diff options
| -rw-r--r-- | .travis.yml | 48 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/binding.py | 1 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/cmac.py | 65 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 12 | ||||
| -rw-r--r-- | docs/development/test-vectors.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/interfaces.rst | 67 | ||||
| -rw-r--r-- | docs/installation.rst | 7 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 10 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt | 60 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt | 22 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt | 23 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt | 22 |
12 files changed, 292 insertions, 51 deletions
diff --git a/.travis.yml b/.travis.yml index 7d5663d8..6a235140 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,11 +6,6 @@ compiler: - clang - gcc env: - # this global section can be removed when - # https://github.com/travis-ci/travis-ci/issues/1844 is fixed - global: - - CI=true - - TRAVIS=true matrix: - TOX_ENV=py26 - TOX_ENV=py27 @@ -50,49 +45,6 @@ notifications: matrix: exclude: - os: osx - env: TOX_ENV=py26 - compiler: gcc - - os: osx - env: TOX_ENV=py27 - compiler: gcc - - os: osx - env: TOX_ENV=py32 - compiler: gcc - - os: osx - env: TOX_ENV=py33 - compiler: gcc - - os: osx - env: TOX_ENV=py34 - compiler: gcc - - os: osx - env: TOX_ENV=pypy - compiler: gcc - - os: osx - env: TOX_ENV=py26 OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=py27 OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=py32 OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=py33 OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=py34 OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=pypy OPENSSL=0.9.8 - compiler: gcc - - os: osx - env: TOX_ENV=docs - compiler: gcc - - os: osx - env: TOX_ENV=pep8 - compiler: gcc - - os: osx - env: TOX_ENV=py3pep8 compiler: gcc - os: osx env: TOX_ENV=pep8 diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 927406c6..acf9d42c 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -48,6 +48,7 @@ class Binding(object): "asn1", "bignum", "bio", + "cmac", "conf", "crypto", "dh", diff --git a/cryptography/hazmat/bindings/openssl/cmac.py b/cryptography/hazmat/bindings/openssl/cmac.py new file mode 100644 index 00000000..c8bcc824 --- /dev/null +++ b/cryptography/hazmat/bindings/openssl/cmac.py @@ -0,0 +1,65 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#if OPENSSL_VERSION_NUMBER >= 0x10001000L +#include <openssl/cmac.h> +#endif +""" + +TYPES = """ +static const int Cryptography_HAS_CMAC; +typedef ... CMAC_CTX; +""" + +FUNCTIONS = """ +""" + +MACROS = """ +CMAC_CTX *CMAC_CTX_new(void); +int CMAC_Init(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *, ENGINE *); +int CMAC_Update(CMAC_CTX *, const void *, size_t); +int CMAC_Final(CMAC_CTX *, unsigned char *, size_t *); +int CMAC_CTX_copy(CMAC_CTX *, const CMAC_CTX *); +void CMAC_CTX_free(CMAC_CTX *); +""" + +CUSTOMIZATIONS = """ +#if OPENSSL_VERSION_NUMBER < 0x10001000L + +static const long Cryptography_HAS_CMAC = 0; +typedef void CMAC_CTX; +CMAC_CTX *(*CMAC_CTX_new)(void) = NULL; +int (*CMAC_Init)(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *, + ENGINE *) = NULL; +int (*CMAC_Update)(CMAC_CTX *, const void *, size_t) = NULL; +int (*CMAC_Final)(CMAC_CTX *, unsigned char *, size_t *) = NULL; +int (*CMAC_CTX_copy)(CMAC_CTX *, const CMAC_CTX *) = NULL; +void (*CMAC_CTX_free)(CMAC_CTX *) = NULL; +#else +static const long Cryptography_HAS_CMAC = 1; +#endif +""" + +CONDITIONAL_NAMES = { + "Cryptography_HAS_CMAC": [ + "CMAC_CTX_new", + "CMAC_Init", + "CMAC_Update", + "CMAC_Final", + "CMAC_CTX_copy", + "CMAC_CTX_free", + ], +} diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index e70338ba..4d92ef27 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -185,6 +185,12 @@ class HashContext(object): @six.add_metaclass(abc.ABCMeta) class RSAPrivateKey(object): + @abc.abstractmethod + def signer(self, padding, algorithm, backend): + """ + Returns an AsymmetricSignatureContext used for signing data. + """ + @abc.abstractproperty def modulus(self): """ @@ -270,6 +276,12 @@ class RSAPrivateKey(object): @six.add_metaclass(abc.ABCMeta) class RSAPublicKey(object): + @abc.abstractmethod + def verifier(self, signature, padding, algorithm, backend): + """ + Returns an AsymmetricVerificationContext used for verifying signatures. + """ + @abc.abstractproperty def modulus(self): """ diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index a1692c19..5f31e304 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -89,6 +89,11 @@ Two factor authentication * TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC 6238 exists) +CMAC +~~~~ + +* AES-128, AES-192, AES-256, 3DES from `NIST SP-800-38B`_ + Creating test vectors --------------------- @@ -138,3 +143,4 @@ header format (substituting the correct information): .. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors .. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE .. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html +.. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 9a1f3307..f4fb8ded 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -112,6 +112,27 @@ Asymmetric interfaces An `RSA`_ private key. + .. method:: signer(padding, algorithm, backend) + + .. versionadded:: 0.3 + + Sign data which can be verified later by others using the public key. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` + .. method:: public_key() :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` @@ -200,6 +221,31 @@ Asymmetric interfaces An `RSA`_ public key. + .. method:: verifier(signature, padding, algorithm, backend) + + .. versionadded:: 0.3 + + Verify data was signed by the private key associated with this public + key. + + :param bytes signature: The signature to verify. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + + .. attribute:: modulus :type: int @@ -402,6 +448,27 @@ Hash algorithms The internal block size of the hash algorithm in bytes. +.. class:: HashContext + + .. attribute:: algorithm + + A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that + will be used by this context. + + .. method:: update(data) + + :param data bytes: The data you want to hash. + + .. method:: finalize() + + :return: The final digest as bytes. + + .. method:: copy() + + :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext` + that is a copy of the current context. + + Key derivation functions ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/installation.rst b/docs/installation.rst index ac4c13cd..a0dd5f22 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -15,9 +15,10 @@ these operating systems. * x86-64 CentOS 6.4 and CentOS 5 * x86-64 FreeBSD 9.2 and FreeBSD 10 -* OS X 10.9 and OS X 10.8 +* OS X 10.9 Mavericks, 10.8 Mountain Lion, and 10.7 Lion * x86-64 Ubuntu 12.04 LTS * 32-bit Python on 64-bit Windows Server 2008 +* 64-bit Python on 64-bit Windows Server 2012 On Windows ---------- @@ -30,8 +31,8 @@ to include the corresponding locations. For example: .. code-block:: console C:\> \path\to\vcvarsall.bat x86_amd64 - C:\> set LIB=C:\OpenSSL-1.0.1f-64bit\lib;%LIB% - C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE% + C:\> set LIB=C:\OpenSSL-1.0.1g-64bit\lib;%LIB% + C:\> set INCLUDE=C:\OpenSSL-1.0.1g-64bit\include;%INCLUDE% C:\> pip install cryptography Building cryptography on Linux diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index cc87d981..236a3bb1 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1065,6 +1065,8 @@ class TestRSAPKCS1Verification(object): load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ + "SigGen15_186-2.rsp", + "SigGen15_186-3.rsp", "SigVer15_186-3.rsp", ], hashes.SHA1(), @@ -1078,6 +1080,8 @@ class TestRSAPKCS1Verification(object): load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ + "SigGen15_186-2.rsp", + "SigGen15_186-3.rsp", "SigVer15_186-3.rsp", ], hashes.SHA224(), @@ -1091,6 +1095,8 @@ class TestRSAPKCS1Verification(object): load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ + "SigGen15_186-2.rsp", + "SigGen15_186-3.rsp", "SigVer15_186-3.rsp", ], hashes.SHA256(), @@ -1104,6 +1110,8 @@ class TestRSAPKCS1Verification(object): load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ + "SigGen15_186-2.rsp", + "SigGen15_186-3.rsp", "SigVer15_186-3.rsp", ], hashes.SHA384(), @@ -1117,6 +1125,8 @@ class TestRSAPKCS1Verification(object): load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ + "SigGen15_186-2.rsp", + "SigGen15_186-3.rsp", "SigVer15_186-3.rsp", ], hashes.SHA512(), diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt new file mode 100644 index 00000000..60561e05 --- /dev/null +++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt @@ -0,0 +1,60 @@ +# 3DES-CMAC Test Vectors +# NIST SP_800-38B + +# Three Key +COUNT = 0 +KEY1 = 8aa83bf8cbda1062 +KEY2 = 0bc1bf19fbb6cd58 +KEY3 = bc313d4a371ca8b5 +MESSAGE = +OUTPUT = b7a688e122ffaf95 + +COUNT = 1 +KEY1 = 8aa83bf8cbda1062 +KEY2 = 0bc1bf19fbb6cd58 +KEY3 = bc313d4a371ca8b5 +MESSAGE = 6bc1bee22e409f96 +OUTPUT = 8e8f293136283797 + +COUNT = 2 +KEY1 = 8aa83bf8cbda1062 +KEY2 = 0bc1bf19fbb6cd58 +KEY3 = bc313d4a371ca8b5 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a57 +OUTPUT = 743ddbe0ce2dc2ed + +COUNT = 3 +KEY1 = 8aa83bf8cbda1062 +KEY2 = 0bc1bf19fbb6cd58 +KEY3 = bc313d4a371ca8b5 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51 +OUTPUT = 33e6b1092400eae5 + +# Two Key +COUNT = 4 +KEY1 = 4cf15134a2850dd5 +KEY2 = 8a3d10ba80570d38 +KEY3 = 4cf15134a2850dd5 +MESSAGE = +OUTPUT = bd2ebf9a3ba00361 + +COUNT = 5 +KEY1 = 4cf15134a2850dd5 +KEY2 = 8a3d10ba80570d38 +KEY3 = 4cf15134a2850dd5 +MESSAGE = 6bc1bee22e409f96 +OUTPUT = 4ff2ab813c53ce83 + +COUNT = 6 +KEY1 = 4cf15134a2850dd5 +KEY2 = 8a3d10ba80570d38 +KEY3 = 4cf15134a2850dd5 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a57 +OUTPUT = 62dd1b471902bd4e + +COUNT = 7 +KEY1 = 4cf15134a2850dd5 +KEY2 = 8a3d10ba80570d38 +KEY3 = 4cf15134a2850dd5 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51 +OUTPUT = 31b1e431dabc4eb8 diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt new file mode 100644 index 00000000..7219d39d --- /dev/null +++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt @@ -0,0 +1,22 @@ +# AES-128-CMAC Test Vectors +# NIST SP_800-38B + +COUNT = 0 +KEY = 2b7e151628aed2a6abf7158809cf4f3c +MESSAGE = +OUTPUT = bb1d6929e95937287fa37d129b756746 + +COUNT = 1 +KEY = 2b7e151628aed2a6abf7158809cf4f3c +MESSAGE = 6bc1bee22e409f96e93d7e117393172a +OUTPUT = 070a16b46b4d4144f79bdd9dd04a287c + +COUNT = 2 +KEY = 2b7e151628aed2a6abf7158809cf4f3c +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411 +OUTPUT = dfa66747de9ae63030ca32611497c827 + +COUNT = 3 +KEY = 2b7e151628aed2a6abf7158809cf4f3c +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710 +OUTPUT = 51f0bebf7e3b9d92fc49741779363cfe diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt new file mode 100644 index 00000000..7c819ea3 --- /dev/null +++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt @@ -0,0 +1,23 @@ +# AES-192-CMAC Test Vectors +# NIST SP_800-38B + +COUNT = 0 +KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +MESSAGE = +OUTPUT = d17ddf46adaacde531cac483de7a9367 + +COUNT = 1 +KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +MESSAGE = 6bc1bee22e409f96e93d7e117393172a +OUTPUT = 9e99a7bf31e710900662f65e617c5184 + + +COUNT = 2 +KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411 +OUTPUT = 8a1de5be2eb31aad089a82e6ee908b0e + +COUNT = 3 +KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710 +OUTPUT = a1d5df0eed790f794d77589659f39a11 diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt new file mode 100644 index 00000000..477151bc --- /dev/null +++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt @@ -0,0 +1,22 @@ +# AES-256-CMAC Test Vectors +# NIST SP_800-38B + +COUNT = 0 +KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +MESSAGE = +OUTPUT = 028962f61b7bf89efc6b551f4667d983 + +COUNT = 1 +KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +MESSAGE = 6bc1bee22e409f96e93d7e117393172a +OUTPUT = 28a7023f452e8f82bd4bf28d8c37c35c + +COUNT = 2 +KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411 +OUTPUT = aaf3d8f1de5640c232f5b169b9c911e6 + +COUNT = 3 +KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710 +OUTPUT = e1992190549f6ed5696a2c056c315410 |