8 files changed, 369 insertions, 0 deletions
diff --git a/cryptography/hazmat/__init__.py b/cryptography/hazmat/__init__.py
new file mode 100644
index 00000000..55c925c6
--- /dev/null
+++ b/cryptography/hazmat/__init__.py
@@ -0,0 +1,12 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/cryptography/hazmat/primitives/__init__.py b/cryptography/hazmat/primitives/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/cryptography/hazmat/primitives/__init__.py
diff --git a/cryptography/hazmat/primitives/block/__init__.py b/cryptography/hazmat/primitives/block/__init__.py
new file mode 100644
index 00000000..5b8942b6
--- /dev/null
+++ b/cryptography/hazmat/primitives/block/__init__.py
@@ -0,0 +1,21 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives.block.base import BlockCipher
+
+
+__all__ = [
+    "BlockCipher",
+]
diff --git a/cryptography/hazmat/primitives/block/base.py b/cryptography/hazmat/primitives/block/base.py
new file mode 100644
index 00000000..b4cc32a4
--- /dev/null
+++ b/cryptography/hazmat/primitives/block/base.py
@@ -0,0 +1,54 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives import interfaces
+
+
+class BlockCipher(object):
+    def __init__(self, cipher, mode, backend=None):
+        super(BlockCipher, self).__init__()
+
+        if backend is None:
+            from cryptography.bindings import _default_backend as backend
+
+        self.cipher = cipher
+        self.mode = mode
+        self._backend = backend
+
+    def encryptor(self):
+        return _CipherContext(
+            self._backend.ciphers.create_encrypt_ctx(self.cipher, self.mode))
+
+    def decryptor(self):
+        return _CipherContext(
+            self._backend.ciphers.create_decrypt_ctx(self.cipher, self.mode))
+
+
+@interfaces.register(interfaces.CipherContext)
+class _CipherContext(object):
+    def __init__(self, ctx):
+        self._ctx = ctx
+
+    def update(self, data):
+        if self._ctx is None:
+            raise ValueError("Context was already finalized")
+        return self._ctx.update(data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise ValueError("Context was already finalized")
+        data = self._ctx.finalize()
+        self._ctx = None
+        return data
diff --git a/cryptography/hazmat/primitives/block/ciphers.py b/cryptography/hazmat/primitives/block/ciphers.py
new file mode 100644
index 00000000..4143b89d
--- /dev/null
+++ b/cryptography/hazmat/primitives/block/ciphers.py
@@ -0,0 +1,78 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+
+class AES(object):
+    name = "AES"
+    block_size = 128
+    key_sizes = frozenset([128, 192, 256])
+
+    def __init__(self, key):
+        super(AES, self).__init__()
+        self.key = key
+
+        # Verify that the key size matches the expected key size
+        if self.key_size not in self.key_sizes:
+            raise ValueError("Invalid key size ({0}) for {1}".format(
+                self.key_size, self.name
+            ))
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+class Camellia(object):
+    name = "camellia"
+    block_size = 128
+    key_sizes = frozenset([128, 192, 256])
+
+    def __init__(self, key):
+        super(Camellia, self).__init__()
+        self.key = key
+
+        # Verify that the key size matches the expected key size
+        if self.key_size not in self.key_sizes:
+            raise ValueError("Invalid key size ({0}) for {1}".format(
+                self.key_size, self.name
+            ))
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+class TripleDES(object):
+    name = "3DES"
+    block_size = 64
+    key_sizes = frozenset([64, 128, 192])
+
+    def __init__(self, key):
+        super(TripleDES, self).__init__()
+        if len(key) == 8:
+            key += key + key
+        elif len(key) == 16:
+            key += key[:8]
+        self.key = key
+
+        # Verify that the key size matches the expected key size
+        if self.key_size not in self.key_sizes:
+            raise ValueError("Invalid key size ({0}) for {1}".format(
+                self.key_size, self.name
+            ))
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
diff --git a/cryptography/hazmat/primitives/block/modes.py b/cryptography/hazmat/primitives/block/modes.py
new file mode 100644
index 00000000..a60e8a34
--- /dev/null
+++ b/cryptography/hazmat/primitives/block/modes.py
@@ -0,0 +1,56 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives import interfaces
+
+
+@interfaces.register(interfaces.ModeWithInitializationVector)
+class CBC(object):
+    name = "CBC"
+
+    def __init__(self, initialization_vector):
+        super(CBC, self).__init__()
+        self.initialization_vector = initialization_vector
+
+
+class ECB(object):
+    name = "ECB"
+
+
+@interfaces.register(interfaces.ModeWithInitializationVector)
+class OFB(object):
+    name = "OFB"
+
+    def __init__(self, initialization_vector):
+        super(OFB, self).__init__()
+        self.initialization_vector = initialization_vector
+
+
+@interfaces.register(interfaces.ModeWithInitializationVector)
+class CFB(object):
+    name = "CFB"
+
+    def __init__(self, initialization_vector):
+        super(CFB, self).__init__()
+        self.initialization_vector = initialization_vector
+
+
+@interfaces.register(interfaces.ModeWithNonce)
+class CTR(object):
+    name = "CTR"
+
+    def __init__(self, nonce):
+        super(CTR, self).__init__()
+        self.nonce = nonce
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
new file mode 100644
index 00000000..023041cb
--- /dev/null
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -0,0 +1,101 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import binascii
+
+import six
+
+
+class BaseHash(six.with_metaclass(abc.ABCMeta)):
+    def __init__(self, data=None, backend=None, ctx=None):
+        if backend is None:
+            from cryptography.bindings import _default_backend
+            backend = _default_backend
+        self._backend = backend
+        if ctx is None:
+            self._ctx = self._backend.hashes.create_ctx(self)
+        else:
+            self._ctx = None
+
+        if data is not None:
+            self.update(data)
+
+    def update(self, data):
+        if isinstance(data, six.text_type):
+            raise TypeError("Unicode-objects must be encoded before hashing")
+        self._backend.hashes.update_ctx(self._ctx, data)
+
+    def copy(self):
+        return self.__class__(backend=self._backend, ctx=self._copy_ctx())
+
+    def digest(self):
+        return self._backend.hashes.finalize_ctx(self._copy_ctx(),
+                                                 self.digest_size)
+
+    def hexdigest(self):
+        return str(binascii.hexlify(self.digest()).decode("ascii"))
+
+    def _copy_ctx(self):
+        return self._backend.hashes.copy_ctx(self._ctx)
+
+
+class SHA1(BaseHash):
+    name = "sha1"
+    digest_size = 20
+    block_size = 64
+
+
+class SHA224(BaseHash):
+    name = "sha224"
+    digest_size = 28
+    block_size = 64
+
+
+class SHA256(BaseHash):
+    name = "sha256"
+    digest_size = 32
+    block_size = 64
+
+
+class SHA384(BaseHash):
+    name = "sha384"
+    digest_size = 48
+    block_size = 128
+
+
+class SHA512(BaseHash):
+    name = "sha512"
+    digest_size = 64
+    block_size = 128
+
+
+class RIPEMD160(BaseHash):
+    name = "ripemd160"
+    digest_size = 20
+    block_size = 64
+
+
+class Whirlpool(BaseHash):
+    name = "whirlpool"
+    digest_size = 64
+    block_size = 64
+
+
+class MD5(BaseHash):
+    name = "md5"
+    digest_size = 16
+    block_size = 64
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
new file mode 100644
index 00000000..49c19d0e
--- /dev/null
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -0,0 +1,47 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import six
+
+
+def register(iface):
+    def register_decorator(klass):
+        iface.register(klass)
+        return klass
+    return register_decorator
+
+
+class ModeWithInitializationVector(six.with_metaclass(abc.ABCMeta)):
+    pass
+
+
+class ModeWithNonce(six.with_metaclass(abc.ABCMeta)):
+    pass
+
+
+class CipherContext(six.with_metaclass(abc.ABCMeta)):
+    @abc.abstractmethod
+    def update(self, data):
+        """
+        update takes bytes and return bytes
+        """
+
+    @abc.abstractmethod
+    def finalize(self):
+        """
+        finalize return bytes
+        """