diff options
175 files changed, 2148 insertions, 1117 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7a654546..0f26be45 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,15 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`. +* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` + in favor of backend specific providers of the + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface. +* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` + in favor of backend specific providers of the + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface. +* Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and + ``create_rsa_verification_ctx`` on + :class:`~cryptography.hazmat.backends.interfaces.RSABackend`. 0.4 - 2014-05-03 ~~~~~~~~~~~~~~~~ diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 524e0a5b..e4faf32c 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -196,6 +196,24 @@ class DSABackend(object): Return True if the parameters are supported by the backend for DSA. """ + @abc.abstractmethod + def load_dsa_private_numbers(self, numbers): + """ + Returns a DSAPrivateKey provider. + """ + + @abc.abstractmethod + def load_dsa_public_numbers(self, numbers): + """ + Returns a DSAPublicKey provider. + """ + + @abc.abstractmethod + def load_dsa_parameter_numbers(self, numbers): + """ + Returns a DSAParameters provider. + """ + @six.add_metaclass(abc.ABCMeta) class TraditionalOpenSSLSerializationBackend(object): diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 0a7a28b4..6a2cf4db 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -15,20 +15,27 @@ from __future__ import absolute_import, division, print_function import collections import itertools -import math +import warnings import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InternalError, InvalidSignature, InvalidTag, - UnsupportedAlgorithm, _Reasons + InternalError, InvalidSignature, InvalidTag, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import ( CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, PKCS8SerializationBackend, RSABackend, TraditionalOpenSSLSerializationBackend ) +from cryptography.hazmat.backends.openssl.ec import ( + _ECDSASignatureContext, _ECDSAVerificationContext, + _EllipticCurvePrivateKey, _EllipticCurvePublicKey +) +from cryptography.hazmat.backends.openssl.rsa import ( + _RSAPrivateKey, _RSAPublicKey, _RSASignatureContext, + _RSAVerificationContext +) from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa @@ -41,9 +48,6 @@ from cryptography.hazmat.primitives.ciphers.algorithms import ( from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CFB, CFB8, CTR, ECB, GCM, OFB ) -from cryptography.hazmat.primitives.interfaces import ( - RSAPrivateKeyWithNumbers, RSAPublicKeyWithNumbers -) _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) @@ -533,6 +537,12 @@ class Backend(object): return ctx def create_rsa_signature_ctx(self, private_key, padding, algorithm): + warnings.warn( + "create_rsa_signature_ctx is deprecated and will be removed in a " + "future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) rsa_cdata = self._rsa_cdata_from_private_key(private_key) rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) key = _RSAPrivateKey(self, rsa_cdata) @@ -540,6 +550,12 @@ class Backend(object): def create_rsa_verification_ctx(self, public_key, signature, padding, algorithm): + warnings.warn( + "create_rsa_verification_ctx is deprecated and will be removed in " + "a future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) rsa_cdata = self._rsa_cdata_from_public_key(public_key) rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) key = _RSAPublicKey(self, rsa_cdata) @@ -547,6 +563,15 @@ class Backend(object): algorithm) def mgf1_hash_supported(self, algorithm): + warnings.warn( + "mgf1_hash_supported is deprecated and will be removed in " + "a future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) + return self._mgf1_hash_supported(algorithm) + + def _mgf1_hash_supported(self, algorithm): if self._lib.Cryptography_HAS_MGF1_MD: return self.hash_supported(algorithm) else: @@ -556,7 +581,7 @@ class Backend(object): if isinstance(padding, PKCS1v15): return True elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1): - return self.mgf1_hash_supported(padding._mgf._algorithm) + return self._mgf1_hash_supported(padding._mgf._algorithm) elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1): return isinstance(padding._mgf._algorithm, hashes.SHA1) else: @@ -654,12 +679,24 @@ class Backend(object): return True def decrypt_rsa(self, private_key, ciphertext, padding): + warnings.warn( + "decrypt_rsa is deprecated and will be removed in a future " + "version.", + utils.DeprecatedIn05, + stacklevel=2 + ) rsa_cdata = self._rsa_cdata_from_private_key(private_key) rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) key = _RSAPrivateKey(self, rsa_cdata) return key.decrypt(ciphertext, padding) def encrypt_rsa(self, public_key, plaintext, padding): + warnings.warn( + "encrypt_rsa is deprecated and will be removed in a future " + "version.", + utils.DeprecatedIn05, + stacklevel=2 + ) rsa_cdata = self._rsa_cdata_from_public_key(public_key) rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) key = _RSAPublicKey(self, rsa_cdata) @@ -896,8 +933,28 @@ class Backend(object): if self._lib.Cryptography_HAS_EC != 1: return False - curves = self._supported_curves() - return curve.name.encode("ascii") in curves + try: + curve_nid = self._elliptic_curve_to_nid(curve) + except UnsupportedAlgorithm: + curve_nid = self._lib.NID_undef + + ctx = self._lib.EC_GROUP_new_by_curve_name(curve_nid) + + if ctx == self._ffi.NULL: + errors = self._consume_errors() + assert ( + curve_nid == self._lib.NID_undef or + errors[0][1:] == ( + self._lib.ERR_LIB_EC, + self._lib.EC_F_EC_GROUP_NEW_BY_CURVE_NAME, + self._lib.EC_R_UNKNOWN_GROUP + ) + ) + return False + else: + assert curve_nid != self._lib.NID_undef + self._lib.EC_GROUP_free(ctx) + return True def elliptic_curve_signature_algorithm_supported( self, signature_algorithm, curve @@ -918,30 +975,6 @@ class Backend(object): return self.elliptic_curve_supported(curve) - def _supported_curves(self): - if self._lib.Cryptography_HAS_EC != 1: - return [] - - num_curves = self._lib.EC_get_builtin_curves(self._ffi.NULL, 0) - curve_array = self._ffi.new("EC_builtin_curve[]", num_curves) - num_curves_assigned = self._lib.EC_get_builtin_curves( - curve_array, num_curves) - assert num_curves == num_curves_assigned - - curves = [ - self._ffi.string(self._lib.OBJ_nid2sn(curve.nid)).decode() - for curve in curve_array - ] - - curve_aliases = { - "prime192v1": "secp192r1", - "prime256v1": "secp256r1" - } - return [ - curve_aliases.get(curve, curve) - for curve in curves - ] - def _create_ecdsa_signature_ctx(self, private_key, ecdsa): return _ECDSASignatureContext(self, private_key, ecdsa.algorithm) @@ -1443,384 +1476,6 @@ class _HMACContext(object): return self._backend._ffi.buffer(buf)[:outlen[0]] -def _get_rsa_pss_salt_length(pss, key_size, digest_size): - if pss._mgf._salt_length is not None: - salt = pss._mgf._salt_length - else: - salt = pss._salt_length - - if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH: - # bit length - 1 per RFC 3447 - emlen = int(math.ceil((key_size - 1) / 8.0)) - salt_length = emlen - digest_size - 2 - assert salt_length >= 0 - return salt_length - else: - return salt - - -@utils.register_interface(interfaces.AsymmetricSignatureContext) -class _RSASignatureContext(object): - def __init__(self, backend, private_key, padding, algorithm): - self._backend = backend - self._private_key = private_key - - if not isinstance(padding, interfaces.AsymmetricPadding): - raise TypeError( - "Expected provider of interfaces.AsymmetricPadding.") - - self._pkey_size = self._backend._lib.EVP_PKEY_size( - self._private_key._evp_pkey - ) - - if isinstance(padding, PKCS1v15): - if self._backend._lib.Cryptography_HAS_PKEY_CTX: - self._finalize_method = self._finalize_pkey_ctx - self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING - else: - self._finalize_method = self._finalize_pkcs1 - elif isinstance(padding, PSS): - if not isinstance(padding._mgf, MGF1): - raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend.", - _Reasons.UNSUPPORTED_MGF - ) - - # Size of key in bytes - 2 is the maximum - # PSS signature length (salt length is checked later) - assert self._pkey_size > 0 - if self._pkey_size - algorithm.digest_size - 2 < 0: - raise ValueError("Digest too large for key size. Use a larger " - "key.") - - if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedAlgorithm( - "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1.", - _Reasons.UNSUPPORTED_HASH - ) - - if self._backend._lib.Cryptography_HAS_PKEY_CTX: - self._finalize_method = self._finalize_pkey_ctx - self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING - else: - self._finalize_method = self._finalize_pss - else: - raise UnsupportedAlgorithm( - "{0} is not supported by this backend.".format(padding.name), - _Reasons.UNSUPPORTED_PADDING - ) - - self._padding = padding - self._algorithm = algorithm - self._hash_ctx = hashes.Hash(self._algorithm, self._backend) - - def update(self, data): - self._hash_ctx.update(data) - - def finalize(self): - evp_md = self._backend._lib.EVP_get_digestbyname( - self._algorithm.name.encode("ascii")) - assert evp_md != self._backend._ffi.NULL - - return self._finalize_method(evp_md) - - def _finalize_pkey_ctx(self, evp_md): - pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( - self._private_key._evp_pkey, self._backend._ffi.NULL - ) - assert pkey_ctx != self._backend._ffi.NULL - pkey_ctx = self._backend._ffi.gc(pkey_ctx, - self._backend._lib.EVP_PKEY_CTX_free) - res = self._backend._lib.EVP_PKEY_sign_init(pkey_ctx) - assert res == 1 - res = self._backend._lib.EVP_PKEY_CTX_set_signature_md( - pkey_ctx, evp_md) - assert res > 0 - - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding( - pkey_ctx, self._padding_enum) - assert res > 0 - if isinstance(self._padding, PSS): - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( - pkey_ctx, - _get_rsa_pss_salt_length( - self._padding, - self._private_key.key_size, - self._hash_ctx.algorithm.digest_size - ) - ) - assert res > 0 - - if self._backend._lib.Cryptography_HAS_MGF1_MD: - # MGF1 MD is configurable in OpenSSL 1.0.1+ - mgf1_md = self._backend._lib.EVP_get_digestbyname( - self._padding._mgf._algorithm.name.encode("ascii")) - assert mgf1_md != self._backend._ffi.NULL - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md( - pkey_ctx, mgf1_md - ) - assert res > 0 - data_to_sign = self._hash_ctx.finalize() - buflen = self._backend._ffi.new("size_t *") - res = self._backend._lib.EVP_PKEY_sign( - pkey_ctx, - self._backend._ffi.NULL, - buflen, - data_to_sign, - len(data_to_sign) - ) - assert res == 1 - buf = self._backend._ffi.new("unsigned char[]", buflen[0]) - res = self._backend._lib.EVP_PKEY_sign( - pkey_ctx, buf, buflen, data_to_sign, len(data_to_sign)) - if res != 1: - errors = self._backend._consume_errors() - assert errors[0].lib == self._backend._lib.ERR_LIB_RSA - reason = None - if (errors[0].reason == - self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE): - reason = ("Salt length too long for key size. Try using " - "MAX_LENGTH instead.") - elif (errors[0].reason == - self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY): - reason = "Digest too large for key size. Use a larger key." - assert reason is not None - raise ValueError(reason) - - return self._backend._ffi.buffer(buf)[:] - - def _finalize_pkcs1(self, evp_md): - if self._hash_ctx._ctx is None: - raise AlreadyFinalized("Context has already been finalized.") - - sig_buf = self._backend._ffi.new("char[]", self._pkey_size) - sig_len = self._backend._ffi.new("unsigned int *") - res = self._backend._lib.EVP_SignFinal( - self._hash_ctx._ctx._ctx, - sig_buf, - sig_len, - self._private_key._evp_pkey - ) - self._hash_ctx.finalize() - if res == 0: - errors = self._backend._consume_errors() - assert errors[0].lib == self._backend._lib.ERR_LIB_RSA - assert (errors[0].reason == - self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY) - raise ValueError("Digest too large for key size. Use a larger " - "key.") - - return self._backend._ffi.buffer(sig_buf)[:sig_len[0]] - - def _finalize_pss(self, evp_md): - data_to_sign = self._hash_ctx.finalize() - padded = self._backend._ffi.new("unsigned char[]", self._pkey_size) - res = self._backend._lib.RSA_padding_add_PKCS1_PSS( - self._private_key._rsa_cdata, - padded, - data_to_sign, - evp_md, - _get_rsa_pss_salt_length( - self._padding, - self._private_key.key_size, - len(data_to_sign) - ) - ) - if res != 1: - errors = self._backend._consume_errors() - assert errors[0].lib == self._backend._lib.ERR_LIB_RSA - assert (errors[0].reason == - self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE) - raise ValueError("Salt length too long for key size. Try using " - "MAX_LENGTH instead.") - - sig_buf = self._backend._ffi.new("char[]", self._pkey_size) - sig_len = self._backend._lib.RSA_private_encrypt( - self._pkey_size, - padded, - sig_buf, - self._private_key._rsa_cdata, - self._backend._lib.RSA_NO_PADDING - ) - assert sig_len != -1 - return self._backend._ffi.buffer(sig_buf)[:sig_len] - - -@utils.register_interface(interfaces.AsymmetricVerificationContext) -class _RSAVerificationContext(object): - def __init__(self, backend, public_key, signature, padding, algorithm): - self._backend = backend - self._public_key = public_key - self._signature = signature - - if not isinstance(padding, interfaces.AsymmetricPadding): - raise TypeError( - "Expected provider of interfaces.AsymmetricPadding.") - - self._pkey_size = self._backend._lib.EVP_PKEY_size( - self._public_key._evp_pkey - ) - - if isinstance(padding, PKCS1v15): - if self._backend._lib.Cryptography_HAS_PKEY_CTX: - self._verify_method = self._verify_pkey_ctx - self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING - else: - self._verify_method = self._verify_pkcs1 - elif isinstance(padding, PSS): - if not isinstance(padding._mgf, MGF1): - raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend.", - _Reasons.UNSUPPORTED_MGF - ) - - # Size of key in bytes - 2 is the maximum - # PSS signature length (salt length is checked later) - assert self._pkey_size > 0 - if self._pkey_size - algorithm.digest_size - 2 < 0: - raise ValueError( - "Digest too large for key size. Check that you have the " - "correct key and digest algorithm." - ) - - if not self._backend.mgf1_hash_supported(padding._mgf._algorithm): - raise UnsupportedAlgorithm( - "When OpenSSL is older than 1.0.1 then only SHA1 is " - "supported with MGF1.", - _Reasons.UNSUPPORTED_HASH - ) - - if self._backend._lib.Cryptography_HAS_PKEY_CTX: - self._verify_method = self._verify_pkey_ctx - self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING - else: - self._verify_method = self._verify_pss - else: - raise UnsupportedAlgorithm( - "{0} is not supported by this backend.".format(padding.name), - _Reasons.UNSUPPORTED_PADDING - ) - - self._padding = padding - self._algorithm = algorithm - self._hash_ctx = hashes.Hash(self._algorithm, self._backend) - - def update(self, data): - self._hash_ctx.update(data) - - def verify(self): - evp_md = self._backend._lib.EVP_get_digestbyname( - self._algorithm.name.encode("ascii")) - assert evp_md != self._backend._ffi.NULL - - self._verify_method(evp_md) - - def _verify_pkey_ctx(self, evp_md): - pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( - self._public_key._evp_pkey, self._backend._ffi.NULL - ) - assert pkey_ctx != self._backend._ffi.NULL - pkey_ctx = self._backend._ffi.gc(pkey_ctx, - self._backend._lib.EVP_PKEY_CTX_free) - res = self._backend._lib.EVP_PKEY_verify_init(pkey_ctx) - assert res == 1 - res = self._backend._lib.EVP_PKEY_CTX_set_signature_md( - pkey_ctx, evp_md) - assert res > 0 - - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding( - pkey_ctx, self._padding_enum) - assert res > 0 - if isinstance(self._padding, PSS): - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( - pkey_ctx, - _get_rsa_pss_salt_length( - self._padding, - self._public_key.key_size, - self._hash_ctx.algorithm.digest_size - ) - ) - assert res > 0 - if self._backend._lib.Cryptography_HAS_MGF1_MD: - # MGF1 MD is configurable in OpenSSL 1.0.1+ - mgf1_md = self._backend._lib.EVP_get_digestbyname( - self._padding._mgf._algorithm.name.encode("ascii")) - assert mgf1_md != self._backend._ffi.NULL - res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md( - pkey_ctx, mgf1_md - ) - assert res > 0 - - data_to_verify = self._hash_ctx.finalize() - res = self._backend._lib.EVP_PKEY_verify( - pkey_ctx, - self._signature, - len(self._signature), - data_to_verify, - len(data_to_verify) - ) - # The previous call can return negative numbers in the event of an - # error. This is not a signature failure but we need to fail if it - # occurs. - assert res >= 0 - if res == 0: - errors = self._backend._consume_errors() - assert errors - raise InvalidSignature - - def _verify_pkcs1(self, evp_md): - if self._hash_ctx._ctx is None: - raise AlreadyFinalized("Context has already been finalized.") - - res = self._backend._lib.EVP_VerifyFinal( - self._hash_ctx._ctx._ctx, - self._signature, - len(self._signature), - self._public_key._evp_pkey - ) - self._hash_ctx.finalize() - # The previous call can return negative numbers in the event of an - # error. This is not a signature failure but we need to fail if it - # occurs. - assert res >= 0 - if res == 0: - errors = self._backend._consume_errors() - assert errors - raise InvalidSignature - - def _verify_pss(self, evp_md): - buf = self._backend._ffi.new("unsigned char[]", self._pkey_size) - res = self._backend._lib.RSA_public_decrypt( - len(self._signature), - self._signature, - buf, - self._public_key._rsa_cdata, - self._backend._lib.RSA_NO_PADDING - ) - if res != self._pkey_size: - errors = self._backend._consume_errors() - assert errors - raise InvalidSignature - - data_to_verify = self._hash_ctx.finalize() - res = self._backend._lib.RSA_verify_PKCS1_PSS( - self._public_key._rsa_cdata, - data_to_verify, - evp_md, - buf, - _get_rsa_pss_salt_length( - self._padding, - self._public_key.key_size, - len(data_to_verify) - ) - ) - if res != 1: - errors = self._backend._consume_errors() - assert errors - raise InvalidSignature - - @utils.register_interface(interfaces.AsymmetricVerificationContext) class _DSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): @@ -1949,240 +1604,4 @@ class _CMACContext(object): ) -def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): - _lib = backend._lib - _ffi = backend._ffi - - digest_len = len(digest) - - group = _lib.EC_KEY_get0_group(ec_key_cdata) - - bn_ctx = _lib.BN_CTX_new() - assert bn_ctx != _ffi.NULL - bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free) - - order = _lib.BN_CTX_get(bn_ctx) - assert order != _ffi.NULL - - res = _lib.EC_GROUP_get_order(group, order, bn_ctx) - assert res == 1 - - order_bits = _lib.BN_num_bits(order) - - if 8 * digest_len > order_bits: - digest_len = (order_bits + 7) // 8 - digest = digest[:digest_len] - - if 8 * digest_len > order_bits: - rshift = 8 - (order_bits & 0x7) - assert rshift > 0 and rshift < 8 - - mask = 0xFF >> rshift << rshift - - # Set the bottom rshift bits to 0 - digest = digest[:-1] + six.int2byte(six.byte2int(digest[-1]) & mask) - - return digest - - -@utils.register_interface(interfaces.AsymmetricSignatureContext) -class _ECDSASignatureContext(object): - def __init__(self, backend, private_key, algorithm): - self._backend = backend - self._private_key = private_key - self._digest = hashes.Hash(algorithm, backend) - - def update(self, data): - self._digest.update(data) - - def finalize(self): - ec_key = self._private_key._ec_key - - digest = self._digest.finalize() - - digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) - - max_size = self._backend._lib.ECDSA_size(ec_key) - assert max_size > 0 - - sigbuf = self._backend._ffi.new("char[]", max_size) - siglen_ptr = self._backend._ffi.new("unsigned int[]", 1) - res = self._backend._lib.ECDSA_sign( - 0, - digest, - len(digest), - sigbuf, - siglen_ptr, - ec_key - ) - assert res == 1 - return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]] - - -@utils.register_interface(interfaces.AsymmetricVerificationContext) -class _ECDSAVerificationContext(object): - def __init__(self, backend, public_key, signature, algorithm): - self._backend = backend - self._public_key = public_key - self._signature = signature - self._digest = hashes.Hash(algorithm, backend) - - def update(self, data): - self._digest.update(data) - - def verify(self): - ec_key = self._public_key._ec_key - - digest = self._digest.finalize() - - digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) - - res = self._backend._lib.ECDSA_verify( - 0, - digest, - len(digest), - self._signature, - len(self._signature), - ec_key - ) - if res != 1: - self._backend._consume_errors() - raise InvalidSignature - return True - - -@utils.register_interface(interfaces.EllipticCurvePrivateKey) -class _EllipticCurvePrivateKey(object): - def __init__(self, backend, ec_key_cdata, curve): - self._backend = backend - self._ec_key = ec_key_cdata - self._curve = curve - - @property - def curve(self): - return self._curve - - def signer(self, signature_algorithm): - if isinstance(signature_algorithm, ec.ECDSA): - return self._backend._create_ecdsa_signature_ctx( - self, signature_algorithm) - else: - raise UnsupportedAlgorithm( - "Unsupported elliptic curve signature algorithm.", - _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) - - def public_key(self): - public_ec_key = self._backend._public_ec_key_from_private_ec_key( - self._ec_key - ) - - return _EllipticCurvePublicKey( - self._backend, public_ec_key, self._curve) - - -@utils.register_interface(interfaces.EllipticCurvePublicKey) -class _EllipticCurvePublicKey(object): - def __init__(self, backend, ec_key_cdata, curve): - self._backend = backend - self._ec_key = ec_key_cdata - self._curve = curve - - @property - def curve(self): - return self._curve - - def verifier(self, signature, signature_algorithm): - if isinstance(signature_algorithm, ec.ECDSA): - return self._backend._create_ecdsa_verification_ctx( - self, signature, signature_algorithm) - else: - raise UnsupportedAlgorithm( - "Unsupported elliptic curve signature algorithm.", - _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) - - -@utils.register_interface(RSAPrivateKeyWithNumbers) -class _RSAPrivateKey(object): - def __init__(self, backend, rsa_cdata): - self._backend = backend - self._rsa_cdata = rsa_cdata - - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = self._backend._ffi.gc( - evp_pkey, self._backend._lib.EVP_PKEY_free - ) - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 - self._evp_pkey = evp_pkey - - self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n) - - def signer(self, padding, algorithm): - return _RSASignatureContext(self._backend, self, padding, algorithm) - - def decrypt(self, ciphertext, padding): - key_size_bytes = int(math.ceil(self.key_size / 8.0)) - if key_size_bytes != len(ciphertext): - raise ValueError("Ciphertext length must be equal to key size.") - - return self._backend._enc_dec_rsa(self, ciphertext, padding) - - def public_key(self): - ctx = self._backend._lib.RSA_new() - assert ctx != self._backend._ffi.NULL - ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free) - ctx.e = self._backend._lib.BN_dup(self._rsa_cdata.e) - ctx.n = self._backend._lib.BN_dup(self._rsa_cdata.n) - res = self._backend._lib.RSA_blinding_on(ctx, self._backend._ffi.NULL) - assert res == 1 - return _RSAPublicKey(self._backend, ctx) - - def private_numbers(self): - return rsa.RSAPrivateNumbers( - p=self._backend._bn_to_int(self._rsa_cdata.p), - q=self._backend._bn_to_int(self._rsa_cdata.q), - d=self._backend._bn_to_int(self._rsa_cdata.d), - dmp1=self._backend._bn_to_int(self._rsa_cdata.dmp1), - dmq1=self._backend._bn_to_int(self._rsa_cdata.dmq1), - iqmp=self._backend._bn_to_int(self._rsa_cdata.iqmp), - public_numbers=rsa.RSAPublicNumbers( - e=self._backend._bn_to_int(self._rsa_cdata.e), - n=self._backend._bn_to_int(self._rsa_cdata.n), - ) - ) - - -@utils.register_interface(RSAPublicKeyWithNumbers) -class _RSAPublicKey(object): - def __init__(self, backend, rsa_cdata): - self._backend = backend - self._rsa_cdata = rsa_cdata - - evp_pkey = self._backend._lib.EVP_PKEY_new() - assert evp_pkey != self._backend._ffi.NULL - evp_pkey = self._backend._ffi.gc( - evp_pkey, self._backend._lib.EVP_PKEY_free - ) - res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - assert res == 1 - self._evp_pkey = evp_pkey - - self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n) - - def verifier(self, signature, padding, algorithm): - return _RSAVerificationContext( - self._backend, self, signature, padding, algorithm - ) - - def encrypt(self, plaintext, padding): - return self._backend._enc_dec_rsa(self, plaintext, padding) - - def public_numbers(self): - return rsa.RSAPublicNumbers( - e=self._backend._bn_to_int(self._rsa_cdata.e), - n=self._backend._bn_to_int(self._rsa_cdata.n), - ) - - backend = Backend() diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py new file mode 100644 index 00000000..892d20ea --- /dev/null +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -0,0 +1,175 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import six + +from cryptography import utils +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.asymmetric import ec + + +def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): + _lib = backend._lib + _ffi = backend._ffi + + digest_len = len(digest) + + group = _lib.EC_KEY_get0_group(ec_key_cdata) + + bn_ctx = _lib.BN_CTX_new() + assert bn_ctx != _ffi.NULL + bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free) + + order = _lib.BN_CTX_get(bn_ctx) + assert order != _ffi.NULL + + res = _lib.EC_GROUP_get_order(group, order, bn_ctx) + assert res == 1 + + order_bits = _lib.BN_num_bits(order) + + if 8 * digest_len > order_bits: + digest_len = (order_bits + 7) // 8 + digest = digest[:digest_len] + + if 8 * digest_len > order_bits: + rshift = 8 - (order_bits & 0x7) + assert rshift > 0 and rshift < 8 + + mask = 0xFF >> rshift << rshift + + # Set the bottom rshift bits to 0 + digest = digest[:-1] + six.int2byte(six.indexbytes(digest, -1) & mask) + + return digest + + +@utils.register_interface(interfaces.AsymmetricSignatureContext) +class _ECDSASignatureContext(object): + def __init__(self, backend, private_key, algorithm): + self._backend = backend + self._private_key = private_key + self._digest = hashes.Hash(algorithm, backend) + + def update(self, data): + self._digest.update(data) + + def finalize(self): + ec_key = self._private_key._ec_key + + digest = self._digest.finalize() + + digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) + + max_size = self._backend._lib.ECDSA_size(ec_key) + assert max_size > 0 + + sigbuf = self._backend._ffi.new("char[]", max_size) + siglen_ptr = self._backend._ffi.new("unsigned int[]", 1) + res = self._backend._lib.ECDSA_sign( + 0, + digest, + len(digest), + sigbuf, + siglen_ptr, + ec_key + ) + assert res == 1 + return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]] + + +@utils.register_interface(interfaces.AsymmetricVerificationContext) +class _ECDSAVerificationContext(object): + def __init__(self, backend, public_key, signature, algorithm): + self._backend = backend + self._public_key = public_key + self._signature = signature + self._digest = hashes.Hash(algorithm, backend) + + def update(self, data): + self._digest.update(data) + + def verify(self): + ec_key = self._public_key._ec_key + + digest = self._digest.finalize() + + digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) + + res = self._backend._lib.ECDSA_verify( + 0, + digest, + len(digest), + self._signature, + len(self._signature), + ec_key + ) + if res != 1: + self._backend._consume_errors() + raise InvalidSignature + return True + + +@utils.register_interface(interfaces.EllipticCurvePrivateKey) +class _EllipticCurvePrivateKey(object): + def __init__(self, backend, ec_key_cdata, curve): + self._backend = backend + self._ec_key = ec_key_cdata + self._curve = curve + + @property + def curve(self): + return self._curve + + def signer(self, signature_algorithm): + if isinstance(signature_algorithm, ec.ECDSA): + return self._backend._create_ecdsa_signature_ctx( + self, signature_algorithm) + else: + raise UnsupportedAlgorithm( + "Unsupported elliptic curve signature algorithm.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + + def public_key(self): + public_ec_key = self._backend._public_ec_key_from_private_ec_key( + self._ec_key + ) + + return _EllipticCurvePublicKey( + self._backend, public_ec_key, self._curve) + + +@utils.register_interface(interfaces.EllipticCurvePublicKey) +class _EllipticCurvePublicKey(object): + def __init__(self, backend, ec_key_cdata, curve): + self._backend = backend + self._ec_key = ec_key_cdata + self._curve = curve + + @property + def curve(self): + return self._curve + + def verifier(self, signature, signature_algorithm): + if isinstance(signature_algorithm, ec.ECDSA): + return self._backend._create_ecdsa_verification_ctx( + self, signature, signature_algorithm) + else: + raise UnsupportedAlgorithm( + "Unsupported elliptic curve signature algorithm.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py new file mode 100644 index 00000000..2fada1b9 --- /dev/null +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -0,0 +1,491 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import math + +from cryptography import utils +from cryptography.exceptions import ( + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives.asymmetric.padding import ( + MGF1, PKCS1v15, PSS +) +from cryptography.hazmat.primitives.interfaces import ( + RSAPrivateKeyWithNumbers, RSAPublicKeyWithNumbers +) + + +def _get_rsa_pss_salt_length(pss, key_size, digest_size): + if pss._mgf._salt_length is not None: + salt = pss._mgf._salt_length + else: + salt = pss._salt_length + + if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH: + # bit length - 1 per RFC 3447 + emlen = int(math.ceil((key_size - 1) / 8.0)) + salt_length = emlen - digest_size - 2 + assert salt_length >= 0 + return salt_length + else: + return salt + + +@utils.register_interface(interfaces.AsymmetricSignatureContext) +class _RSASignatureContext(object): + def __init__(self, backend, private_key, padding, algorithm): + self._backend = backend + self._private_key = private_key + + if not isinstance(padding, interfaces.AsymmetricPadding): + raise TypeError( + "Expected provider of interfaces.AsymmetricPadding.") + + self._pkey_size = self._backend._lib.EVP_PKEY_size( + self._private_key._evp_pkey + ) + + if isinstance(padding, PKCS1v15): + if self._backend._lib.Cryptography_HAS_PKEY_CTX: + self._finalize_method = self._finalize_pkey_ctx + self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING + else: + self._finalize_method = self._finalize_pkcs1 + elif isinstance(padding, PSS): + if not isinstance(padding._mgf, MGF1): + raise UnsupportedAlgorithm( + "Only MGF1 is supported by this backend.", + _Reasons.UNSUPPORTED_MGF + ) + + # Size of key in bytes - 2 is the maximum + # PSS signature length (salt length is checked later) + assert self._pkey_size > 0 + if self._pkey_size - algorithm.digest_size - 2 < 0: + raise ValueError("Digest too large for key size. Use a larger " + "key.") + + if not self._backend._mgf1_hash_supported(padding._mgf._algorithm): + raise UnsupportedAlgorithm( + "When OpenSSL is older than 1.0.1 then only SHA1 is " + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH + ) + + if self._backend._lib.Cryptography_HAS_PKEY_CTX: + self._finalize_method = self._finalize_pkey_ctx + self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING + else: + self._finalize_method = self._finalize_pss + else: + raise UnsupportedAlgorithm( + "{0} is not supported by this backend.".format(padding.name), + _Reasons.UNSUPPORTED_PADDING + ) + + self._padding = padding + self._algorithm = algorithm + self._hash_ctx = hashes.Hash(self._algorithm, self._backend) + + def update(self, data): + self._hash_ctx.update(data) + + def finalize(self): + evp_md = self._backend._lib.EVP_get_digestbyname( + self._algorithm.name.encode("ascii")) + assert evp_md != self._backend._ffi.NULL + + return self._finalize_method(evp_md) + + def _finalize_pkey_ctx(self, evp_md): + pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( + self._private_key._evp_pkey, self._backend._ffi.NULL + ) + assert pkey_ctx != self._backend._ffi.NULL + pkey_ctx = self._backend._ffi.gc(pkey_ctx, + self._backend._lib.EVP_PKEY_CTX_free) + res = self._backend._lib.EVP_PKEY_sign_init(pkey_ctx) + assert res == 1 + res = self._backend._lib.EVP_PKEY_CTX_set_signature_md( + pkey_ctx, evp_md) + assert res > 0 + + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding( + pkey_ctx, self._padding_enum) + assert res > 0 + if isinstance(self._padding, PSS): + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( + pkey_ctx, + _get_rsa_pss_salt_length( + self._padding, + self._private_key.key_size, + self._hash_ctx.algorithm.digest_size + ) + ) + assert res > 0 + + if self._backend._lib.Cryptography_HAS_MGF1_MD: + # MGF1 MD is configurable in OpenSSL 1.0.1+ + mgf1_md = self._backend._lib.EVP_get_digestbyname( + self._padding._mgf._algorithm.name.encode("ascii")) + assert mgf1_md != self._backend._ffi.NULL + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md( + pkey_ctx, mgf1_md + ) + assert res > 0 + data_to_sign = self._hash_ctx.finalize() + buflen = self._backend._ffi.new("size_t *") + res = self._backend._lib.EVP_PKEY_sign( + pkey_ctx, + self._backend._ffi.NULL, + buflen, + data_to_sign, + len(data_to_sign) + ) + assert res == 1 + buf = self._backend._ffi.new("unsigned char[]", buflen[0]) + res = self._backend._lib.EVP_PKEY_sign( + pkey_ctx, buf, buflen, data_to_sign, len(data_to_sign)) + if res != 1: + errors = self._backend._consume_errors() + assert errors[0].lib == self._backend._lib.ERR_LIB_RSA + reason = None + if (errors[0].reason == + self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE): + reason = ("Salt length too long for key size. Try using " + "MAX_LENGTH instead.") + elif (errors[0].reason == + self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY): + reason = "Digest too large for key size. Use a larger key." + assert reason is not None + raise ValueError(reason) + + return self._backend._ffi.buffer(buf)[:] + + def _finalize_pkcs1(self, evp_md): + if self._hash_ctx._ctx is None: + raise AlreadyFinalized("Context has already been finalized.") + + sig_buf = self._backend._ffi.new("char[]", self._pkey_size) + sig_len = self._backend._ffi.new("unsigned int *") + res = self._backend._lib.EVP_SignFinal( + self._hash_ctx._ctx._ctx, + sig_buf, + sig_len, + self._private_key._evp_pkey + ) + self._hash_ctx.finalize() + if res == 0: + errors = self._backend._consume_errors() + assert errors[0].lib == self._backend._lib.ERR_LIB_RSA + assert (errors[0].reason == + self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY) + raise ValueError("Digest too large for key size. Use a larger " + "key.") + + return self._backend._ffi.buffer(sig_buf)[:sig_len[0]] + + def _finalize_pss(self, evp_md): + data_to_sign = self._hash_ctx.finalize() + padded = self._backend._ffi.new("unsigned char[]", self._pkey_size) + res = self._backend._lib.RSA_padding_add_PKCS1_PSS( + self._private_key._rsa_cdata, + padded, + data_to_sign, + evp_md, + _get_rsa_pss_salt_length( + self._padding, + self._private_key.key_size, + len(data_to_sign) + ) + ) + if res != 1: + errors = self._backend._consume_errors() + assert errors[0].lib == self._backend._lib.ERR_LIB_RSA + assert (errors[0].reason == + self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE) + raise ValueError("Salt length too long for key size. Try using " + "MAX_LENGTH instead.") + + sig_buf = self._backend._ffi.new("char[]", self._pkey_size) + sig_len = self._backend._lib.RSA_private_encrypt( + self._pkey_size, + padded, + sig_buf, + self._private_key._rsa_cdata, + self._backend._lib.RSA_NO_PADDING + ) + assert sig_len != -1 + return self._backend._ffi.buffer(sig_buf)[:sig_len] + + +@utils.register_interface(interfaces.AsymmetricVerificationContext) +class _RSAVerificationContext(object): + def __init__(self, backend, public_key, signature, padding, algorithm): + self._backend = backend + self._public_key = public_key + self._signature = signature + + if not isinstance(padding, interfaces.AsymmetricPadding): + raise TypeError( + "Expected provider of interfaces.AsymmetricPadding.") + + self._pkey_size = self._backend._lib.EVP_PKEY_size( + self._public_key._evp_pkey + ) + + if isinstance(padding, PKCS1v15): + if self._backend._lib.Cryptography_HAS_PKEY_CTX: + self._verify_method = self._verify_pkey_ctx + self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING + else: + self._verify_method = self._verify_pkcs1 + elif isinstance(padding, PSS): + if not isinstance(padding._mgf, MGF1): + raise UnsupportedAlgorithm( + "Only MGF1 is supported by this backend.", + _Reasons.UNSUPPORTED_MGF + ) + + # Size of key in bytes - 2 is the maximum + # PSS signature length (salt length is checked later) + assert self._pkey_size > 0 + if self._pkey_size - algorithm.digest_size - 2 < 0: + raise ValueError( + "Digest too large for key size. Check that you have the " + "correct key and digest algorithm." + ) + + if not self._backend._mgf1_hash_supported(padding._mgf._algorithm): + raise UnsupportedAlgorithm( + "When OpenSSL is older than 1.0.1 then only SHA1 is " + "supported with MGF1.", + _Reasons.UNSUPPORTED_HASH + ) + + if self._backend._lib.Cryptography_HAS_PKEY_CTX: + self._verify_method = self._verify_pkey_ctx + self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING + else: + self._verify_method = self._verify_pss + else: + raise UnsupportedAlgorithm( + "{0} is not supported by this backend.".format(padding.name), + _Reasons.UNSUPPORTED_PADDING + ) + + self._padding = padding + self._algorithm = algorithm + self._hash_ctx = hashes.Hash(self._algorithm, self._backend) + + def update(self, data): + self._hash_ctx.update(data) + + def verify(self): + evp_md = self._backend._lib.EVP_get_digestbyname( + self._algorithm.name.encode("ascii")) + assert evp_md != self._backend._ffi.NULL + + self._verify_method(evp_md) + + def _verify_pkey_ctx(self, evp_md): + pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new( + self._public_key._evp_pkey, self._backend._ffi.NULL + ) + assert pkey_ctx != self._backend._ffi.NULL + pkey_ctx = self._backend._ffi.gc(pkey_ctx, + self._backend._lib.EVP_PKEY_CTX_free) + res = self._backend._lib.EVP_PKEY_verify_init(pkey_ctx) + assert res == 1 + res = self._backend._lib.EVP_PKEY_CTX_set_signature_md( + pkey_ctx, evp_md) + assert res > 0 + + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding( + pkey_ctx, self._padding_enum) + assert res > 0 + if isinstance(self._padding, PSS): + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( + pkey_ctx, + _get_rsa_pss_salt_length( + self._padding, + self._public_key.key_size, + self._hash_ctx.algorithm.digest_size + ) + ) + assert res > 0 + if self._backend._lib.Cryptography_HAS_MGF1_MD: + # MGF1 MD is configurable in OpenSSL 1.0.1+ + mgf1_md = self._backend._lib.EVP_get_digestbyname( + self._padding._mgf._algorithm.name.encode("ascii")) + assert mgf1_md != self._backend._ffi.NULL + res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md( + pkey_ctx, mgf1_md + ) + assert res > 0 + + data_to_verify = self._hash_ctx.finalize() + res = self._backend._lib.EVP_PKEY_verify( + pkey_ctx, + self._signature, + len(self._signature), + data_to_verify, + len(data_to_verify) + ) + # The previous call can return negative numbers in the event of an + # error. This is not a signature failure but we need to fail if it + # occurs. + assert res >= 0 + if res == 0: + errors = self._backend._consume_errors() + assert errors + raise InvalidSignature + + def _verify_pkcs1(self, evp_md): + if self._hash_ctx._ctx is None: + raise AlreadyFinalized("Context has already been finalized.") + + res = self._backend._lib.EVP_VerifyFinal( + self._hash_ctx._ctx._ctx, + self._signature, + len(self._signature), + self._public_key._evp_pkey + ) + self._hash_ctx.finalize() + # The previous call can return negative numbers in the event of an + # error. This is not a signature failure but we need to fail if it + # occurs. + assert res >= 0 + if res == 0: + errors = self._backend._consume_errors() + assert errors + raise InvalidSignature + + def _verify_pss(self, evp_md): + buf = self._backend._ffi.new("unsigned char[]", self._pkey_size) + res = self._backend._lib.RSA_public_decrypt( + len(self._signature), + self._signature, + buf, + self._public_key._rsa_cdata, + self._backend._lib.RSA_NO_PADDING + ) + if res != self._pkey_size: + errors = self._backend._consume_errors() + assert errors + raise InvalidSignature + + data_to_verify = self._hash_ctx.finalize() + res = self._backend._lib.RSA_verify_PKCS1_PSS( + self._public_key._rsa_cdata, + data_to_verify, + evp_md, + buf, + _get_rsa_pss_salt_length( + self._padding, + self._public_key.key_size, + len(data_to_verify) + ) + ) + if res != 1: + errors = self._backend._consume_errors() + assert errors + raise InvalidSignature + + +@utils.register_interface(RSAPrivateKeyWithNumbers) +class _RSAPrivateKey(object): + def __init__(self, backend, rsa_cdata): + self._backend = backend + self._rsa_cdata = rsa_cdata + + evp_pkey = self._backend._lib.EVP_PKEY_new() + assert evp_pkey != self._backend._ffi.NULL + evp_pkey = self._backend._ffi.gc( + evp_pkey, self._backend._lib.EVP_PKEY_free + ) + res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) + assert res == 1 + self._evp_pkey = evp_pkey + + self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n) + + def signer(self, padding, algorithm): + return _RSASignatureContext(self._backend, self, padding, algorithm) + + def decrypt(self, ciphertext, padding): + key_size_bytes = int(math.ceil(self.key_size / 8.0)) + if key_size_bytes != len(ciphertext): + raise ValueError("Ciphertext length must be equal to key size.") + + return self._backend._enc_dec_rsa(self, ciphertext, padding) + + def public_key(self): + ctx = self._backend._lib.RSA_new() + assert ctx != self._backend._ffi.NULL + ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free) + ctx.e = self._backend._lib.BN_dup(self._rsa_cdata.e) + ctx.n = self._backend._lib.BN_dup(self._rsa_cdata.n) + res = self._backend._lib.RSA_blinding_on(ctx, self._backend._ffi.NULL) + assert res == 1 + return _RSAPublicKey(self._backend, ctx) + + def private_numbers(self): + return rsa.RSAPrivateNumbers( + p=self._backend._bn_to_int(self._rsa_cdata.p), + q=self._backend._bn_to_int(self._rsa_cdata.q), + d=self._backend._bn_to_int(self._rsa_cdata.d), + dmp1=self._backend._bn_to_int(self._rsa_cdata.dmp1), + dmq1=self._backend._bn_to_int(self._rsa_cdata.dmq1), + iqmp=self._backend._bn_to_int(self._rsa_cdata.iqmp), + public_numbers=rsa.RSAPublicNumbers( + e=self._backend._bn_to_int(self._rsa_cdata.e), + n=self._backend._bn_to_int(self._rsa_cdata.n), + ) + ) + + +@utils.register_interface(RSAPublicKeyWithNumbers) +class _RSAPublicKey(object): + def __init__(self, backend, rsa_cdata): + self._backend = backend + self._rsa_cdata = rsa_cdata + + evp_pkey = self._backend._lib.EVP_PKEY_new() + assert evp_pkey != self._backend._ffi.NULL + evp_pkey = self._backend._ffi.gc( + evp_pkey, self._backend._lib.EVP_PKEY_free + ) + res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) + assert res == 1 + self._evp_pkey = evp_pkey + + self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n) + + def verifier(self, signature, padding, algorithm): + return _RSAVerificationContext( + self._backend, self, signature, padding, algorithm + ) + + def encrypt(self, plaintext, padding): + return self._backend._enc_dec_rsa(self, plaintext, padding) + + def public_numbers(self): + return rsa.RSAPublicNumbers( + e=self._backend._bn_to_int(self._rsa_cdata.e), + n=self._backend._bn_to_int(self._rsa_cdata.n), + ) diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py index 9bd03a7c..713bc566 100644 --- a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py +++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py @@ -101,7 +101,7 @@ MACROS = """ """ CUSTOMIZATIONS = """ -// Not defined in the public header +/* Not defined in the public header */ enum { kCCModeGCM = 11 }; diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py index b0e00721..e4071523 100644 --- a/cryptography/hazmat/bindings/openssl/aes.py +++ b/cryptography/hazmat/bindings/openssl/aes.py @@ -29,12 +29,6 @@ typedef struct aes_key_st AES_KEY; FUNCTIONS = """ int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); -/* The ctr128_encrypt function is only useful in 0.9.8. You should use EVP for - this in 1.0.0+. */ -void AES_ctr128_encrypt(const unsigned char *, unsigned char *, - const unsigned long, const AES_KEY *, - unsigned char[], unsigned char[], unsigned int *); - """ MACROS = """ @@ -44,10 +38,18 @@ int AES_wrap_key(AES_KEY *, const unsigned char *, unsigned char *, const unsigned char *, unsigned int); int AES_unwrap_key(AES_KEY *, const unsigned char *, unsigned char *, const unsigned char *, unsigned int); + +/* The ctr128_encrypt function is only useful in 0.9.8. You should use EVP for + this in 1.0.0+. It is defined in macros because the function signature + changed after 0.9.8 */ +void AES_ctr128_encrypt(const unsigned char *, unsigned char *, + const size_t, const AES_KEY *, + unsigned char[], unsigned char[], unsigned int *); + """ CUSTOMIZATIONS = """ -// OpenSSL 0.9.8h+ +/* OpenSSL 0.9.8h+ */ #if OPENSSL_VERSION_NUMBER >= 0x0090808fL static const long Cryptography_HAS_AES_WRAP = 1; #else diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 464081b0..554c3c3e 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -74,6 +74,7 @@ class Binding(object): "x509", "x509name", "x509v3", + "x509_vfy" ] _locks = None diff --git a/cryptography/hazmat/bindings/openssl/cms.py b/cryptography/hazmat/bindings/openssl/cms.py index a3760f2c..cbf4b283 100644 --- a/cryptography/hazmat/bindings/openssl/cms.py +++ b/cryptography/hazmat/bindings/openssl/cms.py @@ -15,8 +15,8 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ #if !defined(OPENSSL_NO_CMS) && OPENSSL_VERSION_NUMBER >= 0x0090808fL -// The next define should really be in the OpenSSL header, but it is missing. -// Failing to include this on Windows causes compilation failures. +/* The next define should really be in the OpenSSL header, but it is missing. + Failing to include this on Windows causes compilation failures. */ #if defined(OPENSSL_SYS_WINDOWS) #include <windows.h> #endif diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index a0f99479..e2e8976e 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -19,13 +19,13 @@ INCLUDES = """ TYPES = """ typedef struct dh_st { - // prime number (shared) + /* Prime number (shared) */ BIGNUM *p; - // generator of Z_p (shared) + /* Generator of Z_p (shared) */ BIGNUM *g; - // private DH value x + /* Private DH value x */ BIGNUM *priv_key; - // public DH value g^x + /* Public DH value g^x */ BIGNUM *pub_key; ...; } DH; diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 7db03326..c9aa8882 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -19,15 +19,15 @@ INCLUDES = """ TYPES = """ typedef struct dsa_st { - // prime number (public) + /* Prime number (public) */ BIGNUM *p; - // 160-bit subprime, q | p-1 (public) + /* Subprime (160-bit, q | p-1, public) */ BIGNUM *q; - // generator of subgroup (public) + /* Generator of subgroup (public) */ BIGNUM *g; - // private key x + /* Private key x */ BIGNUM *priv_key; - // public key y = g^x + /* Public key y = g^x */ BIGNUM *pub_key; ...; } DSA; diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index f685e494..232060a2 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -21,6 +21,7 @@ TYPES = """ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; static const int Cryptography_HAS_098C_CAMELLIA_CODES; +static const int Cryptography_HAS_EC_CODES; struct ERR_string_data_st { unsigned long error; @@ -28,8 +29,8 @@ struct ERR_string_data_st { }; typedef struct ERR_string_data_st ERR_STRING_DATA; - static const int ERR_LIB_EVP; +static const int ERR_LIB_EC; static const int ERR_LIB_PEM; static const int ERR_LIB_ASN1; static const int ERR_LIB_RSA; @@ -173,6 +174,10 @@ static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM; static const int EVP_R_WRONG_FINAL_BLOCK_LENGTH; static const int EVP_R_WRONG_PUBLIC_KEY_TYPE; +static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME; + +static const int EC_R_UNKNOWN_GROUP; + static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; static const int PEM_F_D2I_PKCS8PRIVATEKEY_FP; static const int PEM_F_DO_PK8PKEY; @@ -285,7 +290,7 @@ typedef uint32_t CRYPTO_THREADID; void (*ERR_remove_thread_state)(const CRYPTO_THREADID *) = NULL; #endif -// OpenSSL 0.9.8h+ +/* OpenSSL 0.9.8h+ */ #if OPENSSL_VERSION_NUMBER >= 0x0090808fL static const long Cryptography_HAS_098H_ERROR_CODES = 1; #else @@ -299,7 +304,7 @@ static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0; static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0; #endif -// OpenSSL 0.9.8c+ +/* OpenSSL 0.9.8c+ */ #ifdef EVP_F_CAMELLIA_INIT_KEY static const long Cryptography_HAS_098C_CAMELLIA_CODES = 1; #else @@ -308,6 +313,14 @@ static const int EVP_F_CAMELLIA_INIT_KEY = 0; static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0; #endif +// OpenSSL without EC. e.g. RHEL +#ifndef OPENSSL_NO_EC +static const long Cryptography_HAS_EC_CODES = 1; +#else +static const long Cryptography_HAS_EC_CODES = 0; +static const int EC_R_UNKNOWN_GROUP = 0; +static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0; +#endif """ CONDITIONAL_NAMES = { @@ -326,5 +339,9 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_098C_CAMELLIA_CODES": [ "EVP_F_CAMELLIA_INIT_KEY", "EVP_R_CAMELLIA_KEY_SETUP_FAILED" + ], + "Cryptography_HAS_EC_CODES": [ + "EC_R_UNKNOWN_GROUP", + "EC_F_EC_GROUP_NEW_BY_CURVE_NAME" ] } diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py index b3d958e6..11834509 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/bindings/openssl/evp.py @@ -139,7 +139,8 @@ int PKCS5_PBKDF2_HMAC(const char *, int, const unsigned char *, int, int, int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *); -// not macros but must be in this section since they're not available in 0.9.8 +/* These aren't macros, but must be in this section because they're not + available in 0.9.8. */ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *); diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py index ea6fd4d6..7fa08660 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/bindings/openssl/nid.py @@ -193,7 +193,7 @@ MACROS = """ """ CUSTOMIZATIONS = """ -// OpenSSL 0.9.8g+ +/* OpenSSL 0.9.8g+ */ #if OPENSSL_VERSION_NUMBER >= 0x0090807fL static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 1; #else diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index c6356101..cb8e701e 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -80,7 +80,7 @@ CUSTOMIZATIONS = """ #if OPENSSL_VERSION_NUMBER >= 0x10000000 static const long Cryptography_HAS_PSS_PADDING = 1; #else -// see evp.py for the definition of Cryptography_HAS_PKEY_CTX +/* see evp.py for the definition of Cryptography_HAS_PKEY_CTX */ static const long Cryptography_HAS_PSS_PADDING = 0; int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL; int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL; diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 165bc7a1..7d805e78 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -127,9 +127,6 @@ static const long SSL_MODE_ENABLE_PARTIAL_WRITE; static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; static const long SSL_MODE_AUTO_RETRY; static const long SSL3_RANDOM_SIZE; -typedef ... X509_STORE_CTX; -static const long X509_V_OK; -static const long X509_V_ERR_APPLICATION_VERIFICATION; typedef ... SSL_METHOD; typedef struct ssl_st { int version; @@ -228,16 +225,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); - -/* X509_STORE_CTX */ -int X509_STORE_CTX_get_error(X509_STORE_CTX *); -void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *); -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *); -int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *); -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int); - - /* SSL_SESSION */ void SSL_SESSION_free(SSL_SESSION *); @@ -469,7 +456,7 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 0; const long SSL_OP_NO_TICKET = 0; #endif -// OpenSSL 0.9.8f+ +/* OpenSSL 0.9.8f+ */ #if OPENSSL_VERSION_NUMBER >= 0x00908070L static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; #else @@ -496,7 +483,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; static const long Cryptography_HAS_NETBSD_D1_METH = 1; #endif -// Workaround for #794 caused by cffi const** bug. +/* Workaround for #794 caused by cffi const** bug. */ const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { return ctx->method; } @@ -532,7 +519,7 @@ void (*SSL_get0_next_proto_negotiated)(const SSL *, static const long Cryptography_HAS_NEXTPROTONEG = 1; #endif -// ALPN was added in OpenSSL 1.0.2. +/* ALPN was added in OpenSSL 1.0.2. */ #if OPENSSL_VERSION_NUMBER < 0x10002001L int (*SSL_CTX_set_alpn_protos)(SSL_CTX *, const unsigned char*, diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py index 36a15e4a..b74c118b 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/bindings/openssl/x509.py @@ -24,11 +24,13 @@ INCLUDES = """ * Note that the result is an opaque type. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_CRL; typedef ... Cryptography_STACK_OF_X509_REVOKED; typedef struct { @@ -76,7 +78,6 @@ typedef struct { ...; } X509; -typedef ... X509_STORE; typedef ... NETSCAPE_SPKI; """ @@ -166,12 +167,6 @@ EVP_PKEY *d2i_PUBKEY_bio(BIO *, EVP_PKEY **); ASN1_INTEGER *X509_get_serialNumber(X509 *); int X509_set_serialNumber(X509 *, ASN1_INTEGER *); -/* X509_STORE */ -X509_STORE *X509_STORE_new(void); -void X509_STORE_free(X509_STORE *); -int X509_STORE_add_cert(X509_STORE *, X509 *); -int X509_verify_cert(X509_STORE_CTX *); - const char *X509_verify_cert_error_string(long); const char *X509_get_default_cert_area(void); @@ -190,7 +185,6 @@ DSA *d2i_DSA_PUBKEY(DSA **, const unsigned char **, long); DSA *d2i_DSAPublicKey(DSA **, const unsigned char **, long); DSA *d2i_DSAPrivateKey(DSA **, const unsigned char **, long); - RSA *d2i_RSAPrivateKey_bio(BIO *, RSA **); int i2d_RSAPrivateKey_bio(BIO *, RSA *); RSA *d2i_RSAPublicKey_bio(BIO *, RSA **); @@ -237,7 +231,7 @@ int i2d_DSAPrivateKey(DSA *, unsigned char **); int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); -/* these use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for +/* These use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for RHEL/CentOS 5 we should move these back to FUNCTIONS. */ int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *); @@ -251,7 +245,7 @@ int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); """ CUSTOMIZATIONS = """ -// OpenSSL 0.9.8e does not have this definition +/* OpenSSL 0.9.8e does not have this definition. */ #if OPENSSL_VERSION_NUMBER <= 0x0090805fL typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; #endif diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py new file mode 100644 index 00000000..a53716b0 --- /dev/null +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -0,0 +1,337 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#include <openssl/x509_vfy.h> + +/* + * This is part of a work-around for the difficulty cffi has in dealing with + * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that + * will be an alias for this type and use the alias throughout. This works + * together with another opaque typedef for the same name in the TYPES section. + * Note that the result is an opaque type. + */ +typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; +""" + +TYPES = """ +static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS; +static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES; +static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; +static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES; +static const long Cryptography_HAS_100_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; + +typedef ... Cryptography_STACK_OF_ASN1_OBJECT; + +typedef ... X509_STORE; +typedef ... X509_STORE_CTX; +typedef ... X509_VERIFY_PARAM; + +/* While these are defined in the source as ints, they're tagged here + as longs, just in case they ever grow to large, such as what we saw + with OP_ALL. */ + +/* Verification error codes */ +static const int X509_V_OK; +static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; +static const int X509_V_ERR_UNABLE_TO_GET_CRL; +static const int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE; +static const int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE; +static const int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; +static const int X509_V_ERR_CERT_SIGNATURE_FAILURE; +static const int X509_V_ERR_CRL_SIGNATURE_FAILURE; +static const int X509_V_ERR_CERT_NOT_YET_VALID; +static const int X509_V_ERR_CERT_HAS_EXPIRED; +static const int X509_V_ERR_CRL_NOT_YET_VALID; +static const int X509_V_ERR_CRL_HAS_EXPIRED; +static const int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; +static const int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; +static const int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; +static const int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; +static const int X509_V_ERR_OUT_OF_MEM; +static const int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; +static const int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; +static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +static const int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; +static const int X509_V_ERR_CERT_CHAIN_TOO_LONG; +static const int X509_V_ERR_CERT_REVOKED; +static const int X509_V_ERR_INVALID_CA; +static const int X509_V_ERR_PATH_LENGTH_EXCEEDED; +static const int X509_V_ERR_INVALID_PURPOSE; +static const int X509_V_ERR_CERT_UNTRUSTED; +static const int X509_V_ERR_CERT_REJECTED; +static const int X509_V_ERR_SUBJECT_ISSUER_MISMATCH; +static const int X509_V_ERR_AKID_SKID_MISMATCH; +static const int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +static const int X509_V_ERR_KEYUSAGE_NO_CERTSIGN; +static const int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; +static const int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; +static const int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; +static const int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; +static const int X509_V_ERR_INVALID_NON_CA; +static const int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; +static const int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; +static const int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; +static const int X509_V_ERR_INVALID_EXTENSION; +static const int X509_V_ERR_INVALID_POLICY_EXTENSION; +static const int X509_V_ERR_NO_EXPLICIT_POLICY; +static const int X509_V_ERR_DIFFERENT_CRL_SCOPE; +static const int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE; +static const int X509_V_ERR_UNNESTED_RESOURCE; +static const int X509_V_ERR_PERMITTED_VIOLATION; +static const int X509_V_ERR_EXCLUDED_VIOLATION; +static const int X509_V_ERR_SUBTREE_MINMAX; +static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; +static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; +static const int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; +static const int X509_V_ERR_CRL_PATH_VALIDATION_ERROR; +static const int X509_V_ERR_SUITE_B_INVALID_VERSION; +static const int X509_V_ERR_SUITE_B_INVALID_ALGORITHM; +static const int X509_V_ERR_SUITE_B_INVALID_CURVE; +static const int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; +static const int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; +static const int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; +static const int X509_V_ERR_HOSTNAME_MISMATCH; +static const int X509_V_ERR_EMAIL_MISMATCH; +static const int X509_V_ERR_IP_ADDRESS_MISMATCH; +static const int X509_V_ERR_APPLICATION_VERIFICATION; + +/* Verification parameters */ +static const long X509_V_FLAG_CB_ISSUER_CHECK; +static const long X509_V_FLAG_USE_CHECK_TIME; +static const long X509_V_FLAG_CRL_CHECK; +static const long X509_V_FLAG_CRL_CHECK_ALL; +static const long X509_V_FLAG_IGNORE_CRITICAL; +static const long X509_V_FLAG_X509_STRICT; +static const long X509_V_FLAG_ALLOW_PROXY_CERTS; +static const long X509_V_FLAG_POLICY_CHECK; +static const long X509_V_FLAG_EXPLICIT_POLICY; +static const long X509_V_FLAG_INHIBIT_ANY; +static const long X509_V_FLAG_INHIBIT_MAP; +static const long X509_V_FLAG_NOTIFY_POLICY; +static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT; +static const long X509_V_FLAG_USE_DELTAS; +static const long X509_V_FLAG_CHECK_SS_SIGNATURE; +static const long X509_V_FLAG_TRUSTED_FIRST; +static const long X509_V_FLAG_SUITEB_128_LOS_ONLY; +static const long X509_V_FLAG_SUITEB_192_LOS; +static const long X509_V_FLAG_SUITEB_128_LOS; +static const long X509_V_FLAG_PARTIAL_CHAIN; +""" + +FUNCTIONS = """ +int X509_verify_cert(X509_STORE_CTX *); + +/* X509_STORE */ +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *); +int X509_STORE_add_cert(X509_STORE *, X509 *); + +/* X509_STORE_CTX */ +X509_STORE_CTX *X509_STORE_CTX_new(void); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *); +void X509_STORE_CTX_free(X509_STORE_CTX *); +int X509_STORE_CTX_init(X509_STORE_CTX *, X509_STORE *, X509 *, + Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, + Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *); +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); +int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *, + int (*)(int, X509_STORE_CTX *)); +Cryptography_STACK_OF_X509 *X509_STORE_CTX_get_chain(X509_STORE_CTX *); +Cryptography_STACK_OF_X509 *X509_STORE_CTX_get1_chain(X509_STORE_CTX *); +int X509_STORE_CTX_get_error(X509_STORE_CTX *); +void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *); +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int); + +/* X509_VERIFY_PARAM */ +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *, unsigned long); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *, unsigned long); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *, int); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *, int); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *, time_t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *, ASN1_OBJECT *); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *, + Cryptography_STACK_OF_ASN1_OBJECT *); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *, int); +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *); +""" + +MACROS = """ +/* X509_STORE_CTX */ +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *, + Cryptography_STACK_OF_X509_CRL *); + +/* X509_VERIFY_PARAM */ +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *, const unsigned char *, + size_t); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *, unsigned int); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *, const unsigned char *, + size_t); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *, const unsigned char *, + size_t); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *); +""" + +CUSTOMIZATIONS = """ +/* OpenSSL 1.0.2+, but only some very new releases */ +#ifdef X509_VERIFY_PARAM_set_hostflags +static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS = 1; +#else +static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS = 0; +void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, + unsigned int) = NULL; +#endif + +/* OpenSSL 1.0.2+ verification error codes */ +#if OPENSSL_VERSION_NUMBER >= 0x10002000L +static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; +#else +static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; +static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; +static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; +static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; +static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; +static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; +static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; +static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; +static const long X509_V_ERR_EMAIL_MISMATCH = 0; +static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; +#endif + +/* OpenSSL 1.0.2+ verification parameters */ +#if OPENSSL_VERSION_NUMBER >= 0x10002000L +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; +#else +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; +/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately + below because it shows up in some earlier 3rd party OpenSSL packages. */ +static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; +static const long X509_V_FLAG_SUITEB_192_LOS = 0; +static const long X509_V_FLAG_SUITEB_128_LOS = 0; +static const long X509_V_FLAG_PARTIAL_CHAIN = 0; + +int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const unsigned char *, + size_t) = NULL; +int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const unsigned char *, + size_t) = NULL; +int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, + size_t) = NULL; +int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; +#endif + +/* OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... */ +#ifdef X509_V_FLAG_TRUSTED_FIRST +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; +#else +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; +static const long X509_V_FLAG_TRUSTED_FIRST = 0; +#endif + +/* OpenSSL 1.0.0+ verification error codes */ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES = 1; +#else +static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES = 0; +static const long X509_V_ERR_DIFFERENT_CRL_SCOPE = 0; +static const long X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 0; +static const long X509_V_ERR_PERMITTED_VIOLATION = 0; +static const long X509_V_ERR_EXCLUDED_VIOLATION = 0; +static const long X509_V_ERR_SUBTREE_MINMAX = 0; +static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 0; +static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 0; +static const long X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 0; +static const long X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 0; +#endif + +/* OpenSSL 1.0.0+ verification parameters */ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1; +#else +static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 0; +static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0; +static const long X509_V_FLAG_USE_DELTAS = 0; +#endif + +/* OpenSSL 0.9.8recent+ */ +#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE +static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE = 1; +#else +static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE = 0; +static const long X509_V_FLAG_CHECK_SS_SIGNATURE = 0; +#endif +""" + +CONDITIONAL_NAMES = { + "Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS": [ + "X509_VERIFY_PARAM_set_hostflags", + ], + "Cryptography_HAS_102_VERIFICATION_ERROR_CODES": [ + 'X509_V_ERR_SUITE_B_INVALID_VERSION', + 'X509_V_ERR_SUITE_B_INVALID_ALGORITHM', + 'X509_V_ERR_SUITE_B_INVALID_CURVE', + 'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM', + 'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED', + 'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256', + 'X509_V_ERR_HOSTNAME_MISMATCH', + 'X509_V_ERR_EMAIL_MISMATCH', + 'X509_V_ERR_IP_ADDRESS_MISMATCH' + ], + "Cryptography_HAS_102_VERIFICATION_PARAMS": [ + "X509_V_FLAG_SUITEB_128_LOS_ONLY", + "X509_V_FLAG_SUITEB_192_LOS", + "X509_V_FLAG_SUITEB_128_LOS", + "X509_V_FLAG_PARTIAL_CHAIN", + + "X509_VERIFY_PARAM_set1_host", + "X509_VERIFY_PARAM_set1_email", + "X509_VERIFY_PARAM_set1_ip", + "X509_VERIFY_PARAM_set1_ip_asc", + ], + "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [ + "X509_V_FLAG_TRUSTED_FIRST", + ], + "Cryptography_HAS_100_VERIFICATION_ERROR_CODES": [ + 'X509_V_ERR_DIFFERENT_CRL_SCOPE', + 'X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE', + 'X509_V_ERR_UNNESTED_RESOURCE', + 'X509_V_ERR_PERMITTED_VIOLATION', + 'X509_V_ERR_EXCLUDED_VIOLATION', + 'X509_V_ERR_SUBTREE_MINMAX', + 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE', + 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX', + 'X509_V_ERR_UNSUPPORTED_NAME_SYNTAX', + 'X509_V_ERR_CRL_PATH_VALIDATION_ERROR', + ], + "Cryptography_HAS_100_VERIFICATION_PARAMS": [ + "Cryptography_HAS_100_VERIFICATION_PARAMS", + "X509_V_FLAG_EXTENDED_CRL_SUPPORT", + "X509_V_FLAG_USE_DELTAS", + ], + "Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE": [ + "X509_V_FLAG_CHECK_SS_SIGNATURE", + ] +} diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py index a9ae9ecb..4d78679e 100644 --- a/cryptography/hazmat/primitives/asymmetric/dsa.py +++ b/cryptography/hazmat/primitives/asymmetric/dsa.py @@ -181,3 +181,74 @@ class DSAPublicKey(object): def parameters(self): return DSAParameters(self._modulus, self._subgroup_order, self._generator) + + +class DSAParameterNumbers(object): + def __init__(self, p, q, g): + if ( + not isinstance(p, six.integer_types) or + not isinstance(q, six.integer_types) or + not isinstance(g, six.integer_types) + ): + raise TypeError( + "DSAParameterNumbers p, q, and g arguments must be integers." + ) + + self._p = p + self._q = q + self._g = g + + @property + def p(self): + return self._p + + @property + def q(self): + return self._q + + @property + def g(self): + return self._g + + +class DSAPublicNumbers(object): + def __init__(self, y, parameter_numbers): + if not isinstance(y, six.integer_types): + raise TypeError("DSAPublicNumbers y argument must be an integer.") + + if not isinstance(parameter_numbers, DSAParameterNumbers): + raise TypeError( + "parameter_numbers must be a DSAParameterNumbers instance." + ) + + self._y = y + self._parameter_numbers = parameter_numbers + + @property + def y(self): + return self._y + + @property + def parameter_numbers(self): + return self._parameter_numbers + + +class DSAPrivateNumbers(object): + def __init__(self, x, public_numbers): + if not isinstance(x, six.integer_types): + raise TypeError("DSAPrivateNumbers x argument must be an integer.") + + if not isinstance(public_numbers, DSAPublicNumbers): + raise TypeError( + "public_numbers must be a DSAPublicNumbers instance." + ) + self._public_numbers = public_numbers + self._x = x + + @property + def x(self): + return self._x + + @property + def public_numbers(self): + return self._public_numbers diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 18ca0db2..15ec52ac 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -13,12 +13,13 @@ from __future__ import absolute_import, division, print_function +import warnings + import six from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend -from cryptography.hazmat.primitives import interfaces def generate_private_key(public_exponent, key_size, backend): @@ -93,9 +94,14 @@ def _check_public_key_components(e, n): raise ValueError("e must be odd.") -@utils.register_interface(interfaces.RSAPublicKey) class RSAPublicKey(object): def __init__(self, public_exponent, modulus): + warnings.warn( + "The RSAPublicKey class is deprecated and will be removed in a " + "future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) if ( not isinstance(public_exponent, six.integer_types) or not isinstance(modulus, six.integer_types) @@ -183,10 +189,15 @@ def rsa_crt_dmq1(private_exponent, q): return private_exponent % (q - 1) -@utils.register_interface(interfaces.RSAPrivateKey) class RSAPrivateKey(object): def __init__(self, p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus): + warnings.warn( + "The RSAPrivateKey class is deprecated and will be removed in a " + "future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) if ( not isinstance(p, six.integer_types) or not isinstance(q, six.integer_types) or @@ -213,6 +224,11 @@ class RSAPrivateKey(object): @classmethod def generate(cls, public_exponent, key_size, backend): + warnings.warn( + "generate is deprecated and will be removed in a future version.", + utils.DeprecatedIn05, + stacklevel=2 + ) if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( "Backend object does not implement RSABackend.", @@ -361,6 +377,9 @@ class RSAPrivateNumbers(object): def public_numbers(self): return self._public_numbers + def private_key(self, backend): + return backend.load_rsa_private_numbers(self) + class RSAPublicNumbers(object): def __init__(self, e, n): @@ -380,3 +399,6 @@ class RSAPublicNumbers(object): @property def n(self): return self._n + + def public_key(self, backend): + return backend.load_rsa_public_numbers(self) diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index c6dc1251..ef8640c2 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -186,11 +186,17 @@ class HashContext(object): @six.add_metaclass(abc.ABCMeta) class RSAPrivateKey(object): @abc.abstractmethod - def signer(self, padding, algorithm, backend): + def signer(self, padding, algorithm): """ Returns an AsymmetricSignatureContext used for signing data. """ + @abc.abstractmethod + def decrypt(self, ciphertext, padding): + """ + Decrypts the provided ciphertext. + """ + @abc.abstractproperty def key_size(self): """ @@ -206,6 +212,7 @@ class RSAPrivateKey(object): @six.add_metaclass(abc.ABCMeta) class RSAPrivateKeyWithNumbers(RSAPrivateKey): + @abc.abstractmethod def private_numbers(self): """ Returns an RSAPrivateNumbers. @@ -215,11 +222,17 @@ class RSAPrivateKeyWithNumbers(RSAPrivateKey): @six.add_metaclass(abc.ABCMeta) class RSAPublicKey(object): @abc.abstractmethod - def verifier(self, signature, padding, algorithm, backend): + def verifier(self, signature, padding, algorithm): """ Returns an AsymmetricVerificationContext used for verifying signatures. """ + @abc.abstractmethod + def encrypt(self, plaintext, padding): + """ + Encrypts the given plaintext. + """ + @abc.abstractproperty def key_size(self): """ @@ -229,6 +242,7 @@ class RSAPublicKey(object): @six.add_metaclass(abc.ABCMeta) class RSAPublicKeyWithNumbers(RSAPublicKey): + @abc.abstractmethod def public_numbers(self): """ Returns an RSAPublicNumbers @@ -241,6 +255,15 @@ class DSAParameters(object): @six.add_metaclass(abc.ABCMeta) +class DSAParametersWithNumbers(DSAParameters): + @abc.abstractmethod + def parameter_numbers(self): + """ + Returns a DSAParameterNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) class DSAPrivateKey(object): @abc.abstractproperty def key_size(self): @@ -262,6 +285,15 @@ class DSAPrivateKey(object): @six.add_metaclass(abc.ABCMeta) +class DSAPrivateKeyWithNumbers(DSAPrivateKey): + @abc.abstractmethod + def private_numbers(self): + """ + Returns a DSAPrivateNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) class DSAPublicKey(object): @abc.abstractproperty def key_size(self): @@ -277,6 +309,15 @@ class DSAPublicKey(object): @six.add_metaclass(abc.ABCMeta) +class DSAPublicKeyWithNumbers(DSAPublicKey): + @abc.abstractmethod + def public_numbers(self): + """ + Returns a DSAPublicNumbers. + """ + + +@six.add_metaclass(abc.ABCMeta) class AsymmetricSignatureContext(object): @abc.abstractmethod def update(self, data): diff --git a/cryptography/hazmat/primitives/serialization.py b/cryptography/hazmat/primitives/serialization.py index 056d4a06..ed73c4c4 100644 --- a/cryptography/hazmat/primitives/serialization.py +++ b/cryptography/hazmat/primitives/serialization.py @@ -24,11 +24,3 @@ def load_pem_pkcs8_private_key(data, password, backend): return backend.load_pkcs8_pem_private_key( data, password ) - - -def load_rsa_private_numbers(numbers, backend): - return backend.load_rsa_private_numbers(numbers) - - -def load_rsa_public_numbers(numbers, backend): - return backend.load_rsa_public_numbers(numbers) diff --git a/cryptography/utils.py b/cryptography/utils.py index 484eec90..1db16151 100644 --- a/cryptography/utils.py +++ b/cryptography/utils.py @@ -17,6 +17,7 @@ import sys DeprecatedIn04 = DeprecationWarning +DeprecatedIn05 = PendingDeprecationWarning def register_interface(iface): diff --git a/docs/development/c-bindings.rst b/docs/development/c-bindings.rst new file mode 100644 index 00000000..56963379 --- /dev/null +++ b/docs/development/c-bindings.rst @@ -0,0 +1,192 @@ +C bindings +========== + +C bindings are bindings to C libraries, using cffi_ whenever possible. + +.. _cffi: http://cffi.readthedocs.org + +Bindings live in :py:mod:`cryptography.hazmat.bindings`. + +Style guide +----------- + +Don't name parameters: + +.. code-block:: c + + /* Good */ + long f(long); + /* Bad */ + long f(long x); + +...unless they're inside a struct: + +.. code-block:: c + + struct my_struct { + char *name; + int number; + ...; + }; + +Include ``void`` if the function takes no arguments: + +.. code-block:: c + + /* Good */ + long f(void); + /* Bad */ + long f(); + +Wrap lines at 80 characters like so: + +.. code-block:: c + + /* Pretend this went to 80 characters */ + long f(long, long, + int *) + +Include a space after commas between parameters: + +.. code-block:: c + + /* Good */ + long f(int, char *) + /* Bad */ + long f(int,char *) + +Use C-style ``/* */`` comments instead of C++-style ``//``: + +.. code-block:: c + + // Bad + /* Good */ + +Values set by ``#define`` should be assigned the appropriate type. If you see +this: + +.. code-block:: c + + #define SOME_INTEGER_LITERAL 0x0; + #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U; + #define SOME_STRING_LITERAL "hello"; + +...it should be added to the bindings like so: + +.. code-block:: c + + static const int SOME_INTEGER_LITERAL; + static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL; + static const char *const SOME_STRING_LITERAL; + +Adding constant, types, functions... +------------------------------------ + +You can create bindings for any name that exists in some version of +the library you're binding against. However, the project also has to +keep supporting older versions of the library. In order to achieve +this, binding modules have ``CUSTOMIZATIONS`` and +``CONDITIONAL_NAMES`` constants. + +Let's say you want to enable quantum transmogrification. The upstream +library implements this as the following API:: + + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_LEFT; + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_RIGHT; + typedef ... QM_TRANSMOGRIFICATION_CTX; + int QM_transmogrify(QM_TRANSMOGRIFICATION_CTX *, int); + +To start, create a new constant that defines if the *actual* library +has the feature you want, and add it to ``TYPES``:: + + static const long Cryptography_HAS_QUANTUM_TRANSMOGRIFICATION; + +This should start with ``Cryptography_``, since we're adding it in +this library. This prevents namespace collisions. + +Then, define the actual features (constants, types, functions...) you +want to expose. If it's a constant, just add it to ``TYPES``:: + + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_LEFT; + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_RIGHT; + +If it's a struct, add it to ``TYPES`` as well. The following is an +opaque struct:: + + typedef ... QM_TRANSMOGRIFICATION_CTX; + +... but you can also make some or all items in the struct accessible:: + + typedef struct { + /* Fundamental constant k for your particular universe */ + BIGNUM *k; + ...; + } QM_TRANSMOGRIFICATION_CTX; + +Confusingly, functions that aren't always available on all supported +versions of the library, should be defined in ``MACROS`` and *not* in +``FUNCTIONS``. Fortunately, you just have to copy the signature:: + + int QM_transmogrify(QM_TRANSMOGRIFICATION_CTX *, int); + +Then, we define the ``CUSTOMIZATIONS`` entry. To do that, we have to +come up with a C preprocessor expression that decides whether or not a +feature exists in the library. For example:: + + #ifdef QM_transmogrify + +Then, we set the flag that signifies the feature exists:: + + static const long Cryptography_HAS_QUANTUM_TRANSMOGRIFICATION = 1; + +Otherwise, we set that flag to 0:: + + #else + static const long Cryptography_HAS_QUANTUM_TRANSMOGRIFICATION = 0; + +Then, in that ``#else`` block, we define the names that aren't +available as dummy values. For an integer constant, use 0:: + + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_LEFT = 0; + static const int QM_TRANSMOGRIFICATION_ALIGNMENT_RIGHT = 0; + +For a function, it's a bit trickier. You have to define a function +pointer of the appropriate type to be NULL:: + + int (*QM_transmogrify)(QM_TRANSMOGRIFICATION_CTX *, int) = NULL; + +(To do that, copy the signature, put a ``*`` in front of the function +name and wrap it in parentheses, and then put ``= NULL`` at the end). + +Note how types don't need to be conditionally defined, as long as all +the necessarily type definitions are in place. + +Finally, add an entry to ``CONDITIONAL_NAMES`` with all of the things +you want to conditionally export:: + + CONDITIONAL_NAMES = { + ... + "Cryptography_HAS_QUANTUM_TRANSMOGRIFICATION": [ + "QM_TRANSMOGRIFICATION_ALIGNMENT_LEFT", + "QM_TRANSMOGRIFICATION_ALIGNMENT_RIGHT", + "QM_transmogrify" + ] + } + +Caveats +~~~~~~~ + +Sometimes, a set of loosely related features are added in the same +version, and it's impractical to create ``#ifdef`` statements for each +one. In that case, it may make sense to either check for a particular +version. For example, to check for OpenSSL 1.0.0 or newer:: + + #if OPENSSL_VERSION_NUMBER >= 0x10000000L + +Sometimes, the version of a library on a particular platform will have +features that you thought it wouldn't, based on its version. +Occasionally, packagers appear to ship arbitrary VCS checkouts. As a +result, sometimes you may have to add separate ``#ifdef`` statements +for particular features. This kind of issue is typically only caught +by running the tests on a wide variety of systems, which is the job of +our continuous integration infrastructure. diff --git a/docs/development/index.rst b/docs/development/index.rst index 50b60900..f9bc9eea 100644 --- a/docs/development/index.rst +++ b/docs/development/index.rst @@ -14,6 +14,7 @@ bug check out `what to put in your bug report`_. submitting-patches reviewing-patches test-vectors + c-bindings .. _`GitHub`: https://github.com/pyca/cryptography .. _`what to put in your bug report`: http://www.contribution-guide.org/#what-to-put-in-your-bug-report diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst index b7f43283..fe2df431 100644 --- a/docs/development/submitting-patches.rst +++ b/docs/development/submitting-patches.rst @@ -75,70 +75,8 @@ specifying a different backend. C bindings ~~~~~~~~~~ -When binding C code with ``cffi`` we have our own style guide, it's pretty -simple. - -Don't name parameters: - -.. code-block:: c - - // Good - long f(long); - // Bad - long f(long x); - -...unless they're inside a struct: - -.. code-block:: c - - struct my_struct { - char *name; - int number; - ...; - }; - -Include ``void`` if the function takes no arguments: - -.. code-block:: c - - // Good - long f(void); - // Bad - long f(); - -Wrap lines at 80 characters like so: - -.. code-block:: c - - // Pretend this went to 80 characters - long f(long, long, - int *) - -Include a space after commas between parameters: - -.. code-block:: c - - // Good - long f(int, char *) - // Bad - long f(int,char *) - -Values set by ``#define`` should be assigned the appropriate type. If you see -this: - -.. code-block:: c - - #define SOME_INTEGER_LITERAL 0x0; - #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U; - #define SOME_STRING_LITERAL "hello"; - -...it should be added to the bindings like so: - -.. code-block:: c - - static const int SOME_INTEGER_LITERAL; - static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL; - static const char *const SOME_STRING_LITERAL; +More information on C bindings can be found in :doc:`the dedicated +section of the documentation <c-bindings>`. Tests ----- diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 1a2603bc..5cbd47d1 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -215,6 +215,8 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: create_rsa_signature_ctx(private_key, padding, algorithm) + .. deprecated:: 0.5 + :param private_key: An instance of an :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` provider. @@ -232,6 +234,8 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm) + .. deprecated:: 0.5 + :param public_key: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` provider. @@ -251,10 +255,13 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: mgf1_hash_supported(algorithm) + ..deprecated:: 0.5 + Check if the specified ``algorithm`` is supported for use with :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - padding. + padding. This method is deprecated in favor of + ``rsa_padding_supported``. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` @@ -285,6 +292,8 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: decrypt_rsa(private_key, ciphertext, padding) + .. deprecated:: 0.5 + :param private_key: An instance of an :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` provider. @@ -305,6 +314,8 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: encrypt_rsa(public_key, plaintext, padding) + .. deprecated:: 0.5 + :param public_key: An instance of an :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` provider. @@ -459,6 +470,40 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are supported by this backend, otherwise ``False``. + .. method:: load_dsa_parameter_numbers(numbers): + + :param numbers: An instance of + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`. + + :returns: A provider of + :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This raised when + any backend specific criteria are not met. + + .. method:: load_dsa_private_numbers(numbers): + + :param numbers: An instance of + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`. + + :returns: A provider of + :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This raised when + any backend specific criteria are not met. + + .. method:: load_dsa_public_numbers(numbers): + + :param numbers: An instance of + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`. + + :returns: A provider of + :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This raised when + any backend specific criteria are not met. + + .. class:: CMACBackend diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 6848d84c..2167e528 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -210,6 +210,73 @@ DSA :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` +.. class:: DSAParameterNumbers(p, q, g) + + .. versionadded:: 0.5 + + The collection of integers that make up a set of DSA parameters. + + .. attribute:: p + + :type: int + + The public modulus. + + .. attribute:: q + + :type: int + + The sub-group order. + + .. attribute:: g + + :type: int + + The generator. + +.. class:: DSAPublicNumbers(y, parameter_numbers) + + .. versionadded:: 0.5 + + The collection of integers that make up a DSA public key. + + .. attribute:: y + + :type: int + + The public value ``y``. + + .. attribute:: parameter_numbers + + :type: :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers` + + The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers` + associated with the public key. + +.. class:: DSAPrivateNumbers(x, public_numbers) + + .. versionadded:: 0.5 + + The collection of integers that make up a DSA private key. + + .. warning:: + + Revealing the value of ``x`` will compromise the security of any + cryptographic operations performed. + + .. attribute:: x + + :type: int + + The private value ``x``. + + .. attribute:: public_numbers + + :type: :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers` + + The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers` + associated with the private key. + .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 71b7cd9c..c3962901 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -385,6 +385,18 @@ RSA The collection of integers that make up an RSA public key. + .. method:: public_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. + + :raises UnsupportedAlgorithm: If the given backend does not support + loading numbers. + .. attribute:: n :type: int @@ -411,6 +423,18 @@ RSA secret. Revealing them will compromise the security of any cryptographic operations performed with a key loaded from them. + .. method:: private_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + + :raises UnsupportedAlgorithm: If the given backend does not support + loading numbers. + .. attribute:: public_numbers :type: :class:`~cryptography.hazmat.primitives.rsa.RSAPublicNumbers` diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 1e0ada18..755cef41 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -13,7 +13,7 @@ to document argument and return types. Symmetric ciphers -~~~~~~~~~~~~~~~~~ +----------------- .. currentmodule:: cryptography.hazmat.primitives.interfaces @@ -48,7 +48,7 @@ Symmetric ciphers Cipher modes ------------- +~~~~~~~~~~~~ Interfaces used by the symmetric cipher modes described in :ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`. @@ -104,7 +104,44 @@ Interfaces used by the symmetric cipher modes described in individual modes. Asymmetric interfaces -~~~~~~~~~~~~~~~~~~~~~ +--------------------- + +.. class:: AsymmetricSignatureContext + + .. versionadded:: 0.2 + + .. method:: update(data) + + :param bytes data: The data you want to sign. + + .. method:: finalize() + + :return bytes signature: The signature. + + +.. class:: AsymmetricVerificationContext + + .. versionadded:: 0.2 + + .. method:: update(data) + + :param bytes data: The data you wish to verify using the signature. + + .. method:: verify() + + :raises cryptography.exceptions.InvalidSignature: If the signature does + not validate. + + +.. class:: AsymmetricPadding + + .. versionadded:: 0.2 + + .. attribute:: name + + +RSA +~~~ .. class:: RSAPrivateKey @@ -112,7 +149,7 @@ Asymmetric interfaces An `RSA`_ private key. - .. method:: signer(padding, algorithm, backend) + .. method:: signer(padding, algorithm) .. versionadded:: 0.3 @@ -126,14 +163,10 @@ Asymmetric interfaces :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` provider. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - .. method:: decrypt(ciphertext, padding, backend) + .. method:: decrypt(ciphertext, padding) .. versionadded:: 0.4 @@ -145,10 +178,6 @@ Asymmetric interfaces :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` provider. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - :return bytes: Decrypted data. .. method:: public_key() @@ -186,7 +215,7 @@ Asymmetric interfaces An `RSA`_ public key. - .. method:: verifier(signature, padding, algorithm, backend) + .. method:: verifier(signature, padding, algorithm) .. versionadded:: 0.3 @@ -203,14 +232,10 @@ Asymmetric interfaces :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` provider. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - .. method:: encrypt(plaintext, padding, backend) + .. method:: encrypt(plaintext, padding) .. versionadded:: 0.4 @@ -222,10 +247,6 @@ Asymmetric interfaces :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` provider. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - :return bytes: Encrypted data. .. attribute:: key_size @@ -252,6 +273,9 @@ Asymmetric interfaces instance. +DSA +~~~ + .. class:: DSAParameters .. versionadded:: 0.3 @@ -259,6 +283,23 @@ Asymmetric interfaces `DSA`_ parameters. +.. class:: DSAParametersWithNumbers + + .. versionadded:: 0.5 + + Extends :class:`DSAParameters`. + + .. method:: parameter_numbers() + + Create a + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers` + object. + + :returns: A + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers` + instance. + + .. class:: DSAPrivateKey .. versionadded:: 0.3 @@ -301,6 +342,23 @@ Asymmetric interfaces The bit length of the modulus. +.. class:: DSAPrivateKeyWithNumbers + + .. versionadded:: 0.5 + + Extends :class:`DSAPrivateKey`. + + .. method:: private_numbers() + + Create a + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers` + object. + + :returns: A + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers` + instance. + + .. class:: DSAPublicKey .. versionadded:: 0.3 @@ -341,6 +399,23 @@ Asymmetric interfaces :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` +.. class:: DSAPublicKeyWithNumbers + + .. versionadded:: 0.5 + + Extends :class:`DSAPublicKey`. + + .. method:: private_numbers() + + Create a + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers` + object. + + :returns: A + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers` + instance. + + .. class:: EllipticCurve .. versionadded:: 0.5 @@ -361,6 +436,9 @@ Asymmetric interfaces The bit length of the curve's base point. +Elliptic Curve +~~~~~~~~~~~~~~ + .. class:: EllipticCurveSignatureAlgorithm .. versionadded:: 0.5 @@ -429,42 +507,8 @@ Asymmetric interfaces The elliptic curve for this key. -.. class:: AsymmetricSignatureContext - - .. versionadded:: 0.2 - - .. method:: update(data) - - :param bytes data: The data you want to sign. - - .. method:: finalize() - - :return bytes signature: The signature. - - -.. class:: AsymmetricVerificationContext - - .. versionadded:: 0.2 - - .. method:: update(data) - - :param bytes data: The data you wish to verify using the signature. - - .. method:: verify() - - :raises cryptography.exceptions.InvalidSignature: If the signature does - not validate. - - -.. class:: AsymmetricPadding - - .. versionadded:: 0.2 - - .. attribute:: name - - Hash algorithms -~~~~~~~~~~~~~~~ +--------------- .. class:: HashAlgorithm @@ -510,7 +554,7 @@ Hash algorithms Key derivation functions -~~~~~~~~~~~~~~~~~~~~~~~~ +------------------------ .. class:: KeyDerivationFunction @@ -555,7 +599,7 @@ Key derivation functions `CMAC`_ -~~~~~~~ +------- .. class:: CMACContext diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index d5a2bee3..dc123493 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -13,6 +13,7 @@ conda crypto cryptographic cryptographically +Debian decrypt decrypted decrypting @@ -29,12 +30,17 @@ invariants iOS Koblitz metadata +namespace +namespaces pickleable plaintext +preprocessor +preprocessors pseudorandom Schneier scrypt testability +Ubuntu unencrypted unpadded unpadding @@ -91,11 +91,14 @@ def release(version): "vectors/dist/cryptography_vectors-{0}*".format(version) ) + username = getpass.getpass("Input the GitHub/Jenkins username: ") token = getpass.getpass("Input the Jenkins token: ") response = requests.post( "{0}/build".format(JENKINS_URL), + auth=requests.auth.HTTPBasicAuth( + username, token + ), params={ - "token": token, "cause": "Building wheels for {0}".format(version) } ) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index aa2122fb..bd99c8f2 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -13,6 +13,10 @@ from __future__ import absolute_import, division, print_function +import subprocess +import sys +import textwrap + import pretend import pytest @@ -212,14 +216,32 @@ class TestOpenSSLRandomEngine(object): name = backend._lib.ENGINE_get_name(current_default) assert name == backend._lib.Cryptography_osrandom_engine_name - # This must be the first test in the class so that the teardown method - # has not (potentially) altered the default engine. - def test_osrandom_engine_is_default(self): - e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name - res = backend._lib.ENGINE_free(e) - assert res == 1 + def test_osrandom_engine_is_default(self, tmpdir): + engine_printer = textwrap.dedent( + """ + import sys + from cryptography.hazmat.backends.openssl.backend import backend + + e = backend._lib.ENGINE_get_default_RAND() + name = backend._lib.ENGINE_get_name(e) + sys.stdout.write(backend._ffi.string(name).decode('ascii')) + res = backend._lib.ENGINE_free(e) + assert res == 1 + """ + ) + engine_name = tmpdir.join('engine_name') + + with engine_name.open('w') as out: + subprocess.check_call( + [sys.executable, "-c", engine_printer], + stdout=out + ) + + osrandom_engine_name = backend._ffi.string( + backend._lib.Cryptography_osrandom_engine_name + ) + + assert engine_name.read().encode('ascii') == osrandom_engine_name def test_osrandom_sanity_check(self): # This test serves as a check against catastrophic failure. @@ -331,7 +353,10 @@ class TestOpenSSLRSA(object): ) def test_unsupported_mgf1_hash_algorithm(self): - assert backend.mgf1_hash_supported(DummyHash()) is False + assert pytest.deprecated_call( + backend.mgf1_hash_supported, + DummyHash() + ) is False def test_rsa_padding_unsupported_pss_mgf1_hash(self): assert backend.rsa_padding_supported( @@ -462,7 +487,40 @@ class TestOpenSSLNoEllipticCurve(object): None, None ) is False - def test_supported_curves(self, monkeypatch): - monkeypatch.setattr(backend._lib, "Cryptography_HAS_EC", 0) - assert backend._supported_curves() == [] +class TestDeprecatedRSABackendMethods(object): + def test_create_rsa_signature_ctx(self): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + pytest.deprecated_call( + backend.create_rsa_signature_ctx, + private_key, + padding.PKCS1v15(), + hashes.SHA1() + ) + + def test_create_rsa_verification_ctx(self): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + pytest.deprecated_call( + backend.create_rsa_verification_ctx, + public_key, + b"\x00" * 64, + padding.PKCS1v15(), + hashes.SHA1() + ) + + def test_encrypt_decrypt_rsa(self): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + ct = pytest.deprecated_call( + backend.encrypt_rsa, + public_key, + b"\x00" * 32, + padding.PKCS1v15() + ) + pytest.deprecated_call( + backend.decrypt_rsa, + private_key, + ct, + padding.PKCS1v15() + ) diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index cbe10e9c..51a03c48 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -872,3 +872,63 @@ def test_dsa_generate_invalid_backend(): with raises_unsupported_algorithm( _Reasons.BACKEND_MISSING_INTERFACE): dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend) + + +class TestDSANumbers(object): + def test_dsa_parameter_numbers(self): + parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) + assert parameter_numbers.p == 1 + assert parameter_numbers.q == 2 + assert parameter_numbers.g == 3 + + def test_dsa_parameter_numbers_invalid_types(self): + with pytest.raises(TypeError): + dsa.DSAParameterNumbers(p=None, q=2, g=3) + + with pytest.raises(TypeError): + dsa.DSAParameterNumbers(p=1, q=None, g=3) + + with pytest.raises(TypeError): + dsa.DSAParameterNumbers(p=1, q=2, g=None) + + def test_dsa_public_numbers(self): + parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) + public_numbers = dsa.DSAPublicNumbers( + y=4, + parameter_numbers=parameter_numbers + ) + assert public_numbers.y == 4 + assert public_numbers.parameter_numbers == parameter_numbers + + def test_dsa_public_numbers_invalid_types(self): + with pytest.raises(TypeError): + dsa.DSAPublicNumbers(y=4, parameter_numbers=None) + + with pytest.raises(TypeError): + parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) + dsa.DSAPublicNumbers(y=None, parameter_numbers=parameter_numbers) + + def test_dsa_private_numbers(self): + parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) + public_numbers = dsa.DSAPublicNumbers( + y=4, + parameter_numbers=parameter_numbers + ) + private_numbers = dsa.DSAPrivateNumbers( + x=5, + public_numbers=public_numbers + ) + assert private_numbers.x == 5 + assert private_numbers.public_numbers == public_numbers + + def test_dsa_private_numbers_invalid_types(self): + parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) + public_numbers = dsa.DSAPublicNumbers( + y=4, + parameter_numbers=parameter_numbers + ) + with pytest.raises(TypeError): + dsa.DSAPrivateNumbers(x=4, public_numbers=None) + + with pytest.raises(TypeError): + dsa.DSAPrivateNumbers(x=None, public_numbers=public_numbers) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 1879f4fc..2690e794 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -70,6 +70,15 @@ def _skip_ecdsa_vector(backend, curve_type, hash_type): ) +def _skip_curve_unsupported(backend, curve): + if not backend.elliptic_curve_supported(curve): + pytest.skip( + "Curve {0} is not supported by this backend {1}".format( + curve.name, backend + ) + ) + + @utils.register_interface(interfaces.EllipticCurve) class DummyCurve(object): name = "dummy-curve" @@ -81,6 +90,12 @@ class DummySignatureAlgorithm(object): pass +@pytest.mark.elliptic +def test_skip_curve_unsupported(backend): + with pytest.raises(pytest.skip.Exception): + _skip_curve_unsupported(backend, DummyCurve()) + + def test_ec_numbers(): numbers = ec.EllipticCurvePrivateNumbers( 1, @@ -176,12 +191,7 @@ class TestECDSAVectors(object): "curve", _CURVE_TYPES.values() ) def test_generate_vector_curves(self, backend, curve): - if not backend.elliptic_curve_supported(curve()): - pytest.skip( - "Curve {0} is not supported by this backend {1}".format( - curve().name, backend - ) - ) + _skip_curve_unsupported(backend, curve()) key = ec.generate_private_key(curve(), backend) assert key @@ -205,12 +215,7 @@ class TestECDSAVectors(object): ) is False def test_unknown_signature_algoritm(self, backend): - if not backend.elliptic_curve_supported(ec.SECP192R1()): - pytest.skip( - "Curve secp192r1 is not supported by this backend {0}".format( - backend - ) - ) + _skip_curve_unsupported(backend, ec.SECP192R1()) key = ec.generate_private_key(ec.SECP192R1(), backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index ffaaf587..04908453 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,9 +27,6 @@ from cryptography.exceptions import ( ) from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from cryptography.hazmat.primitives.serialization import ( - load_rsa_private_numbers -) from .fixtures_rsa import ( RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028, @@ -102,9 +99,16 @@ class TestRSA(object): if isinstance(skey, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(skey.private_numbers()) + pkey = skey.public_key() + assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers) def test_generate_rsa_key_class_method(self, backend): - skey = rsa.RSAPrivateKey.generate(65537, 512, backend) + skey = pytest.deprecated_call( + rsa.RSAPrivateKey.generate, + 65537, + 512, + backend + ) assert skey.key_size == 512 assert skey.public_exponent == 65537 @@ -169,11 +173,21 @@ class TestRSA(object): def test_invalid_private_key_argument_types(self): with pytest.raises(TypeError): - rsa.RSAPrivateKey(None, None, None, None, None, None, None, None) + pytest.deprecated_call( + rsa.RSAPrivateKey, + None, + None, + None, + None, + None, + None, + None, + None + ) def test_invalid_public_key_argument_types(self): with pytest.raises(TypeError): - rsa.RSAPublicKey(None, None) + pytest.deprecated_call(rsa.RSAPublicKey, None, None) def test_invalid_private_key_argument_values(self): # Start with p=3, q=11, private_exponent=3, public_exponent=7, @@ -182,7 +196,8 @@ class TestRSA(object): # Test a modulus < 3. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -195,7 +210,8 @@ class TestRSA(object): # Test a modulus != p * q. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -208,7 +224,8 @@ class TestRSA(object): # Test a p > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=37, q=11, private_exponent=3, @@ -221,7 +238,8 @@ class TestRSA(object): # Test a q > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=37, private_exponent=3, @@ -234,7 +252,8 @@ class TestRSA(object): # Test a dmp1 > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -247,7 +266,8 @@ class TestRSA(object): # Test a dmq1 > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -260,7 +280,8 @@ class TestRSA(object): # Test an iqmp > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -273,7 +294,8 @@ class TestRSA(object): # Test a private_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=37, @@ -286,7 +308,8 @@ class TestRSA(object): # Test a public_exponent < 3 with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -299,7 +322,8 @@ class TestRSA(object): # Test a public_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -312,7 +336,8 @@ class TestRSA(object): # Test a public_exponent that is not odd. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -325,7 +350,8 @@ class TestRSA(object): # Test a dmp1 that is not odd. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -338,7 +364,8 @@ class TestRSA(object): # Test a dmq1 that is not odd. with pytest.raises(ValueError): - rsa.RSAPrivateKey( + pytest.deprecated_call( + rsa.RSAPrivateKey, p=3, q=11, private_exponent=3, @@ -355,19 +382,27 @@ class TestRSA(object): # Test a modulus < 3. with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=7, modulus=2) + pytest.deprecated_call( + rsa.RSAPublicKey, public_exponent=7, modulus=2 + ) # Test a public_exponent < 3 with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=1, modulus=15) + pytest.deprecated_call( + rsa.RSAPublicKey, public_exponent=1, modulus=15 + ) # Test a public_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=17, modulus=15) + pytest.deprecated_call( + rsa.RSAPublicKey, public_exponent=17, modulus=15 + ) # Test a public_exponent that is not odd. with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=6, modulus=15) + pytest.deprecated_call( + rsa.RSAPublicKey, public_exponent=6, modulus=15 + ) def test_rsa_generate_invalid_backend(): @@ -377,7 +412,9 @@ def test_rsa_generate_invalid_backend(): rsa.generate_private_key(65537, 2048, pretend_backend) with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + pytest.deprecated_call( + rsa.RSAPrivateKey.generate, 65537, 2048, pretend_backend + ) @pytest.mark.rsa @@ -398,7 +435,8 @@ class TestRSASignature(object): ) def test_pkcs1v15_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = rsa.RSAPrivateKey( + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey, p=private["p"], q=private["q"], private_exponent=private["private_exponent"], @@ -432,7 +470,8 @@ class TestRSASignature(object): ) def test_pss_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = rsa.RSAPrivateKey( + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey, p=private["p"], q=private["q"], private_exponent=private["private_exponent"], @@ -482,7 +521,7 @@ class TestRSASignature(object): skip_message="Does not support PSS." ) def test_deprecated_pss_mgf1_salt_length(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) signer = private_key.signer( pytest.deprecated_call( padding.PSS, @@ -526,7 +565,7 @@ class TestRSASignature(object): pytest.skip( "Does not support {0} in MGF1 using PSS.".format(hash_alg.name) ) - private_key = load_rsa_private_numbers(RSA_KEY_768, backend) + private_key = RSA_KEY_768.private_key(backend) public_key = private_key.public_key() pss = padding.PSS( mgf=padding.MGF1(hash_alg), @@ -552,7 +591,7 @@ class TestRSASignature(object): skip_message="Does not support SHA512." ) def test_pss_minimum_key_size_for_digest(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_522, backend) + private_key = RSA_KEY_522.private_key(backend) signer = private_key.signer( padding.PSS( mgf=padding.MGF1(hashes.SHA1()), @@ -577,7 +616,7 @@ class TestRSASignature(object): skip_message="Does not support SHA512." ) def test_pss_signing_digest_too_large_for_key_size(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with pytest.raises(ValueError): private_key.signer( padding.PSS( @@ -597,7 +636,7 @@ class TestRSASignature(object): skip_message="Does not support PSS." ) def test_pss_signing_salt_length_too_long(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) signer = private_key.signer( padding.PSS( mgf=padding.MGF1(hashes.SHA1()), @@ -616,7 +655,7 @@ class TestRSASignature(object): skip_message="Does not support PKCS1v1.5." ) def test_use_after_finalize(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") signer.finalize() @@ -626,18 +665,19 @@ class TestRSASignature(object): signer.update(b"more data") def test_unsupported_padding(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): private_key.signer(DummyPadding(), hashes.SHA1()) def test_padding_incorrect_type(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with pytest.raises(TypeError): private_key.signer("notpadding", hashes.SHA1()) def test_rsa_signer_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey( + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey, p=RSA_KEY_512.p, q=RSA_KEY_512.q, private_exponent=RSA_KEY_512.d, @@ -659,7 +699,7 @@ class TestRSASignature(object): skip_message="Does not support PSS." ) def test_unsupported_pss_mgf(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1()) @@ -670,7 +710,7 @@ class TestRSASignature(object): skip_message="Does not support PKCS1v1.5." ) def test_pkcs1_digest_too_large_for_key_size(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_599, backend) + private_key = RSA_KEY_599.private_key(backend) signer = private_key.signer( padding.PKCS1v15(), hashes.SHA512() @@ -686,7 +726,7 @@ class TestRSASignature(object): skip_message="Does not support PKCS1v1.5." ) def test_pkcs1_minimum_key_size(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_745, backend) + private_key = RSA_KEY_745.private_key(backend) signer = private_key.signer( padding.PKCS1v15(), hashes.SHA512() @@ -733,7 +773,7 @@ class TestRSAVerification(object): skip_message="Does not support PKCS1v1.5." ) def test_invalid_pkcs1v15_signature_wrong_data(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") @@ -754,8 +794,8 @@ class TestRSAVerification(object): skip_message="Does not support PKCS1v1.5." ) def test_invalid_pkcs1v15_signature_wrong_key(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) - private_key2 = load_rsa_private_numbers(RSA_KEY_512_ALT, backend) + private_key = RSA_KEY_512.private_key(backend) + private_key2 = RSA_KEY_512_ALT.private_key(backend) public_key = private_key2.public_key() signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") @@ -920,7 +960,7 @@ class TestRSAVerification(object): skip_message="Does not support PKCS1v1.5." ) def test_use_after_finalize(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") @@ -939,20 +979,25 @@ class TestRSAVerification(object): verifier.update(b"more data") def test_unsupported_padding(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1()) def test_padding_incorrect_type(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with pytest.raises(TypeError): public_key.verifier(b"sig", "notpadding", hashes.SHA1()) def test_rsa_verifier_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey.generate, + 65537, + 2048, + backend + ) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): @@ -966,7 +1011,7 @@ class TestRSAVerification(object): skip_message="Does not support PSS." ) def test_unsupported_pss_mgf(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()), @@ -986,7 +1031,7 @@ class TestRSAVerification(object): skip_message="Does not support SHA512." ) def test_pss_verify_digest_too_large_for_key_size(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) signature = binascii.unhexlify( b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8" b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd" @@ -1387,7 +1432,7 @@ class TestRSADecryption(object): assert message == binascii.unhexlify(example["message"]) def test_unsupported_padding(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): private_key.decrypt(b"0" * 64, DummyPadding()) @@ -1398,7 +1443,7 @@ class TestRSADecryption(object): skip_message="Does not support PKCS1v1.5." ) def test_decrypt_invalid_decrypt(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with pytest.raises(ValueError): private_key.decrypt( b"\x00" * 64, @@ -1412,7 +1457,7 @@ class TestRSADecryption(object): skip_message="Does not support PKCS1v1.5." ) def test_decrypt_ciphertext_too_large(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with pytest.raises(ValueError): private_key.decrypt( b"\x00" * 65, @@ -1426,7 +1471,7 @@ class TestRSADecryption(object): skip_message="Does not support PKCS1v1.5." ) def test_decrypt_ciphertext_too_small(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) ct = binascii.unhexlify( b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1" b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0" @@ -1439,7 +1484,9 @@ class TestRSADecryption(object): def test_rsa_decrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey.generate, 65537, 2048, backend + ) with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): private_key.decrypt( @@ -1468,7 +1515,8 @@ class TestRSADecryption(object): ) def test_decrypt_oaep_vectors(self, vector, backend): private, public, example = vector - skey = rsa.RSAPrivateKey( + skey = pytest.deprecated_call( + rsa.RSAPrivateKey, p=private["p"], q=private["q"], private_exponent=private["private_exponent"], @@ -1490,7 +1538,7 @@ class TestRSADecryption(object): assert message == binascii.unhexlify(example["message"]) def test_unsupported_oaep_mgf(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.decrypt( b"0" * 64, @@ -1564,7 +1612,7 @@ class TestRSAEncryption(object): ) ) def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend): - private_key = load_rsa_private_numbers(key_data, backend) + private_key = key_data.private_key(backend) pt = b"encrypt me!" public_key = private_key.public_key() ct = public_key.encrypt(pt, pad) @@ -1590,7 +1638,7 @@ class TestRSAEncryption(object): ) ) def test_rsa_encrypt_key_too_small(self, key_data, pad, backend): - private_key = load_rsa_private_numbers(key_data, backend) + private_key = key_data.private_key(backend) public_key = private_key.public_key() # Slightly smaller than the key size but not enough for padding. with pytest.raises(ValueError): @@ -1608,7 +1656,9 @@ class TestRSAEncryption(object): def test_rsa_encrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = pytest.deprecated_call( + rsa.RSAPrivateKey.generate, 65537, 512, backend + ) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): @@ -1619,14 +1669,14 @@ class TestRSAEncryption(object): ) def test_unsupported_padding(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.encrypt(b"somedata", DummyPadding()) def test_unsupported_oaep_mgf(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_512, backend) + private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): @@ -1667,6 +1717,14 @@ class TestRSANumbers(object): assert private_numbers.iqmp == 2 assert private_numbers.public_numbers == public_numbers + def test_rsa_private_numbers_create_key(self, backend): + private_key = RSA_KEY_1024.private_key(backend) + assert private_key + + def test_rsa_public_numbers_create_key(self, backend): + public_key = RSA_KEY_1024.public_numbers.public_key(backend) + assert public_key + def test_public_numbers_invalid_types(self): with pytest.raises(TypeError): rsa.RSAPublicNumbers(e=None, n=15) @@ -1761,19 +1819,19 @@ class TestRSANumbers(object): # Test a modulus < 3. with pytest.raises(ValueError): - backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=7, n=2)) + rsa.RSAPublicNumbers(e=7, n=2).public_key(backend) # Test a public_exponent < 3 with pytest.raises(ValueError): - backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=1, n=15)) + rsa.RSAPublicNumbers(e=1, n=15).public_key(backend) # Test a public_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=17, n=15)) + rsa.RSAPublicNumbers(e=17, n=15).public_key(backend) # Test a public_exponent that is not odd. with pytest.raises(ValueError): - backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=16, n=15)) + rsa.RSAPublicNumbers(e=16, n=15).public_key(backend) def test_invalid_private_numbers_argument_values(self, backend): # Start with p=3, q=11, private_exponent=3, public_exponent=7, @@ -1782,221 +1840,195 @@ class TestRSANumbers(object): # Test a modulus < 3. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=2 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=2 ) - ) + ).private_key(backend) # Test a modulus != p * q. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=35 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=35 ) - ) + ).private_key(backend) # Test a p > modulus. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=37, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=37, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a q > modulus. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=37, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=37, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a dmp1 > modulus. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=35, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=35, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a dmq1 > modulus. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=35, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=35, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test an iqmp > modulus. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=35, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=35, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a private_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=37, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=37, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a public_exponent < 3 with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=1, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=1, + n=33 ) - ) + ).private_key(backend) # Test a public_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=35, - public_numbers=rsa.RSAPublicNumbers( - e=65537, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=35, + public_numbers=rsa.RSAPublicNumbers( + e=65537, + n=33 ) - ) + ).private_key(backend) # Test a public_exponent that is not odd. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=6, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=6, + n=33 ) - ) + ).private_key(backend) # Test a dmp1 that is not odd. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=2, - dmq1=3, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=2, + dmq1=3, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) # Test a dmq1 that is not odd. with pytest.raises(ValueError): - backend.load_rsa_private_numbers( - rsa.RSAPrivateNumbers( - p=3, - q=11, - d=3, - dmp1=1, - dmq1=4, - iqmp=2, - public_numbers=rsa.RSAPublicNumbers( - e=7, - n=33 - ) + rsa.RSAPrivateNumbers( + p=3, + q=11, + d=3, + dmp1=1, + dmq1=4, + iqmp=2, + public_numbers=rsa.RSAPublicNumbers( + e=7, + n=33 ) - ) + ).private_key(backend) diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index ae990b64..8a90b30e 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -23,13 +23,9 @@ from cryptography.exceptions import _Reasons from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.primitives.serialization import ( - load_pem_pkcs8_private_key, - load_pem_traditional_openssl_private_key, - load_rsa_private_numbers, - load_rsa_public_numbers + load_pem_pkcs8_private_key, load_pem_traditional_openssl_private_key ) -from .fixtures_rsa import RSA_KEY_1024 from .utils import _check_rsa_private_numbers, load_vectors_from_file from ...utils import raises_unsupported_algorithm @@ -553,18 +549,3 @@ class TestPKCS8Serialisation(object): pemfile.read().encode(), password, backend ) ) - - -@pytest.mark.rsa -class TestLoadRSANumbers(object): - def test_load_private_numbers(self, backend): - private_key = load_rsa_private_numbers(RSA_KEY_1024, backend) - assert private_key - assert private_key.private_numbers() - - def test_load_public_numbers(self, backend): - public_key = load_rsa_public_numbers( - RSA_KEY_1024.public_numbers, backend - ) - assert public_key - assert public_key.public_numbers() diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 54659aa9..49b73f01 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -28,9 +28,6 @@ from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC -from cryptography.hazmat.primitives.serialization import ( - load_rsa_public_numbers -) from ...utils import load_vectors_from_file @@ -395,7 +392,7 @@ def rsa_verification_test(backend, params, hash_alg, pad_factory): e=params["public_exponent"], n=params["modulus"] ) - public_key = load_rsa_public_numbers(public_numbers, backend) + public_key = public_numbers.public_key(backend) pad = pad_factory(params, hash_alg) verifier = public_key.verifier( binascii.unhexlify(params["s"]), diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/KeyGenRSA.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/KeyGenRSA.rsp index 6693fa05..6693fa05 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/KeyGenRSA.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/KeyGenRSA.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/Readme.txt b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/Readme.txt index 3e896c01..3e896c01 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/Readme.txt +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/Readme.txt diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.rsp index ee9e26f4..ee9e26f4 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.txt b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.txt index 249e4d74..249e4d74 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.txt +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-2.txt diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-3.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-3.rsp index 9c62738e..9c62738e 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-3.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGen15_186-3.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.rsp index bc693073..bc693073 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.txt b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.txt index 0ea3361d..0ea3361d 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.txt +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-2.txt diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-3.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-3.rsp index 3228f600..3228f600 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-3.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenPSS_186-3.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA.rsp index e3a3d024..e3a3d024 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.rsp index 5c5a696e..5c5a696e 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.txt b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.txt index 9e11c1cb..9e11c1cb 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.txt +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigGenRSA_186-2.txt diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVer15_186-3.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVer15_186-3.rsp index 2bca26eb..2bca26eb 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVer15_186-3.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVer15_186-3.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerPSS_186-3.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerPSS_186-3.rsp index b14982a2..b14982a2 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerPSS_186-3.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerPSS_186-3.rsp diff --git a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerRSA.rsp b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerRSA.rsp index bf9c0c11..bf9c0c11 100755..100644 --- a/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerRSA.rsp +++ b/vectors/cryptography_vectors/asymmetric/RSA/FIPS_186-2/SigVerRSA.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox128.rsp index 8624a2bf..8624a2bf 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox192.rsp index 29898cc2..29898cc2 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox256.rsp index ad811435..ad811435 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCGFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox128.rsp index 6bb67fd4..6bb67fd4 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox192.rsp index 4c64fc5b..4c64fc5b 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox256.rsp index 696c3304..696c3304 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCKeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT128.rsp index c0a6aec0..c0a6aec0 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT192.rsp index 2ce5d0af..2ce5d0af 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT256.rsp index 8f15f1a9..8f15f1a9 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCMMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey128.rsp index 0ee5c2af..0ee5c2af 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey192.rsp index 2f5dc5e7..2f5dc5e7 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey256.rsp index d0e02bde..d0e02bde 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt128.rsp index f9fab992..f9fab992 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt192.rsp index dfe97331..dfe97331 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt256.rsp index 79d8050c..79d8050c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CBC/CBCVarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox128.rsp index 1beee710..1beee710 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox192.rsp index aa9cd3cf..aa9cd3cf 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox256.rsp index 9cb27f5d..9cb27f5d 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128GFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox128.rsp index adad1be4..adad1be4 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox192.rsp index b3ada536..b3ada536 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox256.rsp index 0b09ff61..0b09ff61 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128KeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT128.rsp index b7b47ab6..b7b47ab6 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT192.rsp index 069fe302..069fe302 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT256.rsp index 3a7620c7..3a7620c7 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey128.rsp index c1668f45..c1668f45 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey192.rsp index a2050f97..a2050f97 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey256.rsp index e3fe5a10..e3fe5a10 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt128.rsp index 8dd4b040..8dd4b040 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt192.rsp index d6deac63..d6deac63 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt256.rsp index 919b0249..919b0249 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB128VarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox128.rsp index ebdf45bb..ebdf45bb 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox192.rsp index 1d6eaf00..1d6eaf00 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox256.rsp index 99eb7ec2..99eb7ec2 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1GFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox128.rsp index edd7549e..edd7549e 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox192.rsp index b4c1454c..b4c1454c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox256.rsp index 14af04bd..14af04bd 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1KeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT128.rsp index d371a35c..d371a35c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT192.rsp index 3687a5df..3687a5df 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT256.rsp index aef38ffd..aef38ffd 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1MMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey128.rsp index 1129b51f..1129b51f 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey192.rsp index edcab6a4..edcab6a4 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey256.rsp index 62294c37..62294c37 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt128.rsp index 96405529..96405529 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt192.rsp index 73354984..73354984 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt256.rsp index b29c619e..b29c619e 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB1VarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox128.rsp index 2083b0d7..2083b0d7 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox192.rsp index e8d7b029..e8d7b029 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox256.rsp index a254784d..a254784d 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8GFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox128.rsp index 8fff8c40..8fff8c40 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox192.rsp index b8d3a91c..b8d3a91c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox256.rsp index 75fe0af1..75fe0af1 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8KeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT128.rsp index 03a22039..03a22039 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT192.rsp index 945a4ef9..945a4ef9 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT256.rsp index ca80e432..ca80e432 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8MMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey128.rsp index c56bea1f..c56bea1f 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey192.rsp index 7219fa8e..7219fa8e 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey256.rsp index 6b000dbc..6b000dbc 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt128.rsp index 32d615a9..32d615a9 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt192.rsp index 04d7fc6b..04d7fc6b 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt256.rsp index ef4b9b6f..ef4b9b6f 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/CFB/CFB8VarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox128.rsp index f3f4e85e..f3f4e85e 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox192.rsp index eccb3331..eccb3331 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox256.rsp index 1f8488f7..1f8488f7 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBGFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox128.rsp index f5a28327..f5a28327 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox192.rsp index eafd37a7..eafd37a7 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox256.rsp index 0063b7eb..0063b7eb 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBKeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT128.rsp index f1364c07..f1364c07 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT192.rsp index 2e3f5051..2e3f5051 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT256.rsp index c18c7648..c18c7648 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBMMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey128.rsp index 0d7fa96f..0d7fa96f 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey192.rsp index 3077fe7c..3077fe7c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey256.rsp index 9e5822be..9e5822be 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt128.rsp index 9808157b..9808157b 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt192.rsp index 1b280d46..1b280d46 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt256.rsp index 708eae81..708eae81 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/ECB/ECBVarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt128.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt128.rsp index b35b03f6..b35b03f6 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt192.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt192.rsp index 678a8fd5..678a8fd5 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt256.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt256.rsp index a79e7802..a79e7802 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmDecrypt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV128.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV128.rsp index 7f694e57..7f694e57 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV192.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV192.rsp index 4cdfdf20..4cdfdf20 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV256.rsp b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV256.rsp index 60da5fae..60da5fae 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/GCM/gcmEncryptExtIV256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox128.rsp index 5eb7c5b3..5eb7c5b3 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox192.rsp index 79ce685a..79ce685a 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox256.rsp index 2d70a3bc..2d70a3bc 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBGFSbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox128.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox128.rsp index 113361ee..113361ee 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox192.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox192.rsp index 04dd4289..04dd4289 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox256.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox256.rsp index aa2f4f00..aa2f4f00 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBKeySbox256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT128.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT128.rsp index 14c33b76..14c33b76 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT192.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT192.rsp index 5457f775..5457f775 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT256.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT256.rsp index b1d6636a..b1d6636a 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey128.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey128.rsp index 29a49b9f..29a49b9f 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey192.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey192.rsp index ca35afa8..ca35afa8 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey256.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey256.rsp index a98e166d..a98e166d 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarKey256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt128.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt128.rsp index 6edb9a74..6edb9a74 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt192.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt192.rsp index f98e0372..f98e0372 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt192.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt192.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt256.rsp b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt256.rsp index 7daa17e5..7daa17e5 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/OFB/OFBVarTxt256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES128.rsp b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES128.rsp index 3d52285c..3d52285c 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES256.rsp b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES256.rsp index 1e711c70..1e711c70 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-128hexstr/XTSGenAES256.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES128.rsp b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES128.rsp index 4d92a6a3..4d92a6a3 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES128.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES128.rsp diff --git a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES256.rsp b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES256.rsp index e4050d79..e4050d79 100755..100644 --- a/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES256.rsp +++ b/vectors/cryptography_vectors/ciphers/AES/XTS/tweak-dataunitseqno/XTSGenAES256.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA1/Readme.txt b/vectors/cryptography_vectors/hashes/SHA1/Readme.txt index de6b122e..de6b122e 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA1/Readme.txt +++ b/vectors/cryptography_vectors/hashes/SHA1/Readme.txt diff --git a/vectors/cryptography_vectors/hashes/SHA1/SHA1LongMsg.rsp b/vectors/cryptography_vectors/hashes/SHA1/SHA1LongMsg.rsp index ef0e21bc..ef0e21bc 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA1/SHA1LongMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA1/SHA1LongMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.rsp b/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.rsp index 5088defa..5088defa 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.rsp +++ b/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.txt b/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.txt index 37cf7a82..37cf7a82 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.txt +++ b/vectors/cryptography_vectors/hashes/SHA1/SHA1Monte.txt diff --git a/vectors/cryptography_vectors/hashes/SHA1/SHA1ShortMsg.rsp b/vectors/cryptography_vectors/hashes/SHA1/SHA1ShortMsg.rsp index 35aa9b5f..35aa9b5f 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA1/SHA1ShortMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA1/SHA1ShortMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/Readme.txt b/vectors/cryptography_vectors/hashes/SHA2/Readme.txt index de6b122e..de6b122e 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/Readme.txt +++ b/vectors/cryptography_vectors/hashes/SHA2/Readme.txt diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA224LongMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA224LongMsg.rsp index 09497b4f..09497b4f 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA224LongMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA224LongMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.rsp index 50648b8d..50648b8d 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.txt b/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.txt index 1c500e32..1c500e32 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.txt +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA224Monte.txt diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA224ShortMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA224ShortMsg.rsp index a4542c38..a4542c38 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA224ShortMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA224ShortMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA256LongMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA256LongMsg.rsp index 967db2e4..967db2e4 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA256LongMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA256LongMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.rsp index bda7a9e4..bda7a9e4 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.txt b/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.txt index 27a161e2..27a161e2 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.txt +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA256Monte.txt diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA256ShortMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA256ShortMsg.rsp index ddcfefbd..ddcfefbd 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA256ShortMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA256ShortMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA384LongMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA384LongMsg.rsp index 4d8404bc..4d8404bc 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA384LongMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA384LongMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.rsp index c7c30e7a..c7c30e7a 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.txt b/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.txt index a548cbce..a548cbce 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.txt +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA384Monte.txt diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA384ShortMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA384ShortMsg.rsp index 15fd9adf..15fd9adf 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA384ShortMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA384ShortMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA512LongMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA512LongMsg.rsp index c601ed15..c601ed15 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA512LongMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA512LongMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.rsp index 0b9c295a..0b9c295a 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.rsp diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.txt b/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.txt index 5753952d..5753952d 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.txt +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA512Monte.txt diff --git a/vectors/cryptography_vectors/hashes/SHA2/SHA512ShortMsg.rsp b/vectors/cryptography_vectors/hashes/SHA2/SHA512ShortMsg.rsp index ab5cd2a1..ab5cd2a1 100755..100644 --- a/vectors/cryptography_vectors/hashes/SHA2/SHA512ShortMsg.rsp +++ b/vectors/cryptography_vectors/hashes/SHA2/SHA512ShortMsg.rsp diff --git a/vectors/cryptography_vectors/hashes/whirlpool/iso-test-vectors.txt b/vectors/cryptography_vectors/hashes/whirlpool/iso-test-vectors.txt index 08044c0b..08044c0b 100755..100644 --- a/vectors/cryptography_vectors/hashes/whirlpool/iso-test-vectors.txt +++ b/vectors/cryptography_vectors/hashes/whirlpool/iso-test-vectors.txt |