diff options
| -rw-r--r-- | CHANGELOG.rst | 1 | ||||
| -rw-r--r-- | docs/development/test-vectors.rst | 10 | ||||
| -rw-r--r-- | docs/limitations.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/padding.py | 48 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/src/padding.c | 39 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/src/padding.h | 5 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem | 7 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der | bin | 0 -> 140 bytes | |||
| -rw-r--r-- | vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem | 5 |
9 files changed, 73 insertions, 44 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 053e7552..ccc2e20b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -78,6 +78,7 @@ Changelog support loading DER encoded public keys. * Fixed building against LibreSSL, a compile-time substitute for OpenSSL. * FreeBSD 9.2 was removed from the continuous integration system. +* Updated Windows wheels to be compiled against OpenSSL 1.0.2. * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` and deprecated diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index a0849a40..3d40a210 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -33,6 +33,9 @@ Asymmetric ciphers `unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The contents of `enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher. * `Botan's ECC private keys`_. +* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the + Ruby test suite. + Custom Asymmetric Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -71,7 +74,9 @@ Custom Asymmetric Vectors `OpenSSL example key`_ for RSA. * DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and `unenc-rsa-pkcs8.pem`_. - +* ``asymmetric/public/PKCS1/rsa.pub.pem`` and + ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public + key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding. X.509 ~~~~~ @@ -221,7 +226,7 @@ header format (substituting the correct information): .. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01 .. _`Specification repository`: https://github.com/fernet/spec .. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238 -.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200 +.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem .. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d .. _`enc-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem .. _`enc2-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem @@ -237,3 +242,4 @@ header format (substituting the correct information): .. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem .. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt .. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053 +.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53 diff --git a/docs/limitations.rst b/docs/limitations.rst index ce61d893..0dfc49ca 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -16,4 +16,4 @@ Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not consider this a high risk for most users. .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx -.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources +.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py index 8ad64dec..6247f7b5 100644 --- a/src/cryptography/hazmat/primitives/padding.py +++ b/src/cryptography/hazmat/primitives/padding.py @@ -6,6 +6,8 @@ from __future__ import absolute_import, division, print_function import abc +import os + import six from cryptography import utils @@ -13,47 +15,11 @@ from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi -TYPES = """ -uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); -""" - -FUNCTIONS = """ -/* Returns the value of the input with the most-significant-bit copied to all - of the bits. */ -static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { - return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; -} - -/* This returns 0xFF if a < b else 0x00, but does so in a constant time - fashion */ -static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { - a -= b; - return Cryptography_DUPLICATE_MSB_TO_ALL(a); -} - -uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, - uint8_t block_len) { - uint8_t i; - uint8_t pad_size = data[block_len - 1]; - uint8_t mismatch = 0; - for (i = 0; i < block_len; i++) { - unsigned int mask = Cryptography_constant_time_lt(i, pad_size); - uint8_t b = data[block_len - 1 - i]; - mismatch |= (mask & (pad_size ^ b)); - } - - /* Check to make sure the pad_size was within the valid range. */ - mismatch |= ~Cryptography_constant_time_lt(0, pad_size); - mismatch |= Cryptography_constant_time_lt(block_len, pad_size); - - /* Make sure any bits set are copied to the lowest bit */ - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - /* Now check the low bit to see if it's set */ - return (mismatch & 1) == 0; -} -""" +with open(os.path.join(os.path.dirname(__file__), "src/padding.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/padding.c")) as f: + FUNCTIONS = f.read() _ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS) diff --git a/src/cryptography/hazmat/primitives/src/padding.c b/src/cryptography/hazmat/primitives/src/padding.c new file mode 100644 index 00000000..570bad9f --- /dev/null +++ b/src/cryptography/hazmat/primitives/src/padding.c @@ -0,0 +1,39 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this +// repository for complete details. + +/* Returns the value of the input with the most-significant-bit copied to all + of the bits. */ +static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { + return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; +} + +/* This returns 0xFF if a < b else 0x00, but does so in a constant time + fashion */ +static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { + a -= b; + return Cryptography_DUPLICATE_MSB_TO_ALL(a); +} + +uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, + uint8_t block_len) { + uint8_t i; + uint8_t pad_size = data[block_len - 1]; + uint8_t mismatch = 0; + for (i = 0; i < block_len; i++) { + unsigned int mask = Cryptography_constant_time_lt(i, pad_size); + uint8_t b = data[block_len - 1 - i]; + mismatch |= (mask & (pad_size ^ b)); + } + + /* Check to make sure the pad_size was within the valid range. */ + mismatch |= ~Cryptography_constant_time_lt(0, pad_size); + mismatch |= Cryptography_constant_time_lt(block_len, pad_size); + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/src/cryptography/hazmat/primitives/src/padding.h b/src/cryptography/hazmat/primitives/src/padding.h new file mode 100644 index 00000000..4d218b1a --- /dev/null +++ b/src/cryptography/hazmat/primitives/src/padding.h @@ -0,0 +1,5 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this +// repository for complete details. + +uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem b/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem new file mode 100644 index 00000000..a2ce0bb0 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem @@ -0,0 +1,7 @@ +-----BEGIN DSA PUBLIC KEY----- +MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4 +VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE +p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX +SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7 +fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ== +-----END DSA PUBLIC KEY----- diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der Binary files differnew file mode 100644 index 00000000..4bccbb26 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem new file mode 100644 index 00000000..6db528cf --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem @@ -0,0 +1,5 @@ +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBALskegl+DrI3Msw5Z63xnj1rgoPR0KykwBi+jZgAwHv/B0TJyhy6NuEn +af+x442L7lepOqoWQzlUGXyuaSQU9mT/vHTGZ2xM8QJJaccr4eGho0MU9HePyNCF +WjWVrGKpwSEAd6CLlzC0Wiy4kC9IoAUoS/IPjeyLTQNCddatgcARAgMBAAE= +-----END RSA PUBLIC KEY----- |