add new security framework bindings

3 files changed, 278 insertions, 0 deletions

diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index 144bb099..7b222839 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -25,10 +25,12 @@ class Binding(object):
     """
     _module_prefix = "cryptography.hazmat.bindings.commoncrypto."
     _modules = [
+        "cf",
         "common_digest",
         "common_hmac",
         "common_key_derivation",
         "common_cryptor",
+        "security",
     ]
 
     ffi = None
diff --git a/cryptography/hazmat/bindings/commoncrypto/cf.py b/cryptography/hazmat/bindings/commoncrypto/cf.py
new file mode 100644
index 00000000..671963a3
--- /dev/null
+++ b/cryptography/hazmat/bindings/commoncrypto/cf.py
@@ -0,0 +1,114 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CoreFoundation/CoreFoundation.h>
+"""
+
+TYPES = """
+typedef bool Boolean;
+typedef signed long OSStatus;
+typedef unsigned char UInt8;
+typedef uint32_t UInt32;
+
+typedef const void * CFAllocatorRef;
+const CFAllocatorRef kCFAllocatorDefault;
+typedef const void * CFDataRef;
+typedef signed long long CFIndex;
+typedef ... *CFStringRef;
+typedef ... *CFArrayRef;
+typedef ... *CFBooleanRef;
+typedef ... *CFErrorRef;
+typedef ... *CFNumberRef;
+typedef ... *CFTypeRef;
+typedef ... *CFDictionaryRef;
+typedef ... *CFMutableDictionaryRef;
+typedef struct {
+    ...;
+} CFDictionaryKeyCallBacks;
+typedef struct {
+    ...;
+} CFDictionaryValueCallBacks;
+typedef struct {
+    ...;
+} CFRange;
+
+typedef UInt32 CFStringEncoding;
+enum {
+    kCFStringEncodingASCII = 0x0600
+};
+
+enum {
+   kCFNumberSInt8Type = 1,
+   kCFNumberSInt16Type = 2,
+   kCFNumberSInt32Type = 3,
+   kCFNumberSInt64Type = 4,
+   kCFNumberFloat32Type = 5,
+   kCFNumberFloat64Type = 6,
+   kCFNumberCharType = 7,
+   kCFNumberShortType = 8,
+   kCFNumberIntType = 9,
+   kCFNumberLongType = 10,
+   kCFNumberLongLongType = 11,
+   kCFNumberFloatType = 12,
+   kCFNumberDoubleType = 13,
+   kCFNumberCFIndexType = 14,
+   kCFNumberNSIntegerType = 15,
+   kCFNumberCGFloatType = 16,
+   kCFNumberMaxType = 16
+};
+typedef int CFNumberType;
+
+const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks;
+const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks;
+
+const CFBooleanRef kCFBooleanTrue;
+const CFBooleanRef kCFBooleanFalse;
+"""
+
+FUNCTIONS = """
+CFDataRef CFDataCreate(CFAllocatorRef, const UInt8 *, CFIndex);
+CFStringRef CFStringCreateWithCString(CFAllocatorRef, const char *,
+                                      CFStringEncoding);
+CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void **,
+                                   const void **, CFIndex,
+                                   const CFDictionaryKeyCallBacks *,
+                                   const CFDictionaryValueCallBacks *);
+CFMutableDictionaryRef CFDictionaryCreateMutable(
+    CFAllocatorRef,
+    CFIndex,
+    const CFDictionaryKeyCallBacks *,
+    const CFDictionaryValueCallBacks *
+);
+void CFDictionarySetValue(CFMutableDictionaryRef, const void *, const void *);
+CFIndex CFArrayGetCount(CFArrayRef);
+const void *CFArrayGetValueAtIndex(CFArrayRef, CFIndex);
+CFIndex CFDataGetLength(CFDataRef);
+void CFDataGetBytes(CFDataRef, CFRange, UInt8 *);
+CFRange CFRangeMake(CFIndex, CFIndex);
+void CFShow(CFTypeRef);
+Boolean CFBooleanGetValue(CFBooleanRef);
+CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void *);
+void CFRelease(CFTypeRef);
+CFTypeRef CFRetain(CFTypeRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
+
+CONDITIONAL_NAMES = {}
diff --git a/cryptography/hazmat/bindings/commoncrypto/security.py b/cryptography/hazmat/bindings/commoncrypto/security.py
new file mode 100644
index 00000000..3c27c641
--- /dev/null
+++ b/cryptography/hazmat/bindings/commoncrypto/security.py
@@ -0,0 +1,162 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/Security.h>
+#include <Security/SecKey.h>
+#include <Security/SecEncryptTransform.h>
+"""
+
+TYPES = """
+typedef ... *SecKeyRef;
+typedef ... *SecKeychainRef;
+typedef ... *SecAccessRef;
+typedef ... *SecTransformRef;
+typedef uint32_t SecPadding;
+
+CFStringRef kSecImportExportPassphrase;
+CFStringRef kSecImportExportKeychain;
+CFStringRef kSecImportExportAccess;
+
+enum {
+    kSecPaddingNone = 0,
+    kSecPaddingPKCS1 = 1,
+    /* The following perform ASN.1 + PKCS1 padding */
+    kSecPaddingPKCS1SHA1 = 0x8002,
+};
+
+typedef uint32_t SecExternalItemType;
+enum {
+    kSecItemTypeUnknown,
+    kSecItemTypePrivateKey,
+    kSecItemTypePublicKey,
+    kSecItemTypeSessionKey,
+    kSecItemTypeCertificate,
+    kSecItemTypeAggregate
+};
+
+
+typedef uint32_t SecExternalFormat; // SecImportExport.h
+enum {
+    kSecFormatUnknown = 0,
+    kSecFormatOpenSSL,
+    kSecFormatSSH,
+    kSecFormatBSAFE,
+    kSecFormatRawKey,
+    kSecFormatWrappedPKCS8,
+    kSecFormatWrappedOpenSSL,
+    kSecFormatWrappedSSH,
+    kSecFormatWrappedLSH,
+    kSecFormatX509Cert,
+    kSecFormatPEMSequence,
+    kSecFormatPKCS7,
+    kSecFormatPKCS12,
+    kSecFormatNetscapeCertSequence,
+    kSecFormatSSHv2
+};
+
+typedef uint32_t SecItemImportExportFlags;
+enum {
+    kSecKeyImportOnlyOne        = 0x00000001,
+    kSecKeySecurePassphrase     = 0x00000002,
+    kSecKeyNoAccessControl      = 0x00000004
+};
+typedef uint32_t SecKeyImportExportFlags;
+
+typedef struct {
+    /* for import and export */
+    uint32_t version;
+    SecKeyImportExportFlags  flags;
+    CFTypeRef                passphrase;
+    CFStringRef              alertTitle;
+    CFStringRef              alertPrompt;
+
+    /* for import only */
+    SecAccessRef             accessRef;
+    CFArrayRef               keyUsage;
+
+    CFArrayRef               keyAttributes;
+} SecItemImportExportKeyParameters;
+
+CFStringRef kSecEncryptionMode;
+CFStringRef kSecEncryptKey;
+CFStringRef kSecIVKey;
+CFStringRef kSecModeCBCKey;
+CFStringRef kSecModeCFBKey;
+CFStringRef kSecModeECBKey;
+CFStringRef kSecModeNoneKey;
+CFStringRef kSecModeOFBKey;
+CFStringRef kSecOAEPEncodingParametersAttributeName;
+CFStringRef kSecPaddingKey;
+CFStringRef kSecPaddingNoneKey;
+CFStringRef kSecPaddingOAEPKey;
+CFStringRef kSecPaddingPKCS1Key;
+CFStringRef kSecPaddingPKCS5Key;
+CFStringRef kSecPaddingPKCS7Key;
+
+const CFStringRef kSecTransformInputAttributeName;
+const CFStringRef kSecTransformOutputAttributeName;
+const CFStringRef kSecTransformDebugAttributeName;
+const CFStringRef kSecTransformTransformName;
+const CFStringRef kSecTransformAbortAttributeName;
+
+CFStringRef kSecInputIsAttributeName;
+CFStringRef kSecInputIsPlainText;
+CFStringRef kSecInputIsDigest;
+CFStringRef kSecInputIsRaw;
+
+const CFStringRef kSecDigestTypeAttribute;
+const CFStringRef kSecDigestLengthAttribute;
+const CFStringRef kSecDigestMD5;
+const CFStringRef kSecDigestSHA1;
+const CFStringRef kSecDigestSHA2;
+
+const CFTypeRef kSecAttrKeyType;
+const CFTypeRef kSecAttrKeySizeInBits;
+const CFTypeRef kSecAttrIsPermanent;
+const CFTypeRef kSecAttrKeyTypeRSA;
+const CFTypeRef kSecAttrKeyTypeDSA;
+const CFTypeRef kSecAttrKeyTypeEC;
+const CFTypeRef kSecAttrKeyTypeEC;
+const CFTypeRef kSecUseKeychain;
+"""
+
+FUNCTIONS = """
+OSStatus SecItemImport(CFDataRef, CFStringRef, SecExternalFormat *,
+                       SecExternalItemType *, SecItemImportExportFlags,
+                       const SecItemImportExportKeyParameters *,
+                       SecKeychainRef, CFArrayRef *);
+OSStatus SecPKCS12Import(CFDataRef, CFDictionaryRef, CFArrayRef *);
+
+Boolean SecTransformSetAttribute(SecTransformRef, CFStringRef, CFTypeRef,
+                                 CFErrorRef *);
+SecTransformRef SecDecryptTransformCreate(SecKeyRef, CFErrorRef *);
+SecTransformRef SecEncryptTransformCreate(SecKeyRef, CFErrorRef *);
+SecTransformRef SecVerifyTransformCreate(SecKeyRef, CFDataRef, CFErrorRef *);
+SecTransformRef SecSignTransformCreate(SecKeyRef, CFErrorRef *) ;
+CFTypeRef SecTransformExecute(SecTransformRef, CFErrorRef *);
+OSStatus SecKeychainCreate(const char *, UInt32, const void *, Boolean,
+                           SecAccessRef, SecKeychainRef *);
+OSStatus SecKeychainDelete(SecKeychainRef);
+OSStatus SecKeyGeneratePair(CFDictionaryRef, SecKeyRef *, SecKeyRef *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
+
+CONDITIONAL_NAMES = {}