diff options
| -rw-r--r-- | docs/development/test-vectors.rst | 2 | ||||
| -rw-r--r-- | docs/limitations.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/padding.py | 48 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/src/padding.c | 39 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/src/padding.h | 5 |
5 files changed, 53 insertions, 43 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 3c27b5dd..3d40a210 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -226,7 +226,7 @@ header format (substituting the correct information): .. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01 .. _`Specification repository`: https://github.com/fernet/spec .. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238 -.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200 +.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem .. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d .. _`enc-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem .. _`enc2-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem diff --git a/docs/limitations.rst b/docs/limitations.rst index ce61d893..0dfc49ca 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -16,4 +16,4 @@ Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not consider this a high risk for most users. .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx -.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources +.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py index 8ad64dec..6247f7b5 100644 --- a/src/cryptography/hazmat/primitives/padding.py +++ b/src/cryptography/hazmat/primitives/padding.py @@ -6,6 +6,8 @@ from __future__ import absolute_import, division, print_function import abc +import os + import six from cryptography import utils @@ -13,47 +15,11 @@ from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi -TYPES = """ -uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); -""" - -FUNCTIONS = """ -/* Returns the value of the input with the most-significant-bit copied to all - of the bits. */ -static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { - return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; -} - -/* This returns 0xFF if a < b else 0x00, but does so in a constant time - fashion */ -static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { - a -= b; - return Cryptography_DUPLICATE_MSB_TO_ALL(a); -} - -uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, - uint8_t block_len) { - uint8_t i; - uint8_t pad_size = data[block_len - 1]; - uint8_t mismatch = 0; - for (i = 0; i < block_len; i++) { - unsigned int mask = Cryptography_constant_time_lt(i, pad_size); - uint8_t b = data[block_len - 1 - i]; - mismatch |= (mask & (pad_size ^ b)); - } - - /* Check to make sure the pad_size was within the valid range. */ - mismatch |= ~Cryptography_constant_time_lt(0, pad_size); - mismatch |= Cryptography_constant_time_lt(block_len, pad_size); - - /* Make sure any bits set are copied to the lowest bit */ - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - /* Now check the low bit to see if it's set */ - return (mismatch & 1) == 0; -} -""" +with open(os.path.join(os.path.dirname(__file__), "src/padding.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/padding.c")) as f: + FUNCTIONS = f.read() _ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS) diff --git a/src/cryptography/hazmat/primitives/src/padding.c b/src/cryptography/hazmat/primitives/src/padding.c new file mode 100644 index 00000000..570bad9f --- /dev/null +++ b/src/cryptography/hazmat/primitives/src/padding.c @@ -0,0 +1,39 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this +// repository for complete details. + +/* Returns the value of the input with the most-significant-bit copied to all + of the bits. */ +static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { + return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; +} + +/* This returns 0xFF if a < b else 0x00, but does so in a constant time + fashion */ +static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { + a -= b; + return Cryptography_DUPLICATE_MSB_TO_ALL(a); +} + +uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, + uint8_t block_len) { + uint8_t i; + uint8_t pad_size = data[block_len - 1]; + uint8_t mismatch = 0; + for (i = 0; i < block_len; i++) { + unsigned int mask = Cryptography_constant_time_lt(i, pad_size); + uint8_t b = data[block_len - 1 - i]; + mismatch |= (mask & (pad_size ^ b)); + } + + /* Check to make sure the pad_size was within the valid range. */ + mismatch |= ~Cryptography_constant_time_lt(0, pad_size); + mismatch |= Cryptography_constant_time_lt(block_len, pad_size); + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/src/cryptography/hazmat/primitives/src/padding.h b/src/cryptography/hazmat/primitives/src/padding.h new file mode 100644 index 00000000..4d218b1a --- /dev/null +++ b/src/cryptography/hazmat/primitives/src/padding.h @@ -0,0 +1,5 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this +// repository for complete details. + +uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); |