diff options
Diffstat (limited to 'cryptography/hazmat')
56 files changed, 461 insertions, 151 deletions
diff --git a/cryptography/hazmat/__init__.py b/cryptography/hazmat/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/__init__.py +++ b/cryptography/hazmat/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index 406b37e5..ae78822c 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -11,23 +11,44 @@ # See the License for the specific language governing permissions and # limitations under the License. -from cryptography.hazmat.backends import openssl +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.bindings.commoncrypto.binding import ( Binding as CommonCryptoBinding ) +from cryptography.hazmat.bindings.openssl.binding import ( + Binding as OpenSSLBinding +) + + +_available_backends_list = None + -_ALL_BACKENDS = [] +def _available_backends(): + global _available_backends_list -if CommonCryptoBinding.is_available(): - from cryptography.hazmat.backends import commoncrypto - _ALL_BACKENDS.append(commoncrypto.backend) + if _available_backends_list is None: + _available_backends_list = [] -_ALL_BACKENDS.append(openssl.backend) + if CommonCryptoBinding.is_available(): + from cryptography.hazmat.backends import commoncrypto + _available_backends_list.append(commoncrypto.backend) + if OpenSSLBinding.is_available(): + from cryptography.hazmat.backends import openssl + _available_backends_list.append(openssl.backend) -_default_backend = MultiBackend(_ALL_BACKENDS) + return _available_backends_list + + +_default_backend = None def default_backend(): + global _default_backend + + if _default_backend is None: + _default_backend = MultiBackend(_available_backends()) + return _default_backend diff --git a/cryptography/hazmat/backends/commoncrypto/__init__.py b/cryptography/hazmat/backends/commoncrypto/__init__.py index 64a1c01c..f080394f 100644 --- a/cryptography/hazmat/backends/commoncrypto/__init__.py +++ b/cryptography/hazmat/backends/commoncrypto/__init__.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.commoncrypto.backend import backend diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index da41532d..27b609ed 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -106,6 +106,12 @@ class RSABackend(six.with_metaclass(abc.ABCMeta)): interface. """ + @abc.abstractmethod + def mgf1_hash_supported(self, algorithm): + """ + Return True if the hash algorithm is supported for MGF1 in PSS. + """ + class OpenSSLSerializationBackend(six.with_metaclass(abc.ABCMeta)): @abc.abstractmethod diff --git a/cryptography/hazmat/backends/openssl/__init__.py b/cryptography/hazmat/backends/openssl/__init__.py index a8dfad06..25885e18 100644 --- a/cryptography/hazmat/backends/openssl/__init__.py +++ b/cryptography/hazmat/backends/openssl/__init__.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.openssl.backend import backend diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 6ee3daf5..b977b4c8 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -30,7 +30,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Blowfish, Camellia, TripleDES, ARC4, CAST5 + AES, Blowfish, Camellia, CAST5, TripleDES, ARC4, IDEA ) from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CTR, ECB, OFB, CFB, GCM, @@ -161,11 +161,14 @@ class Backend(object): mode_cls, GetCipherByName("bf-{mode.name}") ) - for mode_cls in [CBC, CFB, OFB, ECB]: + for cipher_cls, mode_cls in itertools.product( + [CAST5, IDEA], + [CBC, OFB, CFB, ECB], + ): self.register_cipher_adapter( - CAST5, + cipher_cls, mode_cls, - GetCipherByName("cast5-{mode.name}") + GetCipherByName("{cipher.name}-{mode.name}") ) self.register_cipher_adapter( ARC4, @@ -325,21 +328,54 @@ class Backend(object): ) assert res == 1 + return self._rsa_cdata_to_private_key(ctx) + + def _new_evp_pkey(self): + evp_pkey = self._lib.EVP_PKEY_new() + assert evp_pkey != self._ffi.NULL + return self._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) + + def _rsa_private_key_to_evp_pkey(self, private_key): + evp_pkey = self._new_evp_pkey() + rsa_cdata = self._rsa_cdata_from_private_key(private_key) + + res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL) + assert res == 1 + + res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata) + assert res == 1 + + return evp_pkey + + def _rsa_public_key_to_evp_pkey(self, public_key): + evp_pkey = self._new_evp_pkey() + rsa_cdata = self._rsa_cdata_from_public_key(public_key) + + res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL) + assert res == 1 + + res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata) + assert res == 1 + + return evp_pkey + + def _rsa_cdata_to_private_key(self, cdata): return rsa.RSAPrivateKey( - p=self._bn_to_int(ctx.p), - q=self._bn_to_int(ctx.q), - dmp1=self._bn_to_int(ctx.dmp1), - dmq1=self._bn_to_int(ctx.dmq1), - iqmp=self._bn_to_int(ctx.iqmp), - private_exponent=self._bn_to_int(ctx.d), - public_exponent=self._bn_to_int(ctx.e), - modulus=self._bn_to_int(ctx.n), + p=self._bn_to_int(cdata.p), + q=self._bn_to_int(cdata.q), + dmp1=self._bn_to_int(cdata.dmp1), + dmq1=self._bn_to_int(cdata.dmq1), + iqmp=self._bn_to_int(cdata.iqmp), + private_exponent=self._bn_to_int(cdata.d), + public_exponent=self._bn_to_int(cdata.e), + modulus=self._bn_to_int(cdata.n), ) def _rsa_cdata_from_private_key(self, private_key): + # Does not GC the RSA cdata. You *must* make sure it's freed + # correctly yourself! ctx = self._lib.RSA_new() assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) ctx.p = self._int_to_bn(private_key.p) ctx.q = self._int_to_bn(private_key.q) ctx.d = self._int_to_bn(private_key.d) @@ -351,9 +387,11 @@ class Backend(object): return ctx def _rsa_cdata_from_public_key(self, public_key): + # Does not GC the RSA cdata. You *must* make sure it's freed + # correctly yourself! + ctx = self._lib.RSA_new() assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) ctx.e = self._int_to_bn(public_key.e) ctx.n = self._int_to_bn(public_key.n) return ctx @@ -681,24 +719,19 @@ class _RSASignatureContext(object): def finalize(self): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = backend._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) - rsa_cdata = backend._rsa_cdata_from_private_key(self._private_key) - res = self._backend._lib.RSA_blinding_on( - rsa_cdata, self._backend._ffi.NULL) - assert res == 1 - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 + + evp_pkey = self._backend._rsa_private_key_to_evp_pkey( + self._private_key) + evp_md = self._backend._lib.EVP_get_digestbyname( self._algorithm.name.encode("ascii")) assert evp_md != self._backend._ffi.NULL pkey_size = self._backend._lib.EVP_PKEY_size(evp_pkey) assert pkey_size > 0 - return self._finalize_method(evp_pkey, pkey_size, rsa_cdata, evp_md) + return self._finalize_method(evp_pkey, pkey_size, evp_md) - def _finalize_pkey_ctx(self, evp_pkey, pkey_size, rsa_cdata, evp_md): + def _finalize_pkey_ctx(self, evp_pkey, pkey_size, evp_md): pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( evp_pkey, self._backend._ffi.NULL ) @@ -729,7 +762,7 @@ class _RSASignatureContext(object): assert res == 1 return self._backend._ffi.buffer(buf)[:] - def _finalize_pkcs1(self, evp_pkey, pkey_size, rsa_cdata, evp_md): + def _finalize_pkcs1(self, evp_pkey, pkey_size, evp_md): sig_buf = self._backend._ffi.new("char[]", pkey_size) sig_len = self._backend._ffi.new("unsigned int *") res = self._backend._lib.EVP_SignFinal( @@ -777,22 +810,16 @@ class _RSAVerificationContext(object): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = backend._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) - rsa_cdata = backend._rsa_cdata_from_public_key(self._public_key) - res = self._backend._lib.RSA_blinding_on( - rsa_cdata, self._backend._ffi.NULL) - assert res == 1 - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 + evp_pkey = self._backend._rsa_public_key_to_evp_pkey( + self._public_key) + evp_md = self._backend._lib.EVP_get_digestbyname( self._algorithm.name.encode("ascii")) assert evp_md != self._backend._ffi.NULL - self._verify_method(rsa_cdata, evp_pkey, evp_md) + self._verify_method(evp_pkey, evp_md) - def _verify_pkey_ctx(self, rsa_cdata, evp_pkey, evp_md): + def _verify_pkey_ctx(self, evp_pkey, evp_md): pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( evp_pkey, self._backend._ffi.NULL ) @@ -820,10 +847,11 @@ class _RSAVerificationContext(object): # occurs. assert res >= 0 if res == 0: - assert self._backend._consume_errors() + errors = self._backend._consume_errors() + assert errors raise InvalidSignature - def _verify_pkcs1(self, rsa_cdata, evp_pkey, evp_md): + def _verify_pkcs1(self, evp_pkey, evp_md): res = self._backend._lib.EVP_VerifyFinal( self._hash_ctx._ctx, self._signature, @@ -837,7 +865,8 @@ class _RSAVerificationContext(object): # occurs. assert res >= 0 if res == 0: - assert self._backend._consume_errors() + errors = self._backend._consume_errors() + assert errors raise InvalidSignature diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/bindings/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/__init__.py +++ b/cryptography/hazmat/bindings/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/commoncrypto/__init__.py b/cryptography/hazmat/bindings/commoncrypto/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/commoncrypto/__init__.py +++ b/cryptography/hazmat/bindings/commoncrypto/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py index 45c0eaad..ee809425 100644 --- a/cryptography/hazmat/bindings/commoncrypto/binding.py +++ b/cryptography/hazmat/bindings/commoncrypto/binding.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import sys +import platform from cryptography.hazmat.bindings.utils import build_ffi @@ -46,4 +47,5 @@ class Binding(object): @classmethod def is_available(cls): - return sys.platform == "darwin" + return sys.platform == "darwin" and list(map( + int, platform.mac_ver()[0].split("."))) >= [10, 8, 0] diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py index 8f03bc3f..9bd03a7c 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonCryptor.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_digest.py b/cryptography/hazmat/bindings/commoncrypto/common_digest.py index ec0fcc92..c59200cb 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_digest.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_digest.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonDigest.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py index a4bf9009..4f54b62b 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonHMAC.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py index 85def1e9..e8cc03ef 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonKeyDerivation.h> """ diff --git a/cryptography/hazmat/bindings/openssl/__init__.py b/cryptography/hazmat/bindings/openssl/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/openssl/__init__.py +++ b/cryptography/hazmat/bindings/openssl/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py index 95ed5271..17c154cf 100644 --- a/cryptography/hazmat/bindings/openssl/aes.py +++ b/cryptography/hazmat/bindings/openssl/aes.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/aes.h> """ diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/bindings/openssl/asn1.py index aeaf316e..144a893e 100644 --- a/cryptography/hazmat/bindings/openssl/asn1.py +++ b/cryptography/hazmat/bindings/openssl/asn1.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/asn1.h> """ @@ -106,7 +108,6 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t); /* ASN1 GENERALIZEDTIME */ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *); void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *); -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); /* ASN1 ENUMERATED */ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); @@ -136,6 +137,9 @@ long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); + +/* These isn't a macro the arg is const on openssl 1.0.2+ */ +int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py index e843099e..a40397db 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/bindings/openssl/bignum.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/bn.h> """ diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/bindings/openssl/bio.py index 28172689..0c521b4d 100644 --- a/cryptography/hazmat/bindings/openssl/bio.py +++ b/cryptography/hazmat/bindings/openssl/bio.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/bio.h> """ diff --git a/cryptography/hazmat/bindings/openssl/conf.py b/cryptography/hazmat/bindings/openssl/conf.py index 6d818cf1..dda35e86 100644 --- a/cryptography/hazmat/bindings/openssl/conf.py +++ b/cryptography/hazmat/bindings/openssl/conf.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/conf.h> """ diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py index 81d13b73..99e1a61d 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/bindings/openssl/crypto.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/crypto.h> """ diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index ecc62e98..1791a670 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/dh.h> """ diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 664296d3..40d3b8ee 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/dsa.h> """ diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 9d6f7cb9..2617fe2a 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #ifndef OPENSSL_NO_EC #include <openssl/ec.h> diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py index 77118e81..364232e0 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/bindings/openssl/engine.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/engine.h> """ diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index f21d98b6..551d8217 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/err.h> """ @@ -18,6 +20,7 @@ INCLUDES = """ TYPES = """ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; +static const int Cryptography_HAS_098C_CAMELLIA_CODES; struct ERR_string_data_st { unsigned long error; @@ -29,6 +32,7 @@ typedef struct ERR_string_data_st ERR_STRING_DATA; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; static const int ERR_LIB_ASN1; +static const int ERR_LIB_RSA; static const int ASN1_F_ASN1_ENUMERATED_TO_BN; static const int ASN1_F_ASN1_EX_C2I; @@ -97,7 +101,6 @@ static const int ASN1_R_WRONG_TAG; static const int ASN1_R_WRONG_TYPE; static const int EVP_F_AES_INIT_KEY; -static const int EVP_F_CAMELLIA_INIT_KEY; static const int EVP_F_D2I_PKEY; static const int EVP_F_DSA_PKEY2PKCS8; static const int EVP_F_DSAPKEY2PKCS8; @@ -138,7 +141,6 @@ static const int EVP_R_BAD_BLOCK_LENGTH; static const int EVP_R_BAD_KEY_LENGTH; static const int EVP_R_BN_DECODE_ERROR; static const int EVP_R_BN_PUBKEY_ERROR; -static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; static const int EVP_R_CIPHER_PARAMETER_ERROR; static const int EVP_R_CTRL_NOT_IMPLEMENTED; static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED; @@ -211,6 +213,8 @@ static const int PEM_R_READ_KEY; static const int PEM_R_SHORT_HEADER; static const int PEM_R_UNSUPPORTED_CIPHER; static const int PEM_R_UNSUPPORTED_ENCRYPTION; + +static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; """ FUNCTIONS = """ @@ -261,6 +265,9 @@ static const int ASN1_F_SMIME_TEXT; static const int ASN1_R_NO_CONTENT_TYPE; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE; static const int ASN1_R_NO_MULTIPART_BOUNDARY; +/* These were added in OpenSSL 0.9.8c. */ +static const int EVP_F_CAMELLIA_INIT_KEY; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; """ CUSTOMIZATIONS = """ @@ -285,6 +292,16 @@ static const int ASN1_R_NO_CONTENT_TYPE = 0; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0; static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0; #endif + +// OpenSSL 0.9.8c+ +#ifdef EVP_F_CAMELLIA_INIT_KEY +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 1; +#else +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 0; +static const int EVP_F_CAMELLIA_INIT_KEY = 0; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0; +#endif + """ CONDITIONAL_NAMES = { @@ -300,4 +317,8 @@ CONDITIONAL_NAMES = { "ASN1_R_NO_MULTIPART_BODY_FAILURE", "ASN1_R_NO_MULTIPART_BOUNDARY", ], + "Cryptography_HAS_098C_CAMELLIA_CODES": [ + "EVP_F_CAMELLIA_INIT_KEY", + "EVP_R_CAMELLIA_KEY_SETUP_FAILED" + ] } diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py index 77128c47..ad4b568e 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/bindings/openssl/evp.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/evp.h> """ diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py index 4b81c9df..6a64b92c 100644 --- a/cryptography/hazmat/bindings/openssl/hmac.py +++ b/cryptography/hazmat/bindings/openssl/hmac.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/hmac.h> """ diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py index cb83c1ba..ea6fd4d6 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/bindings/openssl/nid.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = "" TYPES = """ diff --git a/cryptography/hazmat/bindings/openssl/objects.py b/cryptography/hazmat/bindings/openssl/objects.py index 0abc42d6..557c0158 100644 --- a/cryptography/hazmat/bindings/openssl/objects.py +++ b/cryptography/hazmat/bindings/openssl/objects.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/objects.h> """ diff --git a/cryptography/hazmat/bindings/openssl/opensslv.py b/cryptography/hazmat/bindings/openssl/opensslv.py index 397f4ca2..e4aa6212 100644 --- a/cryptography/hazmat/bindings/openssl/opensslv.py +++ b/cryptography/hazmat/bindings/openssl/opensslv.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/opensslv.h> """ diff --git a/cryptography/hazmat/bindings/openssl/osrandom_engine.py b/cryptography/hazmat/bindings/openssl/osrandom_engine.py index 0903a4bf..462997cc 100644 --- a/cryptography/hazmat/bindings/openssl/osrandom_engine.py +++ b/cryptography/hazmat/bindings/openssl/osrandom_engine.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #ifdef _WIN32 #include <Wincrypt.h> diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py index 942cba34..e42fc6fe 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/bindings/openssl/pem.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pem.h> """ diff --git a/cryptography/hazmat/bindings/openssl/pkcs12.py b/cryptography/hazmat/bindings/openssl/pkcs12.py index bd01e756..a8f106f6 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs12.py +++ b/cryptography/hazmat/bindings/openssl/pkcs12.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pkcs12.h> """ diff --git a/cryptography/hazmat/bindings/openssl/pkcs7.py b/cryptography/hazmat/bindings/openssl/pkcs7.py index 43f9540b..1343e566 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs7.py +++ b/cryptography/hazmat/bindings/openssl/pkcs7.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pkcs7.h> """ diff --git a/cryptography/hazmat/bindings/openssl/rand.py b/cryptography/hazmat/bindings/openssl/rand.py index 0e645fbc..7b1be9df 100644 --- a/cryptography/hazmat/bindings/openssl/rand.py +++ b/cryptography/hazmat/bindings/openssl/rand.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/rand.h> """ diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index f895cd02..c6356101 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/rsa.h> """ diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 25bef49a..9735ae6a 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/ssl.h> """ @@ -19,109 +21,114 @@ TYPES = """ /* * Internally invented symbols to tell which versions of SSL/TLS are supported. */ -static const int Cryptography_HAS_SSL2; -static const int Cryptography_HAS_TLSv1_1; -static const int Cryptography_HAS_TLSv1_2; +static const long Cryptography_HAS_SSL2; +static const long Cryptography_HAS_TLSv1_1; +static const long Cryptography_HAS_TLSv1_2; /* Internally invented symbol to tell us if SNI is supported */ -static const int Cryptography_HAS_TLSEXT_HOSTNAME; +static const long Cryptography_HAS_TLSEXT_HOSTNAME; /* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is * supported */ -static const int Cryptography_HAS_RELEASE_BUFFERS; +static const long Cryptography_HAS_RELEASE_BUFFERS; /* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is * supported */ -static const int Cryptography_HAS_OP_NO_COMPRESSION; - -static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; -static const int Cryptography_HAS_SSL_SET_SSL_CTX; -static const int Cryptography_HAS_SSL_OP_NO_TICKET; - -static const int SSL_FILETYPE_PEM; -static const int SSL_FILETYPE_ASN1; -static const int SSL_ERROR_NONE; -static const int SSL_ERROR_ZERO_RETURN; -static const int SSL_ERROR_WANT_READ; -static const int SSL_ERROR_WANT_WRITE; -static const int SSL_ERROR_WANT_X509_LOOKUP; -static const int SSL_ERROR_SYSCALL; -static const int SSL_ERROR_SSL; -static const int SSL_SENT_SHUTDOWN; -static const int SSL_RECEIVED_SHUTDOWN; -static const int SSL_OP_NO_SSLv2; -static const int SSL_OP_NO_SSLv3; -static const int SSL_OP_NO_TLSv1; -static const int SSL_OP_NO_TLSv1_1; -static const int SSL_OP_NO_TLSv1_2; -static const int SSL_OP_NO_COMPRESSION; -static const int SSL_OP_SINGLE_DH_USE; -static const int SSL_OP_EPHEMERAL_RSA; -static const int SSL_OP_MICROSOFT_SESS_ID_BUG; -static const int SSL_OP_NETSCAPE_CHALLENGE_BUG; -static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; -static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; -static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; -static const int SSL_OP_MSIE_SSLV2_RSA_PADDING; -static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG; -static const int SSL_OP_TLS_D5_BUG; -static const int SSL_OP_TLS_BLOCK_PADDING_BUG; -static const int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; -static const int SSL_OP_CIPHER_SERVER_PREFERENCE; -static const int SSL_OP_TLS_ROLLBACK_BUG; -static const int SSL_OP_PKCS1_CHECK_1; -static const int SSL_OP_PKCS1_CHECK_2; -static const int SSL_OP_NETSCAPE_CA_DN_BUG; -static const int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; -static const int SSL_OP_NO_QUERY_MTU; -static const int SSL_OP_COOKIE_EXCHANGE; -static const int SSL_OP_NO_TICKET; -static const int SSL_OP_ALL; -static const int SSL_OP_SINGLE_ECDH_USE; -static const int SSL_VERIFY_PEER; -static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT; -static const int SSL_VERIFY_CLIENT_ONCE; -static const int SSL_VERIFY_NONE; -static const int SSL_SESS_CACHE_OFF; -static const int SSL_SESS_CACHE_CLIENT; -static const int SSL_SESS_CACHE_SERVER; -static const int SSL_SESS_CACHE_BOTH; -static const int SSL_SESS_CACHE_NO_AUTO_CLEAR; -static const int SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; -static const int SSL_SESS_CACHE_NO_INTERNAL_STORE; -static const int SSL_SESS_CACHE_NO_INTERNAL; -static const int SSL_ST_CONNECT; -static const int SSL_ST_ACCEPT; -static const int SSL_ST_MASK; -static const int SSL_ST_INIT; -static const int SSL_ST_BEFORE; -static const int SSL_ST_OK; -static const int SSL_ST_RENEGOTIATE; -static const int SSL_CB_LOOP; -static const int SSL_CB_EXIT; -static const int SSL_CB_READ; -static const int SSL_CB_WRITE; -static const int SSL_CB_ALERT; -static const int SSL_CB_READ_ALERT; -static const int SSL_CB_WRITE_ALERT; -static const int SSL_CB_ACCEPT_LOOP; -static const int SSL_CB_ACCEPT_EXIT; -static const int SSL_CB_CONNECT_LOOP; -static const int SSL_CB_CONNECT_EXIT; -static const int SSL_CB_HANDSHAKE_START; -static const int SSL_CB_HANDSHAKE_DONE; -static const int SSL_MODE_RELEASE_BUFFERS; -static const int SSL_MODE_ENABLE_PARTIAL_WRITE; -static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; -static const int SSL_MODE_AUTO_RETRY; -static const int SSL3_RANDOM_SIZE; +static const long Cryptography_HAS_OP_NO_COMPRESSION; + +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; +static const long Cryptography_HAS_SSL_SET_SSL_CTX; +static const long Cryptography_HAS_SSL_OP_NO_TICKET; + +static const long SSL_FILETYPE_PEM; +static const long SSL_FILETYPE_ASN1; +static const long SSL_ERROR_NONE; +static const long SSL_ERROR_ZERO_RETURN; +static const long SSL_ERROR_WANT_READ; +static const long SSL_ERROR_WANT_WRITE; +static const long SSL_ERROR_WANT_X509_LOOKUP; +static const long SSL_ERROR_SYSCALL; +static const long SSL_ERROR_SSL; +static const long SSL_SENT_SHUTDOWN; +static const long SSL_RECEIVED_SHUTDOWN; +static const long SSL_OP_NO_SSLv2; +static const long SSL_OP_NO_SSLv3; +static const long SSL_OP_NO_TLSv1; +static const long SSL_OP_NO_TLSv1_1; +static const long SSL_OP_NO_TLSv1_2; +static const long SSL_OP_NO_COMPRESSION; +static const long SSL_OP_SINGLE_DH_USE; +static const long SSL_OP_EPHEMERAL_RSA; +static const long SSL_OP_MICROSOFT_SESS_ID_BUG; +static const long SSL_OP_NETSCAPE_CHALLENGE_BUG; +static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; +static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; +static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; +static const long SSL_OP_MSIE_SSLV2_RSA_PADDING; +static const long SSL_OP_SSLEAY_080_CLIENT_DH_BUG; +static const long SSL_OP_TLS_D5_BUG; +static const long SSL_OP_TLS_BLOCK_PADDING_BUG; +static const long SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; +static const long SSL_OP_CIPHER_SERVER_PREFERENCE; +static const long SSL_OP_TLS_ROLLBACK_BUG; +static const long SSL_OP_PKCS1_CHECK_1; +static const long SSL_OP_PKCS1_CHECK_2; +static const long SSL_OP_NETSCAPE_CA_DN_BUG; +static const long SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; +static const long SSL_OP_NO_QUERY_MTU; +static const long SSL_OP_COOKIE_EXCHANGE; +static const long SSL_OP_NO_TICKET; +static const long SSL_OP_ALL; +static const long SSL_OP_SINGLE_ECDH_USE; +static const long SSL_VERIFY_PEER; +static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; +static const long SSL_VERIFY_CLIENT_ONCE; +static const long SSL_VERIFY_NONE; +static const long SSL_SESS_CACHE_OFF; +static const long SSL_SESS_CACHE_CLIENT; +static const long SSL_SESS_CACHE_SERVER; +static const long SSL_SESS_CACHE_BOTH; +static const long SSL_SESS_CACHE_NO_AUTO_CLEAR; +static const long SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; +static const long SSL_SESS_CACHE_NO_INTERNAL_STORE; +static const long SSL_SESS_CACHE_NO_INTERNAL; +static const long SSL_ST_CONNECT; +static const long SSL_ST_ACCEPT; +static const long SSL_ST_MASK; +static const long SSL_ST_INIT; +static const long SSL_ST_BEFORE; +static const long SSL_ST_OK; +static const long SSL_ST_RENEGOTIATE; +static const long SSL_CB_LOOP; +static const long SSL_CB_EXIT; +static const long SSL_CB_READ; +static const long SSL_CB_WRITE; +static const long SSL_CB_ALERT; +static const long SSL_CB_READ_ALERT; +static const long SSL_CB_WRITE_ALERT; +static const long SSL_CB_ACCEPT_LOOP; +static const long SSL_CB_ACCEPT_EXIT; +static const long SSL_CB_CONNECT_LOOP; +static const long SSL_CB_CONNECT_EXIT; +static const long SSL_CB_HANDSHAKE_START; +static const long SSL_CB_HANDSHAKE_DONE; +static const long SSL_MODE_RELEASE_BUFFERS; +static const long SSL_MODE_ENABLE_PARTIAL_WRITE; +static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; +static const long SSL_MODE_AUTO_RETRY; +static const long SSL3_RANDOM_SIZE; typedef ... X509_STORE_CTX; -static const int X509_V_OK; -static const int X509_V_ERR_APPLICATION_VERIFICATION; +static const long X509_V_OK; +static const long X509_V_ERR_APPLICATION_VERIFICATION; typedef ... SSL_METHOD; -typedef ... SSL_CTX; +typedef struct ssl_st { + int version; + int type; + const SSL_METHOD *method; + ...; +} SSL_CTX; typedef struct { int master_key_length; @@ -142,7 +149,7 @@ typedef struct { ...; } SSL; -static const int TLSEXT_NAMETYPE_host_name; +static const long TLSEXT_NAMETYPE_host_name; typedef ... SSL_CIPHER; """ @@ -391,7 +398,7 @@ const long SSL_OP_NO_TICKET = 0; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; #else static const long Cryptography_HAS_SSL_SET_SSL_CTX = 0; -static const int TLSEXT_NAMETYPE_host_name = 0; +static const long TLSEXT_NAMETYPE_host_name = 0; SSL_CTX *(*SSL_set_SSL_CTX)(SSL *, SSL_CTX *) = NULL; #endif """ diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py index e8b036c3..e800d272 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/bindings/openssl/x509.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/ssl.h> diff --git a/cryptography/hazmat/bindings/openssl/x509name.py b/cryptography/hazmat/bindings/openssl/x509name.py index bf627d61..50abee2a 100644 --- a/cryptography/hazmat/bindings/openssl/x509name.py +++ b/cryptography/hazmat/bindings/openssl/x509name.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/x509.h> diff --git a/cryptography/hazmat/bindings/openssl/x509v3.py b/cryptography/hazmat/bindings/openssl/x509v3.py index 6d2d2361..02ec250a 100644 --- a/cryptography/hazmat/bindings/openssl/x509v3.py +++ b/cryptography/hazmat/bindings/openssl/x509v3.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/x509v3.h> """ diff --git a/cryptography/hazmat/primitives/__init__.py b/cryptography/hazmat/primitives/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/__init__.py +++ b/cryptography/hazmat/primitives/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/asymmetric/__init__.py b/cryptography/hazmat/primitives/asymmetric/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/asymmetric/__init__.py +++ b/cryptography/hazmat/primitives/asymmetric/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index 6bafe314..46e00b8e 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import six + from cryptography import utils from cryptography.hazmat.primitives import interfaces @@ -20,3 +22,22 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.AsymmetricPadding) class PKCS1v15(object): name = "EMSA-PKCS1-v1_5" + + +class MGF1(object): + MAX_LENGTH = object() + + def __init__(self, algorithm, salt_length): + if not isinstance(algorithm, interfaces.HashAlgorithm): + raise TypeError("Expected instance of interfaces.HashAlgorithm.") + + self._algorithm = algorithm + + if (not isinstance(salt_length, six.integer_types) and + salt_length is not self.MAX_LENGTH): + raise TypeError("salt_length must be an integer") + + if salt_length is not self.MAX_LENGTH and salt_length < 0: + raise ValueError("salt_length must be zero or greater") + + self._salt_length = salt_length diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index dfb43340..cbef8e32 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils +from cryptography.exceptions import UnsupportedInterface +from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -41,6 +43,10 @@ class RSAPublicKey(object): self._modulus = modulus def verifier(self, signature, padding, algorithm, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.create_rsa_verification_ctx(self, signature, padding, algorithm) @@ -128,9 +134,17 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.create_rsa_signature_ctx(self, padding, algorithm) @property diff --git a/cryptography/hazmat/primitives/ciphers/algorithms.py b/cryptography/hazmat/primitives/ciphers/algorithms.py index a5cfce92..2d37e0cf 100644 --- a/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -116,3 +116,17 @@ class ARC4(object): @property def key_size(self): return len(self.key) * 8 + + +@utils.register_interface(interfaces.CipherAlgorithm) +class IDEA(object): + name = "IDEA" + block_size = 64 + key_sizes = frozenset([128]) + + def __init__(self, key): + self.key = _verify_key_size(self, key) + + @property + def key_size(self): + return len(self.key) * 8 diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index d366e4cf..1275019e 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,13 +15,18 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, NotYetFinalized, AlreadyUpdated, + AlreadyFinalized, NotYetFinalized, AlreadyUpdated, UnsupportedInterface ) +from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces class Cipher(object): def __init__(self, algorithm, mode, backend): + if not isinstance(backend, CipherBackend): + raise UnsupportedInterface( + "Backend object does not implement CipherBackend") + if not isinstance(algorithm, interfaces.CipherAlgorithm): raise TypeError("Expected interface of interfaces.CipherAlgorithm") diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index bee188b3..409f564e 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,13 +16,18 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized +from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class Hash(object): def __init__(self, algorithm, backend, ctx=None): + if not isinstance(backend, HashBackend): + raise UnsupportedInterface( + "Backend object does not implement HashBackend") + if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 76d658aa..0bcbb3cd 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -16,13 +16,20 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.exceptions import ( + AlreadyFinalized, InvalidSignature, UnsupportedInterface +) +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index 3824bcde..eab48b4d 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -367,6 +367,12 @@ class DSAPrivateKey(six.with_metaclass(abc.ABCMeta)): class DSAPublicKey(six.with_metaclass(abc.ABCMeta)): @abc.abstractproperty + def key_size(self): + """ + The bit length of the prime modulus. + """ + + @abc.abstractproperty def y(self): """ The public key. diff --git a/cryptography/hazmat/primitives/kdf/__init__.py b/cryptography/hazmat/primitives/kdf/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/kdf/__init__.py +++ b/cryptography/hazmat/primitives/kdf/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index af15b64d..95396fe1 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -11,16 +11,25 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.exceptions import ( + AlreadyFinalized, InvalidKey, UnsupportedInterface +) +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._algorithm = algorithm max_length = 255 * (algorithm.digest_size // 8) diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 39427780..f70a7ddf 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,14 +17,19 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized + InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface ) +from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): + if not isinstance(backend, PBKDF2HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement PBKDF2HMACBackend") + if not backend.pbkdf2_hmac_supported(algorithm): raise UnsupportedHash( "{0} is not supported for PBKDF2 by this backend".format( diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index 1717262c..bf634a65 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import cffi import six diff --git a/cryptography/hazmat/primitives/twofactor/__init__.py b/cryptography/hazmat/primitives/twofactor/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/twofactor/__init__.py +++ b/cryptography/hazmat/primitives/twofactor/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 83260225..34f820c0 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,13 +17,18 @@ import struct import six -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 0630de69..08510ef5 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,13 +13,18 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) |