Move the cryptography package into a src/ subdirectory

Due to differences in how py.test determines which module to ``import``
the test suite actually runs against the cryptography which is in the
*current* directory instead of the cryptography which is installed. The
problem essentially boils down to when there is a tests/__init__.py then
py.test adds the current directory to the front of the sys.path, causing
it to take precedence over the installed location.

This means that running the tests relies on the implicit compile
that CFFI does instead of testing against what people will actually
be runnning, which is the module compiled by setup.py.

5 files changed, 573 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/primitives/asymmetric/__init__.py b/src/cryptography/hazmat/primitives/asymmetric/__init__.py
new file mode 100644
index 00000000..2f420574
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/src/cryptography/hazmat/primitives/asymmetric/dsa.py b/src/cryptography/hazmat/primitives/asymmetric/dsa.py
new file mode 100644
index 00000000..83e01377
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -0,0 +1,108 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+
+
+def generate_parameters(key_size, backend):
+    return backend.generate_dsa_parameters(key_size)
+
+
+def generate_private_key(key_size, backend):
+    return backend.generate_dsa_private_key_and_parameters(key_size)
+
+
+def _check_dsa_parameters(parameters):
+    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
+        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
+    if utils.bit_length(parameters.q) not in [160, 256]:
+        raise ValueError("q must be exactly 160 or 256 bits long")
+
+    if not (1 < parameters.g < parameters.p):
+        raise ValueError("g, p don't satisfy 1 < g < p.")
+
+
+def _check_dsa_private_numbers(numbers):
+    parameters = numbers.public_numbers.parameter_numbers
+    _check_dsa_parameters(parameters)
+    if numbers.x <= 0 or numbers.x >= parameters.q:
+        raise ValueError("x must be > 0 and < q.")
+
+    if numbers.public_numbers.y != pow(parameters.g, numbers.x, parameters.p):
+        raise ValueError("y must be equal to (g ** x % p).")
+
+
+class DSAParameterNumbers(object):
+    def __init__(self, p, q, g):
+        if (
+            not isinstance(p, six.integer_types) or
+            not isinstance(q, six.integer_types) or
+            not isinstance(g, six.integer_types)
+        ):
+            raise TypeError(
+                "DSAParameterNumbers p, q, and g arguments must be integers."
+            )
+
+        self._p = p
+        self._q = q
+        self._g = g
+
+    p = utils.read_only_property("_p")
+    q = utils.read_only_property("_q")
+    g = utils.read_only_property("_g")
+
+    def parameters(self, backend):
+        return backend.load_dsa_parameter_numbers(self)
+
+
+class DSAPublicNumbers(object):
+    def __init__(self, y, parameter_numbers):
+        if not isinstance(y, six.integer_types):
+            raise TypeError("DSAPublicNumbers y argument must be an integer.")
+
+        if not isinstance(parameter_numbers, DSAParameterNumbers):
+            raise TypeError(
+                "parameter_numbers must be a DSAParameterNumbers instance."
+            )
+
+        self._y = y
+        self._parameter_numbers = parameter_numbers
+
+    y = utils.read_only_property("_y")
+    parameter_numbers = utils.read_only_property("_parameter_numbers")
+
+    def public_key(self, backend):
+        return backend.load_dsa_public_numbers(self)
+
+
+class DSAPrivateNumbers(object):
+    def __init__(self, x, public_numbers):
+        if not isinstance(x, six.integer_types):
+            raise TypeError("DSAPrivateNumbers x argument must be an integer.")
+
+        if not isinstance(public_numbers, DSAPublicNumbers):
+            raise TypeError(
+                "public_numbers must be a DSAPublicNumbers instance."
+            )
+        self._public_numbers = public_numbers
+        self._x = x
+
+    x = utils.read_only_property("_x")
+    public_numbers = utils.read_only_property("_public_numbers")
+
+    def private_key(self, backend):
+        return backend.load_dsa_private_numbers(self)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py
new file mode 100644
index 00000000..ced732fb
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -0,0 +1,195 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+from cryptography.hazmat.primitives import interfaces
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT571R1(object):
+    name = "sect571r1"
+    key_size = 571
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT409R1(object):
+    name = "sect409r1"
+    key_size = 409
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT283R1(object):
+    name = "sect283r1"
+    key_size = 283
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT233R1(object):
+    name = "sect233r1"
+    key_size = 233
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT163R2(object):
+    name = "sect163r2"
+    key_size = 163
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT571K1(object):
+    name = "sect571k1"
+    key_size = 571
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT409K1(object):
+    name = "sect409k1"
+    key_size = 409
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT283K1(object):
+    name = "sect283k1"
+    key_size = 283
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT233K1(object):
+    name = "sect233k1"
+    key_size = 233
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECT163K1(object):
+    name = "sect163k1"
+    key_size = 163
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECP521R1(object):
+    name = "secp521r1"
+    key_size = 521
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECP384R1(object):
+    name = "secp384r1"
+    key_size = 384
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECP256R1(object):
+    name = "secp256r1"
+    key_size = 256
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECP224R1(object):
+    name = "secp224r1"
+    key_size = 224
+
+
+@utils.register_interface(interfaces.EllipticCurve)
+class SECP192R1(object):
+    name = "secp192r1"
+    key_size = 192
+
+
+_CURVE_TYPES = {
+    "prime192v1": SECP192R1,
+    "prime256v1": SECP256R1,
+
+    "secp192r1": SECP192R1,
+    "secp224r1": SECP224R1,
+    "secp256r1": SECP256R1,
+    "secp384r1": SECP384R1,
+    "secp521r1": SECP521R1,
+
+    "sect163k1": SECT163K1,
+    "sect233k1": SECT233K1,
+    "sect283k1": SECT283K1,
+    "sect409k1": SECT409K1,
+    "sect571k1": SECT571K1,
+
+    "sect163r2": SECT163R2,
+    "sect233r1": SECT233R1,
+    "sect283r1": SECT283R1,
+    "sect409r1": SECT409R1,
+    "sect571r1": SECT571R1,
+}
+
+
+@utils.register_interface(interfaces.EllipticCurveSignatureAlgorithm)
+class ECDSA(object):
+    def __init__(self, algorithm):
+        self._algorithm = algorithm
+
+    algorithm = utils.read_only_property("_algorithm")
+
+
+def generate_private_key(curve, backend):
+    return backend.generate_elliptic_curve_private_key(curve)
+
+
+class EllipticCurvePublicNumbers(object):
+    def __init__(self, x, y, curve):
+        if (
+            not isinstance(x, six.integer_types) or
+            not isinstance(y, six.integer_types)
+        ):
+            raise TypeError("x and y must be integers.")
+
+        if not isinstance(curve, interfaces.EllipticCurve):
+            raise TypeError("curve must provide the EllipticCurve interface.")
+
+        self._y = y
+        self._x = x
+        self._curve = curve
+
+    def public_key(self, backend):
+        try:
+            return backend.load_elliptic_curve_public_numbers(self)
+        except AttributeError:
+            return backend.elliptic_curve_public_key_from_numbers(self)
+
+    curve = utils.read_only_property("_curve")
+    x = utils.read_only_property("_x")
+    y = utils.read_only_property("_y")
+
+
+class EllipticCurvePrivateNumbers(object):
+    def __init__(self, private_value, public_numbers):
+        if not isinstance(private_value, six.integer_types):
+            raise TypeError("private_value must be an integer.")
+
+        if not isinstance(public_numbers, EllipticCurvePublicNumbers):
+            raise TypeError(
+                "public_numbers must be an EllipticCurvePublicNumbers "
+                "instance."
+            )
+
+        self._private_value = private_value
+        self._public_numbers = public_numbers
+
+    def private_key(self, backend):
+        try:
+            return backend.load_elliptic_curve_private_numbers(self)
+        except AttributeError:
+            return backend.elliptic_curve_private_key_from_numbers(self)
+
+    private_value = utils.read_only_property("_private_value")
+    public_numbers = utils.read_only_property("_public_numbers")
diff --git a/src/cryptography/hazmat/primitives/asymmetric/padding.py b/src/cryptography/hazmat/primitives/asymmetric/padding.py
new file mode 100644
index 00000000..3967e065
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -0,0 +1,65 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+from cryptography.hazmat.primitives import interfaces
+
+
+@utils.register_interface(interfaces.AsymmetricPadding)
+class PKCS1v15(object):
+    name = "EMSA-PKCS1-v1_5"
+
+
+@utils.register_interface(interfaces.AsymmetricPadding)
+class PSS(object):
+    MAX_LENGTH = object()
+    name = "EMSA-PSS"
+
+    def __init__(self, mgf, salt_length):
+        self._mgf = mgf
+
+        if (not isinstance(salt_length, six.integer_types) and
+                salt_length is not self.MAX_LENGTH):
+            raise TypeError("salt_length must be an integer.")
+
+        if salt_length is not self.MAX_LENGTH and salt_length < 0:
+            raise ValueError("salt_length must be zero or greater.")
+
+        self._salt_length = salt_length
+
+
+@utils.register_interface(interfaces.AsymmetricPadding)
+class OAEP(object):
+    name = "EME-OAEP"
+
+    def __init__(self, mgf, algorithm, label):
+        if not isinstance(algorithm, interfaces.HashAlgorithm):
+            raise TypeError("Expected instance of interfaces.HashAlgorithm.")
+
+        self._mgf = mgf
+        self._algorithm = algorithm
+        self._label = label
+
+
+class MGF1(object):
+    MAX_LENGTH = object()
+
+    def __init__(self, algorithm):
+        if not isinstance(algorithm, interfaces.HashAlgorithm):
+            raise TypeError("Expected instance of interfaces.HashAlgorithm.")
+
+        self._algorithm = algorithm
diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
new file mode 100644
index 00000000..db38ed55
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -0,0 +1,191 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.backends.interfaces import RSABackend
+
+
+def generate_private_key(public_exponent, key_size, backend):
+    if not isinstance(backend, RSABackend):
+        raise UnsupportedAlgorithm(
+            "Backend object does not implement RSABackend.",
+            _Reasons.BACKEND_MISSING_INTERFACE
+        )
+
+    _verify_rsa_parameters(public_exponent, key_size)
+    return backend.generate_rsa_private_key(public_exponent, key_size)
+
+
+def _verify_rsa_parameters(public_exponent, key_size):
+    if public_exponent < 3:
+        raise ValueError("public_exponent must be >= 3.")
+
+    if public_exponent & 1 == 0:
+        raise ValueError("public_exponent must be odd.")
+
+    if key_size < 512:
+        raise ValueError("key_size must be at least 512-bits.")
+
+
+def _check_private_key_components(p, q, private_exponent, dmp1, dmq1, iqmp,
+                                  public_exponent, modulus):
+    if modulus < 3:
+        raise ValueError("modulus must be >= 3.")
+
+    if p >= modulus:
+        raise ValueError("p must be < modulus.")
+
+    if q >= modulus:
+        raise ValueError("q must be < modulus.")
+
+    if dmp1 >= modulus:
+        raise ValueError("dmp1 must be < modulus.")
+
+    if dmq1 >= modulus:
+        raise ValueError("dmq1 must be < modulus.")
+
+    if iqmp >= modulus:
+        raise ValueError("iqmp must be < modulus.")
+
+    if private_exponent >= modulus:
+        raise ValueError("private_exponent must be < modulus.")
+
+    if public_exponent < 3 or public_exponent >= modulus:
+        raise ValueError("public_exponent must be >= 3 and < modulus.")
+
+    if public_exponent & 1 == 0:
+        raise ValueError("public_exponent must be odd.")
+
+    if dmp1 & 1 == 0:
+        raise ValueError("dmp1 must be odd.")
+
+    if dmq1 & 1 == 0:
+        raise ValueError("dmq1 must be odd.")
+
+    if p * q != modulus:
+        raise ValueError("p*q must equal modulus.")
+
+
+def _check_public_key_components(e, n):
+    if n < 3:
+        raise ValueError("n must be >= 3.")
+
+    if e < 3 or e >= n:
+        raise ValueError("e must be >= 3 and < n.")
+
+    if e & 1 == 0:
+        raise ValueError("e must be odd.")
+
+
+def _modinv(e, m):
+    """
+    Modular Multiplicative Inverse. Returns x such that: (x*e) mod m == 1
+    """
+    x1, y1, x2, y2 = 1, 0, 0, 1
+    a, b = e, m
+    while b > 0:
+        q, r = divmod(a, b)
+        xn, yn = x1 - q * x2, y1 - q * y2
+        a, b, x1, y1, x2, y2 = b, r, x2, y2, xn, yn
+    return x1 % m
+
+
+def rsa_crt_iqmp(p, q):
+    """
+    Compute the CRT (q ** -1) % p value from RSA primes p and q.
+    """
+    return _modinv(q, p)
+
+
+def rsa_crt_dmp1(private_exponent, p):
+    """
+    Compute the CRT private_exponent % (p - 1) value from the RSA
+    private_exponent and p.
+    """
+    return private_exponent % (p - 1)
+
+
+def rsa_crt_dmq1(private_exponent, q):
+    """
+    Compute the CRT private_exponent % (q - 1) value from the RSA
+    private_exponent and q.
+    """
+    return private_exponent % (q - 1)
+
+
+class RSAPrivateNumbers(object):
+    def __init__(self, p, q, d, dmp1, dmq1, iqmp,
+                 public_numbers):
+        if (
+            not isinstance(p, six.integer_types) or
+            not isinstance(q, six.integer_types) or
+            not isinstance(d, six.integer_types) or
+            not isinstance(dmp1, six.integer_types) or
+            not isinstance(dmq1, six.integer_types) or
+            not isinstance(iqmp, six.integer_types)
+        ):
+            raise TypeError(
+                "RSAPrivateNumbers p, q, d, dmp1, dmq1, iqmp arguments must"
+                " all be an integers."
+            )
+
+        if not isinstance(public_numbers, RSAPublicNumbers):
+            raise TypeError(
+                "RSAPrivateNumbers public_numbers must be an RSAPublicNumbers"
+                " instance."
+            )
+
+        self._p = p
+        self._q = q
+        self._d = d
+        self._dmp1 = dmp1
+        self._dmq1 = dmq1
+        self._iqmp = iqmp
+        self._public_numbers = public_numbers
+
+    p = utils.read_only_property("_p")
+    q = utils.read_only_property("_q")
+    d = utils.read_only_property("_d")
+    dmp1 = utils.read_only_property("_dmp1")
+    dmq1 = utils.read_only_property("_dmq1")
+    iqmp = utils.read_only_property("_iqmp")
+    public_numbers = utils.read_only_property("_public_numbers")
+
+    def private_key(self, backend):
+        return backend.load_rsa_private_numbers(self)
+
+
+class RSAPublicNumbers(object):
+    def __init__(self, e, n):
+        if (
+            not isinstance(e, six.integer_types) or
+            not isinstance(n, six.integer_types)
+        ):
+            raise TypeError("RSAPublicNumbers arguments must be integers.")
+
+        self._e = e
+        self._n = n
+
+    e = utils.read_only_property("_e")
+    n = utils.read_only_property("_n")
+
+    def public_key(self, backend):
+        return backend.load_rsa_public_numbers(self)
+
+    def __repr__(self):
+        return "<RSAPublicNumbers(e={0}, n={1})>".format(self._e, self._n)