 10:21:39 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-05-16 10:21:39 -0400
commit	59bcae860e9b0b2d603608965e5ef3d913b2c92e (patch)
tree	e628e26852fa8692b45fc475fd83f6efb1ce4341 /cryptography
parent	e653e490b4d648daf3cb85d8050d04b47469a939 (diff)
parent	d1c0fb8bbe0984d54ba0f4b7a8861bca0e446e19 (diff)
download	cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.tar.gz cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.tar.bz2 cryptography-59bcae860e9b0b2d603608965e5ef3d913b2c92e.zip