diff options
115 files changed, 2169 insertions, 296 deletions
diff --git a/.travis.yml b/.travis.yml index b7fa090e..7d5663d8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,11 +16,13 @@ env: - TOX_ENV=py27 - TOX_ENV=py32 - TOX_ENV=py33 + - TOX_ENV=py34 - TOX_ENV=pypy - TOX_ENV=py26 OPENSSL=0.9.8 - TOX_ENV=py27 OPENSSL=0.9.8 - TOX_ENV=py32 OPENSSL=0.9.8 - TOX_ENV=py33 OPENSSL=0.9.8 + - TOX_ENV=py34 OPENSSL=0.9.8 - TOX_ENV=pypy OPENSSL=0.9.8 - TOX_ENV=docs - TOX_ENV=pep8 @@ -60,6 +62,9 @@ matrix: env: TOX_ENV=py33 compiler: gcc - os: osx + env: TOX_ENV=py34 + compiler: gcc + - os: osx env: TOX_ENV=pypy compiler: gcc - os: osx @@ -75,6 +80,9 @@ matrix: env: TOX_ENV=py33 OPENSSL=0.9.8 compiler: gcc - os: osx + env: TOX_ENV=py34 OPENSSL=0.9.8 + compiler: gcc + - os: osx env: TOX_ENV=pypy OPENSSL=0.9.8 compiler: gcc - os: osx diff --git a/.travis/install.sh b/.travis/install.sh index 7e77fc87..58d7404d 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -52,8 +52,13 @@ if [[ "$(uname -s)" == "Darwin" ]]; then pip install virtualenv ;; py33) - pyenv install 3.3.2 - pyenv global 3.3.2 + pyenv install 3.3.5 + pyenv global 3.3.5 + pip install virtualenv + ;; + py34) + pyenv install 3.4.0 + pyenv global 3.4.0 pip install virtualenv ;; docs) @@ -78,6 +83,9 @@ else py33) sudo apt-get install python3.3 python3.3-dev ;; + py34) + sudo apt-get install python3.4 python3.4-dev + ;; py3pep8) sudo apt-get install python3.3 python3.3-dev ;; diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1fa9ab3a..abbea9fa 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,11 +1,14 @@ Changelog ========= -0.3 - 2014-XX-XX -~~~~~~~~~~~~~~~~ +0.3 - `master`_ +~~~~~~~~~~~~~~~ + +.. note:: This version is not yet released and is under active development. * Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`. * Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`. +* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` support. 0.2.2 - 2014-03-03 ~~~~~~~~~~~~~~~~~~ @@ -39,3 +42,4 @@ Changelog * Initial release. +.. _`master`: https://github.com/pyca/cryptography/ diff --git a/cryptography/__init__.py b/cryptography/__init__.py index f37bd227..599bb059 100644 --- a/cryptography/__init__.py +++ b/cryptography/__init__.py @@ -10,6 +10,9 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function + from cryptography.__about__ import ( __title__, __summary__, __uri__, __version__, __author__, __email__, __license__, __copyright__ diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index a26dbe18..88766cc1 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + class UnsupportedAlgorithm(Exception): pass @@ -58,3 +60,7 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass + + +class UnsupportedInterface(Exception): + pass diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 71a9fadf..28d9c928 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import base64 import binascii import os diff --git a/cryptography/hazmat/__init__.py b/cryptography/hazmat/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/__init__.py +++ b/cryptography/hazmat/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py index 406b37e5..ae78822c 100644 --- a/cryptography/hazmat/backends/__init__.py +++ b/cryptography/hazmat/backends/__init__.py @@ -11,23 +11,44 @@ # See the License for the specific language governing permissions and # limitations under the License. -from cryptography.hazmat.backends import openssl +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.bindings.commoncrypto.binding import ( Binding as CommonCryptoBinding ) +from cryptography.hazmat.bindings.openssl.binding import ( + Binding as OpenSSLBinding +) + + +_available_backends_list = None + -_ALL_BACKENDS = [] +def _available_backends(): + global _available_backends_list -if CommonCryptoBinding.is_available(): - from cryptography.hazmat.backends import commoncrypto - _ALL_BACKENDS.append(commoncrypto.backend) + if _available_backends_list is None: + _available_backends_list = [] -_ALL_BACKENDS.append(openssl.backend) + if CommonCryptoBinding.is_available(): + from cryptography.hazmat.backends import commoncrypto + _available_backends_list.append(commoncrypto.backend) + if OpenSSLBinding.is_available(): + from cryptography.hazmat.backends import openssl + _available_backends_list.append(openssl.backend) -_default_backend = MultiBackend(_ALL_BACKENDS) + return _available_backends_list + + +_default_backend = None def default_backend(): + global _default_backend + + if _default_backend is None: + _default_backend = MultiBackend(_available_backends()) + return _default_backend diff --git a/cryptography/hazmat/backends/commoncrypto/__init__.py b/cryptography/hazmat/backends/commoncrypto/__init__.py index 64a1c01c..f080394f 100644 --- a/cryptography/hazmat/backends/commoncrypto/__init__.py +++ b/cryptography/hazmat/backends/commoncrypto/__init__.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.commoncrypto.backend import backend diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index da41532d..27b609ed 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -106,6 +106,12 @@ class RSABackend(six.with_metaclass(abc.ABCMeta)): interface. """ + @abc.abstractmethod + def mgf1_hash_supported(self, algorithm): + """ + Return True if the hash algorithm is supported for MGF1 in PSS. + """ + class OpenSSLSerializationBackend(six.with_metaclass(abc.ABCMeta)): @abc.abstractmethod diff --git a/cryptography/hazmat/backends/openssl/__init__.py b/cryptography/hazmat/backends/openssl/__init__.py index a8dfad06..25885e18 100644 --- a/cryptography/hazmat/backends/openssl/__init__.py +++ b/cryptography/hazmat/backends/openssl/__init__.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + from cryptography.hazmat.backends.openssl.backend import backend diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 6ee3daf5..b977b4c8 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -30,7 +30,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Blowfish, Camellia, TripleDES, ARC4, CAST5 + AES, Blowfish, Camellia, CAST5, TripleDES, ARC4, IDEA ) from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CTR, ECB, OFB, CFB, GCM, @@ -161,11 +161,14 @@ class Backend(object): mode_cls, GetCipherByName("bf-{mode.name}") ) - for mode_cls in [CBC, CFB, OFB, ECB]: + for cipher_cls, mode_cls in itertools.product( + [CAST5, IDEA], + [CBC, OFB, CFB, ECB], + ): self.register_cipher_adapter( - CAST5, + cipher_cls, mode_cls, - GetCipherByName("cast5-{mode.name}") + GetCipherByName("{cipher.name}-{mode.name}") ) self.register_cipher_adapter( ARC4, @@ -325,21 +328,54 @@ class Backend(object): ) assert res == 1 + return self._rsa_cdata_to_private_key(ctx) + + def _new_evp_pkey(self): + evp_pkey = self._lib.EVP_PKEY_new() + assert evp_pkey != self._ffi.NULL + return self._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) + + def _rsa_private_key_to_evp_pkey(self, private_key): + evp_pkey = self._new_evp_pkey() + rsa_cdata = self._rsa_cdata_from_private_key(private_key) + + res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL) + assert res == 1 + + res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata) + assert res == 1 + + return evp_pkey + + def _rsa_public_key_to_evp_pkey(self, public_key): + evp_pkey = self._new_evp_pkey() + rsa_cdata = self._rsa_cdata_from_public_key(public_key) + + res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL) + assert res == 1 + + res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata) + assert res == 1 + + return evp_pkey + + def _rsa_cdata_to_private_key(self, cdata): return rsa.RSAPrivateKey( - p=self._bn_to_int(ctx.p), - q=self._bn_to_int(ctx.q), - dmp1=self._bn_to_int(ctx.dmp1), - dmq1=self._bn_to_int(ctx.dmq1), - iqmp=self._bn_to_int(ctx.iqmp), - private_exponent=self._bn_to_int(ctx.d), - public_exponent=self._bn_to_int(ctx.e), - modulus=self._bn_to_int(ctx.n), + p=self._bn_to_int(cdata.p), + q=self._bn_to_int(cdata.q), + dmp1=self._bn_to_int(cdata.dmp1), + dmq1=self._bn_to_int(cdata.dmq1), + iqmp=self._bn_to_int(cdata.iqmp), + private_exponent=self._bn_to_int(cdata.d), + public_exponent=self._bn_to_int(cdata.e), + modulus=self._bn_to_int(cdata.n), ) def _rsa_cdata_from_private_key(self, private_key): + # Does not GC the RSA cdata. You *must* make sure it's freed + # correctly yourself! ctx = self._lib.RSA_new() assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) ctx.p = self._int_to_bn(private_key.p) ctx.q = self._int_to_bn(private_key.q) ctx.d = self._int_to_bn(private_key.d) @@ -351,9 +387,11 @@ class Backend(object): return ctx def _rsa_cdata_from_public_key(self, public_key): + # Does not GC the RSA cdata. You *must* make sure it's freed + # correctly yourself! + ctx = self._lib.RSA_new() assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) ctx.e = self._int_to_bn(public_key.e) ctx.n = self._int_to_bn(public_key.n) return ctx @@ -681,24 +719,19 @@ class _RSASignatureContext(object): def finalize(self): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = backend._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) - rsa_cdata = backend._rsa_cdata_from_private_key(self._private_key) - res = self._backend._lib.RSA_blinding_on( - rsa_cdata, self._backend._ffi.NULL) - assert res == 1 - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 + + evp_pkey = self._backend._rsa_private_key_to_evp_pkey( + self._private_key) + evp_md = self._backend._lib.EVP_get_digestbyname( self._algorithm.name.encode("ascii")) assert evp_md != self._backend._ffi.NULL pkey_size = self._backend._lib.EVP_PKEY_size(evp_pkey) assert pkey_size > 0 - return self._finalize_method(evp_pkey, pkey_size, rsa_cdata, evp_md) + return self._finalize_method(evp_pkey, pkey_size, evp_md) - def _finalize_pkey_ctx(self, evp_pkey, pkey_size, rsa_cdata, evp_md): + def _finalize_pkey_ctx(self, evp_pkey, pkey_size, evp_md): pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( evp_pkey, self._backend._ffi.NULL ) @@ -729,7 +762,7 @@ class _RSASignatureContext(object): assert res == 1 return self._backend._ffi.buffer(buf)[:] - def _finalize_pkcs1(self, evp_pkey, pkey_size, rsa_cdata, evp_md): + def _finalize_pkcs1(self, evp_pkey, pkey_size, evp_md): sig_buf = self._backend._ffi.new("char[]", pkey_size) sig_len = self._backend._ffi.new("unsigned int *") res = self._backend._lib.EVP_SignFinal( @@ -777,22 +810,16 @@ class _RSAVerificationContext(object): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = backend._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) - rsa_cdata = backend._rsa_cdata_from_public_key(self._public_key) - res = self._backend._lib.RSA_blinding_on( - rsa_cdata, self._backend._ffi.NULL) - assert res == 1 - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 + evp_pkey = self._backend._rsa_public_key_to_evp_pkey( + self._public_key) + evp_md = self._backend._lib.EVP_get_digestbyname( self._algorithm.name.encode("ascii")) assert evp_md != self._backend._ffi.NULL - self._verify_method(rsa_cdata, evp_pkey, evp_md) + self._verify_method(evp_pkey, evp_md) - def _verify_pkey_ctx(self, rsa_cdata, evp_pkey, evp_md): + def _verify_pkey_ctx(self, evp_pkey, evp_md): pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( evp_pkey, self._backend._ffi.NULL ) @@ -820,10 +847,11 @@ class _RSAVerificationContext(object): # occurs. assert res >= 0 if res == 0: - assert self._backend._consume_errors() + errors = self._backend._consume_errors() + assert errors raise InvalidSignature - def _verify_pkcs1(self, rsa_cdata, evp_pkey, evp_md): + def _verify_pkcs1(self, evp_pkey, evp_md): res = self._backend._lib.EVP_VerifyFinal( self._hash_ctx._ctx, self._signature, @@ -837,7 +865,8 @@ class _RSAVerificationContext(object): # occurs. assert res >= 0 if res == 0: - assert self._backend._consume_errors() + errors = self._backend._consume_errors() + assert errors raise InvalidSignature diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/bindings/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/__init__.py +++ b/cryptography/hazmat/bindings/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/commoncrypto/__init__.py b/cryptography/hazmat/bindings/commoncrypto/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/commoncrypto/__init__.py +++ b/cryptography/hazmat/bindings/commoncrypto/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py index 45c0eaad..ee809425 100644 --- a/cryptography/hazmat/bindings/commoncrypto/binding.py +++ b/cryptography/hazmat/bindings/commoncrypto/binding.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import sys +import platform from cryptography.hazmat.bindings.utils import build_ffi @@ -46,4 +47,5 @@ class Binding(object): @classmethod def is_available(cls): - return sys.platform == "darwin" + return sys.platform == "darwin" and list(map( + int, platform.mac_ver()[0].split("."))) >= [10, 8, 0] diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py index 8f03bc3f..9bd03a7c 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonCryptor.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_digest.py b/cryptography/hazmat/bindings/commoncrypto/common_digest.py index ec0fcc92..c59200cb 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_digest.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_digest.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonDigest.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py index a4bf9009..4f54b62b 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonHMAC.h> """ diff --git a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py index 85def1e9..e8cc03ef 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <CommonCrypto/CommonKeyDerivation.h> """ diff --git a/cryptography/hazmat/bindings/openssl/__init__.py b/cryptography/hazmat/bindings/openssl/__init__.py index 55c925c6..2f420574 100644 --- a/cryptography/hazmat/bindings/openssl/__init__.py +++ b/cryptography/hazmat/bindings/openssl/__init__.py @@ -10,3 +10,5 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py index 95ed5271..17c154cf 100644 --- a/cryptography/hazmat/bindings/openssl/aes.py +++ b/cryptography/hazmat/bindings/openssl/aes.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/aes.h> """ diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/bindings/openssl/asn1.py index aeaf316e..144a893e 100644 --- a/cryptography/hazmat/bindings/openssl/asn1.py +++ b/cryptography/hazmat/bindings/openssl/asn1.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/asn1.h> """ @@ -106,7 +108,6 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t); /* ASN1 GENERALIZEDTIME */ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *); void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *); -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); /* ASN1 ENUMERATED */ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); @@ -136,6 +137,9 @@ long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); + +/* These isn't a macro the arg is const on openssl 1.0.2+ */ +int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py index e843099e..a40397db 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/bindings/openssl/bignum.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/bn.h> """ diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/bindings/openssl/bio.py index 28172689..0c521b4d 100644 --- a/cryptography/hazmat/bindings/openssl/bio.py +++ b/cryptography/hazmat/bindings/openssl/bio.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/bio.h> """ diff --git a/cryptography/hazmat/bindings/openssl/conf.py b/cryptography/hazmat/bindings/openssl/conf.py index 6d818cf1..dda35e86 100644 --- a/cryptography/hazmat/bindings/openssl/conf.py +++ b/cryptography/hazmat/bindings/openssl/conf.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/conf.h> """ diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py index 81d13b73..99e1a61d 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/bindings/openssl/crypto.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/crypto.h> """ diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index ecc62e98..1791a670 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/dh.h> """ diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 664296d3..40d3b8ee 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/dsa.h> """ diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 9d6f7cb9..2617fe2a 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #ifndef OPENSSL_NO_EC #include <openssl/ec.h> diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py index 77118e81..364232e0 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/bindings/openssl/engine.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/engine.h> """ diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index f21d98b6..551d8217 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/err.h> """ @@ -18,6 +20,7 @@ INCLUDES = """ TYPES = """ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; +static const int Cryptography_HAS_098C_CAMELLIA_CODES; struct ERR_string_data_st { unsigned long error; @@ -29,6 +32,7 @@ typedef struct ERR_string_data_st ERR_STRING_DATA; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; static const int ERR_LIB_ASN1; +static const int ERR_LIB_RSA; static const int ASN1_F_ASN1_ENUMERATED_TO_BN; static const int ASN1_F_ASN1_EX_C2I; @@ -97,7 +101,6 @@ static const int ASN1_R_WRONG_TAG; static const int ASN1_R_WRONG_TYPE; static const int EVP_F_AES_INIT_KEY; -static const int EVP_F_CAMELLIA_INIT_KEY; static const int EVP_F_D2I_PKEY; static const int EVP_F_DSA_PKEY2PKCS8; static const int EVP_F_DSAPKEY2PKCS8; @@ -138,7 +141,6 @@ static const int EVP_R_BAD_BLOCK_LENGTH; static const int EVP_R_BAD_KEY_LENGTH; static const int EVP_R_BN_DECODE_ERROR; static const int EVP_R_BN_PUBKEY_ERROR; -static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; static const int EVP_R_CIPHER_PARAMETER_ERROR; static const int EVP_R_CTRL_NOT_IMPLEMENTED; static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED; @@ -211,6 +213,8 @@ static const int PEM_R_READ_KEY; static const int PEM_R_SHORT_HEADER; static const int PEM_R_UNSUPPORTED_CIPHER; static const int PEM_R_UNSUPPORTED_ENCRYPTION; + +static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; """ FUNCTIONS = """ @@ -261,6 +265,9 @@ static const int ASN1_F_SMIME_TEXT; static const int ASN1_R_NO_CONTENT_TYPE; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE; static const int ASN1_R_NO_MULTIPART_BOUNDARY; +/* These were added in OpenSSL 0.9.8c. */ +static const int EVP_F_CAMELLIA_INIT_KEY; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; """ CUSTOMIZATIONS = """ @@ -285,6 +292,16 @@ static const int ASN1_R_NO_CONTENT_TYPE = 0; static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0; static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0; #endif + +// OpenSSL 0.9.8c+ +#ifdef EVP_F_CAMELLIA_INIT_KEY +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 1; +#else +static const long Cryptography_HAS_098C_CAMELLIA_CODES = 0; +static const int EVP_F_CAMELLIA_INIT_KEY = 0; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0; +#endif + """ CONDITIONAL_NAMES = { @@ -300,4 +317,8 @@ CONDITIONAL_NAMES = { "ASN1_R_NO_MULTIPART_BODY_FAILURE", "ASN1_R_NO_MULTIPART_BOUNDARY", ], + "Cryptography_HAS_098C_CAMELLIA_CODES": [ + "EVP_F_CAMELLIA_INIT_KEY", + "EVP_R_CAMELLIA_KEY_SETUP_FAILED" + ] } diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py index 77128c47..ad4b568e 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/bindings/openssl/evp.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/evp.h> """ diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py index 4b81c9df..6a64b92c 100644 --- a/cryptography/hazmat/bindings/openssl/hmac.py +++ b/cryptography/hazmat/bindings/openssl/hmac.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/hmac.h> """ diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py index cb83c1ba..ea6fd4d6 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/bindings/openssl/nid.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = "" TYPES = """ diff --git a/cryptography/hazmat/bindings/openssl/objects.py b/cryptography/hazmat/bindings/openssl/objects.py index 0abc42d6..557c0158 100644 --- a/cryptography/hazmat/bindings/openssl/objects.py +++ b/cryptography/hazmat/bindings/openssl/objects.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/objects.h> """ diff --git a/cryptography/hazmat/bindings/openssl/opensslv.py b/cryptography/hazmat/bindings/openssl/opensslv.py index 397f4ca2..e4aa6212 100644 --- a/cryptography/hazmat/bindings/openssl/opensslv.py +++ b/cryptography/hazmat/bindings/openssl/opensslv.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/opensslv.h> """ diff --git a/cryptography/hazmat/bindings/openssl/osrandom_engine.py b/cryptography/hazmat/bindings/openssl/osrandom_engine.py index 0903a4bf..462997cc 100644 --- a/cryptography/hazmat/bindings/openssl/osrandom_engine.py +++ b/cryptography/hazmat/bindings/openssl/osrandom_engine.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #ifdef _WIN32 #include <Wincrypt.h> diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py index 942cba34..e42fc6fe 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/bindings/openssl/pem.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pem.h> """ diff --git a/cryptography/hazmat/bindings/openssl/pkcs12.py b/cryptography/hazmat/bindings/openssl/pkcs12.py index bd01e756..a8f106f6 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs12.py +++ b/cryptography/hazmat/bindings/openssl/pkcs12.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pkcs12.h> """ diff --git a/cryptography/hazmat/bindings/openssl/pkcs7.py b/cryptography/hazmat/bindings/openssl/pkcs7.py index 43f9540b..1343e566 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs7.py +++ b/cryptography/hazmat/bindings/openssl/pkcs7.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/pkcs7.h> """ diff --git a/cryptography/hazmat/bindings/openssl/rand.py b/cryptography/hazmat/bindings/openssl/rand.py index 0e645fbc..7b1be9df 100644 --- a/cryptography/hazmat/bindings/openssl/rand.py +++ b/cryptography/hazmat/bindings/openssl/rand.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/rand.h> """ diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index f895cd02..c6356101 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/rsa.h> """ diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 25bef49a..9735ae6a 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/ssl.h> """ @@ -19,109 +21,114 @@ TYPES = """ /* * Internally invented symbols to tell which versions of SSL/TLS are supported. */ -static const int Cryptography_HAS_SSL2; -static const int Cryptography_HAS_TLSv1_1; -static const int Cryptography_HAS_TLSv1_2; +static const long Cryptography_HAS_SSL2; +static const long Cryptography_HAS_TLSv1_1; +static const long Cryptography_HAS_TLSv1_2; /* Internally invented symbol to tell us if SNI is supported */ -static const int Cryptography_HAS_TLSEXT_HOSTNAME; +static const long Cryptography_HAS_TLSEXT_HOSTNAME; /* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is * supported */ -static const int Cryptography_HAS_RELEASE_BUFFERS; +static const long Cryptography_HAS_RELEASE_BUFFERS; /* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is * supported */ -static const int Cryptography_HAS_OP_NO_COMPRESSION; - -static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; -static const int Cryptography_HAS_SSL_SET_SSL_CTX; -static const int Cryptography_HAS_SSL_OP_NO_TICKET; - -static const int SSL_FILETYPE_PEM; -static const int SSL_FILETYPE_ASN1; -static const int SSL_ERROR_NONE; -static const int SSL_ERROR_ZERO_RETURN; -static const int SSL_ERROR_WANT_READ; -static const int SSL_ERROR_WANT_WRITE; -static const int SSL_ERROR_WANT_X509_LOOKUP; -static const int SSL_ERROR_SYSCALL; -static const int SSL_ERROR_SSL; -static const int SSL_SENT_SHUTDOWN; -static const int SSL_RECEIVED_SHUTDOWN; -static const int SSL_OP_NO_SSLv2; -static const int SSL_OP_NO_SSLv3; -static const int SSL_OP_NO_TLSv1; -static const int SSL_OP_NO_TLSv1_1; -static const int SSL_OP_NO_TLSv1_2; -static const int SSL_OP_NO_COMPRESSION; -static const int SSL_OP_SINGLE_DH_USE; -static const int SSL_OP_EPHEMERAL_RSA; -static const int SSL_OP_MICROSOFT_SESS_ID_BUG; -static const int SSL_OP_NETSCAPE_CHALLENGE_BUG; -static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; -static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; -static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; -static const int SSL_OP_MSIE_SSLV2_RSA_PADDING; -static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG; -static const int SSL_OP_TLS_D5_BUG; -static const int SSL_OP_TLS_BLOCK_PADDING_BUG; -static const int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; -static const int SSL_OP_CIPHER_SERVER_PREFERENCE; -static const int SSL_OP_TLS_ROLLBACK_BUG; -static const int SSL_OP_PKCS1_CHECK_1; -static const int SSL_OP_PKCS1_CHECK_2; -static const int SSL_OP_NETSCAPE_CA_DN_BUG; -static const int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; -static const int SSL_OP_NO_QUERY_MTU; -static const int SSL_OP_COOKIE_EXCHANGE; -static const int SSL_OP_NO_TICKET; -static const int SSL_OP_ALL; -static const int SSL_OP_SINGLE_ECDH_USE; -static const int SSL_VERIFY_PEER; -static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT; -static const int SSL_VERIFY_CLIENT_ONCE; -static const int SSL_VERIFY_NONE; -static const int SSL_SESS_CACHE_OFF; -static const int SSL_SESS_CACHE_CLIENT; -static const int SSL_SESS_CACHE_SERVER; -static const int SSL_SESS_CACHE_BOTH; -static const int SSL_SESS_CACHE_NO_AUTO_CLEAR; -static const int SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; -static const int SSL_SESS_CACHE_NO_INTERNAL_STORE; -static const int SSL_SESS_CACHE_NO_INTERNAL; -static const int SSL_ST_CONNECT; -static const int SSL_ST_ACCEPT; -static const int SSL_ST_MASK; -static const int SSL_ST_INIT; -static const int SSL_ST_BEFORE; -static const int SSL_ST_OK; -static const int SSL_ST_RENEGOTIATE; -static const int SSL_CB_LOOP; -static const int SSL_CB_EXIT; -static const int SSL_CB_READ; -static const int SSL_CB_WRITE; -static const int SSL_CB_ALERT; -static const int SSL_CB_READ_ALERT; -static const int SSL_CB_WRITE_ALERT; -static const int SSL_CB_ACCEPT_LOOP; -static const int SSL_CB_ACCEPT_EXIT; -static const int SSL_CB_CONNECT_LOOP; -static const int SSL_CB_CONNECT_EXIT; -static const int SSL_CB_HANDSHAKE_START; -static const int SSL_CB_HANDSHAKE_DONE; -static const int SSL_MODE_RELEASE_BUFFERS; -static const int SSL_MODE_ENABLE_PARTIAL_WRITE; -static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; -static const int SSL_MODE_AUTO_RETRY; -static const int SSL3_RANDOM_SIZE; +static const long Cryptography_HAS_OP_NO_COMPRESSION; + +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; +static const long Cryptography_HAS_SSL_SET_SSL_CTX; +static const long Cryptography_HAS_SSL_OP_NO_TICKET; + +static const long SSL_FILETYPE_PEM; +static const long SSL_FILETYPE_ASN1; +static const long SSL_ERROR_NONE; +static const long SSL_ERROR_ZERO_RETURN; +static const long SSL_ERROR_WANT_READ; +static const long SSL_ERROR_WANT_WRITE; +static const long SSL_ERROR_WANT_X509_LOOKUP; +static const long SSL_ERROR_SYSCALL; +static const long SSL_ERROR_SSL; +static const long SSL_SENT_SHUTDOWN; +static const long SSL_RECEIVED_SHUTDOWN; +static const long SSL_OP_NO_SSLv2; +static const long SSL_OP_NO_SSLv3; +static const long SSL_OP_NO_TLSv1; +static const long SSL_OP_NO_TLSv1_1; +static const long SSL_OP_NO_TLSv1_2; +static const long SSL_OP_NO_COMPRESSION; +static const long SSL_OP_SINGLE_DH_USE; +static const long SSL_OP_EPHEMERAL_RSA; +static const long SSL_OP_MICROSOFT_SESS_ID_BUG; +static const long SSL_OP_NETSCAPE_CHALLENGE_BUG; +static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; +static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; +static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; +static const long SSL_OP_MSIE_SSLV2_RSA_PADDING; +static const long SSL_OP_SSLEAY_080_CLIENT_DH_BUG; +static const long SSL_OP_TLS_D5_BUG; +static const long SSL_OP_TLS_BLOCK_PADDING_BUG; +static const long SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; +static const long SSL_OP_CIPHER_SERVER_PREFERENCE; +static const long SSL_OP_TLS_ROLLBACK_BUG; +static const long SSL_OP_PKCS1_CHECK_1; +static const long SSL_OP_PKCS1_CHECK_2; +static const long SSL_OP_NETSCAPE_CA_DN_BUG; +static const long SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; +static const long SSL_OP_NO_QUERY_MTU; +static const long SSL_OP_COOKIE_EXCHANGE; +static const long SSL_OP_NO_TICKET; +static const long SSL_OP_ALL; +static const long SSL_OP_SINGLE_ECDH_USE; +static const long SSL_VERIFY_PEER; +static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; +static const long SSL_VERIFY_CLIENT_ONCE; +static const long SSL_VERIFY_NONE; +static const long SSL_SESS_CACHE_OFF; +static const long SSL_SESS_CACHE_CLIENT; +static const long SSL_SESS_CACHE_SERVER; +static const long SSL_SESS_CACHE_BOTH; +static const long SSL_SESS_CACHE_NO_AUTO_CLEAR; +static const long SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; +static const long SSL_SESS_CACHE_NO_INTERNAL_STORE; +static const long SSL_SESS_CACHE_NO_INTERNAL; +static const long SSL_ST_CONNECT; +static const long SSL_ST_ACCEPT; +static const long SSL_ST_MASK; +static const long SSL_ST_INIT; +static const long SSL_ST_BEFORE; +static const long SSL_ST_OK; +static const long SSL_ST_RENEGOTIATE; +static const long SSL_CB_LOOP; +static const long SSL_CB_EXIT; +static const long SSL_CB_READ; +static const long SSL_CB_WRITE; +static const long SSL_CB_ALERT; +static const long SSL_CB_READ_ALERT; +static const long SSL_CB_WRITE_ALERT; +static const long SSL_CB_ACCEPT_LOOP; +static const long SSL_CB_ACCEPT_EXIT; +static const long SSL_CB_CONNECT_LOOP; +static const long SSL_CB_CONNECT_EXIT; +static const long SSL_CB_HANDSHAKE_START; +static const long SSL_CB_HANDSHAKE_DONE; +static const long SSL_MODE_RELEASE_BUFFERS; +static const long SSL_MODE_ENABLE_PARTIAL_WRITE; +static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; +static const long SSL_MODE_AUTO_RETRY; +static const long SSL3_RANDOM_SIZE; typedef ... X509_STORE_CTX; -static const int X509_V_OK; -static const int X509_V_ERR_APPLICATION_VERIFICATION; +static const long X509_V_OK; +static const long X509_V_ERR_APPLICATION_VERIFICATION; typedef ... SSL_METHOD; -typedef ... SSL_CTX; +typedef struct ssl_st { + int version; + int type; + const SSL_METHOD *method; + ...; +} SSL_CTX; typedef struct { int master_key_length; @@ -142,7 +149,7 @@ typedef struct { ...; } SSL; -static const int TLSEXT_NAMETYPE_host_name; +static const long TLSEXT_NAMETYPE_host_name; typedef ... SSL_CIPHER; """ @@ -391,7 +398,7 @@ const long SSL_OP_NO_TICKET = 0; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; #else static const long Cryptography_HAS_SSL_SET_SSL_CTX = 0; -static const int TLSEXT_NAMETYPE_host_name = 0; +static const long TLSEXT_NAMETYPE_host_name = 0; SSL_CTX *(*SSL_set_SSL_CTX)(SSL *, SSL_CTX *) = NULL; #endif """ diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py index e8b036c3..e800d272 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/bindings/openssl/x509.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/ssl.h> diff --git a/cryptography/hazmat/bindings/openssl/x509name.py b/cryptography/hazmat/bindings/openssl/x509name.py index bf627d61..50abee2a 100644 --- a/cryptography/hazmat/bindings/openssl/x509name.py +++ b/cryptography/hazmat/bindings/openssl/x509name.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/x509.h> diff --git a/cryptography/hazmat/bindings/openssl/x509v3.py b/cryptography/hazmat/bindings/openssl/x509v3.py index 6d2d2361..02ec250a 100644 --- a/cryptography/hazmat/bindings/openssl/x509v3.py +++ b/cryptography/hazmat/bindings/openssl/x509v3.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + INCLUDES = """ #include <openssl/x509v3.h> """ diff --git a/cryptography/hazmat/primitives/__init__.py b/cryptography/hazmat/primitives/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/__init__.py +++ b/cryptography/hazmat/primitives/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/asymmetric/__init__.py b/cryptography/hazmat/primitives/asymmetric/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/asymmetric/__init__.py +++ b/cryptography/hazmat/primitives/asymmetric/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index 6bafe314..46e00b8e 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import six + from cryptography import utils from cryptography.hazmat.primitives import interfaces @@ -20,3 +22,22 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.AsymmetricPadding) class PKCS1v15(object): name = "EMSA-PKCS1-v1_5" + + +class MGF1(object): + MAX_LENGTH = object() + + def __init__(self, algorithm, salt_length): + if not isinstance(algorithm, interfaces.HashAlgorithm): + raise TypeError("Expected instance of interfaces.HashAlgorithm.") + + self._algorithm = algorithm + + if (not isinstance(salt_length, six.integer_types) and + salt_length is not self.MAX_LENGTH): + raise TypeError("salt_length must be an integer") + + if salt_length is not self.MAX_LENGTH and salt_length < 0: + raise ValueError("salt_length must be zero or greater") + + self._salt_length = salt_length diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index dfb43340..cbef8e32 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils +from cryptography.exceptions import UnsupportedInterface +from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces @@ -41,6 +43,10 @@ class RSAPublicKey(object): self._modulus = modulus def verifier(self, signature, padding, algorithm, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.create_rsa_verification_ctx(self, signature, padding, algorithm) @@ -128,9 +134,17 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.generate_rsa_private_key(public_exponent, key_size) def signer(self, padding, algorithm, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedInterface( + "Backend object does not implement RSABackend") + return backend.create_rsa_signature_ctx(self, padding, algorithm) @property diff --git a/cryptography/hazmat/primitives/ciphers/algorithms.py b/cryptography/hazmat/primitives/ciphers/algorithms.py index a5cfce92..2d37e0cf 100644 --- a/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -116,3 +116,17 @@ class ARC4(object): @property def key_size(self): return len(self.key) * 8 + + +@utils.register_interface(interfaces.CipherAlgorithm) +class IDEA(object): + name = "IDEA" + block_size = 64 + key_sizes = frozenset([128]) + + def __init__(self, key): + self.key = _verify_key_size(self, key) + + @property + def key_size(self): + return len(self.key) * 8 diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index d366e4cf..1275019e 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -15,13 +15,18 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, NotYetFinalized, AlreadyUpdated, + AlreadyFinalized, NotYetFinalized, AlreadyUpdated, UnsupportedInterface ) +from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives import interfaces class Cipher(object): def __init__(self, algorithm, mode, backend): + if not isinstance(backend, CipherBackend): + raise UnsupportedInterface( + "Backend object does not implement CipherBackend") + if not isinstance(algorithm, interfaces.CipherAlgorithm): raise TypeError("Expected interface of interfaces.CipherAlgorithm") diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index bee188b3..409f564e 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,13 +16,18 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized +from cryptography.exceptions import AlreadyFinalized, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class Hash(object): def __init__(self, algorithm, backend, ctx=None): + if not isinstance(backend, HashBackend): + raise UnsupportedInterface( + "Backend object does not implement HashBackend") + if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 76d658aa..0bcbb3cd 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -16,13 +16,20 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.exceptions import ( + AlreadyFinalized, InvalidSignature, UnsupportedInterface +) +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self.algorithm = algorithm diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index 3824bcde..eab48b4d 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -367,6 +367,12 @@ class DSAPrivateKey(six.with_metaclass(abc.ABCMeta)): class DSAPublicKey(six.with_metaclass(abc.ABCMeta)): @abc.abstractproperty + def key_size(self): + """ + The bit length of the prime modulus. + """ + + @abc.abstractproperty def y(self): """ The public key. diff --git a/cryptography/hazmat/primitives/kdf/__init__.py b/cryptography/hazmat/primitives/kdf/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/kdf/__init__.py +++ b/cryptography/hazmat/primitives/kdf/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index af15b64d..95396fe1 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -11,16 +11,25 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.exceptions import ( + AlreadyFinalized, InvalidKey, UnsupportedInterface +) +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._algorithm = algorithm max_length = 255 * (algorithm.digest_size // 8) diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 39427780..f70a7ddf 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -17,14 +17,19 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized + InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface ) +from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.KeyDerivationFunction) class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): + if not isinstance(backend, PBKDF2HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement PBKDF2HMACBackend") + if not backend.pbkdf2_hmac_supported(algorithm): raise UnsupportedHash( "{0} is not supported for PBKDF2 by this backend".format( diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index 1717262c..bf634a65 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import cffi import six diff --git a/cryptography/hazmat/primitives/twofactor/__init__.py b/cryptography/hazmat/primitives/twofactor/__init__.py index e69de29b..2f420574 100644 --- a/cryptography/hazmat/primitives/twofactor/__init__.py +++ b/cryptography/hazmat/primitives/twofactor/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 83260225..34f820c0 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -17,13 +17,18 @@ import struct import six -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 class HOTP(object): def __init__(self, key, length, algorithm, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index 0630de69..08510ef5 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -13,13 +13,18 @@ from __future__ import absolute_import, division, print_function -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor.hotp import HOTP class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): + if not isinstance(backend, HMACBackend): + raise UnsupportedInterface( + "Backend object does not implement HMACBackend") + self._time_step = time_step self._hotp = HOTP(key, length, algorithm, backend) diff --git a/docs/conf.py b/docs/conf.py index 3486fb38..9b73a5bb 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -1,4 +1,18 @@ # -*- coding: utf-8 -*- + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + # # Cryptography documentation build configuration file, created by # sphinx-quickstart on Tue Aug 6 19:19:14 2013. @@ -11,6 +25,8 @@ # All configuration values have a default; values that are commented out # serve to show the default. +from __future__ import absolute_import, division, print_function + import os import sys diff --git a/docs/cryptography-docs.py b/docs/cryptography-docs.py index 0252d693..e4e9296c 100644 --- a/docs/cryptography-docs.py +++ b/docs/cryptography-docs.py @@ -1,3 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + from docutils import nodes from sphinx.util.compat import Directive, make_admonition diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py index 32ef3b43..9dd241c1 100644 --- a/docs/development/custom-vectors/cast5/generate_cast5.py +++ b/docs/development/custom-vectors/cast5/generate_cast5.py @@ -1,3 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + import binascii from cryptography.hazmat.backends import default_backend diff --git a/docs/development/custom-vectors/idea.rst b/docs/development/custom-vectors/idea.rst new file mode 100644 index 00000000..68c00b85 --- /dev/null +++ b/docs/development/custom-vectors/idea.rst @@ -0,0 +1,30 @@ +IDEA Vector Creation +===================== + +This page documents the code that was used to generate the IDEA CBC, CFB, and +OFB test vectors as well as the code used to verify them against another +implementation. For IDEA the vectors were generated using OpenSSL and verified +with Go. + +Creation +-------- + +``cryptography`` was modified to support IDEA in CBC, CFB, and OFB modes. Then +the following python script was run to generate the vector files. + +.. literalinclude:: /development/custom-vectors/idea/generate_idea.py + +Download link: :download:`generate_idea.py </development/custom-vectors/idea/generate_idea.py>` + + +Verification +------------ + +The following python code was used to verify the vectors using the `Botan`_ +project's Python bindings. + +.. literalinclude:: /development/custom-vectors/idea/verify_idea.py + +Download link: :download:`verify_idea.py </development/custom-vectors/idea/verify_idea.py>` + +.. _`Botan`: http://botan.randombit.net diff --git a/docs/development/custom-vectors/idea/generate_idea.py b/docs/development/custom-vectors/idea/generate_idea.py new file mode 100644 index 00000000..70b9f87f --- /dev/null +++ b/docs/development/custom-vectors/idea/generate_idea.py @@ -0,0 +1,60 @@ +import binascii + +from cryptography.hazmat.backends.openssl.backend import backend +from cryptography.hazmat.primitives.ciphers import base, algorithms, modes + + +def encrypt(mode, key, iv, plaintext): + cipher = base.Cipher( + algorithms.IDEA(binascii.unhexlify(key)), + mode(binascii.unhexlify(iv)), + backend + ) + encryptor = cipher.encryptor() + ct = encryptor.update(binascii.unhexlify(plaintext)) + ct += encryptor.finalize() + return binascii.hexlify(ct) + + +def build_vectors(mode, filename): + with open(filename, "r") as f: + vector_file = f.read().splitlines() + + count = 0 + output = [] + key = None + iv = None + plaintext = None + for line in vector_file: + line = line.strip() + if line.startswith("KEY"): + if count != 0: + output.append("CIPHERTEXT = {0}".format( + encrypt(mode, key, iv, plaintext)) + ) + output.append("\nCOUNT = {0}".format(count)) + count += 1 + name, key = line.split(" = ") + output.append("KEY = {0}".format(key)) + elif line.startswith("IV"): + name, iv = line.split(" = ") + iv = iv[0:16] + output.append("IV = {0}".format(iv)) + elif line.startswith("PLAINTEXT"): + name, plaintext = line.split(" = ") + output.append("PLAINTEXT = {0}".format(plaintext)) + + output.append("CIPHERTEXT = {0}".format(encrypt(mode, key, iv, plaintext))) + return "\n".join(output) + + +def write_file(data, filename): + with open(filename, "w") as f: + f.write(data) + +CBC_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/CBC/CBCMMT128.rsp" +write_file(build_vectors(modes.CBC, CBC_PATH), "idea-cbc.txt") +OFB_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp" +write_file(build_vectors(modes.OFB, OFB_PATH), "idea-ofb.txt") +CFB_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/CFB/CFB128MMT128.rsp" +write_file(build_vectors(modes.CFB, CFB_PATH), "idea-cfb.txt") diff --git a/docs/development/custom-vectors/idea/verify_idea.py b/docs/development/custom-vectors/idea/verify_idea.py new file mode 100644 index 00000000..89713c80 --- /dev/null +++ b/docs/development/custom-vectors/idea/verify_idea.py @@ -0,0 +1,39 @@ +import binascii + +import botan + +from tests.utils import load_nist_vectors + +BLOCK_SIZE = 64 + + +def encrypt(mode, key, iv, plaintext): + encryptor = botan.Cipher("IDEA/{0}/NoPadding".format(mode), "encrypt", + binascii.unhexlify(key)) + + cipher_text = encryptor.cipher(binascii.unhexlify(plaintext), + binascii.unhexlify(iv)) + return binascii.hexlify(cipher_text) + + +def verify_vectors(mode, filename): + with open(filename, "r") as f: + vector_file = f.read().splitlines() + + vectors = load_nist_vectors(vector_file) + for vector in vectors: + ct = encrypt( + mode, + vector["key"], + vector["iv"], + vector["plaintext"] + ) + assert ct == vector["ciphertext"] + + +cbc_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cbc.txt" +verify_vectors("CBC", cbc_path) +ofb_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-ofb.txt" +verify_vectors("OFB", ofb_path) +cfb_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cfb.txt" +verify_vectors("CFB", cfb_path) diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index a70b82d3..1d768179 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -69,6 +69,8 @@ Symmetric Ciphers * CAST5 (CBC, CFB, OFB) generated by this project. See: :doc:`/development/custom-vectors/cast5` * IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_. +* IDEA (CBC, CFB, OFB) generated by this project. + See: :doc:`/development/custom-vectors/idea` Two Factor Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -77,7 +79,6 @@ Two Factor Authentication * TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC 6238 exists) - Creating Test Vectors --------------------- @@ -88,6 +89,7 @@ its own using existing vectors as source material. Current custom vectors: :maxdepth: 1 custom-vectors/cast5 + custom-vectors/idea If official test vectors appear in the future the custom generated vectors should be discarded. diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 48c4bca8..e5010ebe 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -56,3 +56,9 @@ Exceptions This is raised when the verify method of a one time password function's computed token does not match the expected token. +.. class:: UnsupportedInterface + + .. versionadded:: 0.3 + + This is raised when the provided backend does not support the required + interface. diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst index 16a61337..d31391d7 100644 --- a/docs/hazmat/backends/commoncrypto.rst +++ b/docs/hazmat/backends/commoncrypto.rst @@ -3,7 +3,8 @@ CommonCrypto Backend ==================== -The `CommonCrypto`_ C library provided by Apple on OS X and iOS. +The `CommonCrypto`_ C library provided by Apple on OS X and iOS. The CommonCrypto +backend is only supported on OS X versions 10.8 and above. .. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index a7a9661b..c3ea164a 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -249,6 +249,20 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + .. method:: mgf1_hash_supported(algorithm) + + Check if the specified ``algorithm`` is supported for use with + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + padding. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: ``True`` if the specified ``algorithm`` is supported by this + backend, otherwise ``False``. + .. class:: OpenSSLSerializationBackend diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index d6351c9c..547fe769 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -3,7 +3,9 @@ OpenSSL Backend =============== -The `OpenSSL`_ C library. +The `OpenSSL`_ C library. Cryptography supports version ``0.9.8e`` (present in +Red Hat Enterprise Linux 5) and greater. Earlier versions may work but are +**not tested or supported**. .. data:: cryptography.hazmat.backends.openssl.backend diff --git a/docs/hazmat/bindings/commoncrypto.rst b/docs/hazmat/bindings/commoncrypto.rst index 50dbe69a..e5a673b3 100644 --- a/docs/hazmat/bindings/commoncrypto.rst +++ b/docs/hazmat/bindings/commoncrypto.rst @@ -7,8 +7,8 @@ CommonCrypto Binding .. versionadded:: 0.2 -These are `CFFI`_ bindings to the `CommonCrypto`_ C library. It is available on -Mac OS X. +These are `CFFI`_ bindings to the `CommonCrypto`_ C library. It is only +available on Mac OS X versions 10.8 and above. .. class:: cryptography.hazmat.bindings.commoncrypto.binding.Binding() diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst index 557f8c4d..9fce8f77 100644 --- a/docs/hazmat/bindings/openssl.rst +++ b/docs/hazmat/bindings/openssl.rst @@ -5,7 +5,9 @@ OpenSSL Binding .. currentmodule:: cryptography.hazmat.bindings.openssl.binding -These are `CFFI`_ bindings to the `OpenSSL`_ C library. +These are `CFFI`_ bindings to the `OpenSSL`_ C library. Cryptography supports +version ``0.9.8e`` (present in Red Hat Enterprise Linux 5) and greater. Earlier +versions may work but are **not tested or supported**. .. class:: cryptography.hazmat.bindings.openssl.binding.Binding() diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst index 7aec3bd3..8a034329 100644 --- a/docs/hazmat/primitives/asymmetric/padding.rst +++ b/docs/hazmat/primitives/asymmetric/padding.rst @@ -17,4 +17,27 @@ Padding PKCS1 v1.5 (also known as simply PKCS1) is a simple padding scheme developed for use with RSA keys. It is defined in :rfc:`3447`. +Mask Generation Functions +~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. class:: MGF1(algorithm, salt_length) + + .. versionadded:: 0.3 + + MGF1 (Mask Generation Function 1) is used as the mask generation function + in :class:`PSS` padding. It takes a hash algorithm and a salt length. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :param int salt_length: The length of the salt. It is recommended that this + be set to ``MGF1.MAX_LENGTH``. + + .. attribute:: MAX_LENGTH + + Pass this attribute to ``salt_length`` to get the maximum salt length + available. + + .. _`Padding is critical`: http://rdist.root.org/2009/10/06/why-rsa-encryption-padding-is-critical/ diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 7943981e..03a7caed 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -50,6 +50,11 @@ RSA provider. :return: A new instance of ``RSAPrivateKey``. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + + .. method:: signer(padding, algorithm, backend) .. versionadded:: 0.3 @@ -90,6 +95,9 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` + :raises cryptography.exceptions.UnsupportedInterface: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` .. class:: RSAPublicKey(public_exponent, modulus) @@ -154,6 +162,10 @@ RSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + :raises cryptography.exceptions.UnsupportedInterface: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 86b85852..b7eee2f5 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -29,7 +29,7 @@ Message Digests 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` will be raised. + :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. Keep in mind that attacks against cryptographic hashes only get stronger with time, and that often algorithms that were once thought to be strong, @@ -45,28 +45,32 @@ Message Digests :class:`~cryptography.hazmat.backends.interfaces.HashBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HashBackend` + .. method:: update(data) - :param bytes data: The bytes you wish to hash. - :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + :param bytes data: The bytes to be hashed. + :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`. .. method:: copy() - Copy this :class:`Hash` instance, usually so that we may call - :meth:`finalize` and get an intermediate digest value while we continue - to call :meth:`update` on the original. + Copy this :class:`Hash` instance, usually so that you may call + :meth:`finalize` to get an intermediate digest value while we continue + to call :meth:`update` on the original instance. :return: A new instance of :class:`Hash` that can be updated - and finalized independently of the original instance. - :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + and finalized independently of the original instance. + :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`. .. method:: finalize() Finalize the current context and return the message digest as bytes. - Once ``finalize`` is called this object can no longer be used and - :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise - :class:`~cryptography.exceptions.AlreadyFinalized`. + After ``finalize`` has been called this object can no longer be used + and :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise an + :class:`~cryptography.exceptions.AlreadyFinalized` exception. :return bytes: The message digest as bytes. @@ -83,7 +87,7 @@ SHA-1 .. class:: SHA1() - SHA-1 is a cryptographic hash function standardized by NIST. It has a + SHA-1 is a cryptographic hash function standardized by NIST. It produces an 160-bit message digest. SHA-2 Family @@ -91,23 +95,23 @@ SHA-2 Family .. class:: SHA224() - SHA-224 is a cryptographic hash function from the SHA-2 family and - standardized by NIST. It has a 224-bit message digest. + SHA-224 is a cryptographic hash function from the SHA-2 family and is + standardized by NIST. It produces a 224-bit message digest. .. class:: SHA256() - SHA-256 is a cryptographic hash function from the SHA-2 family and - standardized by NIST. It has a 256-bit message digest. + SHA-256 is a cryptographic hash function from the SHA-2 family and is + standardized by NIST. It produces a 256-bit message digest. .. class:: SHA384() - SHA-384 is a cryptographic hash function from the SHA-2 family and - standardized by NIST. It has a 384-bit message digest. + SHA-384 is a cryptographic hash function from the SHA-2 family and is + standardized by NIST. It produces a 384-bit message digest. .. class:: SHA512() - SHA-512 is a cryptographic hash function from the SHA-2 family and - standardized by NIST. It has a 512-bit message digest. + SHA-512 is a cryptographic hash function from the SHA-2 family and is + standardized by NIST. It produces a 512-bit message digest. RIPEMD160 ~~~~~~~~~ @@ -115,7 +119,7 @@ RIPEMD160 .. class:: RIPEMD160() RIPEMD160 is a cryptographic hash function that is part of ISO/IEC - 10118-3:2004. It has a 160-bit message digest. + 10118-3:2004. It produces a 160-bit message digest. Whirlpool ~~~~~~~~~ @@ -123,7 +127,7 @@ Whirlpool .. class:: Whirlpool() Whirlpool is a cryptographic hash function that is part of ISO/IEC - 10118-3:2004. It has a 512-bit message digest. + 10118-3:2004. It produces a 512-bit message digest. MD5 ~~~ @@ -136,8 +140,8 @@ MD5 .. class:: MD5() - MD5 is a deprecated cryptographic hash function. It has a 128-bit message - digest and has practical known collision attacks. + MD5 is a deprecated cryptographic hash function. It produces a 128-bit + message digest and has practical known collision attacks. .. _`Lifetimes of cryptographic hash functions`: http://valerieaurora.org/hash.html diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 1a2838f7..ce4e8803 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -12,13 +12,13 @@ Hash-based Message Authentication Codes Hash-based message authentication codes (or HMACs) are a tool for calculating message authentication codes using a cryptographic hash function coupled with a -secret key. You can use an HMAC to verify integrity as well as authenticate a -message. +secret key. You can use an HMAC to verify both the integrity and authenticity +of a message. .. class:: HMAC(key, algorithm, backend) - HMAC objects take a ``key`` and a provider of - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`. + HMAC objects take a ``key`` and a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` provider. The ``key`` should be randomly generated bytes and is recommended to be equal in length to the ``digest_size`` of the hash function chosen. You must keep the ``key`` secret. @@ -35,7 +35,7 @@ message. '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an - :class:`~cryptography.exceptions.UnsupportedHash` will be raised. + :class:`~cryptography.exceptions.UnsupportedHash` exception will be raised. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: @@ -47,15 +47,19 @@ message. ... cryptography.exceptions.InvalidSignature: Signature did not match digest. - :param key: Secret key as ``bytes``. - :param algorithm: A + :param bytes key: Secret key as ``bytes``. + :param algorithm: An :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` provider such as those described in :ref:`Cryptographic Hashes <cryptographic-hash-algorithms>`. - :param backend: A + :param backend: An :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` + .. method:: update(msg) :param bytes msg: The bytes to hash and authenticate. @@ -64,8 +68,8 @@ message. .. method:: copy() Copy this :class:`HMAC` instance, usually so that we may call - :meth:`finalize` and get an intermediate digest value while we continue - to call :meth:`update` on the original. + :meth:`finalize` to get an intermediate digest value while we continue + to call :meth:`update` on the original instance. :return: A new instance of :class:`HMAC` that can be updated and finalized independently of the original instance. @@ -86,9 +90,10 @@ message. Finalize the current context and return the message digest as bytes. - Once ``finalize`` is called this object can no longer be used and - :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise - :class:`~cryptography.exceptions.AlreadyFinalized`. + After ``finalize`` has been called this object can no longer be used + and :meth:`update`, :meth:`copy`, :meth:`verify` and :meth:`finalize` + will raise an :class:`~cryptography.exceptions.AlreadyFinalized` + exception. :return bytes: The message digest as bytes. :raises cryptography.exceptions.AlreadyFinalized: diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index cc2a3000..cefd81ac 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -323,7 +323,13 @@ Asymmetric Interfaces .. versionadded:: 0.3 - A `DSA`_ private key. + A `DSA`_ public key. + + .. attribute:: key_size + + :type: int + + The bit length of the modulus. .. method:: parameters() diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 851dbb0b..174b68d2 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -84,6 +84,10 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` + .. method:: derive(key_material) :param bytes key_material: The input key material. For PBKDF2 this @@ -183,6 +187,10 @@ Different KDFs are suitable for different tasks such as: :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` + .. method:: derive(key_material) :param bytes key_material: The input key material. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 2bc25c50..71a1064e 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -13,23 +13,25 @@ Symmetric Encryption iv = binascii.unhexlify(b"0" * 32) -Symmetric encryption is a way to encrypt (hide the plaintext value) material -where the sender and receiver both use the same key. Note that symmetric -encryption is **not** sufficient for most applications, because it only -provides secrecy (an attacker can't see the message) but not authenticity (an -attacker can create bogus messages and force the application to decrypt them). +Symmetric encryption is a way to `encrypt`_ or hide the contents of material +where the sender and receiver both use the same secret key. Note that symmetric +encryption is **not** sufficient for most applications because it only +provides secrecy but not authenticity. That means an attacker can't see the +message but an attacker can create bogus messages and force the application to +decrypt them. + For this reason it is *strongly* recommended to combine encryption with a message authentication code, such as :doc:`HMAC </hazmat/primitives/hmac>`, in an "encrypt-then-MAC" formulation as `described by Colin Percival`_. .. class:: Cipher(algorithm, mode, backend) - Cipher objects combine an algorithm (such as - :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`) with a - mode (such as + Cipher objects combine an algorithm such as + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` with a + mode like :class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` or - :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`). A simple - example of encrypting (and then decrypting) content with AES is: + :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`. A simple + example of encrypting and then decrypting content with AES is: .. doctest:: @@ -54,6 +56,10 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` provider. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` + .. method:: encryptor() :return: An encrypting @@ -62,7 +68,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. If the backend doesn't support the requested combination of ``cipher`` and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher` - will be raised. + exception will be raised. .. method:: decryptor() @@ -72,7 +78,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. If the backend doesn't support the requested combination of ``cipher`` and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher` - will be raised. + exception will be raised. .. _symmetric-encryption-algorithms: @@ -87,17 +93,17 @@ Algorithms AES is both fast, and cryptographically strong. It is a good default choice for encryption. - :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. - This must be kept secret. + :param bytes key: The secret key. This must be kept secret. Either ``128``, + ``192``, or ``256`` bits long. .. class:: Camellia(key) - Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC. - It is considered to have comparable security and performance to AES, but + Camellia is a block cipher approved for use by `CRYPTREC`_ and ISO/IEC. + It is considered to have comparable security and performance to AES but is not as widely studied or deployed. - :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. - This must be kept secret. + :param bytes key: The secret key. This must be kept secret. Either ``128``, + ``192``, or ``256`` bits long. .. class:: TripleDES(key) @@ -107,12 +113,11 @@ Algorithms Nonetheless, Triples DES is not recommended for new applications because it is incredibly slow; old applications should consider moving away from it. - :param bytes key: The secret key, either ``64``, ``128``, or ``192`` bits - (note that DES functionally uses ``56``, ``112``, or ``168`` bits of - the key, there is a parity byte in each component of the key), in some - materials these are referred to as being up to three separate keys - (each ``56`` bits long), they can simply be concatenated to produce the - full key. This must be kept secret. + :param bytes key: The secret key. This must be kept secret. Either ``64``, + ``128``, or ``192`` bits long. DES only uses ``56``, ``112``, or ``168`` + bits of the key as there is a parity byte in each component of the key. + Some writing refers to there being up to three separate keys that are each + ``56`` bits long, they can simply be concatenated to produce the full key. .. class:: CAST5(key) @@ -122,8 +127,8 @@ Algorithms Canadian government by the `Communications Security Establishment`_. It is a variable key length cipher and supports keys from 40-128 bits in length. - :param bytes key: The secret key, 40-128 bits in length (in increments of - 8). This must be kept secret. + :param bytes key: The secret key, This must be kept secret. 40 to 128 bits + in length in increments of 8 bits. Weak Ciphers ------------ @@ -138,10 +143,10 @@ Weak Ciphers Blowfish is a block cipher developed by Bruce Schneier. It is known to be susceptible to attacks when using weak keys. The author has recommended - that users of Blowfish move to newer algorithms, such as :class:`AES`. + that users of Blowfish move to newer algorithms such as :class:`AES`. - :param bytes key: The secret key, 32-448 bits in length (in increments of - 8). This must be kept secret. + :param bytes key: The secret key. This must be kept secret. 32 to 448 bits + in length in increments of 8 bits. .. class:: ARC4(key) @@ -149,8 +154,8 @@ Weak Ciphers initial stream output. Its use is strongly discouraged. ARC4 does not use mode constructions. - :param bytes key: The secret key, ``40``, ``56``, ``64``, ``80``, ``128``, - ``192``, or ``256`` bits in length. This must be kept secret. + :param bytes key: The secret key. This must be kept secret. Either ``40``, + ``56``, ``64``, ``80``, ``128``, ``192``, or ``256`` bits in length. .. doctest:: @@ -164,6 +169,16 @@ Weak Ciphers >>> decryptor.update(ct) 'a secret message' +.. class:: IDEA(key) + + IDEA (`International Data Encryption Algorithm`_) is a block cipher created + in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher + is susceptible to attacks when using weak keys. It is recommended that you + do not use this cipher for new applications. + + :param bytes key: The secret key This must be kept secret. ``128`` bits in + length. + .. _symmetric-encryption-modes: @@ -174,16 +189,16 @@ Modes .. class:: CBC(initialization_vector) - CBC (Cipher block chaining) is a mode of operation for block ciphers. It is + CBC (Cipher Block Chaining) is a mode of operation for block ciphers. It is considered cryptographically strong. **Padding is required when using this mode.** :param bytes initialization_vector: Must be random bytes. They do not need - to be kept secret (they can be included in a transmitted message). Must - be the same number of bytes as the ``block_size`` of the cipher. Each - time something is encrypted a new ``initialization_vector`` should be - generated. Do not reuse an ``initialization_vector`` with a given + to be kept secret and they can be included in a transmitted message. + Must be the same number of bytes as the ``block_size`` of the cipher. + Each time something is encrypted a new ``initialization_vector`` should + be generated. Do not reuse an ``initialization_vector`` with a given ``key``, and particularly do not use a constant ``initialization_vector``. @@ -223,7 +238,7 @@ Modes compromises the security of every message encrypted with that key. Must be the same number of bytes as the ``block_size`` of the cipher with a given key. The nonce does not need to be kept secret and may be - included alongside the ciphertext. + included with the ciphertext. .. class:: OFB(initialization_vector) @@ -233,9 +248,9 @@ Modes **This mode does not require padding.** :param bytes initialization_vector: Must be random bytes. They do not need - to be kept secret (they can be included in a transmitted message). Must - be the same number of bytes as the ``block_size`` of the cipher. Do not - reuse an ``initialization_vector`` with a given ``key``. + to be kept secret and they can be included in a transmitted message. + Must be the same number of bytes as the ``block_size`` of the cipher. + Do not reuse an ``initialization_vector`` with a given ``key``. .. class:: CFB(initialization_vector) @@ -245,38 +260,38 @@ Modes **This mode does not require padding.** :param bytes initialization_vector: Must be random bytes. They do not need - to be kept secret (they can be included in a transmitted message). Must - be the same number of bytes as the ``block_size`` of the cipher. Do not - reuse an ``initialization_vector`` with a given ``key``. + to be kept secret and they can be included in a transmitted message. + Must be the same number of bytes as the ``block_size`` of the cipher. + Do not reuse an ``initialization_vector`` with a given ``key``. .. class:: GCM(initialization_vector, tag=None) .. danger:: - When using this mode you MUST not use the decrypted data until + When using this mode you **must** not use the decrypted data until :meth:`~cryptography.hazmat.primitives.interfaces.CipherContext.finalize` - has been called. GCM provides NO guarantees of ciphertext integrity + has been called. GCM provides **no** guarantees of ciphertext integrity until decryption is complete. GCM (Galois Counter Mode) is a mode of operation for block ciphers. An AEAD (authenticated encryption with additional data) mode is a type of - block cipher mode that encrypts the message as well as authenticating it - (and optionally additional data that is not encrypted) simultaneously. - Additional means of verifying integrity (like - :doc:`HMAC </hazmat/primitives/hmac>`) are not necessary. + block cipher mode that simultaneously encrypts the message as well as + authenticating it. Additional unencrypted data may also be authenticated. + Additional means of verifying integrity such as + :doc:`HMAC </hazmat/primitives/hmac>` are not necessary. **This mode does not require padding.** :param bytes initialization_vector: Must be random bytes. They do not need - to be kept secret (they can be included in a transmitted message). NIST - `recommends 96-bit IV length`_ for performance critical situations, but - it can be up to 2\ :sup:`64` - 1 bits. Do not reuse an + to be kept secret and they can be included in a transmitted message. + NIST `recommends a 96-bit IV length`_ for performance critical + situations but it can be up to 2\ :sup:`64` - 1 bits. Do not reuse an ``initialization_vector`` with a given ``key``. .. note:: - Cryptography will emit a 128-bit tag when finalizing encryption. - You can shorten a tag by truncating it to the desired length, but this + Cryptography will generate a 128-bit tag when finalizing encryption. + You can shorten a tag by truncating it to the desired length but this is **not recommended** as it lowers the security margins of the authentication (`NIST SP-800-38D`_ recommends 96-bits or greater). If you must shorten the tag the minimum allowed length is 4 bytes @@ -298,8 +313,8 @@ Modes # Generate a random 96-bit IV. iv = os.urandom(12) - # Construct a AES-GCM Cipher object with the given and our randomly - # generated IV. + # Construct a AES-GCM Cipher object with the given key and a + # randomly generated IV. encryptor = Cipher( algorithms.AES(key), modes.GCM(iv), @@ -371,7 +386,7 @@ Insecure Modes ECB (Electronic Code Book) is the simplest mode of operation for block ciphers. Each block of data is encrypted in the same way. This means identical plaintext blocks will always result in identical ciphertext - blocks, and thus result in information leakage + blocks, which can leave `significant patterns in the output`_. **Padding is required when using this mode.** @@ -386,12 +401,13 @@ Interfaces context. Once that is done call ``finalize()`` to finish the operation and obtain the remainder of the data. - Block ciphers require that plaintext or ciphertext always be a multiple of - their block size, because of that **padding** is sometimes required to make - a message the correct size. ``CipherContext`` will not automatically apply - any padding; you'll need to add your own. For block ciphers the recommended - padding is :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you - are using a stream cipher mode (such as + Block ciphers require that the plaintext or ciphertext always be a multiple + of their block size. Because of that **padding** is sometimes required to + make a message the correct size. ``CipherContext`` will not automatically + apply any padding; you'll need to add your own. For block ciphers the + recommended padding is + :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you are using a + stream cipher mode (such as :class:`cryptography.hazmat.primitives.modes.CTR`) you don't have to worry about this. @@ -404,31 +420,31 @@ Interfaces When the ``Cipher`` was constructed in a mode that turns it into a stream cipher (e.g. :class:`cryptography.hazmat.primitives.ciphers.modes.CTR`), this will - return bytes immediately, however in other modes it will return chunks, + return bytes immediately, however in other modes it will return chunks whose size is determined by the cipher's block size. .. method:: finalize() :return bytes: Returns the remainder of the data. :raises ValueError: This is raised when the data provided isn't - correctly padded to be a multiple of the algorithm's block size. + a multiple of the algorithm's block size. Once ``finalize`` is called this object can no longer be used and - :meth:`update` and :meth:`finalize` will raise - :class:`~cryptography.exceptions.AlreadyFinalized`. + :meth:`update` and :meth:`finalize` will raise an + :class:`~cryptography.exceptions.AlreadyFinalized` exception. .. class:: AEADCipherContext - When calling ``encryptor()`` or ``decryptor()`` on a ``Cipher`` object + When calling ``encryptor`` or ``decryptor`` on a ``Cipher`` object with an AEAD mode (e.g. :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`) the result will conform to the ``AEADCipherContext`` and ``CipherContext`` interfaces. If it is an encryption context it will additionally be an - ``AEADEncryptionContext`` interface. ``AEADCipherContext`` contains an - additional method ``authenticate_additional_data`` for adding additional - authenticated but unencrypted data (see note below). You should call this - before calls to ``update``. When you are done call ``finalize()`` to finish - the operation. + ``AEADEncryptionContext`` provider. ``AEADCipherContext`` contains an + additional method :meth:`authenticate_additional_data` for adding + additional authenticated but unencrypted data (see note below). You should + call this before calls to ``update``. When you are done call `finalize`` + to finish the operation. .. note:: @@ -444,12 +460,13 @@ Interfaces .. class:: AEADEncryptionContext - When creating an encryption context using ``encryptor()`` on a ``Cipher`` - object with an AEAD mode (e.g. - :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`) you will receive - a return object conforming to the ``AEADEncryptionContext`` interface (as - well as ``AEADCipherContext``). This interface provides one additional - attribute ``tag``. ``tag`` can only be obtained after ``finalize()``. + When creating an encryption context using ``encryptor`` on a ``Cipher`` + object with an AEAD mode such as + :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` an object + conforming to both the ``AEADEncryptionContext`` and ``AEADCipherContext`` + interfaces will be returned. This interface provides one + additional attribute ``tag``. ``tag`` can only be obtained after + ``finalize`` has been called. .. attribute:: tag @@ -459,6 +476,11 @@ Interfaces .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html -.. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +.. _`recommends a 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf .. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf .. _`Communications Security Establishment`: http://www.cse-cst.gc.ca +.. _`encrypt`: https://ssd.eff.org/tech/encryption +.. _`CRYPTREC`: http://www.cryptrec.go.jp/english/ +.. _`significant patterns in the output`: http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29 +.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm +.. _`OpenPGP`: http://www.openpgp.org diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 3912d483..124d0ef5 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -52,6 +52,9 @@ codes (HMAC). :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` .. method:: generate(counter) @@ -148,6 +151,9 @@ similar to the following code. :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the ``length`` parameter is not an integer. + :raises cryptography.exceptions.UnsupportedInterface: This is raised if the + provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` .. method:: generate(time) diff --git a/docs/installation.rst b/docs/installation.rst index 63555abc..c6a2a5c0 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -7,6 +7,18 @@ You can install ``cryptography`` with ``pip``: $ pip install cryptography +Supported platforms +------------------- + +Currently we test ``cryptography`` on Python 2.6, 2.7, 3.2, 3.3 and PyPy on +these operating systems. + +* x86-64 CentOS 6.4 and CentOS 5 +* x86-64 FreeBSD 9.2 and FreeBSD 10 +* OS X 10.9 and OS X 10.8 +* x86-64 Ubuntu 12.04 LTS +* 32-bit Python on 64-bit Windows Server 2008 + On Windows ---------- @@ -10,6 +10,9 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. + +from __future__ import absolute_import, division, print_function + import os import sys from distutils.command.build import build @@ -116,6 +119,7 @@ setup( "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.2", "Programming Language :: Python :: 3.3", + "Programming Language :: Python :: 3.4", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Security :: Cryptography", @@ -21,7 +21,7 @@ import invoke import requests -JENKINS_URL = "http://jenkins.cryptography.io/job/cryptography-wheel-builder" +JENKINS_URL = "https://jenkins.cryptography.io/job/cryptography-wheel-builder" def wait_for_build_completed(): diff --git a/tests/__init__.py b/tests/__init__.py index e69de29b..2f420574 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/conftest.py b/tests/conftest.py index 64982efd..36183f46 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,6 +1,21 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + import pytest -from cryptography.hazmat.backends import _ALL_BACKENDS +from cryptography.hazmat.backends import _available_backends from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) @@ -10,7 +25,7 @@ from .utils import check_for_iface, check_backend_support, select_backends def pytest_generate_tests(metafunc): names = metafunc.config.getoption("--backend") - selected_backends = select_backends(names, _ALL_BACKENDS) + selected_backends = select_backends(names, _available_backends()) if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", selected_backends) diff --git a/tests/hazmat/__init__.py b/tests/hazmat/__init__.py index e69de29b..2f420574 100644 --- a/tests/hazmat/__init__.py +++ b/tests/hazmat/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/hazmat/backends/__init__.py b/tests/hazmat/backends/__init__.py index e69de29b..2f420574 100644 --- a/tests/hazmat/backends/__init__.py +++ b/tests/hazmat/backends/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 7feb0c72..1062b2ba 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography import utils diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 87ef0446..31fb0a26 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography import utils diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index c6792185..599d1531 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography import utils diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py index db3d1b74..0332674b 100644 --- a/tests/hazmat/bindings/test_commoncrypto.py +++ b/tests/hazmat/bindings/test_commoncrypto.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography.hazmat.bindings.commoncrypto.binding import Binding diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index c476390b..acab22b1 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography.hazmat.bindings.openssl.binding import Binding diff --git a/tests/hazmat/primitives/__init__.py b/tests/hazmat/primitives/__init__.py index e69de29b..2f420574 100644 --- a/tests/hazmat/primitives/__init__.py +++ b/tests/hazmat/primitives/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 50cadf64..bd9625e9 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -17,9 +17,12 @@ import binascii import pytest +from cryptography.exceptions import UnsupportedInterface +from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Camellia, TripleDES, Blowfish, ARC4, CAST5 + AES, Camellia, TripleDES, Blowfish, ARC4, CAST5, IDEA ) +from cryptography.hazmat.primitives.ciphers.modes import ECB class TestAES(object): @@ -110,3 +113,20 @@ class TestARC4(object): def test_invalid_key_size(self): with pytest.raises(ValueError): ARC4(binascii.unhexlify(b"0" * 34)) + + +class TestIDEA(object): + def test_key_size(self): + cipher = IDEA(b"\x00" * 16) + assert cipher.key_size == 128 + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + IDEA(b"\x00" * 17) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + ciphers.Cipher(AES(b"AAAAAAAAAAAAAAAA"), ECB, pretend_backend) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index fc53d635..5b318f64 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,7 +20,10 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, UnsupportedHash +from cryptography.exceptions import ( + AlreadyFinalized, UnsupportedHash, UnsupportedInterface +) +from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test @@ -39,7 +42,11 @@ class TestHashContext(object): m.update(six.u("\u00FC")) def test_copy_backend_object(self): - pretend_backend = pretend.stub() + @utils.register_interface(HashBackend) + class PretendBackend(object): + pass + + pretend_backend = PretendBackend() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, @@ -171,3 +178,10 @@ class TestMD5(object): digest_size=16, block_size=64, ) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + hashes.Hash(hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index e3e2a9df..963fb69c 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -17,7 +17,9 @@ import six import pytest -from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.exceptions import ( + AlreadyFinalized, InvalidKey, UnsupportedInterface +) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF @@ -145,3 +147,10 @@ class TestHKDF(object): ) hkdf.verify(b"foo", six.u("bar")) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + HKDF(hashes.SHA256(), 16, None, None, pretend_backend) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 88bed52c..3589e6ac 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,8 +21,9 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedHash, InvalidSignature + AlreadyFinalized, UnsupportedHash, InvalidSignature, UnsupportedInterface ) +from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test @@ -52,8 +53,11 @@ class TestHMAC(object): h.update(six.u("\u00FC")) def test_copy_backend_object(self): - pretend_hmac = pretend.stub() - pretend_backend = pretend.stub(hmacs=pretend_hmac) + @utils.register_interface(HMACBackend) + class PretendBackend(object): + pass + + pretend_backend = PretendBackend() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend, @@ -104,3 +108,10 @@ class TestHMAC(object): def test_unsupported_hash(self, backend): with pytest.raises(UnsupportedHash): hmac.HMAC(b"key", UnsupportedDummyHash(), backend) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + hmac.HMAC(b"key", hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/test_idea.py b/tests/hazmat/primitives/test_idea.py new file mode 100644 index 00000000..de439259 --- /dev/null +++ b/tests/hazmat/primitives/test_idea.py @@ -0,0 +1,92 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import binascii +import os + +import pytest + +from cryptography.hazmat.primitives.ciphers import algorithms, modes + +from .utils import generate_encrypt_test +from ...utils import load_nist_vectors + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.IDEA("\x00" * 16), modes.ECB() + ), + skip_message="Does not support IDEA ECB", +) +@pytest.mark.cipher +class TestIDEAModeECB(object): + test_ECB = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-ecb.txt"], + lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))), + lambda **kwargs: modes.ECB(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.IDEA("\x00" * 16), modes.CBC("\x00" * 8) + ), + skip_message="Does not support IDEA CBC", +) +@pytest.mark.cipher +class TestIDEAModeCBC(object): + test_CBC = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-cbc.txt"], + lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)) + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.IDEA("\x00" * 16), modes.OFB("\x00" * 8) + ), + skip_message="Does not support IDEA OFB", +) +@pytest.mark.cipher +class TestIDEAModeOFB(object): + test_OFB = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-ofb.txt"], + lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)) + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.IDEA("\x00" * 16), modes.CFB("\x00" * 8) + ), + skip_message="Does not support IDEA CFB", +) +@pytest.mark.cipher +class TestIDEAModeCFB(object): + test_CFB = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-cfb.txt"], + lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)) + ) diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py index 6a2b6243..932cef1e 100644 --- a/tests/hazmat/primitives/test_padding.py +++ b/tests/hazmat/primitives/test_padding.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest import six diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index f895935b..bf1e7f14 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,7 +18,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized + InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface ) from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC @@ -67,3 +67,10 @@ class TestPBKDF2HMAC(object): kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) with pytest.raises(TypeError): kdf.derive(six.u("unicode here")) + + +def test_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, pretend_backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 79323265..0e88bb7f 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -21,9 +21,9 @@ import os import pytest from cryptography import exceptions, utils +from cryptography.exceptions import UnsupportedInterface from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import rsa -from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives.asymmetric import rsa, padding from ...utils import load_pkcs1_vectors, load_vectors_from_file @@ -385,6 +385,13 @@ class TestRSA(object): rsa.RSAPublicKey(public_exponent=6, modulus=15) +def test_rsa_generate_invalid_backend(): + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + + @pytest.mark.rsa class TestRSASignature(object): @pytest.mark.parametrize( @@ -444,6 +451,14 @@ class TestRSASignature(object): with pytest.raises(TypeError): private_key.signer("notpadding", hashes.SHA1(), backend) + def test_rsa_signer_invalid_backend(self, backend): + pretend_backend = object() + private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + + with pytest.raises(UnsupportedInterface): + private_key.signer( + padding.PKCS1v15(), hashes.SHA256, pretend_backend) + @pytest.mark.rsa class TestRSAVerification(object): @@ -558,3 +573,39 @@ class TestRSAVerification(object): public_key = private_key.public_key() with pytest.raises(TypeError): public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend) + + def test_rsa_verifier_invalid_backend(self, backend): + pretend_backend = object() + private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + public_key = private_key.public_key() + + with pytest.raises(UnsupportedInterface): + public_key.verifier( + b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) + + +class TestMGF1(object): + def test_invalid_hash_algorithm(self): + with pytest.raises(TypeError): + padding.MGF1(b"not_a_hash", 0) + + def test_invalid_salt_length_not_integer(self): + with pytest.raises(TypeError): + padding.MGF1(hashes.SHA1(), b"not_a_length") + + def test_invalid_salt_length_negative_integer(self): + with pytest.raises(ValueError): + padding.MGF1(hashes.SHA1(), -1) + + def test_valid_mgf1_parameters(self): + algorithm = hashes.SHA1() + salt_length = algorithm.digest_size + mgf = padding.MGF1(algorithm, salt_length) + assert mgf._algorithm == algorithm + assert mgf._salt_length == salt_length + + def test_valid_mgf1_parameters_maximum(self): + algorithm = hashes.SHA1() + mgf = padding.MGF1(algorithm, padding.MGF1.MAX_LENGTH) + assert mgf._algorithm == algorithm + assert mgf._salt_length == padding.MGF1.MAX_LENGTH diff --git a/tests/hazmat/primitives/twofactor/__init__.py b/tests/hazmat/primitives/twofactor/__init__.py index e69de29b..2f420574 100644 --- a/tests/hazmat/primitives/twofactor/__init__.py +++ b/tests/hazmat/primitives/twofactor/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 0f8c4a53..548c6264 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -11,11 +11,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import os import pytest -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives.twofactor.hotp import HOTP from cryptography.hazmat.primitives import hashes from tests.utils import load_vectors_from_file, load_nist_vectors @@ -93,3 +95,12 @@ class TestHOTP(object): with pytest.raises(TypeError): HOTP(secret, b"foo", SHA1(), backend) + + +def test_invalid_backend(): + secret = b"12345678901234567890" + + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + HOTP(secret, 8, hashes.SHA1(), pretend_backend) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index a4a108bc..294c19ab 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -11,9 +11,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest -from cryptography.exceptions import InvalidToken +from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP from tests.utils import load_vectors_from_file, load_nist_vectors @@ -127,3 +129,12 @@ class TestTOTP(object): totp = TOTP(secret, 8, hashes.SHA1(), 30, backend) assert totp.generate(time) == b"94287082" + + +def test_invalid_backend(): + secret = b"12345678901234567890" + + pretend_backend = object() + + with pytest.raises(UnsupportedInterface): + TOTP(secret, 8, hashes.SHA1(), 30, pretend_backend) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 5a8dc3ab..f0a00319 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -1,3 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + import binascii import os diff --git a/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cbc.txt b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cbc.txt new file mode 100644 index 00000000..dac78c23 --- /dev/null +++ b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cbc.txt @@ -0,0 +1,124 @@ +# IDEA CBC vectors built for https://github.com/pyca/cryptography +# Derived from the AESVS MMT test data for CBC +# Verified against Botan +# Key Length : 128 + +COUNT = 0 +KEY = 1f8e4973953f3fb0bd6b16662e9a3c17 +IV = 2fe2b333ceda8f98 +PLAINTEXT = 45cf12964fc824ab76616ae2f4bf0822 +CIPHERTEXT = 2cb10d22ac22a375c0021ab6732936c1 + +COUNT = 1 +KEY = 0700d603a1c514e46b6191ba430a3a0c +IV = aad1583cd91365e3 +PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91 +CIPHERTEXT = 4af8370c69ae4e45cc5a395e790272d5a5a0895dee1f336f0067963bd9ed55c7 + +COUNT = 2 +KEY = 3348aa51e9a45c2dbe33ccc47f96e8de +IV = 19153c673160df2b +PLAINTEXT = 9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599 +CIPHERTEXT = 09738cbc8c7764dd63206892eca29fbc3a67f7fe44ded6b128a0350426776ea71d0c9a1b6d627e1e3d014837dd82f11a + +COUNT = 3 +KEY = b7f3c9576e12dd0db63e8f8fac2b9a39 +IV = c80f095d8bb1a060 +PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e +CIPHERTEXT = 956c2993f77485da8f50b09ea7aa532f7c0aa1f63af0ac998680514a16c99d143261f7434f9a9c0fcb26a02175fde4b4093e1efe672cfe12509cf3d455c3ab01 + +COUNT = 4 +KEY = b6f9afbfe5a1562bba1368fc72ac9d9c +IV = 3f9d5ebe250ee7ce +PLAINTEXT = db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1 +CIPHERTEXT = 3831f1265df609c006a15c2b963465e8a0d77bbec6e6d332f0b384479f0f34d2a7ed722607e077170a97ca9cdf526602972823c562c87187b8dc5f5d7de27a80c58bcaa95f5f7cae9c5b70938bb7de9f + +COUNT = 5 +KEY = bbe7b7ba07124ff1ae7c3416fe8b465e +IV = 7f65b5ee3630bed6 +PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187 +CIPHERTEXT = 5ee0a43a2dd9d14eee83d99e51598870a3b4221f28a2eb77b3612fec3c92037ff9eccab303d225d89f313a8894d1de97f3e87a93684290a17622766eda764308e1abe6153f638a3e8e1e6e0f36cca66ee06fa21457266c4291d8456fa84aaa09 + +COUNT = 6 +KEY = 89a553730433f7e6d67d16d373bd5360 +IV = f724558db3433a52 +PLAINTEXT = 807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625 +CIPHERTEXT = 1c1fa2b32f704963913dd890dc5504d9a4562587f60e15dcf5351bc89ebf4467679ba38d6febb3063745c88e53c4e2866b7fdfe0916cb6196da3f96d0d69dd605d603a80e8da4782f6458f65a0ab55541a0cdac68095b4835ffa0d119cf5d4e40dbf19731cddcfd57cb5cf6250abfa0d + +COUNT = 7 +KEY = c491ca31f91708458e29a925ec558d78 +IV = 9ef934946e5cd0ae +PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d +CIPHERTEXT = 5b15322d02a4de6ee0847b029fa88eb39db00697113260bb5834128ed2201ec2c5e22f50bd274b5ae8dc24e4b721c3e5cb905d96595c869ca1db7cbe6389c8553b36f635a1fbbece6b1aba3ba9d0c6cb361aeb5708b61b99a2812b23f16ca0bc602f5dcb77a1eec677399a47b6ce5f9ebb90c32b2ff3c181a0ebcde94c46ff41 + +COUNT = 8 +KEY = f6e87d71b0104d6eb06a68dc6a71f498 +IV = 1c245f26195b76eb +PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729 +CIPHERTEXT = c2725ddb784b9cffe46543af4ac9f0e64edcd1678f26b3ee652af6d00ae164f7c07afd0fb773277401c2137070a6a59e39de429c032711756ce6b0c9b9dc69a0a1caaabff9da5855f7410656f8e09e00cee6f44c0fc93f9419d13ccfe63517a1c74afc3dabfd1b43171bfe097cf28ca5674fbd0fa58b0698289a92eb57cf1ff74b1d756ff113252a379f2bae8dd9cd3d + +COUNT = 9 +KEY = 2c14413751c31e2730570ba3361c786b +IV = 1dbbeb2f19abb448 +PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f +CIPHERTEXT = d9ab48c7195d8dd8860860688b8b66a74b3798a97647d8106352d1e3d8bb6c353e2e561478d396fb432ab07392f5fdd39d610c8e046ffc5fe5eb8736ce87f43a05ec4f4bfb0142a1d32fde8bea7af6b9e22a3fe3823a979f73cd4f4eacc145e5e043dd1a3e2183d0ae3a1aa5d8fe78d9dd867c4bd54ab149bfaefc66647f8948881f712ed7b1eabdab62b71caea6f0face592ab5fcb668752bfa7cbc39a00d05 + +COUNT = 10 +KEY = 6a7082cf8cda13eff48c8158dda206ae +IV = bd4172934078c201 +PLAINTEXT = 940bc76d61e2c49dddd5df7f37fcf105 +CIPHERTEXT = 05a31cd129886c6458ec0739472556de + +COUNT = 11 +KEY = 625eefa18a4756454e218d8bfed56e36 +IV = 73d9d0e27c2ec568 +PLAINTEXT = 360dc1896ce601dfb2a949250067aad96737847a4580ede2654a329b842fe81e +CIPHERTEXT = b046b49207973f946668d49d3cd93a13bc9cf50bab20f40cca024e2fc3dd17ea + +COUNT = 12 +KEY = fd6e0b954ae2e3b723d6c9fcae6ab09b +IV = f08b65c9f4dd9500 +PLAINTEXT = a206385945b21f812a9475f47fddbb7fbdda958a8d14c0dbcdaec36e8b28f1f6ececa1ceae4ce17721d162c1d42a66c1 +CIPHERTEXT = c25cbe4acc9e6909ed195e257a5f28beb77ceb614c538ef531b18778bbbfe1d25d70e4c9b37c4d1d9cde4361206f6173 + +COUNT = 13 +KEY = 7b1ab9144b0239315cd5eec6c75663bd +IV = 0b1e74f45c17ff30 +PLAINTEXT = b968aeb199ad6b3c8e01f26c2edad444538c78bfa36ed68ca76123b8cdce615a01f6112bb80bfc3f17490578fb1f909a52e162637b062db04efee291a1f1af60 +CIPHERTEXT = 08186d727f2bf0eee50e52f98775ae222b67b037f40f8a803aa6196fb200ee45a5183ccd4942677d4abe617a6c41c9c565dd79d44de12d9291f434939639e59c + +COUNT = 14 +KEY = 36466b6bd25ea3857ea42f0cac1919b1 +IV = 7186fb6bdfa98a16 +PLAINTEXT = 999983467c47bb1d66d7327ab5c58f61ddb09b93bd2460cb78cbc12b5fa1ea0c5f759ccc5e478697687012ff4673f6e61eecaeda0ccad2d674d3098c7d17f887b62b56f56b03b4d055bf3a4460e83efa +CIPHERTEXT = 0b13ebbec3b66a240dc11cecb1b3a6d5cf2770d529f852a405da596170fa6067a28f07f41c9d520b6d7c3163395dbe875995809f24a4243e0e80e735d3d92307e07775300e10ee57ab916a043c29d3cc + +COUNT = 15 +KEY = 89373ee6e28397640d5082eed4123239 +IV = 1a74d7c859672c80 +PLAINTEXT = 45efd00daa4cdc8273ef785cae9e944a7664a2391e1e2c449f475acec0124bbc22944331678617408a1702917971f4654310ffb9229bec6173715ae512d37f93aaa6abf009f7e30d65669d1db0366b5bce4c7b00f871014f5753744a1878dc57 +CIPHERTEXT = d3ed4e4fc32dc0342ec301817899967f3a47737e2691fecf6799fa9c8d41362107be6fa674320befc87ccf9fecbf03dec5be160433f450bfd89d8fc3312232efae95661ee55f10eb2a52f9590c4d7e2c656f6779f6f677190c7349273daebab4 + +COUNT = 16 +KEY = bab0cceddc0abd63e3f82e9fbff7b8aa +IV = 68b9140f300490c5 +PLAINTEXT = c5585ff215bbb73ba5393440852fb199436de0d15e55c631f877670aa3eda9f672eb1f876f09544e63558436b8928000db2f02a5ad90f95b05ac4cf49e198e617e7678480fdf0efacc6aae691271e6cdd3541ebf719a1ccaedb24e2f80f92455dd5910cb5086b0960a3942ec182dcbd7 +CIPHERTEXT = 7ca59cefd0c1f0190af2c8b85d00b7e5838aee42274f26cf08fd0b4ae539c1966367960b0600425e50c802dc94427f0ccf713de467a61319ce05d23c5a5db4d43ac0b0762b2f6ad9e7076df190c50f41788a02317ecfb2e59c42b31c151f9c93f4b1cac3c37e2aafa00ba2d27dbf6b63 + +COUNT = 17 +KEY = 9c702898efa44557b29ed283f5bc0293 +IV = cec6e1b82e8b2a59 +PLAINTEXT = 1d1f8d81bdc3e2c7cb057f408e6450000c5aaed3260ff1e87fbb6f324df6887ffd8f78d7e2a04c9ed9deda9d64482d2b002f4a2b78d8b4f691875c8295d4a64b22257ceaf713ed2f4b92530d7ad7151d629acda882b4829577a43990b0948c1149c22fe4273656d1b08833930e8b06709a94579a78fc220f7057bbc1fa9f6563 +CIPHERTEXT = 41bc04fb50553959c10d20550d54280f56b33e988b674dee1112631d18d6f79efe3067d8133bdc8ce334929537d9d19a9f5e05f626e56b45daab02fa58a027a759573f363d995e2a5fc779476bf009accc44435c044d481acf9c8c3228b9a69052ef228d64640ca4dd19352ce6257bc5658084f96fdc99790b676a0556f92c51 + +COUNT = 18 +KEY = 5674636dbdb38f705f0b08c372ef4785 +IV = 3f20ce0509b57420 +PLAINTEXT = 6d40fd2f908f48ce19241b6b278b1b1676dffd4a97ce9f8a1574c33bc59237deb536bee376fd6c381e6987700e39283aa111cf1a59f26fae6fb6700bf012646a2ab80239bf5e1632329043aa87d7911978b36523a2bc0bed9a9737ccf7a00baa2f3822b4e9e742e168e7069290705fed2eb63aa044b78f97dd33a8d6b24741ec1fd8c8db79d93b884e762dba0f406961 +CIPHERTEXT = 52392c00281497aea7e057bd31ee71ad818674c2dd10782e395f9a59ca7b191331cb8576f0f38db240fef904d52ca9181f309e43525e5f2f2a9dc2083360cdef4bd92f61d0b54c1955429df1f3dea48edce637f33c94ce8bd1bd2dbcaa929f3a1d184753238794c585e81cfe5ade7fe86ece0d6a196d8db0282cbadc40913c3973e0c1437ab94cd59370504e9fbc5511 + +COUNT = 19 +KEY = 97a1025529b9925e25bbe78770ca2f99 +IV = d4b4eab92aa9637e +PLAINTEXT = e8b89150d8438bf5b17449d6ed26bd72127e10e4aa57cad85283e8359e089208e84921649f5b60ea21f7867cbc9620560c4c6238db021216db453c9943f1f1a60546173daef2557c3cdd855031b353d4bf176f28439e48785c37d38f270aa4a6faad2baabcb0c0b2d1dd5322937498ce803ba1148440a52e227ddba4872fe4d81d2d76a939d24755adb8a7b8452ceed2d179e1a5848f316f5c016300a390bfa7 +CIPHERTEXT = 0100f7adc870bedd878236fa1d6c23b5a0343546a18567b80ce4d8413854aa1e1633e8ef3c4ed53e90de2a4f11940ea6b6d59321235a6b08aba07339c9b645796729d8c18e23f0ce9e8010f0b3da765a47cbbf9635a40b0f3e56e76748290f83fdf8d1452f91d6ca2cc6d1ab2b967d51f3a9a47e0f0a51d00be2eec0f3da2aa7c06793fda880a93284e7ab3009a52f7d34b76592b3d5bdbe6332505af816a1a4 diff --git a/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cfb.txt b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cfb.txt new file mode 100644 index 00000000..090b6a3c --- /dev/null +++ b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cfb.txt @@ -0,0 +1,124 @@ +# IDEA CFB vectors built for https://github.com/pyca/cryptography +# Derived from the AESVS MMT test data for CFB128 +# Verified against Botan +# Key Length : 128 + +COUNT = 0 +KEY = 085b8af6788fa6bc1a0b47dcf50fbd35 +IV = 58cb2b12bb52c6f1 +PLAINTEXT = 4b5a872260293312eea1a570fd39c788 +CIPHERTEXT = 5d9c48bf7dc115f28e153dc93dfcff96 + +COUNT = 1 +KEY = 701ccc4c0e36e512ce077f5af6ccb957 +IV = 5337ddeaf89a00dd +PLAINTEXT = cc1172f2f80866d0768b25f70fcf6361aab7c627c8488f97525d7d88949beeea +CIPHERTEXT = 4ec6f34be3335024cbfbbf80f3e7501b8c9f7a6cbd630cf8debba4a4c3f1daa4 + +COUNT = 2 +KEY = 0a8e8876c96cddf3223069002002c99f +IV = b125a20ecd79e8b5 +PLAINTEXT = 4fd0ecac65bfd321c88ebca0daea35d2b061205d696aab08bea68320db65451a6d6c3679fdf633f37cf8ebcf1fa94b91 +CIPHERTEXT = a562b606f716af7fd9641b5ebc66e4cad7e9422200a83b07e5341814b33590d26dba38db01c19bac669dc469f4c2eb9b + +COUNT = 3 +KEY = b9ba9fa32cc491d8ac2beb5f99193d57 +IV = 95511452b71e53e9 +PLAINTEXT = b40382705aaeea41097c309da6cd06010f15e09c0130fa4b3af69cc8da109d1f0f0a2661f1a8b89bab7e7009dcbb8a883d46254a830c45cd87981e0ea4e490fa +CIPHERTEXT = 5294eb7f0f7872e20a2012675a1fbcb059a9c2bec5231dfe72e6dd7826b86af365b6beb33a23ebfec6184e790d3002b8ff81eedd84b73edc3ac539230e23c65b + +COUNT = 4 +KEY = 5947bbd78b06bb5ea2fc67ed7b24216e +IV = 8e4722ad2230b15f +PLAINTEXT = 9e69423653c20c982794ed35d63c1a78e8ac14f37e1888ae4bf273bfe119891b2e4ed8ac46e7a9a463c7a710298d43b02f0c5606bcfc08adceeef2ec61867f8bede498e53163803f2f86fc58782fb841 +CIPHERTEXT = 4fb93afc260b40f575f1fe95609737f158c61c40f23b13845cda507f5baf20c31c3d3c85726fbb0b89751498ef29f123fe0767fc550e71e38e0db5d52b507f7e2321a37bc0959410ffb785bcdaede128 + +COUNT = 5 +KEY = abce650e78f969b3b210151c74117fd2 +IV = bc4659fbb7073c1f +PLAINTEXT = 322eae07df5ad2ddd64bba34e42d30c1b884f842e71efa123345a3fb0c39884c57dd4c2c6fb0c42e69ff5a269d59af3a6144853c182edb376ca65947d7ccefae6806ba25c4f527706ba85a353c0fd10e3cb244dd93a2d060d7b055058dde1dff +CIPHERTEXT = 800a13afd1ccd50aaada08a18ed61674aa9b9cc84d6fe1220bc0acc19f973ad5414da099359ef259b2d63e8b1e5cc0ba6258ab48f1603252199f7631a513330fcbf383d8de82a6b2a2c2870f8c06a635076c40c8f98dbc35f09f372db8fd3834 + +COUNT = 6 +KEY = 9f56e19b09dd3fee0e110f71e9967b7a +IV = 1155cf4231bf7ac5 +PLAINTEXT = ad1e4d3162a5084f581117639a13fc35df5449625ffe0f01e57d9a8726875be8515926ffe7449e30cd69ed4ca0c1b8b4486051c2d0fa2f6474a69c0afce2aec349d778a22edf81678145765b714c1b7c197287da56f59141d6978618729e1d89be20ace3de7d9b3c9b2d195ab6bc0fd4 +CIPHERTEXT = 4dc8bbf26235b8858157cf03165ce61bdb25f3a2773b27db0c5e23dd14f7c4971f8b8ca65f61ef6ed7f348da0201d1e6ac2c45d431a31116ca89beb0e503f0c078848e5f982981406d0d72a46cc9e48da09cd5fca0aa8b97b8120f798a1f6f8316e677023028b219d844619e269608ff + +COUNT = 7 +KEY = 31c485c996d6ceb2d17e0aa05b2490e4 +IV = 8c37f33405051b4c +PLAINTEXT = ac68de6a2c2144c6b4fd975a8dec93447391e7c9a4fde63d36be7f23ad186f96cd92b5e8adb546880d100329e97fe8204fad860e6dd8b3c0eed4805387536b9ccc63d6c74938b83dce2c93cc0a04a6025b7563d9e5e7239ae27819fb3844848a51e4294f273401ad9e592f8a170334b042f0667233b29f92b9b13262eb73232a +CIPHERTEXT = 1777835b641860aae245fe67750d514ba3f0ebd1c9a1179f258999cf5e1a6f850db6dc5cb3088cb262fe5086ca4b75be1cf4ad8d795c99a6d392da940c41a190d0eb38c3ea6b54c771a382d0969b2f1975c9e6d22f4c651eab379302e656d3d316424fda315128462c49364cdac824673883b06ac67781f1ca7c80b5cad92e97 + +COUNT = 8 +KEY = 556ccfa360ecb5025032dddb124cad4d +IV = d54c6fdcc85dc0a2 +PLAINTEXT = 71fbf180effac3dca0d69d40e4017dbe50455396f9fb6507ef7df26507de156cded8edd41a05fb25f352cbcdf3b2d770f90fa87f84863e0c2ed3b2dd770a1abfc489ad1ca82a28d061bd7039a6b5788da021657136def0c78d0b0cc7cfbec9512cf579811fd01185f3fdd2ab857328be4b63d293956b43df130e484b9861eccb1d06992b095e7febb0fb394c1954aeab +CIPHERTEXT = 9ceb25ce05eeee39452995468321c2b73c39f60082d7c91d129304f5802d3e559c099ccb00aeab4e274d47397268ab7367d055a336a52dd314402e2accb0925372028157a3ef60bd97427855117379bd70e05a3cbafe9acfc19e5ce78262011d1f2dfa1e67ec214469fab9a9e1a92e2591acfcfbb2376559433de491217260996637856930b57cec36f3f091940370a3 + +COUNT = 9 +KEY = 7cb81fc4b203b0fa9bec49759bd515c2 +IV = 4d5e2fa3bf73f488 +PLAINTEXT = 362789b376d85eb8181d4eeea52d42e873ce7741c11a2f820383a7457b15489b09fb21ac4445959dc9e851b7d40682c50d7044bda46a5da39fae2bab73b3db9ed22edc7ec5da936dfa7451cb5f0a829ff0762738cc2686148f1e1f00dc3fe38139c9a173201fc1f052ca34736fc1ab3dc4e707f864d6119b7adb6c8ddd41c80de5d357d17e9c85ed7af1e4f72cb2656932ccce469202680109eef89a9f42f10a +CIPHERTEXT = e0456318fb7a2318181f4b847e3952cdc5f09e6f12631a89d7d86c108a9d14e49368bdc65366cf4c42c98e31641bb63439314010bafb88f83a300f8ca107e95d689738f29ce399348a8418baa2cc57b935640d574ea7b2f0205b62a68b0c7aca3c58f3181c5892c21036acdb241d933e1bd05e764fe8297131b9c7c7a99d2aa202f07312b4d48df43b973cf51b9fbc895284a304dc7eabde4eafa58325b984e4 + +COUNT = 10 +KEY = beb622d0228cde29b342bbcf4c1c83b4 +IV = 75c282fa581d9c67 +PLAINTEXT = 860476c81685b58e71e2599efe083ce5 +CIPHERTEXT = 1a68dff188262ef7525fe051199fb940 + +COUNT = 11 +KEY = c4666081e0b0eddb10a9a607c807378f +IV = 5f23623288e4a41b +PLAINTEXT = 2fd02dab9054248073ebc0b07aed383756ccfa4fa6298722775be6a9b4ed27a5 +CIPHERTEXT = eb5d94d1d12b97ae3814ddf3b9c8c9aab689ce912334b3054f14e8082334cd1c + +COUNT = 12 +KEY = df010376a6b03279338773a70e012382 +IV = 67455decec549365 +PLAINTEXT = 9b9c3dea553ec235db0011b27191544171845b7bdda0dc04a089583959bba5ab7048f8ca87eab073a8b824fdd4e82e40 +CIPHERTEXT = bbe775751f4b704f3cb0dbb43441111675f63c54668d34c1fc50d3a6c428217a009a167d9162f4d93dca391979002164 + +COUNT = 13 +KEY = ff01aa4f7106c6bd24399076f901a530 +IV = 089b4f6054eeeef7 +PLAINTEXT = ae9cb9dfa305af83e95a3b2099f70907edcd49fbc6efc5ebe744184c76b4f56bf35774f3fe215e1c8ee42172a2dd3e6f9ccd3d9bb044325e61a6bb97e48e9986 +CIPHERTEXT = e1ad6de3d5ed15b7fd560482478f5e5e7673657eab175e03d71cb1f80d8e476e7b976c4b0a6c2a6a2d5fd2b20f4f6cc8b56b46adb9a97db56deba7e9d2b8d817 + +COUNT = 14 +KEY = d33d4062ab32298eafcca86b5088d5fd +IV = fcfffce8b020240f +PLAINTEXT = 1fe1318adb99e6d4fced292902fe8c831ba488a43f85964d6ff54b322663b380bc99fed15568278cfe1d0af795c71355bf65e876855763655eec3abf3d4b27a0341d607f4bfbd82c8900fd436f7c4186 +CIPHERTEXT = 5424e2c3d2e00cf2ccefd1ee8ae552ef8122c2bda3624b3e4cbfb23abc309e103e485a8ff677a5ad908ffc72b9e70b4ccf0794a3be537aadd59a30bf5905fa6702d0ba12238f705c20884443ba921c91 + +COUNT = 15 +KEY = 47e13544a7bbf74dd68ab5ce66e5bdaa +IV = 69480b4dd38cf3b4 +PLAINTEXT = 3e2e583a3a0389ca324f2aaa52b7823904ab288dae562995cf1d70c796d785fd361261434eea480ceb3d369d969652c7ff194931c0a9bd978f5ae4094d6ef32d986a092c580ccbf865e5095a7b80559be13f842f9bea9e42a3a01ef8a24a6526 +CIPHERTEXT = 50d3ec47a14c6ac19dc5c8820520c8265e4e0265816e753792ef759ff523aceb904a02e8b10259c9e1d019bb684417f05e431e02541adaec98d725fd1bf11365fca4b97d7c0bfd8294bcc9d72f235899ee7c110dc4ca53fd4974d0cd20055834 + +COUNT = 16 +KEY = ae86823695b48e8c612ae5a01b597f97 +IV = b26eef7b1d14894c +PLAINTEXT = 569a910bc6aa97b8939ca703fc10ce0d171625bc735a1fea7148650541109d955b1b686c6cc404b2d3d92ad9faaff217dc7b31b038b770959aeccd1ca55d650364fde51df8d4f0aeb05fa364f5028f709c179ca6df0bdfc1cb850f238d755ac44a733fce558402be0c70bc0871b8e62f +CIPHERTEXT = d0dc50553bbc0248e6f8b1d5f7c31aa93fda2addb2cd184a13d0adeb7f2ef8f611d92479bd8b61cf029b406f09921a972f2f0e14a3d790256cff4e812c40b822821c71ba6cb21a3a2c1b463f598d1d5a626d5c9fb85f0aafa1f6bf18aef0db18c9872c0e8588e9646f237be9f32a7550 + +COUNT = 17 +KEY = b85df29c9244229835d73441dc37555e +IV = c1375430efedb2d3 +PLAINTEXT = c232a0bbf967ef28b74e7b809c62bc8c1cf2d52a273a84162900da834448fd567870471498f29770619dec504922e379eaba0d3a712602583d00279d8fc6a6d568cb94a330039a189ed5802abb7a2898c13ef89c00d73fca9a2f2ffc2107ab498212c56835c0fc26f835a69c00bb3eaa695ac20e8bdb0f5b5b6684d02bee8fb2 +CIPHERTEXT = 935458de3bc1a090a7a85eb79a12a3e48defcae8581c59233ce0b2a8b7ad999a99d1858e5e513680a9cb7558b0706ec0be122a33964c4c6d4c880b4e953810ae111f6d3f8e89e8b3a708b199ce6a7476f177fea627eca43439df5c98a414dd8dde088cc380bc10e43a9341114787fa80c7dae515d6a21af4f2d3619a200b9ca0 + +COUNT = 18 +KEY = e96771f5f20a89ee871261d2d18e1e46 +IV = 8c664a37d245d26c +PLAINTEXT = 8aaafd56c5d5d54fbe16f115c3216bd1f4376666931a2ef1ffc5468ad12150c39250dca2d63c6ea166bb0ef4aaa3d5849c1f9c621c55826a1ca362f03bcba4dcbd654b300d16519710130e5360bd949aaded6a648f96dd8937a77287d4a4ac2941729475b635b9797476b4dca4171787ff15882d3b4872ed0999a7546dbb61698e8348f70e4a14981a78156150484532 +CIPHERTEXT = d357c276cc6961fa627b0edf66ec8e5baf035cf19980e53d6be5f3e5fa67de668bc1e27ef04cd2efc216783c4b955f8072af265aa96cc99dcf53ab3ab0fa024efca1087f0851a6b392f4aef1ac946fdd0fc1320a395df4d3ce596332aa5a0628b5f8e2aac4cf677a4b3d804a1503bfc879040f90b3a0530f49eb3d8c67d1cb00dad36f6f3a98328984258eae6fab1e6b + +COUNT = 19 +KEY = aef49da33f538ee66e178d4b6121055d +IV = 842566e68b61ff7b +PLAINTEXT = 415991f65e1a95040cef9960556f61e617827c30c74bf353cdd86173dbe4cc983a2ee6bc8ca6cfb71121e7b0d0178f2e13445c710dcc176b781201971171f7489f18faf110f39accd1cf08c85a958d7698b116f1c0d75812ac9b0b39aee7f7159ccad8fdae9b99f2d695eacf12c6469d5b51a34de26eac73613dcb2f77122cb1f8dd5162786a12052dc7b6dea6acc4989dcc7eafd9374f6c29697c74749ef16d +CIPHERTEXT = 11690969c6b2bf0f1c42a42d44049062c885499eadcb350e81d22c6caf7d499502e706ca3137e3a5d8cfb56354003aa8a1fb3c30767d6f8e5255b4e31c3325924b95494144fb02c257995e2e59f9017d5a32e1d2bf285bf404554dd6bf7077ba1d48d0c08ebe10ad110e66148b17d43f341d72da027033cd0b75bb3ca3a046557b39bed024e9ff5b08725d357ed22aede4a33dfcc4b61b34ba0d32230e572f6f diff --git a/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-ofb.txt b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-ofb.txt new file mode 100644 index 00000000..c3d02a77 --- /dev/null +++ b/tests/hazmat/primitives/vectors/ciphers/IDEA/idea-ofb.txt @@ -0,0 +1,124 @@ +# IDEA OFB vectors built for https://github.com/pyca/cryptography +# Derived from the AESVS MMT test data for OFB +# Verified against Botan +# Key Length : 128 + +COUNT = 0 +KEY = d7d57bd847154af9722a8df096e61a42 +IV = fdde201c91e401d9 +PLAINTEXT = 81883f22165282ba6a442a8dd2a768d4 +CIPHERTEXT = 770e7b0eacc089b7eef410d98d886e9e + +COUNT = 1 +KEY = c9f4ce21b4c7daaa4f93e292dc605bc5 +IV = 5e5a8cf2808c720e +PLAINTEXT = 8e19c5cacd015a662e7f40cdecadbf79a68081c06d9544b41c2dd248e77633b4 +CIPHERTEXT = 7debe39a58066a7994150d910060b127582de612ff58f9564a92ab45591bec49 + +COUNT = 2 +KEY = 7a70cc6b261eeccb05c57117d5763197 +IV = bb7b9667fbd76d5e +PLAINTEXT = 823cbaae3760c85512a3c83fd60bb54b7cfc739b295b63e05ef435d86e19fd15368c89ff08a0f21ce89a728ffb5d75df +CIPHERTEXT = ab6e0f15cedf272c78fbc7fadcc4ba1ded256668b9bc8302dc3312c0149e656e8fea632b8e20f5ae8675106d7761a366 + +COUNT = 3 +KEY = 85dbd5a6e73681a51a4a7d4e93ca7d0c +IV = 89d897c5aa9e0a5d +PLAINTEXT = e3dbfc6ae1a879870fd22644c8135fe063355dfc0a8dad45c9c6e052e6e085cf717754dc1b49acb04cf340826ffb0da991138f022a9c34923a6a116c98c7d3d5 +CIPHERTEXT = f2175634137d76347f4cd8f44a00282f6144dfc0cde4929457f8f180f62aabd180249d4568405d9d596be34802ded7d2e390d77384677c45575eb6865cca7cb2 + +COUNT = 4 +KEY = 18b9887a34438fb2e759027e54e334b6 +IV = a5be8621e58dae32 +PLAINTEXT = 8cd659df925950b516f737fc92d2fafa008c008c9dfe0e75ed2d68f6ff79399ff2183464b8c37cf31aafc145fcbfac73e3f87eccb435f424bf1c6d6efb504e8e93e8a668a2210e3d3b4fd437ad1a5842 +CIPHERTEXT = b5241fefa40b2f9f015387b0e648843e35549d891702d66c1bf440aeb07432e3299badcc1d56b9ca8c45abcd677cfda10de93e2f3b05b2da1086e4070301989eac95cd7ed311b7de208bf66a59f64d1f + +COUNT = 5 +KEY = da52c0e4609e82ee926174a9eaf90b08 +IV = f2d0c5e86b4ddb40 +PLAINTEXT = 91d6c95a614cf85de16eeabe5976c2a2a9d307042f79a7aaeb7c3c57e1dd8d43bfa458c8c02e4f5ed0c960c9f17e3991dd2e0cb3ede18f96395a484001ef07ca4c97b411ce454aaf0f74242aca03786a93442171bd50a1467b9d663245d24c2f +CIPHERTEXT = f0decc26c48676592200ae619f0b5111d629733f23a34ce888c862e9ae0886b5e8f93e2c2832d3cde6cccc5499801e7b8790b61e8a13add9da593981e8ba4ec08e46226eb77f8fb40105e040c7a5d84e4df6ee05f3e29832f80db65bc03fd4b6 + +COUNT = 6 +KEY = 56d6f7e2a870b92d55ff8d6e9c554d2a +IV = b512f0e11e27fd1a +PLAINTEXT = e62cdeac43667749701314c546f778a4c758e4f55760e7d729c3783cf7a242edf6ae3fcf0990886434896c945455bfae0e5674aa06ee6fb1512d94df2cac2447eeb849373bb3efbe7bb8d66c8a7ee559b17fc268d6599fcdef7457cdbde5b9c5b692236e4397545f2be97bd44f3993ad +CIPHERTEXT = b0464ff22110d71452ab1b6c8064b706268a2d849607c734ae20c1d4f55c2b98a4abb7db1759205cd0f870f6dfbc7d4fdd72e60c4e9a4143dc76408340dd6d2c6ce86381511930997a304cf890eec337176c95b834186a9191fbb17b8548e3dc7b10c8b7cb8d0b6bbb26ceac0111477c + +COUNT = 7 +KEY = 09f216ff78dfe419dfcef1a855473414 +IV = 722174c892d26529 +PLAINTEXT = 11f435e7e3656fcfa8e0df230311ca21054e84e13c8590e7ec7309f59c174022d467a7302641ee1b6ba46bee4f20bfda108bb78982f670b057dfbfe49da9cfae88490ce17241402b20d2fceb476d3a424e6c406d56ffc85278695d584d6c087cb4012ca2cf4daf284fd15ac1f2e183814957e934bf88dff4d777adfbb54933b5 +CIPHERTEXT = 59cb49f6193b7a8c728049be0a804b3a2ea9c0dfbe84f82b5b0439e33e073168f90053094c37ab3ce34b7abfb6386b23003e73e275ea2fa8da8c2acc18314ffdcd8c0512bed2472e5d82e7e27a0af1d01aecf4a14ad8bb031ad968ec0aacc9d759aa76c58c74400fed536c7482474ce23cb798cc8885713d1a32c174ef6827da + +COUNT = 8 +KEY = cde9b69eea2b6a5588457e35e0a08803 +IV = 52323b54d69a62fe +PLAINTEXT = 967798995af6f435b3a6f92bff77a11fa44d1426ae0f6e7dbafac27b123c5fc419be52c0ea412c4b3cac05ae89a4c0ce6f5e91a456b1bded5370a1234cf6f6ab5d0253507bc6f3f0573ab97585b67107dec059812323e021e341ad839ea9e3d02aeca43356add48ccef81f693ed53d32ba1c74a35e8a5f7f3115ef834f7daf9948244c4fc31f5487678d3e70fb27abb5 +CIPHERTEXT = dd12abdb3d5ec0e56565f9c9d281095cd97b8dc05f230d23ef0ed671abfe5eb9cfa9b5b7acaad4f2e00f0319de2fa90baa757b3f9f96df735233e433c0b8451dbf84465cf6d26e30198cbb1c6e100822aed49690db1638efb1a3e94039b83de7e1ab9339fa31e93440da61c4a814914c16742470428858336dd2944eaf81e2b93bb279454a4a1e02de7f82657ef32904 + +COUNT = 9 +KEY = 939aac71e337709855715a57e3a4648f +IV = 493509b56a92f140 +PLAINTEXT = 9c22efddc7de496a916d15d710de374d57478126ed64c9ad7e823e24d19bfc0cfac3dda0d1c292a3a203f35b26ad94deb20f998caf41cbdd4a08eb5d6cfb46f4ede4896b0569d72c03ec194941af95c0573cc3fe8f045ba19946b382803248f3dd4f9a454b1a3e8e1af02ea8482d637dac96a68275f4a382d3023f9df4892b9032cab9378b1cef5051d6db81226f259d1be4eb23495ac807600536b5b0481754 +CIPHERTEXT = 3ce172ca82e0a649e182b3c4bd235f55936d343810bcbb6e53f6f6934c6cae8cd54212e9acb4379c99d83c6ecb72d915400b86f984d67f394b72fcdad6eafb56298da8ede4ceea5c1cc3e54d6d6505fddb2857470184adf50b287bd3db64b73da05584f78689b6d1215a26ebf18ef83fe38970bb23346a0a6380f77afd206333821646463a9e72124bdaf8c9b3046cfb5a48db37686859f79098cb806135bea0 + +COUNT = 10 +KEY = 8368189d41eaa20d06a3a2d2a91e43f7 +IV = cf04ac0e4733952b +PLAINTEXT = 696ca57339840fb3c150e0c111d9e13e +CIPHERTEXT = 93e074da165bb361804f9183fccf09a7 + +COUNT = 11 +KEY = 5124c6fdb0856ded76afb6febdaa981e +IV = 937ebdeec379685a +PLAINTEXT = 5a5928dd09e78a21256eadb062630a3f0b47ca2376ccae314948143fff2512d4 +CIPHERTEXT = 4876980c4401aad16b3e1eabff960769a1bc8405a985dadc08282d0ff674e4f2 + +COUNT = 12 +KEY = 6a8f6487e76058bc5a126276e48fdd77 +IV = 6e75d8b8ac097614 +PLAINTEXT = 424ddc343067612fdb426920f40ab4d82e3d4f9485b07fef91617556d3093874840e8110ff375b7a68f98c471ca10acc +CIPHERTEXT = 948a59cd4ac292743708e7309b9893fbeba832a9996ecccc13a8cc17a7711f00858e5e3d04c0635371191356eb58f78d + +COUNT = 13 +KEY = 01963d44aea026b2205238454d5bb73f +IV = 9442a6e0f3a53f10 +PLAINTEXT = c54cfacd953736a2d8db0b8b63b555253a0ca6f6e05f2e918d18be95669fa85609f827d6da014add2964626670c202b195248fc986372c92adbb10c0e7c36e04 +CIPHERTEXT = 26c746d831f5f7ea08686075d0f180f52b0fcc105494943bc0179fdb01fc437ae60fe3dee725902f11fb3dbbc42184f52b1d5207c71d1e6fe0e83b3dc2767227 + +COUNT = 14 +KEY = 4ea87b0b346054c097edc5601b782870 +IV = 9a3e23333b2b2de7 +PLAINTEXT = 0c7734310c5ca82b520bf1e0a1614c7ddd0c002711ef0b239de8fa256e15b32056b992747ff3a3a310d52e9df36275d9192dad61caa16715744552c865c5ae9477a70a2c3a02a01ba176b927445094d2 +CIPHERTEXT = d5f99a34f86f6de38e10712f306add36cfef67ed3bd8dbf0cb32f5ffc1832037cba7168e2249e1c635de1577797898d2573aa6fd61e766cbd0e4e5bc87c5d85fc95dbdc78c26d51a7228515b342f94cf + +COUNT = 15 +KEY = 1956f40b2334a6546b3071f2d17f4a59 +IV = 765cfb560c46777a +PLAINTEXT = 045ad66c515d407ab73ea0c6f6ae869872342fc72956a659945454005e37c76ed07df996ffe1322840cf23843b34346a1e730ab721ddceaf362ed256054c105ed581a80c04ef22ae1b5eb8742c6e3c9c0e0e29fad211b4f40adc1520f7c6821e +CIPHERTEXT = 7b853c47f4e39a069415f5fe34f857b9b7e846b45999c12a496ce5550834cc26376a90235ae20983c31129b108ffc3cf4431bf379a5907b16c7248df9d40fa5b8e9888bd1c2a45a0812e4bcf71d40bb8a064279d5f3f214eca8bf193b6144bec + +COUNT = 16 +KEY = 4e47e1b5c1b489295d3a2bf049f4be2d +IV = 83fdf064d213df41 +PLAINTEXT = 94a7bed3b5a158e85f9e4778a7de105ff4f3b2a61c2fead82cbe949d7a4ee961a6c62949ba2c69d513d836a455b612c2fbb6ca243a0a18a853cadb6b73b600192de1d51ddf80030718b079fbb581073a06b66ba4ad524d3d09efaa59e6919bca15b2b92bd9f8c17d6e463f4ea5fd5f5e +CIPHERTEXT = 6130cd5cc68d4bd6055cca1c51281de12652e6df9ac9a24b39d5d2bb3876cc76e7e85f72efbdd9b7d55d8e1a84e17ad3292ba5bd071f39f7b373c807153a4fe553fb44872cb2a7b80d6c97f78eaea3824d501792456667f335e8f33e29f6ffe7736a5b46786c78b3cd9e8bd3498e7c4c + +COUNT = 17 +KEY = 613485e5bb84b91cdd0ca02f8d83e0bb +IV = ad8a7564f6ce8abb +PLAINTEXT = ed5068003163c424ae9a8e51e3d77684c69073a824dc4721568f7528657c3dd28d66219f398ed57105aa35cfef3ac078eab30ae0f3ed752b0e320b099ea42b156f818904c4b6c534cabde53dfa62e7b74518a8bca3f36ee85b130e8520d38c006e6adef34bbc8df56b757b500d703e5777aa545c4170404754f03dbf22c9f0d7 +CIPHERTEXT = cada42aeaf73266caa8537f853fbc710df59f6e7809ca07e6131ba41c3cd413433c3f26faf5fbceb50238e150f6d613cf4bcf79416abada400a827dcfd2320a5d19ac7ff6fd725a30ae3c739ed9f6d9495f36ce414abc338cf52e7a351de4dfa54b52660370678529dbd7c36770399ab90a44f95dd5a837dde12b28da8a06ee7 + +COUNT = 18 +KEY = 8198b36e880cf50dbf6724feaaac8688 +IV = fbaa2882a2a4acdb +PLAINTEXT = b2516a356e437513f0df83938afefbe9f9ef1ec879797997f31da96a1ea7a15d395ecdb94b7fda14cdc0b75c171784fa8832d574b64f9450c6be25dc83b93d3bbf0145a661bf4db775282b98649b64613aeedb8bb770f67cc3421ac6761e5d763c21ac2d1e729e4597ad7fca9fdc70878b26634df78cd0f36fb3b138a1357915abba4ff5f8dfaef268307022f2e23528 +CIPHERTEXT = 14ba2c1e1fc015568184c1346b09469366db7d1dc151d08a8f99ffa22115a30a5a6dd5c2d6fbd09e03134710f1902ceab86069551630d3f614e67d195a7422b2c70225c5ebbecf7fbabf8db05c21025102225cdf2093fba3bd4ba1f1674c305a99cde36e1d112467466489c4f04a55fa495b610ee616749dc5c9f7ca3eb4ee35989402a91ff0085128077eb03e5d6ac1 + +COUNT = 19 +KEY = e30b4c874c4c4f6e0cf1f8ef58e5d375 +IV = 7e26f07f8024343c +PLAINTEXT = 8ceca4dc346cfd6b15774e082db1a89497b7d85d6b5b7102e77417f7a243fafe17118b7a3bb49d1657cf61b866da395a5b3f349183a53dfa11fc0ac053bddff49dd472ee55f5e43a2f8bc785e2bc420300694919ff7bb43feb75a9cac44ece96f679e618db5d7433af12dcc7e0963ff10b45d835f9a8f42627e7f3fd5038932685965ad0e183f5955e671fc2b878dd51051eedaf85310d1e4e8f75f2decf36c7 +CIPHERTEXT = fc1991515ffef84ce1074d0f7e7ce9a2dd0b56facbaf4b5f2c617963c6df3ea9c6d1242abbab76160cc159a81e51fef33835546429b6bc026e4f091c89a8a9e0707747fc85083c776e5603ef2383c3e5e5ae493013b4940df54c9a050bc2b696f03a234fad58506b10aacbb48de0c91ef39ebe76a9e5540ec6284eed13cc17c72dad54555aed4ae60359dfa8b1c4e8bdcea6abc458dc1452a623d8f3fe13e2ae diff --git a/tests/test_fernet.py b/tests/test_fernet.py index bd4d90a5..36e87297 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import base64 import calendar import json diff --git a/tests/test_utils.py b/tests/test_utils.py index 622a6656..433dab04 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import os import textwrap @@ -21,7 +23,8 @@ import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_hash_vectors, check_for_iface, check_backend_support, - select_backends, load_pkcs1_vectors + select_backends, load_pkcs1_vectors, load_rsa_nist_vectors, + load_fips_dsa_key_pair_vectors ) @@ -1035,3 +1038,424 @@ def test_load_totp_vectors(): "secret": b"12345678901234567890", }, ] + + +def test_load_rsa_nist_vectors(): + vector_data = textwrap.dedent(""" + # SHA Algorithm selected:SHA1 SHA224 SHA256 SHA384 SHA512 + # Salt len: 20 + + [mod = 1024] + + n = bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989d + + e = 00000000000000000000000000000000000000000000000000000000000000000010001 + SHAAlg = SHA1 + Msg = 1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e + S = 682cf53c1145d22a50caa9eb1a9ba70670c5915e0fdfde6457a765de2a8fe12de97 + + SHAAlg = SHA384 + Msg = e511903c2f1bfba245467295ac95413ac4746c984c3750a728c388aa628b0ebf + S = 9c748702bbcc1f9468864cd360c8c39d007b2d8aaee833606c70f7593cf0d1519 + + [mod = 1024] + + n = 1234567890 + + e = 0010001 + + SHAAlg = SHA512 + Msg = 3456781293fab829 + S = deadbeef0000 + """).splitlines() + + vectors = load_rsa_nist_vectors(vector_data) + assert vectors == [ + { + "modulus": int("bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda" + "707a146b3b4e29989d", 16), + "public_exponent": 65537, + "algorithm": b"SHA1", + "salt_length": 20, + "msg": b"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc6" + b"11714f14e", + "s": b"682cf53c1145d22a50caa9eb1a9ba70670c5915e0fdfde6457a765de2a8" + b"fe12de97" + }, + { + "modulus": int("bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda" + "707a146b3b4e29989d", 16), + "public_exponent": 65537, + "algorithm": b"SHA384", + "salt_length": 20, + "msg": b"e511903c2f1bfba245467295ac95413ac4746c984c3750a728c388aa6" + b"28b0ebf", + "s": b"9c748702bbcc1f9468864cd360c8c39d007b2d8aaee833606c70f7593cf" + b"0d1519" + }, + { + "modulus": 78187493520, + "public_exponent": 65537, + "algorithm": b"SHA512", + "salt_length": 20, + "msg": b"3456781293fab829", + "s": b"deadbeef0000" + }, + ] + + +def test_load_fips_dsa_key_pair_vectors(): + vector_data = textwrap.dedent(""" + # CAVS 11.1 + # "KeyPair" information + # Mod sizes selected: L=1024, N=160:: L=2048, N=224 :: L=2048, N=256 :: L +=3072, N=256 + # Generated on Wed May 04 08:50:52 2011 + + + [mod = L=1024, N=160] + + P = d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341eabb47cf8a7a\ +8a41e792a156b7ce97206c4f9c5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b65223\ +6f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c7147123188f8dc551054ee162b634d60f097\ +f719076640e20980a0093113a8bd73 + Q = 96c5390a8b612c0e422bb2b0ea194a3ec935a281 + G = 06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce4991d2b862259d6b\ +4548a6495b195aa0e0b6137ca37eb23b94074d3c3d300042bdf15762812b6333ef7b07ceba7860\ +7610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c61d39e7da8902291c4434a4e2224c3\ +f4fd9f93cd6f4f17fc076341a7e7d9 + + X = 8185fee9cc7c0e91fd85503274f1cd5a3fd15a49 + Y = 6f26d98d41de7d871b6381851c9d91fa03942092ab6097e76422070edb71db44ff5682\ +80fdb1709f8fc3feab39f1f824adaeb2a298088156ac31af1aa04bf54f475bdcfdcf2f8a2dd973\ +e922d83e76f016558617603129b21c70bf7d0e5dc9e68fe332e295b65876eb9a12fe6fca9f1a1c\ +e80204646bf99b5771d249a6fea627 + + X = 85322d6ea73083064376099ca2f65f56e8522d9b + Y = 21f8690f717c9f4dcb8f4b6971de2f15b9231fcf41b7eeb997d781f240bfdddfd2090d\ +22083c26cca39bf37c9caf1ec89518ea64845a50d747b49131ffff6a2fd11ea7bacbb93c7d0513\ +7383a06365af82225dd3713ca5a45006316f53bd12b0e260d5f79795e5a4c9f353f12867a1d320\ +2394673ada8563b71555e53f415254 + + [mod = L=2048, N=224] + + P = 904ef8e31e14721910fa0969e77c99b79f190071a86026e37a887a6053960dbfb74390\ +a6641319fe0af32c4e982934b0f1f4c5bc57534e8e56d77c36f0a99080c0d5bc9022fa34f58922\ +81d7b1009571cb5b35699303f912b276d86b1b0722fc0b1500f0ffb2e4d90867a3bdca181a9734\ +617a8a9f991aa7c14dec1cf45ceba00600f8425440ed0c3b52c82e3aa831932a98b477da220867\ +eb2d5e0ca34580b33b1b65e558411ed09c369f4717bf03b551787e13d9e47c267c91c697225265\ +da157945cd8b32e84fc45b80533265239aa00a2dd3d05f5cb231b7daf724b7ecdce170360a8397\ +2e5be94626273d449f441be300a7345db387bebadad67d8060a7 + Q = d7d0a83e84d13032b830ed74a6a88592ec9a4cf42bf37080c6600aad + G = 2050b18d3c9f39fac396c009310d6616f9309b67b59aef9aee813d6b4f12ee29ba8a6b\ +350b11d4336d44b4641230002d870f1e6b1d8728bdd40262df0d2440999185ae077f7034c61679\ +f4360fbb5d181569e7cb8acb04371c11ba55f1bbd777b74304b99b66d4405303e7120dc8bc4785\ +f56e9533e65b63a0c77cce7bba0d5d6069df5edffa927c5a255a09405a008258ed93506a843366\ +2154f6f67e922d7c9788f04d4ec09581063950d9cde8e373ea59a58b2a6df6ba8663345574fabb\ +a9ca981696d83aeac1f34f14f1a813ba900b3f0341dea23f7d3297f919a97e1ae00ac0728c93fe\ +0a88b66591baf4eb0bc6900f39ba5feb41cbbeea7eb7919aa4d3 + + X = 3f19424da3b4f0cafca3fc5019fcd225dd7e496ffdf6b77e364f45be + Y = 7681ed0ac257ab7ff17c52de4638c0614749792707a0c0d23883697e34963df15c806f\ +a6206f7fafb3269018e7703bd1e6f518d13544331a017713dbbe0cee8da6c095271fbf24edb74a\ +44e18b1d3b835622f68d31921c67c83e8479d1972ed0cb106c68188fe22c044254251ebf880b90\ +49dc3b7958ef61e1e67d2f677d2a7d2ab6b7c42b70cc5dedc3e5de7459a2dbc70c69008553d7ff\ +b6bf81c012c8bd67bdddeaab9a4a4373027912a7c7d9cd9cfc6c81dffe0cc7a6d40c3b2065aee7\ +be80e3c35497d64c8045bc511edaf7314c84c56bd9f0fecf62262ea5b45b49a0cffb223713bdbd\ +3ad03a25a0bb2211eba41ffcd08ab0e1ad485c29a3fc25ee8359 + + X = 241396352dd26efe0e2e184da52fe2b61d9d51b91b5009674c447854 + Y = 2f07a3aa9884c65288e5fef56c7b7f4445632273290bae6fcaab87c90058b2bef81ad3\ +34958657cf649ffb976d618b34ce69ef6d68c0d8bfe275cf097a301e8dd5595958e0c668c15f67\ +b5c0b0d01983057ce61593635aab5e0564ed720b0336f055a86755c76be22df3b8487f16e2ba0b\ +5136fd30d7e3b1d30c3bd298d3acc0a1988a11756c94e9a53184d0d3edfbb649caf03eace3083d\ +e9933921e627f4b2e011d1c79e45d8ea1eb7e4e59a1cbd8382b3238474eb949749c985200fbb25\ +41e2dce080aa881945d4d935076e48a0846dc5513bb4da8563b946af54f546455931e79c065ce7\ +ca223a98f8fde40091d38eb2c3eb8e3b81d88374f3146b0afc42 + + [mod = L=2048, N=256] + + P = ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace5e9c41434c9cf0a8e9\ +498acb0f4663c08b4484eace845f6fb17dac62c98e706af0fc74e4da1c6c2b3fbf5a1d58ff82fc\ +1a66f3e8b12252c40278fff9dd7f102eed2cb5b7323ebf1908c234d935414dded7f8d244e54561\ +b0dca39b301de8c49da9fb23df33c6182e3f983208c560fb5119fbf78ebe3e6564ee235c6a15cb\ +b9ac247baba5a423bc6582a1a9d8a2b4f0e9e3d9dbac122f750dd754325135257488b1f6ecabf2\ +1bff2947fe0d3b2cb7ffe67f4e7fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a908c36e95e60\ +bf49ca4368b8b892b9c79f61ef91c47567c40e1f80ac5aa66ef7 + Q = 8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b18f507192c19d + G = e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b1913413d344d1d\ +8d84a333839d88eee431521f6e357c16e6a93be111a98076739cd401bab3b9d565bf4fb99e9d18\ +5b1e14d61c93700133f908bae03e28764d107dcd2ea7674217622074bb19efff482f5f5c1a86d5\ +551b2fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6ad7f9f0f3c61568f78d0706b10a26f23b\ +4f197c322b825002284a0aca91807bba98ece912b80e10cdf180cf99a35f210c1655fbfdd74f13\ +b1b5046591f8403873d12239834dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed273b14\ +6ec1ca06d0adf55dd91d65c37297bda78c6d210c0bc26e558302 + + X = 405772da6e90d809e77d5de796562a2dd4dfd10ef00a83a3aba6bd818a0348a1 + Y = 6b32e31ab9031dc4dd0b5039a78d07826687ab087ae6de4736f5b0434e1253092e8a0b\ +231f9c87f3fc8a4cb5634eb194bf1b638b7a7889620ce6711567e36aa36cda4604cfaa601a4591\ +8371d4ccf68d8b10a50a0460eb1dc0fff62ef5e6ee4d473e18ea4a66c196fb7e677a49b48241a0\ +b4a97128eff30fa437050501a584f8771e7280d26d5af30784039159c11ebfea10b692fd0a5821\ +5eeb18bff117e13f08db792ed4151a218e4bed8dddfb0793225bd1e9773505166f4bd8cedbb286\ +ea28232972da7bae836ba97329ba6b0a36508e50a52a7675e476d4d4137eae13f22a9d2fefde70\ +8ba8f34bf336c6e76331761e4b0617633fe7ec3f23672fb19d27 + + X = 0e0b95e31fda3f888059c46c3002ef8f2d6be112d0209aeb9e9545da67aeea80 + Y = 778082b77ddba6f56597cc74c3a612abf2ddbd85cc81430c99ab843c1f630b9db01399\ +65f563978164f9bf3a8397256be714625cd41cd7fa0067d94ea66d7e073f7125af692ad01371d4\ +a17f4550590378f2b074030c20e36911598a1018772f61be3b24de4be5a388ccc09e15a92819c3\ +1dec50de9fde105b49eaa097b9d13d9219eeb33b628facfd1c78a7159c8430d0647c506e7e3de7\ +4763cb351eada72c00bef3c9641881e6254870c1e6599f8ca2f1bbb74f39a905e3a34e4544168e\ +6e50c9e3305fd09cab6ed4aff6fda6e0d5bf375c81ac9054406d9193b003c89272f1bd83d48250\ +134b65c77c2b6332d38d34d9016f0e8975536ad6c348a1faedb0 + + [mod = L=3072, N=256] + + P = f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d5828c352f593a9a7\ +87760ce34b789879941f2f01f02319f6ae0b756f1a842ba54c85612ed632ee2d79ef17f06b77c6\ +41b7b080aff52a03fc2462e80abc64d223723c236deeb7d201078ec01ca1fbc1763139e25099a8\ +4ec389159c409792080736bd7caa816b92edf23f2c351f90074aa5ea2651b372f8b58a0a65554d\ +b2561d706a63685000ac576b7e4562e262a14285a9c6370b290e4eb7757527d80b6c0fd5df831d\ +36f3d1d35f12ab060548de1605fd15f7c7aafed688b146a02c945156e284f5b71282045aba9844\ +d48b5df2e9e7a5887121eae7d7b01db7cdf6ff917cd8eb50c6bf1d54f90cce1a491a9c74fea88f\ +7e7230b047d16b5a6027881d6f154818f06e513faf40c8814630e4e254f17a47bfe9cb519b9828\ +9935bf17673ae4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f7476cd715eaab\ +b7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c1136f303f4b4d25ad5b692229957 + Q = d3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210f6169041653b + G = ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978db2104d7394b493c183\ +32c64cec906a71c3778bd93341165dee8e6cd4ca6f13afff531191194ada55ecf01ff94d6cf7c4\ +768b82dd29cd131aaf202aefd40e564375285c01f3220af4d70b96f1395420d778228f1461f5d0\ +b8e47357e87b1fe3286223b553e3fc9928f16ae3067ded6721bedf1d1a01bfd22b9ae85fce7782\ +0d88cdf50a6bde20668ad77a707d1c60fcc5d51c9de488610d0285eb8ff721ff141f93a9fb23c1\ +d1f7654c07c46e58836d1652828f71057b8aff0b0778ef2ca934ea9d0f37daddade2d823a4d8e3\ +62721082e279d003b575ee59fd050d105dfd71cd63154efe431a0869178d9811f4f231dc5dcf3b\ +0ec0f2b0f9896c32ec6c7ee7d60aa97109e09224907328d4e6acd10117e45774406c4c947da802\ +0649c3168f690e0bd6e91ac67074d1d436b58ae374523deaf6c93c1e6920db4a080b744804bb07\ +3cecfe83fa9398cf150afa286dc7eb7949750cf5001ce104e9187f7e16859afa8fd0d775ae + + X = b2764c46113983777d3e7e97589f1303806d14ad9f2f1ef033097de954b17706 + Y = 814824e435e1e6f38daa239aad6dad21033afce6a3ebd35c1359348a0f2418871968c2\ +babfc2baf47742148828f8612183178f126504da73566b6bab33ba1f124c15aa461555c2451d86\ +c94ee21c3e3fc24c55527e01b1f03adcdd8ec5cb08082803a7b6a829c3e99eeb332a2cf5c035b0\ +ce0078d3d414d31fa47e9726be2989b8d06da2e6cd363f5a7d1515e3f4925e0b32adeae3025cc5\ +a996f6fd27494ea408763de48f3bb39f6a06514b019899b312ec570851637b8865cff3a52bf5d5\ +4ad5a19e6e400a2d33251055d0a440b50d53f4791391dc754ad02b9eab74c46b4903f9d76f8243\ +39914db108057af7cde657d41766a99991ac8787694f4185d6f91d7627048f827b405ec67bf2fe\ +56141c4c581d8c317333624e073e5879a82437cb0c7b435c0ce434e15965db1315d64895991e6b\ +be7dac040c42052408bbc53423fd31098248a58f8a67da3a39895cd0cc927515d044c1e3cb6a32\ +59c3d0da354cce89ea3552c59609db10ee989986527436af21d9485ddf25f90f7dff6d2bae + + X = 52e3e040efb30e1befd909a0bdbcfd140d005b1bff094af97186080262f1904d + Y = a5ae6e8f9b7a68ab0516dad4d7b7d002126f811d5a52e3d35c6d387fcb43fd19bf7792\ +362f9c98f8348aa058bb62376685f3d0c366c520d697fcd8416947151d4bbb6f32b53528a01647\ +9e99d2cd48d1fc679027c15f0042f207984efe05c1796bca8eba678dfdd00b80418e3ea840557e\ +73b09e003882f9a68edba3431d351d1ca07a8150b018fdbdf6c2f1ab475792a3ccaa6594472a45\ +f8dc777b60bf67de3e0f65c20d11b7d59faedf83fbce52617f500d9e514947c455274c6e900464\ +767fb56599b81344cf6d12c25cb2b7d038d7b166b6cf30534811c15d0e8ab880a2ac06786ae2dd\ +de61329a78d526f65245380ce877e979c5b50de66c9c30d66382c8f254653d25a1eb1d3a4897d7\ +623399b473ce712a2184cf2da1861706c41466806aefe41b497db82aca6c31c8f4aa68c17d1d9e\ +380b57998917655783ec96e5234a131f7299398d36f1f5f84297a55ff292f1f060958c358fed34\ +6db2de45127ca728a9417b2c54203e33e53b9a061d924395b09afab8daf3e8dd7eedcec3ac + """).splitlines() + + expected = [ + {'g': int('06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce499' + '1d2b862259d6b4548a6495b195aa0e0b6137ca37eb23b94074d3c3d3000' + '42bdf15762812b6333ef7b07ceba78607610fcc9ee68491dbc1e34cd12' + '615474e52b18bc934fb00c61d39e7da8902291c4434a4e2224c3f' + '4fd9f93cd6f4f17fc076341a7e7d9', 16), + 'p': int('d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725e' + 'f341eabb47cf8a7a8a41e792a156b7ce97206c4f9c5ce6fc5ae791210' + '2b6b502e59050b5b21ce263dddb2044b652236f4d42ab4b5d6aa73189c' + 'ef1ace778d7845a5c1c1c7147123188f8dc551054ee162b634d60f097f7' + '19076640e20980a0093113a8bd73', 16), + 'q': int('96c5390a8b612c0e422bb2b0ea194a3ec935a281', 16), + 'x': int('8185fee9cc7c0e91fd85503274f1cd5a3fd15a49', 16), + 'y': int('6f26d98d41de7d871b6381851c9d91fa03942092ab6097e76422' + '070edb71db44ff568280fdb1709f8fc3feab39f1f824adaeb2a29808815' + '6ac31af1aa04bf54f475bdcfdcf2f8a2dd973e922d83e76f01655861760' + '3129b21c70bf7d0e5dc9e68fe332e295b65876eb9a12fe6fca9f1a1ce80' + '204646bf99b5771d249a6fea627', 16)}, + {'g': int('06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce4991d' + '2b862259d6b4548a6495b195aa0e0b6137ca37eb23b94074d3c3d30004' + '2bdf15762812b6333ef7b07ceba78607610fcc9ee68491dbc1e34cd126' + '15474e52b18bc934fb00c61d39e7da8902291c4434a4e2224c3f4fd9' + 'f93cd6f4f17fc076341a7e7d9', 16), + 'p': int('d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341e' + 'abb47cf8a7a8a41e792a156b7ce97206c4f9c5ce6fc5ae7912102b6b50' + '2e59050b5b21ce263dddb2044b652236f4d42ab4b5d6aa73189cef1a' + 'ce778d7845a5c1c1c7147123188f8dc551054ee162b634d6' + '0f097f719076640e20980a0093113a8bd73', 16), + 'q': int('96c5390a8b612c0e422bb2b0ea194a3ec935a281', 16), + 'x': int('85322d6ea73083064376099ca2f65f56e8522d9b', 16), + 'y': int('21f8690f717c9f4dcb8f4b6971de2f15b9231fcf41b7eeb997d781f240' + 'bfdddfd2090d22083c26cca39bf37c9caf1ec89518ea64845a50d747b49' + '131ffff6a2fd11ea7bacbb93c7d05137383a06365af82225dd3713c' + 'a5a45006316f53bd12b0e260d5f79795e5a4c9f353f12867a1d3' + '202394673ada8563b71555e53f415254', 16)}, + + {'g': int('e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b191' + '3413d344d1d8d84a333839d88eee431521f6e357c16e6a93be111a9807' + '6739cd401bab3b9d565bf4fb99e9d185b1e14d61c93700133f908bae0' + '3e28764d107dcd2ea7674217622074bb19efff482f5f5c1a86d5551b2' + 'fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6ad7f9f0f3c61568f78' + 'd0706b10a26f23b4f197c322b825002284a0aca91807bba98ece912' + 'b80e10cdf180cf99a35f210c1655fbfdd74f13b1b5046591f8403873d' + '12239834dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed273b1' + '46ec1ca06d0adf55dd91d65c37297bda78c6d210c0bc26e558302', 16), + 'p': int('ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace' + '5e9c41434c9cf0a8e9498acb0f4663c08b4484eace845f6fb17d' + 'ac62c98e706af0fc74e4da1c6c2b3fbf5a1d58ff82fc1a66f3e8b122' + '52c40278fff9dd7f102eed2cb5b7323ebf1908c234d935414dded7f8d2' + '44e54561b0dca39b301de8c49da9fb23df33c6182e3f983208c560fb5' + '119fbf78ebe3e6564ee235c6a15cbb9ac247baba5a423bc6582a1a9d8a' + '2b4f0e9e3d9dbac122f750dd754325135257488b1f6ecabf21bff2947' + 'fe0d3b2cb7ffe67f4e7fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a' + '908c36e95e60bf49ca4368b8b892b9c79f61ef91c47567c40e1f80ac' + '5aa66ef7', 16), + 'q': int('8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b1' + '8f507192c19d', 16), + 'x': int('405772da6e90d809e77d5de796562a2dd4dfd10ef00a83a3aba6' + 'bd818a0348a1', 16), + 'y': int('6b32e31ab9031dc4dd0b5039a78d07826687ab087ae6de4736f5' + 'b0434e1253092e8a0b231f9c87f3fc8a4cb5634eb194bf1b638' + 'b7a7889620ce6711567e36aa36cda4604cfaa601a45918371d' + '4ccf68d8b10a50a0460eb1dc0fff62ef5e6ee4d473e18ea4a6' + '6c196fb7e677a49b48241a0b4a97128eff30fa437050501a584' + 'f8771e7280d26d5af30784039159c11ebfea10b692fd0a58215ee' + 'b18bff117e13f08db792ed4151a218e4bed8dddfb0793225bd1e97' + '73505166f4bd8cedbb286ea28232972da7bae836ba97329ba6b0a36508' + 'e50a52a7675e476d4d4137eae13f22a9d2fefde708ba8f34bf336c6e7' + '6331761e4b0617633fe7ec3f23672fb19d27', 16)}, + {'g': int('e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b191' + '3413d344d1d8d84a333839d88eee431521f6e357c16e6a93be111a9807' + '6739cd401bab3b9d565bf4fb99e9d185b1e14d61c93700133f908bae0' + '3e28764d107dcd2ea7674217622074bb19efff482f5f5c1a86d5551b2' + 'fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6ad7f9f0f3c61568f78' + 'd0706b10a26f23b4f197c322b825002284a0aca91807bba98ece912' + 'b80e10cdf180cf99a35f210c1655fbfdd74f13b1b5046591f8403873d' + '12239834dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed273b1' + '46ec1ca06d0adf55dd91d65c37297bda78c6d210c0bc26e558302', 16), + 'p': int('ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace' + '5e9c41434c9cf0a8e9498acb0f4663c08b4484eace845f6fb17d' + 'ac62c98e706af0fc74e4da1c6c2b3fbf5a1d58ff82fc1a66f3e8b122' + '52c40278fff9dd7f102eed2cb5b7323ebf1908c234d935414dded7f8d2' + '44e54561b0dca39b301de8c49da9fb23df33c6182e3f983208c560fb5' + '119fbf78ebe3e6564ee235c6a15cbb9ac247baba5a423bc6582a1a9d8a' + '2b4f0e9e3d9dbac122f750dd754325135257488b1f6ecabf21bff2947' + 'fe0d3b2cb7ffe67f4e7fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a' + '908c36e95e60bf49ca4368b8b892b9c79f61ef91c47567c40e1f80ac' + '5aa66ef7', 16), + 'q': int('8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b1' + '8f507192c19d', 16), + 'x': int('0e0b95e31fda3f888059c46c3002ef8f2d6be112d0209aeb9e95' + '45da67aeea80', 16), + 'y': int('778082b77ddba6f56597cc74c3a612abf2ddbd85cc81430c99ab' + '843c1f630b9db0139965f563978164f9bf3a8397256be714625' + 'cd41cd7fa0067d94ea66d7e073f7125af692ad01371d4a17f45' + '50590378f2b074030c20e36911598a1018772f61be3b24de4be' + '5a388ccc09e15a92819c31dec50de9fde105b49eaa097b9d13d' + '9219eeb33b628facfd1c78a7159c8430d0647c506e7e3de74763c' + 'b351eada72c00bef3c9641881e6254870c1e6599f8ca2f1bbb74f' + '39a905e3a34e4544168e6e50c9e3305fd09cab6ed4aff6fda6e0d' + '5bf375c81ac9054406d9193b003c89272f1bd83d48250134b65c77' + 'c2b6332d38d34d9016f0e8975536ad6c348a1faedb0', 16)}, + + {'g': int('ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978d' + 'b2104d7394b493c18332c64cec906a71c3778bd93341165dee8' + 'e6cd4ca6f13afff531191194ada55ecf01ff94d6cf7c4768b82' + 'dd29cd131aaf202aefd40e564375285c01f3220af4d70b96f1' + '395420d778228f1461f5d0b8e47357e87b1fe3286223b553e3' + 'fc9928f16ae3067ded6721bedf1d1a01bfd22b9ae85fce77820d88cdf' + '50a6bde20668ad77a707d1c60fcc5d51c9de488610d0285eb8ff721f' + 'f141f93a9fb23c1d1f7654c07c46e58836d1652828f71057b8aff0b077' + '8ef2ca934ea9d0f37daddade2d823a4d8e362721082e279d003b575ee' + '59fd050d105dfd71cd63154efe431a0869178d9811f4f231dc5dcf3b' + '0ec0f2b0f9896c32ec6c7ee7d60aa97109e09224907328d4e6acd1011' + '7e45774406c4c947da8020649c3168f690e0bd6e91ac67074d1d436b' + '58ae374523deaf6c93c1e6920db4a080b744804bb073cecfe83fa939' + '8cf150afa286dc7eb7949750cf5001ce104e9187f7e16859afa8fd0d' + '775ae', 16), + 'p': int('f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d5828' + 'c352f593a9a787760ce34b789879941f2f01f02319f6ae0b756f1a842' + 'ba54c85612ed632ee2d79ef17f06b77c641b7b080aff52a03fc2462e8' + '0abc64d223723c236deeb7d201078ec01ca1fbc1763139e25099a84ec' + '389159c409792080736bd7caa816b92edf23f2c351f90074aa5ea2651' + 'b372f8b58a0a65554db2561d706a63685000ac576b7e4562e262a1428' + '5a9c6370b290e4eb7757527d80b6c0fd5df831d36f3d1d35f12ab0605' + '48de1605fd15f7c7aafed688b146a02c945156e284f5b71282045aba9' + '844d48b5df2e9e7a5887121eae7d7b01db7cdf6ff917cd8eb50c6bf1d' + '54f90cce1a491a9c74fea88f7e7230b047d16b5a6027881d6f154818f' + '06e513faf40c8814630e4e254f17a47bfe9cb519b98289935bf17673a' + 'e4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f7476' + 'cd715eaabb7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c11' + '36f303f4b4d25ad5b692229957', 16), + 'q': int('d3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210' + 'f6169041653b', 16), + 'x': int('b2764c46113983777d3e7e97589f1303806d14ad9f2f1ef03309' + '7de954b17706', 16), + 'y': int('814824e435e1e6f38daa239aad6dad21033afce6a3ebd35c1359348a0f2' + '418871968c2babfc2baf47742148828f8612183178f126504da73566b6' + 'bab33ba1f124c15aa461555c2451d86c94ee21c3e3fc24c55527e' + '01b1f03adcdd8ec5cb08082803a7b6a829c3e99eeb332a2cf5c035b0c' + 'e0078d3d414d31fa47e9726be2989b8d06da2e6cd363f5a7d1515e3f4' + '925e0b32adeae3025cc5a996f6fd27494ea408763de48f3bb39f6a06' + '514b019899b312ec570851637b8865cff3a52bf5d54ad5a19e6e400' + 'a2d33251055d0a440b50d53f4791391dc754ad02b9eab74c46b4903' + 'f9d76f824339914db108057af7cde657d41766a99991ac8787694f' + '4185d6f91d7627048f827b405ec67bf2fe56141c4c581d8c317333' + '624e073e5879a82437cb0c7b435c0ce434e15965db1315d648959' + '91e6bbe7dac040c42052408bbc53423fd31098248a58f8a67da3a' + '39895cd0cc927515d044c1e3cb6a3259c3d0da354cce89ea3552c' + '59609db10ee989986527436af21d9485ddf25f90f7dff6d2bae', 16)}, + {'g': int('ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978d' + 'b2104d7394b493c18332c64cec906a71c3778bd93341165dee8' + 'e6cd4ca6f13afff531191194ada55ecf01ff94d6cf7c4768b82' + 'dd29cd131aaf202aefd40e564375285c01f3220af4d70b96f1' + '395420d778228f1461f5d0b8e47357e87b1fe3286223b553e3' + 'fc9928f16ae3067ded6721bedf1d1a01bfd22b9ae85fce77820d88cdf' + '50a6bde20668ad77a707d1c60fcc5d51c9de488610d0285eb8ff721f' + 'f141f93a9fb23c1d1f7654c07c46e58836d1652828f71057b8aff0b077' + '8ef2ca934ea9d0f37daddade2d823a4d8e362721082e279d003b575ee' + '59fd050d105dfd71cd63154efe431a0869178d9811f4f231dc5dcf3b' + '0ec0f2b0f9896c32ec6c7ee7d60aa97109e09224907328d4e6acd1011' + '7e45774406c4c947da8020649c3168f690e0bd6e91ac67074d1d436b' + '58ae374523deaf6c93c1e6920db4a080b744804bb073cecfe83fa939' + '8cf150afa286dc7eb7949750cf5001ce104e9187f7e16859afa8fd0d' + '775ae', 16), + 'p': int('f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d5828' + 'c352f593a9a787760ce34b789879941f2f01f02319f6ae0b756f1a842' + 'ba54c85612ed632ee2d79ef17f06b77c641b7b080aff52a03fc2462e8' + '0abc64d223723c236deeb7d201078ec01ca1fbc1763139e25099a84ec' + '389159c409792080736bd7caa816b92edf23f2c351f90074aa5ea2651' + 'b372f8b58a0a65554db2561d706a63685000ac576b7e4562e262a1428' + '5a9c6370b290e4eb7757527d80b6c0fd5df831d36f3d1d35f12ab0605' + '48de1605fd15f7c7aafed688b146a02c945156e284f5b71282045aba9' + '844d48b5df2e9e7a5887121eae7d7b01db7cdf6ff917cd8eb50c6bf1d' + '54f90cce1a491a9c74fea88f7e7230b047d16b5a6027881d6f154818f' + '06e513faf40c8814630e4e254f17a47bfe9cb519b98289935bf17673a' + 'e4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f7476' + 'cd715eaabb7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c11' + '36f303f4b4d25ad5b692229957', 16), + 'q': int('d3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210' + 'f6169041653b', 16), + 'x': int('52e3e040efb30e1befd909a0bdbcfd140d005b1bff094af97186' + '080262f1904d', 16), + 'y': int('a5ae6e8f9b7a68ab0516dad4d7b7d002126f811d5a52e3d35c6d' + '387fcb43fd19bf7792362f9c98f8348aa058bb62376685f3d0c3' + '66c520d697fcd8416947151d4bbb6f32b53528a016479e99d2cd' + '48d1fc679027c15f0042f207984efe05c1796bca8eba678dfdd0' + '0b80418e3ea840557e73b09e003882f9a68edba3431d351d1ca0' + '7a8150b018fdbdf6c2f1ab475792a3ccaa6594472a45f8dc777b' + '60bf67de3e0f65c20d11b7d59faedf83fbce52617f500d9e5149' + '47c455274c6e900464767fb56599b81344cf6d12c25cb2b7d038' + 'd7b166b6cf30534811c15d0e8ab880a2ac06786ae2ddde61329a' + '78d526f65245380ce877e979c5b50de66c9c30d66382c8f25465' + '3d25a1eb1d3a4897d7623399b473ce712a2184cf2da1861706c4' + '1466806aefe41b497db82aca6c31c8f4aa68c17d1d9e380b5799' + '8917655783ec96e5234a131f7299398d36f1f5f84297a55ff292' + 'f1f060958c358fed346db2de45127ca728a9417b2c54203e33e5' + '3b9a061d924395b09afab8daf3e8dd7eedcec3ac', 16)} + ] + + assert expected == load_fips_dsa_key_pair_vectors(vector_data) diff --git a/tests/utils.py b/tests/utils.py index 0d9567f9..720a9054 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -11,6 +11,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import collections import os @@ -296,3 +298,93 @@ def load_pkcs1_vectors(vector_data): if key is not None and attr is not None: key[attr].append(line.strip()) return vectors + + +def load_rsa_nist_vectors(vector_data): + test_data = None + data = [] + + for line in vector_data: + line = line.strip() + + # Blank lines and section headers are ignored + if not line or line.startswith("["): + continue + + if line.startswith("# Salt len:"): + salt_length = int(line.split(":")[1].strip()) + continue + elif line.startswith("#"): + continue + + # Build our data using a simple Key = Value format + name, value = [c.strip() for c in line.split("=")] + + if name == "n": + n = int(value, 16) + elif name == "e": + e = int(value, 16) + elif name == "SHAAlg": + test_data = { + "modulus": n, + "public_exponent": e, + "salt_length": salt_length, + "algorithm": value.encode("ascii") + } + data.append(test_data) + continue + # For all other tokens we simply want the name, value stored in + # the dictionary + else: + test_data[name.lower()] = value.encode("ascii") + + return data + + +def load_fips_dsa_key_pair_vectors(vector_data): + """ + Loads data out of the FIPS DSA KeyPair vector files. + """ + vectors = [] + # When reading_key_data is set to True it tells the loader to continue + # constructing dictionaries. We set reading_key_data to False during the + # blocks of the vectors of N=224 because we don't support it. + reading_key_data = True + for line in vector_data: + line = line.strip() + + if not line or line.startswith("#"): + continue + elif line.startswith("[mod = L=1024"): + continue + elif line.startswith("[mod = L=2048, N=224"): + reading_key_data = False + continue + elif line.startswith("[mod = L=2048, N=256"): + reading_key_data = True + continue + elif line.startswith("[mod = L=3072"): + continue + + if not reading_key_data: + continue + + elif reading_key_data: + if line.startswith("P"): + vectors.append({'p': int(line.split("=")[1], 16)}) + elif line.startswith("Q"): + vectors[-1]['q'] = int(line.split("=")[1], 16) + elif line.startswith("G"): + vectors[-1]['g'] = int(line.split("=")[1], 16) + elif line.startswith("X") and 'x' not in vectors[-1]: + vectors[-1]['x'] = int(line.split("=")[1], 16) + elif line.startswith("X") and 'x' in vectors[-1]: + vectors.append({'p': vectors[-1]['p'], + 'q': vectors[-1]['q'], + 'g': vectors[-1]['g'], + 'x': int(line.split("=")[1], 16) + }) + elif line.startswith("Y"): + vectors[-1]['y'] = int(line.split("=")[1], 16) + + return vectors @@ -1,5 +1,5 @@ [tox] -envlist = py26,py27,pypy,py32,py33,docs,pep8,py3pep8 +envlist = py26,py27,pypy,py32,py33,py34,docs,pep8,py3pep8 [testenv] deps = |