diff options
| -rw-r--r-- | cryptography/hazmat/backends/interfaces.py | 15 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/rsa.py | 14 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 37 | ||||
| -rw-r--r-- | docs/development/test-vectors.rst | 7 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 36 | ||||
| -rw-r--r-- | docs/hazmat/primitives/interfaces.rst | 33 | ||||
| -rw-r--r-- | tests/hazmat/primitives/vectors/twofactor/rfc-4226.txt (renamed from tests/hazmat/primitives/vectors/oath/rfc-4226.txt) | 0 | ||||
| -rw-r--r-- | tests/hazmat/primitives/vectors/twofactor/rfc-6238.txt (renamed from tests/hazmat/primitives/vectors/oath/rfc-6238.txt) | 24 |
8 files changed, 152 insertions, 14 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index b867f26a..a543ba1f 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -90,3 +90,18 @@ class RSABackend(six.with_metaclass(abc.ABCMeta)): Generate an RSAPrivateKey instance with public_exponent and a modulus of key_size bits. """ + + @abc.abstractmethod + def create_rsa_signature_ctx(self, private_key, padding, algorithm): + """ + Returns an object conforming to the AsymmetricSignatureContext + interface. + """ + + @abc.abstractmethod + def create_rsa_verification_ctx(self, public_key, signature, padding, + algorithm): + """ + Returns an object conforming to the AsymmetricVerificationContext + interface. + """ diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index b6f7d04c..359305c6 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -33,7 +33,10 @@ static const int RSA_SSLV23_PADDING; static const int RSA_NO_PADDING; static const int RSA_PKCS1_OAEP_PADDING; static const int RSA_X931_PADDING; +static const int RSA_PKCS1_PSS_PADDING; static const int RSA_F4; + +static const int Cryptography_HAS_PSS_PADDING; """ FUNCTIONS = """ @@ -70,10 +73,14 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int); """ CUSTOMIZATIONS = """ -#if OPENSSL_VERSION_NUMBER < 0x10000000 +#if OPENSSL_VERSION_NUMBER >= 0x10000000 +static const long Cryptography_HAS_PSS_PADDING = 1; +#else // see evp.py for the definition of Cryptography_HAS_PKEY_CTX +static const long Cryptography_HAS_PSS_PADDING = 0; int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL; int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL; +static const long RSA_PKCS1_PSS_PADDING = 0; #endif """ @@ -81,5 +88,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_PKEY_CTX": [ "EVP_PKEY_CTX_set_rsa_padding", "EVP_PKEY_CTX_set_rsa_pss_saltlen", - ] + ], + "Cryptography_HAS_PSS_PADDING": [ + "RSA_PKCS1_PSS_PADDING", + ], } diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index 5ef469d0..11696160 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -287,6 +287,43 @@ class RSAPublicKey(six.with_metaclass(abc.ABCMeta)): """ +class AsymmetricSignatureContext(six.with_metaclass(abc.ABCMeta)): + @abc.abstractmethod + def update(self, data): + """ + Processes the provided bytes and returns nothing. + """ + + @abc.abstractmethod + def finalize(self): + """ + Returns the signature as bytes. + """ + + +class AsymmetricVerificationContext(six.with_metaclass(abc.ABCMeta)): + @abc.abstractmethod + def update(self, data): + """ + Processes the provided bytes and returns nothing. + """ + + @abc.abstractmethod + def verify(self): + """ + Raises an exception if the bytes provided to update do not match the + signature or the signature does not match the public key. + """ + + +class AsymmetricPadding(six.with_metaclass(abc.ABCMeta)): + @abc.abstractproperty + def name(self): + """ + A string naming this padding (e.g. "PSS", "PKCS1"). + """ + + class KeyDerivationFunction(six.with_metaclass(abc.ABCMeta)): @abc.abstractmethod def derive(self, key_material): diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 97b5c344..f47f08de 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -58,6 +58,12 @@ Symmetric Ciphers * CAST5 (CBC, CFB, OFB) generated by this project. See: :doc:`/development/custom-vectors/cast5` +Two Factor Authentication +~~~~~~~~~~~~~~~~~~~~~~~~~ + +* HOTP from :rfc:`4226` +* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC 6238 exists) + Creating Test Vectors --------------------- @@ -93,3 +99,4 @@ header format (substituting the correct information): .. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html .. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html .. _`Specification repository`: https://github.com/fernet/spec +.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238 diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index e6bf8f69..bd38ed50 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -212,3 +212,39 @@ A specific ``backend`` may provide one or more of these interfaces. provider. :raises ValueError: If the public_exponent is not valid. + + .. method:: create_rsa_signature_ctx(private_key, padding, algorithm) + + :param private_key: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + + :param padding: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` + + .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm) + + :param public_key: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. + + :param bytes signature: The signature to verify. + + :param padding: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index df17e59d..5be3dd95 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -231,6 +231,39 @@ Asymmetric Interfaces The public exponent. Alias for :attr:`public_exponent`. +.. class:: AsymmetricSignatureContext + + .. versionadded:: 0.2 + + .. method:: update(data) + + :param bytes data: The data you want to sign. + + .. method:: finalize() + + :return bytes signature: The signature. + + +.. class:: AsymmetricVerificationContext + + .. versionadded:: 0.2 + + .. method:: update(data) + + :param bytes data: The data you wish to verify using the signature. + + .. method:: verify() + + :raises cryptography.exceptions.InvalidSignature: If signature does not + validate. + + +.. class:: AsymmetricPadding + + .. versionadded:: 0.2 + + .. attribute:: name + Hash Algorithms ~~~~~~~~~~~~~~~ diff --git a/tests/hazmat/primitives/vectors/oath/rfc-4226.txt b/tests/hazmat/primitives/vectors/twofactor/rfc-4226.txt index 35f7f8d7..35f7f8d7 100644 --- a/tests/hazmat/primitives/vectors/oath/rfc-4226.txt +++ b/tests/hazmat/primitives/vectors/twofactor/rfc-4226.txt diff --git a/tests/hazmat/primitives/vectors/oath/rfc-6238.txt b/tests/hazmat/primitives/vectors/twofactor/rfc-6238.txt index cc209950..5a473263 100644 --- a/tests/hazmat/primitives/vectors/oath/rfc-6238.txt +++ b/tests/hazmat/primitives/vectors/twofactor/rfc-6238.txt @@ -11,13 +11,13 @@ COUNT = 1 TIME = 59 TOTP = 46119246 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 2 TIME = 59 TOTP = 90693936 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 COUNT = 3 TIME = 1111111109 @@ -29,13 +29,13 @@ COUNT = 4 TIME = 1111111109 TOTP = 68084774 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 5 TIME = 1111111109 TOTP = 25091201 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 COUNT = 6 TIME = 1111111111 @@ -47,13 +47,13 @@ COUNT = 7 TIME = 1111111111 TOTP = 67062674 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 8 TIME = 1111111111 TOTP = 99943326 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 COUNT = 9 TIME = 1234567890 @@ -65,13 +65,13 @@ COUNT = 10 TIME = 1234567890 TOTP = 91819424 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 11 TIME = 1234567890 TOTP = 93441116 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 COUNT = 12 TIME = 2000000000 @@ -83,13 +83,13 @@ COUNT = 13 TIME = 2000000000 TOTP = 90698825 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 14 TIME = 2000000000 TOTP = 38618901 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 COUNT = 15 TIME = 20000000000 @@ -101,10 +101,10 @@ COUNT = 16 TIME = 20000000000 TOTP = 77737706 MODE = SHA256 -SECRET = 12345678901234567890 +SECRET = 12345678901234567890123456789012 COUNT = 17 TIME = 20000000000 TOTP = 47863826 MODE = SHA512 -SECRET = 12345678901234567890 +SECRET = 1234567890123456789012345678901234567890123456789012345678901234 |