diff options
39 files changed, 11 insertions, 1932 deletions
diff --git a/.travis/run.sh b/.travis/run.sh index 6ce64733..8d1a2c18 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -15,9 +15,6 @@ if [[ "$(uname -s)" == "Darwin" ]]; then export LDFLAGS="/usr/local/opt/openssl/lib/libssl.a /usr/local/opt/openssl/lib/libcrypto.a" else export LDFLAGS="-L/usr/local/opt/openssl/lib" - # on a dynamic build we only need to test against OpenSSL -- CC is not affected by - # dynamic vs static - export TOX_FLAGS="--backend=openssl" fi export CFLAGS="-I/usr/local/opt/openssl/include" else @@ -36,7 +33,7 @@ else fi fi source ~/.venv/bin/activate -tox -- $TOX_FLAGS +tox # Output information about linking of the OpenSSL library on OS X if [[ "$(uname -s)" == "Darwin" ]]; then otool -L $(find .tox -name "_openssl*.so") diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8332b8be..5b4ec1ef 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,7 @@ Changelog :class:`~cryptography.x509.UnrecognizedExtension` object will be returned. This behavior was based on a poor reading of the RFC, unknown critical extensions only need to be rejected on certificate verification. +* The CommonCrypto backend has been removed. 1.8.1 - 2017-03-10 @@ -745,7 +746,7 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on - :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`. + ``commoncrypto`` and :doc:`/hazmat/backends/openssl`. * Added ``AES`` :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR` support to the OpenSSL backend when linked against 0.9.8. * Added ``PKCS8SerializationBackend`` and @@ -755,7 +756,7 @@ Changelog :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on - :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`. + ``commoncrypto`` and :doc:`/hazmat/backends/openssl`. * Deprecated the concrete ``RSAPrivateKey`` class in favor of backend specific providers of the :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` @@ -830,8 +831,8 @@ Changelog 0.2 - 2014-02-20 ~~~~~~~~~~~~~~~~ -* Added :doc:`/hazmat/backends/commoncrypto`. -* Added initial :doc:`/hazmat/bindings/commoncrypto`. +* Added ``commoncrypto``. +* Added initial ``commoncrypto``. * Removed ``register_cipher_adapter`` method from :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`. * Added support for the OpenSSL backend under Windows. diff --git a/docs/development/getting-started.rst b/docs/development/getting-started.rst index 29d01c31..66173d40 100644 --- a/docs/development/getting-started.rst +++ b/docs/development/getting-started.rst @@ -86,20 +86,6 @@ You may not have all the required Python versions installed, in which case you will see one or more ``InterpreterNotFound`` errors. -Explicit backend selection --------------------------- - -While testing you may want to run tests against a subset of the backends that -cryptography supports. Explicit backend selection can be done via the -``--backend`` flag. This flag should be passed to ``py.test`` with a comma -delimited list of backend names. - - -.. code-block:: console - - $ tox -- --backend=openssl - $ py.test --backend=openssl,commoncrypto - Building documentation ---------------------- diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst deleted file mode 100644 index e976b6f7..00000000 --- a/docs/hazmat/backends/commoncrypto.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. hazmat:: - -CommonCrypto backend -==================== - -The `CommonCrypto`_ C library provided by Apple on macOS and iOS. The -CommonCrypto backend is only supported on macOS versions 10.8 and above. - -.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend - -.. versionadded:: 0.2 - -.. data:: cryptography.hazmat.backends.commoncrypto.backend - - This is the exposed API for the CommonCrypto backend. - - It implements the following interfaces: - - * :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` - * :class:`~cryptography.hazmat.backends.interfaces.HashBackend` - * :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` - * :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` - - It has one additional public attribute. - - .. attribute:: name - - The string name of this backend: ``"commoncrypto"`` - -.. _`CommonCrypto`: https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html#//apple_ref/doc/uid/TP40011172-CH9-SW10 diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index aec7a1e0..56d18901 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -31,6 +31,5 @@ Individual backends :maxdepth: 1 openssl - commoncrypto multibackend interfaces diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 4f15d5c6..e3c67474 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -22,7 +22,6 @@ A specific ``backend`` may provide one or more of these interfaces. The following backends implement this interface: * :doc:`/hazmat/backends/openssl` - * :doc:`/hazmat/backends/commoncrypto` .. method:: cipher_supported(cipher, mode) @@ -84,7 +83,6 @@ A specific ``backend`` may provide one or more of these interfaces. The following backends implement this interface: * :doc:`/hazmat/backends/openssl` - * :doc:`/hazmat/backends/commoncrypto` .. method:: hash_supported(algorithm) @@ -118,7 +116,6 @@ A specific ``backend`` may provide one or more of these interfaces. The following backends implement this interface: * :doc:`/hazmat/backends/openssl` - * :doc:`/hazmat/backends/commoncrypto` .. method:: hmac_supported(algorithm) @@ -181,7 +178,6 @@ A specific ``backend`` may provide one or more of these interfaces. The following backends implement this interface: * :doc:`/hazmat/backends/openssl` - * :doc:`/hazmat/backends/commoncrypto` .. method:: pbkdf2_hmac_supported(algorithm) diff --git a/docs/hazmat/bindings/commoncrypto.rst b/docs/hazmat/bindings/commoncrypto.rst deleted file mode 100644 index 63e734c6..00000000 --- a/docs/hazmat/bindings/commoncrypto.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. hazmat:: - -CommonCrypto binding -==================== - -.. currentmodule:: cryptography.hazmat.bindings.commoncrypto.binding - -.. versionadded:: 0.2 - -These are `CFFI`_ bindings to the `CommonCrypto`_ C library. It is only -available on macOS versions 10.8 and above. - -.. class:: cryptography.hazmat.bindings.commoncrypto.binding.Binding() - - This is the exposed API for the CommonCrypto bindings. It has two public - attributes: - - .. attribute:: ffi - - This is a ``cffi.FFI`` instance. It can be used to allocate and - otherwise manipulate CommonCrypto structures. - - .. attribute:: lib - - This is a ``cffi`` library. It can be used to call CommonCrypto - functions, and access constants. - - -.. _`CFFI`: https://cffi.readthedocs.io -.. _`CommonCrypto`: https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html#//apple_ref/doc/uid/TP40011172-CH9-SW10 diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst index 8075be14..655f4620 100644 --- a/docs/hazmat/bindings/index.rst +++ b/docs/hazmat/bindings/index.rst @@ -20,4 +20,3 @@ Individual bindings :maxdepth: 1 openssl - commoncrypto @@ -73,20 +73,10 @@ if not os.path.exists(os.path.join(base_dir, "vectors/setup.py")): test_requirements.append(VECTORS_DEPENDENCY) -def cc_is_available(): - return sys.platform == "darwin" and list(map( - int, platform.mac_ver()[0].split("."))) >= [10, 8, 0] - - backends = [ "openssl = cryptography.hazmat.backends.openssl:backend" ] -if cc_is_available(): - backends.append( - "commoncrypto = cryptography.hazmat.backends.commoncrypto:backend", - ) - class PyTest(test): def finalize_options(self): @@ -212,8 +202,6 @@ def keywords_with_side_effects(argv): "src/_cffi_src/build_constant_time.py:ffi", "src/_cffi_src/build_padding.py:ffi", ] - if cc_is_available(): - cffi_modules.append("src/_cffi_src/build_commoncrypto.py:ffi") return { "setup_requires": setup_requirements, diff --git a/src/_cffi_src/build_commoncrypto.py b/src/_cffi_src/build_commoncrypto.py deleted file mode 100644 index 373f6f72..00000000 --- a/src/_cffi_src/build_commoncrypto.py +++ /dev/null @@ -1,33 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from _cffi_src.utils import build_ffi_for_binding - - -ffi = build_ffi_for_binding( - module_name="_commoncrypto", - module_prefix="_cffi_src.commoncrypto.", - modules=[ - "cf", - "common_digest", - "common_hmac", - "common_key_derivation", - "common_cryptor", - "common_symmetric_key_wrap", - "seccertificate", - "secimport", - "secitem", - "seckey", - "seckeychain", - "secpolicy", - "sectransform", - "sectrust", - "secure_transport", - ], - extra_link_args=[ - "-framework", "Security", "-framework", "CoreFoundation" - ], -) diff --git a/src/_cffi_src/commoncrypto/__init__.py b/src/_cffi_src/commoncrypto/__init__.py deleted file mode 100644 index 4b540884..00000000 --- a/src/_cffi_src/commoncrypto/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function diff --git a/src/_cffi_src/commoncrypto/cf.py b/src/_cffi_src/commoncrypto/cf.py deleted file mode 100644 index 02e58d90..00000000 --- a/src/_cffi_src/commoncrypto/cf.py +++ /dev/null @@ -1,113 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CoreFoundation/CoreFoundation.h> -""" - -TYPES = """ -typedef bool Boolean; -typedef signed long OSStatus; -typedef unsigned char UInt8; -typedef uint32_t UInt32; - -typedef const void * CFAllocatorRef; -const CFAllocatorRef kCFAllocatorDefault; -typedef ... *CFDataRef; -typedef signed long long CFIndex; -typedef ... *CFStringRef; -typedef ... *CFArrayRef; -typedef ... *CFMutableArrayRef; -typedef ... *CFBooleanRef; -typedef ... *CFErrorRef; -typedef ... *CFNumberRef; -typedef ... *CFTypeRef; -typedef ... *CFDictionaryRef; -typedef ... *CFMutableDictionaryRef; -typedef struct { - ...; -} CFDictionaryKeyCallBacks; -typedef struct { - ...; -} CFDictionaryValueCallBacks; -typedef struct { - ...; -} CFRange; -typedef struct { - ...; -} CFArrayCallBacks; - -typedef UInt32 CFStringEncoding; -enum { - kCFStringEncodingASCII = 0x0600 -}; - -enum { - kCFNumberSInt8Type = 1, - kCFNumberSInt16Type = 2, - kCFNumberSInt32Type = 3, - kCFNumberSInt64Type = 4, - kCFNumberFloat32Type = 5, - kCFNumberFloat64Type = 6, - kCFNumberCharType = 7, - kCFNumberShortType = 8, - kCFNumberIntType = 9, - kCFNumberLongType = 10, - kCFNumberLongLongType = 11, - kCFNumberFloatType = 12, - kCFNumberDoubleType = 13, - kCFNumberCFIndexType = 14, - kCFNumberNSIntegerType = 15, - kCFNumberCGFloatType = 16, - kCFNumberMaxType = 16 -}; -typedef int CFNumberType; - -const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks; -const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks; - -const CFArrayCallBacks kCFTypeArrayCallBacks; - -const CFBooleanRef kCFBooleanTrue; -const CFBooleanRef kCFBooleanFalse; -""" - -FUNCTIONS = """ -CFDataRef CFDataCreate(CFAllocatorRef, const UInt8 *, CFIndex); -CFStringRef CFStringCreateWithCString(CFAllocatorRef, const char *, - CFStringEncoding); -CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void **, - const void **, CFIndex, - const CFDictionaryKeyCallBacks *, - const CFDictionaryValueCallBacks *); -CFMutableDictionaryRef CFDictionaryCreateMutable( - CFAllocatorRef, - CFIndex, - const CFDictionaryKeyCallBacks *, - const CFDictionaryValueCallBacks * -); -void CFDictionarySetValue(CFMutableDictionaryRef, const void *, const void *); -CFIndex CFArrayGetCount(CFArrayRef); -const void *CFArrayGetValueAtIndex(CFArrayRef, CFIndex); -CFIndex CFDataGetLength(CFDataRef); -void CFDataGetBytes(CFDataRef, CFRange, UInt8 *); -CFRange CFRangeMake(CFIndex, CFIndex); -void CFShow(CFTypeRef); -Boolean CFBooleanGetValue(CFBooleanRef); -CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void *); -void CFRelease(CFTypeRef); -CFTypeRef CFRetain(CFTypeRef); - -CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef, CFIndex, - const CFArrayCallBacks *); -void CFArrayAppendValue(CFMutableArrayRef, const void *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/common_cryptor.py b/src/_cffi_src/commoncrypto/common_cryptor.py deleted file mode 100644 index 15c253e1..00000000 --- a/src/_cffi_src/commoncrypto/common_cryptor.py +++ /dev/null @@ -1,99 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CommonCrypto/CommonCryptor.h> -""" - -TYPES = """ -enum { - kCCAlgorithmAES128 = 0, - kCCAlgorithmDES, - kCCAlgorithm3DES, - kCCAlgorithmCAST, - kCCAlgorithmRC4, - kCCAlgorithmRC2, - kCCAlgorithmBlowfish -}; -typedef uint32_t CCAlgorithm; -enum { - kCCSuccess = 0, - kCCParamError = -4300, - kCCBufferTooSmall = -4301, - kCCMemoryFailure = -4302, - kCCAlignmentError = -4303, - kCCDecodeError = -4304, - kCCUnimplemented = -4305 -}; -typedef int32_t CCCryptorStatus; -typedef uint32_t CCOptions; -enum { - kCCEncrypt = 0, - kCCDecrypt, -}; -typedef uint32_t CCOperation; -typedef ... *CCCryptorRef; - -enum { - kCCModeOptionCTR_LE = 0x0001, - kCCModeOptionCTR_BE = 0x0002 -}; - -typedef uint32_t CCModeOptions; - -enum { - kCCModeECB = 1, - kCCModeCBC = 2, - kCCModeCFB = 3, - kCCModeCTR = 4, - kCCModeF8 = 5, - kCCModeLRW = 6, - kCCModeOFB = 7, - kCCModeXTS = 8, - kCCModeRC4 = 9, - kCCModeCFB8 = 10, - kCCModeGCM = 11 -}; -typedef uint32_t CCMode; -enum { - ccNoPadding = 0, - ccPKCS7Padding = 1, -}; -typedef uint32_t CCPadding; -""" - -FUNCTIONS = """ -CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, - CCPadding, const void *, const void *, - size_t, const void *, size_t, int, - CCModeOptions, CCCryptorRef *); -CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, - const void *, size_t, const void *, - CCCryptorRef *); -CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const void *, size_t, void *, - size_t, size_t *); -CCCryptorStatus CCCryptorFinal(CCCryptorRef, void *, size_t, size_t *); -CCCryptorStatus CCCryptorRelease(CCCryptorRef); - -CCCryptorStatus CCCryptorGCMAddIV(CCCryptorRef, const void *, size_t); -CCCryptorStatus CCCryptorGCMAddAAD(CCCryptorRef, const void *, size_t); -CCCryptorStatus CCCryptorGCMEncrypt(CCCryptorRef, const void *, size_t, - void *); -CCCryptorStatus CCCryptorGCMDecrypt(CCCryptorRef, const void *, size_t, - void *); -CCCryptorStatus CCCryptorGCMFinal(CCCryptorRef, const void *, size_t *); -CCCryptorStatus CCCryptorGCMReset(CCCryptorRef); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -/* Not defined in the public header */ -enum { - kCCModeGCM = 11 -}; -""" diff --git a/src/_cffi_src/commoncrypto/common_digest.py b/src/_cffi_src/commoncrypto/common_digest.py deleted file mode 100644 index e40e729f..00000000 --- a/src/_cffi_src/commoncrypto/common_digest.py +++ /dev/null @@ -1,58 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CommonCrypto/CommonDigest.h> -""" - -TYPES = """ -typedef uint32_t CC_LONG; -typedef uint64_t CC_LONG64; -typedef struct CC_MD5state_st { - ...; -} CC_MD5_CTX; -typedef struct CC_SHA1state_st { - ...; -} CC_SHA1_CTX; -typedef struct CC_SHA256state_st { - ...; -} CC_SHA256_CTX; -typedef struct CC_SHA512state_st { - ...; -} CC_SHA512_CTX; -""" - -FUNCTIONS = """ -int CC_MD5_Init(CC_MD5_CTX *); -int CC_MD5_Update(CC_MD5_CTX *, const void *, CC_LONG); -int CC_MD5_Final(unsigned char *, CC_MD5_CTX *); - -int CC_SHA1_Init(CC_SHA1_CTX *); -int CC_SHA1_Update(CC_SHA1_CTX *, const void *, CC_LONG); -int CC_SHA1_Final(unsigned char *, CC_SHA1_CTX *); - -int CC_SHA224_Init(CC_SHA256_CTX *); -int CC_SHA224_Update(CC_SHA256_CTX *, const void *, CC_LONG); -int CC_SHA224_Final(unsigned char *, CC_SHA256_CTX *); - -int CC_SHA256_Init(CC_SHA256_CTX *); -int CC_SHA256_Update(CC_SHA256_CTX *, const void *, CC_LONG); -int CC_SHA256_Final(unsigned char *, CC_SHA256_CTX *); - -int CC_SHA384_Init(CC_SHA512_CTX *); -int CC_SHA384_Update(CC_SHA512_CTX *, const void *, CC_LONG); -int CC_SHA384_Final(unsigned char *, CC_SHA512_CTX *); - -int CC_SHA512_Init(CC_SHA512_CTX *); -int CC_SHA512_Update(CC_SHA512_CTX *, const void *, CC_LONG); -int CC_SHA512_Final(unsigned char *, CC_SHA512_CTX *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/common_hmac.py b/src/_cffi_src/commoncrypto/common_hmac.py deleted file mode 100644 index 721cff53..00000000 --- a/src/_cffi_src/commoncrypto/common_hmac.py +++ /dev/null @@ -1,37 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CommonCrypto/CommonHMAC.h> -""" - -TYPES = """ -typedef struct { - ...; -} CCHmacContext; -enum { - kCCHmacAlgSHA1, - kCCHmacAlgMD5, - kCCHmacAlgSHA256, - kCCHmacAlgSHA384, - kCCHmacAlgSHA512, - kCCHmacAlgSHA224 -}; -typedef uint32_t CCHmacAlgorithm; -""" - -FUNCTIONS = """ -void CCHmacInit(CCHmacContext *, CCHmacAlgorithm, const void *, size_t); -void CCHmacUpdate(CCHmacContext *, const void *, size_t); -void CCHmacFinal(CCHmacContext *, void *); - -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/common_key_derivation.py b/src/_cffi_src/commoncrypto/common_key_derivation.py deleted file mode 100644 index 13ae5806..00000000 --- a/src/_cffi_src/commoncrypto/common_key_derivation.py +++ /dev/null @@ -1,39 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CommonCrypto/CommonKeyDerivation.h> -""" - -TYPES = """ -enum { - kCCPBKDF2 = 2, -}; -typedef uint32_t CCPBKDFAlgorithm; -enum { - kCCPRFHmacAlgSHA1 = 1, - kCCPRFHmacAlgSHA224 = 2, - kCCPRFHmacAlgSHA256 = 3, - kCCPRFHmacAlgSHA384 = 4, - kCCPRFHmacAlgSHA512 = 5, -}; -typedef uint32_t CCPseudoRandomAlgorithm; -typedef unsigned int uint; -""" - -FUNCTIONS = """ -int CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char *, size_t, - const uint8_t *, size_t, CCPseudoRandomAlgorithm, - uint, uint8_t *, size_t); -uint CCCalibratePBKDF(CCPBKDFAlgorithm, size_t, size_t, - CCPseudoRandomAlgorithm, size_t, uint32_t); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/common_symmetric_key_wrap.py b/src/_cffi_src/commoncrypto/common_symmetric_key_wrap.py deleted file mode 100644 index 9c7d42f8..00000000 --- a/src/_cffi_src/commoncrypto/common_symmetric_key_wrap.py +++ /dev/null @@ -1,35 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <CommonCrypto/CommonSymmetricKeywrap.h> -""" - -TYPES = """ -enum { - kCCWRAPAES = 1, -}; - -typedef uint32_t CCWrappingAlgorithm; -""" - -FUNCTIONS = """ -int CCSymmetricKeyWrap(CCWrappingAlgorithm, const uint8_t *, const size_t, - const uint8_t *, size_t, const uint8_t *, size_t, - uint8_t *, size_t *); -int CCSymmetricKeyUnwrap(CCWrappingAlgorithm algorithm, const uint8_t *, - const size_t, const uint8_t *, size_t, - const uint8_t *, size_t, uint8_t *, size_t *); -size_t CCSymmetricWrappedSize(CCWrappingAlgorithm, size_t); -size_t CCSymmetricUnwrappedSize(CCWrappingAlgorithm, size_t); - -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/seccertificate.py b/src/_cffi_src/commoncrypto/seccertificate.py deleted file mode 100644 index 2b54b0ee..00000000 --- a/src/_cffi_src/commoncrypto/seccertificate.py +++ /dev/null @@ -1,23 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecCertificate.h> -""" - -TYPES = """ -typedef ... *SecCertificateRef; -""" - -FUNCTIONS = """ -SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef, CFDataRef); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/secimport.py b/src/_cffi_src/commoncrypto/secimport.py deleted file mode 100644 index 81657596..00000000 --- a/src/_cffi_src/commoncrypto/secimport.py +++ /dev/null @@ -1,86 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecImportExport.h> -""" - -TYPES = """ -typedef ... *SecAccessRef; - -CFStringRef kSecImportExportPassphrase; -CFStringRef kSecImportExportKeychain; -CFStringRef kSecImportExportAccess; - -typedef uint32_t SecExternalItemType; -enum { - kSecItemTypeUnknown, - kSecItemTypePrivateKey, - kSecItemTypePublicKey, - kSecItemTypeSessionKey, - kSecItemTypeCertificate, - kSecItemTypeAggregate -}; - - -typedef uint32_t SecExternalFormat; -enum { - kSecFormatUnknown = 0, - kSecFormatOpenSSL, - kSecFormatSSH, - kSecFormatBSAFE, - kSecFormatRawKey, - kSecFormatWrappedPKCS8, - kSecFormatWrappedOpenSSL, - kSecFormatWrappedSSH, - kSecFormatWrappedLSH, - kSecFormatX509Cert, - kSecFormatPEMSequence, - kSecFormatPKCS7, - kSecFormatPKCS12, - kSecFormatNetscapeCertSequence, - kSecFormatSSHv2 -}; - -typedef uint32_t SecItemImportExportFlags; -enum { - kSecKeyImportOnlyOne = 0x00000001, - kSecKeySecurePassphrase = 0x00000002, - kSecKeyNoAccessControl = 0x00000004 -}; -typedef uint32_t SecKeyImportExportFlags; - -typedef struct { - /* for import and export */ - uint32_t version; - SecKeyImportExportFlags flags; - CFTypeRef passphrase; - CFStringRef alertTitle; - CFStringRef alertPrompt; - - /* for import only */ - SecAccessRef accessRef; - CFArrayRef keyUsage; - - CFArrayRef keyAttributes; -} SecItemImportExportKeyParameters; -""" - -FUNCTIONS = """ -OSStatus SecItemImport(CFDataRef, CFStringRef, SecExternalFormat *, - SecExternalItemType *, SecItemImportExportFlags, - const SecItemImportExportKeyParameters *, - SecKeychainRef, CFArrayRef *); -OSStatus SecPKCS12Import(CFDataRef, CFDictionaryRef, CFArrayRef *); -OSStatus SecItemExport(CFTypeRef, SecExternalFormat, SecItemImportExportFlags, - const SecItemImportExportKeyParameters *, CFDataRef *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/secitem.py b/src/_cffi_src/commoncrypto/secitem.py deleted file mode 100644 index 19bfe763..00000000 --- a/src/_cffi_src/commoncrypto/secitem.py +++ /dev/null @@ -1,27 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecItem.h> -""" - -TYPES = """ -const CFTypeRef kSecAttrKeyType; -const CFTypeRef kSecAttrKeySizeInBits; -const CFTypeRef kSecAttrIsPermanent; -const CFTypeRef kSecAttrKeyTypeRSA; -const CFTypeRef kSecAttrKeyTypeDSA; -const CFTypeRef kSecUseKeychain; -""" - -FUNCTIONS = """ -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/seckey.py b/src/_cffi_src/commoncrypto/seckey.py deleted file mode 100644 index 99fe61ec..00000000 --- a/src/_cffi_src/commoncrypto/seckey.py +++ /dev/null @@ -1,24 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecKey.h> -""" - -TYPES = """ -typedef ... *SecKeyRef; -""" - -FUNCTIONS = """ -OSStatus SecKeyGeneratePair(CFDictionaryRef, SecKeyRef *, SecKeyRef *); -size_t SecKeyGetBlockSize(SecKeyRef); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/seckeychain.py b/src/_cffi_src/commoncrypto/seckeychain.py deleted file mode 100644 index 221a87c7..00000000 --- a/src/_cffi_src/commoncrypto/seckeychain.py +++ /dev/null @@ -1,25 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecKeychain.h> -""" - -TYPES = """ -typedef ... *SecKeychainRef; -""" - -FUNCTIONS = """ -OSStatus SecKeychainCreate(const char *, UInt32, const void *, Boolean, - SecAccessRef, SecKeychainRef *); -OSStatus SecKeychainDelete(SecKeychainRef); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/secpolicy.py b/src/_cffi_src/commoncrypto/secpolicy.py deleted file mode 100644 index e132cfae..00000000 --- a/src/_cffi_src/commoncrypto/secpolicy.py +++ /dev/null @@ -1,23 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecPolicy.h> -""" - -TYPES = """ -typedef ... *SecPolicyRef; -""" - -FUNCTIONS = """ -SecPolicyRef SecPolicyCreateSSL(Boolean, CFStringRef); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/sectransform.py b/src/_cffi_src/commoncrypto/sectransform.py deleted file mode 100644 index 04037469..00000000 --- a/src/_cffi_src/commoncrypto/sectransform.py +++ /dev/null @@ -1,68 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecDigestTransform.h> -#include <Security/SecSignVerifyTransform.h> -#include <Security/SecEncryptTransform.h> -""" - -TYPES = """ -typedef ... *SecTransformRef; - -CFStringRef kSecImportExportPassphrase; -CFStringRef kSecImportExportKeychain; -CFStringRef kSecImportExportAccess; - -CFStringRef kSecEncryptionMode; -CFStringRef kSecEncryptKey; -CFStringRef kSecIVKey; -CFStringRef kSecModeCBCKey; -CFStringRef kSecModeCFBKey; -CFStringRef kSecModeECBKey; -CFStringRef kSecModeNoneKey; -CFStringRef kSecModeOFBKey; -CFStringRef kSecOAEPEncodingParametersAttributeName; -CFStringRef kSecPaddingKey; -CFStringRef kSecPaddingNoneKey; -CFStringRef kSecPaddingOAEPKey; -CFStringRef kSecPaddingPKCS1Key; -CFStringRef kSecPaddingPKCS5Key; -CFStringRef kSecPaddingPKCS7Key; - -const CFStringRef kSecTransformInputAttributeName; -const CFStringRef kSecTransformOutputAttributeName; -const CFStringRef kSecTransformDebugAttributeName; -const CFStringRef kSecTransformTransformName; -const CFStringRef kSecTransformAbortAttributeName; - -CFStringRef kSecInputIsAttributeName; -CFStringRef kSecInputIsPlainText; -CFStringRef kSecInputIsDigest; -CFStringRef kSecInputIsRaw; - -const CFStringRef kSecDigestTypeAttribute; -const CFStringRef kSecDigestLengthAttribute; -const CFStringRef kSecDigestMD5; -const CFStringRef kSecDigestSHA1; -const CFStringRef kSecDigestSHA2; -""" - -FUNCTIONS = """ -Boolean SecTransformSetAttribute(SecTransformRef, CFStringRef, CFTypeRef, - CFErrorRef *); -SecTransformRef SecDecryptTransformCreate(SecKeyRef, CFErrorRef *); -SecTransformRef SecEncryptTransformCreate(SecKeyRef, CFErrorRef *); -SecTransformRef SecVerifyTransformCreate(SecKeyRef, CFDataRef, CFErrorRef *); -SecTransformRef SecSignTransformCreate(SecKeyRef, CFErrorRef *) ; -CFTypeRef SecTransformExecute(SecTransformRef, CFErrorRef *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/sectrust.py b/src/_cffi_src/commoncrypto/sectrust.py deleted file mode 100644 index 842c36c7..00000000 --- a/src/_cffi_src/commoncrypto/sectrust.py +++ /dev/null @@ -1,39 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecTrust.h> -""" - -TYPES = """ -typedef ... *SecTrustRef; -typedef uint32_t SecTrustResultType; - -enum { - kSecTrustResultInvalid, - kSecTrustResultProceed, - kSecTrustResultDeny, - kSecTrustResultUnspecified, - kSecTrustResultRecoverableTrustFailure, - kSecTrustResultFatalTrustFailure, - kSecTrustResultOtherError -}; -""" - -FUNCTIONS = """ -OSStatus SecTrustEvaluate(SecTrustRef, SecTrustResultType *); -OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *); -""" - -MACROS = """ -/* The first argument changed from CFArrayRef to CFTypeRef in 10.8, so this - * has to go here for compatibility. - */ -OSStatus SecTrustCreateWithCertificates(CFTypeRef, CFTypeRef, SecTrustRef *); -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/commoncrypto/secure_transport.py b/src/_cffi_src/commoncrypto/secure_transport.py deleted file mode 100644 index 0ad1b0b0..00000000 --- a/src/_cffi_src/commoncrypto/secure_transport.py +++ /dev/null @@ -1,308 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <Security/SecureTransport.h> -""" - -TYPES = """ -typedef ... *SSLContextRef; -typedef const void *SSLConnectionRef; - -typedef enum { - kSSLSessionOptionBreakOnServerAuth, - kSSLSessionOptionBreakOnCertRequested, -} SSLSessionOption; - -typedef enum { - kNeverAuthenticate, - kAlwaysAuthenticate, - kTryAuthenticate -} SSLAuthenticate; - -typedef enum { - kSSLIdle, - kSSLHandshake, - kSSLConnected, - kSSLClosed, - kSSLAborted -} SSLSessionState; - -typedef enum { - kSSLProtocolUnknown = 0, - kSSLProtocol3 = 2, - kTLSProtocol1 = 4, - /* DEPRECATED on iOS */ - kSSLProtocol2 = 1, - kSSLProtocol3Only = 3, - kTLSProtocol1Only = 5, - kSSLProtocolAll = 6, -} SSLProtocol; - -typedef UInt32 SSLCipherSuite; -enum { - SSL_NULL_WITH_NULL_NULL = 0x0000, - SSL_RSA_WITH_NULL_MD5 = 0x0001, - SSL_RSA_WITH_NULL_SHA = 0x0002, - SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - SSL_RSA_WITH_RC4_128_MD5 = 0x0004, - SSL_RSA_WITH_RC4_128_SHA = 0x0005, - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007, - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - SSL_RSA_WITH_DES_CBC_SHA = 0x0009, - SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, - SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018, - SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A, - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, - SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =0x001D, - - /* TLS addenda using AES, per RFC 3268 */ - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, - - /* ECDSA addenda, RFC 4492 */ - TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, - TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, - TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, - TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, - TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, - TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, - TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, - TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, - - /* TLS 1.2 addenda, RFC 5246 */ - /* Initial state. */ - TLS_NULL_WITH_NULL_NULL = 0x0000, - - /* Server provided RSA certificate for key exchange. */ - TLS_RSA_WITH_NULL_MD5 = 0x0001, - TLS_RSA_WITH_NULL_SHA = 0x0002, - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_RSA_WITH_NULL_SHA256 = 0x003B, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, - - /* Server-authenticated (and optionally client-authenticated) - Diffie-Hellman. */ - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, - - /* Completely anonymous Diffie-Hellman */ - TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, - TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, - TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, - - /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites - for TLS. */ - TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, - TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, - TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, - TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, - - /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with - HMAC SHA-256/384. */ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, - - /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with - SHA-256/384 and AES Galois Counter Mode (GCM) */ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, - - /* RFC 5746 - Secure Renegotiation */ - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, - - /* - * Tags for SSL 2 cipher kinds that are not specified - * for SSL 3. - */ - SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, - SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, - SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, - SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, - SSL_NO_SUCH_CIPHERSUITE = 0xFFFF -}; - -typedef enum { - kSSLClientCertNone, - kSSLClientCertRequested, - kSSLClientCertSent, - kSSLClientCertRejected -} SSLClientCertificateState; - -enum { - errSSLProtocol = -9800, - errSSLNegotiation = -9801, - errSSLFatalAlert = -9802, - errSSLWouldBlock = -9803, - errSSLSessionNotFound = -9804, - errSSLClosedGraceful = -9805, - errSSLClosedAbort = -9806, - errSSLXCertChainInvalid = -9807, - errSSLBadCert = -9808, - errSSLCrypto = -9809, - errSSLInternal = -9810, - errSSLModuleAttach = -9811, - errSSLUnknownRootCert = -9812, - errSSLNoRootCert = -9813, - errSSLCertExpired = -9814, - errSSLCertNotYetValid = -9815, - errSSLClosedNoNotify = -9816, - errSSLBufferOverflow = -9817, - errSSLBadCipherSuite = -9818, - errSSLPeerUnexpectedMsg = -9819, - errSSLPeerBadRecordMac = -9820, - errSSLPeerDecryptionFail = -9821, - errSSLPeerRecordOverflow = -9822, - errSSLPeerDecompressFail = -9823, - errSSLPeerHandshakeFail = -9824, - errSSLPeerBadCert = -9825, - errSSLPeerUnsupportedCert = -9826, - errSSLPeerCertRevoked = -9827, - errSSLPeerCertExpired = -9828, - errSSLPeerCertUnknown = -9829, - errSSLIllegalParam = -9830, - errSSLPeerUnknownCA = -9831, - errSSLPeerAccessDenied = -9832, - errSSLPeerDecodeError = -9833, - errSSLPeerDecryptError = -9834, - errSSLPeerExportRestriction = -9835, - errSSLPeerProtocolVersion = -9836, - errSSLPeerInsufficientSecurity = -9837, - errSSLPeerInternalError = -9838, - errSSLPeerUserCancelled = -9839, - errSSLPeerNoRenegotiation = -9840, - errSSLServerAuthCompleted = -9841, - errSSLClientCertRequested = -9842, - errSSLHostNameMismatch = -9843, - errSSLConnectionRefused = -9844, - errSSLDecryptionFail = -9845, - errSSLBadRecordMac = -9846, - errSSLRecordOverflow = -9847, - errSSLBadConfiguration = -9848, - errSSLLast = -9849 /* end of range, to be deleted */ -}; -""" - -FUNCTIONS = """ -OSStatus SSLSetConnection(SSLContextRef, SSLConnectionRef); -OSStatus SSLGetConnection(SSLContextRef, SSLConnectionRef *); -OSStatus SSLSetSessionOption(SSLContextRef, SSLSessionOption, Boolean); -OSStatus SSLSetClientSideAuthenticate(SSLContextRef, SSLAuthenticate); - -OSStatus SSLHandshake(SSLContextRef); -OSStatus SSLGetSessionState(SSLContextRef, SSLSessionState *); -OSStatus SSLGetNegotiatedProtocolVersion(SSLContextRef, SSLProtocol *); -OSStatus SSLSetPeerID(SSLContextRef, const void *, size_t); -OSStatus SSLGetPeerID(SSLContextRef, const void **, size_t *); -OSStatus SSLGetBufferedReadSize(SSLContextRef, size_t *); -OSStatus SSLRead(SSLContextRef, void *, size_t, size_t *); -OSStatus SSLWrite(SSLContextRef, const void *, size_t, size_t *); -OSStatus SSLClose(SSLContextRef); - -OSStatus SSLGetNumberSupportedCiphers(SSLContextRef, size_t *); -OSStatus SSLGetSupportedCiphers(SSLContextRef, SSLCipherSuite *, size_t *); -OSStatus SSLSetEnabledCiphers(SSLContextRef, const SSLCipherSuite *, size_t); -OSStatus SSLGetNumberEnabledCiphers(SSLContextRef, size_t *); -OSStatus SSLGetEnabledCiphers(SSLContextRef, SSLCipherSuite *, size_t *); -OSStatus SSLGetNegotiatedCipher(SSLContextRef, SSLCipherSuite *); -OSStatus SSLSetDiffieHellmanParams(SSLContextRef, const void *, size_t); -OSStatus SSLGetDiffieHellmanParams(SSLContextRef, const void **, size_t *); - -OSStatus SSLSetCertificateAuthorities(SSLContextRef, CFTypeRef, Boolean); -OSStatus SSLCopyCertificateAuthorities(SSLContextRef, CFArrayRef *); -OSStatus SSLCopyDistinguishedNames(SSLContextRef, CFArrayRef *); -OSStatus SSLSetCertificate(SSLContextRef, CFArrayRef); -OSStatus SSLGetClientCertificateState(SSLContextRef, - SSLClientCertificateState *); -OSStatus SSLCopyPeerTrust(SSLContextRef, SecTrustRef *trust); - -OSStatus SSLSetPeerDomainName(SSLContextRef, const char *, size_t); -OSStatus SSLGetPeerDomainNameLength(SSLContextRef, size_t *); -OSStatus SSLGetPeerDomainName(SSLContextRef, char *, size_t *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/cryptography/hazmat/backends/__init__.py b/src/cryptography/hazmat/backends/__init__.py index ff8e8f0f..d90d27d8 100644 --- a/src/cryptography/hazmat/backends/__init__.py +++ b/src/cryptography/hazmat/backends/__init__.py @@ -14,56 +14,13 @@ def _available_backends(): global _available_backends_list if _available_backends_list is None: - # Lazy import pkg_resources here to avoid the performance issue - # on systems with many packages detailed in - # https://github.com/pypa/setuptools/issues/926 - import pkg_resources - - entry_point_backends = [ - # PersistentlyDeprecated - # setuptools 11.3 deprecated support for the require parameter to - # load(), and introduced the new resolve() method instead. - # We previously removed this fallback, but users are having issues - # where Python loads an older setuptools due to various syspath - # weirdness. - ep.resolve() if hasattr(ep, "resolve") else ep.load(require=False) - for ep in pkg_resources.iter_entry_points( - "cryptography.backends" - ) - ] - - _available_backends_list = _backend_import_fallback( - entry_point_backends + from cryptography.hazmat.backends.openssl.backend import ( + backend as be_ossl ) - + _available_backends_list = [be_ossl] return _available_backends_list -def _backend_import_fallback(backends): - # If backends already exist just return them. This branch is here - # to get full line coverage from our tests. - if backends: - return backends - - # if iter_entry_points fails to find any backends then manually try to - # import our current backends as a workaround for issues with application - # bundlers like pyinstaller, cx_freeze, etc - - # OpenSSL is guaranteed to be present until we unbundle the backends. - from cryptography.hazmat.backends.openssl.backend import backend as be_ossl - backends = [be_ossl] - try: - from cryptography.hazmat.backends.commoncrypto.backend import ( - backend as be_cc - ) - except ImportError: - pass - else: - backends.append(be_cc) - - return backends - - _default_backend = None diff --git a/src/cryptography/hazmat/backends/commoncrypto/__init__.py b/src/cryptography/hazmat/backends/commoncrypto/__init__.py deleted file mode 100644 index 1d52a255..00000000 --- a/src/cryptography/hazmat/backends/commoncrypto/__init__.py +++ /dev/null @@ -1,10 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography.hazmat.backends.commoncrypto.backend import backend - - -__all__ = ["backend"] diff --git a/src/cryptography/hazmat/backends/commoncrypto/backend.py b/src/cryptography/hazmat/backends/commoncrypto/backend.py deleted file mode 100644 index da78c9a1..00000000 --- a/src/cryptography/hazmat/backends/commoncrypto/backend.py +++ /dev/null @@ -1,250 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from collections import namedtuple - -from cryptography import utils -from cryptography.exceptions import InternalError -from cryptography.hazmat.backends.commoncrypto.ciphers import ( - _CipherContext, _GCMCipherContext -) -from cryptography.hazmat.backends.commoncrypto.hashes import _HashContext -from cryptography.hazmat.backends.commoncrypto.hmac import _HMACContext -from cryptography.hazmat.backends.interfaces import ( - CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend -) -from cryptography.hazmat.bindings.commoncrypto.binding import Binding -from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, ARC4, Blowfish, CAST5, TripleDES -) -from cryptography.hazmat.primitives.ciphers.modes import ( - CBC, CFB, CFB8, CTR, ECB, GCM, OFB -) - - -HashMethods = namedtuple( - "HashMethods", ["ctx", "hash_init", "hash_update", "hash_final"] -) - - -@utils.register_interface(CipherBackend) -@utils.register_interface(HashBackend) -@utils.register_interface(HMACBackend) -@utils.register_interface(PBKDF2HMACBackend) -class Backend(object): - """ - CommonCrypto API wrapper. - """ - name = "commoncrypto" - - def __init__(self): - self._binding = Binding() - self._ffi = self._binding.ffi - self._lib = self._binding.lib - - self._cipher_registry = {} - self._register_default_ciphers() - self._hash_mapping = { - "md5": HashMethods( - "CC_MD5_CTX *", self._lib.CC_MD5_Init, - self._lib.CC_MD5_Update, self._lib.CC_MD5_Final - ), - "sha1": HashMethods( - "CC_SHA1_CTX *", self._lib.CC_SHA1_Init, - self._lib.CC_SHA1_Update, self._lib.CC_SHA1_Final - ), - "sha224": HashMethods( - "CC_SHA256_CTX *", self._lib.CC_SHA224_Init, - self._lib.CC_SHA224_Update, self._lib.CC_SHA224_Final - ), - "sha256": HashMethods( - "CC_SHA256_CTX *", self._lib.CC_SHA256_Init, - self._lib.CC_SHA256_Update, self._lib.CC_SHA256_Final - ), - "sha384": HashMethods( - "CC_SHA512_CTX *", self._lib.CC_SHA384_Init, - self._lib.CC_SHA384_Update, self._lib.CC_SHA384_Final - ), - "sha512": HashMethods( - "CC_SHA512_CTX *", self._lib.CC_SHA512_Init, - self._lib.CC_SHA512_Update, self._lib.CC_SHA512_Final - ), - } - - self._supported_hmac_algorithms = { - "md5": self._lib.kCCHmacAlgMD5, - "sha1": self._lib.kCCHmacAlgSHA1, - "sha224": self._lib.kCCHmacAlgSHA224, - "sha256": self._lib.kCCHmacAlgSHA256, - "sha384": self._lib.kCCHmacAlgSHA384, - "sha512": self._lib.kCCHmacAlgSHA512, - } - - self._supported_pbkdf2_hmac_algorithms = { - "sha1": self._lib.kCCPRFHmacAlgSHA1, - "sha224": self._lib.kCCPRFHmacAlgSHA224, - "sha256": self._lib.kCCPRFHmacAlgSHA256, - "sha384": self._lib.kCCPRFHmacAlgSHA384, - "sha512": self._lib.kCCPRFHmacAlgSHA512, - } - - def hash_supported(self, algorithm): - return algorithm.name in self._hash_mapping - - def hmac_supported(self, algorithm): - return algorithm.name in self._supported_hmac_algorithms - - def create_hash_ctx(self, algorithm): - return _HashContext(self, algorithm) - - def create_hmac_ctx(self, key, algorithm): - return _HMACContext(self, key, algorithm) - - def cipher_supported(self, cipher, mode): - # In macOS 10.11.2-5 (as of this writing) CommonCrypto has a bug with - # Blowfish key lengths less than 64-bit. Filed as radar://26636600 - if isinstance(cipher, Blowfish) and len(cipher.key) < 8: - return False - else: - return (type(cipher), type(mode)) in self._cipher_registry - - def create_symmetric_encryption_ctx(self, cipher, mode): - if isinstance(mode, GCM): - return _GCMCipherContext( - self, cipher, mode, self._lib.kCCEncrypt - ) - else: - return _CipherContext(self, cipher, mode, self._lib.kCCEncrypt) - - def create_symmetric_decryption_ctx(self, cipher, mode): - if isinstance(mode, GCM): - return _GCMCipherContext( - self, cipher, mode, self._lib.kCCDecrypt - ) - else: - return _CipherContext(self, cipher, mode, self._lib.kCCDecrypt) - - def pbkdf2_hmac_supported(self, algorithm): - return algorithm.name in self._supported_pbkdf2_hmac_algorithms - - def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, - key_material): - alg_enum = self._supported_pbkdf2_hmac_algorithms[algorithm.name] - buf = self._ffi.new("uint8_t[]", length) - res = self._lib.CCKeyDerivationPBKDF( - self._lib.kCCPBKDF2, - key_material, - len(key_material), - salt, - len(salt), - alg_enum, - iterations, - buf, - length - ) - self._check_cipher_response(res) - - return self._ffi.buffer(buf)[:] - - def _register_cipher_adapter(self, cipher_cls, cipher_const, mode_cls, - mode_const): - if (cipher_cls, mode_cls) in self._cipher_registry: - raise ValueError("Duplicate registration for: {0} {1}.".format( - cipher_cls, mode_cls) - ) - self._cipher_registry[cipher_cls, mode_cls] = (cipher_const, - mode_const) - - def _register_default_ciphers(self): - for mode_cls, mode_const in [ - (CBC, self._lib.kCCModeCBC), - (ECB, self._lib.kCCModeECB), - (CFB, self._lib.kCCModeCFB), - (CFB8, self._lib.kCCModeCFB8), - (OFB, self._lib.kCCModeOFB), - (CTR, self._lib.kCCModeCTR), - (GCM, self._lib.kCCModeGCM), - ]: - self._register_cipher_adapter( - AES, - self._lib.kCCAlgorithmAES128, - mode_cls, - mode_const - ) - for mode_cls, mode_const in [ - (CBC, self._lib.kCCModeCBC), - (ECB, self._lib.kCCModeECB), - (CFB, self._lib.kCCModeCFB), - (CFB8, self._lib.kCCModeCFB8), - (OFB, self._lib.kCCModeOFB), - ]: - self._register_cipher_adapter( - TripleDES, - self._lib.kCCAlgorithm3DES, - mode_cls, - mode_const - ) - for mode_cls, mode_const in [ - (CBC, self._lib.kCCModeCBC), - (ECB, self._lib.kCCModeECB), - (CFB, self._lib.kCCModeCFB), - (OFB, self._lib.kCCModeOFB) - ]: - self._register_cipher_adapter( - Blowfish, - self._lib.kCCAlgorithmBlowfish, - mode_cls, - mode_const - ) - for mode_cls, mode_const in [ - (CBC, self._lib.kCCModeCBC), - (ECB, self._lib.kCCModeECB), - (CFB, self._lib.kCCModeCFB), - (OFB, self._lib.kCCModeOFB), - (CTR, self._lib.kCCModeCTR) - ]: - self._register_cipher_adapter( - CAST5, - self._lib.kCCAlgorithmCAST, - mode_cls, - mode_const - ) - self._register_cipher_adapter( - ARC4, - self._lib.kCCAlgorithmRC4, - type(None), - self._lib.kCCModeRC4 - ) - - def _check_cipher_response(self, response): - if response == self._lib.kCCSuccess: - return - elif response == self._lib.kCCAlignmentError: - # This error is not currently triggered due to a bug filed as - # rdar://15589470 - raise ValueError( - "The length of the provided data is not a multiple of " - "the block length." - ) - else: - raise InternalError( - "The backend returned an unknown error, consider filing a bug." - " Code: {0}.".format(response), - response - ) - - def _release_cipher_ctx(self, ctx): - """ - Called by the garbage collector and used to safely dereference and - release the context. - """ - if ctx[0] != self._ffi.NULL: - res = self._lib.CCCryptorRelease(ctx[0]) - self._check_cipher_response(res) - ctx[0] = self._ffi.NULL - - -backend = Backend() diff --git a/src/cryptography/hazmat/backends/commoncrypto/ciphers.py b/src/cryptography/hazmat/backends/commoncrypto/ciphers.py deleted file mode 100644 index 85ec9e76..00000000 --- a/src/cryptography/hazmat/backends/commoncrypto/ciphers.py +++ /dev/null @@ -1,233 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography import utils -from cryptography.exceptions import ( - InvalidTag, UnsupportedAlgorithm, _Reasons -) -from cryptography.hazmat.primitives import ciphers, constant_time -from cryptography.hazmat.primitives.ciphers import modes -from cryptography.hazmat.primitives.ciphers.modes import ( - CFB, CFB8, CTR, OFB -) - - -@utils.register_interface(ciphers.CipherContext) -class _CipherContext(object): - def __init__(self, backend, cipher, mode, operation): - self._backend = backend - self._cipher = cipher - self._mode = mode - self._operation = operation - # There is a bug in CommonCrypto where block ciphers do not raise - # kCCAlignmentError when finalizing if you supply non-block aligned - # data. To work around this we need to keep track of the block - # alignment ourselves, but only for alg+mode combos that require - # block alignment. OFB, CFB, and CTR make a block cipher algorithm - # into a stream cipher so we don't need to track them (and thus their - # block size is effectively 1 byte just like OpenSSL/CommonCrypto - # treat RC4 and other stream cipher block sizes). - # This bug has been filed as rdar://15589470 - self._bytes_processed = 0 - if (isinstance(cipher, ciphers.BlockCipherAlgorithm) and not - isinstance(mode, (OFB, CFB, CFB8, CTR))): - self._byte_block_size = cipher.block_size // 8 - else: - self._byte_block_size = 1 - - registry = self._backend._cipher_registry - try: - cipher_enum, mode_enum = registry[type(cipher), type(mode)] - except KeyError: - raise UnsupportedAlgorithm( - "cipher {0} in {1} mode is not supported " - "by this backend.".format( - cipher.name, mode.name if mode else mode), - _Reasons.UNSUPPORTED_CIPHER - ) - - ctx = self._backend._ffi.new("CCCryptorRef *") - ctx = self._backend._ffi.gc(ctx, self._backend._release_cipher_ctx) - - if isinstance(mode, modes.ModeWithInitializationVector): - iv_nonce = mode.initialization_vector - elif isinstance(mode, modes.ModeWithNonce): - iv_nonce = mode.nonce - else: - iv_nonce = self._backend._ffi.NULL - - if isinstance(mode, CTR): - mode_option = self._backend._lib.kCCModeOptionCTR_BE - else: - mode_option = 0 - - res = self._backend._lib.CCCryptorCreateWithMode( - operation, - mode_enum, cipher_enum, - self._backend._lib.ccNoPadding, iv_nonce, - cipher.key, len(cipher.key), - self._backend._ffi.NULL, 0, 0, mode_option, ctx) - self._backend._check_cipher_response(res) - - self._ctx = ctx - - def update(self, data): - # Count bytes processed to handle block alignment. - self._bytes_processed += len(data) - buf = self._backend._ffi.new( - "unsigned char[]", len(data) + self._byte_block_size - 1) - outlen = self._backend._ffi.new("size_t *") - res = self._backend._lib.CCCryptorUpdate( - self._ctx[0], data, len(data), buf, - len(data) + self._byte_block_size - 1, outlen) - self._backend._check_cipher_response(res) - return self._backend._ffi.buffer(buf)[:outlen[0]] - - def update_into(self, data, buf): - if len(buf) < (len(data) + self._byte_block_size - 1): - raise ValueError( - "buffer must be at least {0} bytes for this " - "payload".format(len(data) + self._byte_block_size - 1) - ) - # Count bytes processed to handle block alignment. - self._bytes_processed += len(data) - outlen = self._backend._ffi.new("size_t *") - buf = self._backend._ffi.cast( - "unsigned char *", self._backend._ffi.from_buffer(buf) - ) - res = self._backend._lib.CCCryptorUpdate( - self._ctx[0], data, len(data), buf, - len(data) + self._byte_block_size - 1, outlen) - self._backend._check_cipher_response(res) - return outlen[0] - - def finalize(self): - # Raise error if block alignment is wrong. - if self._bytes_processed % self._byte_block_size: - raise ValueError( - "The length of the provided data is not a multiple of " - "the block length." - ) - buf = self._backend._ffi.new("unsigned char[]", self._byte_block_size) - outlen = self._backend._ffi.new("size_t *") - res = self._backend._lib.CCCryptorFinal( - self._ctx[0], buf, len(buf), outlen) - self._backend._check_cipher_response(res) - self._backend._release_cipher_ctx(self._ctx) - return self._backend._ffi.buffer(buf)[:outlen[0]] - - -@utils.register_interface(ciphers.AEADCipherContext) -@utils.register_interface(ciphers.AEADEncryptionContext) -class _GCMCipherContext(object): - def __init__(self, backend, cipher, mode, operation): - self._backend = backend - self._cipher = cipher - self._mode = mode - self._operation = operation - self._tag = None - - registry = self._backend._cipher_registry - try: - cipher_enum, mode_enum = registry[type(cipher), type(mode)] - except KeyError: - raise UnsupportedAlgorithm( - "cipher {0} in {1} mode is not supported " - "by this backend.".format( - cipher.name, mode.name if mode else mode), - _Reasons.UNSUPPORTED_CIPHER - ) - - ctx = self._backend._ffi.new("CCCryptorRef *") - ctx = self._backend._ffi.gc(ctx, self._backend._release_cipher_ctx) - - self._ctx = ctx - - res = self._backend._lib.CCCryptorCreateWithMode( - operation, - mode_enum, cipher_enum, - self._backend._lib.ccNoPadding, - self._backend._ffi.NULL, - cipher.key, len(cipher.key), - self._backend._ffi.NULL, 0, 0, 0, self._ctx) - self._backend._check_cipher_response(res) - - res = self._backend._lib.CCCryptorGCMAddIV( - self._ctx[0], - mode.initialization_vector, - len(mode.initialization_vector) - ) - self._backend._check_cipher_response(res) - # CommonCrypto has a bug where calling update without at least one - # call to authenticate_additional_data will result in null byte output - # for ciphertext. The following empty byte string call prevents the - # issue, which is present in at least 10.8 and 10.9. - # Filed as rdar://18314544 - self.authenticate_additional_data(b"") - - def update(self, data): - buf = self._backend._ffi.new("unsigned char[]", len(data)) - args = (self._ctx[0], data, len(data), buf) - if self._operation == self._backend._lib.kCCEncrypt: - res = self._backend._lib.CCCryptorGCMEncrypt(*args) - else: - res = self._backend._lib.CCCryptorGCMDecrypt(*args) - - self._backend._check_cipher_response(res) - return self._backend._ffi.buffer(buf)[:] - - def update_into(self, data, buf): - if len(buf) < len(data): - raise ValueError( - "buffer must be at least {0} bytes".format(len(data)) - ) - - buf = self._backend._ffi.cast( - "unsigned char *", self._backend._ffi.from_buffer(buf) - ) - args = (self._ctx[0], data, len(data), buf) - if self._operation == self._backend._lib.kCCEncrypt: - res = self._backend._lib.CCCryptorGCMEncrypt(*args) - else: - res = self._backend._lib.CCCryptorGCMDecrypt(*args) - - self._backend._check_cipher_response(res) - return len(data) - - def finalize(self): - # CommonCrypto has a yet another bug where you must make at least one - # call to update. If you pass just AAD and call finalize without a call - # to update you'll get null bytes for tag. The following update call - # prevents this issue, which is present in at least 10.8 and 10.9. - # Filed as rdar://18314580 - self.update(b"") - tag_size = self._cipher.block_size // 8 - tag_buf = self._backend._ffi.new("unsigned char[]", tag_size) - tag_len = self._backend._ffi.new("size_t *", tag_size) - res = self._backend._lib.CCCryptorGCMFinal( - self._ctx[0], tag_buf, tag_len - ) - self._backend._check_cipher_response(res) - self._backend._release_cipher_ctx(self._ctx) - self._tag = self._backend._ffi.buffer(tag_buf)[:] - if self._operation == self._backend._lib.kCCDecrypt: - if self._mode.tag is None: - raise ValueError( - "Authentication tag must be provided when decrypting." - ) - if not constant_time.bytes_eq( - self._tag[:len(self._mode.tag)], self._mode.tag - ): - raise InvalidTag - return b"" - - def authenticate_additional_data(self, data): - res = self._backend._lib.CCCryptorGCMAddAAD( - self._ctx[0], data, len(data) - ) - self._backend._check_cipher_response(res) - - tag = utils.read_only_property("_tag") diff --git a/src/cryptography/hazmat/backends/commoncrypto/hashes.py b/src/cryptography/hazmat/backends/commoncrypto/hashes.py deleted file mode 100644 index a54e9833..00000000 --- a/src/cryptography/hazmat/backends/commoncrypto/hashes.py +++ /dev/null @@ -1,55 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import hashes - - -@utils.register_interface(hashes.HashContext) -class _HashContext(object): - def __init__(self, backend, algorithm, ctx=None): - self._algorithm = algorithm - self._backend = backend - - if ctx is None: - try: - methods = self._backend._hash_mapping[self.algorithm.name] - except KeyError: - raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend.".format( - algorithm.name), - _Reasons.UNSUPPORTED_HASH - ) - ctx = self._backend._ffi.new(methods.ctx) - res = methods.hash_init(ctx) - assert res == 1 - - self._ctx = ctx - - algorithm = utils.read_only_property("_algorithm") - - def copy(self): - methods = self._backend._hash_mapping[self.algorithm.name] - new_ctx = self._backend._ffi.new(methods.ctx) - # CommonCrypto has no APIs for copying hashes, so we have to copy the - # underlying struct. - new_ctx[0] = self._ctx[0] - - return _HashContext(self._backend, self.algorithm, ctx=new_ctx) - - def update(self, data): - methods = self._backend._hash_mapping[self.algorithm.name] - res = methods.hash_update(self._ctx, data, len(data)) - assert res == 1 - - def finalize(self): - methods = self._backend._hash_mapping[self.algorithm.name] - buf = self._backend._ffi.new("unsigned char[]", - self.algorithm.digest_size) - res = methods.hash_final(buf, self._ctx) - assert res == 1 - return self._backend._ffi.buffer(buf)[:] diff --git a/src/cryptography/hazmat/backends/commoncrypto/hmac.py b/src/cryptography/hazmat/backends/commoncrypto/hmac.py deleted file mode 100644 index ae623d84..00000000 --- a/src/cryptography/hazmat/backends/commoncrypto/hmac.py +++ /dev/null @@ -1,59 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography import utils -from cryptography.exceptions import ( - InvalidSignature, UnsupportedAlgorithm, _Reasons -) -from cryptography.hazmat.primitives import constant_time, hashes, interfaces - - -@utils.register_interface(interfaces.MACContext) -@utils.register_interface(hashes.HashContext) -class _HMACContext(object): - def __init__(self, backend, key, algorithm, ctx=None): - self._algorithm = algorithm - self._backend = backend - if ctx is None: - ctx = self._backend._ffi.new("CCHmacContext *") - try: - alg = self._backend._supported_hmac_algorithms[algorithm.name] - except KeyError: - raise UnsupportedAlgorithm( - "{0} is not a supported HMAC hash on this backend.".format( - algorithm.name), - _Reasons.UNSUPPORTED_HASH - ) - - self._backend._lib.CCHmacInit(ctx, alg, key, len(key)) - - self._ctx = ctx - self._key = key - - algorithm = utils.read_only_property("_algorithm") - - def copy(self): - copied_ctx = self._backend._ffi.new("CCHmacContext *") - # CommonCrypto has no APIs for copying HMACs, so we have to copy the - # underlying struct. - copied_ctx[0] = self._ctx[0] - return _HMACContext( - self._backend, self._key, self.algorithm, ctx=copied_ctx - ) - - def update(self, data): - self._backend._lib.CCHmacUpdate(self._ctx, data, len(data)) - - def finalize(self): - buf = self._backend._ffi.new("unsigned char[]", - self.algorithm.digest_size) - self._backend._lib.CCHmacFinal(self._ctx, buf) - return self._backend._ffi.buffer(buf)[:] - - def verify(self, signature): - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") diff --git a/src/cryptography/hazmat/bindings/commoncrypto/__init__.py b/src/cryptography/hazmat/bindings/commoncrypto/__init__.py deleted file mode 100644 index 4b540884..00000000 --- a/src/cryptography/hazmat/bindings/commoncrypto/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function diff --git a/src/cryptography/hazmat/bindings/commoncrypto/binding.py b/src/cryptography/hazmat/bindings/commoncrypto/binding.py deleted file mode 100644 index dfe046b5..00000000 --- a/src/cryptography/hazmat/bindings/commoncrypto/binding.py +++ /dev/null @@ -1,15 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography.hazmat.bindings._commoncrypto import ffi, lib - - -class Binding(object): - """ - CommonCrypto API wrapper. - """ - lib = lib - ffi = ffi diff --git a/tests/hazmat/backends/test_backendinit.py b/tests/hazmat/backends/test_backendinit.py deleted file mode 100644 index b930f99f..00000000 --- a/tests/hazmat/backends/test_backendinit.py +++ /dev/null @@ -1,17 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -from cryptography.hazmat.backends import _backend_import_fallback - - -def test_backend_import_fallback_empty_backends(): - backends = _backend_import_fallback([]) - assert len(backends) >= 1 - - -def test_backend_import_fallback_existing_backends(): - backend_list = [1, 2, 3, 4] - assert backend_list == _backend_import_fallback(backend_list) diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py deleted file mode 100644 index 2b730e93..00000000 --- a/tests/hazmat/backends/test_commoncrypto.py +++ /dev/null @@ -1,54 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import pytest - -from cryptography.exceptions import InternalError, _Reasons -from cryptography.hazmat.backends import _available_backends -from cryptography.hazmat.primitives.ciphers import Cipher -from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM - -from ...doubles import DummyCipherAlgorithm -from ...utils import raises_unsupported_algorithm - - -@pytest.mark.skipif("commoncrypto" not in - [i.name for i in _available_backends()], - reason="CommonCrypto not available") -class TestCommonCrypto(object): - def test_supports_cipher(self): - from cryptography.hazmat.backends.commoncrypto.backend import backend - assert backend.cipher_supported(None, None) is False - - def test_register_duplicate_cipher_adapter(self): - from cryptography.hazmat.backends.commoncrypto.backend import backend - with pytest.raises(ValueError): - backend._register_cipher_adapter( - AES, backend._lib.kCCAlgorithmAES128, - CBC, backend._lib.kCCModeCBC - ) - - def test_handle_response(self): - from cryptography.hazmat.backends.commoncrypto.backend import backend - - with pytest.raises(ValueError): - backend._check_cipher_response(backend._lib.kCCAlignmentError) - - with pytest.raises(InternalError): - backend._check_cipher_response(backend._lib.kCCMemoryFailure) - - with pytest.raises(InternalError): - backend._check_cipher_response(backend._lib.kCCDecodeError) - - def test_nonexistent_aead_cipher(self): - from cryptography.hazmat.backends.commoncrypto.backend import Backend - b = Backend() - cipher = Cipher( - DummyCipherAlgorithm(), GCM(b"fake_iv_here"), backend=b, - ) - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - cipher.encryptor() diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py deleted file mode 100644 index b0a2dc43..00000000 --- a/tests/hazmat/bindings/test_commoncrypto.py +++ /dev/null @@ -1,26 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import pytest - - -ccbinding = pytest.importorskip( - "cryptography.hazmat.bindings.commoncrypto.binding" -) - - -class TestCommonCrypto(object): - def test_binding_loads(self): - binding = ccbinding.Binding() - assert binding - assert binding.lib - assert binding.ffi - - def test_binding_returns_same_lib(self): - binding = ccbinding.Binding() - binding2 = ccbinding.Binding() - assert binding.lib == binding2.lib - assert binding.ffi == binding2.ffi diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index 59af84f5..ec51659d 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -82,20 +82,3 @@ class TestCAST5ModeCFB(object): lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)) ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms.CAST5(b"\x00" * 16), modes.CTR(b"\x00" * 8) - ), - skip_message="Does not support CAST5 CTR", -) -@pytest.mark.requires_backend_interface(interface=CipherBackend) -class TestCAST5ModeCTR(object): - test_CTR = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-ctr.txt"], - lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), - lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)) - ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 59326367..b8200123 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -47,10 +47,9 @@ def generate_encrypt_test(param_loader, path, file_names, cipher_factory, def encrypt_test(backend, cipher_factory, mode_factory, params): - if not backend.cipher_supported( + assert backend.cipher_supported( cipher_factory(**params), mode_factory(**params) - ): - pytest.skip("cipher/mode combo is unsupported by this backend") + ) plaintext = params["plaintext"] ciphertext = params["ciphertext"] |