diff options
| -rw-r--r-- | CHANGELOG.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 143 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/primitives/interfaces.rst | 131 | ||||
| -rw-r--r-- | docs/x509.rst | 6 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/rsa.py | 67 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/interfaces/__init__.py | 100 |
8 files changed, 260 insertions, 203 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 64a15f1f..2f0802d1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,12 @@ Changelog :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric.dsa` +* :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers` + were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to + :mod:`~cryptography.hazmat.primitives.asymmetric.rsa`. 0.7.2 - 2015-01-16 ~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 9afbcb67..a2dd0c1c 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -234,7 +234,7 @@ A specific ``backend`` may provide one or more of these interfaces. at least 2048. :return: A new instance of a - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` provider. :raises ValueError: If the public_exponent is not valid. @@ -265,7 +265,7 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. :returns: A provider of - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`. + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. :raises ValueError: This is raised when the values of ``p``, ``q``, ``private_exponent``, ``public_exponent``, or ``modulus`` do not @@ -280,7 +280,7 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. :returns: A provider of - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`. + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. :raises ValueError: This is raised when the values of ``public_exponent`` or ``modulus`` do not match the bounds diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 3c095a54..c37961eb 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -38,14 +38,17 @@ mathematical properties`_. :param int public_exponent: The public exponent of the new key. Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in doubt you should `use 65537`_. + :param int key_size: The length of the modulus in bits. For keys generated in 2015 it is strongly recommended to be `at least 2048`_ (See page 41). It must not be less than 512. Some backends may have additional limitations. + :param backend: A backend which provides :class:`~cryptography.hazmat.backends.interfaces.RSABackend`. + :return: An instance of - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`. + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the provided ``backend`` does not implement @@ -286,7 +289,7 @@ is unavailable. provider. :returns: A new instance of a - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` provider. .. class:: RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, public_numbers) @@ -355,7 +358,7 @@ is unavailable. provider. :returns: A - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` provider. Handling partial RSA private keys @@ -406,6 +409,140 @@ this without having to do the math themselves. :return: A tuple ``(p, q)`` +Key interfaces +~~~~~~~~~~~~~~ + +.. class:: RSAPrivateKey + + .. versionadded:: 0.2 + + An `RSA`_ private key. + + .. method:: signer(padding, algorithm) + + .. versionadded:: 0.3 + + Sign data which can be verified later by others using the public key. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` + + .. method:: decrypt(ciphertext, padding) + + .. versionadded:: 0.4 + + Decrypt data that was encrypted with the public key. + + :param bytes ciphertext: The ciphertext to decrypt. + + :param padding: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :return bytes: Decrypted data. + + .. method:: public_key() + + :return: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` + + An RSA public key object corresponding to the values of the private key. + + .. attribute:: key_size + + :type: int + + The bit length of the modulus. + + +.. class:: RSAPrivateKeyWithNumbers + + .. versionadded:: 0.5 + + Extends :class:`RSAPrivateKey`. + + .. method:: private_numbers() + + Create a + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` + object. + + :returns: An + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` + instance. + + +.. class:: RSAPublicKey + + .. versionadded:: 0.2 + + An `RSA`_ public key. + + .. method:: verifier(signature, padding, algorithm) + + .. versionadded:: 0.3 + + Verify data was signed by the private key associated with this public + key. + + :param bytes signature: The signature to verify. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + + .. method:: encrypt(plaintext, padding) + + .. versionadded:: 0.4 + + Encrypt data with the public key. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :return bytes: Encrypted data. + + .. attribute:: key_size + + :type: int + + The bit length of the modulus. + + +.. class:: RSAPublicKeyWithNumbers + + .. versionadded:: 0.5 + + Extends :class:`RSAPublicKey`. + + .. method:: public_numbers() + + Create a + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers` + object. + + :returns: An + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers` + instance. + + .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`specific mathematical properties`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 1456b0dc..f63455e4 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -44,10 +44,10 @@ methods. .. doctest:: >>> from cryptography.hazmat.backends import default_backend - >>> from cryptography.hazmat.primitives import interfaces + >>> from cryptography.hazmat.primitives.asymmetric import rsa >>> from cryptography.hazmat.primitives.serialization import load_pem_private_key >>> key = load_pem_private_key(pem_data, password=None, backend=default_backend()) - >>> if isinstance(key, interfaces.RSAPrivateKey): + >>> if isinstance(key, rsa.RSAPrivateKey): ... signature = sign_with_rsa_key(key, message) ... elif isinstance(key, interfaces.DSAPrivateKey): ... signature = sign_with_dsa_key(key, message) diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 2ba140bd..aae891e8 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -143,135 +143,8 @@ Asymmetric interfaces RSA ~~~ -.. class:: RSAPrivateKey - - .. versionadded:: 0.2 - - An `RSA`_ private key. - - .. method:: signer(padding, algorithm) - - .. versionadded:: 0.3 - - Sign data which can be verified later by others using the public key. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - - .. method:: decrypt(ciphertext, padding) - - .. versionadded:: 0.4 - - Decrypt data that was encrypted with the public key. - - :param bytes ciphertext: The ciphertext to decrypt. - - :param padding: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :return bytes: Decrypted data. - - .. method:: public_key() - - :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` - - An RSA public key object corresponding to the values of the private key. - - .. attribute:: key_size - - :type: int - - The bit length of the modulus. - -.. class:: RSAPrivateKeyWithNumbers - - .. versionadded:: 0.5 - - Extends :class:`RSAPrivateKey`. - - .. method:: private_numbers() - - Create a - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` - object. - - :returns: An - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` - instance. - - -.. class:: RSAPublicKey - - .. versionadded:: 0.2 - - An `RSA`_ public key. - - .. method:: verifier(signature, padding, algorithm) - - .. versionadded:: 0.3 - - Verify data was signed by the private key associated with this public - key. - - :param bytes signature: The signature to verify. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - - .. method:: encrypt(plaintext, padding) - - .. versionadded:: 0.4 - - Encrypt data with the public key. - - :param bytes plaintext: The plaintext to encrypt. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :return bytes: Encrypted data. - - .. attribute:: key_size - - :type: int - - The bit length of the modulus. - - -.. class:: RSAPublicKeyWithNumbers - - .. versionadded:: 0.5 - - Extends :class:`RSAPublicKey`. - - .. method:: public_numbers() - - Create a - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers` - object. - - :returns: An - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers` - instance. - +In 0.8 the RSA key interfaces were moved to the +:mod:`cryptography.hazmat.primitives.asymmetric.rsa` module. .. class:: EllipticCurve diff --git a/docs/x509.rst b/docs/x509.rst index b3c9380c..26b91873 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -129,7 +129,7 @@ X.509 Certificate Object .. method:: public_key() :type: - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` or :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey` @@ -137,9 +137,9 @@ X.509 Certificate Object .. doctest:: - >>> from cryptography.hazmat.primitives import interfaces + >>> from cryptography.hazmat.primitives.asymmetric import rsa >>> public_key = cert.public_key() - >>> isinstance(public_key, interfaces.RSAPublicKey) + >>> isinstance(public_key, rsa.RSAPublicKey) True .. attribute:: not_valid_before diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py index 47bdf5cb..332ad2c3 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -4,6 +4,7 @@ from __future__ import absolute_import, division, print_function +import abc from fractions import gcd import six @@ -13,6 +14,72 @@ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend +@six.add_metaclass(abc.ABCMeta) +class RSAPrivateKey(object): + @abc.abstractmethod + def signer(self, padding, algorithm): + """ + Returns an AsymmetricSignatureContext used for signing data. + """ + + @abc.abstractmethod + def decrypt(self, ciphertext, padding): + """ + Decrypts the provided ciphertext. + """ + + @abc.abstractproperty + def key_size(self): + """ + The bit length of the public modulus. + """ + + @abc.abstractmethod + def public_key(self): + """ + The RSAPublicKey associated with this private key. + """ + + +@six.add_metaclass(abc.ABCMeta) +class RSAPrivateKeyWithNumbers(RSAPrivateKey): + @abc.abstractmethod + def private_numbers(self): + """ + Returns an RSAPrivateNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) +class RSAPublicKey(object): + @abc.abstractmethod + def verifier(self, signature, padding, algorithm): + """ + Returns an AsymmetricVerificationContext used for verifying signatures. + """ + + @abc.abstractmethod + def encrypt(self, plaintext, padding): + """ + Encrypts the given plaintext. + """ + + @abc.abstractproperty + def key_size(self): + """ + The bit length of the public modulus. + """ + + +@six.add_metaclass(abc.ABCMeta) +class RSAPublicKeyWithNumbers(RSAPublicKey): + @abc.abstractmethod + def public_numbers(self): + """ + Returns an RSAPublicNumbers + """ + + def generate_private_key(public_exponent, key_size, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( diff --git a/src/cryptography/hazmat/primitives/interfaces/__init__.py b/src/cryptography/hazmat/primitives/interfaces/__init__.py index 7961cf15..e0bcb8f5 100644 --- a/src/cryptography/hazmat/primitives/interfaces/__init__.py +++ b/src/cryptography/hazmat/primitives/interfaces/__init__.py @@ -9,9 +9,8 @@ import abc import six from cryptography import utils - from cryptography.hazmat.primitives.asymmetric import dsa - +from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.interfaces.asymmetric.ec import ( EllipticCurve, EllipticCurvePrivateKey, EllipticCurvePrivateKeyWithNumbers, EllipticCurvePublicKey, EllipticCurvePublicKeyWithNumbers, @@ -196,70 +195,45 @@ class HashContext(object): """ -@six.add_metaclass(abc.ABCMeta) -class RSAPrivateKey(object): - @abc.abstractmethod - def signer(self, padding, algorithm): - """ - Returns an AsymmetricSignatureContext used for signing data. - """ - - @abc.abstractmethod - def decrypt(self, ciphertext, padding): - """ - Decrypts the provided ciphertext. - """ - - @abc.abstractproperty - def key_size(self): - """ - The bit length of the public modulus. - """ - - @abc.abstractmethod - def public_key(self): - """ - The RSAPublicKey associated with this private key. - """ - - -@six.add_metaclass(abc.ABCMeta) -class RSAPrivateKeyWithNumbers(RSAPrivateKey): - @abc.abstractmethod - def private_numbers(self): - """ - Returns an RSAPrivateNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) -class RSAPublicKey(object): - @abc.abstractmethod - def verifier(self, signature, padding, algorithm): - """ - Returns an AsymmetricVerificationContext used for verifying signatures. - """ - - @abc.abstractmethod - def encrypt(self, plaintext, padding): - """ - Encrypts the given plaintext. - """ +RSAPrivateKey = utils.deprecated( + rsa.RSAPrivateKey, + __name__, + ( + "The RSAPrivateKey interface has moved to the " + "cryptography.hazmat.primitives.asymmetric.rsa module" + ), + utils.DeprecatedIn08 +) - @abc.abstractproperty - def key_size(self): - """ - The bit length of the public modulus. - """ +RSAPrivateKeyWithNumbers = utils.deprecated( + rsa.RSAPrivateKeyWithNumbers, + __name__, + ( + "The RSAPrivateKeyWithNumbers interface has moved to the " + "cryptography.hazmat.primitives.asymmetric.rsa module" + ), + utils.DeprecatedIn08 +) +RSAPublicKey = utils.deprecated( + rsa.RSAPublicKey, + __name__, + ( + "The RSAPublicKeyWithNumbers interface has moved to the " + "cryptography.hazmat.primitives.asymmetric.rsa module" + ), + utils.DeprecatedIn08 +) -@six.add_metaclass(abc.ABCMeta) -class RSAPublicKeyWithNumbers(RSAPublicKey): - @abc.abstractmethod - def public_numbers(self): - """ - Returns an RSAPublicNumbers - """ +RSAPublicKeyWithNumbers = utils.deprecated( + rsa.RSAPublicKeyWithNumbers, + __name__, + ( + "The RSAPublicKeyWithNumbers interface has moved to the " + "cryptography.hazmat.primitives.asymmetric.rsa module" + ), + utils.DeprecatedIn08 +) @six.add_metaclass(abc.ABCMeta) |