diff options
31 files changed, 278 insertions, 200 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c07ee8e5..8ca02d51 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,15 @@ Changelog * :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can now load elliptic curve public keys. +0.7.2 - 2015-01-16 +~~~~~~~~~~~~~~~~~~ + +* Updated Windows wheels to be compiled against OpenSSL 1.0.1l. +* ``enum34`` is no longer installed on Python 3.4, where it is included in + the standard library. +* Added a new function to the OpenSSL bindings to support additional + functionality in pyOpenSSL. + 0.7.1 - 2014-12-28 ~~~~~~~~~~~~~~~~~~ diff --git a/docs/conf.py b/docs/conf.py index fc16b38a..f674ebe8 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -69,7 +69,7 @@ master_doc = 'index' # General information about the project. project = 'Cryptography' -copyright = '2013-2014, Individual Contributors' +copyright = '2013-2015, Individual Contributors' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go index f735d989..cbc89a03 100644 --- a/docs/development/custom-vectors/cast5/verify_cast5.go +++ b/docs/development/custom-vectors/cast5/verify_cast5.go @@ -19,7 +19,7 @@ func unhexlify(s string) []byte { return bytes } -type VectorArgs struct { +type vectorArgs struct { count string key string iv string @@ -27,13 +27,13 @@ type VectorArgs struct { ciphertext string } -type VectorVerifier interface { - validate(count string, key, iv, plaintext, expected_ciphertext []byte) +type vectorVerifier interface { + validate(count string, key, iv, plaintext, expectedCiphertext []byte) } type ofbVerifier struct{} -func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { +func (o ofbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) { block, err := cast5.NewCipher(key) if err != nil { panic(err) @@ -43,17 +43,17 @@ func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphert stream := cipher.NewOFB(block, iv) stream.XORKeyStream(ciphertext, plaintext) - if !bytes.Equal(ciphertext, expected_ciphertext) { + if !bytes.Equal(ciphertext, expectedCiphertext) { panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", count, - hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(expectedCiphertext), hex.EncodeToString(ciphertext))) } } type cbcVerifier struct{} -func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { +func (o cbcVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) { block, err := cast5.NewCipher(key) if err != nil { panic(err) @@ -63,17 +63,17 @@ func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphert mode := cipher.NewCBCEncrypter(block, iv) mode.CryptBlocks(ciphertext, plaintext) - if !bytes.Equal(ciphertext, expected_ciphertext) { + if !bytes.Equal(ciphertext, expectedCiphertext) { panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", count, - hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(expectedCiphertext), hex.EncodeToString(ciphertext))) } } type cfbVerifier struct{} -func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { +func (o cfbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) { block, err := cast5.NewCipher(key) if err != nil { panic(err) @@ -83,17 +83,17 @@ func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphert stream := cipher.NewCFBEncrypter(block, iv) stream.XORKeyStream(ciphertext, plaintext) - if !bytes.Equal(ciphertext, expected_ciphertext) { + if !bytes.Equal(ciphertext, expectedCiphertext) { panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", count, - hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(expectedCiphertext), hex.EncodeToString(ciphertext))) } } type ctrVerifier struct{} -func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { +func (o ctrVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) { block, err := cast5.NewCipher(key) if err != nil { panic(err) @@ -103,15 +103,15 @@ func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphert stream := cipher.NewCTR(block, iv) stream.XORKeyStream(ciphertext, plaintext) - if !bytes.Equal(ciphertext, expected_ciphertext) { + if !bytes.Equal(ciphertext, expectedCiphertext) { panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", count, - hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(expectedCiphertext), hex.EncodeToString(ciphertext))) } } -func validateVectors(verifier VectorVerifier, filename string) { +func validateVectors(verifier vectorVerifier, filename string) { vectors, err := os.Open(filename) if err != nil { panic(err) @@ -119,7 +119,7 @@ func validateVectors(verifier VectorVerifier, filename string) { defer vectors.Close() var segments []string - var vector *VectorArgs + var vector *vectorArgs scanner := bufio.NewScanner(vectors) for scanner.Scan() { @@ -134,7 +134,7 @@ func validateVectors(verifier VectorVerifier, filename string) { unhexlify(vector.plaintext), unhexlify(vector.ciphertext)) } - vector = &VectorArgs{count: segments[1]} + vector = &vectorArgs{count: segments[1]} case strings.ToUpper(segments[0]) == "IV": vector.iv = segments[1][:16] case strings.ToUpper(segments[0]) == "KEY": @@ -150,15 +150,15 @@ func validateVectors(verifier VectorVerifier, filename string) { func main() { validateVectors(ofbVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt") + "vectors/cryptography_vectors/ciphers/CAST5/cast5-ofb.txt") fmt.Println("OFB OK.") validateVectors(cfbVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt") + "vectors/cryptography_vectors/ciphers/CAST5/cast5-cfb.txt") fmt.Println("CFB OK.") validateVectors(cbcVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt") + "vectors/cryptography_vectors/ciphers/CAST5/cast5-cbc.txt") fmt.Println("CBC OK.") validateVectors(ctrVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ctr.txt") + "vectors/cryptography_vectors/ciphers/CAST5/cast5-ctr.txt") fmt.Println("CTR OK.") } diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index f59a3552..2edf1fbb 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -37,29 +37,40 @@ Asymmetric ciphers Custom Asymmetric Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~ -* ``asymmetric/PEM_Serialization/ec_private_key.pem`` - Contains an Elliptic +* ``asymmetric/PEM_Serialization/ec_private_key.pem`` and + ``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic Curve key generated by OpenSSL from the curve ``secp256r1``. -* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` - Contains the +* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` and + ``asymmetric/DER_Serialization/ec_private_key_encrypted.der``- Contains the same Elliptic Curve key as ``ec_private_key.pem``, except that it is encrypted with AES-128 with the password "123456". -* ``asymmetric/PEM_Serialization/ec_public_key.pem`` - Contains the public key +* ``asymmetric/PEM_Serialization/ec_public_key.pem`` and + ``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key corresponding to ``ec_private_key.pem``, generated using OpenSSL. * ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using OpenSSL, protected by the secret "123456" with DES3 encryption. -* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` - Contains an RSA 2048 +* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and + ``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048 bit public generated using OpenSSL from ``rsa_private_key.pem``. * ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL; contains no keys. * ``asymmetric/PEM_Serialization/dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret "123456" with DES3 encryption. -* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` - Contains a DSA 2048 bit +* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and + ``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit key generated using OpenSSL from ``dsa_private_key.pem``. -* ``asymmetric/PEM_Serialization/unenc-dsa-pkcs8.pem`` - Contains a DSA 1024 +* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and + ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024 bit key generated using OpenSSL. -* ``asymmetric/PEM_Serialization/unenc-dsa-pkcs8.pub.pem`` - Contains a DSA +* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem`` and + ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der`` - Contains a DSA 2048 bit public key generated using OpenSSL from ``unenc-dsa-pkcs8.pem``. +* DER conversions of the `GnuTLS example keys`_ for DSA as well as the + `OpenSSL example key`_ for RSA. +* DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and + `unenc-rsa-pkcs8.pem`_. X.509 diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 3d222684..8efe2ce9 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -299,7 +299,7 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: generate_dsa_parameters(key_size) :param int key_size: The length of the modulus in bits. It should be - either 1024, 2048 or 3072. For keys generated in 2014 this should + either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048. Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still @@ -327,7 +327,7 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: generate_dsa_private_key_and_parameters(key_size) :param int key_size: The length of the modulus in bits. It should be - either 1024, 2048 or 3072. For keys generated in 2014 this should + either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048. Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index df3c99fc..c2197d10 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -18,7 +18,7 @@ Generation generate a new set of parameters and key in one step. :param int key_size: The length of the modulus in bits. It should be - either 1024, 2048 or 3072. For keys generated in 2014 this should + either 1024, 2048 or 3072. For keys generated in 2015 this should be `at least 2048`_ (See page 41). Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the @@ -42,7 +42,7 @@ Generation Generate DSA parameters using the provided ``backend``. :param int key_size: The length of the modulus in bits. It should be - either 1024, 2048 or 3072. For keys generated in 2014 this should + either 1024, 2048 or 3072. For keys generated in 2015 this should be `at least 2048`_ (See page 41). Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 837059bd..fa72cced 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -39,7 +39,7 @@ mathematical properties`_. Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in doubt you should `use 65537`_. :param int key_size: The length of the modulus in bits. For keys - generated in 2014 it is strongly recommended to be + generated in 2015 it is strongly recommended to be `at least 2048`_ (See page 41). It must not be less than 512. Some backends may have additional limitations. :param backend: A backend which provides diff --git a/src/cryptography/hazmat/backends/__init__.py b/src/cryptography/hazmat/backends/__init__.py index 24c029f6..256fee39 100644 --- a/src/cryptography/hazmat/backends/__init__.py +++ b/src/cryptography/hazmat/backends/__init__.py @@ -17,8 +17,13 @@ def _available_backends(): if _available_backends_list is None: _available_backends_list = [ - backend.load(require=False) - for backend in pkg_resources.iter_entry_points( + # setuptools 11.3 deprecated support for the require parameter to + # load(), and introduced the new resolve() method instead. + # This can be removed if/when we can assume setuptools>=11.3. At + # some point we may wish to add a warning, to push people along, + # but at present this would result in too many warnings. + ep.resolve() if hasattr(ep, "resolve") else ep.load(require=False) + for ep in pkg_resources.iter_entry_points( "cryptography.backends" ) ] diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/cryptography/hazmat/bindings/openssl/evp.py index f00c2f0d..780ce900 100644 --- a/src/cryptography/hazmat/bindings/openssl/evp.py +++ b/src/cryptography/hazmat/bindings/openssl/evp.py @@ -119,6 +119,8 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *, const char *, int, const unsigned char *, int); int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *); + +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *); """ MACROS = """ diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index 91ae36ac..bf627139 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -302,6 +302,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); const SSL_CIPHER *SSL_get_current_cipher(const SSL *); +int SSL_version(const SSL *); /* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support * earlier versions some special handling of these is necessary. diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index f51b0e59..e30d23b7 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -71,6 +71,8 @@ typedef struct { typedef ... NETSCAPE_SPKI; +typedef ... PKCS8_PRIV_KEY_INFO; + static const int X509_FLAG_COMPAT; static const int X509_FLAG_NO_HEADER; static const int X509_FLAG_NO_VERSION; @@ -224,6 +226,9 @@ DSA *d2i_DSA_PUBKEY_bio(BIO *, DSA **); int i2d_DSA_PUBKEY_bio(BIO *, DSA *); DSA *d2i_DSAPrivateKey_bio(BIO *, DSA **); int i2d_DSAPrivateKey_bio(BIO *, DSA *); + +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *, + PKCS8_PRIV_KEY_INFO **); """ MACROS = """ diff --git a/src/cryptography/hazmat/primitives/interfaces/__init__.py b/src/cryptography/hazmat/primitives/interfaces/__init__.py index fd1b25f3..fb5ceeae 100644 --- a/src/cryptography/hazmat/primitives/interfaces/__init__.py +++ b/src/cryptography/hazmat/primitives/interfaces/__init__.py @@ -8,6 +8,15 @@ import abc import six +from cryptography.hazmat.primitives.interfaces.asymmetric.dsa import ( + DSAParameters, DSAParametersWithNumbers, DSAPrivateKey, + DSAPrivateKeyWithNumbers, DSAPublicKey, DSAPublicKeyWithNumbers +) +from cryptography.hazmat.primitives.interfaces.asymmetric.ec import ( + EllipticCurve, EllipticCurvePrivateKey, EllipticCurvePrivateKeyWithNumbers, + EllipticCurvePublicKey, EllipticCurvePublicKeyWithNumbers, + EllipticCurveSignatureAlgorithm +) from cryptography.hazmat.primitives.interfaces.ciphers import ( BlockCipherAlgorithm, CipherAlgorithm, Mode, ModeWithAuthenticationTag, ModeWithInitializationVector, ModeWithNonce @@ -16,6 +25,18 @@ from cryptography.hazmat.primitives.interfaces.ciphers import ( __all__ = [ "BlockCipherAlgorithm", "CipherAlgorithm", + "DSAParameters", + "DSAParametersWithNumbers", + "DSAPrivateKey", + "DSAPrivateKeyWithNumbers", + "DSAPublicKey", + "DSAPublicKeyWithNumbers", + "EllipticCurve", + "EllipticCurvePrivateKey", + "EllipticCurvePrivateKeyWithNumbers", + "EllipticCurvePublicKey", + "EllipticCurvePublicKeyWithNumbers", + "EllipticCurveSignatureAlgorithm", "Mode", "ModeWithAuthenticationTag", "ModeWithInitializationVector", @@ -188,90 +209,6 @@ class RSAPublicKeyWithNumbers(RSAPublicKey): @six.add_metaclass(abc.ABCMeta) -class DSAParameters(object): - @abc.abstractmethod - def generate_private_key(self): - """ - Generates and returns a DSAPrivateKey. - """ - - -@six.add_metaclass(abc.ABCMeta) -class DSAParametersWithNumbers(DSAParameters): - @abc.abstractmethod - def parameter_numbers(self): - """ - Returns a DSAParameterNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) -class DSAPrivateKey(object): - @abc.abstractproperty - def key_size(self): - """ - The bit length of the prime modulus. - """ - - @abc.abstractmethod - def public_key(self): - """ - The DSAPublicKey associated with this private key. - """ - - @abc.abstractmethod - def parameters(self): - """ - The DSAParameters object associated with this private key. - """ - - @abc.abstractmethod - def signer(self, signature_algorithm): - """ - Returns an AsymmetricSignatureContext used for signing data. - """ - - -@six.add_metaclass(abc.ABCMeta) -class DSAPrivateKeyWithNumbers(DSAPrivateKey): - @abc.abstractmethod - def private_numbers(self): - """ - Returns a DSAPrivateNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) -class DSAPublicKey(object): - @abc.abstractproperty - def key_size(self): - """ - The bit length of the prime modulus. - """ - - @abc.abstractmethod - def parameters(self): - """ - The DSAParameters object associated with this public key. - """ - - @abc.abstractmethod - def verifier(self, signature, signature_algorithm): - """ - Returns an AsymmetricVerificationContext used for signing data. - """ - - -@six.add_metaclass(abc.ABCMeta) -class DSAPublicKeyWithNumbers(DSAPublicKey): - @abc.abstractmethod - def public_numbers(self): - """ - Returns a DSAPublicNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) class AsymmetricSignatureContext(object): @abc.abstractmethod def update(self, data): @@ -329,84 +266,6 @@ class KeyDerivationFunction(object): @six.add_metaclass(abc.ABCMeta) -class EllipticCurve(object): - @abc.abstractproperty - def name(self): - """ - The name of the curve. e.g. secp256r1. - """ - - @abc.abstractproperty - def key_size(self): - """ - The bit length of the base point of the curve. - """ - - -@six.add_metaclass(abc.ABCMeta) -class EllipticCurveSignatureAlgorithm(object): - @abc.abstractproperty - def algorithm(self): - """ - The digest algorithm used with this signature. - """ - - -@six.add_metaclass(abc.ABCMeta) -class EllipticCurvePrivateKey(object): - @abc.abstractmethod - def signer(self, signature_algorithm): - """ - Returns an AsymmetricSignatureContext used for signing data. - """ - - @abc.abstractmethod - def public_key(self): - """ - The EllipticCurvePublicKey for this private key. - """ - - @abc.abstractproperty - def curve(self): - """ - The EllipticCurve that this key is on. - """ - - -@six.add_metaclass(abc.ABCMeta) -class EllipticCurvePrivateKeyWithNumbers(EllipticCurvePrivateKey): - @abc.abstractmethod - def private_numbers(self): - """ - Returns an EllipticCurvePrivateNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) -class EllipticCurvePublicKey(object): - @abc.abstractmethod - def verifier(self, signature, signature_algorithm): - """ - Returns an AsymmetricVerificationContext used for signing data. - """ - - @abc.abstractproperty - def curve(self): - """ - The EllipticCurve that this key is on. - """ - - -@six.add_metaclass(abc.ABCMeta) -class EllipticCurvePublicKeyWithNumbers(EllipticCurvePublicKey): - @abc.abstractmethod - def public_numbers(self): - """ - Returns an EllipticCurvePublicNumbers. - """ - - -@six.add_metaclass(abc.ABCMeta) class MACContext(object): @abc.abstractmethod def update(self, data): diff --git a/src/cryptography/hazmat/primitives/interfaces/asymmetric/__init__.py b/src/cryptography/hazmat/primitives/interfaces/asymmetric/__init__.py new file mode 100644 index 00000000..4b540884 --- /dev/null +++ b/src/cryptography/hazmat/primitives/interfaces/asymmetric/__init__.py @@ -0,0 +1,5 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function diff --git a/src/cryptography/hazmat/primitives/interfaces/asymmetric/dsa.py b/src/cryptography/hazmat/primitives/interfaces/asymmetric/dsa.py new file mode 100644 index 00000000..acfc8973 --- /dev/null +++ b/src/cryptography/hazmat/primitives/interfaces/asymmetric/dsa.py @@ -0,0 +1,93 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import abc + +import six + + +@six.add_metaclass(abc.ABCMeta) +class DSAParameters(object): + @abc.abstractmethod + def generate_private_key(self): + """ + Generates and returns a DSAPrivateKey. + """ + + +@six.add_metaclass(abc.ABCMeta) +class DSAParametersWithNumbers(DSAParameters): + @abc.abstractmethod + def parameter_numbers(self): + """ + Returns a DSAParameterNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) +class DSAPrivateKey(object): + @abc.abstractproperty + def key_size(self): + """ + The bit length of the prime modulus. + """ + + @abc.abstractmethod + def public_key(self): + """ + The DSAPublicKey associated with this private key. + """ + + @abc.abstractmethod + def parameters(self): + """ + The DSAParameters object associated with this private key. + """ + + @abc.abstractmethod + def signer(self, signature_algorithm): + """ + Returns an AsymmetricSignatureContext used for signing data. + """ + + +@six.add_metaclass(abc.ABCMeta) +class DSAPrivateKeyWithNumbers(DSAPrivateKey): + @abc.abstractmethod + def private_numbers(self): + """ + Returns a DSAPrivateNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) +class DSAPublicKey(object): + @abc.abstractproperty + def key_size(self): + """ + The bit length of the prime modulus. + """ + + @abc.abstractmethod + def parameters(self): + """ + The DSAParameters object associated with this public key. + """ + + @abc.abstractmethod + def verifier(self, signature, signature_algorithm): + """ + Returns an AsymmetricVerificationContext used for signing data. + """ + + +@six.add_metaclass(abc.ABCMeta) +class DSAPublicKeyWithNumbers(DSAPublicKey): + @abc.abstractmethod + def public_numbers(self): + """ + Returns a DSAPublicNumbers. + """ diff --git a/src/cryptography/hazmat/primitives/interfaces/asymmetric/ec.py b/src/cryptography/hazmat/primitives/interfaces/asymmetric/ec.py new file mode 100644 index 00000000..2a624576 --- /dev/null +++ b/src/cryptography/hazmat/primitives/interfaces/asymmetric/ec.py @@ -0,0 +1,87 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import abc + +import six + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurve(object): + @abc.abstractproperty + def name(self): + """ + The name of the curve. e.g. secp256r1. + """ + + @abc.abstractproperty + def key_size(self): + """ + The bit length of the base point of the curve. + """ + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurveSignatureAlgorithm(object): + @abc.abstractproperty + def algorithm(self): + """ + The digest algorithm used with this signature. + """ + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurvePrivateKey(object): + @abc.abstractmethod + def signer(self, signature_algorithm): + """ + Returns an AsymmetricSignatureContext used for signing data. + """ + + @abc.abstractmethod + def public_key(self): + """ + The EllipticCurvePublicKey for this private key. + """ + + @abc.abstractproperty + def curve(self): + """ + The EllipticCurve that this key is on. + """ + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurvePrivateKeyWithNumbers(EllipticCurvePrivateKey): + @abc.abstractmethod + def private_numbers(self): + """ + Returns an EllipticCurvePrivateNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurvePublicKey(object): + @abc.abstractmethod + def verifier(self, signature, signature_algorithm): + """ + Returns an AsymmetricVerificationContext used for signing data. + """ + + @abc.abstractproperty + def curve(self): + """ + The EllipticCurve that this key is on. + """ + + +@six.add_metaclass(abc.ABCMeta) +class EllipticCurvePublicKeyWithNumbers(EllipticCurvePublicKey): + @abc.abstractmethod + def public_numbers(self): + """ + Returns an EllipticCurvePublicNumbers. + """ diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 8f89232b..8cc81cdc 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -134,8 +134,9 @@ class TestOpenSSL(object): assert resp == expected_options assert b.lib.SSL_get_mode(ssl) == expected_options - def test_libraries(self): + def test_libraries(self, monkeypatch): assert _get_libraries("darwin") == ["ssl", "crypto"] + monkeypatch.setenv('PYCA_WINDOWS_LINK_TYPE', 'static') assert "ssleay32mt" in _get_libraries("win32") def test_windows_static_dynamic_libraries(self): diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.1024.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.1024.der Binary files differnew file mode 100644 index 00000000..8c08b450 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.1024.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.2048.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.2048.der Binary files differnew file mode 100644 index 00000000..6c65a6c0 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.2048.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.3072.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.3072.der Binary files differnew file mode 100644 index 00000000..627b9978 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa.3072.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key.der Binary files differnew file mode 100644 index 00000000..013a42f3 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key.der Binary files differnew file mode 100644 index 00000000..1e5491f4 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key_encrypted.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key_encrypted.der Binary files differnew file mode 100644 index 00000000..2798743c --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_private_key_encrypted.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_public_key.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_public_key.der Binary files differnew file mode 100644 index 00000000..628ae2b2 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/ec_public_key.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc-rsa-pkcs8.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc-rsa-pkcs8.der Binary files differnew file mode 100644 index 00000000..7c513b8e --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc-rsa-pkcs8.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc2-rsa-pkcs8.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc2-rsa-pkcs8.der Binary files differnew file mode 100644 index 00000000..f80a70fd --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/enc2-rsa-pkcs8.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/rsa_public_key.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/rsa_public_key.der Binary files differnew file mode 100644 index 00000000..1b55deb2 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/rsa_public_key.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/testrsa.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/testrsa.der Binary files differnew file mode 100644 index 00000000..79cc1cec --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/testrsa.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.der Binary files differnew file mode 100644 index 00000000..678a1d27 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der Binary files differnew file mode 100644 index 00000000..4038c7e6 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.der Binary files differnew file mode 100644 index 00000000..bb7a38cf --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.der diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.pub.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.pub.der Binary files differnew file mode 100644 index 00000000..b4b6bbd0 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/unenc-rsa-pkcs8.pub.der |