diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-20 15:05:27 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-20 15:05:27 -0600 |
| commit | 81a68fc96d0845f5ee812665405276a935d05a79 (patch) | |
| tree | 0478a737c0db71df5bee8f1b02d2a89713590867 | |
| parent | 74169660e47b760f82c0653b4210b3bc5d3bf46b (diff) | |
| parent | 78456c71627d9234a4668ce2fb36e12525cae6b1 (diff) | |
| download | cryptography-81a68fc96d0845f5ee812665405276a935d05a79.tar.gz cryptography-81a68fc96d0845f5ee812665405276a935d05a79.tar.bz2 cryptography-81a68fc96d0845f5ee812665405276a935d05a79.zip | |
Merge branch 'master' into urandom-engine
* master: (58 commits)
Moar backtick.
Add to changelog.
move some dashes around :)
experiment to disable duplicate cc test runs on osx and speed up travis
Remove register_cipher_adapter from the interface and the documentation.
expand tox backend example
On OS X at build time compile the CC bindings
remove an extraneous linefeed
reformat bindings and remove GCM for the moment
add cipher bindings for CommonCrypto
doc updates
hmac support for commoncrypto
added versionadded
changelog to note addition of commoncrypto backend with hash support
fix docs
doc updates
update docs for name attribute
fix copy mistake in docs
increase indent and note the value of the attribute in the docs
move HashMethods to top level
...
37 files changed, 779 insertions, 79 deletions
diff --git a/.travis.yml b/.travis.yml index babea99b..a70bb8cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,10 +30,10 @@ install: - ./.travis/install.sh script: - - if [[ "$(uname -s)" == "Darwin" ]]; then eval "$(pyenv init -)"; fi && source ~/.venv/bin/activate && tox -e $TOX_ENV + - ./.travis/run.sh after_success: - - coveralls + - source ~/.venv/bin/activate && coveralls notifications: irc: @@ -64,21 +64,6 @@ matrix: env: TOX_ENV=pypy compiler: gcc - os: osx - env: TOX_ENV=py26 - compiler: clang - - os: osx - env: TOX_ENV=py27 - compiler: clang - - os: osx - env: TOX_ENV=py32 - compiler: clang - - os: osx - env: TOX_ENV=py33 - compiler: clang - - os: osx - env: TOX_ENV=pypy - compiler: clang - - os: osx env: TOX_ENV=py26 OPENSSL=0.9.8 compiler: gcc - os: osx diff --git a/.travis/install.sh b/.travis/install.sh index e6ea2537..1e3b1702 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -3,10 +3,17 @@ set -e set -x -if [[ "${OPENSSL}" == "0.9.8" && "$(uname -s)" != "Darwin" ]]; then - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" - sudo apt-get -y update - sudo apt-get install -y --force-yes libssl-dev/lucid +if [[ "${OPENSSL}" == "0.9.8" ]]; then + if [[ "$(uname -s)" != "Darwin" ]]; then + sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" + sudo apt-get -y update + sudo apt-get install -y --force-yes libssl-dev/lucid + else + # travis has openssl installed via brew already, but let's be sure + if [[ "$(brew list | grep openssl)" != "openssl" ]]; then + brew install openssl + fi + fi fi if [[ "${TOX_ENV}" == "docs" && "$(name -s)" != "Darwin" ]]; then diff --git a/.travis/run.sh b/.travis/run.sh new file mode 100755 index 00000000..6739c886 --- /dev/null +++ b/.travis/run.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -x + +if [[ "$(uname -s)" == "Darwin" ]]; then + eval "$(pyenv init -)" + if [[ "${OPENSSL}" != "0.9.8" ]]; then + # so set our flags to use homebrew openssl + export ARCHFLAGS="-arch x86_64" + export LDFLAGS="-L/usr/local/opt/openssl/lib" + export CFLAGS="-I/usr/local/opt/openssl/include" + # The Travis OS X jobs are run for two versions + # of OpenSSL, but we only need to run the + # CommonCrypto backend tests once. Exclude + # CommonCrypto when we test against brew OpenSSL + export TOX_FLAGS="--backend=openssl" + fi +fi +source ~/.venv/bin/activate +tox -e $TOX_ENV -- $TOX_FLAGS diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index 215aa4d3..cb1fee90 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -12,11 +12,15 @@ # limitations under the License. from cryptography.hazmat.backends import openssl +from cryptography.hazmat.bindings.commoncrypto.binding import ( + Binding as CCBinding +) +_ALL_BACKENDS = [openssl.backend] -_ALL_BACKENDS = [ - openssl.backend -] +if CCBinding.is_available(): + from cryptography.hazmat.backends import commoncrypto + _ALL_BACKENDS.append(commoncrypto.backend) def default_backend(): diff --git a/cryptography/hazmat/backends/commoncrypto/__init__.py b/cryptography/hazmat/backends/commoncrypto/__init__.py new file mode 100644 index 00000000..64a1c01c --- /dev/null +++ b/cryptography/hazmat/backends/commoncrypto/__init__.py @@ -0,0 +1,17 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from cryptography.hazmat.backends.commoncrypto.backend import backend + + +__all__ = ["backend"] diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py new file mode 100644 index 00000000..603edc40 --- /dev/null +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -0,0 +1,186 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +from collections import namedtuple + +from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import ( + HashBackend, HMACBackend, +) +from cryptography.hazmat.bindings.commoncrypto.binding import Binding +from cryptography.hazmat.primitives import interfaces + + +HashMethods = namedtuple( + "HashMethods", ["ctx", "hash_init", "hash_update", "hash_final"] +) + + +@utils.register_interface(HashBackend) +@utils.register_interface(HMACBackend) +class Backend(object): + """ + CommonCrypto API wrapper. + """ + name = "commoncrypto" + + def __init__(self): + self._binding = Binding() + self._ffi = self._binding.ffi + self._lib = self._binding.lib + + self._hash_mapping = { + "md5": HashMethods( + "CC_MD5_CTX *", self._lib.CC_MD5_Init, + self._lib.CC_MD5_Update, self._lib.CC_MD5_Final + ), + "sha1": HashMethods( + "CC_SHA1_CTX *", self._lib.CC_SHA1_Init, + self._lib.CC_SHA1_Update, self._lib.CC_SHA1_Final + ), + "sha224": HashMethods( + "CC_SHA256_CTX *", self._lib.CC_SHA224_Init, + self._lib.CC_SHA224_Update, self._lib.CC_SHA224_Final + ), + "sha256": HashMethods( + "CC_SHA256_CTX *", self._lib.CC_SHA256_Init, + self._lib.CC_SHA256_Update, self._lib.CC_SHA256_Final + ), + "sha384": HashMethods( + "CC_SHA512_CTX *", self._lib.CC_SHA384_Init, + self._lib.CC_SHA384_Update, self._lib.CC_SHA384_Final + ), + "sha512": HashMethods( + "CC_SHA512_CTX *", self._lib.CC_SHA512_Init, + self._lib.CC_SHA512_Update, self._lib.CC_SHA512_Final + ), + } + + self._supported_hmac_algorithms = { + "md5": self._lib.kCCHmacAlgMD5, + "sha1": self._lib.kCCHmacAlgSHA1, + "sha224": self._lib.kCCHmacAlgSHA224, + "sha256": self._lib.kCCHmacAlgSHA256, + "sha384": self._lib.kCCHmacAlgSHA384, + "sha512": self._lib.kCCHmacAlgSHA512, + } + + def hash_supported(self, algorithm): + try: + self._hash_mapping[algorithm.name] + except KeyError: + return False + else: + return True + + def hmac_supported(self, algorithm): + try: + self._supported_hmac_algorithms[algorithm.name] + except KeyError: + return False + else: + return True + + def create_hash_ctx(self, algorithm): + return _HashContext(self, algorithm) + + def create_hmac_ctx(self, key, algorithm): + return _HMACContext(self, key, algorithm) + + +@utils.register_interface(interfaces.HashContext) +class _HashContext(object): + def __init__(self, backend, algorithm, ctx=None): + self.algorithm = algorithm + self._backend = backend + + if ctx is None: + try: + methods = self._backend._hash_mapping[self.algorithm.name] + except KeyError: + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name) + ) + ctx = self._backend._ffi.new(methods.ctx) + res = methods.hash_init(ctx) + assert res == 1 + + self._ctx = ctx + + def copy(self): + methods = self._backend._hash_mapping[self.algorithm.name] + new_ctx = self._backend._ffi.new(methods.ctx) + # CommonCrypto has no APIs for copying hashes, so we have to copy the + # underlying struct. + new_ctx[0] = self._ctx[0] + + return _HashContext(self._backend, self.algorithm, ctx=new_ctx) + + def update(self, data): + methods = self._backend._hash_mapping[self.algorithm.name] + res = methods.hash_update(self._ctx, data, len(data)) + assert res == 1 + + def finalize(self): + methods = self._backend._hash_mapping[self.algorithm.name] + buf = self._backend._ffi.new("unsigned char[]", + self.algorithm.digest_size) + res = methods.hash_final(buf, self._ctx) + assert res == 1 + return self._backend._ffi.buffer(buf)[:] + + +@utils.register_interface(interfaces.HashContext) +class _HMACContext(object): + def __init__(self, backend, key, algorithm, ctx=None): + self.algorithm = algorithm + self._backend = backend + if ctx is None: + ctx = self._backend._ffi.new("CCHmacContext *") + try: + alg = self._backend._supported_hmac_algorithms[algorithm.name] + except KeyError: + raise UnsupportedAlgorithm( + "{0} is not a supported HMAC hash on this backend".format( + algorithm.name) + ) + + self._backend._lib.CCHmacInit(ctx, alg, key, len(key)) + + self._ctx = ctx + self._key = key + + def copy(self): + copied_ctx = self._backend._ffi.new("CCHmacContext *") + # CommonCrypto has no APIs for copying HMACs, so we have to copy the + # underlying struct. + copied_ctx[0] = self._ctx[0] + return _HMACContext( + self._backend, self._key, self.algorithm, ctx=copied_ctx + ) + + def update(self, data): + self._backend._lib.CCHmacUpdate(self._ctx, data, len(data)) + + def finalize(self): + buf = self._backend._ffi.new("unsigned char[]", + self.algorithm.digest_size) + self._backend._lib.CCHmacFinal(self._ctx, buf) + return self._backend._ffi.buffer(buf)[:] + + +backend = Backend() diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 9a570968..4fbb3488 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -26,12 +26,6 @@ class CipherBackend(six.with_metaclass(abc.ABCMeta)): """ @abc.abstractmethod - def register_cipher_adapter(self, cipher, mode, adapter): - """ - Register an adapter for a cipher and mode to a backend specific object. - """ - - @abc.abstractmethod def create_symmetric_encryption_ctx(self, cipher, mode): """ Get a CipherContext that can be used for encryption. diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index ec2824d1..88afe997 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -37,6 +37,7 @@ class Backend(object): """ OpenSSL API binding interfaces. """ + name = "openssl" def __init__(self): self._binding = Binding() diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py index 9c1af40a..a5a0dca8 100644 --- a/cryptography/hazmat/bindings/commoncrypto/binding.py +++ b/cryptography/hazmat/bindings/commoncrypto/binding.py @@ -26,6 +26,7 @@ class Binding(object): _modules = [ "common_digest", "common_hmac", + "common_cryptor", ] ffi = None diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py new file mode 100644 index 00000000..ef0e7e10 --- /dev/null +++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py @@ -0,0 +1,94 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <CommonCrypto/CommonCryptor.h> +""" + +TYPES = """ +enum { + kCCAlgorithmAES128 = 0, + kCCAlgorithmDES, + kCCAlgorithm3DES, + kCCAlgorithmCAST, + kCCAlgorithmRC4, + kCCAlgorithmRC2, + kCCAlgorithmBlowfish +}; +typedef uint32_t CCAlgorithm; +enum { + kCCSuccess = 0, + kCCParamError = -4300, + kCCBufferTooSmall = -4301, + kCCMemoryFailure = -4302, + kCCAlignmentError = -4303, + kCCDecodeError = -4304, + kCCUnimplemented = -4305 +}; +typedef int32_t CCCryptorStatus; +typedef uint32_t CCOptions; +enum { + kCCEncrypt = 0, + kCCDecrypt, +}; +typedef uint32_t CCOperation; +typedef ... *CCCryptorRef; + +enum { + kCCModeOptionCTR_LE = 0x0001, + kCCModeOptionCTR_BE = 0x0002 +}; + +typedef uint32_t CCModeOptions; + +enum { + kCCModeECB = 1, + kCCModeCBC = 2, + kCCModeCFB = 3, + kCCModeCTR = 4, + kCCModeF8 = 5, + kCCModeLRW = 6, + kCCModeOFB = 7, + kCCModeXTS = 8, + kCCModeRC4 = 9, + kCCModeCFB8 = 10, +}; +typedef uint32_t CCMode; +enum { + ccNoPadding = 0, + ccPKCS7Padding = 1, +}; +typedef uint32_t CCPadding; +""" + +FUNCTIONS = """ +CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, + CCPadding, const void *, const void *, + size_t, const void *, size_t, int, + CCModeOptions, CCCryptorRef *); +CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, + const void *, size_t, const void *, + CCCryptorRef *); +CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const void *, size_t, void *, + size_t, size_t *); +CCCryptorStatus CCCryptorFinal(CCCryptorRef, void *, size_t, size_t *); +CCCryptorStatus CCCryptorRelease(CCCryptorRef); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" + +CONDITIONAL_NAMES = {} diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py index 59efd171..6545f329 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/bindings/openssl/bignum.py @@ -47,6 +47,9 @@ char *BN_bn2hex(const BIGNUM *); int BN_hex2bn(BIGNUM **, const char *); int BN_dec2bn(BIGNUM **, const char *); +int BN_bn2bin(const BIGNUM *, unsigned char *); +BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *); + int BN_num_bits(const BIGNUM *); """ diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 2419044f..261bbb8d 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -48,6 +48,7 @@ class Binding(object): "crypto", "dh", "dsa", + "ec", "engine", "err", "evp", diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py index 189867bd..40d91bf2 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/bindings/openssl/crypto.py @@ -16,6 +16,8 @@ INCLUDES = """ """ TYPES = """ +typedef ... CRYPTO_THREADID; + static const int SSLEAY_VERSION; static const int SSLEAY_CFLAGS; static const int SSLEAY_PLATFORM; diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index 3c12fbc6..ecc62e98 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -16,7 +16,17 @@ INCLUDES = """ """ TYPES = """ -typedef ... DH; +typedef struct dh_st { + // prime number (shared) + BIGNUM *p; + // generator of Z_p (shared) + BIGNUM *g; + // private DH value x + BIGNUM *priv_key; + // public DH value g^x + BIGNUM *pub_key; + ...; +} DH; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 3b77d7ae..609a33bf 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -16,7 +16,19 @@ INCLUDES = """ """ TYPES = """ -typedef ... DSA; +typedef struct dsa_st { + // prime number (public) + BIGNUM *p; + // 160-bit subprime, q | p-1 (public) + BIGNUM *q; + // generator of subgroup (public) + BIGNUM *g; + // private key x + BIGNUM *priv_key; + // public key y = g^x + BIGNUM *pub_key; + ...; +} DSA; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py new file mode 100644 index 00000000..9f10365a --- /dev/null +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -0,0 +1,56 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/ec.h> +#include <openssl/obj_mac.h> +""" + +TYPES = """ +static const int Cryptography_HAS_EC; + +typedef ... EC_KEY; + +static const int NID_X9_62_prime192v1; +static const int NID_X9_62_prime192v2; +static const int NID_X9_62_prime192v3; +static const int NID_X9_62_prime239v1; +static const int NID_X9_62_prime239v2; +static const int NID_X9_62_prime239v3; +static const int NID_X9_62_prime256v1; +""" + +FUNCTIONS = """ +EC_KEY *EC_KEY_new_by_curve_name(int); +void EC_KEY_free(EC_KEY *); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +#ifdef OPENSSL_NO_EC +static const long Cryptography_HAS_EC = 0; +EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; +void (*EC_KEY_free)(EC_KEY *) = NULL; +#else +static const long Cryptography_HAS_EC = 1; +#endif +""" + +CONDITIONAL_NAMES = { + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + "EC_KEY_free", + ], +} diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py index 390bfde1..77118e81 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/bindings/openssl/engine.py @@ -24,11 +24,11 @@ typedef ... ECDSA_METHOD; typedef ... DH_METHOD; typedef ... RAND_METHOD; typedef ... STORE_METHOD; -typedef ... ENGINE_GEN_INT_FUNC_PTR; -typedef ... ENGINE_CTRL_FUNC_PTR; -typedef ... ENGINE_LOAD_KEY_PTR; -typedef ... ENGINE_CIPHERS_PTR; -typedef ... ENGINE_DIGESTS_PTR; +typedef ... *ENGINE_GEN_INT_FUNC_PTR; +typedef ... *ENGINE_CTRL_FUNC_PTR; +typedef ... *ENGINE_LOAD_KEY_PTR; +typedef ... *ENGINE_CIPHERS_PTR; +typedef ... *ENGINE_DIGESTS_PTR; typedef ... ENGINE_CMD_DEFN; typedef ... UI_METHOD; diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 1b66bd2a..ddb60ef7 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -16,24 +16,166 @@ INCLUDES = """ """ TYPES = """ +static const int Cryptography_HAS_REMOVE_THREAD_STATE; + struct ERR_string_data_st { unsigned long error; const char *string; }; typedef struct ERR_string_data_st ERR_STRING_DATA; -static const int ASN1_R_BAD_PASSWORD_READ; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; +static const int ERR_LIB_ASN1; + +static const int ASN1_F_ASN1_ENUMERATED_TO_BN; +static const int ASN1_F_ASN1_EX_C2I; +static const int ASN1_F_ASN1_FIND_END; +static const int ASN1_F_ASN1_GENERALIZEDTIME_SET; +static const int ASN1_F_ASN1_GENERATE_V3; +static const int ASN1_F_ASN1_GET_OBJECT; +static const int ASN1_F_ASN1_ITEM_I2D_FP; +static const int ASN1_F_ASN1_ITEM_PACK; +static const int ASN1_F_ASN1_ITEM_SIGN; +static const int ASN1_F_ASN1_ITEM_UNPACK; +static const int ASN1_F_ASN1_ITEM_VERIFY; +static const int ASN1_F_ASN1_MBSTRING_NCOPY; +static const int ASN1_F_ASN1_TEMPLATE_EX_D2I; +static const int ASN1_F_ASN1_TEMPLATE_NEW; +static const int ASN1_F_ASN1_TEMPLATE_NOEXP_D2I; +static const int ASN1_F_ASN1_TIME_SET; +static const int ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING; +static const int ASN1_F_ASN1_TYPE_GET_OCTETSTRING; +static const int ASN1_F_ASN1_UNPACK_STRING; +static const int ASN1_F_ASN1_UTCTIME_SET; +static const int ASN1_F_ASN1_VERIFY; +static const int ASN1_F_B64_READ_ASN1; +static const int ASN1_F_B64_WRITE_ASN1; +static const int ASN1_F_BITSTR_CB; +static const int ASN1_F_BN_TO_ASN1_ENUMERATED; +static const int ASN1_F_BN_TO_ASN1_INTEGER; +static const int ASN1_F_D2I_ASN1_TYPE_BYTES; +static const int ASN1_F_D2I_ASN1_UINTEGER; +static const int ASN1_F_D2I_ASN1_UTCTIME; +static const int ASN1_F_D2I_NETSCAPE_RSA; +static const int ASN1_F_D2I_NETSCAPE_RSA_2; +static const int ASN1_F_D2I_PRIVATEKEY; +static const int ASN1_F_D2I_X509; +static const int ASN1_F_D2I_X509_CINF; +static const int ASN1_F_D2I_X509_PKEY; +static const int ASN1_F_I2D_ASN1_SET; +static const int ASN1_F_I2D_ASN1_TIME; +static const int ASN1_F_I2D_DSA_PUBKEY; +static const int ASN1_F_LONG_C2I; +static const int ASN1_F_OID_MODULE_INIT; +static const int ASN1_F_PARSE_TAGGING; +static const int ASN1_F_PKCS5_PBE_SET; +static const int ASN1_F_SMIME_READ_ASN1; +static const int ASN1_F_SMIME_TEXT; +static const int ASN1_F_X509_CINF_NEW; +static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH; +static const int ASN1_R_BUFFER_TOO_SMALL; +static const int ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER; +static const int ASN1_R_DATA_IS_WRONG; +static const int ASN1_R_DECODE_ERROR; +static const int ASN1_R_DECODING_ERROR; +static const int ASN1_R_DEPTH_EXCEEDED; +static const int ASN1_R_ENCODE_ERROR; +static const int ASN1_R_ERROR_GETTING_TIME; +static const int ASN1_R_ERROR_LOADING_SECTION; +static const int ASN1_R_MSTRING_WRONG_TAG; +static const int ASN1_R_NESTED_ASN1_STRING; +static const int ASN1_R_NO_CONTENT_TYPE; +static const int ASN1_R_NO_MATCHING_CHOICE_TYPE; +static const int ASN1_R_NO_MULTIPART_BODY_FAILURE; +static const int ASN1_R_NO_MULTIPART_BOUNDARY; +static const int ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM; +static const int ASN1_R_UNKNOWN_OBJECT_TYPE; +static const int ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE; +static const int ASN1_R_UNKNOWN_TAG; +static const int ASN1_R_UNKOWN_FORMAT; +static const int ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE; +static const int ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM; +static const int ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE; +static const int ASN1_R_UNSUPPORTED_TYPE; +static const int ASN1_R_WRONG_TAG; +static const int ASN1_R_WRONG_TYPE; +static const int EVP_F_AES_INIT_KEY; +static const int EVP_F_CAMELLIA_INIT_KEY; +static const int EVP_F_D2I_PKEY; +static const int EVP_F_DSA_PKEY2PKCS8; +static const int EVP_F_DSAPKEY2PKCS8; +static const int EVP_F_ECDSA_PKEY2PKCS8; +static const int EVP_F_ECKEY_PKEY2PKCS8; +static const int EVP_F_EVP_CIPHER_CTX_CTRL; +static const int EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH; +static const int EVP_F_EVP_CIPHERINIT_EX; static const int EVP_F_EVP_DECRYPTFINAL_EX; +static const int EVP_F_EVP_DIGESTINIT_EX; static const int EVP_F_EVP_ENCRYPTFINAL_EX; - +static const int EVP_F_EVP_MD_CTX_COPY_EX; +static const int EVP_F_EVP_OPENINIT; +static const int EVP_F_EVP_PBE_ALG_ADD; +static const int EVP_F_EVP_PBE_CIPHERINIT; +static const int EVP_F_EVP_PKCS82PKEY; +static const int EVP_F_EVP_PKEY2PKCS8_BROKEN; +static const int EVP_F_EVP_PKEY_COPY_PARAMETERS; +static const int EVP_F_EVP_PKEY_DECRYPT; +static const int EVP_F_EVP_PKEY_ENCRYPT; +static const int EVP_F_EVP_PKEY_GET1_DH; +static const int EVP_F_EVP_PKEY_GET1_DSA; +static const int EVP_F_EVP_PKEY_GET1_ECDSA; +static const int EVP_F_EVP_PKEY_GET1_EC_KEY; +static const int EVP_F_EVP_PKEY_GET1_RSA; +static const int EVP_F_EVP_PKEY_NEW; +static const int EVP_F_EVP_RIJNDAEL; +static const int EVP_F_EVP_SIGNFINAL; +static const int EVP_F_EVP_VERIFYFINAL; +static const int EVP_F_PKCS5_PBE_KEYIVGEN; +static const int EVP_F_PKCS5_V2_PBE_KEYIVGEN; +static const int EVP_F_PKCS8_SET_BROKEN; +static const int EVP_F_RC2_MAGIC_TO_METH; +static const int EVP_F_RC5_CTRL; +static const int EVP_R_AES_KEY_SETUP_FAILED; +static const int EVP_R_ASN1_LIB; +static const int EVP_R_BAD_BLOCK_LENGTH; +static const int EVP_R_BAD_KEY_LENGTH; +static const int EVP_R_BN_DECODE_ERROR; +static const int EVP_R_BN_PUBKEY_ERROR; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; +static const int EVP_R_CIPHER_PARAMETER_ERROR; +static const int EVP_R_CTRL_NOT_IMPLEMENTED; +static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED; static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; +static const int EVP_R_DECODE_ERROR; +static const int EVP_R_DIFFERENT_KEY_TYPES; +static const int EVP_R_DISABLED_FOR_FIPS; +static const int EVP_R_ENCODE_ERROR; +static const int EVP_R_INITIALIZATION_ERROR; +static const int EVP_R_INPUT_NOT_INITIALIZED; +static const int EVP_R_INVALID_KEY_LENGTH; +static const int EVP_R_IV_TOO_LARGE; +static const int EVP_R_KEYGEN_FAILURE; +static const int EVP_R_MISSING_PARAMETERS; +static const int EVP_R_NO_CIPHER_SET; +static const int EVP_R_NO_DIGEST_SET; +static const int EVP_R_NO_DSA_PARAMETERS; +static const int EVP_R_NO_SIGN_FUNCTION_CONFIGURED; +static const int EVP_R_NO_VERIFY_FUNCTION_CONFIGURED; +static const int EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE; +static const int EVP_R_PUBLIC_KEY_NOT_RSA; +static const int EVP_R_UNKNOWN_PBE_ALGORITHM; +static const int EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS; +static const int EVP_R_UNSUPPORTED_CIPHER; +static const int EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION; +static const int EVP_R_UNSUPPORTED_KEYLENGTH; +static const int EVP_R_UNSUPPORTED_SALT_TYPE; +static const int EVP_R_WRONG_FINAL_BLOCK_LENGTH; +static const int EVP_R_WRONG_PUBLIC_KEY_TYPE; static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; -static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; static const int PEM_F_D2I_PKCS8PRIVATEKEY_FP; static const int PEM_F_DO_PK8PKEY; static const int PEM_F_DO_PK8PKEY_FP; @@ -50,7 +192,6 @@ static const int PEM_F_PEM_PK8PKEY; static const int PEM_F_PEM_READ; static const int PEM_F_PEM_READ_BIO; static const int PEM_F_PEM_READ_BIO_PRIVATEKEY; -static const int PEM_F_PEM_READ_BIO_PRIVATEKEY; static const int PEM_F_PEM_READ_PRIVATEKEY; static const int PEM_F_PEM_SEALFINAL; static const int PEM_F_PEM_SEALINIT; @@ -66,12 +207,11 @@ static const int PEM_R_BAD_DECRYPT; static const int PEM_R_BAD_END_LINE; static const int PEM_R_BAD_IV_CHARS; static const int PEM_R_BAD_PASSWORD_READ; -static const int PEM_R_BAD_PASSWORD_READ; static const int PEM_R_ERROR_CONVERTING_PRIVATE_KEY; +static const int PEM_R_NO_START_LINE; static const int PEM_R_NOT_DEK_INFO; static const int PEM_R_NOT_ENCRYPTED; static const int PEM_R_NOT_PROC_TYPE; -static const int PEM_R_NO_START_LINE; static const int PEM_R_PROBLEMS_GETTING_PASSWORD; static const int PEM_R_PUBLIC_KEY_NO_RSA; static const int PEM_R_READ_KEY; @@ -114,9 +254,24 @@ int ERR_GET_LIB(unsigned long); int ERR_GET_FUNC(unsigned long); int ERR_GET_REASON(unsigned long); int ERR_FATAL_ERROR(unsigned long); +/* introduced in 1.0.0 so we have to handle this specially to continue + * supporting 0.9.8 + */ +void ERR_remove_thread_state(const CRYPTO_THREADID *); """ CUSTOMIZATIONS = """ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +static const long Cryptography_HAS_REMOVE_THREAD_STATE = 1; +#else +static const long Cryptography_HAS_REMOVE_THREAD_STATE = 0; +typedef uint32_t CRYPTO_THREADID; +void (*ERR_remove_thread_state)(const CRYPTO_THREADID *); +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_REMOVE_THREAD_STATE": [ + "ERR_remove_thread_state" + ], +} diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py index ee5552c5..8b717c2d 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/bindings/openssl/pem.py @@ -27,7 +27,7 @@ int PEM_write_bio_PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *); EVP_PKEY *PEM_read_bio_PrivateKey(BIO *, EVP_PKEY **, pem_password_cb *, - void *); + void *); int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); @@ -48,6 +48,29 @@ int PEM_write_bio_X509_CRL(BIO *, X509_CRL *); PKCS7 *PEM_read_bio_PKCS7(BIO *, PKCS7 **, pem_password_cb *, void *); DH *PEM_read_bio_DHparams(BIO *, DH **, pem_password_cb *, void *); + +DSA *PEM_read_bio_DSAPrivateKey(BIO *, DSA **, pem_password_cb *, void *); + +RSA *PEM_read_bio_RSAPrivateKey(BIO *, RSA **, pem_password_cb *, void *); + +int PEM_write_bio_DSAPrivateKey(BIO *, DSA *, const EVP_CIPHER *, + unsigned char *, int, + pem_password_cb *, void *); + +int PEM_write_bio_RSAPrivateKey(BIO *, RSA *, const EVP_CIPHER *, + unsigned char *, int, + pem_password_cb *, void *); + +DSA *PEM_read_bio_DSA_PUBKEY(BIO *, DSA **, pem_password_cb *, void *); + +RSA *PEM_read_bio_RSAPublicKey(BIO *, RSA **, pem_password_cb *, void *); + +int PEM_write_bio_DSA_PUBKEY(BIO *, DSA *); + +int PEM_write_bio_RSAPublicKey(BIO *, const RSA *); + +EVP_PKEY *PEM_read_bio_PUBKEY(BIO *, EVP_PKEY **, pem_password_cb *, void *); +int PEM_write_bio_PUBKEY(BIO *, EVP_PKEY *); """ MACROS = """ diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index d0d5ae2d..cd872d18 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -77,6 +77,7 @@ static const int SSL_OP_NO_QUERY_MTU; static const int SSL_OP_COOKIE_EXCHANGE; static const int SSL_OP_NO_TICKET; static const int SSL_OP_ALL; +static const int SSL_OP_SINGLE_ECDH_USE; static const int SSL_VERIFY_PEER; static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const int SSL_VERIFY_CLIENT_ONCE; @@ -231,6 +232,7 @@ long SSL_CTX_get_mode(SSL_CTX *); long SSL_CTX_set_session_cache_mode(SSL_CTX *, long); long SSL_CTX_get_session_cache_mode(SSL_CTX *); long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); +long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ @@ -345,6 +347,10 @@ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; #endif + +#ifdef OPENSSL_NO_EC +long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL; +#endif """ CONDITIONAL_NAMES = { @@ -385,4 +391,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [ "SSL_OP_MSIE_SSLV2_RSA_PADDING", ], + + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + ] } diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py index 9cc05506..b8253483 100644 --- a/cryptography/hazmat/bindings/utils.py +++ b/cryptography/hazmat/bindings/utils.py @@ -50,9 +50,6 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries): includes.append(module.INCLUDES) customizations.append(module.CUSTOMIZATIONS) - # loop over the functions & macros after declaring all the types - # so we can set interdependent types in different files and still - # have them all defined before we parse the funcs & macros ffi.cdef("\n".join(types + functions + macros)) # We include functions here so that if we got any of their definitions diff --git a/dev-requirements.txt b/dev-requirements.txt index b2a6c79c..70a2b9bf 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,6 +5,7 @@ iso8601 pretend pytest sphinx +sphinxcontrib-spelling sphinx_rtd_theme tox twine diff --git a/docs/changelog.rst b/docs/changelog.rst index 41db635e..0a03c396 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -1,11 +1,18 @@ Changelog ========= + 0.2 - 2014-XX-XX ~~~~~~~~~~~~~~~~ -* In development. +**In development** + +* Added :doc:`/hazmat/backends/commoncrypto` with hash and HMAC support. +* Added initial :doc:`/hazmat/bindings/commoncrypto`. +* Removed ``register_cipher_adapter`` method from + :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`. 0.1 - 2014-01-08 ~~~~~~~~~~~~~~~~ * Initial release. + diff --git a/docs/conf.py b/docs/conf.py index a42dcb22..3486fb38 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -19,6 +19,11 @@ try: except ImportError: sphinx_rtd_theme = None +try: + from sphinxcontrib import spelling +except ImportError: + spelling = None + # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the @@ -38,9 +43,11 @@ extensions = [ 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode', 'cryptography-docs', - 'sphinxcontrib.spelling', ] +if spelling is not None: + extensions.append('sphinxcontrib.spelling') + # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -263,3 +270,5 @@ texinfo_documents = [ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'http://docs.python.org/': None} + +epub_theme = 'epub' diff --git a/docs/contributing.rst b/docs/contributing.rst index 8e32c368..4bb1461d 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -250,6 +250,16 @@ each supported Python version and run the tests. For example: You may not have all the required Python versions installed, in which case you will see one or more ``InterpreterNotFound`` errors. + +Explicit Backend Selection +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +While testing you may want to run tests against a subset of the backends that +cryptography supports. Explicit backend selection can be done via the +``--backend`` flag. This flag should be passed to ``py.test`` with a comma +delimited list of backend names. To use it with ``tox`` you must pass it as +``tox -- --backend=openssl``. + Building Documentation ~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst new file mode 100644 index 00000000..af2032b6 --- /dev/null +++ b/docs/hazmat/backends/commoncrypto.rst @@ -0,0 +1,20 @@ +.. hazmat:: + +CommonCrypto Backend +==================== + +The `CommonCrypto`_ C library provided by Apple on OS X and iOS. + +.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend + +.. versionadded:: 0.2 + +.. data:: cryptography.hazmat.backends.commoncrypto.backend + + This is the exposed API for the CommonCrypto backend. It has one public attribute. + + .. attribute:: name + + The string name of this backend: ``"commoncrypto"`` + +.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index 06951281..dbc0724e 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -31,4 +31,5 @@ Individual Backends :maxdepth: 1 openssl + commoncrypto interfaces diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 5b6cd64d..11e2f2a2 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -33,25 +33,6 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: ``True`` if the specified ``cipher`` and ``mode`` combination is supported by this backend, otherwise ``False`` - .. method:: register_cipher_adapter(cipher_cls, mode_cls, adapter) - - Register an adapter which can be used to create a backend specific - object from instances of the - :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` and - the :class:`~cryptography.hazmat.primitives.interfaces.Mode` primitives. - - :param cipher_cls: A class whose instances provide - :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` - :param mode_cls: A class whose instances provide: - :class:`~cryptography.hazmat.primitives.interfaces.Mode` - :param adapter: A ``function`` that takes 3 arguments, ``backend`` (a - :class:`CipherBackend` provider), ``cipher`` (a - :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` - provider ), and ``mode`` (a - :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider). - It returns a backend specific object which may be used to construct - a :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext`. - .. method:: create_symmetric_encryption_ctx(cipher, mode) diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 404573a3..a1f2d28a 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -7,7 +7,11 @@ The `OpenSSL`_ C library. .. data:: cryptography.hazmat.backends.openssl.backend - This is the exposed API for the OpenSSL backend. It has no public attributes. + This is the exposed API for the OpenSSL backend. It has one public attribute. + + .. attribute:: name + + The string name of this backend: ``"openssl"`` Using your own OpenSSL on Linux ------------------------------- diff --git a/docs/hazmat/bindings/commoncrypto.rst b/docs/hazmat/bindings/commoncrypto.rst index 25535e02..c4f614c2 100644 --- a/docs/hazmat/bindings/commoncrypto.rst +++ b/docs/hazmat/bindings/commoncrypto.rst @@ -5,6 +5,8 @@ CommonCrypto Binding .. currentmodule:: cryptography.hazmat.bindings.commoncrypto.binding +.. versionadded:: 0.2 + These are `CFFI`_ bindings to the `CommonCrypto`_ C library. It is available on Mac OS X. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 83165690..7d954046 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -324,6 +324,11 @@ Modes return (iv, ciphertext, encryptor.tag) def decrypt(key, associated_data, iv, ciphertext, tag): + if len(tag) != 16: + raise ValueError( + "tag must be 16 bytes -- truncation not supported" + ) + # Construct a Cipher object, with the key, iv, and additionally the # GCM tag used for authenticating the message. decryptor = Cipher( diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 97356c24..75628ba5 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -14,6 +14,7 @@ hazmat indistinguishability introspectability invariants +iOS pickleable plaintext testability @@ -43,14 +43,23 @@ class cffi_build(build): """ def finalize_options(self): - from cryptography.hazmat.bindings.openssl.binding import Binding + from cryptography.hazmat.bindings.commoncrypto.binding import ( + Binding as CommonCryptoBinding + ) + from cryptography.hazmat.bindings.openssl.binding import ( + Binding as OpenSSLBinding + ) from cryptography.hazmat.primitives import constant_time, padding self.distribution.ext_modules = [ - Binding().ffi.verifier.get_extension(), + OpenSSLBinding().ffi.verifier.get_extension(), constant_time._ffi.verifier.get_extension(), padding._ffi.verifier.get_extension() ] + if CommonCryptoBinding.is_available(): + self.distribution.ext_modules.append( + CommonCryptoBinding().ffi.verifier.get_extension() + ) build.finalize_options(self) diff --git a/tests/conftest.py b/tests/conftest.py index 1d9f96ed..a9acb54a 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -5,12 +5,15 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface, check_backend_support +from .utils import check_for_iface, check_backend_support, select_backends -@pytest.fixture(params=_ALL_BACKENDS) -def backend(request): - return request.param +def pytest_generate_tests(metafunc): + names = metafunc.config.getoption("--backend") + selected_backends = select_backends(names, _ALL_BACKENDS) + + if "backend" in metafunc.fixturenames: + metafunc.parametrize("backend", selected_backends) @pytest.mark.trylast @@ -19,3 +22,10 @@ def pytest_runtest_setup(item): check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) check_backend_support(item) + + +def pytest_addoption(parser): + parser.addoption( + "--backend", action="store", metavar="NAME", + help="Only run tests matching the backend NAME." + ) diff --git a/tests/test_utils.py b/tests/test_utils.py index e3e53d63..f852f3ab 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -21,7 +21,7 @@ import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - check_backend_support + check_backend_support, select_backends ) @@ -29,6 +29,48 @@ class FakeInterface(object): pass +def test_select_one_backend(): + b1 = pretend.stub(name="b1") + b2 = pretend.stub(name="b2") + b3 = pretend.stub(name="b3") + backends = [b1, b2, b3] + name = "b2" + selected_backends = select_backends(name, backends) + assert len(selected_backends) == 1 + assert selected_backends[0] == b2 + + +def test_select_no_backend(): + b1 = pretend.stub(name="b1") + b2 = pretend.stub(name="b2") + b3 = pretend.stub(name="b3") + backends = [b1, b2, b3] + name = "back!" + with pytest.raises(ValueError): + select_backends(name, backends) + + +def test_select_backends_none(): + b1 = pretend.stub(name="b1") + b2 = pretend.stub(name="b2") + b3 = pretend.stub(name="b3") + backends = [b1, b2, b3] + name = None + selected_backends = select_backends(name, backends) + assert len(selected_backends) == 3 + + +def test_select_two_backends(): + b1 = pretend.stub(name="b1") + b2 = pretend.stub(name="b2") + b3 = pretend.stub(name="b3") + backends = [b1, b2, b3] + name = "b2 ,b1 " + selected_backends = select_backends(name, backends) + assert len(selected_backends) == 2 + assert selected_backends == [b1, b2] + + def test_check_for_iface(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: diff --git a/tests/utils.py b/tests/utils.py index 693a0c8f..a2432256 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -16,6 +16,25 @@ import os import pytest +def select_backends(names, backend_list): + if names is None: + return backend_list + split_names = [x.strip() for x in names.split(',')] + # this must be duplicated and then removed to preserve the metadata + # pytest associates. Appending backends to a new list doesn't seem to work + selected_backends = [] + for backend in backend_list: + if backend.name in split_names: + selected_backends.append(backend) + + if len(selected_backends) > 0: + return selected_backends + else: + raise ValueError( + "No backend selected. Tried to select: {0}".format(split_names) + ) + + def check_for_iface(name, iface, item): if name in item.keywords and "backend" in item.funcargs: if not isinstance(item.funcargs["backend"], iface): @@ -8,7 +8,7 @@ deps = pretend pytest commands = - coverage run --source=cryptography/,tests/ -m pytest --capture=no --strict + coverage run --source=cryptography/,tests/ -m pytest --capture=no --strict {posargs} coverage report -m [testenv:docs] @@ -28,7 +28,7 @@ commands = # Temporarily disable coverage on pypy because of performance problems with # coverage.py on pypy. [testenv:pypy] -commands = py.test --capture=no --strict +commands = py.test --capture=no --strict {posargs} [testenv:pep8] deps = flake8 |