diff options
9 files changed, 135 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e3352f57..b35dc144 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,11 @@ Changelog and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. +0.8.1 - 2015-03-20 +~~~~~~~~~~~~~~~~~~ + +* Updated Windows wheels to be compiled against OpenSSL 1.0.2a. + 0.8 - 2015-03-08 ~~~~~~~~~~~~~~~~ diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index ad6c60cb..f6197f92 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -88,6 +88,8 @@ X.509 * ``verisign-md2-root.pem`` - A legacy Verisign public root signed using the MD2 algorithm. This is a PEM conversion of the `root data`_ in the NSS source tree. +* ``cryptography.io.pem`` - A leaf certificate issued by RapidSSL for the + cryptography website. Custom X.509 Vectors ~~~~~~~~~~~~~~~~~~~~ @@ -108,6 +110,11 @@ Custom X.509 Vectors * ``utf8_common_name.pem`` - An RSA 2048 bit self-signed CA certificate generated using OpenSSL that contains a UTF8String common name with the value "We heart UTF8!™". +* ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate + containing two basic constraints extensions. +* ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed + certificate containing a basic constraints extension that is not marked as + critical. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/bindings/commoncrypto/binding.py b/src/cryptography/hazmat/bindings/commoncrypto/binding.py index 79a16368..f48b59cb 100644 --- a/src/cryptography/hazmat/bindings/commoncrypto/binding.py +++ b/src/cryptography/hazmat/bindings/commoncrypto/binding.py @@ -20,6 +20,7 @@ class Binding(object): "common_hmac", "common_key_derivation", "common_cryptor", + "common_symmetric_key_wrap", "secimport", "secitem", "seckey", diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_symmetric_key_wrap.py b/src/cryptography/hazmat/bindings/commoncrypto/common_symmetric_key_wrap.py new file mode 100644 index 00000000..ea9e459d --- /dev/null +++ b/src/cryptography/hazmat/bindings/commoncrypto/common_symmetric_key_wrap.py @@ -0,0 +1,37 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#include <CommonCrypto/CommonSymmetricKeywrap.h> +""" + +TYPES = """ +enum { + kCCWRAPAES = 1, +}; + +typedef uint32_t CCWrappingAlgorithm; +""" + +FUNCTIONS = """ +int CCSymmetricKeyWrap(CCWrappingAlgorithm, const uint8_t *, const size_t, + const uint8_t *, size_t, const uint8_t *, size_t, + uint8_t *, size_t *); +int CCSymmetricKeyUnwrap(CCWrappingAlgorithm algorithm, const uint8_t *, + const size_t, const uint8_t *, size_t, + const uint8_t *, size_t, uint8_t *, size_t *); +size_t CCSymmetricWrappedSize(CCWrappingAlgorithm, size_t); +size_t CCSymmetricUnwrappedSize(CCWrappingAlgorithm, size_t); + +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" + +CONDITIONAL_NAMES = {} diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index f5638da7..949a936e 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -139,6 +139,7 @@ int X509_get_ext_count(X509 *); int X509_add_ext(X509 *, X509_EXTENSION *, int); X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *); X509_EXTENSION *X509_get_ext(X509 *, int); +int X509_get_ext_by_NID(X509 *, int, int); int X509_EXTENSION_get_critical(X509_EXTENSION *); ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); void X509_EXTENSION_free(X509_EXTENSION *); diff --git a/src/cryptography/hazmat/bindings/openssl/x509v3.py b/src/cryptography/hazmat/bindings/openssl/x509v3.py index 3b007249..28dd7f32 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509v3.py +++ b/src/cryptography/hazmat/bindings/openssl/x509v3.py @@ -55,6 +55,11 @@ typedef struct { } EDIPARTYNAME; typedef struct { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct { int type; union { char *ptr; @@ -81,6 +86,12 @@ typedef struct { typedef struct stack_st_GENERAL_NAME GENERAL_NAMES; +typedef struct { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +} AUTHORITY_KEYID; + typedef ... Cryptography_LHASH_OF_CONF_VALUE; """ @@ -95,6 +106,9 @@ void *X509V3_EXT_d2i(X509_EXTENSION *); """ MACROS = """ +/* This is a macro defined by a call to DECLARE_ASN1_FUNCTIONS in the + x509v3.h header. */ +void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *); void *X509V3_set_ctx_nodb(X509V3_CTX *); int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *); int sk_GENERAL_NAME_push(struct stack_st_GENERAL_NAME *, GENERAL_NAME *); diff --git a/vectors/cryptography_vectors/x509/cryptography.io.pem b/vectors/cryptography_vectors/x509/cryptography.io.pem new file mode 100644 index 00000000..e13b8b50 --- /dev/null +++ b/vectors/cryptography_vectors/x509/cryptography.io.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFvTCCBKWgAwIBAgICPyAwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAeBgNVBAMTF1JhcGlkU1NMIFNIQTI1 +NiBDQSAtIEczMB4XDTE0MTAxNTEyMDkzMloXDTE4MTExNjAxMTUwM1owgZcxEzAR +BgNVBAsTCkdUNDg3NDI5NjUxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29t +L3Jlc291cmNlcy9jcHMgKGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZh +bGlkYXRlZCAtIFJhcGlkU1NMKFIpMRwwGgYDVQQDExN3d3cuY3J5cHRvZ3JhcGh5 +LmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAom/FebKJIot7Sp3s +itG1sicpe3thCssjI+g1JDAS7I3GLVNmbms1DOdIIqwf01gZkzzXBN2+9sOnyRaR +PPfCe1jTr3dk2y6rPE559vPa1nZQkhlzlhMhlPyjaT+S7g4Tio4qV2sCBZU01DZJ +CaksfohN+5BNVWoJzTbOcrHOEJ+M8B484KlBCiSxqf9cyNQKru4W3bHaCVNVJ8eu +6i6KyhzLa0L7yK3LXwwXVs583C0/vwFhccGWsFODqD/9xHUzsBIshE8HKjdjDi7Y +3BFQzVUQFjBB50NSZfAA/jcdt1blxJouc7z9T8Oklh+V5DDBowgAsrT4b6Z2Fq6/ +r7D1GqivLK/ypUQmxq2WXWAUBb/Q6xHgxASxI4Br+CByIUQJsm8L2jzc7k+mF4hW +ltAIUkbo8fGiVnat0505YJgxWEDKOLc4Gda6d/7GVd5AvKrz242bUqeaWo6e4MTx +diku2Ma3rhdcr044Qvfh9hGyjqNjvhWY/I+VRWgihU7JrYvgwFdJqsQ5eiKT4OHi +gsejvWwkZzDtiQ+aQTrzM1FsY2swJBJsLSX4ofohlVRlIJCn/ME+XErj553431Lu +YQ5SzMd3nXzN78Vj6qzTfMUUY72UoT1/AcFiUMobgIqrrmwuNxfrkbVE2b6Bga74 +FsJX63prvrJ41kuHK/16RQBM7fcCAwEAAaOCAWAwggFcMB8GA1UdIwQYMBaAFMOc +8/zTRgg0u85Gf6B8W/PiCMtZMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYT +aHR0cDovL2d2LnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2d2LnN5bWNi +LmNvbS9ndi5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAvBgNVHREEKDAmghN3d3cuY3J5cHRvZ3JhcGh5Lmlvgg9jcnlw +dG9ncmFwaHkuaW8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2d2LnN5bWNiLmNv +bS9ndi5jcmwwDAYDVR0TAQH/BAIwADBFBgNVHSAEPjA8MDoGCmCGSAGG+EUBBzYw +LDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMA0G +CSqGSIb3DQEBCwUAA4IBAQAzIYO2jx7h17FBT74tJ2zbV9OKqGb7QF8y3wUtP4xc +dH80vprI/Cfji8s86kr77aAvAqjDjaVjHn7UzebhSUivvRPmfzRgyWBacomnXTSt +Xlt2dp2nDQuwGyK2vB7dMfKnQAkxwq1sYUXznB8i0IhhCAoXp01QGPKq51YoIlnF +7DRMk6iEaL1SJbkIrLsCQyZFDf0xtfW9DqXugMMLoxeCsBhZJQzNyS2ryirrv9LH +aK3+6IZjrcyy9bkpz/gzJucyhU+75c4My/mnRCrtItRbCQuiI5pd5poDowm+HH9i +GVI9+0lAFwxOUnOnwsoI40iOoxjLMGB+CgFLKCGUcWxP +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/basic_constraints_not_critical.pem b/vectors/cryptography_vectors/x509/custom/basic_constraints_not_critical.pem new file mode 100644 index 00000000..c3ff0bc2 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/basic_constraints_not_critical.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgITBmYB+SFPEZRZNNeTT0olHN1YhjANBgkqhkiG9w0BAQUF +ADApMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8xDTALBgNVBAoMBFB5Q0EwHhcN +MTUwMzIwMjA0NTU3WhcNMTYwMzE5MjA0NTU3WjApMRgwFgYDVQQDDA9jcnlwdG9n +cmFwaHkuaW8xDTALBgNVBAoMBFB5Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQChQRMRWcjI+DDF6chy/LS/zikQ6OaLGKlXRsHy9+Wf2oEiIVZec31X +D9ufq8PrCJbkB13D1HCr30B3RYIHRbidSvEq48NEklEwpt6psYSPZjS5a+zcRxMX +z0d4od5iT363JVtru+WOMJ8KD/g2oLK/BiwjDc3cpRTsaVjxk6pbr8eWbxkJknwG +49I/oGZrhAS4JShtZ15VWwO/CBeGYRzbKROXEFcPxmiboUQW6TbV/1EiMGdBrWm6 +CaTYzmWOJIVgJhpej3Unii5QqH7OQXOqH+aqvbD9RkY7hauYy+njj6z+tnEnqWVv +pTOITeBjXPZmnHWIpeL/dvxreahnhjNnAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJ +KoZIhvcNAQEFBQADggEBAAd4cW5uIWCBpdWrbH3fy1VIOa82zcjvq2Ow8BHqMOjd +rkCgomAgHPqMBeIM2rsKx4RsCGxMZkAfDIARrrdREDa1rKdGxfso7MJtfn7yyi4r +aJIoOM4pZDtr9rrJn+RiaLwZ8paLSyAOIK78IjY2IgYEISUxN5oK2z2yoy+7ch1f +ZA54y513w6Pmf8Z57aYVkmUHRuHGc0YvhzpPFbzrgPh6xwhhZq/fSV1Gv3KrrElc +vgC/Vn8AxtLeKx1z3vrWGmMQ1nyFzKW7udP9ZijZHAgz5QRaNVSvV/WF9bFd1TFZ +7OvphkJwAA3tSxuil8G9I6WIinEdiRifxplhR6LbI2w= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/custom/two_basic_constraints.pem b/vectors/cryptography_vectors/x509/custom/two_basic_constraints.pem new file mode 100644 index 00000000..3ecd56c5 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/two_basic_constraints.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBjCCAe6gAwIBAgITBmYA9IeUP5+hhum5bshgK94QSDANBgkqhkiG9w0BAQUF +ADApMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8xDTALBgNVBAoMBFB5Q0EwHhcN +MTUwMzIwMTk0ODEzWhcNMTYwMzE5MTk0ODEzWjApMRgwFgYDVQQDDA9jcnlwdG9n +cmFwaHkuaW8xDTALBgNVBAoMBFB5Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDHAGmU6+GGbXRpYZ7PKyoKi/flz5QCVZYwHDdlEXn9mwp1tcz7zwF9 +a1LJxERTvVSpHiH+4tW96s47e836dhFIm22rJZb/sIrzWszVTgpUk2OtFxFMcOKc +PowEpNXM4z4YYUs+XEm5g7HERIAfCpLwhGlpF0zJDWUfclumvZfgh01qFotuYF+y +BWKln9zQq1CTE4zGLztNinasAoHiCmpumZICjbLv/fq0Z3Lo+9VYOXY3a9jPsBD/ +WNSI9OYR5rvuFrfvy6DlYQ9+Uyy2R4nmYr7jYPxZKEL2TDYzKM4pHd2cYQvvSWbX +ZIl2/I0DXkA1+/D2yhiyKTh7h6Q0svVZAgMBAAGjJzAlMA8GA1UdEwEB/wQFMAMB +Af8wEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOCAQEAYDp4rotH +zP05MUzfv9cf8jpEMw8ipbFvbw22anVZMS/z7PZ4ZWSHMPpPoMdas+03zsGNnE9N +cov/ct7HEdN5KwFacRVIKADZde8/SwZ8sCd8KSoHdMaAv18gtNU9CVt/TrGl3iFd +EP+F3zBi8SO0jujQsCyd8D7PSH0LilKfFGXRHn/x1dwDqJMaPoKGrUPMXVbOE9Ld +re469sD20a+eqcp7LUMrKD6aTr7LKFAsIX+VKRsR1BpyVGG7Gi0t6hyVK1vcvH+D ++Rb/iCLSlhjHlXg4DZGrlruDXL81TVy4UtPopbN9A2+kSmP5Saax3oyoFch26hjF +eWLyMsYlzr+ksA== +-----END CERTIFICATE----- |