diff options
Diffstat (limited to 'src')
24 files changed, 523 insertions, 309 deletions
diff --git a/src/cryptography/hazmat/backends/commoncrypto/ciphers.py b/src/cryptography/hazmat/backends/commoncrypto/ciphers.py index 7e537db9..1ce8aec5 100644 --- a/src/cryptography/hazmat/backends/commoncrypto/ciphers.py +++ b/src/cryptography/hazmat/backends/commoncrypto/ciphers.py @@ -8,13 +8,14 @@ from cryptography import utils from cryptography.exceptions import ( InvalidTag, UnsupportedAlgorithm, _Reasons ) -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import ciphers, constant_time +from cryptography.hazmat.primitives.ciphers import modes from cryptography.hazmat.primitives.ciphers.modes import ( CFB, CFB8, CTR, OFB ) -@utils.register_interface(interfaces.CipherContext) +@utils.register_interface(ciphers.CipherContext) class _CipherContext(object): def __init__(self, backend, cipher, mode, operation): self._backend = backend @@ -31,7 +32,7 @@ class _CipherContext(object): # treat RC4 and other stream cipher block sizes). # This bug has been filed as rdar://15589470 self._bytes_processed = 0 - if (isinstance(cipher, interfaces.BlockCipherAlgorithm) and not + if (isinstance(cipher, ciphers.BlockCipherAlgorithm) and not isinstance(mode, (OFB, CFB, CFB8, CTR))): self._byte_block_size = cipher.block_size // 8 else: @@ -51,9 +52,9 @@ class _CipherContext(object): ctx = self._backend._ffi.new("CCCryptorRef *") ctx = self._backend._ffi.gc(ctx, self._backend._release_cipher_ctx) - if isinstance(mode, interfaces.ModeWithInitializationVector): + if isinstance(mode, modes.ModeWithInitializationVector): iv_nonce = mode.initialization_vector - elif isinstance(mode, interfaces.ModeWithNonce): + elif isinstance(mode, modes.ModeWithNonce): iv_nonce = mode.nonce else: iv_nonce = self._backend._ffi.NULL @@ -101,8 +102,8 @@ class _CipherContext(object): return self._backend._ffi.buffer(buf)[:outlen[0]] -@utils.register_interface(interfaces.AEADCipherContext) -@utils.register_interface(interfaces.AEADEncryptionContext) +@utils.register_interface(ciphers.AEADCipherContext) +@utils.register_interface(ciphers.AEADEncryptionContext) class _GCMCipherContext(object): def __init__(self, backend, cipher, mode, operation): self._backend = backend diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 75d7e32f..8441e891 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -225,8 +225,8 @@ class Backend(object): ) def create_symmetric_encryption_ctx(self, cipher, mode): - if (isinstance(mode, CTR) and isinstance(cipher, AES) - and not self._evp_cipher_supported(cipher, mode)): + if (isinstance(mode, CTR) and isinstance(cipher, AES) and + not self._evp_cipher_supported(cipher, mode)): # This is needed to provide support for AES CTR mode in OpenSSL # 0.9.8. It can be removed when we drop 0.9.8 support (RHEL 5 # extended life ends 2020). @@ -235,8 +235,8 @@ class Backend(object): return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT) def create_symmetric_decryption_ctx(self, cipher, mode): - if (isinstance(mode, CTR) and isinstance(cipher, AES) - and not self._evp_cipher_supported(cipher, mode)): + if (isinstance(mode, CTR) and isinstance(cipher, AES) and + not self._evp_cipher_supported(cipher, mode)): # This is needed to provide support for AES CTR mode in OpenSSL # 0.9.8. It can be removed when we drop 0.9.8 support (RHEL 5 # extended life ends 2020). @@ -671,9 +671,10 @@ class Backend(object): def cmac_algorithm_supported(self, algorithm): return ( - self._lib.Cryptography_HAS_CMAC == 1 - and self.cipher_supported(algorithm, CBC( - b"\x00" * algorithm.block_size)) + self._lib.Cryptography_HAS_CMAC == 1 and + self.cipher_supported( + algorithm, CBC(b"\x00" * algorithm.block_size) + ) ) def create_cmac_ctx(self, algorithm): diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index d665f36d..64097c7b 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -6,13 +6,13 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces -from cryptography.hazmat.primitives.ciphers.modes import GCM +from cryptography.hazmat.primitives import ciphers +from cryptography.hazmat.primitives.ciphers import modes -@utils.register_interface(interfaces.CipherContext) -@utils.register_interface(interfaces.AEADCipherContext) -@utils.register_interface(interfaces.AEADEncryptionContext) +@utils.register_interface(ciphers.CipherContext) +@utils.register_interface(ciphers.AEADCipherContext) +@utils.register_interface(ciphers.AEADEncryptionContext) class _CipherContext(object): _ENCRYPT = 1 _DECRYPT = 0 @@ -24,7 +24,7 @@ class _CipherContext(object): self._operation = operation self._tag = None - if isinstance(self._cipher, interfaces.BlockCipherAlgorithm): + if isinstance(self._cipher, ciphers.BlockCipherAlgorithm): self._block_size = self._cipher.block_size else: self._block_size = 1 @@ -54,9 +54,9 @@ class _CipherContext(object): _Reasons.UNSUPPORTED_CIPHER ) - if isinstance(mode, interfaces.ModeWithInitializationVector): + if isinstance(mode, modes.ModeWithInitializationVector): iv_nonce = mode.initialization_vector - elif isinstance(mode, interfaces.ModeWithNonce): + elif isinstance(mode, modes.ModeWithNonce): iv_nonce = mode.nonce else: iv_nonce = self._backend._ffi.NULL @@ -72,7 +72,7 @@ class _CipherContext(object): ctx, len(cipher.key) ) assert res != 0 - if isinstance(mode, GCM): + if isinstance(mode, modes.GCM): res = self._backend._lib.EVP_CIPHER_CTX_ctrl( ctx, self._backend._lib.EVP_CTRL_GCM_SET_IVLEN, len(iv_nonce), self._backend._ffi.NULL @@ -107,7 +107,7 @@ class _CipherContext(object): # should be taken only when length is zero and mode is not GCM because # AES GCM can return improper tag values if you don't call update # with empty plaintext when authenticating AAD for ...reasons. - if len(data) == 0 and not isinstance(self._mode, GCM): + if len(data) == 0 and not isinstance(self._mode, modes.GCM): return b"" buf = self._backend._ffi.new("unsigned char[]", @@ -124,7 +124,7 @@ class _CipherContext(object): # even if you are only using authenticate_additional_data or the # GCM tag will be wrong. An (empty) call to update resolves this # and is harmless for all other versions of OpenSSL. - if isinstance(self._mode, GCM): + if isinstance(self._mode, modes.GCM): self.update(b"") buf = self._backend._ffi.new("unsigned char[]", self._block_size) @@ -133,7 +133,7 @@ class _CipherContext(object): if res == 0: errors = self._backend._consume_errors() - if not errors and isinstance(self._mode, GCM): + if not errors and isinstance(self._mode, modes.GCM): raise InvalidTag assert errors @@ -154,7 +154,7 @@ class _CipherContext(object): else: raise self._backend._unknown_error(errors[0]) - if (isinstance(self._mode, GCM) and + if (isinstance(self._mode, modes.GCM) and self._operation == self._ENCRYPT): block_byte_size = self._block_size // 8 tag_buf = self._backend._ffi.new( @@ -181,7 +181,7 @@ class _CipherContext(object): tag = utils.read_only_property("_tag") -@utils.register_interface(interfaces.CipherContext) +@utils.register_interface(ciphers.CipherContext) class _AESCTRCipherContext(object): """ This is needed to provide support for AES CTR mode in OpenSSL 0.9.8. It can diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index 9488e260..d2972e4a 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -7,8 +7,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends.openssl.utils import _truncate_digest -from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import dsa +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ( + AsymmetricSignatureContext, AsymmetricVerificationContext, dsa +) from cryptography.hazmat.primitives.interfaces import ( DSAParametersWithNumbers, DSAPrivateKeyWithNumbers, DSAPublicKeyWithNumbers ) @@ -27,7 +29,7 @@ def _truncate_digest_for_dsa(dsa_cdata, digest, backend): return _truncate_digest(digest, order_bits) -@utils.register_interface(interfaces.AsymmetricVerificationContext) +@utils.register_interface(AsymmetricVerificationContext) class _DSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): self._backend = backend @@ -61,7 +63,7 @@ class _DSAVerificationContext(object): raise InvalidSignature -@utils.register_interface(interfaces.AsymmetricSignatureContext) +@utils.register_interface(AsymmetricSignatureContext) class _DSASignatureContext(object): def __init__(self, backend, private_key, algorithm): self._backend = backend diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index d050c6b2..52c93da9 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -9,8 +9,10 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import _truncate_digest -from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ( + AsymmetricSignatureContext, AsymmetricVerificationContext, ec +) def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): @@ -80,7 +82,7 @@ def _sn_to_elliptic_curve(backend, sn): ) -@utils.register_interface(interfaces.AsymmetricSignatureContext) +@utils.register_interface(AsymmetricSignatureContext) class _ECDSASignatureContext(object): def __init__(self, backend, private_key, algorithm): self._backend = backend @@ -114,7 +116,7 @@ class _ECDSASignatureContext(object): return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]] -@utils.register_interface(interfaces.AsymmetricVerificationContext) +@utils.register_interface(AsymmetricVerificationContext) class _ECDSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): self._backend = backend diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 310b9949..00ddcda3 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -10,10 +10,12 @@ from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) -from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ( + AsymmetricSignatureContext, AsymmetricVerificationContext, rsa +) from cryptography.hazmat.primitives.asymmetric.padding import ( - MGF1, OAEP, PKCS1v15, PSS + AsymmetricPadding, MGF1, OAEP, PKCS1v15, PSS ) from cryptography.hazmat.primitives.interfaces import ( RSAPrivateKeyWithNumbers, RSAPublicKeyWithNumbers @@ -34,7 +36,7 @@ def _get_rsa_pss_salt_length(pss, key_size, digest_size): def _enc_dec_rsa(backend, key, data, padding): - if not isinstance(padding, interfaces.AsymmetricPadding): + if not isinstance(padding, AsymmetricPadding): raise TypeError("Padding must be an instance of AsymmetricPadding.") if isinstance(padding, PKCS1v15): @@ -144,15 +146,14 @@ def _handle_rsa_enc_dec_error(backend, key): raise ValueError("Decryption failed.") -@utils.register_interface(interfaces.AsymmetricSignatureContext) +@utils.register_interface(AsymmetricSignatureContext) class _RSASignatureContext(object): def __init__(self, backend, private_key, padding, algorithm): self._backend = backend self._private_key = private_key - if not isinstance(padding, interfaces.AsymmetricPadding): - raise TypeError( - "Expected provider of interfaces.AsymmetricPadding.") + if not isinstance(padding, AsymmetricPadding): + raise TypeError("Expected provider of AsymmetricPadding.") self._pkey_size = self._backend._lib.EVP_PKEY_size( self._private_key._evp_pkey @@ -332,16 +333,15 @@ class _RSASignatureContext(object): return self._backend._ffi.buffer(sig_buf)[:sig_len] -@utils.register_interface(interfaces.AsymmetricVerificationContext) +@utils.register_interface(AsymmetricVerificationContext) class _RSAVerificationContext(object): def __init__(self, backend, public_key, signature, padding, algorithm): self._backend = backend self._public_key = public_key self._signature = signature - if not isinstance(padding, interfaces.AsymmetricPadding): - raise TypeError( - "Expected provider of interfaces.AsymmetricPadding.") + if not isinstance(padding, AsymmetricPadding): + raise TypeError("Expected provider of AsymmetricPadding.") self._pkey_size = self._backend._lib.EVP_PKEY_size( self._public_key._evp_pkey diff --git a/src/cryptography/hazmat/bindings/openssl/engine.py b/src/cryptography/hazmat/bindings/openssl/engine.py index 33c79982..3ebfa6c1 100644 --- a/src/cryptography/hazmat/bindings/openssl/engine.py +++ b/src/cryptography/hazmat/bindings/openssl/engine.py @@ -9,6 +9,8 @@ INCLUDES = """ """ TYPES = """ +static const long Cryptography_HAS_ENGINE_CRYPTODEV; + typedef ... ENGINE; typedef ... RSA_METHOD; typedef ... DSA_METHOD; @@ -49,7 +51,6 @@ int ENGINE_init(ENGINE *); int ENGINE_finish(ENGINE *); void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); -void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); void ENGINE_cleanup(void); ENGINE *ENGINE_get_default_RSA(void); @@ -148,9 +149,20 @@ void ENGINE_add_conf_module(void); """ MACROS = """ +void ENGINE_load_cryptodev(void); """ CUSTOMIZATIONS = """ +#if defined(LIBRESSL_VERSION_NUMBER) +static const long Cryptography_HAS_ENGINE_CRYPTODEV = 0; +void (*ENGINE_load_cryptodev)(void) = NULL; +#else +static const long Cryptography_HAS_ENGINE_CRYPTODEV = 1; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_ENGINE_CRYPTODEV": [ + "ENGINE_load_cryptodev" + ] +} diff --git a/src/cryptography/hazmat/bindings/openssl/rand.py b/src/cryptography/hazmat/bindings/openssl/rand.py index c30af921..6330482c 100644 --- a/src/cryptography/hazmat/bindings/openssl/rand.py +++ b/src/cryptography/hazmat/bindings/openssl/rand.py @@ -9,6 +9,7 @@ INCLUDES = """ """ TYPES = """ +static const long Cryptography_HAS_EGD; """ FUNCTIONS = """ @@ -16,9 +17,6 @@ void ERR_load_RAND_strings(void); void RAND_seed(const void *, int); void RAND_add(const void *, int, double); int RAND_status(void); -int RAND_egd(const char *); -int RAND_egd_bytes(const char *, int); -int RAND_query_egd_bytes(const char *, unsigned char *, int); const char *RAND_file_name(char *, size_t); int RAND_load_file(const char *, long); int RAND_write_file(const char *); @@ -28,9 +26,26 @@ int RAND_pseudo_bytes(unsigned char *, int); """ MACROS = """ +int RAND_egd(const char *); +int RAND_egd_bytes(const char *, int); +int RAND_query_egd_bytes(const char *, unsigned char *, int); """ CUSTOMIZATIONS = """ +#if defined(LIBRESSL_VERSION_NUMBER) +static const long Cryptography_HAS_EGD = 0; +int (*RAND_egd)(const char *) = NULL; +int (*RAND_egd_bytes)(const char *, int) = NULL; +int (*RAND_query_egd_bytes)(const char *, unsigned char *, int) = NULL; +#else +static const long Cryptography_HAS_EGD = 1; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_EGD": [ + "RAND_egd", + "RAND_egd_bytes", + "RAND_query_egd_bytes", + ] +} diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index bf627139..bc4b2e79 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -19,6 +19,7 @@ static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; static const long Cryptography_HAS_SECURE_RENEGOTIATION; +static const long Cryptography_HAS_COMPRESSION; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -189,10 +190,6 @@ int SSL_shutdown(SSL *); const char *SSL_get_cipher_list(const SSL *, int); Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *); -const COMP_METHOD *SSL_get_current_compression(SSL *); -const COMP_METHOD *SSL_get_current_expansion(SSL *); -const char *SSL_COMP_get_name(const COMP_METHOD *); - /* context */ void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *, long); @@ -232,6 +229,11 @@ size_t SSL_get_peer_finished(const SSL *, void *, size_t); """ MACROS = """ +/* not macros, but will be conditionally bound so can't live in functions */ +const COMP_METHOD *SSL_get_current_compression(SSL *); +const COMP_METHOD *SSL_get_current_expansion(SSL *); +const char *SSL_COMP_get_name(const COMP_METHOD *); + unsigned long SSL_set_mode(SSL *, unsigned long); unsigned long SSL_get_mode(SSL *); @@ -544,6 +546,17 @@ static const long Cryptography_HAS_ALPN = 0; #else static const long Cryptography_HAS_ALPN = 1; #endif +/* LibreSSL has removed support for compression, and with it the + * COMP_METHOD use in ssl.h. This is a hack to make the function types + * in this code match those in ssl.h. + */ +#ifdef LIBRESSL_VERSION_NUMBER +static const long Cryptography_HAS_COMPRESSION = 0; +typedef void COMP_METHOD; +#else +static const long Cryptography_HAS_COMPRESSION = 1; +#endif + """ CONDITIONAL_NAMES = { @@ -626,5 +639,11 @@ CONDITIONAL_NAMES = { "SSL_set_alpn_protos", "SSL_CTX_set_alpn_select_cb", "SSL_get0_alpn_selected", + ], + + "Cryptography_HAS_COMPRESSION": [ + "SSL_get_current_compression", + "SSL_get_current_expansion", + "SSL_COMP_get_name", ] } diff --git a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py b/src/cryptography/hazmat/bindings/openssl/x509_vfy.py index 6f05f4d7..1f75b86f 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/src/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -191,7 +191,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *); CUSTOMIZATIONS = """ /* OpenSSL 1.0.2+ verification error codes */ -#if OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; #else static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; @@ -207,7 +207,7 @@ static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; #endif /* OpenSSL 1.0.2+ verification parameters */ -#if OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; diff --git a/src/cryptography/hazmat/primitives/asymmetric/__init__.py b/src/cryptography/hazmat/primitives/asymmetric/__init__.py index 4b540884..494a7a13 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/__init__.py +++ b/src/cryptography/hazmat/primitives/asymmetric/__init__.py @@ -3,3 +3,38 @@ # for complete details. from __future__ import absolute_import, division, print_function + +import abc + +import six + + +@six.add_metaclass(abc.ABCMeta) +class AsymmetricSignatureContext(object): + @abc.abstractmethod + def update(self, data): + """ + Processes the provided bytes and returns nothing. + """ + + @abc.abstractmethod + def finalize(self): + """ + Returns the signature as bytes. + """ + + +@six.add_metaclass(abc.ABCMeta) +class AsymmetricVerificationContext(object): + @abc.abstractmethod + def update(self, data): + """ + Processes the provided bytes and returns nothing. + """ + + @abc.abstractmethod + def verify(self): + """ + Raises an exception if the bytes provided to update do not match the + signature or the signature does not match the public key. + """ diff --git a/src/cryptography/hazmat/primitives/asymmetric/padding.py b/src/cryptography/hazmat/primitives/asymmetric/padding.py index d0c3eade..c796d8e4 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/src/cryptography/hazmat/primitives/asymmetric/padding.py @@ -4,18 +4,29 @@ from __future__ import absolute_import, division, print_function +import abc + import six from cryptography import utils -from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives import hashes + + +@six.add_metaclass(abc.ABCMeta) +class AsymmetricPadding(object): + @abc.abstractproperty + def name(self): + """ + A string naming this padding (e.g. "PSS", "PKCS1"). + """ -@utils.register_interface(interfaces.AsymmetricPadding) +@utils.register_interface(AsymmetricPadding) class PKCS1v15(object): name = "EMSA-PKCS1-v1_5" -@utils.register_interface(interfaces.AsymmetricPadding) +@utils.register_interface(AsymmetricPadding) class PSS(object): MAX_LENGTH = object() name = "EMSA-PSS" @@ -33,7 +44,7 @@ class PSS(object): self._salt_length = salt_length -@utils.register_interface(interfaces.AsymmetricPadding) +@utils.register_interface(AsymmetricPadding) class OAEP(object): name = "EME-OAEP" diff --git a/src/cryptography/hazmat/primitives/ciphers/__init__.py b/src/cryptography/hazmat/primitives/ciphers/__init__.py index d779531d..b5dd0ed7 100644 --- a/src/cryptography/hazmat/primitives/ciphers/__init__.py +++ b/src/cryptography/hazmat/primitives/ciphers/__init__.py @@ -4,9 +4,17 @@ from __future__ import absolute_import, division, print_function -from cryptography.hazmat.primitives.ciphers.base import Cipher +from cryptography.hazmat.primitives.ciphers.base import ( + AEADCipherContext, AEADEncryptionContext, BlockCipherAlgorithm, Cipher, + CipherAlgorithm, CipherContext +) __all__ = [ "Cipher", + "CipherAlgorithm", + "BlockCipherAlgorithm", + "CipherContext", + "AEADCipherContext", + "AEADEncryptionContext", ] diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py index 677d7027..b71dddbb 100644 --- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -5,7 +5,9 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives.ciphers import ( + BlockCipherAlgorithm, CipherAlgorithm +) def _verify_key_size(algorithm, key): @@ -17,8 +19,8 @@ def _verify_key_size(algorithm, key): return key -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class AES(object): name = "AES" block_size = 128 @@ -32,8 +34,8 @@ class AES(object): return len(self.key) * 8 -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class Camellia(object): name = "camellia" block_size = 128 @@ -47,8 +49,8 @@ class Camellia(object): return len(self.key) * 8 -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class TripleDES(object): name = "3DES" block_size = 64 @@ -66,8 +68,8 @@ class TripleDES(object): return len(self.key) * 8 -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class Blowfish(object): name = "Blowfish" block_size = 64 @@ -81,8 +83,8 @@ class Blowfish(object): return len(self.key) * 8 -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class CAST5(object): name = "CAST5" block_size = 64 @@ -96,7 +98,7 @@ class CAST5(object): return len(self.key) * 8 -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class ARC4(object): name = "RC4" key_sizes = frozenset([40, 56, 64, 80, 128, 192, 256]) @@ -109,7 +111,7 @@ class ARC4(object): return len(self.key) * 8 -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class IDEA(object): name = "IDEA" block_size = 64 @@ -123,8 +125,8 @@ class IDEA(object): return len(self.key) * 8 -@utils.register_interface(interfaces.BlockCipherAlgorithm) -@utils.register_interface(interfaces.CipherAlgorithm) +@utils.register_interface(BlockCipherAlgorithm) +@utils.register_interface(CipherAlgorithm) class SEED(object): name = "SEED" block_size = 128 diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py index 81b8d778..8f3028fc 100644 --- a/src/cryptography/hazmat/primitives/ciphers/base.py +++ b/src/cryptography/hazmat/primitives/ciphers/base.py @@ -4,13 +4,76 @@ from __future__ import absolute_import, division, print_function +import abc + +import six + from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CipherBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives.ciphers import modes + + +@six.add_metaclass(abc.ABCMeta) +class CipherAlgorithm(object): + @abc.abstractproperty + def name(self): + """ + A string naming this mode (e.g. "AES", "Camellia"). + """ + + @abc.abstractproperty + def key_size(self): + """ + The size of the key being used as an integer in bits (e.g. 128, 256). + """ + + +@six.add_metaclass(abc.ABCMeta) +class BlockCipherAlgorithm(object): + @abc.abstractproperty + def block_size(self): + """ + The size of a block as an integer in bits (e.g. 64, 128). + """ + + +@six.add_metaclass(abc.ABCMeta) +class CipherContext(object): + @abc.abstractmethod + def update(self, data): + """ + Processes the provided bytes through the cipher and returns the results + as bytes. + """ + + @abc.abstractmethod + def finalize(self): + """ + Returns the results of processing the final block as bytes. + """ + + +@six.add_metaclass(abc.ABCMeta) +class AEADCipherContext(object): + @abc.abstractmethod + def authenticate_additional_data(self, data): + """ + Authenticates the provided bytes. + """ + + +@six.add_metaclass(abc.ABCMeta) +class AEADEncryptionContext(object): + @abc.abstractproperty + def tag(self): + """ + Returns tag bytes. This is only available after encryption is + finalized. + """ class Cipher(object): @@ -21,10 +84,8 @@ class Cipher(object): _Reasons.BACKEND_MISSING_INTERFACE ) - if not isinstance(algorithm, interfaces.CipherAlgorithm): - raise TypeError( - "Expected interface of interfaces.CipherAlgorithm." - ) + if not isinstance(algorithm, CipherAlgorithm): + raise TypeError("Expected interface of CipherAlgorithm.") if mode is not None: mode.validate_for_algorithm(algorithm) @@ -34,7 +95,7 @@ class Cipher(object): self._backend = backend def encryptor(self): - if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if isinstance(self.mode, modes.ModeWithAuthenticationTag): if self.mode.tag is not None: raise ValueError( "Authentication tag must be None when encrypting." @@ -45,7 +106,7 @@ class Cipher(object): return self._wrap_ctx(ctx, encrypt=True) def decryptor(self): - if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if isinstance(self.mode, modes.ModeWithAuthenticationTag): if self.mode.tag is None: raise ValueError( "Authentication tag must be provided when decrypting." @@ -56,7 +117,7 @@ class Cipher(object): return self._wrap_ctx(ctx, encrypt=False) def _wrap_ctx(self, ctx, encrypt): - if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): + if isinstance(self.mode, modes.ModeWithAuthenticationTag): if encrypt: return _AEADEncryptionContext(ctx) else: @@ -65,7 +126,7 @@ class Cipher(object): return _CipherContext(ctx) -@utils.register_interface(interfaces.CipherContext) +@utils.register_interface(CipherContext) class _CipherContext(object): def __init__(self, ctx): self._ctx = ctx @@ -83,8 +144,8 @@ class _CipherContext(object): return data -@utils.register_interface(interfaces.AEADCipherContext) -@utils.register_interface(interfaces.CipherContext) +@utils.register_interface(AEADCipherContext) +@utils.register_interface(CipherContext) class _AEADCipherContext(object): def __init__(self, ctx): self._ctx = ctx @@ -113,7 +174,7 @@ class _AEADCipherContext(object): self._ctx.authenticate_additional_data(data) -@utils.register_interface(interfaces.AEADEncryptionContext) +@utils.register_interface(AEADEncryptionContext) class _AEADEncryptionContext(_AEADCipherContext): @property def tag(self): diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py index fc269de9..e31c9060 100644 --- a/src/cryptography/hazmat/primitives/ciphers/modes.py +++ b/src/cryptography/hazmat/primitives/ciphers/modes.py @@ -4,8 +4,54 @@ from __future__ import absolute_import, division, print_function +import abc + +import six + from cryptography import utils -from cryptography.hazmat.primitives import interfaces + + +@six.add_metaclass(abc.ABCMeta) +class Mode(object): + @abc.abstractproperty + def name(self): + """ + A string naming this mode (e.g. "ECB", "CBC"). + """ + + @abc.abstractmethod + def validate_for_algorithm(self, algorithm): + """ + Checks that all the necessary invariants of this (mode, algorithm) + combination are met. + """ + + +@six.add_metaclass(abc.ABCMeta) +class ModeWithInitializationVector(object): + @abc.abstractproperty + def initialization_vector(self): + """ + The value of the initialization vector for this mode as bytes. + """ + + +@six.add_metaclass(abc.ABCMeta) +class ModeWithNonce(object): + @abc.abstractproperty + def nonce(self): + """ + The value of the nonce for this mode as bytes. + """ + + +@six.add_metaclass(abc.ABCMeta) +class ModeWithAuthenticationTag(object): + @abc.abstractproperty + def tag(self): + """ + The value of the tag supplied to the constructor of this mode. + """ def _check_iv_length(self, algorithm): @@ -15,8 +61,8 @@ def _check_iv_length(self, algorithm): )) -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithInitializationVector) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithInitializationVector) class CBC(object): name = "CBC" @@ -27,7 +73,7 @@ class CBC(object): validate_for_algorithm = _check_iv_length -@utils.register_interface(interfaces.Mode) +@utils.register_interface(Mode) class ECB(object): name = "ECB" @@ -35,8 +81,8 @@ class ECB(object): pass -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithInitializationVector) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithInitializationVector) class OFB(object): name = "OFB" @@ -47,8 +93,8 @@ class OFB(object): validate_for_algorithm = _check_iv_length -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithInitializationVector) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithInitializationVector) class CFB(object): name = "CFB" @@ -59,8 +105,8 @@ class CFB(object): validate_for_algorithm = _check_iv_length -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithInitializationVector) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithInitializationVector) class CFB8(object): name = "CFB8" @@ -71,8 +117,8 @@ class CFB8(object): validate_for_algorithm = _check_iv_length -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithNonce) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithNonce) class CTR(object): name = "CTR" @@ -88,9 +134,9 @@ class CTR(object): )) -@utils.register_interface(interfaces.Mode) -@utils.register_interface(interfaces.ModeWithInitializationVector) -@utils.register_interface(interfaces.ModeWithAuthenticationTag) +@utils.register_interface(Mode) +@utils.register_interface(ModeWithInitializationVector) +@utils.register_interface(ModeWithAuthenticationTag) class GCM(object): name = "GCM" diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py index ccbe07ee..c2038a30 100644 --- a/src/cryptography/hazmat/primitives/cmac.py +++ b/src/cryptography/hazmat/primitives/cmac.py @@ -9,7 +9,7 @@ from cryptography.exceptions import ( AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import ciphers, interfaces @utils.register_interface(interfaces.MACContext) @@ -21,9 +21,9 @@ class CMAC(object): _Reasons.BACKEND_MISSING_INTERFACE ) - if not isinstance(algorithm, interfaces.BlockCipherAlgorithm): + if not isinstance(algorithm, ciphers.BlockCipherAlgorithm): raise TypeError( - "Expected instance of interfaces.BlockCipherAlgorithm." + "Expected instance of BlockCipherAlgorithm." ) self._algorithm = algorithm diff --git a/src/cryptography/hazmat/primitives/interfaces/__init__.py b/src/cryptography/hazmat/primitives/interfaces/__init__.py index 17bac1e6..6b4241bd 100644 --- a/src/cryptography/hazmat/primitives/interfaces/__init__.py +++ b/src/cryptography/hazmat/primitives/interfaces/__init__.py @@ -9,21 +9,113 @@ import abc import six from cryptography import utils -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa -from cryptography.hazmat.primitives.interfaces.ciphers import ( - BlockCipherAlgorithm, CipherAlgorithm, Mode, - ModeWithAuthenticationTag, ModeWithInitializationVector, ModeWithNonce +from cryptography.hazmat.primitives import ciphers, hashes +from cryptography.hazmat.primitives.asymmetric import ( + AsymmetricSignatureContext, AsymmetricVerificationContext, dsa, ec, + padding, rsa ) +from cryptography.hazmat.primitives.ciphers import modes +from cryptography.hazmat.primitives.kdf import KeyDerivationFunction +from cryptography.hazmat.primitives.padding import PaddingContext -__all__ = [ - "BlockCipherAlgorithm", - "CipherAlgorithm", - "Mode", - "ModeWithAuthenticationTag", - "ModeWithInitializationVector", - "ModeWithNonce" -] + +BlockCipherAlgorithm = utils.deprecated( + ciphers.BlockCipherAlgorithm, + __name__, + ( + "The BlockCipherAlgorithm interface has moved to the " + "cryptography.hazmat.primitives.ciphers module" + ), + utils.DeprecatedIn08 +) + + +CipherAlgorithm = utils.deprecated( + ciphers.CipherAlgorithm, + __name__, + ( + "The CipherAlgorithm interface has moved to the " + "cryptography.hazmat.primitives.ciphers module" + ), + utils.DeprecatedIn08 +) + + +Mode = utils.deprecated( + modes.Mode, + __name__, + ( + "The Mode interface has moved to the " + "cryptography.hazmat.primitives.ciphers.modes module" + ), + utils.DeprecatedIn08 +) + + +ModeWithAuthenticationTag = utils.deprecated( + modes.ModeWithAuthenticationTag, + __name__, + ( + "The ModeWithAuthenticationTag interface has moved to the " + "cryptography.hazmat.primitives.ciphers.modes module" + ), + utils.DeprecatedIn08 +) + + +ModeWithInitializationVector = utils.deprecated( + modes.ModeWithInitializationVector, + __name__, + ( + "The ModeWithInitializationVector interface has moved to the " + "cryptography.hazmat.primitives.ciphers.modes module" + ), + utils.DeprecatedIn08 +) + + +ModeWithNonce = utils.deprecated( + modes.ModeWithNonce, + __name__, + ( + "The ModeWithNonce interface has moved to the " + "cryptography.hazmat.primitives.ciphers.modes module" + ), + utils.DeprecatedIn08 +) + + +CipherContext = utils.deprecated( + ciphers.CipherContext, + __name__, + ( + "The CipherContext interface has moved to the " + "cryptography.hazmat.primitives.ciphers module" + ), + utils.DeprecatedIn08 +) + + +AEADCipherContext = utils.deprecated( + ciphers.AEADCipherContext, + __name__, + ( + "The AEADCipherContext interface has moved to the " + "cryptography.hazmat.primitives.ciphers module" + ), + utils.DeprecatedIn08 +) + + +AEADEncryptionContext = utils.deprecated( + ciphers.AEADEncryptionContext, + __name__, + ( + "The AEADEncryptionContext interface has moved to the " + "cryptography.hazmat.primitives.ciphers module" + ), + utils.DeprecatedIn08 +) EllipticCurve = utils.deprecated( @@ -153,54 +245,15 @@ DSAPublicKeyWithNumbers = utils.deprecated( ) -@six.add_metaclass(abc.ABCMeta) -class CipherContext(object): - @abc.abstractmethod - def update(self, data): - """ - Processes the provided bytes through the cipher and returns the results - as bytes. - """ - - @abc.abstractmethod - def finalize(self): - """ - Returns the results of processing the final block as bytes. - """ - - -@six.add_metaclass(abc.ABCMeta) -class AEADCipherContext(object): - @abc.abstractmethod - def authenticate_additional_data(self, data): - """ - Authenticates the provided bytes. - """ - - -@six.add_metaclass(abc.ABCMeta) -class AEADEncryptionContext(object): - @abc.abstractproperty - def tag(self): - """ - Returns tag bytes. This is only available after encryption is - finalized. - """ - - -@six.add_metaclass(abc.ABCMeta) -class PaddingContext(object): - @abc.abstractmethod - def update(self, data): - """ - Pads the provided bytes and returns any available data as bytes. - """ - - @abc.abstractmethod - def finalize(self): - """ - Finalize the padding, returns bytes. - """ +PaddingContext = utils.deprecated( + PaddingContext, + __name__, + ( + "The PaddingContext interface has moved to the " + "cryptography.hazmat.primitives.padding module" + ), + utils.DeprecatedIn08 +) HashContext = utils.deprecated( @@ -265,62 +318,45 @@ RSAPublicKeyWithNumbers = utils.deprecated( utils.DeprecatedIn08 ) +AsymmetricPadding = utils.deprecated( + padding.AsymmetricPadding, + __name__, + ( + "The AsymmetricPadding interface has moved to the " + "cryptography.hazmat.primitives.asymmetric.padding module" + ), + utils.DeprecatedIn08 +) -@six.add_metaclass(abc.ABCMeta) -class AsymmetricSignatureContext(object): - @abc.abstractmethod - def update(self, data): - """ - Processes the provided bytes and returns nothing. - """ - - @abc.abstractmethod - def finalize(self): - """ - Returns the signature as bytes. - """ - - -@six.add_metaclass(abc.ABCMeta) -class AsymmetricVerificationContext(object): - @abc.abstractmethod - def update(self, data): - """ - Processes the provided bytes and returns nothing. - """ - - @abc.abstractmethod - def verify(self): - """ - Raises an exception if the bytes provided to update do not match the - signature or the signature does not match the public key. - """ - - -@six.add_metaclass(abc.ABCMeta) -class AsymmetricPadding(object): - @abc.abstractproperty - def name(self): - """ - A string naming this padding (e.g. "PSS", "PKCS1"). - """ - +AsymmetricSignatureContext = utils.deprecated( + AsymmetricSignatureContext, + __name__, + ( + "The AsymmetricPadding interface has moved to the " + "cryptography.hazmat.primitives.asymmetric module" + ), + utils.DeprecatedIn08 +) -@six.add_metaclass(abc.ABCMeta) -class KeyDerivationFunction(object): - @abc.abstractmethod - def derive(self, key_material): - """ - Deterministically generates and returns a new key based on the existing - key material. - """ +AsymmetricVerificationContext = utils.deprecated( + AsymmetricVerificationContext, + __name__, + ( + "The AsymmetricVerificationContext interface has moved to the " + "cryptography.hazmat.primitives.asymmetric module" + ), + utils.DeprecatedIn08 +) - @abc.abstractmethod - def verify(self, key_material, expected_key): - """ - Checks whether the key generated by the key material matches the - expected derived key. Raises an exception if they do not match. - """ +KeyDerivationFunction = utils.deprecated( + KeyDerivationFunction, + __name__, + ( + "The KeyDerivationFunction interface has moved to the " + "cryptography.hazmat.primitives.kdf module" + ), + utils.DeprecatedIn08 +) @six.add_metaclass(abc.ABCMeta) diff --git a/src/cryptography/hazmat/primitives/interfaces/ciphers.py b/src/cryptography/hazmat/primitives/interfaces/ciphers.py deleted file mode 100644 index 075a9c25..00000000 --- a/src/cryptography/hazmat/primitives/interfaces/ciphers.py +++ /dev/null @@ -1,76 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import abc - -import six - - -@six.add_metaclass(abc.ABCMeta) -class CipherAlgorithm(object): - @abc.abstractproperty - def name(self): - """ - A string naming this mode (e.g. "AES", "Camellia"). - """ - - @abc.abstractproperty - def key_size(self): - """ - The size of the key being used as an integer in bits (e.g. 128, 256). - """ - - -@six.add_metaclass(abc.ABCMeta) -class BlockCipherAlgorithm(object): - @abc.abstractproperty - def block_size(self): - """ - The size of a block as an integer in bits (e.g. 64, 128). - """ - - -@six.add_metaclass(abc.ABCMeta) -class Mode(object): - @abc.abstractproperty - def name(self): - """ - A string naming this mode (e.g. "ECB", "CBC"). - """ - - @abc.abstractmethod - def validate_for_algorithm(self, algorithm): - """ - Checks that all the necessary invariants of this (mode, algorithm) - combination are met. - """ - - -@six.add_metaclass(abc.ABCMeta) -class ModeWithInitializationVector(object): - @abc.abstractproperty - def initialization_vector(self): - """ - The value of the initialization vector for this mode as bytes. - """ - - -@six.add_metaclass(abc.ABCMeta) -class ModeWithNonce(object): - @abc.abstractproperty - def nonce(self): - """ - The value of the nonce for this mode as bytes. - """ - - -@six.add_metaclass(abc.ABCMeta) -class ModeWithAuthenticationTag(object): - @abc.abstractproperty - def tag(self): - """ - The value of the tag supplied to the constructor of this mode. - """ diff --git a/src/cryptography/hazmat/primitives/kdf/__init__.py b/src/cryptography/hazmat/primitives/kdf/__init__.py index 4b540884..2d0724e5 100644 --- a/src/cryptography/hazmat/primitives/kdf/__init__.py +++ b/src/cryptography/hazmat/primitives/kdf/__init__.py @@ -3,3 +3,24 @@ # for complete details. from __future__ import absolute_import, division, print_function + +import abc + +import six + + +@six.add_metaclass(abc.ABCMeta) +class KeyDerivationFunction(object): + @abc.abstractmethod + def derive(self, key_material): + """ + Deterministically generates and returns a new key based on the existing + key material. + """ + + @abc.abstractmethod + def verify(self, key_material, expected_key): + """ + Checks whether the key generated by the key material matches the + expected derived key. Raises an exception if they do not match. + """ diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py index 3d4c9fb1..65b7091a 100644 --- a/src/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py @@ -11,10 +11,11 @@ from cryptography.exceptions import ( AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import constant_time, hmac, interfaces +from cryptography.hazmat.primitives import constant_time, hmac +from cryptography.hazmat.primitives.kdf import KeyDerivationFunction -@utils.register_interface(interfaces.KeyDerivationFunction) +@utils.register_interface(KeyDerivationFunction) class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): @@ -53,7 +54,7 @@ class HKDF(object): raise InvalidKey -@utils.register_interface(interfaces.KeyDerivationFunction) +@utils.register_interface(KeyDerivationFunction) class HKDFExpand(object): def __init__(self, algorithm, length, info, backend): if not isinstance(backend, HMACBackend): diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py index 3d565be2..f8ce7a3b 100644 --- a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -9,10 +9,11 @@ from cryptography.exceptions import ( AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import constant_time +from cryptography.hazmat.primitives.kdf import KeyDerivationFunction -@utils.register_interface(interfaces.KeyDerivationFunction) +@utils.register_interface(KeyDerivationFunction) class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py index 49cae9d6..8ad64dec 100644 --- a/src/cryptography/hazmat/primitives/padding.py +++ b/src/cryptography/hazmat/primitives/padding.py @@ -4,12 +4,13 @@ from __future__ import absolute_import, division, print_function +import abc + import six from cryptography import utils from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi -from cryptography.hazmat.primitives import interfaces TYPES = """ @@ -59,6 +60,21 @@ _ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS) _lib = LazyLibrary(_ffi) +@six.add_metaclass(abc.ABCMeta) +class PaddingContext(object): + @abc.abstractmethod + def update(self, data): + """ + Pads the provided bytes and returns any available data as bytes. + """ + + @abc.abstractmethod + def finalize(self): + """ + Finalize the padding, returns bytes. + """ + + class PKCS7(object): def __init__(self, block_size): if not (0 <= block_size < 256): @@ -76,7 +92,7 @@ class PKCS7(object): return _PKCS7UnpaddingContext(self.block_size) -@utils.register_interface(interfaces.PaddingContext) +@utils.register_interface(PaddingContext) class _PKCS7PaddingContext(object): def __init__(self, block_size): self.block_size = block_size @@ -109,7 +125,7 @@ class _PKCS7PaddingContext(object): return result -@utils.register_interface(interfaces.PaddingContext) +@utils.register_interface(PaddingContext) class _PKCS7UnpaddingContext(object): def __init__(self, block_size): self.block_size = block_size diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index a46367ed..ad7ebbe0 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -123,7 +123,7 @@ class Name(object): self._attributes = attributes def get_attributes_for_oid(self, oid): - return [i for i in self._attributes if i.oid == oid] + return [i for i in self if i.oid == oid] def __eq__(self, other): if not isinstance(other, Name): |