+ codecov --env TRAVIS_OS_NAME,TOXENV,OPENSSL

+* Added support for parsing certificate revocation lists (CRLs) using

+ :func:`~cryptography.x509.load_pem_x509_crl` and

+ :func:`~cryptography.x509.load_der_x509_crl`.

+* Add support for AES key wrapping with

+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and

+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.

+* Added an ``__hash__`` method to :class:`~cryptography.x509.Name`.

+ ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly

+ preferred** over simple ECDH and provides `forward secrecy`_ when used.

+ You must generate a new private key using :func:`generate_private_key` for

+ each :meth:`~EllipticCurvePrivateKey.exchange` when performing an ECDHE key

+ exchange.

+ .. versionadded:: 1.1

+

+.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy

+ keywrap

+.. hazmat::

+

+.. module:: cryptography.hazmat.primitives.keywrap

+

+Key wrapping

+============

+

+Key wrapping is a cryptographic construct that uses symmetric encryption to

+encapsulate key material. Key wrapping algorithms are occasionally utilized

+to protect keys at rest or transmit them over insecure networks. Many of the

+protections offered by key wrapping are also offered by using authenticated

+:doc:`symmetric encryption </hazmat/primitives/symmetric-encryption>`.

+

+.. function:: aes_key_wrap(wrapping_key, key_to_wrap, backend)

+

+ .. versionadded:: 1.1

+

+ This function performs AES key wrap (without padding) as specified in

+ :rfc:`3394`.

+

+ :param bytes wrapping_key: The wrapping key.

+

+ :param bytes key_to_wrap: The key to wrap.

+

+ :param backend: A

+ :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`

+ provider that supports

+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.

+

+ :return bytes: The wrapped key as bytes.

+

+.. function:: aes_key_unwrap(wrapping_key, wrapped_key, backend)

+

+ .. versionadded:: 1.1

+

+ This function performs AES key unwrap (without padding) as specified in

+ :rfc:`3394`.

+

+ :param bytes wrapping_key: The wrapping key.

+

+ :param bytes wrapped_key: The wrapped key.

+

+ :param backend: A

+ :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`

+ provider that supports

+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.

+

+ :return bytes: The unwrapped key as bytes.

+

+ :raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is

+ raised if the key is not successfully unwrapped.

+

+Exceptions

+~~~~~~~~~~

+

+.. class:: InvalidUnwrap

+

+ This is raised when a wrapped key fails to unwrap. It can be caused by a

+ corrupted or invalid wrapped key or an invalid wrapping key.

+ pem_crl_data = b"""

+ -----BEGIN X509 CRL-----

+ MIIBtDCBnQIBAjANBgkqhkiG9w0BAQsFADAnMQswCQYDVQQGEwJVUzEYMBYGA1UE

+ AwwPY3J5cHRvZ3JhcGh5LmlvGA8yMDE1MDEwMTAwMDAwMFoYDzIwMTYwMTAxMDAw

+ MDAwWjA+MDwCAQAYDzIwMTUwMTAxMDAwMDAwWjAmMBgGA1UdGAQRGA8yMDE1MDEw

+ MTAwMDAwMFowCgYDVR0VBAMKAQEwDQYJKoZIhvcNAQELBQADggEBABRA4ww50Lz5

+ zk1j2+aluC4HPHqb7o06h4pTDcCGeXUKXIGeP5ntGGmIoxa26sNoLeOr8+5b43Gf

+ yWraHertllOwaOpNFEe+YZFaE9femtoDbf+GLMvRx/0wDfd3KxPoXnXKMXb2d1w4

+ RCLgmkYx6JyvS+5ciuLQVIKC+l7jwIUeZFLJMUJ8msM4pFYoGameeZmtjMbd/TNg

+ cVBfmZxNMHuLladJxvSo2esARo0TYPhYsgrREKoHwhpzSxdynjn4bOVkILfguwsN

+ qtEEMZFEv5Kb0GqRp2+Iagv2S6dg9JGvxVdsoGjaB6EbYSZ3Psx4aODasIn11uwo

+ X4B9vUQNXqc=

+ -----END X509 CRL-----

+ """.strip()

+

+Loading Certificate Revocation Lists

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+.. function:: load_pem_x509_crl(data, backend)

+

+ .. versionadded:: 1.1

+

+ Deserialize a certificate revocation list (CRL) from PEM encoded data. PEM

+ requests are base64 decoded and have delimiters that look like

+ ``-----BEGIN X509 CRL-----``.

+

+ :param bytes data: The PEM encoded request data.

+

+ :param backend: A backend supporting the

+ :class:`~cryptography.hazmat.backends.interfaces.X509Backend`

+ interface.

+

+ :returns: An instance of

+ :class:`~cryptography.x509.CertificateRevocationList`.

+

+.. function:: load_der_x509_crl(data, backend)

+

+ .. versionadded:: 1.1

+

+ Deserialize a certificate revocation list (CRL) from DER encoded data. DER

+ is a binary format.

+

+ :param bytes data: The DER encoded request data.

+

+ :param backend: A backend supporting the

+ :class:`~cryptography.hazmat.backends.interfaces.X509Backend`

+ interface.

+

+ :returns: An instance of

+ :class:`~cryptography.x509.CertificateRevocationList`.

+

+.. doctest::

+

+ >>> from cryptography import x509

+ >>> from cryptography.hazmat.backends import default_backend

+ >>> from cryptography.hazmat.primitives import hashes

+ >>> crl = x509.load_pem_x509_crl(pem_crl_data, default_backend())

+ >>> isinstance(crl.signature_hash_algorithm, hashes.SHA256)

+ True

+

+ A CertificateRevocationList is an object representing a list of revoked

+ certificates. The object is iterable and will yield the RevokedCertificate

+ objects stored in this CRL.

+

+ .. doctest::

+

+ >>> len(crl)

+ 1

+ >>> revoked_certificate = crl[0]

+ >>> type(revoked_certificate)

+ <class 'cryptography.hazmat.backends.openssl.x509._RevokedCertificate'>

+ >>> for r in crl:

+ ... print(r.serial_number)

+ 0

+

+ .. doctest::

+

+ >>> from cryptography.hazmat.primitives import hashes

+ >>> crl.fingerprint(hashes.SHA256())

+ 'e\xcf.\xc4:\x83?1\xdc\xf3\xfc\x95\xd7\xb3\x87\xb3\x8e\xf8\xb93!\x87\x07\x9d\x1b\xb4!\xb9\xe4W\xf4\x1f'

+

+ .. doctest::

+

+ >>> from cryptography.hazmat.primitives import hashes

+ >>> isinstance(crl.signature_hash_algorithm, hashes.SHA256)

+ True

+

+ .. doctest::

+

+ >>> crl.issuer

+ <Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value=u'US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'cryptography.io')>])>

+

+ .. doctest::

+

+ >>> crl.next_update

+ datetime.datetime(2016, 1, 1, 0, 0)

+

+ .. doctest::

+ >>> crl.last_update

+ datetime.datetime(2015, 1, 1, 0, 0)

+ .. doctest::

+

+ >>> revoked_certificate.serial_number

+ 0

+

+ .. doctest::

+

+ >>> revoked_certificate.revocation_date

+ datetime.datetime(2015, 1, 1, 0, 0)

+

+ .. doctest::

+

+ >>> for ext in revoked_certificate.extensions:

+ ... print(ext)

+ <Extension(oid=<ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>, critical=False, value=2015-01-01 00:00:00)>

+ <Extension(oid=<ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>, critical=False, value=ReasonFlags.key_compromise)>

+

+typedef int... time_t;

+typedef int... BN_ULONG;

+

+static const int ENGINE_R_CONFLICTING_ENGINE_ID;

+ def load_pem_x509_crl(self, data):

+ for b in self._filtered_backends(X509Backend):

+ return b.load_pem_x509_crl(data)

+

+ raise UnsupportedAlgorithm(

+ "This backend does not support X.509.",

+ _Reasons.UNSUPPORTED_X509

+ )

+

+ def load_der_x509_crl(self, data):

+ for b in self._filtered_backends(X509Backend):

+ return b.load_der_x509_crl(data)

+

+ raise UnsupportedAlgorithm(

+ "This backend does not support X.509.",

+ _Reasons.UNSUPPORTED_X509

+ )

+

+ _Certificate, _CertificateRevocationList, _CertificateSigningRequest,

+ _DISTPOINT_TYPE_FULLNAME, _DISTPOINT_TYPE_RELATIVENAME

+def _encode_asn1_utf8_str(backend, string):

+ """

+ Create an ASN1_UTF8STRING from a Python unicode string.

+ This object will be a ASN1_STRING with UTF8 type in OpenSSL and

+ can be decoded with ASN1_STRING_to_UTF8.

+ """

+ s = backend._lib.ASN1_UTF8STRING_new()

+ res = backend._lib.ASN1_STRING_set(

+ s, string.encode("utf8"), len(string.encode("utf8"))

+ )

+ backend.openssl_assert(res == 1)

+ return s

+

+

+def _encode_certificate_policies(backend, certificate_policies):

+ cp = backend._lib.sk_POLICYINFO_new_null()

+ backend.openssl_assert(cp != backend._ffi.NULL)

+ cp = backend._ffi.gc(cp, backend._lib.sk_POLICYINFO_free)

+ for policy_info in certificate_policies:

+ pi = backend._lib.POLICYINFO_new()

+ backend.openssl_assert(pi != backend._ffi.NULL)

+ res = backend._lib.sk_POLICYINFO_push(cp, pi)

+ backend.openssl_assert(res >= 1)

+ oid = _txt2obj(backend, policy_info.policy_identifier.dotted_string)

+ pi.policyid = oid

+ if policy_info.policy_qualifiers:

+ pqis = backend._lib.sk_POLICYQUALINFO_new_null()

+ backend.openssl_assert(pqis != backend._ffi.NULL)

+ for qualifier in policy_info.policy_qualifiers:

+ pqi = backend._lib.POLICYQUALINFO_new()

+ backend.openssl_assert(pqi != backend._ffi.NULL)

+ res = backend._lib.sk_POLICYQUALINFO_push(pqis, pqi)

+ backend.openssl_assert(res >= 1)

+ if isinstance(qualifier, six.text_type):

+ pqi.pqualid = _txt2obj(

+ backend, x509.OID_CPS_QUALIFIER.dotted_string

+ )

+ pqi.d.cpsuri = _encode_asn1_str(

+ backend,

+ qualifier.encode("ascii"),

+ len(qualifier.encode("ascii"))

+ )

+ else:

+ assert isinstance(qualifier, x509.UserNotice)

+ pqi.pqualid = _txt2obj(

+ backend, x509.OID_CPS_USER_NOTICE.dotted_string

+ )

+ un = backend._lib.USERNOTICE_new()

+ backend.openssl_assert(un != backend._ffi.NULL)

+ pqi.d.usernotice = un

+ if qualifier.explicit_text:

+ un.exptext = _encode_asn1_utf8_str(

+ backend, qualifier.explicit_text

+ )

+

+ un.noticeref = _encode_notice_reference(

+ backend, qualifier.notice_reference

+ )

+

+ pi.qualifiers = pqis

+

+ pp = backend._ffi.new('unsigned char **')

+ r = backend._lib.i2d_CERTIFICATEPOLICIES(cp, pp)

+ backend.openssl_assert(r > 0)

+ pp = backend._ffi.gc(

+ pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])

+ )

+ return pp, r

+

+

+def _encode_notice_reference(backend, notice):

+ if notice is None:

+ return backend._ffi.NULL

+ else:

+ nr = backend._lib.NOTICEREF_new()

+ backend.openssl_assert(nr != backend._ffi.NULL)

+ # organization is a required field

+ nr.organization = _encode_asn1_utf8_str(backend, notice.organization)

+

+ notice_stack = backend._lib.sk_ASN1_INTEGER_new_null()

+ nr.noticenos = notice_stack

+ for number in notice.notice_numbers:

+ num = _encode_asn1_int(backend, number)

+ res = backend._lib.sk_ASN1_INTEGER_push(notice_stack, num)

+ backend.openssl_assert(res >= 1)

+

+ return nr

+

+

+ ExtensionOID.CERTIFICATE_POLICIES: _encode_certificate_policies,

+ def load_pem_x509_crl(self, data):

+ mem_bio = self._bytes_to_bio(data)

+ x509_crl = self._lib.PEM_read_bio_X509_CRL(

+ mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL

+ )

+ if x509_crl == self._ffi.NULL:

+ self._consume_errors()

+ raise ValueError("Unable to load CRL")

+

+ x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free)

+ return _CertificateRevocationList(self, x509_crl)

+

+ def load_der_x509_crl(self, data):

+ mem_bio = self._bytes_to_bio(data)

+ x509_crl = self._lib.d2i_X509_CRL_bio(mem_bio.bio, self._ffi.NULL)

+ if x509_crl == self._ffi.NULL:

+ self._consume_errors()

+ raise ValueError("Unable to load CRL")

+

+ x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free)

+ return _CertificateRevocationList(self, x509_crl)

+

+import datetime

+

+from cryptography.x509.oid import (

+ CRLExtensionOID, CertificatePoliciesOID, ExtensionOID

+)

+ def __init__(self, ext_count, get_ext, handlers, unsupported_exts=None):

+ self.unsupported_exts = unsupported_exts

+ "Critical extension {0} is not currently supported"

+ .format(oid), oid

+ # For extensions which are not supported by OpenSSL we pass the

+ # extension object directly to the parsing routine so it can

+ # be decoded manually.

+ if self.unsupported_exts and oid in self.unsupported_exts:

+ ext_data = ext

+ else:

+ ext_data = backend._lib.X509V3_EXT_d2i(ext)

+ if ext_data == backend._ffi.NULL:

+ backend._consume_errors()

+ raise ValueError(

+ "The {0} extension is invalid and can't be "

+ "parsed".format(oid)

+ )

+

+ value = handler(backend, ext_data)

+_CRL_REASON_CODE_TO_ENUM = {

+ 0: x509.ReasonFlags.unspecified,

+ 1: x509.ReasonFlags.key_compromise,

+ 2: x509.ReasonFlags.ca_compromise,

+ 3: x509.ReasonFlags.affiliation_changed,

+ 4: x509.ReasonFlags.superseded,

+ 5: x509.ReasonFlags.cessation_of_operation,

+ 6: x509.ReasonFlags.certificate_hold,

+ 8: x509.ReasonFlags.remove_from_crl,

+ 9: x509.ReasonFlags.privilege_withdrawn,

+ 10: x509.ReasonFlags.aa_compromise,

+}

+

+

+def _decode_crl_reason(backend, enum):

+ enum = backend._ffi.cast("ASN1_ENUMERATED *", enum)

+ enum = backend._ffi.gc(enum, backend._lib.ASN1_ENUMERATED_free)

+ code = backend._lib.ASN1_ENUMERATED_get(enum)

+

+ try:

+ return _CRL_REASON_CODE_TO_ENUM[code]

+ except KeyError:

+ raise ValueError("Unsupported reason code: {0}".format(code))

+

+

+def _decode_invalidity_date(backend, inv_date):

+ generalized_time = backend._ffi.cast(

+ "ASN1_GENERALIZEDTIME *", inv_date

+ )

+ generalized_time = backend._ffi.gc(

+ generalized_time, backend._lib.ASN1_GENERALIZEDTIME_free

+ )

+ time = backend._ffi.string(

+ backend._lib.ASN1_STRING_data(

+ backend._ffi.cast("ASN1_STRING *", generalized_time)

+ )

+ ).decode("ascii")

+ return datetime.datetime.strptime(time, "%Y%m%d%H%M%SZ")

+

+

+def _decode_cert_issuer(backend, ext):

+ """

+ This handler decodes the CertificateIssuer entry extension directly

+ from the X509_EXTENSION object. This is necessary because this entry

+ extension is not directly supported by OpenSSL 0.9.8.

+ """

+

+ data_ptr_ptr = backend._ffi.new("const unsigned char **")

+ data_ptr_ptr[0] = ext.value.data

+ gns = backend._lib.d2i_GENERAL_NAMES(

+ backend._ffi.NULL, data_ptr_ptr, ext.value.length

+ )

+

+ # Check the result of d2i_GENERAL_NAMES() is valid. Usually this is covered

+ # in _X509ExtensionParser but since we are responsible for decoding this

+ # entry extension ourselves, we have to this here.

+ if gns == backend._ffi.NULL:

+ backend._consume_errors()

+ raise ValueError(

+ "The {0} extension is corrupted and can't be parsed".format(

+ CRLExtensionOID.CERTIFICATE_ISSUER))

+

+ gns = backend._ffi.gc(gns, backend._lib.GENERAL_NAMES_free)

+ return x509.GeneralNames(_decode_general_names(backend, gns))

+

+

+@utils.register_interface(x509.RevokedCertificate)

+class _RevokedCertificate(object):

+ def __init__(self, backend, x509_revoked):

+ self._backend = backend

+ self._x509_revoked = x509_revoked

+

+ @property

+ def serial_number(self):

+ asn1_int = self._x509_revoked.serialNumber

+ self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)

+ return self._backend._asn1_integer_to_int(asn1_int)

+

+ @property

+ def revocation_date(self):

+ return self._backend._parse_asn1_time(

+ self._x509_revoked.revocationDate)

+

+ @property

+ def extensions(self):

+ return _REVOKED_CERTIFICATE_EXTENSION_PARSER.parse(

+ self._backend, self._x509_revoked

+ )

+

+

+@utils.register_interface(x509.CertificateRevocationList)

+class _CertificateRevocationList(object):

+ def __init__(self, backend, x509_crl):

+ self._backend = backend

+ self._x509_crl = x509_crl

+

+ def __eq__(self, other):

+ if not isinstance(other, x509.CertificateRevocationList):

+ return NotImplemented

+

+ res = self._backend._lib.X509_CRL_cmp(self._x509_crl, other._x509_crl)

+ return res == 0

+

+ def __ne__(self, other):

+ return not self == other

+

+ def fingerprint(self, algorithm):

+ h = hashes.Hash(algorithm, self._backend)

+ bio = self._backend._create_mem_bio()

+ res = self._backend._lib.i2d_X509_CRL_bio(

+ bio, self._x509_crl

+ )

+ self._backend.openssl_assert(res == 1)

+ der = self._backend._read_mem_bio(bio)

+ h.update(der)

+ return h.finalize()

+

+ @property

+ def signature_hash_algorithm(self):

+ oid = _obj2txt(self._backend, self._x509_crl.sig_alg.algorithm)

+ try:

+ return x509._SIG_OIDS_TO_HASH[oid]

+ except KeyError:

+ raise UnsupportedAlgorithm(

+ "Signature algorithm OID:{0} not recognized".format(oid)

+ )

+

+ @property

+ def issuer(self):

+ issuer = self._backend._lib.X509_CRL_get_issuer(self._x509_crl)

+ self._backend.openssl_assert(issuer != self._backend._ffi.NULL)

+ return _decode_x509_name(self._backend, issuer)

+

+ @property

+ def next_update(self):

+ nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)

+ self._backend.openssl_assert(nu != self._backend._ffi.NULL)

+ return self._backend._parse_asn1_time(nu)

+

+ @property

+ def last_update(self):

+ lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)

+ self._backend.openssl_assert(lu != self._backend._ffi.NULL)

+ return self._backend._parse_asn1_time(lu)

+

+ def _revoked_certificates(self):

+ revoked = self._backend._lib.X509_CRL_get_REVOKED(self._x509_crl)

+ self._backend.openssl_assert(revoked != self._backend._ffi.NULL)

+

+ num = self._backend._lib.sk_X509_REVOKED_num(revoked)

+ revoked_list = []

+ for i in range(num):

+ r = self._backend._lib.sk_X509_REVOKED_value(revoked, i)

+ self._backend.openssl_assert(r != self._backend._ffi.NULL)

+ revoked_list.append(_RevokedCertificate(self._backend, r))

+

+ return revoked_list

+

+ def __iter__(self):

+ return iter(self._revoked_certificates())

+

+ def __getitem__(self, idx):

+ return self._revoked_certificates()[idx]

+

+ def __len__(self):

+ return len(self._revoked_certificates())

+

+ @property

+ def extensions(self):

+ raise NotImplementedError()

+

+

+_REVOKED_EXTENSION_HANDLERS = {

+ CRLExtensionOID.CRL_REASON: _decode_crl_reason,

+ CRLExtensionOID.INVALIDITY_DATE: _decode_invalidity_date,

+ CRLExtensionOID.CERTIFICATE_ISSUER: _decode_cert_issuer,

+}

+

+_REVOKED_UNSUPPORTED_EXTENSIONS = set([

+ CRLExtensionOID.CERTIFICATE_ISSUER,

+])

+

+_REVOKED_CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(

+ ext_count=lambda backend, x: backend._lib.X509_REVOKED_get_ext_count(x),

+ get_ext=lambda backend, x, i: backend._lib.X509_REVOKED_get_ext(x, i),

+ handlers=_REVOKED_EXTENSION_HANDLERS,

+ unsupported_exts=_REVOKED_UNSUPPORTED_EXTENSIONS

+)

+ if result != 1:

+ errors = _consume_errors(cls.lib)

+ _openssl_assert(

+ cls.lib,

+ errors[0].reason == cls.lib.ENGINE_R_CONFLICTING_ENGINE_ID

+ )

+

+

+

+# OpenSSL is not thread safe until the locks are initialized. We call this

+# method in module scope so that it executes with the import lock. On

+# Pythons < 3.4 this import lock is a global lock, which can prevent a race

+# condition registering the OpenSSL locks. On Python 3.4+ the import lock

+# is per module so this approach will not work.

+Binding.init_static_locks()

+# This file is dual licensed under the terms of the Apache License, Version

+# 2.0, and the BSD License. See the LICENSE file in the root of this repository

+# for complete details.

+

+from __future__ import absolute_import, division, print_function

+

+import struct

+

+from cryptography.hazmat.primitives.ciphers import Cipher

+from cryptography.hazmat.primitives.ciphers.algorithms import AES

+from cryptography.hazmat.primitives.ciphers.modes import ECB

+from cryptography.hazmat.primitives.constant_time import bytes_eq

+

+

+def aes_key_wrap(wrapping_key, key_to_wrap, backend):

+ if len(wrapping_key) not in [16, 24, 32]:

+ raise ValueError("The wrapping key must be a valid AES key length")

+

+ if len(key_to_wrap) < 16:

+ raise ValueError("The key to wrap must be at least 16 bytes")

+

+ if len(key_to_wrap) % 8 != 0:

+ raise ValueError("The key to wrap must be a multiple of 8 bytes")

+

+ # RFC 3394 Key Wrap - 2.2.1 (index method)

+ encryptor = Cipher(AES(wrapping_key), ECB(), backend).encryptor()

+ a = b"\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6"

+ r = [key_to_wrap[i:i + 8] for i in range(0, len(key_to_wrap), 8)]

+ n = len(r)

+ for j in range(6):

+ for i in range(n):

+ # every encryption operation is a discrete 16 byte chunk (because

+ # AES has a 128-bit block size) and since we're using ECB it is

+ # safe to reuse the encryptor for the entire operation

+ b = encryptor.update(a + r[i])

+ # pack/unpack are safe as these are always 64-bit chunks

+ a = struct.pack(

+ ">Q", struct.unpack(">Q", b[:8])[0] ^ ((n * j) + i + 1)

+ )

+ r[i] = b[-8:]

+

+ assert encryptor.finalize() == b""

+

+ return a + b"".join(r)

+

+

+def aes_key_unwrap(wrapping_key, wrapped_key, backend):

+ if len(wrapped_key) < 24:

+ raise ValueError("Must be at least 24 bytes")

+

+ if len(wrapped_key) % 8 != 0:

+ raise ValueError("The wrapped key must be a multiple of 8 bytes")

+

+ if len(wrapping_key) not in [16, 24, 32]:

+ raise ValueError("The wrapping key must be a valid AES key length")

+

+ # Implement RFC 3394 Key Unwrap - 2.2.2 (index method)

+ decryptor = Cipher(AES(wrapping_key), ECB(), backend).decryptor()

+ aiv = b"\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6"

+

+ r = [wrapped_key[i:i + 8] for i in range(0, len(wrapped_key), 8)]

+ a = r.pop(0)

+ n = len(r)

+ for j in reversed(range(6)):

+ for i in reversed(range(n)):

+ # pack/unpack are safe as these are always 64-bit chunks

+ atr = struct.pack(

+ ">Q", struct.unpack(">Q", a)[0] ^ ((n * j) + i + 1)

+ ) + r[i]

+ # every decryption operation is a discrete 16 byte chunk so

+ # it is safe to reuse the decryptor for the entire operation

+ b = decryptor.update(atr)

+ a = b[:8]

+ r[i] = b[-8:]

+

+ assert decryptor.finalize() == b""

+

+ if not bytes_eq(a, aiv):

+ raise InvalidUnwrap()

+

+ return b"".join(r)

+

+

+class InvalidUnwrap(Exception):

+ pass

+ Version, load_der_x509_certificate, load_der_x509_crl, load_der_x509_csr,

+ load_pem_x509_certificate, load_pem_x509_crl, load_pem_x509_csr,

+ "load_pem_x509_crl",

+ "load_der_x509_crl",

+def load_pem_x509_crl(data, backend):

+ return backend.load_pem_x509_crl(data)

+

+

+def load_der_x509_crl(data, backend):

+ return backend.load_der_x509_crl(data)

+

+

+ def __repr__(self):

+ return (

+ "<Extensions({0})>".format(self._extensions)

+ )

+

+ def __hash__(self):

+ return hash((self.oid, self.value))

+

+ def __hash__(self):

+ # TODO: this is relatively expensive, if this looks like a bottleneck

+ # for you, consider optimizing!

+ return hash(tuple(self._attributes))

+

+ def load_pem_x509_crl(self, data):

+ pass

+

+ def load_der_x509_crl(self, data):

+ pass

+

+ backend.load_pem_x509_crl(b"crldata")

+ backend.load_der_x509_crl(b"crldata")

+ backend.load_pem_x509_crl(b"crldata")

+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):

+ backend.load_der_x509_crl(b"crldata")

+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):

+ b._register_osrandom_engine()

+ assert b.lib.ERR_get_error() == 0

+# This file is dual licensed under the terms of the Apache License, Version

+# 2.0, and the BSD License. See the LICENSE file in the root of this repository

+# for complete details.

+

+from __future__ import absolute_import, division, print_function

+

+import binascii

+import os

+

+import pytest

+

+from cryptography.hazmat.backends.interfaces import CipherBackend

+from cryptography.hazmat.primitives import keywrap

+from cryptography.hazmat.primitives.ciphers import algorithms, modes

+

+from .utils import _load_all_params

+from ...utils import load_nist_vectors

+

+

+@pytest.mark.requires_backend_interface(interface=CipherBackend)

+class TestAESKeyWrap(object):

+ @pytest.mark.parametrize(

+ "params",

+ _load_all_params(

+ os.path.join("keywrap", "kwtestvectors"),

+ ["KW_AE_128.txt", "KW_AE_192.txt", "KW_AE_256.txt"],

+ load_nist_vectors

+ )

+ )

+ @pytest.mark.supported(

+ only_if=lambda backend: backend.cipher_supported(

+ algorithms.AES("\x00" * 16), modes.ECB()

+ ),

+ skip_message="Does not support AES key wrap (RFC 3394) because AES-ECB"

+ " is unsupported",

+ )

+ def test_wrap(self, backend, params):

+ wrapping_key = binascii.unhexlify(params["k"])

+ key_to_wrap = binascii.unhexlify(params["p"])

+ wrapped_key = keywrap.aes_key_wrap(wrapping_key, key_to_wrap, backend)

+ assert params["c"] == binascii.hexlify(wrapped_key)

+

+ @pytest.mark.parametrize(

+ "params",

+ _load_all_params(

+ os.path.join("keywrap", "kwtestvectors"),

+ ["KW_AD_128.txt", "KW_AD_192.txt", "KW_AD_256.txt"],

+ load_nist_vectors

+ )

+ )

+ @pytest.mark.supported(

+ only_if=lambda backend: backend.cipher_supported(

+ algorithms.AES("\x00" * 16), modes.ECB()

+ ),

+ skip_message="Does not support AES key wrap (RFC 3394) because AES-ECB"

+ " is unsupported",

+ )

+ def test_unwrap(self, backend, params):

+ wrapping_key = binascii.unhexlify(params["k"])

+ wrapped_key = binascii.unhexlify(params["c"])

+ if params.get("fail") is True:

+ with pytest.raises(keywrap.InvalidUnwrap):

+ keywrap.aes_key_unwrap(wrapping_key, wrapped_key, backend)

+ else:

+ unwrapped_key = keywrap.aes_key_unwrap(

+ wrapping_key, wrapped_key, backend

+ )

+ assert params["p"] == binascii.hexlify(unwrapped_key)

+

+ @pytest.mark.supported(

+ only_if=lambda backend: backend.cipher_supported(

+ algorithms.AES("\x00" * 16), modes.ECB()

+ ),

+ skip_message="Does not support AES key wrap (RFC 3394) because AES-ECB"

+ " is unsupported",

+ )

+ def test_wrap_invalid_key_length(self, backend):

+ # The wrapping key must be of length [16, 24, 32]

+ with pytest.raises(ValueError):

+ keywrap.aes_key_wrap(b"badkey", b"sixteen_byte_key", backend)

+

+ @pytest.mark.supported(

+ only_if=lambda backend: backend.cipher_supported(

+ algorithms.AES("\x00" * 16), modes.ECB()

+ ),

+ skip_message="Does not support AES key wrap (RFC 3394) because AES-ECB"

+ " is unsupported",

+ )

+ def test_unwrap_invalid_key_length(self, backend):

+ with pytest.raises(ValueError):

+ keywrap.aes_key_unwrap(b"badkey", b"\x00" * 24, backend)

+

+ @pytest.mark.supported(

+ only_if=lambda backend: backend.cipher_supported(

+ algorithms.AES("\x00" * 16), modes.ECB()

+ ),

+ skip_message="Does not support AES key wrap (RFC 3394) because AES-ECB"

+ " is unsupported",

+ )

+ def test_wrap_invalid_key_to_wrap_length(self, backend):

+ # Keys to wrap must be at least 16 bytes long

+ with pytest.raises(ValueError):

+ keywrap.aes_key_wrap(b"sixteen_byte_key", b"\x00" * 15, backend)

+

+ # Keys to wrap must be a multiple of 8 bytes

+ with pytest.raises(ValueError):

+ keywrap.aes_key_wrap(b"sixteen_byte_key", b"\x00" * 23, backend)

+

+ def test_unwrap_invalid_wrapped_key_length(self, backend):

+ # Keys to unwrap must be at least 24 bytes

+ with pytest.raises(ValueError):

+ keywrap.aes_key_unwrap(b"sixteen_byte_key", b"\x00" * 16, backend)

+

+ # Keys to unwrap must be a multiple of 8 bytes

+ with pytest.raises(ValueError):

+ keywrap.aes_key_unwrap(b"sixteen_byte_key", b"\x00" * 27, backend)

+@pytest.mark.requires_backend_interface(interface=X509Backend)

+class TestCertificateRevocationList(object):

+ def test_load_pem_crl(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ assert isinstance(crl, x509.CertificateRevocationList)

+ fingerprint = binascii.hexlify(crl.fingerprint(hashes.SHA1()))

+ assert fingerprint == b"3234b0cb4c0cedf6423724b736729dcfc9e441ef"

+ assert isinstance(crl.signature_hash_algorithm, hashes.SHA256)

+

+ def test_load_der_crl(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"),

+ x509.load_der_x509_crl,

+ backend

+ )

+

+ assert isinstance(crl, x509.CertificateRevocationList)

+ fingerprint = binascii.hexlify(crl.fingerprint(hashes.SHA1()))

+ assert fingerprint == b"dd3db63c50f4c4a13e090f14053227cb1011a5ad"

+ assert isinstance(crl.signature_hash_algorithm, hashes.SHA256)

+

+ def test_invalid_pem(self, backend):

+ with pytest.raises(ValueError):

+ x509.load_pem_x509_crl(b"notacrl", backend)

+

+ def test_invalid_der(self, backend):

+ with pytest.raises(ValueError):

+ x509.load_der_x509_crl(b"notacrl", backend)

+

+ def test_unknown_signature_algorithm(self, backend):

+ crl = _load_cert(

+ os.path.join(

+ "x509", "custom", "crl_md2_unknown_crit_entry_ext.pem"

+ ),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ with pytest.raises(UnsupportedAlgorithm):

+ crl.signature_hash_algorithm()

+

+ def test_issuer(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"),

+ x509.load_der_x509_crl,

+ backend

+ )

+

+ assert isinstance(crl.issuer, x509.Name)

+ assert list(crl.issuer) == [

+ x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),

+ x509.NameAttribute(

+ x509.OID_ORGANIZATION_NAME, u'Test Certificates 2011'

+ ),

+ x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')

+ ]

+ assert crl.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [

+ x509.NameAttribute(x509.OID_COMMON_NAME, u'Good CA')

+ ]

+

+ def test_equality(self, backend):

+ crl1 = _load_cert(

+ os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"),

+ x509.load_der_x509_crl,

+ backend

+ )

+

+ crl2 = _load_cert(

+ os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"),

+ x509.load_der_x509_crl,

+ backend

+ )

+

+ crl3 = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ assert crl1 == crl2

+ assert crl1 != crl3

+ assert crl1 != object()

+

+ def test_update_dates(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ assert isinstance(crl.next_update, datetime.datetime)

+ assert isinstance(crl.last_update, datetime.datetime)

+

+ assert crl.next_update.isoformat() == "2016-01-01T00:00:00"

+ assert crl.last_update.isoformat() == "2015-01-01T00:00:00"

+

+ def test_revoked_cert_retrieval(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ for r in crl:

+ assert isinstance(r, x509.RevokedCertificate)

+

+ # Check that len() works for CRLs.

+ assert len(crl) == 12

+

+ def test_extensions(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ # CRL extensions are currently not supported in the OpenSSL backend.

+ with pytest.raises(NotImplementedError):

+ crl.extensions

+

+

+@pytest.mark.requires_backend_interface(interface=X509Backend)

+class TestRevokedCertificate(object):

+

+ def test_revoked_basics(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ for i, rev in enumerate(crl):

+ assert isinstance(rev, x509.RevokedCertificate)

+ assert isinstance(rev.serial_number, int)

+ assert isinstance(rev.revocation_date, datetime.datetime)

+ assert isinstance(rev.extensions, x509.Extensions)

+

+ assert rev.serial_number == i

+ assert rev.revocation_date.isoformat() == "2015-01-01T00:00:00"

+

+ def test_revoked_extensions(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_all_reasons.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ exp_issuer = x509.GeneralNames([

+ x509.DirectoryName(x509.Name([

+ x509.NameAttribute(x509.OID_COUNTRY_NAME, u"US"),

+ x509.NameAttribute(x509.OID_COMMON_NAME, u"cryptography.io"),

+ ]))

+ ])

+

+ # First revoked cert doesn't have extensions, test if it is handled

+ # correctly.

+ rev0 = crl[0]

+ # It should return an empty Extensions object.

+ assert isinstance(rev0.extensions, x509.Extensions)

+ assert len(rev0.extensions) == 0

+ with pytest.raises(x509.ExtensionNotFound):

+ rev0.extensions.get_extension_for_oid(x509.OID_CRL_REASON)

+ with pytest.raises(x509.ExtensionNotFound):

+ rev0.extensions.get_extension_for_oid(x509.OID_CERTIFICATE_ISSUER)

+ with pytest.raises(x509.ExtensionNotFound):

+ rev0.extensions.get_extension_for_oid(x509.OID_INVALIDITY_DATE)

+

+ # Test manual retrieval of extension values.

+ rev1 = crl[1]

+ assert isinstance(rev1.extensions, x509.Extensions)

+

+ reason = rev1.extensions.get_extension_for_oid(

+ x509.OID_CRL_REASON).value

+ assert reason == x509.ReasonFlags.unspecified

+

+ issuer = rev1.extensions.get_extension_for_oid(

+ x509.OID_CERTIFICATE_ISSUER).value

+ assert issuer == exp_issuer

+

+ date = rev1.extensions.get_extension_for_oid(

+ x509.OID_INVALIDITY_DATE).value

+ assert isinstance(date, datetime.datetime)

+ assert date.isoformat() == "2015-01-01T00:00:00"

+

+ # Check if all reason flags can be found in the CRL.

+ flags = set(x509.ReasonFlags)

+ for rev in crl:

+ try:

+ r = rev.extensions.get_extension_for_oid(x509.OID_CRL_REASON)

+ except x509.ExtensionNotFound:

+ # Not all revoked certs have a reason extension.

+ pass

+ else:

+ flags.discard(r.value)

+

+ assert len(flags) == 0

+

+ def test_duplicate_entry_ext(self, backend):

+ crl = _load_cert(

+ os.path.join("x509", "custom", "crl_dup_entry_ext.pem"),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ with pytest.raises(x509.DuplicateExtension):

+ crl[0].extensions

+

+ def test_unsupported_crit_entry_ext(self, backend):

+ crl = _load_cert(

+ os.path.join(

+ "x509", "custom", "crl_md2_unknown_crit_entry_ext.pem"

+ ),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ with pytest.raises(x509.UnsupportedExtension):

+ crl[0].extensions

+

+ def test_unsupported_reason(self, backend):

+ crl = _load_cert(

+ os.path.join(

+ "x509", "custom", "crl_unsupported_reason.pem"

+ ),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ with pytest.raises(ValueError):

+ crl[0].extensions

+

+ def test_invalid_cert_issuer_ext(self, backend):

+ crl = _load_cert(

+ os.path.join(

+ "x509", "custom", "crl_inval_cert_issuer_entry_ext.pem"

+ ),

+ x509.load_pem_x509_crl,

+ backend

+ )

+

+ with pytest.raises(ValueError):

+ crl[0].extensions

+

+

+ @pytest.mark.parametrize(

+ "cp",

+ [

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ [u"http://other.com/cps"]

+ )

+ ]),

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ None

+ )

+ ]),

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ [

+ u"http://example.com/cps",

+ u"http://other.com/cps",

+ x509.UserNotice(

+ x509.NoticeReference(u"my org", [1, 2, 3, 4]),

+ u"thing"

+ )

+ ]

+ )

+ ]),

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ [

+ u"http://example.com/cps",

+ x509.UserNotice(

+ x509.NoticeReference(u"UTF8\u2122'", [1, 2, 3, 4]),

+ u"We heart UTF8!\u2122"

+ )

+ ]

+ )

+ ]),

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ [x509.UserNotice(None, u"thing")]

+ )

+ ]),

+ x509.CertificatePolicies([

+ x509.PolicyInformation(

+ x509.ObjectIdentifier("2.16.840.1.12345.1.2.3.4.1"),

+ [

+ x509.UserNotice(

+ x509.NoticeReference(u"my org", [1, 2, 3, 4]),

+ None

+ )

+ ]

+ )

+ ])

+ ]

+ )

+ @pytest.mark.requires_backend_interface(interface=RSABackend)

+ @pytest.mark.requires_backend_interface(interface=X509Backend)

+ def test_certificate_policies(self, cp, backend):

+ issuer_private_key = RSA_KEY_2048.private_key(backend)

+ subject_private_key = RSA_KEY_2048.private_key(backend)

+

+ not_valid_before = datetime.datetime(2002, 1, 1, 12, 1)

+ not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)

+

+ cert = x509.CertificateBuilder().subject_name(

+ x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])

+ ).issuer_name(

+ x509.Name([x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US')])

+ ).not_valid_before(

+ not_valid_before

+ ).not_valid_after(

+ not_valid_after

+ ).public_key(

+ subject_private_key.public_key()

+ ).serial_number(

+ 123

+ ).add_extension(

+ cp, critical=False

+ ).sign(issuer_private_key, hashes.SHA256(), backend)

+

+ ext = cert.extensions.get_extension_for_oid(

+ x509.OID_CERTIFICATE_POLICIES

+ )

+ assert ext.value == cp

+

+ def test_hash(self):

+ name1 = x509.Name([

+ x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),

+ x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),

+ ])

+ name2 = x509.Name([

+ x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),

+ x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),

+ ])

+ name3 = x509.Name([

+ x509.NameAttribute(x509.ObjectIdentifier('oid2'), u'value2'),

+ x509.NameAttribute(x509.ObjectIdentifier('oid'), u'value1'),

+ ])

+

+ assert hash(name1) == hash(name2)

+ assert hash(name1) != hash(name3)

+

+ def test_repr(self, backend):

+ cert = _load_cert(

+ os.path.join(

+ "x509", "custom", "basic_constraints_not_critical.pem"

+ ),

+ x509.load_pem_x509_certificate,

+ backend

+ )

+ assert repr(cert.extensions) == (

+ "<Extensions([<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name"

+ "=basicConstraints)>, critical=False, value=<BasicConstraints(ca=F"

+ "alse, path_length=None)>)>])>"

+ )

+