diff options
| -rwxr-xr-x | .travis/install.sh | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/multibackend.py | 12 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/nid.py | 1 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 145 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_multibackend.py | 18 |
5 files changed, 107 insertions, 79 deletions
diff --git a/.travis/install.sh b/.travis/install.sh index 3582ea12..fafc4cad 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -33,8 +33,6 @@ if [[ "${TOX_ENV}" == "docs" ]]; then fi if [[ "$DARWIN" = true ]]; then - brew update - brew install pyenv if which pyenv > /dev/null; then eval "$(pyenv init -)"; fi case "${TOX_ENV}" in py26) @@ -48,8 +46,8 @@ if [[ "$DARWIN" = true ]]; then sudo pip install virtualenv ;; pypy) - pyenv install pypy-2.3 - pyenv global pypy-2.3 + pyenv install pypy-2.3.1 + pyenv global pypy-2.3.1 pip install virtualenv ;; py32) @@ -63,8 +61,8 @@ if [[ "$DARWIN" = true ]]; then pip install virtualenv ;; py34) - pyenv install 3.4.0 - pyenv global 3.4.0 + pyenv install 3.4.1 + pyenv global 3.4.1 pip install virtualenv ;; docs) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 35e2a093..6893cad6 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -239,6 +239,18 @@ class MultiBackend(object): raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + def load_dsa_public_numbers(self, numbers): + for b in self._filtered_backends(DSABackend): + return b.load_dsa_public_numbers(numbers) + raise UnsupportedAlgorithm("DSA is not supported by the backend.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + + def load_dsa_private_numbers(self, numbers): + for b in self._filtered_backends(DSABackend): + return b.load_dsa_private_numbers(numbers) + raise UnsupportedAlgorithm("DSA is not supported by the backend.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + def cmac_algorithm_supported(self, algorithm): return any( b.cmac_algorithm_supported(algorithm) diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py index 7fa08660..133d2ca4 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/bindings/openssl/nid.py @@ -42,6 +42,7 @@ static const int NID_ecdsa_with_SHA512; static const int NID_crl_reason; static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; static const int NID_subject_alt_name; +static const int NID_issuer_alt_name; static const int NID_X9_62_c2pnb163v1; static const int NID_X9_62_c2pnb163v2; static const int NID_X9_62_c2pnb163v3; diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 86229125..63f84067 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -148,6 +148,33 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.HashContext` +.. class:: CMACBackend + + .. versionadded:: 0.4 + + A backend with methods for using CMAC + + .. method:: cmac_algorithm_supported(algorithm) + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` + provider. + :return: Returns True if the block cipher is supported for CMAC by this backend + + .. method:: create_cmac_ctx(algorithm) + + Create a + :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that + uses the specified ``algorithm`` to calculate a message authentication code. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` + + .. class:: PBKDF2HMACBackend .. versionadded:: 0.2 @@ -364,29 +391,6 @@ A specific ``backend`` may provide one or more of these interfaces. any backend specific criteria are not met. -.. class:: TraditionalOpenSSLSerializationBackend - - .. versionadded:: 0.3 - - A backend with methods for working with OpenSSL's "traditional" PKCS #1 - style key serialization. - - .. method:: load_openssl_pem_private_key(data, password) - - :param bytes data: PEM data to deserialize. - - :param bytes password: The password to use if this data is encrypted. - Should be None if the data is not encrypted. - - :return: A new instance of the appropriate private key or public key - that the serialized data contains. - - :raises ValueError: If the data could not be deserialized correctly. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is - encrypted with an unsupported algorithm. - - .. class:: DSABackend .. versionadded:: 0.4 @@ -524,56 +528,6 @@ A specific ``backend`` may provide one or more of these interfaces. any backend specific criteria are not met. - -.. class:: CMACBackend - - .. versionadded:: 0.4 - - A backend with methods for using CMAC - - .. method:: cmac_algorithm_supported(algorithm) - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` - provider. - :return: Returns True if the block cipher is supported for CMAC by this backend - - .. method:: create_cmac_ctx(algorithm) - - Create a - :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that - uses the specified ``algorithm`` to calculate a message authentication code. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` - - -.. class:: PKCS8SerializationBackend - - .. versionadded:: 0.5 - - A backend with methods for working with PKCS #8 key serialization. - - .. method:: load_pkcs8_pem_private_key(data, password) - - :param bytes data: PEM data to deserialize. - - :param bytes password: The password to use if this data is encrypted. - Should be None if the data is not encrypted. - - :return: A new instance of the appropriate private key or public key - that the serialized data contains. - - :raises ValueError: If the data could not be deserialized correctly. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is - encrypted with an unsupported algorithm. - - .. class:: EllipticCurveBackend .. versionadded:: 0.5 @@ -623,3 +577,48 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey` provider. + +.. class:: TraditionalOpenSSLSerializationBackend + + .. versionadded:: 0.3 + + A backend with methods for working with OpenSSL's "traditional" PKCS #1 + style key serialization. + + .. method:: load_openssl_pem_private_key(data, password) + + :param bytes data: PEM data to deserialize. + + :param bytes password: The password to use if this data is encrypted. + Should be None if the data is not encrypted. + + :return: A new instance of the appropriate private key or public key + that the serialized data contains. + + :raises ValueError: If the data could not be deserialized correctly. + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is + encrypted with an unsupported algorithm. + + +.. class:: PKCS8SerializationBackend + + .. versionadded:: 0.5 + + A backend with methods for working with PKCS #8 key serialization. + + .. method:: load_pkcs8_pem_private_key(data, password) + + :param bytes data: PEM data to deserialize. + + :param bytes password: The password to use if this data is encrypted. + Should be None if the data is not encrypted. + + :return: A new instance of the appropriate private key or public key + that the serialized data contains. + + :raises ValueError: If the data could not be deserialized correctly. + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is + encrypted with an unsupported algorithm. + diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index de5f1fde..168ed688 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -144,6 +144,12 @@ class DummyDSABackend(object): def dsa_parameters_supported(self, p, q, g): pass + def load_dsa_private_numbers(self, numbers): + pass + + def load_dsa_public_numbers(self, numbers): + pass + @utils.register_interface(CMACBackend) class DummyCMACBackend(object): @@ -365,6 +371,8 @@ class TestMultiBackend(object): backend.create_dsa_signature_ctx("private_key", hashes.SHA1()) backend.dsa_hash_supported(hashes.SHA1()) backend.dsa_parameters_supported(1, 2, 3) + backend.load_dsa_private_numbers("numbers") + backend.load_dsa_public_numbers("numbers") backend = MultiBackend([]) with raises_unsupported_algorithm( @@ -404,6 +412,16 @@ class TestMultiBackend(object): ): backend.dsa_parameters_supported('p', 'q', 'g') + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): + backend.load_dsa_private_numbers("numbers") + + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): + backend.load_dsa_public_numbers("numbers") + def test_cmac(self): backend = MultiBackend([ DummyCMACBackend([algorithms.AES]) |