diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-30 21:07:00 -0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-30 21:07:00 -0800 |
commit | 937451ee2771960bdea1bb3414c07da07c2baa71 (patch) | |
tree | 5e1b4a03c75f6b93e4618c866874d3ff8729c667 | |
parent | b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01 (diff) | |
parent | fbd7ffcdcda0269a654ebf373d4ec5f1e6d6d3f4 (diff) | |
download | cryptography-937451ee2771960bdea1bb3414c07da07c2baa71.tar.gz cryptography-937451ee2771960bdea1bb3414c07da07c2baa71.tar.bz2 cryptography-937451ee2771960bdea1bb3414c07da07c2baa71.zip |
Merge branch 'master' into fernet
37 files changed, 800 insertions, 569 deletions
diff --git a/AUTHORS.rst b/AUTHORS.rst index 0ef9958d..953ca55b 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -10,3 +10,4 @@ PGP key fingerprints are enclosed in parentheses. * Christian Heimes <christian@python.org> * Paul Kehrer <paul.l.kehrer@gmail.com> * Jarret Raim <jarito@gmail.com> +* Alex Stapleton <alexs@prol.etari.at> (A1C7 E50B 66DE 39ED C847 9665 8E3C 20D1 9BD9 5C4C) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index a186d592..aeaf316e 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -16,7 +16,24 @@ INCLUDES = """ """ TYPES = """ -typedef ... time_t; +/* + * TODO: This typedef is wrong. + * + * This is due to limitations of cffi. + * See https://bitbucket.org/cffi/cffi/issue/69 + * + * For another possible work-around (not used here because it involves more + * complicated use of the cffi API which falls outside the general pattern used + * by this package), see + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * + * The work-around used here is to just be sure to declare a type that is at + * least as large as the real type. Maciej explains: + * + * <fijal> I think you want to declare your value too large (e.g. long) + * <fijal> that way you'll never pass garbage + */ +typedef intptr_t time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; @@ -51,7 +68,7 @@ static const int MBSTRING_UTF8; """ FUNCTIONS = """ -ASN1_OBJECT *ASN1_OBJECT_new(); +ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *); /* ASN1 OBJECT IDENTIFIER */ @@ -59,7 +76,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **, const unsigned char **, long); int i2d_ASN1_OBJECT(ASN1_OBJECT *, unsigned char **); /* ASN1 STRING */ -ASN1_STRING *ASN1_STRING_new(); +ASN1_STRING *ASN1_STRING_new(void); ASN1_STRING *ASN1_STRING_type_new(int); void ASN1_STRING_free(ASN1_STRING *); unsigned char *ASN1_STRING_data(ASN1_STRING *); @@ -68,18 +85,18 @@ int ASN1_STRING_type(ASN1_STRING *); int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *); /* ASN1 OCTET STRING */ -ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(); +ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *, const unsigned char *, int); /* ASN1 INTEGER */ -ASN1_INTEGER *ASN1_INTEGER_new(); +ASN1_INTEGER *ASN1_INTEGER_new(void); void ASN1_INTEGER_free(ASN1_INTEGER *); int ASN1_INTEGER_set(ASN1_INTEGER *, long); int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *); /* ASN1 TIME */ -ASN1_TIME *ASN1_TIME_new(); +ASN1_TIME *ASN1_TIME_new(void); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, ASN1_GENERALIZEDTIME **); @@ -92,7 +109,7 @@ void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); /* ASN1 ENUMERATED */ -ASN1_ENUMERATED *ASN1_ENUMERATED_new(); +ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); void ASN1_ENUMERATED_free(ASN1_ENUMERATED *); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long); @@ -102,7 +119,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long, MACROS = """ ASN1_TIME *M_ASN1_TIME_dup(void *); -ASN1_ITEM_EXP *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); +const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ @@ -118,6 +135,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *); long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); +ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 7b67fb0b..6231aadb 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -85,6 +85,7 @@ class Backend(object): "evp", "hmac", "nid", + "objects", "opensslv", "pem", "pkcs7", diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 68d0c3a2..59efd171 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -17,11 +17,28 @@ INCLUDES = """ TYPES = """ typedef ... BIGNUM; -typedef ... BN_ULONG; +/* + * TODO: This typedef is wrong. + * + * This is due to limitations of cffi. + * See https://bitbucket.org/cffi/cffi/issue/69 + * + * For another possible work-around (not used here because it involves more + * complicated use of the cffi API which falls outside the general pattern used + * by this package), see + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * + * The work-around used here is to just be sure to declare a type that is at + * least as large as the real type. Maciej explains: + * + * <fijal> I think you want to declare your value too large (e.g. long) + * <fijal> that way you'll never pass garbage + */ +typedef uintptr_t BN_ULONG; """ FUNCTIONS = """ -BIGNUM *BN_new(); +BIGNUM *BN_new(void); void BN_free(BIGNUM *); int BN_set_word(BIGNUM *, BN_ULONG); diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py index d164804f..279ad223 100644 --- a/cryptography/hazmat/backends/openssl/bio.py +++ b/cryptography/hazmat/backends/openssl/bio.py @@ -50,6 +50,49 @@ struct bio_st { ...; }; typedef ... BUF_MEM; + +static const int BIO_TYPE_MEM; +static const int BIO_TYPE_FILE; +static const int BIO_TYPE_FD; +static const int BIO_TYPE_SOCKET; +static const int BIO_TYPE_CONNECT; +static const int BIO_TYPE_ACCEPT; +static const int BIO_TYPE_NULL; +static const int BIO_CLOSE; +static const int BIO_NOCLOSE; +static const int BIO_TYPE_SOURCE_SINK; +static const int BIO_CTRL_RESET; +static const int BIO_CTRL_EOF; +static const int BIO_CTRL_SET; +static const int BIO_CTRL_SET_CLOSE; +static const int BIO_CTRL_FLUSH; +static const int BIO_CTRL_DUP; +static const int BIO_CTRL_GET_CLOSE; +static const int BIO_CTRL_INFO; +static const int BIO_CTRL_GET; +static const int BIO_CTRL_PENDING; +static const int BIO_CTRL_WPENDING; +static const int BIO_C_FILE_SEEK; +static const int BIO_C_FILE_TELL; +static const int BIO_TYPE_NONE; +static const int BIO_TYPE_PROXY_CLIENT; +static const int BIO_TYPE_PROXY_SERVER; +static const int BIO_TYPE_NBIO_TEST; +static const int BIO_TYPE_BER; +static const int BIO_TYPE_BIO; +static const int BIO_TYPE_DESCRIPTOR; +static const int BIO_FLAGS_READ; +static const int BIO_FLAGS_WRITE; +static const int BIO_FLAGS_IO_SPECIAL; +static const int BIO_FLAGS_RWS; +static const int BIO_FLAGS_SHOULD_RETRY; +static const int BIO_TYPE_NULL_FILTER; +static const int BIO_TYPE_SSL; +static const int BIO_TYPE_MD; +static const int BIO_TYPE_BUFFER; +static const int BIO_TYPE_CIPHER; +static const int BIO_TYPE_BASE64; +static const int BIO_TYPE_FILTER; """ FUNCTIONS = """ @@ -63,16 +106,16 @@ BIO *BIO_pop(BIO *); BIO *BIO_next(BIO *); BIO *BIO_find_type(BIO *, int); int BIO_method_type(const BIO *); -BIO_METHOD *BIO_s_mem(); +BIO_METHOD *BIO_s_mem(void); BIO *BIO_new_mem_buf(void *, int); -BIO_METHOD *BIO_s_file(); +BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *, const char *); BIO *BIO_new_fp(FILE *, int); -BIO_METHOD *BIO_s_fd(); +BIO_METHOD *BIO_s_fd(void); BIO *BIO_new_fd(int, int); -BIO_METHOD *BIO_s_socket(); +BIO_METHOD *BIO_s_socket(void); BIO *BIO_new_socket(int, int); -BIO_METHOD *BIO_s_null(); +BIO_METHOD *BIO_s_null(void); long BIO_ctrl(BIO *, int, long, void *); long BIO_callback_ctrl( BIO *, @@ -87,8 +130,8 @@ int BIO_read(BIO *, void *, int); int BIO_gets(BIO *, char *, int); int BIO_write(BIO *, const void *, int); int BIO_puts(BIO *, const char *); -BIO_METHOD *BIO_f_null(); -BIO_METHOD *BIO_f_buffer(); +BIO_METHOD *BIO_f_null(void); +BIO_METHOD *BIO_f_buffer(void); """ MACROS = """ @@ -100,10 +143,10 @@ long BIO_set_mem_buf(BIO *, BUF_MEM *, int); long BIO_get_mem_ptr(BIO *, BUF_MEM **); long BIO_set_fp(BIO *, FILE *, int); long BIO_get_fp(BIO *, FILE **); -int BIO_read_filename(BIO *, char *); -int BIO_write_filename(BIO *, char *); -int BIO_append_filename(BIO *, char *); -int BIO_rw_filename(BIO *, char *); +long BIO_read_filename(BIO *, char *); +long BIO_write_filename(BIO *, char *); +long BIO_append_filename(BIO *, char *); +long BIO_rw_filename(BIO *, char *); int BIO_should_read(BIO *); int BIO_should_write(BIO *); int BIO_should_io_special(BIO *); @@ -125,48 +168,6 @@ long BIO_set_read_buffer_size(BIO *, long); long BIO_set_write_buffer_size(BIO *, long); long BIO_set_buffer_size(BIO *, long); long BIO_set_buffer_read_data(BIO *, void *, long); -#define BIO_TYPE_MEM ... -#define BIO_TYPE_FILE ... -#define BIO_TYPE_FD ... -#define BIO_TYPE_SOCKET ... -#define BIO_TYPE_CONNECT ... -#define BIO_TYPE_ACCEPT ... -#define BIO_TYPE_NULL ... -#define BIO_CLOSE ... -#define BIO_NOCLOSE ... -#define BIO_TYPE_SOURCE_SINK ... -#define BIO_CTRL_RESET ... -#define BIO_CTRL_EOF ... -#define BIO_CTRL_SET ... -#define BIO_CTRL_SET_CLOSE ... -#define BIO_CTRL_FLUSH ... -#define BIO_CTRL_DUP ... -#define BIO_CTRL_GET_CLOSE ... -#define BIO_CTRL_INFO ... -#define BIO_CTRL_GET ... -#define BIO_CTRL_PENDING ... -#define BIO_CTRL_WPENDING ... -#define BIO_C_FILE_SEEK ... -#define BIO_C_FILE_TELL ... -#define BIO_TYPE_NONE ... -#define BIO_TYPE_PROXY_CLIENT ... -#define BIO_TYPE_PROXY_SERVER ... -#define BIO_TYPE_NBIO_TEST ... -#define BIO_TYPE_BER ... -#define BIO_TYPE_BIO ... -#define BIO_TYPE_DESCRIPTOR ... -#define BIO_FLAGS_READ ... -#define BIO_FLAGS_WRITE ... -#define BIO_FLAGS_IO_SPECIAL ... -#define BIO_FLAGS_RWS ... -#define BIO_FLAGS_SHOULD_RETRY ... -#define BIO_TYPE_NULL_FILTER ... -#define BIO_TYPE_SSL ... -#define BIO_TYPE_MD ... -#define BIO_TYPE_BUFFER ... -#define BIO_TYPE_CIPHER ... -#define BIO_TYPE_BASE64 ... -#define BIO_TYPE_FILTER ... """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 71d32c52..835be14b 100644 --- a/cryptography/hazmat/backends/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py @@ -21,27 +21,30 @@ static const int SSLEAY_CFLAGS; static const int SSLEAY_PLATFORM; static const int SSLEAY_DIR; static const int SSLEAY_BUILT_ON; +static const int CRYPTO_MEM_CHECK_ON; +static const int CRYPTO_MEM_CHECK_OFF; +static const int CRYPTO_MEM_CHECK_ENABLE; +static const int CRYPTO_MEM_CHECK_DISABLE; """ FUNCTIONS = """ +unsigned long SSLeay(void); +const char *SSLeay_version(int); + void CRYPTO_free(void *); int CRYPTO_mem_ctrl(int); -int CRYPTO_is_mem_check_on(); +int CRYPTO_is_mem_check_on(void); void CRYPTO_mem_leaks(struct bio_st *); -void CRYPTO_cleanup_all_ex_data(); +void CRYPTO_cleanup_all_ex_data(void); void OPENSSL_free(void *); """ MACROS = """ void CRYPTO_add(int *, int, int); -void CRYPTO_malloc_init(); -void CRYPTO_malloc_debug_init(); +void CRYPTO_malloc_init(void); +void CRYPTO_malloc_debug_init(void); -#define CRYPTO_MEM_CHECK_ON ... -#define CRYPTO_MEM_CHECK_OFF ... -#define CRYPTO_MEM_CHECK_ENABLE ... -#define CRYPTO_MEM_CHECK_DISABLE ... """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/dh.py b/cryptography/hazmat/backends/openssl/dh.py index 56fa8b46..3c12fbc6 100644 --- a/cryptography/hazmat/backends/openssl/dh.py +++ b/cryptography/hazmat/backends/openssl/dh.py @@ -20,7 +20,7 @@ typedef ... DH; """ FUNCTIONS = """ -DH *DH_new(); +DH *DH_new(void); void DH_free(DH *); """ diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index cc214f84..390bfde1 100644 --- a/cryptography/hazmat/backends/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -17,11 +17,36 @@ INCLUDES = """ TYPES = """ typedef ... ENGINE; +typedef ... RSA_METHOD; +typedef ... DSA_METHOD; +typedef ... ECDH_METHOD; +typedef ... ECDSA_METHOD; +typedef ... DH_METHOD; +typedef ... RAND_METHOD; +typedef ... STORE_METHOD; +typedef ... ENGINE_GEN_INT_FUNC_PTR; +typedef ... ENGINE_CTRL_FUNC_PTR; +typedef ... ENGINE_LOAD_KEY_PTR; +typedef ... ENGINE_CIPHERS_PTR; +typedef ... ENGINE_DIGESTS_PTR; +typedef ... ENGINE_CMD_DEFN; +typedef ... UI_METHOD; + +static const unsigned int ENGINE_METHOD_RSA; +static const unsigned int ENGINE_METHOD_DSA; +static const unsigned int ENGINE_METHOD_RAND; +static const unsigned int ENGINE_METHOD_ECDH; +static const unsigned int ENGINE_METHOD_ECDSA; +static const unsigned int ENGINE_METHOD_CIPHERS; +static const unsigned int ENGINE_METHOD_DIGESTS; +static const unsigned int ENGINE_METHOD_STORE; +static const unsigned int ENGINE_METHOD_ALL; +static const unsigned int ENGINE_METHOD_NONE; """ FUNCTIONS = """ -ENGINE *ENGINE_get_first(); -ENGINE *ENGINE_get_last(); +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); ENGINE *ENGINE_get_next(ENGINE *); ENGINE *ENGINE_get_prev(ENGINE *); int ENGINE_add(ENGINE *); @@ -29,16 +54,20 @@ int ENGINE_remove(ENGINE *); ENGINE *ENGINE_by_id(const char *); int ENGINE_init(ENGINE *); int ENGINE_finish(ENGINE *); -int ENGINE_free(ENGINE *); -void ENGINE_cleanup(); -void ENGINE_load_dynamic(); -void ENGINE_load_builtin_engines(); -int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); -int ENGINE_set_default(ENGINE *, unsigned int); -int ENGINE_register_complete(ENGINE *); - +void ENGINE_load_openssl(void); +void ENGINE_load_dynamic(void); +void ENGINE_load_cryptodev(void); +void ENGINE_load_builtin_engines(void); +void ENGINE_cleanup(void); +ENGINE *ENGINE_get_default_RSA(void); +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +ENGINE *ENGINE_get_cipher_engine(int); +ENGINE *ENGINE_get_digest_engine(int); int ENGINE_set_default_RSA(ENGINE *); -int ENGINE_set_default_string(ENGINE *, const char *); int ENGINE_set_default_DSA(ENGINE *); int ENGINE_set_default_ECDH(ENGINE *); int ENGINE_set_default_ECDSA(ENGINE *); @@ -46,19 +75,86 @@ int ENGINE_set_default_DH(ENGINE *); int ENGINE_set_default_RAND(ENGINE *); int ENGINE_set_default_ciphers(ENGINE *); int ENGINE_set_default_digests(ENGINE *); +int ENGINE_set_default_string(ENGINE *, const char *); +int ENGINE_set_default(ENGINE *, unsigned int); +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int); +int ENGINE_register_RSA(ENGINE *); +void ENGINE_unregister_RSA(ENGINE *); +void ENGINE_register_all_RSA(void); +int ENGINE_register_DSA(ENGINE *); +void ENGINE_unregister_DSA(ENGINE *); +void ENGINE_register_all_DSA(void); +int ENGINE_register_ECDH(ENGINE *); +void ENGINE_unregister_ECDH(ENGINE *); +void ENGINE_register_all_ECDH(void); +int ENGINE_register_ECDSA(ENGINE *); +void ENGINE_unregister_ECDSA(ENGINE *); +void ENGINE_register_all_ECDSA(void); +int ENGINE_register_DH(ENGINE *); +void ENGINE_unregister_DH(ENGINE *); +void ENGINE_register_all_DH(void); +int ENGINE_register_RAND(ENGINE *); +void ENGINE_unregister_RAND(ENGINE *); +void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *); +void ENGINE_unregister_STORE(ENGINE *); +void ENGINE_register_all_STORE(void); +int ENGINE_register_ciphers(ENGINE *); +void ENGINE_unregister_ciphers(ENGINE *); +void ENGINE_register_all_ciphers(void); +int ENGINE_register_digests(ENGINE *); +void ENGINE_unregister_digests(ENGINE *); +void ENGINE_register_all_digests(void); +int ENGINE_register_complete(ENGINE *); +int ENGINE_register_all_complete(void); +int ENGINE_ctrl(ENGINE *, int, long, void *, void (*)(void)); +int ENGINE_cmd_is_executable(ENGINE *, int); +int ENGINE_ctrl_cmd(ENGINE *, const char *, long, void *, void (*)(void), int); +int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); + +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DSA(ENGINE *, const DSA_METHOD *); +int ENGINE_set_ECDH(ENGINE *, const ECDH_METHOD *); +int ENGINE_set_ECDSA(ENGINE *, const ECDSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_RAND(ENGINE *, const RAND_METHOD *); +int ENGINE_set_STORE(ENGINE *, const STORE_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_init_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_finish_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_ctrl_function(ENGINE *, ENGINE_CTRL_FUNC_PTR); +int ENGINE_set_load_privkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR); +int ENGINE_set_load_pubkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR); +int ENGINE_set_ciphers(ENGINE *, ENGINE_CIPHERS_PTR); +int ENGINE_set_digests(ENGINE *, ENGINE_DIGESTS_PTR); +int ENGINE_set_flags(ENGINE *, int); +int ENGINE_set_cmd_defns(ENGINE *, const ENGINE_CMD_DEFN *); +const char *ENGINE_get_id(const ENGINE *); +const char *ENGINE_get_name(const ENGINE *); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *); +const DH_METHOD *ENGINE_get_DH(const ENGINE *); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *); + +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *, int); +const EVP_MD *ENGINE_get_digest(ENGINE *, int); +int ENGINE_get_flags(const ENGINE *); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *); +EVP_PKEY *ENGINE_load_private_key(ENGINE *, const char *, UI_METHOD *, void *); +EVP_PKEY *ENGINE_load_public_key(ENGINE *, const char *, UI_METHOD *, void *); +void ENGINE_add_conf_module(void); """ MACROS = """ -#define ENGINE_METHOD_RSA ... -#define ENGINE_METHOD_DSA ... -#define ENGINE_METHOD_RAND ... -#define ENGINE_METHOD_ECDH ... -#define ENGINE_METHOD_ECDSA ... -#define ENGINE_METHOD_CIPHERS ... -#define ENGINE_METHOD_DIGESTS ... -#define ENGINE_METHOD_STORE ... -#define ENGINE_METHOD_ALL ... -#define ENGINE_METHOD_NONE ... """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/err.py b/cryptography/hazmat/backends/openssl/err.py index 2fb8bbe1..6b2a77b1 100644 --- a/cryptography/hazmat/backends/openssl/err.py +++ b/cryptography/hazmat/backends/openssl/err.py @@ -38,8 +38,8 @@ static const int ASN1_R_BAD_PASSWORD_READ; """ FUNCTIONS = """ -void ERR_load_crypto_strings(); -void ERR_free_strings(); +void ERR_load_crypto_strings(void); +void ERR_free_strings(void); char* ERR_error_string(unsigned long, char *); void ERR_error_string_n(unsigned long, char *, size_t); const char* ERR_lib_error_string(unsigned long); @@ -47,9 +47,9 @@ const char* ERR_func_error_string(unsigned long); const char* ERR_reason_error_string(unsigned long); void ERR_print_errors(BIO *); void ERR_print_errors_fp(FILE *); -unsigned long ERR_get_error(); -unsigned long ERR_peek_error(); -unsigned long ERR_peek_last_error(); +unsigned long ERR_get_error(void); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_last_error(void); unsigned long ERR_get_error_line(const char **, int *); unsigned long ERR_peek_error_line(const char **, int *); unsigned long ERR_peek_last_error_line(const char **, int *); @@ -61,7 +61,7 @@ unsigned long ERR_peek_last_error_line_data(const char **, int *, const char **, int *); void ERR_put_error(int, int, int, const char *, int); void ERR_add_error_data(int, ...); -int ERR_get_next_error_library(); +int ERR_get_next_error_library(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index 0662b1ef..c426e52e 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -24,7 +24,9 @@ typedef struct { ...; } EVP_CIPHER_CTX; typedef ... EVP_MD; -typedef struct env_md_ctx_st EVP_MD_CTX; +typedef struct env_md_ctx_st { + ...; +} EVP_MD_CTX; typedef struct evp_pkey_st { int type; @@ -32,6 +34,7 @@ typedef struct evp_pkey_st { } EVP_PKEY; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; +static const int EVP_MAX_MD_SIZE; static const int EVP_CTRL_GCM_SET_IVLEN; static const int EVP_CTRL_GCM_GET_TAG; static const int EVP_CTRL_GCM_SET_TAG; @@ -40,8 +43,6 @@ static const int Cryptography_HAS_GCM; """ FUNCTIONS = """ -void OpenSSL_add_all_algorithms(); - const EVP_CIPHER *EVP_get_cipherbyname(const char *); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, const unsigned char *, const unsigned char *); @@ -63,11 +64,11 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *); int EVP_CIPHER_block_size(const EVP_CIPHER *); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); -EVP_MD_CTX *EVP_MD_CTX_create(); +EVP_MD_CTX *EVP_MD_CTX_create(void); int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t); @@ -78,7 +79,7 @@ const EVP_MD *EVP_get_digestbyname(const char *); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *); int EVP_MD_size(const EVP_MD *); -EVP_PKEY *EVP_PKEY_new(); +EVP_PKEY *EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *); int EVP_PKEY_type(int); int EVP_PKEY_bits(EVP_PKEY *); @@ -92,9 +93,12 @@ int EVP_VerifyInit(EVP_MD_CTX *, const EVP_MD *); int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); + +const EVP_MD *EVP_md5(void); """ MACROS = """ +void OpenSSL_add_all_algorithms(void); int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); diff --git a/cryptography/hazmat/backends/openssl/nid.py b/cryptography/hazmat/backends/openssl/nid.py index 111f82f9..40aed19f 100644 --- a/cryptography/hazmat/backends/openssl/nid.py +++ b/cryptography/hazmat/backends/openssl/nid.py @@ -37,6 +37,7 @@ static const int NID_ecdsa_with_SHA384; static const int NID_ecdsa_with_SHA512; static const int NID_crl_reason; static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +static const int NID_subject_alt_name; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py new file mode 100644 index 00000000..0abc42d6 --- /dev/null +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -0,0 +1,43 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/objects.h> +""" + +TYPES = """ +""" + +FUNCTIONS = """ +ASN1_OBJECT *OBJ_nid2obj(int); +const char *OBJ_nid2ln(int); +const char *OBJ_nid2sn(int); +int OBJ_obj2nid(const ASN1_OBJECT *); +int OBJ_ln2nid(const char *); +int OBJ_sn2nid(const char *); +int OBJ_txt2nid(const char *); +ASN1_OBJECT *OBJ_txt2obj(const char *, int); +int OBJ_obj2txt(char *, int, const ASN1_OBJECT *, int); +int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *); +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *); +int OBJ_create(const char *, const char *, const char *); +void OBJ_cleanup(void); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" + +CONDITIONAL_NAMES = {} diff --git a/cryptography/hazmat/backends/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py index 4e110327..397f4ca2 100644 --- a/cryptography/hazmat/backends/openssl/opensslv.py +++ b/cryptography/hazmat/backends/openssl/opensslv.py @@ -17,7 +17,7 @@ INCLUDES = """ TYPES = """ static const int OPENSSL_VERSION_NUMBER; -static char *const OPENSSL_VERSION_TEXT; +static const char *const OPENSSL_VERSION_TEXT; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py index b3ecd0aa..bd01e756 100644 --- a/cryptography/hazmat/backends/openssl/pkcs12.py +++ b/cryptography/hazmat/backends/openssl/pkcs12.py @@ -28,9 +28,9 @@ int i2d_PKCS12_bio(BIO *, PKCS12 *); MACROS = """ int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, - struct stack_st_X509 **); + Cryptography_STACK_OF_X509 **); PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, - struct stack_st_X509 *, int, int, int, int, int); + Cryptography_STACK_OF_X509 *, int, int, int, int, int); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py index 5ac36cac..0e645fbc 100644 --- a/cryptography/hazmat/backends/openssl/rand.py +++ b/cryptography/hazmat/backends/openssl/rand.py @@ -19,17 +19,17 @@ TYPES = """ """ FUNCTIONS = """ -void ERR_load_RAND_strings(); +void ERR_load_RAND_strings(void); void RAND_seed(const void *, int); void RAND_add(const void *, int, double); -int RAND_status(); +int RAND_status(void); int RAND_egd(const char *); int RAND_egd_bytes(const char *, int); int RAND_query_egd_bytes(const char *, unsigned char *, int); const char *RAND_file_name(char *, size_t); int RAND_load_file(const char *, long); int RAND_write_file(const char *); -void RAND_cleanup(); +void RAND_cleanup(void); int RAND_bytes(unsigned char *, int); int RAND_pseudo_bytes(unsigned char *, int); """ diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index e3a24d0f..a44ca4a6 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -33,10 +33,11 @@ static const int RSA_SSLV23_PADDING; static const int RSA_NO_PADDING; static const int RSA_PKCS1_OAEP_PADDING; static const int RSA_X931_PADDING; +static const int RSA_F4; """ FUNCTIONS = """ -RSA *RSA_new(); +RSA *RSA_new(void); void RSA_free(RSA *); int RSA_size(const RSA *); int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); @@ -50,6 +51,7 @@ int RSA_public_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); int RSA_private_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); +int RSA_print(BIO *, const RSA *, int); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index f99c2636..d0d5ae2d 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -16,8 +16,12 @@ INCLUDES = """ """ TYPES = """ -/* Internally invented symbol to tell us if SSLv2 is supported */ +/* + * Internally invented symbols to tell which versions of SSL/TLS are supported. +*/ static const int Cryptography_HAS_SSL2; +static const int Cryptography_HAS_TLSv1_1; +static const int Cryptography_HAS_TLSv1_2; /* Internally invented symbol to tell us if SNI is supported */ static const int Cryptography_HAS_TLSEXT_HOSTNAME; @@ -32,6 +36,8 @@ static const int Cryptography_HAS_RELEASE_BUFFERS; */ static const int Cryptography_HAS_OP_NO_COMPRESSION; +static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; + static const int SSL_FILETYPE_PEM; static const int SSL_FILETYPE_ASN1; static const int SSL_ERROR_NONE; @@ -46,6 +52,8 @@ static const int SSL_RECEIVED_SHUTDOWN; static const int SSL_OP_NO_SSLv2; static const int SSL_OP_NO_SSLv3; static const int SSL_OP_NO_TLSv1; +static const int SSL_OP_NO_TLSv1_1; +static const int SSL_OP_NO_TLSv1_2; static const int SSL_OP_NO_COMPRESSION; static const int SSL_OP_SINGLE_DH_USE; static const int SSL_OP_EPHEMERAL_RSA; @@ -54,6 +62,7 @@ static const int SSL_OP_NETSCAPE_CHALLENGE_BUG; static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; +static const int SSL_OP_MSIE_SSLV2_RSA_PADDING; static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG; static const int SSL_OP_TLS_D5_BUG; static const int SSL_OP_TLS_BLOCK_PADDING_BUG; @@ -132,8 +141,8 @@ static const int TLSEXT_NAMETYPE_host_name; """ FUNCTIONS = """ -void SSL_load_error_strings(); -int SSL_library_init(); +void SSL_load_error_strings(void); +int SSL_library_init(void); /* SSL */ SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); @@ -157,6 +166,10 @@ int SSL_pending(const SSL *); int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); + +Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); +Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); + int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); @@ -186,6 +199,9 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); +void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); + + /* X509_STORE_CTX */ int X509_STORE_CTX_get_error(X509_STORE_CTX *); void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); @@ -206,7 +222,7 @@ long SSL_get_options(SSL *); int SSL_want_read(const SSL *); int SSL_want_write(const SSL *); -int SSL_total_renegotiations(SSL *); +long SSL_total_renegotiations(SSL *); long SSL_CTX_set_options(SSL_CTX *, long); long SSL_CTX_get_options(SSL_CTX *); @@ -219,33 +235,49 @@ long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ +/* methods */ + /* SSLv2 support is compiled out of some versions of OpenSSL. These will * get special support when we generate the bindings so that if they are * available they will be wrapped, but if they are not they won't cause * problems (like link errors). */ -const SSL_METHOD *SSLv2_method(); -const SSL_METHOD *SSLv2_server_method(); -const SSL_METHOD *SSLv2_client_method(); +const SSL_METHOD *SSLv2_method(void); +const SSL_METHOD *SSLv2_server_method(void); +const SSL_METHOD *SSLv2_client_method(void); -/* methods */ -const SSL_METHOD *SSLv3_method(); -const SSL_METHOD *SSLv3_server_method(); -const SSL_METHOD *SSLv3_client_method(); -const SSL_METHOD *TLSv1_method(); -const SSL_METHOD *TLSv1_server_method(); -const SSL_METHOD *TLSv1_client_method(); -const SSL_METHOD *SSLv23_method(); -const SSL_METHOD *SSLv23_server_method(); -const SSL_METHOD *SSLv23_client_method(); +/* + * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of + * OpenSSL support them. + */ +const SSL_METHOD *TLSv1_1_method(void); +const SSL_METHOD *TLSv1_1_server_method(void); +const SSL_METHOD *TLSv1_1_client_method(void); + +const SSL_METHOD *TLSv1_2_method(void); +const SSL_METHOD *TLSv1_2_server_method(void); +const SSL_METHOD *TLSv1_2_client_method(void); + +const SSL_METHOD *SSLv3_method(void); +const SSL_METHOD *SSLv3_server_method(void); +const SSL_METHOD *SSLv3_client_method(void); + +const SSL_METHOD *TLSv1_method(void); +const SSL_METHOD *TLSv1_server_method(void); +const SSL_METHOD *TLSv1_client_method(void); + +const SSL_METHOD *SSLv23_method(void); +const SSL_METHOD *SSLv23_server_method(void); +const SSL_METHOD *SSLv23_client_method(void); /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ -SSL_CTX *SSL_CTX_new(const SSL_METHOD *); +SSL_CTX *SSL_CTX_new(SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); /* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support * earlier versions some special handling of these is necessary. */ +const char *SSL_get_servername(const SSL *, const int); void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, @@ -255,9 +287,9 @@ void SSL_CTX_set_tlsext_servername_callback( CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_SSL2 static const long Cryptography_HAS_SSL2 = 0; -SSL_METHOD* (*SSLv2_method)() = NULL; -SSL_METHOD* (*SSLv2_client_method)() = NULL; -SSL_METHOD* (*SSLv2_server_method)() = NULL; +SSL_METHOD* (*SSLv2_method)(void) = NULL; +SSL_METHOD* (*SSLv2_client_method)(void) = NULL; +SSL_METHOD* (*SSLv2_server_method)(void) = NULL; #else static const long Cryptography_HAS_SSL2 = 1; #endif @@ -286,9 +318,50 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif + +#ifdef SSL_OP_NO_TLSv1_1 +static const long Cryptography_HAS_TLSv1_1 = 1; +#else +static const long Cryptography_HAS_TLSv1_1 = 0; +static const long SSL_OP_NO_TLSv1_1 = 0; +SSL_METHOD* (*TLSv1_1_method)(void) = NULL; +SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL; +SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; +#endif + +#ifdef SSL_OP_NO_TLSv1_2 +static const long Cryptography_HAS_TLSv1_2 = 1; +#else +static const long Cryptography_HAS_TLSv1_2 = 0; +static const long SSL_OP_NO_TLSv1_2 = 0; +SSL_METHOD* (*TLSv1_2_method)(void) = NULL; +SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; +SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; +#endif + +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; +#else +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; +const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; +#endif """ CONDITIONAL_NAMES = { + "Cryptography_HAS_TLSv1_1": [ + "SSL_OP_NO_TLSv1_1", + "TLSv1_1_method", + "TLSv1_1_server_method", + "TLSv1_1_client_method", + ], + + "Cryptography_HAS_TLSv1_2": [ + "SSL_OP_NO_TLSv1_2", + "TLSv1_2_method", + "TLSv1_2_server_method", + "TLSv1_2_client_method", + ], + "Cryptography_HAS_SSL2": [ "SSLv2_method", "SSLv2_client_method", @@ -309,4 +382,7 @@ CONDITIONAL_NAMES = { "SSL_OP_NO_COMPRESSION", ], + "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [ + "SSL_OP_MSIE_SSLV2_RSA_PADDING", + ], } diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 5cba476e..840254a2 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -13,9 +13,22 @@ INCLUDES = """ #include <openssl/ssl.h> + +/* + * This is part of a work-around for the difficulty cffi has in dealing with + * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that + * will be an alias for this type and use the alias throughout. This works + * together with another opaque typedef for the same name in the TYPES section. + * Note that the result is an opaque type. + */ +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ +typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_REVOKED; + typedef struct { ASN1_OBJECT *algorithm; ...; @@ -36,8 +49,6 @@ typedef ... X509_EXTENSIONS; typedef ... X509_REQ; -typedef ... x509_revoked_st; - typedef struct { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; @@ -47,7 +58,7 @@ typedef struct { } X509_REVOKED; typedef struct { - struct stack_st_X509_REVOKED *revoked; + Cryptography_STACK_OF_X509_REVOKED *revoked; ...; } X509_CRL_INFO; @@ -66,7 +77,7 @@ typedef ... NETSCAPE_SPKI; """ FUNCTIONS = """ -X509 *X509_new(); +X509 *X509_new(void); void X509_free(X509 *); X509 *X509_dup(X509 *); @@ -101,7 +112,7 @@ ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); void X509_EXTENSION_free(X509_EXTENSION *); int X509_REQ_set_version(X509_REQ *, long); -X509_REQ *X509_REQ_new(); +X509_REQ *X509_REQ_new(void); void X509_REQ_free(X509_REQ *); int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); @@ -113,7 +124,7 @@ int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); -X509_REVOKED *X509_REVOKED_new(); +X509_REVOKED *X509_REVOKED_new(void); void X509_REVOKED_free(X509_REVOKED *); int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); @@ -121,7 +132,7 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); -X509_CRL *X509_CRL_new(); +X509_CRL *X509_CRL_new(void); void X509_CRL_free(X509_CRL *); int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); int i2d_X509_CRL_bio(BIO *, X509_CRL *); @@ -134,7 +145,7 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); -NETSCAPE_SPKI *NETSCAPE_SPKI_new(); +NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); /* ASN1 serialization */ @@ -151,7 +162,7 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *); int X509_set_serialNumber(X509 *, ASN1_INTEGER *); /* X509_STORE */ -X509_STORE *X509_STORE_new(); +X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *); int X509_STORE_add_cert(X509_STORE *, X509 *); """ @@ -165,25 +176,25 @@ ASN1_TIME *X509_get_notAfter(X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); -struct stack_st_X509 *sk_X509_new_null(); -void sk_X509_free(struct stack_st_X509 *); -int sk_X509_num(struct stack_st_X509 *); -int sk_X509_push(struct stack_st_X509 *, X509 *); -X509 *sk_X509_value(struct stack_st_X509 *, int); +Cryptography_STACK_OF_X509 *sk_X509_new_null(void); +void sk_X509_free(Cryptography_STACK_OF_X509 *); +int sk_X509_num(Cryptography_STACK_OF_X509 *); +int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *); +X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int); -X509_EXTENSIONS *sk_X509_EXTENSION_new_null(); +X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); int sk_X509_EXTENSION_num(X509_EXTENSIONS *); X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); -void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); +X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); -int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *); -X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int); +int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); +X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ -int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); -int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *); +int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); +int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 4be39b53..bf627d61 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -13,11 +13,17 @@ INCLUDES = """ #include <openssl/x509.h> + +/* + * See the comment above Cryptography_STACK_OF_X509 in x509.py + */ +typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ typedef ... X509_NAME; typedef ... X509_NAME_ENTRY; +typedef ... Cryptography_STACK_OF_X509_NAME; """ FUNCTIONS = """ @@ -40,11 +46,11 @@ void X509_NAME_free(X509_NAME *); """ MACROS = """ -struct stack_st_X509_NAME *sk_X509_NAME_new_null(); -int sk_X509_NAME_num(struct stack_st_X509_NAME *); -int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); -X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); -void sk_X509_NAME_free(struct stack_st_X509_NAME *); +Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void); +int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *); +int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *); +X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int); +void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *); """ CUSTOMIZATIONS = """ diff --git a/docs/contributing.rst b/docs/contributing.rst index 620e1b6a..657c4359 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -110,14 +110,14 @@ Don't name parameters: ...; }; -Don't include stray ``void`` parameters: +Include ``void`` if the function takes no arguments: .. code-block:: c // Good - long f(); - // Bad long f(void); + // Bad + long f(); Wrap lines at 80 characters like so: @@ -136,6 +136,23 @@ Include a space after commas between parameters: // Bad long f(int,char *) +Values set by ``#define`` should be assigned the appropriate type. If you see +this: + +.. code-block:: c + + #define SOME_INTEGER_LITERAL 0x0; + #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U; + #define SOME_STRING_LITERAL "hello"; + +...it should be added to the bindings like so: + +.. code-block:: c + + static const int SOME_INTEGER_LITERAL; + static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL; + static const char *const SOME_STRING_LITERAL; + Documentation ------------- @@ -4,3 +4,4 @@ markers = hmac: this test requires a backend providing HMACBackend cipher: this test requires a backend providing CipherBackend hash: this test requires a backend providing HashBackend + supported: parametrized test requiring only_if and skip_message diff --git a/tests/conftest.py b/tests/conftest.py index e059b630..0ddc3338 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface +from .utils import check_for_iface, check_backend_support def pytest_generate_tests(metafunc): @@ -19,3 +19,4 @@ def pytest_runtest_setup(item): check_for_iface("hmac", HMACBackend, item) check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) + check_backend_support(item) diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 439ca258..581c47eb 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -28,6 +28,12 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", +) @pytest.mark.cipher class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( @@ -42,10 +48,6 @@ class TestTripleDES_CBC(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) - ), - skip_message="Does not support TripleDES CBC", ) test_MMT = generate_encrypt_test( @@ -60,13 +62,15 @@ class TestTripleDES_CBC(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) - ), - skip_message="Does not support TripleDES CBC", ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", +) @pytest.mark.cipher class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( @@ -81,10 +85,6 @@ class TestTripleDES_OFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) - ), - skip_message="Does not support TripleDES OFB", ) test_MMT = generate_encrypt_test( @@ -99,13 +99,15 @@ class TestTripleDES_OFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) - ), - skip_message="Does not support TripleDES OFB", ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", +) @pytest.mark.cipher class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( @@ -120,10 +122,6 @@ class TestTripleDES_CFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) - ), - skip_message="Does not support TripleDES CFB", ) test_MMT = generate_encrypt_test( @@ -138,8 +136,4 @@ class TestTripleDES_CFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) - ), - skip_message="Does not support TripleDES CFB", ) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index e9ef3853..8cba8c66 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -26,8 +26,14 @@ from ...utils import ( ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", +) @pytest.mark.cipher -class TestAES(object): +class TestAES_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CBC"), @@ -50,12 +56,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) - ), - skip_message="Does not support AES CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.ECB() + ), + skip_message="Does not support AES ECB", +) +@pytest.mark.cipher +class TestAES_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "ECB"), @@ -78,12 +89,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.ECB() - ), - skip_message="Does not support AES ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support AES OFB", +) +@pytest.mark.cipher +class TestAES_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "OFB"), @@ -106,12 +122,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) - ), - skip_message="Does not support AES OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support AES CFB", +) +@pytest.mark.cipher +class TestAES_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CFB"), @@ -134,24 +155,34 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) - ), - skip_message="Does not support AES CFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) + ), + skip_message="Does not support AES CTR", +) +@pytest.mark.cipher +class TestAES_CTR(object): test_CTR = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "AES", "CTR"), ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) - ), - skip_message="Does not support AES CTR", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) +@pytest.mark.cipher +class TestAES_GCM(object): test_GCM = generate_aead_test( load_nist_vectors, os.path.join("ciphers", "AES", "GCM"), @@ -165,8 +196,4 @@ class TestAES(object): ], lambda key: algorithms.AES(key), lambda iv, tag: modes.GCM(iv, tag), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index f2e2452c..33f7ff09 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -24,6 +24,12 @@ from .utils import generate_stream_encryption_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.ARC4("\x00" * 16), None + ), + skip_message="Does not support ARC4", +) @pytest.mark.cipher class TestARC4(object): test_rfc = generate_stream_encryption_test( @@ -39,8 +45,4 @@ class TestARC4(object): "rfc-6229-256.txt", ], lambda key, **kwargs: algorithms.ARC4(binascii.unhexlify(key)), - only_if=lambda backend: backend.cipher_supported( - algorithms.ARC4("\x00" * 16), None - ), - skip_message="Does not support ARC4", ) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 22a7c02f..30cf1d60 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -136,21 +136,19 @@ class TestCipherContext(object): decryptor.finalize() +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) @pytest.mark.cipher class TestAEADCipherContext(object): test_aead_exceptions = generate_aead_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) test_aead_tag_exceptions = generate_aead_tag_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index 79ceabe7..18512a6e 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -24,52 +24,69 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.ECB() + ), + skip_message="Does not support Blowfish ECB", +) @pytest.mark.cipher -class TestBlowfish(object): +class TestBlowfish_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ecb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.ECB() - ), - skip_message="Does not support Blowfish ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) + ), + skip_message="Does not support Blowfish CBC", +) +@pytest.mark.cipher +class TestBlowfish_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cbc.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) - ), - skip_message="Does not support Blowfish CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) + ), + skip_message="Does not support Blowfish OFB", +) +@pytest.mark.cipher +class TestBlowfish_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ofb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) - ), - skip_message="Does not support Blowfish OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) + ), + skip_message="Does not support Blowfish CFB", +) +@pytest.mark.cipher +class TestBlowfish_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cfb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) - ), - skip_message="Does not support Blowfish CFB", ) diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index c376220e..7c56f6f9 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -26,8 +26,14 @@ from ...utils import ( ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.ECB() + ), + skip_message="Does not support Camellia ECB", +) @pytest.mark.cipher -class TestCamellia(object): +class TestCamellia_ECB(object): test_ECB = generate_encrypt_test( load_cryptrec_vectors, os.path.join("ciphers", "Camellia"), @@ -38,44 +44,55 @@ class TestCamellia(object): ], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.ECB() - ), - skip_message="Does not support Camellia ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support Camellia CBC", +) +@pytest.mark.cipher +class TestCamellia_CBC(object): test_CBC = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cbc.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) - ), - skip_message="Does not support Camellia CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support Camellia OFB", +) +@pytest.mark.cipher +class TestCamellia_OFB(object): test_OFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-ofb.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) - ), - skip_message="Does not support Camellia OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support Camellia CFB", +) +@pytest.mark.cipher +class TestCamellia_CFB(object): test_CFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cfb.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) - ), - skip_message="Does not support Camellia CFB", ) diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index a4789c65..d65a86b2 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -24,6 +24,12 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.CAST5("\x00" * 16), modes.ECB() + ), + skip_message="Does not support CAST5 ECB", +) @pytest.mark.cipher class TestCAST5(object): test_ECB = generate_encrypt_test( @@ -32,8 +38,4 @@ class TestCAST5(object): ["cast5-ecb.txt"], lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.CAST5("\x00" * 16), modes.ECB() - ), - skip_message="Does not support CAST5 ECB", ) diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index d9febea9..13ffc3fd 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -23,6 +23,10 @@ from .utils import generate_hash_test, generate_long_string_hash_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_hash_test( @@ -33,11 +37,13 @@ class TestSHA1(object): "SHA1ShortMsg.rsp", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) @pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_hash_test( @@ -48,11 +54,13 @@ class TestSHA224(object): "SHA224ShortMsg.rsp", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) @pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_hash_test( @@ -63,11 +71,13 @@ class TestSHA256(object): "SHA256ShortMsg.rsp", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) @pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_hash_test( @@ -78,11 +88,13 @@ class TestSHA384(object): "SHA384ShortMsg.rsp", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) @pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_hash_test( @@ -93,11 +105,13 @@ class TestSHA512(object): "SHA512ShortMsg.rsp", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( @@ -107,18 +121,18 @@ class TestRIPEMD160(object): "ripevectors.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) test_RIPEMD160_long_string = generate_long_string_hash_test( hashes.RIPEMD160(), "52783243c1697bdbe16d37f97f68f08325dc1528", - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) @pytest.mark.hash class TestWhirlpool(object): test_whirlpool = generate_hash_test( @@ -128,8 +142,6 @@ class TestWhirlpool(object): "iso-test-vectors.txt", ], hashes.Whirlpool(), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) test_whirlpool_long_string = generate_long_string_hash_test( @@ -137,11 +149,13 @@ class TestWhirlpool(object): ("0c99005beb57eff50a7cf005560ddf5d29057fd86b2" "0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b" "66c34ff9ad8c6008ad677f77126953b226e4ed8b01"), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hash class TestMD5(object): test_md5 = generate_hash_test( @@ -151,6 +165,4 @@ class TestMD5(object): "rfc-1321.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 45faaab2..c907ef61 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -69,89 +69,105 @@ class TestHashContext(object): hashes.Hash(UnsupportedDummyHash(), backend) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) @pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_base_hash_test( hashes.SHA224(), digest_size=28, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) @pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_base_hash_test( hashes.SHA256(), digest_size=32, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) @pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_base_hash_test( hashes.SHA384(), digest_size=48, block_size=128, - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) @pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_base_hash_test( hashes.SHA512(), digest_size=64, block_size=128, - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_base_hash_test( hashes.RIPEMD160(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) @pytest.mark.hash class TestWhirlpool(object): test_Whirlpool = generate_base_hash_test( hashes.Whirlpool(), digest_size=64, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hash class TestMD5(object): test_MD5 = generate_base_hash_test( hashes.MD5(), digest_size=16, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 7acb78b7..04913af6 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -33,14 +33,19 @@ class UnsupportedDummyHash(object): name = "unsupported-dummy-hash" +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hmac -class TestHMAC(object): +class TestHMACCopy(object): test_copy = generate_base_hmac_test( hashes.MD5(), - only_if=lambda backend: backend.hmac_supported(hashes.MD5), - skip_message="Does not support MD5", ) + +@pytest.mark.hmac +class TestHMAC(object): def test_hmac_reject_unicode(self, backend): h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) with pytest.raises(TypeError): diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 9bc06a2e..c5644459 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -21,6 +21,10 @@ from .utils import generate_hmac_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hmac class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( @@ -30,11 +34,13 @@ class TestHMAC_MD5(object): "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hmac_supported(hashes.MD5), - skip_message="Does not support MD5", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hmac class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( @@ -44,11 +50,13 @@ class TestHMAC_SHA1(object): "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) @pytest.mark.hmac class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( @@ -58,11 +66,13 @@ class TestHMAC_SHA224(object): "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) @pytest.mark.hmac class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( @@ -72,11 +82,13 @@ class TestHMAC_SHA256(object): "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) @pytest.mark.hmac class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( @@ -86,11 +98,13 @@ class TestHMAC_SHA384(object): "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) @pytest.mark.hmac class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( @@ -100,11 +114,13 @@ class TestHMAC_SHA512(object): "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hmac class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( @@ -114,6 +130,4 @@ class TestHMAC_RIPEMD160(object): "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py deleted file mode 100644 index c39364c7..00000000 --- a/tests/hazmat/primitives/test_utils.py +++ /dev/null @@ -1,117 +0,0 @@ -import pytest - -from .utils import ( - base_hash_test, encrypt_test, hash_test, long_string_hash_test, - base_hmac_test, hmac_test, stream_encryption_test, aead_test, - aead_exception_test, aead_tag_exception_test, -) - - -class TestEncryptTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - encrypt_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTagExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_tag_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hash_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestLongHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - long_string_hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hmac_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hmac_test( - None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestStreamEncryptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - stream_encryption_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index e0184777..cdcf84cb 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -22,27 +22,17 @@ def _load_all_params(path, file_names, param_loader): def generate_encrypt_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if, skip_message=None): + mode_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_encryption(self, backend, params): - encrypt_test( - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + encrypt_test(backend, cipher_factory, mode_factory, params) return test_encryption -def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def encrypt_test(backend, cipher_factory, mode_factory, params): plaintext = params["plaintext"] ciphertext = params["ciphertext"] cipher = Cipher( @@ -61,27 +51,17 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, def generate_aead_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if, skip_message): + mode_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_aead(self, backend, params): - aead_test( - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + aead_test(backend, cipher_factory, mode_factory, params) return test_aead -def aead_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_test(backend, cipher_factory, mode_factory, params): if params.get("pt") is not None: plaintext = params["pt"] ciphertext = params["ct"] @@ -124,26 +104,16 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, def generate_stream_encryption_test(param_loader, path, file_names, - cipher_factory, only_if=None, - skip_message=None): + cipher_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_stream_encryption(self, backend, params): - stream_encryption_test( - backend, - cipher_factory, - params, - only_if, - skip_message - ) + stream_encryption_test(backend, cipher_factory, params) return test_stream_encryption -def stream_encryption_test(backend, cipher_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def stream_encryption_test(backend, cipher_factory, params): plaintext = params["plaintext"] ciphertext = params["ciphertext"] offset = params["offset"] @@ -161,25 +131,16 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, assert actual_plaintext == binascii.unhexlify(plaintext) -def generate_hash_test(param_loader, path, file_names, hash_cls, - only_if=None, skip_message=None): +def generate_hash_test(param_loader, path, file_names, hash_cls): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_hash(self, backend, params): - hash_test( - backend, - hash_cls, - params, - only_if, - skip_message - ) + hash_test(backend, hash_cls, params) return test_hash -def hash_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hash_test(backend, algorithm, params): msg = params[0] md = params[1] m = hashes.Hash(algorithm, backend=backend) @@ -188,25 +149,13 @@ def hash_test(backend, algorithm, params, only_if, skip_message): assert m.finalize() == binascii.unhexlify(expected_md) -def generate_base_hash_test(algorithm, digest_size, block_size, - only_if=None, skip_message=None): +def generate_base_hash_test(algorithm, digest_size, block_size): def test_base_hash(self, backend): - base_hash_test( - backend, - algorithm, - digest_size, - block_size, - only_if, - skip_message, - ) + base_hash_test(backend, algorithm, digest_size, block_size) return test_base_hash -def base_hash_test(backend, algorithm, digest_size, block_size, only_if, - skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - +def base_hash_test(backend, algorithm, digest_size, block_size): m = hashes.Hash(algorithm, backend=backend) assert m.algorithm.digest_size == digest_size assert m.algorithm.block_size == block_size @@ -221,46 +170,42 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, assert copy.finalize() == m.finalize() -def generate_long_string_hash_test(hash_factory, md, only_if=None, - skip_message=None): +def generate_long_string_hash_test(hash_factory, md): def test_long_string_hash(self, backend): - long_string_hash_test( - backend, - hash_factory, - md, - only_if, - skip_message - ) + long_string_hash_test(backend, hash_factory, md) return test_long_string_hash -def long_string_hash_test(backend, algorithm, md, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def long_string_hash_test(backend, algorithm, md): m = hashes.Hash(algorithm, backend=backend) m.update(b"a" * 1000000) assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) -def generate_hmac_test(param_loader, path, file_names, algorithm, - only_if=None, skip_message=None): +def generate_base_hmac_test(hash_cls): + def test_base_hmac(self, backend): + base_hmac_test(backend, hash_cls) + return test_base_hmac + + +def base_hmac_test(backend, algorithm): + key = b"ab" + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) + h_copy = h.copy() + assert h != h_copy + assert h._ctx != h_copy._ctx + + +def generate_hmac_test(param_loader, path, file_names, algorithm): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_hmac(self, backend, params): - hmac_test( - backend, - algorithm, - params, - only_if, - skip_message - ) + hmac_test(backend, algorithm, params) return test_hmac -def hmac_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hmac_test(backend, algorithm, params): msg = params[0] md = params[1] key = params[2] @@ -269,44 +214,13 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): assert h.finalize() == binascii.unhexlify(md.encode("ascii")) -def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None): - def test_base_hmac(self, backend): - base_hmac_test( - backend, - hash_cls, - only_if, - skip_message, - ) - return test_base_hmac - - -def base_hmac_test(backend, algorithm, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) - h_copy = h.copy() - assert h != h_copy - assert h._ctx != h_copy._ctx - - -def generate_aead_exception_test(cipher_factory, mode_factory, - only_if, skip_message): +def generate_aead_exception_test(cipher_factory, mode_factory): def test_aead_exception(self, backend): - aead_exception_test( - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + aead_exception_test(backend, cipher_factory, mode_factory) return test_aead_exception -def aead_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), @@ -336,23 +250,13 @@ def aead_exception_test(backend, cipher_factory, mode_factory, decryptor.tag -def generate_aead_tag_exception_test(cipher_factory, mode_factory, - only_if, skip_message): +def generate_aead_tag_exception_test(cipher_factory, mode_factory): def test_aead_tag_exception(self, backend): - aead_tag_exception_test( - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + aead_tag_exception_test(backend, cipher_factory, mode_factory) return test_aead_tag_exception -def aead_tag_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_tag_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), diff --git a/tests/test_utils.py b/tests/test_utils.py index a65091ff..c640367e 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -20,7 +20,8 @@ import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_openssl_vectors, load_hash_vectors, check_for_iface + load_openssl_vectors, load_hash_vectors, check_for_iface, + check_backend_support ) @@ -41,6 +42,36 @@ def test_check_for_iface(): check_for_iface("fake_name", FakeInterface, item) +def test_check_backend_support_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_backend_support(item) + assert exc_info.value.args[0] == "Nope" + + +def test_check_backend_support_no_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + assert check_backend_support(item) is None + + +def test_check_backend_support_no_backend(): + supported = pretend.stub( + kwargs={"only_if": "notalambda", "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={}) + with pytest.raises(ValueError): + check_backend_support(item) + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 82021a5f..beb2ca5d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -24,6 +24,16 @@ def check_for_iface(name, iface, item): )) +def check_backend_support(item): + supported = item.keywords.get("supported") + if supported and "backend" in item.funcargs: + if not supported.kwargs["only_if"](item.funcargs["backend"]): + pytest.skip(supported.kwargs["skip_message"]) + elif supported: + raise ValueError("This mark is only available on methods that take a " + "backend") + + def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", |