diff options
Diffstat (limited to 'cryptography/hazmat')
| -rw-r--r-- | cryptography/hazmat/backends/__init__.py (renamed from cryptography/hazmat/bindings/__init__.py) | 2 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/interfaces.py (renamed from cryptography/hazmat/bindings/interfaces.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/__init__.py (renamed from cryptography/hazmat/bindings/openssl/__init__.py) | 2 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/asn1.py (renamed from cryptography/hazmat/bindings/openssl/asn1.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py (renamed from cryptography/hazmat/bindings/openssl/backend.py) | 93 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/bignum.py (renamed from cryptography/hazmat/bindings/openssl/bignum.py) | 3 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/bio.py (renamed from cryptography/hazmat/bindings/openssl/bio.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/conf.py (renamed from cryptography/hazmat/bindings/openssl/conf.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/crypto.py (renamed from cryptography/hazmat/bindings/openssl/crypto.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/dh.py (renamed from cryptography/hazmat/bindings/openssl/dh.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/dsa.py (renamed from cryptography/hazmat/bindings/openssl/dsa.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/engine.py (renamed from cryptography/hazmat/bindings/openssl/engine.py) | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/err.py (renamed from cryptography/hazmat/bindings/openssl/err.py) | 7 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/evp.py (renamed from cryptography/hazmat/bindings/openssl/evp.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/hmac.py (renamed from cryptography/hazmat/bindings/openssl/hmac.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/nid.py (renamed from cryptography/hazmat/bindings/openssl/nid.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/opensslv.py (renamed from cryptography/hazmat/bindings/openssl/opensslv.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/pem.py (renamed from cryptography/hazmat/bindings/openssl/pem.py) | 9 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/pkcs12.py (renamed from cryptography/hazmat/bindings/openssl/pkcs12.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/pkcs7.py (renamed from cryptography/hazmat/bindings/openssl/pkcs7.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/rand.py (renamed from cryptography/hazmat/bindings/openssl/rand.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/rsa.py | 59 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/ssl.py (renamed from cryptography/hazmat/bindings/openssl/ssl.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/x509.py (renamed from cryptography/hazmat/bindings/openssl/x509.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/x509name.py (renamed from cryptography/hazmat/bindings/openssl/x509name.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/x509v3.py (renamed from cryptography/hazmat/bindings/openssl/x509v3.py) | 0 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/rsa.py | 34 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/ciphers/algorithms.py | 59 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/ciphers/base.py | 63 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/ciphers/modes.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 53 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 24 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/padding.py | 60 |
33 files changed, 389 insertions, 100 deletions
diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/backends/__init__.py index bd158198..215aa4d3 100644 --- a/cryptography/hazmat/bindings/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from cryptography.hazmat.bindings import openssl +from cryptography.hazmat.backends import openssl _ALL_BACKENDS = [ diff --git a/cryptography/hazmat/bindings/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 912476bb..912476bb 100644 --- a/cryptography/hazmat/bindings/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py diff --git a/cryptography/hazmat/bindings/openssl/__init__.py b/cryptography/hazmat/backends/openssl/__init__.py index 44267efd..a8dfad06 100644 --- a/cryptography/hazmat/bindings/openssl/__init__.py +++ b/cryptography/hazmat/backends/openssl/__init__.py @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from cryptography.hazmat.bindings.openssl.backend import backend +from cryptography.hazmat.backends.openssl.backend import backend __all__ = ["backend"] diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index 719a523c..719a523c 100644 --- a/cryptography/hazmat/bindings/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 9f8ea939..bd092bec 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -19,8 +19,8 @@ import sys import cffi from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm -from cryptography.hazmat.bindings.interfaces import ( +from cryptography.exceptions import UnsupportedAlgorithm, InvalidTag +from cryptography.hazmat.backends.interfaces import ( CipherBackend, HashBackend, HMACBackend ) from cryptography.hazmat.primitives import interfaces @@ -28,9 +28,27 @@ from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, Blowfish, Camellia, CAST5, TripleDES, ARC4, ) from cryptography.hazmat.primitives.ciphers.modes import ( - CBC, CTR, ECB, OFB, CFB + CBC, CTR, ECB, OFB, CFB, GCM, ) +_OSX_PRE_INCLUDE = """ +#ifdef __APPLE__ +#include <AvailabilityMacros.h> +#define __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \ + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER +#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER +#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER +#endif +""" + +_OSX_POST_INCLUDE = """ +#ifdef __APPLE__ +#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER +#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \ + __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER +#endif +""" + @utils.register_interface(CipherBackend) @utils.register_interface(HashBackend) @@ -84,7 +102,7 @@ class Backend(object): macros = [] customizations = [] for name in cls._modules: - module_name = "cryptography.hazmat.bindings.openssl." + name + module_name = "cryptography.hazmat.backends.openssl." + name __import__(module_name) module = sys.modules[module_name] @@ -111,8 +129,15 @@ class Backend(object): # is legal, but the following will fail to compile: # int foo(int); # int foo(short); + lib = ffi.verify( - source="\n".join(includes + functions + customizations), + source="\n".join( + [_OSX_PRE_INCLUDE] + + includes + + [_OSX_POST_INCLUDE] + + functions + + customizations + ), libraries=["crypto", "ssl"], ) @@ -186,6 +211,11 @@ class Backend(object): type(None), GetCipherByName("rc4") ) + self.register_cipher_adapter( + AES, + GCM, + GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}") + ) def create_symmetric_encryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT) @@ -193,8 +223,10 @@ class Backend(object): def create_symmetric_decryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT) - def _handle_error(self): + def _handle_error(self, mode): code = self.lib.ERR_get_error() + if not code and isinstance(mode, GCM): + raise InvalidTag assert code != 0 lib = self.lib.ERR_GET_LIB(code) func = self.lib.ERR_GET_FUNC(code) @@ -231,6 +263,8 @@ class GetCipherByName(object): @utils.register_interface(interfaces.CipherContext) +@utils.register_interface(interfaces.AEADCipherContext) +@utils.register_interface(interfaces.AEADEncryptionContext) class _CipherContext(object): _ENCRYPT = 1 _DECRYPT = 0 @@ -238,6 +272,9 @@ class _CipherContext(object): def __init__(self, backend, cipher, mode, operation): self._backend = backend self._cipher = cipher + self._mode = mode + self._operation = operation + self._tag = None ctx = self._backend.lib.EVP_CIPHER_CTX_new() ctx = self._backend.ffi.gc(ctx, self._backend.lib.EVP_CIPHER_CTX_free) @@ -270,6 +307,26 @@ class _CipherContext(object): ctx, len(cipher.key) ) assert res != 0 + if isinstance(mode, GCM): + res = self._backend.lib.EVP_CIPHER_CTX_ctrl( + ctx, self._backend.lib.Cryptography_EVP_CTRL_GCM_SET_IVLEN, + len(iv_nonce), self._backend.ffi.NULL + ) + assert res != 0 + if operation == self._DECRYPT: + if not mode.tag: + raise ValueError("Authentication tag must be supplied " + "when decrypting") + res = self._backend.lib.EVP_CIPHER_CTX_ctrl( + ctx, self._backend.lib.Cryptography_EVP_CTRL_GCM_SET_TAG, + len(mode.tag), mode.tag + ) + assert res != 0 + else: + if mode.tag: + raise ValueError("Authentication tag must be None when " + "encrypting") + # pass key/iv res = self._backend.lib.EVP_CipherInit_ex(ctx, self._backend.ffi.NULL, self._backend.ffi.NULL, @@ -296,12 +353,34 @@ class _CipherContext(object): outlen = self._backend.ffi.new("int *") res = self._backend.lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) if res == 0: - self._backend._handle_error() + self._backend._handle_error(self._mode) + + if (isinstance(self._mode, GCM) and + self._operation == self._ENCRYPT): + block_byte_size = self._cipher.block_size // 8 + tag_buf = self._backend.ffi.new("unsigned char[]", block_byte_size) + res = self._backend.lib.EVP_CIPHER_CTX_ctrl( + self._ctx, self._backend.lib.Cryptography_EVP_CTRL_GCM_GET_TAG, + block_byte_size, tag_buf + ) + assert res != 0 + self._tag = self._backend.ffi.buffer(tag_buf)[:] res = self._backend.lib.EVP_CIPHER_CTX_cleanup(self._ctx) assert res == 1 return self._backend.ffi.buffer(buf)[:outlen[0]] + def authenticate_additional_data(self, data): + outlen = self._backend.ffi.new("int *") + res = self._backend.lib.EVP_CipherUpdate( + self._ctx, self._backend.ffi.NULL, outlen, data, len(data) + ) + assert res != 0 + + @property + def tag(self): + return self._tag + @utils.register_interface(interfaces.HashContext) class _HashContext(object): diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index fcfadff1..1b0fe5ab 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -28,6 +28,9 @@ int BN_set_word(BIGNUM *, BN_ULONG); char *BN_bn2hex(const BIGNUM *); int BN_hex2bn(BIGNUM **, const char *); +int BN_dec2bn(BIGNUM **, const char *); + +int BN_num_bits(const BIGNUM *); """ MACROS = """ diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py index c23dd0d8..c23dd0d8 100644 --- a/cryptography/hazmat/bindings/openssl/bio.py +++ b/cryptography/hazmat/backends/openssl/bio.py diff --git a/cryptography/hazmat/bindings/openssl/conf.py b/cryptography/hazmat/backends/openssl/conf.py index 4846252c..4846252c 100644 --- a/cryptography/hazmat/bindings/openssl/conf.py +++ b/cryptography/hazmat/backends/openssl/conf.py diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 773d9b14..773d9b14 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/backends/openssl/dh.py index b8fbf368..b8fbf368 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/backends/openssl/dh.py diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/backends/openssl/dsa.py index e6c369a6..e6c369a6 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/backends/openssl/dsa.py diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index b76befce..1f377665 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -36,6 +36,16 @@ void ENGINE_load_builtin_engines(); int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); int ENGINE_set_default(ENGINE *, unsigned int); int ENGINE_register_complete(ENGINE *); + +int ENGINE_set_default_RSA(ENGINE *); +int ENGINE_set_default_string(ENGINE *, const char *); +int ENGINE_set_default_DSA(ENGINE *); +int ENGINE_set_default_ECDH(ENGINE *); +int ENGINE_set_default_ECDSA(ENGINE *); +int ENGINE_set_default_DH(ENGINE *); +int ENGINE_set_default_RAND(ENGINE *); +int ENGINE_set_default_ciphers(ENGINE *); +int ENGINE_set_default_digests(ENGINE *); """ MACROS = """ diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/backends/openssl/err.py index 3dac6948..f31c2405 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/backends/openssl/err.py @@ -23,11 +23,18 @@ struct ERR_string_data_st { typedef struct ERR_string_data_st ERR_STRING_DATA; static const int ERR_LIB_EVP; +static const int ERR_LIB_PEM; static const int EVP_F_EVP_ENCRYPTFINAL_EX; static const int EVP_F_EVP_DECRYPTFINAL_EX; static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; + +static const int PEM_F_PEM_READ_BIO_PRIVATEKEY; +static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; + +static const int PEM_R_BAD_PASSWORD_READ; +static const int ASN1_R_BAD_PASSWORD_READ; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index 8cb44610..8cb44610 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py index 10e67141..10e67141 100644 --- a/cryptography/hazmat/bindings/openssl/hmac.py +++ b/cryptography/hazmat/backends/openssl/hmac.py diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/backends/openssl/nid.py index 9816dde4..9816dde4 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/backends/openssl/nid.py diff --git a/cryptography/hazmat/bindings/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py index d463776c..d463776c 100644 --- a/cryptography/hazmat/bindings/openssl/opensslv.py +++ b/cryptography/hazmat/backends/openssl/opensslv.py diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/backends/openssl/pem.py index 00f0dc36..cef7839f 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/backends/openssl/pem.py @@ -29,6 +29,15 @@ int PEM_write_bio_PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, EVP_PKEY *PEM_read_bio_PrivateKey(BIO *, EVP_PKEY **, pem_password_cb *, void *); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); + +int i2d_PKCS8PrivateKey_bio(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); + +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *, EVP_PKEY **, pem_password_cb *, + void *); + int PEM_write_bio_X509_REQ(BIO *, X509_REQ *); X509_REQ *PEM_read_bio_X509_REQ(BIO *, X509_REQ **, pem_password_cb *, void *); diff --git a/cryptography/hazmat/bindings/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py index d91d100f..d91d100f 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs12.py +++ b/cryptography/hazmat/backends/openssl/pkcs12.py diff --git a/cryptography/hazmat/bindings/openssl/pkcs7.py b/cryptography/hazmat/backends/openssl/pkcs7.py index 60ea3c52..60ea3c52 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs7.py +++ b/cryptography/hazmat/backends/openssl/pkcs7.py diff --git a/cryptography/hazmat/bindings/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py index 848ee05a..848ee05a 100644 --- a/cryptography/hazmat/bindings/openssl/rand.py +++ b/cryptography/hazmat/backends/openssl/rand.py diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py new file mode 100644 index 00000000..ad0d37b4 --- /dev/null +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -0,0 +1,59 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/rsa.h> +""" + +TYPES = """ +typedef struct rsa_st { + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + ...; +} RSA; +typedef ... BN_GENCB; +static const int RSA_PKCS1_PADDING; +static const int RSA_SSLV23_PADDING; +static const int RSA_NO_PADDING; +static const int RSA_PKCS1_OAEP_PADDING; +static const int RSA_X931_PADDING; +""" + +FUNCTIONS = """ +RSA *RSA_new(); +void RSA_free(RSA *); +int RSA_size(const RSA *); +int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); +int RSA_check_key(const RSA *); +RSA *RSAPublicKey_dup(RSA *); +int RSA_public_encrypt(int, const unsigned char *, unsigned char *, + RSA *, int); +int RSA_private_encrypt(int, const unsigned char *, unsigned char *, + RSA *, int); +int RSA_public_decrypt(int, const unsigned char *, unsigned char *, + RSA *, int); +int RSA_private_decrypt(int, const unsigned char *, unsigned char *, + RSA *, int); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 04611309..04611309 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index b2ee672e..b2ee672e 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py diff --git a/cryptography/hazmat/bindings/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 896f0ae4..896f0ae4 100644 --- a/cryptography/hazmat/bindings/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py diff --git a/cryptography/hazmat/bindings/openssl/x509v3.py b/cryptography/hazmat/backends/openssl/x509v3.py index bc26236c..bc26236c 100644 --- a/cryptography/hazmat/bindings/openssl/x509v3.py +++ b/cryptography/hazmat/backends/openssl/x509v3.py diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py deleted file mode 100644 index 21ed5d67..00000000 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -INCLUDES = """ -#include <openssl/rsa.h> -""" - -TYPES = """ -typedef ... RSA; -typedef ... BN_GENCB; -""" - -FUNCTIONS = """ -RSA *RSA_new(); -void RSA_free(RSA *); -int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); -int RSA_check_key(const RSA *); -""" - -MACROS = """ -""" - -CUSTOMIZATIONS = """ -""" diff --git a/cryptography/hazmat/primitives/ciphers/algorithms.py b/cryptography/hazmat/primitives/ciphers/algorithms.py index 75a87265..a206b273 100644 --- a/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -17,6 +17,15 @@ from cryptography import utils from cryptography.hazmat.primitives import interfaces +def _verify_key_size(algorithm, key): + # Verify that the key size matches the expected key size + if len(key) * 8 not in algorithm.key_sizes: + raise ValueError("Invalid key size ({0}) for {1}".format( + len(key) * 8, algorithm.name + )) + return key + + @utils.register_interface(interfaces.CipherAlgorithm) class AES(object): name = "AES" @@ -24,13 +33,7 @@ class AES(object): key_sizes = frozenset([128, 192, 256]) def __init__(self, key): - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): @@ -44,13 +47,7 @@ class Camellia(object): key_sizes = frozenset([128, 192, 256]) def __init__(self, key): - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): @@ -68,13 +65,7 @@ class TripleDES(object): key += key + key elif len(key) == 16: key += key[:8] - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): @@ -88,13 +79,7 @@ class Blowfish(object): key_sizes = frozenset(range(32, 449, 8)) def __init__(self, key): - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): @@ -105,16 +90,10 @@ class Blowfish(object): class CAST5(object): name = "CAST5" block_size = 64 - key_sizes = frozenset([40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128]) + key_sizes = frozenset(range(40, 129, 8)) def __init__(self, key): - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): @@ -128,13 +107,7 @@ class ARC4(object): key_sizes = frozenset([40, 56, 64, 80, 128, 192, 256]) def __init__(self, key): - self.key = key - - # Verify that the key size matches the expected key size - if self.key_size not in self.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( - self.key_size, self.name - )) + self.key = _verify_key_size(self, key) @property def key_size(self): diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index 9f84d667..a5603ab5 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -14,7 +14,9 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import AlreadyFinalized +from cryptography.exceptions import ( + AlreadyFinalized, NotYetFinalized, AlreadyUpdated, +) from cryptography.hazmat.primitives import interfaces @@ -31,14 +33,25 @@ class Cipher(object): self._backend = backend def encryptor(self): - return _CipherContext(self._backend.create_symmetric_encryption_ctx( + ctx = self._backend.create_symmetric_encryption_ctx( self.algorithm, self.mode - )) + ) + return self._wrap_ctx(ctx, True) def decryptor(self): - return _CipherContext(self._backend.create_symmetric_decryption_ctx( + ctx = self._backend.create_symmetric_decryption_ctx( self.algorithm, self.mode - )) + ) + return self._wrap_ctx(ctx, False) + + def _wrap_ctx(self, ctx, encrypt): + if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if encrypt: + return _AEADEncryptionContext(ctx) + else: + return _AEADCipherContext(ctx) + else: + return _CipherContext(ctx) @utils.register_interface(interfaces.CipherContext) @@ -57,3 +70,43 @@ class _CipherContext(object): data = self._ctx.finalize() self._ctx = None return data + + +@utils.register_interface(interfaces.AEADCipherContext) +@utils.register_interface(interfaces.CipherContext) +class _AEADCipherContext(object): + def __init__(self, ctx): + self._ctx = ctx + self._tag = None + self._updated = False + + def update(self, data): + if self._ctx is None: + raise AlreadyFinalized("Context was already finalized") + self._updated = True + return self._ctx.update(data) + + def finalize(self): + if self._ctx is None: + raise AlreadyFinalized("Context was already finalized") + data = self._ctx.finalize() + self._tag = self._ctx.tag + self._ctx = None + return data + + def authenticate_additional_data(self, data): + if self._ctx is None: + raise AlreadyFinalized("Context was already finalized") + if self._updated: + raise AlreadyUpdated("Update has been called on this context") + self._ctx.authenticate_additional_data(data) + + +@utils.register_interface(interfaces.AEADEncryptionContext) +class _AEADEncryptionContext(_AEADCipherContext): + @property + def tag(self): + if self._ctx is not None: + raise NotYetFinalized("You must finalize encryption before " + "getting the tag") + return self._tag diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py index 63fa163c..63a69ac4 100644 --- a/cryptography/hazmat/primitives/ciphers/modes.py +++ b/cryptography/hazmat/primitives/ciphers/modes.py @@ -83,3 +83,14 @@ class CTR(object): raise ValueError("Invalid nonce size ({0}) for {1}".format( len(self.nonce), self.name )) + + +@utils.register_interface(interfaces.Mode) +@utils.register_interface(interfaces.ModeWithInitializationVector) +@utils.register_interface(interfaces.ModeWithAuthenticationTag) +class GCM(object): + name = "GCM" + + def __init__(self, initialization_vector, tag=None): + self.initialization_vector = initialization_vector + self.tag = tag diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py new file mode 100644 index 00000000..a8351504 --- /dev/null +++ b/cryptography/hazmat/primitives/constant_time.py @@ -0,0 +1,53 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import cffi + +import six + + +_ffi = cffi.FFI() +_ffi.cdef(""" +bool Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, size_t); +""") +_lib = _ffi.verify(""" +#include <stdbool.h> + +bool Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, uint8_t *b, + size_t len_b) { + size_t i = 0; + uint8_t mismatch = 0; + if (len_a != len_b) { + return false; + } + for (i = 0; i < len_a; i++) { + mismatch |= a[i] ^ b[i]; + } + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} +""") + + +def bytes_eq(a, b): + if isinstance(a, six.text_type) or isinstance(b, six.text_type): + raise TypeError("Unicode-objects must be encoded before comparing") + + return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1 diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index 672ac96a..feab316b 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -63,6 +63,14 @@ class ModeWithNonce(six.with_metaclass(abc.ABCMeta)): """ +class ModeWithAuthenticationTag(six.with_metaclass(abc.ABCMeta)): + @abc.abstractproperty + def tag(self): + """ + The value of the tag supplied to the constructor of this mode. + """ + + class CipherContext(six.with_metaclass(abc.ABCMeta)): @abc.abstractmethod def update(self, data): @@ -77,6 +85,22 @@ class CipherContext(six.with_metaclass(abc.ABCMeta)): """ +class AEADCipherContext(six.with_metaclass(abc.ABCMeta)): + @abc.abstractmethod + def authenticate_additional_data(self, data): + """ + authenticate_additional_data takes bytes and returns nothing. + """ + + +class AEADEncryptionContext(six.with_metaclass(abc.ABCMeta)): + @abc.abstractproperty + def tag(self): + """ + Returns tag bytes after finalizing encryption. + """ + + class PaddingContext(six.with_metaclass(abc.ABCMeta)): @abc.abstractmethod def update(self, data): diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index 2dbac752..cfa90db9 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -11,12 +11,58 @@ # See the License for the specific language governing permissions and # limitations under the License. +import cffi + import six from cryptography import utils from cryptography.hazmat.primitives import interfaces +_ffi = cffi.FFI() +_ffi.cdef(""" +bool Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); +""") +_lib = _ffi.verify(""" +#include <stdbool.h> + +/* Returns the value of the input with the most-significant-bit copied to all + of the bits. */ +static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { + return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; +} + +/* This returns 0xFF if a < b else 0x00, but does so in a constant time + fashion */ +static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { + a -= b; + return Cryptography_DUPLICATE_MSB_TO_ALL(a); +} + +bool Cryptography_check_pkcs7_padding(const uint8_t *data, uint8_t block_len) { + uint8_t i; + uint8_t pad_size = data[block_len - 1]; + uint8_t mismatch = 0; + for (i = 0; i < block_len; i++) { + unsigned int mask = Cryptography_constant_time_lt(i, pad_size); + uint8_t b = data[block_len - 1 - i]; + mismatch |= (mask & (pad_size ^ b)); + } + + /* Check to make sure the pad_size was within the valid range. */ + mismatch |= ~Cryptography_constant_time_lt(0, pad_size); + mismatch |= Cryptography_constant_time_lt(block_len, pad_size); + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} +""") + + class PKCS7(object): def __init__(self, block_size): if not (0 <= block_size < 256): @@ -102,18 +148,14 @@ class _PKCS7UnpaddingContext(object): if len(self._buffer) != self.block_size // 8: raise ValueError("Invalid padding bytes") - pad_size = six.indexbytes(self._buffer, -1) - - if not (0 < pad_size <= self.block_size // 8): - raise ValueError("Invalid padding bytes") - - mismatch = 0 - for b in six.iterbytes(self._buffer[-pad_size:]): - mismatch |= b ^ pad_size + valid = _lib.Cryptography_check_pkcs7_padding( + self._buffer, self.block_size // 8 + ) - if mismatch != 0: + if not valid: raise ValueError("Invalid padding bytes") + pad_size = six.indexbytes(self._buffer, -1) res = self._buffer[:-pad_size] self._buffer = None return res |