diff options
| -rw-r--r-- | CHANGELOG.rst | 11 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 5 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/index.rst | 40 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/interfaces.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/cmac.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/hmac.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/cmac.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/hmac.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/mac.py | 37 |
9 files changed, 21 insertions, 88 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 668c46eb..019d2577 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,11 +1,18 @@ Changelog ========= +.. _v2-7: + 2.7 - `master`_ ~~~~~~~~~~~~~~~ .. note:: This version is not yet released and is under active development. +* **BACKWARDS INCOMPATIBLE:** Removed the + ``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and + ``HMAC`` APIs have not changed, but they are no longer registered as + ``MACContext`` instances. + .. _v2-6-1: 2.6.1 - 2019-02-27 @@ -1143,8 +1150,8 @@ Changelog :class:`~cryptography.fernet.MultiFernet`. * More bit-lengths are now supported for ``p`` and ``q`` when loading DSA keys from numbers. -* Added :class:`~cryptography.hazmat.primitives.mac.MACContext` as a - common interface for CMAC and HMAC and deprecated ``CMACContext``. +* Added ``MACContext`` as a common interface for CMAC and HMAC and + deprecated ``CMACContext``. * Added support for encoding and decoding :rfc:`6979` signatures in :doc:`/hazmat/primitives/asymmetric/utils`. * Added diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 2c2d70ec..36dd3a7a 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -159,14 +159,13 @@ A specific ``backend`` may provide one or more of these interfaces. .. method:: create_cmac_ctx(algorithm) Create a - :class:`~cryptography.hazmat.primitives.mac.MACContext` that + context that uses the specified ``algorithm`` to calculate a message authentication code. :param algorithm: An instance of :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`. - :returns: - :class:`~cryptography.hazmat.primitives.mac.MACContext` + :returns: CMAC object. .. class:: PBKDF2HMACBackend diff --git a/docs/hazmat/primitives/mac/index.rst b/docs/hazmat/primitives/mac/index.rst index 86c407c4..f85eaa0e 100644 --- a/docs/hazmat/primitives/mac/index.rst +++ b/docs/hazmat/primitives/mac/index.rst @@ -3,48 +3,16 @@ Message authentication codes ============================ -While cryptography supports both the CMAC and HMAC algorithms, we strongly -recommend that HMAC should be used unless you have a good reason otherwise. +While cryptography supports multiple MAC algorithms, we strongly +recommend that HMAC should be used unless you have a very specific need. For more information on why HMAC is preferred, see `Use cases for CMAC vs. HMAC?`_ -HMAC and CMAC both use the ``MACContext`` interface: - -.. currentmodule:: cryptography.hazmat.primitives.mac - -.. class:: MACContext - - .. versionadded:: 0.7 - - .. method:: update(data) - - :param bytes data: The data you want to authenticate. - - .. method:: finalize() - - :return: The message authentication code. - - .. method:: copy() - - :return: A - :class:`~cryptography.hazmat.primitives.mac.MACContext` that - is a copy of the current context. - - .. method:: verify(signature) - - :param bytes signature: The signature to verify. - - :raises cryptography.exceptions.InvalidSignature: This is raised when - the provided signature does not match the expected signature. - - - -.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC -.. _`Use cases for CMAC vs. HMAC?`: https://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac - .. toctree:: :maxdepth: 1 cmac hmac + +.. _`Use cases for CMAC vs. HMAC?`: https://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py index 0a476b99..20f4164e 100644 --- a/src/cryptography/hazmat/backends/interfaces.py +++ b/src/cryptography/hazmat/backends/interfaces.py @@ -57,7 +57,7 @@ class HMACBackend(object): @abc.abstractmethod def create_hmac_ctx(self, key, algorithm): """ - Create a MACContext for calculating a message authentication code. + Create a context for calculating a message authentication code. """ @@ -72,7 +72,7 @@ class CMACBackend(object): @abc.abstractmethod def create_cmac_ctx(self, algorithm): """ - Create a MACContext for calculating a message authentication code. + Create a context for calculating a message authentication code. """ diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py index bc88f336..d4d46f55 100644 --- a/src/cryptography/hazmat/backends/openssl/cmac.py +++ b/src/cryptography/hazmat/backends/openssl/cmac.py @@ -9,11 +9,10 @@ from cryptography import utils from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) -from cryptography.hazmat.primitives import constant_time, mac +from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.ciphers.modes import CBC -@utils.register_interface(mac.MACContext) class _CMACContext(object): def __init__(self, backend, algorithm, ctx=None): if not backend.cmac_algorithm_supported(algorithm): diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py index 4b66a610..2e09cbc8 100644 --- a/src/cryptography/hazmat/backends/openssl/hmac.py +++ b/src/cryptography/hazmat/backends/openssl/hmac.py @@ -9,10 +9,9 @@ from cryptography import utils from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) -from cryptography.hazmat.primitives import constant_time, hashes, mac +from cryptography.hazmat.primitives import constant_time, hashes -@utils.register_interface(mac.MACContext) @utils.register_interface(hashes.HashContext) class _HMACContext(object): def __init__(self, backend, key, algorithm, ctx=None): diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py index 1404eac3..95a8d975 100644 --- a/src/cryptography/hazmat/primitives/cmac.py +++ b/src/cryptography/hazmat/primitives/cmac.py @@ -9,10 +9,9 @@ from cryptography.exceptions import ( AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import ciphers, mac +from cryptography.hazmat.primitives import ciphers -@utils.register_interface(mac.MACContext) class CMAC(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, CMACBackend): diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py index f7f401d2..9eceeac2 100644 --- a/src/cryptography/hazmat/primitives/hmac.py +++ b/src/cryptography/hazmat/primitives/hmac.py @@ -9,10 +9,9 @@ from cryptography.exceptions import ( AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import hashes, mac +from cryptography.hazmat.primitives import hashes -@utils.register_interface(mac.MACContext) @utils.register_interface(hashes.HashContext) class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): diff --git a/src/cryptography/hazmat/primitives/mac.py b/src/cryptography/hazmat/primitives/mac.py deleted file mode 100644 index 4c95190b..00000000 --- a/src/cryptography/hazmat/primitives/mac.py +++ /dev/null @@ -1,37 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import abc - -import six - - -@six.add_metaclass(abc.ABCMeta) -class MACContext(object): - @abc.abstractmethod - def update(self, data): - """ - Processes the provided bytes. - """ - - @abc.abstractmethod - def finalize(self): - """ - Returns the message authentication code as bytes. - """ - - @abc.abstractmethod - def copy(self): - """ - Return a MACContext that is a copy of the current context. - """ - - @abc.abstractmethod - def verify(self, signature): - """ - Checks if the generated message authentication code matches the - signature. - """ |