From 950894d282b11bca8c55388818fbd19487f156db Mon Sep 17 00:00:00 2001 From: "deepin-community-bot[bot]" <156989552+deepin-community-bot[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 09:35:21 +0000 Subject: [PATCH] feat: update python-cryptography to 43.0.0-2 --- .gitattributes | 1 + .gitignore | 18 + CHANGELOG.rst | 522 +++- LICENSE | 3 - LICENSE.PSF | 41 - MANIFEST.in | 24 - PKG-INFO | 65 +- README.rst | 8 +- debian/changelog | 131 + debian/control | 65 +- debian/gbp.conf | 2 + ...sn1-0.19-and-use-X509GeneralizedTime.patch | 182 ++ .../0005-Support-128-bit-OID-arcs-11820.patch | 28 + ...-US-Pacific-with-America-Los_Angeles.patch | 68 - ...te_into-to-mutate-immutable-objects-.patch | 47 - debian/patches/Upgrade-to-pyo3-0.16.patch | 912 ------ debian/patches/Upgrade-to-pyo3-0.17.patch | 213 -- debian/patches/Upgrade-to-pyo3-0.19.patch | 80 - .../Use-local-python3-doc-inventory.patch | 11 +- debian/patches/allow-pem-version-1.0.patch | 21 - debian/patches/downgrade-deps.patch | 102 + debian/patches/drop-cffi-dep.patch | 35 +- ...ase-asn1-version-from-0.12.1-to-0.12.patch | 21 - ...chrono-dependency-from-0.4.22-to-0.4.patch | 21 - debian/patches/series | 11 +- debian/rules | 12 +- debian/tests/control | 15 - debian/upstream/signing-key.asc | 94 - debian/watch | 4 +- docs/_ext/cryptography-docs.py | 1 - docs/api-stability.rst | 7 +- docs/conf.py | 25 +- .../custom-vectors/aes-192-gcm-siv.rst | 28 + .../aes-192-gcm-siv/generate_aes192gcmsiv.py | 86 + .../verify-aes192gcmsiv/Cargo.toml | 9 + .../verify-aes192gcmsiv/src/main.rs | 116 + .../custom-vectors/arc4/generate_arc4.py | 20 +- .../custom-vectors/cast5/generate_cast5.py | 24 +- docs/development/custom-vectors/chacha20.rst | 29 + .../chacha20/generate_chacha20_overflow.py | 47 + .../chacha20/verify_chacha20_overflow.py | 67 + .../custom-vectors/hkdf/generate_hkdf.py | 2 +- .../custom-vectors/idea/generate_idea.py | 22 +- .../custom-vectors/idea/verify_idea.py | 4 +- docs/development/custom-vectors/rc2.rst | 24 + docs/development/custom-vectors/rc2/genrc2.go | 35 + docs/development/custom-vectors/rc2/go.mod | 3 + .../development/custom-vectors/rc2/rc2/rc2.go | 269 ++ .../rsa-oaep-sha2/generate_rsa_oaep_sha2.py | 8 +- .../secp256k1/generate_secp256k1.py | 15 +- .../secp256k1/verify_secp256k1.py | 1 - .../custom-vectors/seed/generate_seed.py | 22 +- .../custom-vectors/seed/verify_seed.py | 4 +- docs/development/getting-started.rst | 91 +- docs/development/submitting-patches.rst | 14 +- docs/development/test-vectors.rst | 191 +- docs/doing-a-release.rst | 22 +- docs/faq.rst | 72 +- docs/fernet.rst | 8 +- docs/glossary.rst | 11 +- docs/hazmat/decrepit/ciphers.rst | 132 + docs/hazmat/decrepit/index.rst | 14 + docs/hazmat/primitives/aead.rst | 134 +- docs/hazmat/primitives/asymmetric/dh.rst | 21 - docs/hazmat/primitives/asymmetric/dsa.rst | 27 +- docs/hazmat/primitives/asymmetric/ec.rst | 96 +- docs/hazmat/primitives/asymmetric/ed25519.rst | 37 +- docs/hazmat/primitives/asymmetric/ed448.rst | 37 +- docs/hazmat/primitives/asymmetric/index.rst | 80 + docs/hazmat/primitives/asymmetric/rsa.rst | 95 +- .../primitives/asymmetric/serialization.rst | 594 +++- docs/hazmat/primitives/asymmetric/x25519.rst | 27 + docs/hazmat/primitives/asymmetric/x448.rst | 27 + .../primitives/cryptographic-hashes.rst | 6 +- docs/hazmat/primitives/index.rst | 2 +- .../primitives/key-derivation-functions.rst | 22 +- docs/hazmat/primitives/mac/hmac.rst | 2 +- docs/hazmat/primitives/mac/poly1305.rst | 2 +- docs/hazmat/primitives/padding.rst | 10 +- .../primitives/symmetric-encryption.rst | 102 +- docs/hazmat/primitives/twofactor.rst | 11 +- docs/index.rst | 1 + docs/installation.rst | 91 +- docs/limitations.rst | 16 +- docs/openssl.rst | 86 +- docs/random-numbers.rst | 7 +- docs/security.rst | 23 +- docs/spelling_wordlist.txt | 14 + docs/x509/certificate-transparency.rst | 12 +- docs/x509/index.rst | 1 + docs/x509/ocsp.rst | 164 +- docs/x509/reference.rst | 680 ++++- docs/x509/tutorial.rst | 224 +- docs/x509/verification.rst | 293 ++ noxfile.py | 378 +++ pyproject.toml | 150 +- release.py | 94 + setup.cfg | 92 - setup.py | 116 - src/_cffi_src/build_openssl.py | 97 +- src/_cffi_src/openssl/asn1.py | 30 +- src/_cffi_src/openssl/bignum.py | 60 +- src/_cffi_src/openssl/bio.py | 12 +- src/_cffi_src/openssl/callbacks.py | 51 - src/_cffi_src/openssl/cmac.py | 26 - src/_cffi_src/openssl/crypto.py | 88 +- src/_cffi_src/openssl/cryptography.py | 99 +- src/_cffi_src/openssl/dh.py | 146 +- src/_cffi_src/openssl/dsa.py | 13 +- src/_cffi_src/openssl/ec.py | 82 +- src/_cffi_src/openssl/ecdsa.py | 23 - src/_cffi_src/openssl/engine.py | 14 +- src/_cffi_src/openssl/err.py | 33 +- src/_cffi_src/openssl/evp.py | 240 +- src/_cffi_src/openssl/fips.py | 27 - src/_cffi_src/openssl/hmac.py | 25 - src/_cffi_src/openssl/nid.py | 32 +- src/_cffi_src/openssl/objects.py | 11 +- src/_cffi_src/openssl/opensslv.py | 1 + src/_cffi_src/openssl/osrandom_engine.py | 23 - src/_cffi_src/openssl/pem.py | 36 +- src/_cffi_src/openssl/pkcs12.py | 37 - src/_cffi_src/openssl/pkcs7.py | 86 +- src/_cffi_src/openssl/provider.py | 42 - src/_cffi_src/openssl/rand.py | 3 +- src/_cffi_src/openssl/rsa.py | 34 +- src/_cffi_src/openssl/src/osrandom_engine.c | 660 ----- src/_cffi_src/openssl/src/osrandom_engine.h | 118 - src/_cffi_src/openssl/ssl.py | 274 +- src/_cffi_src/openssl/x509.py | 74 +- src/_cffi_src/openssl/x509_vfy.py | 79 +- src/_cffi_src/openssl/x509name.py | 27 +- src/_cffi_src/openssl/x509v3.py | 22 +- src/_cffi_src/utils.py | 52 +- src/cryptography.egg-info/PKG-INFO | 117 - src/cryptography.egg-info/SOURCES.txt | 341 --- .../dependency_links.txt | 1 - src/cryptography.egg-info/not-zip-safe | 1 - src/cryptography.egg-info/requires.txt | 33 - src/cryptography.egg-info/top_level.txt | 1 - src/cryptography/__about__.py | 8 +- src/cryptography/__init__.py | 22 +- src/cryptography/exceptions.py | 34 +- src/cryptography/fernet.py | 27 +- src/cryptography/hazmat/__init__.py | 3 + src/cryptography/hazmat/_oid.py | 38 +- src/cryptography/hazmat/backends/__init__.py | 3 + .../hazmat/backends/openssl/__init__.py | 2 +- .../hazmat/backends/openssl/aead.py | 251 -- .../hazmat/backends/openssl/backend.py | 2498 +---------------- .../hazmat/backends/openssl/ciphers.py | 282 -- .../hazmat/backends/openssl/cmac.py | 87 - .../hazmat/backends/openssl/decode_asn1.py | 31 - .../hazmat/backends/openssl/dh.py | 318 --- .../hazmat/backends/openssl/dsa.py | 239 -- .../hazmat/backends/openssl/ec.py | 315 --- .../hazmat/backends/openssl/ed25519.py | 155 - .../hazmat/backends/openssl/ed448.py | 156 - .../hazmat/backends/openssl/hashes.py | 87 - .../hazmat/backends/openssl/hmac.py | 85 - .../hazmat/backends/openssl/poly1305.py | 68 - .../hazmat/backends/openssl/rsa.py | 586 ---- .../hazmat/backends/openssl/utils.py | 52 - .../hazmat/backends/openssl/x25519.py | 132 - .../hazmat/backends/openssl/x448.py | 117 - .../hazmat/backends/openssl/x509.py | 45 - .../hazmat/bindings/_rust/__init__.pyi | 19 +- .../hazmat/bindings/{ => _rust}/_openssl.pyi | 0 .../hazmat/bindings/_rust/asn1.pyi | 11 +- .../hazmat/bindings/_rust/exceptions.pyi | 17 + .../hazmat/bindings/_rust/ocsp.pyi | 35 +- .../bindings/_rust/openssl/__init__.pyi | 71 + .../hazmat/bindings/_rust/openssl/aead.pyi | 103 + .../hazmat/bindings/_rust/openssl/ciphers.pyi | 38 + .../hazmat/bindings/_rust/openssl/cmac.pyi | 18 + .../hazmat/bindings/_rust/openssl/dh.pyi | 51 + .../hazmat/bindings/_rust/openssl/dsa.pyi | 41 + .../hazmat/bindings/_rust/openssl/ec.pyi | 52 + .../hazmat/bindings/_rust/openssl/ed25519.pyi | 12 + .../hazmat/bindings/_rust/openssl/ed448.pyi | 12 + .../hazmat/bindings/_rust/openssl/hashes.pyi | 17 + .../hazmat/bindings/_rust/openssl/hmac.pyi | 21 + .../hazmat/bindings/_rust/openssl/kdf.pyi | 22 + .../hazmat/bindings/_rust/openssl/keys.pyi | 33 + .../bindings/_rust/openssl/poly1305.pyi | 13 + .../hazmat/bindings/_rust/openssl/rsa.pyi | 55 + .../hazmat/bindings/_rust/openssl/x25519.pyi | 12 + .../hazmat/bindings/_rust/openssl/x448.pyi | 12 + .../hazmat/bindings/_rust/pkcs12.pyi | 46 + .../hazmat/bindings/_rust/pkcs7.pyi | 30 + .../hazmat/bindings/_rust/test_support.pyi | 29 + .../hazmat/bindings/_rust/x509.pyi | 96 +- .../hazmat/bindings/openssl/_conditional.py | 253 +- .../hazmat/bindings/openssl/binding.py | 189 +- .../hazmat/decrepit/__init__.py} | 15 +- .../hazmat/decrepit/ciphers/__init__.py | 5 + .../hazmat/decrepit/ciphers/algorithms.py | 107 + .../hazmat/primitives/_asymmetric.py | 6 +- .../hazmat/primitives/_cipheralgorithm.py | 32 +- .../hazmat/primitives/_serialization.py | 25 +- .../hazmat/primitives/asymmetric/dh.py | 155 +- .../hazmat/primitives/asymmetric/dsa.py | 194 +- .../hazmat/primitives/asymmetric/ec.py | 280 +- .../hazmat/primitives/asymmetric/ed25519.py | 44 +- .../hazmat/primitives/asymmetric/ed448.py | 43 +- .../hazmat/primitives/asymmetric/padding.py | 26 +- .../hazmat/primitives/asymmetric/rsa.py | 263 +- .../hazmat/primitives/asymmetric/types.py | 58 +- .../hazmat/primitives/asymmetric/utils.py | 2 +- .../hazmat/primitives/asymmetric/x25519.py | 42 +- .../hazmat/primitives/asymmetric/x448.py | 45 +- .../hazmat/primitives/ciphers/__init__.py | 10 +- .../hazmat/primitives/ciphers/aead.py | 376 +-- .../hazmat/primitives/ciphers/algorithms.py | 160 +- .../hazmat/primitives/ciphers/base.py | 176 +- .../hazmat/primitives/ciphers/modes.py | 46 +- src/cryptography/hazmat/primitives/cmac.py | 64 +- .../hazmat/primitives/constant_time.py | 1 + src/cryptography/hazmat/primitives/hashes.py | 99 +- src/cryptography/hazmat/primitives/hmac.py | 69 +- .../hazmat/primitives/kdf/__init__.py | 1 + .../hazmat/primitives/kdf/concatkdf.py | 22 +- .../hazmat/primitives/kdf/hkdf.py | 14 +- .../hazmat/primitives/kdf/kbkdf.py | 39 +- .../hazmat/primitives/kdf/pbkdf2.py | 15 +- .../hazmat/primitives/kdf/scrypt.py | 14 +- .../hazmat/primitives/kdf/x963kdf.py | 12 +- src/cryptography/hazmat/primitives/keywrap.py | 9 +- src/cryptography/hazmat/primitives/padding.py | 50 +- .../hazmat/primitives/poly1305.py | 57 +- .../primitives/serialization/__init__.py | 34 +- .../hazmat/primitives/serialization/base.py | 64 +- .../hazmat/primitives/serialization/pkcs12.py | 116 +- .../hazmat/primitives/serialization/pkcs7.py | 238 +- .../hazmat/primitives/serialization/ssh.py | 985 ++++++- .../hazmat/primitives/twofactor/__init__.py | 2 + .../hazmat/primitives/twofactor/hotp.py | 16 +- .../hazmat/primitives/twofactor/totp.py | 10 +- src/cryptography/utils.py | 61 +- src/cryptography/x509/__init__.py | 152 +- src/cryptography/x509/base.py | 455 +-- .../x509/certificate_transparency.py | 25 +- src/cryptography/x509/extensions.py | 674 +++-- src/cryptography/x509/general_name.py | 35 +- src/cryptography/x509/name.py | 87 +- src/cryptography/x509/ocsp.py | 297 +- src/cryptography/x509/oid.py | 9 +- src/cryptography/x509/verification.py | 28 + src/rust/Cargo.lock | 461 +-- src/rust/Cargo.toml | 45 +- src/rust/build.rs | 39 + src/rust/cryptography-cffi/Cargo.toml | 14 + src/rust/cryptography-cffi/build.rs | 145 + src/rust/cryptography-cffi/src/lib.rs | 33 + src/rust/cryptography-keepalive/Cargo.toml | 10 + src/rust/cryptography-keepalive/src/lib.rs | 47 + src/rust/cryptography-key-parsing/Cargo.toml | 14 + src/rust/cryptography-key-parsing/build.rs | 18 + src/rust/cryptography-key-parsing/src/lib.rs | 48 + src/rust/cryptography-key-parsing/src/rsa.rs | 23 + src/rust/cryptography-key-parsing/src/spki.rs | 136 + src/rust/cryptography-openssl/Cargo.toml | 14 + src/rust/cryptography-openssl/build.rs | 33 + src/rust/cryptography-openssl/src/aead.rs | 97 + src/rust/cryptography-openssl/src/cmac.rs | 73 + src/rust/cryptography-openssl/src/fips.rs | 36 + src/rust/cryptography-openssl/src/hmac.rs | 104 + src/rust/cryptography-openssl/src/lib.rs | 44 + src/rust/cryptography-openssl/src/poly1305.rs | 49 + .../cryptography-x509-verification/Cargo.toml | 16 + .../src/certificate.rs | 91 + .../cryptography-x509-verification/src/lib.rs | 464 +++ .../cryptography-x509-verification/src/ops.rs | 87 + .../src/policy/extension.rs | 766 +++++ .../src/policy/mod.rs | 816 ++++++ .../src/trust_store.rs | 60 + .../src/types.rs | 863 ++++++ src/rust/cryptography-x509/Cargo.toml | 11 + src/rust/cryptography-x509/src/certificate.rs | 68 + src/rust/cryptography-x509/src/common.rs | 590 ++++ src/rust/cryptography-x509/src/crl.rs | 68 + src/rust/cryptography-x509/src/csr.rs | 68 + src/rust/cryptography-x509/src/extensions.rs | 375 +++ src/rust/cryptography-x509/src/lib.rs | 19 + src/rust/cryptography-x509/src/name.rs | 88 + src/rust/cryptography-x509/src/ocsp_req.rs | 45 + src/rust/cryptography-x509/src/ocsp_resp.rs | 85 + src/rust/cryptography-x509/src/oid.rs | 162 ++ src/rust/cryptography-x509/src/pkcs12.rs | 80 + src/rust/cryptography-x509/src/pkcs7.rs | 101 + src/rust/src/asn1.rs | 319 +-- src/rust/src/backend/aead.rs | 1160 ++++++++ src/rust/src/backend/cipher_registry.rs | 329 +++ src/rust/src/backend/ciphers.rs | 614 ++++ src/rust/src/backend/cmac.rs | 107 + src/rust/src/backend/dh.rs | 548 ++++ src/rust/src/backend/dsa.rs | 508 ++++ src/rust/src/backend/ec.rs | 680 +++++ src/rust/src/backend/ed25519.rs | 168 ++ src/rust/src/backend/ed448.rs | 165 ++ src/rust/src/backend/hashes.rs | 145 + src/rust/src/backend/hmac.rs | 113 + src/rust/src/backend/kdf.rs | 58 + src/rust/src/backend/keys.rs | 261 ++ src/rust/src/backend/mod.rs | 24 + src/rust/src/backend/poly1305.rs | 172 ++ src/rust/src/backend/rsa.rs | 823 ++++++ src/rust/src/backend/utils.rs | 469 ++++ src/rust/src/backend/x25519.rs | 158 ++ src/rust/src/backend/x448.rs | 157 ++ src/rust/src/buf.rs | 118 + src/rust/src/error.rs | 243 ++ src/rust/src/exceptions.rs | 44 + src/rust/src/intern.rs | 44 - src/rust/src/lib.rs | 296 +- src/rust/src/oid.rs | 56 +- src/rust/src/padding.rs | 131 + src/rust/src/pkcs12.rs | 888 ++++++ src/rust/src/pkcs7.rs | 572 ++++ src/rust/src/pool.rs | 96 - src/rust/src/test_support.rs | 160 ++ src/rust/src/types.rs | 588 ++++ src/rust/src/x509/certificate.rs | 1175 ++++---- src/rust/src/x509/common.rs | 823 ++---- src/rust/src/x509/crl.rs | 894 +++--- src/rust/src/x509/csr.rs | 520 ++-- src/rust/src/x509/extensions.rs | 742 ++--- src/rust/src/x509/mod.rs | 10 +- src/rust/src/x509/ocsp.rs | 184 +- src/rust/src/x509/ocsp_req.rs | 241 +- src/rust/src/x509/ocsp_resp.rs | 1121 ++++---- src/rust/src/x509/oid.rs | 101 - src/rust/src/x509/sct.rs | 147 +- src/rust/src/x509/sign.rs | 737 +++-- src/rust/src/x509/verify.rs | 475 ++++ tests/bench/test_aead.py | 97 +- tests/bench/test_ec_load.py | 13 + tests/bench/test_fernet.py | 10 + tests/bench/test_hashes.py | 14 + tests/bench/test_hmac.py | 14 + tests/bench/test_x509.py | 52 +- tests/conftest.py | 35 +- tests/hazmat/backends/test_openssl.py | 449 +-- tests/hazmat/backends/test_openssl_memleak.py | 573 ---- tests/hazmat/bindings/test_openssl.py | 62 +- .../primitives/decrepit}/__init__.py | 0 .../primitives/{ => decrepit}/test_3des.py | 8 +- .../primitives/decrepit/test_algorithms.py | 405 +++ .../primitives/{ => decrepit}/test_arc4.py | 6 +- tests/hazmat/primitives/decrepit/test_rc2.py | 36 + tests/hazmat/primitives/fixtures_dsa.py | 1 - tests/hazmat/primitives/fixtures_ec.py | 1 - tests/hazmat/primitives/fixtures_rsa.py | 1 - tests/hazmat/primitives/test_aead.py | 316 ++- tests/hazmat/primitives/test_aes.py | 72 +- tests/hazmat/primitives/test_aes_gcm.py | 105 +- tests/hazmat/primitives/test_block.py | 8 +- tests/hazmat/primitives/test_blowfish.py | 86 - tests/hazmat/primitives/test_camellia.py | 2 +- tests/hazmat/primitives/test_cast5.py | 86 - tests/hazmat/primitives/test_chacha20.py | 76 +- tests/hazmat/primitives/test_ciphers.py | 241 +- tests/hazmat/primitives/test_cmac.py | 10 +- tests/hazmat/primitives/test_concatkdf.py | 6 +- tests/hazmat/primitives/test_dh.py | 130 +- tests/hazmat/primitives/test_dsa.py | 69 +- tests/hazmat/primitives/test_ec.py | 395 ++- tests/hazmat/primitives/test_ed25519.py | 88 +- tests/hazmat/primitives/test_ed448.py | 58 +- tests/hazmat/primitives/test_hash_vectors.py | 2 +- tests/hazmat/primitives/test_hashes.py | 4 +- tests/hazmat/primitives/test_hkdf.py | 5 +- tests/hazmat/primitives/test_hkdf_vectors.py | 2 +- tests/hazmat/primitives/test_hmac.py | 16 +- tests/hazmat/primitives/test_hmac_vectors.py | 2 +- tests/hazmat/primitives/test_idea.py | 86 - tests/hazmat/primitives/test_kbkdf.py | 34 +- tests/hazmat/primitives/test_kbkdf_vectors.py | 2 +- tests/hazmat/primitives/test_keywrap.py | 2 +- tests/hazmat/primitives/test_padding.py | 8 +- .../primitives/test_pbkdf2hmac_vectors.py | 27 +- tests/hazmat/primitives/test_pkcs12.py | 277 +- tests/hazmat/primitives/test_pkcs7.py | 586 +++- tests/hazmat/primitives/test_rsa.py | 815 +++--- tests/hazmat/primitives/test_scrypt.py | 8 +- tests/hazmat/primitives/test_seed.py | 86 - tests/hazmat/primitives/test_serialization.py | 1056 +------ tests/hazmat/primitives/test_sm4.py | 102 +- tests/hazmat/primitives/test_ssh.py | 1827 ++++++++++++ tests/hazmat/primitives/test_x25519.py | 106 +- tests/hazmat/primitives/test_x448.py | 51 +- tests/hazmat/primitives/test_x963_vectors.py | 8 +- .../hazmat/primitives/twofactor/test_hotp.py | 5 +- .../hazmat/primitives/twofactor/test_totp.py | 5 +- tests/hazmat/primitives/utils.py | 88 +- tests/hazmat/test_oid.py | 10 + tests/hypothesis/test_fernet.py | 16 - tests/hypothesis/test_padding.py | 34 - tests/hypothesis/test_x509.py | 22 - tests/test_cryptography_utils.py | 8 +- tests/test_fernet.py | 26 +- tests/test_interfaces.py | 80 - tests/test_rust_utils.py | 71 - tests/test_utils.py | 19 +- tests/utils.py | 102 +- tests/wycheproof/test_aes.py | 3 +- tests/wycheproof/test_chacha20poly1305.py | 3 +- tests/wycheproof/test_cmac.py | 1 - tests/wycheproof/test_dsa.py | 6 +- tests/wycheproof/test_ecdh.py | 34 +- tests/wycheproof/test_ecdsa.py | 25 +- tests/wycheproof/test_eddsa.py | 3 +- tests/wycheproof/test_hkdf.py | 2 - tests/wycheproof/test_hmac.py | 4 +- tests/wycheproof/test_keywrap.py | 1 - tests/wycheproof/test_pbkdf2.py | 42 + tests/wycheproof/test_rsa.py | 106 +- tests/wycheproof/test_utils.py | 1 - tests/wycheproof/test_x25519.py | 1 - tests/wycheproof/test_x448.py | 1 - tests/wycheproof/utils.py | 20 +- tests/x509/test_name.py | 2 +- tests/x509/test_ocsp.py | 385 ++- tests/x509/test_x509.py | 1728 +++++++++--- tests/x509/test_x509_crlbuilder.py | 257 +- tests/x509/test_x509_ext.py | 424 +-- tests/x509/test_x509_revokedcertbuilder.py | 32 +- tests/x509/verification/__init__.py | 0 tests/x509/verification/test_limbo.py | 184 ++ tests/x509/verification/test_verification.py | 205 ++ 430 files changed, 37262 insertions(+), 23059 deletions(-) create mode 100644 .gitattributes create mode 100644 .gitignore delete mode 100644 LICENSE.PSF delete mode 100644 MANIFEST.in create mode 100644 debian/gbp.conf create mode 100644 debian/patches/0004-update-to-asn1-0.19-and-use-X509GeneralizedTime.patch create mode 100644 debian/patches/0005-Support-128-bit-OID-arcs-11820.patch delete mode 100644 debian/patches/0010-Replace-US-Pacific-with-America-Los_Angeles.patch delete mode 100644 debian/patches/Don-t-allow-update_into-to-mutate-immutable-objects-.patch delete mode 100644 debian/patches/Upgrade-to-pyo3-0.16.patch delete mode 100644 debian/patches/Upgrade-to-pyo3-0.17.patch delete mode 100644 debian/patches/Upgrade-to-pyo3-0.19.patch delete mode 100644 debian/patches/allow-pem-version-1.0.patch create mode 100644 debian/patches/downgrade-deps.patch delete mode 100644 debian/patches/ease-asn1-version-from-0.12.1-to-0.12.patch delete mode 100644 debian/patches/ease-chrono-dependency-from-0.4.22-to-0.4.patch delete mode 100644 debian/tests/control delete mode 100644 debian/upstream/signing-key.asc create mode 100644 docs/development/custom-vectors/aes-192-gcm-siv.rst create mode 100644 docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py create mode 100644 docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/Cargo.toml create mode 100644 docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs create mode 100644 docs/development/custom-vectors/chacha20.rst create mode 100644 docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py create mode 100644 docs/development/custom-vectors/chacha20/verify_chacha20_overflow.py create mode 100644 docs/development/custom-vectors/rc2.rst create mode 100644 docs/development/custom-vectors/rc2/genrc2.go create mode 100644 docs/development/custom-vectors/rc2/go.mod create mode 100644 docs/development/custom-vectors/rc2/rc2/rc2.go create mode 100644 docs/hazmat/decrepit/ciphers.rst create mode 100644 docs/hazmat/decrepit/index.rst create mode 100644 docs/x509/verification.rst create mode 100644 noxfile.py create mode 100644 release.py delete mode 100644 setup.cfg delete mode 100644 setup.py delete mode 100644 src/_cffi_src/openssl/callbacks.py delete mode 100644 src/_cffi_src/openssl/cmac.py delete mode 100644 src/_cffi_src/openssl/ecdsa.py delete mode 100644 src/_cffi_src/openssl/fips.py delete mode 100644 src/_cffi_src/openssl/hmac.py delete mode 100644 src/_cffi_src/openssl/osrandom_engine.py delete mode 100644 src/_cffi_src/openssl/pkcs12.py delete mode 100644 src/_cffi_src/openssl/provider.py delete mode 100644 src/_cffi_src/openssl/src/osrandom_engine.c delete mode 100644 src/_cffi_src/openssl/src/osrandom_engine.h delete mode 100644 src/cryptography.egg-info/PKG-INFO delete mode 100644 src/cryptography.egg-info/SOURCES.txt delete mode 100644 src/cryptography.egg-info/dependency_links.txt delete mode 100644 src/cryptography.egg-info/not-zip-safe delete mode 100644 src/cryptography.egg-info/requires.txt delete mode 100644 src/cryptography.egg-info/top_level.txt delete mode 100644 src/cryptography/hazmat/backends/openssl/aead.py delete mode 100644 src/cryptography/hazmat/backends/openssl/ciphers.py delete mode 100644 src/cryptography/hazmat/backends/openssl/cmac.py delete mode 100644 src/cryptography/hazmat/backends/openssl/decode_asn1.py delete mode 100644 src/cryptography/hazmat/backends/openssl/dh.py delete mode 100644 src/cryptography/hazmat/backends/openssl/dsa.py delete mode 100644 src/cryptography/hazmat/backends/openssl/ec.py delete mode 100644 src/cryptography/hazmat/backends/openssl/ed25519.py delete mode 100644 src/cryptography/hazmat/backends/openssl/ed448.py delete mode 100644 src/cryptography/hazmat/backends/openssl/hashes.py delete mode 100644 src/cryptography/hazmat/backends/openssl/hmac.py delete mode 100644 src/cryptography/hazmat/backends/openssl/poly1305.py delete mode 100644 src/cryptography/hazmat/backends/openssl/rsa.py delete mode 100644 src/cryptography/hazmat/backends/openssl/utils.py delete mode 100644 src/cryptography/hazmat/backends/openssl/x25519.py delete mode 100644 src/cryptography/hazmat/backends/openssl/x448.py delete mode 100644 src/cryptography/hazmat/backends/openssl/x509.py rename src/cryptography/hazmat/bindings/{ => _rust}/_openssl.pyi (100%) create mode 100644 src/cryptography/hazmat/bindings/_rust/exceptions.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/keys.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/openssl/x448.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/pkcs12.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/pkcs7.pyi create mode 100644 src/cryptography/hazmat/bindings/_rust/test_support.pyi rename src/{_cffi_src/openssl/conf.py => cryptography/hazmat/decrepit/__init__.py} (55%) create mode 100644 src/cryptography/hazmat/decrepit/ciphers/__init__.py create mode 100644 src/cryptography/hazmat/decrepit/ciphers/algorithms.py create mode 100644 src/cryptography/x509/verification.py create mode 100644 src/rust/build.rs create mode 100644 src/rust/cryptography-cffi/Cargo.toml create mode 100644 src/rust/cryptography-cffi/build.rs create mode 100644 src/rust/cryptography-cffi/src/lib.rs create mode 100644 src/rust/cryptography-keepalive/Cargo.toml create mode 100644 src/rust/cryptography-keepalive/src/lib.rs create mode 100644 src/rust/cryptography-key-parsing/Cargo.toml create mode 100644 src/rust/cryptography-key-parsing/build.rs create mode 100644 src/rust/cryptography-key-parsing/src/lib.rs create mode 100644 src/rust/cryptography-key-parsing/src/rsa.rs create mode 100644 src/rust/cryptography-key-parsing/src/spki.rs create mode 100644 src/rust/cryptography-openssl/Cargo.toml create mode 100644 src/rust/cryptography-openssl/build.rs create mode 100644 src/rust/cryptography-openssl/src/aead.rs create mode 100644 src/rust/cryptography-openssl/src/cmac.rs create mode 100644 src/rust/cryptography-openssl/src/fips.rs create mode 100644 src/rust/cryptography-openssl/src/hmac.rs create mode 100644 src/rust/cryptography-openssl/src/lib.rs create mode 100644 src/rust/cryptography-openssl/src/poly1305.rs create mode 100644 src/rust/cryptography-x509-verification/Cargo.toml create mode 100644 src/rust/cryptography-x509-verification/src/certificate.rs create mode 100644 src/rust/cryptography-x509-verification/src/lib.rs create mode 100644 src/rust/cryptography-x509-verification/src/ops.rs create mode 100644 src/rust/cryptography-x509-verification/src/policy/extension.rs create mode 100644 src/rust/cryptography-x509-verification/src/policy/mod.rs create mode 100644 src/rust/cryptography-x509-verification/src/trust_store.rs create mode 100644 src/rust/cryptography-x509-verification/src/types.rs create mode 100644 src/rust/cryptography-x509/Cargo.toml create mode 100644 src/rust/cryptography-x509/src/certificate.rs create mode 100644 src/rust/cryptography-x509/src/common.rs create mode 100644 src/rust/cryptography-x509/src/crl.rs create mode 100644 src/rust/cryptography-x509/src/csr.rs create mode 100644 src/rust/cryptography-x509/src/extensions.rs create mode 100644 src/rust/cryptography-x509/src/lib.rs create mode 100644 src/rust/cryptography-x509/src/name.rs create mode 100644 src/rust/cryptography-x509/src/ocsp_req.rs create mode 100644 src/rust/cryptography-x509/src/ocsp_resp.rs create mode 100644 src/rust/cryptography-x509/src/oid.rs create mode 100644 src/rust/cryptography-x509/src/pkcs12.rs create mode 100644 src/rust/cryptography-x509/src/pkcs7.rs create mode 100644 src/rust/src/backend/aead.rs create mode 100644 src/rust/src/backend/cipher_registry.rs create mode 100644 src/rust/src/backend/ciphers.rs create mode 100644 src/rust/src/backend/cmac.rs create mode 100644 src/rust/src/backend/dh.rs create mode 100644 src/rust/src/backend/dsa.rs create mode 100644 src/rust/src/backend/ec.rs create mode 100644 src/rust/src/backend/ed25519.rs create mode 100644 src/rust/src/backend/ed448.rs create mode 100644 src/rust/src/backend/hashes.rs create mode 100644 src/rust/src/backend/hmac.rs create mode 100644 src/rust/src/backend/kdf.rs create mode 100644 src/rust/src/backend/keys.rs create mode 100644 src/rust/src/backend/mod.rs create mode 100644 src/rust/src/backend/poly1305.rs create mode 100644 src/rust/src/backend/rsa.rs create mode 100644 src/rust/src/backend/utils.rs create mode 100644 src/rust/src/backend/x25519.rs create mode 100644 src/rust/src/backend/x448.rs create mode 100644 src/rust/src/buf.rs create mode 100644 src/rust/src/error.rs create mode 100644 src/rust/src/exceptions.rs delete mode 100644 src/rust/src/intern.rs create mode 100644 src/rust/src/padding.rs create mode 100644 src/rust/src/pkcs12.rs create mode 100644 src/rust/src/pkcs7.rs delete mode 100644 src/rust/src/pool.rs create mode 100644 src/rust/src/test_support.rs create mode 100644 src/rust/src/types.rs delete mode 100644 src/rust/src/x509/oid.rs create mode 100644 src/rust/src/x509/verify.rs create mode 100644 tests/bench/test_ec_load.py create mode 100644 tests/bench/test_fernet.py create mode 100644 tests/bench/test_hashes.py create mode 100644 tests/bench/test_hmac.py delete mode 100644 tests/hazmat/backends/test_openssl_memleak.py rename tests/{hypothesis => hazmat/primitives/decrepit}/__init__.py (100%) rename tests/hazmat/primitives/{ => decrepit}/test_3des.py (96%) create mode 100644 tests/hazmat/primitives/decrepit/test_algorithms.py rename tests/hazmat/primitives/{ => decrepit}/test_arc4.py (85%) create mode 100644 tests/hazmat/primitives/decrepit/test_rc2.py delete mode 100644 tests/hazmat/primitives/test_blowfish.py delete mode 100644 tests/hazmat/primitives/test_cast5.py delete mode 100644 tests/hazmat/primitives/test_idea.py delete mode 100644 tests/hazmat/primitives/test_seed.py create mode 100644 tests/hazmat/primitives/test_ssh.py delete mode 100644 tests/hypothesis/test_fernet.py delete mode 100644 tests/hypothesis/test_padding.py delete mode 100644 tests/hypothesis/test_x509.py delete mode 100644 tests/test_interfaces.py delete mode 100644 tests/test_rust_utils.py create mode 100644 tests/wycheproof/test_pbkdf2.py create mode 100644 tests/x509/verification/__init__.py create mode 100644 tests/x509/verification/test_limbo.py create mode 100644 tests/x509/verification/test_verification.py diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dab8975 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.pem text eol=lf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1d4ebfb --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +__pycache__/ +_build/ +build/ +dist/ +htmlcov/ +*.so +.tox/ +.cache/ +.coverage +*.egg-info/ +*.egg +.eggs/ +*.py[cdo] +.hypothesis/ +target/ +.rust-cov/ +*.lcov +*.profdata diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 27c485f..1dcf602 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,470 @@ Changelog ========= +.. _v43-0-0: + +43.0.0 - 2024-07-20 +~~~~~~~~~~~~~~~~~~~ + +* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been + removed. Users on older version of OpenSSL will need to upgrade. +* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8. +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1. +* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0. +* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key` + now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still + considered insecure, users should generally use a key size of 2048-bits. +* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates` + now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`. +* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and + insecure cryptographic primitives. + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were + deprecated in 37.0.0, have been added to this module. They will be removed + from the ``cipher`` module in 45.0.0. +* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` + and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into + :doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module. + They will be removed from the ``cipher`` module in 48.0.0. +* Added support for deterministic + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`) +* Added support for client certificate verification to the + :mod:`X.509 path validation ` APIs in the + form of :class:`~cryptography.x509.verification.ClientVerifier`, + :class:`~cryptography.x509.verification.VerifiedClient`, and + ``PolicyBuilder`` + :meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`. +* Added Certificate + :attr:`~cryptography.x509.Certificate.public_key_algorithm_oid` + and Certificate Signing Request + :attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid` + to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID` + Object Identifier of the public key found inside the certificate. +* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a + timezone-aware alternative to the naïve ``datetime`` attribute + :attr:`~cryptography.x509.InvalidityDate.invalidity_date`. +* Added support for parsing empty DN string in + :meth:`~cryptography.x509.Name.from_rfc4514_string`. +* Added the following properties that return timezone-aware ``datetime`` objects: + :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`, + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`, + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.this_update_utc`, + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.next_update_utc`, + These are timezone-aware variants of existing properties that return naïve + ``datetime`` objects. +* Added + :func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_private_exponent` +* Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.reset_nonce` + for altering the ``nonce`` of a cipher context without initializing a new + instance. See the docs for additional restrictions. +* :class:`~cryptography.x509.NameAttribute` now raises an exception when + attempting to create a common name whose length is shorter or longer than + :rfc:`5280` permits. +* Added basic support for PKCS7 encryption (including SMIME) via + :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7EnvelopeBuilder`. + +.. _v42-0-8: + +42.0.8 - 2024-06-04 +~~~~~~~~~~~~~~~~~~~ + +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2. + +.. _v42-0-7: + +42.0.7 - 2024-05-06 +~~~~~~~~~~~~~~~~~~~ + +* Restored Windows 7 compatibility for our pre-built wheels. Note that we do + not test on Windows 7 and wheels for our next release will not support it. + Microsoft no longer provides support for Windows 7 and users are encouraged + to upgrade. + +.. _v42-0-6: + +42.0.6 - 2024-05-04 +~~~~~~~~~~~~~~~~~~~ + +* Fixed compilation when using LibreSSL 3.9.1. + +.. _v42-0-5: + +42.0.5 - 2024-02-23 +~~~~~~~~~~~~~~~~~~~ + +* Limit the number of name constraint checks that will be performed in + :mod:`X.509 path validation ` to protect + against denial of service attacks. +* Upgrade ``pyo3`` version, which fixes building on PowerPC. + +.. _v42-0-4: + +42.0.4 - 2024-02-20 +~~~~~~~~~~~~~~~~~~~ + +* Fixed a null-pointer-dereference and segfault that could occur when creating + a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the + issue. **CVE-2024-26130** +* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` + and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the + definitions in :rfc:`2633` :rfc:`3370`. + +.. _v42-0-3: + +42.0.3 - 2024-02-15 +~~~~~~~~~~~~~~~~~~~ + +* Fixed an initialization issue that caused key loading failures for some + users. + +.. _v42-0-2: + +42.0.2 - 2024-01-30 +~~~~~~~~~~~~~~~~~~~ + +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. +* Fixed an issue that prevented the use of Python buffer protocol objects in + ``sign`` and ``verify`` methods on asymmetric keys. +* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, + ``X25519PrivateKey`` + :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, + ``X448PrivateKey`` + :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, + and ``DHPrivateKey`` + :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. + +.. _v42-0-1: + +42.0.1 - 2024-01-24 +~~~~~~~~~~~~~~~~~~~ + +* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`. +* Resolved compatibility issue with loading certain RSA public keys in + :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`. + +.. _v42-0-0: + +42.0.0 - 2024-01-22 +~~~~~~~~~~~~~~~~~~~ + +* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7. +* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using + :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` + or + :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` + will now raise a ``ValueError`` rather than return an empty list. +* Parsing SSH certificates no longer permits malformed critical options with + values, as documented in the 41.0.2 release notes. +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. +* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. +* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should + resolve some errors relating to initializing a module multiple times per + process. +* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for + X.509 certificate signing requests and certificate revocation lists with the + keyword-only argument ``rsa_padding`` on the ``sign`` methods for + :class:`~cryptography.x509.CertificateSigningRequestBuilder` and + :class:`~cryptography.x509.CertificateRevocationListBuilder`. +* Added support for obtaining X.509 certificate signing request signature + algorithm parameters (including PSS) via + :meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`. +* Added support for obtaining X.509 certificate revocation list signature + algorithm parameters (including PSS) via + :meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters`. +* Added ``mgf`` property to + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. +* Added ``algorithm`` and ``mgf`` properties to + :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`. +* Added the following properties that return timezone-aware ``datetime`` objects: + :meth:`~cryptography.x509.Certificate.not_valid_before_utc`, + :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, + :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`, + :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`, + :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`. + These are timezone-aware variants of existing properties that return naïve + ``datetime`` objects. +* Deprecated the following properties that return naïve ``datetime`` objects: + :meth:`~cryptography.x509.Certificate.not_valid_before`, + :meth:`~cryptography.x509.Certificate.not_valid_after`, + :meth:`~cryptography.x509.RevokedCertificate.revocation_date`, + :meth:`~cryptography.x509.CertificateRevocationList.next_update`, + :meth:`~cryptography.x509.CertificateRevocationList.last_update` + in favor of the new timezone-aware variants mentioned above. +* Added support for + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20` + on LibreSSL. +* Added support for RSA PSS signatures in PKCS7 with + :meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.add_signer`. +* In the next release (43.0.0) of cryptography, loading an X.509 certificate + with a negative serial number will raise an exception. This has been + deprecated since 36.0.0. +* Added support for + :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCMSIV` when using + OpenSSL 3.2.0+. +* Added the :mod:`X.509 path validation ` APIs + for :class:`~cryptography.x509.Certificate` chains. These APIs should be + considered unstable and not subject to our stability guarantees until + documented as such in a future release. +* Added support for + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4` + :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` + when using OpenSSL 3.0 or greater. + +.. _v41-0-7: + +41.0.7 - 2023-11-27 +~~~~~~~~~~~~~~~~~~~ + +* Fixed compilation when using LibreSSL 3.8.2. + +.. _v41-0-6: + +41.0.6 - 2023-11-27 +~~~~~~~~~~~~~~~~~~~ + +* Fixed a null-pointer-dereference and segfault that could occur when loading + certificates from a PKCS#7 bundle. Credit to **pkuzco** for reporting the + issue. **CVE-2023-49083** + +.. _v41-0-5: + +41.0.5 - 2023-10-24 +~~~~~~~~~~~~~~~~~~~ + +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4. +* Added a function to support an upcoming ``pyOpenSSL`` release. + +.. _v41-0-4: + +41.0.4 - 2023-09-19 +~~~~~~~~~~~~~~~~~~~ + +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3. + +.. _v41-0-3: + +41.0.3 - 2023-08-01 +~~~~~~~~~~~~~~~~~~~ + +* Fixed performance regression loading DH public keys. +* Fixed a memory leak when using + :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`. +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2. + +.. _v41-0-2: + +41.0.2 - 2023-07-10 +~~~~~~~~~~~~~~~~~~~ + +* Fixed bugs in creating and parsing SSH certificates where critical options + with values were handled incorrectly. Certificates are now created correctly + and parsing accepts correct values as well as the previously generated + invalid forms with a warning. In the next release, support for parsing these + invalid forms will be removed. + +.. _v41-0-1: + +41.0.1 - 2023-06-01 +~~~~~~~~~~~~~~~~~~~ + +* Temporarily allow invalid ECDSA signature algorithm parameters in X.509 + certificates, which are generated by older versions of Java. +* Allow null bytes in pass phrases when serializing private keys. + +.. _v41-0-0: + +41.0.0 - 2023-05-30 +~~~~~~~~~~~~~~~~~~~ + +* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been + removed. Users on older version of OpenSSL will need to upgrade. +* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed. +* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6. +* Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1. +* Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` + OCSP extension. +* Added support for the :class:`~cryptography.x509.MSCertificateTemplate` + proprietary Microsoft certificate extension. +* Implemented support for equality checks on all asymmetric public key types. +* Added support for ``aes256-gcm@openssh.com`` encrypted keys in + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. +* Added support for obtaining X.509 certificate signature algorithm parameters + (including PSS) via + :meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`. +* Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + X.509 certificates via the new keyword-only argument ``rsa_padding`` on + :meth:`~cryptography.x509.CertificateBuilder.sign`. +* Added support for + :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` + on BoringSSL. + +.. _v40-0-2: + +40.0.2 - 2023-04-14 +~~~~~~~~~~~~~~~~~~~ + +* Fixed compilation when using LibreSSL 3.7.2. +* Added some functions to support an upcoming ``pyOpenSSL`` release. + +.. _v40-0-1: + +40.0.1 - 2023-03-24 +~~~~~~~~~~~~~~~~~~~ + +* Fixed a bug where certain operations would fail if an object happened to be + in the top-half of the memory-space. This only impacted 32-bit systems. + +.. _v40-0-0: + +40.0.0 - 2023-03-24 +~~~~~~~~~~~~~~~~~~~ + + +* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way + ``cryptography`` links OpenSSL has changed. This only impacts users who + build ``cryptography`` from source (i.e., not from a ``wheel``), and + specify their own version of OpenSSL. For those users, the ``CFLAGS``, + ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` + environment variables are no longer valid. Instead, users need to configure + their builds `as documented here`_. +* Support for Python 3.6 is deprecated and will be removed in the next + release. +* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. + In the next release we will raise MSRV to 1.56.0. Users with the latest + ``pip`` will typically get a wheel and not need Rust installed, but check + :doc:`/installation` for documentation on installing a newer ``rustc`` if + required. +* Deprecated support for OpenSSL less than 1.1.1d. The next release of + ``cryptography`` will drop support for older versions. +* Deprecated support for DSA keys in + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` + and + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. +* Deprecated support for OpenSSH serialization in + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` + and + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. +* The minimum supported version of PyPy3 is now 7.3.10. +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0. +* Added support for parsing SSH certificates in addition to public keys with + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`. + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` + continues to support only public keys. +* Added support for generating SSH certificates with + :class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`. +* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to + :class:`~cryptography.x509.Certificate`. +* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that + :class:`~cryptography.x509.DNSName` constraints do not contain any ``*`` + wildcards. +* Removed many unused CFFI OpenSSL bindings. This will not impact you unless + you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that + these have never been considered a stable, supported, public API by + ``cryptography``, this note is included as a courtesy. +* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of + ``ValueError`` if an unsupported hash algorithm is passed. +* Added public union type aliases for type hinting: + + * Asymmetric types: + :const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`, + :const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`, + :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`, + :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`, + :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. + * SSH keys: + :const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`, + :const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`, + :const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`, + :const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`. + * PKCS12: + :const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes` + * PKCS7: + :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`, + :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`. + * Two-factor: + :const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes` + +* Deprecated previously undocumented but not private type aliases in the + ``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new + ones above. + + +.. _v39-0-2: + + +39.0.2 - 2023-03-02 +~~~~~~~~~~~~~~~~~~~ + +* Fixed a bug where the content type header was not properly encoded for + PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding. + + +.. _v39-0-1: + +39.0.1 - 2023-02-07 +~~~~~~~~~~~~~~~~~~~ + +* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python + buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931** +* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8. + +.. _v39-0-0: + +39.0.0 - 2023-01-01 +~~~~~~~~~~~~~~~~~~~ + +* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. + Users on older version of OpenSSL will need to upgrade. +* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new + minimum LibreSSL version is 3.5.0. Going forward our policy is to support + versions of LibreSSL that are available in versions of OpenBSD that are + still receiving security support. +* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and + ``from_encoded_point`` methods on + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, + which had been deprecated for several years. + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes` + and + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` + should be used instead. +* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in + :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and + PKCS7 has been removed. +* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS + users must upgrade to 10.12 or newer. +* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change + the way we link OpenSSL. This will only impact users who build + ``cryptography`` from source (i.e., not from a ``wheel``), and specify their + own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, + ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment + variables will no longer be respected. Instead, users will need to + configure their builds `as documented here`_. +* Added support for + :ref:`disabling the legacy provider in OpenSSL 3.0.x`. +* Added support for disabling RSA key validation checks when loading RSA + keys via + :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, + :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, + and + :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`. + This speeds up key loading but is :term:`unsafe` if you are loading potentially + attacker supplied keys. +* Significantly improved performance for + :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` + when repeatedly calling ``encrypt`` or ``decrypt`` with the same key. +* Added support for creating OCSP requests with precomputed hashes using + :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`. +* Added support for loading multiple PEM-encoded X.509 certificates from + a single input via :func:`~cryptography.x509.load_pem_x509_certificates`. + .. _v38-0-4: 38.0.4 - 2022-11-27 @@ -20,8 +484,8 @@ Changelog .. _v38-0-2: -38.0.2 - 2022-10-11 -~~~~~~~~~~~~~~~~~~~ +38.0.2 - 2022-10-11 (YANKED) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. attention:: @@ -29,6 +493,7 @@ Changelog * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6. + .. _v38-0-1: 38.0.1 - 2022-09-07 @@ -759,7 +1224,7 @@ Changelog :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`, which immediately checks if the point is on the curve and supports compressed points. Deprecated the previous method - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. + ``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point``. * Added :attr:`~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm` to ``OCSPResponse``. * Updated :doc:`/hazmat/primitives/asymmetric/x25519` support to allow @@ -768,7 +1233,7 @@ Changelog with no arguments has been deprecated. * Added support for encoding compressed and uncompressed points via :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. Deprecated the previous method - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`. + ``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point``. .. _v2-4-2: @@ -1467,9 +1932,9 @@ Changelog * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`. * Add support for encoding and decoding elliptic curve points to a byte string form using - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point` + ``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`` and - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. + ``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point``. * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`. * :class:`~cryptography.x509.CertificatePolicies` are now supported in the :class:`~cryptography.x509.CertificateBuilder`. @@ -1614,16 +2079,16 @@ Changelog ``no-comp`` (``OPENSSL_NO_COMP``) option. * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` serialization of public keys using the ``public_bytes`` method of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, and - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`. * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` serialization of private keys using the ``private_bytes`` method of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, and - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`. * Add support for parsing X.509 certificate signing requests (CSRs) with :func:`~cryptography.x509.load_pem_x509_csr` and :func:`~cryptography.x509.load_der_x509_csr`. @@ -1696,42 +2161,32 @@ Changelog and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` now support PKCS1 RSA public keys (in addition to the previous support for SubjectPublicKeyInfo format for RSA, EC, and DSA). -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` - and deprecated ``EllipticCurvePrivateKeyWithNumbers``. +* Added ``EllipticCurvePrivateKeyWithSerialization`` and deprecated + ``EllipticCurvePrivateKeyWithNumbers``. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`. -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` - and deprecated ``RSAPrivateKeyWithNumbers``. +* Added ``RSAPrivateKeyWithSerialization`` and deprecated ``RSAPrivateKeyWithNumbers``. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization` - and deprecated ``DSAPrivateKeyWithNumbers``. +* Added ``DSAPrivateKeyWithSerialization`` and deprecated ``DSAPrivateKeyWithNumbers``. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization` - and deprecated ``RSAPublicKeyWithNumbers``. +* Added ``RSAPublicKeyWithSerialization`` and deprecated ``RSAPublicKeyWithNumbers``. * Added ``public_bytes`` to - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`. -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization` - and deprecated ``EllipticCurvePublicKeyWithNumbers``. + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. +* Added ``EllipticCurvePublicKeyWithSerialization`` and deprecated + ``EllipticCurvePublicKeyWithNumbers``. * Added ``public_bytes`` to - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. -* Added - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization` - and deprecated ``DSAPublicKeyWithNumbers``. + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`. +* Added ``DSAPublicKeyWithSerialization`` and deprecated ``DSAPublicKeyWithNumbers``. * Added ``public_bytes`` to - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`. * :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and :class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from ``cryptography.hazmat.primitives.interfaces`` to @@ -2049,5 +2504,6 @@ Changelog * Initial release. +.. _`as documented here`: https://docs.rs/openssl/latest/openssl/#automatic .. _`main`: https://github.com/pyca/cryptography/ .. _`cffi`: https://cffi.readthedocs.io/ diff --git a/LICENSE b/LICENSE index 0707425..b11f379 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,3 @@ This software is made available under the terms of *either* of the licenses found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made under the terms of *both* these licenses. - -The code used in the OS random engine is derived from CPython, and is licensed -under the terms of the PSF License Agreement. diff --git a/LICENSE.PSF b/LICENSE.PSF deleted file mode 100644 index 4d3a4f5..0000000 --- a/LICENSE.PSF +++ /dev/null @@ -1,41 +0,0 @@ -1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and - the Individual or Organization ("Licensee") accessing and otherwise using Python - 2.7.12 software in source or binary form and its associated documentation. - -2. Subject to the terms and conditions of this License Agreement, PSF hereby - grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, - analyze, test, perform and/or display publicly, prepare derivative works, - distribute, and otherwise use Python 2.7.12 alone or in any derivative - version, provided, however, that PSF's License Agreement and PSF's notice of - copyright, i.e., "Copyright © 2001-2016 Python Software Foundation; All Rights - Reserved" are retained in Python 2.7.12 alone or in any derivative version - prepared by Licensee. - -3. In the event Licensee prepares a derivative work that is based on or - incorporates Python 2.7.12 or any part thereof, and wants to make the - derivative work available to others as provided herein, then Licensee hereby - agrees to include in any such work a brief summary of the changes made to Python - 2.7.12. - -4. PSF is making Python 2.7.12 available to Licensee on an "AS IS" basis. - PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF - EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR - WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE - USE OF PYTHON 2.7.12 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. - -5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.12 - FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF - MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.12, OR ANY DERIVATIVE - THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. - -6. This License Agreement will automatically terminate upon a material breach of - its terms and conditions. - -7. Nothing in this License Agreement shall be deemed to create any relationship - of agency, partnership, or joint venture between PSF and Licensee. This License - Agreement does not grant permission to use PSF trademarks or trade name in a - trademark sense to endorse or promote products or services of Licensee, or any - third party. - -8. By copying, installing or otherwise using Python 2.7.12, Licensee agrees - to be bound by the terms and conditions of this License Agreement. diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 8471d75..0000000 --- a/MANIFEST.in +++ /dev/null @@ -1,24 +0,0 @@ -include CHANGELOG.rst -include CONTRIBUTING.rst -include LICENSE -include LICENSE.APACHE -include LICENSE.BSD -include LICENSE.PSF -include README.rst - -include pyproject.toml -recursive-include src py.typed *.pyi - -recursive-include docs * -recursive-include src/_cffi_src *.py *.c *.h -recursive-include src/rust Cargo.toml Cargo.lock *.rs -prune docs/_build -recursive-include tests *.py -exclude vectors -recursive-exclude vectors * - -recursive-exclude .github * - -exclude release.py .readthedocs.yml dev-requirements.txt tox.ini mypy.ini - -recursive-exclude .circleci * diff --git a/PKG-INFO b/PKG-INFO index 2f4c544..aa1528c 100644 --- a/PKG-INFO +++ b/PKG-INFO @@ -1,16 +1,6 @@ -Metadata-Version: 2.1 +Metadata-Version: 2.3 Name: cryptography -Version: 38.0.4 -Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -Home-page: https://github.com/pyca/cryptography -Author: The Python Cryptographic Authority and individual contributors -Author-email: cryptography-dev@python.org -License: BSD-3-Clause OR Apache-2.0 -Project-URL: Documentation, https://cryptography.io/ -Project-URL: Source, https://github.com/pyca/cryptography/ -Project-URL: Issues, https://github.com/pyca/cryptography/issues -Project-URL: Changelog, https://cryptography.io/en/latest/changelog/ -Platform: UNKNOWN +Version: 43.0.0 Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: Apache Software License @@ -24,26 +14,58 @@ Classifier: Operating System :: Microsoft :: Windows Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3 :: Only -Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 +Classifier: Programming Language :: Python :: 3.11 +Classifier: Programming Language :: Python :: 3.12 Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy Classifier: Topic :: Security :: Cryptography -Requires-Python: >=3.6 -Description-Content-Type: text/x-rst +Requires-Dist: cffi >=1.12 ; platform_python_implementation != 'PyPy' +Requires-Dist: bcrypt >=3.1.5 ; extra == 'ssh' +Requires-Dist: nox ; extra == 'nox' +Requires-Dist: cryptography-vectors ==43.0.0 ; extra == 'test' +Requires-Dist: pytest >=6.2.0 ; extra == 'test' +Requires-Dist: pytest-benchmark ; extra == 'test' +Requires-Dist: pytest-cov ; extra == 'test' +Requires-Dist: pytest-xdist ; extra == 'test' +Requires-Dist: pretend ; extra == 'test' +Requires-Dist: certifi ; extra == 'test' +Requires-Dist: pytest-randomly ; extra == 'test-randomorder' +Requires-Dist: sphinx >=5.3.0 ; extra == 'docs' +Requires-Dist: sphinx-rtd-theme >=1.1.1 ; extra == 'docs' +Requires-Dist: pyenchant >=1.6.11 ; extra == 'docstest' +Requires-Dist: readme-renderer ; extra == 'docstest' +Requires-Dist: sphinxcontrib-spelling >=4.0.1 ; extra == 'docstest' +Requires-Dist: build ; extra == 'sdist' +Requires-Dist: ruff ; extra == 'pep8test' +Requires-Dist: mypy ; extra == 'pep8test' +Requires-Dist: check-sdist ; extra == 'pep8test' +Requires-Dist: click ; extra == 'pep8test' +Provides-Extra: ssh +Provides-Extra: nox Provides-Extra: test +Provides-Extra: test-randomorder Provides-Extra: docs Provides-Extra: docstest Provides-Extra: sdist Provides-Extra: pep8test -Provides-Extra: ssh License-File: LICENSE License-File: LICENSE.APACHE License-File: LICENSE.BSD -License-File: LICENSE.PSF +Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +Author: The cryptography developers +Author-email: The Python Cryptographic Authority and individual contributors +License: Apache-2.0 OR BSD-3-Clause +Requires-Python: >=3.7 +Description-Content-Type: text/x-rst; charset=UTF-8 +Project-URL: homepage, https://github.com/pyca/cryptography +Project-URL: documentation, https://cryptography.io/ +Project-URL: source, https://github.com/pyca/cryptography/ +Project-URL: issues, https://github.com/pyca/cryptography/issues +Project-URL: changelog, https://cryptography.io/en/latest/changelog/ pyca/cryptography ================= @@ -61,8 +83,8 @@ pyca/cryptography ``cryptography`` is a package which provides cryptographic recipes and -primitives to Python developers. Our goal is for it to be your "cryptographic -standard library". It supports Python 3.6+ and PyPy3 7.2+. +primitives to Python developers. Our goal is for it to be your "cryptographic +standard library". It supports Python 3.7+ and PyPy3 7.3.11+. ``cryptography`` includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and @@ -77,9 +99,9 @@ key derivation functions. For example, to encrypt something with >>> f = Fernet(key) >>> token = f.encrypt(b"A really secret message. Not for prying eyes.") >>> token - '...' + b'...' >>> f.decrypt(token) - 'A really secret message. Not for prying eyes.' + b'A really secret message. Not for prying eyes.' You can find more information in the `documentation`_. @@ -114,4 +136,3 @@ documentation. .. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev .. _`security reporting`: https://cryptography.io/en/latest/security/ - diff --git a/README.rst b/README.rst index 9b260f5..3e573ae 100644 --- a/README.rst +++ b/README.rst @@ -14,8 +14,8 @@ pyca/cryptography ``cryptography`` is a package which provides cryptographic recipes and -primitives to Python developers. Our goal is for it to be your "cryptographic -standard library". It supports Python 3.6+ and PyPy3 7.2+. +primitives to Python developers. Our goal is for it to be your "cryptographic +standard library". It supports Python 3.7+ and PyPy3 7.3.11+. ``cryptography`` includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and @@ -30,9 +30,9 @@ key derivation functions. For example, to encrypt something with >>> f = Fernet(key) >>> token = f.encrypt(b"A really secret message. Not for prying eyes.") >>> token - '...' + b'...' >>> f.decrypt(token) - 'A really secret message. Not for prying eyes.' + b'A really secret message. Not for prying eyes.' You can find more information in the `documentation`_. diff --git a/debian/changelog b/debian/changelog index d284662..8234f57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,134 @@ +python-cryptography (43.0.0-2) unstable; urgency=medium + + * Restore B-D: python3-setuptools (Closes: #1100262). + * Update to librust-asn1-0.20-dev, add upstream patches for compatibility + with it (Closes: #1101438). + * Disable DH_VERBOSE. + + -- Andrey Rakhmatullin Sat, 29 Mar 2025 01:20:16 +0500 + +python-cryptography (43.0.0-1) unstable; urgency=medium + + * New upstream version. + * Update and rearrange Build-Depends: + + Removed: + - librust-asn1-derive-0.15-dev (obsolete) + - librust-ouroboros-0.15-dev (obsolete) + - librust-paste-dev (obsolete) + - librust-pyo3-macros-0.20-dev (not an explicit dep) + - python3-hypothesis (obsolete) + - python3-iso8601 (obsolete) + - python3-pytest-subtests (obsolete) + - python3-setuptools (changed in this version) + - python3-setuptools-rust (changed in this version) + - python3-tz (obsolete) + - tzdata (obsolete) + + Added: + - librust-cc-1.1-dev (forgotten explicit dep) + - librust-foreign-types-0.3-dev (forgotten explicit dep) + - python3-bcrypt (optional dep) + - python3-certifi (forgotten explicit dep; fixes building with nodoc) + - python3-maturin (changed in this version) + + Moved to Build-Depends-Indep: + - dh-sequence-sphinxdoc + - python3-doc + - python3-sphinx + - python3-sphinx-rtd-theme + + Version updates (Closes: #1080395): + - librust-asn1-0.17-dev (from 0.15) + - librust-pyo3-0.22-dev (from 0.20) + - librust-pyo3-0.22+default-dev (from 0.20) + * Change upstream version reqs to ones provided by Debian: + + asn1 0.16.2 -> 0.17.0 + + openssl 0.10.65 -> 0.10.63 + + openssl-sys 0.9.103 -> 0.9.101 + * Skip tests that fail with librust-openssl-dev < 0.10.65. + * Add python3-bcrypt to Depends. + * Move documentation build-deps into Build-Depends-Indep. + * Bump Standards-Version to 4.7.0. + + -- Andrey Rakhmatullin Tue, 10 Sep 2024 23:55:34 +0500 + +python-cryptography (42.0.5-2) unstable; urgency=medium + + * Patch: upstream fix for 32-bit archs tests + + -- Jérémy Lal Tue, 19 Mar 2024 23:15:50 +0100 + +python-cryptography (42.0.5-1) unstable; urgency=medium + + * Team upload. + * Bump setuptools-rust, rust-pem, rust-openssl, rust-openssl-sys deps + * Testsuite: autopkgtest-pkg-pybuild + + [ Andreas Tille ] + * New upstream version + Closes: #1059308 (CVE-2023-50782) + Closes: #1064778 (CVE-2024-26130) + Closes: #1063771, #1018159 + * watch file standard 4 (routine-update) + Closes: #1046569 + + [ Michael R. Crusoe ] + * Reorder sequence of d/control fields by cme (routine-update) + * d/{tests/,}control: update dependency on python3-cryptography-vectors + * marked intersphinx patch as not needing forwarding + + [ Andrey Rakhmatullin ] + * Add myself to Uploaders. + + [ Jérémy Lal ] + * Testsuite: autopkgtest-pkg-pybuild + + -- Jérémy Lal Tue, 19 Mar 2024 10:58:04 +0100 + +python-cryptography (41.0.7-5) unstable; urgency=medium + + * AMAU, Closes: #1064979 + + [ Andreas Tille ] + * Enable building twice in a row + + -- Jérémy Lal Thu, 07 Mar 2024 13:42:35 +0100 + +python-cryptography (41.0.7-4) unstable; urgency=medium + + * orphan + + -- Sandro Tosi Wed, 28 Feb 2024 12:23:58 -0500 + +python-cryptography (41.0.7-3) unstable; urgency=medium + + * Upgrade to pyo3 0.20. Closes: #1063365 + + -- Jérémy Lal Thu, 08 Feb 2024 15:34:30 +0100 + +python-cryptography (41.0.7-2) unstable; urgency=medium + + * patch: drop pem 1.0 workaround, depends pem 1.1. Closes: 1060294. + * autopkgtest: fix version of cryptography-vectors + + -- Jérémy Lal Tue, 09 Jan 2024 01:14:48 +0100 + +python-cryptography (41.0.7-1) unstable; urgency=medium + + * Team upload + * New upstream version 41.0.7 + * patch: remove n/a, disable a test to keep building with pem 1.0 + * Update deps + * Bump Standards-Version + + [ Sandro Tosi ] + * New upstream release; Closes: #1031049 + - fixes CVE-2023-23931 + * debian/watch + - remove pgpsigurlmangle, .asc file no longer on PyPI + + [ Nicolas Dandrimont ] + * New upstream version 41.0.3 + + -- Jérémy Lal Sun, 07 Jan 2024 13:24:39 +0100 + python-cryptography (38.0.4-4) unstable; urgency=medium * Team Upload. diff --git a/debian/control b/debian/control index 4f71768..e2544fe 100644 --- a/debian/control +++ b/debian/control @@ -1,52 +1,52 @@ Source: python-cryptography -Maintainer: Tristan Seligmann -Uploaders: Debian Python Team , - Sandro Tosi , +Maintainer: Debian Python Team +Uploaders: Jérémy Lal , + Andrey Rakhmatullin , Section: python Priority: optional Build-Depends: cargo, debhelper-compat (= 13), dh-sequence-python3, - dh-sequence-sphinxdoc , - dpkg-dev (>= 1.17.14), - librust-asn1-0.12-dev, - librust-asn1-derive-0.12-dev, - librust-chrono-0.4-dev, - librust-ouroboros-0.15-dev, - librust-paste-dev, - librust-pem-1.0-dev, - librust-pyo3-0.19-dev, - librust-pyo3-0.19+default-dev, - librust-pyo3-macros-0.19-dev, + librust-asn1-0.20-dev, + librust-cc-1.1-dev, + librust-cfg-if-dev, + librust-foreign-types-0.3-dev, + librust-foreign-types-shared-0.1-dev, + librust-once-cell-dev, + librust-openssl-dev (>= 0.10.64~), + librust-openssl-sys-dev (>= 0.9.101~), + librust-pem-3.0-dev, + librust-pyo3-0.22+default-dev, + librust-pyo3-0.22-dev, + librust-self-cell-dev, libssl-dev, pybuild-plugin-pyproject, python3-all-dev, + python3-bcrypt , + python3-certifi , python3-cffi, - python3-cryptography-vectors (<< 38.0.5~) , - python3-cryptography-vectors (>= 38.0.4~) , - python3-doc , - python3-hypothesis , - python3-iso8601 , + python3-cryptography-vectors (<< 43.0.1~) , + python3-cryptography-vectors (>= 43.0.0~) , + python3-maturin, python3-pretend , python3-pytest , python3-pytest-benchmark , - python3-pytest-subtests , python3-setuptools, - python3-setuptools-rust, - python3-six, - python3-sphinx , - python3-sphinx-rtd-theme , - python3-tz , - tzdata , -Standards-Version: 4.6.1 -Homepage: https://cryptography.io/ -Vcs-Git: https://salsa.debian.org/python-team/packages/python-cryptography.git +Build-Depends-Indep: dh-sequence-sphinxdoc , + python3-doc , + python3-sphinx , + python3-sphinx-rtd-theme , +Standards-Version: 4.7.0 Vcs-Browser: https://salsa.debian.org/python-team/packages/python-cryptography +Vcs-Git: https://salsa.debian.org/python-team/packages/python-cryptography.git +Homepage: https://cryptography.io/ Rules-Requires-Root: no +Testsuite: autopkgtest-pkg-pybuild Package: python3-cryptography Architecture: any -Depends: ${misc:Depends}, +Depends: python3-bcrypt, + ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}, Suggests: python-cryptography-doc, @@ -70,11 +70,10 @@ Description: Python library exposing cryptographic recipes and primitives (Pytho Package: python-cryptography-doc Architecture: all +Section: doc Depends: ${misc:Depends}, ${sphinxdoc:Depends}, -Section: doc Built-Using: ${sphinxdoc:Built-Using}, -Build-Profiles: Description: Python library exposing cryptographic recipes and primitives (documentation) The cryptography library is designed to be a "one-stop-shop" for all your cryptographic needs in Python. @@ -91,3 +90,5 @@ Description: Python library exposing cryptographic recipes and primitives (docum - Extremely error prone APIs, and bad defaults. . This package contains the documentation for cryptography. +Build-Profiles: +Multi-Arch: foreign diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cec628c --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True diff --git a/debian/patches/0004-update-to-asn1-0.19-and-use-X509GeneralizedTime.patch b/debian/patches/0004-update-to-asn1-0.19-and-use-X509GeneralizedTime.patch new file mode 100644 index 0000000..db3a5ce --- /dev/null +++ b/debian/patches/0004-update-to-asn1-0.19-and-use-X509GeneralizedTime.patch @@ -0,0 +1,182 @@ +From: Paul Kehrer +Date: Sun, 17 Nov 2024 07:28:04 -0800 +Subject: update to asn1 0.19 and use X509GeneralizedTime + +--- + src/rust/cryptography-x509-verification/src/policy/mod.rs | 10 +++++----- + src/rust/cryptography-x509/src/common.rs | 2 +- + src/rust/cryptography-x509/src/ocsp_resp.rs | 8 ++++---- + src/rust/src/x509/certificate.rs | 6 +++--- + src/rust/src/x509/extensions.rs | 4 +++- + src/rust/src/x509/ocsp_resp.rs | 9 +++++---- + 6 files changed, 21 insertions(+), 18 deletions(-) + +diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs +index 5616a83..a67eaf9 100644 +--- a/src/rust/cryptography-x509-verification/src/policy/mod.rs ++++ b/src/rust/cryptography-x509-verification/src/policy/mod.rs +@@ -769,7 +769,7 @@ mod tests { + let generalized_dt = utc_dt.clone(); + let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap()); + let generalized_validity = +- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); ++ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&utc_validity).is_ok()); + assert!(permits_validity_date(&generalized_validity).is_err()); + } +@@ -779,7 +779,7 @@ mod tests { + let generalized_dt = utc_dt.clone(); + let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap()); + let generalized_validity = +- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); ++ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&utc_validity).is_ok()); + assert!(permits_validity_date(&generalized_validity).is_err()); + } +@@ -789,7 +789,7 @@ mod tests { + let generalized_dt = utc_dt.clone(); + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = +- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); ++ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + { +@@ -799,7 +799,7 @@ mod tests { + // The `asn1::UtcTime` constructor prevents this. + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = +- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); ++ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + { +@@ -809,7 +809,7 @@ mod tests { + // The `asn1::UtcTime` constructor prevents this. + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = +- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); ++ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + } +diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs +index 0b95553..2957eeb 100644 +--- a/src/rust/cryptography-x509/src/common.rs ++++ b/src/rust/cryptography-x509/src/common.rs +@@ -207,7 +207,7 @@ impl<'a> asn1::Asn1Writable for RawTlv<'a> { + #[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] + pub enum Time { + UtcTime(asn1::UtcTime), +- GeneralizedTime(asn1::GeneralizedTime), ++ GeneralizedTime(asn1::X509GeneralizedTime), + } + + impl Time { +diff --git a/src/rust/cryptography-x509/src/ocsp_resp.rs b/src/rust/cryptography-x509/src/ocsp_resp.rs +index f40707e..5b0338b 100644 +--- a/src/rust/cryptography-x509/src/ocsp_resp.rs ++++ b/src/rust/cryptography-x509/src/ocsp_resp.rs +@@ -39,7 +39,7 @@ pub struct ResponseData<'a> { + #[default(0)] + pub version: u8, + pub responder_id: ResponderId<'a>, +- pub produced_at: asn1::GeneralizedTime, ++ pub produced_at: asn1::X509GeneralizedTime, + pub responses: common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, SingleResponse<'a>>, + asn1::SequenceOfWriter<'a, SingleResponse<'a>, Vec>>, +@@ -60,9 +60,9 @@ pub enum ResponderId<'a> { + pub struct SingleResponse<'a> { + pub cert_id: ocsp_req::CertID<'a>, + pub cert_status: CertStatus, +- pub this_update: asn1::GeneralizedTime, ++ pub this_update: asn1::X509GeneralizedTime, + #[explicit(0)] +- pub next_update: Option, ++ pub next_update: Option, + #[explicit(1)] + pub raw_single_extensions: Option>, + } +@@ -79,7 +79,7 @@ pub enum CertStatus { + + #[derive(asn1::Asn1Read, asn1::Asn1Write)] + pub struct RevokedInfo { +- pub revocation_time: asn1::GeneralizedTime, ++ pub revocation_time: asn1::X509GeneralizedTime, + #[explicit(0)] + pub revocation_reason: Option, + } +diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs +index 810d7aa..246c15f 100644 +--- a/src/rust/src/x509/certificate.rs ++++ b/src/rust/src/x509/certificate.rs +@@ -877,9 +877,9 @@ pub(crate) fn time_from_py( + + pub(crate) fn time_from_datetime(dt: asn1::DateTime) -> CryptographyResult { + if dt.year() >= 2050 { +- Ok(common::Time::GeneralizedTime(asn1::GeneralizedTime::new( +- dt, +- )?)) ++ Ok(common::Time::GeneralizedTime( ++ asn1::X509GeneralizedTime::new(dt)?, ++ )) + } else { + Ok(common::Time::UtcTime(asn1::UtcTime::new(dt).unwrap())) + } +diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs +index 9bd9425..d3396ff 100644 +--- a/src/rust/src/x509/extensions.rs ++++ b/src/rust/src/x509/extensions.rs +@@ -532,7 +532,9 @@ pub(crate) fn encode_extension( + &oid::INVALIDITY_DATE_OID => { + let py_dt = ext.getattr(pyo3::intern!(py, "invalidity_date_utc"))?; + let dt = x509::py_to_datetime(py, py_dt)?; +- Ok(Some(asn1::write_single(&asn1::GeneralizedTime::new(dt)?)?)) ++ Ok(Some(asn1::write_single(&asn1::X509GeneralizedTime::new( ++ dt, ++ )?)?)) + } + &oid::CRL_NUMBER_OID | &oid::DELTA_CRL_INDICATOR_OID => { + let intval = ext +diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs +index 955bf35..1a24188 100644 +--- a/src/rust/src/x509/ocsp_resp.rs ++++ b/src/rust/src/x509/ocsp_resp.rs +@@ -746,7 +746,8 @@ pub(crate) fn create_ocsp_response( + }; + // REVOKED + let py_revocation_time = py_single_resp.getattr(pyo3::intern!(py, "_revocation_time"))?; +- let revocation_time = asn1::GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?; ++ let revocation_time = ++ asn1::X509GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?; + ocsp_resp::CertStatus::Revoked(ocsp_resp::RevokedInfo { + revocation_time, + revocation_reason, +@@ -757,7 +758,7 @@ pub(crate) fn create_ocsp_response( + .is_none() + { + let py_next_update = py_single_resp.getattr(pyo3::intern!(py, "_next_update"))?; +- Some(asn1::GeneralizedTime::new(py_to_datetime( ++ Some(asn1::X509GeneralizedTime::new(py_to_datetime( + py, + py_next_update, + )?)?) +@@ -765,7 +766,7 @@ pub(crate) fn create_ocsp_response( + None + }; + let py_this_update = py_single_resp.getattr(pyo3::intern!(py, "_this_update"))?; +- let this_update = asn1::GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?; ++ let this_update = asn1::X509GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?; + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); +@@ -807,7 +808,7 @@ pub(crate) fn create_ocsp_response( + + let tbs_response_data = ocsp_resp::ResponseData { + version: 0, +- produced_at: asn1::GeneralizedTime::new(x509::common::datetime_now(py)?)?, ++ produced_at: asn1::X509GeneralizedTime::new(x509::common::datetime_now(py)?)?, + responder_id, + responses: common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( + responses, diff --git a/debian/patches/0005-Support-128-bit-OID-arcs-11820.patch b/debian/patches/0005-Support-128-bit-OID-arcs-11820.patch new file mode 100644 index 0000000..3d895fb --- /dev/null +++ b/debian/patches/0005-Support-128-bit-OID-arcs-11820.patch @@ -0,0 +1,28 @@ +From: Robby Cornelissen +Date: Thu, 24 Oct 2024 13:36:14 +0900 +Subject: Support 128-bit OID arcs (#11820) + +* Support 128-bit OID arcs + +* Update Cargo.lock to reflect updated rust-asn1 dependency +--- + tests/x509/test_x509.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py +index 91251d5..22eca69 100644 +--- a/tests/x509/test_x509.py ++++ b/tests/x509/test_x509.py +@@ -6046,10 +6046,11 @@ class TestObjectIdentifier: + x509.ObjectIdentifier("1.39.999") + x509.ObjectIdentifier("2.5.29.3") + x509.ObjectIdentifier("2.999.37.5.22.8") ++ x509.ObjectIdentifier(f"2.25.{2**128 - 1}") + + def test_oid_arc_too_large(self): + with pytest.raises(ValueError): +- x509.ObjectIdentifier(f"2.25.{2**128 - 1}") ++ x509.ObjectIdentifier(f"2.25.{2**128}") + + + class TestName: diff --git a/debian/patches/0010-Replace-US-Pacific-with-America-Los_Angeles.patch b/debian/patches/0010-Replace-US-Pacific-with-America-Los_Angeles.patch deleted file mode 100644 index f30d0a1..0000000 --- a/debian/patches/0010-Replace-US-Pacific-with-America-Los_Angeles.patch +++ /dev/null @@ -1,68 +0,0 @@ -From: Nicolas Dandrimont -Date: Tue, 8 Aug 2023 17:06:18 +0200 -Subject: Replace US/Pacific with America/Los_Angeles - -Needed for recent tzdata versions ---- - tests/x509/test_x509.py | 4 ++-- - tests/x509/test_x509_crlbuilder.py | 4 ++-- - tests/x509/test_x509_revokedcertbuilder.py | 2 +- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py -index aecf6f8..4d496c6 100644 ---- a/tests/x509/test_x509.py -+++ b/tests/x509/test_x509.py -@@ -2445,7 +2445,7 @@ class TestCertificateBuilder: - - def test_aware_not_valid_after(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) -- tz = pytz.timezone("US/Pacific") -+ tz = pytz.timezone("America/Los_Angeles") - time = tz.localize(time) - utc_time = datetime.datetime(2012, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) -@@ -2517,7 +2517,7 @@ class TestCertificateBuilder: - - def test_aware_not_valid_before(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) -- tz = pytz.timezone("US/Pacific") -+ tz = pytz.timezone("America/Los_Angeles") - time = tz.localize(time) - utc_time = datetime.datetime(2012, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) -diff --git a/tests/x509/test_x509_crlbuilder.py b/tests/x509/test_x509_crlbuilder.py -index e3e3428..d5083c2 100644 ---- a/tests/x509/test_x509_crlbuilder.py -+++ b/tests/x509/test_x509_crlbuilder.py -@@ -42,7 +42,7 @@ class TestCertificateRevocationListBuilder: - - def test_aware_last_update(self, backend): - last_time = datetime.datetime(2012, 1, 16, 22, 43) -- tz = pytz.timezone("US/Pacific") -+ tz = pytz.timezone("America/Los_Angeles") - last_time = tz.localize(last_time) - utc_last = datetime.datetime(2012, 1, 17, 6, 43) - next_time = datetime.datetime(2022, 1, 17, 6, 43) -@@ -84,7 +84,7 @@ class TestCertificateRevocationListBuilder: - - def test_aware_next_update(self, backend): - next_time = datetime.datetime(2022, 1, 16, 22, 43) -- tz = pytz.timezone("US/Pacific") -+ tz = pytz.timezone("America/Los_Angeles") - next_time = tz.localize(next_time) - utc_next = datetime.datetime(2022, 1, 17, 6, 43) - last_time = datetime.datetime(2012, 1, 17, 6, 43) -diff --git a/tests/x509/test_x509_revokedcertbuilder.py b/tests/x509/test_x509_revokedcertbuilder.py -index b2facfa..f047c5c 100644 ---- a/tests/x509/test_x509_revokedcertbuilder.py -+++ b/tests/x509/test_x509_revokedcertbuilder.py -@@ -60,7 +60,7 @@ class TestRevokedCertificateBuilder: - - def test_aware_revocation_date(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) -- tz = pytz.timezone("US/Pacific") -+ tz = pytz.timezone("America/Los_Angeles") - time = tz.localize(time) - utc_time = datetime.datetime(2012, 1, 17, 6, 43) - serial_number = 333 diff --git a/debian/patches/Don-t-allow-update_into-to-mutate-immutable-objects-.patch b/debian/patches/Don-t-allow-update_into-to-mutate-immutable-objects-.patch deleted file mode 100644 index 8c0cead..0000000 --- a/debian/patches/Don-t-allow-update_into-to-mutate-immutable-objects-.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Alex Gaynor -Date: Tue, 7 Feb 2023 11:34:18 -0500 -Subject: Don't allow update_into to mutate immutable objects (#8230) -Origin: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-23931 -Bug-Debian: https://bugs.debian.org/1031049 - ---- - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - tests/hazmat/primitives/test_ciphers.py | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 286583f93255..075d68fb9057 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -156,7 +156,7 @@ class _CipherContext: - data_processed = 0 - total_out = 0 - outlen = self._backend._ffi.new("int *") -- baseoutbuf = self._backend._ffi.from_buffer(buf) -+ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) - baseinbuf = self._backend._ffi.from_buffer(data) - - while data_processed != total_data_len: -diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py -index 02127dd9cab5..bf3b047dec25 100644 ---- a/tests/hazmat/primitives/test_ciphers.py -+++ b/tests/hazmat/primitives/test_ciphers.py -@@ -318,6 +318,14 @@ class TestCipherUpdateInto: - with pytest.raises(ValueError): - encryptor.update_into(b"testing", buf) - -+ def test_update_into_immutable(self, backend): -+ key = b"\x00" * 16 -+ c = ciphers.Cipher(AES(key), modes.ECB(), backend) -+ encryptor = c.encryptor() -+ buf = b"\x00" * 32 -+ with pytest.raises((TypeError, BufferError)): -+ encryptor.update_into(b"testing", buf) -+ - @pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - AES(b"\x00" * 16), modes.GCM(b"\x00" * 12) --- -2.39.2 - diff --git a/debian/patches/Upgrade-to-pyo3-0.16.patch b/debian/patches/Upgrade-to-pyo3-0.16.patch deleted file mode 100644 index 3862b04..0000000 --- a/debian/patches/Upgrade-to-pyo3-0.16.patch +++ /dev/null @@ -1,912 +0,0 @@ -From: Alex Gaynor -Date: Wed, 7 Sep 2022 13:28:39 +0200 -Subject: Upgrade to pyo3 0.16 - -Ported from upstream PR: https://github.com/pyca/cryptography/pull/6935 ---- - MANIFEST.in | 2 + - setup.cfg | 1 - - setup.py | 2 +- - src/cryptography/__init__.py | 13 ------- - src/rust/Cargo.lock | 80 +++++++++++++++------------------------- - src/rust/Cargo.toml | 2 +- - src/rust/src/asn1.rs | 2 +- - src/rust/src/oid.rs | 5 +-- - src/rust/src/x509/certificate.rs | 21 +++++------ - src/rust/src/x509/common.rs | 26 ++++++------- - src/rust/src/x509/crl.rs | 76 ++++++++++++++++---------------------- - src/rust/src/x509/csr.rs | 19 ++++------ - src/rust/src/x509/extensions.rs | 2 +- - src/rust/src/x509/ocsp_req.rs | 4 +- - src/rust/src/x509/ocsp_resp.rs | 37 +++++++++---------- - src/rust/src/x509/sct.rs | 43 ++++++++++----------- - src/rust/src/x509/sign.rs | 12 +++--- - 17 files changed, 143 insertions(+), 204 deletions(-) - -diff --git a/MANIFEST.in b/MANIFEST.in -index 8471d75..f51a4d8 100644 ---- a/MANIFEST.in -+++ b/MANIFEST.in -@@ -16,6 +16,8 @@ prune docs/_build - recursive-include tests *.py - exclude vectors - recursive-exclude vectors * -+exclude src/rust/target -+recursive-exclude src/rust/target * - - recursive-exclude .github * - -diff --git a/setup.cfg b/setup.cfg -index 23bb773..2a669fa 100644 ---- a/setup.cfg -+++ b/setup.cfg -@@ -27,7 +27,6 @@ classifiers = - Programming Language :: Python - Programming Language :: Python :: 3 - Programming Language :: Python :: 3 :: Only -- Programming Language :: Python :: 3.6 - Programming Language :: Python :: 3.7 - Programming Language :: Python :: 3.8 - Programming Language :: Python :: 3.9 -diff --git a/setup.py b/setup.py -index 320994e..5283c0f 100644 ---- a/setup.py -+++ b/setup.py -@@ -52,7 +52,7 @@ try: - features=( - [] - if platform.python_implementation() == "PyPy" -- else ["pyo3/abi3-py36"] -+ else ["pyo3/abi3-py37"] - ), - rust_version=">=1.48.0", - ) -diff --git a/src/cryptography/__init__.py b/src/cryptography/__init__.py -index 599bf51..32be322 100644 ---- a/src/cryptography/__init__.py -+++ b/src/cryptography/__init__.py -@@ -2,15 +2,11 @@ - # 2.0, and the BSD License. See the LICENSE file in the root of this repository - # for complete details. - --import sys --import warnings -- - from cryptography.__about__ import ( - __author__, - __copyright__, - __version__, - ) --from cryptography.utils import CryptographyDeprecationWarning - - - __all__ = [ -@@ -18,12 +14,3 @@ __all__ = [ - "__author__", - "__copyright__", - ] -- --if sys.version_info[:2] == (3, 6): -- warnings.warn( -- "Python 3.6 is no longer supported by the Python core team. " -- "Therefore, support for it is deprecated in cryptography and will be" -- " removed in a future release.", -- CryptographyDeprecationWarning, -- stacklevel=2, -- ) -diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock -index 4a0ecfd..976f865 100644 ---- a/src/rust/Cargo.lock -+++ b/src/rust/Cargo.lock -@@ -120,24 +120,10 @@ dependencies = [ - - [[package]] - name = "indoc" --version = "0.3.6" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8" --dependencies = [ -- "indoc-impl", -- "proc-macro-hack", --] -- --[[package]] --name = "indoc-impl" --version = "0.3.6" -+version = "1.0.4" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0" -+checksum = "e7906a9fababaeacb774f72410e497a1d18de916322e33797bb2cd29baa23c9e" - dependencies = [ -- "proc-macro-hack", -- "proc-macro2", -- "quote", -- "syn", - "unindent", - ] - -@@ -257,25 +243,6 @@ dependencies = [ - "winapi", - ] - --[[package]] --name = "paste" --version = "0.1.18" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" --dependencies = [ -- "paste-impl", -- "proc-macro-hack", --] -- --[[package]] --name = "paste-impl" --version = "0.1.18" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" --dependencies = [ -- "proc-macro-hack", --] -- - [[package]] - name = "pem" - version = "1.1.0" -@@ -309,12 +276,6 @@ dependencies = [ - "version_check", - ] - --[[package]] --name = "proc-macro-hack" --version = "0.5.19" --source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" -- - [[package]] - name = "proc-macro2" - version = "1.0.43" -@@ -326,35 +287,47 @@ dependencies = [ - - [[package]] - name = "pyo3" --version = "0.15.2" -+version = "0.16.5" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752" -+checksum = "1e6302e85060011447471887705bb7838f14aba43fcb06957d823739a496b3dc" - dependencies = [ - "cfg-if", - "indoc", - "libc", - "parking_lot", -- "paste", - "pyo3-build-config", -+ "pyo3-ffi", - "pyo3-macros", - "unindent", - ] - - [[package]] - name = "pyo3-build-config" --version = "0.15.2" -+version = "0.16.5" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410" -+checksum = "b5b65b546c35d8a3b1b2f0ddbac7c6a569d759f357f2b9df884f5d6b719152c8" - dependencies = [ - "once_cell", -+ "target-lexicon", -+] -+ -+[[package]] -+name = "pyo3-ffi" -+version = "0.16.5" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c275a07127c1aca33031a563e384ffdd485aee34ef131116fcd58e3430d1742b" -+dependencies = [ -+ "libc", -+ "pyo3-build-config", - ] - - [[package]] - name = "pyo3-macros" --version = "0.15.2" -+version = "0.16.5" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a" -+checksum = "284fc4485bfbcc9850a6d661d627783f18d19c2ab55880b021671c4ba83e90f7" - dependencies = [ -+ "proc-macro2", - "pyo3-macros-backend", - "quote", - "syn", -@@ -362,12 +335,11 @@ dependencies = [ - - [[package]] - name = "pyo3-macros-backend" --version = "0.15.2" -+version = "0.16.5" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095" -+checksum = "53bda0f58f73f5c5429693c96ed57f7abdb38fdfc28ae06da4101a257adb7faf" - dependencies = [ - "proc-macro2", -- "pyo3-build-config", - "quote", - "syn", - ] -@@ -413,6 +385,12 @@ dependencies = [ - "unicode-ident", - ] - -+[[package]] -+name = "target-lexicon" -+version = "0.12.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c02424087780c9b71cc96799eaeddff35af2bc513278cda5c99fc1f5d026d3c1" -+ - [[package]] - name = "unicode-ident" - version = "1.0.3" -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 49e70a3..73347ab 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -7,7 +7,7 @@ publish = false - - [dependencies] - once_cell = "1" --pyo3 = { version = "0.15.2" } -+pyo3 = { version = "0.16" } - asn1 = { version = "0.12.2", default-features = false, features = ["derive"] } - pem = "1.1" - chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } -diff --git a/src/rust/src/asn1.rs b/src/rust/src/asn1.rs -index 1ca443d..ec873e7 100644 ---- a/src/rust/src/asn1.rs -+++ b/src/rust/src/asn1.rs -@@ -273,7 +273,7 @@ mod tests { - PyAsn1Error::Asn1Write(asn1::WriteError::AllocationError) - )); - let py_e: pyo3::PyErr = e.into(); -- assert!(py_e.is_instance::(py)); -+ assert!(py_e.is_instance_of::(py)); - - let e: PyAsn1Error = pyo3::PyDowncastError::new(py.None().as_ref(py), "abc").into(); - assert!(matches!(e, PyAsn1Error::Py(_))); -diff --git a/src/rust/src/oid.rs b/src/rust/src/oid.rs -index bc65daf..8a77ee6 100644 ---- a/src/rust/src/oid.rs -+++ b/src/rust/src/oid.rs -@@ -35,10 +35,7 @@ impl ObjectIdentifier { - .getattr(crate::intern!(py, "_OID_NAMES"))?; - oid_names.call_method1("get", (slf, "Unknown OID")) - } --} - --#[pyo3::prelude::pyproto] --impl pyo3::PyObjectProtocol for ObjectIdentifier { - fn __repr__(&self) -> pyo3::PyResult { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); -@@ -58,7 +55,7 @@ impl pyo3::PyObjectProtocol for ObjectIdentifier { - - fn __richcmp__( - &self, -- other: pyo3::PyRef, -+ other: pyo3::PyRef<'_, ObjectIdentifier>, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { -diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs -index 59841d7..6a19dd7 100644 ---- a/src/rust/src/x509/certificate.rs -+++ b/src/rust/src/x509/certificate.rs -@@ -82,8 +82,8 @@ pub(crate) struct Certificate { - pub(crate) cached_extensions: Option, - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyObjectProtocol for Certificate { -+#[pyo3::prelude::pymethods] -+impl Certificate { - fn __hash__(&self) -> u64 { - let mut hasher = DefaultHasher::new(); - self.raw.borrow_value().hash(&mut hasher); -@@ -92,7 +92,7 @@ impl pyo3::PyObjectProtocol for Certificate { - - fn __richcmp__( - &self, -- other: pyo3::PyRef, -+ other: pyo3::PyRef<'_, Certificate>, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { -@@ -112,10 +112,7 @@ impl pyo3::PyObjectProtocol for Certificate { - let subject_repr = subject.repr()?.extract::<&str>()?; - Ok(format!("", subject_repr)) - } --} - --#[pyo3::prelude::pymethods] --impl Certificate { - fn __deepcopy__(slf: pyo3::PyRef<'_, Self>, _memo: pyo3::PyObject) -> pyo3::PyRef<'_, Self> { - slf - } -@@ -158,9 +155,9 @@ impl Certificate { - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; -- if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { -+ if encoding.is(encoding_class.getattr(crate::intern!(py, "DER"))?) { - Ok(pyo3::types::PyBytes::new(py, &result)) -- } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { -+ } else if encoding.is(encoding_class.getattr(crate::intern!(py, "PEM"))?) { - let pem = pem::encode_config( - &pem::Pem { - tag: "CERTIFICATE".to_string(), -@@ -291,7 +288,7 @@ impl Certificate { - let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?); - match hash_alg { - Ok(data) => Ok(data), -- Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_value( - py.import("cryptography.exceptions")?.call_method1( - "UnsupportedAlgorithm", - (format!( -@@ -368,11 +365,11 @@ fn cert_version(py: pyo3::Python<'_>, version: u8) -> Result<&pyo3::PyAny, PyAsn - match version { - 0 => Ok(x509_module - .getattr(crate::intern!(py, "Version"))? -- .get_item("v1")?), -+ .get_item(crate::intern!(py, "v1"))?), - 2 => Ok(x509_module - .getattr(crate::intern!(py, "Version"))? -- .get_item("v3")?), -- _ => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ .get_item(crate::intern!(py, "v3"))?), -+ _ => Err(PyAsn1Error::from(pyo3::PyErr::from_value( - x509_module - .getattr(crate::intern!(py, "InvalidVersion"))? - .call1((format!("{} is not a valid X509 version", version), version))?, -diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs -index 5cc8338..76d8d01 100644 ---- a/src/rust/src/x509/common.rs -+++ b/src/rust/src/x509/common.rs -@@ -112,10 +112,10 @@ pub(crate) fn encode_name_entry<'p>( - let tag = attr_type - .getattr(crate::intern!(py, "value"))? - .extract::()?; -- let value: &[u8] = if attr_type != asn1_type.getattr(crate::intern!(py, "BitString"))? { -- let encoding = if attr_type == asn1_type.getattr(crate::intern!(py, "BMPString"))? { -+ let value: &[u8] = if !attr_type.is(asn1_type.getattr(crate::intern!(py, "BitString"))?) { -+ let encoding = if attr_type.is(asn1_type.getattr(crate::intern!(py, "BMPString"))?) { - "utf_16_be" -- } else if attr_type == asn1_type.getattr(crate::intern!(py, "UniversalString"))? { -+ } else if attr_type.is(asn1_type.getattr(crate::intern!(py, "UniversalString"))?) { - "utf_32_be" - } else { - "utf8" -@@ -233,18 +233,18 @@ pub(crate) fn encode_general_name<'a>( - let gn_module = py.import("cryptography.x509.general_name")?; - let gn_type = gn.get_type().as_ref(); - let gn_value = gn.getattr(crate::intern!(py, "value"))?; -- if gn_type == gn_module.getattr(crate::intern!(py, "DNSName"))? { -+ if gn_type.is(gn_module.getattr(crate::intern!(py, "DNSName"))?) { - Ok(GeneralName::DNSName(UnvalidatedIA5String( - gn_value.extract::<&str>()?, - ))) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "RFC822Name"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "RFC822Name"))?) { - Ok(GeneralName::RFC822Name(UnvalidatedIA5String( - gn_value.extract::<&str>()?, - ))) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "DirectoryName"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "DirectoryName"))?) { - let name = encode_name(py, gn_value)?; - Ok(GeneralName::DirectoryName(name)) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "OtherName"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "OtherName"))?) { - Ok(GeneralName::OtherName(OtherName { - type_id: py_oid_to_oid(gn.getattr(crate::intern!(py, "type_id"))?)?, - value: asn1::parse_single(gn_value.extract::<&[u8]>()?).map_err(|e| { -@@ -254,15 +254,15 @@ pub(crate) fn encode_general_name<'a>( - )) - })?, - })) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "UniformResourceIdentifier"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "UniformResourceIdentifier"))?) { - Ok(GeneralName::UniformResourceIdentifier( - UnvalidatedIA5String(gn_value.extract::<&str>()?), - )) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "IPAddress"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "IPAddress"))?) { - Ok(GeneralName::IPAddress( - gn.call_method0("_packed")?.extract::<&[u8]>()?, - )) -- } else if gn_type == gn_module.getattr(crate::intern!(py, "RegisteredID"))? { -+ } else if gn_type.is(gn_module.getattr(crate::intern!(py, "RegisteredID"))?) { - let oid = py_oid_to_oid(gn_value)?; - Ok(GeneralName::RegisteredID(oid)) - } else { -@@ -462,7 +462,7 @@ pub(crate) fn parse_general_name( - .to_object(py) - } - _ => { -- return Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ return Err(PyAsn1Error::from(pyo3::PyErr::from_value( - x509_module.call_method1( - "UnsupportedGeneralNameType", - ("x400Address/EDIPartyName are not supported types",), -@@ -560,7 +560,7 @@ pub(crate) fn parse_and_cache_extensions< - let oid_obj = oid_to_py_oid(py, &raw_ext.extn_id)?; - - if seen_oids.contains(&raw_ext.extn_id) { -- return Err(pyo3::PyErr::from_instance(x509_module.call_method1( -+ return Err(pyo3::PyErr::from_value(x509_module.call_method1( - "DuplicateExtension", - ( - format!("Duplicate {} extension found", raw_ext.extn_id), -@@ -606,7 +606,7 @@ pub(crate) fn encode_extensions< - let oid = py_oid_to_oid(py_ext.getattr(crate::intern!(py, "oid"))?)?; - - let ext_val = py_ext.getattr(crate::intern!(py, "value"))?; -- if unrecognized_extension_type.is_instance(ext_val)? { -+ if ext_val.is_instance(unrecognized_extension_type)? { - exts.push(Extension { - extn_id: oid, - critical: py_ext.getattr(crate::intern!(py, "critical"))?.extract()?, -diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs -index b34de10..29cfd60 100644 ---- a/src/rust/src/x509/crl.rs -+++ b/src/rust/src/x509/crl.rs -@@ -25,7 +25,7 @@ fn load_der_x509_crl( - let version = raw.borrow_value().tbs_cert_list.version.unwrap_or(1); - if version != 1 { - let x509_module = py.import("cryptography.x509")?; -- return Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ return Err(PyAsn1Error::from(pyo3::PyErr::from_value( - x509_module - .getattr(crate::intern!(py, "InvalidVersion"))? - .call1((format!("{} is not a valid CRL version", version), version))?, -@@ -96,11 +96,11 @@ impl CertificateRevocationList { - } - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyObjectProtocol for CertificateRevocationList { -+#[pyo3::prelude::pymethods] -+impl CertificateRevocationList { - fn __richcmp__( - &self, -- other: pyo3::PyRef, -+ other: pyo3::PyRef<'_, CertificateRevocationList>, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { -@@ -111,14 +111,26 @@ impl pyo3::PyObjectProtocol for CertificateRevocationList { - )), - } - } --} - --#[pyo3::prelude::pyproto] --impl pyo3::PyMappingProtocol for CertificateRevocationList { - fn __len__(&self) -> usize { - self.len() - } - -+ fn __iter__(&self) -> CRLIterator { -+ CRLIterator { -+ contents: OwnedCRLIteratorData::try_new(Arc::clone(&self.raw), |v| { -+ Ok::<_, ()>( -+ v.borrow_value() -+ .tbs_cert_list -+ .revoked_certificates -+ .as_ref() -+ .map(|v| v.unwrap_read().clone()), -+ ) -+ }) -+ .unwrap(), -+ } -+ } -+ - fn __getitem__(&self, idx: &pyo3::PyAny) -> pyo3::PyResult { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); -@@ -132,7 +144,7 @@ impl pyo3::PyMappingProtocol for CertificateRevocationList { - }); - }); - -- if idx.is_instance::()? { -+ if idx.is_instance_of::()? { - let indices = idx - .downcast::()? - .indices(self.len().try_into().unwrap())?; -@@ -153,10 +165,7 @@ impl pyo3::PyMappingProtocol for CertificateRevocationList { - Ok(pyo3::PyCell::new(py, self.revoked_cert(py, idx as usize)?)?.to_object(py)) - } - } --} - --#[pyo3::prelude::pymethods] --impl CertificateRevocationList { - fn fingerprint<'p>( - &self, - py: pyo3::Python<'p>, -@@ -188,7 +197,7 @@ impl CertificateRevocationList { - .get_item(oid) - { - Ok(v) => Ok(v), -- Err(_) => Err(pyo3::PyErr::from_instance(exceptions_module.call_method1( -+ Err(_) => Err(pyo3::PyErr::from_value(exceptions_module.call_method1( - "UnsupportedAlgorithm", - (format!( - "Signature algorithm OID:{} not recognized", -@@ -222,9 +231,9 @@ impl CertificateRevocationList { - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; -- if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { -+ if encoding.is(encoding_class.getattr(crate::intern!(py, "DER"))?) { - Ok(pyo3::types::PyBytes::new(py, &result)) -- } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { -+ } else if encoding.is(encoding_class.getattr(crate::intern!(py, "PEM"))?) { - let pem = pem::encode_config( - &pem::Pem { - tag: "X509 CRL".to_string(), -@@ -424,24 +433,6 @@ impl CertificateRevocationList { - } - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyIterProtocol<'_> for CertificateRevocationList { -- fn __iter__(slf: pyo3::PyRef<'p, Self>) -> CRLIterator { -- CRLIterator { -- contents: OwnedCRLIteratorData::try_new(Arc::clone(&slf.raw), |v| { -- Ok::<_, ()>( -- v.borrow_value() -- .tbs_cert_list -- .revoked_certificates -- .as_ref() -- .map(|v| v.unwrap_read().clone()), -- ) -- }) -- .unwrap(), -- } -- } --} -- - #[ouroboros::self_referencing] - struct OwnedCRLIteratorData { - data: Arc, -@@ -484,14 +475,18 @@ fn try_map_arc_data_mut_crl_iterator( - }) - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyIterProtocol<'_> for CRLIterator { -- fn __iter__(slf: pyo3::PyRef<'p, Self>) -> pyo3::PyRef<'p, Self> { -+#[pyo3::prelude::pymethods] -+impl CRLIterator { -+ fn __len__(&self) -> usize { -+ self.contents.borrow_value().clone().map_or(0, |v| v.len()) -+ } -+ -+ fn __iter__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { - slf - } - -- fn __next__(mut slf: pyo3::PyRefMut<'p, Self>) -> Option { -- let revoked = try_map_arc_data_mut_crl_iterator(&mut slf.contents, |_data, v| match v { -+ fn __next__(&mut self) -> Option { -+ let revoked = try_map_arc_data_mut_crl_iterator(&mut self.contents, |_data, v| match v { - Some(v) => match v.next() { - Some(revoked) => Ok(revoked), - None => Err(()), -@@ -506,13 +501,6 @@ impl pyo3::PyIterProtocol<'_> for CRLIterator { - } - } - --#[pyo3::prelude::pyproto] --impl pyo3::PySequenceProtocol<'_> for CRLIterator { -- fn __len__(&self) -> usize { -- self.contents.borrow_value().clone().map_or(0, |v| v.len()) -- } --} -- - #[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash)] - struct RawCertificateRevocationList<'a> { - tbs_cert_list: TBSCertList<'a>, -diff --git a/src/rust/src/x509/csr.rs b/src/rust/src/x509/csr.rs -index 7579bcc..af4df7e 100644 ---- a/src/rust/src/x509/csr.rs -+++ b/src/rust/src/x509/csr.rs -@@ -79,8 +79,8 @@ struct CertificateSigningRequest { - cached_extensions: Option, - } - --#[pyo3::prelude::pyproto] --impl pyo3::basic::PyObjectProtocol for CertificateSigningRequest { -+#[pyo3::prelude::pymethods] -+impl CertificateSigningRequest { - fn __hash__(&self) -> u64 { - let mut hasher = DefaultHasher::new(); - self.raw.borrow_data().hash(&mut hasher); -@@ -89,7 +89,7 @@ impl pyo3::basic::PyObjectProtocol for CertificateSigningRequest { - - fn __richcmp__( - &self, -- other: pyo3::PyRef, -+ other: pyo3::PyRef<'_, CertificateSigningRequest>, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { -@@ -100,10 +100,7 @@ impl pyo3::basic::PyObjectProtocol for CertificateSigningRequest { - )), - } - } --} - --#[pyo3::prelude::pymethods] --impl CertificateSigningRequest { - fn public_key<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { - // This makes an unnecessary copy. It'd be nice to get rid of it. - let serialized = pyo3::types::PyBytes::new( -@@ -149,7 +146,7 @@ impl CertificateSigningRequest { - let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?); - match hash_alg { - Ok(data) => Ok(data), -- Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_value( - py.import("cryptography.exceptions")?.call_method1( - "UnsupportedAlgorithm", - (format!( -@@ -176,9 +173,9 @@ impl CertificateSigningRequest { - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; -- if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { -+ if encoding.is(encoding_class.getattr(crate::intern!(py, "DER"))?) { - Ok(pyo3::types::PyBytes::new(py, &result)) -- } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { -+ } else if encoding.is(encoding_class.getattr(crate::intern!(py, "PEM"))?) { - let pem = pem::encode_config( - &pem::Pem { - tag: "CERTIFICATE REQUEST".to_string(), -@@ -239,7 +236,7 @@ impl CertificateSigningRequest { - } - } - } -- Err(pyo3::PyErr::from_instance( -+ Err(pyo3::PyErr::from_value( - py.import("cryptography.x509")?.call_method1( - "AttributeNotFound", - (format!("No {} attribute was found", oid), oid), -@@ -338,7 +335,7 @@ fn load_der_x509_csr(py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result()? { -+ let qualifier = if py_qualifier.is_instance_of::()? { - let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) { - Some(s) => s, - None => { -diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs -index 92fe96f..483acc8 100644 ---- a/src/rust/src/x509/ocsp_req.rs -+++ b/src/rust/src/x509/ocsp_req.rs -@@ -82,7 +82,7 @@ impl OCSPRequest { - Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; -- Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ Err(PyAsn1Error::from(pyo3::PyErr::from_value( - exceptions - .getattr(crate::intern!(py, "UnsupportedAlgorithm"))? - .call1((format!( -@@ -134,7 +134,7 @@ impl OCSPRequest { - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; -- if encoding != der { -+ if !encoding.is(der) { - return Err(pyo3::exceptions::PyValueError::new_err( - "The only allowed encoding value is Encoding.DER", - ) -diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs -index 22d2940..00205a2 100644 ---- a/src/rust/src/x509/ocsp_resp.rs -+++ b/src/rust/src/x509/ocsp_resp.rs -@@ -176,7 +176,7 @@ impl OCSPResponse { - "Signature algorithm OID: {} not recognized", - self.requires_successful_response()?.signature_algorithm.oid - ); -- Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ Err(PyAsn1Error::from(pyo3::PyErr::from_value( - py.import("cryptography.exceptions")? - .call_method1("UnsupportedAlgorithm", (exc_messsage,))?, - ))) -@@ -365,7 +365,7 @@ impl OCSPResponse { - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; -- if encoding != der { -+ if !encoding.is(der) { - return Err(pyo3::exceptions::PyValueError::new_err( - "The only allowed encoding value is Encoding.DER", - ) -@@ -517,7 +517,7 @@ impl SingleResponse<'_> { - Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; -- Err(PyAsn1Error::from(pyo3::PyErr::from_instance( -+ Err(PyAsn1Error::from(pyo3::PyErr::from_value( - exceptions - .getattr(crate::intern!(py, "UnsupportedAlgorithm"))? - .call1((format!( -@@ -599,16 +599,14 @@ fn create_ocsp_basic_response<'p>( - .extract()?; - - let py_cert_status = py_single_resp.getattr(crate::intern!(py, "_cert_status"))?; -- let cert_status = if py_cert_status -- == ocsp_mod -- .getattr(crate::intern!(py, "OCSPCertStatus"))? -- .getattr(crate::intern!(py, "GOOD"))? -+ let cert_status = if py_cert_status.is(ocsp_mod -+ .getattr(crate::intern!(py, "OCSPCertStatus"))? -+ .getattr(crate::intern!(py, "GOOD"))?) - { - CertStatus::Good(()) -- } else if py_cert_status -- == ocsp_mod -- .getattr(crate::intern!(py, "OCSPCertStatus"))? -- .getattr(crate::intern!(py, "UNKNOWN"))? -+ } else if py_cert_status.is(ocsp_mod -+ .getattr(crate::intern!(py, "OCSPCertStatus"))? -+ .getattr(crate::intern!(py, "UNKNOWN"))?) - { - CertStatus::Unknown(()) - } else { -@@ -657,10 +655,9 @@ fn create_ocsp_basic_response<'p>( - }]; - - let borrowed_cert = responder_cert.borrow(); -- let responder_id = if responder_encoding -- == ocsp_mod -- .getattr(crate::intern!(py, "OCSPResponderEncoding"))? -- .getattr(crate::intern!(py, "HASH"))? -+ let responder_id = if responder_encoding.is(ocsp_mod -+ .getattr(crate::intern!(py, "OCSPResponderEncoding"))? -+ .getattr(crate::intern!(py, "HASH"))?) - { - let sha1 = py - .import("cryptography.hazmat.primitives.hashes")? -@@ -785,15 +782,15 @@ struct OCSPResponseIterator { - contents: OwnedOCSPResponseIteratorData, - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyIterProtocol<'_> for OCSPResponseIterator { -- fn __iter__(slf: pyo3::PyRef<'p, Self>) -> pyo3::PyRef<'p, Self> { -+#[pyo3::prelude::pymethods] -+impl OCSPResponseIterator { -+ fn __iter__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { - slf - } - -- fn __next__(mut slf: pyo3::PyRefMut<'p, Self>) -> Option { -+ fn __next__(&mut self) -> Option { - let single_resp = -- try_map_arc_data_mut_ocsp_response_iterator(&mut slf.contents, |_data, v| { -+ try_map_arc_data_mut_ocsp_response_iterator(&mut self.contents, |_data, v| { - match v.next() { - Some(single_resp) => Ok(single_resp), - None => Err(()), -diff --git a/src/rust/src/x509/sct.rs b/src/rust/src/x509/sct.rs -index aaa374b..ed2b628 100644 ---- a/src/rust/src/x509/sct.rs -+++ b/src/rust/src/x509/sct.rs -@@ -143,6 +143,26 @@ pub(crate) struct Sct { - - #[pyo3::prelude::pymethods] - impl Sct { -+ fn __richcmp__( -+ &self, -+ other: pyo3::PyRef<'_, Sct>, -+ op: pyo3::basic::CompareOp, -+ ) -> pyo3::PyResult { -+ match op { -+ pyo3::basic::CompareOp::Eq => Ok(self.sct_data == other.sct_data), -+ pyo3::basic::CompareOp::Ne => Ok(self.sct_data != other.sct_data), -+ _ => Err(pyo3::exceptions::PyTypeError::new_err( -+ "SCTs cannot be ordered", -+ )), -+ } -+ } -+ -+ fn __hash__(&self) -> u64 { -+ let mut hasher = DefaultHasher::new(); -+ self.sct_data.hash(&mut hasher); -+ hasher.finish() -+ } -+ - #[getter] - fn version<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - py.import("cryptography.x509.certificate_transparency")? -@@ -209,29 +229,6 @@ impl Sct { - } - } - --#[pyo3::prelude::pyproto] --impl pyo3::PyObjectProtocol for Sct { -- fn __richcmp__( -- &self, -- other: pyo3::PyRef, -- op: pyo3::basic::CompareOp, -- ) -> pyo3::PyResult { -- match op { -- pyo3::basic::CompareOp::Eq => Ok(self.sct_data == other.sct_data), -- pyo3::basic::CompareOp::Ne => Ok(self.sct_data != other.sct_data), -- _ => Err(pyo3::exceptions::PyTypeError::new_err( -- "SCTs cannot be ordered", -- )), -- } -- } -- -- fn __hash__(&self) -> u64 { -- let mut hasher = DefaultHasher::new(); -- self.sct_data.hash(&mut hasher); -- hasher.finish() -- } --} -- - pub(crate) fn parse_scts( - py: pyo3::Python<'_>, - data: &[u8], -diff --git a/src/rust/src/x509/sign.rs b/src/rust/src/x509/sign.rs -index 4d91575..034e470 100644 ---- a/src/rust/src/x509/sign.rs -+++ b/src/rust/src/x509/sign.rs -@@ -58,15 +58,15 @@ fn identify_key_type(py: pyo3::Python<'_>, private_key: &pyo3::PyAny) -> pyo3::P - .getattr(crate::intern!(py, "Ed448PrivateKey"))? - .extract()?; - -- if rsa_private_key.is_instance(private_key)? { -+ if private_key.is_instance(rsa_private_key)? { - Ok(KeyType::Rsa) -- } else if dsa_key_type.is_instance(private_key)? { -+ } else if private_key.is_instance(dsa_key_type)? { - Ok(KeyType::Dsa) -- } else if ec_key_type.is_instance(private_key)? { -+ } else if private_key.is_instance(ec_key_type)? { - Ok(KeyType::Ec) -- } else if ed25519_key_type.is_instance(private_key)? { -+ } else if private_key.is_instance(ed25519_key_type)? { - Ok(KeyType::Ed25519) -- } else if ed448_key_type.is_instance(private_key)? { -+ } else if private_key.is_instance(ed448_key_type)? { - Ok(KeyType::Ed448) - } else { - Err(pyo3::exceptions::PyTypeError::new_err( -@@ -87,7 +87,7 @@ fn identify_hash_type( - .import("cryptography.hazmat.primitives.hashes")? - .getattr(crate::intern!(py, "HashAlgorithm"))? - .extract()?; -- if !hash_algorithm_type.is_instance(hash_algorithm)? { -+ if !hash_algorithm.is_instance(hash_algorithm_type)? { - return Err(pyo3::exceptions::PyTypeError::new_err( - "Algorithm must be a registered hash algorithm.", - )); diff --git a/debian/patches/Upgrade-to-pyo3-0.17.patch b/debian/patches/Upgrade-to-pyo3-0.17.patch deleted file mode 100644 index 650576d..0000000 --- a/debian/patches/Upgrade-to-pyo3-0.17.patch +++ /dev/null @@ -1,213 +0,0 @@ -From: Alex Gaynor -Date: Wed, 24 Aug 2022 07:53:13 -0400 -Subject: Upgrade to pyo3 0.17 - -Ported from upstream PR: https://github.com/pyca/cryptography/pull/6935 ---- - src/rust/Cargo.lock | 30 ++++++++++++++++++++---------- - src/rust/Cargo.toml | 2 +- - src/rust/src/oid.rs | 5 +---- - src/rust/src/pool.rs | 10 +++++----- - src/rust/src/x509/certificate.rs | 5 +---- - src/rust/src/x509/crl.rs | 9 +++++---- - src/rust/src/x509/ocsp_req.rs | 2 +- - src/rust/src/x509/ocsp_resp.rs | 2 +- - 8 files changed, 35 insertions(+), 30 deletions(-) - -diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock -index 976f865..09354fd 100644 ---- a/src/rust/Cargo.lock -+++ b/src/rust/Cargo.lock -@@ -170,6 +170,15 @@ dependencies = [ - "cfg-if", - ] - -+[[package]] -+name = "memoffset" -+version = "0.6.5" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" -+dependencies = [ -+ "autocfg", -+] -+ - [[package]] - name = "num-integer" - version = "0.1.45" -@@ -287,13 +296,14 @@ dependencies = [ - - [[package]] - name = "pyo3" --version = "0.16.5" -+version = "0.17.1" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "1e6302e85060011447471887705bb7838f14aba43fcb06957d823739a496b3dc" -+checksum = "12f72538a0230791398a0986a6518ebd88abc3fded89007b506ed072acc831e1" - dependencies = [ - "cfg-if", - "indoc", - "libc", -+ "memoffset", - "parking_lot", - "pyo3-build-config", - "pyo3-ffi", -@@ -303,9 +313,9 @@ dependencies = [ - - [[package]] - name = "pyo3-build-config" --version = "0.16.5" -+version = "0.17.1" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "b5b65b546c35d8a3b1b2f0ddbac7c6a569d759f357f2b9df884f5d6b719152c8" -+checksum = "fc4cf18c20f4f09995f3554e6bcf9b09bd5e4d6b67c562fdfaafa644526ba479" - dependencies = [ - "once_cell", - "target-lexicon", -@@ -313,9 +323,9 @@ dependencies = [ - - [[package]] - name = "pyo3-ffi" --version = "0.16.5" -+version = "0.17.1" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "c275a07127c1aca33031a563e384ffdd485aee34ef131116fcd58e3430d1742b" -+checksum = "a41877f28d8ebd600b6aa21a17b40c3b0fc4dfe73a27b6e81ab3d895e401b0e9" - dependencies = [ - "libc", - "pyo3-build-config", -@@ -323,9 +333,9 @@ dependencies = [ - - [[package]] - name = "pyo3-macros" --version = "0.16.5" -+version = "0.17.1" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "284fc4485bfbcc9850a6d661d627783f18d19c2ab55880b021671c4ba83e90f7" -+checksum = "2e81c8d4bcc2f216dc1b665412df35e46d12ee8d3d046b381aad05f1fcf30547" - dependencies = [ - "proc-macro2", - "pyo3-macros-backend", -@@ -335,9 +345,9 @@ dependencies = [ - - [[package]] - name = "pyo3-macros-backend" --version = "0.16.5" -+version = "0.17.1" - source = "registry+https://github.com/rust-lang/crates.io-index" --checksum = "53bda0f58f73f5c5429693c96ed57f7abdb38fdfc28ae06da4101a257adb7faf" -+checksum = "85752a767ee19399a78272cc2ab625cd7d373b2e112b4b13db28de71fa892784" - dependencies = [ - "proc-macro2", - "quote", -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 73347ab..8d11c97 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -7,7 +7,7 @@ publish = false - - [dependencies] - once_cell = "1" --pyo3 = { version = "0.16" } -+pyo3 = { version = "0.17" } - asn1 = { version = "0.12.2", default-features = false, features = ["derive"] } - pem = "1.1" - chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } -diff --git a/src/rust/src/oid.rs b/src/rust/src/oid.rs -index 8a77ee6..0cb3e85 100644 ---- a/src/rust/src/oid.rs -+++ b/src/rust/src/oid.rs -@@ -36,10 +36,7 @@ impl ObjectIdentifier { - oid_names.call_method1("get", (slf, "Unknown OID")) - } - -- fn __repr__(&self) -> pyo3::PyResult { -- let gil = pyo3::Python::acquire_gil(); -- let py = gil.python(); -- -+ fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let self_clone = pyo3::PyCell::new( - py, - ObjectIdentifier { -diff --git a/src/rust/src/pool.rs b/src/rust/src/pool.rs -index 9dacd7f..6e1c59b 100644 ---- a/src/rust/src/pool.rs -+++ b/src/rust/src/pool.rs -@@ -63,11 +63,11 @@ impl FixedPool { - impl Drop for FixedPool { - fn drop(&mut self) { - if let Some(value) = self.value.replace(None) { -- let gil = pyo3::Python::acquire_gil(); -- let py = gil.python(); -- self.destroy_fn -- .call1(py, (value,)) -- .expect("FixedPool destroy function failed in destructor"); -+ pyo3::Python::with_gil(|py| { -+ self.destroy_fn -+ .call1(py, (value,)) -+ .expect("FixedPool destroy function failed in destructor"); -+ }); - } - } - } -diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs -index 6a19dd7..948e23f 100644 ---- a/src/rust/src/x509/certificate.rs -+++ b/src/rust/src/x509/certificate.rs -@@ -104,10 +104,7 @@ impl Certificate { - } - } - -- fn __repr__(&self) -> pyo3::PyResult { -- let gil = pyo3::Python::acquire_gil(); -- let py = gil.python(); -- -+ fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let subject = self.subject(py)?; - let subject_repr = subject.repr()?.extract::<&str>()?; - Ok(format!("", subject_repr)) -diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs -index 29cfd60..832c8be 100644 ---- a/src/rust/src/x509/crl.rs -+++ b/src/rust/src/x509/crl.rs -@@ -131,10 +131,11 @@ impl CertificateRevocationList { - } - } - -- fn __getitem__(&self, idx: &pyo3::PyAny) -> pyo3::PyResult { -- let gil = pyo3::Python::acquire_gil(); -- let py = gil.python(); -- -+ fn __getitem__( -+ &self, -+ py: pyo3::Python<'_>, -+ idx: &pyo3::PyAny, -+ ) -> pyo3::PyResult { - self.raw.with(|val| { - val.revoked_certs.get_or_init(py, || { - match &val.value.tbs_cert_list.revoked_certificates { -diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs -index 483acc8..e086b4d 100644 ---- a/src/rust/src/x509/ocsp_req.rs -+++ b/src/rust/src/x509/ocsp_req.rs -@@ -79,7 +79,7 @@ impl OCSPRequest { - - let hashes = py.import("cryptography.hazmat.primitives.hashes")?; - match ocsp::OIDS_TO_HASH.get(&cert_id.hash_algorithm.oid) { -- Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), -+ Some(alg_name) => Ok(hashes.getattr(*alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; - Err(PyAsn1Error::from(pyo3::PyErr::from_value( -diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs -index 00205a2..715df01 100644 ---- a/src/rust/src/x509/ocsp_resp.rs -+++ b/src/rust/src/x509/ocsp_resp.rs -@@ -514,7 +514,7 @@ impl SingleResponse<'_> { - fn py_hash_algorithm<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let hashes = py.import("cryptography.hazmat.primitives.hashes")?; - match ocsp::OIDS_TO_HASH.get(&self.cert_id.hash_algorithm.oid) { -- Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), -+ Some(alg_name) => Ok(hashes.getattr(*alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; - Err(PyAsn1Error::from(pyo3::PyErr::from_value( diff --git a/debian/patches/Upgrade-to-pyo3-0.19.patch b/debian/patches/Upgrade-to-pyo3-0.19.patch deleted file mode 100644 index a65a64c..0000000 --- a/debian/patches/Upgrade-to-pyo3-0.19.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: Peter Michael Green -Date: Sun, 25 Jun 2023 03:03:03 +0100 -Subject: Upgrade-to-pyo3-0.19 - -This patch is based on the upstream commit described below, adapted for use -in the Debian package by Peter Michael Green. - -commit b1cfa3adef986ef3466b080263911e8d79ec6141 -Author: Alex Gaynor -Date: Wed May 31 16:27:10 2023 -0400 - - pyo3 0.19 (#8999) - - * Bump pyo3 from 0.18.3 to 0.19.0 in /src/rust - - Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.18.3 to 0.19.0. - - [Release notes](https://github.com/pyo3/pyo3/releases) - - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md) - - [Commits](https://github.com/pyo3/pyo3/compare/v0.18.3...v0.19.0) - - --- - updated-dependencies: - - dependency-name: pyo3 - dependency-type: direct:production - update-type: version-update:semver-minor - ... - - Signed-off-by: dependabot[bot] - - * pyo3 0.19 - - --------- - - Signed-off-by: dependabot[bot] - Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ---- - src/rust/Cargo.toml | 2 +- - src/rust/src/x509/crl.rs | 2 +- - src/rust/src/x509/extensions.rs | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 8327b25..f77390a 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -7,7 +7,7 @@ publish = false - - [dependencies] - once_cell = "1" --pyo3 = { version = "0.17" } -+pyo3 = { version = "0.19" } - asn1 = { version = "0.12", default-features = false, features = ["derive"] } - pem = ">= 1.0, < 1.2" - chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"] } -diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs -index 832c8be..6d49fb5 100644 ---- a/src/rust/src/x509/crl.rs -+++ b/src/rust/src/x509/crl.rs -@@ -145,7 +145,7 @@ impl CertificateRevocationList { - }); - }); - -- if idx.is_instance_of::()? { -+ if idx.is_instance_of::() { - let indices = idx - .downcast::()? - .indices(self.len().try_into().unwrap())?; -diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs -index e5db68a..474ad82 100644 ---- a/src/rust/src/x509/extensions.rs -+++ b/src/rust/src/x509/extensions.rs -@@ -228,7 +228,7 @@ pub(crate) fn encode_extension( - let mut qualifiers = vec![]; - for py_qualifier in py_policy_qualifiers.iter()? { - let py_qualifier = py_qualifier?; -- let qualifier = if py_qualifier.is_instance_of::()? { -+ let qualifier = if py_qualifier.is_instance_of::() { - let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) { - Some(s) => s, - None => { diff --git a/debian/patches/Use-local-python3-doc-inventory.patch b/debian/patches/Use-local-python3-doc-inventory.patch index 24301ac..67bb32b 100644 --- a/debian/patches/Use-local-python3-doc-inventory.patch +++ b/debian/patches/Use-local-python3-doc-inventory.patch @@ -1,24 +1,23 @@ From: Tristan Seligmann Date: Sat, 18 Jul 2020 13:24:59 +0200 Subject: Use local python3-doc inventory. - +Forwarded: not-needed --- docs/conf.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -diff --git a/docs/conf.py b/docs/conf.py -index 0c38d4d..d47de91 100644 --- a/docs/conf.py +++ b/docs/conf.py -@@ -186,7 +186,10 @@ texinfo_documents = [ +@@ -182,7 +182,11 @@ texinfo_documents = [ + ), ] - # Example configuration for intersphinx: refer to the Python standard library. --intersphinx_mapping = {"https://docs.python.org/3": None} +-intersphinx_mapping = {"python": ("https://docs.python.org/3", None)} +intersphinx_mapping = { + 'py': ('https://docs.python.org/3/', + ('/usr/share/doc/python3-doc/html/objects.inv', None)), +} ++ epub_theme = "epub" diff --git a/debian/patches/allow-pem-version-1.0.patch b/debian/patches/allow-pem-version-1.0.patch deleted file mode 100644 index 27fef27..0000000 --- a/debian/patches/allow-pem-version-1.0.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Claudius Heine -Date: Wed, 7 Sep 2022 13:38:22 +0200 -Subject: allow pem version 1.0 - ---- - src/rust/Cargo.toml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index d03d915..662f008 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -9,7 +9,7 @@ publish = false - once_cell = "1" - pyo3 = { version = "0.17" } - asn1 = { version = "0.12", default-features = false, features = ["derive"] } --pem = "1.1" -+pem = ">= 1.0, < 1.2" - chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } - ouroboros = "0.15" - diff --git a/debian/patches/downgrade-deps.patch b/debian/patches/downgrade-deps.patch new file mode 100644 index 0000000..afaa739 --- /dev/null +++ b/debian/patches/downgrade-deps.patch @@ -0,0 +1,102 @@ +From: Andrey Rakhmatullin +Date: Sun, 23 Mar 2025 16:20:16 +0500 +Subject: Update some requirement versions to sid ones. + +--- + src/rust/Cargo.toml | 6 +++--- + src/rust/cryptography-cffi/Cargo.toml | 2 +- + src/rust/cryptography-key-parsing/Cargo.toml | 6 +++--- + src/rust/cryptography-openssl/Cargo.toml | 2 +- + src/rust/cryptography-x509-verification/Cargo.toml | 2 +- + src/rust/cryptography-x509/Cargo.toml | 2 +- + 6 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml +index d58ee9e..632e18a 100644 +--- a/src/rust/Cargo.toml ++++ b/src/rust/Cargo.toml +@@ -18,7 +18,7 @@ rust-version.workspace = true + once_cell = "1" + cfg-if = "1" + pyo3 = { version = "0.22.2", features = ["abi3"] } +-asn1 = { version = "0.16.2", default-features = false } ++asn1 = { version = "0.20.0", default-features = false } + cryptography-cffi = { path = "cryptography-cffi" } + cryptography-keepalive = { path = "cryptography-keepalive" } + cryptography-key-parsing = { path = "cryptography-key-parsing" } +@@ -26,8 +26,8 @@ cryptography-x509 = { path = "cryptography-x509" } + cryptography-x509-verification = { path = "cryptography-x509-verification" } + cryptography-openssl = { path = "cryptography-openssl" } + pem = { version = "3", default-features = false } +-openssl = "0.10.65" +-openssl-sys = "0.9.103" ++openssl = "0.10.64" ++openssl-sys = "0.9.101" + foreign-types-shared = "0.1" + self_cell = "1" + +diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml +index f983dbd..afa711f 100644 +--- a/src/rust/cryptography-cffi/Cargo.toml ++++ b/src/rust/cryptography-cffi/Cargo.toml +@@ -8,7 +8,7 @@ rust-version.workspace = true + + [dependencies] + pyo3 = { version = "0.22.2", features = ["abi3"] } +-openssl-sys = "0.9.103" ++openssl-sys = "0.9.101" + + [build-dependencies] + cc = "1.1.6" +diff --git a/src/rust/cryptography-key-parsing/Cargo.toml b/src/rust/cryptography-key-parsing/Cargo.toml +index d1f945f..242cb91 100644 +--- a/src/rust/cryptography-key-parsing/Cargo.toml ++++ b/src/rust/cryptography-key-parsing/Cargo.toml +@@ -7,8 +7,8 @@ publish.workspace = true + rust-version.workspace = true + + [dependencies] +-asn1 = { version = "0.16.2", default-features = false } ++asn1 = { version = "0.20.0", default-features = false } + cfg-if = "1" +-openssl = "0.10.65" +-openssl-sys = "0.9.103" ++openssl = "0.10.64" ++openssl-sys = "0.9.101" + cryptography-x509 = { path = "../cryptography-x509" } +diff --git a/src/rust/cryptography-openssl/Cargo.toml b/src/rust/cryptography-openssl/Cargo.toml +index c0f3f5d..f2dc510 100644 +--- a/src/rust/cryptography-openssl/Cargo.toml ++++ b/src/rust/cryptography-openssl/Cargo.toml +@@ -8,7 +8,7 @@ rust-version.workspace = true + + [dependencies] + cfg-if = "1" +-openssl = "0.10.65" ++openssl = "0.10.64" + ffi = { package = "openssl-sys", version = "0.9.101" } + foreign-types = "0.3" + foreign-types-shared = "0.1" +diff --git a/src/rust/cryptography-x509-verification/Cargo.toml b/src/rust/cryptography-x509-verification/Cargo.toml +index 2e1e749..a9fa9df 100644 +--- a/src/rust/cryptography-x509-verification/Cargo.toml ++++ b/src/rust/cryptography-x509-verification/Cargo.toml +@@ -7,7 +7,7 @@ publish.workspace = true + rust-version.workspace = true + + [dependencies] +-asn1 = { version = "0.16.2", default-features = false } ++asn1 = { version = "0.20.0", default-features = false } + cryptography-x509 = { path = "../cryptography-x509" } + cryptography-key-parsing = { path = "../cryptography-key-parsing" } + once_cell = "1" +diff --git a/src/rust/cryptography-x509/Cargo.toml b/src/rust/cryptography-x509/Cargo.toml +index 8da775c..8f772ce 100644 +--- a/src/rust/cryptography-x509/Cargo.toml ++++ b/src/rust/cryptography-x509/Cargo.toml +@@ -8,4 +8,4 @@ publish = false + rust-version = "1.65.0" + + [dependencies] +-asn1 = { version = "0.16.2", default-features = false } ++asn1 = { version = "0.20.0", default-features = false } diff --git a/debian/patches/drop-cffi-dep.patch b/debian/patches/drop-cffi-dep.patch index be04379..841876b 100644 --- a/debian/patches/drop-cffi-dep.patch +++ b/debian/patches/drop-cffi-dep.patch @@ -15,15 +15,28 @@ Bug-Debian: https://bugs.debian.org/1026537 setup.cfg | 1 - 1 file changed, 1 deletion(-) -diff --git a/setup.cfg b/setup.cfg -index 2a669fa..94e8d20 100644 ---- a/setup.cfg -+++ b/setup.cfg -@@ -43,7 +43,6 @@ package_dir = - =src - packages = find: - install_requires = -- cffi >=1.12 +Index: python-cryptography/pyproject.toml +=================================================================== +--- python-cryptography.orig/pyproject.toml ++++ python-cryptography/pyproject.toml +@@ -3,12 +3,6 @@ + # ./github/requirements/build-requirements.{in,txt} + requires = [ + "maturin>=1,<2", +- +- # Must be kept in sync with `project.dependencies` +- "cffi>=1.12; platform_python_implementation != 'PyPy'", +- # Needed because cffi imports distutils, and in Python 3.12, distutils has +- # been removed from the stdlib, but installing setuptools puts it back. +- "setuptools", + ] + build-backend = "maturin" - [options.packages.find] - where = src +@@ -48,7 +42,6 @@ classifiers = [ + requires-python = ">=3.7" + dependencies = [ + # Must be kept in sync with `build-system.requires` +- "cffi>=1.12; platform_python_implementation != 'PyPy'", + ] + + [project.urls] diff --git a/debian/patches/ease-asn1-version-from-0.12.1-to-0.12.patch b/debian/patches/ease-asn1-version-from-0.12.1-to-0.12.patch deleted file mode 100644 index 4f21e4a..0000000 --- a/debian/patches/ease-asn1-version-from-0.12.1-to-0.12.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Claudius Heine -Date: Wed, 7 Sep 2022 13:32:58 +0200 -Subject: ease asn1 version from 0.12.1 to 0.12 - ---- - src/rust/Cargo.toml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 8d11c97..d03d915 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -8,7 +8,7 @@ publish = false - [dependencies] - once_cell = "1" - pyo3 = { version = "0.17" } --asn1 = { version = "0.12.2", default-features = false, features = ["derive"] } -+asn1 = { version = "0.12", default-features = false, features = ["derive"] } - pem = "1.1" - chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } - ouroboros = "0.15" diff --git a/debian/patches/ease-chrono-dependency-from-0.4.22-to-0.4.patch b/debian/patches/ease-chrono-dependency-from-0.4.22-to-0.4.patch deleted file mode 100644 index 4fe2c3c..0000000 --- a/debian/patches/ease-chrono-dependency-from-0.4.22-to-0.4.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Claudius Heine -Date: Wed, 7 Sep 2022 13:39:02 +0200 -Subject: ease chrono dependency from 0.4.22 to 0.4 - ---- - src/rust/Cargo.toml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 662f008..8327b25 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -10,7 +10,7 @@ once_cell = "1" - pyo3 = { version = "0.17" } - asn1 = { version = "0.12", default-features = false, features = ["derive"] } - pem = ">= 1.0, < 1.2" --chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } -+chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"] } - ouroboros = "0.15" - - [features] diff --git a/debian/patches/series b/debian/patches/series index 60ad3c7..c13a974 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,10 +1,5 @@ Use-local-python3-doc-inventory.patch -Upgrade-to-pyo3-0.16.patch -Upgrade-to-pyo3-0.17.patch -ease-asn1-version-from-0.12.1-to-0.12.patch -allow-pem-version-1.0.patch -ease-chrono-dependency-from-0.4.22-to-0.4.patch drop-cffi-dep.patch -Don-t-allow-update_into-to-mutate-immutable-objects-.patch -Upgrade-to-pyo3-0.19.patch -0010-Replace-US-Pacific-with-America-Los_Angeles.patch +downgrade-deps.patch +0004-update-to-asn1-0.19-and-use-X509GeneralizedTime.patch +0005-Support-128-bit-OID-arcs-11820.patch diff --git a/debian/rules b/debian/rules index 3c38ddf..4157490 100755 --- a/debian/rules +++ b/debian/rules @@ -1,7 +1,5 @@ #!/usr/bin/make -f -export DH_VERBOSE = 1 - include /usr/share/dpkg/pkg-info.mk include /usr/share/dpkg/architecture.mk include /usr/share/dpkg/buildflags.mk @@ -17,15 +15,15 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow export PYBUILD_NAME=cryptography export PYBUILD_TEST_PYTEST=1 -export PYBUILD_TEST_ARGS={dir}/tests/ -export PYBUILD_BEFORE_TEST=cp -R {dir}/src/${PYBUILD_NAME}.egg-info {build_dir} -export PYBUILD_AFTER_TEST=rm -r {build_dir}/.hypothesis +# needs newer librust-openssl-dev (#1081226) +export PYBUILD_TEST_ARGS={dir}/tests/ -k 'not (TestDHPublicKeySerialization and test_public_bytes_match)' %: dh $@ --buildsystem=pybuild override_dh_auto_clean: + if [ -f src/rust/Cargo.lock.orig ] ; then mv src/rust/Cargo.lock.orig src/rust/Cargo.lock ; fi dh_auto_clean rm -rf src/rust/target rm -rf debian/cargo_registry @@ -43,7 +41,9 @@ override_dh_auto_configure: $(CARGO) prepare-debian debian/cargo_registry --link-from-system mkdir -p src/rust/target/release ln -sf ../$(DEB_HOST_RUST_TYPE)/release/libcryptography_rust.so src/rust/target/release/libcryptography_rust.so - rm -f src/rust/Cargo.lock + mv src/rust/Cargo.lock src/rust/Cargo.lock.orig + # needed because we patch Cargo.toml + cargo generate-lockfile --manifest-path src/rust/Cargo.toml --offline dh_auto_configure diff --git a/debian/tests/control b/debian/tests/control deleted file mode 100644 index 6170fb8..0000000 --- a/debian/tests/control +++ /dev/null @@ -1,15 +0,0 @@ -Test-Command: set -e; for p in $(py3versions -s); do $p -m pytest tests/; done -Depends: - python3-all, - python3-cffi, - python3-cryptography, - python3-cryptography-vectors (<< 38.0.5~), - python3-cryptography-vectors (>= 38.0.4~), - python3-hypothesis, - python3-iso8601, - python3-pretend, - python3-pyasn1-modules, - python3-pytest, - python3-pytest-subtests, - python3-pytest-benchmark, - python3-tz, diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc deleted file mode 100644 index 22fb779..0000000 --- a/debian/upstream/signing-key.asc +++ /dev/null @@ -1,94 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFFGXnMBEACrFZe22Ps0uTdXASlz2iA6cRU8GZv7fYeaMOtOBMECP+iK7l/b -3OOr4NgYdQbaJBitKde88xoJdxePXD7pysmtHvxR6bDGeaA/YRGa9Cc0u7S3TpOG -jRIKjaREk4EW0VmMhtkkZbGaMTiCpPlhQci8R6IO6x2eJveRsH32MiKzm6XqsRML -a2grFCO2SKXbMywcA21qXvCDF7KnfhNFzeHE+qMNjn+9zi1rMK0YNo0DMSCDkYXH -ytyo44CeQNnn9itgDqEP0xM03C+x50YbUFJzt+uTZeBIshhnfdHPaYuULRreUHcM -PNltj2+3kRzJlELXhHxjNLk0u+wdsSUg2vjuKCiaCDu1gkfaBkT4wyDoQ8XtWzNE -ya2vzH/D5s0motyFLSqScf56CAg5xLCILbFaYCfc+cuB4JwRRGliiXDtWkBZW6Qw -lAMmuz/b1TWkMkCZDcBNfk2P22KIp/+B1J254yQ8Lap+RXFnDu9UOZAa02pZt+ix -m1ZG7A1f5Gi6hhxicVeZwwHErcILBJs3v2wdY4Tz7Gy2MrR0PQ02NVCz6L0mre99 -y9SIltLHPLyax4GHIUvBGs4muu5xeyf64iEAmFBt5BJTN5WumTqlbCw2TSJptjxG -6KGNdRu9yj75GcQUoTGN9fzaNA0oNZsxw+5JS4k3bEn5cKlEMaLacFrkLwARAQAB -tC9BbGV4YW5kZXIgTmF0aGFuIEdheW5vciA8YWxleC5nYXlub3JAZ21haWwuY29t -PokCOAQTAQIAIgUCUUZecwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ -El9cZ9/pQIQI9g//YDfL6emKd/8X0hbQuMa5qGGa2raFdyO5zhorl1HN+BEy5SDb -hr1Weg9+yn3CuBKjY7iRPfZHsk5a9ctl+ATkcdvYfohSrjZb/NUBjrOuaje3nrmy -78dVDIkXnxXS5G55sOgYTYa84rSVYokc/xaqc608+e0tnYDg+ZqeWd1gaWFhYONM -e5jZGNwQNO/qEZi7qqX/f0WPXgEV0s44Jft2l8jT1utAcG5vIXwq5iG4XHIUWuLD -achLBhcJ1PT7/M+n7IC4HSaKiRgIWZ6Fjri+HifeDsNXLWrfopG25kNO6k8x+/Xd -MUfk8C9TPzqQybYxvuF82aOY13riFaJ+nbKRpaCFss2/kP6hydciTHWzQ5f8oIy1 -JnL7rRuaRzucVVZ/88LQgZawJ3xGYJPQtXBcNVs2QoBCH3rKc9Sks2CItHNWFSBY -cFP+wjcKwm/MOcddw+Xo2tvASkfhLV3pxpPiBXinmaKy4EH+yHy2vYwCAxYdXX7X -Da4UXyznc9QOfRHNRa+TlxYmvUa6tQa9rQeAxbuoWi0KMYL8/1f12d3wN4HeAsfD -r/nBXxuYsk+Y/h/ReJQ7ohNs3g4TGDZr6Tk7aWadYiOFp3SGAf0caHBHMdMY2Q2M -QtLUux0OUayinEULlDyDnXehCDaiwJsq4vKd5GhK/sQUP6y9JSpufHiLeMa0TUFs -ZXhhbmRlciBOYXRoYW4gR2F5bm9yIChEamFuZ28gU29mdHdhcmUgRm91bmRhdGlv -bikgPGFsZXhAZGphbmdvcHJvamVjdC5jb20+iQI4BBMBAgAiBQJRZOktAhsDBgsJ -CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRASX1xn3+lAhKPXD/0QZLusg9ywNUyf -ea2fzhFp/AU1jFtACefPHHM9Cfp/MWuSXUn8z6OVEaoPTkY49hYO1h/x0tus3wSe -Svsx61qQfvawlhuf4+jmUkZLXcm+HE8YevQZRHVF8iOUR7GQzI8b1vAuLDZUuRM5 -HRSAkSCakqT6h8RO9IMQEc5CHpp6IgdgAzxKFJClP6EvETLuPJ1z2WVZTZ0ZiJ5K -yNqG/IuV+7dt1QwknAsuJkFVQGH516//sIGThp+6GU1LXq/bXZHIyuv2Qx1/GhPM -mYovvF0C7TSwWKH0DzKIWiwJR0+tDEfOOOGSLNPDxcpgcnep8JHoj9zCFEyITYsL -IOJHZ10v6uC7SAEV+rbhOvwjSGmOsNr+hybAwsmzuBrwdEpM1TFuheSXKZkxIkkF -GBcG0JGXVSSYkW9vL4vuutqW3Y7/LFYGBDakZj1iFNk1XvYSPLNuKLSP1JVjuiDj -3C2tHXR+0rZVr7Hfm5/IFFMzOloj5sf+/GadcETjylwsQ2xUK1iE0lLHA+PJD11b -IM6vRdTEHQxc+nKBLDy0gD/qJmjYgjZ8T9JgrsmJgHJ+5DJwPMQRFp+TLwVX1uOJ -ujRy8wy+VjuVionPvCSDDQEKex9aBUpdVpgUiISZ4q9JX1aOe5hRaXVCRKL4Yy7b -NyD4384AnmcqrHrvb6efGmUfa5q7lbkCDQRRRl5zARAAwNCSnz0Dh2HPeyqToErR -/dSL9y11RvDfjXQAxAYpMzxegIbW+Hpi7ZLrQvoR6wvYZ7QOHsUYYcw/jhEg1iOE -/vtgpTgTIIqNvzCLOcJS6l4AOw2auiuf+Q/YDC8WfUbn6LlZJ8bReDrDEou91lYl -yl4iauNhCQNj6hzNsw/z/Ka/C/p20XBusNVWbfh8/zsJfW3fnKJgkUNckmz/cXSF -8RJol+aZnamSzYluiZUP3+nidP8T8KilU7KvOe2w6l376i9XNqafejJAd+9SMZRy -j9mYlaZmEektiT4hZJoDJOUgVfcPbSU18xuLjoRZ1ANH5SdY8VvYuFz73BGi6keA -sHuRv3ir8asmycGvTaXyAQ0JduGRfkW+aMvYjCEzdoK++S+ufy0WWlNbgnj8Y7Ya -0J/zozAPjiMi9/9DRoi31tx9Mc2JKjiJJFUmkv4TC8FHlsF3yCh7V9Vr5oeSksdx -2F7j9lce5WDuAwjRP/NYSlFRn9WqPo16J/+oMcWif3bWj9Uz7t3q5bZJexm7Q8qI -fguujg3nOA0Rqmw+a+Z7gsep1+aa30578k3btyoDnjeuGxI0/JKTJhFvZWXymSqd -gWtYkfREVC2KiAHgEBlgNVFaqhIZchC0ocJZLtnew6C7Se3u+jeKsrNYGL4pJ6GE -COlhXCmKmPZ3wHWA311Z5O8AEQEAAYkCHwQYAQIACQUCUUZecwIbDAAKCRASX1xn -3+lAhPVOD/0drh9cKgE6jpUpV0/9iHprR2PaYBkrxfH6m+N/FPWJrD+H5yk7csnA -lCFe5Jf8Vi4azT9/5HdmYxsQcmyQgl3Gt3JxyL9wqBQ+X0E9tmweW3lnaaYSf0qx -z7xSFK8Nvn2g+iJnXS5K7CEzdEiqUrjeF+louVwlnNAVP9ci1bGKAPL4Bp6cq05p -Sijr6Td5nwJsNmg0iRrEC2hhMKRmk7Pkwhy7Mkn6pkNq5dslJ32PKvn0c3zMdsUN -2j+mnvWRJH5fq5cpygzksei0xutcJOZzQs0NKdSQqJTRsoqGLbWiOBgBR0XjDUWg -Qd+Y92hJltBiz0HW926S4yEblUQtvVmnmI+aOqv1eCEgQBcjyEnVT2HpoffLLagf -6UErppjxIx5KepYOhvh2edjQZTgnikt9ONkxYdJG3FDswb9izzLWk+OSUWaHnIXZ -toaVntaHssdR5jJs/tQQTxKEuhbxzaI7SYAsBGEciuTx9dA22D9/zMWWsXlSr82P -pNeS2vPM08rHd7BFDc2w670LCyH5ahq2AZXjfjBiIYrN8sfZCohwk9i6R7ATwMTT -9e3XRgms8r4MSM+6t6+ozXaL6AGHlo9l0BMzQgWoyL01mGatrxpWbHzZ6rAQ+iKb -hVQn13T+kdJsTHDGjPzYtjfKYrDx10PeU1XYQfv+pdqTlael02HVFg== -=gnkS ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQENBFIirTsBCADAeRXlWJkJ9SaKmR6+ox2aXOF3TCyfgtoJpf6WvBxbtoEpD//m -5789KO9lPHQrJGR34E36kOkmkHfrLLtmnELCx/UNvLm3VuW31rL3RvTTrxe1Fyft -5JQyYF/WSm6Bnj9yu8fVJUhSGe12SvODD7053bY1bSleMX5I6tGeIXJtih8b5u9u -1WNv0rxZqGLKaYTzgmtNcyKGK9jLKtkRwPivpjgrjeGQ+OHf/mwFY+HEOQUw+Cj4 -5FsCo6jvj+n4r9mYu+Ut6zDOx0cWf66QhZvawDyB2TSSulJsudUETDmoJJ5X9PqH -F/bHBdzc5I6HYy+CezSvDmjC+3DnIB//nXMPABEBAAG0JVBhdWwgS2VocmVyIDxw -YXVsLmwua2VocmVyQGdtYWlsLmNvbT6JATgEEwECACIFAlIirTsCGwMGCwkIBwMC -BhUIAgkKCwQWAgMBAh4BAheAAAoJECNa5fEp+e2YnM0H/i8bU3gQ/lMGli97Puui -Sm5es3AwE+dC/ubaAB8Hcdm8UH50uOI6JcmLYYcjglnFEQSDzrKg649Dcvjx7hDN -XoCx5V6dC8LcTVES5gGrRr/+ZXtsCVZn2TcLUMQ9bq1yb3jAYxOmWQ1rUvu0Kq+Z -1j9IERKpt3MZcXBlOxHP6zIhaaerLLRn5+SjCHCAZQYsKh9f6fMoRvbmaLyKrLBn -/n9/esn1b0joWEphwOER8UF5fckqDopovGojDXyNEKGGkXTkWtLk69AcaXcBI97X -SqYUmzvnHcAPilpKmfdnvcGPrS/wSY/F4T71aeQ+1QoE83CfavNMQ09g4rETSr3e -Vlq5AQ0EUiKtOwEIANRWXywm/B46dy2paG/dd1ApwdX3siIfnCKXEsLB1iTA5/HW -BZ5+hHRYmI24RyBj9lVhS9UJzpKZE+KLOZRFwMGGp3TxntInflamuI3iC1N7XqCz -gLMFJdHPO60LctbvOHTOx1Scb+AycmymF1HuUFbj1jlYUkwRPOiPvHHWkYQlfeUP -MPFo/M7Ae5FxKA4PYfJRQl62wsBRNE5k7IwOmstyUUnDZXIxpB+wNvpxQpAvWT8B -IyAvtlrkrE53frfyd0KUOR0iSHNcWcUL0L6XvsaOYb4i20bP7YE5XoVzzANbXTa1 -wVtz2yNoI7/8BLb2NMIacykUxryYtu6E9cmnwkkAEQEAAYkBHwQYAQIACQUCUiKt -OwIbDAAKCRAjWuXxKfntmM/yB/91f/17kL4iAS05WgM1xvgmyYJ3FOgP3hyqD5Ur -YkkmoFoF+r6bfBlW8AeOawYTvXinKdv9sM6q0EmiO+iqAuRRfaXZWCDqZdEpy+lv -Ev3jhVyuf8O+d8VEILsKia0cmzn6F1UMdp3E9TDgXr1/hMCuABvbfWzEkRQrGHc2 -cWLXXxko3mykZMLkl0MPGjmzEh87RE55hLk5HroXaMtdyz1knfybVnXgOUxMuqc+ -+wj499FP1jHvTEEknRopxsMe59+CdsoFBR9xs0Ets7K011P4CMKZZAXVwxF551QL -xnqe0Tn1t76rxPJKpyvUM+WtakEVPffuQqSkU8dIJgwwXrZo -=3pQn ------END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch index 3e39854..7bd66a8 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ -version=3 -opts=uversionmangle=s/(rc|a|b|c)/~$1/,pgpsigurlmangle=s/$/.asc/ \ +version=4 +opts=uversionmangle=s/(rc|a|b|c)/~$1/ \ https://pypi.debian.net/cryptography/cryptography-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) diff --git a/docs/_ext/cryptography-docs.py b/docs/_ext/cryptography-docs.py index 1131f6a..43a9c6c 100644 --- a/docs/_ext/cryptography-docs.py +++ b/docs/_ext/cryptography-docs.py @@ -5,7 +5,6 @@ from docutils import nodes from docutils.parsers.rst import Directive - DANGER_MESSAGE = """ This is a "Hazardous Materials" module. You should **ONLY** use it if you're 100% absolutely sure that you know what you're doing because this module is diff --git a/docs/api-stability.rst b/docs/api-stability.rst index 3822702..0ed03dc 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -24,6 +24,9 @@ What doesn't this policy cover? contents of ``obj.__dict__`` may change. * Objects are not guaranteed to be pickleable, and pickled objects from one version of ``cryptography`` may not be loadable in future versions. +* Unless otherwise documented, types in ``cryptography`` are not intended to + be sub-classed, and we do not guarantee that behavior with respect to + sub-classes will be stable. * Development versions of ``cryptography``. Before a feature is in a release, it is not covered by this policy and may change. @@ -63,9 +66,9 @@ entirely. In that case, here's how the process will work: * In ``cryptography X.0.0`` the feature exists. * In ``cryptography (X + 1).0.0`` using that feature will emit a - ``UserWarning``. + ``CryptographyDeprecationWarning`` (base class ``UserWarning``). * In ``cryptography (X + 2).0.0`` using that feature will emit a - ``UserWarning``. + ``CryptographyDeprecationWarning``. * In ``cryptography (X + 3).0.0`` the feature will be removed or changed. In short, code that runs without warnings will always continue to work for a diff --git a/docs/conf.py b/docs/conf.py index 0c38d4d..cf0f25a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -1,10 +1,7 @@ -# -*- coding: utf-8 -*- - # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -# # Cryptography documentation build configuration file, created by # sphinx-quickstart on Tue Aug 6 19:19:14 2013. # @@ -49,6 +46,7 @@ "sphinx.ext.intersphinx", "sphinx.ext.linkcode", "cryptography-docs", + "sphinx_rtd_theme", ] if spelling is not None: @@ -73,7 +71,7 @@ # General information about the project. project = "Cryptography" -copyright = "2013-2022, Individual Contributors" +copyright = "2013-2024, Individual Contributors" # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the @@ -125,7 +123,6 @@ if sphinx_rtd_theme: html_theme = "sphinx_rtd_theme" - html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] else: html_theme = "default" @@ -185,8 +182,7 @@ ), ] -# Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = {"https://docs.python.org/3": None} +intersphinx_mapping = {"python": ("https://docs.python.org/3", None)} epub_theme = "epub" @@ -197,13 +193,16 @@ linkcheck_timeout = 5 linkcheck_ignore = [ - # Small DH key results in a TLS failure on modern OpenSSL + # Insecure renegotiation settings r"https://info.isl.ntt.co.jp/crypt/eng/camellia/", - # Inconsistent small DH params they seem incapable of fixing - r"https://www.secg.org/sec1-v2.pdf", - # Incomplete cert chain - r"https://e-trust.gosuslugi.ru", - # Expired cert (1 week at time of writing) + # Cloudflare returns 403s for all non-browser requests + r"https://speakerdeck.com", + r"https://\w+.stackexchange.com", + r"https://stackoverflow.com", + # GitHub changed how they do page renders so anchor detection + # no longer works in source view + r"https://github.com/.*/blob/.*#L\d+", + # Kuleuven struggles with the endless forward march of time r"https://www.cosic.esat.kuleuven.be", ] diff --git a/docs/development/custom-vectors/aes-192-gcm-siv.rst b/docs/development/custom-vectors/aes-192-gcm-siv.rst new file mode 100644 index 0000000..1900eb8 --- /dev/null +++ b/docs/development/custom-vectors/aes-192-gcm-siv.rst @@ -0,0 +1,28 @@ +AES-GCM-SIV vector creation +=========================== + +This page documents the code that was used to generate the AES-GCM-SIV test +vectors for key lengths not available in the OpenSSL test vectors. All the +vectors were generated using OpenSSL and verified with Rust. + +Creation +-------- + +The following Python script was run to generate the vector files. The OpenSSL +test vectors were used as a base and modified to have 192-bit key length. + +.. literalinclude:: /development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py + +Download link: :download:`generate_aes192gcmsiv.py +` + + +Verification +------------ + +The following Rust program was used to verify the vectors. + +.. literalinclude:: /development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs + +Download link: :download:`main.rs +` diff --git a/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py b/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py new file mode 100644 index 0000000..a9d4819 --- /dev/null +++ b/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py @@ -0,0 +1,86 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import binascii + +from cryptography.hazmat.primitives.ciphers.aead import AESGCMSIV + + +def convert_key_to_192_bits(key: str) -> str: + """ + This takes existing 128 and 256-bit keys from test vectors from OpenSSL + and makes them 192-bit by either appending 0 or truncating the key. + """ + new_key = binascii.unhexlify(key) + if len(new_key) == 16: + new_key += b"\x00" * 8 + elif len(new_key) == 32: + new_key = new_key[0:24] + else: + raise RuntimeError( + "Unexpected key length. OpenSSL AES-GCM-SIV test vectors only " + "contain 128-bit and 256-bit keys" + ) + + return binascii.hexlify(new_key).decode("ascii") + + +def encrypt(key: str, iv: str, plaintext: str, aad: str) -> (str, str): + aesgcmsiv = AESGCMSIV(binascii.unhexlify(key)) + encrypted_output = aesgcmsiv.encrypt( + binascii.unhexlify(iv), + binascii.unhexlify(plaintext), + binascii.unhexlify(aad) if aad else None, + ) + ciphertext, tag = encrypted_output[:-16], encrypted_output[-16:] + + return ( + binascii.hexlify(ciphertext).decode("ascii"), + binascii.hexlify(tag).decode("ascii"), + ) + + +def build_vectors(filename): + count = 0 + output = [] + key = None + iv = None + aad = None + plaintext = None + + with open(filename) as vector_file: + for line in vector_file: + line = line.strip() + if line.startswith("Key"): + if count != 0: + ciphertext, tag = encrypt(key, iv, plaintext, aad) + output.append(f"Tag = {tag}\nCiphertext = {ciphertext}\n") + output.append(f"\nCOUNT = {count}") + count += 1 + aad = None + _, key = line.split(" = ") + key = convert_key_to_192_bits(key) + output.append(f"Key = {key}") + elif line.startswith("IV"): + _, iv = line.split(" = ") + output.append(f"IV = {iv}") + elif line.startswith("AAD"): + _, aad = line.split(" = ") + output.append(f"AAD = {aad}") + elif line.startswith("Plaintext"): + _, plaintext = line.split(" = ") + output.append(f"Plaintext = {plaintext}") + + ciphertext, tag = encrypt(key, iv, plaintext, aad) + output.append(f"Tag = {tag}\nCiphertext = {ciphertext}\n") + return "\n".join(output) + + +def write_file(data, filename): + with open(filename, "w") as f: + f.write(data) + + +path = "vectors/cryptography_vectors/ciphers/AES/GCM-SIV/openssl.txt" +write_file(build_vectors(path), "aes-192-gcm-siv.txt") diff --git a/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/Cargo.toml b/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/Cargo.toml new file mode 100644 index 0000000..cbda934 --- /dev/null +++ b/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "verify-aes192gcmsiv" +version = "0.1.0" +edition = "2021" + +[dependencies] +aes-gcm-siv = "0.11.1" +aes = "0.8.1" +hex = "0.4.3" diff --git a/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs b/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs new file mode 100644 index 0000000..d4dfdf9 --- /dev/null +++ b/docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs @@ -0,0 +1,116 @@ +use aes_gcm_siv::{ + aead::{Aead, KeyInit}, + AesGcmSiv, Nonce, +}; + +use aes::Aes192; +use aes_gcm_siv::aead::generic_array::GenericArray; +use aes_gcm_siv::aead::Payload; +use std::fs::File; +use std::io; +use std::io::BufRead; +use std::path::Path; + +pub type Aes192GcmSiv = AesGcmSiv; + +struct VectorArgs { + nonce: String, + key: String, + aad: String, + tag: String, + plaintext: String, + ciphertext: String, +} + +fn validate(v: &VectorArgs) { + let key_bytes = hex::decode(&v.key).unwrap(); + let nonce_bytes = hex::decode(&v.nonce).unwrap(); + let aad_bytes = hex::decode(&v.aad).unwrap(); + let plaintext_bytes = hex::decode(&v.plaintext).unwrap(); + let expected_ciphertext_bytes = hex::decode(&v.ciphertext).unwrap(); + let expected_tag_bytes = hex::decode(&v.tag).unwrap(); + + let key_array: [u8; 24] = key_bytes.try_into().unwrap(); + let cipher = Aes192GcmSiv::new(&GenericArray::from(key_array)); + + let payload = Payload { + msg: plaintext_bytes.as_slice(), + aad: aad_bytes.as_slice(), + }; + let encrypted_bytes = cipher + .encrypt(Nonce::from_slice(nonce_bytes.as_slice()), payload) + .unwrap(); + let (ciphertext_bytes, tag_bytes) = encrypted_bytes.split_at(plaintext_bytes.len()); + assert_eq!(ciphertext_bytes, expected_ciphertext_bytes); + assert_eq!(tag_bytes, expected_tag_bytes); +} + +fn validate_vectors(filename: &Path) { + let file = File::open(filename).expect("Failed to open file"); + let reader = io::BufReader::new(file); + + let mut vector: Option = None; + + for line in reader.lines() { + let line = line.expect("Failed to read line"); + let segments: Vec<&str> = line.splitn(2, " = ").collect(); + + match segments.first() { + Some(&"COUNT") => { + if let Some(v) = vector.take() { + validate(&v); + } + vector = Some(VectorArgs { + nonce: String::new(), + key: String::new(), + aad: String::new(), + tag: String::new(), + plaintext: String::new(), + ciphertext: String::new(), + }); + } + Some(&"IV") => { + if let Some(v) = &mut vector { + v.nonce = segments[1].parse().expect("Failed to parse IV"); + } + } + Some(&"Key") => { + if let Some(v) = &mut vector { + v.key = segments[1].to_string(); + } + } + Some(&"AAD") => { + if let Some(v) = &mut vector { + v.aad = segments[1].to_string(); + } + } + Some(&"Tag") => { + if let Some(v) = &mut vector { + v.tag = segments[1].to_string(); + } + } + Some(&"Plaintext") => { + if let Some(v) = &mut vector { + v.plaintext = segments[1].to_string(); + } + } + Some(&"Ciphertext") => { + if let Some(v) = &mut vector { + v.ciphertext = segments[1].to_string(); + } + } + _ => {} + } + } + + if let Some(v) = vector { + validate(&v); + } +} + +fn main() { + validate_vectors(Path::new( + "vectors/cryptography_vectors/ciphers/AES/GCM-SIV/aes-192-gcm-siv.txt", + )); + println!("AES-192-GCM-SIV OK.") +} diff --git a/docs/development/custom-vectors/arc4/generate_arc4.py b/docs/development/custom-vectors/arc4/generate_arc4.py index 14a99d0..3f81691 100644 --- a/docs/development/custom-vectors/arc4/generate_arc4.py +++ b/docs/development/custom-vectors/arc4/generate_arc4.py @@ -7,7 +7,6 @@ from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers import algorithms - _RFC6229_KEY_MATERIALS = [ ( True, @@ -70,24 +69,19 @@ def _build_vectors(): for offset in _RFC6229_OFFSETS: if offset % 16 != 0: raise ValueError( - "Offset {} is not evenly divisible by 16".format( - offset - ) + f"Offset {offset} is not evenly divisible by 16" ) while current_offset < offset: encryptor.update(plaintext) current_offset += len(plaintext) - output.append("\nCOUNT = {}".format(count)) + output.append(f"\nCOUNT = {count}") count += 1 - output.append("KEY = {}".format(key)) - output.append("OFFSET = {}".format(offset)) - output.append( - "PLAINTEXT = {}".format(binascii.hexlify(plaintext)) - ) + output.append(f"KEY = {key}") + output.append(f"OFFSET = {offset}") + output.append(f"PLAINTEXT = {binascii.hexlify(plaintext)}") output.append( - "CIPHERTEXT = {}".format( - binascii.hexlify(encryptor.update(plaintext)) - ) + f"CIPHERTEXT = " + f"{binascii.hexlify(encryptor.update(plaintext))}" ) current_offset += len(plaintext) assert not encryptor.finalize() diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py index b57d71d..38eddbf 100644 --- a/docs/development/custom-vectors/cast5/generate_cast5.py +++ b/docs/development/custom-vectors/cast5/generate_cast5.py @@ -25,30 +25,26 @@ def build_vectors(mode, filename): iv = None plaintext = None - with open(filename, "r") as vector_file: + with open(filename) as vector_file: for line in vector_file: line = line.strip() if line.startswith("KEY"): if count != 0: output.append( - "CIPHERTEXT = {}".format( - encrypt(mode, key, iv, plaintext) - ) + f"CIPHERTEXT = {encrypt(mode, key, iv, plaintext)}" ) - output.append("\nCOUNT = {}".format(count)) + output.append(f"\nCOUNT = {count}") count += 1 - name, key = line.split(" = ") - output.append("KEY = {}".format(key)) + _, key = line.split(" = ") + output.append(f"KEY = {key}") elif line.startswith("IV"): - name, iv = line.split(" = ") + _, iv = line.split(" = ") iv = iv[0:16] - output.append("IV = {}".format(iv)) + output.append(f"IV = {iv}") elif line.startswith("PLAINTEXT"): - name, plaintext = line.split(" = ") - output.append("PLAINTEXT = {}".format(plaintext)) - output.append( - "CIPHERTEXT = {}".format(encrypt(mode, key, iv, plaintext)) - ) + _, plaintext = line.split(" = ") + output.append(f"PLAINTEXT = {plaintext}") + output.append(f"CIPHERTEXT = {encrypt(mode, key, iv, plaintext)}") return "\n".join(output) diff --git a/docs/development/custom-vectors/chacha20.rst b/docs/development/custom-vectors/chacha20.rst new file mode 100644 index 0000000..5fee0c3 --- /dev/null +++ b/docs/development/custom-vectors/chacha20.rst @@ -0,0 +1,29 @@ +ChaCha20 vector creation +======================== + +This page documents the code that was used to generate the vectors +to test the counter overflow behavior in ChaCha20 as well as code +used to verify them against another implementation. + +Creation +-------- + +The following Python script was run to generate the vector files. + +.. literalinclude:: /development/custom-vectors/chacha20/generate_chacha20_overflow.py + +Download link: :download:`generate_chacha20_overflow.py +` + + +Verification +------------ + +The following Python script was used to verify the vectors. The +counter overflow is handled manually to avoid relying on the same +code that generated the vectors. + +.. literalinclude:: /development/custom-vectors/chacha20/verify_chacha20_overflow.py + +Download link: :download:`verify_chacha20_overflow.py +` diff --git a/docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py b/docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py new file mode 100644 index 0000000..c8ed339 --- /dev/null +++ b/docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py @@ -0,0 +1,47 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import binascii +import struct + +from cryptography.hazmat.primitives import ciphers +from cryptography.hazmat.primitives.ciphers import algorithms + +_N_BLOCKS = [1, 1.5, 2, 2.5, 3] +_INITIAL_COUNTERS = [2**32 - 1, 2**64 - 1] + + +def _build_vectors(): + count = 0 + output = [] + key = "0" * 64 + nonce = "0" * 16 + for blocks in _N_BLOCKS: + plaintext = binascii.unhexlify("0" * int(128 * blocks)) + for counter in _INITIAL_COUNTERS: + full_nonce = struct.pack(" bytes: + full_nonce = struct.pack("` + +Download link: :download:`rc2.go +` diff --git a/docs/development/custom-vectors/rc2/genrc2.go b/docs/development/custom-vectors/rc2/genrc2.go new file mode 100644 index 0000000..eaacf75 --- /dev/null +++ b/docs/development/custom-vectors/rc2/genrc2.go @@ -0,0 +1,35 @@ +package main + +import ( + "bytes" + "crypto/cipher" + "encoding/hex" + "fmt" + "rc2sucks/rc2" +) + +func main() { + // Generate + count := 1 + key := []byte("0000000000000000") + iv := []byte("00000000") + plaintext := []byte("the quick brown fox jumped over the lazy dog!!!!") + ciphertext := make([]byte, len(plaintext)) + block, _ := rc2.New(key, 128) + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, plaintext) + fmt.Printf("COUNT = %v\n", count) + fmt.Printf("Key = %s\n", hex.EncodeToString(key)) + fmt.Printf("IV = %s\n", hex.EncodeToString(iv)) + fmt.Printf("Plaintext = %s\n", hex.EncodeToString(plaintext)) + fmt.Printf("Ciphertext = %s\n", hex.EncodeToString(ciphertext)) + // Verify + decrypted := make([]byte, len(plaintext)) + decmode := cipher.NewCBCDecrypter(block, iv) + decmode.CryptBlocks(decrypted, ciphertext) + if bytes.Equal(decrypted, plaintext) { + fmt.Println("Success") + } else { + fmt.Println("Failed") + } +} diff --git a/docs/development/custom-vectors/rc2/go.mod b/docs/development/custom-vectors/rc2/go.mod new file mode 100644 index 0000000..ebc124b --- /dev/null +++ b/docs/development/custom-vectors/rc2/go.mod @@ -0,0 +1,3 @@ +module rc2sucks + +go 1.21.7 diff --git a/docs/development/custom-vectors/rc2/rc2/rc2.go b/docs/development/custom-vectors/rc2/rc2/rc2.go new file mode 100644 index 0000000..25025fa --- /dev/null +++ b/docs/development/custom-vectors/rc2/rc2/rc2.go @@ -0,0 +1,269 @@ +// From https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.19.0:pkcs12/internal/rc2/rc2.go +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package rc2 implements the RC2 cipher +/* +https://www.ietf.org/rfc/rfc2268.txt +http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf + +This code is licensed under the MIT license. +*/ +package rc2 + +import ( + "crypto/cipher" + "encoding/binary" + "math/bits" +) + +// The rc2 block size in bytes +const BlockSize = 8 + +type rc2Cipher struct { + k [64]uint16 +} + +// New returns a new rc2 cipher with the given key and effective key length t1 +func New(key []byte, t1 int) (cipher.Block, error) { + // TODO(dgryski): error checking for key length + return &rc2Cipher{ + k: expandKey(key, t1), + }, nil +} + +func (*rc2Cipher) BlockSize() int { return BlockSize } + +var piTable = [256]byte{ + 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, + 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, + 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, + 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82, + 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, + 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, + 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03, + 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, + 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, + 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec, + 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, + 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, + 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, + 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, + 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, + 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad, +} + +func expandKey(key []byte, t1 int) [64]uint16 { + + l := make([]byte, 128) + copy(l, key) + + var t = len(key) + var t8 = (t1 + 7) / 8 + var tm = byte(255 % uint(1<<(8+uint(t1)-8*uint(t8)))) + + for i := len(key); i < 128; i++ { + l[i] = piTable[l[i-1]+l[uint8(i-t)]] + } + + l[128-t8] = piTable[l[128-t8]&tm] + + for i := 127 - t8; i >= 0; i-- { + l[i] = piTable[l[i+1]^l[i+t8]] + } + + var k [64]uint16 + + for i := range k { + k[i] = uint16(l[2*i]) + uint16(l[2*i+1])*256 + } + + return k +} + +func (c *rc2Cipher) Encrypt(dst, src []byte) { + + r0 := binary.LittleEndian.Uint16(src[0:]) + r1 := binary.LittleEndian.Uint16(src[2:]) + r2 := binary.LittleEndian.Uint16(src[4:]) + r3 := binary.LittleEndian.Uint16(src[6:]) + + var j int + + for j <= 16 { + // mix r0 + r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1) + r0 = bits.RotateLeft16(r0, 1) + j++ + + // mix r1 + r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2) + r1 = bits.RotateLeft16(r1, 2) + j++ + + // mix r2 + r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3) + r2 = bits.RotateLeft16(r2, 3) + j++ + + // mix r3 + r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0) + r3 = bits.RotateLeft16(r3, 5) + j++ + + } + + r0 = r0 + c.k[r3&63] + r1 = r1 + c.k[r0&63] + r2 = r2 + c.k[r1&63] + r3 = r3 + c.k[r2&63] + + for j <= 40 { + // mix r0 + r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1) + r0 = bits.RotateLeft16(r0, 1) + j++ + + // mix r1 + r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2) + r1 = bits.RotateLeft16(r1, 2) + j++ + + // mix r2 + r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3) + r2 = bits.RotateLeft16(r2, 3) + j++ + + // mix r3 + r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0) + r3 = bits.RotateLeft16(r3, 5) + j++ + + } + + r0 = r0 + c.k[r3&63] + r1 = r1 + c.k[r0&63] + r2 = r2 + c.k[r1&63] + r3 = r3 + c.k[r2&63] + + for j <= 60 { + // mix r0 + r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1) + r0 = bits.RotateLeft16(r0, 1) + j++ + + // mix r1 + r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2) + r1 = bits.RotateLeft16(r1, 2) + j++ + + // mix r2 + r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3) + r2 = bits.RotateLeft16(r2, 3) + j++ + + // mix r3 + r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0) + r3 = bits.RotateLeft16(r3, 5) + j++ + } + + binary.LittleEndian.PutUint16(dst[0:], r0) + binary.LittleEndian.PutUint16(dst[2:], r1) + binary.LittleEndian.PutUint16(dst[4:], r2) + binary.LittleEndian.PutUint16(dst[6:], r3) +} + +func (c *rc2Cipher) Decrypt(dst, src []byte) { + + r0 := binary.LittleEndian.Uint16(src[0:]) + r1 := binary.LittleEndian.Uint16(src[2:]) + r2 := binary.LittleEndian.Uint16(src[4:]) + r3 := binary.LittleEndian.Uint16(src[6:]) + + j := 63 + + for j >= 44 { + // unmix r3 + r3 = bits.RotateLeft16(r3, 16-5) + r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0) + j-- + + // unmix r2 + r2 = bits.RotateLeft16(r2, 16-3) + r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3) + j-- + + // unmix r1 + r1 = bits.RotateLeft16(r1, 16-2) + r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2) + j-- + + // unmix r0 + r0 = bits.RotateLeft16(r0, 16-1) + r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1) + j-- + } + + r3 = r3 - c.k[r2&63] + r2 = r2 - c.k[r1&63] + r1 = r1 - c.k[r0&63] + r0 = r0 - c.k[r3&63] + + for j >= 20 { + // unmix r3 + r3 = bits.RotateLeft16(r3, 16-5) + r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0) + j-- + + // unmix r2 + r2 = bits.RotateLeft16(r2, 16-3) + r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3) + j-- + + // unmix r1 + r1 = bits.RotateLeft16(r1, 16-2) + r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2) + j-- + + // unmix r0 + r0 = bits.RotateLeft16(r0, 16-1) + r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1) + j-- + + } + + r3 = r3 - c.k[r2&63] + r2 = r2 - c.k[r1&63] + r1 = r1 - c.k[r0&63] + r0 = r0 - c.k[r3&63] + + for j >= 0 { + // unmix r3 + r3 = bits.RotateLeft16(r3, 16-5) + r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0) + j-- + + // unmix r2 + r2 = bits.RotateLeft16(r2, 16-3) + r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3) + j-- + + // unmix r1 + r1 = bits.RotateLeft16(r1, 16-2) + r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2) + j-- + + // unmix r0 + r0 = bits.RotateLeft16(r0, 16-1) + r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1) + j-- + + } + + binary.LittleEndian.PutUint16(dst[0:], r0) + binary.LittleEndian.PutUint16(dst[2:], r1) + binary.LittleEndian.PutUint16(dst[4:], r2) + binary.LittleEndian.PutUint16(dst[6:], r3) +} diff --git a/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py b/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py index 009ba7f..42975ff 100644 --- a/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py +++ b/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py @@ -8,7 +8,6 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding, rsa - from tests.utils import load_pkcs1_vectors, load_vectors_from_file @@ -83,9 +82,8 @@ def build_vectors(mgf1alg, hashalg, filename): ), ) output.append( - "# OAEP Example {0} alg={1} mgf1={2}".format( - count, hashalg.name, mgf1alg.name - ) + f"# OAEP Example {count} alg={hashalg.name} " + f"mgf1={mgf1alg.name}" ) count += 1 output.append("# Message:") @@ -119,5 +117,5 @@ def write_file(data, filename): write_file( build_vectors(hashtuple[0], hashtuple[1], oaep_path), - "oaep-{0}-{1}.txt".format(hashtuple[0].name, hashtuple[1].name), + f"oaep-{hashtuple[0].name}-{hashtuple[1].name}.txt", ) diff --git a/docs/development/custom-vectors/secp256k1/generate_secp256k1.py b/docs/development/custom-vectors/secp256k1/generate_secp256k1.py index 2f1f69e..545b25a 100644 --- a/docs/development/custom-vectors/secp256k1/generate_secp256k1.py +++ b/docs/development/custom-vectors/secp256k1/generate_secp256k1.py @@ -7,7 +7,6 @@ from ecdsa.util import sigdecode_der, sigencode_der from cryptography_vectors import open_vector_file - from tests.utils import load_fips_ecdsa_signing_vectors, load_vectors_from_file HASHLIB_HASH_TYPES = { @@ -41,7 +40,7 @@ def build_vectors(fips_vectors): continue yield "" - yield "[K-256,{0}]".format(digest_algorithm) + yield f"[K-256,{digest_algorithm}]" yield "" for message in messages: @@ -57,12 +56,12 @@ def build_vectors(fips_vectors): r, s = sigdecode_der(signature, None) - yield "Msg = {0}".format(hexlify(message)) - yield "d = {0:x}".format(secret_key.privkey.secret_multiplier) - yield "Qx = {0:x}".format(public_key.pubkey.point.x()) - yield "Qy = {0:x}".format(public_key.pubkey.point.y()) - yield "R = {0:x}".format(r) - yield "S = {0:x}".format(s) + yield f"Msg = {hexlify(message)}" + yield f"d = {secret_key.privkey.secret_multiplier:x}" + yield f"Qx = {public_key.pubkey.point.x():x}" + yield f"Qy = {public_key.pubkey.point.y():x}" + yield f"R = {r:x}" + yield f"S = {s:x}" yield "" diff --git a/docs/development/custom-vectors/secp256k1/verify_secp256k1.py b/docs/development/custom-vectors/secp256k1/verify_secp256k1.py index 3ba21c8..7949a74 100644 --- a/docs/development/custom-vectors/secp256k1/verify_secp256k1.py +++ b/docs/development/custom-vectors/secp256k1/verify_secp256k1.py @@ -5,7 +5,6 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( encode_dss_signature, ) - from tests.utils import load_fips_ecdsa_signing_vectors, load_vectors_from_file CRYPTOGRAPHY_HASH_TYPES = { diff --git a/docs/development/custom-vectors/seed/generate_seed.py b/docs/development/custom-vectors/seed/generate_seed.py index 3e0125b..ef9910d 100644 --- a/docs/development/custom-vectors/seed/generate_seed.py +++ b/docs/development/custom-vectors/seed/generate_seed.py @@ -15,7 +15,7 @@ def encrypt(mode, key, iv, plaintext): def build_vectors(mode, filename): - with open(filename, "r") as f: + with open(filename) as f: vector_file = f.read().splitlines() count = 0 @@ -28,22 +28,20 @@ def build_vectors(mode, filename): if line.startswith("KEY"): if count != 0: output.append( - "CIPHERTEXT = {0}".format( - encrypt(mode, key, iv, plaintext) - ) + f"CIPHERTEXT = {encrypt(mode, key, iv, plaintext)}" ) - output.append("\nCOUNT = {0}".format(count)) + output.append(f"\nCOUNT = {count}") count += 1 - name, key = line.split(" = ") - output.append("KEY = {0}".format(key)) + _, key = line.split(" = ") + output.append(f"KEY = {key}") elif line.startswith("IV"): - name, iv = line.split(" = ") - output.append("IV = {0}".format(iv)) + _, iv = line.split(" = ") + output.append(f"IV = {iv}") elif line.startswith("PLAINTEXT"): - name, plaintext = line.split(" = ") - output.append("PLAINTEXT = {0}".format(plaintext)) + _, plaintext = line.split(" = ") + output.append(f"PLAINTEXT = {plaintext}") - output.append("CIPHERTEXT = {0}".format(encrypt(mode, key, iv, plaintext))) + output.append(f"CIPHERTEXT = {encrypt(mode, key, iv, plaintext)}") return "\n".join(output) diff --git a/docs/development/custom-vectors/seed/verify_seed.py b/docs/development/custom-vectors/seed/verify_seed.py index 252088d..c28ed1e 100644 --- a/docs/development/custom-vectors/seed/verify_seed.py +++ b/docs/development/custom-vectors/seed/verify_seed.py @@ -7,7 +7,7 @@ def encrypt(mode, key, iv, plaintext): encryptor = botan.Cipher( - "SEED/{0}/NoPadding".format(mode), "encrypt", binascii.unhexlify(key) + f"SEED/{mode}/NoPadding", "encrypt", binascii.unhexlify(key) ) cipher_text = encryptor.cipher( @@ -17,7 +17,7 @@ def encrypt(mode, key, iv, plaintext): def verify_vectors(mode, filename): - with open(filename, "r") as f: + with open(filename) as f: vector_file = f.read().splitlines() vectors = load_nist_vectors(vector_file) diff --git a/docs/development/getting-started.rst b/docs/development/getting-started.rst index b52a4fd..d074718 100644 --- a/docs/development/getting-started.rst +++ b/docs/development/getting-started.rst @@ -3,109 +3,62 @@ Getting started Development dependencies ------------------------ + Working on ``cryptography`` requires the installation of a small number of development dependencies in addition to the dependencies for -:doc:`/installation`. These are listed in ``dev-requirements.txt`` and they can -be installed in a `virtualenv`_ using `pip`_. Before you install them, follow -the **build** instructions in :doc:`/installation` (be sure to stop before -actually installing ``cryptography``). Once you've done that, install the -development dependencies, and then install ``cryptography`` in ``editable`` -mode. For example: +:doc:`/installation` (including :ref:`Rust`). These are +handled by the use of ``nox``, which can be installed with ``pip``. .. code-block:: console $ # Create a virtualenv and activate it $ # Set up your cryptography build environment - $ pip install --requirement dev-requirements.txt - $ pip install --editable . - -Make sure that ``pip install --requirement ...`` has installed the Python -package ``vectors/`` and packages on ``tests/`` . If it didn't, you may -install them manually by using ``pip`` on each directory. - -You will also need to install ``enchant`` using your system's package manager -to check spelling in the documentation. - -You are now ready to run the tests and build the documentation. + $ pip install nox + $ nox -e local OpenSSL on macOS ~~~~~~~~~~~~~~~~ -You must have installed `OpenSSL`_ via `Homebrew`_ or `MacPorts`_ and must set -``CFLAGS`` and ``LDFLAGS`` environment variables before installing the -``dev-requirements.txt`` otherwise pip will fail with include errors. - -For example, with `Homebrew`_: - -.. code-block:: console - - $ env LDFLAGS="-L$(brew --prefix openssl@1.1)/lib" \ - CFLAGS="-I$(brew --prefix openssl@1.1)/include" \ - pip install --requirement ./dev-requirements.txt - -Alternatively for a static build you can specify -``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1`` and ensure ``LDFLAGS`` points to the -absolute path for the `OpenSSL`_ libraries before calling pip. - -.. tip:: - You will also need to set these values when `Building documentation`_. +You must have installed `OpenSSL`_ (via `Homebrew`_ , `MacPorts`_) before +invoking ``nox`` or else pip will fail to compile. Running tests ------------- ``cryptography`` unit tests are found in the ``tests/`` directory and are -designed to be run using `pytest`_. `pytest`_ will discover the tests -automatically, so all you have to do is: +designed to be run using `pytest`_. ``nox`` automatically invokes ``pytest`` +and other required checks for ``cryptography``: .. code-block:: console - $ pytest - ... - 62746 passed in 220.43 seconds + $ nox -e local -This runs the tests with the default Python interpreter. -You can also verify that the tests pass on other supported Python interpreters. -For this we use `tox`_, which will automatically create a `virtualenv`_ for -each supported Python version and run the tests. For example: +You can also specify a subset of tests to run as positional arguments: .. code-block:: console - $ tox - ... - ERROR: pypy: InterpreterNotFound: pypy - py38: commands succeeded - docs: commands succeeded - pep8: commands succeeded - -You may not have all the required Python versions installed, in which case you -will see one or more ``InterpreterNotFound`` errors. - - -Building documentation ----------------------- + $ # run the whole x509 testsuite, plus the fernet tests + $ nox -e local -- tests/x509/ tests/test_fernet.py -``cryptography`` documentation is stored in the ``docs/`` directory. It is -written in `reStructured Text`_ and rendered using `Sphinx`_. +Building the docs +----------------- -Use `tox`_ to build the documentation. For example: +Building the docs on non-Windows platforms requires manually installing +the C library ``libenchant`` (`installation instructions`_). +The docs can be built using ``nox``: .. code-block:: console - $ tox -e docs - ... - docs: commands succeeded - congratulations :) + $ nox -e docs -The HTML documentation index can now be found at -``docs/_build/html/index.html``. .. _`Homebrew`: https://brew.sh .. _`MacPorts`: https://www.macports.org .. _`OpenSSL`: https://www.openssl.org .. _`pytest`: https://pypi.org/project/pytest/ -.. _`tox`: https://pypi.org/project/tox/ +.. _`nox`: https://pypi.org/project/nox/ .. _`virtualenv`: https://pypi.org/project/virtualenv/ .. _`pip`: https://pypi.org/project/pip/ -.. _`sphinx`: https://pypi.org/project/Sphinx/ -.. _`reStructured Text`: https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html +.. _`as documented here`: https://docs.rs/openssl/latest/openssl/#automatic +.. _`installation instructions`: https://pyenchant.github.io/pyenchant/install.html#installing-the-enchant-c-library \ No newline at end of file diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst index 80a8bb4..147de31 100644 --- a/docs/development/submitting-patches.rst +++ b/docs/development/submitting-patches.rst @@ -19,10 +19,10 @@ Code ---- When in doubt, refer to :pep:`8` for Python code. You can check if your code -meets our automated requirements by formatting it with ``black`` and running -``flake8`` against it. If you've installed the development requirements this -will automatically use our configuration. You can also run the ``tox`` job with -``tox -e flake``. +meets our automated requirements by formatting it with ``ruff format`` and +running ``ruff`` against it. If you've installed the development requirements +this will automatically use our configuration. You can also run the ``nox`` +job with ``nox -e flake``. `Write comments as complete sentences.`_ @@ -61,12 +61,12 @@ whether the signature was valid. .. code-block:: python # This is bad. - def verify(sig): + def verify(sig: bytes) -> bool: # ... return is_valid # Good! - def verify(sig): + def verify(sig: bytes) -> None: # ... if not is_valid: raise InvalidSignature @@ -95,7 +95,7 @@ Documentation ------------- All features should be documented with prose in the ``docs`` section. To ensure -it builds you can run ``tox -e docs``. +it builds you can run ``nox -e docs``. Because of the inherent challenges in implementing correct cryptographic systems, we want to make our documentation point people in the right directions diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 121b215..c906f61 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -21,9 +21,6 @@ for various cryptographic algorithms. These are not included in the repository (or ``cryptography_vectors`` package), but rather cloned from Git in our continuous integration environments. -We have ensured all test vectors are used as of commit -``2196000605e45d91097147c9c71f26b72af58003``. - Asymmetric ciphers ~~~~~~~~~~~~~~~~~~ @@ -33,7 +30,7 @@ Asymmetric ciphers * FIPS 186-2 and FIPS 186-3 DSA test vectors from `NIST CAVP`_. * FIPS 186-2 and FIPS 186-3 ECDSA test vectors from `NIST CAVP`_. * DH and ECDH and ECDH+KDF(17.4) test vectors from `NIST CAVP`_. -* Ed25519 test vectors from the `Ed25519 website_`. +* Ed25519 test vectors from the `Ed25519 website`_. * OpenSSL PEM RSA serialization vectors from the `OpenSSL example key`_ and `GnuTLS key parsing tests`_. * ``asymmetric/PEM_Serialization/rsa-bad-1025-q-is-2.pem`` from `badkeys`_. @@ -51,6 +48,7 @@ Asymmetric ciphers * X25519 and X448 test vectors from :rfc:`7748`. * RSA OAEP with custom label from the `BoringSSL evp tests`_. * Ed448 test vectors from :rfc:`8032`. +* Deterministic ECDSA (:rfc:`6979`) from `OpenSSL's RFC 6979 test vectors`_. Custom asymmetric vectors @@ -72,12 +70,18 @@ Custom asymmetric vectors * ``asymmetric/PEM_Serialization/ec_public_key.pem`` and ``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key corresponding to ``ec_private_key.pem``, generated using OpenSSL. +* ``asymmetric/PEM_Serialization/ec_public_key_rsa_delimiter.pem`` - Contains + the public key corresponding to ``ec_private_key.pem``, but with the wrong PEM + delimiter (``RSA PUBLIC KEY`` when it should be ``PUBLIC KEY``). * ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using OpenSSL, protected by the secret "123456" with DES3 encryption. * ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and ``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048 bit public generated using OpenSSL from ``rsa_private_key.pem``. +* ``asymmetric/PEM_Serialization/rsa_wrong_delimiter_public_key.pem`` - Contains + an RSA 2048 bit public key generated from ``rsa_private_key.pem``, but with + the wrong PEM delimiter (``RSA PUBLIC KEY`` when it should be ``PUBLIC KEY``). * ``asymmetric/PEM_Serialization/dsa_4096.pem`` - Contains a 4096-bit DSA private key generated using OpenSSL. * ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA @@ -107,12 +111,29 @@ Custom asymmetric vectors ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding. * ``x509/custom/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is - the private key for the certificate ``x509/custom/ca/ca.pem``. This key is + the private key for the certificate ``x509/custom/ca/ca.pem``. +* ``pkcs12/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is + the private key for the certificate ``pkcs12/ca/ca.pem``. This key is encoded in several of the PKCS12 custom vectors. * ``x509/custom/ca/rsa_key.pem`` - An unencrypted PCKS8 4096 bit RSA key. It is the private key for the certificate ``x509/custom/ca/rsa_ca.pem``. * ``asymmetric/EC/compressed_points.txt`` - Contains compressed public points generated using OpenSSL. +* ``asymmetric/EC/explicit_parameters_private_key.pem`` - Contains an EC + private key with an curve defined by explicit parameters. +* ``asymmetric/EC/explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem`` - + Contains an EC private key with over the ``wap-wsg-idm-ecid-wtls11`` curve, + encoded with explicit parameters. +* ``asymmetric/EC/secp128r1_private_key.pem`` - Contains an EC private key on + the curve ``secp128r1``. +* ``asymmetric/EC/sect163k1-spki.pem`` - Contains an EC SPKI on the curve + ``sect163k1``. +* ``asymmetric/EC/sect163r2-spki.pem`` - Contains an EC SPKI on the curve + ``sect163r2``. +* ``asymmetric/EC/sect233k1-spki.pem`` - Contains an EC SPKI on the curve + ``sect233k1``. +* ``asymmetric/EC/sect233r1-spki.pem`` - Contains an EC SPKI on the curve + ``sect233r1``. * ``asymmetric/X448/x448-pkcs8-enc.pem`` and ``asymmetric/X448/x448-pkcs8-enc.der`` contain an X448 key encrypted with AES 256 CBC with the password ``password``. @@ -203,6 +224,10 @@ Key exchange * ``vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt`` contains Brainpool vectors from :rfc:`7027`. +* ``vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem`` + contains a Diffie-Hellman public key generated with a previous version of + ``cryptography``. + X.509 ~~~~~ @@ -220,13 +245,17 @@ X.509 legacy PEM header format. * ``cryptography.io.chain.pem`` - The same as ``cryptography.io.pem``, but ``rapidssl_sha256_ca_g3.pem`` is concatenated to the end. +* ``cryptography.io.with_headers.pem`` - The same as ``cryptography.io.pem``, + but with an unrelated (encrypted) private key concatenated to the end. +* ``cryptography.io.chain_with_garbage.pem`` - The same as + ``cryptography.io.chain.pem``, but with other sections and text around it. * ``cryptography.io.with_garbage.pem`` - The same as ``cryptography.io.pem``, but with other sections and text around it. * ``rapidssl_sha256_ca_g3.pem`` - The intermediate CA that issued the ``cryptography.io.pem`` certificate. * ``cryptography.io.precert.pem`` - A pre-certificate with the CT poison extension for the cryptography website. -* ``cryptography-scts.io.pem`` - A leaf certificate issued by Let's Encrypt for +* ``cryptography-scts.pem`` - A leaf certificate issued by Let's Encrypt for the cryptography website which contains signed certificate timestamps. * ``wildcard_san.pem`` - A leaf certificate issued by a public CA for ``langui.sh`` that contains wildcard entries in the SAN extension. @@ -283,6 +312,10 @@ X.509 a subject DN with a bit string type. * ``cryptography-scts-tbs-precert.der`` - The "to-be-signed" pre-certificate bytes from ``cryptography-scts.pem``, with the SCT list extension removed. +* ``belgian-eid-invalid-visiblestring.pem`` - A certificate with UTF-8 + bytes in a ``VisibleString`` type. +* ``ee-pss-sha1-cert.pem`` - An RSA PSS certificate using a SHA1 signature and + SHA1 for MGF1 from the OpenSSL test suite. Custom X.509 Vectors ~~~~~~~~~~~~~~~~~~~~ @@ -456,8 +489,10 @@ Custom X.509 Vectors information access extension with both a CA repository entry and a custom OID entry. * ``ca/ca.pem`` - A self-signed certificate with ``basicConstraints`` set to - true. Its private key is ``ca/ca_key.pem``. This certificate is encoded in - several of the PKCS12 custom vectors. + true. Its private key is ``ca/ca_key.pem``. +* ``pkcs12/ca/ca.pem`` - A self-signed certificate with ``basicConstraints`` + set to true. Its private key is ``pkcs12/ca/ca_key.pem``. This key is + encoded in several of the PKCS12 custom vectors. * ``negative_serial.pem`` - A certificate with a serial number that is a negative number. * ``rsa_pss.pem`` - A certificate with an RSA PSS signature. @@ -465,6 +500,8 @@ Custom X.509 Vectors using ``ed448-pkcs8.pem`` as key. * ``ca/rsa_ca.pem`` - A self-signed RSA certificate with ``basicConstraints`` set to true. Its private key is ``ca/rsa_key.pem``. +* ``ca/rsae_ca.pem`` - A self-signed RSA certificate using a (non-PSS) RSA + public key and a RSA PSS signature. Its private key is ``ca/rsa_key.pem``. * ``invalid-sct-version.der`` - A certificate with an SCT with an unknown version. * ``invalid-sct-length.der`` - A certificate with an SCT with an internal @@ -474,8 +511,29 @@ Custom X.509 Vectors are longer than 2 characters. * ``rsa_pss_cert.pem`` - A self-signed certificate with an RSA PSS signature with ``asymmetric/PKCS8/rsa_pss_2048.pem`` as its key. +* ``rsa_pss_cert_invalid_mgf.der`` - A self-signed certificate with an invalid + RSA PSS signature that has a non-MGF1 OID for its mask generation function in the + signature algorithm. +* ``rsa_pss_cert_no_sig_params.der`` - A self-signed certificate with an invalid + RSA PSS signature algorithm that is missing signature parameters for PSS. +* ``rsa_pss_cert_unsupported_mgf_hash.der`` - A self-signed certificate with an + unsupported MGF1 hash algorithm in the signature algorithm. * ``long-form-name-attribute.pem`` - A certificate with ``subject`` and ``issuer`` names containing attributes whose value's tag is encoded in long-form. +* ``mismatch_inner_outer_sig_algorithm.der`` - A leaf certificate derived from + ``x509/cryptography.io.pem`` but modifying the ``tbs_cert.signature_algorithm`` + OID to not match the outer signature algorithm OID. +* ``ms-certificate-template.pem`` - A certificate with a ``msCertificateTemplate`` + extension. +* ``rsa_pss_sha256_no_null.pem`` - A certificate with an RSA PSS signature + with no encoded ``NULL`` for the PSS hash algorithm parameters. This certificate + was generated by LibreSSL. +* ``ecdsa_null_alg.pem`` - A certificate with an ECDSA signature with ``NULL`` + algorithm parameters. This encoding is invalid, but was generated by Java 11. +* ``dsa_null_alg_params.pem`` - A certificate with a DSA signature with ``NULL`` + algorithm parameters. This encoding is invalid, but was generated by Java 20. +* ``ekucrit-testuser-cert.pem`` - A leaf certificate containing a critical EKU. + This is an invalid certificate per CA/B 7.1.2.7.6. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -598,6 +656,9 @@ Custom X.509 Certificate Revocation List Vectors signature on this CRL is invalid. * ``crl_bad_version.pem`` - Contains a CRL with an invalid version. * ``crl_almost_10k.pem`` - Contains a CRL with 9,999 entries. +* ``crl_inner_outer_mismatch.der`` - A CRL created from + ``valid_signature_crl.pem`` but with a mismatched inner and + outer signature algorithm. The signature on this CRL is invalid. X.509 OCSP Test Vectors ~~~~~~~~~~~~~~~~~~~~~~~ @@ -648,96 +709,98 @@ Custom X.509 OCSP Test Vectors extensions. * ``x509/ocsp/resp-unknown-extension.der`` - An OCSP response containing an extension with an unknown OID. -* ``x509/ocsp/resp-unknown-hash-alg.der`` - AN OCSP response containing an +* ``x509/ocsp/resp-unknown-hash-alg.der`` - An OCSP response containing an invalid hash algorithm OID. +* ``x509/ocsp/req-acceptable-responses.der`` - An OCSP request containing an + acceptable responses extension. Custom PKCS12 Test Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~ * ``pkcs12/cert-key-aes256cbc.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) both encrypted with AES 256 CBC with the password ``cryptography``. * ``pkcs12/cert-none-key-none.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with no encryption. The password (used for integrity checking only) is ``cryptography``. * ``pkcs12/cert-rc2-key-3des.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) encrypted with RC2 and key - (``x509/custom/ca/ca_key.pem``) encrypted via 3DES with the password + (``pkcs12/ca/ca.pem``) encrypted with RC2 and key + (``pkcs12/ca/ca_key.pem``) encrypted via 3DES with the password ``cryptography``. * ``pkcs12/no-password.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) with no + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with no encryption and no password. * ``pkcs12/no-cert-key-aes256cbc.p12`` - A PKCS12 file containing a key - (``x509/custom/ca/ca_key.pem``) encrypted via AES 256 CBC with the + (``pkcs12/ca/ca_key.pem``) encrypted via AES 256 CBC with the password ``cryptography`` and no certificate. * ``pkcs12/cert-aes256cbc-no-key.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) encrypted via AES 256 CBC with the + (``pkcs12/ca/ca.pem``) encrypted via AES 256 CBC with the password ``cryptography`` and no private key. * ``pkcs12/no-name-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``). * ``pkcs12/name-all-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``name``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and ``name3``, respectively. * ``pkcs12/name-1-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``name``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``). * ``pkcs12/name-2-3-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and ``name3``, respectively. * ``pkcs12/name-2-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``. * ``pkcs12/name-3-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), the latter having friendly name ``name3``. * ``pkcs12/name-unicode-no-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``☺``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``) with friendly names ``ä`` and ``ç``, respectively. * ``pkcs12/no-name-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-all-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``name``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and ``name3`` respectively, encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-1-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``name``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-2-3-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` - and ``x509/letsencryptx3.pem``) with friendly names ``name2` and + and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and ``name3`` respectively, encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-2-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``, encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-3-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``), + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``), as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``), the latter having friendly name ``name2``, encrypted via AES 256 CBC with the password ``cryptography``. * ``pkcs12/name-unicode-pwd.p12`` - A PKCS12 file containing a cert - (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) + (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with friendly name ``☺``, as well as two additional certificates (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``) with friendly names ``ä`` and ``ç`` respectively, encrypted via @@ -789,6 +852,10 @@ Custom PKCS7 Test Vectors Custom OpenSSH Test Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* ``ed25519-aesgcm-psw.key`` and ``ed25519-aesgcm-psw.key.pub`` generated by + exporting an Ed25519 key from ``1password 8`` with the password "password". + This key is encrypted using the ``aes256-gcm@openssh.com`` algorithm. + Generated by ``asymmetric/OpenSSH/gen.sh`` using command-line tools from OpenSSH_7.6p1 package. @@ -821,6 +888,43 @@ using command-line tools from OpenSSH_7.6p1 package. Password-protected RSA-2048 private key and corresponding public key. Password is "password". +Custom OpenSSH Certificate Test Vectors +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* ``p256-p256-duplicate-extension.pub`` - A certificate with a duplicate + extension. +* ``p256-p256-non-lexical-extensions.pub`` - A certificate with extensions + in non-lexical order. +* ``p256-p256-duplicate-crit-opts.pub`` - A certificate with a duplicate + critical option. +* ``p256-p256-non-lexical-crit-opts.pub`` - A certificate with critical + options in non-lexical order. +* ``p256-ed25519-non-singular-crit-opt-val.pub`` - A certificate with + a critical option that contains more than one value. +* ``p256-ed25519-non-singular-ext-val.pub`` - A certificate with + an extension that contains more than one value. +* ``dsa-p256.pub`` - A certificate with a DSA public key signed by a P256 + CA. +* ``p256-dsa.pub`` - A certificate with a P256 public key signed by a DSA + CA. +* ``p256-p256-broken-signature-key-type.pub`` - A certificate with a P256 + public key signed by a P256 CA, but the signature key type is set to + ``rsa-sha2-512``. +* ``p256-p256-empty-principals.pub`` - A certificate with a P256 public + key signed by a P256 CA with an empty valid principals list. +* ``p256-p256-invalid-cert-type.pub`` - A certificate with a P256 public + key signed by a P256 CA with an invalid certificate type. +* ``p256-p384.pub`` - A certificate with a P256 public key signed by a P384 + CA. +* ``p256-p521.pub`` - A certificate with a P256 public key signed by a P521 + CA. +* ``p256-rsa-sha1.pub`` - A certificate with a P256 public key signed by a + RSA CA using SHA1. +* ``p256-rsa-sha256.pub`` - A certificate with a P256 public key signed by + a RSA CA using SHA256. +* ``p256-rsa-sha512.pub`` - A certificate with a P256 public key signed by + a RSA CA using SHA512. + Hashes ~~~~~~ @@ -866,6 +970,9 @@ Symmetric ciphers * AES (CBC, CFB, ECB, GCM, OFB, CCM) from `NIST CAVP`_. * AES CTR from :rfc:`3686`. +* AES-GCM-SIV (KEY-LENGTH: 128, 256) from OpenSSL's `evpciph_aes_gcm_siv.txt`_. +* AES-GCM-SIV (KEY-LENGTH: 192) generated by this project. + See :doc:`/development/custom-vectors/aes-192-gcm-siv` * AES OCB3 from :rfc:`7253`, `dkg's additional OCB3 vectors`_, and `OpenSSL's OCB vectors`_. * AES SIV from OpenSSL's `evpciph_aes_siv.txt`_. * 3DES (CBC, CFB, ECB, OFB) from `NIST CAVP`_. @@ -878,16 +985,20 @@ Symmetric ciphers * CAST5 (ECB) from :rfc:`2144`. * CAST5 (CBC, CFB, OFB) generated by this project. See: :doc:`/development/custom-vectors/cast5` -* ChaCha20 from :rfc:`7539`. +* ChaCha20 from :rfc:`7539` and generated by this project. + See: :doc:`/development/custom-vectors/chacha20` * ChaCha20Poly1305 from :rfc:`7539`, `OpenSSL's evpciph.txt`_, and the `BoringSSL ChaCha20Poly1305 tests`_. * IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_. * IDEA (CBC, CFB, OFB) generated by this project. See: :doc:`/development/custom-vectors/idea` +* RC2-128-CBC generated by this project. See: :doc:`/development/custom-vectors/rc2` * SEED (ECB) from :rfc:`4269`. * SEED (CBC) from :rfc:`4196`. * SEED (CFB, OFB) generated by this project. See: :doc:`/development/custom-vectors/seed` +* SM4 (CBC, CFB, CTR, ECB, OFB) from `draft-ribose-cfrg-sm4-10`_. +* SM4 (GCM) from :rfc:`8998`. Two factor authentication ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -918,11 +1029,14 @@ Created Vectors .. toctree:: :maxdepth: 1 + custom-vectors/aes-192-gcm-siv custom-vectors/arc4 custom-vectors/cast5 + custom-vectors/chacha20 custom-vectors/idea custom-vectors/seed custom-vectors/hkdf + custom-vectors/rc2 If official test vectors appear in the future the custom generated vectors @@ -940,7 +1054,7 @@ header format (substituting the correct information): .. _`NIST`: https://www.nist.gov/ .. _`IETF`: https://www.ietf.org/ -.. _`Project Wycheproof`: https://github.com/google/wycheproof +.. _`Project Wycheproof`: https://github.com/C2SP/wycheproof .. _`NIST CAVP`: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program .. _`Bruce Schneier's vectors`: https://www.schneier.com/wp-content/uploads/2015/12/vectors-2.txt .. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/ @@ -950,21 +1064,22 @@ header format (substituting the correct information): .. _`BoringSSL ChaCha20Poly1305 tests`: https://boringssl.googlesource.com/boringssl/+/2e2a226ac9201ac411a84b5e79ac3a7333d8e1c9/crypto/cipher_extra/test/chacha20_poly1305_tests.txt .. _`BoringSSL evp tests`: https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt .. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html -.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01 +.. _`draft RFC`: https://datatracker.ietf.org/doc/html/draft-josefsson-scrypt-kdf-01 .. _`Specification repository`: https://github.com/fernet/spec .. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238 .. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem -.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d +.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/-/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d .. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem .. _`enc2-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/enc2pkcs8.pem .. _`unenc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/unencpkcs8.pem .. _`pkcs12_s2k_pem.c`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs12_s2k_pem.c .. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc -.. _`GnuTLS example keys`: https://gitlab.com/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b +.. _`GnuTLS example keys`: https://gitlab.com/gnutls/gnutls/-/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b .. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors .. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE +.. _`draft-ribose-cfrg-sm4-10`: https://datatracker.ietf.org/doc/html/draft-ribose-cfrg-sm4-10 .. _`Ed25519 website`: https://ed25519.cr.yp.to/software.html -.. _`NIST SP-800-38B`: https://csrc.nist.gov/publications/detail/sp/800-38b/archive/2005-05-01 +.. _`NIST SP-800-38B`: https://csrc.nist.gov/pubs/sp/800/38/b/final .. _`NIST PKI Testing`: https://csrc.nist.gov/Projects/PKI-Testing .. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem .. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt @@ -980,7 +1095,9 @@ header format (substituting the correct information): .. _`root-ed25519.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/root-ed25519.pem .. _`server-ed25519-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed25519-cert.pem .. _`server-ed448-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed448-cert.pem +.. _`evpciph_aes_gcm_siv.txt`: https://github.com/openssl/openssl/blob/a2b1ab6100d5f0fb50b61d241471eea087415632/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt .. _`evpciph_aes_siv.txt`: https://github.com/openssl/openssl/blob/d830526c711074fdcd82c70c24c31444366a1ed8/test/recipes/30-test_evp_data/evpciph_aes_siv.txt .. _`dkg's additional OCB3 vectors`: https://gitlab.com/dkg/ocb-test-vectors .. _`OpenSSL's OCB vectors`: https://github.com/openssl/openssl/commit/2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be .. _`badkeys`: https://github.com/vcsjones/badkeys/tree/50f1cc5f8d13bf3a2046d689f6452decb15d9c3c +.. _`OpenSSL's RFC 6979 test vectors`: https://github.com/openssl/openssl/blob/01690a7ff36c4d18c48b301cdf375c954105a1d9/test/recipes/30-test_evp_data/evppkey_ecdsa_rfc6979.txt diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index 12d6bb0..cad1f3e 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -40,8 +40,7 @@ Bumping the version number The next step in doing a release is bumping the version number in the software. -* Update the version number in ``src/cryptography/__about__.py``. -* Update the version number in ``vectors/cryptography_vectors/__about__.py``. +* Run ``python release.py bump-version {new_version}`` * Set the release date in the :doc:`/changelog`. * Do a commit indicating this. * Send a pull request with this. @@ -51,10 +50,10 @@ Performing the release ---------------------- The commit that merged the version number bump is now the official release -commit for this release. You will need to have ``gpg`` installed and a ``gpg`` -key in order to do a release. Once this has happened: +commit for this release. You will need to have ``git`` configured to perform +signed tags. Once this has happened: -* Run ``python release.py {version}``. +* Run ``python release.py release``. The release should now be available on PyPI and a tag should be available in the repository. @@ -82,22 +81,23 @@ the expected OpenSSL version. Post-release tasks ------------------ -* Update the version number to the next major (e.g. ``0.5.dev1``) in - ``src/cryptography/__about__.py`` and - ``vectors/cryptography_vectors/__about__.py``. +* Send an email to the `mailing list`_ and `python-announce`_ announcing the + release. * Close the `milestone`_ for the previous release on GitHub. +* For major version releases, send a pull request to pyOpenSSL increasing the + maximum ``cryptography`` version pin and perform a pyOpenSSL release. +* Update the version number to the next major (e.g. ``0.5.dev1``) with + ``python release.py bump-version {new_version}``. * Add new :doc:`/changelog` entry with next version and note that it is under active development * Send a pull request with these items * Check for any outstanding code undergoing a deprecation cycle by looking in ``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open a ticket to increment them for the next release. -* Send an email to the `mailing list`_ and `python-announce`_ announcing the - release. .. _`CVE from MITRE`: https://cveform.mitre.org/ .. _`oss-security`: https://www.openwall.com/lists/oss-security/ .. _`upgrading OpenSSL issue template`: https://github.com/pyca/cryptography/issues/new?template=openssl-release.md .. _`milestone`: https://github.com/pyca/cryptography/milestones .. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev -.. _`python-announce`: https://mail.python.org/mailman/listinfo/python-announce-list +.. _`python-announce`: https://mail.python.org/mailman3/lists/python-announce-list.python.org/ diff --git a/docs/faq.rst b/docs/faq.rst index f9f35c1..f66cfba 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -1,6 +1,22 @@ Frequently asked questions ========================== +What issues can you help with in your issue tracker? +---------------------------------------------------- + +The primary purpose of our issue tracker is to enable us to identify and +resolve bugs and feature requests in ``cryptography``, so any time a user +files a bug, we start by asking: Is this a ``cryptography`` bug, or is it a +bug somewhere else? + +That said, we do our best to help users to debug issues that are in their code +or environments. Please note, however, that there's a limit to our ability to +assist users in resolving problems that are specific to their environments, +particularly when we have no way to reproduce the issue. + +Lastly, we're not able to provide support for general Python or Python +packaging issues. + .. _faq-howto-handle-deprecation-warning: I cannot suppress the deprecation warning that ``cryptography`` emits on import @@ -81,17 +97,6 @@ as secure as possible while retaining the advantages of OpenSSL, so we've chosen to rewrite non-cryptographic operations (such as ASN.1 parsing) in a high performance memory safe language: Rust. -Installing ``cryptography`` produces a ``fatal error: 'openssl/opensslv.h' file not found`` error -------------------------------------------------------------------------------------------------- - -``cryptography`` provides wheels which include a statically linked copy of -OpenSSL. If you see this error it is likely because your copy of ``pip`` is too -old to find our wheel files. Upgrade your ``pip`` with ``pip install -U pip`` -and then try to install ``cryptography`` again. - -Users on unusual CPU architectures will need to compile ``cryptography`` -themselves. Please view our :doc:`/installation` documentation. - ``cryptography`` raised an ``InternalError`` and I'm not sure what to do? ------------------------------------------------------------------------- @@ -102,23 +107,14 @@ If you have no other libraries using OpenSSL in your process, or they do not appear to be at fault, it's possible that this is a bug in ``cryptography``. Please file an `issue`_ with instructions on how to reproduce it. -error: ``-Werror=sign-conversion``: No option ``-Wsign-conversion`` during installation ---------------------------------------------------------------------------------------- - -The compiler you are using is too old and not supported by ``cryptography``. -Please upgrade to a more recent version. If you are running OpenBSD 6.1 or -earlier the default compiler is extremely old. Use ``pkg_add`` to install a -newer ``gcc`` and then install ``cryptography`` using -``CC=/path/to/newer/gcc pip install cryptography``. - -Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2 fails ---------------------------------------------------------------------- +Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 fails +---------------------------------------------------------------------------- -The OpenSSL project has dropped support for the 0.9.8, 1.0.0, 1.0.1, and 1.0.2 -release series. Since they are no longer receiving security patches from -upstream, ``cryptography`` is also dropping support for them. To fix this issue -you should upgrade to a newer version of OpenSSL (1.1.0 or later). This may -require you to upgrade to a newer operating system. +The OpenSSL project has dropped support for the 0.9.8, 1.0.0, 1.0.1, 1.0.2, +and 1.1.0 release series. Since they are no longer receiving security patches +from upstream, ``cryptography`` is also dropping support for them. To fix this +issue you should upgrade to a newer version of OpenSSL (1.1.1 or later). This +may require you to upgrade to a newer operating system. Installing ``cryptography`` fails with ``error: Can not find Rust compiler`` ---------------------------------------------------------------------------- @@ -154,7 +150,7 @@ Why can't I import my PEM file? ------------------------------- PEM is a format (defined by several RFCs, but originally :rfc:`1421`) for -encoding keys, certificates and others cryptographic data into a regular form. +encoding keys, certificates, and others cryptographic data into a regular form. The data is encoded as base64 and wrapped with a header and footer. If you are having trouble importing PEM files, make sure your file fits @@ -185,6 +181,7 @@ For example, this is a PEM file for a RSA Public Key: :: What happened to the backend argument? -------------------------------------- + ``cryptography`` stopped requiring the use of ``backend`` arguments in version 3.1 and deprecated their use in version 36.0. If you are on an older version that requires these arguments please view the appropriate documentation @@ -194,10 +191,27 @@ Note that for forward compatibility ``backend`` is still silently accepted by functions that previously required it, but it is ignored and no longer documented. +Will you upload wheels for my non-x86 non-ARM64 CPU architecture? +----------------------------------------------------------------- + +Maybe! But there's some pre-requisites. For us to build wheels and upload them +to PyPI, we consider it necessary to run our tests for that architecture as a +part of our CI (i.e. for every commit). If we don't run the tests, it's hard +to have confidence that everything works -- particularly with cryptography, +which frequently employs per-architecture assembly code. + +For us to add something to CI we need a provider which offers builds on that +architecture, which integrate into our workflows, has sufficient capacity, and +performs well enough not to regress the contributor experience. We don't think +this is an insurmountable bar, but it's also not one that can be cleared +lightly. + +If you are interested in helping support a new CPU architecture, we encourage +you to reach out, discuss, and contribute that support. We will attempt to be +supportive, but we cannot commit to doing the work ourselves. .. _`NaCl`: https://nacl.cr.yp.to/ .. _`PyNaCl`: https://pynacl.readthedocs.io -.. _`WSGIApplicationGroup`: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html .. _`issue`: https://github.com/pyca/cryptography/issues .. _`memory safety`: https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ .. _`building .zip archives for Lambda`: https://docs.aws.amazon.com/lambda/latest/dg/python-package.html diff --git a/docs/fernet.rst b/docs/fernet.rst index 167cf51..b55ecea 100644 --- a/docs/fernet.rst +++ b/docs/fernet.rst @@ -129,7 +129,7 @@ has support for implementing key rotation via :class:`MultiFernet`. :param bytes or str token: The Fernet token. This is the result of calling :meth:`encrypt`. - :returns int: The UNIX timestamp of the token. + :returns int: The Unix timestamp of the token. :raises cryptography.fernet.InvalidToken: If the ``token``'s signature is invalid this exception is raised. @@ -237,7 +237,7 @@ password through a key derivation function such as ... algorithm=hashes.SHA256(), ... length=32, ... salt=salt, - ... iterations=390000, + ... iterations=480000, ... ) >>> key = base64.urlsafe_b64encode(kdf.derive(password)) >>> f = Fernet(key) @@ -252,7 +252,7 @@ to derive the same key from the password in the future. The iteration count used should be adjusted to be as high as your server can tolerate. A good default is at least 480,000 iterations, which is what `Django -recommends as of July 2022`_. +recommends as of December 2022`_. Implementation -------------- @@ -280,5 +280,5 @@ unsuitable for very large files at this time. .. _`Fernet`: https://github.com/fernet/spec/ -.. _`Django recommends as of July 2022`: https://github.com/django/django/blob/main/django/contrib/auth/hashers.py +.. _`Django recommends as of December 2022`: https://github.com/django/django/blob/main/django/contrib/auth/hashers.py .. _`specification`: https://github.com/fernet/spec/blob/master/Spec.md diff --git a/docs/glossary.rst b/docs/glossary.rst index b85a610..3c2272a 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -93,13 +93,22 @@ Glossary bytes-like A bytes-like object contains binary data and supports the `buffer protocol`_. This includes ``bytes``, ``bytearray``, and - ``memoryview`` objects. + ``memoryview`` objects. It is :term:`unsafe` to pass a mutable object + (e.g., a ``bytearray`` or other implementer of the buffer protocol) + and to `mutate it concurrently`_ with the operation it has been + provided for. U-label The presentational unicode form of an internationalized domain name. U-labels use unicode characters outside the ASCII range and are encoded as A-labels when stored in certificates. + unsafe + This is a term used to describe an operation where the user must + ensure that the input is correct. Failure to do so can result in + crashes, hangs, and other security issues. + .. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module .. _`idna`: https://pypi.org/project/idna/ .. _`buffer protocol`: https://docs.python.org/3/c-api/buffer.html +.. _`mutate it concurrently`: https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/ diff --git a/docs/hazmat/decrepit/ciphers.rst b/docs/hazmat/decrepit/ciphers.rst new file mode 100644 index 0000000..8ae0178 --- /dev/null +++ b/docs/hazmat/decrepit/ciphers.rst @@ -0,0 +1,132 @@ +.. hazmat:: + + +Decrepit Symmetric algorithms +============================= + +.. module:: cryptography.hazmat.decrepit.ciphers + +This module contains decrepit symmetric encryption algorithms. These +are algorithms that should not be used unless necessary for backwards +compatibility or interoperability with legacy systems. Their use is +**strongly discouraged**. + +These algorithms require you to use a :class:`~cryptography.hazmat.primitives.ciphers.Cipher` +object along with the appropriate :mod:`~cryptography.hazmat.primitives.ciphers.modes`. + +.. class:: ARC4(key) + + .. versionadded:: 43.0.0 + + ARC4 (Alleged RC4) is a stream cipher with serious weaknesses in its + initial stream output. Its use is strongly discouraged. ARC4 does not use + mode constructions. + + :param key: The secret key. This must be kept secret. Either ``40``, + ``56``, ``64``, ``80``, ``128``, ``192``, or ``256`` :term:`bits` in + length. + :type key: :term:`bytes-like` + + .. doctest:: + + >>> import os + >>> from cryptography.hazmat.decrepit.ciphers.algorithms import ARC4 + >>> from cryptography.hazmat.primitives.ciphers import Cipher, modes + >>> key = os.urandom(16) + >>> algorithm = ARC4(key) + >>> cipher = Cipher(algorithm, mode=None) + >>> encryptor = cipher.encryptor() + >>> ct = encryptor.update(b"a secret message") + >>> decryptor = cipher.decryptor() + >>> decryptor.update(ct) + b'a secret message' + +.. class:: TripleDES(key) + + .. versionadded:: 43.0.0 + + Triple DES (Data Encryption Standard), sometimes referred to as 3DES, is a + block cipher standardized by NIST. Triple DES has known crypto-analytic + flaws, however none of them currently enable a practical attack. + Nonetheless, Triple DES is not recommended for new applications because it + is incredibly slow; old applications should consider moving away from it. + + :param key: The secret key. This must be kept secret. Either ``64``, + ``128``, or ``192`` :term:`bits` long. DES only uses ``56``, ``112``, + or ``168`` bits of the key as there is a parity byte in each component + of the key. Some writing refers to there being up to three separate + keys that are each ``56`` bits long, they can simply be concatenated + to produce the full key. + :type key: :term:`bytes-like` + +.. class:: CAST5(key) + + .. versionadded:: 43.0.0 + + CAST5 (also known as CAST-128) is a block cipher approved for use in the + Canadian government by the `Communications Security Establishment`_. It is + a variable key length cipher and supports keys from 40-128 :term:`bits` in + length. + + :param key: The secret key, This must be kept secret. 40 to 128 + :term:`bits` in length in increments of 8 bits. + :type key: :term:`bytes-like` + + .. doctest:: + + >>> import os + >>> from cryptography.hazmat.decrepit.ciphers.algorithms import CAST5 + >>> from cryptography.hazmat.primitives.ciphers import Cipher, modes + >>> key = os.urandom(16) + >>> iv = os.urandom(8) + >>> algorithm = CAST5(key) + >>> cipher = Cipher(algorithm, modes.CBC(iv)) + >>> encryptor = cipher.encryptor() + >>> ct = encryptor.update(b"a secret message") + >>> decryptor = cipher.decryptor() + >>> decryptor.update(ct) + b'a secret message' + +.. class:: SEED(key) + + .. versionadded:: 43.0.0 + + SEED is a block cipher developed by the Korea Information Security Agency + (KISA). It is defined in :rfc:`4269` and is used broadly throughout South + Korean industry, but rarely found elsewhere. + + :param key: The secret key. This must be kept secret. ``128`` + :term:`bits` in length. + :type key: :term:`bytes-like` + + +.. class:: Blowfish(key) + + .. versionadded:: 43.0.0 + + Blowfish is a block cipher developed by Bruce Schneier. It is known to be + susceptible to attacks when using weak keys. The author has recommended + that users of Blowfish move to newer algorithms. + + :param key: The secret key. This must be kept secret. 32 to 448 + :term:`bits` in length in increments of 8 bits. + :type key: :term:`bytes-like` + +.. class:: IDEA(key) + + .. versionadded:: 43.0.0 + + IDEA (`International Data Encryption Algorithm`_) is a block cipher created + in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher + is susceptible to attacks when using weak keys. It is recommended that you + do not use this cipher for new applications. + + :param key: The secret key. This must be kept secret. ``128`` + :term:`bits` in length. + :type key: :term:`bytes-like` + + + +.. _`Communications Security Establishment`: https://www.cse-cst.gc.ca +.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm +.. _`OpenPGP`: https://www.openpgp.org/ diff --git a/docs/hazmat/decrepit/index.rst b/docs/hazmat/decrepit/index.rst new file mode 100644 index 0000000..f0e541a --- /dev/null +++ b/docs/hazmat/decrepit/index.rst @@ -0,0 +1,14 @@ +.. hazmat:: + +Decrepit cryptography +===================== + +This module holds old, deprecated, and/or insecure cryptographic +algorithms that may be needed in exceptional cases for backwards +compatibility or interoperability reasons. Unless necessary +their use is **strongly discouraged**. + +.. toctree:: + :maxdepth: 2 + + ciphers diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst index b886010..9c80c3a 100644 --- a/docs/hazmat/primitives/aead.rst +++ b/docs/hazmat/primitives/aead.rst @@ -56,10 +56,12 @@ also support providing integrity for associated data which is not encrypted. :param nonce: A 12 byte value. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to encrypt. - :param bytes associated_data: Additional data that should be + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param associated_data: Additional data that should be authenticated with the key, but does not need to be encrypted. Can be ``None``. + :type associated_data: :term:`bytes-like` :returns bytes: The ciphertext bytes with the 16 byte tag appended. :raises OverflowError: If ``data`` or ``associated_data`` is larger than 2\ :sup:`31` - 1 bytes. @@ -73,9 +75,11 @@ also support providing integrity for associated data which is not encrypted. :param nonce: A 12 byte value. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to decrypt (with tag appended). - :param bytes associated_data: Additional data to authenticate. Can be + :param data: The data to decrypt (with tag appended). + :type data: :term:`bytes-like` + :param associated_data: Additional data to authenticate. Can be ``None`` if none was passed during encryption. + :type associated_data: :term:`bytes-like` :returns bytes: The original plaintext. :raises cryptography.exceptions.InvalidTag: If the authentication tag doesn't validate this exception will be raised. This will occur @@ -130,9 +134,11 @@ also support providing integrity for associated data which is not encrypted. performance but it can be up to 2\ :sup:`64` - 1 :term:`bits`. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to encrypt. - :param bytes associated_data: Additional data that should be + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. + :type associated_data: :term:`bytes-like` :returns bytes: The ciphertext bytes with the 16 byte tag appended. :raises OverflowError: If ``data`` or ``associated_data`` is larger than 2\ :sup:`31` - 1 bytes. @@ -147,9 +153,84 @@ also support providing integrity for associated data which is not encrypted. performance but it can be up to 2\ :sup:`64` - 1 :term:`bits`. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to decrypt (with tag appended). - :param bytes associated_data: Additional data to authenticate. Can be + :param data: The data to decrypt (with tag appended). + :type data: :term:`bytes-like` + :param associated_data: Additional data to authenticate. Can be ``None`` if none was passed during encryption. + :type associated_data: :term:`bytes-like` + :returns bytes: The original plaintext. + :raises cryptography.exceptions.InvalidTag: If the authentication tag + doesn't validate this exception will be raised. This will occur + when the ciphertext has been changed, but will also occur when the + key, nonce, or associated data are wrong. + +.. class:: AESGCMSIV(key) + + .. versionadded:: 42.0.0 + + The AES-GCM-SIV construction is defined in :rfc:`8452` and is composed of + the :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` block + cipher utilizing Galois Counter Mode (GCM) and a synthetic initialization + vector (SIV). + + :param key: A 128, 192, or 256-bit key. This **must** be kept secret. + :type key: :term:`bytes-like` + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the version of + OpenSSL does not support AES-GCM-SIV. + + .. doctest:: + + >>> import os + >>> from cryptography.hazmat.primitives.ciphers.aead import AESGCMSIV + >>> data = b"a secret message" + >>> aad = b"authenticated but unencrypted data" + >>> key = AESGCMSIV.generate_key(bit_length=128) + >>> aesgcmsiv = AESGCMSIV(key) + >>> nonce = os.urandom(12) + >>> ct = aesgcmsiv.encrypt(nonce, data, aad) + >>> aesgcmsiv.decrypt(nonce, ct, aad) + b'a secret message' + + .. classmethod:: generate_key(bit_length) + + Securely generates a random AES-GCM-SIV key. + + :param bit_length: The bit length of the key to generate. Must be + 128, 192, or 256. + + :returns bytes: The generated key. + + .. method:: encrypt(nonce, data, associated_data) + + Encrypts and authenticates the ``data`` provided as well as + authenticating the ``associated_data``. The output of this can be + passed directly to the ``decrypt`` method. + + :param nonce: A 12-byte value. + :type nonce: :term:`bytes-like` + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param associated_data: Additional data that should be + authenticated with the key, but is not encrypted. Can be ``None``. + :type associated_data: :term:`bytes-like` + :returns bytes: The ciphertext bytes with the 16 byte tag appended. + :raises OverflowError: If ``data`` or ``associated_data`` is larger + than 2\ :sup:`32` - 1 bytes. + + .. method:: decrypt(nonce, data, associated_data) + + Decrypts the ``data`` and authenticates the ``associated_data``. If you + called encrypt with ``associated_data`` you must pass the same + ``associated_data`` in decrypt or the integrity check will fail. + + :param nonce: A 12-byte value. + :type nonce: :term:`bytes-like` + :param data: The data to decrypt (with tag appended). + :type data: :term:`bytes-like` + :param associated_data: Additional data to authenticate. Can be + ``None`` if none was passed during encryption. + :type associated_data: :term:`bytes-like` :returns bytes: The original plaintext. :raises cryptography.exceptions.InvalidTag: If the authentication tag doesn't validate this exception will be raised. This will occur @@ -158,7 +239,7 @@ also support providing integrity for associated data which is not encrypted. .. class:: AESOCB3(key) - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 The OCB3 construction is defined in :rfc:`7253`. It is an AEAD mode that offers strong integrity guarantees and good performance. @@ -204,9 +285,11 @@ also support providing integrity for associated data which is not encrypted. :param nonce: A 12-15 byte value. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to encrypt. - :param bytes associated_data: Additional data that should be + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. + :type associated_data: :term:`bytes-like` :returns bytes: The ciphertext bytes with the 16 byte tag appended. :raises OverflowError: If ``data`` or ``associated_data`` is larger than 2\ :sup:`31` - 1 bytes. @@ -219,9 +302,11 @@ also support providing integrity for associated data which is not encrypted. :param nonce: A 12 byte value. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to decrypt (with tag appended). - :param bytes associated_data: Additional data to authenticate. Can be + :param data: The data to decrypt (with tag appended). + :type data: :term:`bytes-like` + :param associated_data: Additional data to authenticate. Can be ``None`` if none was passed during encryption. + :type associated_data: :term:`bytes-like` :returns bytes: The original plaintext. :raises cryptography.exceptions.InvalidTag: If the authentication tag doesn't validate this exception will be raised. This will occur @@ -230,7 +315,7 @@ also support providing integrity for associated data which is not encrypted. .. class:: AESSIV(key) - .. versionadded:: 37.0 + .. versionadded:: 37.0.0 The SIV (synthetic initialization vector) construction is defined in :rfc:`5297`. Depending on how it is used, SIV allows either @@ -288,8 +373,9 @@ also support providing integrity for associated data which is not encrypted. authenticating the ``associated_data``. The output of this can be passed directly to the ``decrypt`` method. - :param bytes data: The data to encrypt. - :param list associated_data: An optional ``list`` of ``bytes``. This + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param list associated_data: An optional ``list`` of ``bytes-like objects``. This is additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. In SIV mode the final element of this list is treated as a ``nonce``. @@ -304,7 +390,7 @@ also support providing integrity for associated data which is not encrypted. ``associated_data`` in decrypt or the integrity check will fail. :param bytes data: The data to decrypt (with tag **prepended**). - :param list associated_data: An optional ``list`` of ``bytes``. This + :param list associated_data: An optional ``list`` of ``bytes-like objects``. This is additional data that should be authenticated with the key, but is not encrypted. Can be ``None`` if none was used during encryption. @@ -377,9 +463,11 @@ also support providing integrity for associated data which is not encrypted. ``len(data) < 2 ** (8 * (15 - len(nonce)))`` **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to encrypt. - :param bytes associated_data: Additional data that should be + :param data: The data to encrypt. + :type data: :term:`bytes-like` + :param associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. + :type associated_data: :term:`bytes-like` :returns bytes: The ciphertext bytes with the tag appended. :raises OverflowError: If ``data`` or ``associated_data`` is larger than 2\ :sup:`31` - 1 bytes. @@ -394,13 +482,15 @@ also support providing integrity for associated data which is not encrypted. is the same value used when you originally called encrypt. **NEVER REUSE A NONCE** with a key. :type nonce: :term:`bytes-like` - :param bytes data: The data to decrypt (with tag appended). - :param bytes associated_data: Additional data to authenticate. Can be + :param data: The data to decrypt (with tag appended). + :type data: :term:`bytes-like` + :param associated_data: Additional data to authenticate. Can be ``None`` if none was passed during encryption. + :type associated_data: :term:`bytes-like` :returns bytes: The original plaintext. :raises cryptography.exceptions.InvalidTag: If the authentication tag doesn't validate this exception will be raised. This will occur when the ciphertext has been changed, but will also occur when the key, nonce, or associated data are wrong. -.. _`recommends a 96-bit IV length`: https://csrc.nist.gov/publications/detail/sp/800-38d/final +.. _`recommends a 96-bit IV length`: https://csrc.nist.gov/pubs/sp/800/38/d/final diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst index e880b81..361aa6d 100644 --- a/docs/hazmat/primitives/asymmetric/dh.rst +++ b/docs/hazmat/primitives/asymmetric/dh.rst @@ -174,13 +174,6 @@ Group parameters :return bytes: Serialized parameters. -.. class:: DHParametersWithSerialization - - .. versionadded:: 1.7 - - Alias for :class:`DHParameters`. - - Key interfaces ~~~~~~~~~~~~~~ @@ -247,13 +240,6 @@ Key interfaces :return bytes: Serialized key. -.. class:: DHPrivateKeyWithSerialization - - .. versionadded:: 1.7 - - Alias for :class:`DHPrivateKey`. - - .. class:: DHPublicKey .. versionadded:: 1.7 @@ -293,13 +279,6 @@ Key interfaces :return bytes: Serialized key. -.. class:: DHPublicKeyWithSerialization - - .. versionadded:: 1.7 - - Alias for :class:`DHPublicKey`. - - Numbers ~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 69f128b..b159a09 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -289,7 +289,8 @@ Key interfaces Sign one block of data which can be verified later by others using the public key. - :param bytes data: The message string to sign. + :param data: The message string to sign. + :type data: :term:`bytes-like` :param algorithm: An instance of :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` or @@ -315,7 +316,6 @@ Key interfaces :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`), format ( :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.TraditionalOpenSSL`, - :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH` or :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`) and encryption algorithm (such as @@ -337,13 +337,6 @@ Key interfaces :return bytes: Serialized key. -.. class:: DSAPrivateKeyWithSerialization - - .. versionadded:: 0.8 - - Alias for :class:`DSAPrivateKey`. - - .. class:: DSAPublicKey .. versionadded:: 0.3 @@ -399,28 +392,24 @@ Key interfaces Verify one block of data was signed by the private key associated with this public key. - :param bytes signature: The signature to verify. + :param signature: The signature to verify. + :type signature: :term:`bytes-like` - :param bytes data: The message string that was signed. + :param data: The message string that was signed. + :type data: :term:`bytes-like` :param algorithm: An instance of :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` or :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed` if the ``data`` you want to sign has already been hashed. + :returns: None :raises cryptography.exceptions.InvalidSignature: If the signature does not validate. -.. class:: DSAPublicKeyWithSerialization - - .. versionadded:: 0.8 - - Alias for :class:`DSAPublicKey`. - - .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`FIPS 186-4`: https://csrc.nist.gov/publications/detail/fips/186/4/final .. _`at least 2048`: https://www.cosic.esat.kuleuven.be/ecrypt/ecrypt2/documents/D.SPA.20.pdf -.. _`ongoing protestations`: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-dsa-is-past-its-prime/ +.. _`ongoing protestations`: https://words.filippo.io/dispatches/dsa/ diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 95244c2..a22a64b 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -47,6 +47,19 @@ Elliptic Curve Signature Algorithms :param algorithm: An instance of :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. + :param bool deterministic_signing: A boolean flag defaulting to ``False`` + that specifies whether the signing procedure should be deterministic + or not, as defined in :rfc:`6979`. This only impacts the signing + process, verification is not affected (the verification process + is the same for both deterministic and non-deterministic signed + messages). + + .. versionadded:: 43.0.0 + + :raises cryptography.exceptions.UnsupportedAlgorithm: If + ``deterministic_signing`` is set to ``True`` and the version of + OpenSSL does not support ECDSA with deterministic signing. + .. doctest:: >>> from cryptography.hazmat.primitives import hashes @@ -187,47 +200,6 @@ Elliptic Curve Signature Algorithms :raises ValueError: Raised if the point is invalid for the curve. :returns: A new instance of :class:`EllipticCurvePublicKey`. - .. method:: encode_point() - - .. warning:: - - This method is deprecated as of version 2.5. Callers should migrate - to using - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. - - .. versionadded:: 1.1 - - Encodes an elliptic curve point to a byte string as described in - `SEC 1 v2.0`_ section 2.3.3. This method only supports uncompressed - points. - - :return bytes: The encoded point. - - .. classmethod:: from_encoded_point(curve, data) - - .. versionadded:: 1.1 - - .. note:: - - This has been deprecated in favor of - :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` - - Decodes a byte string as described in `SEC 1 v2.0`_ section 2.3.3 and - returns an :class:`EllipticCurvePublicNumbers`. This method only - supports uncompressed points. - - :param curve: An - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve` - instance. - - :param bytes data: The serialized point byte string. - - :returns: An :class:`EllipticCurvePublicNumbers` instance. - - :raises ValueError: Raised on invalid point type or data length. - - :raises TypeError: Raised when curve is not an - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. Elliptic Curve Key Exchange algorithm ------------------------------------- @@ -236,8 +208,8 @@ Elliptic Curve Key Exchange algorithm .. versionadded:: 1.1 - The Elliptic Curve Diffie-Hellman Key Exchange algorithm first standardized - in NIST publication `800-56A`_, and later in `800-56Ar2`_. + The Elliptic Curve Diffie-Hellman Key Exchange algorithm standardized + in NIST publication `800-56A`_. For most applications the ``shared_key`` should be passed to a key derivation function. This allows mixing of additional information into the @@ -550,11 +522,7 @@ Key Interfaces .. versionadded:: 0.5 - An elliptic curve private key for use with an algorithm such as `ECDSA`_ or - `EdDSA`_. An elliptic curve private key that is not an - :term:`opaque key` also implements - :class:`EllipticCurvePrivateKeyWithSerialization` to provide serialization - methods. + An elliptic curve private key for use with an algorithm such as `ECDSA`_. .. method:: exchange(algorithm, peer_public_key) @@ -589,7 +557,8 @@ Key Interfaces Sign one block of data which can be verified later by others using the public key. - :param bytes data: The message string to sign. + :param data: The message string to sign. + :type data: :term:`bytes-like` :param signature_algorithm: An instance of :class:`EllipticCurveSignatureAlgorithm`, such as :class:`ECDSA`. @@ -648,13 +617,6 @@ Key Interfaces :return bytes: Serialized key. -.. class:: EllipticCurvePrivateKeyWithSerialization - - .. versionadded:: 0.8 - - Alias for :class:`EllipticCurvePrivateKey`. - - .. class:: EllipticCurvePublicKey .. versionadded:: 0.5 @@ -705,16 +667,19 @@ Key Interfaces Verify one block of data was signed by the private key associated with this public key. - :param bytes signature: The DER-encoded signature to verify. + :param signature: The DER-encoded signature to verify. A raw signature may be DER-encoded by splitting it into the ``r`` and ``s`` components and passing them into :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`. + :type signature: :term:`bytes-like` - :param bytes data: The message string that was signed. + :param data: The message string that was signed. + :type data: :term:`bytes-like` :param signature_algorithm: An instance of :class:`EllipticCurveSignatureAlgorithm`. + :returns: None :raises cryptography.exceptions.InvalidSignature: If the signature does not validate. @@ -749,13 +714,6 @@ Key Interfaces :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. -.. class:: EllipticCurvePublicKeyWithSerialization - - .. versionadded:: 0.6 - - Alias for :class:`EllipticCurvePublicKey`. - - Serialization ~~~~~~~~~~~~~ @@ -942,17 +900,15 @@ Elliptic Curve Object Identifiers :raises LookupError: Raised if no elliptic curve is found that matches the provided object identifier. -.. _`FIPS 186-3`: https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf -.. _`FIPS 186-4`: https://csrc.nist.gov/publications/detail/fips/186/4/final -.. _`800-56A`: https://csrc.nist.gov/publications/detail/sp/800-56a/revised/archive/2007-03-14 -.. _`800-56Ar2`: https://csrc.nist.gov/publications/detail/sp/800-56a/rev-2/final +.. _`FIPS 186-3`: https://csrc.nist.gov/files/pubs/fips/186-3/final/docs/fips_186-3.pdf +.. _`FIPS 186-4`: https://csrc.nist.gov/pubs/fips/186-4/final +.. _`800-56A`: https://csrc.nist.gov/pubs/sp/800/56/a/r3/final .. _`some concern`: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters .. _`less than 224 bits`: https://www.cosic.esat.kuleuven.be/ecrypt/ecrypt2/documents/D.SPA.20.pdf .. _`elliptic curve diffie-hellman is faster than diffie-hellman`: https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1100&context=cseconfwork .. _`minimize the number of security concerns for elliptic-curve cryptography`: https://cr.yp.to/ecdh/curve25519-20060209.pdf .. _`SafeCurves`: https://safecurves.cr.yp.to/ .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA -.. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA .. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy .. _`SEC 1 v2.0`: https://www.secg.org/sec1-v2.pdf .. _`bad cryptographic practice`: https://crypto.stackexchange.com/a/3313 diff --git a/docs/hazmat/primitives/asymmetric/ed25519.rst b/docs/hazmat/primitives/asymmetric/ed25519.rst index 3229f09..8d4b910 100644 --- a/docs/hazmat/primitives/asymmetric/ed25519.rst +++ b/docs/hazmat/primitives/asymmetric/ed25519.rst @@ -67,7 +67,8 @@ Key interfaces .. method:: sign(data) - :param bytes data: The data to sign. + :param data: The data to sign. + :type data: :term:`bytes-like` :returns bytes: The 64 byte signature. @@ -103,6 +104,20 @@ Key interfaces :return bytes: Serialized key. + .. method:: private_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`private_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding, + :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw` + format, and + :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. + + :return bytes: Raw key. + .. class:: Ed25519PublicKey .. versionadded:: 2.6 @@ -163,12 +178,28 @@ Key interfaces :returns bytes: The public key bytes. + .. method:: public_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`public_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding and + :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw` + format. + + :return bytes: Raw key. + .. method:: verify(signature, data) - :param bytes signature: The signature to verify. + :param signature: The signature to verify. + :type signature: :term:`bytes-like` - :param bytes data: The data to verify. + :param data: The data to verify. + :type data: :term:`bytes-like` + :returns: None :raises cryptography.exceptions.InvalidSignature: Raised when the signature cannot be verified. diff --git a/docs/hazmat/primitives/asymmetric/ed448.rst b/docs/hazmat/primitives/asymmetric/ed448.rst index fb79dcb..27a8092 100644 --- a/docs/hazmat/primitives/asymmetric/ed448.rst +++ b/docs/hazmat/primitives/asymmetric/ed448.rst @@ -47,7 +47,8 @@ Key interfaces .. method:: sign(data) - :param bytes data: The data to sign. + :param data: The data to sign. + :type data: :term:`bytes-like` :returns bytes: The 114 byte signature. @@ -81,6 +82,20 @@ Key interfaces :return bytes: Serialized key. + .. method:: private_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`private_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding, + :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw` + format, and + :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. + + :return bytes: Raw key. + .. class:: Ed448PublicKey .. versionadded:: 2.6 @@ -117,12 +132,28 @@ Key interfaces :returns bytes: The public key bytes. + .. method:: public_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`public_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding and + :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw` + format. + + :return bytes: Raw key. + .. method:: verify(signature, data) - :param bytes signature: The signature to verify. + :param signature: The signature to verify. + :type signature: :term:`bytes-like` - :param bytes data: The data to verify. + :param data: The data to verify. + :type data: :term:`bytes-like` + :returns: None :raises cryptography.exceptions.InvalidSignature: Raised when the signature cannot be verified. diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst index c27e178..136dd32 100644 --- a/docs/hazmat/primitives/asymmetric/index.rst +++ b/docs/hazmat/primitives/asymmetric/index.rst @@ -36,3 +36,83 @@ private key is able to decrypt it. .. _`proof of identity`: https://en.wikipedia.org/wiki/Public-key_infrastructure + +Common types +~~~~~~~~~~~~ + +Asymmetric key types do not inherit from a common base class. The following +union type aliases can be used instead to reference a multitude of key types. + +.. currentmodule:: cryptography.hazmat.primitives.asymmetric.types + +.. data:: PublicKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of all public key types supported: + :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`. + +.. data:: PrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of all private key types supported: + :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey`. + +.. data:: CertificatePublicKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of all public key types supported for X.509 + certificates: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`. + +.. data:: CertificateIssuerPublicKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of all public key types that can sign other X.509 + certificates as an issuer. x448/x25519 can be a public key, but cannot be + used in signing, so they are not allowed in these contexts. + + Allowed: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`. + +.. data:: CertificateIssuerPrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of all private key types that can sign other X.509 + certificates as an issuer. x448/x25519 can be a public key, but cannot be + used in signing, so they are not allowed in these contexts. + + Allowed: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`. diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index d21cb80..d712b22 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -304,7 +304,7 @@ Padding .. attribute:: DIGEST_LENGTH - .. versionadded:: 37.0 + .. versionadded:: 37.0.0 Pass this attribute to ``salt_length`` to set the salt length to the byte length of the digest passed when calling ``sign``. Note that this @@ -312,11 +312,19 @@ Padding .. attribute:: AUTO - .. versionadded:: 37.0 + .. versionadded:: 37.0.0 Pass this attribute to ``salt_length`` to automatically determine the salt length when verifying. Raises ``ValueError`` if used when signing. + .. attribute:: mgf + + :type: :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF` + + .. versionadded:: 42.0.0 + + The padding's mask generation function (MGF). + .. class:: OAEP(mgf, algorithm, label) .. versionadded:: 0.4 @@ -335,6 +343,22 @@ Padding :param bytes label: A label to apply. This is a rarely used field and should typically be set to ``None`` or ``b""``, which are equivalent. + .. attribute:: algorithm + + :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` + + .. versionadded:: 42.0.0 + + The padding's hash algorithm. + + .. attribute:: mgf + + :type: :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF` + + .. versionadded:: 42.0.0 + + The padding's mask generation function (MGF). + .. class:: PKCS1v15() .. versionadded:: 0.3 @@ -369,6 +393,11 @@ Padding Mask generation functions ------------------------- +.. class:: MGF + + .. versionadded:: 37.0.0 + + .. class:: MGF1(algorithm) .. versionadded:: 0.3 @@ -473,7 +502,21 @@ is unavailable. A `Chinese remainder theorem`_ coefficient used to speed up RSA operations. Calculated as: q\ :sup:`-1` mod p - .. method:: private_key() + .. method:: private_key(*, unsafe_skip_rsa_key_validation=False) + + :param unsafe_skip_rsa_key_validation: + + .. versionadded:: 39.0.0 + + A keyword-only argument that defaults to ``False``. If ``True`` + RSA private keys will not be validated. This significantly speeds up + loading the keys, but is :term:`unsafe` unless you are certain + the key is valid. User supplied keys should never be loaded with + this parameter set to ``True``. If you do load an invalid key this + way and attempt to use it OpenSSL may hang, crash, or otherwise + misbehave. + + :type unsafe_skip_rsa_key_validation: bool :returns: An instance of :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. @@ -511,6 +554,23 @@ this without having to do the math themselves. Computes the ``dmq1`` parameter from the RSA private exponent (``d``) and prime ``q``. +.. function:: rsa_recover_private_exponent(e, p, q) + + .. versionadded:: 43.0.0 + + Computes the RSA private_exponent (``d``) given the public exponent (``e``) + and the RSA primes ``p`` and ``q``. + + .. note:: + + This implementation uses the Carmichael totient function to return the + smallest working value of ``d``. Older RSA implementations, including the + original RSA paper, often used the Euler totient function, which results + in larger but equally functional private exponents. The private exponents + resulting from the Carmichael totient function, as returned here, are + slightly more computationally efficient to use, and some modern standards + require them. + .. function:: rsa_recover_prime_factors(n, e, d) .. versionadded:: 0.8 @@ -541,6 +601,11 @@ Key interfaces .. versionadded:: 0.4 + .. warning:: + + Our implementation of PKCS1 v1.5 decryption is not constant time. See + :doc:`/limitations` for details. + Decrypt data that was encrypted with the public key. :param bytes ciphertext: The ciphertext to decrypt. @@ -572,7 +637,8 @@ Key interfaces Sign one block of data which can be verified later by others using the public key. - :param bytes data: The message string to sign. + :param data: The message string to sign. + :type data: :term:`bytes-like` :param padding: An instance of :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`. @@ -623,13 +689,6 @@ Key interfaces :return bytes: Serialized key. -.. class:: RSAPrivateKeyWithSerialization - - .. versionadded:: 0.8 - - Alias for :class:`RSAPrivateKey`. - - .. class:: RSAPublicKey .. versionadded:: 0.2 @@ -698,9 +757,11 @@ Key interfaces Verify one block of data was signed by the private key associated with this public key. - :param bytes signature: The signature to verify. + :param signature: The signature to verify. + :type signature: :term:`bytes-like` - :param bytes data: The message string that was signed. + :param data: The message string that was signed. + :type data: :term:`bytes-like` :param padding: An instance of :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`. @@ -710,6 +771,7 @@ Key interfaces :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed` if the ``data`` you want to verify has already been hashed. + :returns: None :raises cryptography.exceptions.InvalidSignature: If the signature does not validate. @@ -763,13 +825,6 @@ Key interfaces :raises cryptography.exceptions.UnsupportedAlgorithm: If signature data recovery is not supported with the provided ``padding`` type. -.. class:: RSAPublicKeyWithSerialization - - .. versionadded:: 0.8 - - Alias for :class:`RSAPublicKey`. - - .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`specific mathematical properties`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index db3271b..42cc83c 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -125,7 +125,7 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END extract the public key with :meth:`Certificate.public_key `. -.. function:: load_pem_private_key(data, password) +.. function:: load_pem_private_key(data, password, *, unsafe_skip_rsa_key_validation=False) .. versionadded:: 0.6 @@ -141,7 +141,20 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END :param password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. - :type data: :term:`bytes-like` + :type password: :term:`bytes-like` + + :param unsafe_skip_rsa_key_validation: + + .. versionadded:: 39.0.0 + + A keyword-only argument that defaults to ``False``. If ``True`` + RSA private keys will not be validated. This significantly speeds up + loading the keys, but is :term:`unsafe` unless you are certain the + key is valid. User supplied keys should never be loaded with this + parameter set to ``True``. If you do load an invalid key this way and + attempt to use it OpenSSL may hang, crash, or otherwise misbehave. + + :type unsafe_skip_rsa_key_validation: bool :returns: One of :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`, @@ -234,7 +247,7 @@ data is binary. DER keys may be in a variety of formats, but as long as you know whether it is a public or private key the loading functions will handle the rest. -.. function:: load_der_private_key(data, password) +.. function:: load_der_private_key(data, password, *, unsafe_skip_rsa_key_validation=False) .. versionadded:: 0.8 @@ -248,6 +261,19 @@ the rest. be ``None`` if the private key is not encrypted. :type password: :term:`bytes-like` + :param unsafe_skip_rsa_key_validation: + + .. versionadded:: 39.0.0 + + A keyword-only argument that defaults to ``False``. If ``True`` + RSA private keys will not be validated. This significantly speeds up + loading the keys, but is :term:`unsafe` unless you are certain the + key is valid. User supplied keys should never be loaded with this + parameter set to ``True``. If you do load an invalid key this way and + attempt to use it OpenSSL may hang, crash, or otherwise misbehave. + + :type unsafe_skip_rsa_key_validation: bool + :returns: One of :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`, @@ -362,10 +388,28 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than ``ssh-rsa``. ECDSA keys have a slightly different format, they begin with ``ecdsa-sha2-{curve}``. + +.. data:: SSHPublicKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of public key types accepted for SSH: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` + , or + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`. + + .. function:: load_ssh_public_key(data) .. versionadded:: 0.7 + .. note:: + + SSH DSA key support is deprecated and will be removed in a future + release. + Deserialize a public key from OpenSSH (:rfc:`4253` and `PROTOCOL.certkeys`_) encoded data to an instance of the public key type. @@ -373,13 +417,8 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than :param data: The OpenSSH encoded key data. :type data: :term:`bytes-like` - :returns: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - , or - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, - depending on the contents of ``data``. + :returns: One of :data:`SSHPublicKeyTypes` depending on the contents of + ``data``. :raises ValueError: If the OpenSSH data could not be properly decoded or if the key is not in the proper format. @@ -405,10 +444,27 @@ An example ECDSA key in OpenSSH format:: BAUGBw== -----END OPENSSH PRIVATE KEY----- +.. data:: SSHPrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of private key types accepted for SSH: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + or + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`. + + .. function:: load_ssh_private_key(data, password) .. versionadded:: 3.0 + .. note:: + + SSH DSA key support is deprecated and will be removed in a future + release. + Deserialize a private key from OpenSSH encoded data to an instance of the private key type. @@ -418,13 +474,8 @@ An example ECDSA key in OpenSSH format:: :param bytes password: Password bytes to use to decrypt password-protected key. Or ``None`` if not needed. - :returns: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` - or - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`, - depending on the contents of ``data``. + :returns: One of :data:`SSHPrivateKeyTypes` depending on the contents of + ``data``. :raises ValueError: If the OpenSSH data could not be properly decoded, if the key is not in the proper format or the incorrect password @@ -433,6 +484,303 @@ An example ECDSA key in OpenSSH format:: :raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized key is of a type that is not supported. + +OpenSSH Certificate +~~~~~~~~~~~~~~~~~~~ + +The format used by OpenSSH for certificates, as specified in +`PROTOCOL.certkeys`_. + +.. data:: SSHCertPublicKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of public key types supported for SSH + certificates: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` + or + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey` + +.. data:: SSHCertPrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of private key types supported for SSH + certificates: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + or + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` + +.. function:: load_ssh_public_identity(data) + + .. versionadded:: 40.0.0 + + .. note:: + + This function does not support parsing certificates with DSA public + keys or signatures from DSA certificate authorities. DSA is a + deprecated algorithm and should not be used. + + Deserialize an OpenSSH encoded identity to an instance of + :class:`SSHCertificate` or the appropriate public key type. + Parsing a certificate does not verify anything. It is up to the caller to + perform any necessary verification. + + :param data: The OpenSSH encoded data. + :type data: bytes + + :returns: :class:`SSHCertificate` or one of :data:`SSHCertPublicKeyTypes`. + + :raises ValueError: If the OpenSSH data could not be properly decoded. + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data contains + a public key type that is not supported. + + +.. class:: SSHCertificate + + .. versionadded:: 40.0.0 + + .. attribute:: nonce + + :type: bytes + + The nonce field is a CA-provided random value of arbitrary length + (but typically 16 or 32 bytes) included to make attacks that depend on + inducing collisions in the signature hash infeasible. + + .. method:: public_key() + + The public key contained in the certificate, one of + :data:`SSHCertPublicKeyTypes`. + + .. attribute:: serial + + :type: int + + Serial is an optional certificate serial number set by the CA to + provide an abbreviated way to refer to certificates from that CA. + If a CA does not wish to number its certificates, it must set this + field to zero. + + .. attribute:: type + + :type: :class:`SSHCertificateType` + + Type specifies whether this certificate is for identification of a user + or a host. + + .. attribute:: key_id + + :type: bytes + + This is a free-form text field that is filled in by the CA at the time + of signing; the intention is that the contents of this field are used to + identify the identity principal in log messages. + + .. attribute:: valid_principals + + :type: list[bytes] + + "valid principals" is a list containing one or more principals as + byte strings. These principals list the names for which this + certificate is valid; hostnames for host certificates and + usernames for user certificates. As a special case, an + empty list means the certificate is valid for any principal of + the specified type. + + .. attribute:: valid_after + + :type: int + + An integer representing the Unix timestamp (in UTC) after which the + certificate is valid. **This time is inclusive.** + + .. attribute:: valid_before + + :type: int + + An integer representing the Unix timestamp (in UTC) before which the + certificate is valid. **This time is not inclusive.** + + .. attribute:: critical_options + + :type: dict[bytes, bytes] + + Critical options is a dict of zero or more options that are + critical for the certificate to be considered valid. If + any of these options are not supported by the implementation, the + certificate must be rejected. + + .. attribute:: extensions + + :type: dict[bytes, bytes] + + Extensions is a dict of zero or more options that are + non-critical for the certificate to be considered valid. If any of + these options are not supported by the implementation, the + implementation may safely ignore them. + + .. method:: signature_key() + + The public key used to sign the certificate, one of + :data:`SSHCertPublicKeyTypes`. + + .. method:: verify_cert_signature() + + .. warning:: + + This method does not validate anything about whether the + signing key is trusted! Callers are responsible for validating + trust in the signer. + + Validates that the signature on the certificate was created by + the private key associated with the certificate's signature key + and that the certificate has not been changed since signing. + + :return: None + :raises: :class:`~cryptography.exceptions.InvalidSignature` if the + signature is invalid. + + .. method:: public_bytes() + + :return: The serialized certificate in OpenSSH format. + :rtype: bytes + + +.. class:: SSHCertificateType + + .. versionadded:: 40.0.0 + + An enumeration of the types of SSH certificates. + + .. attribute:: USER + + The cert is intended for identification of a user. Corresponds to the + value ``1``. + + .. attribute:: HOST + + The cert is intended for identification of a host. Corresponds to the + value ``2``. + +SSH Certificate Builder +~~~~~~~~~~~~~~~~~~~~~~~ + +.. class:: SSHCertificateBuilder + + .. versionadded:: 40.0.0 + + .. note:: + + This builder does not support generating certificates with DSA public + keys or creating signatures with DSA certificate authorities. DSA is a + deprecated algorithm and should not be used. + + .. doctest:: + + >>> import datetime + >>> from cryptography.hazmat.primitives.asymmetric import ec + >>> from cryptography.hazmat.primitives.serialization import ( + ... SSHCertificateType, SSHCertificateBuilder + ... ) + >>> signing_key = ec.generate_private_key(ec.SECP256R1()) + >>> public_key = ec.generate_private_key(ec.SECP256R1()).public_key() + >>> valid_after = datetime.datetime( + ... 2023, 1, 1, 1, tzinfo=datetime.timezone.utc + ... ).timestamp() + >>> valid_before = datetime.datetime( + ... 2023, 7, 1, 1, tzinfo=datetime.timezone.utc + ... ).timestamp() + >>> key_id = b"a_key_id" + >>> valid_principals = [b"eve", b"alice"] + >>> builder = ( + ... SSHCertificateBuilder() + ... .public_key(public_key) + ... .type(SSHCertificateType.USER) + ... .valid_before(valid_before) + ... .valid_after(valid_after) + ... .key_id(b"a_key_id") + ... .valid_principals(valid_principals) + ... .add_extension(b"no-touch-required", b"") + ... ) + >>> builder.sign(signing_key).public_bytes() + b'...' + + .. method:: public_key(public_key) + + :param public_key: The public key to be included in the certificate. + This value is required. + :type public_key: :data:`SSHCertPublicKeyTypes` + + .. method:: serial(serial) + + :param int serial: The serial number to be included in the certificate. + This is not a required value and will be set to zero if not + provided. Value must be between 0 and 2:sup:`64` - 1, inclusive. + + .. method:: type(type) + + :param type: The type of the certificate. There are two options, + user or host. + :type type: :class:`SSHCertificateType` + + .. method:: key_id(key_id) + + :param key_id: The key ID to be included in the certificate. This is + not a required value. + :type key_id: bytes + + .. method:: valid_principals(valid_principals) + + :param valid_principals: A list of principals that the certificate is + valid for. This is a required value unless + :meth:`valid_for_all_principals` has been called. + :type valid_principals: list[bytes] + + .. method:: valid_for_all_principals() + + Marks the certificate as valid for all principals. This cannot be + set if principals have been added via :meth:`valid_principals`. + + .. method:: valid_after(valid_after) + + :param int valid_after: The Unix timestamp (in UTC) that marks the + activation time for the certificate. This is a required value. + + .. method:: valid_before(valid_before) + + :param int valid_before: The Unix timestamp (in UTC) that marks the + expiration time for the certificate. This is a required value. + + .. method:: add_critical_option(name, value) + + :param name: The name of the critical option to add. No duplicates + are allowed. + :type name: bytes + :param value: The value of the critical option to add. This is + commonly an empty byte string. + :type value: bytes + + .. method:: add_extension(name, value) + + :param name: The name of the extension to add. No duplicates are + allowed. + :type name: bytes + :param value: The value of the extension to add. + :type value: bytes + + .. method:: sign(private_key) + + :param private_key: The private key that will be used to sign the + certificate. + :type private_key: :data:`SSHCertPrivateKeyTypes` + + :return: The signed certificate. + :rtype: :class:`SSHCertificate` + PKCS12 ~~~~~~ @@ -447,6 +795,23 @@ file suffix. ``cryptography`` only supports a single private key and associated certificates when parsing PKCS12 files at this time. + +.. data:: PKCS12PrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of private key types supported for PKCS12 + serialization: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` + , + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + , + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` + , + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` + or + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. + .. function:: load_key_and_certificates(data, password) .. versionadded:: 2.5 @@ -470,7 +835,7 @@ file suffix. .. function:: load_pkcs12(data, password) - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 Deserialize a PKCS12 blob, and return a :class:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates` @@ -517,17 +882,7 @@ file suffix. :type name: bytes :param key: The private key to include in the structure. - :type key: An - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` - , - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` - , - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` - , - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` - , or - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` - object. + :type key: :data:`PKCS12PrivateKeyTypes` :param cert: The certificate associated with the private key. :type cert: :class:`~cryptography.x509.Certificate` or ``None`` @@ -575,12 +930,12 @@ file suffix. >>> cert = x509.load_pem_x509_certificate(ca_cert) >>> key = load_pem_private_key(ca_key, None) >>> p12 = pkcs12.serialize_key_and_certificates( - ... b"friendlyname", key, None, None, encryption + ... b"friendlyname", key, cert, None, encryption ... ) .. class:: PKCS12Certificate - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 Represents additional data provided for a certificate in a PKCS12 file. @@ -596,14 +951,15 @@ file suffix. .. class:: PKCS12KeyAndCertificates - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 A simplified representation of a PKCS12 file. .. attribute:: key An optional private key belonging to - :attr:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates.cert`. + :attr:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates.cert` + (see :data:`PKCS12PrivateKeyTypes`). .. attribute:: cert @@ -618,6 +974,7 @@ file suffix. instances. .. class:: PBES + :canonical: cryptography.hazmat.primitives._serialization.PBES .. versionadded:: 38.0.0 @@ -649,6 +1006,25 @@ contain certificates, CRLs, and much more. PKCS7 files commonly have a ``p7b``, ``cryptography`` only supports parsing certificates from PKCS7 files at this time. +.. data:: PKCS7HashTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of hash types supported for PKCS7 serialization: + :class:`~cryptography.hazmat.primitives.hashes.SHA1`, + :class:`~cryptography.hazmat.primitives.hashes.SHA224`, + :class:`~cryptography.hazmat.primitives.hashes.SHA256`, + :class:`~cryptography.hazmat.primitives.hashes.SHA384`, or + :class:`~cryptography.hazmat.primitives.hashes.SHA512`. + +.. data:: PKCS7PrivateKeyTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of private key types supported for PKCS7 serialization: + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + .. function:: load_pem_pkcs7_certificates(data) .. versionadded:: 3.1 @@ -687,7 +1063,7 @@ contain certificates, CRLs, and much more. PKCS7 files commonly have a ``p7b``, .. function:: serialize_certificates(certs, encoding) - .. versionadded:: 37.0 + .. versionadded:: 37.0.0 Serialize a list of certificates to a PKCS7 structure. @@ -719,6 +1095,37 @@ contain certificates, CRLs, and much more. PKCS7 files commonly have a ``p7b``, -----END CERTIFICATE----- """.strip() + ca_cert_rsa = b""" + -----BEGIN CERTIFICATE----- + MIIExzCCAq+gAwIBAgIJAOcS06ClbtbJMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV + BAMMD2NyeXB0b2dyYXBoeSBDQTAeFw0yMDA5MTQyMTQwNDJaFw00ODAxMzEyMTQw + NDJaMBoxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTCCAiIwDQYJKoZIhvcNAQEB + BQADggIPADCCAgoCggIBANBIheRc1HT4MzV5GvUbDk9CFU6DTomRApNqRmizriRq + m6OY4Ht3d71BXog6/IBkqAnZ4/XJQ40G4sVDb52k11oPvfJ/F5pc+6UqPBL+QGzY + GkJoubAqXFpI6ow0qayFNQLv0T9o4yh0QQOoGvgCmv91qmitLrZNXu4U9S76G+Di + GST+QyMkMxj+VsGRsRRBufV1urcnvFWjU6Q2+cr2cp0mMAG96NTyIskYiJ8vL03W + z4DX4klO4X47fPmDnU/OMn4SbvMZ896j1L0J04S+uVThTkxQWcFcqXhX5qM8kzcj + JUmybFlbf150j3WiucW48K/j7fJ0x9q3iUo4Gva0coScglJWcgo/BBCwFDw8NVba + 7npxSRMiaS3qTv0dEFcRnvByc+7hyGxxlWdTE9tHisUI1eZVk9P9ziqNOZKscY8Z + X1+/C4M9X69Y7A8I74F5dO27IRycEgOrSo2z1NhfSwbqJr9a2TBtRsFinn8rjKBI + zNn0E5p9jO1WjxtkcjHfXXpLN8FFMvoYI9l/K+ZWDm9sboaF8jrgozSc004AFemA + H79mmCGVRKXn1vDAo4DLC6p3NiBFYQcYbW9V+beGD6srsF6xJtuY/UwtPROLWSzu + CCrZ/4BlmpNsR0ehIFFvzEKjX6rR2yp3YKlguDbMBMKMpfSGxAFwcZ7OiaxR20UH + AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADSveDS4 + y2V/N6Li2n9ChGNdCMr/45M0cl+GpL55aA36AWYMRLv0wip7MWV3yOj4mkjGBlTE + awKHH1FtetsE6B4a7M2hHhOXyXE60uUdptEx6ckGrJ1iyqu5cQUX1P+VnXbmOxfF + bl+Ugzjbgirx239rA4ezkDRuOvKcCbDOFV/gw3ZHfJ/IQeRXIQRl/y51wcnFUvFM + JEESYiijeDbEcY8r1/phmVQL0CO7WLMmTxlFj4X/TR3MTZWJQIap9GiLs5+n3QiO + jsZ3GuFOomB8oTebYkXniwbNu5hgLP/seRQzGA7B9VDZryAhCtvGgjtQh0eW2Qxt + sgmDJGOPKnKT3O5U0v3+IPLEYpe8JSzgAhhh6H1rAJRUNwP2gRcO4eOUJSkdl218 + fRNT0ILzosuWxwprER9ciMQF8q0JJKMhcfHRMH0S5mWVJAIkj68KY05oCy2zNyYa + oruopKSWXe0Bzr40znm40P7xIkui2BGQMlDPpbCaEfLsLqyctfbdmMlxac/QgIfY + TltrbqmI3MNy5uqGViGFpWPCB+kD8EsJF9nlKJXlu/i55qgUr/2/2CdeWlZDBP8A + 1fdzmpYpWnwhE0KobzLS2z3AwDxiY/RSWUfypLZA0K/lpaEtYB6UHMDZ0/8WqgZV + gNucCuty0cA4Kf7eX1TlAKVwH8hTkVmJc2rX + -----END CERTIFICATE----- + """.strip() + .. class:: PKCS7SignatureBuilder @@ -751,23 +1158,32 @@ contain certificates, CRLs, and much more. PKCS7 files commonly have a ``p7b``, :param data: The data to be hashed and signed. :type data: :term:`bytes-like` - .. method:: add_signer(certificate, private_key, hash_algorithm) + .. method:: add_signer(certificate, private_key, hash_algorithm, *, rsa_padding=None) :param certificate: The :class:`~cryptography.x509.Certificate`. :param private_key: The :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` - associated with the certificate provided. + associated with the certificate provided + (matches :data:`PKCS7PrivateKeyTypes`). :param hash_algorithm: The :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that - will be used to generate the signature. This must be an instance of - :class:`~cryptography.hazmat.primitives.hashes.SHA1`, - :class:`~cryptography.hazmat.primitives.hashes.SHA224`, - :class:`~cryptography.hazmat.primitives.hashes.SHA256`, - :class:`~cryptography.hazmat.primitives.hashes.SHA384`, or - :class:`~cryptography.hazmat.primitives.hashes.SHA512`. + will be used to generate the signature. This must be one of the + types in :data:`PKCS7HashTypes`. + + :param rsa_padding: + + .. versionadded:: 42.0.0 + + This is a keyword-only argument. If ``private_key`` is an + ``RSAPrivateKey`` then this can be set to either + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` to sign + with those respective paddings. If this is ``None`` then RSA + keys will default to ``PKCS1v15`` padding. All other key types **must** + not pass a value other than ``None``. .. method:: add_certificate(certificate) @@ -789,11 +1205,72 @@ contain certificates, CRLs, and much more. PKCS7 files commonly have a ``p7b``, :returns bytes: The signed PKCS7 message. +.. class:: PKCS7EnvelopeBuilder + + The PKCS7 envelope builder can create encrypted S/MIME messages, + which are commonly used in email. S/MIME has multiple versions, + but this implements a subset of :rfc:`5751`, also known as S/MIME + Version 3.2. + + .. versionadded:: 43.0.0 + + .. doctest:: + + >>> from cryptography import x509 + >>> from cryptography.hazmat.primitives import serialization + >>> from cryptography.hazmat.primitives.serialization import pkcs7 + >>> cert = x509.load_pem_x509_certificate(ca_cert_rsa) + >>> options = [pkcs7.PKCS7Options.Text] + >>> pkcs7.PKCS7EnvelopeBuilder().set_data( + ... b"data to encrypt" + ... ).add_recipient( + ... cert + ... ).encrypt( + ... serialization.Encoding.SMIME, options + ... ) + b'...' + + .. method:: set_data(data) + + :param data: The data to be encrypted. + :type data: :term:`bytes-like` + + .. method:: add_recipient(certificate) + + Add a recipient for the message. Recipients will be able to use their private keys + to decrypt the message. This method may be called multiple times to add as many recipients + as desired. + + :param certificate: A :class:`~cryptography.x509.Certificate` for an intended + recipient of the encrypted message. Only certificates with public RSA keys + are currently supported. + + .. method:: encrypt(encoding, options) + + The message is encrypted using AES-128-CBC. The encryption key used is included in + the envelope, encrypted using the recipient's public RSA key. If multiple recipients + are specified, the key is encrypted once with each recipient's public key, and all + encrypted keys are included in the envelope (one per recipient). + + :param encoding: :attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM`, + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`, + or :attr:`~cryptography.hazmat.primitives.serialization.Encoding.SMIME`. + + :param options: A list of + :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7Options`. For + this operation only + :attr:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7Options.Text` and + :attr:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7Options.Binary` + are supported. + + :returns bytes: The enveloped PKCS7 message. + + .. class:: PKCS7Options .. versionadded:: 3.2 - An enumeration of options for PKCS7 signature creation. + An enumeration of options for PKCS7 signature and envelope creation. .. attribute:: Text @@ -840,17 +1317,18 @@ Serialization Formats .. currentmodule:: cryptography.hazmat.primitives.serialization .. class:: PrivateFormat + :canonical: cryptography.hazmat.primitives._serialization.PrivateFormat .. versionadded:: 0.8 An enumeration for private key formats. Used with the ``private_bytes`` method available on - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` , - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` - , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization` + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey` and - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. .. attribute:: TraditionalOpenSSL @@ -952,12 +1430,12 @@ Serialization Formats An enumeration for public key formats. Used with the ``public_bytes`` method available on - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` , - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization` - , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization` + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` + , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey` , and - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`. .. attribute:: SubjectPublicKeyInfo @@ -1016,7 +1494,7 @@ Serialization Formats An enumeration for parameters formats. Used with the ``parameter_bytes`` method available on - :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParametersWithSerialization`. + :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`. .. attribute:: PKCS3 @@ -1026,14 +1504,15 @@ Serialization Encodings ~~~~~~~~~~~~~~~~~~~~~~~ .. class:: Encoding + :canonical: cryptography.hazmat.primitives._serialization.Encoding An enumeration for encoding types. Used with the ``private_bytes`` method available on - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` , - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` - , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + , :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, and :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey` as well as ``public_bytes`` on @@ -1086,6 +1565,7 @@ Serialization Encryption Types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: KeySerializationEncryption + :canonical: cryptography.hazmat.primitives._serialization.KeySerializationEncryption Objects with this interface are usable as encryption types with methods like ``private_bytes`` available on @@ -1099,6 +1579,7 @@ Serialization Encryption Types encryption and have this interface. .. class:: BestAvailableEncryption(password) + :canonical: cryptography.hazmat.primitives._serialization.BestAvailableEncryption Encrypt using the best available encryption for a given key. This is a curated encryption choice and the algorithm may change over @@ -1108,6 +1589,7 @@ Serialization Encryption Types :param bytes password: The password to use for encryption. .. class:: NoEncryption + :canonical: cryptography.hazmat.primitives._serialization.NoEncryption Do not encrypt. diff --git a/docs/hazmat/primitives/asymmetric/x25519.rst b/docs/hazmat/primitives/asymmetric/x25519.rst index 014f3d0..859e0a5 100644 --- a/docs/hazmat/primitives/asymmetric/x25519.rst +++ b/docs/hazmat/primitives/asymmetric/x25519.rst @@ -129,6 +129,20 @@ Key interfaces :return bytes: Serialized key. + .. method:: private_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`private_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding, + :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw` + format, and + :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. + + :return bytes: Raw key. + .. class:: X25519PublicKey .. versionadded:: 2.0 @@ -176,6 +190,19 @@ Key interfaces :returns bytes: The public key bytes. + .. method:: public_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`public_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding and + :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw` + format. + + :return bytes: Raw key. + .. _`Diffie-Hellman key exchange`: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange .. _`Curve25519`: https://en.wikipedia.org/wiki/Curve25519 diff --git a/docs/hazmat/primitives/asymmetric/x448.rst b/docs/hazmat/primitives/asymmetric/x448.rst index f166355..439c3b4 100644 --- a/docs/hazmat/primitives/asymmetric/x448.rst +++ b/docs/hazmat/primitives/asymmetric/x448.rst @@ -123,6 +123,20 @@ Key interfaces :return bytes: Serialized key. + .. method:: private_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`private_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding, + :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw` + format, and + :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. + + :return bytes: Raw key. + .. class:: X448PublicKey .. versionadded:: 2.5 @@ -171,6 +185,19 @@ Key interfaces :returns bytes: The public key bytes. + .. method:: public_bytes_raw() + + .. versionadded:: 40 + + Allows serialization of the key to raw bytes. This method is a + convenience shortcut for calling :meth:`public_bytes` with + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw` + encoding and + :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw` + format. + + :return bytes: Raw key. + .. _`Diffie-Hellman key exchange`: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange .. _`Curve448`: https://en.wikipedia.org/wiki/Curve448 diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 572822e..c1c29ca 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -117,7 +117,7 @@ SHA-family of hashes. .. note:: While the RFC specifies keying, personalization, and salting features, - these are not supported at this time due to limitations in OpenSSL 1.1.0. + these are not supported at this time due to limitations in OpenSSL. .. class:: BLAKE2b(digest_size) @@ -290,7 +290,7 @@ Interfaces .. _`Lifetimes of cryptographic hash functions`: https://valerieaurora.org/hash.html -.. _`BLAKE2`: https://blake2.net +.. _`BLAKE2`: https://www.blake2.net/ .. _`length-extension attacks`: https://en.wikipedia.org/wiki/Length_extension_attack -.. _`GM/T 0004-2012`: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf +.. _`GM/T 0004-2012`: https://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf .. _`draft-sca-cfrg-sm3`: https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3 diff --git a/docs/hazmat/primitives/index.rst b/docs/hazmat/primitives/index.rst index 72e5b26..98d597b 100644 --- a/docs/hazmat/primitives/index.rst +++ b/docs/hazmat/primitives/index.rst @@ -4,7 +4,7 @@ Primitives ========== .. toctree:: - :maxdepth: 1 + :maxdepth: 2 aead asymmetric/index diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index ddd3356..2715e3e 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -62,7 +62,7 @@ PBKDF2 ... algorithm=hashes.SHA256(), ... length=32, ... salt=salt, - ... iterations=390000, + ... iterations=480000, ... ) >>> key = kdf.derive(b"my great password") >>> # verify @@ -70,7 +70,7 @@ PBKDF2 ... algorithm=hashes.SHA256(), ... length=32, ... salt=salt, - ... iterations=390000, + ... iterations=480000, ... ) >>> kdf.verify(b"my great password", key) @@ -247,7 +247,7 @@ ConcatKDF .. versionadded:: 1.0 ConcatKDFHash (Concatenation Key Derivation Function) is defined by the - NIST Special Publication `NIST SP 800-56Ar2`_ document, to be used to + NIST Special Publication `NIST SP 800-56Ar3`_ document, to be used to derive keys for use after a Key Exchange negotiation operation. .. warning:: @@ -460,7 +460,8 @@ HKDF to be secret, but may cause stronger security guarantees if secret; see :rfc:`5869` and the `HKDF paper`_ for more details. If ``None`` is explicitly passed a default salt of ``algorithm.digest_size // 8`` null - bytes will be used. + bytes will be used. See `understanding HKDF`_ for additional detail about + the salt and info parameters. :param bytes info: Application specific context information. If ``None`` is explicitly passed an empty byte string will be used. @@ -723,7 +724,7 @@ KBKDF .. class:: KBKDFCMAC(algorithm, mode, length, rlen, llen, location,\ label, context, fixed) - .. versionadded:: 35.0 + .. versionadded:: 35.0.0 KBKDF (Key Based Key Derivation Function) is defined by the `NIST SP 800-108`_ document, to be used to derive additional @@ -879,7 +880,7 @@ KBKDF .. attribute:: MiddleFixed - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 The counter iteration variable will be concatenated in the middle of the fixed input data. @@ -1024,9 +1025,9 @@ Interface .. [#nist] See `NIST SP 800-132`_. -.. _`NIST SP 800-132`: https://csrc.nist.gov/publications/detail/sp/800-132/final -.. _`NIST SP 800-108`: https://csrc.nist.gov/publications/detail/sp/800-108/final -.. _`NIST SP 800-56Ar2`: https://csrc.nist.gov/publications/detail/sp/800-56a/rev-2/final +.. _`NIST SP 800-132`: https://csrc.nist.gov/pubs/sp/800/132/final +.. _`NIST SP 800-108`: https://csrc.nist.gov/pubs/sp/800/108/r1/final +.. _`NIST SP 800-56Ar3`: https://csrc.nist.gov/pubs/sp/800/56/a/r3/final .. _`ANSI X9.63:2001`: https://webstore.ansi.org .. _`SEC 1 v2.0`: https://www.secg.org/sec1-v2.pdf .. _`more detailed description`: https://security.stackexchange.com/a/3993/43116 @@ -1035,5 +1036,6 @@ Interface .. _`HKDF`: https://en.wikipedia.org/wiki/HKDF .. _`HKDF paper`: https://eprint.iacr.org/2010/264 .. _`here`: https://stackoverflow.com/a/30308723/1170681 -.. _`recommends`: https://tools.ietf.org/html/rfc7914#section-2 +.. _`recommends`: https://datatracker.ietf.org/doc/html/rfc7914#section-2 .. _`The scrypt paper`: https://www.tarsnap.com/scrypt/scrypt.pdf +.. _`understanding HKDF`: https://soatok.blog/2021/11/17/understanding-hkdf/ diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index c94b790..bce8538 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -54,7 +54,7 @@ of a message. ... cryptography.exceptions.InvalidSignature: Signature did not match digest. - :param key: Secret key as ``bytes``. + :param key: The secret key. :type key: :term:`bytes-like` :param algorithm: An :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` diff --git a/docs/hazmat/primitives/mac/poly1305.rst b/docs/hazmat/primitives/mac/poly1305.rst index 7504a07..e3240f5 100644 --- a/docs/hazmat/primitives/mac/poly1305.rst +++ b/docs/hazmat/primitives/mac/poly1305.rst @@ -48,7 +48,7 @@ messages allows an attacker to forge tags. Poly1305 is described in ... cryptography.exceptions.InvalidSignature: Value did not match computed tag. - :param key: Secret key as ``bytes``. + :param key: The secret key. :type key: :term:`bytes-like` :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the version of OpenSSL ``cryptography`` is compiled against does not diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst index ecd70e6..a1be2ab 100644 --- a/docs/hazmat/primitives/padding.rst +++ b/docs/hazmat/primitives/padding.rst @@ -24,16 +24,13 @@ multiple of the block size. >>> from cryptography.hazmat.primitives import padding >>> padder = padding.PKCS7(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") - >>> padded_data - b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222\x06\x06\x06\x06\x06\x06' >>> unpadder = padding.PKCS7(128).unpadder() >>> data = unpadder.update(padded_data) + >>> data += unpadder.finalize() >>> data - b'1111111111111111' - >>> data + unpadder.finalize() b'11111111111111112222222222' :param block_size: The size of the block in :term:`bits` that the data is @@ -67,16 +64,13 @@ multiple of the block size. >>> padder = padding.ANSIX923(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") - >>> padded_data - b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222\x00\x00\x00\x00\x00\x06' >>> unpadder = padding.ANSIX923(128).unpadder() >>> data = unpadder.update(padded_data) + >>> data += unpadder.finalize() >>> data - b'1111111111111111' - >>> data + unpadder.finalize() b'11111111111111112222222222' :param block_size: The size of the block in :term:`bits` that the data is diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index ec17e73..dd32c91 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -140,36 +140,44 @@ Algorithms :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` does this for you. - ChaCha20 is a stream cipher used in several IETF protocols. It is - standardized in :rfc:`7539`. + ChaCha20 is a stream cipher used in several IETF protocols. While it is + standardized in :rfc:`7539`, **this implementation is not RFC-compliant**. + This implementation uses a ``64`` :term:`bits` counter and a ``64`` + :term:`bits` nonce as defined in the `original version`_ of the algorithm, + rather than the ``32/96`` counter/nonce split defined in :rfc:`7539`. :param key: The secret key. This must be kept secret. ``256`` :term:`bits` (32 bytes) in length. :type key: :term:`bytes-like` :param nonce: Should be unique, a :term:`nonce`. It is - critical to never reuse a ``nonce`` with a given key. Any reuse of a + critical to never reuse a ``nonce`` with a given key. Any reuse of a nonce with the same key compromises the security of every message encrypted with that key. The nonce does not need to be kept secret and may be included with the ciphertext. This must be ``128`` - :term:`bits` in length. + :term:`bits` in length. The 128-bit value is a concatenation of the + 8-byte little-endian counter and the 8-byte nonce. :type nonce: :term:`bytes-like` - .. note:: + .. note:: + + In the `original version`_ of the algorithm the nonce is defined as a + 64-bit value that is later concatenated with a block counter (encoded + as a 64-bit little-endian). If you have a separate nonce and block + counter you will need to concatenate it yourself before passing it. + For example, if you have an initial block counter of 2 and a 64-bit + nonce the concatenated nonce would be + ``struct.pack(">> import struct, os >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes - >>> nonce = os.urandom(16) - >>> algorithm = algorithms.ChaCha20(key, nonce) + >>> nonce = os.urandom(8) + >>> counter = 0 + >>> full_nonce = struct.pack(">> algorithm = algorithms.ChaCha20(key, full_nonce) >>> cipher = Cipher(algorithm, mode=None) >>> encryptor = cipher.encryptor() >>> ct = encryptor.update(b"a secret message") @@ -179,6 +187,12 @@ Algorithms .. class:: TripleDES(key) + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 48.0.0. + Triple DES (Data Encryption Standard), sometimes referred to as 3DES, is a block cipher standardized by NIST. Triple DES has known crypto-analytic flaws, however none of them currently enable a practical attack. @@ -197,6 +211,12 @@ Algorithms .. versionadded:: 0.2 + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 45.0.0. + CAST5 (also known as CAST-128) is a block cipher approved for use in the Canadian government by the `Communications Security Establishment`_. It is a variable key length cipher and supports keys from 40-128 :term:`bits` in @@ -210,6 +230,12 @@ Algorithms .. versionadded:: 0.4 + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 45.0.0. + SEED is a block cipher developed by the Korea Information Security Agency (KISA). It is defined in :rfc:`4269` and is used broadly throughout South Korean industry, but rarely found elsewhere. @@ -244,6 +270,12 @@ Weak ciphers .. class:: Blowfish(key) + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 45.0.0. + Blowfish is a block cipher developed by Bruce Schneier. It is known to be susceptible to attacks when using weak keys. The author has recommended that users of Blowfish move to newer algorithms such as :class:`AES`. @@ -254,6 +286,12 @@ Weak ciphers .. class:: ARC4(key) + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 48.0.0. + ARC4 (Alleged RC4) is a stream cipher with serious weaknesses in its initial stream output. Its use is strongly discouraged. ARC4 does not use mode constructions. @@ -276,6 +314,12 @@ Weak ciphers .. class:: IDEA(key) + .. warning:: + + This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index` + module. If you need to continue using it then update your code to + use the new module path. It will be removed from this namespace in 45.0.0. + IDEA (`International Data Encryption Algorithm`_) is a block cipher created in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher is susceptible to attacks when using weak keys. It is recommended that you @@ -618,8 +662,6 @@ Interfaces into. This buffer should be ``len(data) + n - 1`` bytes where ``n`` is the block size (in bytes) of the cipher and mode combination. :return int: Number of bytes written. - :raises NotImplementedError: This is raised if the version of ``cffi`` - used is too old (this can happen on older PyPy releases). :raises ValueError: This is raised if the supplied buffer is too small. .. doctest:: @@ -651,6 +693,27 @@ Interfaces :meth:`update` and :meth:`finalize` will raise an :class:`~cryptography.exceptions.AlreadyFinalized` exception. + .. method:: reset_nonce(nonce) + + .. versionadded:: 43.0.0 + + This method allows changing the nonce for an already existing context. + Normally the nonce is set when the context is created and internally + incremented as data as passed. However, in some scenarios the same key + is used repeatedly but the nonce changes non-sequentially (e.g. ``QUIC``), + which requires updating the context with the new nonce. + + This method only works for contexts using + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20` or + :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR` mode. + + :param nonce: The nonce to update the context with. + :type data: :term:`bytes-like` + :raises cryptography.exceptions.UnsupportedAlgorithm: If the + algorithm does not support updating the nonce. + :raises ValueError: If the nonce is not the correct length for the + algorithm. + .. class:: AEADCipherContext When calling ``encryptor`` or ``decryptor`` on a ``Cipher`` object @@ -840,13 +903,14 @@ Exceptions .. _`described by Colin Percival`: https://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html -.. _`recommends a 96-bit IV length`: https://csrc.nist.gov/publications/detail/sp/800-38d/final +.. _`recommends a 96-bit IV length`: https://csrc.nist.gov/pubs/sp/800/38/d/final .. _`NIST SP-800-38D`: https://csrc.nist.gov/publications/detail/sp/800-38d/final .. _`Communications Security Establishment`: https://www.cse-cst.gc.ca .. _`encrypt`: https://ssd.eff.org/en/module/what-should-i-know-about-encryption -.. _`CRYPTREC`: https://www.cryptrec.go.jp/english/ +.. _`CRYPTREC`: https://www.cryptrec.go.jp/en/ +.. _`original version`: https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant .. _`significant patterns in the output`: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) .. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm .. _`OpenPGP`: https://www.openpgp.org/ .. _`disk encryption`: https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS -.. _`draft-ribose-cfrg-sm4-10`: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10 +.. _`draft-ribose-cfrg-sm4-10`: https://datatracker.ietf.org/doc/html/draft-ribose-cfrg-sm4-10 diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 0d7d88f..4cd437b 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -18,6 +18,15 @@ codes (HMAC). .. currentmodule:: cryptography.hazmat.primitives.twofactor.hotp +.. data:: HOTPHashTypes + + .. versionadded:: 40.0.0 + + Type alias: A union of supported hash algorithm types: + :class:`~cryptography.hazmat.primitives.hashes.SHA1`, + :class:`~cryptography.hazmat.primitives.hashes.SHA256` or + :class:`~cryptography.hazmat.primitives.hashes.SHA512`. + .. class:: HOTP(key, length, algorithm, *, enforce_key_length=True) .. versionadded:: 0.3 @@ -47,7 +56,7 @@ codes (HMAC). :param int length: Length of generated one time password as ``int``. :param cryptography.hazmat.primitives.hashes.HashAlgorithm algorithm: A :class:`~cryptography.hazmat.primitives.hashes` - instance. + instance (must match :data:`HOTPHashTypes`). :param enforce_key_length: A boolean flag defaulting to True that toggles whether a minimum key length of 128 :term:`bits` is enforced. This exists to work around the fact that as documented in `Issue #2915`_, diff --git a/docs/index.rst b/docs/index.rst index 08fcba3..7086f80 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -67,6 +67,7 @@ hazmat layer only when necessary. hazmat/primitives/index exceptions random-numbers + hazmat/decrepit/index .. toctree:: :maxdepth: 2 diff --git a/docs/installation.rst b/docs/installation.rst index 361ed5a..8e5af7d 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -13,34 +13,32 @@ single most common cause of installation problems. Supported platforms ------------------- -Currently we test ``cryptography`` on Python 3.6+ and PyPy3 on these +Currently we test ``cryptography`` on Python 3.7+ and PyPy3 7.3.11+ on these operating systems. * x86-64 RHEL 8.x +* x86-64 CentOS 9 Stream * x86-64 Fedora (latest) -* x86-64 macOS 12 Monterey -* ARM64 macOS 12 Monterey -* x86-64 Ubuntu 18.04, 20.04, 22.04, rolling -* ARM64 Ubuntu 20.04 -* x86-64 Debian Stretch (9.x), Buster (10.x), Bullseye (11.x), Bookworm (12.x) - and Sid (unstable) -* x86-64 Alpine (latest) -* ARM64 Alpine (latest) +* x86-64 macOS 13 Ventura and ARM64 macOS 14 Sonoma +* x86-64 Ubuntu 20.04, 22.04, 24.04, rolling +* ARM64 Ubuntu rolling +* x86-64 Debian Bullseye (11.x), Bookworm (12.x), Trixie (13.x), and + Sid (unstable) +* x86-64 and ARM64 Alpine (latest) * 32-bit and 64-bit Python on 64-bit Windows Server 2022 We test compiling with ``clang`` as well as ``gcc`` and use the following -OpenSSL releases: +OpenSSL releases in addition to distribution provided releases from the +above supported platforms: -* ``OpenSSL 1.1.0-latest`` -* ``OpenSSL 1.1.1-latest`` * ``OpenSSL 3.0-latest`` +* ``OpenSSL 3.1-latest`` +* ``OpenSSL 3.2-latest`` +* ``OpenSSL 3.3-latest`` -In addition we test against several versions of LibreSSL and the latest commit -in BoringSSL. - -.. warning:: - - Cryptography 37.0.0 has deprecated support for OpenSSL 1.1.0. +We also test against the latest commit of BoringSSL as well as versions of +LibreSSL that are receiving security support at the time of a given +``cryptography`` release. Building cryptography on Windows @@ -57,15 +55,14 @@ just run If you prefer to compile it yourself you'll need to have OpenSSL installed. You can compile OpenSSL yourself as well or use `a binary distribution`_. Be sure to download the proper version for your architecture and Python -(VC2015 is required for 3.6 and above). Wherever you place your copy of OpenSSL -you'll need to set the ``LIB`` and ``INCLUDE`` environment variables to include -the proper locations. For example: +(VC2015 is required for 3.7 and above). Wherever you place your copy of OpenSSL +you'll need to set the ``OPENSSL_DIR`` environment variable to include the +proper location. For example: .. code-block:: console C:\> \path\to\vcvarsall.bat x86_amd64 - C:\> set LIB=C:\OpenSSL-win64\lib;%LIB% - C:\> set INCLUDE=C:\OpenSSL-win64\include;%INCLUDE% + C:\> set OPENSSL_DIR=C:\OpenSSL-win64 C:\> pip install cryptography You will also need to have :ref:`Rust installed and @@ -81,11 +78,10 @@ Building cryptography on Linux .. note:: - If you are on RHEL/CentOS/Fedora/Debian/Ubuntu or another distribution - derived from the preceding list, then you should **upgrade pip** and - attempt to install ``cryptography`` again before following the instructions - to compile it below. These platforms will receive a binary wheel and - require no compiler if you have an updated ``pip``! + You should **upgrade pip** and attempt to install ``cryptography`` again + before following the instructions to compile it below. Most Linux + platforms will receive a binary wheel and require no compiler if you have + an updated ``pip``! ``cryptography`` ships ``manylinux`` wheels (as of 2.0) so all dependencies are included. For users on **pip 19.3** or above running on a ``manylinux2014`` @@ -108,13 +104,13 @@ Alpine .. warning:: - The Rust available by default in Alpine < 3.14 is older than the minimum + The Rust available by default in Alpine < 3.17 is older than the minimum supported version. See the :ref:`Rust installation instructions ` for information about installing a newer Rust. .. code-block:: console - $ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo + $ sudo apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo pkgconfig If you get an error with ``openssl-dev`` you may have to use ``libressl-dev``. @@ -123,30 +119,29 @@ Debian/Ubuntu .. warning:: - The Rust available in some Debian versions is older than the minimum - supported version. Debian Bullseye is sufficiently new, but otherwise - please see the :ref:`Rust installation instructions ` - for information about installing a newer Rust. + The Rust available in Debian versions prior to Bookworm are older than the + minimum supported version. See the :ref:`Rust installation instructions + ` for information about installing a newer Rust. .. code-block:: console $ sudo apt-get install build-essential libssl-dev libffi-dev \ - python3-dev cargo + python3-dev cargo pkg-config Fedora/RHEL/CentOS ~~~~~~~~~~~~~~~~~~ .. warning:: - For RHEL and CentOS you must be on version 8.3 or newer for the command - below to install a sufficiently new Rust. If your Rust is less than 1.48.0 + For RHEL and CentOS you must be on version 8.8 or newer for the command + below to install a sufficiently new Rust. If your Rust is less than 1.65.0 please see the :ref:`Rust installation instructions ` for information about installing a newer Rust. .. code-block:: console $ sudo dnf install redhat-rpm-config gcc libffi-devel python3-devel \ - openssl-devel cargo + openssl-devel cargo pkg-config Building @@ -230,7 +225,7 @@ dependencies. ./config no-shared no-ssl2 no-ssl3 -fPIC --prefix=${CWD}/openssl make && make install cd .. - CFLAGS="-I${CWD}/openssl/include" LDFLAGS="-L${CWD}/openssl/lib" pip wheel --no-binary :all: cryptography + OPENSSL_DIR="${CWD}/openssl" pip wheel --no-cache-dir --no-binary cryptography cryptography Building cryptography on macOS ------------------------------ @@ -262,7 +257,9 @@ development headers. You will also need to have :ref:`Rust installed and available`, which can be obtained from `Homebrew`_, -`MacPorts`_, or directly from the Rust website. +`MacPorts`_, or directly from the Rust website. If you are linking against a +``universal2`` archive of OpenSSL, the minimum supported Rust version is +1.66.0. Finally you need OpenSSL, which you can obtain from `Homebrew`_ or `MacPorts`_. Cryptography does **not** support the OpenSSL/LibreSSL libraries Apple ships @@ -274,15 +271,15 @@ To build cryptography and dynamically link it: .. code-block:: console - $ brew install openssl@1.1 rust - $ env LDFLAGS="-L$(brew --prefix openssl@1.1)/lib" CFLAGS="-I$(brew --prefix openssl@1.1)/include" pip install cryptography + $ brew install openssl@3 rust + $ env OPENSSL_DIR="$(brew --prefix openssl@3)" pip install cryptography `MacPorts`_: .. code-block:: console $ sudo port install openssl rust - $ env LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography + $ env OPENSSL_DIR="-L/opt/local" pip install cryptography You can also build cryptography statically: @@ -290,15 +287,15 @@ You can also build cryptography statically: .. code-block:: console - $ brew install openssl@1.1 rust - $ env CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 LDFLAGS="$(brew --prefix openssl@1.1)/lib/libssl.a $(brew --prefix openssl@1.1)/lib/libcrypto.a" CFLAGS="-I$(brew --prefix openssl@1.1)/include" pip install cryptography + $ brew install openssl@3 rust + $ env OPENSSL_STATIC=1 OPENSSL_DIR="$(brew --prefix openssl@3)" pip install cryptography `MacPorts`_: .. code-block:: console $ sudo port install openssl rust - $ env CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 LDFLAGS="/opt/local/lib/libssl.a /opt/local/lib/libcrypto.a" CFLAGS="-I/opt/local/include" pip install cryptography + $ env OPENSSL_STATIC=1 OPENSSL_DIR="/opt/local" pip install cryptography If you need to rebuild ``cryptography`` for any reason be sure to clear the local `wheel cache`_. @@ -315,7 +312,7 @@ Rust a Rust toolchain. Building ``cryptography`` requires having a working Rust toolchain. The current -minimum supported Rust version is 1.48.0. **This is newer than the Rust some +minimum supported Rust version is 1.65.0. **This is newer than the Rust some package managers ship**, so users may need to install with the instructions below. diff --git a/docs/limitations.rst b/docs/limitations.rst index 227ed6c..3f43c74 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -24,21 +24,23 @@ RSA PKCS1 v1.5 constant time decryption --------------------------------------- RSA decryption has several different modes, one of which is PKCS1 v1.5. When -used in online contexts, a secure protocol implementation requires that peers -not be able to tell whether RSA PKCS1 v1.5 decryption failed or succeeded, -even by timing variability. +used in **online contexts**, a secure protocol implementation requires that +peers not be able to tell whether RSA PKCS1 v1.5 decryption failed or +succeeded, even by timing variability. ``cryptography`` does not provide an API that makes this possible, due to the fact that RSA decryption raises an exception on failure, which takes a different amount of time than returning a value in the success case. -For this reason, at present, we recommend not implementing online protocols +Fixing this would require a new API in ``cryptography``, but OpenSSL does +not expose an API for straightforwardly implementing this while reusing +its own constant-time logic. See `issue 6167`_ for more information. + +For this reason we recommend not implementing online protocols that use RSA PKCS1 v1.5 decryption with ``cryptography`` -- independent of this limitation, such protocols generally have poor security properties due to their lack of forward security. -If a constant time RSA PKCS1 v1.5 decryption API is truly required, you should -contribute one to ``cryptography``. - .. _`Memory wiping`: https://devblogs.microsoft.com/oldnewthing/?p=4223 .. _`CERT secure coding guidelines`: https://wiki.sei.cmu.edu/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources +.. _`issue 6167`: https://github.com/pyca/cryptography/issues/6167#issuecomment-1276151799 \ No newline at end of file diff --git a/docs/openssl.rst b/docs/openssl.rst index b628d0a..d4e69f4 100644 --- a/docs/openssl.rst +++ b/docs/openssl.rst @@ -10,8 +10,8 @@ A list of supported versions can be found in our :doc:`/installation` documentation. In general the backend should be considered an internal implementation detail -of the project, but there are some public methods available for more advanced -control. +of the project, but there are some public methods available for debugging +purposes. .. data:: cryptography.hazmat.backends.openssl.backend @@ -29,83 +29,17 @@ control. typically shown in hexadecimal (e.g. ``0x1010003f``). This is not necessarily the same version as it was compiled against. - .. method:: activate_osrandom_engine() +.. _legacy-provider: - Activates the OS random engine. This will effectively disable OpenSSL's - default CSPRNG. +Legacy provider in OpenSSL 3.x +------------------------------ - .. method:: osrandom_engine_implementation() +.. versionadded:: 39.0.0 - .. versionadded:: 1.7 - - Returns the implementation of OS random engine. - - .. method:: activate_builtin_random() - - This will activate the default OpenSSL CSPRNG. - -OS random engine ----------------- - -.. note:: - - As of OpenSSL 1.1.1d its CSPRNG is fork-safe by default. - ``cryptography`` does not compile or load the custom engine on - >= 1.1.1d. - -By default OpenSSL uses a user-space CSPRNG that is seeded from system random ( -``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded -automatically when a process calls ``fork()``. This can result in situations -where two different processes can return similar or identical keys and -compromise the security of the system. - -The approach this project has chosen to mitigate this vulnerability is to -include an engine that replaces the OpenSSL default CSPRNG with one that -sources its entropy from ``/dev/urandom`` on UNIX-like operating systems and -uses ``CryptGenRandom`` on Windows. This method of pulling from the system pool -allows us to avoid potential issues with `initializing the RNG`_ as well as -protecting us from the ``fork()`` weakness. - -This engine is **active** by default when importing the OpenSSL backend. When -active this engine will be used to generate all the random data OpenSSL -requests. - -When importing only the binding it is added to the engine list but -**not activated**. - - -OS random sources ------------------ - -On macOS and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random``. The -implementation on macOS uses the `Yarrow`_ algorithm. FreeBSD uses the -`Fortuna`_ algorithm. - -On Windows the implementation of ``CryptGenRandom`` depends on which version of -the operation system you are using. See the `Microsoft documentation`_ for more -details. - -Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source -seeded from the same pool as ``/dev/random``. - -+------------------------------------------+------------------------------+ -| Windows | ``CryptGenRandom()`` | -+------------------------------------------+------------------------------+ -| Linux >= 3.17 with working | ``getrandom()`` | -| ``SYS_getrandom`` syscall | | -+------------------------------------------+------------------------------+ -| OpenBSD >= 5.6 | ``getentropy()`` | -+------------------------------------------+------------------------------+ -| BSD family (including macOS 10.12+) with | ``getentropy()`` | -| ``SYS_getentropy`` in ``sys/syscall.h`` | | -+------------------------------------------+------------------------------+ -| fallback | ``/dev/urandom`` with | -| | cached file descriptor | -+------------------------------------------+------------------------------+ +Users can set ``CRYPTOGRAPHY_OPENSSL_NO_LEGACY`` environment variable to +disable the legacy provider in OpenSSL 3.x. This will disable legacy +cryptographic algorithms, including ``Blowfish``, ``CAST5``, ``SEED``, +``ARC4``, and ``RC2`` (which is used by some encrypted serialization formats). .. _`OpenSSL`: https://www.openssl.org/ -.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29 -.. _`Fortuna`: https://en.wikipedia.org/wiki/Fortuna_(PRNG) -.. _`Yarrow`: https://en.wikipedia.org/wiki/Yarrow_algorithm -.. _`Microsoft documentation`: https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cryptgenrandom diff --git a/docs/random-numbers.rst b/docs/random-numbers.rst index 6161563..5d6fd3d 100644 --- a/docs/random-numbers.rst +++ b/docs/random-numbers.rst @@ -18,16 +18,13 @@ you can obtain them with: >>> import os >>> iv = os.urandom(16) -This will use ``/dev/urandom`` on UNIX platforms, and ``CryptGenRandom`` on -Windows. -If you need your random number as an integer (for example, for -:meth:`~cryptography.x509.CertificateBuilder.serial_number`), you can use +If you need your random number as an big integer, you can use ``int.from_bytes`` to convert the result of ``os.urandom``: .. code-block:: pycon - >>> serial = int.from_bytes(os.urandom(20), byteorder="big") + >>> serial = int.from_bytes(os.urandom(16), byteorder="big") In addition, the `Python standard library`_ includes the ``secrets`` module, which can be used for generating cryptographically secure random numbers, with diff --git a/docs/security.rst b/docs/security.rst index 6cd9dbe..3c750b8 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -5,6 +5,13 @@ We take the security of ``cryptography`` seriously. The following are a set of policies we have adopted to ensure that security issues are addressed in a timely fashion. +Known vulnerabilities +--------------------- + +A list of all known vulnerabilities in ``cryptography`` can be found on +`osv.dev`_, as well as other ecosystem vulnerability databases. They can +automatically be scanned for using tools such as `pip-audit`_ or `osv-scan`_. + Infrastructure -------------- @@ -52,14 +59,12 @@ Reporting a security issue We ask that you do not report security issues to our normal GitHub issue tracker. -If you believe you've identified a security issue with ``cryptography``, please -report it to ``alex.gaynor@gmail.com`` and/or ``paul.l.kehrer@gmail.com``. You -should verify that your MTA uses TLS to ensure the confidentiality of your -message. +If you believe you've identified a security issue with ``cryptography``, +please report it via our `security advisory page`_. -Once you've submitted an issue via email, you should receive an acknowledgment -within 48 hours, and depending on the action to be taken, you may receive -further follow-up emails. +Once you've submitted an issue, you should receive an acknowledgment within 48 +hours, and depending on the action to be taken, you may receive further +follow-up. Supported Versions ------------------ @@ -89,4 +94,8 @@ The steps for issuing a security release are described in our :doc:`/doing-a-release` documentation. +.. _`osv.dev`: https://osv.dev/list?ecosystem=PyPI&q=cryptography +.. _`pip-audit`: https://pypi.org/project/pip-audit/ +.. _`osv-scan`: https://google.github.io/osv-scanner/ +.. _`security advisory page`: https://github.com/pyca/cryptography/security/advisories/new .. _`main`: https://github.com/pyca/cryptography diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 14f31e1..2cf3167 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -15,6 +15,7 @@ Botan Brainpool Bullseye Capitan +Carmichael CentOS changelog Changelog @@ -38,6 +39,7 @@ decrypted decrypting deprecations DER +dereference deserialize deserialized Deserialization @@ -50,6 +52,7 @@ Docstrings El Encodings endian +Euler extendable facto fallback @@ -60,6 +63,7 @@ Google hazmat Homebrew hostname +hostnames incrementing indistinguishability initialisms @@ -75,6 +79,7 @@ Koblitz Lange logins metadata +MGF Monterey Mozilla multi @@ -91,15 +96,18 @@ personalization RHEL parsers Parsers +PEM pickleable plaintext Poly pre precompute +precomputed preprocessor preprocessors presentational pseudorandom +PSS pyOpenSSL pytest relicensed @@ -109,8 +117,11 @@ Schneier scrypt serializer Serializers +setuptools SHA Solaris +Sonoma +SPKI Sur syscall Tanja @@ -119,12 +130,15 @@ Thawte timestamp timestamps toolchain +totient +Trixie tunable Ubuntu unencrypted unicode unpadded unpadding +Ventura verifier Verifier Verisign diff --git a/docs/x509/certificate-transparency.rst b/docs/x509/certificate-transparency.rst index dffee0c..0e04ef3 100644 --- a/docs/x509/certificate-transparency.rst +++ b/docs/x509/certificate-transparency.rst @@ -52,7 +52,7 @@ issued. .. attribute:: signature_hash_algorithm - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` @@ -61,7 +61,7 @@ issued. .. attribute:: signature_algorithm - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 :type: :class:`~cryptography.x509.certificate_transparency.SignatureAlgorithm` @@ -70,7 +70,7 @@ issued. .. attribute:: signature - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 :type: bytes @@ -78,7 +78,7 @@ issued. .. attribute:: extension_bytes - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 :type: bytes @@ -111,7 +111,7 @@ issued. .. class:: SignatureAlgorithm - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 An enumeration for SignedCertificateTimestamp signature algorithms. @@ -125,4 +125,4 @@ issued. .. attribute:: ECDSA -.. _`Certificate Transparency`: https://www.certificate-transparency.org/ +.. _`Certificate Transparency`: https://certificate.transparency.dev/ diff --git a/docs/x509/index.rst b/docs/x509/index.rst index ef51fbf..6e26846 100644 --- a/docs/x509/index.rst +++ b/docs/x509/index.rst @@ -11,6 +11,7 @@ certificates are commonly used in protocols like `TLS`_. tutorial certificate-transparency ocsp + verification reference .. _`public key infrastructure`: https://en.wikipedia.org/wiki/Public_key_infrastructure diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst index aee6fdd..beaa353 100644 --- a/docs/x509/ocsp.rst +++ b/docs/x509/ocsp.rst @@ -134,7 +134,8 @@ Creating Requests .. method:: add_certificate(cert, issuer, algorithm) Adds a request using a certificate, issuer certificate, and hash - algorithm. This can only be called once. + algorithm. You can call this method or ``add_certificate_by_hash`` + only once. :param cert: The :class:`~cryptography.x509.Certificate` whose validity is being checked. @@ -151,6 +152,35 @@ Creating Requests :class:`~cryptography.hazmat.primitives.hashes.SHA384`, and :class:`~cryptography.hazmat.primitives.hashes.SHA512` are allowed. + .. method:: add_certificate_by_hash(issuer_name_hash, issuer_key_hash, serial_number, algorithm) + + .. versionadded:: 39.0.0 + + Adds a request using the issuer's name hash, key hash, the certificate + serial number and hash algorithm. You can call this method or + ``add_certificate`` only once. + + :param issuer_name_hash: The hash of the issuer's DER encoded name using the + same hash algorithm as the one specified in the ``algorithm`` parameter. + :type issuer_name_hash: bytes + + :param issuer_key_hash: The hash of the issuer's public key bit string + DER encoding using the same hash algorithm as the one specified in + the ``algorithm`` parameter. + :type issuer_key_hash: bytes + + :param serial_number: The serial number of the certificate being checked. + :type serial_number: int + + :param algorithm: A + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` + instance. For OCSP only + :class:`~cryptography.hazmat.primitives.hashes.SHA1`, + :class:`~cryptography.hazmat.primitives.hashes.SHA224`, + :class:`~cryptography.hazmat.primitives.hashes.SHA256`, + :class:`~cryptography.hazmat.primitives.hashes.SHA384`, and + :class:`~cryptography.hazmat.primitives.hashes.SHA512` are allowed. + .. method:: add_extension(extval, critical) Adds an extension to the request. @@ -299,7 +329,7 @@ Creating Responses :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` - that will be used to sign the certificate. + that will be used to sign the response. :param algorithm: The :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that @@ -310,7 +340,11 @@ Creating Responses :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` and an instance of a :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` - otherwise. + otherwise. Please note that + :class:`~cryptography.hazmat.primitives.hashes.SHA1` + can not be used here, regardless of if it was used for + :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_response` + or not. :returns: A new :class:`~cryptography.x509.ocsp.OCSPResponse`. @@ -505,11 +539,28 @@ Interfaces :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`. + A naïve datetime representing the time when the response was produced. :raises ValueError: If ``response_status`` is not :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL`. + .. attribute:: produced_at_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the time when the response was produced. + + :raises ValueError: If ``response_status`` is not + :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL`. + .. attribute:: certificate_status :type: :class:`~cryptography.x509.ocsp.OCSPCertStatus` @@ -524,6 +575,12 @@ Interfaces :type: :class:`datetime.datetime` or None + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`. + A naïve datetime representing the time when the certificate was revoked or ``None`` if the certificate has not been revoked. @@ -531,6 +588,20 @@ Interfaces :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or if multiple SINGLERESPs are present. + .. attribute:: revocation_time_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` or None + + A timezone-aware datetime representing the time when the certificate was + revoked or ``None`` if the certificate has not been revoked. + + :raises ValueError: If ``response_status`` is not + :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or + if multiple SINGLERESPs are present. + + .. attribute:: revocation_reason :type: :class:`~cryptography.x509.ReasonFlags` or None @@ -546,6 +617,12 @@ Interfaces :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`. + A naïve datetime representing the most recent time at which the status being indicated is known by the responder to have been correct. @@ -553,10 +630,29 @@ Interfaces :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or if multiple SINGLERESPs are present. + .. attribute:: this_update_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the most recent time at which the status + being indicated is known by the responder to have been correct. + + :raises ValueError: If ``response_status`` is not + :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or + if multiple SINGLERESPs are present. + .. attribute:: next_update :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`. + A naïve datetime representing the time when newer information will be available. @@ -564,6 +660,21 @@ Interfaces :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or if multiple SINGLERESPs are present. + + .. attribute:: next_update_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the time when newer information will + be available. + + :raises ValueError: If ``response_status`` is not + :class:`~cryptography.x509.ocsp.OCSPResponseStatus.SUCCESSFUL` or + if multiple SINGLERESPs are present. + + .. attribute:: issuer_key_hash :type: bytes @@ -725,9 +836,24 @@ Interfaces :type: :class:`datetime.datetime` or None + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`. + A naïve datetime representing the time when the certificate was revoked or ``None`` if the certificate has not been revoked. + .. attribute:: revocation_time_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` or None + + A timezone-aware datetime representing the time when the certificate was revoked + or ``None`` if the certificate has not been revoked. + .. attribute:: revocation_reason :type: :class:`~cryptography.x509.ReasonFlags` or None @@ -739,16 +865,46 @@ Interfaces :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.this_update_utc`. + A naïve datetime representing the most recent time at which the status being indicated is known by the responder to have been correct. + .. attribute:: this_update_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the most recent time at which the status + being indicated is known by the responder to have been correct. + .. attribute:: next_update :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.next_update_utc`. + A naïve datetime representing the time when newer information will be available. + .. attribute:: next_update_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the time when newer information will + be available. + .. attribute:: issuer_key_hash :type: bytes @@ -774,4 +930,4 @@ Interfaces :type: int - The serial number of the certificate that was checked. \ No newline at end of file + The serial number of the certificate that was checked. diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 28069e8..c3de5e6 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -146,10 +146,35 @@ X.509 Reference -----END CERTIFICATE----- """.strip() + rsa_pss_pem_cert = b""" + -----BEGIN CERTIFICATE----- + MIIDfTCCAjCgAwIBAgIUP4D/5rcT93vdYGPhsKf+hbes/JgwQgYJKoZIhvcNAQEK + MDWgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF + AKIEAgIA3jAaMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcNMjIwNDMwMjAz + MTE4WhcNMzMwNDEyMjAzMTE4WjAaMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8w + ggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAt1jpboUoNppBVamc+nA+zEjl + jn/gPbRFCvyveRd8Yr0p8y1mlmjKXcQlXcHPVM4TopgFXqDykIHXxJxLV56ysb4K + UGe0nxpmhEso5ZGUgkDIIoH0NAQAsS8rS2ZzNJcLrLGrMY6DRgFsa+G6h2DvMwgl + nsX++a8FIm7Vu+OZnfWpDEuhJU4TRtHVviJSYkFMckyYBB48k1MU+0b4pezHconZ + mMEisBFFbwarNvowf2i/tRESe3myKXfiJsZZ2UzdE3FqycSgw1tx8qV/Z8myozUW + uihIdw8TGbbsJhEeVFxQEP/DVzC6HHDI3EVpr2jPYeIE60hhZwM7jUmQscLerQID + AQABo1MwUTAdBgNVHQ4EFgQUb1QD8QEIQn5DALIAujTDATssNcQwHwYDVR0jBBgw + FoAUb1QD8QEIQn5DALIAujTDATssNcQwDwYDVR0TAQH/BAUwAwEB/zBCBgkqhkiG + 9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFl + AwQCAQUAogQCAgDeA4IBAQAvKBXlx07tdmtfhNTPn16dupBIS5344ZE4tfGSE5Ir + iA1X0bukKQ6V+6xJXGreaIw0wvwtIeI/R0JwcR114HBDqjt40vklyNSpGCJzgkfD + Q/d8JXN/MLyQrk+5F9JMy+HuZAgefAQAjugC6389Klpqx2Z1CgwmALhjIs48GnMp + Iz9vU2O6RDkMBlBRdmfkJVjhhPvJYpDDW1ic5O3pxtMoiC1tAHHMm4gzM1WCFeOh + cDNxABlvVNPTnqkOhKBmmwRaBwdvvksgeu2RyBNR0KEy44gWzYB9/Ter2t4Z8ASq + qCv8TuYr2QGaCnI2FVS5S9n6l4JNkFHqPMtuhrkr3gEz + -----END CERTIFICATE----- + """.strip() + Loading Certificates ~~~~~~~~~~~~~~~~~~~~ .. function:: load_pem_x509_certificate(data) + :canonical: cryptography.x509.base.load_pem_x509_certificate .. versionadded:: 0.7 @@ -168,7 +193,25 @@ Loading Certificates >>> cert.serial_number 2 +.. function:: load_pem_x509_certificates(data) + :canonical: cryptography.x509.base.load_pem_x509_certificates + + .. versionadded:: 39.0.0 + + Deserialize one or more certificates from PEM encoded data. + + This is like :func:`~cryptography.x509.load_pem_x509_certificate`, but + allows for loading multiple certificates (as adjacent PEMs) at once. + + :param bytes data: One or more PEM-encoded certificates. + + :returns: list of :class:`~cryptography.x509.Certificate` + + :raises ValueError: If there isn't at least one certificate, or if any + certificate is malformed. + .. function:: load_der_x509_certificate(data) + :canonical: cryptography.x509.base.load_der_x509_certificate .. versionadded:: 0.7 @@ -184,6 +227,7 @@ Loading Certificate Revocation Lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. function:: load_pem_x509_crl(data) + :canonical: cryptography.x509.base.load_pem_x509_crl .. versionadded:: 1.1 @@ -205,6 +249,7 @@ Loading Certificate Revocation Lists True .. function:: load_der_x509_crl(data) + :canonical: cryptography.x509.base.load_der_x509_crl .. versionadded:: 1.1 @@ -220,6 +265,7 @@ Loading Certificate Signing Requests ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. function:: load_pem_x509_csr(data) + :canonical: cryptography.x509.base.load_pem_x509_csr .. versionadded:: 0.9 @@ -242,6 +288,7 @@ Loading Certificate Signing Requests True .. function:: load_der_x509_csr(data) + :canonical: cryptography.x509.base.load_der_x509_csr .. versionadded:: 0.9 @@ -257,6 +304,7 @@ X.509 Certificate Object ~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: Certificate + :canonical: cryptography.x509.base.Certificate .. versionadded:: 0.7 @@ -307,13 +355,7 @@ X.509 Certificate Object The public key associated with the certificate. :returns: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`. .. doctest:: @@ -322,10 +364,32 @@ X.509 Certificate Object >>> isinstance(public_key, rsa.RSAPublicKey) True + .. attribute:: public_key_algorithm_oid + + .. versionadded:: 43.0.0 + + :type: :class:`ObjectIdentifier` + + Returns the :class:`ObjectIdentifier` of the public key algorithm found + inside the certificate. This will be one of the OIDs from + :class:`~cryptography.x509.oid.PublicKeyAlgorithmOID`. + + .. doctest:: + + >>> cert.public_key_algorithm_oid + + .. attribute:: not_valid_before :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.Certificate.not_valid_before_utc`. + + A naïve datetime representing the beginning of the validity period for the certificate in UTC. This value is inclusive. @@ -334,10 +398,30 @@ X.509 Certificate Object >>> cert.not_valid_before datetime.datetime(2010, 1, 1, 8, 30) + .. attribute:: not_valid_before_utc + + .. versionadded:: 42.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the beginning of the validity + period for the certificate in UTC. This value is inclusive. + + .. doctest:: + + >>> cert.not_valid_before_utc + datetime.datetime(2010, 1, 1, 8, 30, tzinfo=datetime.timezone.utc) + .. attribute:: not_valid_after :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.Certificate.not_valid_after_utc`. + A naïve datetime representing the end of the validity period for the certificate in UTC. This value is inclusive. @@ -346,6 +430,20 @@ X.509 Certificate Object >>> cert.not_valid_after datetime.datetime(2030, 12, 31, 8, 30) + .. attribute:: not_valid_after_utc + + .. versionadded:: 42.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the end of the validity period + for the certificate in UTC. This value is inclusive. + + .. doctest:: + + >>> cert.not_valid_after_utc + datetime.datetime(2030, 12, 31, 8, 30, tzinfo=datetime.timezone.utc) + .. attribute:: issuer .. versionadded:: 0.8 @@ -395,6 +493,34 @@ X.509 Certificate Object >>> cert.signature_algorithm_oid + .. attribute:: signature_algorithm_parameters + + .. versionadded:: 41.0.0 + + Returns the parameters of the signature algorithm used to sign the + certificate. For RSA signatures it will return either a + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` object. + + For ECDSA signatures it will + return an :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`. + + For EdDSA and DSA signatures it will return ``None``. + + These objects can be used to verify signatures on the certificate. + + :returns: None, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`, or + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` + + .. doctest:: + + >>> from cryptography.hazmat.primitives.asymmetric import padding + >>> pss_cert = x509.load_pem_x509_certificate(rsa_pss_pem_cert) + >>> isinstance(pss_cert.signature_algorithm_parameters, padding.PSS) + True + .. attribute:: extensions :type: :class:`Extensions` @@ -462,10 +588,39 @@ X.509 Certificate Object An :class:`~cryptography.exceptions.InvalidSignature` exception will be raised if the signature fails to verify. + .. method:: verify_directly_issued_by(issuer) + + .. versionadded:: 40.0.0 + + :param issuer: The issuer certificate to check against. + :type issuer: :class:`~cryptography.x509.Certificate` + + .. warning:: + This method verifies that the certificate issuer name matches the + issuer subject name and that the certificate is signed by the + issuer's private key. **No other validation is performed.** + Callers are responsible for performing any additional + validations required for their use case (e.g. checking the validity + period, whether the signer is allowed to issue certificates, + that the issuing certificate has a strong public key, etc). + + Validates that the certificate is signed by the provided issuer and + that the issuer's subject name matches the issuer name of the + certificate. + + :return: None + :raise ValueError: If the issuer name on the certificate does + not match the subject name of the issuer or the signature + algorithm is unsupported. + :raise TypeError: If the issuer does not have a supported public + key type. + :raise cryptography.exceptions.InvalidSignature: If the + signature fails to verify. + .. attribute:: tbs_precertificate_bytes - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 :type: bytes @@ -501,6 +656,7 @@ X.509 CRL (Certificate Revocation List) Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: CertificateRevocationList + :canonical: cryptography.x509.base.CertificateRevocationList .. versionadded:: 1.0 @@ -575,6 +731,27 @@ X.509 CRL (Certificate Revocation List) Object >>> crl.signature_algorithm_oid + .. attribute:: signature_algorithm_parameters + + .. versionadded:: 42.0.0 + + Returns the parameters of the signature algorithm used to sign the + certificate revocation list. For RSA signatures it will return either a + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` object. + + For ECDSA signatures it will + return an :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`. + + For EdDSA and DSA signatures it will return ``None``. + + These objects can be used to verify the CRL signature. + + :returns: None, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`, or + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` + .. attribute:: issuer :type: :class:`Name` @@ -590,6 +767,12 @@ X.509 CRL (Certificate Revocation List) Object :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`. + A naïve datetime representing when the next update to this CRL is expected. @@ -598,10 +781,30 @@ X.509 CRL (Certificate Revocation List) Object >>> crl.next_update datetime.datetime(2016, 1, 1, 0, 0) + .. attribute:: next_update_utc + + .. versionadded:: 42.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing when the next update to this + CRL is expected. + + .. doctest:: + + >>> crl.next_update_utc + datetime.datetime(2016, 1, 1, 0, 0, tzinfo=datetime.timezone.utc) + .. attribute:: last_update :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`. + A naïve datetime representing when this CRL was last updated. .. doctest:: @@ -609,6 +812,19 @@ X.509 CRL (Certificate Revocation List) Object >>> crl.last_update datetime.datetime(2015, 1, 1, 0, 0) + .. attribute:: last_update_utc + + .. versionadded:: 42.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing when this CRL was last updated. + + .. doctest:: + + >>> crl.last_update_utc + datetime.datetime(2015, 1, 1, 0, 0, tzinfo=datetime.timezone.utc) + .. attribute:: extensions :type: :class:`Extensions` @@ -663,6 +879,7 @@ X.509 Certificate Builder ~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: CertificateBuilder + :canonical: cryptography.x509.base.CertificateBuilder .. versionadded:: 1.0 @@ -681,10 +898,10 @@ X.509 Certificate Builder >>> public_key = private_key.public_key() >>> builder = x509.CertificateBuilder() >>> builder = builder.subject_name(x509.Name([ - ... x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + ... x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io'), ... ])) >>> builder = builder.issuer_name(x509.Name([ - ... x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + ... x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io'), ... ])) >>> builder = builder.not_valid_before(datetime.datetime.today() - one_day) >>> builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30)) @@ -692,7 +909,7 @@ X.509 Certificate Builder >>> builder = builder.public_key(public_key) >>> builder = builder.add_extension( ... x509.SubjectAlternativeName( - ... [x509.DNSName(u'cryptography.io')] + ... [x509.DNSName('cryptography.io')] ... ), ... critical=False ... ) @@ -724,13 +941,7 @@ X.509 Certificate Builder Sets the subject's public key. :param public_key: The subject's public key. This can be one of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`. + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`. .. method:: serial_number(serial_number) @@ -777,17 +988,13 @@ X.509 Certificate Builder :param critical: Set to ``True`` if the extension must be understood and handled by whoever reads the certificate. - .. method:: sign(private_key, algorithm) + .. method:: sign(private_key, algorithm, *, rsa_padding=None) Sign the certificate using the CA's private key. - :param private_key: The - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` - that will be used to sign the certificate. + :param private_key: The key that will be used to sign the certificate, + one of + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. :param algorithm: The :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that @@ -800,6 +1007,22 @@ X.509 Certificate Builder :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` otherwise. + :param rsa_padding: + + .. versionadded:: 41.0.0 + + This is a keyword-only argument. If ``private_key`` is an + ``RSAPrivateKey`` then this can be set to either + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` to sign + with those respective paddings. If this is ``None`` then RSA + keys will default to ``PKCS1v15`` padding. All other key types **must** + not pass a value other than ``None``. + + :type rsa_padding: ``None``, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + or :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + :returns: :class:`~cryptography.x509.Certificate` @@ -807,6 +1030,7 @@ X.509 CSR (Certificate Signing Request) Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: CertificateSigningRequest + :canonical: cryptography.x509.base.CertificateSigningRequest .. versionadded:: 0.9 @@ -815,11 +1039,7 @@ X.509 CSR (Certificate Signing Request) Object The public key associated with the request. :returns: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`. + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`. .. doctest:: @@ -828,6 +1048,21 @@ X.509 CSR (Certificate Signing Request) Object >>> isinstance(public_key, rsa.RSAPublicKey) True + .. attribute:: public_key_algorithm_oid + + .. versionadded:: 43.0.0 + + :type: :class:`ObjectIdentifier` + + Returns the :class:`ObjectIdentifier` of the public key algorithm found + inside the certificate. This will be one of the OIDs from + :class:`~cryptography.x509.oid.PublicKeyAlgorithmOID`. + + .. doctest:: + + >>> csr.public_key_algorithm_oid + + .. attribute:: subject :type: :class:`Name` @@ -866,6 +1101,27 @@ X.509 CSR (Certificate Signing Request) Object >>> csr.signature_algorithm_oid + .. attribute:: signature_algorithm_parameters + + .. versionadded:: 42.0.0 + + Returns the parameters of the signature algorithm used to sign the + certificate signing request. For RSA signatures it will return either a + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` object. + + For ECDSA signatures it will + return an :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`. + + For EdDSA and DSA signatures it will return ``None``. + + These objects can be used to verify signatures on the signing request. + + :returns: None, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`, or + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` + .. attribute:: extensions :type: :class:`Extensions` @@ -880,7 +1136,7 @@ X.509 CSR (Certificate Signing Request) Object .. attribute:: attributes - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 :type: :class:`Attributes` @@ -927,6 +1183,7 @@ X.509 Certificate Revocation List Builder ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: CertificateRevocationListBuilder + :canonical: cryptography.x509.base.CertificateRevocationListBuilder .. versionadded:: 1.2 @@ -944,7 +1201,7 @@ X.509 Certificate Revocation List Builder ... ) >>> builder = x509.CertificateRevocationListBuilder() >>> builder = builder.issuer_name(x509.Name([ - ... x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io CA'), + ... x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io CA'), ... ])) >>> builder = builder.last_update(datetime.datetime.today()) >>> builder = builder.next_update(datetime.datetime.today() + one_day) @@ -1006,17 +1263,13 @@ X.509 Certificate Revocation List Builder obtained from an existing CRL or created with :class:`~cryptography.x509.RevokedCertificateBuilder`. - .. method:: sign(private_key, algorithm) + .. method:: sign(private_key, algorithm, *, rsa_padding=None) Sign this CRL using the CA's private key. - :param private_key: The - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` - that will be used to sign the certificate. + :param private_key: The private key that will be used to sign the + certificate, one of + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. :param algorithm: The :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that @@ -1029,12 +1282,29 @@ X.509 Certificate Revocation List Builder :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` otherwise. + :param rsa_padding: + + .. versionadded:: 42.0.0 + + This is a keyword-only argument. If ``private_key`` is an + ``RSAPrivateKey`` then this can be set to either + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` to sign + with those respective paddings. If this is ``None`` then RSA + keys will default to ``PKCS1v15`` padding. All other key types **must** + not pass a value other than ``None``. + + :type rsa_padding: ``None``, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + or :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + :returns: :class:`~cryptography.x509.CertificateRevocationList` X.509 Revoked Certificate Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: RevokedCertificate + :canonical: cryptography.x509.base.RevokedCertificate .. versionadded:: 1.0 @@ -1053,6 +1323,12 @@ X.509 Revoked Certificate Object :type: :class:`datetime.datetime` + .. warning:: + + This property is deprecated and will be removed in a future + version. Please switch to the timezone-aware variant + :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`. + A naïve datetime representing the date this certificates was revoked. .. doctest:: @@ -1060,6 +1336,20 @@ X.509 Revoked Certificate Object >>> revoked_certificate.revocation_date datetime.datetime(2015, 1, 1, 0, 0) + .. attribute:: revocation_date_utc + + .. versionadded:: 42.0.0 + + :type: :class:`datetime.datetime` + + A timezone-aware datetime representing the date this certificates was + revoked. + + .. doctest:: + + >>> revoked_certificate.revocation_date_utc + datetime.datetime(2015, 1, 1, 0, 0, tzinfo=datetime.timezone.utc) + .. attribute:: extensions :type: :class:`Extensions` @@ -1077,6 +1367,7 @@ X.509 Revoked Certificate Builder ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: RevokedCertificateBuilder + :canonical: cryptography.x509.base.RevokedCertificateBuilder This class is used to create :class:`~cryptography.x509.RevokedCertificate` objects that can be used with the @@ -1129,6 +1420,7 @@ X.509 CSR (Certificate Signing Request) Builder Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: CertificateSigningRequestBuilder + :canonical: cryptography.x509.base.CertificateSigningRequestBuilder .. versionadded:: 1.0 @@ -1144,7 +1436,7 @@ X.509 CSR (Certificate Signing Request) Builder Object ... ) >>> builder = x509.CertificateSigningRequestBuilder() >>> builder = builder.subject_name(x509.Name([ - ... x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io'), + ... x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io'), ... ])) >>> builder = builder.add_extension( ... x509.BasicConstraints(ca=False, path_length=None), critical=True, @@ -1184,17 +1476,13 @@ X.509 CSR (Certificate Signing Request) Builder Object :returns: A new :class:`~cryptography.x509.CertificateSigningRequestBuilder`. - .. method:: sign(private_key, algorithm) + .. method:: sign(private_key, algorithm, *, rsa_padding=None) - :param private_key: The - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey` + :param private_key: The private key that will be used to sign the request. When the request is signed by a certificate authority, the private key's associated - public key will be stored in the resulting certificate. + public key will be stored in the resulting certificate. One of + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. :param algorithm: The :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` @@ -1207,11 +1495,28 @@ X.509 CSR (Certificate Signing Request) Builder Object :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` otherwise. + :param rsa_padding: + + .. versionadded:: 42.0.0 + + This is a keyword-only argument. If ``private_key`` is an + ``RSAPrivateKey`` then this can be set to either + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` or + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` to sign + with those respective paddings. If this is ``None`` then RSA + keys will default to ``PKCS1v15`` padding. All other key types **must** + not pass a value other than ``None``. + + :type rsa_padding: ``None``, + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`, + or :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + :returns: A new :class:`~cryptography.x509.CertificateSigningRequest`. .. class:: Name + :canonical: cryptography.x509.name.Name .. versionadded:: 0.8 @@ -1251,7 +1556,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. classmethod:: from_rfc4514_string(data, attr_name_overrides=None) - .. versionadded: 37.0 + .. versionadded: 37.0.0 :param str data: An :rfc:`4514` string. :param attr_name_overrides: Specify custom OID to name mappings, which @@ -1290,7 +1595,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. method:: rfc4514_string(attr_name_overrides=None) .. versionadded:: 2.5 - .. versionchanged:: 36.0 + .. versionchanged:: 36.0.0 Added ``attr_name_overrides`` parameter. @@ -1326,6 +1631,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. class:: Version + :canonical: cryptography.x509.base.Version .. versionadded:: 0.7 @@ -1340,6 +1646,7 @@ X.509 CSR (Certificate Signing Request) Builder Object For version 3 X.509 certificates. .. class:: NameAttribute + :canonical: cryptography.x509.name.NameAttribute .. versionadded:: 0.8 @@ -1354,13 +1661,15 @@ X.509 CSR (Certificate Signing Request) Builder Object .. attribute:: value - :type: str + :type: ``str`` or ``bytes`` - The value of the attribute. + The value of the attribute. This will generally be a ``str``, the only + times it can be a ``bytes`` is when :attr:`oid` is + ``X500_UNIQUE_IDENTIFIER``. .. attribute:: rfc4514_attribute_name - .. versionadded:: 35.0 + .. versionadded:: 35.0.0 :type: str @@ -1370,7 +1679,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. method:: rfc4514_string(attr_name_overrides=None) .. versionadded:: 2.5 - .. versionchanged:: 36.0 + .. versionchanged:: 36.0.0 Added ``attr_name_overrides`` parameter. @@ -1385,6 +1694,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. class:: RelativeDistinguishedName(attributes) + :canonical: cryptography.x509.name.RelativeDistinguishedName .. versionadded:: 1.6 @@ -1402,7 +1712,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. method:: rfc4514_string(attr_name_overrides=None) .. versionadded:: 2.5 - .. versionchanged:: 36.0 + .. versionchanged:: 36.0.0 Added ``attr_name_overrides`` parameter. @@ -1417,6 +1727,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. class:: ObjectIdentifier + :canonical: ObjectIdentifier .. versionadded:: 0.8 @@ -1436,6 +1747,7 @@ General Name Classes ~~~~~~~~~~~~~~~~~~~~ .. class:: GeneralName + :canonical: cryptography.x509.general_name.GeneralName .. versionadded:: 0.9 @@ -1443,6 +1755,7 @@ General Name Classes against. .. class:: RFC822Name(value) + :canonical: cryptography.x509.general_name.RFC822Name .. versionadded:: 0.9 @@ -1464,6 +1777,7 @@ General Name Classes :type: str .. class:: DNSName(value) + :canonical: cryptography.x509.general_name.DNSName .. versionadded:: 0.9 @@ -1487,6 +1801,7 @@ General Name Classes :type: str .. class:: DirectoryName(value) + :canonical: cryptography.x509.general_name.DirectoryName .. versionadded:: 0.9 @@ -1497,6 +1812,7 @@ General Name Classes :type: :class:`Name` .. class:: UniformResourceIdentifier(value) + :canonical: cryptography.x509.general_name.UniformResourceIdentifier .. versionadded:: 0.9 @@ -1519,6 +1835,7 @@ General Name Classes :type: str .. class:: IPAddress(value) + :canonical: cryptography.x509.general_name.IPAddress .. versionadded:: 0.9 @@ -1531,6 +1848,7 @@ General Name Classes or :class:`~ipaddress.IPv6Network`. .. class:: RegisteredID(value) + :canonical: cryptography.x509.general_name.RegisteredID .. versionadded:: 0.9 @@ -1541,6 +1859,7 @@ General Name Classes :type: :class:`ObjectIdentifier` .. class:: OtherName(type_id, value) + :canonical: cryptography.x509.general_name.OtherName .. versionadded:: 1.0 @@ -1558,6 +1877,7 @@ X.509 Extensions ~~~~~~~~~~~~~~~~ .. class:: Extensions + :canonical: cryptography.x509.extensions.Extensions .. versionadded:: 0.9 @@ -1597,6 +1917,7 @@ X.509 Extensions , critical=True, value=)> .. class:: Extension + :canonical: cryptography.x509.extensions.Extension .. versionadded:: 0.9 @@ -1620,6 +1941,7 @@ X.509 Extensions Returns an instance of the extension type corresponding to the OID. .. class:: ExtensionType + :canonical: cryptography.x509.extensions.ExtensionType .. versionadded:: 1.0 @@ -1634,13 +1956,14 @@ X.509 Extensions .. method:: public_bytes() - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 :return bytes: A bytes string representing the extension's DER encoded value. .. class:: KeyUsage(digital_signature, content_commitment, key_encipherment, data_encipherment, key_agreement, key_cert_sign, crl_sign, encipher_only, decipher_only) + :canonical: cryptography.x509.extensions.KeyUsage .. versionadded:: 0.9 @@ -1740,6 +2063,7 @@ X.509 Extensions .. class:: BasicConstraints(ca, path_length) + :canonical: cryptography.x509.extensions.BasicConstraints .. versionadded:: 0.9 @@ -1775,6 +2099,7 @@ X.509 Extensions is not allowed to create subordinates with ``ca`` set to true. .. class:: ExtendedKeyUsage(usages) + :canonical: cryptography.x509.extensions.ExtendedKeyusage .. versionadded:: 0.9 @@ -1797,6 +2122,7 @@ X.509 Extensions .. class:: OCSPNoCheck() + :canonical: cryptography.x509.extensions.OCSPNoCheck .. versionadded:: 1.0 @@ -1819,6 +2145,7 @@ X.509 Extensions .. class:: TLSFeature(features) + :canonical: cryptography.x509.extensions.TLSFeature .. versionadded:: 2.1 @@ -1837,6 +2164,7 @@ X.509 Extensions Returns :attr:`~cryptography.x509.oid.ExtensionOID.TLS_FEATURE`. .. class:: TLSFeatureType + :canonical: cryptography.x509.extensions.TLSFeatureType .. versionadded:: 2.1 @@ -1857,6 +2185,7 @@ X.509 Extensions .. class:: NameConstraints(permitted_subtrees, excluded_subtrees) + :canonical: cryptography.x509.extensions.NameConstraints .. versionadded:: 1.0 @@ -1891,6 +2220,7 @@ X.509 Extensions ``excluded_subtrees`` will be non-None. .. class:: AuthorityKeyIdentifier(key_identifier, authority_cert_issuer, authority_cert_serial_number) + :canonical: cryptography.x509.extensions.AuthorityKeyIdentifier .. versionadded:: 0.9 @@ -1952,11 +2282,7 @@ X.509 Extensions section 4.2.1.2. :param public_key: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`. + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`. .. doctest:: @@ -1996,6 +2322,7 @@ X.509 Extensions .. class:: SubjectKeyIdentifier(digest) + :canonical: cryptography.x509.extensions.SubjectKeyIdentifier .. versionadded:: 0.9 @@ -2036,11 +2363,7 @@ X.509 Extensions recommendation in :rfc:`5280` section 4.2.1.2. :param public_key: One of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, - :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey` or - :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`. + :data:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`. .. doctest:: @@ -2050,6 +2373,7 @@ X.509 Extensions .. class:: SubjectAlternativeName(general_names) + :canonical: cryptography.x509.extensions.SubjectAlternativeName .. versionadded:: 0.9 @@ -2081,6 +2405,7 @@ X.509 Extensions >>> from cryptography import x509 >>> from cryptography.hazmat.primitives import hashes + >>> from cryptography.x509.oid import ExtensionOID >>> cert = x509.load_pem_x509_certificate(cryptography_cert_pem) >>> # Get the subjectAltName extension from the certificate >>> ext = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) @@ -2090,6 +2415,7 @@ X.509 Extensions .. class:: IssuerAlternativeName(general_names) + :canonical: cryptography.x509.extensions.IssuerAlternativeName .. versionadded:: 1.0 @@ -2118,6 +2444,7 @@ X.509 Extensions .. class:: PrecertificateSignedCertificateTimestamps(scts) + :canonical: cryptography.x509.extensions.PrecertificateSignedCertificateTimestamps .. versionadded:: 2.0 @@ -2144,6 +2471,7 @@ X.509 Extensions .. class:: PrecertPoison() + :canonical: cryptography.x509.extensions.PrecertPoison .. versionadded:: 2.4 @@ -2161,6 +2489,7 @@ X.509 Extensions .. class:: SignedCertificateTimestamps(scts) + :canonical: cryptography.x509.extensions.SignedCertificateTimestamps .. versionadded:: 3.0 @@ -2188,6 +2517,7 @@ X.509 Extensions .. class:: DeltaCRLIndicator(crl_number) + :canonical: cryptography.x509.extensions.DeltaCRLIndicator .. versionadded:: 2.1 @@ -2212,6 +2542,7 @@ X.509 Extensions .. class:: AuthorityInformationAccess(descriptions) + :canonical: cryptography.x509.extensions.AuthorityInformationAccess .. versionadded:: 0.9 @@ -2235,6 +2566,7 @@ X.509 Extensions .. class:: SubjectInformationAccess(descriptions) + :canonical: cryptography.x509.extensions.SubjectInformationAccess .. versionadded:: 3.0 @@ -2258,6 +2590,7 @@ X.509 Extensions .. class:: AccessDescription(access_method, access_location) + :canonical: cryptography.x509.extensions.AccessDescription .. versionadded:: 0.9 @@ -2291,6 +2624,7 @@ X.509 Extensions Where to access the information defined by the access method. .. class:: FreshestCRL(distribution_points) + :canonical: cryptography.x509.extensions.FreshestCRL .. versionadded:: 2.1 @@ -2309,6 +2643,7 @@ X.509 Extensions :attr:`~cryptography.x509.oid.ExtensionOID.FRESHEST_CRL`. .. class:: CRLDistributionPoints(distribution_points) + :canonical: cryptography.x509.extensions.CRLDistributionPoints .. versionadded:: 0.9 @@ -2329,6 +2664,7 @@ X.509 Extensions :attr:`~cryptography.x509.oid.ExtensionOID.CRL_DISTRIBUTION_POINTS`. .. class:: DistributionPoint(full_name, relative_name, reasons, crl_issuer) + :canonical: cryptography.x509.extensions.DistributionPoint .. versionadded:: 0.9 @@ -2364,6 +2700,7 @@ X.509 Extensions revocation checks. .. class:: ReasonFlags + :canonical: cryptography.x509.extensions.ReasonFlags .. versionadded:: 0.9 @@ -2416,6 +2753,7 @@ X.509 Extensions in a :class:`DistributionPoint`. .. class:: InhibitAnyPolicy(skip_certs) + :canonical: cryptography.x509.extensions.InhibitAnyPolicy .. versionadded:: 1.0 @@ -2445,6 +2783,7 @@ X.509 Extensions :type: int .. class:: PolicyConstraints + :canonical: cryptography.x509.extensions.PolicyConstraints .. versionadded:: 1.3 @@ -2483,6 +2822,7 @@ X.509 Extensions certificate, but not in additional certificates in the chain. .. class:: CRLNumber(crl_number) + :canonical: cryptography.x509.extensions.CRLNumber .. versionadded:: 1.2 @@ -2505,6 +2845,7 @@ X.509 Extensions .. class:: IssuingDistributionPoint(full_name, relative_name,\ only_contains_user_certs, only_contains_ca_certs, only_some_reasons,\ indirect_crl, only_contains_attribute_certs) + :canonical: cryptography.x509.extensions.IssuingDistributionPoint .. versionadded:: 2.5 @@ -2574,6 +2915,7 @@ X.509 Extensions non-None. .. class:: UnrecognizedExtension + :canonical: cryptography.x509.extensions.UnrecognizedExtension .. versionadded:: 1.2 @@ -2594,7 +2936,36 @@ X.509 Extensions Returns the DER encoded bytes payload of the extension. +.. class:: MSCertificateTemplate(template_id, major_version, minor_version) + :canonical: cryptography.x509.extensions.MSCertificateTemplate + + .. versionadded:: 41.0.0 + + The Microsoft certificate template extension is a proprietary Microsoft + PKI extension that is used to provide information about the template + associated with the certificate. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns + :attr:`~cryptography.x509.oid.ExtensionOID.MS_CERTIFICATE_TEMPLATE`. + + .. attribute:: template_id + + :type: :class:`ObjectIdentifier` + + .. attribute:: major_version + + :type: int or None + + .. attribute:: minor_version + + :type: int or None + .. class:: CertificatePolicies(policies) + :canonical: cryptography.x509.extensions.CertificatePolicies .. versionadded:: 0.9 @@ -2611,7 +2982,7 @@ X.509 Extensions def contains_domain_validated(policies): return any( - policy.oid.dotted_string == "2.23.140.1.2.1" + policy.policy_identifier.dotted_string == "2.23.140.1.2.1" for policy in policies ) @@ -2630,6 +3001,7 @@ Certificate Policies Classes These classes may be present within a :class:`CertificatePolicies` instance. .. class:: PolicyInformation(policy_identifier, policy_qualifiers) + :canonical: cryptography.x509.extensions.PolicyInformation .. versionadded:: 0.9 @@ -2649,6 +3021,7 @@ These classes may be present within a :class:`CertificatePolicies` instance. display to the relying party when the certificate is used. .. class:: UserNotice(notice_reference, explicit_text) + :canonical: cryptography.x509.extensions.UserNotice .. versionadded:: 0.9 @@ -2671,6 +3044,7 @@ These classes may be present within a :class:`CertificatePolicies` instance. :type: str .. class:: NoticeReference(organization, notice_numbers) + :canonical: cryptography.x509.extensions.NoticeReference Notice reference can name an organization and provide information about notices related to the certificate. For example, it might identify the @@ -2699,6 +3073,7 @@ CRL Entry Extensions These extensions are only valid within a :class:`RevokedCertificate` object. .. class:: CertificateIssuer(general_names) + :canonical: cryptography.x509.extensions.CertificateIssuer .. versionadded:: 1.2 @@ -2727,6 +3102,7 @@ These extensions are only valid within a :class:`RevokedCertificate` object. The type of the returned values depends on the :class:`GeneralName`. .. class:: CRLReason(reason) + :canonical: cryptography.x509.extensions.CRLReason .. versionadded:: 1.2 @@ -2748,6 +3124,7 @@ These extensions are only valid within a :class:`RevokedCertificate` object. :type: An element from :class:`~cryptography.x509.ReasonFlags` .. class:: InvalidityDate(invalidity_date) + :canonical: cryptography.x509.extensions.InvalidityDate .. versionadded:: 1.2 @@ -2772,10 +3149,19 @@ These extensions are only valid within a :class:`RevokedCertificate` object. :type: :class:`datetime.datetime` + .. attribute:: invalidity_date_utc + + .. versionadded:: 43.0.0 + + :type: :class:`datetime.datetime` + + The invalidity date in UTC as a timezone-aware datetime object. + OCSP Extensions ~~~~~~~~~~~~~~~ .. class:: OCSPNonce(nonce) + :canonical: cryptography.x509.extensions.OCSPNonce .. versionadded:: 2.4 @@ -2797,12 +3183,36 @@ OCSP Extensions :type: bytes +.. class:: OCSPAcceptableResponses(response) + :canonical: cryptography.x509.extensions.OCSPAcceptableResponses + + .. versionadded:: 41.0.0 + + OCSP acceptable responses is an extension that is only valid inside + :class:`~cryptography.x509.ocsp.OCSPRequest` objects. This allows an OCSP + client to tell the server what types of responses it supports. In practice + this is rarely used, because there is only one kind of OCSP response in + wide use. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns + :attr:`~cryptography.x509.oid.OCSPExtensionOID.ACCEPTABLE_RESPONSES`. + + .. attribute:: nonce + + :type: bytes + + X.509 Request Attributes ~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: Attributes + :canonical: cryptography.x509.base.Attributes - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 An Attributes instance is an ordered list of attributes. The object is iterable to get every attribute. Each returned element is an @@ -2810,7 +3220,7 @@ X.509 Request Attributes .. method:: get_attribute_for_oid(oid) - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 :param oid: An :class:`ObjectIdentifier` instance. @@ -2821,8 +3231,9 @@ X.509 Request Attributes .. class:: Attribute + :canonical: cryptography.x509.base.Attribute - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 An attribute associated with an X.509 request. @@ -2847,6 +3258,7 @@ instances. The following common OIDs are available as constants. .. currentmodule:: cryptography.x509.oid .. class:: NameOID + :canonical: cryptography.hazmat._oid.NameOID These OIDs are typically seen in X.509 names. @@ -2877,6 +3289,12 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.4.9"``. + .. attribute:: ORGANIZATION_IDENTIFIER + + .. versionadded:: 42.0.0 + + Corresponds to the dotted string ``"2.5.4.97"``. + .. attribute:: ORGANIZATION_NAME Corresponds to the dotted string ``"2.5.4.10"``. @@ -2889,7 +3307,7 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.4.5"``. This is distinct from the serial number of the certificate itself (which can be obtained with - :func:`~cryptography.x509.Certificate.serial_number`). + :attr:`~cryptography.x509.Certificate.serial_number`). .. attribute:: SURNAME @@ -2903,6 +3321,12 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.4.12"``. + .. attribute:: INITIALS + + .. versionadded:: 41.0.0 + + Corresponds to the dotted string ``"2.5.4.43"``. + .. attribute:: GENERATION_QUALIFIER Corresponds to the dotted string ``"2.5.4.44"``. @@ -2974,6 +3398,7 @@ instances. The following common OIDs are available as constants. .. class:: SignatureAlgorithmOID + :canonical: cryptography.hazmat._oid.SignatureAlgorithmOID .. versionadded:: 1.0 @@ -3098,14 +3523,14 @@ instances. The following common OIDs are available as constants. .. attribute:: DSA_WITH_SHA384 - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 Corresponds to the dotted string ``"2.16.840.1.101.3.4.3.3"``. This is a SHA384 digest signed by a DSA key. .. attribute:: DSA_WITH_SHA512 - .. versionadded:: 36.0 + .. versionadded:: 36.0.0 Corresponds to the dotted string ``"2.16.840.1.101.3.4.3.4"``. This is a SHA512 digest signed by a DSA key. @@ -3126,6 +3551,7 @@ instances. The following common OIDs are available as constants. .. class:: ExtendedKeyUsageOID + :canonical: cryptography.hazmat._oid.ExtendedKeyUsageOID .. versionadded:: 1.0 @@ -3175,7 +3601,7 @@ instances. The following common OIDs are available as constants. .. attribute:: SMARTCARD_LOGON - .. versionadded:: 35.0 + .. versionadded:: 35.0.0 Corresponds to the dotted string ``"1.3.6.1.4.1.311.20.2.2"``. This is used to denote that a certificate may be used for ``PKINIT`` access @@ -3183,7 +3609,7 @@ instances. The following common OIDs are available as constants. .. attribute:: KERBEROS_PKINIT_KDC - .. versionadded:: 35.0 + .. versionadded:: 35.0.0 Corresponds to the dotted string ``"1.3.6.1.5.2.3.5"``. This is used to denote that a certificate may be used as a Kerberos @@ -3192,7 +3618,7 @@ instances. The following common OIDs are available as constants. .. attribute:: IPSEC_IKE - .. versionadded:: 37.0 + .. versionadded:: 37.0.0 Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.17"``. This is used to denote that a certificate may be assigned to an IPSEC SA, @@ -3201,7 +3627,7 @@ instances. The following common OIDs are available as constants. .. attribute:: CERTIFICATE_TRANSPARENCY - .. versionadded:: 38.0 + .. versionadded:: 38.0.0 Corresponds to the dotted string ``"1.3.6.1.4.1.11129.2.4.4"``. This is used to denote that a certificate may be used as a pre-certificate @@ -3210,6 +3636,7 @@ instances. The following common OIDs are available as constants. .. class:: AuthorityInformationAccessOID + :canonical: cryptography.hazmat._oid.AuthorityInformationAccessOID .. versionadded:: 1.0 @@ -3227,6 +3654,7 @@ instances. The following common OIDs are available as constants. .. class:: SubjectInformationAccessOID + :canonical: cryptography.hazmat._oid.SubjectInformationAccessOID .. versionadded:: 3.0 @@ -3238,6 +3666,7 @@ instances. The following common OIDs are available as constants. .. class:: CertificatePoliciesOID + :canonical: cryptography.hazmat._oid.CertificatePoliciesOID .. versionadded:: 1.0 @@ -3255,6 +3684,7 @@ instances. The following common OIDs are available as constants. .. class:: ExtensionOID + :canonical: cryptography.hazmat._oid.ExtensionOID .. versionadded:: 1.0 @@ -3387,8 +3817,23 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.29.28"``. + .. attribute:: POLICY_MAPPINGS + + Corresponds to the dotted string ``"2.5.29.33"``. + + .. attribute:: SUBJECT_DIRECTORY_ATTRIBUTES + + Corresponds to the dotted string ``"2.5.29.9"``. + + .. attribute:: MS_CERTIFICATE_TEMPLATE + + .. versionadded:: 41.0.0 + + Corresponds to the dotted string ``"1.3.6.1.4.1.311.21.7"``. + .. class:: CRLEntryExtensionOID + :canonical: cryptography.hazmat._oid.CRLEntryExtensionOID .. versionadded:: 1.2 @@ -3406,6 +3851,7 @@ instances. The following common OIDs are available as constants. .. class:: OCSPExtensionOID + :canonical: cryptography.hazmat._oid.OCSPExtensionOID .. versionadded:: 2.4 @@ -3413,8 +3859,15 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.2"``. + .. attribute:: ACCEPTABLE_RESPONSES + + .. versionadded:: 41.0.0 + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.4"``. + .. class:: AttributeOID + :canonical: cryptography.hazmat._oid.AttributeOID .. versionadded:: 3.0 @@ -3426,11 +3879,71 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"1.2.840.113549.1.9.2"``. + +.. class:: PublicKeyAlgorithmOID + :canonical: cryptography.hazmat._oid.PublicKeyAlgorithmOID + + .. versionadded:: 43.0.0 + + .. attribute:: DSA + + Corresponds to the dotted string ``"1.2.840.10040.4.1"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` + public key. + + .. attribute:: EC_PUBLIC_KEY + + Corresponds to the dotted string ``"1.2.840.10045.2.1"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` + public key. + + .. attribute:: RSAES_PKCS1_v1_5 + + Corresponds to the dotted string ``"1.2.840.113549.1.1.1"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` + public key with + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` + padding. + + .. attribute:: RSASSA_PSS + + Corresponds to the dotted string ``"1.2.840.113549.1.1.10"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` + public key with + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` + padding. + + .. attribute:: X25519 + + Corresponds to the dotted string ``"1.3.101.110"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey` + public key. + + .. attribute:: X448 + + Corresponds to the dotted string ``"1.3.101.111"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` + public key. + + .. attribute:: ED25519 + + Corresponds to the dotted string ``"1.3.101.112"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey` + public key. + + .. attribute:: ED448 + + Corresponds to the dotted string ``"1.3.101.113"``. This is a + :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey` + public key. + + Helper Functions ~~~~~~~~~~~~~~~~ .. currentmodule:: cryptography.x509 .. function:: random_serial_number() + :canonical: cryptography.x509.base.random_serial_number .. versionadded:: 1.6 @@ -3442,6 +3955,7 @@ Exceptions .. currentmodule:: cryptography.x509 .. class:: InvalidVersion + :canonical: cryptography.x509.base.InvalidVersion This is raised when an X.509 certificate has an invalid version number. @@ -3452,6 +3966,7 @@ Exceptions Returns the raw version that was parsed from the certificate. .. class:: DuplicateExtension + :canonical: cryptography.x509.extensions.DuplicateExtension This is raised when more than one X.509 extension of the same type is found within a certificate. @@ -3463,6 +3978,7 @@ Exceptions Returns the OID. .. class:: ExtensionNotFound + :canonical: cryptography.x509.extensions.ExtensionNotFound This is raised when calling :meth:`Extensions.get_extension_for_oid` with an extension OID that is not present in the certificate. @@ -3474,6 +3990,7 @@ Exceptions Returns the OID. .. class:: AttributeNotFound + :canonical: cryptography.x509.base.AttributeNotFound This is raised when calling :meth:`Attributes.get_attribute_for_oid` with @@ -3486,6 +4003,7 @@ Exceptions Returns the OID. .. class:: UnsupportedGeneralNameType + :canonical: cryptography.x509.general_name.UnsupportedGeneralNameType This is raised when a certificate contains an unsupported general name type in an extension. @@ -3498,6 +4016,6 @@ Exceptions types can be found in `RFC 5280 section 4.2.1.6`_. -.. _`RFC 5280 section 4.2.1.1`: https://tools.ietf.org/html/rfc5280#section-4.2.1.1 -.. _`RFC 5280 section 4.2.1.6`: https://tools.ietf.org/html/rfc5280#section-4.2.1.6 +.. _`RFC 5280 section 4.2.1.1`: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1 +.. _`RFC 5280 section 4.2.1.6`: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 .. _`CABForum Guidelines`: https://cabforum.org/baseline-requirements-documents/ diff --git a/docs/x509/tutorial.rst b/docs/x509/tutorial.rst index f5ca416..a71ed1e 100644 --- a/docs/x509/tutorial.rst +++ b/docs/x509/tutorial.rst @@ -60,17 +60,17 @@ a few details: >>> # Generate a CSR >>> csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([ ... # Provide various details about who we are. - ... x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), - ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"), - ... x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), - ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"), - ... x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"), + ... x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"), + ... x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"), + ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, "My Company"), + ... x509.NameAttribute(NameOID.COMMON_NAME, "mysite.com"), ... ])).add_extension( ... x509.SubjectAlternativeName([ ... # Describe what sites we want this certificate for. - ... x509.DNSName(u"mysite.com"), - ... x509.DNSName(u"www.mysite.com"), - ... x509.DNSName(u"subdomain.mysite.com"), + ... x509.DNSName("mysite.com"), + ... x509.DNSName("www.mysite.com"), + ... x509.DNSName("subdomain.mysite.com"), ... ]), ... critical=False, ... # Sign the CSR with our private key. @@ -119,11 +119,11 @@ Then we generate the certificate itself: >>> # Various details about who we are. For a self-signed certificate the >>> # subject and issuer are always the same. >>> subject = issuer = x509.Name([ - ... x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), - ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"), - ... x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), - ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"), - ... x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"), + ... x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"), + ... x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"), + ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, "My Company"), + ... x509.NameAttribute(NameOID.COMMON_NAME, "mysite.com"), ... ]) >>> cert = x509.CertificateBuilder().subject_name( ... subject @@ -134,12 +134,12 @@ Then we generate the certificate itself: ... ).serial_number( ... x509.random_serial_number() ... ).not_valid_before( - ... datetime.datetime.utcnow() + ... datetime.datetime.now(datetime.timezone.utc) ... ).not_valid_after( ... # Our certificate will be valid for 10 days - ... datetime.datetime.utcnow() + datetime.timedelta(days=10) + ... datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=10) ... ).add_extension( - ... x509.SubjectAlternativeName([x509.DNSName(u"localhost")]), + ... x509.SubjectAlternativeName([x509.DNSName("localhost")]), ... critical=False, ... # Sign our certificate with our private key ... ).sign(key, hashes.SHA256()) @@ -150,6 +150,198 @@ Then we generate the certificate itself: And now we have a private key and certificate that can be used for local testing. +Creating a CA hierarchy +----------------------- + +When building your own root hierarchy you need to generate a CA and then +issue certificates (typically intermediates) using it. This example shows +how to generate a root CA, a signing intermediate, and issues a leaf +certificate off that intermediate. X.509 is a complex specification so +this example will require adaptation (typically different extensions) +for specific operating environments. + +Note that this example does not add CRL distribution point or OCSP AIA +extensions, nor does it save the key/certs to persistent storage. + +.. doctest:: + + >>> import datetime + >>> from cryptography.hazmat.primitives.asymmetric import ec + >>> from cryptography.hazmat.primitives import hashes + >>> from cryptography.x509.oid import NameOID + >>> from cryptography import x509 + >>> # Generate our key + >>> root_key = ec.generate_private_key(ec.SECP256R1()) + >>> subject = issuer = x509.Name([ + ... x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"), + ... x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"), + ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, "My Company"), + ... x509.NameAttribute(NameOID.COMMON_NAME, "PyCA Docs Root CA"), + ... ]) + >>> root_cert = x509.CertificateBuilder().subject_name( + ... subject + ... ).issuer_name( + ... issuer + ... ).public_key( + ... root_key.public_key() + ... ).serial_number( + ... x509.random_serial_number() + ... ).not_valid_before( + ... datetime.datetime.now(datetime.timezone.utc) + ... ).not_valid_after( + ... # Our certificate will be valid for ~10 years + ... datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365*10) + ... ).add_extension( + ... x509.BasicConstraints(ca=True, path_length=None), + ... critical=True, + ... ).add_extension( + ... x509.KeyUsage( + ... digital_signature=True, + ... content_commitment=False, + ... key_encipherment=False, + ... data_encipherment=False, + ... key_agreement=False, + ... key_cert_sign=True, + ... crl_sign=True, + ... encipher_only=False, + ... decipher_only=False, + ... ), + ... critical=True, + ... ).add_extension( + ... x509.SubjectKeyIdentifier.from_public_key(root_key.public_key()), + ... critical=False, + ... ).sign(root_key, hashes.SHA256()) + +With a root certificate created we now want to create our intermediate. + +.. doctest:: + + >>> # Generate our intermediate key + >>> int_key = ec.generate_private_key(ec.SECP256R1()) + >>> subject = x509.Name([ + ... x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"), + ... x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"), + ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, "My Company"), + ... x509.NameAttribute(NameOID.COMMON_NAME, "PyCA Docs Intermediate CA"), + ... ]) + >>> int_cert = x509.CertificateBuilder().subject_name( + ... subject + ... ).issuer_name( + ... root_cert.subject + ... ).public_key( + ... int_key.public_key() + ... ).serial_number( + ... x509.random_serial_number() + ... ).not_valid_before( + ... datetime.datetime.now(datetime.timezone.utc) + ... ).not_valid_after( + ... # Our intermediate will be valid for ~3 years + ... datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365*3) + ... ).add_extension( + ... # Allow no further intermediates (path length 0) + ... x509.BasicConstraints(ca=True, path_length=0), + ... critical=True, + ... ).add_extension( + ... x509.KeyUsage( + ... digital_signature=True, + ... content_commitment=False, + ... key_encipherment=False, + ... data_encipherment=False, + ... key_agreement=False, + ... key_cert_sign=True, + ... crl_sign=True, + ... encipher_only=False, + ... decipher_only=False, + ... ), + ... critical=True, + ... ).add_extension( + ... x509.SubjectKeyIdentifier.from_public_key(int_key.public_key()), + ... critical=False, + ... ).add_extension( + ... x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + ... root_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ... ), + ... critical=False, + ... ).sign(root_key, hashes.SHA256()) + +Now we can issue an end entity certificate off this chain. + +.. doctest:: + + >>> ee_key = ec.generate_private_key(ec.SECP256R1()) + >>> subject = x509.Name([ + ... x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + ... x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"), + ... x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"), + ... x509.NameAttribute(NameOID.ORGANIZATION_NAME, "My Company"), + ... ]) + >>> ee_cert = x509.CertificateBuilder().subject_name( + ... subject + ... ).issuer_name( + ... int_cert.subject + ... ).public_key( + ... ee_key.public_key() + ... ).serial_number( + ... x509.random_serial_number() + ... ).not_valid_before( + ... datetime.datetime.now(datetime.timezone.utc) + ... ).not_valid_after( + ... # Our cert will be valid for 10 days + ... datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=10) + ... ).add_extension( + ... x509.SubjectAlternativeName([ + ... # Describe what sites we want this certificate for. + ... x509.DNSName("cryptography.io"), + ... x509.DNSName("www.cryptography.io"), + ... ]), + ... critical=False, + ... ).add_extension( + ... x509.BasicConstraints(ca=False, path_length=None), + ... critical=True, + ... ).add_extension( + ... x509.KeyUsage( + ... digital_signature=True, + ... content_commitment=False, + ... key_encipherment=True, + ... data_encipherment=False, + ... key_agreement=False, + ... key_cert_sign=False, + ... crl_sign=True, + ... encipher_only=False, + ... decipher_only=False, + ... ), + ... critical=True, + ... ).add_extension( + ... x509.ExtendedKeyUsage([ + ... x509.ExtendedKeyUsageOID.CLIENT_AUTH, + ... x509.ExtendedKeyUsageOID.SERVER_AUTH, + ... ]), + ... critical=False, + ... ).add_extension( + ... x509.SubjectKeyIdentifier.from_public_key(ee_key.public_key()), + ... critical=False, + ... ).add_extension( + ... x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + ... int_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ... ), + ... critical=False, + ... ).sign(int_key, hashes.SHA256()) + +And finally we use the verification APIs to validate the chain. + +.. doctest:: + + >>> from cryptography.x509 import DNSName + >>> from cryptography.x509.verification import PolicyBuilder, Store + >>> store = Store([root_cert]) + >>> builder = PolicyBuilder().store(store) + >>> verifier = builder.build_server_verifier(DNSName("cryptography.io")) + >>> chain = verifier.verify(ee_cert, [int_cert]) + >>> len(chain) + 3 + Determining Certificate or Certificate Signing Request Key Type --------------------------------------------------------------- diff --git a/docs/x509/verification.rst b/docs/x509/verification.rst new file mode 100644 index 0000000..ab36041 --- /dev/null +++ b/docs/x509/verification.rst @@ -0,0 +1,293 @@ +X.509 Verification +================== + +.. currentmodule:: cryptography.x509.verification + +.. module:: cryptography.x509.verification + +Support for X.509 certificate verification, also known as path validation +or chain building. + +.. note:: + While usable, these APIs should be considered unstable and not yet + subject to our backwards compatibility policy. + +Example usage, with `certifi `_ providing +the root of trust: + +.. testsetup:: + + from cryptography.x509 import load_pem_x509_certificate, load_pem_x509_certificates + from datetime import datetime + + peer = load_pem_x509_certificate(b""" + -----BEGIN CERTIFICATE----- + MIIDgTCCAwegAwIBAgISBJUzlK20QGqPf5xI0aoE8OIBMAoGCCqGSM49BAMDMDIx + CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF + MTAeFw0yMzExMjIyMDUyNDBaFw0yNDAyMjAyMDUyMzlaMBoxGDAWBgNVBAMTD2Ny + eXB0b2dyYXBoeS5pbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAh2A0yuOByJ + lxK3ps5vbSOT6ZmvAlflGLn8kEseeodIAockm0ISTb/NGSpu/SY4ITefAOSaulKn + BzDgmqjGRKujggITMIICDzAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJu7f03HjjwJ + MU6rfwDBzxySTrs5MB8GA1UdIwQYMBaAFFrz7Sv8NsI3eblSMOpUb89Vyy6sMFUG + CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2UxLm8ubGVuY3Iub3Jn + MCIGCCsGAQUFBzAChhZodHRwOi8vZTEuaS5sZW5jci5vcmcvMBoGA1UdEQQTMBGC + D2NyeXB0b2dyYXBoeS5pbzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB + 1nkCBAIEgfcEgfQA8gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz + AAABi/kFXv4AAAQDAEgwRgIhAI9uF526YzU/DEfpmWRA28fn9gryrWMUCXQnEejQ + K/trAiEA12ePSql3sGJ/QgXc6ceQB/XAdwzwDB+2CHr6T14vvvUAdwDuzdBk1dsa + zsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYv5BV8kAAAEAwBIMEYCIQD1mqTn + b1hOpZWAUlwVM4EJLYA9HtlOvF70bfrGHpAX4gIhAI8pktDxrUwfTXPuA+eMFPbC + QraG6dMkB+HOmTz+hgKyMAoGCCqGSM49BAMDA2gAMGUCMQC+PwiHciKMaJyRJkGa + KFjT/1ICAUsCm8o5h4Xxm0LoOCJVggaXeamDEYnPWbxGETgCME5TJzLIDuF3z6vX + 1SLZDdvHEHLKfOL8/h8KctkjLQ8OJycxwIc+zK+xexVoIuxRhA== + -----END CERTIFICATE----- + """ + ) + + untrusted_intermediates = load_pem_x509_certificates(b""" + -----BEGIN CERTIFICATE----- + MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL + MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo + IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN + MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j + cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c + S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj + +240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB + BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB + MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V + yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB + BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E + IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG + Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+ + Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q + YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/ + -----END CERTIFICATE----- + """) + + verification_time = datetime.fromisoformat("2024-01-12T00:00:00Z") + +.. doctest:: + + >>> from cryptography.x509 import Certificate, DNSName, load_pem_x509_certificates + >>> from cryptography.x509.verification import PolicyBuilder, Store + >>> import certifi + >>> from datetime import datetime + >>> with open(certifi.where(), "rb") as pems: + ... store = Store(load_pem_x509_certificates(pems.read())) + >>> builder = PolicyBuilder().store(store) + >>> builder = builder.time(verification_time) + >>> verifier = builder.build_server_verifier(DNSName("cryptography.io")) + >>> # NOTE: peer and untrusted_intermediates are Certificate and + >>> # list[Certificate] respectively, and should be loaded from the + >>> # application context that needs them verified, such as a + >>> # TLS socket. + >>> chain = verifier.verify(peer, untrusted_intermediates) + +.. class:: Store(certs) + + .. versionadded:: 42.0.0 + + A Store is an opaque set of public keys and subject identifiers that are + considered trusted *a priori*. Stores are typically created from the host + OS's root of trust, from a well-known source such as a browser CA bundle, + or from a small set of manually pre-trusted entities. + + :param certs: A list of one or more :class:`cryptography.x509.Certificate` + instances. + +.. class:: Subject + + .. versionadded:: 42.0.0 + + Type alias: A union of all subject types supported: + :class:`cryptography.x509.general_name.DNSName`, + :class:`cryptography.x509.general_name.IPAddress`. + +.. class:: VerifiedClient + + .. versionadded:: 43.0.0 + + .. attribute:: subjects + + :type: list of :class:`~cryptography.x509.GeneralName` + + The subjects presented in the verified client's Subject Alternative Name + extension. + + .. attribute:: chain + + :type: A list of :class:`~cryptography.x509.Certificate`, in leaf-first order + + The chain of certificates that forms the valid chain to the client + certificate. + + +.. class:: ClientVerifier + + .. versionadded:: 43.0.0 + + A ClientVerifier verifies client certificates. + + It contains and describes various pieces of configurable path + validation logic, such as how deep prospective validation chains may go, + which signature algorithms are allowed, and so forth. + + ClientVerifier instances cannot be constructed directly; + :class:`PolicyBuilder` must be used. + + .. attribute:: validation_time + + :type: :class:`datetime.datetime` + + The verifier's validation time. + + .. attribute:: max_chain_depth + + :type: :class:`int` + + The verifier's maximum intermediate CA chain depth. + + .. attribute:: store + + :type: :class:`Store` + + The verifier's trust store. + + .. method:: verify(leaf, intermediates) + + Performs path validation on ``leaf``, returning a valid path + if one exists. The path is returned in leaf-first order: + the first member is ``leaf``, followed by the intermediates used + (if any), followed by a member of the ``store``. + + :param leaf: The leaf :class:`~cryptography.x509.Certificate` to validate + :param intermediates: A :class:`list` of intermediate :class:`~cryptography.x509.Certificate` to attempt to use + + :returns: + A new instance of :class:`VerifiedClient` + + :raises VerificationError: If a valid chain cannot be constructed + + :raises UnsupportedGeneralNameType: If a valid chain exists, but contains an unsupported general name type + +.. class:: ServerVerifier + + .. versionadded:: 42.0.0 + + A ServerVerifier verifies server certificates. + + It contains and describes various pieces of configurable path + validation logic, such as which subject to expect, how deep prospective + validation chains may go, which signature algorithms are allowed, and + so forth. + + ServerVerifier instances cannot be constructed directly; + :class:`PolicyBuilder` must be used. + + .. attribute:: subject + + :type: :class:`Subject` + + The verifier's subject. + + .. attribute:: validation_time + + :type: :class:`datetime.datetime` + + The verifier's validation time. + + .. attribute:: max_chain_depth + + :type: :class:`int` + + The verifier's maximum intermediate CA chain depth. + + .. attribute:: store + + :type: :class:`Store` + + The verifier's trust store. + + .. method:: verify(leaf, intermediates) + + Performs path validation on ``leaf``, returning a valid path + if one exists. The path is returned in leaf-first order: + the first member is ``leaf``, followed by the intermediates used + (if any), followed by a member of the ``store``. + + :param leaf: The leaf :class:`~cryptography.x509.Certificate` to validate + :param intermediates: A :class:`list` of intermediate :class:`~cryptography.x509.Certificate` to attempt to use + + :returns: A list containing a valid chain from ``leaf`` to a member of :class:`ServerVerifier.store`. + + :raises VerificationError: If a valid chain cannot be constructed + +.. class:: VerificationError + + .. versionadded:: 42.0.0 + + The error raised when path validation fails. + +.. class:: PolicyBuilder + + .. versionadded:: 42.0.0 + + A PolicyBuilder provides a builder-style interface for constructing a + Verifier. + + .. method:: time(new_time) + + Sets the verifier's verification time. + + If not called explicitly, this is set to :meth:`datetime.datetime.now` + when :meth:`build_server_verifier` or :meth:`build_client_verifier` + is called. + + :param new_time: The :class:`datetime.datetime` to use in the verifier + + :returns: A new instance of :class:`PolicyBuilder` + + .. method:: store(new_store) + + Sets the verifier's trust store. + + :param new_store: The :class:`Store` to use in the verifier + + :returns: A new instance of :class:`PolicyBuilder` + + .. method:: max_chain_depth(new_max_chain_depth) + + Sets the verifier's maximum chain building depth. + + This depth behaves tracks the length of the intermediate CA + chain: a maximum depth of zero means that the leaf must be directly + issued by a member of the store, a depth of one means no more than + one intermediate CA, and so forth. Note that self-issued intermediates + don't count against the chain depth, per RFC 5280. + + :param new_max_chain_depth: The maximum depth to allow in the verifier + + :returns: A new instance of :class:`PolicyBuilder` + + .. method:: build_server_verifier(subject) + + Builds a verifier for verifying server certificates. + + :param subject: A :class:`Subject` to use in the verifier + + :returns: An instance of :class:`ServerVerifier` + + .. method:: build_client_verifier() + + .. versionadded:: 43.0.0 + + Builds a verifier for verifying client certificates. + + .. warning:: + + This API is not suitable for website (i.e. server) certificate + verification. You **must** use :meth:`build_server_verifier` + for server verification. + + :returns: An instance of :class:`ClientVerifier` diff --git a/noxfile.py b/noxfile.py new file mode 100644 index 0000000..e3eb727 --- /dev/null +++ b/noxfile.py @@ -0,0 +1,378 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +import glob +import itertools +import json +import pathlib +import re +import sys +import uuid + +import nox + +try: + import tomllib +except ImportError: + import tomli as tomllib # type: ignore[import-not-found,no-redef] + +nox.options.reuse_existing_virtualenvs = True + + +def install( + session: nox.Session, + *args: str, + verbose: bool = True, +) -> None: + if verbose: + args += ("-v",) + session.install( + "-c", + "ci-constraints-requirements.txt", + *args, + silent=False, + ) + + +def load_pyproject_toml() -> dict: + with (pathlib.Path(__file__).parent / "pyproject.toml").open("rb") as f: + return tomllib.load(f) + + +@nox.session +@nox.session(name="tests-ssh") +@nox.session(name="tests-randomorder") +@nox.session(name="tests-nocoverage") +def tests(session: nox.Session) -> None: + extras = "test" + if session.name == "tests-ssh": + extras += ",ssh" + if session.name == "tests-randomorder": + extras += ",test-randomorder" + + prof_location = ( + pathlib.Path(".") / ".rust-cov" / str(uuid.uuid4()) + ).absolute() + if session.name != "tests-nocoverage": + session.env.update( + { + "RUSTFLAGS": "-Cinstrument-coverage " + + session.env.get("RUSTFLAGS", ""), + "LLVM_PROFILE_FILE": str(prof_location / "cov-%p.profraw"), + } + ) + + install(session, "-e", "./vectors") + install(session, f".[{extras}]") + + session.run("pip", "list") + + if session.name != "tests-nocoverage": + cov_args = [ + "--cov=cryptography", + "--cov=tests", + ] + else: + cov_args = [] + + if session.posargs: + tests = session.posargs + else: + tests = ["tests/"] + + session.run( + "pytest", + "-n", + "auto", + "--dist=worksteal", + *cov_args, + "--durations=10", + *tests, + ) + + if session.name != "tests-nocoverage": + [rust_so] = glob.glob( + f"{session.virtualenv.location}/**/cryptography/hazmat/bindings/_rust.*", + recursive=True, + ) + process_rust_coverage(session, [rust_so], prof_location) + + +@nox.session +def docs(session: nox.Session) -> None: + install(session, ".[docs,docstest,sdist,ssh]") + + temp_dir = session.create_tmp() + session.run( + "sphinx-build", + "-T", + "-W", + "-b", + "html", + "-d", + f"{temp_dir}/doctrees", + "docs", + "docs/_build/html", + ) + session.run( + "sphinx-build", + "-T", + "-W", + "-b", + "latex", + "-d", + f"{temp_dir}/doctrees", + "docs", + "docs/_build/latex", + ) + + session.run( + "sphinx-build", + "-T", + "-W", + "-b", + "doctest", + "-d", + f"{temp_dir}/doctrees", + "docs", + "docs/_build/html", + ) + session.run( + "sphinx-build", + "-T", + "-W", + "-b", + "spelling", + "docs", + "docs/_build/html", + ) + + session.run( + "python3", "-m", "readme_renderer", "README.rst", "-o", "/dev/null" + ) + + +@nox.session(name="docs-linkcheck") +def docs_linkcheck(session: nox.Session) -> None: + install(session, ".[docs]") + + session.run( + "sphinx-build", "-W", "-b", "linkcheck", "docs", "docs/_build/html" + ) + + +@nox.session +def flake(session: nox.Session) -> None: + # TODO: Ideally there'd be a pip flag to install just our dependencies, + # but not install us. + pyproject_data = load_pyproject_toml() + install(session, "-e", "vectors/") + install( + session, + *pyproject_data["build-system"]["requires"], + *pyproject_data["project"]["optional-dependencies"]["pep8test"], + *pyproject_data["project"]["optional-dependencies"]["test"], + *pyproject_data["project"]["optional-dependencies"]["ssh"], + *pyproject_data["project"]["optional-dependencies"]["nox"], + ) + + session.run("ruff", "check", ".") + session.run("ruff", "format", "--check", ".") + session.run( + "mypy", + "src/cryptography/", + "vectors/cryptography_vectors/", + "tests/", + "release.py", + "noxfile.py", + ) + session.run("check-sdist", "--no-isolation") + + +@nox.session +@nox.session(name="rust-noclippy") +def rust(session: nox.Session) -> None: + prof_location = ( + pathlib.Path(".") / ".rust-cov" / str(uuid.uuid4()) + ).absolute() + session.env.update( + { + "RUSTFLAGS": "-Cinstrument-coverage " + + session.env.get("RUSTFLAGS", ""), + "LLVM_PROFILE_FILE": str(prof_location / "cov-%p.profraw"), + } + ) + + # TODO: Ideally there'd be a pip flag to install just our dependencies, + # but not install us. + pyproject_data = load_pyproject_toml() + install(session, *pyproject_data["build-system"]["requires"]) + + with session.chdir("src/rust/"): + session.run("cargo", "fmt", "--all", "--", "--check", external=True) + if session.name != "rust-noclippy": + session.run( + "cargo", + "clippy", + "--all", + "--", + "-D", + "warnings", + external=True, + ) + + build_output = session.run( + "cargo", + "test", + "--no-default-features", + "--all", + "--no-run", + "-q", + "--message-format=json", + external=True, + silent=True, + ) + session.run( + "cargo", "test", "--no-default-features", "--all", external=True + ) + + # It's None on install-only invocations + if build_output is not None: + assert isinstance(build_output, str) + rust_tests = [] + for line in build_output.splitlines(): + data = json.loads(line) + if data.get("profile", {}).get("test", False): + rust_tests.extend(data["filenames"]) + + process_rust_coverage(session, rust_tests, prof_location) + + +@nox.session(venv_backend="uv") +def local(session): + pyproject_data = load_pyproject_toml() + install(session, "-e", "./vectors") + install( + session, + *pyproject_data["build-system"]["requires"], + *pyproject_data["project"]["optional-dependencies"]["pep8test"], + *pyproject_data["project"]["optional-dependencies"]["test"], + *pyproject_data["project"]["optional-dependencies"]["ssh"], + *pyproject_data["project"]["optional-dependencies"]["nox"], + verbose=False, + ) + + session.run("ruff", "format", ".") + session.run("ruff", "check", ".") + + with session.chdir("src/rust/"): + session.run("cargo", "fmt", "--all", external=True) + session.run("cargo", "check", "--all", "--tests", external=True) + session.run( + "cargo", + "clippy", + "--all", + "--", + "-D", + "warnings", + external=True, + ) + + session.run( + "mypy", + "src/cryptography/", + "vectors/cryptography_vectors/", + "tests/", + "release.py", + "noxfile.py", + ) + + session.run( + "maturin", + "develop", + "--release", + "--uv", + ) + + if session.posargs: + tests = session.posargs + else: + tests = ["tests/"] + + session.run( + "pytest", + "-n", + "auto", + "--dist=worksteal", + "--durations=10", + *tests, + ) + + with session.chdir("src/rust/"): + session.run( + "cargo", "test", "--no-default-features", "--all", external=True + ) + + +LCOV_SOURCEFILE_RE = re.compile( + r"^SF:.*[\\/]src[\\/]rust[\\/](.*)$", flags=re.MULTILINE +) +BIN_EXT = ".exe" if sys.platform == "win32" else "" + + +def process_rust_coverage( + session: nox.Session, + rust_binaries: list[str], + prof_raw_location: pathlib.Path, +) -> None: + # Hitting weird issues merging Windows and Linux Rust coverage, so just + # say the hell with it. + if sys.platform == "win32": + return + + target_libdir = session.run( + "rustc", "--print", "target-libdir", external=True, silent=True + ) + if target_libdir is not None: + target_bindir = pathlib.Path(target_libdir).parent / "bin" + + profraws = [ + str(prof_raw_location / p) + for p in prof_raw_location.glob("*.profraw") + ] + session.run( + str(target_bindir / ("llvm-profdata" + BIN_EXT)), + "merge", + "-sparse", + *profraws, + "-o", + "rust-cov.profdata", + external=True, + ) + + lcov_data = session.run( + str(target_bindir / ("llvm-cov" + BIN_EXT)), + "export", + rust_binaries[0], + *itertools.chain.from_iterable( + ["-object", b] for b in rust_binaries[1:] + ), + "-instr-profile=rust-cov.profdata", + "--ignore-filename-regex=[/\\].cargo[/\\]", + "--ignore-filename-regex=[/\\]rustc[/\\]", + "--ignore-filename-regex=[/\\].rustup[/\\]toolchains[/\\]", + "--ignore-filename-regex=[/\\]target[/\\]", + "--format=lcov", + silent=True, + external=True, + ) + assert isinstance(lcov_data, str) + lcov_data = LCOV_SOURCEFILE_RE.sub( + lambda m: "SF:src/rust/" + m.group(1).replace("\\", "/"), + lcov_data.replace("\r\n", "\n"), + ) + with open(f"{uuid.uuid4()}.lcov", "w") as f: + f.write(lcov_data) diff --git a/pyproject.toml b/pyproject.toml index 01b8ace..5f1bcc7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,21 +1,124 @@ [build-system] +# These requirements must be kept sync with the requirements in +# ./github/requirements/build-requirements.{in,txt} requires = [ - # The minimum setuptools version is specific to the PEP 517 backend, - # and may be stricter than the version required in `setup.cfg` - "setuptools>=40.6.0,!=60.9.0", - "wheel", - # Must be kept in sync with the `install_requirements` in `setup.cfg` + "maturin>=1,<2", + + # Must be kept in sync with `project.dependencies` "cffi>=1.12; platform_python_implementation != 'PyPy'", - "setuptools-rust>=0.11.4", + # Needed because cffi imports distutils, and in Python 3.12, distutils has + # been removed from the stdlib, but installing setuptools puts it back. + "setuptools", ] -build-backend = "setuptools.build_meta" +build-backend = "maturin" -[tool.black] -line-length = 79 -target-version = ["py36"] +[project] +name = "cryptography" +version = "43.0.0" +authors = [ + {name = "The Python Cryptographic Authority and individual contributors", email = "cryptography-dev@python.org"} +] +description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." +readme = "README.rst" +license = {text = "Apache-2.0 OR BSD-3-Clause"} +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "License :: OSI Approved :: Apache Software License", + "License :: OSI Approved :: BSD License", + "Natural Language :: English", + "Operating System :: MacOS :: MacOS X", + "Operating System :: POSIX", + "Operating System :: POSIX :: BSD", + "Operating System :: POSIX :: Linux", + 'Operating System :: Microsoft :: Windows', + "Programming Language :: Python", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: Implementation :: CPython", + "Programming Language :: Python :: Implementation :: PyPy", + "Topic :: Security :: Cryptography", +] +requires-python = ">=3.7" +dependencies = [ + # Must be kept in sync with `build-system.requires` + "cffi>=1.12; platform_python_implementation != 'PyPy'", +] + +[project.urls] +homepage = "https://github.com/pyca/cryptography" +documentation = "https://cryptography.io/" +source = "https://github.com/pyca/cryptography/" +issues = "https://github.com/pyca/cryptography/issues" +changelog = "https://cryptography.io/en/latest/changelog/" + +[project.optional-dependencies] +ssh = ["bcrypt >=3.1.5"] + +# All the following are used for our own testing. +nox = ["nox"] +test = [ + "cryptography_vectors==43.0.0", + "pytest >=6.2.0", + "pytest-benchmark", + "pytest-cov", + "pytest-xdist", + "pretend", + "certifi", +] +test-randomorder = ["pytest-randomly"] +docs = ["sphinx >=5.3.0", "sphinx-rtd-theme >=1.1.1"] +docstest = ["pyenchant >=1.6.11", "readme-renderer", "sphinxcontrib-spelling >=4.0.1"] +sdist = ["build"] +# `click` included because its needed to type check `release.py` +pep8test = ["ruff", "mypy", "check-sdist", "click"] + +[tool.maturin] +python-source = "src" +python-packages = ["cryptography"] +manifest-path = "src/rust/Cargo.toml" +module-name = "cryptography.hazmat.bindings._rust" +locked = true +sdist-generator = "git" +features = ["pyo3/abi3-py37"] +include = [ + "CHANGELOG.rst", + "CONTRIBUTING.rst", + "LICENSE", + "LICENSE.APACHE", + "LICENSE.BSD", + + "docs/**/*", + + "src/_cffi_src/**/*.py", + "src/_cffi_src/**/*.c", + "src/_cffi_src/**/*.h", + + "src/rust/**/Cargo.toml", + "src/rust/**/Cargo.lock", + "src/rust/**/*.rs", + + "tests/**/*.py", +] +exclude = [ + "vectors/**/*", + "src/rust/target/**/*", + "docs/_build/**/*", + ".github/**/*", + ".readthedocs.yml", + "ci-constraints-requirements.txt", + "mypy.ini", +] [tool.pytest.ini_options] addopts = "-r s --capture=no --strict-markers --benchmark-disable" +console_output_style = "progress-even-when-capture-no" markers = [ "skip_fips: this test is not executed in FIPS mode", "supported: parametrized test requiring only_if and skip_message", @@ -27,6 +130,8 @@ check_untyped_defs = true no_implicit_reexport = true warn_redundant_casts = true warn_unused_ignores = true +warn_unused_configs = true +strict_equality = true [[tool.mypy.overrides]] module = [ @@ -45,9 +150,9 @@ source = [ [tool.coverage.paths] source = [ "src/cryptography", - "*.tox/*/lib*/python*/site-packages/cryptography", - "*.tox\\*\\Lib\\site-packages\\cryptography", - "*.tox/pypy/site-packages/cryptography", + "*.nox/*/lib*/python*/site-packages/cryptography", + "*.nox\\*\\Lib\\site-packages\\cryptography", + "*.nox/pypy/site-packages/cryptography", ] tests =[ "tests/", @@ -57,7 +162,24 @@ tests =[ [tool.coverage.report] exclude_lines = [ "@abc.abstractmethod", - "@abc.abstractproperty", "@typing.overload", "if typing.TYPE_CHECKING", ] + +[tool.ruff] +line-length = 79 + +lint.ignore = ['N818'] +lint.select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF'] + +[tool.ruff.lint.isort] +known-first-party = ["cryptography", "cryptography_vectors", "tests"] + +[tool.check-sdist] +git-only = [ + "vectors/*", + "release.py", + "ci-constraints-requirements.txt", + ".gitattributes", + ".gitignore", +] diff --git a/release.py b/release.py new file mode 100644 index 0000000..120a6c4 --- /dev/null +++ b/release.py @@ -0,0 +1,94 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import pathlib +import re +import subprocess + +import click +import tomllib +from packaging.version import Version + + +def run(*args: str) -> None: + print(f"[running] {list(args)}") + subprocess.check_call(list(args)) + + +@click.group() +def cli(): + pass + + +@cli.command() +def release() -> None: + base_dir = pathlib.Path(__file__).parent + with (base_dir / "pyproject.toml").open("rb") as f: + pyproject = tomllib.load(f) + version = pyproject["project"]["version"] + + if Version(version).is_prerelease: + raise RuntimeError( + f"Can't release, pyproject.toml version is pre-release: {version}" + ) + + # Tag and push the tag (this will trigger the wheel builder in Actions) + run("git", "tag", "-s", version, "-m", f"{version} release") + run("git", "push", "--tags", "git@github.com:pyca/cryptography.git") + + +def replace_pattern(p: pathlib.Path, pattern: str, replacement: str) -> None: + content = p.read_text() + match = re.search(pattern, content, re.MULTILINE) + assert match is not None + + start, end = match.span() + new_content = content[:start] + replacement + content[end:] + p.write_text(new_content) + + +def replace_version( + p: pathlib.Path, variable_name: str, new_version: str +) -> None: + replace_pattern( + p, rf"^{variable_name}\s*=\s*.*$", f'{variable_name} = "{new_version}"' + ) + + +@cli.command() +@click.argument("new_version") +def bump_version(new_version: str) -> None: + base_dir = pathlib.Path(__file__).parent + + replace_version(base_dir / "pyproject.toml", "version", new_version) + replace_version( + base_dir / "src/cryptography/__about__.py", "__version__", new_version + ) + replace_version( + base_dir / "vectors/pyproject.toml", + "version", + new_version, + ) + replace_version( + base_dir / "vectors/cryptography_vectors/__about__.py", + "__version__", + new_version, + ) + + if Version(new_version).is_prerelease: + replace_pattern( + base_dir / "pyproject.toml", + r'"cryptography_vectors(==.*?)?"', + '"cryptography_vectors"', + ) + else: + replace_pattern( + base_dir / "pyproject.toml", + r'"cryptography_vectors(==.*?)?"', + f'"cryptography_vectors=={new_version}"', + ) + + +if __name__ == "__main__": + cli() diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 23bb773..0000000 --- a/setup.cfg +++ /dev/null @@ -1,92 +0,0 @@ -[metadata] -name = cryptography -version = attr: cryptography.__version__ -description = cryptography is a package which provides cryptographic recipes and primitives to Python developers. -long_description = file: README.rst -long_description_content_type = text/x-rst -license = BSD-3-Clause OR Apache-2.0 -url = https://github.com/pyca/cryptography -author = The Python Cryptographic Authority and individual contributors -author_email = cryptography-dev@python.org -project_urls = - Documentation=https://cryptography.io/ - Source=https://github.com/pyca/cryptography/ - Issues=https://github.com/pyca/cryptography/issues - Changelog=https://cryptography.io/en/latest/changelog/ -classifiers = - Development Status :: 5 - Production/Stable - Intended Audience :: Developers - License :: OSI Approved :: Apache Software License - License :: OSI Approved :: BSD License - Natural Language :: English - Operating System :: MacOS :: MacOS X - Operating System :: POSIX - Operating System :: POSIX :: BSD - Operating System :: POSIX :: Linux - Operating System :: Microsoft :: Windows - Programming Language :: Python - Programming Language :: Python :: 3 - Programming Language :: Python :: 3 :: Only - Programming Language :: Python :: 3.6 - Programming Language :: Python :: 3.7 - Programming Language :: Python :: 3.8 - Programming Language :: Python :: 3.9 - Programming Language :: Python :: 3.10 - Programming Language :: Python :: Implementation :: CPython - Programming Language :: Python :: Implementation :: PyPy - Topic :: Security :: Cryptography - -[options] -python_requires = >=3.6 -include_package_data = True -zip_safe = False -package_dir = - =src -packages = find: -install_requires = - cffi >=1.12 - -[options.packages.find] -where = src -exclude = - _cffi_src - _cffi_src.* - -[options.extras_require] -test = - pytest>=6.2.0 - pytest-benchmark - pytest-cov - pytest-subtests - pytest-xdist - pretend - iso8601 - pytz - hypothesis>=1.11.4,!=3.79.2 -docs = - sphinx >= 1.6.5,!=1.8.0,!=3.1.0,!=3.1.1 - sphinx_rtd_theme -docstest = - pyenchant >= 1.6.11 - twine >= 1.12.0 - sphinxcontrib-spelling >= 4.0.1 -sdist = - setuptools_rust >= 0.11.4 -pep8test = - black - flake8 - flake8-import-order - pep8-naming -ssh = - bcrypt >= 3.1.5 - -[flake8] -ignore = E203,E211,W503,W504,N818 -exclude = .tox,*.egg,.git,_build,.hypothesis -select = E,W,F,N,I -application-import-names = cryptography,cryptography_vectors,tests - -[egg_info] -tag_build = -tag_date = 0 - diff --git a/setup.py b/setup.py deleted file mode 100644 index 320994e..0000000 --- a/setup.py +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/env python - -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import os -import platform -import re -import shutil -import subprocess -import sys - -from setuptools import setup - -try: - from setuptools_rust import RustExtension -except ImportError: - print( - """ - =============================DEBUG ASSISTANCE========================== - If you are seeing an error here please try the following to - successfully install cryptography: - - Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - =============================DEBUG ASSISTANCE========================== - """ - ) - raise - - -base_dir = os.path.dirname(__file__) -src_dir = os.path.join(base_dir, "src") - -# When executing the setup.py, we need to be able to import ourselves, this -# means that we need to add the src/ directory to the sys.path. -sys.path.insert(0, src_dir) - -try: - # See setup.cfg for most of the config metadata. - setup( - cffi_modules=[ - "src/_cffi_src/build_openssl.py:ffi", - ], - rust_extensions=[ - RustExtension( - "cryptography.hazmat.bindings._rust", - "src/rust/Cargo.toml", - py_limited_api=True, - # Enable abi3 mode if we're not using PyPy. - features=( - [] - if platform.python_implementation() == "PyPy" - else ["pyo3/abi3-py36"] - ), - rust_version=">=1.48.0", - ) - ], - ) -except: # noqa: E722 - # Note: This is a bare exception that re-raises so that we don't interfere - # with anything the installation machinery might want to do. Because we - # print this for any exception this msg can appear (e.g. in verbose logs) - # even if there's no failure. For example, SetupRequirementsError is raised - # during PEP517 building and prints this text. setuptools raises SystemExit - # when compilation fails right now, but it's possible this isn't stable - # or a public API commitment so we'll remain ultra conservative. - - import pkg_resources - - print( - """ - =============================DEBUG ASSISTANCE============================= - If you are seeing a compilation error please try the following steps to - successfully install cryptography: - 1) Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - 2) Read https://cryptography.io/en/latest/installation/ for specific - instructions for your platform. - 3) Check our frequently asked questions for more information: - https://cryptography.io/en/latest/faq/ - 4) Ensure you have a recent Rust toolchain installed: - https://cryptography.io/en/latest/installation/#rust - """ - ) - print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") - print(f" platform: {platform.platform()}") - for dist in ["pip", "setuptools", "setuptools_rust"]: - try: - version = pkg_resources.get_distribution(dist).version - except pkg_resources.DistributionNotFound: - version = "n/a" - print(f" {dist}: {version}") - version = "n/a" - if shutil.which("rustc") is not None: - try: - # If for any reason `rustc --version` fails, silently ignore it - rustc_output = subprocess.run( - ["rustc", "--version"], - capture_output=True, - timeout=0.5, - encoding="utf8", - check=True, - ).stdout - version = re.sub("^rustc ", "", rustc_output.strip()) - except subprocess.SubprocessError: - pass - print(f" rustc: {version}") - - print( - """\ - =============================DEBUG ASSISTANCE============================= - """ - ) - raise diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 3ead86a..7c3bab2 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -2,102 +2,39 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import os +import pathlib +import platform import sys -from distutils import dist -from distutils.ccompiler import get_default_compiler -from distutils.command.config import config -from _cffi_src.utils import build_ffi_for_binding, compiler_type - - -def _get_openssl_libraries(platform): - if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None): - return [] - # OpenSSL goes by a different library name on different operating systems. - if platform == "win32" and compiler_type() == "msvc": - return [ - "libssl", - "libcrypto", - "advapi32", - "crypt32", - "gdi32", - "user32", - "ws2_32", - ] - else: - # darwin, linux, mingw all use this path - # In some circumstances, the order in which these libs are - # specified on the linker command-line is significant; - # libssl must come before libcrypto - # (https://marc.info/?l=openssl-users&m=135361825921871) - # -lpthread required due to usage of pthread an potential - # existance of a static part containing e.g. pthread_atfork - # (https://github.com/pyca/cryptography/issues/5084) - if sys.platform == "zos": - return ["ssl", "crypto"] - else: - return ["ssl", "crypto", "pthread"] - - -def _extra_compile_args(platform): - """ - We set -Wconversion args here so that we only do Wconversion checks on the - code we're compiling and not on cffi itself (as passing -Wconversion in - CFLAGS would do). We set no error on sign conversion because some - function signatures in LibreSSL differ from OpenSSL have changed on long - vs. unsigned long in the past. Since that isn't a precision issue we don't - care. - """ - # make sure the compiler used supports the flags to be added - is_gcc = False - if get_default_compiler() == "unix": - d = dist.Distribution() - cmd = config(d) - cmd._check_compiler() - is_gcc = ( - "gcc" in cmd.compiler.compiler[0] - or "clang" in cmd.compiler.compiler[0] - ) - if is_gcc or not ( - platform in ["win32", "hp-ux11", "sunos5"] - or platform.startswith("aix") - ): - return ["-Wconversion", "-Wno-error=sign-conversion"] - else: - return [] +# Add the src directory to the path so we can import _cffi_src.utils +src_dir = str(pathlib.Path(__file__).parent.parent) +sys.path.insert(0, src_dir) +from _cffi_src.utils import build_ffi_for_binding # noqa: E402 ffi = build_ffi_for_binding( - module_name="cryptography.hazmat.bindings._openssl", + module_name="_openssl", module_prefix="_cffi_src.openssl.", modules=[ # This goes first so we can define some cryptography-wide symbols. "cryptography", - # Provider comes early as well so we define OSSL_LIB_CTX - "provider", "asn1", "bignum", "bio", - "cmac", - "conf", "crypto", "dh", "dsa", "ec", - "ecdsa", "engine", "err", "evp", - "fips", - "hmac", "nid", "objects", "opensslv", - "osrandom_engine", "pem", - "pkcs12", "rand", "rsa", "ssl", @@ -105,9 +42,19 @@ def _extra_compile_args(platform): "x509name", "x509v3", "x509_vfy", - "pkcs7", - "callbacks", ], - libraries=_get_openssl_libraries(sys.platform), - extra_compile_args=_extra_compile_args(sys.platform), ) + +if __name__ == "__main__": + out_dir = os.environ["OUT_DIR"] + module_name, source, source_extension, kwds = ffi._assigned_source + c_file = os.path.join(out_dir, module_name + source_extension) + if platform.python_implementation() == "PyPy": + # Necessary because CFFI will ignore this if there's no declarations. + ffi.embedding_api( + """ + extern "Python" void Cryptography_unused(void); + """ + ) + ffi.embedding_init_code("") + ffi.emit_c_code(c_file) diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index 17ded38..b1278f3 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -21,15 +22,9 @@ typedef struct asn1_string_st ASN1_OCTET_STRING; typedef struct asn1_string_st ASN1_IA5STRING; -typedef struct asn1_string_st ASN1_BIT_STRING; typedef struct asn1_string_st ASN1_TIME; typedef ... ASN1_OBJECT; typedef struct asn1_string_st ASN1_STRING; -typedef struct asn1_string_st ASN1_UTF8STRING; -typedef struct { - int type; - ...; -} ASN1_TYPE; typedef ... ASN1_GENERALIZEDTIME; typedef ... ASN1_ENUMERATED; @@ -39,20 +34,8 @@ """ FUNCTIONS = """ -void ASN1_OBJECT_free(ASN1_OBJECT *); - /* ASN1 STRING */ -unsigned char *ASN1_STRING_data(ASN1_STRING *); const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *); -int ASN1_STRING_set(ASN1_STRING *, const void *, int); - -/* ASN1 OCTET STRING */ -ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); -void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *); -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *, const unsigned char *, int); - -/* ASN1 IA5STRING */ -ASN1_IA5STRING *ASN1_IA5STRING_new(void); /* ASN1 INTEGER */ void ASN1_INTEGER_free(ASN1_INTEGER *); @@ -71,17 +54,14 @@ void ASN1_ENUMERATED_free(ASN1_ENUMERATED *); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long); -/* These became const ASN1_* in 1.1.0 */ -int ASN1_STRING_type(ASN1_STRING *); -int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *); -int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *); +int ASN1_STRING_type(const ASN1_STRING *); +int ASN1_STRING_to_UTF8(unsigned char **, const ASN1_STRING *); +int i2a_ASN1_INTEGER(BIO *, const ASN1_INTEGER *); -/* This became const ASN1_TIME in 1.1.0f */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *, ASN1_GENERALIZEDTIME **); int ASN1_STRING_length(ASN1_STRING *); -int ASN1_STRING_set_default_mask_asc(char *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); diff --git a/src/_cffi_src/openssl/bignum.py b/src/_cffi_src/openssl/bignum.py index 052c7ed..4c7a959 100644 --- a/src/_cffi_src/openssl/bignum.py +++ b/src/_cffi_src/openssl/bignum.py @@ -2,80 +2,31 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -static const long Cryptography_HAS_BN_FLAGS; +static const long Cryptography_HAS_PRIME_CHECKS; typedef ... BN_CTX; -typedef ... BN_MONT_CTX; typedef ... BIGNUM; typedef int... BN_ULONG; """ FUNCTIONS = """ -#define BN_FLG_CONSTTIME ... - -void BN_set_flags(BIGNUM *, int); - BIGNUM *BN_new(void); void BN_free(BIGNUM *); -void BN_clear_free(BIGNUM *); int BN_rand_range(BIGNUM *, const BIGNUM *); -BN_CTX *BN_CTX_new(void); -void BN_CTX_free(BN_CTX *); - -void BN_CTX_start(BN_CTX *); -BIGNUM *BN_CTX_get(BN_CTX *); -void BN_CTX_end(BN_CTX *); - -BN_MONT_CTX *BN_MONT_CTX_new(void); -int BN_MONT_CTX_set(BN_MONT_CTX *, const BIGNUM *, BN_CTX *); -void BN_MONT_CTX_free(BN_MONT_CTX *); - -BIGNUM *BN_dup(const BIGNUM *); - int BN_set_word(BIGNUM *, BN_ULONG); -const BIGNUM *BN_value_one(void); - char *BN_bn2hex(const BIGNUM *); int BN_hex2bn(BIGNUM **, const char *); -int BN_bn2bin(const BIGNUM *, unsigned char *); -BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *); - -int BN_num_bits(const BIGNUM *); - -int BN_cmp(const BIGNUM *, const BIGNUM *); -int BN_is_negative(const BIGNUM *); -int BN_is_odd(const BIGNUM *); -int BN_add(BIGNUM *, const BIGNUM *, const BIGNUM *); -int BN_sub(BIGNUM *, const BIGNUM *, const BIGNUM *); -int BN_nnmod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -int BN_mod_add(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); -int BN_mod_sub(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); -int BN_mod_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); -int BN_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); -int BN_mod_exp_mont(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *); -int BN_mod_exp_mont_consttime(BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *); -BIGNUM *BN_mod_inverse(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - -int BN_num_bytes(const BIGNUM *); - -int BN_mod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - /* The following 3 prime methods are exposed for Tribler. */ int BN_generate_prime_ex(BIGNUM *, int, int, const BIGNUM *, const BIGNUM *, BN_GENCB *); @@ -85,12 +36,9 @@ CUSTOMIZATIONS = """ #if CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_BN_FLAGS = 0; - -static const int BN_FLG_CONSTTIME = 0; -void (*BN_set_flags)(BIGNUM *, int) = NULL; +static const long Cryptography_HAS_PRIME_CHECKS = 0; int (*BN_prime_checks_for_size)(int) = NULL; #else -static const long Cryptography_HAS_BN_FLAGS = 1; +static const long Cryptography_HAS_PRIME_CHECKS = 1; #endif """ diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py index 3e83f2f..1742e34 100644 --- a/src/_cffi_src/openssl/bio.py +++ b/src/_cffi_src/openssl/bio.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -15,14 +16,9 @@ FUNCTIONS = """ int BIO_free(BIO *); -void BIO_free_all(BIO *); BIO *BIO_new_file(const char *, const char *); -size_t BIO_ctrl_pending(BIO *); int BIO_read(BIO *, void *, int); -int BIO_gets(BIO *, char *, int); int BIO_write(BIO *, const void *, int); -/* Added in 1.1.0 */ -int BIO_up_ref(BIO *); BIO *BIO_new(BIO_METHOD *); const BIO_METHOD *BIO_s_mem(void); @@ -34,8 +30,6 @@ int BIO_should_io_special(BIO *); int BIO_should_retry(BIO *); int BIO_reset(BIO *); -void BIO_set_retry_read(BIO *); -void BIO_clear_retry_flags(BIO *); BIO_ADDR *BIO_ADDR_new(void); void BIO_ADDR_free(BIO_ADDR *); @@ -43,7 +37,11 @@ CUSTOMIZATIONS = """ #if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL + +#if !defined(_WIN32) #include +#endif + #include typedef struct sockaddr BIO_ADDR; diff --git a/src/_cffi_src/openssl/callbacks.py b/src/_cffi_src/openssl/callbacks.py deleted file mode 100644 index 79d4f24..0000000 --- a/src/_cffi_src/openssl/callbacks.py +++ /dev/null @@ -1,51 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#include -""" - -TYPES = """ -typedef struct { - char *password; - int length; - int called; - int error; - int maxsize; -} CRYPTOGRAPHY_PASSWORD_DATA; -""" - -FUNCTIONS = """ -int Cryptography_pem_password_cb(char *, int, int, void *); -""" - -CUSTOMIZATIONS = """ -typedef struct { - char *password; - int length; - int called; - int error; - int maxsize; -} CRYPTOGRAPHY_PASSWORD_DATA; - -int Cryptography_pem_password_cb(char *buf, int size, - int rwflag, void *userdata) { - /* The password cb is only invoked if OpenSSL decides the private - key is encrypted. So this path only occurs if it needs a password */ - CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata; - st->called += 1; - st->maxsize = size; - if (st->length == 0) { - st->error = -1; - return 0; - } else if (st->length < size) { - memcpy(buf, st->password, st->length); - return st->length; - } else { - st->error = -2; - return 0; - } -} -""" diff --git a/src/_cffi_src/openssl/cmac.py b/src/_cffi_src/openssl/cmac.py deleted file mode 100644 index a254263..0000000 --- a/src/_cffi_src/openssl/cmac.py +++ /dev/null @@ -1,26 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#if !defined(OPENSSL_NO_CMAC) -#include -#endif -""" - -TYPES = """ -typedef ... CMAC_CTX; -""" - -FUNCTIONS = """ -CMAC_CTX *CMAC_CTX_new(void); -int CMAC_Init(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *, ENGINE *); -int CMAC_Update(CMAC_CTX *, const void *, size_t); -int CMAC_Final(CMAC_CTX *, unsigned char *, size_t *); -int CMAC_CTX_copy(CMAC_CTX *, const CMAC_CTX *); -void CMAC_CTX_free(CMAC_CTX *); -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/openssl/crypto.py b/src/_cffi_src/openssl/crypto.py index fb95646..5284f32 100644 --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py @@ -2,20 +2,13 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -static const long Cryptography_HAS_MEM_FUNCTIONS; -static const long Cryptography_HAS_OPENSSL_CLEANUP; - -static const int SSLEAY_VERSION; -static const int SSLEAY_CFLAGS; -static const int SSLEAY_PLATFORM; -static const int SSLEAY_DIR; -static const int SSLEAY_BUILT_ON; static const int OPENSSL_VERSION; static const int OPENSSL_CFLAGS; static const int OPENSSL_BUILT_ON; @@ -26,91 +19,12 @@ FUNCTIONS = """ void OPENSSL_cleanup(void); -/* SSLeay was removed in 1.1.0 */ -unsigned long SSLeay(void); -const char *SSLeay_version(int); -/* these functions were added to replace the SSLeay functions in 1.1.0 */ unsigned long OpenSSL_version_num(void); const char *OpenSSL_version(int); -/* this is a macro in 1.1.0 */ void *OPENSSL_malloc(size_t); void OPENSSL_free(void *); - - -/* Signature is significantly different in LibreSSL, so expose via different - symbol name */ -int Cryptography_CRYPTO_set_mem_functions( - void *(*)(size_t, const char *, int), - void *(*)(void *, size_t, const char *, int), - void (*)(void *, const char *, int)); - -void *Cryptography_malloc_wrapper(size_t, const char *, int); -void *Cryptography_realloc_wrapper(void *, size_t, const char *, int); -void Cryptography_free_wrapper(void *, const char *, int); """ CUSTOMIZATIONS = """ -/* In 1.1.0 SSLeay has finally been retired. We bidirectionally define the - values so you can use either one. This is so we can use the new function - names no matter what OpenSSL we're running on, but users on older pyOpenSSL - releases won't see issues if they're running OpenSSL 1.1.0 */ -#if !defined(SSLEAY_VERSION) -# define SSLeay OpenSSL_version_num -# define SSLeay_version OpenSSL_version -# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -# define SSLEAY_VERSION OPENSSL_VERSION -# define SSLEAY_CFLAGS OPENSSL_CFLAGS -# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON -# define SSLEAY_PLATFORM OPENSSL_PLATFORM -# define SSLEAY_DIR OPENSSL_DIR -#endif -#if !defined(OPENSSL_VERSION) -# define OpenSSL_version_num SSLeay -# define OpenSSL_version SSLeay_version -# define OPENSSL_VERSION SSLEAY_VERSION -# define OPENSSL_CFLAGS SSLEAY_CFLAGS -# define OPENSSL_BUILT_ON SSLEAY_BUILT_ON -# define OPENSSL_PLATFORM SSLEAY_PLATFORM -# define OPENSSL_DIR SSLEAY_DIR -#endif - -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 -static const long Cryptography_HAS_OPENSSL_CLEANUP = 0; -void (*OPENSSL_cleanup)(void) = NULL; -#else -static const long Cryptography_HAS_OPENSSL_CLEANUP = 1; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_MEM_FUNCTIONS = 0; -int (*Cryptography_CRYPTO_set_mem_functions)( - void *(*)(size_t, const char *, int), - void *(*)(void *, size_t, const char *, int), - void (*)(void *, const char *, int)) = NULL; - -#else -static const long Cryptography_HAS_MEM_FUNCTIONS = 1; - -int Cryptography_CRYPTO_set_mem_functions( - void *(*m)(size_t, const char *, int), - void *(*r)(void *, size_t, const char *, int), - void (*f)(void *, const char *, int) -) { - return CRYPTO_set_mem_functions(m, r, f); -} -#endif - -void *Cryptography_malloc_wrapper(size_t size, const char *path, int line) { - return malloc(size); -} - -void *Cryptography_realloc_wrapper(void *ptr, size_t size, const char *path, - int line) { - return realloc(ptr, size); -} - -void Cryptography_free_wrapper(void *ptr, const char *path, int line) { - free(ptr); -} """ diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index 44a69cd..e90a71b 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -2,12 +2,30 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -INCLUDES = """ -/* define our OpenSSL API compatibility level to 1.0.1. Any symbols older than - that will raise an error during compilation. We can raise this number again - after we drop 1.0.2 support in the distant future. */ -#define OPENSSL_API_COMPAT 0x10001000L +INCLUDES = r""" +/* define our OpenSSL API compatibility level to 1.1.0. Any symbols older than + that will raise an error during compilation. */ +#define OPENSSL_API_COMPAT 0x10100000L + +#if defined(_WIN32) +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include +#include +/* + undef some macros that are defined by wincrypt.h but are also types in + boringssl. openssl has worked around this but boring has not yet. see: + https://chromium.googlesource.com/chromium/src/+/refs/heads/main/base + /win/wincrypt_shim.h +*/ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef PKCS7_SIGNER_INFO +#endif #include @@ -24,79 +42,12 @@ #define CRYPTOGRAPHY_IS_BORINGSSL 0 #endif -/* - LibreSSL removed e_os2.h from the public headers so we'll only include it - if we're using vanilla OpenSSL. -*/ -#if !CRYPTOGRAPHY_IS_LIBRESSL -#include -#endif -#if defined(_WIN32) -#define WIN32_LEAN_AND_MEAN -#include -#include -#include -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 \ - (LIBRESSL_VERSION_NUMBER < 0x3020200f) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ - (LIBRESSL_VERSION_NUMBER < 0x3030200f) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ - (LIBRESSL_VERSION_NUMBER < 0x3040000f) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 \ - (LIBRESSL_VERSION_NUMBER < 0x3050000f) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 \ - (LIBRESSL_VERSION_NUMBER < 0x3060000f) - -#else -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 (0) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 (0) -#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 (0) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x10100000 - #error "pyca/cryptography MUST be linked with Openssl 1.1.0 or later" -#endif - -#define CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x10101040 && !CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) - -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ - (OPENSSL_VERSION_NUMBER < 0x10101000 || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \ - (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ - (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E \ - (OPENSSL_VERSION_NUMBER < 0x10101050 || CRYPTOGRAPHY_IS_LIBRESSL) -#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ - !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) -#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 -#else -#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 0 +#if OPENSSL_VERSION_NUMBER < 0x10101050 + #error "pyca/cryptography MUST be linked with Openssl 1.1.1e or later" #endif """ TYPES = """ -static const int CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER; -static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; - -static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; -static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; -static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E; -static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE; - -static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340; -static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350; - -static const int CRYPTOGRAPHY_IS_LIBRESSL; -static const int CRYPTOGRAPHY_IS_BORINGSSL; """ FUNCTIONS = """ diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py index c378ad1..a3bf233 100644 --- a/src/_cffi_src/openssl/dh.py +++ b/src/_cffi_src/openssl/dh.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -9,156 +10,11 @@ TYPES = """ typedef ... DH; - -const long DH_NOT_SUITABLE_GENERATOR; """ FUNCTIONS = """ -DH *DH_new(void); void DH_free(DH *); -int DH_size(const DH *); -int DH_generate_key(DH *); -DH *DHparams_dup(DH *); - -/* added in 1.1.0 when the DH struct was opaqued */ -void DH_get0_pqg(const DH *, const BIGNUM **, const BIGNUM **, - const BIGNUM **); -int DH_set0_pqg(DH *, BIGNUM *, BIGNUM *, BIGNUM *); -void DH_get0_key(const DH *, const BIGNUM **, const BIGNUM **); -int DH_set0_key(DH *, BIGNUM *, BIGNUM *); - -int Cryptography_DH_check(const DH *, int *); -int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); -DH *d2i_DHparams_bio(BIO *, DH **); -int i2d_DHparams_bio(BIO *, DH *); -DH *Cryptography_d2i_DHxparams_bio(BIO *, DH **); -int Cryptography_i2d_DHxparams_bio(BIO *, DH *); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 -#ifndef DH_CHECK_Q_NOT_PRIME -#define DH_CHECK_Q_NOT_PRIME 0x10 -#endif - -#ifndef DH_CHECK_INVALID_Q_VALUE -#define DH_CHECK_INVALID_Q_VALUE 0x20 -#endif - -#ifndef DH_CHECK_INVALID_J_VALUE -#define DH_CHECK_INVALID_J_VALUE 0x40 -#endif - -/* DH_check implementation taken from OpenSSL 1.1.0pre6 */ - -/*- - * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. - */ - -int Cryptography_DH_check(const DH *dh, int *ret) -{ - int ok = 0, r; - BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *t1 = NULL, *t2 = NULL; - - *ret = 0; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - if (t1 == NULL) - goto err; - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - if (dh->q) { - if (BN_cmp(dh->g, BN_value_one()) <= 0) - *ret |= DH_NOT_SUITABLE_GENERATOR; - else if (BN_cmp(dh->g, dh->p) >= 0) - *ret |= DH_NOT_SUITABLE_GENERATOR; - else { - /* Check g^q == 1 mod p */ - if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) - goto err; - if (!BN_is_one(t1)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } - r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_Q_NOT_PRIME; - /* Check p == 1 mod q i.e. q divides p - 1 */ - if (!BN_div(t1, t2, dh->p, dh->q, ctx)) - goto err; - if (!BN_is_one(t2)) - *ret |= DH_CHECK_INVALID_Q_VALUE; - if (dh->j && BN_cmp(dh->j, t1)) - *ret |= DH_CHECK_INVALID_J_VALUE; - - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - - r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_P_NOT_PRIME; - else if (!dh->q) { - if (!BN_rshift1(t1, dh->p)) - goto err; - r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; - } - ok = 1; - err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return (ok); -} -#else -int Cryptography_DH_check(const DH *dh, int *ret) { - return DH_check(dh, ret); -} -#endif - -/* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ -/* Define our own to simplify support across all versions. */ -#if defined(EVP_PKEY_DHX) && EVP_PKEY_DHX != -1 -DH *Cryptography_d2i_DHxparams_bio(BIO *bp, DH **x) { - return ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x); -} -int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x) { - return ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x); -} -#else -DH *(*Cryptography_d2i_DHxparams_bio)(BIO *bp, DH **x) = NULL; -int (*Cryptography_i2d_DHxparams_bio)(BIO *bp, DH *x) = NULL; -#endif """ diff --git a/src/_cffi_src/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py index 7f3f452..2188939 100644 --- a/src/_cffi_src/openssl/dsa.py +++ b/src/_cffi_src/openssl/dsa.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -15,19 +16,7 @@ int DSA_generate_key(DSA *); DSA *DSA_new(void); void DSA_free(DSA *); -DSA *DSAparams_dup(DSA *); -int DSA_size(const DSA *); -int DSA_sign(int, const unsigned char *, int, unsigned char *, unsigned int *, - DSA *); -int DSA_verify(int, const unsigned char *, int, const unsigned char *, int, - DSA *); -/* added in 1.1.0 to access the opaque struct */ -void DSA_get0_pqg(const DSA *, const BIGNUM **, const BIGNUM **, - const BIGNUM **); -int DSA_set0_pqg(DSA *, BIGNUM *, BIGNUM *, BIGNUM *); -void DSA_get0_key(const DSA *, const BIGNUM **, const BIGNUM **); -int DSA_set0_key(DSA *, BIGNUM *, BIGNUM *); int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int, int *, unsigned long *, BN_GENCB *); """ diff --git a/src/_cffi_src/openssl/ec.py b/src/_cffi_src/openssl/ec.py index d9c3074..9450b12 100644 --- a/src/_cffi_src/openssl/ec.py +++ b/src/_cffi_src/openssl/ec.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -9,101 +10,20 @@ """ TYPES = """ -static const int Cryptography_HAS_EC2M; - -static const int OPENSSL_EC_NAMED_CURVE; - typedef ... EC_KEY; -typedef ... EC_GROUP; -typedef ... EC_POINT; -typedef ... EC_METHOD; typedef struct { int nid; const char *comment; } EC_builtin_curve; -typedef enum { - POINT_CONVERSION_COMPRESSED, - POINT_CONVERSION_UNCOMPRESSED, - ... -} point_conversion_form_t; """ FUNCTIONS = """ -void EC_GROUP_free(EC_GROUP *); - -EC_GROUP *EC_GROUP_new_by_curve_name(int); - -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); -const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); -int EC_GROUP_get_curve_name(const EC_GROUP *); - size_t EC_get_builtin_curves(EC_builtin_curve *, size_t); -EC_KEY *EC_KEY_new(void); void EC_KEY_free(EC_KEY *); EC_KEY *EC_KEY_new_by_curve_name(int); -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); -int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *, BN_CTX *); -int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); -int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); -int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); -void EC_KEY_set_asn1_flag(EC_KEY *, int); -int EC_KEY_generate_key(EC_KEY *); -int EC_KEY_set_public_key_affine_coordinates(EC_KEY *, BIGNUM *, BIGNUM *); - -EC_POINT *EC_POINT_new(const EC_GROUP *); -void EC_POINT_free(EC_POINT *); -void EC_POINT_clear_free(EC_POINT *); -EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); - -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *, const BIGNUM *, BN_CTX *); - -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, - const EC_POINT *, BIGNUM *, BIGNUM *, BN_CTX *); - -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, - const EC_POINT *, BIGNUM *, BIGNUM *, BN_CTX *); - -size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t, - unsigned char *, size_t, BN_CTX *); - -int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *, size_t, BN_CTX *); - -int EC_POINT_add(const EC_GROUP *, EC_POINT *, const EC_POINT *, - const EC_POINT *, BN_CTX *); - -int EC_POINT_dbl(const EC_GROUP *, EC_POINT *, const EC_POINT *, BN_CTX *); -int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); - -int EC_POINT_cmp( - const EC_GROUP *, const EC_POINT *, const EC_POINT *, BN_CTX *); - -int EC_POINT_mul(const EC_GROUP *, EC_POINT *, const BIGNUM *, - const EC_POINT *, const BIGNUM *, BN_CTX *); - -int EC_METHOD_get_field_type(const EC_METHOD *); - -const char *EC_curve_nid2nist(int); - -int EC_GROUP_get_asn1_flag(const EC_GROUP *); """ CUSTOMIZATIONS = """ -#if defined(OPENSSL_NO_EC2M) -static const long Cryptography_HAS_EC2M = 0; - -int (*EC_POINT_get_affine_coordinates_GF2m)(const EC_GROUP *, - const EC_POINT *, BIGNUM *, BIGNUM *, BN_CTX *) = NULL; - -#else -static const long Cryptography_HAS_EC2M = 1; -#endif """ diff --git a/src/_cffi_src/openssl/ecdsa.py b/src/_cffi_src/openssl/ecdsa.py deleted file mode 100644 index 53294af..0000000 --- a/src/_cffi_src/openssl/ecdsa.py +++ /dev/null @@ -1,23 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#include -""" - -TYPES = """ -""" - -FUNCTIONS = """ -int ECDSA_sign(int, const unsigned char *, int, unsigned char *, - unsigned int *, EC_KEY *); -int ECDSA_verify(int, const unsigned char *, int, const unsigned char *, int, - EC_KEY *); -int ECDSA_size(const EC_KEY *); - -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py index 9931639..9629a2c 100644 --- a/src/_cffi_src/openssl/engine.py +++ b/src/_cffi_src/openssl/engine.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -41,18 +42,20 @@ typedef void UI_METHOD; #endif -/* Despite being OPENSSL_NO_ENGINE, BoringSSL defines these symbols. */ -#if !CRYPTOGRAPHY_IS_BORINGSSL +/* Despite being OPENSSL_NO_ENGINE, BoringSSL/LibreSSL define these symbols. */ +#if !CRYPTOGRAPHY_IS_BORINGSSL && !CRYPTOGRAPHY_IS_LIBRESSL int (*ENGINE_free)(ENGINE *) = NULL; void (*ENGINE_load_builtin_engines)(void) = NULL; #endif -ENGINE *(*ENGINE_by_id)(const char *) = NULL; -int (*ENGINE_init)(ENGINE *) = NULL; -int (*ENGINE_finish)(ENGINE *) = NULL; ENGINE *(*ENGINE_get_default_RAND)(void) = NULL; int (*ENGINE_set_default_RAND)(ENGINE *) = NULL; void (*ENGINE_unregister_RAND)(ENGINE *) = NULL; + +#if !CRYPTOGRAPHY_IS_LIBRESSL +ENGINE *(*ENGINE_by_id)(const char *) = NULL; +int (*ENGINE_init)(ENGINE *) = NULL; +int (*ENGINE_finish)(ENGINE *) = NULL; int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *, void (*)(void), int) = NULL; @@ -65,6 +68,7 @@ void *) = NULL; EVP_PKEY *(*ENGINE_load_public_key)(ENGINE *, const char *, UI_METHOD *, void *) = NULL; +#endif #else static const long Cryptography_HAS_ENGINE = 1; diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index dc27abb..a86e560 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -2,41 +2,28 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -static const int CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; - static const int EVP_F_EVP_ENCRYPTFINAL_EX; static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; -static const int EVP_R_BAD_DECRYPT; -static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM; -static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; -static const int PEM_R_UNSUPPORTED_ENCRYPTION; -static const int EVP_R_XTS_DUPLICATED_KEYS; static const int ERR_LIB_EVP; -static const int ERR_LIB_PEM; -static const int ERR_LIB_PROV; -static const int ERR_LIB_ASN1; -static const int ERR_LIB_PKCS12; static const int SSL_TLSEXT_ERR_OK; static const int SSL_TLSEXT_ERR_ALERT_FATAL; static const int SSL_TLSEXT_ERR_NOACK; -static const int X509_R_CERT_ALREADY_IN_HASH_TABLE; - static const int SSL_R_UNEXPECTED_EOF_WHILE_READING; static const int Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING; """ FUNCTIONS = """ -void ERR_error_string_n(unsigned long, char *, size_t); const char *ERR_lib_error_string(unsigned long); const char *ERR_func_error_string(unsigned long); const char *ERR_reason_error_string(unsigned long); @@ -45,31 +32,13 @@ void ERR_clear_error(void); void ERR_put_error(int, int, int, const char *, int); -int ERR_GET_LIB(unsigned long); int ERR_GET_REASON(unsigned long); - """ CUSTOMIZATIONS = """ -/* This define is tied to provider support and is conditionally - removed if Cryptography_HAS_PROVIDERS is false */ -#ifndef ERR_LIB_PROV -#define ERR_LIB_PROV 0 -#endif - -#if !CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER || CRYPTOGRAPHY_IS_BORINGSSL -static const int EVP_R_XTS_DUPLICATED_KEYS = 0; -#endif - #if CRYPTOGRAPHY_IS_BORINGSSL -static const int ERR_LIB_PKCS12 = 0; static const int EVP_F_EVP_ENCRYPTFINAL_EX = 0; -static const int EVP_R_BAD_DECRYPT = 0; static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH = 0; -static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM = 0; -static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR = 0; -#else -static const int CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH = 0; #endif /* SSL_R_UNEXPECTED_EOF_WHILE_READING is needed for pyOpenSSL diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py index f4d9fb9..f25c9bb 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -9,60 +10,23 @@ TYPES = """ typedef ... EVP_CIPHER; -typedef ... EVP_CIPHER_CTX; typedef ... EVP_MD; typedef ... EVP_MD_CTX; typedef ... EVP_PKEY; typedef ... EVP_PKEY_CTX; static const int EVP_PKEY_RSA; -static const int EVP_PKEY_RSA_PSS; static const int EVP_PKEY_DSA; static const int EVP_PKEY_DH; -static const int EVP_PKEY_DHX; static const int EVP_PKEY_EC; -static const int EVP_PKEY_X25519; -static const int EVP_PKEY_ED25519; -static const int EVP_PKEY_X448; -static const int EVP_PKEY_ED448; -static const int EVP_PKEY_POLY1305; static const int EVP_MAX_MD_SIZE; -static const int EVP_CTRL_AEAD_SET_IVLEN; -static const int EVP_CTRL_AEAD_GET_TAG; -static const int EVP_CTRL_AEAD_SET_TAG; -static const int Cryptography_HAS_SCRYPT; static const int Cryptography_HAS_EVP_PKEY_DHX; -static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; -static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY; -static const long Cryptography_HAS_RAW_KEY; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF; -static const long Cryptography_HAS_300_FIPS; -static const long Cryptography_HAS_300_EVP_CIPHER; -static const long Cryptography_HAS_EVP_PKEY_DH; """ FUNCTIONS = """ const EVP_CIPHER *EVP_get_cipherbyname(const char *); -EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *, const char *, const char *); -void EVP_CIPHER_free(EVP_CIPHER *); -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); -int EVP_CipherInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, - const unsigned char *, const unsigned char *, int); -int EVP_CipherUpdate(EVP_CIPHER_CTX *, unsigned char *, int *, - const unsigned char *, int); -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); -int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *); -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); - -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); -int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); -int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t); -int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *); -int EVP_DigestFinalXOF(EVP_MD_CTX *, unsigned char *, size_t); const EVP_MD *EVP_get_digestbyname(const char *); EVP_PKEY *EVP_PKEY_new(void); @@ -70,13 +34,6 @@ int EVP_PKEY_type(int); int EVP_PKEY_size(EVP_PKEY *); RSA *EVP_PKEY_get1_RSA(EVP_PKEY *); -DSA *EVP_PKEY_get1_DSA(EVP_PKEY *); -DH *EVP_PKEY_get1_DH(EVP_PKEY *); - -int EVP_PKEY_encrypt(EVP_PKEY_CTX *, unsigned char *, size_t *, - const unsigned char *, size_t); -int EVP_PKEY_decrypt(EVP_PKEY_CTX *, unsigned char *, size_t *, - const unsigned char *, size_t); int EVP_SignInit(EVP_MD_CTX *, const EVP_MD *); int EVP_SignUpdate(EVP_MD_CTX *, const void *, size_t); @@ -87,87 +44,18 @@ int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); -int EVP_DigestSignInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, - ENGINE *, EVP_PKEY *); -int EVP_DigestSignUpdate(EVP_MD_CTX *, const void *, size_t); -int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *); -int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, - ENGINE *, EVP_PKEY *); - - - -EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *); -void EVP_PKEY_CTX_free(EVP_PKEY_CTX *); -int EVP_PKEY_sign_init(EVP_PKEY_CTX *); -int EVP_PKEY_sign(EVP_PKEY_CTX *, unsigned char *, size_t *, - const unsigned char *, size_t); -int EVP_PKEY_verify_init(EVP_PKEY_CTX *); -int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t); -int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *); -int EVP_PKEY_verify_recover(EVP_PKEY_CTX *, unsigned char *, - size_t *, const unsigned char *, size_t); -int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *); -int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *); int EVP_PKEY_set1_RSA(EVP_PKEY *, RSA *); int EVP_PKEY_set1_DSA(EVP_PKEY *, DSA *); -int EVP_PKEY_set1_DH(EVP_PKEY *, DH *); - -int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *); - -int EVP_PKEY_keygen_init(EVP_PKEY_CTX *); -int EVP_PKEY_keygen(EVP_PKEY_CTX *, EVP_PKEY **); -int EVP_PKEY_derive_init(EVP_PKEY_CTX *); -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *, EVP_PKEY *); -int EVP_PKEY_derive(EVP_PKEY_CTX *, unsigned char *, size_t *); -int EVP_PKEY_set_type(EVP_PKEY *, int); int EVP_PKEY_id(const EVP_PKEY *); EVP_MD_CTX *EVP_MD_CTX_new(void); void EVP_MD_CTX_free(EVP_MD_CTX *); -/* Added in 1.1.1 */ -int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *, size_t); -int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t); -/* Added in 1.1.0 */ -size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **); -int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *, - size_t); +int EVP_PKEY_bits(const EVP_PKEY *); -/* EVP_PKEY * became const in 1.1.0 */ -int EVP_PKEY_bits(EVP_PKEY *); - -void OpenSSL_add_all_algorithms(void); int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); - -EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *); -int EVP_PKEY_set1_EC_KEY(EVP_PKEY *, EC_KEY *); - -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); - -int PKCS5_PBKDF2_HMAC(const char *, int, const unsigned char *, int, int, - const EVP_MD *, int, unsigned char *); - -int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *); - -int EVP_PBE_scrypt(const char *, size_t, const unsigned char *, size_t, - uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, - size_t); - -EVP_PKEY *EVP_PKEY_new_raw_private_key(int, ENGINE *, const unsigned char *, - size_t); -EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, - size_t); -int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *); -int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); - -int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *); -int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int); """ CUSTOMIZATIONS = """ @@ -175,129 +63,5 @@ const long Cryptography_HAS_EVP_PKEY_DHX = 1; #else const long Cryptography_HAS_EVP_PKEY_DHX = 0; -const long EVP_PKEY_DHX = -1; -#endif - -EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) { - return EVP_MD_CTX_new(); -} -void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) { - EVP_MD_CTX_free(md); -} - -#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT) -static const long Cryptography_HAS_SCRYPT = 0; -int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, - uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, - size_t) = NULL; -#else -static const long Cryptography_HAS_SCRYPT = 1; -#endif - -#if !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; -#else -static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; -size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL; -int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, - size_t) = NULL; -#endif - -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ - (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) -static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; -int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *tbs, size_t) = NULL; -int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t) = NULL; -#else -static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_RAW_KEY = 0; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; -int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; -EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; -EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; -int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; -int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; -#else -static const long Cryptography_HAS_RAW_KEY = 1; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; -#endif - -/* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */ -#if !defined(EVP_CTRL_AEAD_SET_IVLEN) -# define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -#endif -#if !defined(EVP_CTRL_AEAD_GET_TAG) -# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG -#endif -#if !defined(EVP_CTRL_AEAD_SET_TAG) -# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG -#endif - -/* This is tied to X25519 support so we reuse the Cryptography_HAS_X25519 - conditional to remove it. OpenSSL 1.1.0 didn't have this define, but - 1.1.1 will when it is released. We can remove this in the distant - future when we drop 1.1.0 support. */ -#ifndef EVP_PKEY_X25519 -#define EVP_PKEY_X25519 NID_X25519 -#endif - -/* This is tied to X448 support so we reuse the Cryptography_HAS_X448 - conditional to remove it. OpenSSL 1.1.1 adds this define. We can remove - this in the distant future when we drop 1.1.0 support. */ -#ifndef EVP_PKEY_X448 -#define EVP_PKEY_X448 NID_X448 -#endif - -/* This is tied to ED25519 support so we reuse the Cryptography_HAS_ED25519 - conditional to remove it. */ -#ifndef EVP_PKEY_ED25519 -#define EVP_PKEY_ED25519 NID_ED25519 -#endif - -/* This is tied to ED448 support so we reuse the Cryptography_HAS_ED448 - conditional to remove it. */ -#ifndef EVP_PKEY_ED448 -#define EVP_PKEY_ED448 NID_ED448 -#endif - -/* This is tied to poly1305 support so we reuse the Cryptography_HAS_POLY1305 - conditional to remove it. */ -#ifndef EVP_PKEY_POLY1305 -#define EVP_PKEY_POLY1305 NID_poly1305 -#endif - -#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -static const long Cryptography_HAS_300_FIPS = 1; -static const long Cryptography_HAS_300_EVP_CIPHER = 1; -#else -static const long Cryptography_HAS_300_FIPS = 0; -static const long Cryptography_HAS_300_EVP_CIPHER = 0; -int (*EVP_default_properties_is_fips_enabled)(OSSL_LIB_CTX *) = NULL; -int (*EVP_default_properties_enable_fips)(OSSL_LIB_CTX *, int) = NULL; -EVP_CIPHER * (*EVP_CIPHER_fetch)(OSSL_LIB_CTX *, const char *, - const char *) = NULL; -void (*EVP_CIPHER_free)(EVP_CIPHER *) = NULL; -#endif - -#if CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_EVP_PKEY_DH = 0; -int (*EVP_PKEY_set1_DH)(EVP_PKEY *, DH *) = NULL; -#else -static const long Cryptography_HAS_EVP_PKEY_DH = 1; -#endif - -// This can be removed when we drop OpenSSL 1.1.0 support -// OPENSSL_LESS_THAN_111 -#if !defined(EVP_PKEY_RSA_PSS) -#define EVP_PKEY_RSA_PSS 912 #endif """ diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py deleted file mode 100644 index dd81d06..0000000 --- a/src/_cffi_src/openssl/fips.py +++ /dev/null @@ -1,27 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#include -""" - -TYPES = """ -static const long Cryptography_HAS_FIPS; -""" - -FUNCTIONS = """ -int FIPS_mode_set(int); -int FIPS_mode(void); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -static const long Cryptography_HAS_FIPS = 0; -int (*FIPS_mode_set)(int) = NULL; -int (*FIPS_mode)(void) = NULL; -#else -static const long Cryptography_HAS_FIPS = 1; -#endif -""" diff --git a/src/_cffi_src/openssl/hmac.py b/src/_cffi_src/openssl/hmac.py deleted file mode 100644 index 8b19153..0000000 --- a/src/_cffi_src/openssl/hmac.py +++ /dev/null @@ -1,25 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#include -""" - -TYPES = """ -typedef ... HMAC_CTX; -""" - -FUNCTIONS = """ -int HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *); -int HMAC_Update(HMAC_CTX *, const unsigned char *, size_t); -int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *); -int HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *); - -HMAC_CTX *HMAC_CTX_new(void); -void HMAC_CTX_free(HMAC_CTX *ctx); -""" - -CUSTOMIZATIONS = """ -""" diff --git a/src/_cffi_src/openssl/nid.py b/src/_cffi_src/openssl/nid.py index 3099912..9051977 100644 --- a/src/_cffi_src/openssl/nid.py +++ b/src/_cffi_src/openssl/nid.py @@ -2,51 +2,21 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -static const int Cryptography_HAS_ED448; -static const int Cryptography_HAS_ED25519; -static const int Cryptography_HAS_POLY1305; - static const int NID_undef; -static const int NID_aes_256_cbc; -static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -static const int NID_X25519; -static const int NID_X448; -static const int NID_ED25519; -static const int NID_ED448; -static const int NID_poly1305; static const int NID_subject_alt_name; static const int NID_crl_reason; - -static const int NID_pkcs7_signed; """ FUNCTIONS = """ """ CUSTOMIZATIONS = """ -#ifndef NID_ED25519 -static const long Cryptography_HAS_ED25519 = 0; -static const int NID_ED25519 = 0; -#else -static const long Cryptography_HAS_ED25519 = 1; -#endif -#ifndef NID_ED448 -static const long Cryptography_HAS_ED448 = 0; -static const int NID_ED448 = 0; -#else -static const long Cryptography_HAS_ED448 = 1; -#endif -#ifndef NID_poly1305 -static const long Cryptography_HAS_POLY1305 = 0; -static const int NID_poly1305 = 0; -#else -static const long Cryptography_HAS_POLY1305 = 1; -#endif """ diff --git a/src/_cffi_src/openssl/objects.py b/src/_cffi_src/openssl/objects.py index 9911599..cf79cfa 100644 --- a/src/_cffi_src/openssl/objects.py +++ b/src/_cffi_src/openssl/objects.py @@ -2,29 +2,20 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -typedef struct { - int type; - int alias; - const char *name; - const char *data; -} OBJ_NAME; - -static const long OBJ_NAME_TYPE_MD_METH; """ FUNCTIONS = """ const char *OBJ_nid2ln(int); const char *OBJ_nid2sn(int); int OBJ_obj2nid(const ASN1_OBJECT *); -int OBJ_sn2nid(const char *); int OBJ_txt2nid(const char *); -ASN1_OBJECT *OBJ_txt2obj(const char *, int); """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/openssl/opensslv.py b/src/_cffi_src/openssl/opensslv.py index 630ebd7..7957bd7 100644 --- a/src/_cffi_src/openssl/opensslv.py +++ b/src/_cffi_src/openssl/opensslv.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include diff --git a/src/_cffi_src/openssl/osrandom_engine.py b/src/_cffi_src/openssl/osrandom_engine.py deleted file mode 100644 index dbc304b..0000000 --- a/src/_cffi_src/openssl/osrandom_engine.py +++ /dev/null @@ -1,23 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import os - -HERE = os.path.dirname(os.path.abspath(__file__)) - -with open(os.path.join(HERE, "src/osrandom_engine.h")) as f: - INCLUDES = f.read() - -TYPES = """ -static const char *const Cryptography_osrandom_engine_name; -static const char *const Cryptography_osrandom_engine_id; -""" - -FUNCTIONS = """ -int Cryptography_add_osrandom_engine(void); -""" - -with open(os.path.join(HERE, "src/osrandom_engine.c")) as f: - CUSTOMIZATIONS = f.read() diff --git a/src/_cffi_src/openssl/pem.py b/src/_cffi_src/openssl/pem.py index 2ebcdf6..04badc4 100644 --- a/src/_cffi_src/openssl/pem.py +++ b/src/_cffi_src/openssl/pem.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -21,18 +22,6 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *, EVP_PKEY **, pem_password_cb *, void *); -int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, - char *, int, pem_password_cb *, void *); - -int i2d_PKCS8PrivateKey_bio(BIO *, EVP_PKEY *, const EVP_CIPHER *, - char *, int, pem_password_cb *, void *); - -int i2d_PKCS7_bio(BIO *, PKCS7 *); -PKCS7 *d2i_PKCS7_bio(BIO *, PKCS7 **); - -EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *, EVP_PKEY **, pem_password_cb *, - void *); - int PEM_write_bio_X509_REQ(BIO *, X509_REQ *); X509_REQ *PEM_read_bio_X509_REQ(BIO *, X509_REQ **, pem_password_cb *, void *); @@ -41,34 +30,11 @@ int PEM_write_bio_X509_CRL(BIO *, X509_CRL *); -PKCS7 *PEM_read_bio_PKCS7(BIO *, PKCS7 **, pem_password_cb *, void *); -int PEM_write_bio_PKCS7(BIO *, PKCS7 *); - DH *PEM_read_bio_DHparams(BIO *, DH **, pem_password_cb *, void *); -int PEM_write_bio_DSAPrivateKey(BIO *, DSA *, const EVP_CIPHER *, - unsigned char *, int, - pem_password_cb *, void *); - -int PEM_write_bio_RSAPrivateKey(BIO *, RSA *, const EVP_CIPHER *, - unsigned char *, int, - pem_password_cb *, void *); - -RSA *PEM_read_bio_RSAPublicKey(BIO *, RSA **, pem_password_cb *, void *); - -int PEM_write_bio_RSAPublicKey(BIO *, const RSA *); - EVP_PKEY *PEM_read_bio_PUBKEY(BIO *, EVP_PKEY **, pem_password_cb *, void *); int PEM_write_bio_PUBKEY(BIO *, EVP_PKEY *); -int PEM_write_bio_ECPrivateKey(BIO *, EC_KEY *, const EVP_CIPHER *, - unsigned char *, int, pem_password_cb *, - void *); -int PEM_write_bio_DHparams(BIO *, DH *); -int PEM_write_bio_DHxparams(BIO *, DH *); """ CUSTOMIZATIONS = """ -#if !defined(EVP_PKEY_DHX) || EVP_PKEY_DHX == -1 -int (*PEM_write_bio_DHxparams)(BIO *, DH *) = NULL; -#endif """ diff --git a/src/_cffi_src/openssl/pkcs12.py b/src/_cffi_src/openssl/pkcs12.py deleted file mode 100644 index 135afc9..0000000 --- a/src/_cffi_src/openssl/pkcs12.py +++ /dev/null @@ -1,37 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#include -""" - -TYPES = """ -static const long Cryptography_HAS_PKCS12_SET_MAC; - -typedef ... PKCS12; -""" - -FUNCTIONS = """ -void PKCS12_free(PKCS12 *); - -PKCS12 *d2i_PKCS12_bio(BIO *, PKCS12 **); -int i2d_PKCS12_bio(BIO *, PKCS12 *); -int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, - Cryptography_STACK_OF_X509 **); -PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, - Cryptography_STACK_OF_X509 *, int, int, int, int, int); -int PKCS12_set_mac(PKCS12 *, const char *, int, unsigned char *, int, int, - const EVP_MD *); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_PKCS12_SET_MAC = 0; -int (*PKCS12_set_mac)(PKCS12 *, const char *, int, unsigned char *, int, int, - const EVP_MD *) = NULL; -#else -static const long Cryptography_HAS_PKCS12_SET_MAC = 1; -#endif -""" diff --git a/src/_cffi_src/openssl/pkcs7.py b/src/_cffi_src/openssl/pkcs7.py index c802fac..27631f4 100644 --- a/src/_cffi_src/openssl/pkcs7.py +++ b/src/_cffi_src/openssl/pkcs7.py @@ -2,102 +2,20 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -static const long Cryptography_HAS_PKCS7_FUNCS; - -typedef struct { - Cryptography_STACK_OF_X509 *cert; - Cryptography_STACK_OF_X509_CRL *crl; - ...; -} PKCS7_SIGNED; - -typedef struct { - Cryptography_STACK_OF_X509 *cert; - Cryptography_STACK_OF_X509_CRL *crl; - ...; -} PKCS7_SIGN_ENVELOPE; - -typedef ... PKCS7_DIGEST; -typedef ... PKCS7_ENCRYPT; -typedef ... PKCS7_ENVELOPE; -typedef ... PKCS7_SIGNER_INFO; - -typedef struct { - ASN1_OBJECT *type; - union { - char *ptr; - ASN1_OCTET_STRING *data; - PKCS7_SIGNED *sign; - PKCS7_ENVELOPE *enveloped; - PKCS7_SIGN_ENVELOPE *signed_and_enveloped; - PKCS7_DIGEST *digest; - PKCS7_ENCRYPT *encrypted; - ASN1_TYPE *other; - } d; - ...; -} PKCS7; - -static const int PKCS7_BINARY; -static const int PKCS7_DETACHED; -static const int PKCS7_NOATTR; -static const int PKCS7_NOCERTS; -static const int PKCS7_NOCHAIN; -static const int PKCS7_NOINTERN; -static const int PKCS7_NOSIGS; -static const int PKCS7_NOSMIMECAP; -static const int PKCS7_NOVERIFY; -static const int PKCS7_STREAM; -static const int PKCS7_TEXT; -static const int PKCS7_PARTIAL; +typedef ... PKCS7; """ FUNCTIONS = """ void PKCS7_free(PKCS7 *); -PKCS7 *PKCS7_sign(X509 *, EVP_PKEY *, Cryptography_STACK_OF_X509 *, - BIO *, int); -int SMIME_write_PKCS7(BIO *, PKCS7 *, BIO *, int); -int PEM_write_bio_PKCS7_stream(BIO *, PKCS7 *, BIO *, int); -PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *, X509 *, EVP_PKEY *, - const EVP_MD *, int); -int PKCS7_final(PKCS7 *, BIO *, int); -/* Included verify due to external consumer, see - https://github.com/pyca/cryptography/issues/5433 */ -int PKCS7_verify(PKCS7 *, Cryptography_STACK_OF_X509 *, X509_STORE *, BIO *, - BIO *, int); PKCS7 *SMIME_read_PKCS7(BIO *, BIO **); -/* Included due to external consumer, see - https://github.com/pyca/pyopenssl/issues/1031 */ -Cryptography_STACK_OF_X509 *PKCS7_get0_signers(PKCS7 *, - Cryptography_STACK_OF_X509 *, - int); - -int PKCS7_type_is_signed(PKCS7 *); -int PKCS7_type_is_enveloped(PKCS7 *); -int PKCS7_type_is_signedAndEnveloped(PKCS7 *); -int PKCS7_type_is_data(PKCS7 *); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_PKCS7_FUNCS = 0; - -int (*SMIME_write_PKCS7)(BIO *, PKCS7 *, BIO *, int) = NULL; -int (*PEM_write_bio_PKCS7_stream)(BIO *, PKCS7 *, BIO *, int) = NULL; -PKCS7_SIGNER_INFO *(*PKCS7_sign_add_signer)(PKCS7 *, X509 *, EVP_PKEY *, - const EVP_MD *, int) = NULL; -int (*PKCS7_final)(PKCS7 *, BIO *, int); -int (*PKCS7_verify)(PKCS7 *, Cryptography_STACK_OF_X509 *, X509_STORE *, BIO *, - BIO *, int) = NULL; -PKCS7 *(*SMIME_read_PKCS7)(BIO *, BIO **) = NULL; -Cryptography_STACK_OF_X509 *(*PKCS7_get0_signers)(PKCS7 *, - Cryptography_STACK_OF_X509 *, - int) = NULL; -#else -static const long Cryptography_HAS_PKCS7_FUNCS = 1; -#endif """ diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py deleted file mode 100644 index d741ad7..0000000 --- a/src/_cffi_src/openssl/provider.py +++ /dev/null @@ -1,42 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -INCLUDES = """ -#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -#include -#include -#endif -""" - -TYPES = """ -static const long Cryptography_HAS_PROVIDERS; - -typedef ... OSSL_PROVIDER; -typedef ... OSSL_LIB_CTX; - -static const long PROV_R_BAD_DECRYPT; -static const long PROV_R_XTS_DUPLICATED_KEYS; -static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH; -""" - -FUNCTIONS = """ -OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *); -int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -static const long Cryptography_HAS_PROVIDERS = 1; -#else -static const long Cryptography_HAS_PROVIDERS = 0; -typedef void OSSL_PROVIDER; -typedef void OSSL_LIB_CTX; -static const long PROV_R_BAD_DECRYPT = 0; -static const long PROV_R_XTS_DUPLICATED_KEYS = 0; -static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH = 0; -OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL; -int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL; -#endif -""" diff --git a/src/_cffi_src/openssl/rand.py b/src/_cffi_src/openssl/rand.py index 9e95fe7..50fbeb2 100644 --- a/src/_cffi_src/openssl/rand.py +++ b/src/_cffi_src/openssl/rand.py @@ -2,17 +2,16 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include """ TYPES = """ -typedef ... RAND_METHOD; """ FUNCTIONS = """ -int RAND_set_rand_method(const RAND_METHOD *); void RAND_add(const void *, int, double); int RAND_status(void); int RAND_bytes(unsigned char *, int); diff --git a/src/_cffi_src/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py index c8e3e5a..89e4647 100644 --- a/src/_cffi_src/openssl/rsa.py +++ b/src/_cffi_src/openssl/rsa.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -10,12 +11,9 @@ TYPES = """ typedef ... RSA; typedef ... BN_GENCB; -static const int RSA_PKCS1_PADDING; -static const int RSA_NO_PADDING; -static const int RSA_PKCS1_OAEP_PADDING; -static const int RSA_PKCS1_PSS_PADDING; static const int RSA_F4; -static const int RSA_PSS_SALTLEN_AUTO; + +static const int Cryptography_HAS_IMPLICIT_RSA_REJECTION; """ FUNCTIONS = """ @@ -23,31 +21,13 @@ void RSA_free(RSA *); int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); int RSA_check_key(const RSA *); -RSA *RSAPublicKey_dup(RSA *); -int RSA_blinding_on(RSA *, BN_CTX *); int RSA_print(BIO *, const RSA *, int); - -/* added in 1.1.0 when the RSA struct was opaqued */ -int RSA_set0_key(RSA *, BIGNUM *, BIGNUM *, BIGNUM *); -int RSA_set0_factors(RSA *, BIGNUM *, BIGNUM *); -int RSA_set0_crt_params(RSA *, BIGNUM *, BIGNUM *, BIGNUM *); -void RSA_get0_key(const RSA *, const BIGNUM **, const BIGNUM **, - const BIGNUM **); -void RSA_get0_factors(const RSA *, const BIGNUM **, const BIGNUM **); -void RSA_get0_crt_params(const RSA *, const BIGNUM **, const BIGNUM **, - const BIGNUM **); -int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int); -int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int); -int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *, EVP_MD *); -int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *, unsigned char *, int); - -int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *, EVP_MD *); """ CUSTOMIZATIONS = """ -// BoringSSL doesn't define this constant, but the value is used for -// automatic salt length computation as in OpenSSL and LibreSSL -#if !defined(RSA_PSS_SALTLEN_AUTO) -#define RSA_PSS_SALTLEN_AUTO -2 +#if defined(EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION) +static const int Cryptography_HAS_IMPLICIT_RSA_REJECTION = 1; +#else +static const int Cryptography_HAS_IMPLICIT_RSA_REJECTION = 0; #endif """ diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c deleted file mode 100644 index a84857b..0000000 --- a/src/_cffi_src/openssl/src/osrandom_engine.c +++ /dev/null @@ -1,660 +0,0 @@ -/* osurandom engine - * - * Windows CryptGenRandom() - * macOS >= 10.12 getentropy() - * OpenBSD 5.6+ getentropy() - * other BSD getentropy() if SYS_getentropy is defined - * Linux 3.17+ getrandom() with fallback to /dev/urandom - * other /dev/urandom with cached fd - * - * The /dev/urandom, getrandom and getentropy code is derived from Python's - * Python/random.c, written by Antoine Pitrou and Victor Stinner. - * - * Copyright 2001-2016 Python Software Foundation; All Rights Reserved. - */ - -#ifdef __linux__ -#include -#endif - -#if CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE -/* OpenSSL has ENGINE support and is older than 1.1.1d (the first version that - * properly implements fork safety in its RNG) so build the engine. */ -static const char *Cryptography_osrandom_engine_id = "osrandom"; - -/**************************************************************************** - * Windows - */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine CryptGenRandom()"; -static HCRYPTPROV hCryptProv = 0; - -static int osrandom_init(ENGINE *e) { - if (hCryptProv != 0) { - return 1; - } - if (CryptAcquireContext(&hCryptProv, NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - return 1; - } else { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_INIT, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT, - __FILE__, __LINE__ - ); - return 0; - } -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - if (hCryptProv == 0) { - return 0; - } - - if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM, - __FILE__, __LINE__ - ); - return 0; - } - return 1; -} - -static int osrandom_finish(ENGINE *e) { - if (CryptReleaseContext(hCryptProv, 0)) { - hCryptProv = 0; - return 1; - } else { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_FINISH, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT, - __FILE__, __LINE__ - ); - return 0; - } -} - -static int osrandom_rand_status(void) { - return hCryptProv != 0; -} - -static const char *osurandom_get_implementation(void) { - return "CryptGenRandom"; -} - -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM */ - -/**************************************************************************** - * /dev/urandom helpers for all non-BSD Unix platforms - */ -#ifdef CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM - -static struct { - int fd; - dev_t st_dev; - ino_t st_ino; -} urandom_cache = { -1 }; - -static int open_cloexec(const char *path) { - int open_flags = O_RDONLY; -#ifdef O_CLOEXEC - open_flags |= O_CLOEXEC; -#endif - - int fd = open(path, open_flags); - if (fd == -1) { - return -1; - } - -#ifndef O_CLOEXEC - int flags = fcntl(fd, F_GETFD); - if (flags == -1) { - return -1; - } - if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) { - return -1; - } -#endif - return fd; -} - -#ifdef __linux__ -/* On Linux, we open("/dev/random") and use poll() to wait until it's readable - * before we read from /dev/urandom, this ensures that we don't read from - * /dev/urandom before the kernel CSPRNG is initialized. This isn't necessary on - * other platforms because they don't have the same _bug_ as Linux does with - * /dev/urandom and early boot. */ -static int wait_on_devrandom(void) { - struct pollfd pfd = {}; - int ret = 0; - int random_fd = open_cloexec("/dev/random"); - if (random_fd < 0) { - return -1; - } - pfd.fd = random_fd; - pfd.events = POLLIN; - pfd.revents = 0; - do { - ret = poll(&pfd, 1, -1); - } while (ret < 0 && (errno == EINTR || errno == EAGAIN)); - close(random_fd); - return ret; -} -#endif - -/* return -1 on error */ -static int dev_urandom_fd(void) { - int fd = -1; - struct stat st; - - /* Check that fd still points to the correct device */ - if (urandom_cache.fd >= 0) { - if (fstat(urandom_cache.fd, &st) - || st.st_dev != urandom_cache.st_dev - || st.st_ino != urandom_cache.st_ino) { - /* Somebody replaced our FD. Invalidate our cache but don't - * close the fd. */ - urandom_cache.fd = -1; - } - } - if (urandom_cache.fd < 0) { -#ifdef __linux__ - if (wait_on_devrandom() < 0) { - goto error; - } -#endif - - fd = open_cloexec("/dev/urandom"); - if (fd < 0) { - goto error; - } - if (fstat(fd, &st)) { - goto error; - } - /* Another thread initialized the fd */ - if (urandom_cache.fd >= 0) { - close(fd); - return urandom_cache.fd; - } - urandom_cache.st_dev = st.st_dev; - urandom_cache.st_ino = st.st_ino; - urandom_cache.fd = fd; - } - return urandom_cache.fd; - - error: - if (fd != -1) { - close(fd); - } - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD, - CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED, - __FILE__, __LINE__ - ); - return -1; -} - -static int dev_urandom_read(unsigned char *buffer, int size) { - int fd; - int n; - - fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - - while (size > 0) { - do { - n = (int)read(fd, buffer, (size_t)size); - } while (n < 0 && errno == EINTR); - - if (n <= 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ, - CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += n; - size -= n; - } - return 1; -} - -static void dev_urandom_close(void) { - if (urandom_cache.fd >= 0) { - int fd; - struct stat st; - - if (fstat(urandom_cache.fd, &st) - && st.st_dev == urandom_cache.st_dev - && st.st_ino == urandom_cache.st_ino) { - fd = urandom_cache.fd; - urandom_cache.fd = -1; - close(fd); - } - } -} -#endif /* CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM */ - -/**************************************************************************** - * BSD getentropy - */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY -static const char *Cryptography_osrandom_engine_name = "osrandom_engine getentropy()"; - -static int getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT; - -static int osrandom_init(ENGINE *e) { -#if !defined(__APPLE__) - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; -#else - if (__builtin_available(macOS 10.12, *)) { - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; - } else { - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK; - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - } -#endif - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - int len; - int res; - - switch(getentropy_works) { -#if defined(__APPLE__) - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: - return dev_urandom_read(buffer, size); -#endif - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: - while (size > 0) { - /* OpenBSD and macOS restrict maximum buffer size to 256. */ - len = size > 256 ? 256 : size; -/* on mac, availability is already checked using `__builtin_available` above */ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability" - res = getentropy(buffer, (size_t)len); -#pragma clang diagnostic pop - if (res < 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += len; - size -= len; - } - return 1; - } - __builtin_unreachable(); -} - -static int osrandom_finish(ENGINE *e) { - return 1; -} - -static int osrandom_rand_status(void) { - return 1; -} - -static const char *osurandom_get_implementation(void) { - switch(getentropy_works) { - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: - return "/dev/urandom"; - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: - return "getentropy"; - } - __builtin_unreachable(); -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY */ - -/**************************************************************************** - * Linux getrandom engine with fallback to dev_urandom - */ - -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine getrandom()"; - -static int getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT; - -static int osrandom_init(ENGINE *e) { - /* We try to detect working getrandom until we succeed. */ - if (getrandom_works != CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS) { - long n; - char dest[1]; - /* if the kernel CSPRNG is not initialized this will block */ - n = syscall(SYS_getrandom, dest, sizeof(dest), 0); - if (n == sizeof(dest)) { - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS; - } else { - int e = errno; - switch(e) { - case ENOSYS: - /* Fallback: Kernel does not support the syscall. */ - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; - break; - case EPERM: - /* Fallback: seccomp prevents syscall */ - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; - break; - default: - /* EINTR cannot occur for buflen < 256. */ - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_INIT, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED, - "errno", e - ); - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED; - break; - } - } - } - - /* fallback to dev urandom */ - if (getrandom_works == CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK) { - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - } - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - long n; - - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED, - __FILE__, __LINE__ - ); - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT, - __FILE__, __LINE__ - ); - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return dev_urandom_read(buffer, size); - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - while (size > 0) { - do { - n = syscall(SYS_getrandom, buffer, size, 0); - } while (n < 0 && errno == EINTR); - - if (n <= 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += n; - size -= (int)n; - } - return 1; - } - __builtin_unreachable(); -} - -static int osrandom_finish(ENGINE *e) { - dev_urandom_close(); - return 1; -} - -static int osrandom_rand_status(void) { - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return urandom_cache.fd >= 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - return 1; - } - __builtin_unreachable(); -} - -static const char *osurandom_get_implementation(void) { - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - return ""; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - return ""; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return "/dev/urandom"; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - return "getrandom"; - } - __builtin_unreachable(); -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM */ - -/**************************************************************************** - * dev_urandom engine for all remaining platforms - */ - -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine /dev/urandom"; - -static int osrandom_init(ENGINE *e) { - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - return dev_urandom_read(buffer, size); -} - -static int osrandom_finish(ENGINE *e) { - dev_urandom_close(); - return 1; -} - -static int osrandom_rand_status(void) { - return urandom_cache.fd >= 0; -} - -static const char *osurandom_get_implementation(void) { - return "/dev/urandom"; -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM */ - -/**************************************************************************** - * ENGINE boiler plate - */ - -/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a - -1 in the event that there is an error when calling RAND_pseudo_bytes. */ -static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) { - int res = osrandom_rand_bytes(buffer, size); - if (res == 0) { - return -1; - } else { - return res; - } -} - -static RAND_METHOD osrandom_rand = { - NULL, - osrandom_rand_bytes, - NULL, - NULL, - osrandom_pseudo_rand_bytes, - osrandom_rand_status, -}; - -static const ENGINE_CMD_DEFN osrandom_cmd_defns[] = { - {CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION, - "get_implementation", - "Get CPRNG implementation.", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} -}; - -static int osrandom_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { - const char *name; - size_t len; - - switch (cmd) { - case CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION: - /* i: buffer size, p: char* buffer */ - name = osurandom_get_implementation(); - len = strlen(name); - if ((p == NULL) && (i == 0)) { - /* return required buffer len */ - return (int)len; - } - if ((p == NULL) || i < 0 || ((size_t)i <= len)) { - /* no buffer or buffer too small */ - ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - strcpy((char *)p, name); - return (int)len; - default: - ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } -} - -/* error reporting */ -#define ERR_FUNC(func) ERR_PACK(0, func, 0) -#define ERR_REASON(reason) ERR_PACK(0, 0, reason) - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_lib_name[] = { - {0, "osrandom_engine"}, - {0, NULL} -}; - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_funcs[] = { - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_INIT), - "osrandom_init"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES), - "osrandom_rand_bytes"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_FINISH), - "osrandom_finish"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD), - "dev_urandom_fd"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ), - "dev_urandom_read"}, - {0, NULL} -}; - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_reasons[] = { - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT), - "CryptAcquireContext() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM), - "CryptGenRandom() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT), - "CryptReleaseContext() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED), - "getentropy() failed"}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED), - "open('/dev/urandom') failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED), - "Reading from /dev/urandom fd failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED), - "getrandom() initialization failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED), - "getrandom() initialization failed with unexpected errno."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED), - "getrandom() syscall failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT), - "getrandom() engine was not properly initialized."}, - {0, NULL} -}; - -static int Cryptography_OSRandom_lib_error_code = 0; - -static void ERR_load_Cryptography_OSRandom_strings(void) -{ - if (Cryptography_OSRandom_lib_error_code == 0) { - Cryptography_OSRandom_lib_error_code = ERR_get_next_error_library(); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_lib_name); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_str_funcs); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_str_reasons); - } -} - -static void ERR_Cryptography_OSRandom_error(int function, int reason, - char *file, int line) -{ - ERR_PUT_error(Cryptography_OSRandom_lib_error_code, function, reason, - file, line); -} - -/* Returns 1 if successfully added, 2 if engine has previously been added, - and 0 for error. */ -int Cryptography_add_osrandom_engine(void) { - ENGINE *e; - - ERR_load_Cryptography_OSRandom_strings(); - - e = ENGINE_by_id(Cryptography_osrandom_engine_id); - if (e != NULL) { - ENGINE_free(e); - return 2; - } else { - ERR_clear_error(); - } - - e = ENGINE_new(); - if (e == NULL) { - return 0; - } - if (!ENGINE_set_id(e, Cryptography_osrandom_engine_id) || - !ENGINE_set_name(e, Cryptography_osrandom_engine_name) || - !ENGINE_set_RAND(e, &osrandom_rand) || - !ENGINE_set_init_function(e, osrandom_init) || - !ENGINE_set_finish_function(e, osrandom_finish) || - !ENGINE_set_cmd_defns(e, osrandom_cmd_defns) || - !ENGINE_set_ctrl_function(e, osrandom_ctrl)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_add(e)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_free(e)) { - return 0; - } - - return 1; -} - -#else -/* If OpenSSL has no ENGINE support then we don't want - * to compile the osrandom engine, but we do need some - * placeholders */ -static const char *Cryptography_osrandom_engine_id = "no-engine-support"; -static const char *Cryptography_osrandom_engine_name = "osrandom_engine disabled"; - -int Cryptography_add_osrandom_engine(void) { - return 0; -} - -#endif diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h deleted file mode 100644 index 93d918b..0000000 --- a/src/_cffi_src/openssl/src/osrandom_engine.h +++ /dev/null @@ -1,118 +0,0 @@ -#ifndef OPENSSL_NO_ENGINE -/* OpenSSL has ENGINE support so include all of this. */ -#ifdef _WIN32 - #include -#else - #include - #include - /* for defined(BSD) */ - #ifndef __MVS__ - #include - #endif - - #ifdef BSD - /* for SYS_getentropy */ - #include - #endif - - #ifdef __APPLE__ - #include - /* To support weak linking we need to declare this as a weak import even if - * it's not present in sys/random (e.g. macOS < 10.12). */ - extern int getentropy(void *buffer, size_t size) __attribute((weak_import)); - #endif - - #ifdef __linux__ - /* for SYS_getrandom */ - #include - #ifndef GRND_NONBLOCK - #define GRND_NONBLOCK 0x0001 - #endif /* GRND_NONBLOCK */ - - #ifndef SYS_getrandom - /* We only bother to define the constants for platforms where we ship - * wheels, since that's the predominant way you get a situation where - * you don't have SYS_getrandom at compile time but do have the syscall - * at runtime */ - #if defined(__x86_64__) - #define SYS_getrandom 318 - #elif defined(__i386__) - #define SYS_getrandom 355 - #elif defined(__aarch64__) - #define SYS_getrandom 278 - #endif - #endif - #endif /* __linux__ */ -#endif /* _WIN32 */ - -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM 1 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY 2 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM 3 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM 4 - -#ifndef CRYPTOGRAPHY_OSRANDOM_ENGINE - #if defined(_WIN32) - /* Windows */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM - #elif defined(BSD) && defined(SYS_getentropy) - /* OpenBSD 5.6+ & macOS with SYS_getentropy defined, although < 10.12 will fallback - * to urandom */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY - #elif defined(__linux__) && defined(SYS_getrandom) - /* Linux 3.17+ */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM - #else - /* Keep this as last entry, fall back to /dev/urandom */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM - #endif -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE */ - -/* Fallbacks need /dev/urandom helper functions. */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM || \ - CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM || \ - (CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY && \ - defined(__APPLE__)) - #define CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM 1 -#endif - -enum { - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED = -2, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS -}; - -enum { - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT, - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK, - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS -}; - -/* engine ctrl */ -#define CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION ENGINE_CMD_BASE - -/* error reporting */ -static void ERR_load_Cryptography_OSRandom_strings(void); -static void ERR_Cryptography_OSRandom_error(int function, int reason, - char *file, int line); - -#define CRYPTOGRAPHY_OSRANDOM_F_INIT 100 -#define CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES 101 -#define CRYPTOGRAPHY_OSRANDOM_F_FINISH 102 -#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD 300 -#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ 301 - -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT 100 -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM 101 -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT 102 - -#define CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED 200 - -#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED 300 -#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301 - -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404 -#endif diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 61f83ef..c78d681 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -2,50 +2,29 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include - -typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER; """ TYPES = """ static const long Cryptography_HAS_SSL_ST; static const long Cryptography_HAS_TLS_ST; -static const long Cryptography_HAS_SSL3_METHOD; -static const long Cryptography_HAS_TLSv1_1; -static const long Cryptography_HAS_TLSv1_2; -static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_TLSv1_3_FUNCTIONS; -static const long Cryptography_HAS_SECURE_RENEGOTIATION; -static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; -static const long Cryptography_HAS_DTLS; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_PSK_TLSv1_3; static const long Cryptography_HAS_VERIFIED_CHAIN; static const long Cryptography_HAS_KEYLOG; -static const long Cryptography_HAS_GET_PROTO_VERSION; -static const long Cryptography_HAS_TLSEXT_HOSTNAME; static const long Cryptography_HAS_SSL_COOKIE; -/* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is - * supported - */ -static const long Cryptography_HAS_RELEASE_BUFFERS; - -/* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is - * supported - */ -static const long Cryptography_HAS_OP_NO_COMPRESSION; static const long Cryptography_HAS_OP_NO_RENEGOTIATION; -static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; -static const long Cryptography_HAS_SSL_SET_SSL_CTX; -static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF; static const long Cryptography_HAS_ALPN; static const long Cryptography_HAS_NEXTPROTONEG; static const long Cryptography_HAS_SET_CERT_CB; +static const long Cryptography_HAS_GET_EXTMS_SUPPORT; static const long Cryptography_HAS_CUSTOM_EXT; static const long Cryptography_HAS_SRTP; static const long Cryptography_HAS_DTLS_GET_DATA_MTU; @@ -57,7 +36,6 @@ static const long SSL_ERROR_WANT_READ; static const long SSL_ERROR_WANT_WRITE; static const long SSL_ERROR_WANT_X509_LOOKUP; -static const long SSL_ERROR_WANT_CONNECT; static const long SSL_ERROR_SYSCALL; static const long SSL_ERROR_SSL; static const long SSL_SENT_SHUTDOWN; @@ -68,8 +46,6 @@ static const long SSL_OP_NO_TLSv1_1; static const long SSL_OP_NO_TLSv1_2; static const long SSL_OP_NO_TLSv1_3; -static const long SSL_OP_NO_DTLSv1; -static const long SSL_OP_NO_DTLSv1_2; static const long SSL_OP_NO_RENEGOTIATION; static const long SSL_OP_NO_COMPRESSION; static const long SSL_OP_SINGLE_DH_USE; @@ -95,9 +71,8 @@ static const long SSL_OP_NO_TICKET; static const long SSL_OP_ALL; static const long SSL_OP_SINGLE_ECDH_USE; -static const long SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; -static const long SSL_OP_LEGACY_SERVER_CONNECT; static const long SSL_OP_IGNORE_UNEXPECTED_EOF; +static const long SSL_OP_LEGACY_SERVER_CONNECT; static const long SSL_VERIFY_PEER; static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const long SSL_VERIFY_CLIENT_ONCE; @@ -135,7 +110,6 @@ static const long SSL_MODE_ENABLE_PARTIAL_WRITE; static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; static const long SSL_MODE_AUTO_RETRY; -static const long SSL3_RANDOM_SIZE; static const long TLS_ST_BEFORE; static const long TLS_ST_OK; @@ -156,7 +130,6 @@ static const long TLSEXT_STATUSTYPE_ocsp; typedef ... SSL_CIPHER; -typedef ... Cryptography_STACK_OF_SSL_CIPHER; typedef struct { const char *name; @@ -169,6 +142,7 @@ const char *SSL_state_string_long(const SSL *); SSL_SESSION *SSL_get1_session(SSL *); int SSL_set_session(SSL *, SSL_SESSION *); +int SSL_session_reused(const SSL *); SSL *SSL_new(SSL_CTX *); void SSL_free(SSL *); int SSL_set_fd(SSL *, int); @@ -188,7 +162,8 @@ void SSL_set_verify(SSL *, int, int (*)(int, X509_STORE_CTX *)); int SSL_get_verify_mode(const SSL *); -/* Added in 1.0.2 */ +long SSL_get_extms_support(SSL *); + X509_VERIFY_PARAM *SSL_get0_param(SSL *); X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); @@ -217,16 +192,12 @@ int SSL_CTX_set_cipher_list(SSL_CTX *, const char *); int SSL_CTX_load_verify_locations(SSL_CTX *, const char *, const char *); void SSL_CTX_set_default_passwd_cb(SSL_CTX *, pem_password_cb *); -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *, void *); int SSL_CTX_use_certificate(SSL_CTX *, X509 *); int SSL_CTX_use_certificate_file(SSL_CTX *, const char *, int); int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *); int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *); int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int); int SSL_CTX_check_private_key(const SSL_CTX *); -void SSL_CTX_set_cert_verify_callback(SSL_CTX *, - int (*)(X509_STORE_CTX *, void *), - void *); void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, int (*)( @@ -241,9 +212,6 @@ unsigned int )); -long SSL_CTX_get_read_ahead(SSL_CTX *); -long SSL_CTX_set_read_ahead(SSL_CTX *, long); - int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); void SSL_CTX_set_psk_server_callback(SSL_CTX *, unsigned int (*)( @@ -287,14 +255,25 @@ int SSL_CTX_set_session_id_context(SSL_CTX *, const unsigned char *, unsigned int); -void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int)); -void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); + +void SSL_CTX_set_msg_callback(SSL_CTX *, + void (*)( + int, + int, + int, + const void *, + size_t, + SSL *, + void * + )); +void SSL_CTX_set_msg_callback_arg(SSL_CTX *, void *); void SSL_CTX_set_keylog_callback(SSL_CTX *, void (*)(const SSL *, const char *)); @@ -308,104 +287,45 @@ /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); -/* the modern signature of this is uint32_t, but older openssl declared it - as unsigned long. To make our compiler flags happy we'll declare it as a - 64-bit wide value, which should always be safe */ -uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); -int SSL_CIPHER_is_aead(const SSL_CIPHER *); -int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); size_t SSL_get_finished(const SSL *, void *, size_t); size_t SSL_get_peer_finished(const SSL *, void *, size_t); Cryptography_STACK_OF_X509_NAME *SSL_load_client_CA_file(const char *); const char *SSL_get_servername(const SSL *, const int); -/* Function signature changed to const char * in 1.1.0 */ const char *SSL_CIPHER_get_version(const SSL_CIPHER *); -/* These became macros in 1.1.0 */ -int SSL_library_init(void); -void SSL_load_error_strings(void); SSL_SESSION *SSL_get_session(const SSL *); -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *, unsigned int *); -long SSL_SESSION_get_time(const SSL_SESSION *); -long SSL_SESSION_get_timeout(const SSL_SESSION *); -int SSL_SESSION_has_ticket(const SSL_SESSION *); -long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); -unsigned long SSL_set_mode(SSL *, unsigned long); -unsigned long SSL_clear_mode(SSL *, unsigned long); -unsigned long SSL_get_mode(SSL *); - -unsigned long SSL_set_options(SSL *, unsigned long); -unsigned long SSL_get_options(SSL *); +uint64_t SSL_set_options(SSL *, uint64_t); +uint64_t SSL_get_options(SSL *); int SSL_want_read(const SSL *); int SSL_want_write(const SSL *); long SSL_total_renegotiations(SSL *); -long SSL_get_secure_renegotiation_support(SSL *); long SSL_CTX_set_min_proto_version(SSL_CTX *, int); long SSL_CTX_set_max_proto_version(SSL_CTX *, int); -long SSL_set_min_proto_version(SSL *, int); -long SSL_set_max_proto_version(SSL *, int); - -long SSL_CTX_get_min_proto_version(SSL_CTX *); -long SSL_CTX_get_max_proto_version(SSL_CTX *); -long SSL_get_min_proto_version(SSL *); -long SSL_get_max_proto_version(SSL *); - -/* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit - and Windows defines long as 32-bit. */ -unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_clear_options(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_get_options(SSL_CTX *); -unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_get_mode(SSL_CTX *); -unsigned long SSL_CTX_set_session_cache_mode(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_get_session_cache_mode(SSL_CTX *); -unsigned long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); -unsigned long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); -unsigned long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); - -/*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ - -/* methods */ - -const SSL_METHOD *TLSv1_1_method(void); -const SSL_METHOD *TLSv1_1_server_method(void); -const SSL_METHOD *TLSv1_1_client_method(void); - -const SSL_METHOD *TLSv1_2_method(void); -const SSL_METHOD *TLSv1_2_server_method(void); -const SSL_METHOD *TLSv1_2_client_method(void); - -const SSL_METHOD *SSLv3_method(void); -const SSL_METHOD *SSLv3_server_method(void); -const SSL_METHOD *SSLv3_client_method(void); - -const SSL_METHOD *TLSv1_method(void); -const SSL_METHOD *TLSv1_server_method(void); -const SSL_METHOD *TLSv1_client_method(void); - -const SSL_METHOD *DTLSv1_method(void); -const SSL_METHOD *DTLSv1_server_method(void); -const SSL_METHOD *DTLSv1_client_method(void); - -/* Added in 1.0.2 */ + +long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); +long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); +long SSL_CTX_set_session_cache_mode(SSL_CTX *, long); +long SSL_CTX_get_session_cache_mode(SSL_CTX *); +long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); + +uint64_t SSL_CTX_set_options(SSL_CTX *, uint64_t); +uint64_t SSL_CTX_get_options(SSL_CTX *); + +long SSL_CTX_set_mode(SSL_CTX *, long); +long SSL_CTX_clear_mode(SSL_CTX *, long); +long SSL_set_mode(SSL *, long); +long SSL_clear_mode(SSL *, long); + const SSL_METHOD *DTLS_method(void); const SSL_METHOD *DTLS_server_method(void); const SSL_METHOD *DTLS_client_method(void); -const SSL_METHOD *SSLv23_method(void); -const SSL_METHOD *SSLv23_server_method(void); -const SSL_METHOD *SSLv23_client_method(void); - const SSL_METHOD *TLS_method(void); const SSL_METHOD *TLS_server_method(void); const SSL_METHOD *TLS_client_method(void); @@ -418,15 +338,10 @@ const char *SSL_get_version(const SSL *); int SSL_version(const SSL *); -void *SSL_CTX_get_ex_data(const SSL_CTX *, int); -void *SSL_get_ex_data(const SSL *, int); - void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, int (*)(SSL *, int *, void *)); -void SSL_CTX_set_tlsext_servername_arg( - SSL_CTX *, void *); long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int); long SSL_get_tlsext_status_ocsp_resp(SSL *, const unsigned char **); @@ -438,18 +353,6 @@ int SSL_set_tlsext_use_srtp(SSL *, const char *); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); -long SSL_session_reused(SSL *); - -int SSL_select_next_proto(unsigned char **, unsigned char *, - const unsigned char *, unsigned int, - const unsigned char *, unsigned int); - -int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); -const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); - -/* ALPN APIs were introduced in OpenSSL 1.0.2. To continue to support earlier - * versions some special handling of these is necessary. - */ int SSL_CTX_set_alpn_protos(SSL_CTX *, const unsigned char *, unsigned); int SSL_set_alpn_protos(SSL *, const unsigned char *, unsigned); void SSL_CTX_set_alpn_select_cb(SSL_CTX *, @@ -462,17 +365,9 @@ void *); void SSL_get0_alpn_selected(const SSL *, const unsigned char **, unsigned *); -long SSL_get_server_tmp_key(SSL *, EVP_PKEY **); - -/* SSL_CTX_set_cert_cb is introduced in OpenSSL 1.0.2. To continue to support - * earlier versions some special handling of these is necessary. - */ void SSL_CTX_set_cert_cb(SSL_CTX *, int (*)(SSL *, void *), void *); void SSL_set_cert_cb(SSL *, int (*)(SSL *, void *), void *); -int SSL_SESSION_set1_id_context(SSL_SESSION *, const unsigned char *, - unsigned int); -/* Added in 1.1.0 for the great opaquing of structs */ size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, size_t); size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); @@ -480,24 +375,9 @@ int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int); -long SSL_CTX_sess_number(SSL_CTX *); -long SSL_CTX_sess_connect(SSL_CTX *); -long SSL_CTX_sess_connect_good(SSL_CTX *); -long SSL_CTX_sess_connect_renegotiate(SSL_CTX *); -long SSL_CTX_sess_accept(SSL_CTX *); -long SSL_CTX_sess_accept_good(SSL_CTX *); -long SSL_CTX_sess_accept_renegotiate(SSL_CTX *); -long SSL_CTX_sess_hits(SSL_CTX *); -long SSL_CTX_sess_cb_hits(SSL_CTX *); -long SSL_CTX_sess_misses(SSL_CTX *); -long SSL_CTX_sess_timeouts(SSL_CTX *); -long SSL_CTX_sess_cache_full(SSL_CTX *); - /* DTLS support */ long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); long DTLSv1_handle_timeout(SSL *); -long DTLS_set_link_mtu(SSL *, long); -long DTLS_get_link_min_mtu(SSL *); long SSL_set_mtu(SSL *, long); int DTLSv1_listen(SSL *, BIO_ADDR *); size_t DTLS_get_data_mtu(SSL *); @@ -550,54 +430,19 @@ """ CUSTOMIZATIONS = """ -// This symbol is being preserved because removing it will break users with -// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those -// users have upgraded. PersistentlyDeprecated2020 -static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; - #ifdef OPENSSL_NO_ENGINE int (*SSL_CTX_set_client_cert_engine)(SSL_CTX *, ENGINE *) = NULL; #endif -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || CRYPTOGRAPHY_IS_BORINGSSL +#if CRYPTOGRAPHY_IS_BORINGSSL static const long Cryptography_HAS_VERIFIED_CHAIN = 0; Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; #else static const long Cryptography_HAS_VERIFIED_CHAIN = 1; #endif -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || \ - (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) -static const long Cryptography_HAS_KEYLOG = 0; -void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, - void (*) (const SSL *, const char *) - ) = NULL; -void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( - const SSL *, - const char * - ) = NULL; -#else static const long Cryptography_HAS_KEYLOG = 1; -#endif -static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; - -#ifdef OPENSSL_NO_SSL3_METHOD -static const long Cryptography_HAS_SSL3_METHOD = 0; -SSL_METHOD* (*SSLv3_method)(void) = NULL; -SSL_METHOD* (*SSLv3_client_method)(void) = NULL; -SSL_METHOD* (*SSLv3_server_method)(void) = NULL; -#else -static const long Cryptography_HAS_SSL3_METHOD = 1; -#endif - -static const long Cryptography_HAS_RELEASE_BUFFERS = 1; -static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; -static const long Cryptography_HAS_TLSv1_1 = 1; -static const long Cryptography_HAS_TLSv1_2 = 1; -static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; -static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; -static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; static const long Cryptography_HAS_NEXTPROTONEG = 0; static const long Cryptography_HAS_ALPN = 1; @@ -619,12 +464,14 @@ void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; static const long Cryptography_HAS_SET_CERT_CB = 0; + +long (*SSL_get_extms_support)(SSL *) = NULL; +static const long Cryptography_HAS_GET_EXTMS_SUPPORT = 0; #else static const long Cryptography_HAS_SET_CERT_CB = 1; +static const long Cryptography_HAS_GET_EXTMS_SUPPORT = 1; #endif -static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; - /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ #if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL @@ -645,22 +492,12 @@ #endif #if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 -static const long SSL_OP_NO_DTLSv1 = 0; -static const long SSL_OP_NO_DTLSv1_2 = 0; -#endif -long (*DTLS_set_link_mtu)(SSL *, long) = NULL; -long (*DTLS_get_link_min_mtu)(SSL *) = NULL; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 || CRYPTOGRAPHY_IS_BORINGSSL static const long Cryptography_HAS_DTLS_GET_DATA_MTU = 0; size_t (*DTLS_get_data_mtu)(SSL *) = NULL; #else static const long Cryptography_HAS_DTLS_GET_DATA_MTU = 1; #endif -static const long Cryptography_HAS_DTLS = 1; /* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, long *ptv_usec) { @@ -747,18 +584,7 @@ SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; #endif -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ - (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) -static const long Cryptography_HAS_TLSv1_3 = 0; -static const long TLS1_3_VERSION = 0; -static const long SSL_OP_NO_TLSv1_3 = 0; -#else -static const long Cryptography_HAS_TLSv1_3 = 1; -#endif - -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ - (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) || \ - CRYPTOGRAPHY_IS_BORINGSSL +#if CRYPTOGRAPHY_IS_BORINGSSL static const long Cryptography_HAS_TLSv1_3_FUNCTIONS = 0; static const long SSL_VERIFY_POST_HANDSHAKE = 0; @@ -774,17 +600,6 @@ static const long Cryptography_HAS_TLSv1_3_FUNCTIONS = 1; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_GET_PROTO_VERSION = 0; - -long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; -long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; -long (*SSL_get_min_proto_version)(SSL *) = NULL; -long (*SSL_get_max_proto_version)(SSL *) = NULL; -#else -static const long Cryptography_HAS_GET_PROTO_VERSION = 1; -#endif - #if CRYPTOGRAPHY_IS_BORINGSSL static const long Cryptography_HAS_SSL_COOKIE = 0; @@ -805,8 +620,7 @@ #else static const long Cryptography_HAS_SSL_COOKIE = 1; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 || \ - CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL static const long Cryptography_HAS_PSK_TLSv1_3 = 0; void (*SSL_CTX_set_psk_find_session_callback)(SSL_CTX *, int (*)( @@ -823,7 +637,7 @@ size_t *, SSL_SESSION ** )) = NULL; -#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || CRYPTOGRAPHY_IS_BORINGSSL +#if CRYPTOGRAPHY_IS_BORINGSSL const SSL_CIPHER *(*SSL_CIPHER_find)(SSL *, const unsigned char *) = NULL; #endif int (*SSL_SESSION_set1_master_key)(SSL_SESSION *, const unsigned char *, diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 4ba1492..0c25c5d 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -14,21 +15,14 @@ * Note that the result is an opaque type. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; -typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ typedef ... Cryptography_STACK_OF_X509; -typedef ... Cryptography_STACK_OF_X509_CRL; typedef ... Cryptography_STACK_OF_X509_REVOKED; -typedef struct { - ASN1_OBJECT *algorithm; - ...; -} X509_ALGOR; - -typedef ... X509_ATTRIBUTE; +typedef ... X509_ALGOR; typedef ... X509_EXTENSION; typedef ... X509_EXTENSIONS; typedef ... X509_REQ; @@ -36,10 +30,6 @@ typedef ... X509_CRL; typedef ... X509; -typedef ... NETSCAPE_SPKI; - -typedef ... PKCS8_PRIV_KEY_INFO; - typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); """ @@ -47,7 +37,6 @@ X509 *X509_new(void); void X509_free(X509 *); X509 *X509_dup(X509 *); -int X509_cmp(const X509 *, const X509 *); int X509_up_ref(X509 *); int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); @@ -81,15 +70,12 @@ X509_REQ *X509_REQ_new(void); void X509_REQ_free(X509_REQ *); int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); -int X509_REQ_set_subject_name(X509_REQ *, X509_NAME *); int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); int X509_REQ_verify(X509_REQ *, EVP_PKEY *); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *); int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *); -int X509_REQ_add1_attr_by_OBJ(X509_REQ *, const ASN1_OBJECT *, - int, const unsigned char *, int); int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); @@ -99,36 +85,22 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); -int X509_REVOKED_add_ext(X509_REVOKED *, X509_EXTENSION*, int); int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *, int); int X509_REVOKED_set_revocationDate(X509_REVOKED *, ASN1_TIME *); X509_CRL *X509_CRL_new(void); -X509_CRL *X509_CRL_dup(X509_CRL *); X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); -int X509_CRL_add_ext(X509_CRL *, X509_EXTENSION *, int); -int X509_CRL_cmp(const X509_CRL *, const X509_CRL *); int X509_CRL_print(BIO *, X509_CRL *); int X509_CRL_set_issuer_name(X509_CRL *, X509_NAME *); int X509_CRL_set_version(X509_CRL *, long); int X509_CRL_sign(X509_CRL *, EVP_PKEY *, const EVP_MD *); int X509_CRL_sort(X509_CRL *); -int X509_CRL_verify(X509_CRL *, EVP_PKEY *); int i2d_X509_CRL_bio(BIO *, X509_CRL *); void X509_CRL_free(X509_CRL *); -int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *, EVP_PKEY *); -int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); -char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); -NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *, int); -EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); -int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); -NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); -void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); - /* ASN1 serialization */ int i2d_X509_bio(BIO *, X509 *); X509 *d2i_X509_bio(BIO *, X509 **); @@ -151,29 +123,15 @@ const char *X509_get_default_cert_dir_env(void); const char *X509_get_default_cert_file_env(void); -int i2d_RSAPrivateKey_bio(BIO *, RSA *); -RSA *d2i_RSAPublicKey_bio(BIO *, RSA **); -int i2d_RSAPublicKey_bio(BIO *, RSA *); -int i2d_DSAPrivateKey_bio(BIO *, DSA *); - -/* These became const X509 in 1.1.0 */ -int X509_get_ext_count(X509 *); -X509_EXTENSION *X509_get_ext(X509 *, int); -X509_NAME *X509_get_subject_name(X509 *); -X509_NAME *X509_get_issuer_name(X509 *); +int X509_get_ext_count(const X509 *); +X509_EXTENSION *X509_get_ext(const X509 *, int); +X509_NAME *X509_get_subject_name(const X509 *); +X509_NAME *X509_get_issuer_name(const X509 *); -/* This became const ASN1_OBJECT * in 1.1.0 */ -X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **, - ASN1_OBJECT *, int, - ASN1_OCTET_STRING *); +int X509_EXTENSION_get_critical(const X509_EXTENSION *); - -/* This became const X509_EXTENSION * in 1.1.0 */ -int X509_EXTENSION_get_critical(X509_EXTENSION *); - -/* This became const X509_REVOKED * in 1.1.0 */ -int X509_REVOKED_get_ext_count(X509_REVOKED *); -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int); +int X509_REVOKED_get_ext_count(const X509_REVOKED *); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *, int); X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *); @@ -197,31 +155,23 @@ int sk_X509_EXTENSION_num(X509_EXTENSIONS *); X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); -int sk_X509_EXTENSION_insert(X509_EXTENSIONS *, X509_EXTENSION *, int); -X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); -long X509_CRL_get_version(X509_CRL *); -const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *); -const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *); X509_NAME *X509_CRL_get_issuer(X509_CRL *); Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *); int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *); -EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); -int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); -EC_KEY *d2i_ECPrivateKey_bio(BIO *, EC_KEY **); -int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); - -/* these functions were added in 1.1.0 */ const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *); const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *); + +void X509_ALGOR_get0(const ASN1_OBJECT **, int *, const void **, + const X509_ALGOR *); """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 7997515..57c8d87 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -13,15 +14,10 @@ * together with another opaque typedef for the same name in the TYPES section. * Note that the result is an opaque type. */ -typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; typedef STACK_OF(X509_OBJECT) Cryptography_STACK_OF_X509_OBJECT; """ TYPES = """ -static const long Cryptography_HAS_110_VERIFICATION_PARAMS; -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; - -typedef ... Cryptography_STACK_OF_ASN1_OBJECT; typedef ... Cryptography_STACK_OF_X509_OBJECT; typedef ... X509_OBJECT; @@ -31,11 +27,6 @@ typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **, X509_STORE_CTX *, X509 *); -/* While these are defined in the source as ints, they're tagged here - as longs, just in case they ever grow to large, such as what we saw - with OP_ALL. */ - -/* Verification error codes */ static const int X509_V_OK; static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; static const int X509_V_ERR_UNABLE_TO_GET_CRL; @@ -94,8 +85,12 @@ static const int X509_V_ERR_IP_ADDRESS_MISMATCH; static const int X509_V_ERR_APPLICATION_VERIFICATION; + +/* While these are defined in the source as ints, they're tagged here + as longs, just in case they ever grow to large, such as what we saw + with OP_ALL. */ + /* Verification parameters */ -static const long X509_V_FLAG_USE_CHECK_TIME; static const long X509_V_FLAG_CRL_CHECK; static const long X509_V_FLAG_CRL_CHECK_ALL; static const long X509_V_FLAG_IGNORE_CRITICAL; @@ -103,19 +98,9 @@ static const long X509_V_FLAG_ALLOW_PROXY_CERTS; static const long X509_V_FLAG_POLICY_CHECK; static const long X509_V_FLAG_EXPLICIT_POLICY; -static const long X509_V_FLAG_INHIBIT_ANY; static const long X509_V_FLAG_INHIBIT_MAP; -static const long X509_V_FLAG_NOTIFY_POLICY; -static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT; -static const long X509_V_FLAG_USE_DELTAS; static const long X509_V_FLAG_CHECK_SS_SIGNATURE; -static const long X509_V_FLAG_TRUSTED_FIRST; static const long X509_V_FLAG_PARTIAL_CHAIN; -static const long X509_V_FLAG_NO_ALT_CHAINS; -static const long X509_V_FLAG_NO_CHECK_TIME; - -static const long X509_LU_X509; -static const long X509_LU_CRL; static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; static const long X509_CHECK_FLAG_NO_WILDCARDS; @@ -135,8 +120,6 @@ static const long X509_PURPOSE_ANY; static const long X509_PURPOSE_OCSP_HELPER; static const long X509_PURPOSE_TIMESTAMP_SIGN; -static const long X509_PURPOSE_MIN; -static const long X509_PURPOSE_MAX; """ FUNCTIONS = """ @@ -153,6 +136,7 @@ /* Included due to external consumer, see https://github.com/pyca/pyopenssl/issues/1031 */ int X509_STORE_set_purpose(X509_STORE *, int); +int X509_STORE_up_ref(X509_STORE *); void X509_STORE_free(X509_STORE *); /* X509_STORE_CTX */ @@ -161,79 +145,30 @@ void X509_STORE_CTX_free(X509_STORE_CTX *); int X509_STORE_CTX_init(X509_STORE_CTX *, X509_STORE *, X509 *, Cryptography_STACK_OF_X509 *); -void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); -void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); -int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); -void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *, - int (*)(int, X509_STORE_CTX *)); Cryptography_STACK_OF_X509 *X509_STORE_CTX_get1_chain(X509_STORE_CTX *); int X509_STORE_CTX_get_error(X509_STORE_CTX *); void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *); -int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *); void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int); -int X509_STORE_CTX_get1_issuer(X509 **, X509_STORE_CTX *, X509 *); /* X509_VERIFY_PARAM */ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *, unsigned long); -int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *, unsigned long); -unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *); -int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *, int); -int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *, int); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *, time_t); -int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *, ASN1_OBJECT *); -int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *, - Cryptography_STACK_OF_ASN1_OBJECT *); -void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *, int); -int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *); -/* X509_STORE_CTX */ -void X509_STORE_CTX_set0_crls(X509_STORE_CTX *, - Cryptography_STACK_OF_X509_CRL *); - -/* X509_VERIFY_PARAM */ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *, const char *, size_t); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *, unsigned int); -int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *, const char *, - size_t); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *, const unsigned char *, size_t); -int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *); int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJECT *); -X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int); -X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *); Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *); -X509 *X509_OBJECT_get0_X509(X509_OBJECT *); -/* added in 1.1.0 */ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *); -void X509_STORE_set_get_issuer(X509_STORE *, X509_STORE_CTX_get_issuer_fn); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_LIBRESSL && CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 -static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0; -#ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT -static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; -#endif -#else -static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; -typedef void *X509_STORE_CTX_get_issuer_fn; -X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; -void (*X509_STORE_set_get_issuer)(X509_STORE *, - X509_STORE_CTX_get_issuer_fn) = NULL; -#else -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1; -#endif """ diff --git a/src/_cffi_src/openssl/x509name.py b/src/_cffi_src/openssl/x509name.py index 37b0d9e..81d897d 100644 --- a/src/_cffi_src/openssl/x509name.py +++ b/src/_cffi_src/openssl/x509name.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include @@ -10,11 +11,9 @@ * See the comment above Cryptography_STACK_OF_X509 in x509.py */ typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; -typedef STACK_OF(X509_NAME_ENTRY) Cryptography_STACK_OF_X509_NAME_ENTRY; """ TYPES = """ -typedef ... Cryptography_STACK_OF_X509_NAME_ENTRY; typedef ... X509_NAME; typedef ... X509_NAME_ENTRY; typedef ... Cryptography_STACK_OF_X509_NAME; @@ -32,33 +31,21 @@ int X509_NAME_get_index_by_NID(X509_NAME *, int, int); int X509_NAME_cmp(const X509_NAME *, const X509_NAME *); X509_NAME *X509_NAME_dup(X509_NAME *); -/* These became const X509_NAME * in 1.1.0 */ -int X509_NAME_entry_count(X509_NAME *); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *, int); -char *X509_NAME_oneline(X509_NAME *, char *, int); +int X509_NAME_entry_count(const X509_NAME *); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *, int); +char *X509_NAME_oneline(const X509_NAME *, char *, int); -/* These became const X509_NAME_ENTRY * in 1.1.0 */ -ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *); -ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *); -int X509_NAME_add_entry(X509_NAME *, X509_NAME_ENTRY *, int, int); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *); +ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *); -/* this became const unsigned char * in 1.1.0 */ -int X509_NAME_add_entry_by_NID(X509_NAME *, int, int, unsigned char *, +int X509_NAME_add_entry_by_NID(X509_NAME *, int, int, const unsigned char *, int, int, int); -/* These became const ASN1_OBJECT * in 1.1.0 */ -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **, - ASN1_OBJECT *, int, - const unsigned char *, int); - Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void); int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *); int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *); X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int); void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *); -Cryptography_STACK_OF_X509_NAME_ENTRY *sk_X509_NAME_ENTRY_new_null(void); -int sk_X509_NAME_ENTRY_push(Cryptography_STACK_OF_X509_NAME_ENTRY *, - X509_NAME_ENTRY *); """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index 46569bd..9905982 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -2,21 +2,13 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations INCLUDES = """ #include - -/* - * This is part of a work-around for the difficulty cffi has in dealing with - * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that - * will be an alias for this type and use the alias throughout. This works - * together with another opaque typedef for the same name in the TYPES section. - * Note that the result is an opaque type. - */ """ TYPES = """ -typedef ... EXTENDED_KEY_USAGE; typedef ... CONF; typedef struct { @@ -29,7 +21,7 @@ static const int GEN_DNS; static const int GEN_URI; -typedef struct stack_st_GENERAL_NAME GENERAL_NAMES; +typedef ... GENERAL_NAMES; /* Only include the one union element used by pyOpenSSL. */ typedef struct { @@ -48,13 +40,13 @@ int GENERAL_NAME_print(BIO *, GENERAL_NAME *); void GENERAL_NAMES_free(GENERAL_NAMES *); void *X509V3_EXT_d2i(X509_EXTENSION *); -/* The last two char * args became const char * in 1.1.0 */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *, X509V3_CTX *, char *, char *); +X509_EXTENSION *X509V3_EXT_nconf(CONF *, X509V3_CTX *, const char *, + const char *); -void *X509V3_set_ctx_nodb(X509V3_CTX *); +void X509V3_set_ctx_nodb(X509V3_CTX *); -int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *); -GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int); +int sk_GENERAL_NAME_num(GENERAL_NAMES *); +GENERAL_NAME *sk_GENERAL_NAME_value(GENERAL_NAMES *, int); """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/utils.py b/src/_cffi_src/utils.py index 5afc084..e942edd 100644 --- a/src/_cffi_src/utils.py +++ b/src/_cffi_src/utils.py @@ -2,28 +2,25 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import os +import platform import sys -from distutils.ccompiler import new_compiler -from distutils.dist import Distribution from cffi import FFI - # Load the cryptography __about__ to get the current package version base_src = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) -about = {} +about: dict = {} with open(os.path.join(base_src, "cryptography", "__about__.py")) as f: exec(f.read(), about) def build_ffi_for_binding( - module_name, - module_prefix, - modules, - libraries, - extra_compile_args, + module_name: str, + module_prefix: str, + modules: list[str], ): """ Modules listed in ``modules`` should have the following attributes: @@ -53,17 +50,13 @@ def build_ffi_for_binding( module_name, cdef_source="\n".join(types + functions), verify_source=verify_source, - libraries=libraries, - extra_compile_args=extra_compile_args, ) def build_ffi( - module_name, - cdef_source, - verify_source, - libraries, - extra_compile_args, + module_name: str, + cdef_source: str, + verify_source: str, ): ffi = FFI() # Always add the CRYPTOGRAPHY_PACKAGE_VERSION to the shared object @@ -71,24 +64,21 @@ def build_ffi( verify_source += '\n#define CRYPTOGRAPHY_PACKAGE_VERSION "{}"'.format( about["__version__"] ) + if platform.python_implementation() == "PyPy": + verify_source += r""" +int Cryptography_make_openssl_module(void) { + int result; + + Py_BEGIN_ALLOW_THREADS + result = cffi_start_python(); + Py_END_ALLOW_THREADS + + return result; +} +""" ffi.cdef(cdef_source) ffi.set_source( module_name, verify_source, - libraries=libraries, - extra_compile_args=extra_compile_args, ) return ffi - - -def compiler_type(): - """ - Gets the compiler type from distutils. On Windows with MSVC it will be - "msvc". On macOS and linux it is "unix". - """ - dist = Distribution() - dist.parse_config_files() - cmd = dist.get_command_obj("build") - cmd.ensure_finalized() - compiler = new_compiler(compiler=cmd.compiler) - return compiler.compiler_type diff --git a/src/cryptography.egg-info/PKG-INFO b/src/cryptography.egg-info/PKG-INFO deleted file mode 100644 index 2f4c544..0000000 --- a/src/cryptography.egg-info/PKG-INFO +++ /dev/null @@ -1,117 +0,0 @@ -Metadata-Version: 2.1 -Name: cryptography -Version: 38.0.4 -Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -Home-page: https://github.com/pyca/cryptography -Author: The Python Cryptographic Authority and individual contributors -Author-email: cryptography-dev@python.org -License: BSD-3-Clause OR Apache-2.0 -Project-URL: Documentation, https://cryptography.io/ -Project-URL: Source, https://github.com/pyca/cryptography/ -Project-URL: Issues, https://github.com/pyca/cryptography/issues -Project-URL: Changelog, https://cryptography.io/en/latest/changelog/ -Platform: UNKNOWN -Classifier: Development Status :: 5 - Production/Stable -Classifier: Intended Audience :: Developers -Classifier: License :: OSI Approved :: Apache Software License -Classifier: License :: OSI Approved :: BSD License -Classifier: Natural Language :: English -Classifier: Operating System :: MacOS :: MacOS X -Classifier: Operating System :: POSIX -Classifier: Operating System :: POSIX :: BSD -Classifier: Operating System :: POSIX :: Linux -Classifier: Operating System :: Microsoft :: Windows -Classifier: Programming Language :: Python -Classifier: Programming Language :: Python :: 3 -Classifier: Programming Language :: Python :: 3 :: Only -Classifier: Programming Language :: Python :: 3.6 -Classifier: Programming Language :: Python :: 3.7 -Classifier: Programming Language :: Python :: 3.8 -Classifier: Programming Language :: Python :: 3.9 -Classifier: Programming Language :: Python :: 3.10 -Classifier: Programming Language :: Python :: Implementation :: CPython -Classifier: Programming Language :: Python :: Implementation :: PyPy -Classifier: Topic :: Security :: Cryptography -Requires-Python: >=3.6 -Description-Content-Type: text/x-rst -Provides-Extra: test -Provides-Extra: docs -Provides-Extra: docstest -Provides-Extra: sdist -Provides-Extra: pep8test -Provides-Extra: ssh -License-File: LICENSE -License-File: LICENSE.APACHE -License-File: LICENSE.BSD -License-File: LICENSE.PSF - -pyca/cryptography -================= - -.. image:: https://img.shields.io/pypi/v/cryptography.svg - :target: https://pypi.org/project/cryptography/ - :alt: Latest Version - -.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest - :target: https://cryptography.io - :alt: Latest Docs - -.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main - :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain - - -``cryptography`` is a package which provides cryptographic recipes and -primitives to Python developers. Our goal is for it to be your "cryptographic -standard library". It supports Python 3.6+ and PyPy3 7.2+. - -``cryptography`` includes both high level recipes and low level interfaces to -common cryptographic algorithms such as symmetric ciphers, message digests, and -key derivation functions. For example, to encrypt something with -``cryptography``'s high level symmetric encryption recipe: - -.. code-block:: pycon - - >>> from cryptography.fernet import Fernet - >>> # Put this somewhere safe! - >>> key = Fernet.generate_key() - >>> f = Fernet(key) - >>> token = f.encrypt(b"A really secret message. Not for prying eyes.") - >>> token - '...' - >>> f.decrypt(token) - 'A really secret message. Not for prying eyes.' - -You can find more information in the `documentation`_. - -You can install ``cryptography`` with: - -.. code-block:: console - - $ pip install cryptography - -For full details see `the installation documentation`_. - -Discussion -~~~~~~~~~~ - -If you run into bugs, you can file them in our `issue tracker`_. - -We maintain a `cryptography-dev`_ mailing list for development discussion. - -You can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get -involved. - -Security -~~~~~~~~ - -Need to report a security issue? Please consult our `security reporting`_ -documentation. - - -.. _`documentation`: https://cryptography.io/ -.. _`the installation documentation`: https://cryptography.io/en/latest/installation/ -.. _`issue tracker`: https://github.com/pyca/cryptography/issues -.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev -.. _`security reporting`: https://cryptography.io/en/latest/security/ - - diff --git a/src/cryptography.egg-info/SOURCES.txt b/src/cryptography.egg-info/SOURCES.txt deleted file mode 100644 index 8711f91..0000000 --- a/src/cryptography.egg-info/SOURCES.txt +++ /dev/null @@ -1,341 +0,0 @@ -CHANGELOG.rst -CONTRIBUTING.rst -LICENSE -LICENSE.APACHE -LICENSE.BSD -LICENSE.PSF -MANIFEST.in -README.rst -pyproject.toml -setup.cfg -setup.py -docs/Makefile -docs/api-stability.rst -docs/changelog.rst -docs/community.rst -docs/conf.py -docs/doing-a-release.rst -docs/exceptions.rst -docs/faq.rst -docs/fernet.rst -docs/glossary.rst -docs/index.rst -docs/installation.rst -docs/limitations.rst -docs/make.bat -docs/openssl.rst -docs/random-numbers.rst -docs/security.rst -docs/spelling_wordlist.txt -docs/_ext/cryptography-docs.py -docs/_ext/linkcode_res.py -docs/_static/.keep -docs/development/c-bindings.rst -docs/development/getting-started.rst -docs/development/index.rst -docs/development/reviewing-patches.rst -docs/development/submitting-patches.rst -docs/development/test-vectors.rst -docs/development/custom-vectors/arc4.rst -docs/development/custom-vectors/cast5.rst -docs/development/custom-vectors/hkdf.rst -docs/development/custom-vectors/idea.rst -docs/development/custom-vectors/rsa-oaep-sha2.rst -docs/development/custom-vectors/secp256k1.rst -docs/development/custom-vectors/seed.rst -docs/development/custom-vectors/arc4/generate_arc4.py -docs/development/custom-vectors/arc4/verify_arc4.go -docs/development/custom-vectors/cast5/generate_cast5.py -docs/development/custom-vectors/cast5/verify_cast5.go -docs/development/custom-vectors/hkdf/generate_hkdf.py -docs/development/custom-vectors/hkdf/verify_hkdf.go -docs/development/custom-vectors/idea/generate_idea.py -docs/development/custom-vectors/idea/verify_idea.py -docs/development/custom-vectors/rsa-oaep-sha2/VerifyRSAOAEPSHA2.java -docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py -docs/development/custom-vectors/secp256k1/generate_secp256k1.py -docs/development/custom-vectors/secp256k1/verify_secp256k1.py -docs/development/custom-vectors/seed/generate_seed.py -docs/development/custom-vectors/seed/verify_seed.py -docs/hazmat/primitives/aead.rst -docs/hazmat/primitives/constant-time.rst -docs/hazmat/primitives/cryptographic-hashes.rst -docs/hazmat/primitives/index.rst -docs/hazmat/primitives/key-derivation-functions.rst -docs/hazmat/primitives/keywrap.rst -docs/hazmat/primitives/padding.rst -docs/hazmat/primitives/symmetric-encryption.rst -docs/hazmat/primitives/twofactor.rst -docs/hazmat/primitives/asymmetric/dh.rst -docs/hazmat/primitives/asymmetric/dsa.rst -docs/hazmat/primitives/asymmetric/ec.rst -docs/hazmat/primitives/asymmetric/ed25519.rst -docs/hazmat/primitives/asymmetric/ed448.rst -docs/hazmat/primitives/asymmetric/index.rst -docs/hazmat/primitives/asymmetric/rsa.rst -docs/hazmat/primitives/asymmetric/serialization.rst -docs/hazmat/primitives/asymmetric/utils.rst -docs/hazmat/primitives/asymmetric/x25519.rst -docs/hazmat/primitives/asymmetric/x448.rst -docs/hazmat/primitives/mac/cmac.rst -docs/hazmat/primitives/mac/hmac.rst -docs/hazmat/primitives/mac/index.rst -docs/hazmat/primitives/mac/poly1305.rst -docs/x509/certificate-transparency.rst -docs/x509/index.rst -docs/x509/ocsp.rst -docs/x509/reference.rst -docs/x509/tutorial.rst -src/_cffi_src/__init__.py -src/_cffi_src/build_openssl.py -src/_cffi_src/utils.py -src/_cffi_src/openssl/__init__.py -src/_cffi_src/openssl/asn1.py -src/_cffi_src/openssl/bignum.py -src/_cffi_src/openssl/bio.py -src/_cffi_src/openssl/callbacks.py -src/_cffi_src/openssl/cmac.py -src/_cffi_src/openssl/conf.py -src/_cffi_src/openssl/crypto.py -src/_cffi_src/openssl/cryptography.py -src/_cffi_src/openssl/dh.py -src/_cffi_src/openssl/dsa.py -src/_cffi_src/openssl/ec.py -src/_cffi_src/openssl/ecdsa.py -src/_cffi_src/openssl/engine.py -src/_cffi_src/openssl/err.py -src/_cffi_src/openssl/evp.py -src/_cffi_src/openssl/fips.py -src/_cffi_src/openssl/hmac.py -src/_cffi_src/openssl/nid.py -src/_cffi_src/openssl/objects.py -src/_cffi_src/openssl/opensslv.py -src/_cffi_src/openssl/osrandom_engine.py -src/_cffi_src/openssl/pem.py -src/_cffi_src/openssl/pkcs12.py -src/_cffi_src/openssl/pkcs7.py -src/_cffi_src/openssl/provider.py -src/_cffi_src/openssl/rand.py -src/_cffi_src/openssl/rsa.py -src/_cffi_src/openssl/ssl.py -src/_cffi_src/openssl/x509.py -src/_cffi_src/openssl/x509_vfy.py -src/_cffi_src/openssl/x509name.py -src/_cffi_src/openssl/x509v3.py -src/_cffi_src/openssl/src/osrandom_engine.c -src/_cffi_src/openssl/src/osrandom_engine.h -src/cryptography/__about__.py -src/cryptography/__init__.py -src/cryptography/exceptions.py -src/cryptography/fernet.py -src/cryptography/py.typed -src/cryptography/utils.py -src/cryptography.egg-info/PKG-INFO -src/cryptography.egg-info/SOURCES.txt -src/cryptography.egg-info/dependency_links.txt -src/cryptography.egg-info/not-zip-safe -src/cryptography.egg-info/requires.txt -src/cryptography.egg-info/top_level.txt -src/cryptography/hazmat/__init__.py -src/cryptography/hazmat/_oid.py -src/cryptography/hazmat/backends/__init__.py -src/cryptography/hazmat/backends/openssl/__init__.py -src/cryptography/hazmat/backends/openssl/aead.py -src/cryptography/hazmat/backends/openssl/backend.py -src/cryptography/hazmat/backends/openssl/ciphers.py -src/cryptography/hazmat/backends/openssl/cmac.py -src/cryptography/hazmat/backends/openssl/decode_asn1.py -src/cryptography/hazmat/backends/openssl/dh.py -src/cryptography/hazmat/backends/openssl/dsa.py -src/cryptography/hazmat/backends/openssl/ec.py -src/cryptography/hazmat/backends/openssl/ed25519.py -src/cryptography/hazmat/backends/openssl/ed448.py -src/cryptography/hazmat/backends/openssl/hashes.py -src/cryptography/hazmat/backends/openssl/hmac.py -src/cryptography/hazmat/backends/openssl/poly1305.py -src/cryptography/hazmat/backends/openssl/rsa.py -src/cryptography/hazmat/backends/openssl/utils.py -src/cryptography/hazmat/backends/openssl/x25519.py -src/cryptography/hazmat/backends/openssl/x448.py -src/cryptography/hazmat/backends/openssl/x509.py -src/cryptography/hazmat/bindings/__init__.py -src/cryptography/hazmat/bindings/_openssl.pyi -src/cryptography/hazmat/bindings/_rust/__init__.pyi -src/cryptography/hazmat/bindings/_rust/asn1.pyi -src/cryptography/hazmat/bindings/_rust/ocsp.pyi -src/cryptography/hazmat/bindings/_rust/x509.pyi -src/cryptography/hazmat/bindings/openssl/__init__.py -src/cryptography/hazmat/bindings/openssl/_conditional.py -src/cryptography/hazmat/bindings/openssl/binding.py -src/cryptography/hazmat/primitives/__init__.py -src/cryptography/hazmat/primitives/_asymmetric.py -src/cryptography/hazmat/primitives/_cipheralgorithm.py -src/cryptography/hazmat/primitives/_serialization.py -src/cryptography/hazmat/primitives/cmac.py -src/cryptography/hazmat/primitives/constant_time.py -src/cryptography/hazmat/primitives/hashes.py -src/cryptography/hazmat/primitives/hmac.py -src/cryptography/hazmat/primitives/keywrap.py -src/cryptography/hazmat/primitives/padding.py -src/cryptography/hazmat/primitives/poly1305.py -src/cryptography/hazmat/primitives/asymmetric/__init__.py -src/cryptography/hazmat/primitives/asymmetric/dh.py -src/cryptography/hazmat/primitives/asymmetric/dsa.py -src/cryptography/hazmat/primitives/asymmetric/ec.py -src/cryptography/hazmat/primitives/asymmetric/ed25519.py -src/cryptography/hazmat/primitives/asymmetric/ed448.py -src/cryptography/hazmat/primitives/asymmetric/padding.py -src/cryptography/hazmat/primitives/asymmetric/rsa.py -src/cryptography/hazmat/primitives/asymmetric/types.py -src/cryptography/hazmat/primitives/asymmetric/utils.py -src/cryptography/hazmat/primitives/asymmetric/x25519.py -src/cryptography/hazmat/primitives/asymmetric/x448.py -src/cryptography/hazmat/primitives/ciphers/__init__.py -src/cryptography/hazmat/primitives/ciphers/aead.py -src/cryptography/hazmat/primitives/ciphers/algorithms.py -src/cryptography/hazmat/primitives/ciphers/base.py -src/cryptography/hazmat/primitives/ciphers/modes.py -src/cryptography/hazmat/primitives/kdf/__init__.py -src/cryptography/hazmat/primitives/kdf/concatkdf.py -src/cryptography/hazmat/primitives/kdf/hkdf.py -src/cryptography/hazmat/primitives/kdf/kbkdf.py -src/cryptography/hazmat/primitives/kdf/pbkdf2.py -src/cryptography/hazmat/primitives/kdf/scrypt.py -src/cryptography/hazmat/primitives/kdf/x963kdf.py -src/cryptography/hazmat/primitives/serialization/__init__.py -src/cryptography/hazmat/primitives/serialization/base.py -src/cryptography/hazmat/primitives/serialization/pkcs12.py -src/cryptography/hazmat/primitives/serialization/pkcs7.py -src/cryptography/hazmat/primitives/serialization/ssh.py -src/cryptography/hazmat/primitives/twofactor/__init__.py -src/cryptography/hazmat/primitives/twofactor/hotp.py -src/cryptography/hazmat/primitives/twofactor/totp.py -src/cryptography/x509/__init__.py -src/cryptography/x509/base.py -src/cryptography/x509/certificate_transparency.py -src/cryptography/x509/extensions.py -src/cryptography/x509/general_name.py -src/cryptography/x509/name.py -src/cryptography/x509/ocsp.py -src/cryptography/x509/oid.py -src/rust/Cargo.lock -src/rust/Cargo.toml -src/rust/src/asn1.rs -src/rust/src/intern.rs -src/rust/src/lib.rs -src/rust/src/oid.rs -src/rust/src/pool.rs -src/rust/src/x509/certificate.rs -src/rust/src/x509/common.rs -src/rust/src/x509/crl.rs -src/rust/src/x509/csr.rs -src/rust/src/x509/extensions.rs -src/rust/src/x509/mod.rs -src/rust/src/x509/ocsp.rs -src/rust/src/x509/ocsp_req.rs -src/rust/src/x509/ocsp_resp.rs -src/rust/src/x509/oid.rs -src/rust/src/x509/sct.rs -src/rust/src/x509/sign.rs -tests/__init__.py -tests/conftest.py -tests/deprecated_module.py -tests/doubles.py -tests/test_cryptography_utils.py -tests/test_fernet.py -tests/test_interfaces.py -tests/test_meta.py -tests/test_rust_utils.py -tests/test_utils.py -tests/test_warnings.py -tests/utils.py -tests/bench/__init__.py -tests/bench/test_aead.py -tests/bench/test_x509.py -tests/hazmat/__init__.py -tests/hazmat/test_oid.py -tests/hazmat/backends/__init__.py -tests/hazmat/backends/test_openssl.py -tests/hazmat/backends/test_openssl_memleak.py -tests/hazmat/bindings/test_openssl.py -tests/hazmat/primitives/__init__.py -tests/hazmat/primitives/fixtures_dh.py -tests/hazmat/primitives/fixtures_dsa.py -tests/hazmat/primitives/fixtures_ec.py -tests/hazmat/primitives/fixtures_rsa.py -tests/hazmat/primitives/test_3des.py -tests/hazmat/primitives/test_aead.py -tests/hazmat/primitives/test_aes.py -tests/hazmat/primitives/test_aes_gcm.py -tests/hazmat/primitives/test_arc4.py -tests/hazmat/primitives/test_asym_utils.py -tests/hazmat/primitives/test_block.py -tests/hazmat/primitives/test_blowfish.py -tests/hazmat/primitives/test_camellia.py -tests/hazmat/primitives/test_cast5.py -tests/hazmat/primitives/test_chacha20.py -tests/hazmat/primitives/test_ciphers.py -tests/hazmat/primitives/test_cmac.py -tests/hazmat/primitives/test_concatkdf.py -tests/hazmat/primitives/test_constant_time.py -tests/hazmat/primitives/test_dh.py -tests/hazmat/primitives/test_dsa.py -tests/hazmat/primitives/test_ec.py -tests/hazmat/primitives/test_ed25519.py -tests/hazmat/primitives/test_ed448.py -tests/hazmat/primitives/test_hash_vectors.py -tests/hazmat/primitives/test_hashes.py -tests/hazmat/primitives/test_hkdf.py -tests/hazmat/primitives/test_hkdf_vectors.py -tests/hazmat/primitives/test_hmac.py -tests/hazmat/primitives/test_hmac_vectors.py -tests/hazmat/primitives/test_idea.py -tests/hazmat/primitives/test_kbkdf.py -tests/hazmat/primitives/test_kbkdf_vectors.py -tests/hazmat/primitives/test_keywrap.py -tests/hazmat/primitives/test_padding.py -tests/hazmat/primitives/test_pbkdf2hmac.py -tests/hazmat/primitives/test_pbkdf2hmac_vectors.py -tests/hazmat/primitives/test_pkcs12.py -tests/hazmat/primitives/test_pkcs7.py -tests/hazmat/primitives/test_poly1305.py -tests/hazmat/primitives/test_rsa.py -tests/hazmat/primitives/test_scrypt.py -tests/hazmat/primitives/test_seed.py -tests/hazmat/primitives/test_serialization.py -tests/hazmat/primitives/test_sm4.py -tests/hazmat/primitives/test_x25519.py -tests/hazmat/primitives/test_x448.py -tests/hazmat/primitives/test_x963_vectors.py -tests/hazmat/primitives/test_x963kdf.py -tests/hazmat/primitives/utils.py -tests/hazmat/primitives/twofactor/__init__.py -tests/hazmat/primitives/twofactor/test_hotp.py -tests/hazmat/primitives/twofactor/test_totp.py -tests/hypothesis/__init__.py -tests/hypothesis/test_fernet.py -tests/hypothesis/test_padding.py -tests/hypothesis/test_x509.py -tests/wycheproof/__init__.py -tests/wycheproof/test_aes.py -tests/wycheproof/test_chacha20poly1305.py -tests/wycheproof/test_cmac.py -tests/wycheproof/test_dsa.py -tests/wycheproof/test_ecdh.py -tests/wycheproof/test_ecdsa.py -tests/wycheproof/test_eddsa.py -tests/wycheproof/test_hkdf.py -tests/wycheproof/test_hmac.py -tests/wycheproof/test_keywrap.py -tests/wycheproof/test_rsa.py -tests/wycheproof/test_utils.py -tests/wycheproof/test_x25519.py -tests/wycheproof/test_x448.py -tests/wycheproof/utils.py -tests/x509/__init__.py -tests/x509/test_name.py -tests/x509/test_ocsp.py -tests/x509/test_x509.py -tests/x509/test_x509_crlbuilder.py -tests/x509/test_x509_ext.py -tests/x509/test_x509_revokedcertbuilder.py \ No newline at end of file diff --git a/src/cryptography.egg-info/dependency_links.txt b/src/cryptography.egg-info/dependency_links.txt deleted file mode 100644 index 8b13789..0000000 --- a/src/cryptography.egg-info/dependency_links.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/cryptography.egg-info/not-zip-safe b/src/cryptography.egg-info/not-zip-safe deleted file mode 100644 index 8b13789..0000000 --- a/src/cryptography.egg-info/not-zip-safe +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/cryptography.egg-info/requires.txt b/src/cryptography.egg-info/requires.txt deleted file mode 100644 index 2893a9e..0000000 --- a/src/cryptography.egg-info/requires.txt +++ /dev/null @@ -1,33 +0,0 @@ -cffi>=1.12 - -[docs] -sphinx!=1.8.0,!=3.1.0,!=3.1.1,>=1.6.5 -sphinx_rtd_theme - -[docstest] -pyenchant>=1.6.11 -twine>=1.12.0 -sphinxcontrib-spelling>=4.0.1 - -[pep8test] -black -flake8 -flake8-import-order -pep8-naming - -[sdist] -setuptools_rust>=0.11.4 - -[ssh] -bcrypt>=3.1.5 - -[test] -pytest>=6.2.0 -pytest-benchmark -pytest-cov -pytest-subtests -pytest-xdist -pretend -iso8601 -pytz -hypothesis!=3.79.2,>=1.11.4 diff --git a/src/cryptography.egg-info/top_level.txt b/src/cryptography.egg-info/top_level.txt deleted file mode 100644 index 0d38bc5..0000000 --- a/src/cryptography.egg-info/top_level.txt +++ /dev/null @@ -1 +0,0 @@ -cryptography diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py index ca79574..4362aed 100644 --- a/src/cryptography/__about__.py +++ b/src/cryptography/__about__.py @@ -2,14 +2,16 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations __all__ = [ - "__version__", "__author__", "__copyright__", + "__version__", ] -__version__ = "38.0.4" +__version__ = "43.0.0" + __author__ = "The Python Cryptographic Authority and individual contributors" -__copyright__ = "Copyright 2013-2022 {}".format(__author__) +__copyright__ = f"Copyright 2013-2024 {__author__}" diff --git a/src/cryptography/__init__.py b/src/cryptography/__init__.py index 599bf51..d374f75 100644 --- a/src/cryptography/__init__.py +++ b/src/cryptography/__init__.py @@ -2,28 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import sys -import warnings - -from cryptography.__about__ import ( - __author__, - __copyright__, - __version__, -) -from cryptography.utils import CryptographyDeprecationWarning +from __future__ import annotations +from cryptography.__about__ import __author__, __copyright__, __version__ __all__ = [ - "__version__", "__author__", "__copyright__", + "__version__", ] - -if sys.version_info[:2] == (3, 6): - warnings.warn( - "Python 3.6 is no longer supported by the Python core team. " - "Therefore, support for it is deprecated in cryptography and will be" - " removed in a future release.", - CryptographyDeprecationWarning, - stacklevel=2, - ) diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py index a315703..fe125ea 100644 --- a/src/cryptography/exceptions.py +++ b/src/cryptography/exceptions.py @@ -2,37 +2,21 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing -from cryptography import utils +from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions if typing.TYPE_CHECKING: - from cryptography.hazmat.bindings.openssl.binding import ( - _OpenSSLErrorWithText, - ) - - -class _Reasons(utils.Enum): - BACKEND_MISSING_INTERFACE = 0 - UNSUPPORTED_HASH = 1 - UNSUPPORTED_CIPHER = 2 - UNSUPPORTED_PADDING = 3 - UNSUPPORTED_MGF = 4 - UNSUPPORTED_PUBLIC_KEY_ALGORITHM = 5 - UNSUPPORTED_ELLIPTIC_CURVE = 6 - UNSUPPORTED_SERIALIZATION = 7 - UNSUPPORTED_X509 = 8 - UNSUPPORTED_EXCHANGE_ALGORITHM = 9 - UNSUPPORTED_DIFFIE_HELLMAN = 10 - UNSUPPORTED_MAC = 11 + from cryptography.hazmat.bindings._rust import openssl as rust_openssl + +_Reasons = rust_exceptions._Reasons class UnsupportedAlgorithm(Exception): - def __init__( - self, message: str, reason: typing.Optional[_Reasons] = None - ) -> None: - super(UnsupportedAlgorithm, self).__init__(message) + def __init__(self, message: str, reason: _Reasons | None = None) -> None: + super().__init__(message) self._reason = reason @@ -58,9 +42,9 @@ class InvalidSignature(Exception): class InternalError(Exception): def __init__( - self, msg: str, err_code: typing.List["_OpenSSLErrorWithText"] + self, msg: str, err_code: list[rust_openssl.OpenSSLError] ) -> None: - super(InternalError, self).__init__(msg) + super().__init__(msg) self.err_code = err_code diff --git a/src/cryptography/fernet.py b/src/cryptography/fernet.py index c18c3bc..35ce113 100644 --- a/src/cryptography/fernet.py +++ b/src/cryptography/fernet.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import base64 import binascii @@ -26,9 +27,9 @@ class InvalidToken(Exception): class Fernet: def __init__( self, - key: typing.Union[bytes, str], + key: bytes | str, backend: typing.Any = None, - ): + ) -> None: try: key = base64.urlsafe_b64decode(key) except binascii.Error as exc: @@ -79,9 +80,7 @@ def _encrypt_from_parts( hmac = h.finalize() return base64.urlsafe_b64encode(basic_parts + hmac) - def decrypt( - self, token: typing.Union[bytes, str], ttl: typing.Optional[int] = None - ) -> bytes: + def decrypt(self, token: bytes | str, ttl: int | None = None) -> bytes: timestamp, data = Fernet._get_unverified_token_data(token) if ttl is None: time_info = None @@ -90,7 +89,7 @@ def decrypt( return self._decrypt_data(data, timestamp, time_info) def decrypt_at_time( - self, token: typing.Union[bytes, str], ttl: int, current_time: int + self, token: bytes | str, ttl: int, current_time: int ) -> bytes: if ttl is None: raise ValueError( @@ -99,16 +98,14 @@ def decrypt_at_time( timestamp, data = Fernet._get_unverified_token_data(token) return self._decrypt_data(data, timestamp, (ttl, current_time)) - def extract_timestamp(self, token: typing.Union[bytes, str]) -> int: + def extract_timestamp(self, token: bytes | str) -> int: timestamp, data = Fernet._get_unverified_token_data(token) # Verify the token was not tampered with. self._verify_signature(data) return timestamp @staticmethod - def _get_unverified_token_data( - token: typing.Union[bytes, str] - ) -> typing.Tuple[int, bytes]: + def _get_unverified_token_data(token: bytes | str) -> tuple[int, bytes]: if not isinstance(token, (str, bytes)): raise TypeError("token must be bytes or str") @@ -138,7 +135,7 @@ def _decrypt_data( self, data: bytes, timestamp: int, - time_info: typing.Optional[typing.Tuple[int, int]], + time_info: tuple[int, int] | None, ) -> bytes: if time_info is not None: ttl, current_time = time_info @@ -185,7 +182,7 @@ def encrypt(self, msg: bytes) -> bytes: def encrypt_at_time(self, msg: bytes, current_time: int) -> bytes: return self._fernets[0].encrypt_at_time(msg, current_time) - def rotate(self, msg: typing.Union[bytes, str]) -> bytes: + def rotate(self, msg: bytes | str) -> bytes: timestamp, data = Fernet._get_unverified_token_data(msg) for f in self._fernets: try: @@ -199,9 +196,7 @@ def rotate(self, msg: typing.Union[bytes, str]) -> bytes: iv = os.urandom(16) return self._fernets[0]._encrypt_from_parts(p, timestamp, iv) - def decrypt( - self, msg: typing.Union[bytes, str], ttl: typing.Optional[int] = None - ) -> bytes: + def decrypt(self, msg: bytes | str, ttl: int | None = None) -> bytes: for f in self._fernets: try: return f.decrypt(msg, ttl) @@ -210,7 +205,7 @@ def decrypt( raise InvalidToken def decrypt_at_time( - self, msg: typing.Union[bytes, str], ttl: int, current_time: int + self, msg: bytes | str, ttl: int, current_time: int ) -> bytes: for f in self._fernets: try: diff --git a/src/cryptography/hazmat/__init__.py b/src/cryptography/hazmat/__init__.py index 007694b..b9f1187 100644 --- a/src/cryptography/hazmat/__init__.py +++ b/src/cryptography/hazmat/__init__.py @@ -1,6 +1,9 @@ # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. + +from __future__ import annotations + """ Hazardous Materials diff --git a/src/cryptography/hazmat/_oid.py b/src/cryptography/hazmat/_oid.py index 604cf07..fd5e37d 100644 --- a/src/cryptography/hazmat/_oid.py +++ b/src/cryptography/hazmat/_oid.py @@ -2,7 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import typing +from __future__ import annotations from cryptography.hazmat.bindings._rust import ( ObjectIdentifier as ObjectIdentifier, @@ -38,10 +38,12 @@ class ExtensionOID: ) PRECERT_POISON = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.3") SIGNED_CERTIFICATE_TIMESTAMPS = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5") + MS_CERTIFICATE_TEMPLATE = ObjectIdentifier("1.3.6.1.4.1.311.21.7") class OCSPExtensionOID: NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2") + ACCEPTABLE_RESPONSES = ObjectIdentifier("1.3.6.1.5.5.7.48.1.4") class CRLEntryExtensionOID: @@ -56,12 +58,14 @@ class NameOID: LOCALITY_NAME = ObjectIdentifier("2.5.4.7") STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8") STREET_ADDRESS = ObjectIdentifier("2.5.4.9") + ORGANIZATION_IDENTIFIER = ObjectIdentifier("2.5.4.97") ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10") ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11") SERIAL_NUMBER = ObjectIdentifier("2.5.4.5") SURNAME = ObjectIdentifier("2.5.4.4") GIVEN_NAME = ObjectIdentifier("2.5.4.42") TITLE = ObjectIdentifier("2.5.4.12") + INITIALS = ObjectIdentifier("2.5.4.43") GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44") X500_UNIQUE_IDENTIFIER = ObjectIdentifier("2.5.4.45") DN_QUALIFIER = ObjectIdentifier("2.5.4.46") @@ -118,9 +122,7 @@ class SignatureAlgorithmOID: GOSTR3410_2012_WITH_3411_2012_512 = ObjectIdentifier("1.2.643.7.1.1.3.3") -_SIG_OIDS_TO_HASH: typing.Dict[ - ObjectIdentifier, typing.Optional[hashes.HashAlgorithm] -] = { +_SIG_OIDS_TO_HASH: dict[ObjectIdentifier, hashes.HashAlgorithm | None] = { SignatureAlgorithmOID.RSA_WITH_MD5: hashes.MD5(), SignatureAlgorithmOID.RSA_WITH_SHA1: hashes.SHA1(), SignatureAlgorithmOID._RSA_WITH_SHA1: hashes.SHA1(), @@ -128,11 +130,19 @@ class SignatureAlgorithmOID: SignatureAlgorithmOID.RSA_WITH_SHA256: hashes.SHA256(), SignatureAlgorithmOID.RSA_WITH_SHA384: hashes.SHA384(), SignatureAlgorithmOID.RSA_WITH_SHA512: hashes.SHA512(), + SignatureAlgorithmOID.RSA_WITH_SHA3_224: hashes.SHA3_224(), + SignatureAlgorithmOID.RSA_WITH_SHA3_256: hashes.SHA3_256(), + SignatureAlgorithmOID.RSA_WITH_SHA3_384: hashes.SHA3_384(), + SignatureAlgorithmOID.RSA_WITH_SHA3_512: hashes.SHA3_512(), SignatureAlgorithmOID.ECDSA_WITH_SHA1: hashes.SHA1(), SignatureAlgorithmOID.ECDSA_WITH_SHA224: hashes.SHA224(), SignatureAlgorithmOID.ECDSA_WITH_SHA256: hashes.SHA256(), SignatureAlgorithmOID.ECDSA_WITH_SHA384: hashes.SHA384(), SignatureAlgorithmOID.ECDSA_WITH_SHA512: hashes.SHA512(), + SignatureAlgorithmOID.ECDSA_WITH_SHA3_224: hashes.SHA3_224(), + SignatureAlgorithmOID.ECDSA_WITH_SHA3_256: hashes.SHA3_256(), + SignatureAlgorithmOID.ECDSA_WITH_SHA3_384: hashes.SHA3_384(), + SignatureAlgorithmOID.ECDSA_WITH_SHA3_512: hashes.SHA3_512(), SignatureAlgorithmOID.DSA_WITH_SHA1: hashes.SHA1(), SignatureAlgorithmOID.DSA_WITH_SHA224: hashes.SHA224(), SignatureAlgorithmOID.DSA_WITH_SHA256: hashes.SHA256(), @@ -144,6 +154,17 @@ class SignatureAlgorithmOID: } +class PublicKeyAlgorithmOID: + DSA = ObjectIdentifier("1.2.840.10040.4.1") + EC_PUBLIC_KEY = ObjectIdentifier("1.2.840.10045.2.1") + RSAES_PKCS1_v1_5 = ObjectIdentifier("1.2.840.113549.1.1.1") + RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10") + X25519 = ObjectIdentifier("1.3.101.110") + X448 = ObjectIdentifier("1.3.101.111") + ED25519 = ObjectIdentifier("1.3.101.112") + ED448 = ObjectIdentifier("1.3.101.113") + + class ExtendedKeyUsageOID: SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1") CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2") @@ -235,6 +256,12 @@ class AttributeOID: SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_512: ( "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" ), + PublicKeyAlgorithmOID.DSA: "dsaEncryption", + PublicKeyAlgorithmOID.EC_PUBLIC_KEY: "id-ecPublicKey", + PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5: "rsaEncryption", + PublicKeyAlgorithmOID.RSASSA_PSS: "rsassaPss", + PublicKeyAlgorithmOID.X25519: "X25519", + PublicKeyAlgorithmOID.X448: "X448", ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth", ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth", ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning", @@ -256,6 +283,7 @@ class AttributeOID: "signedCertificateTimestampList" ), ExtensionOID.PRECERT_POISON: "ctPoison", + ExtensionOID.MS_CERTIFICATE_TEMPLATE: "msCertificateTemplate", CRLEntryExtensionOID.CRL_REASON: "cRLReason", CRLEntryExtensionOID.INVALIDITY_DATE: "invalidityDate", CRLEntryExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer", @@ -268,7 +296,7 @@ class AttributeOID: ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage", ExtensionOID.FRESHEST_CRL: "freshestCRL", ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy", - ExtensionOID.ISSUING_DISTRIBUTION_POINT: ("issuingDistributionPoint"), + ExtensionOID.ISSUING_DISTRIBUTION_POINT: "issuingDistributionPoint", ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck", diff --git a/src/cryptography/hazmat/backends/__init__.py b/src/cryptography/hazmat/backends/__init__.py index 3926f85..b4400aa 100644 --- a/src/cryptography/hazmat/backends/__init__.py +++ b/src/cryptography/hazmat/backends/__init__.py @@ -1,6 +1,9 @@ # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. + +from __future__ import annotations + from typing import Any diff --git a/src/cryptography/hazmat/backends/openssl/__init__.py b/src/cryptography/hazmat/backends/openssl/__init__.py index 31fd17c..51b0447 100644 --- a/src/cryptography/hazmat/backends/openssl/__init__.py +++ b/src/cryptography/hazmat/backends/openssl/__init__.py @@ -2,8 +2,8 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations from cryptography.hazmat.backends.openssl.backend import backend - __all__ = ["backend"] diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py deleted file mode 100644 index f7914af..0000000 --- a/src/cryptography/hazmat/backends/openssl/aead.py +++ /dev/null @@ -1,251 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import InvalidTag - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - from cryptography.hazmat.primitives.ciphers.aead import ( - AESCCM, - AESGCM, - AESOCB3, - AESSIV, - ChaCha20Poly1305, - ) - - _AEAD_TYPES = typing.Union[ - AESCCM, AESGCM, AESOCB3, AESSIV, ChaCha20Poly1305 - ] - -_ENCRYPT = 1 -_DECRYPT = 0 - - -def _aead_cipher_name(cipher: "_AEAD_TYPES") -> bytes: - from cryptography.hazmat.primitives.ciphers.aead import ( - AESCCM, - AESGCM, - AESOCB3, - AESSIV, - ChaCha20Poly1305, - ) - - if isinstance(cipher, ChaCha20Poly1305): - return b"chacha20-poly1305" - elif isinstance(cipher, AESCCM): - return f"aes-{len(cipher._key) * 8}-ccm".encode("ascii") - elif isinstance(cipher, AESOCB3): - return f"aes-{len(cipher._key) * 8}-ocb".encode("ascii") - elif isinstance(cipher, AESSIV): - return f"aes-{len(cipher._key) * 8 // 2}-siv".encode("ascii") - else: - assert isinstance(cipher, AESGCM) - return f"aes-{len(cipher._key) * 8}-gcm".encode("ascii") - - -def _evp_cipher(cipher_name: bytes, backend: "Backend"): - if cipher_name.endswith(b"-siv"): - evp_cipher = backend._lib.EVP_CIPHER_fetch( - backend._ffi.NULL, - cipher_name, - backend._ffi.NULL, - ) - backend.openssl_assert(evp_cipher != backend._ffi.NULL) - evp_cipher = backend._ffi.gc(evp_cipher, backend._lib.EVP_CIPHER_free) - else: - evp_cipher = backend._lib.EVP_get_cipherbyname(cipher_name) - backend.openssl_assert(evp_cipher != backend._ffi.NULL) - - return evp_cipher - - -def _aead_setup( - backend: "Backend", - cipher_name: bytes, - key: bytes, - nonce: bytes, - tag: typing.Optional[bytes], - tag_len: int, - operation: int, -): - evp_cipher = _evp_cipher(cipher_name, backend) - ctx = backend._lib.EVP_CIPHER_CTX_new() - ctx = backend._ffi.gc(ctx, backend._lib.EVP_CIPHER_CTX_free) - res = backend._lib.EVP_CipherInit_ex( - ctx, - evp_cipher, - backend._ffi.NULL, - backend._ffi.NULL, - backend._ffi.NULL, - int(operation == _ENCRYPT), - ) - backend.openssl_assert(res != 0) - res = backend._lib.EVP_CIPHER_CTX_set_key_length(ctx, len(key)) - backend.openssl_assert(res != 0) - res = backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, - backend._lib.EVP_CTRL_AEAD_SET_IVLEN, - len(nonce), - backend._ffi.NULL, - ) - backend.openssl_assert(res != 0) - if operation == _DECRYPT: - assert tag is not None - res = backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, len(tag), tag - ) - backend.openssl_assert(res != 0) - elif cipher_name.endswith(b"-ccm"): - res = backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, tag_len, backend._ffi.NULL - ) - backend.openssl_assert(res != 0) - - nonce_ptr = backend._ffi.from_buffer(nonce) - key_ptr = backend._ffi.from_buffer(key) - res = backend._lib.EVP_CipherInit_ex( - ctx, - backend._ffi.NULL, - backend._ffi.NULL, - key_ptr, - nonce_ptr, - int(operation == _ENCRYPT), - ) - backend.openssl_assert(res != 0) - return ctx - - -def _set_length(backend: "Backend", ctx, data_len: int) -> None: - intptr = backend._ffi.new("int *") - res = backend._lib.EVP_CipherUpdate( - ctx, backend._ffi.NULL, intptr, backend._ffi.NULL, data_len - ) - backend.openssl_assert(res != 0) - - -def _process_aad(backend: "Backend", ctx, associated_data: bytes) -> None: - outlen = backend._ffi.new("int *") - res = backend._lib.EVP_CipherUpdate( - ctx, backend._ffi.NULL, outlen, associated_data, len(associated_data) - ) - backend.openssl_assert(res != 0) - - -def _process_data(backend: "Backend", ctx, data: bytes) -> bytes: - outlen = backend._ffi.new("int *") - buf = backend._ffi.new("unsigned char[]", len(data)) - res = backend._lib.EVP_CipherUpdate(ctx, buf, outlen, data, len(data)) - if res == 0: - # AES SIV can error here if the data is invalid on decrypt - backend._consume_errors() - raise InvalidTag - return backend._ffi.buffer(buf, outlen[0])[:] - - -def _encrypt( - backend: "Backend", - cipher: "_AEAD_TYPES", - nonce: bytes, - data: bytes, - associated_data: typing.List[bytes], - tag_length: int, -) -> bytes: - from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESSIV - - cipher_name = _aead_cipher_name(cipher) - ctx = _aead_setup( - backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT - ) - # CCM requires us to pass the length of the data before processing anything - # However calling this with any other AEAD results in an error - if isinstance(cipher, AESCCM): - _set_length(backend, ctx, len(data)) - - for ad in associated_data: - _process_aad(backend, ctx, ad) - processed_data = _process_data(backend, ctx, data) - outlen = backend._ffi.new("int *") - # All AEADs we support besides OCB are streaming so they return nothing - # in finalization. OCB can return up to (16 byte block - 1) bytes so - # we need a buffer here too. - buf = backend._ffi.new("unsigned char[]", 16) - res = backend._lib.EVP_CipherFinal_ex(ctx, buf, outlen) - backend.openssl_assert(res != 0) - processed_data += backend._ffi.buffer(buf, outlen[0])[:] - tag_buf = backend._ffi.new("unsigned char[]", tag_length) - res = backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, backend._lib.EVP_CTRL_AEAD_GET_TAG, tag_length, tag_buf - ) - backend.openssl_assert(res != 0) - tag = backend._ffi.buffer(tag_buf)[:] - - if isinstance(cipher, AESSIV): - # RFC 5297 defines the output as IV || C, where the tag we generate is - # the "IV" and C is the ciphertext. This is the opposite of our - # other AEADs, which are Ciphertext || Tag - backend.openssl_assert(len(tag) == 16) - return tag + processed_data - else: - return processed_data + tag - - -def _decrypt( - backend: "Backend", - cipher: "_AEAD_TYPES", - nonce: bytes, - data: bytes, - associated_data: typing.List[bytes], - tag_length: int, -) -> bytes: - from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESSIV - - if len(data) < tag_length: - raise InvalidTag - - if isinstance(cipher, AESSIV): - # RFC 5297 defines the output as IV || C, where the tag we generate is - # the "IV" and C is the ciphertext. This is the opposite of our - # other AEADs, which are Ciphertext || Tag - tag = data[:tag_length] - data = data[tag_length:] - else: - tag = data[-tag_length:] - data = data[:-tag_length] - cipher_name = _aead_cipher_name(cipher) - ctx = _aead_setup( - backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT - ) - # CCM requires us to pass the length of the data before processing anything - # However calling this with any other AEAD results in an error - if isinstance(cipher, AESCCM): - _set_length(backend, ctx, len(data)) - - for ad in associated_data: - _process_aad(backend, ctx, ad) - # CCM has a different error path if the tag doesn't match. Errors are - # raised in Update and Final is irrelevant. - if isinstance(cipher, AESCCM): - outlen = backend._ffi.new("int *") - buf = backend._ffi.new("unsigned char[]", len(data)) - res = backend._lib.EVP_CipherUpdate(ctx, buf, outlen, data, len(data)) - if res != 1: - backend._consume_errors() - raise InvalidTag - - processed_data = backend._ffi.buffer(buf, outlen[0])[:] - else: - processed_data = _process_data(backend, ctx, data) - outlen = backend._ffi.new("int *") - # OCB can return up to 15 bytes (16 byte block - 1) in finalization - buf = backend._ffi.new("unsigned char[]", 16) - res = backend._lib.EVP_CipherFinal_ex(ctx, buf, outlen) - processed_data += backend._ffi.buffer(buf, outlen[0])[:] - if res == 0: - backend._consume_errors() - raise InvalidTag - - return processed_data diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index f8776b7..c87d3e8 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -2,136 +2,32 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -import collections -import contextlib -import itertools -import typing -import warnings -from contextlib import contextmanager - -from cryptography import utils, x509 -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.backends.openssl import aead -from cryptography.hazmat.backends.openssl.ciphers import _CipherContext -from cryptography.hazmat.backends.openssl.cmac import _CMACContext -from cryptography.hazmat.backends.openssl.dh import ( - _DHParameters, - _DHPrivateKey, - _DHPublicKey, - _dh_params_dup, -) -from cryptography.hazmat.backends.openssl.dsa import ( - _DSAParameters, - _DSAPrivateKey, - _DSAPublicKey, -) -from cryptography.hazmat.backends.openssl.ec import ( - _EllipticCurvePrivateKey, - _EllipticCurvePublicKey, -) -from cryptography.hazmat.backends.openssl.ed25519 import ( - _Ed25519PrivateKey, - _Ed25519PublicKey, -) -from cryptography.hazmat.backends.openssl.ed448 import ( - _ED448_KEY_SIZE, - _Ed448PrivateKey, - _Ed448PublicKey, -) -from cryptography.hazmat.backends.openssl.hashes import _HashContext -from cryptography.hazmat.backends.openssl.hmac import _HMACContext -from cryptography.hazmat.backends.openssl.poly1305 import ( - _POLY1305_KEY_SIZE, - _Poly1305Context, -) -from cryptography.hazmat.backends.openssl.rsa import ( - _RSAPrivateKey, - _RSAPublicKey, -) -from cryptography.hazmat.backends.openssl.x25519 import ( - _X25519PrivateKey, - _X25519PublicKey, -) -from cryptography.hazmat.backends.openssl.x448 import ( - _X448PrivateKey, - _X448PublicKey, -) -from cryptography.hazmat.bindings._rust import ( - x509 as rust_x509, -) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.bindings.openssl import binding -from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives._asymmetric import AsymmetricPadding -from cryptography.hazmat.primitives.asymmetric import ( - dh, - dsa, - ec, - ed25519, - ed448, - rsa, - x25519, - x448, -) +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils from cryptography.hazmat.primitives.asymmetric.padding import ( MGF1, OAEP, - PKCS1v15, PSS, -) -from cryptography.hazmat.primitives.asymmetric.types import ( - CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, - PRIVATE_KEY_TYPES, - PUBLIC_KEY_TYPES, + PKCS1v15, ) from cryptography.hazmat.primitives.ciphers import ( - BlockCipherAlgorithm, CipherAlgorithm, ) from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, - AES128, - AES256, - ARC4, - Camellia, - ChaCha20, - SM4, - TripleDES, - _BlowfishInternal, - _CAST5Internal, - _IDEAInternal, - _SEEDInternal, ) from cryptography.hazmat.primitives.ciphers.modes import ( CBC, - CFB, - CFB8, - CTR, - ECB, - GCM, Mode, - OFB, - XTS, -) -from cryptography.hazmat.primitives.kdf import scrypt -from cryptography.hazmat.primitives.serialization import pkcs7, ssh -from cryptography.hazmat.primitives.serialization.pkcs12 import ( - PBES, - PKCS12Certificate, - PKCS12KeyAndCertificates, - _ALLOWED_PKCS12_TYPES, - _PKCS12_CAS_TYPES, ) -_MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) - - -# Not actually supported, just used as a marker for some serialization tests. -class _RC2: - pass - - class Backend: """ OpenSSL API binding interfaces. @@ -139,18 +35,6 @@ class Backend: name = "openssl" - # FIPS has opinions about acceptable algorithms and key sizes, but the - # disallowed algorithms are still present in OpenSSL. They just error if - # you try to use them. To avoid that we allowlist the algorithms in - # FIPS 140-3. This isn't ideal, but FIPS 140-3 is trash so here we are. - _fips_aead = { - b"aes-128-ccm", - b"aes-192-ccm", - b"aes-256-ccm", - b"aes-128-gcm", - b"aes-192-gcm", - b"aes-256-gcm", - } # TripleDES encryption is disallowed/deprecated throughout 2023 in # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA). _fips_ciphers = (AES,) @@ -182,147 +66,52 @@ class Backend: _fips_dh_min_key_size = 2048 _fips_dh_min_modulus = 1 << _fips_dh_min_key_size - def __init__(self): + def __init__(self) -> None: self._binding = binding.Binding() self._ffi = self._binding.ffi self._lib = self._binding.lib - self._rsa_skip_check_key = False - self._fips_enabled = self._is_fips_enabled() - - self._cipher_registry = {} - self._register_default_ciphers() - if self._fips_enabled and self._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE: - warnings.warn( - "OpenSSL FIPS mode is enabled. Can't enable DRBG fork safety.", - UserWarning, - ) - else: - self.activate_osrandom_engine() - self._dh_types = [self._lib.EVP_PKEY_DH] - if self._lib.Cryptography_HAS_EVP_PKEY_DHX: - self._dh_types.append(self._lib.EVP_PKEY_DHX) + self._fips_enabled = rust_openssl.is_fips_enabled() def __repr__(self) -> str: - return "".format( - self.openssl_version_text(), self._fips_enabled + return ( + f"" ) - def openssl_assert( - self, - ok: bool, - errors: typing.Optional[typing.List[binding._OpenSSLError]] = None, - ) -> None: - return binding._openssl_assert(self._lib, ok, errors=errors) - - def _is_fips_enabled(self) -> bool: - if self._lib.Cryptography_HAS_300_FIPS: - mode = self._lib.EVP_default_properties_is_fips_enabled( - self._ffi.NULL - ) - else: - mode = getattr(self._lib, "FIPS_mode", lambda: 0)() - - if mode == 0: - # OpenSSL without FIPS pushes an error on the error stack - self._lib.ERR_clear_error() - return bool(mode) + def openssl_assert(self, ok: bool) -> None: + return binding._openssl_assert(ok) def _enable_fips(self) -> None: # This function enables FIPS mode for OpenSSL 3.0.0 on installs that # have the FIPS provider installed properly. - self._binding._enable_fips() - assert self._is_fips_enabled() - self._fips_enabled = self._is_fips_enabled() - - def activate_builtin_random(self) -> None: - if self._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE: - # Obtain a new structural reference. - e = self._lib.ENGINE_get_default_RAND() - if e != self._ffi.NULL: - self._lib.ENGINE_unregister_RAND(e) - # Reset the RNG to use the built-in. - res = self._lib.RAND_set_rand_method(self._ffi.NULL) - self.openssl_assert(res == 1) - # decrement the structural reference from get_default_RAND - res = self._lib.ENGINE_finish(e) - self.openssl_assert(res == 1) - - @contextlib.contextmanager - def _get_osurandom_engine(self): - # Fetches an engine by id and returns it. This creates a structural - # reference. - e = self._lib.ENGINE_by_id(self._lib.Cryptography_osrandom_engine_id) - self.openssl_assert(e != self._ffi.NULL) - # Initialize the engine for use. This adds a functional reference. - res = self._lib.ENGINE_init(e) - self.openssl_assert(res == 1) - - try: - yield e - finally: - # Decrement the structural ref incremented by ENGINE_by_id. - res = self._lib.ENGINE_free(e) - self.openssl_assert(res == 1) - # Decrement the functional ref incremented by ENGINE_init. - res = self._lib.ENGINE_finish(e) - self.openssl_assert(res == 1) - - def activate_osrandom_engine(self) -> None: - if self._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE: - # Unregister and free the current engine. - self.activate_builtin_random() - with self._get_osurandom_engine() as e: - # Set the engine as the default RAND provider. - res = self._lib.ENGINE_set_default_RAND(e) - self.openssl_assert(res == 1) - # Reset the RNG to use the engine - res = self._lib.RAND_set_rand_method(self._ffi.NULL) - self.openssl_assert(res == 1) - - def osrandom_engine_implementation(self) -> str: - buf = self._ffi.new("char[]", 64) - with self._get_osurandom_engine() as e: - res = self._lib.ENGINE_ctrl_cmd( - e, b"get_implementation", len(buf), buf, self._ffi.NULL, 0 - ) - self.openssl_assert(res > 0) - return self._ffi.string(buf).decode("ascii") + rust_openssl.enable_fips(rust_openssl._providers) + assert rust_openssl.is_fips_enabled() + self._fips_enabled = rust_openssl.is_fips_enabled() def openssl_version_text(self) -> str: """ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. - Example: OpenSSL 1.1.1d 10 Sep 2019 + Example: OpenSSL 3.2.1 30 Jan 2024 """ - return self._ffi.string( - self._lib.OpenSSL_version(self._lib.OPENSSL_VERSION) - ).decode("ascii") + return rust_openssl.openssl_version_text() def openssl_version_number(self) -> int: - return self._lib.OpenSSL_version_num() - - def create_hmac_ctx( - self, key: bytes, algorithm: hashes.HashAlgorithm - ) -> _HMACContext: - return _HMACContext(self, key, algorithm) + return rust_openssl.openssl_version() def _evp_md_from_algorithm(self, algorithm: hashes.HashAlgorithm): - if algorithm.name == "blake2b" or algorithm.name == "blake2s": - alg = "{}{}".format( - algorithm.name, algorithm.digest_size * 8 - ).encode("ascii") + if algorithm.name in ("blake2b", "blake2s"): + alg = f"{algorithm.name}{algorithm.digest_size * 8}".encode( + "ascii" + ) else: alg = algorithm.name.encode("ascii") evp_md = self._lib.EVP_get_digestbyname(alg) return evp_md - def _evp_md_non_null_from_algorithm(self, algorithm: hashes.HashAlgorithm): - evp_md = self._evp_md_from_algorithm(algorithm) - self.openssl_assert(evp_md != self._ffi.NULL) - return evp_md - def hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool: if self._fips_enabled and not isinstance(algorithm, self._fips_hashes): return False @@ -343,7 +132,7 @@ def scrypt_supported(self) -> bool: if self._fips_enabled: return False else: - return self._lib.Cryptography_HAS_SCRYPT == 1 + return hasattr(rust_openssl.kdf, "derive_scrypt") def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool: # FIPS mode still allows SHA1 for HMAC @@ -352,11 +141,6 @@ def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool: return self.hash_supported(algorithm) - def create_hash_ctx( - self, algorithm: hashes.HashAlgorithm - ) -> hashes.HashContext: - return _HashContext(self, algorithm) - def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool: if self._fips_enabled: # FIPS mode requires AES. TripleDES is disallowed/deprecated in @@ -364,400 +148,18 @@ def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool: if not isinstance(cipher, self._fips_ciphers): return False - try: - adapter = self._cipher_registry[type(cipher), type(mode)] - except KeyError: - return False - evp_cipher = adapter(self, cipher, mode) - return self._ffi.NULL != evp_cipher - - def register_cipher_adapter(self, cipher_cls, mode_cls, adapter): - if (cipher_cls, mode_cls) in self._cipher_registry: - raise ValueError( - "Duplicate registration for: {} {}.".format( - cipher_cls, mode_cls - ) - ) - self._cipher_registry[cipher_cls, mode_cls] = adapter - - def _register_default_ciphers(self) -> None: - for cipher_cls in [AES, AES128, AES256]: - for mode_cls in [CBC, CTR, ECB, OFB, CFB, CFB8, GCM]: - self.register_cipher_adapter( - cipher_cls, - mode_cls, - GetCipherByName( - "{cipher.name}-{cipher.key_size}-{mode.name}" - ), - ) - for mode_cls in [CBC, CTR, ECB, OFB, CFB]: - self.register_cipher_adapter( - Camellia, - mode_cls, - GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}"), - ) - for mode_cls in [CBC, CFB, CFB8, OFB]: - self.register_cipher_adapter( - TripleDES, mode_cls, GetCipherByName("des-ede3-{mode.name}") - ) - self.register_cipher_adapter( - TripleDES, ECB, GetCipherByName("des-ede3") - ) - for mode_cls in [CBC, CFB, OFB, ECB]: - self.register_cipher_adapter( - _BlowfishInternal, mode_cls, GetCipherByName("bf-{mode.name}") - ) - for mode_cls in [CBC, CFB, OFB, ECB]: - self.register_cipher_adapter( - _SEEDInternal, mode_cls, GetCipherByName("seed-{mode.name}") - ) - for cipher_cls, mode_cls in itertools.product( - [_CAST5Internal, _IDEAInternal], - [CBC, OFB, CFB, ECB], - ): - self.register_cipher_adapter( - cipher_cls, - mode_cls, - GetCipherByName("{cipher.name}-{mode.name}"), - ) - self.register_cipher_adapter(ARC4, type(None), GetCipherByName("rc4")) - # We don't actually support RC2, this is just used by some tests. - self.register_cipher_adapter(_RC2, type(None), GetCipherByName("rc2")) - self.register_cipher_adapter( - ChaCha20, type(None), GetCipherByName("chacha20") - ) - self.register_cipher_adapter(AES, XTS, _get_xts_cipher) - for mode_cls in [ECB, CBC, OFB, CFB, CTR]: - self.register_cipher_adapter( - SM4, mode_cls, GetCipherByName("sm4-{mode.name}") - ) - - def create_symmetric_encryption_ctx( - self, cipher: CipherAlgorithm, mode: Mode - ) -> _CipherContext: - return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT) - - def create_symmetric_decryption_ctx( - self, cipher: CipherAlgorithm, mode: Mode - ) -> _CipherContext: - return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT) + return rust_openssl.ciphers.cipher_supported(cipher, mode) def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool: return self.hmac_supported(algorithm) - def derive_pbkdf2_hmac( - self, - algorithm: hashes.HashAlgorithm, - length: int, - salt: bytes, - iterations: int, - key_material: bytes, - ) -> bytes: - buf = self._ffi.new("unsigned char[]", length) - evp_md = self._evp_md_non_null_from_algorithm(algorithm) - key_material_ptr = self._ffi.from_buffer(key_material) - res = self._lib.PKCS5_PBKDF2_HMAC( - key_material_ptr, - len(key_material), - salt, - len(salt), - iterations, - evp_md, - length, - buf, - ) - self.openssl_assert(res == 1) - return self._ffi.buffer(buf)[:] - - def _consume_errors(self) -> typing.List[binding._OpenSSLError]: - return binding._consume_errors(self._lib) - - def _consume_errors_with_text( - self, - ) -> typing.List[binding._OpenSSLErrorWithText]: - return binding._consume_errors_with_text(self._lib) - - def _bn_to_int(self, bn) -> int: - assert bn != self._ffi.NULL - self.openssl_assert(not self._lib.BN_is_negative(bn)) - - bn_num_bytes = self._lib.BN_num_bytes(bn) - bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes) - bin_len = self._lib.BN_bn2bin(bn, bin_ptr) - # A zero length means the BN has value 0 - self.openssl_assert(bin_len >= 0) - val = int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") - return val - - def _int_to_bn(self, num: int, bn=None): - """ - Converts a python integer to a BIGNUM. The returned BIGNUM will not - be garbage collected (to support adding them to structs that take - ownership of the object). Be sure to register it for GC if it will - be discarded after use. - """ - assert bn is None or bn != self._ffi.NULL - - if bn is None: - bn = self._ffi.NULL - - binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big") - bn_ptr = self._lib.BN_bin2bn(binary, len(binary), bn) - self.openssl_assert(bn_ptr != self._ffi.NULL) - return bn_ptr - - def generate_rsa_private_key( - self, public_exponent: int, key_size: int - ) -> rsa.RSAPrivateKey: - rsa._verify_rsa_parameters(public_exponent, key_size) - - rsa_cdata = self._lib.RSA_new() - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - - bn = self._int_to_bn(public_exponent) - bn = self._ffi.gc(bn, self._lib.BN_free) - - res = self._lib.RSA_generate_key_ex( - rsa_cdata, key_size, bn, self._ffi.NULL - ) - self.openssl_assert(res == 1) - evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata) - - return _RSAPrivateKey( - self, rsa_cdata, evp_pkey, self._rsa_skip_check_key - ) - - def generate_rsa_parameters_supported( - self, public_exponent: int, key_size: int - ) -> bool: - return ( - public_exponent >= 3 - and public_exponent & 1 != 0 - and key_size >= 512 - ) - - def load_rsa_private_numbers( - self, numbers: rsa.RSAPrivateNumbers - ) -> rsa.RSAPrivateKey: - rsa._check_private_key_components( - numbers.p, - numbers.q, - numbers.d, - numbers.dmp1, - numbers.dmq1, - numbers.iqmp, - numbers.public_numbers.e, - numbers.public_numbers.n, - ) - rsa_cdata = self._lib.RSA_new() - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - p = self._int_to_bn(numbers.p) - q = self._int_to_bn(numbers.q) - d = self._int_to_bn(numbers.d) - dmp1 = self._int_to_bn(numbers.dmp1) - dmq1 = self._int_to_bn(numbers.dmq1) - iqmp = self._int_to_bn(numbers.iqmp) - e = self._int_to_bn(numbers.public_numbers.e) - n = self._int_to_bn(numbers.public_numbers.n) - res = self._lib.RSA_set0_factors(rsa_cdata, p, q) - self.openssl_assert(res == 1) - res = self._lib.RSA_set0_key(rsa_cdata, n, e, d) - self.openssl_assert(res == 1) - res = self._lib.RSA_set0_crt_params(rsa_cdata, dmp1, dmq1, iqmp) - self.openssl_assert(res == 1) - evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata) - - return _RSAPrivateKey( - self, rsa_cdata, evp_pkey, self._rsa_skip_check_key - ) - - def load_rsa_public_numbers( - self, numbers: rsa.RSAPublicNumbers - ) -> rsa.RSAPublicKey: - rsa._check_public_key_components(numbers.e, numbers.n) - rsa_cdata = self._lib.RSA_new() - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - e = self._int_to_bn(numbers.e) - n = self._int_to_bn(numbers.n) - res = self._lib.RSA_set0_key(rsa_cdata, n, e, self._ffi.NULL) - self.openssl_assert(res == 1) - evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata) - - return _RSAPublicKey(self, rsa_cdata, evp_pkey) - - def _create_evp_pkey_gc(self): - evp_pkey = self._lib.EVP_PKEY_new() - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - return evp_pkey - - def _rsa_cdata_to_evp_pkey(self, rsa_cdata): - evp_pkey = self._create_evp_pkey_gc() - res = self._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) - self.openssl_assert(res == 1) - return evp_pkey - - def _bytes_to_bio(self, data: bytes): - """ - Return a _MemoryBIO namedtuple of (BIO, char*). - - The char* is the storage for the BIO and it must stay alive until the - BIO is finished with. - """ - data_ptr = self._ffi.from_buffer(data) - bio = self._lib.BIO_new_mem_buf(data_ptr, len(data)) - self.openssl_assert(bio != self._ffi.NULL) - - return _MemoryBIO(self._ffi.gc(bio, self._lib.BIO_free), data_ptr) - - def _create_mem_bio_gc(self): - """ - Creates an empty memory BIO. - """ - bio_method = self._lib.BIO_s_mem() - self.openssl_assert(bio_method != self._ffi.NULL) - bio = self._lib.BIO_new(bio_method) - self.openssl_assert(bio != self._ffi.NULL) - bio = self._ffi.gc(bio, self._lib.BIO_free) - return bio - - def _read_mem_bio(self, bio) -> bytes: - """ - Reads a memory BIO. This only works on memory BIOs. - """ - buf = self._ffi.new("char **") - buf_len = self._lib.BIO_get_mem_data(bio, buf) - self.openssl_assert(buf_len > 0) - self.openssl_assert(buf[0] != self._ffi.NULL) - bio_data = self._ffi.buffer(buf[0], buf_len)[:] - return bio_data - - def _evp_pkey_to_private_key(self, evp_pkey) -> PRIVATE_KEY_TYPES: - """ - Return the appropriate type of PrivateKey given an evp_pkey cdata - pointer. - """ - - key_type = self._lib.EVP_PKEY_id(evp_pkey) - - if key_type == self._lib.EVP_PKEY_RSA: - rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - return _RSAPrivateKey( - self, rsa_cdata, evp_pkey, self._rsa_skip_check_key - ) - elif ( - key_type == self._lib.EVP_PKEY_RSA_PSS - and not self._lib.CRYPTOGRAPHY_IS_LIBRESSL - and not self._lib.CRYPTOGRAPHY_IS_BORINGSSL - and not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ): - # At the moment the way we handle RSA PSS keys is to strip the - # PSS constraints from them and treat them as normal RSA keys - # Unfortunately the RSA * itself tracks this data so we need to - # extract, serialize, and reload it without the constraints. - rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - bio = self._create_mem_bio_gc() - res = self._lib.i2d_RSAPrivateKey_bio(bio, rsa_cdata) - self.openssl_assert(res == 1) - return self.load_der_private_key( - self._read_mem_bio(bio), password=None - ) - elif key_type == self._lib.EVP_PKEY_DSA: - dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey) - self.openssl_assert(dsa_cdata != self._ffi.NULL) - dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) - return _DSAPrivateKey(self, dsa_cdata, evp_pkey) - elif key_type == self._lib.EVP_PKEY_EC: - ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) - self.openssl_assert(ec_cdata != self._ffi.NULL) - ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey) - elif key_type in self._dh_types: - dh_cdata = self._lib.EVP_PKEY_get1_DH(evp_pkey) - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - return _DHPrivateKey(self, dh_cdata, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_ED25519", None): - # EVP_PKEY_ED25519 is not present in OpenSSL < 1.1.1 - return _Ed25519PrivateKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_X448", None): - # EVP_PKEY_X448 is not present in OpenSSL < 1.1.1 - return _X448PrivateKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_X25519", None): - # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.0 - return _X25519PrivateKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None): - # EVP_PKEY_ED448 is not present in OpenSSL < 1.1.1 - return _Ed448PrivateKey(self, evp_pkey) - else: - raise UnsupportedAlgorithm("Unsupported key type.") - - def _evp_pkey_to_public_key(self, evp_pkey) -> PUBLIC_KEY_TYPES: - """ - Return the appropriate type of PublicKey given an evp_pkey cdata - pointer. - """ - - key_type = self._lib.EVP_PKEY_id(evp_pkey) - - if key_type == self._lib.EVP_PKEY_RSA: - rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - return _RSAPublicKey(self, rsa_cdata, evp_pkey) - elif ( - key_type == self._lib.EVP_PKEY_RSA_PSS - and not self._lib.CRYPTOGRAPHY_IS_LIBRESSL - and not self._lib.CRYPTOGRAPHY_IS_BORINGSSL - and not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ): - rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) - self.openssl_assert(rsa_cdata != self._ffi.NULL) - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - bio = self._create_mem_bio_gc() - res = self._lib.i2d_RSAPublicKey_bio(bio, rsa_cdata) - self.openssl_assert(res == 1) - return self.load_der_public_key(self._read_mem_bio(bio)) - elif key_type == self._lib.EVP_PKEY_DSA: - dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey) - self.openssl_assert(dsa_cdata != self._ffi.NULL) - dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) - return _DSAPublicKey(self, dsa_cdata, evp_pkey) - elif key_type == self._lib.EVP_PKEY_EC: - ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) - if ec_cdata == self._ffi.NULL: - errors = self._consume_errors_with_text() - raise ValueError("Unable to load EC key", errors) - ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) - elif key_type in self._dh_types: - dh_cdata = self._lib.EVP_PKEY_get1_DH(evp_pkey) - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - return _DHPublicKey(self, dh_cdata, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_ED25519", None): - # EVP_PKEY_ED25519 is not present in OpenSSL < 1.1.1 - return _Ed25519PublicKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_X448", None): - # EVP_PKEY_X448 is not present in OpenSSL < 1.1.1 - return _X448PublicKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_X25519", None): - # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.0 - return _X25519PublicKey(self, evp_pkey) - elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None): - # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.1 - return _Ed448PublicKey(self, evp_pkey) - else: - raise UnsupportedAlgorithm("Unsupported key type.") + def _consume_errors(self) -> list[rust_openssl.OpenSSLError]: + return rust_openssl.capture_error_stack() def _oaep_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool: + if self._fips_enabled and isinstance(algorithm, hashes.SHA1): + return False + return isinstance( algorithm, ( @@ -788,119 +190,17 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool: else: return False - def generate_dsa_parameters(self, key_size: int) -> dsa.DSAParameters: - if key_size not in (1024, 2048, 3072, 4096): - raise ValueError( - "Key size must be 1024, 2048, 3072, or 4096 bits." - ) - - ctx = self._lib.DSA_new() - self.openssl_assert(ctx != self._ffi.NULL) - ctx = self._ffi.gc(ctx, self._lib.DSA_free) - - res = self._lib.DSA_generate_parameters_ex( - ctx, - key_size, - self._ffi.NULL, - 0, - self._ffi.NULL, - self._ffi.NULL, - self._ffi.NULL, - ) - - self.openssl_assert(res == 1) - - return _DSAParameters(self, ctx) - - def generate_dsa_private_key( - self, parameters: dsa.DSAParameters - ) -> dsa.DSAPrivateKey: - ctx = self._lib.DSAparams_dup( - parameters._dsa_cdata # type: ignore[attr-defined] - ) - self.openssl_assert(ctx != self._ffi.NULL) - ctx = self._ffi.gc(ctx, self._lib.DSA_free) - self._lib.DSA_generate_key(ctx) - evp_pkey = self._dsa_cdata_to_evp_pkey(ctx) - - return _DSAPrivateKey(self, ctx, evp_pkey) - - def generate_dsa_private_key_and_parameters( - self, key_size: int - ) -> dsa.DSAPrivateKey: - parameters = self.generate_dsa_parameters(key_size) - return self.generate_dsa_private_key(parameters) - - def _dsa_cdata_set_values(self, dsa_cdata, p, q, g, pub_key, priv_key): - res = self._lib.DSA_set0_pqg(dsa_cdata, p, q, g) - self.openssl_assert(res == 1) - res = self._lib.DSA_set0_key(dsa_cdata, pub_key, priv_key) - self.openssl_assert(res == 1) - - def load_dsa_private_numbers( - self, numbers: dsa.DSAPrivateNumbers - ) -> dsa.DSAPrivateKey: - dsa._check_dsa_private_numbers(numbers) - parameter_numbers = numbers.public_numbers.parameter_numbers - - dsa_cdata = self._lib.DSA_new() - self.openssl_assert(dsa_cdata != self._ffi.NULL) - dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) - - p = self._int_to_bn(parameter_numbers.p) - q = self._int_to_bn(parameter_numbers.q) - g = self._int_to_bn(parameter_numbers.g) - pub_key = self._int_to_bn(numbers.public_numbers.y) - priv_key = self._int_to_bn(numbers.x) - self._dsa_cdata_set_values(dsa_cdata, p, q, g, pub_key, priv_key) - - evp_pkey = self._dsa_cdata_to_evp_pkey(dsa_cdata) - - return _DSAPrivateKey(self, dsa_cdata, evp_pkey) - - def load_dsa_public_numbers( - self, numbers: dsa.DSAPublicNumbers - ) -> dsa.DSAPublicKey: - dsa._check_dsa_parameters(numbers.parameter_numbers) - dsa_cdata = self._lib.DSA_new() - self.openssl_assert(dsa_cdata != self._ffi.NULL) - dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) - - p = self._int_to_bn(numbers.parameter_numbers.p) - q = self._int_to_bn(numbers.parameter_numbers.q) - g = self._int_to_bn(numbers.parameter_numbers.g) - pub_key = self._int_to_bn(numbers.y) - priv_key = self._ffi.NULL - self._dsa_cdata_set_values(dsa_cdata, p, q, g, pub_key, priv_key) - - evp_pkey = self._dsa_cdata_to_evp_pkey(dsa_cdata) - - return _DSAPublicKey(self, dsa_cdata, evp_pkey) - - def load_dsa_parameter_numbers( - self, numbers: dsa.DSAParameterNumbers - ) -> dsa.DSAParameters: - dsa._check_dsa_parameters(numbers) - dsa_cdata = self._lib.DSA_new() - self.openssl_assert(dsa_cdata != self._ffi.NULL) - dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) - - p = self._int_to_bn(numbers.p) - q = self._int_to_bn(numbers.q) - g = self._int_to_bn(numbers.g) - res = self._lib.DSA_set0_pqg(dsa_cdata, p, q, g) - self.openssl_assert(res == 1) - - return _DSAParameters(self, dsa_cdata) - - def _dsa_cdata_to_evp_pkey(self, dsa_cdata): - evp_pkey = self._create_evp_pkey_gc() - res = self._lib.EVP_PKEY_set1_DSA(evp_pkey, dsa_cdata) - self.openssl_assert(res == 1) - return evp_pkey + def rsa_encryption_supported(self, padding: AsymmetricPadding) -> bool: + if self._fips_enabled and isinstance(padding, PKCS1v15): + return False + else: + return self.rsa_padding_supported(padding) def dsa_supported(self) -> bool: - return not self._fips_enabled + return ( + not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL + and not self._fips_enabled + ) def dsa_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool: if not self.dsa_supported(): @@ -912,362 +212,13 @@ def cmac_algorithm_supported(self, algorithm) -> bool: algorithm, CBC(b"\x00" * algorithm.block_size) ) - def create_cmac_ctx(self, algorithm: BlockCipherAlgorithm) -> _CMACContext: - return _CMACContext(self, algorithm) - - def load_pem_private_key( - self, data: bytes, password: typing.Optional[bytes] - ) -> PRIVATE_KEY_TYPES: - return self._load_key( - self._lib.PEM_read_bio_PrivateKey, - self._evp_pkey_to_private_key, - data, - password, - ) - - def load_pem_public_key(self, data: bytes) -> PUBLIC_KEY_TYPES: - mem_bio = self._bytes_to_bio(data) - # In OpenSSL 3.0.x the PEM_read_bio_PUBKEY function will invoke - # the default password callback if you pass an encrypted private - # key. This is very, very, very bad as the default callback can - # trigger an interactive console prompt, which will hang the - # Python process. We therefore provide our own callback to - # catch this and error out properly. - userdata = self._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") - evp_pkey = self._lib.PEM_read_bio_PUBKEY( - mem_bio.bio, - self._ffi.NULL, - self._ffi.addressof( - self._lib._original_lib, "Cryptography_pem_password_cb" - ), - userdata, - ) - if evp_pkey != self._ffi.NULL: - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - return self._evp_pkey_to_public_key(evp_pkey) - else: - # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still - # need to check to see if it is a pure PKCS1 RSA public key (not - # embedded in a subjectPublicKeyInfo) - self._consume_errors() - res = self._lib.BIO_reset(mem_bio.bio) - self.openssl_assert(res == 1) - rsa_cdata = self._lib.PEM_read_bio_RSAPublicKey( - mem_bio.bio, - self._ffi.NULL, - self._ffi.addressof( - self._lib._original_lib, "Cryptography_pem_password_cb" - ), - userdata, - ) - if rsa_cdata != self._ffi.NULL: - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata) - return _RSAPublicKey(self, rsa_cdata, evp_pkey) - else: - self._handle_key_loading_error() - - def load_pem_parameters(self, data: bytes) -> dh.DHParameters: - mem_bio = self._bytes_to_bio(data) - # only DH is supported currently - dh_cdata = self._lib.PEM_read_bio_DHparams( - mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL - ) - if dh_cdata != self._ffi.NULL: - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - return _DHParameters(self, dh_cdata) - else: - self._handle_key_loading_error() - - def load_der_private_key( - self, data: bytes, password: typing.Optional[bytes] - ) -> PRIVATE_KEY_TYPES: - # OpenSSL has a function called d2i_AutoPrivateKey that in theory - # handles this automatically, however it doesn't handle encrypted - # private keys. Instead we try to load the key two different ways. - # First we'll try to load it as a traditional key. - bio_data = self._bytes_to_bio(data) - key = self._evp_pkey_from_der_traditional_key(bio_data, password) - if key: - return self._evp_pkey_to_private_key(key) - else: - # Finally we try to load it with the method that handles encrypted - # PKCS8 properly. - return self._load_key( - self._lib.d2i_PKCS8PrivateKey_bio, - self._evp_pkey_to_private_key, - data, - password, - ) - - def _evp_pkey_from_der_traditional_key(self, bio_data, password): - key = self._lib.d2i_PrivateKey_bio(bio_data.bio, self._ffi.NULL) - if key != self._ffi.NULL: - # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will - # successfully load but errors are still put on the stack. Tracked - # as https://github.com/openssl/openssl/issues/14996 - self._consume_errors() - - key = self._ffi.gc(key, self._lib.EVP_PKEY_free) - if password is not None: - raise TypeError( - "Password was given but private key is not encrypted." - ) - - return key - else: - self._consume_errors() - return None - - def load_der_public_key(self, data: bytes) -> PUBLIC_KEY_TYPES: - mem_bio = self._bytes_to_bio(data) - evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL) - if evp_pkey != self._ffi.NULL: - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - return self._evp_pkey_to_public_key(evp_pkey) - else: - # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still - # need to check to see if it is a pure PKCS1 RSA public key (not - # embedded in a subjectPublicKeyInfo) - self._consume_errors() - res = self._lib.BIO_reset(mem_bio.bio) - self.openssl_assert(res == 1) - rsa_cdata = self._lib.d2i_RSAPublicKey_bio( - mem_bio.bio, self._ffi.NULL - ) - if rsa_cdata != self._ffi.NULL: - rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) - evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata) - return _RSAPublicKey(self, rsa_cdata, evp_pkey) - else: - self._handle_key_loading_error() - - def load_der_parameters(self, data: bytes) -> dh.DHParameters: - mem_bio = self._bytes_to_bio(data) - dh_cdata = self._lib.d2i_DHparams_bio(mem_bio.bio, self._ffi.NULL) - if dh_cdata != self._ffi.NULL: - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - return _DHParameters(self, dh_cdata) - elif self._lib.Cryptography_HAS_EVP_PKEY_DHX: - # We check to see if the is dhx. - self._consume_errors() - res = self._lib.BIO_reset(mem_bio.bio) - self.openssl_assert(res == 1) - dh_cdata = self._lib.Cryptography_d2i_DHxparams_bio( - mem_bio.bio, self._ffi.NULL - ) - if dh_cdata != self._ffi.NULL: - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - return _DHParameters(self, dh_cdata) - - self._handle_key_loading_error() - - def _cert2ossl(self, cert: x509.Certificate) -> typing.Any: - data = cert.public_bytes(serialization.Encoding.DER) - mem_bio = self._bytes_to_bio(data) - x509 = self._lib.d2i_X509_bio(mem_bio.bio, self._ffi.NULL) - self.openssl_assert(x509 != self._ffi.NULL) - x509 = self._ffi.gc(x509, self._lib.X509_free) - return x509 - - def _ossl2cert(self, x509: typing.Any) -> x509.Certificate: - bio = self._create_mem_bio_gc() - res = self._lib.i2d_X509_bio(bio, x509) - self.openssl_assert(res == 1) - return rust_x509.load_der_x509_certificate(self._read_mem_bio(bio)) - - def _csr2ossl(self, csr: x509.CertificateSigningRequest) -> typing.Any: - data = csr.public_bytes(serialization.Encoding.DER) - mem_bio = self._bytes_to_bio(data) - x509_req = self._lib.d2i_X509_REQ_bio(mem_bio.bio, self._ffi.NULL) - self.openssl_assert(x509_req != self._ffi.NULL) - x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free) - return x509_req - - def _ossl2csr( - self, x509_req: typing.Any - ) -> x509.CertificateSigningRequest: - bio = self._create_mem_bio_gc() - res = self._lib.i2d_X509_REQ_bio(bio, x509_req) - self.openssl_assert(res == 1) - return rust_x509.load_der_x509_csr(self._read_mem_bio(bio)) - - def _crl2ossl(self, crl: x509.CertificateRevocationList) -> typing.Any: - data = crl.public_bytes(serialization.Encoding.DER) - mem_bio = self._bytes_to_bio(data) - x509_crl = self._lib.d2i_X509_CRL_bio(mem_bio.bio, self._ffi.NULL) - self.openssl_assert(x509_crl != self._ffi.NULL) - x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free) - return x509_crl - - def _ossl2crl( - self, x509_crl: typing.Any - ) -> x509.CertificateRevocationList: - bio = self._create_mem_bio_gc() - res = self._lib.i2d_X509_CRL_bio(bio, x509_crl) - self.openssl_assert(res == 1) - return rust_x509.load_der_x509_crl(self._read_mem_bio(bio)) - - def _crl_is_signature_valid( - self, - crl: x509.CertificateRevocationList, - public_key: CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, - ) -> bool: - if not isinstance( - public_key, - ( - _DSAPublicKey, - _RSAPublicKey, - _EllipticCurvePublicKey, - ), + def elliptic_curve_supported(self, curve: ec.EllipticCurve) -> bool: + if self._fips_enabled and not isinstance( + curve, self._fips_ecdh_curves ): - raise TypeError( - "Expecting one of DSAPublicKey, RSAPublicKey," - " or EllipticCurvePublicKey." - ) - x509_crl = self._crl2ossl(crl) - res = self._lib.X509_CRL_verify(x509_crl, public_key._evp_pkey) - - if res != 1: - self._consume_errors() - return False - - return True - - def _csr_is_signature_valid( - self, csr: x509.CertificateSigningRequest - ) -> bool: - x509_req = self._csr2ossl(csr) - pkey = self._lib.X509_REQ_get_pubkey(x509_req) - self.openssl_assert(pkey != self._ffi.NULL) - pkey = self._ffi.gc(pkey, self._lib.EVP_PKEY_free) - res = self._lib.X509_REQ_verify(x509_req, pkey) - - if res != 1: - self._consume_errors() return False - return True - - def _check_keys_correspond(self, key1, key2): - if self._lib.EVP_PKEY_cmp(key1._evp_pkey, key2._evp_pkey) != 1: - raise ValueError("Keys do not correspond") - - def _load_key(self, openssl_read_func, convert_func, data, password): - mem_bio = self._bytes_to_bio(data) - - userdata = self._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") - if password is not None: - utils._check_byteslike("password", password) - password_ptr = self._ffi.from_buffer(password) - userdata.password = password_ptr - userdata.length = len(password) - - evp_pkey = openssl_read_func( - mem_bio.bio, - self._ffi.NULL, - self._ffi.addressof( - self._lib._original_lib, "Cryptography_pem_password_cb" - ), - userdata, - ) - - if evp_pkey == self._ffi.NULL: - if userdata.error != 0: - self._consume_errors() - if userdata.error == -1: - raise TypeError( - "Password was not given but private key is encrypted" - ) - else: - assert userdata.error == -2 - raise ValueError( - "Passwords longer than {} bytes are not supported " - "by this backend.".format(userdata.maxsize - 1) - ) - else: - self._handle_key_loading_error() - - # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will - # successfully load but errors are still put on the stack. Tracked - # as https://github.com/openssl/openssl/issues/14996 - self._consume_errors() - - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - if password is not None and userdata.called == 0: - raise TypeError( - "Password was given but private key is not encrypted." - ) - - assert ( - password is not None and userdata.called == 1 - ) or password is None - - return convert_func(evp_pkey) - - def _handle_key_loading_error(self) -> typing.NoReturn: - errors = self._consume_errors() - - if not errors: - raise ValueError( - "Could not deserialize key data. The data may be in an " - "incorrect format or it may be encrypted with an unsupported " - "algorithm." - ) - - elif ( - errors[0]._lib_reason_match( - self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT - ) - or errors[0]._lib_reason_match( - self._lib.ERR_LIB_PKCS12, - self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR, - ) - or ( - self._lib.Cryptography_HAS_PROVIDERS - and errors[0]._lib_reason_match( - self._lib.ERR_LIB_PROV, - self._lib.PROV_R_BAD_DECRYPT, - ) - ) - ): - raise ValueError("Bad decrypt. Incorrect password?") - - elif any( - error._lib_reason_match( - self._lib.ERR_LIB_EVP, - self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM, - ) - for error in errors - ): - raise ValueError("Unsupported public key algorithm.") - - else: - errors_with_text = binding._errors_with_text(errors) - raise ValueError( - "Could not deserialize key data. The data may be in an " - "incorrect format, it may be encrypted with an unsupported " - "algorithm, or it may be an unsupported key type (e.g. EC " - "curves with explicit parameters).", - errors_with_text, - ) - - def elliptic_curve_supported(self, curve: ec.EllipticCurve) -> bool: - try: - curve_nid = self._elliptic_curve_to_nid(curve) - except UnsupportedAlgorithm: - curve_nid = self._lib.NID_undef - - group = self._lib.EC_GROUP_new_by_curve_name(curve_nid) - - if group == self._ffi.NULL: - self._consume_errors() - return False - else: - self.openssl_assert(curve_nid != self._lib.NID_undef) - self._lib.EC_GROUP_free(group) - return True + return rust_openssl.ec.curve_supported(curve) def elliptic_curve_signature_algorithm_supported( self, @@ -1278,1372 +229,63 @@ def elliptic_curve_signature_algorithm_supported( if not isinstance(signature_algorithm, ec.ECDSA): return False - return self.elliptic_curve_supported(curve) - - def generate_elliptic_curve_private_key( - self, curve: ec.EllipticCurve - ) -> ec.EllipticCurvePrivateKey: - """ - Generate a new private key on the named curve. - """ - - if self.elliptic_curve_supported(curve): - ec_cdata = self._ec_key_new_by_curve(curve) - - res = self._lib.EC_KEY_generate_key(ec_cdata) - self.openssl_assert(res == 1) - - evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) - - return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey) - else: - raise UnsupportedAlgorithm( - "Backend object does not support {}.".format(curve.name), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE, - ) - - def load_elliptic_curve_private_numbers( - self, numbers: ec.EllipticCurvePrivateNumbers - ) -> ec.EllipticCurvePrivateKey: - public = numbers.public_numbers - - ec_cdata = self._ec_key_new_by_curve(public.curve) - - private_value = self._ffi.gc( - self._int_to_bn(numbers.private_value), self._lib.BN_clear_free + return self.elliptic_curve_supported(curve) and ( + isinstance(signature_algorithm.algorithm, asym_utils.Prehashed) + or self.hash_supported(signature_algorithm.algorithm) ) - res = self._lib.EC_KEY_set_private_key(ec_cdata, private_value) - if res != 1: - self._consume_errors() - raise ValueError("Invalid EC key.") - self._ec_key_set_public_key_affine_coordinates( - ec_cdata, public.x, public.y + def elliptic_curve_exchange_algorithm_supported( + self, algorithm: ec.ECDH, curve: ec.EllipticCurve + ) -> bool: + return self.elliptic_curve_supported(curve) and isinstance( + algorithm, ec.ECDH ) - evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) - - return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey) + def dh_supported(self) -> bool: + return not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL - def load_elliptic_curve_public_numbers( - self, numbers: ec.EllipticCurvePublicNumbers - ) -> ec.EllipticCurvePublicKey: - ec_cdata = self._ec_key_new_by_curve(numbers.curve) - self._ec_key_set_public_key_affine_coordinates( - ec_cdata, numbers.x, numbers.y - ) - evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) + def dh_x942_serialization_supported(self) -> bool: + return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1 - return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) - - def load_elliptic_curve_public_bytes( - self, curve: ec.EllipticCurve, point_bytes: bytes - ) -> ec.EllipticCurvePublicKey: - ec_cdata = self._ec_key_new_by_curve(curve) - group = self._lib.EC_KEY_get0_group(ec_cdata) - self.openssl_assert(group != self._ffi.NULL) - point = self._lib.EC_POINT_new(group) - self.openssl_assert(point != self._ffi.NULL) - point = self._ffi.gc(point, self._lib.EC_POINT_free) - with self._tmp_bn_ctx() as bn_ctx: - res = self._lib.EC_POINT_oct2point( - group, point, point_bytes, len(point_bytes), bn_ctx - ) - if res != 1: - self._consume_errors() - raise ValueError("Invalid public bytes for the given curve") - - res = self._lib.EC_KEY_set_public_key(ec_cdata, point) - self.openssl_assert(res == 1) - evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) - return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) - - def derive_elliptic_curve_private_key( - self, private_value: int, curve: ec.EllipticCurve - ) -> ec.EllipticCurvePrivateKey: - ec_cdata = self._ec_key_new_by_curve(curve) - - get_func, group = self._ec_key_determine_group_get_func(ec_cdata) - - point = self._lib.EC_POINT_new(group) - self.openssl_assert(point != self._ffi.NULL) - point = self._ffi.gc(point, self._lib.EC_POINT_free) - - value = self._int_to_bn(private_value) - value = self._ffi.gc(value, self._lib.BN_clear_free) - - with self._tmp_bn_ctx() as bn_ctx: - res = self._lib.EC_POINT_mul( - group, point, value, self._ffi.NULL, self._ffi.NULL, bn_ctx - ) - self.openssl_assert(res == 1) - - bn_x = self._lib.BN_CTX_get(bn_ctx) - bn_y = self._lib.BN_CTX_get(bn_ctx) - - res = get_func(group, point, bn_x, bn_y, bn_ctx) - if res != 1: - self._consume_errors() - raise ValueError("Unable to derive key from private_value") - - res = self._lib.EC_KEY_set_public_key(ec_cdata, point) - self.openssl_assert(res == 1) - private = self._int_to_bn(private_value) - private = self._ffi.gc(private, self._lib.BN_clear_free) - res = self._lib.EC_KEY_set_private_key(ec_cdata, private) - self.openssl_assert(res == 1) - - evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) - - return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey) - - def _ec_key_new_by_curve(self, curve: ec.EllipticCurve): - curve_nid = self._elliptic_curve_to_nid(curve) - return self._ec_key_new_by_curve_nid(curve_nid) - - def _ec_key_new_by_curve_nid(self, curve_nid: int): - ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) - self.openssl_assert(ec_cdata != self._ffi.NULL) - return self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - - def elliptic_curve_exchange_algorithm_supported( - self, algorithm: ec.ECDH, curve: ec.EllipticCurve - ) -> bool: - if self._fips_enabled and not isinstance( - curve, self._fips_ecdh_curves - ): - return False - - return self.elliptic_curve_supported(curve) and isinstance( - algorithm, ec.ECDH - ) - - def _ec_cdata_to_evp_pkey(self, ec_cdata): - evp_pkey = self._create_evp_pkey_gc() - res = self._lib.EVP_PKEY_set1_EC_KEY(evp_pkey, ec_cdata) - self.openssl_assert(res == 1) - return evp_pkey - - def _elliptic_curve_to_nid(self, curve: ec.EllipticCurve) -> int: - """ - Get the NID for a curve name. - """ - - curve_aliases = {"secp192r1": "prime192v1", "secp256r1": "prime256v1"} - - curve_name = curve_aliases.get(curve.name, curve.name) - - curve_nid = self._lib.OBJ_sn2nid(curve_name.encode()) - if curve_nid == self._lib.NID_undef: - raise UnsupportedAlgorithm( - "{} is not a supported elliptic curve".format(curve.name), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE, - ) - return curve_nid - - @contextmanager - def _tmp_bn_ctx(self): - bn_ctx = self._lib.BN_CTX_new() - self.openssl_assert(bn_ctx != self._ffi.NULL) - bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) - self._lib.BN_CTX_start(bn_ctx) - try: - yield bn_ctx - finally: - self._lib.BN_CTX_end(bn_ctx) - - def _ec_key_determine_group_get_func(self, ctx): - """ - Given an EC_KEY determine the group and what function is required to - get point coordinates. - """ - self.openssl_assert(ctx != self._ffi.NULL) - - nid_two_field = self._lib.OBJ_sn2nid(b"characteristic-two-field") - self.openssl_assert(nid_two_field != self._lib.NID_undef) - - group = self._lib.EC_KEY_get0_group(ctx) - self.openssl_assert(group != self._ffi.NULL) - - method = self._lib.EC_GROUP_method_of(group) - self.openssl_assert(method != self._ffi.NULL) - - nid = self._lib.EC_METHOD_get_field_type(method) - self.openssl_assert(nid != self._lib.NID_undef) - - if nid == nid_two_field and self._lib.Cryptography_HAS_EC2M: - get_func = self._lib.EC_POINT_get_affine_coordinates_GF2m - else: - get_func = self._lib.EC_POINT_get_affine_coordinates_GFp - - assert get_func - - return get_func, group - - def _ec_key_set_public_key_affine_coordinates(self, ctx, x: int, y: int): - """ - Sets the public key point in the EC_KEY context to the affine x and y - values. - """ - - if x < 0 or y < 0: - raise ValueError( - "Invalid EC key. Both x and y must be non-negative." - ) - - x = self._ffi.gc(self._int_to_bn(x), self._lib.BN_free) - y = self._ffi.gc(self._int_to_bn(y), self._lib.BN_free) - res = self._lib.EC_KEY_set_public_key_affine_coordinates(ctx, x, y) - if res != 1: - self._consume_errors() - raise ValueError("Invalid EC key.") - - def _private_key_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - key, - evp_pkey, - cdata, - ) -> bytes: - # validate argument types - if not isinstance(encoding, serialization.Encoding): - raise TypeError("encoding must be an item from the Encoding enum") - if not isinstance(format, serialization.PrivateFormat): - raise TypeError( - "format must be an item from the PrivateFormat enum" - ) - if not isinstance( - encryption_algorithm, serialization.KeySerializationEncryption - ): - raise TypeError( - "Encryption algorithm must be a KeySerializationEncryption " - "instance" - ) - - # validate password - if isinstance(encryption_algorithm, serialization.NoEncryption): - password = b"" - elif isinstance( - encryption_algorithm, serialization.BestAvailableEncryption - ): - password = encryption_algorithm.password - if len(password) > 1023: - raise ValueError( - "Passwords longer than 1023 bytes are not supported by " - "this backend" - ) - elif ( - isinstance( - encryption_algorithm, serialization._KeySerializationEncryption - ) - and encryption_algorithm._format - is format - is serialization.PrivateFormat.OpenSSH - ): - password = encryption_algorithm.password - else: - raise ValueError("Unsupported encryption type") - - # PKCS8 + PEM/DER - if format is serialization.PrivateFormat.PKCS8: - if encoding is serialization.Encoding.PEM: - write_bio = self._lib.PEM_write_bio_PKCS8PrivateKey - elif encoding is serialization.Encoding.DER: - write_bio = self._lib.i2d_PKCS8PrivateKey_bio - else: - raise ValueError("Unsupported encoding for PKCS8") - return self._private_key_bytes_via_bio( - write_bio, evp_pkey, password - ) - - # TraditionalOpenSSL + PEM/DER - if format is serialization.PrivateFormat.TraditionalOpenSSL: - if self._fips_enabled and not isinstance( - encryption_algorithm, serialization.NoEncryption - ): - raise ValueError( - "Encrypted traditional OpenSSL format is not " - "supported in FIPS mode." - ) - key_type = self._lib.EVP_PKEY_id(evp_pkey) - - if encoding is serialization.Encoding.PEM: - if key_type == self._lib.EVP_PKEY_RSA: - write_bio = self._lib.PEM_write_bio_RSAPrivateKey - elif key_type == self._lib.EVP_PKEY_DSA: - write_bio = self._lib.PEM_write_bio_DSAPrivateKey - elif key_type == self._lib.EVP_PKEY_EC: - write_bio = self._lib.PEM_write_bio_ECPrivateKey - else: - raise ValueError( - "Unsupported key type for TraditionalOpenSSL" - ) - return self._private_key_bytes_via_bio( - write_bio, cdata, password - ) - - if encoding is serialization.Encoding.DER: - if password: - raise ValueError( - "Encryption is not supported for DER encoded " - "traditional OpenSSL keys" - ) - if key_type == self._lib.EVP_PKEY_RSA: - write_bio = self._lib.i2d_RSAPrivateKey_bio - elif key_type == self._lib.EVP_PKEY_EC: - write_bio = self._lib.i2d_ECPrivateKey_bio - elif key_type == self._lib.EVP_PKEY_DSA: - write_bio = self._lib.i2d_DSAPrivateKey_bio - else: - raise ValueError( - "Unsupported key type for TraditionalOpenSSL" - ) - return self._bio_func_output(write_bio, cdata) - - raise ValueError("Unsupported encoding for TraditionalOpenSSL") - - # OpenSSH + PEM - if format is serialization.PrivateFormat.OpenSSH: - if encoding is serialization.Encoding.PEM: - return ssh._serialize_ssh_private_key( - key, password, encryption_algorithm - ) - - raise ValueError( - "OpenSSH private key format can only be used" - " with PEM encoding" - ) - - # Anything that key-specific code was supposed to handle earlier, - # like Raw. - raise ValueError("format is invalid with this key") - - def _private_key_bytes_via_bio(self, write_bio, evp_pkey, password): - if not password: - evp_cipher = self._ffi.NULL - else: - # This is a curated value that we will update over time. - evp_cipher = self._lib.EVP_get_cipherbyname(b"aes-256-cbc") - - return self._bio_func_output( - write_bio, - evp_pkey, - evp_cipher, - password, - len(password), - self._ffi.NULL, - self._ffi.NULL, - ) - - def _bio_func_output(self, write_bio, *args): - bio = self._create_mem_bio_gc() - res = write_bio(bio, *args) - self.openssl_assert(res == 1) - return self._read_mem_bio(bio) - - def _public_key_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - key, - evp_pkey, - cdata, - ) -> bytes: - if not isinstance(encoding, serialization.Encoding): - raise TypeError("encoding must be an item from the Encoding enum") - if not isinstance(format, serialization.PublicFormat): - raise TypeError( - "format must be an item from the PublicFormat enum" - ) - - # SubjectPublicKeyInfo + PEM/DER - if format is serialization.PublicFormat.SubjectPublicKeyInfo: - if encoding is serialization.Encoding.PEM: - write_bio = self._lib.PEM_write_bio_PUBKEY - elif encoding is serialization.Encoding.DER: - write_bio = self._lib.i2d_PUBKEY_bio - else: - raise ValueError( - "SubjectPublicKeyInfo works only with PEM or DER encoding" - ) - return self._bio_func_output(write_bio, evp_pkey) - - # PKCS1 + PEM/DER - if format is serialization.PublicFormat.PKCS1: - # Only RSA is supported here. - key_type = self._lib.EVP_PKEY_id(evp_pkey) - if key_type != self._lib.EVP_PKEY_RSA: - raise ValueError("PKCS1 format is supported only for RSA keys") - - if encoding is serialization.Encoding.PEM: - write_bio = self._lib.PEM_write_bio_RSAPublicKey - elif encoding is serialization.Encoding.DER: - write_bio = self._lib.i2d_RSAPublicKey_bio - else: - raise ValueError("PKCS1 works only with PEM or DER encoding") - return self._bio_func_output(write_bio, cdata) - - # OpenSSH + OpenSSH - if format is serialization.PublicFormat.OpenSSH: - if encoding is serialization.Encoding.OpenSSH: - return ssh.serialize_ssh_public_key(key) - - raise ValueError( - "OpenSSH format must be used with OpenSSH encoding" - ) - - # Anything that key-specific code was supposed to handle earlier, - # like Raw, CompressedPoint, UncompressedPoint - raise ValueError("format is invalid with this key") - - def dh_supported(self) -> bool: - return not self._lib.CRYPTOGRAPHY_IS_BORINGSSL - - def generate_dh_parameters( - self, generator: int, key_size: int - ) -> dh.DHParameters: - if key_size < dh._MIN_MODULUS_SIZE: - raise ValueError( - "DH key_size must be at least {} bits".format( - dh._MIN_MODULUS_SIZE - ) - ) - - if generator not in (2, 5): - raise ValueError("DH generator must be 2 or 5") - - dh_param_cdata = self._lib.DH_new() - self.openssl_assert(dh_param_cdata != self._ffi.NULL) - dh_param_cdata = self._ffi.gc(dh_param_cdata, self._lib.DH_free) - - res = self._lib.DH_generate_parameters_ex( - dh_param_cdata, key_size, generator, self._ffi.NULL - ) - self.openssl_assert(res == 1) - - return _DHParameters(self, dh_param_cdata) - - def _dh_cdata_to_evp_pkey(self, dh_cdata): - evp_pkey = self._create_evp_pkey_gc() - res = self._lib.EVP_PKEY_set1_DH(evp_pkey, dh_cdata) - self.openssl_assert(res == 1) - return evp_pkey - - def generate_dh_private_key( - self, parameters: dh.DHParameters - ) -> dh.DHPrivateKey: - dh_key_cdata = _dh_params_dup( - parameters._dh_cdata, self # type: ignore[attr-defined] - ) - - res = self._lib.DH_generate_key(dh_key_cdata) - self.openssl_assert(res == 1) - - evp_pkey = self._dh_cdata_to_evp_pkey(dh_key_cdata) - - return _DHPrivateKey(self, dh_key_cdata, evp_pkey) - - def generate_dh_private_key_and_parameters( - self, generator: int, key_size: int - ) -> dh.DHPrivateKey: - return self.generate_dh_private_key( - self.generate_dh_parameters(generator, key_size) - ) - - def load_dh_private_numbers( - self, numbers: dh.DHPrivateNumbers - ) -> dh.DHPrivateKey: - parameter_numbers = numbers.public_numbers.parameter_numbers - - dh_cdata = self._lib.DH_new() - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - - p = self._int_to_bn(parameter_numbers.p) - g = self._int_to_bn(parameter_numbers.g) - - if parameter_numbers.q is not None: - q = self._int_to_bn(parameter_numbers.q) - else: - q = self._ffi.NULL - - pub_key = self._int_to_bn(numbers.public_numbers.y) - priv_key = self._int_to_bn(numbers.x) - - res = self._lib.DH_set0_pqg(dh_cdata, p, q, g) - self.openssl_assert(res == 1) - - res = self._lib.DH_set0_key(dh_cdata, pub_key, priv_key) - self.openssl_assert(res == 1) - - codes = self._ffi.new("int[]", 1) - res = self._lib.Cryptography_DH_check(dh_cdata, codes) - self.openssl_assert(res == 1) - - # DH_check will return DH_NOT_SUITABLE_GENERATOR if p % 24 does not - # equal 11 when the generator is 2 (a quadratic nonresidue). - # We want to ignore that error because p % 24 == 23 is also fine. - # Specifically, g is then a quadratic residue. Within the context of - # Diffie-Hellman this means it can only generate half the possible - # values. That sounds bad, but quadratic nonresidues leak a bit of - # the key to the attacker in exchange for having the full key space - # available. See: https://crypto.stackexchange.com/questions/12961 - if codes[0] != 0 and not ( - parameter_numbers.g == 2 - and codes[0] ^ self._lib.DH_NOT_SUITABLE_GENERATOR == 0 - ): - raise ValueError("DH private numbers did not pass safety checks.") - - evp_pkey = self._dh_cdata_to_evp_pkey(dh_cdata) - - return _DHPrivateKey(self, dh_cdata, evp_pkey) - - def load_dh_public_numbers( - self, numbers: dh.DHPublicNumbers - ) -> dh.DHPublicKey: - dh_cdata = self._lib.DH_new() - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - - parameter_numbers = numbers.parameter_numbers - - p = self._int_to_bn(parameter_numbers.p) - g = self._int_to_bn(parameter_numbers.g) - - if parameter_numbers.q is not None: - q = self._int_to_bn(parameter_numbers.q) - else: - q = self._ffi.NULL - - pub_key = self._int_to_bn(numbers.y) - - res = self._lib.DH_set0_pqg(dh_cdata, p, q, g) - self.openssl_assert(res == 1) - - res = self._lib.DH_set0_key(dh_cdata, pub_key, self._ffi.NULL) - self.openssl_assert(res == 1) - - evp_pkey = self._dh_cdata_to_evp_pkey(dh_cdata) - - return _DHPublicKey(self, dh_cdata, evp_pkey) - - def load_dh_parameter_numbers( - self, numbers: dh.DHParameterNumbers - ) -> dh.DHParameters: - dh_cdata = self._lib.DH_new() - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - - p = self._int_to_bn(numbers.p) - g = self._int_to_bn(numbers.g) - - if numbers.q is not None: - q = self._int_to_bn(numbers.q) - else: - q = self._ffi.NULL - - res = self._lib.DH_set0_pqg(dh_cdata, p, q, g) - self.openssl_assert(res == 1) - - return _DHParameters(self, dh_cdata) - - def dh_parameters_supported( - self, p: int, g: int, q: typing.Optional[int] = None - ) -> bool: - dh_cdata = self._lib.DH_new() - self.openssl_assert(dh_cdata != self._ffi.NULL) - dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free) - - p = self._int_to_bn(p) - g = self._int_to_bn(g) - - if q is not None: - q = self._int_to_bn(q) - else: - q = self._ffi.NULL - - res = self._lib.DH_set0_pqg(dh_cdata, p, q, g) - self.openssl_assert(res == 1) - - codes = self._ffi.new("int[]", 1) - res = self._lib.Cryptography_DH_check(dh_cdata, codes) - self.openssl_assert(res == 1) - - return codes[0] == 0 - - def dh_x942_serialization_supported(self) -> bool: - return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1 - - def x25519_load_public_bytes(self, data: bytes) -> x25519.X25519PublicKey: - # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can - # switch this to EVP_PKEY_new_raw_public_key - if len(data) != 32: - raise ValueError("An X25519 public key is 32 bytes long") - - evp_pkey = self._create_evp_pkey_gc() - res = self._lib.EVP_PKEY_set_type(evp_pkey, self._lib.NID_X25519) - self.openssl_assert(res == 1) - res = self._lib.EVP_PKEY_set1_tls_encodedpoint( - evp_pkey, data, len(data) - ) - self.openssl_assert(res == 1) - return _X25519PublicKey(self, evp_pkey) - - def x25519_load_private_bytes( - self, data: bytes - ) -> x25519.X25519PrivateKey: - # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can - # switch this to EVP_PKEY_new_raw_private_key and drop the - # zeroed_bytearray garbage. - # OpenSSL only has facilities for loading PKCS8 formatted private - # keys using the algorithm identifiers specified in - # https://tools.ietf.org/html/draft-ietf-curdle-pkix-09. - # This is the standard PKCS8 prefix for a 32 byte X25519 key. - # The form is: - # 0:d=0 hl=2 l= 46 cons: SEQUENCE - # 2:d=1 hl=2 l= 1 prim: INTEGER :00 - # 5:d=1 hl=2 l= 5 cons: SEQUENCE - # 7:d=2 hl=2 l= 3 prim: OBJECT :1.3.101.110 - # 12:d=1 hl=2 l= 34 prim: OCTET STRING (the key) - # Of course there's a bit more complexity. In reality OCTET STRING - # contains an OCTET STRING of length 32! So the last two bytes here - # are \x04\x20, which is an OCTET STRING of length 32. - if len(data) != 32: - raise ValueError("An X25519 private key is 32 bytes long") - - pkcs8_prefix = b'0.\x02\x01\x000\x05\x06\x03+en\x04"\x04 ' - with self._zeroed_bytearray(48) as ba: - ba[0:16] = pkcs8_prefix - ba[16:] = data - bio = self._bytes_to_bio(ba) - evp_pkey = self._lib.d2i_PrivateKey_bio(bio.bio, self._ffi.NULL) - - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - self.openssl_assert( - self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_X25519 - ) - return _X25519PrivateKey(self, evp_pkey) - - def _evp_pkey_keygen_gc(self, nid): - evp_pkey_ctx = self._lib.EVP_PKEY_CTX_new_id(nid, self._ffi.NULL) - self.openssl_assert(evp_pkey_ctx != self._ffi.NULL) - evp_pkey_ctx = self._ffi.gc(evp_pkey_ctx, self._lib.EVP_PKEY_CTX_free) - res = self._lib.EVP_PKEY_keygen_init(evp_pkey_ctx) - self.openssl_assert(res == 1) - evp_ppkey = self._ffi.new("EVP_PKEY **") - res = self._lib.EVP_PKEY_keygen(evp_pkey_ctx, evp_ppkey) - self.openssl_assert(res == 1) - self.openssl_assert(evp_ppkey[0] != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_ppkey[0], self._lib.EVP_PKEY_free) - return evp_pkey - - def x25519_generate_key(self) -> x25519.X25519PrivateKey: - evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X25519) - return _X25519PrivateKey(self, evp_pkey) - - def x25519_supported(self) -> bool: - if self._fips_enabled: - return False - return not self._lib.CRYPTOGRAPHY_IS_LIBRESSL - - def x448_load_public_bytes(self, data: bytes) -> x448.X448PublicKey: - if len(data) != 56: - raise ValueError("An X448 public key is 56 bytes long") - - evp_pkey = self._lib.EVP_PKEY_new_raw_public_key( - self._lib.NID_X448, self._ffi.NULL, data, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - return _X448PublicKey(self, evp_pkey) - - def x448_load_private_bytes(self, data: bytes) -> x448.X448PrivateKey: - if len(data) != 56: - raise ValueError("An X448 private key is 56 bytes long") - - data_ptr = self._ffi.from_buffer(data) - evp_pkey = self._lib.EVP_PKEY_new_raw_private_key( - self._lib.NID_X448, self._ffi.NULL, data_ptr, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - return _X448PrivateKey(self, evp_pkey) - - def x448_generate_key(self) -> x448.X448PrivateKey: - evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X448) - return _X448PrivateKey(self, evp_pkey) + def x25519_supported(self) -> bool: + if self._fips_enabled: + return False + return True def x448_supported(self) -> bool: if self._fips_enabled: return False return ( - not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 - and not self._lib.CRYPTOGRAPHY_IS_BORINGSSL + not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL + and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL ) def ed25519_supported(self) -> bool: if self._fips_enabled: return False - return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B - - def ed25519_load_public_bytes( - self, data: bytes - ) -> ed25519.Ed25519PublicKey: - utils._check_bytes("data", data) - - if len(data) != ed25519._ED25519_KEY_SIZE: - raise ValueError("An Ed25519 public key is 32 bytes long") - - evp_pkey = self._lib.EVP_PKEY_new_raw_public_key( - self._lib.NID_ED25519, self._ffi.NULL, data, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - return _Ed25519PublicKey(self, evp_pkey) - - def ed25519_load_private_bytes( - self, data: bytes - ) -> ed25519.Ed25519PrivateKey: - if len(data) != ed25519._ED25519_KEY_SIZE: - raise ValueError("An Ed25519 private key is 32 bytes long") - - utils._check_byteslike("data", data) - data_ptr = self._ffi.from_buffer(data) - evp_pkey = self._lib.EVP_PKEY_new_raw_private_key( - self._lib.NID_ED25519, self._ffi.NULL, data_ptr, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - return _Ed25519PrivateKey(self, evp_pkey) - - def ed25519_generate_key(self) -> ed25519.Ed25519PrivateKey: - evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_ED25519) - return _Ed25519PrivateKey(self, evp_pkey) + return True def ed448_supported(self) -> bool: if self._fips_enabled: return False return ( - not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B - and not self._lib.CRYPTOGRAPHY_IS_BORINGSSL + not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL + and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL ) - def ed448_load_public_bytes(self, data: bytes) -> ed448.Ed448PublicKey: - utils._check_bytes("data", data) - if len(data) != _ED448_KEY_SIZE: - raise ValueError("An Ed448 public key is 57 bytes long") - - evp_pkey = self._lib.EVP_PKEY_new_raw_public_key( - self._lib.NID_ED448, self._ffi.NULL, data, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - return _Ed448PublicKey(self, evp_pkey) - - def ed448_load_private_bytes(self, data: bytes) -> ed448.Ed448PrivateKey: - utils._check_byteslike("data", data) - if len(data) != _ED448_KEY_SIZE: - raise ValueError("An Ed448 private key is 57 bytes long") - - data_ptr = self._ffi.from_buffer(data) - evp_pkey = self._lib.EVP_PKEY_new_raw_private_key( - self._lib.NID_ED448, self._ffi.NULL, data_ptr, len(data) - ) - self.openssl_assert(evp_pkey != self._ffi.NULL) - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - return _Ed448PrivateKey(self, evp_pkey) - - def ed448_generate_key(self) -> ed448.Ed448PrivateKey: - evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_ED448) - return _Ed448PrivateKey(self, evp_pkey) - - def derive_scrypt( - self, - key_material: bytes, - salt: bytes, - length: int, - n: int, - r: int, - p: int, - ) -> bytes: - buf = self._ffi.new("unsigned char[]", length) - key_material_ptr = self._ffi.from_buffer(key_material) - res = self._lib.EVP_PBE_scrypt( - key_material_ptr, - len(key_material), - salt, - len(salt), - n, - r, - p, - scrypt._MEM_LIMIT, - buf, - length, - ) - if res != 1: - errors = self._consume_errors_with_text() - # memory required formula explained here: - # https://blog.filippo.io/the-scrypt-parameters/ - min_memory = 128 * n * r // (1024**2) - raise MemoryError( - "Not enough memory to derive key. These parameters require" - " {} MB of memory.".format(min_memory), - errors, - ) - return self._ffi.buffer(buf)[:] - - def aead_cipher_supported(self, cipher) -> bool: - cipher_name = aead._aead_cipher_name(cipher) - if self._fips_enabled and cipher_name not in self._fips_aead: - return False - # SIV isn't loaded through get_cipherbyname but instead a new fetch API - # only available in 3.0+. But if we know we're on 3.0+ then we know - # it's supported. - if cipher_name.endswith(b"-siv"): - return self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER == 1 - else: - return ( - self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL - ) - - @contextlib.contextmanager - def _zeroed_bytearray(self, length: int) -> typing.Iterator[bytearray]: - """ - This method creates a bytearray, which we copy data into (hopefully - also from a mutable buffer that can be dynamically erased!), and then - zero when we're done. - """ - ba = bytearray(length) - try: - yield ba - finally: - self._zero_data(ba, length) - - def _zero_data(self, data, length: int) -> None: - # We clear things this way because at the moment we're not - # sure of a better way that can guarantee it overwrites the - # memory of a bytearray and doesn't just replace the underlying char *. - for i in range(length): - data[i] = 0 - - @contextlib.contextmanager - def _zeroed_null_terminated_buf(self, data): - """ - This method takes bytes, which can be a bytestring or a mutable - buffer like a bytearray, and yields a null-terminated version of that - data. This is required because PKCS12_parse doesn't take a length with - its password char * and ffi.from_buffer doesn't provide null - termination. So, to support zeroing the data via bytearray we - need to build this ridiculous construct that copies the memory, but - zeroes it after use. - """ - if data is None: - yield self._ffi.NULL - else: - data_len = len(data) - buf = self._ffi.new("char[]", data_len + 1) - self._ffi.memmove(buf, data, data_len) - try: - yield buf - finally: - # Cast to a uint8_t * so we can assign by integer - self._zero_data(self._ffi.cast("uint8_t *", buf), data_len) - - def load_key_and_certificates_from_pkcs12( - self, data: bytes, password: typing.Optional[bytes] - ) -> typing.Tuple[ - typing.Optional[PRIVATE_KEY_TYPES], - typing.Optional[x509.Certificate], - typing.List[x509.Certificate], - ]: - pkcs12 = self.load_pkcs12(data, password) + def ecdsa_deterministic_supported(self) -> bool: return ( - pkcs12.key, - pkcs12.cert.certificate if pkcs12.cert else None, - [cert.certificate for cert in pkcs12.additional_certs], + rust_openssl.CRYPTOGRAPHY_OPENSSL_320_OR_GREATER + and not self._fips_enabled ) - def load_pkcs12( - self, data: bytes, password: typing.Optional[bytes] - ) -> PKCS12KeyAndCertificates: - if password is not None: - utils._check_byteslike("password", password) - - bio = self._bytes_to_bio(data) - p12 = self._lib.d2i_PKCS12_bio(bio.bio, self._ffi.NULL) - if p12 == self._ffi.NULL: - self._consume_errors() - raise ValueError("Could not deserialize PKCS12 data") - - p12 = self._ffi.gc(p12, self._lib.PKCS12_free) - evp_pkey_ptr = self._ffi.new("EVP_PKEY **") - x509_ptr = self._ffi.new("X509 **") - sk_x509_ptr = self._ffi.new("Cryptography_STACK_OF_X509 **") - with self._zeroed_null_terminated_buf(password) as password_buf: - res = self._lib.PKCS12_parse( - p12, password_buf, evp_pkey_ptr, x509_ptr, sk_x509_ptr - ) - # OpenSSL 3.0.6 leaves errors on the stack even in success, so - # we consume all errors unconditionally. - # https://github.com/openssl/openssl/issues/19389 - self._consume_errors() - if res == 0: - raise ValueError("Invalid password or PKCS12 data") - - cert = None - key = None - additional_certificates = [] - - if evp_pkey_ptr[0] != self._ffi.NULL: - evp_pkey = self._ffi.gc(evp_pkey_ptr[0], self._lib.EVP_PKEY_free) - key = self._evp_pkey_to_private_key(evp_pkey) - - if x509_ptr[0] != self._ffi.NULL: - x509 = self._ffi.gc(x509_ptr[0], self._lib.X509_free) - cert_obj = self._ossl2cert(x509) - name = None - maybe_name = self._lib.X509_alias_get0(x509, self._ffi.NULL) - if maybe_name != self._ffi.NULL: - name = self._ffi.string(maybe_name) - cert = PKCS12Certificate(cert_obj, name) - - if sk_x509_ptr[0] != self._ffi.NULL: - sk_x509 = self._ffi.gc(sk_x509_ptr[0], self._lib.sk_X509_free) - num = self._lib.sk_X509_num(sk_x509_ptr[0]) - - # In OpenSSL < 3.0.0 PKCS12 parsing reverses the order of the - # certificates. - indices: typing.Iterable[int] - if ( - self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER - or self._lib.CRYPTOGRAPHY_IS_BORINGSSL - ): - indices = range(num) - else: - indices = reversed(range(num)) - - for i in indices: - x509 = self._lib.sk_X509_value(sk_x509, i) - self.openssl_assert(x509 != self._ffi.NULL) - x509 = self._ffi.gc(x509, self._lib.X509_free) - addl_cert = self._ossl2cert(x509) - addl_name = None - maybe_name = self._lib.X509_alias_get0(x509, self._ffi.NULL) - if maybe_name != self._ffi.NULL: - addl_name = self._ffi.string(maybe_name) - additional_certificates.append( - PKCS12Certificate(addl_cert, addl_name) - ) - - return PKCS12KeyAndCertificates(key, cert, additional_certificates) - - def serialize_key_and_certificates_to_pkcs12( - self, - name: typing.Optional[bytes], - key: typing.Optional[_ALLOWED_PKCS12_TYPES], - cert: typing.Optional[x509.Certificate], - cas: typing.Optional[typing.List[_PKCS12_CAS_TYPES]], - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - password = None - if name is not None: - utils._check_bytes("name", name) - - if isinstance(encryption_algorithm, serialization.NoEncryption): - nid_cert = -1 - nid_key = -1 - pkcs12_iter = 0 - mac_iter = 0 - mac_alg = self._ffi.NULL - elif isinstance( - encryption_algorithm, serialization.BestAvailableEncryption - ): - # PKCS12 encryption is hopeless trash and can never be fixed. - # OpenSSL 3 supports PBESv2, but Libre and Boring do not, so - # we use PBESv1 with 3DES on the older paths. - if self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - nid_cert = self._lib.NID_aes_256_cbc - nid_key = self._lib.NID_aes_256_cbc - else: - nid_cert = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC - nid_key = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC - # At least we can set this higher than OpenSSL's default - pkcs12_iter = 20000 - # mac_iter chosen for compatibility reasons, see: - # https://www.openssl.org/docs/man1.1.1/man3/PKCS12_create.html - # Did we mention how lousy PKCS12 encryption is? - mac_iter = 1 - # MAC algorithm can only be set on OpenSSL 3.0.0+ - mac_alg = self._ffi.NULL - password = encryption_algorithm.password - elif ( - isinstance( - encryption_algorithm, serialization._KeySerializationEncryption - ) - and encryption_algorithm._format - is serialization.PrivateFormat.PKCS12 - ): - # Default to OpenSSL's defaults. Behavior will vary based on the - # version of OpenSSL cryptography is compiled against. - nid_cert = 0 - nid_key = 0 - # Use the default iters we use in best available - pkcs12_iter = 20000 - # See the Best Available comment for why this is 1 - mac_iter = 1 - password = encryption_algorithm.password - keycertalg = encryption_algorithm._key_cert_algorithm - if keycertalg is PBES.PBESv1SHA1And3KeyTripleDESCBC: - nid_cert = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC - nid_key = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC - elif keycertalg is PBES.PBESv2SHA256AndAES256CBC: - if not self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - raise UnsupportedAlgorithm( - "PBESv2 is not supported by this version of OpenSSL" - ) - nid_cert = self._lib.NID_aes_256_cbc - nid_key = self._lib.NID_aes_256_cbc - else: - assert keycertalg is None - # We use OpenSSL's defaults - - if encryption_algorithm._hmac_hash is not None: - if not self._lib.Cryptography_HAS_PKCS12_SET_MAC: - raise UnsupportedAlgorithm( - "Setting MAC algorithm is not supported by this " - "version of OpenSSL." - ) - mac_alg = self._evp_md_non_null_from_algorithm( - encryption_algorithm._hmac_hash - ) - self.openssl_assert(mac_alg != self._ffi.NULL) - else: - mac_alg = self._ffi.NULL - - if encryption_algorithm._kdf_rounds is not None: - pkcs12_iter = encryption_algorithm._kdf_rounds - - else: - raise ValueError("Unsupported key encryption type") - - if cas is None or len(cas) == 0: - sk_x509 = self._ffi.NULL - else: - sk_x509 = self._lib.sk_X509_new_null() - sk_x509 = self._ffi.gc(sk_x509, self._lib.sk_X509_free) - - # This list is to keep the x509 values alive until end of function - ossl_cas = [] - for ca in cas: - if isinstance(ca, PKCS12Certificate): - ca_alias = ca.friendly_name - ossl_ca = self._cert2ossl(ca.certificate) - with self._zeroed_null_terminated_buf( - ca_alias - ) as ca_name_buf: - res = self._lib.X509_alias_set1( - ossl_ca, ca_name_buf, -1 - ) - self.openssl_assert(res == 1) - else: - ossl_ca = self._cert2ossl(ca) - ossl_cas.append(ossl_ca) - res = self._lib.sk_X509_push(sk_x509, ossl_ca) - backend.openssl_assert(res >= 1) - - with self._zeroed_null_terminated_buf(password) as password_buf: - with self._zeroed_null_terminated_buf(name) as name_buf: - ossl_cert = self._cert2ossl(cert) if cert else self._ffi.NULL - if key is not None: - evp_pkey = key._evp_pkey # type: ignore[union-attr] - else: - evp_pkey = self._ffi.NULL - - p12 = self._lib.PKCS12_create( - password_buf, - name_buf, - evp_pkey, - ossl_cert, - sk_x509, - nid_key, - nid_cert, - pkcs12_iter, - mac_iter, - 0, - ) - - if ( - self._lib.Cryptography_HAS_PKCS12_SET_MAC - and mac_alg != self._ffi.NULL - ): - self._lib.PKCS12_set_mac( - p12, - password_buf, - -1, - self._ffi.NULL, - 0, - mac_iter, - mac_alg, - ) - - self.openssl_assert(p12 != self._ffi.NULL) - p12 = self._ffi.gc(p12, self._lib.PKCS12_free) - - bio = self._create_mem_bio_gc() - res = self._lib.i2d_PKCS12_bio(bio, p12) - self.openssl_assert(res > 0) - return self._read_mem_bio(bio) - def poly1305_supported(self) -> bool: if self._fips_enabled: return False - return self._lib.Cryptography_HAS_POLY1305 == 1 - - def create_poly1305_ctx(self, key: bytes) -> _Poly1305Context: - utils._check_byteslike("key", key) - if len(key) != _POLY1305_KEY_SIZE: - raise ValueError("A poly1305 key is 32 bytes long") - - return _Poly1305Context(self, key) + return True def pkcs7_supported(self) -> bool: - return not self._lib.CRYPTOGRAPHY_IS_BORINGSSL - - def load_pem_pkcs7_certificates( - self, data: bytes - ) -> typing.List[x509.Certificate]: - utils._check_bytes("data", data) - bio = self._bytes_to_bio(data) - p7 = self._lib.PEM_read_bio_PKCS7( - bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL - ) - if p7 == self._ffi.NULL: - self._consume_errors() - raise ValueError("Unable to parse PKCS7 data") - - p7 = self._ffi.gc(p7, self._lib.PKCS7_free) - return self._load_pkcs7_certificates(p7) - - def load_der_pkcs7_certificates( - self, data: bytes - ) -> typing.List[x509.Certificate]: - utils._check_bytes("data", data) - bio = self._bytes_to_bio(data) - p7 = self._lib.d2i_PKCS7_bio(bio.bio, self._ffi.NULL) - if p7 == self._ffi.NULL: - self._consume_errors() - raise ValueError("Unable to parse PKCS7 data") - - p7 = self._ffi.gc(p7, self._lib.PKCS7_free) - return self._load_pkcs7_certificates(p7) - - def _load_pkcs7_certificates(self, p7): - nid = self._lib.OBJ_obj2nid(p7.type) - self.openssl_assert(nid != self._lib.NID_undef) - if nid != self._lib.NID_pkcs7_signed: - raise UnsupportedAlgorithm( - "Only basic signed structures are currently supported. NID" - " for this data was {}".format(nid), - _Reasons.UNSUPPORTED_SERIALIZATION, - ) - - sk_x509 = p7.d.sign.cert - num = self._lib.sk_X509_num(sk_x509) - certs = [] - for i in range(num): - x509 = self._lib.sk_X509_value(sk_x509, i) - self.openssl_assert(x509 != self._ffi.NULL) - res = self._lib.X509_up_ref(x509) - # When OpenSSL is less than 1.1.0 up_ref returns the current - # refcount. On 1.1.0+ it returns 1 for success. - self.openssl_assert(res >= 1) - x509 = self._ffi.gc(x509, self._lib.X509_free) - cert = self._ossl2cert(x509) - certs.append(cert) - - return certs - - def pkcs7_serialize_certificates( - self, - certs: typing.List[x509.Certificate], - encoding: serialization.Encoding, - ): - certs = list(certs) - if not certs or not all( - isinstance(cert, x509.Certificate) for cert in certs - ): - raise TypeError("certs must be a list of certs with length >= 1") - - if encoding not in ( - serialization.Encoding.PEM, - serialization.Encoding.DER, - ): - raise TypeError("encoding must DER or PEM from the Encoding enum") - - certs_sk = self._lib.sk_X509_new_null() - certs_sk = self._ffi.gc(certs_sk, self._lib.sk_X509_free) - # This list is to keep the x509 values alive until end of function - ossl_certs = [] - for cert in certs: - ossl_cert = self._cert2ossl(cert) - ossl_certs.append(ossl_cert) - res = self._lib.sk_X509_push(certs_sk, ossl_cert) - self.openssl_assert(res >= 1) - # We use PKCS7_sign here because it creates the PKCS7 and PKCS7_SIGNED - # structures for us rather than requiring manual assignment. - p7 = self._lib.PKCS7_sign( - self._ffi.NULL, - self._ffi.NULL, - certs_sk, - self._ffi.NULL, - self._lib.PKCS7_PARTIAL, - ) - bio_out = self._create_mem_bio_gc() - if encoding is serialization.Encoding.PEM: - res = self._lib.PEM_write_bio_PKCS7_stream( - bio_out, p7, self._ffi.NULL, 0 - ) - else: - assert encoding is serialization.Encoding.DER - res = self._lib.i2d_PKCS7_bio(bio_out, p7) - - self.openssl_assert(res == 1) - return self._read_mem_bio(bio_out) - - def pkcs7_sign( - self, - builder: pkcs7.PKCS7SignatureBuilder, - encoding: serialization.Encoding, - options: typing.List[pkcs7.PKCS7Options], - ) -> bytes: - assert builder._data is not None - bio = self._bytes_to_bio(builder._data) - init_flags = self._lib.PKCS7_PARTIAL - final_flags = 0 - - if len(builder._additional_certs) == 0: - certs = self._ffi.NULL - else: - certs = self._lib.sk_X509_new_null() - certs = self._ffi.gc(certs, self._lib.sk_X509_free) - # This list is to keep the x509 values alive until end of function - ossl_certs = [] - for cert in builder._additional_certs: - ossl_cert = self._cert2ossl(cert) - ossl_certs.append(ossl_cert) - res = self._lib.sk_X509_push(certs, ossl_cert) - self.openssl_assert(res >= 1) - - if pkcs7.PKCS7Options.DetachedSignature in options: - # Don't embed the data in the PKCS7 structure - init_flags |= self._lib.PKCS7_DETACHED - final_flags |= self._lib.PKCS7_DETACHED - - # This just inits a structure for us. However, there - # are flags we need to set, joy. - p7 = self._lib.PKCS7_sign( - self._ffi.NULL, - self._ffi.NULL, - certs, - self._ffi.NULL, - init_flags, - ) - self.openssl_assert(p7 != self._ffi.NULL) - p7 = self._ffi.gc(p7, self._lib.PKCS7_free) - signer_flags = 0 - # These flags are configurable on a per-signature basis - # but we've deliberately chosen to make the API only allow - # setting it across all signatures for now. - if pkcs7.PKCS7Options.NoCapabilities in options: - signer_flags |= self._lib.PKCS7_NOSMIMECAP - elif pkcs7.PKCS7Options.NoAttributes in options: - signer_flags |= self._lib.PKCS7_NOATTR - - if pkcs7.PKCS7Options.NoCerts in options: - signer_flags |= self._lib.PKCS7_NOCERTS - - for certificate, private_key, hash_algorithm in builder._signers: - ossl_cert = self._cert2ossl(certificate) - md = self._evp_md_non_null_from_algorithm(hash_algorithm) - p7signerinfo = self._lib.PKCS7_sign_add_signer( - p7, - ossl_cert, - private_key._evp_pkey, # type: ignore[union-attr] - md, - signer_flags, - ) - self.openssl_assert(p7signerinfo != self._ffi.NULL) - - for option in options: - # DetachedSignature, NoCapabilities, and NoAttributes are already - # handled so we just need to check these last two options. - if option is pkcs7.PKCS7Options.Text: - final_flags |= self._lib.PKCS7_TEXT - elif option is pkcs7.PKCS7Options.Binary: - final_flags |= self._lib.PKCS7_BINARY - - bio_out = self._create_mem_bio_gc() - if encoding is serialization.Encoding.SMIME: - # This finalizes the structure - res = self._lib.SMIME_write_PKCS7( - bio_out, p7, bio.bio, final_flags - ) - elif encoding is serialization.Encoding.PEM: - res = self._lib.PKCS7_final(p7, bio.bio, final_flags) - self.openssl_assert(res == 1) - res = self._lib.PEM_write_bio_PKCS7_stream( - bio_out, p7, bio.bio, final_flags - ) - else: - assert encoding is serialization.Encoding.DER - # We need to call finalize here becauase i2d_PKCS7_bio does not - # finalize. - res = self._lib.PKCS7_final(p7, bio.bio, final_flags) - self.openssl_assert(res == 1) - # OpenSSL 3.0 leaves a random bio error on the stack: - # https://github.com/openssl/openssl/issues/16681 - if self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - self._consume_errors() - res = self._lib.i2d_PKCS7_bio(bio_out, p7) - self.openssl_assert(res == 1) - return self._read_mem_bio(bio_out) - - -class GetCipherByName: - def __init__(self, fmt: str): - self._fmt = fmt - - def __call__(self, backend: Backend, cipher: CipherAlgorithm, mode: Mode): - cipher_name = self._fmt.format(cipher=cipher, mode=mode).lower() - evp_cipher = backend._lib.EVP_get_cipherbyname( - cipher_name.encode("ascii") - ) - - # try EVP_CIPHER_fetch if present - if ( - evp_cipher == backend._ffi.NULL - and backend._lib.Cryptography_HAS_300_EVP_CIPHER - ): - evp_cipher = backend._lib.EVP_CIPHER_fetch( - backend._ffi.NULL, - cipher_name.encode("ascii"), - backend._ffi.NULL, - ) - - backend._consume_errors() - return evp_cipher - - -def _get_xts_cipher(backend: Backend, cipher: AES, mode): - cipher_name = "aes-{}-xts".format(cipher.key_size // 2) - return backend._lib.EVP_get_cipherbyname(cipher_name.encode("ascii")) + return not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL backend = Backend() diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py deleted file mode 100644 index 1058de9..0000000 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ /dev/null @@ -1,282 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import ciphers -from cryptography.hazmat.primitives.ciphers import algorithms, modes - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _CipherContext: - _ENCRYPT = 1 - _DECRYPT = 0 - _MAX_CHUNK_SIZE = 2**30 - 1 - - def __init__( - self, backend: "Backend", cipher, mode, operation: int - ) -> None: - self._backend = backend - self._cipher = cipher - self._mode = mode - self._operation = operation - self._tag: typing.Optional[bytes] = None - - if isinstance(self._cipher, ciphers.BlockCipherAlgorithm): - self._block_size_bytes = self._cipher.block_size // 8 - else: - self._block_size_bytes = 1 - - ctx = self._backend._lib.EVP_CIPHER_CTX_new() - ctx = self._backend._ffi.gc( - ctx, self._backend._lib.EVP_CIPHER_CTX_free - ) - - registry = self._backend._cipher_registry - try: - adapter = registry[type(cipher), type(mode)] - except KeyError: - raise UnsupportedAlgorithm( - "cipher {} in {} mode is not supported " - "by this backend.".format( - cipher.name, mode.name if mode else mode - ), - _Reasons.UNSUPPORTED_CIPHER, - ) - - evp_cipher = adapter(self._backend, cipher, mode) - if evp_cipher == self._backend._ffi.NULL: - msg = "cipher {0.name} ".format(cipher) - if mode is not None: - msg += "in {0.name} mode ".format(mode) - msg += ( - "is not supported by this backend (Your version of OpenSSL " - "may be too old. Current version: {}.)" - ).format(self._backend.openssl_version_text()) - raise UnsupportedAlgorithm(msg, _Reasons.UNSUPPORTED_CIPHER) - - if isinstance(mode, modes.ModeWithInitializationVector): - iv_nonce = self._backend._ffi.from_buffer( - mode.initialization_vector - ) - elif isinstance(mode, modes.ModeWithTweak): - iv_nonce = self._backend._ffi.from_buffer(mode.tweak) - elif isinstance(mode, modes.ModeWithNonce): - iv_nonce = self._backend._ffi.from_buffer(mode.nonce) - elif isinstance(cipher, algorithms.ChaCha20): - iv_nonce = self._backend._ffi.from_buffer(cipher.nonce) - else: - iv_nonce = self._backend._ffi.NULL - # begin init with cipher and operation type - res = self._backend._lib.EVP_CipherInit_ex( - ctx, - evp_cipher, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - operation, - ) - self._backend.openssl_assert(res != 0) - # set the key length to handle variable key ciphers - res = self._backend._lib.EVP_CIPHER_CTX_set_key_length( - ctx, len(cipher.key) - ) - self._backend.openssl_assert(res != 0) - if isinstance(mode, modes.GCM): - res = self._backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, - self._backend._lib.EVP_CTRL_AEAD_SET_IVLEN, - len(iv_nonce), - self._backend._ffi.NULL, - ) - self._backend.openssl_assert(res != 0) - if mode.tag is not None: - res = self._backend._lib.EVP_CIPHER_CTX_ctrl( - ctx, - self._backend._lib.EVP_CTRL_AEAD_SET_TAG, - len(mode.tag), - mode.tag, - ) - self._backend.openssl_assert(res != 0) - self._tag = mode.tag - - # pass key/iv - res = self._backend._lib.EVP_CipherInit_ex( - ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.from_buffer(cipher.key), - iv_nonce, - operation, - ) - - # Check for XTS mode duplicate keys error - errors = self._backend._consume_errors() - lib = self._backend._lib - if res == 0 and ( - ( - lib.CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER - and errors[0]._lib_reason_match( - lib.ERR_LIB_EVP, lib.EVP_R_XTS_DUPLICATED_KEYS - ) - ) - or ( - lib.Cryptography_HAS_PROVIDERS - and errors[0]._lib_reason_match( - lib.ERR_LIB_PROV, lib.PROV_R_XTS_DUPLICATED_KEYS - ) - ) - ): - raise ValueError("In XTS mode duplicated keys are not allowed") - - self._backend.openssl_assert(res != 0, errors=errors) - - # We purposely disable padding here as it's handled higher up in the - # API. - self._backend._lib.EVP_CIPHER_CTX_set_padding(ctx, 0) - self._ctx = ctx - - def update(self, data: bytes) -> bytes: - buf = bytearray(len(data) + self._block_size_bytes - 1) - n = self.update_into(data, buf) - return bytes(buf[:n]) - - def update_into(self, data: bytes, buf: bytes) -> int: - total_data_len = len(data) - if len(buf) < (total_data_len + self._block_size_bytes - 1): - raise ValueError( - "buffer must be at least {} bytes for this " - "payload".format(len(data) + self._block_size_bytes - 1) - ) - - data_processed = 0 - total_out = 0 - outlen = self._backend._ffi.new("int *") - baseoutbuf = self._backend._ffi.from_buffer(buf) - baseinbuf = self._backend._ffi.from_buffer(data) - - while data_processed != total_data_len: - outbuf = baseoutbuf + total_out - inbuf = baseinbuf + data_processed - inlen = min(self._MAX_CHUNK_SIZE, total_data_len - data_processed) - - res = self._backend._lib.EVP_CipherUpdate( - self._ctx, outbuf, outlen, inbuf, inlen - ) - if res == 0 and isinstance(self._mode, modes.XTS): - self._backend._consume_errors() - raise ValueError( - "In XTS mode you must supply at least a full block in the " - "first update call. For AES this is 16 bytes." - ) - else: - self._backend.openssl_assert(res != 0) - data_processed += inlen - total_out += outlen[0] - - return total_out - - def finalize(self) -> bytes: - if ( - self._operation == self._DECRYPT - and isinstance(self._mode, modes.ModeWithAuthenticationTag) - and self.tag is None - ): - raise ValueError( - "Authentication tag must be provided when decrypting." - ) - - buf = self._backend._ffi.new("unsigned char[]", self._block_size_bytes) - outlen = self._backend._ffi.new("int *") - res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) - if res == 0: - errors = self._backend._consume_errors() - - if not errors and isinstance(self._mode, modes.GCM): - raise InvalidTag - - lib = self._backend._lib - self._backend.openssl_assert( - errors[0]._lib_reason_match( - lib.ERR_LIB_EVP, - lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, - ) - or ( - lib.Cryptography_HAS_PROVIDERS - and errors[0]._lib_reason_match( - lib.ERR_LIB_PROV, - lib.PROV_R_WRONG_FINAL_BLOCK_LENGTH, - ) - ) - or ( - lib.CRYPTOGRAPHY_IS_BORINGSSL - and errors[0].reason - == lib.CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH - ), - errors=errors, - ) - raise ValueError( - "The length of the provided data is not a multiple of " - "the block length." - ) - - if ( - isinstance(self._mode, modes.GCM) - and self._operation == self._ENCRYPT - ): - tag_buf = self._backend._ffi.new( - "unsigned char[]", self._block_size_bytes - ) - res = self._backend._lib.EVP_CIPHER_CTX_ctrl( - self._ctx, - self._backend._lib.EVP_CTRL_AEAD_GET_TAG, - self._block_size_bytes, - tag_buf, - ) - self._backend.openssl_assert(res != 0) - self._tag = self._backend._ffi.buffer(tag_buf)[:] - - res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx) - self._backend.openssl_assert(res == 1) - return self._backend._ffi.buffer(buf)[: outlen[0]] - - def finalize_with_tag(self, tag: bytes) -> bytes: - tag_len = len(tag) - if tag_len < self._mode._min_tag_length: - raise ValueError( - "Authentication tag must be {} bytes or longer.".format( - self._mode._min_tag_length - ) - ) - elif tag_len > self._block_size_bytes: - raise ValueError( - "Authentication tag cannot be more than {} bytes.".format( - self._block_size_bytes - ) - ) - res = self._backend._lib.EVP_CIPHER_CTX_ctrl( - self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG, len(tag), tag - ) - self._backend.openssl_assert(res != 0) - self._tag = tag - return self.finalize() - - def authenticate_additional_data(self, data: bytes) -> None: - outlen = self._backend._ffi.new("int *") - res = self._backend._lib.EVP_CipherUpdate( - self._ctx, - self._backend._ffi.NULL, - outlen, - self._backend._ffi.from_buffer(data), - len(data), - ) - self._backend.openssl_assert(res != 0) - - @property - def tag(self) -> typing.Optional[bytes]: - return self._tag diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py deleted file mode 100644 index 35f50c5..0000000 --- a/src/cryptography/hazmat/backends/openssl/cmac.py +++ /dev/null @@ -1,87 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import ( - InvalidSignature, - UnsupportedAlgorithm, - _Reasons, -) -from cryptography.hazmat.primitives import constant_time -from cryptography.hazmat.primitives.ciphers.modes import CBC - -if typing.TYPE_CHECKING: - from cryptography.hazmat.primitives import ciphers - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _CMACContext: - def __init__( - self, - backend: "Backend", - algorithm: "ciphers.BlockCipherAlgorithm", - ctx=None, - ) -> None: - if not backend.cmac_algorithm_supported(algorithm): - raise UnsupportedAlgorithm( - "This backend does not support CMAC.", - _Reasons.UNSUPPORTED_CIPHER, - ) - - self._backend = backend - self._key = algorithm.key - self._algorithm = algorithm - self._output_length = algorithm.block_size // 8 - - if ctx is None: - registry = self._backend._cipher_registry - adapter = registry[type(algorithm), CBC] - - evp_cipher = adapter(self._backend, algorithm, CBC) - - ctx = self._backend._lib.CMAC_CTX_new() - - self._backend.openssl_assert(ctx != self._backend._ffi.NULL) - ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free) - - key_ptr = self._backend._ffi.from_buffer(self._key) - res = self._backend._lib.CMAC_Init( - ctx, - key_ptr, - len(self._key), - evp_cipher, - self._backend._ffi.NULL, - ) - self._backend.openssl_assert(res == 1) - - self._ctx = ctx - - def update(self, data: bytes) -> None: - res = self._backend._lib.CMAC_Update(self._ctx, data, len(data)) - self._backend.openssl_assert(res == 1) - - def finalize(self) -> bytes: - buf = self._backend._ffi.new("unsigned char[]", self._output_length) - length = self._backend._ffi.new("size_t *", self._output_length) - res = self._backend._lib.CMAC_Final(self._ctx, buf, length) - self._backend.openssl_assert(res == 1) - - self._ctx = None - - return self._backend._ffi.buffer(buf)[:] - - def copy(self) -> "_CMACContext": - copied_ctx = self._backend._lib.CMAC_CTX_new() - copied_ctx = self._backend._ffi.gc( - copied_ctx, self._backend._lib.CMAC_CTX_free - ) - res = self._backend._lib.CMAC_CTX_copy(copied_ctx, self._ctx) - self._backend.openssl_assert(res == 1) - return _CMACContext(self._backend, self._algorithm, ctx=copied_ctx) - - def verify(self, signature: bytes) -> None: - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py deleted file mode 100644 index df91d6d..0000000 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ /dev/null @@ -1,31 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -from cryptography import x509 - -# CRLReason ::= ENUMERATED { -# unspecified (0), -# keyCompromise (1), -# cACompromise (2), -# affiliationChanged (3), -# superseded (4), -# cessationOfOperation (5), -# certificateHold (6), -# -- value 7 is not used -# removeFromCRL (8), -# privilegeWithdrawn (9), -# aACompromise (10) } -_CRL_ENTRY_REASON_ENUM_TO_CODE = { - x509.ReasonFlags.unspecified: 0, - x509.ReasonFlags.key_compromise: 1, - x509.ReasonFlags.ca_compromise: 2, - x509.ReasonFlags.affiliation_changed: 3, - x509.ReasonFlags.superseded: 4, - x509.ReasonFlags.cessation_of_operation: 5, - x509.ReasonFlags.certificate_hold: 6, - x509.ReasonFlags.remove_from_crl: 8, - x509.ReasonFlags.privilege_withdrawn: 9, - x509.ReasonFlags.aa_compromise: 10, -} diff --git a/src/cryptography/hazmat/backends/openssl/dh.py b/src/cryptography/hazmat/backends/openssl/dh.py deleted file mode 100644 index 70364a3..0000000 --- a/src/cryptography/hazmat/backends/openssl/dh.py +++ /dev/null @@ -1,318 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric import dh - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -def _dh_params_dup(dh_cdata, backend: "Backend"): - lib = backend._lib - ffi = backend._ffi - - param_cdata = lib.DHparams_dup(dh_cdata) - backend.openssl_assert(param_cdata != ffi.NULL) - param_cdata = ffi.gc(param_cdata, lib.DH_free) - if lib.CRYPTOGRAPHY_IS_LIBRESSL: - # In libressl DHparams_dup don't copy q - q = ffi.new("BIGNUM **") - lib.DH_get0_pqg(dh_cdata, ffi.NULL, q, ffi.NULL) - q_dup = lib.BN_dup(q[0]) - res = lib.DH_set0_pqg(param_cdata, ffi.NULL, q_dup, ffi.NULL) - backend.openssl_assert(res == 1) - - return param_cdata - - -def _dh_cdata_to_parameters(dh_cdata, backend: "Backend") -> "_DHParameters": - param_cdata = _dh_params_dup(dh_cdata, backend) - return _DHParameters(backend, param_cdata) - - -class _DHParameters(dh.DHParameters): - def __init__(self, backend: "Backend", dh_cdata): - self._backend = backend - self._dh_cdata = dh_cdata - - def parameter_numbers(self) -> dh.DHParameterNumbers: - p = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - q_val: typing.Optional[int] - if q[0] == self._backend._ffi.NULL: - q_val = None - else: - q_val = self._backend._bn_to_int(q[0]) - return dh.DHParameterNumbers( - p=self._backend._bn_to_int(p[0]), - g=self._backend._bn_to_int(g[0]), - q=q_val, - ) - - def generate_private_key(self) -> dh.DHPrivateKey: - return self._backend.generate_dh_private_key(self) - - def parameter_bytes( - self, - encoding: serialization.Encoding, - format: serialization.ParameterFormat, - ) -> bytes: - if encoding is serialization.Encoding.OpenSSH: - raise TypeError("OpenSSH encoding is not supported") - - if format is not serialization.ParameterFormat.PKCS3: - raise ValueError("Only PKCS3 serialization is supported") - - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg( - self._dh_cdata, self._backend._ffi.NULL, q, self._backend._ffi.NULL - ) - if ( - q[0] != self._backend._ffi.NULL - and not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX - ): - raise UnsupportedAlgorithm( - "DH X9.42 serialization is not supported", - _Reasons.UNSUPPORTED_SERIALIZATION, - ) - - if encoding is serialization.Encoding.PEM: - if q[0] != self._backend._ffi.NULL: - write_bio = self._backend._lib.PEM_write_bio_DHxparams - else: - write_bio = self._backend._lib.PEM_write_bio_DHparams - elif encoding is serialization.Encoding.DER: - if q[0] != self._backend._ffi.NULL: - write_bio = self._backend._lib.Cryptography_i2d_DHxparams_bio - else: - write_bio = self._backend._lib.i2d_DHparams_bio - else: - raise TypeError("encoding must be an item from the Encoding enum") - - bio = self._backend._create_mem_bio_gc() - res = write_bio(bio, self._dh_cdata) - self._backend.openssl_assert(res == 1) - return self._backend._read_mem_bio(bio) - - -def _get_dh_num_bits(backend, dh_cdata) -> int: - p = backend._ffi.new("BIGNUM **") - backend._lib.DH_get0_pqg(dh_cdata, p, backend._ffi.NULL, backend._ffi.NULL) - backend.openssl_assert(p[0] != backend._ffi.NULL) - return backend._lib.BN_num_bits(p[0]) - - -class _DHPrivateKey(dh.DHPrivateKey): - def __init__(self, backend: "Backend", dh_cdata, evp_pkey): - self._backend = backend - self._dh_cdata = dh_cdata - self._evp_pkey = evp_pkey - self._key_size_bytes = self._backend._lib.DH_size(dh_cdata) - - @property - def key_size(self) -> int: - return _get_dh_num_bits(self._backend, self._dh_cdata) - - def private_numbers(self) -> dh.DHPrivateNumbers: - p = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - if q[0] == self._backend._ffi.NULL: - q_val = None - else: - q_val = self._backend._bn_to_int(q[0]) - pub_key = self._backend._ffi.new("BIGNUM **") - priv_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_key(self._dh_cdata, pub_key, priv_key) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(priv_key[0] != self._backend._ffi.NULL) - return dh.DHPrivateNumbers( - public_numbers=dh.DHPublicNumbers( - parameter_numbers=dh.DHParameterNumbers( - p=self._backend._bn_to_int(p[0]), - g=self._backend._bn_to_int(g[0]), - q=q_val, - ), - y=self._backend._bn_to_int(pub_key[0]), - ), - x=self._backend._bn_to_int(priv_key[0]), - ) - - def exchange(self, peer_public_key: dh.DHPublicKey) -> bytes: - if not isinstance(peer_public_key, _DHPublicKey): - raise TypeError("peer_public_key must be a DHPublicKey") - - ctx = self._backend._lib.EVP_PKEY_CTX_new( - self._evp_pkey, self._backend._ffi.NULL - ) - self._backend.openssl_assert(ctx != self._backend._ffi.NULL) - ctx = self._backend._ffi.gc(ctx, self._backend._lib.EVP_PKEY_CTX_free) - res = self._backend._lib.EVP_PKEY_derive_init(ctx) - self._backend.openssl_assert(res == 1) - res = self._backend._lib.EVP_PKEY_derive_set_peer( - ctx, peer_public_key._evp_pkey - ) - # Invalid kex errors here in OpenSSL 3.0 because checks were moved - # to EVP_PKEY_derive_set_peer - self._exchange_assert(res == 1) - keylen = self._backend._ffi.new("size_t *") - res = self._backend._lib.EVP_PKEY_derive( - ctx, self._backend._ffi.NULL, keylen - ) - # Invalid kex errors here in OpenSSL < 3 - self._exchange_assert(res == 1) - self._backend.openssl_assert(keylen[0] > 0) - buf = self._backend._ffi.new("unsigned char[]", keylen[0]) - res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen) - self._backend.openssl_assert(res == 1) - - key = self._backend._ffi.buffer(buf, keylen[0])[:] - pad = self._key_size_bytes - len(key) - - if pad > 0: - key = (b"\x00" * pad) + key - - return key - - def _exchange_assert(self, ok: bool) -> None: - if not ok: - errors_with_text = self._backend._consume_errors_with_text() - raise ValueError( - "Error computing shared key.", - errors_with_text, - ) - - def public_key(self) -> dh.DHPublicKey: - dh_cdata = _dh_params_dup(self._dh_cdata, self._backend) - pub_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_key( - self._dh_cdata, pub_key, self._backend._ffi.NULL - ) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - pub_key_dup = self._backend._lib.BN_dup(pub_key[0]) - self._backend.openssl_assert(pub_key_dup != self._backend._ffi.NULL) - - res = self._backend._lib.DH_set0_key( - dh_cdata, pub_key_dup, self._backend._ffi.NULL - ) - self._backend.openssl_assert(res == 1) - evp_pkey = self._backend._dh_cdata_to_evp_pkey(dh_cdata) - return _DHPublicKey(self._backend, dh_cdata, evp_pkey) - - def parameters(self) -> dh.DHParameters: - return _dh_cdata_to_parameters(self._dh_cdata, self._backend) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - if format is not serialization.PrivateFormat.PKCS8: - raise ValueError( - "DH private keys support only PKCS8 serialization" - ) - if not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX: - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg( - self._dh_cdata, - self._backend._ffi.NULL, - q, - self._backend._ffi.NULL, - ) - if q[0] != self._backend._ffi.NULL: - raise UnsupportedAlgorithm( - "DH X9.42 serialization is not supported", - _Reasons.UNSUPPORTED_SERIALIZATION, - ) - - return self._backend._private_key_bytes( - encoding, - format, - encryption_algorithm, - self, - self._evp_pkey, - self._dh_cdata, - ) - - -class _DHPublicKey(dh.DHPublicKey): - def __init__(self, backend: "Backend", dh_cdata, evp_pkey): - self._backend = backend - self._dh_cdata = dh_cdata - self._evp_pkey = evp_pkey - self._key_size_bits = _get_dh_num_bits(self._backend, self._dh_cdata) - - @property - def key_size(self) -> int: - return self._key_size_bits - - def public_numbers(self) -> dh.DHPublicNumbers: - p = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - if q[0] == self._backend._ffi.NULL: - q_val = None - else: - q_val = self._backend._bn_to_int(q[0]) - pub_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_key( - self._dh_cdata, pub_key, self._backend._ffi.NULL - ) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - return dh.DHPublicNumbers( - parameter_numbers=dh.DHParameterNumbers( - p=self._backend._bn_to_int(p[0]), - g=self._backend._bn_to_int(g[0]), - q=q_val, - ), - y=self._backend._bn_to_int(pub_key[0]), - ) - - def parameters(self) -> dh.DHParameters: - return _dh_cdata_to_parameters(self._dh_cdata, self._backend) - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if format is not serialization.PublicFormat.SubjectPublicKeyInfo: - raise ValueError( - "DH public keys support only " - "SubjectPublicKeyInfo serialization" - ) - - if not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX: - q = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DH_get0_pqg( - self._dh_cdata, - self._backend._ffi.NULL, - q, - self._backend._ffi.NULL, - ) - if q[0] != self._backend._ffi.NULL: - raise UnsupportedAlgorithm( - "DH X9.42 serialization is not supported", - _Reasons.UNSUPPORTED_SERIALIZATION, - ) - - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py deleted file mode 100644 index 8634b72..0000000 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ /dev/null @@ -1,239 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import typing - -from cryptography.exceptions import InvalidSignature -from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, -) -from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ( - dsa, - utils as asym_utils, -) - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -def _dsa_sig_sign( - backend: "Backend", private_key: "_DSAPrivateKey", data: bytes -) -> bytes: - sig_buf_len = backend._lib.DSA_size(private_key._dsa_cdata) - sig_buf = backend._ffi.new("unsigned char[]", sig_buf_len) - buflen = backend._ffi.new("unsigned int *") - - # The first parameter passed to DSA_sign is unused by OpenSSL but - # must be an integer. - res = backend._lib.DSA_sign( - 0, data, len(data), sig_buf, buflen, private_key._dsa_cdata - ) - backend.openssl_assert(res == 1) - backend.openssl_assert(buflen[0]) - - return backend._ffi.buffer(sig_buf)[: buflen[0]] - - -def _dsa_sig_verify( - backend: "Backend", - public_key: "_DSAPublicKey", - signature: bytes, - data: bytes, -) -> None: - # The first parameter passed to DSA_verify is unused by OpenSSL but - # must be an integer. - res = backend._lib.DSA_verify( - 0, data, len(data), signature, len(signature), public_key._dsa_cdata - ) - - if res != 1: - backend._consume_errors() - raise InvalidSignature - - -class _DSAParameters(dsa.DSAParameters): - def __init__(self, backend: "Backend", dsa_cdata): - self._backend = backend - self._dsa_cdata = dsa_cdata - - def parameter_numbers(self) -> dsa.DSAParameterNumbers: - p = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(q[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - return dsa.DSAParameterNumbers( - p=self._backend._bn_to_int(p[0]), - q=self._backend._bn_to_int(q[0]), - g=self._backend._bn_to_int(g[0]), - ) - - def generate_private_key(self) -> dsa.DSAPrivateKey: - return self._backend.generate_dsa_private_key(self) - - -class _DSAPrivateKey(dsa.DSAPrivateKey): - _key_size: int - - def __init__(self, backend: "Backend", dsa_cdata, evp_pkey): - self._backend = backend - self._dsa_cdata = dsa_cdata - self._evp_pkey = evp_pkey - - p = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_pqg( - dsa_cdata, p, self._backend._ffi.NULL, self._backend._ffi.NULL - ) - self._backend.openssl_assert(p[0] != backend._ffi.NULL) - self._key_size = self._backend._lib.BN_num_bits(p[0]) - - @property - def key_size(self) -> int: - return self._key_size - - def private_numbers(self) -> dsa.DSAPrivateNumbers: - p = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - pub_key = self._backend._ffi.new("BIGNUM **") - priv_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(q[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - self._backend._lib.DSA_get0_key(self._dsa_cdata, pub_key, priv_key) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(priv_key[0] != self._backend._ffi.NULL) - return dsa.DSAPrivateNumbers( - public_numbers=dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=self._backend._bn_to_int(p[0]), - q=self._backend._bn_to_int(q[0]), - g=self._backend._bn_to_int(g[0]), - ), - y=self._backend._bn_to_int(pub_key[0]), - ), - x=self._backend._bn_to_int(priv_key[0]), - ) - - def public_key(self) -> dsa.DSAPublicKey: - dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata) - self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL) - dsa_cdata = self._backend._ffi.gc( - dsa_cdata, self._backend._lib.DSA_free - ) - pub_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_key( - self._dsa_cdata, pub_key, self._backend._ffi.NULL - ) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - pub_key_dup = self._backend._lib.BN_dup(pub_key[0]) - res = self._backend._lib.DSA_set0_key( - dsa_cdata, pub_key_dup, self._backend._ffi.NULL - ) - self._backend.openssl_assert(res == 1) - evp_pkey = self._backend._dsa_cdata_to_evp_pkey(dsa_cdata) - return _DSAPublicKey(self._backend, dsa_cdata, evp_pkey) - - def parameters(self) -> dsa.DSAParameters: - dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata) - self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL) - dsa_cdata = self._backend._ffi.gc( - dsa_cdata, self._backend._lib.DSA_free - ) - return _DSAParameters(self._backend, dsa_cdata) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - return self._backend._private_key_bytes( - encoding, - format, - encryption_algorithm, - self, - self._evp_pkey, - self._dsa_cdata, - ) - - def sign( - self, - data: bytes, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], - ) -> bytes: - data, _ = _calculate_digest_and_algorithm(data, algorithm) - return _dsa_sig_sign(self._backend, self, data) - - -class _DSAPublicKey(dsa.DSAPublicKey): - _key_size: int - - def __init__(self, backend: "Backend", dsa_cdata, evp_pkey): - self._backend = backend - self._dsa_cdata = dsa_cdata - self._evp_pkey = evp_pkey - p = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_pqg( - dsa_cdata, p, self._backend._ffi.NULL, self._backend._ffi.NULL - ) - self._backend.openssl_assert(p[0] != backend._ffi.NULL) - self._key_size = self._backend._lib.BN_num_bits(p[0]) - - @property - def key_size(self) -> int: - return self._key_size - - def public_numbers(self) -> dsa.DSAPublicNumbers: - p = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - g = self._backend._ffi.new("BIGNUM **") - pub_key = self._backend._ffi.new("BIGNUM **") - self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(q[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) - self._backend._lib.DSA_get0_key( - self._dsa_cdata, pub_key, self._backend._ffi.NULL - ) - self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) - return dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=self._backend._bn_to_int(p[0]), - q=self._backend._bn_to_int(q[0]), - g=self._backend._bn_to_int(g[0]), - ), - y=self._backend._bn_to_int(pub_key[0]), - ) - - def parameters(self) -> dsa.DSAParameters: - dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata) - dsa_cdata = self._backend._ffi.gc( - dsa_cdata, self._backend._lib.DSA_free - ) - return _DSAParameters(self._backend, dsa_cdata) - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def verify( - self, - signature: bytes, - data: bytes, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], - ) -> None: - data, _ = _calculate_digest_and_algorithm(data, algorithm) - return _dsa_sig_verify(self._backend, self, signature, data) diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py deleted file mode 100644 index 9bc6dd3..0000000 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ /dev/null @@ -1,315 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import ( - InvalidSignature, - UnsupportedAlgorithm, - _Reasons, -) -from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, - _evp_pkey_derive, -) -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric import ec - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -def _check_signature_algorithm( - signature_algorithm: ec.EllipticCurveSignatureAlgorithm, -) -> None: - if not isinstance(signature_algorithm, ec.ECDSA): - raise UnsupportedAlgorithm( - "Unsupported elliptic curve signature algorithm.", - _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, - ) - - -def _ec_key_curve_sn(backend: "Backend", ec_key) -> str: - group = backend._lib.EC_KEY_get0_group(ec_key) - backend.openssl_assert(group != backend._ffi.NULL) - - nid = backend._lib.EC_GROUP_get_curve_name(group) - # The following check is to find EC keys with unnamed curves and raise - # an error for now. - if nid == backend._lib.NID_undef: - raise ValueError( - "ECDSA keys with explicit parameters are unsupported at this time" - ) - - # This is like the above check, but it also catches the case where you - # explicitly encoded a curve with the same parameters as a named curve. - # Don't do that. - if ( - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - and backend._lib.EC_GROUP_get_asn1_flag(group) == 0 - ): - raise ValueError( - "ECDSA keys with explicit parameters are unsupported at this time" - ) - - curve_name = backend._lib.OBJ_nid2sn(nid) - backend.openssl_assert(curve_name != backend._ffi.NULL) - - sn = backend._ffi.string(curve_name).decode("ascii") - return sn - - -def _mark_asn1_named_ec_curve(backend: "Backend", ec_cdata): - """ - Set the named curve flag on the EC_KEY. This causes OpenSSL to - serialize EC keys along with their curve OID which makes - deserialization easier. - """ - - backend._lib.EC_KEY_set_asn1_flag( - ec_cdata, backend._lib.OPENSSL_EC_NAMED_CURVE - ) - - -def _check_key_infinity(backend: "Backend", ec_cdata) -> None: - point = backend._lib.EC_KEY_get0_public_key(ec_cdata) - backend.openssl_assert(point != backend._ffi.NULL) - group = backend._lib.EC_KEY_get0_group(ec_cdata) - backend.openssl_assert(group != backend._ffi.NULL) - if backend._lib.EC_POINT_is_at_infinity(group, point): - raise ValueError( - "Cannot load an EC public key where the point is at infinity" - ) - - -def _sn_to_elliptic_curve(backend: "Backend", sn: str) -> ec.EllipticCurve: - try: - return ec._CURVE_TYPES[sn]() - except KeyError: - raise UnsupportedAlgorithm( - "{} is not a supported elliptic curve".format(sn), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE, - ) - - -def _ecdsa_sig_sign( - backend: "Backend", private_key: "_EllipticCurvePrivateKey", data: bytes -) -> bytes: - max_size = backend._lib.ECDSA_size(private_key._ec_key) - backend.openssl_assert(max_size > 0) - - sigbuf = backend._ffi.new("unsigned char[]", max_size) - siglen_ptr = backend._ffi.new("unsigned int[]", 1) - res = backend._lib.ECDSA_sign( - 0, data, len(data), sigbuf, siglen_ptr, private_key._ec_key - ) - backend.openssl_assert(res == 1) - return backend._ffi.buffer(sigbuf)[: siglen_ptr[0]] - - -def _ecdsa_sig_verify( - backend: "Backend", - public_key: "_EllipticCurvePublicKey", - signature: bytes, - data: bytes, -) -> None: - res = backend._lib.ECDSA_verify( - 0, data, len(data), signature, len(signature), public_key._ec_key - ) - if res != 1: - backend._consume_errors() - raise InvalidSignature - - -class _EllipticCurvePrivateKey(ec.EllipticCurvePrivateKey): - def __init__(self, backend: "Backend", ec_key_cdata, evp_pkey): - self._backend = backend - self._ec_key = ec_key_cdata - self._evp_pkey = evp_pkey - - sn = _ec_key_curve_sn(backend, ec_key_cdata) - self._curve = _sn_to_elliptic_curve(backend, sn) - _mark_asn1_named_ec_curve(backend, ec_key_cdata) - _check_key_infinity(backend, ec_key_cdata) - - @property - def curve(self) -> ec.EllipticCurve: - return self._curve - - @property - def key_size(self) -> int: - return self.curve.key_size - - def exchange( - self, algorithm: ec.ECDH, peer_public_key: ec.EllipticCurvePublicKey - ) -> bytes: - if not ( - self._backend.elliptic_curve_exchange_algorithm_supported( - algorithm, self.curve - ) - ): - raise UnsupportedAlgorithm( - "This backend does not support the ECDH algorithm.", - _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, - ) - - if peer_public_key.curve.name != self.curve.name: - raise ValueError( - "peer_public_key and self are not on the same curve" - ) - - return _evp_pkey_derive(self._backend, self._evp_pkey, peer_public_key) - - def public_key(self) -> ec.EllipticCurvePublicKey: - group = self._backend._lib.EC_KEY_get0_group(self._ec_key) - self._backend.openssl_assert(group != self._backend._ffi.NULL) - - curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group) - public_ec_key = self._backend._ec_key_new_by_curve_nid(curve_nid) - - point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key) - self._backend.openssl_assert(point != self._backend._ffi.NULL) - - res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point) - self._backend.openssl_assert(res == 1) - - evp_pkey = self._backend._ec_cdata_to_evp_pkey(public_ec_key) - - return _EllipticCurvePublicKey(self._backend, public_ec_key, evp_pkey) - - def private_numbers(self) -> ec.EllipticCurvePrivateNumbers: - bn = self._backend._lib.EC_KEY_get0_private_key(self._ec_key) - private_value = self._backend._bn_to_int(bn) - return ec.EllipticCurvePrivateNumbers( - private_value=private_value, - public_numbers=self.public_key().public_numbers(), - ) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - return self._backend._private_key_bytes( - encoding, - format, - encryption_algorithm, - self, - self._evp_pkey, - self._ec_key, - ) - - def sign( - self, - data: bytes, - signature_algorithm: ec.EllipticCurveSignatureAlgorithm, - ) -> bytes: - _check_signature_algorithm(signature_algorithm) - data, _ = _calculate_digest_and_algorithm( - data, - signature_algorithm.algorithm, - ) - return _ecdsa_sig_sign(self._backend, self, data) - - -class _EllipticCurvePublicKey(ec.EllipticCurvePublicKey): - def __init__(self, backend: "Backend", ec_key_cdata, evp_pkey): - self._backend = backend - self._ec_key = ec_key_cdata - self._evp_pkey = evp_pkey - - sn = _ec_key_curve_sn(backend, ec_key_cdata) - self._curve = _sn_to_elliptic_curve(backend, sn) - _mark_asn1_named_ec_curve(backend, ec_key_cdata) - _check_key_infinity(backend, ec_key_cdata) - - @property - def curve(self) -> ec.EllipticCurve: - return self._curve - - @property - def key_size(self) -> int: - return self.curve.key_size - - def public_numbers(self) -> ec.EllipticCurvePublicNumbers: - get_func, group = self._backend._ec_key_determine_group_get_func( - self._ec_key - ) - point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key) - self._backend.openssl_assert(point != self._backend._ffi.NULL) - - with self._backend._tmp_bn_ctx() as bn_ctx: - bn_x = self._backend._lib.BN_CTX_get(bn_ctx) - bn_y = self._backend._lib.BN_CTX_get(bn_ctx) - - res = get_func(group, point, bn_x, bn_y, bn_ctx) - self._backend.openssl_assert(res == 1) - - x = self._backend._bn_to_int(bn_x) - y = self._backend._bn_to_int(bn_y) - - return ec.EllipticCurvePublicNumbers(x=x, y=y, curve=self._curve) - - def _encode_point(self, format: serialization.PublicFormat) -> bytes: - if format is serialization.PublicFormat.CompressedPoint: - conversion = self._backend._lib.POINT_CONVERSION_COMPRESSED - else: - assert format is serialization.PublicFormat.UncompressedPoint - conversion = self._backend._lib.POINT_CONVERSION_UNCOMPRESSED - - group = self._backend._lib.EC_KEY_get0_group(self._ec_key) - self._backend.openssl_assert(group != self._backend._ffi.NULL) - point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key) - self._backend.openssl_assert(point != self._backend._ffi.NULL) - with self._backend._tmp_bn_ctx() as bn_ctx: - buflen = self._backend._lib.EC_POINT_point2oct( - group, point, conversion, self._backend._ffi.NULL, 0, bn_ctx - ) - self._backend.openssl_assert(buflen > 0) - buf = self._backend._ffi.new("char[]", buflen) - res = self._backend._lib.EC_POINT_point2oct( - group, point, conversion, buf, buflen, bn_ctx - ) - self._backend.openssl_assert(buflen == res) - - return self._backend._ffi.buffer(buf)[:] - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if ( - encoding is serialization.Encoding.X962 - or format is serialization.PublicFormat.CompressedPoint - or format is serialization.PublicFormat.UncompressedPoint - ): - if encoding is not serialization.Encoding.X962 or format not in ( - serialization.PublicFormat.CompressedPoint, - serialization.PublicFormat.UncompressedPoint, - ): - raise ValueError( - "X962 encoding must be used with CompressedPoint or " - "UncompressedPoint format" - ) - - return self._encode_point(format) - else: - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def verify( - self, - signature: bytes, - data: bytes, - signature_algorithm: ec.EllipticCurveSignatureAlgorithm, - ) -> None: - _check_signature_algorithm(signature_algorithm) - data, _ = _calculate_digest_and_algorithm( - data, - signature_algorithm.algorithm, - ) - _ecdsa_sig_verify(self._backend, self, signature, data) diff --git a/src/cryptography/hazmat/backends/openssl/ed25519.py b/src/cryptography/hazmat/backends/openssl/ed25519.py deleted file mode 100644 index 5cfdffb..0000000 --- a/src/cryptography/hazmat/backends/openssl/ed25519.py +++ /dev/null @@ -1,155 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography import exceptions -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric.ed25519 import ( - Ed25519PrivateKey, - Ed25519PublicKey, - _ED25519_KEY_SIZE, - _ED25519_SIG_SIZE, -) - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _Ed25519PublicKey(Ed25519PublicKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - encoding is not serialization.Encoding.Raw - or format is not serialization.PublicFormat.Raw - ): - raise ValueError( - "When using Raw both encoding and format must be Raw" - ) - - return self._raw_public_bytes() - - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def _raw_public_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE) - return self._backend._ffi.buffer(buf, _ED25519_KEY_SIZE)[:] - - def verify(self, signature: bytes, data: bytes) -> None: - evp_md_ctx = self._backend._lib.EVP_MD_CTX_new() - self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL) - evp_md_ctx = self._backend._ffi.gc( - evp_md_ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_DigestVerifyInit( - evp_md_ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._evp_pkey, - ) - self._backend.openssl_assert(res == 1) - res = self._backend._lib.EVP_DigestVerify( - evp_md_ctx, signature, len(signature), data, len(data) - ) - if res != 1: - self._backend._consume_errors() - raise exceptions.InvalidSignature - - -class _Ed25519PrivateKey(Ed25519PrivateKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_key(self) -> Ed25519PublicKey: - buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE) - public_bytes = self._backend._ffi.buffer(buf)[:] - return self._backend.ed25519_load_public_bytes(public_bytes) - - def sign(self, data: bytes) -> bytes: - evp_md_ctx = self._backend._lib.EVP_MD_CTX_new() - self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL) - evp_md_ctx = self._backend._ffi.gc( - evp_md_ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_DigestSignInit( - evp_md_ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._evp_pkey, - ) - self._backend.openssl_assert(res == 1) - buf = self._backend._ffi.new("unsigned char[]", _ED25519_SIG_SIZE) - buflen = self._backend._ffi.new("size_t *", len(buf)) - res = self._backend._lib.EVP_DigestSign( - evp_md_ctx, buf, buflen, data, len(data) - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED25519_SIG_SIZE) - return self._backend._ffi.buffer(buf, buflen[0])[:] - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - format is not serialization.PrivateFormat.Raw - or encoding is not serialization.Encoding.Raw - or not isinstance( - encryption_algorithm, serialization.NoEncryption - ) - ): - raise ValueError( - "When using Raw both encoding and format must be Raw " - "and encryption_algorithm must be NoEncryption()" - ) - - return self._raw_private_bytes() - - return self._backend._private_key_bytes( - encoding, format, encryption_algorithm, self, self._evp_pkey, None - ) - - def _raw_private_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_private_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE) - return self._backend._ffi.buffer(buf, _ED25519_KEY_SIZE)[:] diff --git a/src/cryptography/hazmat/backends/openssl/ed448.py b/src/cryptography/hazmat/backends/openssl/ed448.py deleted file mode 100644 index dad93c6..0000000 --- a/src/cryptography/hazmat/backends/openssl/ed448.py +++ /dev/null @@ -1,156 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography import exceptions -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric.ed448 import ( - Ed448PrivateKey, - Ed448PublicKey, -) - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - -_ED448_KEY_SIZE = 57 -_ED448_SIG_SIZE = 114 - - -class _Ed448PublicKey(Ed448PublicKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - encoding is not serialization.Encoding.Raw - or format is not serialization.PublicFormat.Raw - ): - raise ValueError( - "When using Raw both encoding and format must be Raw" - ) - - return self._raw_public_bytes() - - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def _raw_public_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE) - return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:] - - def verify(self, signature: bytes, data: bytes) -> None: - evp_md_ctx = self._backend._lib.EVP_MD_CTX_new() - self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL) - evp_md_ctx = self._backend._ffi.gc( - evp_md_ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_DigestVerifyInit( - evp_md_ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._evp_pkey, - ) - self._backend.openssl_assert(res == 1) - res = self._backend._lib.EVP_DigestVerify( - evp_md_ctx, signature, len(signature), data, len(data) - ) - if res != 1: - self._backend._consume_errors() - raise exceptions.InvalidSignature - - -class _Ed448PrivateKey(Ed448PrivateKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_key(self) -> Ed448PublicKey: - buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE) - public_bytes = self._backend._ffi.buffer(buf)[:] - return self._backend.ed448_load_public_bytes(public_bytes) - - def sign(self, data: bytes) -> bytes: - evp_md_ctx = self._backend._lib.EVP_MD_CTX_new() - self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL) - evp_md_ctx = self._backend._ffi.gc( - evp_md_ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_DigestSignInit( - evp_md_ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._evp_pkey, - ) - self._backend.openssl_assert(res == 1) - buf = self._backend._ffi.new("unsigned char[]", _ED448_SIG_SIZE) - buflen = self._backend._ffi.new("size_t *", len(buf)) - res = self._backend._lib.EVP_DigestSign( - evp_md_ctx, buf, buflen, data, len(data) - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED448_SIG_SIZE) - return self._backend._ffi.buffer(buf, buflen[0])[:] - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - format is not serialization.PrivateFormat.Raw - or encoding is not serialization.Encoding.Raw - or not isinstance( - encryption_algorithm, serialization.NoEncryption - ) - ): - raise ValueError( - "When using Raw both encoding and format must be Raw " - "and encryption_algorithm must be NoEncryption()" - ) - - return self._raw_private_bytes() - - return self._backend._private_key_bytes( - encoding, format, encryption_algorithm, self, self._evp_pkey, None - ) - - def _raw_private_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_private_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE) - return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:] diff --git a/src/cryptography/hazmat/backends/openssl/hashes.py b/src/cryptography/hazmat/backends/openssl/hashes.py deleted file mode 100644 index 278b381..0000000 --- a/src/cryptography/hazmat/backends/openssl/hashes.py +++ /dev/null @@ -1,87 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import hashes - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _HashContext(hashes.HashContext): - def __init__( - self, backend: "Backend", algorithm: hashes.HashAlgorithm, ctx=None - ) -> None: - self._algorithm = algorithm - - self._backend = backend - - if ctx is None: - ctx = self._backend._lib.EVP_MD_CTX_new() - ctx = self._backend._ffi.gc( - ctx, self._backend._lib.EVP_MD_CTX_free - ) - evp_md = self._backend._evp_md_from_algorithm(algorithm) - if evp_md == self._backend._ffi.NULL: - raise UnsupportedAlgorithm( - "{} is not a supported hash on this backend.".format( - algorithm.name - ), - _Reasons.UNSUPPORTED_HASH, - ) - res = self._backend._lib.EVP_DigestInit_ex( - ctx, evp_md, self._backend._ffi.NULL - ) - self._backend.openssl_assert(res != 0) - - self._ctx = ctx - - @property - def algorithm(self) -> hashes.HashAlgorithm: - return self._algorithm - - def copy(self) -> "_HashContext": - copied_ctx = self._backend._lib.EVP_MD_CTX_new() - copied_ctx = self._backend._ffi.gc( - copied_ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_MD_CTX_copy_ex(copied_ctx, self._ctx) - self._backend.openssl_assert(res != 0) - return _HashContext(self._backend, self.algorithm, ctx=copied_ctx) - - def update(self, data: bytes) -> None: - data_ptr = self._backend._ffi.from_buffer(data) - res = self._backend._lib.EVP_DigestUpdate( - self._ctx, data_ptr, len(data) - ) - self._backend.openssl_assert(res != 0) - - def finalize(self) -> bytes: - if isinstance(self.algorithm, hashes.ExtendableOutputFunction): - # extendable output functions use a different finalize - return self._finalize_xof() - else: - buf = self._backend._ffi.new( - "unsigned char[]", self._backend._lib.EVP_MAX_MD_SIZE - ) - outlen = self._backend._ffi.new("unsigned int *") - res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen) - self._backend.openssl_assert(res != 0) - self._backend.openssl_assert( - outlen[0] == self.algorithm.digest_size - ) - return self._backend._ffi.buffer(buf)[: outlen[0]] - - def _finalize_xof(self) -> bytes: - buf = self._backend._ffi.new( - "unsigned char[]", self.algorithm.digest_size - ) - res = self._backend._lib.EVP_DigestFinalXOF( - self._ctx, buf, self.algorithm.digest_size - ) - self._backend.openssl_assert(res != 0) - return self._backend._ffi.buffer(buf)[: self.algorithm.digest_size] diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py deleted file mode 100644 index 5fd5407..0000000 --- a/src/cryptography/hazmat/backends/openssl/hmac.py +++ /dev/null @@ -1,85 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import ( - InvalidSignature, - UnsupportedAlgorithm, - _Reasons, -) -from cryptography.hazmat.primitives import constant_time, hashes - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _HMACContext(hashes.HashContext): - def __init__( - self, - backend: "Backend", - key: bytes, - algorithm: hashes.HashAlgorithm, - ctx=None, - ): - self._algorithm = algorithm - self._backend = backend - - if ctx is None: - ctx = self._backend._lib.HMAC_CTX_new() - self._backend.openssl_assert(ctx != self._backend._ffi.NULL) - ctx = self._backend._ffi.gc(ctx, self._backend._lib.HMAC_CTX_free) - evp_md = self._backend._evp_md_from_algorithm(algorithm) - if evp_md == self._backend._ffi.NULL: - raise UnsupportedAlgorithm( - "{} is not a supported hash on this backend".format( - algorithm.name - ), - _Reasons.UNSUPPORTED_HASH, - ) - key_ptr = self._backend._ffi.from_buffer(key) - res = self._backend._lib.HMAC_Init_ex( - ctx, key_ptr, len(key), evp_md, self._backend._ffi.NULL - ) - self._backend.openssl_assert(res != 0) - - self._ctx = ctx - self._key = key - - @property - def algorithm(self) -> hashes.HashAlgorithm: - return self._algorithm - - def copy(self) -> "_HMACContext": - copied_ctx = self._backend._lib.HMAC_CTX_new() - self._backend.openssl_assert(copied_ctx != self._backend._ffi.NULL) - copied_ctx = self._backend._ffi.gc( - copied_ctx, self._backend._lib.HMAC_CTX_free - ) - res = self._backend._lib.HMAC_CTX_copy(copied_ctx, self._ctx) - self._backend.openssl_assert(res != 0) - return _HMACContext( - self._backend, self._key, self.algorithm, ctx=copied_ctx - ) - - def update(self, data: bytes) -> None: - data_ptr = self._backend._ffi.from_buffer(data) - res = self._backend._lib.HMAC_Update(self._ctx, data_ptr, len(data)) - self._backend.openssl_assert(res != 0) - - def finalize(self) -> bytes: - buf = self._backend._ffi.new( - "unsigned char[]", self._backend._lib.EVP_MAX_MD_SIZE - ) - outlen = self._backend._ffi.new("unsigned int *") - res = self._backend._lib.HMAC_Final(self._ctx, buf, outlen) - self._backend.openssl_assert(res != 0) - self._backend.openssl_assert(outlen[0] == self.algorithm.digest_size) - return self._backend._ffi.buffer(buf)[: outlen[0]] - - def verify(self, signature: bytes) -> None: - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") diff --git a/src/cryptography/hazmat/backends/openssl/poly1305.py b/src/cryptography/hazmat/backends/openssl/poly1305.py deleted file mode 100644 index dd6d376..0000000 --- a/src/cryptography/hazmat/backends/openssl/poly1305.py +++ /dev/null @@ -1,68 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.exceptions import InvalidSignature -from cryptography.hazmat.primitives import constant_time - - -_POLY1305_TAG_SIZE = 16 -_POLY1305_KEY_SIZE = 32 - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -class _Poly1305Context: - def __init__(self, backend: "Backend", key: bytes) -> None: - self._backend = backend - - key_ptr = self._backend._ffi.from_buffer(key) - # This function copies the key into OpenSSL-owned memory so we don't - # need to retain it ourselves - evp_pkey = self._backend._lib.EVP_PKEY_new_raw_private_key( - self._backend._lib.NID_poly1305, - self._backend._ffi.NULL, - key_ptr, - len(key), - ) - self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL) - self._evp_pkey = self._backend._ffi.gc( - evp_pkey, self._backend._lib.EVP_PKEY_free - ) - ctx = self._backend._lib.EVP_MD_CTX_new() - self._backend.openssl_assert(ctx != self._backend._ffi.NULL) - self._ctx = self._backend._ffi.gc( - ctx, self._backend._lib.EVP_MD_CTX_free - ) - res = self._backend._lib.EVP_DigestSignInit( - self._ctx, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - self._evp_pkey, - ) - self._backend.openssl_assert(res == 1) - - def update(self, data: bytes) -> None: - data_ptr = self._backend._ffi.from_buffer(data) - res = self._backend._lib.EVP_DigestSignUpdate( - self._ctx, data_ptr, len(data) - ) - self._backend.openssl_assert(res != 0) - - def finalize(self) -> bytes: - buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE) - outlen = self._backend._ffi.new("size_t *", _POLY1305_TAG_SIZE) - res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen) - self._backend.openssl_assert(res != 0) - self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE) - return self._backend._ffi.buffer(buf)[: outlen[0]] - - def verify(self, tag: bytes) -> None: - mac = self.finalize() - if not constant_time.bytes_eq(mac, tag): - raise InvalidSignature("Value did not match computed tag.") diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py deleted file mode 100644 index 31cff16..0000000 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ /dev/null @@ -1,586 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import threading -import typing - -from cryptography.exceptions import ( - InvalidSignature, - UnsupportedAlgorithm, - _Reasons, -) -from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, -) -from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ( - utils as asym_utils, -) -from cryptography.hazmat.primitives.asymmetric.padding import ( - AsymmetricPadding, - MGF1, - OAEP, - PKCS1v15, - PSS, - _Auto, - _DigestLength, - _MaxLength, - calculate_max_pss_salt_length, -) -from cryptography.hazmat.primitives.asymmetric.rsa import ( - RSAPrivateKey, - RSAPrivateNumbers, - RSAPublicKey, - RSAPublicNumbers, -) - - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -def _get_rsa_pss_salt_length( - backend: "Backend", - pss: PSS, - key: typing.Union[RSAPrivateKey, RSAPublicKey], - hash_algorithm: hashes.HashAlgorithm, -) -> int: - salt = pss._salt_length - - if isinstance(salt, _MaxLength): - return calculate_max_pss_salt_length(key, hash_algorithm) - elif isinstance(salt, _DigestLength): - return hash_algorithm.digest_size - elif isinstance(salt, _Auto): - if isinstance(key, RSAPrivateKey): - raise ValueError( - "PSS salt length can only be set to AUTO when verifying" - ) - return backend._lib.RSA_PSS_SALTLEN_AUTO - else: - return salt - - -def _enc_dec_rsa( - backend: "Backend", - key: typing.Union["_RSAPrivateKey", "_RSAPublicKey"], - data: bytes, - padding: AsymmetricPadding, -) -> bytes: - if not isinstance(padding, AsymmetricPadding): - raise TypeError("Padding must be an instance of AsymmetricPadding.") - - if isinstance(padding, PKCS1v15): - padding_enum = backend._lib.RSA_PKCS1_PADDING - elif isinstance(padding, OAEP): - padding_enum = backend._lib.RSA_PKCS1_OAEP_PADDING - - if not isinstance(padding._mgf, MGF1): - raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend.", - _Reasons.UNSUPPORTED_MGF, - ) - - if not backend.rsa_padding_supported(padding): - raise UnsupportedAlgorithm( - "This combination of padding and hash algorithm is not " - "supported by this backend.", - _Reasons.UNSUPPORTED_PADDING, - ) - - else: - raise UnsupportedAlgorithm( - "{} is not supported by this backend.".format(padding.name), - _Reasons.UNSUPPORTED_PADDING, - ) - - return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding) - - -def _enc_dec_rsa_pkey_ctx( - backend: "Backend", - key: typing.Union["_RSAPrivateKey", "_RSAPublicKey"], - data: bytes, - padding_enum: int, - padding: AsymmetricPadding, -) -> bytes: - init: typing.Callable[[typing.Any], int] - crypt: typing.Callable[[typing.Any, typing.Any, int, bytes, int], int] - if isinstance(key, _RSAPublicKey): - init = backend._lib.EVP_PKEY_encrypt_init - crypt = backend._lib.EVP_PKEY_encrypt - else: - init = backend._lib.EVP_PKEY_decrypt_init - crypt = backend._lib.EVP_PKEY_decrypt - - pkey_ctx = backend._lib.EVP_PKEY_CTX_new(key._evp_pkey, backend._ffi.NULL) - backend.openssl_assert(pkey_ctx != backend._ffi.NULL) - pkey_ctx = backend._ffi.gc(pkey_ctx, backend._lib.EVP_PKEY_CTX_free) - res = init(pkey_ctx) - backend.openssl_assert(res == 1) - res = backend._lib.EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding_enum) - backend.openssl_assert(res > 0) - buf_size = backend._lib.EVP_PKEY_size(key._evp_pkey) - backend.openssl_assert(buf_size > 0) - if isinstance(padding, OAEP): - mgf1_md = backend._evp_md_non_null_from_algorithm( - padding._mgf._algorithm - ) - res = backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1_md) - backend.openssl_assert(res > 0) - oaep_md = backend._evp_md_non_null_from_algorithm(padding._algorithm) - res = backend._lib.EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, oaep_md) - backend.openssl_assert(res > 0) - - if ( - isinstance(padding, OAEP) - and padding._label is not None - and len(padding._label) > 0 - ): - # set0_rsa_oaep_label takes ownership of the char * so we need to - # copy it into some new memory - labelptr = backend._lib.OPENSSL_malloc(len(padding._label)) - backend.openssl_assert(labelptr != backend._ffi.NULL) - backend._ffi.memmove(labelptr, padding._label, len(padding._label)) - res = backend._lib.EVP_PKEY_CTX_set0_rsa_oaep_label( - pkey_ctx, labelptr, len(padding._label) - ) - backend.openssl_assert(res == 1) - - outlen = backend._ffi.new("size_t *", buf_size) - buf = backend._ffi.new("unsigned char[]", buf_size) - # Everything from this line onwards is written with the goal of being as - # constant-time as is practical given the constraints of Python and our - # API. See Bleichenbacher's '98 attack on RSA, and its many many variants. - # As such, you should not attempt to change this (particularly to "clean it - # up") without understanding why it was written this way (see - # Chesterton's Fence), and without measuring to verify you have not - # introduced observable time differences. - res = crypt(pkey_ctx, buf, outlen, data, len(data)) - resbuf = backend._ffi.buffer(buf)[: outlen[0]] - backend._lib.ERR_clear_error() - if res <= 0: - raise ValueError("Encryption/decryption failed.") - return resbuf - - -def _rsa_sig_determine_padding( - backend: "Backend", - key: typing.Union["_RSAPrivateKey", "_RSAPublicKey"], - padding: AsymmetricPadding, - algorithm: typing.Optional[hashes.HashAlgorithm], -) -> int: - if not isinstance(padding, AsymmetricPadding): - raise TypeError("Expected provider of AsymmetricPadding.") - - pkey_size = backend._lib.EVP_PKEY_size(key._evp_pkey) - backend.openssl_assert(pkey_size > 0) - - if isinstance(padding, PKCS1v15): - # Hash algorithm is ignored for PKCS1v15-padding, may be None. - padding_enum = backend._lib.RSA_PKCS1_PADDING - elif isinstance(padding, PSS): - if not isinstance(padding._mgf, MGF1): - raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend.", - _Reasons.UNSUPPORTED_MGF, - ) - - # PSS padding requires a hash algorithm - if not isinstance(algorithm, hashes.HashAlgorithm): - raise TypeError("Expected instance of hashes.HashAlgorithm.") - - # Size of key in bytes - 2 is the maximum - # PSS signature length (salt length is checked later) - if pkey_size - algorithm.digest_size - 2 < 0: - raise ValueError( - "Digest too large for key size. Use a larger " - "key or different digest." - ) - - padding_enum = backend._lib.RSA_PKCS1_PSS_PADDING - else: - raise UnsupportedAlgorithm( - "{} is not supported by this backend.".format(padding.name), - _Reasons.UNSUPPORTED_PADDING, - ) - - return padding_enum - - -# Hash algorithm can be absent (None) to initialize the context without setting -# any message digest algorithm. This is currently only valid for the PKCS1v15 -# padding type, where it means that the signature data is encoded/decoded -# as provided, without being wrapped in a DigestInfo structure. -def _rsa_sig_setup( - backend: "Backend", - padding: AsymmetricPadding, - algorithm: typing.Optional[hashes.HashAlgorithm], - key: typing.Union["_RSAPublicKey", "_RSAPrivateKey"], - init_func: typing.Callable[[typing.Any], int], -): - padding_enum = _rsa_sig_determine_padding(backend, key, padding, algorithm) - pkey_ctx = backend._lib.EVP_PKEY_CTX_new(key._evp_pkey, backend._ffi.NULL) - backend.openssl_assert(pkey_ctx != backend._ffi.NULL) - pkey_ctx = backend._ffi.gc(pkey_ctx, backend._lib.EVP_PKEY_CTX_free) - res = init_func(pkey_ctx) - if res != 1: - errors = backend._consume_errors() - raise ValueError("Unable to sign/verify with this key", errors) - - if algorithm is not None: - evp_md = backend._evp_md_non_null_from_algorithm(algorithm) - res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md) - if res <= 0: - backend._consume_errors() - raise UnsupportedAlgorithm( - "{} is not supported by this backend for RSA signing.".format( - algorithm.name - ), - _Reasons.UNSUPPORTED_HASH, - ) - res = backend._lib.EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding_enum) - if res <= 0: - backend._consume_errors() - raise UnsupportedAlgorithm( - "{} is not supported for the RSA signature operation.".format( - padding.name - ), - _Reasons.UNSUPPORTED_PADDING, - ) - if isinstance(padding, PSS): - assert isinstance(algorithm, hashes.HashAlgorithm) - res = backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( - pkey_ctx, - _get_rsa_pss_salt_length(backend, padding, key, algorithm), - ) - backend.openssl_assert(res > 0) - - mgf1_md = backend._evp_md_non_null_from_algorithm( - padding._mgf._algorithm - ) - res = backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1_md) - backend.openssl_assert(res > 0) - - return pkey_ctx - - -def _rsa_sig_sign( - backend: "Backend", - padding: AsymmetricPadding, - algorithm: hashes.HashAlgorithm, - private_key: "_RSAPrivateKey", - data: bytes, -) -> bytes: - pkey_ctx = _rsa_sig_setup( - backend, - padding, - algorithm, - private_key, - backend._lib.EVP_PKEY_sign_init, - ) - buflen = backend._ffi.new("size_t *") - res = backend._lib.EVP_PKEY_sign( - pkey_ctx, backend._ffi.NULL, buflen, data, len(data) - ) - backend.openssl_assert(res == 1) - buf = backend._ffi.new("unsigned char[]", buflen[0]) - res = backend._lib.EVP_PKEY_sign(pkey_ctx, buf, buflen, data, len(data)) - if res != 1: - errors = backend._consume_errors_with_text() - raise ValueError( - "Digest or salt length too long for key size. Use a larger key " - "or shorter salt length if you are specifying a PSS salt", - errors, - ) - - return backend._ffi.buffer(buf)[:] - - -def _rsa_sig_verify( - backend: "Backend", - padding: AsymmetricPadding, - algorithm: hashes.HashAlgorithm, - public_key: "_RSAPublicKey", - signature: bytes, - data: bytes, -) -> None: - pkey_ctx = _rsa_sig_setup( - backend, - padding, - algorithm, - public_key, - backend._lib.EVP_PKEY_verify_init, - ) - res = backend._lib.EVP_PKEY_verify( - pkey_ctx, signature, len(signature), data, len(data) - ) - # The previous call can return negative numbers in the event of an - # error. This is not a signature failure but we need to fail if it - # occurs. - backend.openssl_assert(res >= 0) - if res == 0: - backend._consume_errors() - raise InvalidSignature - - -def _rsa_sig_recover( - backend: "Backend", - padding: AsymmetricPadding, - algorithm: typing.Optional[hashes.HashAlgorithm], - public_key: "_RSAPublicKey", - signature: bytes, -) -> bytes: - pkey_ctx = _rsa_sig_setup( - backend, - padding, - algorithm, - public_key, - backend._lib.EVP_PKEY_verify_recover_init, - ) - - # Attempt to keep the rest of the code in this function as constant/time - # as possible. See the comment in _enc_dec_rsa_pkey_ctx. Note that the - # buflen parameter is used even though its value may be undefined in the - # error case. Due to the tolerant nature of Python slicing this does not - # trigger any exceptions. - maxlen = backend._lib.EVP_PKEY_size(public_key._evp_pkey) - backend.openssl_assert(maxlen > 0) - buf = backend._ffi.new("unsigned char[]", maxlen) - buflen = backend._ffi.new("size_t *", maxlen) - res = backend._lib.EVP_PKEY_verify_recover( - pkey_ctx, buf, buflen, signature, len(signature) - ) - resbuf = backend._ffi.buffer(buf)[: buflen[0]] - backend._lib.ERR_clear_error() - # Assume that all parameter errors are handled during the setup phase and - # any error here is due to invalid signature. - if res != 1: - raise InvalidSignature - return resbuf - - -class _RSAPrivateKey(RSAPrivateKey): - _evp_pkey: object - _rsa_cdata: object - _key_size: int - - def __init__( - self, backend: "Backend", rsa_cdata, evp_pkey, _skip_check_key: bool - ): - res: int - # RSA_check_key is slower in OpenSSL 3.0.0 due to improved - # primality checking. In normal use this is unlikely to be a problem - # since users don't load new keys constantly, but for TESTING we've - # added an init arg that allows skipping the checks. You should not - # use this in production code unless you understand the consequences. - if not _skip_check_key: - res = backend._lib.RSA_check_key(rsa_cdata) - if res != 1: - errors = backend._consume_errors_with_text() - raise ValueError("Invalid private key", errors) - # 2 is prime and passes an RSA key check, so we also check - # if p and q are odd just to be safe. - p = backend._ffi.new("BIGNUM **") - q = backend._ffi.new("BIGNUM **") - backend._lib.RSA_get0_factors(rsa_cdata, p, q) - backend.openssl_assert(p[0] != backend._ffi.NULL) - backend.openssl_assert(q[0] != backend._ffi.NULL) - p_odd = backend._lib.BN_is_odd(p[0]) - q_odd = backend._lib.BN_is_odd(q[0]) - if p_odd != 1 or q_odd != 1: - errors = backend._consume_errors_with_text() - raise ValueError("Invalid private key", errors) - - self._backend = backend - self._rsa_cdata = rsa_cdata - self._evp_pkey = evp_pkey - # Used for lazy blinding - self._blinded = False - self._blinding_lock = threading.Lock() - - n = self._backend._ffi.new("BIGNUM **") - self._backend._lib.RSA_get0_key( - self._rsa_cdata, - n, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - ) - self._backend.openssl_assert(n[0] != self._backend._ffi.NULL) - self._key_size = self._backend._lib.BN_num_bits(n[0]) - - def _enable_blinding(self) -> None: - # If you call blind on an already blinded RSA key OpenSSL will turn - # it off and back on, which is a performance hit we want to avoid. - if not self._blinded: - with self._blinding_lock: - self._non_threadsafe_enable_blinding() - - def _non_threadsafe_enable_blinding(self) -> None: - # This is only a separate function to allow for testing to cover both - # branches. It should never be invoked except through _enable_blinding. - # Check if it's not True again in case another thread raced past the - # first non-locked check. - if not self._blinded: - res = self._backend._lib.RSA_blinding_on( - self._rsa_cdata, self._backend._ffi.NULL - ) - self._backend.openssl_assert(res == 1) - self._blinded = True - - @property - def key_size(self) -> int: - return self._key_size - - def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> bytes: - self._enable_blinding() - key_size_bytes = (self.key_size + 7) // 8 - if key_size_bytes != len(ciphertext): - raise ValueError("Ciphertext length must be equal to key size.") - - return _enc_dec_rsa(self._backend, self, ciphertext, padding) - - def public_key(self) -> RSAPublicKey: - ctx = self._backend._lib.RSAPublicKey_dup(self._rsa_cdata) - self._backend.openssl_assert(ctx != self._backend._ffi.NULL) - ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free) - evp_pkey = self._backend._rsa_cdata_to_evp_pkey(ctx) - return _RSAPublicKey(self._backend, ctx, evp_pkey) - - def private_numbers(self) -> RSAPrivateNumbers: - n = self._backend._ffi.new("BIGNUM **") - e = self._backend._ffi.new("BIGNUM **") - d = self._backend._ffi.new("BIGNUM **") - p = self._backend._ffi.new("BIGNUM **") - q = self._backend._ffi.new("BIGNUM **") - dmp1 = self._backend._ffi.new("BIGNUM **") - dmq1 = self._backend._ffi.new("BIGNUM **") - iqmp = self._backend._ffi.new("BIGNUM **") - self._backend._lib.RSA_get0_key(self._rsa_cdata, n, e, d) - self._backend.openssl_assert(n[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(e[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(d[0] != self._backend._ffi.NULL) - self._backend._lib.RSA_get0_factors(self._rsa_cdata, p, q) - self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(q[0] != self._backend._ffi.NULL) - self._backend._lib.RSA_get0_crt_params( - self._rsa_cdata, dmp1, dmq1, iqmp - ) - self._backend.openssl_assert(dmp1[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(dmq1[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(iqmp[0] != self._backend._ffi.NULL) - return RSAPrivateNumbers( - p=self._backend._bn_to_int(p[0]), - q=self._backend._bn_to_int(q[0]), - d=self._backend._bn_to_int(d[0]), - dmp1=self._backend._bn_to_int(dmp1[0]), - dmq1=self._backend._bn_to_int(dmq1[0]), - iqmp=self._backend._bn_to_int(iqmp[0]), - public_numbers=RSAPublicNumbers( - e=self._backend._bn_to_int(e[0]), - n=self._backend._bn_to_int(n[0]), - ), - ) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - return self._backend._private_key_bytes( - encoding, - format, - encryption_algorithm, - self, - self._evp_pkey, - self._rsa_cdata, - ) - - def sign( - self, - data: bytes, - padding: AsymmetricPadding, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], - ) -> bytes: - self._enable_blinding() - data, algorithm = _calculate_digest_and_algorithm(data, algorithm) - return _rsa_sig_sign(self._backend, padding, algorithm, self, data) - - -class _RSAPublicKey(RSAPublicKey): - _evp_pkey: object - _rsa_cdata: object - _key_size: int - - def __init__(self, backend: "Backend", rsa_cdata, evp_pkey): - self._backend = backend - self._rsa_cdata = rsa_cdata - self._evp_pkey = evp_pkey - - n = self._backend._ffi.new("BIGNUM **") - self._backend._lib.RSA_get0_key( - self._rsa_cdata, - n, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - ) - self._backend.openssl_assert(n[0] != self._backend._ffi.NULL) - self._key_size = self._backend._lib.BN_num_bits(n[0]) - - @property - def key_size(self) -> int: - return self._key_size - - def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes: - return _enc_dec_rsa(self._backend, self, plaintext, padding) - - def public_numbers(self) -> RSAPublicNumbers: - n = self._backend._ffi.new("BIGNUM **") - e = self._backend._ffi.new("BIGNUM **") - self._backend._lib.RSA_get0_key( - self._rsa_cdata, n, e, self._backend._ffi.NULL - ) - self._backend.openssl_assert(n[0] != self._backend._ffi.NULL) - self._backend.openssl_assert(e[0] != self._backend._ffi.NULL) - return RSAPublicNumbers( - e=self._backend._bn_to_int(e[0]), - n=self._backend._bn_to_int(n[0]), - ) - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, self._rsa_cdata - ) - - def verify( - self, - signature: bytes, - data: bytes, - padding: AsymmetricPadding, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], - ) -> None: - data, algorithm = _calculate_digest_and_algorithm(data, algorithm) - _rsa_sig_verify( - self._backend, padding, algorithm, self, signature, data - ) - - def recover_data_from_signature( - self, - signature: bytes, - padding: AsymmetricPadding, - algorithm: typing.Optional[hashes.HashAlgorithm], - ) -> bytes: - if isinstance(algorithm, asym_utils.Prehashed): - raise TypeError( - "Prehashed is only supported in the sign and verify methods. " - "It cannot be used with recover_data_from_signature." - ) - return _rsa_sig_recover( - self._backend, padding, algorithm, self, signature - ) diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py deleted file mode 100644 index 3a70a58..0000000 --- a/src/cryptography/hazmat/backends/openssl/utils.py +++ /dev/null @@ -1,52 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric.utils import Prehashed - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -def _evp_pkey_derive(backend: "Backend", evp_pkey, peer_public_key) -> bytes: - ctx = backend._lib.EVP_PKEY_CTX_new(evp_pkey, backend._ffi.NULL) - backend.openssl_assert(ctx != backend._ffi.NULL) - ctx = backend._ffi.gc(ctx, backend._lib.EVP_PKEY_CTX_free) - res = backend._lib.EVP_PKEY_derive_init(ctx) - backend.openssl_assert(res == 1) - res = backend._lib.EVP_PKEY_derive_set_peer(ctx, peer_public_key._evp_pkey) - backend.openssl_assert(res == 1) - keylen = backend._ffi.new("size_t *") - res = backend._lib.EVP_PKEY_derive(ctx, backend._ffi.NULL, keylen) - backend.openssl_assert(res == 1) - backend.openssl_assert(keylen[0] > 0) - buf = backend._ffi.new("unsigned char[]", keylen[0]) - res = backend._lib.EVP_PKEY_derive(ctx, buf, keylen) - if res != 1: - errors_with_text = backend._consume_errors_with_text() - raise ValueError("Error computing shared key.", errors_with_text) - - return backend._ffi.buffer(buf, keylen[0])[:] - - -def _calculate_digest_and_algorithm( - data: bytes, - algorithm: typing.Union[Prehashed, hashes.HashAlgorithm], -) -> typing.Tuple[bytes, hashes.HashAlgorithm]: - if not isinstance(algorithm, Prehashed): - hash_ctx = hashes.Hash(algorithm) - hash_ctx.update(data) - data = hash_ctx.finalize() - else: - algorithm = algorithm._algorithm - - if len(data) != algorithm.digest_size: - raise ValueError( - "The provided data must be the same length as the hash " - "algorithm's digest size." - ) - - return (data, algorithm) diff --git a/src/cryptography/hazmat/backends/openssl/x25519.py b/src/cryptography/hazmat/backends/openssl/x25519.py deleted file mode 100644 index f68501a..0000000 --- a/src/cryptography/hazmat/backends/openssl/x25519.py +++ /dev/null @@ -1,132 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric.x25519 import ( - X25519PrivateKey, - X25519PublicKey, -) - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - - -_X25519_KEY_SIZE = 32 - - -class _X25519PublicKey(X25519PublicKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - encoding is not serialization.Encoding.Raw - or format is not serialization.PublicFormat.Raw - ): - raise ValueError( - "When using Raw both encoding and format must be Raw" - ) - - return self._raw_public_bytes() - - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def _raw_public_bytes(self) -> bytes: - ucharpp = self._backend._ffi.new("unsigned char **") - res = self._backend._lib.EVP_PKEY_get1_tls_encodedpoint( - self._evp_pkey, ucharpp - ) - self._backend.openssl_assert(res == 32) - self._backend.openssl_assert(ucharpp[0] != self._backend._ffi.NULL) - data = self._backend._ffi.gc( - ucharpp[0], self._backend._lib.OPENSSL_free - ) - return self._backend._ffi.buffer(data, res)[:] - - -class _X25519PrivateKey(X25519PrivateKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_key(self) -> X25519PublicKey: - bio = self._backend._create_mem_bio_gc() - res = self._backend._lib.i2d_PUBKEY_bio(bio, self._evp_pkey) - self._backend.openssl_assert(res == 1) - evp_pkey = self._backend._lib.d2i_PUBKEY_bio( - bio, self._backend._ffi.NULL - ) - self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL) - evp_pkey = self._backend._ffi.gc( - evp_pkey, self._backend._lib.EVP_PKEY_free - ) - return _X25519PublicKey(self._backend, evp_pkey) - - def exchange(self, peer_public_key: X25519PublicKey) -> bytes: - if not isinstance(peer_public_key, X25519PublicKey): - raise TypeError("peer_public_key must be X25519PublicKey.") - - return _evp_pkey_derive(self._backend, self._evp_pkey, peer_public_key) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - format is not serialization.PrivateFormat.Raw - or encoding is not serialization.Encoding.Raw - or not isinstance( - encryption_algorithm, serialization.NoEncryption - ) - ): - raise ValueError( - "When using Raw both encoding and format must be Raw " - "and encryption_algorithm must be NoEncryption()" - ) - - return self._raw_private_bytes() - - return self._backend._private_key_bytes( - encoding, format, encryption_algorithm, self, self._evp_pkey, None - ) - - def _raw_private_bytes(self) -> bytes: - # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can - # switch this to EVP_PKEY_new_raw_private_key - # The trick we use here is serializing to a PKCS8 key and just - # using the last 32 bytes, which is the key itself. - bio = self._backend._create_mem_bio_gc() - res = self._backend._lib.i2d_PKCS8PrivateKey_bio( - bio, - self._evp_pkey, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - 0, - self._backend._ffi.NULL, - self._backend._ffi.NULL, - ) - self._backend.openssl_assert(res == 1) - pkcs8 = self._backend._read_mem_bio(bio) - self._backend.openssl_assert(len(pkcs8) == 48) - return pkcs8[-_X25519_KEY_SIZE:] diff --git a/src/cryptography/hazmat/backends/openssl/x448.py b/src/cryptography/hazmat/backends/openssl/x448.py deleted file mode 100644 index f45db56..0000000 --- a/src/cryptography/hazmat/backends/openssl/x448.py +++ /dev/null @@ -1,117 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import typing - -from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives.asymmetric.x448 import ( - X448PrivateKey, - X448PublicKey, -) - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.backend import Backend - -_X448_KEY_SIZE = 56 - - -class _X448PublicKey(X448PublicKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PublicFormat, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - encoding is not serialization.Encoding.Raw - or format is not serialization.PublicFormat.Raw - ): - raise ValueError( - "When using Raw both encoding and format must be Raw" - ) - - return self._raw_public_bytes() - - return self._backend._public_key_bytes( - encoding, format, self, self._evp_pkey, None - ) - - def _raw_public_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE) - return self._backend._ffi.buffer(buf, _X448_KEY_SIZE)[:] - - -class _X448PrivateKey(X448PrivateKey): - def __init__(self, backend: "Backend", evp_pkey): - self._backend = backend - self._evp_pkey = evp_pkey - - def public_key(self) -> X448PublicKey: - buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_public_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE) - public_bytes = self._backend._ffi.buffer(buf)[:] - return self._backend.x448_load_public_bytes(public_bytes) - - def exchange(self, peer_public_key: X448PublicKey) -> bytes: - if not isinstance(peer_public_key, X448PublicKey): - raise TypeError("peer_public_key must be X448PublicKey.") - - return _evp_pkey_derive(self._backend, self._evp_pkey, peer_public_key) - - def private_bytes( - self, - encoding: serialization.Encoding, - format: serialization.PrivateFormat, - encryption_algorithm: serialization.KeySerializationEncryption, - ) -> bytes: - if ( - encoding is serialization.Encoding.Raw - or format is serialization.PublicFormat.Raw - ): - if ( - format is not serialization.PrivateFormat.Raw - or encoding is not serialization.Encoding.Raw - or not isinstance( - encryption_algorithm, serialization.NoEncryption - ) - ): - raise ValueError( - "When using Raw both encoding and format must be Raw " - "and encryption_algorithm must be NoEncryption()" - ) - - return self._raw_private_bytes() - - return self._backend._private_key_bytes( - encoding, format, encryption_algorithm, self, self._evp_pkey, None - ) - - def _raw_private_bytes(self) -> bytes: - buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE) - buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE) - res = self._backend._lib.EVP_PKEY_get_raw_private_key( - self._evp_pkey, buf, buflen - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE) - return self._backend._ffi.buffer(buf, _X448_KEY_SIZE)[:] diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py deleted file mode 100644 index aa4ed10..0000000 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ /dev/null @@ -1,45 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import warnings - -from cryptography import utils, x509 - - -# This exists for pyOpenSSL compatibility and SHOULD NOT BE USED -# WE WILL REMOVE THIS VERY SOON. -def _Certificate(backend, x509) -> x509.Certificate: # noqa: N802 - warnings.warn( - "This version of cryptography contains a temporary pyOpenSSL " - "fallback path. Upgrade pyOpenSSL now.", - utils.DeprecatedIn35, - ) - return backend._ossl2cert(x509) - - -# This exists for pyOpenSSL compatibility and SHOULD NOT BE USED -# WE WILL REMOVE THIS VERY SOON. -def _CertificateSigningRequest( # noqa: N802 - backend, x509_req -) -> x509.CertificateSigningRequest: - warnings.warn( - "This version of cryptography contains a temporary pyOpenSSL " - "fallback path. Upgrade pyOpenSSL now.", - utils.DeprecatedIn35, - ) - return backend._ossl2csr(x509_req) - - -# This exists for pyOpenSSL compatibility and SHOULD NOT BE USED -# WE WILL REMOVE THIS VERY SOON. -def _CertificateRevocationList( # noqa: N802 - backend, x509_crl -) -> x509.CertificateRevocationList: - warnings.warn( - "This version of cryptography contains a temporary pyOpenSSL " - "fallback path. Upgrade pyOpenSSL now.", - utils.DeprecatedIn35, - ) - return backend._ossl2crl(x509_crl) diff --git a/src/cryptography/hazmat/bindings/_rust/__init__.pyi b/src/cryptography/hazmat/bindings/_rust/__init__.pyi index bab90a5..c0ea0a5 100644 --- a/src/cryptography/hazmat/bindings/_rust/__init__.pyi +++ b/src/cryptography/hazmat/bindings/_rust/__init__.pyi @@ -4,9 +4,16 @@ import typing +from cryptography.hazmat.primitives import padding + def check_pkcs7_padding(data: bytes) -> bool: ... def check_ansix923_padding(data: bytes) -> bool: ... +class PKCS7PaddingContext(padding.PaddingContext): + def __init__(self, block_size: int) -> None: ... + def update(self, data: bytes) -> bytes: ... + def finalize(self) -> bytes: ... + class ObjectIdentifier: def __init__(self, val: str) -> None: ... @property @@ -15,15 +22,3 @@ class ObjectIdentifier: def _name(self) -> str: ... T = typing.TypeVar("T") - -class FixedPool(typing.Generic[T]): - def __init__( - self, - create: typing.Callable[[], T], - destroy: typing.Callable[[T], None], - ) -> None: ... - def acquire(self) -> PoolAcquisition[T]: ... - -class PoolAcquisition(typing.Generic[T]): - def __enter__(self) -> T: ... - def __exit__(self, exc_type, exc_value, exc_tb) -> None: ... diff --git a/src/cryptography/hazmat/bindings/_openssl.pyi b/src/cryptography/hazmat/bindings/_rust/_openssl.pyi similarity index 100% rename from src/cryptography/hazmat/bindings/_openssl.pyi rename to src/cryptography/hazmat/bindings/_rust/_openssl.pyi diff --git a/src/cryptography/hazmat/bindings/_rust/asn1.pyi b/src/cryptography/hazmat/bindings/_rust/asn1.pyi index a8369ba..3b5f208 100644 --- a/src/cryptography/hazmat/bindings/_rust/asn1.pyi +++ b/src/cryptography/hazmat/bindings/_rust/asn1.pyi @@ -2,15 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import typing - -class TestCertificate: - not_after_tag: int - not_before_tag: int - issuer_value_tags: typing.List[int] - subject_value_tags: typing.List[int] - -def decode_dss_signature(signature: bytes) -> typing.Tuple[int, int]: ... +def decode_dss_signature(signature: bytes) -> tuple[int, int]: ... def encode_dss_signature(r: int, s: int) -> bytes: ... def parse_spki_for_data(data: bytes) -> bytes: ... -def test_parse_certificate(data: bytes) -> TestCertificate: ... diff --git a/src/cryptography/hazmat/bindings/_rust/exceptions.pyi b/src/cryptography/hazmat/bindings/_rust/exceptions.pyi new file mode 100644 index 0000000..09f46b1 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/exceptions.pyi @@ -0,0 +1,17 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +class _Reasons: + BACKEND_MISSING_INTERFACE: _Reasons + UNSUPPORTED_HASH: _Reasons + UNSUPPORTED_CIPHER: _Reasons + UNSUPPORTED_PADDING: _Reasons + UNSUPPORTED_MGF: _Reasons + UNSUPPORTED_PUBLIC_KEY_ALGORITHM: _Reasons + UNSUPPORTED_ELLIPTIC_CURVE: _Reasons + UNSUPPORTED_SERIALIZATION: _Reasons + UNSUPPORTED_X509: _Reasons + UNSUPPORTED_EXCHANGE_ALGORITHM: _Reasons + UNSUPPORTED_DIFFIE_HELLMAN: _Reasons + UNSUPPORTED_MAC: _Reasons diff --git a/src/cryptography/hazmat/bindings/_rust/ocsp.pyi b/src/cryptography/hazmat/bindings/_rust/ocsp.pyi index acdea3d..5e02145 100644 --- a/src/cryptography/hazmat/bindings/_rust/ocsp.pyi +++ b/src/cryptography/hazmat/bindings/_rust/ocsp.pyi @@ -2,25 +2,22 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import typing - -from cryptography.hazmat.primitives.asymmetric.types import PRIVATE_KEY_TYPES from cryptography.hazmat.primitives import hashes -from cryptography.x509 import Extension -from cryptography.x509.ocsp import ( - OCSPRequest, - OCSPRequestBuilder, - OCSPResponse, - OCSPResponseStatus, - OCSPResponseBuilder, -) +from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes +from cryptography.x509 import ocsp + +class OCSPRequest: ... +class OCSPResponse: ... +class OCSPSingleResponse: ... -def load_der_ocsp_request(data: bytes) -> OCSPRequest: ... -def load_der_ocsp_response(data: bytes) -> OCSPResponse: ... -def create_ocsp_request(builder: OCSPRequestBuilder) -> OCSPRequest: ... +def load_der_ocsp_request(data: bytes) -> ocsp.OCSPRequest: ... +def load_der_ocsp_response(data: bytes) -> ocsp.OCSPResponse: ... +def create_ocsp_request( + builder: ocsp.OCSPRequestBuilder, +) -> ocsp.OCSPRequest: ... def create_ocsp_response( - status: OCSPResponseStatus, - builder: typing.Optional[OCSPResponseBuilder], - private_key: typing.Optional[PRIVATE_KEY_TYPES], - hash_algorithm: typing.Optional[hashes.HashAlgorithm], -) -> OCSPResponse: ... + status: ocsp.OCSPResponseStatus, + builder: ocsp.OCSPResponseBuilder | None, + private_key: PrivateKeyTypes | None, + hash_algorithm: hashes.HashAlgorithm | None, +) -> ocsp.OCSPResponse: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi new file mode 100644 index 0000000..1e66d33 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi @@ -0,0 +1,71 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.bindings._rust.openssl import ( + aead, + ciphers, + cmac, + dh, + dsa, + ec, + ed448, + ed25519, + hashes, + hmac, + kdf, + keys, + poly1305, + rsa, + x448, + x25519, +) + +__all__ = [ + "aead", + "ciphers", + "cmac", + "dh", + "dsa", + "ec", + "ed448", + "ed25519", + "hashes", + "hmac", + "kdf", + "keys", + "openssl_version", + "openssl_version_text", + "poly1305", + "raise_openssl_error", + "rsa", + "x448", + "x25519", +] + +CRYPTOGRAPHY_IS_LIBRESSL: bool +CRYPTOGRAPHY_IS_BORINGSSL: bool +CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: bool +CRYPTOGRAPHY_OPENSSL_320_OR_GREATER: bool + +class Providers: ... + +_legacy_provider_loaded: bool +_providers: Providers + +def openssl_version() -> int: ... +def openssl_version_text() -> str: ... +def raise_openssl_error() -> typing.NoReturn: ... +def capture_error_stack() -> list[OpenSSLError]: ... +def is_fips_enabled() -> bool: ... +def enable_fips(providers: Providers) -> None: ... + +class OpenSSLError: + @property + def lib(self) -> int: ... + @property + def reason(self) -> int: ... + @property + def reason_text(self) -> bytes: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi new file mode 100644 index 0000000..047f49d --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi @@ -0,0 +1,103 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +class AESGCM: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_key(key_size: int) -> bytes: ... + def encrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + def decrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + +class ChaCha20Poly1305: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_key() -> bytes: ... + def encrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + def decrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + +class AESCCM: + def __init__(self, key: bytes, tag_length: int = 16) -> None: ... + @staticmethod + def generate_key(key_size: int) -> bytes: ... + def encrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + def decrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + +class AESSIV: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_key(key_size: int) -> bytes: ... + def encrypt( + self, + data: bytes, + associated_data: list[bytes] | None, + ) -> bytes: ... + def decrypt( + self, + data: bytes, + associated_data: list[bytes] | None, + ) -> bytes: ... + +class AESOCB3: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_key(key_size: int) -> bytes: ... + def encrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + def decrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + +class AESGCMSIV: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_key(key_size: int) -> bytes: ... + def encrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... + def decrypt( + self, + nonce: bytes, + data: bytes, + associated_data: bytes | None, + ) -> bytes: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi new file mode 100644 index 0000000..759f3b5 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi @@ -0,0 +1,38 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives import ciphers +from cryptography.hazmat.primitives.ciphers import modes + +@typing.overload +def create_encryption_ctx( + algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag +) -> ciphers.AEADEncryptionContext: ... +@typing.overload +def create_encryption_ctx( + algorithm: ciphers.CipherAlgorithm, mode: modes.Mode +) -> ciphers.CipherContext: ... +@typing.overload +def create_decryption_ctx( + algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag +) -> ciphers.AEADDecryptionContext: ... +@typing.overload +def create_decryption_ctx( + algorithm: ciphers.CipherAlgorithm, mode: modes.Mode +) -> ciphers.CipherContext: ... +def cipher_supported( + algorithm: ciphers.CipherAlgorithm, mode: modes.Mode +) -> bool: ... +def _advance( + ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int +) -> None: ... +def _advance_aad( + ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int +) -> None: ... + +class CipherContext: ... +class AEADEncryptionContext: ... +class AEADDecryptionContext: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi new file mode 100644 index 0000000..9c03508 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi @@ -0,0 +1,18 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives import ciphers + +class CMAC: + def __init__( + self, + algorithm: ciphers.BlockCipherAlgorithm, + backend: typing.Any = None, + ) -> None: ... + def update(self, data: bytes) -> None: ... + def finalize(self) -> bytes: ... + def verify(self, signature: bytes) -> None: ... + def copy(self) -> CMAC: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi new file mode 100644 index 0000000..08733d7 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi @@ -0,0 +1,51 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives.asymmetric import dh + +MIN_MODULUS_SIZE: int + +class DHPrivateKey: ... +class DHPublicKey: ... +class DHParameters: ... + +class DHPrivateNumbers: + def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: ... + def private_key(self, backend: typing.Any = None) -> dh.DHPrivateKey: ... + @property + def x(self) -> int: ... + @property + def public_numbers(self) -> DHPublicNumbers: ... + +class DHPublicNumbers: + def __init__( + self, y: int, parameter_numbers: DHParameterNumbers + ) -> None: ... + def public_key(self, backend: typing.Any = None) -> dh.DHPublicKey: ... + @property + def y(self) -> int: ... + @property + def parameter_numbers(self) -> DHParameterNumbers: ... + +class DHParameterNumbers: + def __init__(self, p: int, g: int, q: int | None = None) -> None: ... + def parameters(self, backend: typing.Any = None) -> dh.DHParameters: ... + @property + def p(self) -> int: ... + @property + def g(self) -> int: ... + @property + def q(self) -> int | None: ... + +def generate_parameters( + generator: int, key_size: int, backend: typing.Any = None +) -> dh.DHParameters: ... +def from_pem_parameters( + data: bytes, backend: typing.Any = None +) -> dh.DHParameters: ... +def from_der_parameters( + data: bytes, backend: typing.Any = None +) -> dh.DHParameters: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi new file mode 100644 index 0000000..0922a4c --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi @@ -0,0 +1,41 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives.asymmetric import dsa + +class DSAPrivateKey: ... +class DSAPublicKey: ... +class DSAParameters: ... + +class DSAPrivateNumbers: + def __init__(self, x: int, public_numbers: DSAPublicNumbers) -> None: ... + @property + def x(self) -> int: ... + @property + def public_numbers(self) -> DSAPublicNumbers: ... + def private_key(self, backend: typing.Any = None) -> dsa.DSAPrivateKey: ... + +class DSAPublicNumbers: + def __init__( + self, y: int, parameter_numbers: DSAParameterNumbers + ) -> None: ... + @property + def y(self) -> int: ... + @property + def parameter_numbers(self) -> DSAParameterNumbers: ... + def public_key(self, backend: typing.Any = None) -> dsa.DSAPublicKey: ... + +class DSAParameterNumbers: + def __init__(self, p: int, q: int, g: int) -> None: ... + @property + def p(self) -> int: ... + @property + def q(self) -> int: ... + @property + def g(self) -> int: ... + def parameters(self, backend: typing.Any = None) -> dsa.DSAParameters: ... + +def generate_parameters(key_size: int) -> dsa.DSAParameters: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi new file mode 100644 index 0000000..5c3b7bf --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi @@ -0,0 +1,52 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives.asymmetric import ec + +class ECPrivateKey: ... +class ECPublicKey: ... + +class EllipticCurvePrivateNumbers: + def __init__( + self, private_value: int, public_numbers: EllipticCurvePublicNumbers + ) -> None: ... + def private_key( + self, backend: typing.Any = None + ) -> ec.EllipticCurvePrivateKey: ... + @property + def private_value(self) -> int: ... + @property + def public_numbers(self) -> EllipticCurvePublicNumbers: ... + +class EllipticCurvePublicNumbers: + def __init__(self, x: int, y: int, curve: ec.EllipticCurve) -> None: ... + def public_key( + self, backend: typing.Any = None + ) -> ec.EllipticCurvePublicKey: ... + @property + def x(self) -> int: ... + @property + def y(self) -> int: ... + @property + def curve(self) -> ec.EllipticCurve: ... + def __eq__(self, other: object) -> bool: ... + +def curve_supported(curve: ec.EllipticCurve) -> bool: ... +def generate_private_key( + curve: ec.EllipticCurve, backend: typing.Any = None +) -> ec.EllipticCurvePrivateKey: ... +def from_private_numbers( + numbers: ec.EllipticCurvePrivateNumbers, +) -> ec.EllipticCurvePrivateKey: ... +def from_public_numbers( + numbers: ec.EllipticCurvePublicNumbers, +) -> ec.EllipticCurvePublicKey: ... +def from_public_bytes( + curve: ec.EllipticCurve, data: bytes +) -> ec.EllipticCurvePublicKey: ... +def derive_private_key( + private_value: int, curve: ec.EllipticCurve +) -> ec.EllipticCurvePrivateKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi new file mode 100644 index 0000000..5233f9a --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi @@ -0,0 +1,12 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives.asymmetric import ed25519 + +class Ed25519PrivateKey: ... +class Ed25519PublicKey: ... + +def generate_key() -> ed25519.Ed25519PrivateKey: ... +def from_private_bytes(data: bytes) -> ed25519.Ed25519PrivateKey: ... +def from_public_bytes(data: bytes) -> ed25519.Ed25519PublicKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi new file mode 100644 index 0000000..7a06520 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi @@ -0,0 +1,12 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives.asymmetric import ed448 + +class Ed448PrivateKey: ... +class Ed448PublicKey: ... + +def generate_key() -> ed448.Ed448PrivateKey: ... +def from_private_bytes(data: bytes) -> ed448.Ed448PrivateKey: ... +def from_public_bytes(data: bytes) -> ed448.Ed448PublicKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi new file mode 100644 index 0000000..ca5f42a --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi @@ -0,0 +1,17 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives import hashes + +class Hash(hashes.HashContext): + def __init__( + self, algorithm: hashes.HashAlgorithm, backend: typing.Any = None + ) -> None: ... + @property + def algorithm(self) -> hashes.HashAlgorithm: ... + def update(self, data: bytes) -> None: ... + def finalize(self) -> bytes: ... + def copy(self) -> Hash: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi new file mode 100644 index 0000000..e38d9b5 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi @@ -0,0 +1,21 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives import hashes + +class HMAC(hashes.HashContext): + def __init__( + self, + key: bytes, + algorithm: hashes.HashAlgorithm, + backend: typing.Any = None, + ) -> None: ... + @property + def algorithm(self) -> hashes.HashAlgorithm: ... + def update(self, data: bytes) -> None: ... + def finalize(self) -> bytes: ... + def verify(self, signature: bytes) -> None: ... + def copy(self) -> HMAC: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi new file mode 100644 index 0000000..034a8fe --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi @@ -0,0 +1,22 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives.hashes import HashAlgorithm + +def derive_pbkdf2_hmac( + key_material: bytes, + algorithm: HashAlgorithm, + salt: bytes, + iterations: int, + length: int, +) -> bytes: ... +def derive_scrypt( + key_material: bytes, + salt: bytes, + n: int, + r: int, + p: int, + max_mem: int, + length: int, +) -> bytes: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/keys.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/keys.pyi new file mode 100644 index 0000000..6815b7d --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/keys.pyi @@ -0,0 +1,33 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives.asymmetric.types import ( + PrivateKeyTypes, + PublicKeyTypes, +) + +def load_der_private_key( + data: bytes, + password: bytes | None, + backend: typing.Any = None, + *, + unsafe_skip_rsa_key_validation: bool = False, +) -> PrivateKeyTypes: ... +def load_pem_private_key( + data: bytes, + password: bytes | None, + backend: typing.Any = None, + *, + unsafe_skip_rsa_key_validation: bool = False, +) -> PrivateKeyTypes: ... +def load_der_public_key( + data: bytes, + backend: typing.Any = None, +) -> PublicKeyTypes: ... +def load_pem_public_key( + data: bytes, + backend: typing.Any = None, +) -> PublicKeyTypes: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi new file mode 100644 index 0000000..2e9b0a9 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi @@ -0,0 +1,13 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +class Poly1305: + def __init__(self, key: bytes) -> None: ... + @staticmethod + def generate_tag(key: bytes, data: bytes) -> bytes: ... + @staticmethod + def verify_tag(key: bytes, data: bytes, tag: bytes) -> None: ... + def update(self, data: bytes) -> None: ... + def finalize(self) -> bytes: ... + def verify(self, tag: bytes) -> None: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi new file mode 100644 index 0000000..ef7752d --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi @@ -0,0 +1,55 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography.hazmat.primitives.asymmetric import rsa + +class RSAPrivateKey: ... +class RSAPublicKey: ... + +class RSAPrivateNumbers: + def __init__( + self, + p: int, + q: int, + d: int, + dmp1: int, + dmq1: int, + iqmp: int, + public_numbers: RSAPublicNumbers, + ) -> None: ... + @property + def p(self) -> int: ... + @property + def q(self) -> int: ... + @property + def d(self) -> int: ... + @property + def dmp1(self) -> int: ... + @property + def dmq1(self) -> int: ... + @property + def iqmp(self) -> int: ... + @property + def public_numbers(self) -> RSAPublicNumbers: ... + def private_key( + self, + backend: typing.Any = None, + *, + unsafe_skip_rsa_key_validation: bool = False, + ) -> rsa.RSAPrivateKey: ... + +class RSAPublicNumbers: + def __init__(self, e: int, n: int) -> None: ... + @property + def n(self) -> int: ... + @property + def e(self) -> int: ... + def public_key(self, backend: typing.Any = None) -> rsa.RSAPublicKey: ... + +def generate_private_key( + public_exponent: int, + key_size: int, +) -> rsa.RSAPrivateKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi new file mode 100644 index 0000000..da0f3ec --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi @@ -0,0 +1,12 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives.asymmetric import x25519 + +class X25519PrivateKey: ... +class X25519PublicKey: ... + +def generate_key() -> x25519.X25519PrivateKey: ... +def from_private_bytes(data: bytes) -> x25519.X25519PrivateKey: ... +def from_public_bytes(data: bytes) -> x25519.X25519PublicKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/x448.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/x448.pyi new file mode 100644 index 0000000..e51cfeb --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/openssl/x448.pyi @@ -0,0 +1,12 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives.asymmetric import x448 + +class X448PrivateKey: ... +class X448PublicKey: ... + +def generate_key() -> x448.X448PrivateKey: ... +def from_private_bytes(data: bytes) -> x448.X448PrivateKey: ... +def from_public_bytes(data: bytes) -> x448.X448PublicKey: ... diff --git a/src/cryptography/hazmat/bindings/_rust/pkcs12.pyi b/src/cryptography/hazmat/bindings/_rust/pkcs12.pyi new file mode 100644 index 0000000..40514c4 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/pkcs12.pyi @@ -0,0 +1,46 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography import x509 +from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes +from cryptography.hazmat.primitives.serialization import ( + KeySerializationEncryption, +) +from cryptography.hazmat.primitives.serialization.pkcs12 import ( + PKCS12KeyAndCertificates, + PKCS12PrivateKeyTypes, +) + +class PKCS12Certificate: + def __init__( + self, cert: x509.Certificate, friendly_name: bytes | None + ) -> None: ... + @property + def friendly_name(self) -> bytes | None: ... + @property + def certificate(self) -> x509.Certificate: ... + +def load_key_and_certificates( + data: bytes, + password: bytes | None, + backend: typing.Any = None, +) -> tuple[ + PrivateKeyTypes | None, + x509.Certificate | None, + list[x509.Certificate], +]: ... +def load_pkcs12( + data: bytes, + password: bytes | None, + backend: typing.Any = None, +) -> PKCS12KeyAndCertificates: ... +def serialize_key_and_certificates( + name: bytes | None, + key: PKCS12PrivateKeyTypes | None, + cert: x509.Certificate | None, + cas: typing.Iterable[x509.Certificate | PKCS12Certificate] | None, + encryption_algorithm: KeySerializationEncryption, +) -> bytes: ... diff --git a/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi b/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi new file mode 100644 index 0000000..a72120a --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi @@ -0,0 +1,30 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import typing + +from cryptography import x509 +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.serialization import pkcs7 + +def serialize_certificates( + certs: list[x509.Certificate], + encoding: serialization.Encoding, +) -> bytes: ... +def encrypt_and_serialize( + builder: pkcs7.PKCS7EnvelopeBuilder, + encoding: serialization.Encoding, + options: typing.Iterable[pkcs7.PKCS7Options], +) -> bytes: ... +def sign_and_serialize( + builder: pkcs7.PKCS7SignatureBuilder, + encoding: serialization.Encoding, + options: typing.Iterable[pkcs7.PKCS7Options], +) -> bytes: ... +def load_pem_pkcs7_certificates( + data: bytes, +) -> list[x509.Certificate]: ... +def load_der_pkcs7_certificates( + data: bytes, +) -> list[x509.Certificate]: ... diff --git a/src/cryptography/hazmat/bindings/_rust/test_support.pyi b/src/cryptography/hazmat/bindings/_rust/test_support.pyi new file mode 100644 index 0000000..a53ee25 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/test_support.pyi @@ -0,0 +1,29 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography import x509 +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.serialization import pkcs7 + +class TestCertificate: + not_after_tag: int + not_before_tag: int + issuer_value_tags: list[int] + subject_value_tags: list[int] + +def test_parse_certificate(data: bytes) -> TestCertificate: ... +def pkcs7_decrypt( + encoding: serialization.Encoding, + msg: bytes, + pkey: serialization.pkcs7.PKCS7PrivateKeyTypes, + cert_recipient: x509.Certificate, + options: list[pkcs7.PKCS7Options], +) -> bytes: ... +def pkcs7_verify( + encoding: serialization.Encoding, + sig: bytes, + msg: bytes | None, + certs: list[x509.Certificate], + options: list[pkcs7.PKCS7Options], +) -> None: ... diff --git a/src/cryptography/hazmat/bindings/_rust/x509.pyi b/src/cryptography/hazmat/bindings/_rust/x509.pyi index 317deb6..aa85657 100644 --- a/src/cryptography/hazmat/bindings/_rust/x509.pyi +++ b/src/cryptography/hazmat/bindings/_rust/x509.pyi @@ -7,30 +7,49 @@ import typing from cryptography import x509 from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric.types import PRIVATE_KEY_TYPES - -def load_pem_x509_certificate(data: bytes) -> x509.Certificate: ... -def load_der_x509_certificate(data: bytes) -> x509.Certificate: ... -def load_pem_x509_crl(data: bytes) -> x509.CertificateRevocationList: ... -def load_der_x509_crl(data: bytes) -> x509.CertificateRevocationList: ... -def load_pem_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ... -def load_der_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ... +from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15 +from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes + +def load_pem_x509_certificate( + data: bytes, backend: typing.Any = None +) -> x509.Certificate: ... +def load_der_x509_certificate( + data: bytes, backend: typing.Any = None +) -> x509.Certificate: ... +def load_pem_x509_certificates( + data: bytes, +) -> list[x509.Certificate]: ... +def load_pem_x509_crl( + data: bytes, backend: typing.Any = None +) -> x509.CertificateRevocationList: ... +def load_der_x509_crl( + data: bytes, backend: typing.Any = None +) -> x509.CertificateRevocationList: ... +def load_pem_x509_csr( + data: bytes, backend: typing.Any = None +) -> x509.CertificateSigningRequest: ... +def load_der_x509_csr( + data: bytes, backend: typing.Any = None +) -> x509.CertificateSigningRequest: ... def encode_name_bytes(name: x509.Name) -> bytes: ... def encode_extension_value(extension: x509.ExtensionType) -> bytes: ... def create_x509_certificate( builder: x509.CertificateBuilder, - private_key: PRIVATE_KEY_TYPES, - hash_algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: PrivateKeyTypes, + hash_algorithm: hashes.HashAlgorithm | None, + rsa_padding: PKCS1v15 | PSS | None, ) -> x509.Certificate: ... def create_x509_csr( builder: x509.CertificateSigningRequestBuilder, - private_key: PRIVATE_KEY_TYPES, - hash_algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: PrivateKeyTypes, + hash_algorithm: hashes.HashAlgorithm | None, + rsa_padding: PKCS1v15 | PSS | None, ) -> x509.CertificateSigningRequest: ... def create_x509_crl( builder: x509.CertificateRevocationListBuilder, - private_key: PRIVATE_KEY_TYPES, - hash_algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: PrivateKeyTypes, + hash_algorithm: hashes.HashAlgorithm | None, + rsa_padding: PKCS1v15 | PSS | None, ) -> x509.CertificateRevocationList: ... class Sct: ... @@ -38,3 +57,52 @@ class Certificate: ... class RevokedCertificate: ... class CertificateRevocationList: ... class CertificateSigningRequest: ... + +class PolicyBuilder: + def time(self, new_time: datetime.datetime) -> PolicyBuilder: ... + def store(self, new_store: Store) -> PolicyBuilder: ... + def max_chain_depth(self, new_max_chain_depth: int) -> PolicyBuilder: ... + def build_client_verifier(self) -> ClientVerifier: ... + def build_server_verifier( + self, subject: x509.verification.Subject + ) -> ServerVerifier: ... + +class VerifiedClient: + @property + def subjects(self) -> list[x509.GeneralName]: ... + @property + def chain(self) -> list[x509.Certificate]: ... + +class ClientVerifier: + @property + def validation_time(self) -> datetime.datetime: ... + @property + def store(self) -> Store: ... + @property + def max_chain_depth(self) -> int: ... + def verify( + self, + leaf: x509.Certificate, + intermediates: list[x509.Certificate], + ) -> VerifiedClient: ... + +class ServerVerifier: + @property + def subject(self) -> x509.verification.Subject: ... + @property + def validation_time(self) -> datetime.datetime: ... + @property + def store(self) -> Store: ... + @property + def max_chain_depth(self) -> int: ... + def verify( + self, + leaf: x509.Certificate, + intermediates: list[x509.Certificate], + ) -> list[x509.Certificate]: ... + +class Store: + def __init__(self, certs: list[x509.Certificate]) -> None: ... + +class VerificationError(Exception): + pass diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 10f307a..73c06f7 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -2,35 +2,17 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import typing +from __future__ import annotations -def cryptography_has_ec2m() -> typing.List[str]: - return [ - "EC_POINT_get_affine_coordinates_GF2m", - ] - - -def cryptography_has_ssl3_method() -> typing.List[str]: - return [ - "SSLv3_method", - "SSLv3_client_method", - "SSLv3_server_method", - ] - - -def cryptography_has_110_verification_params() -> typing.List[str]: - return ["X509_CHECK_FLAG_NEVER_CHECK_SUBJECT"] - - -def cryptography_has_set_cert_cb() -> typing.List[str]: +def cryptography_has_set_cert_cb() -> list[str]: return [ "SSL_CTX_set_cert_cb", "SSL_set_cert_cb", ] -def cryptography_has_ssl_st() -> typing.List[str]: +def cryptography_has_ssl_st() -> list[str]: return [ "SSL_ST_BEFORE", "SSL_ST_OK", @@ -39,93 +21,20 @@ def cryptography_has_ssl_st() -> typing.List[str]: ] -def cryptography_has_tls_st() -> typing.List[str]: +def cryptography_has_tls_st() -> list[str]: return [ "TLS_ST_BEFORE", "TLS_ST_OK", ] -def cryptography_has_scrypt() -> typing.List[str]: - return [ - "EVP_PBE_scrypt", - ] - - -def cryptography_has_evp_pkey_dhx() -> typing.List[str]: - return [ - "EVP_PKEY_DHX", - ] - - -def cryptography_has_mem_functions() -> typing.List[str]: - return [ - "Cryptography_CRYPTO_set_mem_functions", - ] - - -def cryptography_has_x509_store_ctx_get_issuer() -> typing.List[str]: - return [ - "X509_STORE_get_get_issuer", - "X509_STORE_set_get_issuer", - ] - - -def cryptography_has_ed448() -> typing.List[str]: - return [ - "EVP_PKEY_ED448", - "NID_ED448", - ] - - -def cryptography_has_ed25519() -> typing.List[str]: - return [ - "NID_ED25519", - "EVP_PKEY_ED25519", - ] - - -def cryptography_has_poly1305() -> typing.List[str]: - return [ - "NID_poly1305", - "EVP_PKEY_POLY1305", - ] - - -def cryptography_has_oneshot_evp_digest_sign_verify() -> typing.List[str]: - return [ - "EVP_DigestSign", - "EVP_DigestVerify", - ] - - -def cryptography_has_evp_digestfinal_xof() -> typing.List[str]: - return [ - "EVP_DigestFinalXOF", - ] - - -def cryptography_has_evp_pkey_get_set_tls_encodedpoint() -> typing.List[str]: - return [ - "EVP_PKEY_get1_tls_encodedpoint", - "EVP_PKEY_set1_tls_encodedpoint", - ] - - -def cryptography_has_fips() -> typing.List[str]: - return [ - "FIPS_mode_set", - "FIPS_mode", - ] - - -def cryptography_has_ssl_sigalgs() -> typing.List[str]: +def cryptography_has_ssl_sigalgs() -> list[str]: return [ "SSL_CTX_set1_sigalgs_list", ] -def cryptography_has_psk() -> typing.List[str]: +def cryptography_has_psk() -> list[str]: return [ "SSL_CTX_use_psk_identity_hint", "SSL_CTX_set_psk_server_callback", @@ -133,7 +42,7 @@ def cryptography_has_psk() -> typing.List[str]: ] -def cryptography_has_psk_tlsv13() -> typing.List[str]: +def cryptography_has_psk_tlsv13() -> list[str]: return [ "SSL_CTX_set_psk_find_session_callback", "SSL_CTX_set_psk_use_session_callback", @@ -145,7 +54,7 @@ def cryptography_has_psk_tlsv13() -> typing.List[str]: ] -def cryptography_has_custom_ext() -> typing.List[str]: +def cryptography_has_custom_ext() -> list[str]: return [ "SSL_CTX_add_client_custom_ext", "SSL_CTX_add_server_custom_ext", @@ -153,20 +62,7 @@ def cryptography_has_custom_ext() -> typing.List[str]: ] -def cryptography_has_openssl_cleanup() -> typing.List[str]: - return [ - "OPENSSL_cleanup", - ] - - -def cryptography_has_tlsv13() -> typing.List[str]: - return [ - "TLS1_3_VERSION", - "SSL_OP_NO_TLSv1_3", - ] - - -def cryptography_has_tlsv13_functions() -> typing.List[str]: +def cryptography_has_tlsv13_functions() -> list[str]: return [ "SSL_VERIFY_POST_HANDSHAKE", "SSL_CTX_set_ciphersuites", @@ -180,23 +76,7 @@ def cryptography_has_tlsv13_functions() -> typing.List[str]: ] -def cryptography_has_keylog() -> typing.List[str]: - return [ - "SSL_CTX_set_keylog_callback", - "SSL_CTX_get_keylog_callback", - ] - - -def cryptography_has_raw_key() -> typing.List[str]: - return [ - "EVP_PKEY_new_raw_private_key", - "EVP_PKEY_new_raw_public_key", - "EVP_PKEY_get_raw_private_key", - "EVP_PKEY_get_raw_public_key", - ] - - -def cryptography_has_engine() -> typing.List[str]: +def cryptography_has_engine() -> list[str]: return [ "ENGINE_by_id", "ENGINE_init", @@ -207,7 +87,6 @@ def cryptography_has_engine() -> typing.List[str]: "ENGINE_ctrl_cmd", "ENGINE_free", "ENGINE_get_name", - "Cryptography_add_osrandom_engine", "ENGINE_ctrl_cmd_string", "ENGINE_load_builtin_engines", "ENGINE_load_private_key", @@ -216,13 +95,13 @@ def cryptography_has_engine() -> typing.List[str]: ] -def cryptography_has_verified_chain() -> typing.List[str]: +def cryptography_has_verified_chain() -> list[str]: return [ "SSL_get0_verified_chain", ] -def cryptography_has_srtp() -> typing.List[str]: +def cryptography_has_srtp() -> list[str]: return [ "SSL_CTX_set_tlsext_use_srtp", "SSL_set_tlsext_use_srtp", @@ -230,45 +109,19 @@ def cryptography_has_srtp() -> typing.List[str]: ] -def cryptography_has_get_proto_version() -> typing.List[str]: - return [ - "SSL_CTX_get_min_proto_version", - "SSL_CTX_get_max_proto_version", - "SSL_get_min_proto_version", - "SSL_get_max_proto_version", - ] - - -def cryptography_has_providers() -> typing.List[str]: - return [ - "OSSL_PROVIDER_load", - "OSSL_PROVIDER_unload", - "ERR_LIB_PROV", - "PROV_R_WRONG_FINAL_BLOCK_LENGTH", - "PROV_R_BAD_DECRYPT", - ] - - -def cryptography_has_op_no_renegotiation() -> typing.List[str]: +def cryptography_has_op_no_renegotiation() -> list[str]: return [ "SSL_OP_NO_RENEGOTIATION", ] -def cryptography_has_dtls_get_data_mtu() -> typing.List[str]: +def cryptography_has_dtls_get_data_mtu() -> list[str]: return [ "DTLS_get_data_mtu", ] -def cryptography_has_300_fips() -> typing.List[str]: - return [ - "EVP_default_properties_is_fips_enabled", - "EVP_default_properties_enable_fips", - ] - - -def cryptography_has_ssl_cookie() -> typing.List[str]: +def cryptography_has_ssl_cookie() -> list[str]: return [ "SSL_OP_COOKIE_EXCHANGE", "DTLSv1_listen", @@ -277,112 +130,54 @@ def cryptography_has_ssl_cookie() -> typing.List[str]: ] -def cryptography_has_pkcs7_funcs() -> typing.List[str]: +def cryptography_has_prime_checks() -> list[str]: return [ - "SMIME_write_PKCS7", - "PEM_write_bio_PKCS7_stream", - "PKCS7_sign_add_signer", - "PKCS7_final", - "PKCS7_verify", - "SMIME_read_PKCS7", - "PKCS7_get0_signers", - ] - - -def cryptography_has_bn_flags() -> typing.List[str]: - return [ - "BN_FLG_CONSTTIME", - "BN_set_flags", "BN_prime_checks_for_size", ] -def cryptography_has_evp_pkey_dh() -> typing.List[str]: - return [ - "EVP_PKEY_set1_DH", - ] - - -def cryptography_has_300_evp_cipher() -> typing.List[str]: - return ["EVP_CIPHER_fetch", "EVP_CIPHER_free"] - - -def cryptography_has_unexpected_eof_while_reading() -> typing.List[str]: +def cryptography_has_unexpected_eof_while_reading() -> list[str]: return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"] -def cryptography_has_pkcs12_set_mac() -> typing.List[str]: - return ["PKCS12_set_mac"] - - -def cryptography_has_ssl_op_ignore_unexpected_eof() -> typing.List[str]: +def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]: return [ "SSL_OP_IGNORE_UNEXPECTED_EOF", ] +def cryptography_has_get_extms_support() -> list[str]: + return ["SSL_get_extms_support"] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed # when cffi supports #if in cdef. We use functions instead of just a dict of # lists so we can use coverage to measure which are used. CONDITIONAL_NAMES = { - "Cryptography_HAS_EC2M": cryptography_has_ec2m, - "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method, - "Cryptography_HAS_110_VERIFICATION_PARAMS": ( - cryptography_has_110_verification_params - ), "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb, "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st, "Cryptography_HAS_TLS_ST": cryptography_has_tls_st, - "Cryptography_HAS_SCRYPT": cryptography_has_scrypt, - "Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx, - "Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions, - "Cryptography_HAS_X509_STORE_CTX_GET_ISSUER": ( - cryptography_has_x509_store_ctx_get_issuer - ), - "Cryptography_HAS_ED448": cryptography_has_ed448, - "Cryptography_HAS_ED25519": cryptography_has_ed25519, - "Cryptography_HAS_POLY1305": cryptography_has_poly1305, - "Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY": ( - cryptography_has_oneshot_evp_digest_sign_verify - ), - "Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint": ( - cryptography_has_evp_pkey_get_set_tls_encodedpoint - ), - "Cryptography_HAS_FIPS": cryptography_has_fips, "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs, "Cryptography_HAS_PSK": cryptography_has_psk, "Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13, "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext, - "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup, - "Cryptography_HAS_TLSv1_3": cryptography_has_tlsv13, "Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions, - "Cryptography_HAS_KEYLOG": cryptography_has_keylog, - "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key, - "Cryptography_HAS_EVP_DIGESTFINAL_XOF": ( - cryptography_has_evp_digestfinal_xof - ), "Cryptography_HAS_ENGINE": cryptography_has_engine, "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain, "Cryptography_HAS_SRTP": cryptography_has_srtp, - "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version, - "Cryptography_HAS_PROVIDERS": cryptography_has_providers, "Cryptography_HAS_OP_NO_RENEGOTIATION": ( cryptography_has_op_no_renegotiation ), "Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu, - "Cryptography_HAS_300_FIPS": cryptography_has_300_fips, "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie, - "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs, - "Cryptography_HAS_BN_FLAGS": cryptography_has_bn_flags, - "Cryptography_HAS_EVP_PKEY_DH": cryptography_has_evp_pkey_dh, - "Cryptography_HAS_300_EVP_CIPHER": cryptography_has_300_evp_cipher, + "Cryptography_HAS_PRIME_CHECKS": cryptography_has_prime_checks, "Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": ( cryptography_has_unexpected_eof_while_reading ), - "Cryptography_HAS_PKCS12_SET_MAC": cryptography_has_pkcs12_set_mac, "Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": ( cryptography_has_ssl_op_ignore_unexpected_eof ), + "Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support, } diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 2b4c574..d4dfeef 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -2,90 +2,24 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations +import os +import sys import threading import types import typing import warnings import cryptography -from cryptography import utils from cryptography.exceptions import InternalError -from cryptography.hazmat.bindings._openssl import ffi, lib +from cryptography.hazmat.bindings._rust import _openssl, openssl from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES -_OpenSSLErrorWithText = typing.NamedTuple( - "_OpenSSLErrorWithText", - [("code", int), ("lib", int), ("reason", int), ("reason_text", bytes)], -) - -class _OpenSSLError: - def __init__(self, code: int, lib: int, reason: int): - self._code = code - self._lib = lib - self._reason = reason - - def _lib_reason_match(self, lib: int, reason: int) -> bool: - return lib == self.lib and reason == self.reason - - @property - def code(self) -> int: - return self._code - - @property - def lib(self) -> int: - return self._lib - - @property - def reason(self) -> int: - return self._reason - - -def _consume_errors(lib) -> typing.List[_OpenSSLError]: - errors = [] - while True: - code: int = lib.ERR_get_error() - if code == 0: - break - - err_lib: int = lib.ERR_GET_LIB(code) - err_reason: int = lib.ERR_GET_REASON(code) - - errors.append(_OpenSSLError(code, err_lib, err_reason)) - - return errors - - -def _errors_with_text( - errors: typing.List[_OpenSSLError], -) -> typing.List[_OpenSSLErrorWithText]: - errors_with_text = [] - for err in errors: - buf = ffi.new("char[]", 256) - lib.ERR_error_string_n(err.code, buf, len(buf)) - err_text_reason: bytes = ffi.string(buf) - - errors_with_text.append( - _OpenSSLErrorWithText( - err.code, err.lib, err.reason, err_text_reason - ) - ) - - return errors_with_text - - -def _consume_errors_with_text(lib): - return _errors_with_text(_consume_errors(lib)) - - -def _openssl_assert( - lib, ok: bool, errors: typing.Optional[typing.List[_OpenSSLError]] = None -) -> None: +def _openssl_assert(ok: bool) -> None: if not ok: - if errors is None: - errors = _consume_errors(lib) - errors_with_text = _errors_with_text(errors) + errors = openssl.capture_error_stack() raise InternalError( "Unknown OpenSSL error. This error is commonly encountered when " @@ -94,12 +28,15 @@ def _openssl_assert( "OpenSSL try disabling it before reporting a bug. Otherwise " "please file an issue at https://github.com/pyca/cryptography/" "issues with information on how to reproduce " - "this. ({0!r})".format(errors_with_text), - errors_with_text, + f"this. ({errors!r})", + errors, ) -def build_conditional_library(lib, conditional_names): +def build_conditional_library( + lib: typing.Any, + conditional_names: dict[str, typing.Callable[[], list[str]]], +) -> typing.Any: conditional_lib = types.ModuleType("lib") conditional_lib._original_lib = lib # type: ignore[attr-defined] excluded_names = set() @@ -120,89 +57,28 @@ class Binding: """ lib: typing.ClassVar = None - ffi = ffi + ffi = _openssl.ffi _lib_loaded = False _init_lock = threading.Lock() - _legacy_provider: typing.Any = None - _default_provider: typing.Any = None - def __init__(self): + def __init__(self) -> None: self._ensure_ffi_initialized() - def _enable_fips(self) -> None: - # This function enables FIPS mode for OpenSSL 3.0.0 on installs that - # have the FIPS provider installed properly. - _openssl_assert(self.lib, self.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER) - self._base_provider = self.lib.OSSL_PROVIDER_load( - self.ffi.NULL, b"base" - ) - _openssl_assert(self.lib, self._base_provider != self.ffi.NULL) - self.lib._fips_provider = self.lib.OSSL_PROVIDER_load( - self.ffi.NULL, b"fips" - ) - _openssl_assert(self.lib, self.lib._fips_provider != self.ffi.NULL) - - res = self.lib.EVP_default_properties_enable_fips(self.ffi.NULL, 1) - _openssl_assert(self.lib, res == 1) - - @classmethod - def _register_osrandom_engine(cls): - # Clear any errors extant in the queue before we start. In many - # scenarios other things may be interacting with OpenSSL in the same - # process space and it has proven untenable to assume that they will - # reliably clear the error queue. Once we clear it here we will - # error on any subsequent unexpected item in the stack. - cls.lib.ERR_clear_error() - if cls.lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE: - result = cls.lib.Cryptography_add_osrandom_engine() - _openssl_assert(cls.lib, result in (1, 2)) - @classmethod - def _ensure_ffi_initialized(cls): + def _ensure_ffi_initialized(cls) -> None: with cls._init_lock: if not cls._lib_loaded: - cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES) + cls.lib = build_conditional_library( + _openssl.lib, CONDITIONAL_NAMES + ) cls._lib_loaded = True - cls._register_osrandom_engine() - # As of OpenSSL 3.0.0 we must register a legacy cipher provider - # to get RC2 (needed for junk asymmetric private key - # serialization), RC4, Blowfish, IDEA, SEED, etc. These things - # are ugly legacy, but we aren't going to get rid of them - # any time soon. - if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - cls._legacy_provider = cls.lib.OSSL_PROVIDER_load( - cls.ffi.NULL, b"legacy" - ) - _openssl_assert( - cls.lib, cls._legacy_provider != cls.ffi.NULL - ) - cls._default_provider = cls.lib.OSSL_PROVIDER_load( - cls.ffi.NULL, b"default" - ) - _openssl_assert( - cls.lib, cls._default_provider != cls.ffi.NULL - ) @classmethod - def init_static_locks(cls): + def init_static_locks(cls) -> None: cls._ensure_ffi_initialized() -def _verify_openssl_version(lib): - if ( - lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 - and not lib.CRYPTOGRAPHY_IS_LIBRESSL - and not lib.CRYPTOGRAPHY_IS_BORINGSSL - ): - warnings.warn( - "OpenSSL version 1.1.0 is no longer supported by the OpenSSL " - "project, please upgrade. The next release of cryptography will " - "drop support for OpenSSL 1.1.0.", - utils.DeprecatedIn37, - ) - - -def _verify_package_version(version): +def _verify_package_version(version: str) -> None: # Occasionally we run into situations where the version of the Python # package does not match the version of the shared object that is loaded. # This may occur in environments where multiple versions of cryptography @@ -210,21 +86,36 @@ def _verify_package_version(version): # up later this code checks that the currently imported package and the # shared object that were loaded have the same version and raise an # ImportError if they do not - so_package_version = ffi.string(lib.CRYPTOGRAPHY_PACKAGE_VERSION) + so_package_version = _openssl.ffi.string( + _openssl.lib.CRYPTOGRAPHY_PACKAGE_VERSION + ) if version.encode("ascii") != so_package_version: raise ImportError( "The version of cryptography does not match the loaded " "shared object. This can happen if you have multiple copies of " "cryptography installed in your Python path. Please try creating " "a new virtual environment to resolve this issue. " - "Loaded python version: {}, shared object version: {}".format( - version, so_package_version - ) + f"Loaded python version: {version}, " + f"shared object version: {so_package_version}" ) + _openssl_assert( + _openssl.lib.OpenSSL_version_num() == openssl.openssl_version(), + ) + _verify_package_version(cryptography.__version__) Binding.init_static_locks() -_verify_openssl_version(Binding.lib) +if ( + sys.platform == "win32" + and os.environ.get("PROCESSOR_ARCHITEW6432") is not None +): + warnings.warn( + "You are using cryptography on a 32-bit Python on a 64-bit Windows " + "Operating System. Cryptography will be significantly faster if you " + "switch to using a 64-bit Python.", + UserWarning, + stacklevel=2, + ) diff --git a/src/_cffi_src/openssl/conf.py b/src/cryptography/hazmat/decrepit/__init__.py similarity index 55% rename from src/_cffi_src/openssl/conf.py rename to src/cryptography/hazmat/decrepit/__init__.py index dd1e80a..41d7318 100644 --- a/src/_cffi_src/openssl/conf.py +++ b/src/cryptography/hazmat/decrepit/__init__.py @@ -2,17 +2,4 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - -INCLUDES = """ -#include -""" - -TYPES = """ -""" - -FUNCTIONS = """ -void OPENSSL_config(const char *); -""" - -CUSTOMIZATIONS = """ -""" +from __future__ import annotations diff --git a/src/cryptography/hazmat/decrepit/ciphers/__init__.py b/src/cryptography/hazmat/decrepit/ciphers/__init__.py new file mode 100644 index 0000000..41d7318 --- /dev/null +++ b/src/cryptography/hazmat/decrepit/ciphers/__init__.py @@ -0,0 +1,5 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations diff --git a/src/cryptography/hazmat/decrepit/ciphers/algorithms.py b/src/cryptography/hazmat/decrepit/ciphers/algorithms.py new file mode 100644 index 0000000..a7d4aa3 --- /dev/null +++ b/src/cryptography/hazmat/decrepit/ciphers/algorithms.py @@ -0,0 +1,107 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +from cryptography.hazmat.primitives._cipheralgorithm import ( + BlockCipherAlgorithm, + CipherAlgorithm, + _verify_key_size, +) + + +class ARC4(CipherAlgorithm): + name = "RC4" + key_sizes = frozenset([40, 56, 64, 80, 128, 160, 192, 256]) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +class TripleDES(BlockCipherAlgorithm): + name = "3DES" + block_size = 64 + key_sizes = frozenset([64, 128, 192]) + + def __init__(self, key: bytes): + if len(key) == 8: + key += key + key + elif len(key) == 16: + key += key[:8] + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +class Blowfish(BlockCipherAlgorithm): + name = "Blowfish" + block_size = 64 + key_sizes = frozenset(range(32, 449, 8)) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +class CAST5(BlockCipherAlgorithm): + name = "CAST5" + block_size = 64 + key_sizes = frozenset(range(40, 129, 8)) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +class SEED(BlockCipherAlgorithm): + name = "SEED" + block_size = 128 + key_sizes = frozenset([128]) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +class IDEA(BlockCipherAlgorithm): + name = "IDEA" + block_size = 64 + key_sizes = frozenset([128]) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 + + +# This class only allows RC2 with a 128-bit key. No support for +# effective key bits or other key sizes is provided. +class RC2(BlockCipherAlgorithm): + name = "RC2" + block_size = 64 + key_sizes = frozenset([128]) + + def __init__(self, key: bytes): + self.key = _verify_key_size(self, key) + + @property + def key_size(self) -> int: + return len(self.key) * 8 diff --git a/src/cryptography/hazmat/primitives/_asymmetric.py b/src/cryptography/hazmat/primitives/_asymmetric.py index cdadbde..ea55ffd 100644 --- a/src/cryptography/hazmat/primitives/_asymmetric.py +++ b/src/cryptography/hazmat/primitives/_asymmetric.py @@ -2,15 +2,17 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import abc +from __future__ import annotations +import abc # This exists to break an import cycle. It is normally accessible from the # asymmetric padding module. class AsymmetricPadding(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def name(self) -> str: """ A string naming this padding (e.g. "PSS", "PKCS1"). diff --git a/src/cryptography/hazmat/primitives/_cipheralgorithm.py b/src/cryptography/hazmat/primitives/_cipheralgorithm.py index 7f32204..588a616 100644 --- a/src/cryptography/hazmat/primitives/_cipheralgorithm.py +++ b/src/cryptography/hazmat/primitives/_cipheralgorithm.py @@ -2,39 +2,57 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import abc -import typing +from cryptography import utils # This exists to break an import cycle. It is normally accessible from the # ciphers module. class CipherAlgorithm(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def name(self) -> str: """ A string naming this mode (e.g. "AES", "Camellia"). """ - @abc.abstractproperty - def key_sizes(self) -> typing.FrozenSet[int]: + @property + @abc.abstractmethod + def key_sizes(self) -> frozenset[int]: """ Valid key sizes for this algorithm in bits """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The size of the key being used as an integer in bits (e.g. 128, 256). """ -class BlockCipherAlgorithm(metaclass=abc.ABCMeta): +class BlockCipherAlgorithm(CipherAlgorithm): key: bytes - @abc.abstractproperty + @property + @abc.abstractmethod def block_size(self) -> int: """ The size of a block as an integer in bits (e.g. 64, 128). """ + + +def _verify_key_size(algorithm: CipherAlgorithm, key: bytes) -> bytes: + # Verify that the key is instance of bytes + utils._check_byteslike("key", key) + + # Verify that the key size matches the expected key size + if len(key) * 8 not in algorithm.key_sizes: + raise ValueError( + f"Invalid key size ({len(key) * 8}) for {algorithm.name}." + ) + return key diff --git a/src/cryptography/hazmat/primitives/_serialization.py b/src/cryptography/hazmat/primitives/_serialization.py index fddb4c8..4615772 100644 --- a/src/cryptography/hazmat/primitives/_serialization.py +++ b/src/cryptography/hazmat/primitives/_serialization.py @@ -2,8 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import abc -import typing from cryptography import utils from cryptography.hazmat.primitives.hashes import HashAlgorithm @@ -33,7 +34,7 @@ class PrivateFormat(utils.Enum): OpenSSH = "OpenSSH" PKCS12 = "PKCS12" - def encryption_builder(self) -> "KeySerializationEncryptionBuilder": + def encryption_builder(self) -> KeySerializationEncryptionBuilder: if self not in (PrivateFormat.OpenSSH, PrivateFormat.PKCS12): raise ValueError( "encryption_builder only supported with PrivateFormat.OpenSSH" @@ -71,14 +72,14 @@ class NoEncryption(KeySerializationEncryption): pass -class KeySerializationEncryptionBuilder(object): +class KeySerializationEncryptionBuilder: def __init__( self, format: PrivateFormat, *, - _kdf_rounds: typing.Optional[int] = None, - _hmac_hash: typing.Optional[HashAlgorithm] = None, - _key_cert_algorithm: typing.Optional[PBES] = None, + _kdf_rounds: int | None = None, + _hmac_hash: HashAlgorithm | None = None, + _key_cert_algorithm: PBES | None = None, ) -> None: self._format = format @@ -86,7 +87,7 @@ def __init__( self._hmac_hash = _hmac_hash self._key_cert_algorithm = _key_cert_algorithm - def kdf_rounds(self, rounds: int) -> "KeySerializationEncryptionBuilder": + def kdf_rounds(self, rounds: int) -> KeySerializationEncryptionBuilder: if self._kdf_rounds is not None: raise ValueError("kdf_rounds already set") @@ -105,7 +106,7 @@ def kdf_rounds(self, rounds: int) -> "KeySerializationEncryptionBuilder": def hmac_hash( self, algorithm: HashAlgorithm - ) -> "KeySerializationEncryptionBuilder": + ) -> KeySerializationEncryptionBuilder: if self._format is not PrivateFormat.PKCS12: raise TypeError( "hmac_hash only supported with PrivateFormat.PKCS12" @@ -122,7 +123,7 @@ def hmac_hash( def key_cert_algorithm( self, algorithm: PBES - ) -> "KeySerializationEncryptionBuilder": + ) -> KeySerializationEncryptionBuilder: if self._format is not PrivateFormat.PKCS12: raise TypeError( "key_cert_algorithm only supported with " @@ -156,9 +157,9 @@ def __init__( format: PrivateFormat, password: bytes, *, - kdf_rounds: typing.Optional[int], - hmac_hash: typing.Optional[HashAlgorithm], - key_cert_algorithm: typing.Optional[PBES], + kdf_rounds: int | None, + hmac_hash: HashAlgorithm | None, + key_cert_algorithm: PBES | None, ): self._format = format self.password = password diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py index 2093ad4..31c9748 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/dh.py +++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py @@ -2,150 +2,24 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc -import typing +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization +generate_parameters = rust_openssl.dh.generate_parameters -_MIN_MODULUS_SIZE = 512 - -def generate_parameters( - generator: int, key_size: int, backend: typing.Any = None -) -> "DHParameters": - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.generate_dh_parameters(generator, key_size) - - -class DHParameterNumbers: - def __init__(self, p: int, g: int, q: typing.Optional[int] = None) -> None: - if not isinstance(p, int) or not isinstance(g, int): - raise TypeError("p and g must be integers") - if q is not None and not isinstance(q, int): - raise TypeError("q must be integer or None") - - if g < 2: - raise ValueError("DH generator must be 2 or greater") - - if p.bit_length() < _MIN_MODULUS_SIZE: - raise ValueError( - "p (modulus) must be at least {}-bit".format(_MIN_MODULUS_SIZE) - ) - - self._p = p - self._g = g - self._q = q - - def __eq__(self, other: object) -> bool: - if not isinstance(other, DHParameterNumbers): - return NotImplemented - - return ( - self._p == other._p and self._g == other._g and self._q == other._q - ) - - def parameters(self, backend: typing.Any = None) -> "DHParameters": - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_dh_parameter_numbers(self) - - @property - def p(self) -> int: - return self._p - - @property - def g(self) -> int: - return self._g - - @property - def q(self) -> typing.Optional[int]: - return self._q - - -class DHPublicNumbers: - def __init__(self, y: int, parameter_numbers: DHParameterNumbers) -> None: - if not isinstance(y, int): - raise TypeError("y must be an integer.") - - if not isinstance(parameter_numbers, DHParameterNumbers): - raise TypeError( - "parameters must be an instance of DHParameterNumbers." - ) - - self._y = y - self._parameter_numbers = parameter_numbers - - def __eq__(self, other: object) -> bool: - if not isinstance(other, DHPublicNumbers): - return NotImplemented - - return ( - self._y == other._y - and self._parameter_numbers == other._parameter_numbers - ) - - def public_key(self, backend: typing.Any = None) -> "DHPublicKey": - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_dh_public_numbers(self) - - @property - def y(self) -> int: - return self._y - - @property - def parameter_numbers(self) -> DHParameterNumbers: - return self._parameter_numbers - - -class DHPrivateNumbers: - def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: - if not isinstance(x, int): - raise TypeError("x must be an integer.") - - if not isinstance(public_numbers, DHPublicNumbers): - raise TypeError( - "public_numbers must be an instance of " "DHPublicNumbers." - ) - - self._x = x - self._public_numbers = public_numbers - - def __eq__(self, other: object) -> bool: - if not isinstance(other, DHPrivateNumbers): - return NotImplemented - - return ( - self._x == other._x - and self._public_numbers == other._public_numbers - ) - - def private_key(self, backend: typing.Any = None) -> "DHPrivateKey": - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_dh_private_numbers(self) - - @property - def public_numbers(self) -> DHPublicNumbers: - return self._public_numbers - - @property - def x(self) -> int: - return self._x +DHPrivateNumbers = rust_openssl.dh.DHPrivateNumbers +DHPublicNumbers = rust_openssl.dh.DHPublicNumbers +DHParameterNumbers = rust_openssl.dh.DHParameterNumbers class DHParameters(metaclass=abc.ABCMeta): @abc.abstractmethod - def generate_private_key(self) -> "DHPrivateKey": + def generate_private_key(self) -> DHPrivateKey: """ Generates and returns a DHPrivateKey. """ @@ -168,10 +42,12 @@ def parameter_numbers(self) -> DHParameterNumbers: DHParametersWithSerialization = DHParameters +DHParameters.register(rust_openssl.dh.DHParameters) class DHPublicKey(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the prime modulus. @@ -199,12 +75,20 @@ def public_bytes( Returns the key serialized as bytes. """ + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + DHPublicKeyWithSerialization = DHPublicKey +DHPublicKey.register(rust_openssl.dh.DHPublicKey) class DHPrivateKey(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the prime modulus. @@ -248,3 +132,4 @@ def private_bytes( DHPrivateKeyWithSerialization = DHPrivateKey +DHPrivateKey.register(rust_openssl.dh.DHPrivateKey) diff --git a/src/cryptography/hazmat/primitives/asymmetric/dsa.py b/src/cryptography/hazmat/primitives/asymmetric/dsa.py index 5e58709..6dd34c0 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/dsa.py +++ b/src/cryptography/hazmat/primitives/asymmetric/dsa.py @@ -2,42 +2,44 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import typing +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization, hashes -from cryptography.hazmat.primitives.asymmetric import ( - utils as asym_utils, -) +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils class DSAParameters(metaclass=abc.ABCMeta): @abc.abstractmethod - def generate_private_key(self) -> "DSAPrivateKey": + def generate_private_key(self) -> DSAPrivateKey: """ Generates and returns a DSAPrivateKey. """ @abc.abstractmethod - def parameter_numbers(self) -> "DSAParameterNumbers": + def parameter_numbers(self) -> DSAParameterNumbers: """ Returns a DSAParameterNumbers. """ DSAParametersWithNumbers = DSAParameters +DSAParameters.register(rust_openssl.dsa.DSAParameters) class DSAPrivateKey(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the prime modulus. """ @abc.abstractmethod - def public_key(self) -> "DSAPublicKey": + def public_key(self) -> DSAPublicKey: """ The DSAPublicKey associated with this private key. """ @@ -52,14 +54,14 @@ def parameters(self) -> DSAParameters: def sign( self, data: bytes, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], + algorithm: asym_utils.Prehashed | hashes.HashAlgorithm, ) -> bytes: """ Signs the data """ @abc.abstractmethod - def private_numbers(self) -> "DSAPrivateNumbers": + def private_numbers(self) -> DSAPrivateNumbers: """ Returns a DSAPrivateNumbers. """ @@ -77,10 +79,12 @@ def private_bytes( DSAPrivateKeyWithSerialization = DSAPrivateKey +DSAPrivateKey.register(rust_openssl.dsa.DSAPrivateKey) class DSAPublicKey(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the prime modulus. @@ -93,7 +97,7 @@ def parameters(self) -> DSAParameters: """ @abc.abstractmethod - def public_numbers(self) -> "DSAPublicNumbers": + def public_numbers(self) -> DSAPublicNumbers: """ Returns a DSAPublicNumbers. """ @@ -113,176 +117,38 @@ def verify( self, signature: bytes, data: bytes, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], + algorithm: asym_utils.Prehashed | hashes.HashAlgorithm, ) -> None: """ Verifies the signature of the data. """ - -DSAPublicKeyWithSerialization = DSAPublicKey - - -class DSAParameterNumbers: - def __init__(self, p: int, q: int, g: int): - if ( - not isinstance(p, int) - or not isinstance(q, int) - or not isinstance(g, int) - ): - raise TypeError( - "DSAParameterNumbers p, q, and g arguments must be integers." - ) - - self._p = p - self._q = q - self._g = g - - @property - def p(self) -> int: - return self._p - - @property - def q(self) -> int: - return self._q - - @property - def g(self) -> int: - return self._g - - def parameters(self, backend: typing.Any = None) -> DSAParameters: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_dsa_parameter_numbers(self) - - def __eq__(self, other: object) -> bool: - if not isinstance(other, DSAParameterNumbers): - return NotImplemented - - return self.p == other.p and self.q == other.q and self.g == other.g - - def __repr__(self) -> str: - return ( - "".format(self=self) - ) - - -class DSAPublicNumbers: - def __init__(self, y: int, parameter_numbers: DSAParameterNumbers): - if not isinstance(y, int): - raise TypeError("DSAPublicNumbers y argument must be an integer.") - - if not isinstance(parameter_numbers, DSAParameterNumbers): - raise TypeError( - "parameter_numbers must be a DSAParameterNumbers instance." - ) - - self._y = y - self._parameter_numbers = parameter_numbers - - @property - def y(self) -> int: - return self._y - - @property - def parameter_numbers(self) -> DSAParameterNumbers: - return self._parameter_numbers - - def public_key(self, backend: typing.Any = None) -> DSAPublicKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_dsa_public_numbers(self) - + @abc.abstractmethod def __eq__(self, other: object) -> bool: - if not isinstance(other, DSAPublicNumbers): - return NotImplemented - - return ( - self.y == other.y - and self.parameter_numbers == other.parameter_numbers - ) - - def __repr__(self) -> str: - return ( - "".format(self=self) - ) - - -class DSAPrivateNumbers: - def __init__(self, x: int, public_numbers: DSAPublicNumbers): - if not isinstance(x, int): - raise TypeError("DSAPrivateNumbers x argument must be an integer.") - - if not isinstance(public_numbers, DSAPublicNumbers): - raise TypeError( - "public_numbers must be a DSAPublicNumbers instance." - ) - self._public_numbers = public_numbers - self._x = x - - @property - def x(self) -> int: - return self._x - - @property - def public_numbers(self) -> DSAPublicNumbers: - return self._public_numbers - - def private_key(self, backend: typing.Any = None) -> DSAPrivateKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) + """ + Checks equality. + """ - return ossl.load_dsa_private_numbers(self) - def __eq__(self, other: object) -> bool: - if not isinstance(other, DSAPrivateNumbers): - return NotImplemented +DSAPublicKeyWithSerialization = DSAPublicKey +DSAPublicKey.register(rust_openssl.dsa.DSAPublicKey) - return ( - self.x == other.x and self.public_numbers == other.public_numbers - ) +DSAPrivateNumbers = rust_openssl.dsa.DSAPrivateNumbers +DSAPublicNumbers = rust_openssl.dsa.DSAPublicNumbers +DSAParameterNumbers = rust_openssl.dsa.DSAParameterNumbers def generate_parameters( key_size: int, backend: typing.Any = None ) -> DSAParameters: - from cryptography.hazmat.backends.openssl.backend import backend as ossl + if key_size not in (1024, 2048, 3072, 4096): + raise ValueError("Key size must be 1024, 2048, 3072, or 4096 bits.") - return ossl.generate_dsa_parameters(key_size) + return rust_openssl.dsa.generate_parameters(key_size) def generate_private_key( key_size: int, backend: typing.Any = None ) -> DSAPrivateKey: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.generate_dsa_private_key_and_parameters(key_size) - - -def _check_dsa_parameters(parameters: DSAParameterNumbers) -> None: - if parameters.p.bit_length() not in [1024, 2048, 3072, 4096]: - raise ValueError( - "p must be exactly 1024, 2048, 3072, or 4096 bits long" - ) - if parameters.q.bit_length() not in [160, 224, 256]: - raise ValueError("q must be exactly 160, 224, or 256 bits long") - - if not (1 < parameters.g < parameters.p): - raise ValueError("g, p don't satisfy 1 < g < p.") - - -def _check_dsa_private_numbers(numbers: DSAPrivateNumbers) -> None: - parameters = numbers.public_numbers.parameter_numbers - _check_dsa_parameters(parameters) - if numbers.x <= 0 or numbers.x >= parameters.q: - raise ValueError("x must be > 0 and < q.") - - if numbers.public_numbers.y != pow(parameters.g, numbers.x, parameters.p): - raise ValueError("y must be equal to (g ** x % p).") + parameters = generate_parameters(key_size) + return parameters.generate_private_key() diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 3aaa382..da1fbea 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -2,17 +2,17 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import typing -import warnings from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat._oid import ObjectIdentifier +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization, hashes -from cryptography.hazmat.primitives.asymmetric import ( - utils as asym_utils, -) +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils class EllipticCurveOID: @@ -38,13 +38,15 @@ class EllipticCurveOID: class EllipticCurve(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def name(self) -> str: """ The name of the curve. e.g. secp256r1. """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ Bit size of a secret scalar for the curve. @@ -52,10 +54,11 @@ def key_size(self) -> int: class EllipticCurveSignatureAlgorithm(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def algorithm( self, - ) -> typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm]: + ) -> asym_utils.Prehashed | hashes.HashAlgorithm: """ The digest algorithm used with this signature. """ @@ -64,7 +67,7 @@ def algorithm( class EllipticCurvePrivateKey(metaclass=abc.ABCMeta): @abc.abstractmethod def exchange( - self, algorithm: "ECDH", peer_public_key: "EllipticCurvePublicKey" + self, algorithm: ECDH, peer_public_key: EllipticCurvePublicKey ) -> bytes: """ Performs a key exchange operation using the provided algorithm with the @@ -72,18 +75,20 @@ def exchange( """ @abc.abstractmethod - def public_key(self) -> "EllipticCurvePublicKey": + def public_key(self) -> EllipticCurvePublicKey: """ The EllipticCurvePublicKey for this private key. """ - @abc.abstractproperty + @property + @abc.abstractmethod def curve(self) -> EllipticCurve: """ The EllipticCurve that this key is on. """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ Bit size of a secret scalar for the curve. @@ -100,7 +105,7 @@ def sign( """ @abc.abstractmethod - def private_numbers(self) -> "EllipticCurvePrivateNumbers": + def private_numbers(self) -> EllipticCurvePrivateNumbers: """ Returns an EllipticCurvePrivateNumbers. """ @@ -118,23 +123,26 @@ def private_bytes( EllipticCurvePrivateKeyWithSerialization = EllipticCurvePrivateKey +EllipticCurvePrivateKey.register(rust_openssl.ec.ECPrivateKey) class EllipticCurvePublicKey(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def curve(self) -> EllipticCurve: """ The EllipticCurve that this key is on. """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ Bit size of a secret scalar for the curve. """ @abc.abstractmethod - def public_numbers(self) -> "EllipticCurvePublicNumbers": + def public_numbers(self) -> EllipticCurvePublicNumbers: """ Returns an EllipticCurvePublicNumbers. """ @@ -163,24 +171,29 @@ def verify( @classmethod def from_encoded_point( cls, curve: EllipticCurve, data: bytes - ) -> "EllipticCurvePublicKey": + ) -> EllipticCurvePublicKey: utils._check_bytes("data", data) - if not isinstance(curve, EllipticCurve): - raise TypeError("curve must be an EllipticCurve instance") - if len(data) == 0: raise ValueError("data must not be an empty byte string") if data[0] not in [0x02, 0x03, 0x04]: raise ValueError("Unsupported elliptic curve point type") - from cryptography.hazmat.backends.openssl.backend import backend + return rust_openssl.ec.from_public_bytes(curve, data) - return backend.load_elliptic_curve_public_bytes(curve, data) + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey +EllipticCurvePublicKey.register(rust_openssl.ec.ECPublicKey) + +EllipticCurvePrivateNumbers = rust_openssl.ec.EllipticCurvePrivateNumbers +EllipticCurvePublicNumbers = rust_openssl.ec.EllipticCurvePublicNumbers class SECT571R1(EllipticCurve): @@ -278,51 +291,65 @@ class BrainpoolP512R1(EllipticCurve): key_size = 512 -_CURVE_TYPES: typing.Dict[str, typing.Type[EllipticCurve]] = { - "prime192v1": SECP192R1, - "prime256v1": SECP256R1, - "secp192r1": SECP192R1, - "secp224r1": SECP224R1, - "secp256r1": SECP256R1, - "secp384r1": SECP384R1, - "secp521r1": SECP521R1, - "secp256k1": SECP256K1, - "sect163k1": SECT163K1, - "sect233k1": SECT233K1, - "sect283k1": SECT283K1, - "sect409k1": SECT409K1, - "sect571k1": SECT571K1, - "sect163r2": SECT163R2, - "sect233r1": SECT233R1, - "sect283r1": SECT283R1, - "sect409r1": SECT409R1, - "sect571r1": SECT571R1, - "brainpoolP256r1": BrainpoolP256R1, - "brainpoolP384r1": BrainpoolP384R1, - "brainpoolP512r1": BrainpoolP512R1, +_CURVE_TYPES: dict[str, EllipticCurve] = { + "prime192v1": SECP192R1(), + "prime256v1": SECP256R1(), + "secp192r1": SECP192R1(), + "secp224r1": SECP224R1(), + "secp256r1": SECP256R1(), + "secp384r1": SECP384R1(), + "secp521r1": SECP521R1(), + "secp256k1": SECP256K1(), + "sect163k1": SECT163K1(), + "sect233k1": SECT233K1(), + "sect283k1": SECT283K1(), + "sect409k1": SECT409K1(), + "sect571k1": SECT571K1(), + "sect163r2": SECT163R2(), + "sect233r1": SECT233R1(), + "sect283r1": SECT283R1(), + "sect409r1": SECT409R1(), + "sect571r1": SECT571R1(), + "brainpoolP256r1": BrainpoolP256R1(), + "brainpoolP384r1": BrainpoolP384R1(), + "brainpoolP512r1": BrainpoolP512R1(), } class ECDSA(EllipticCurveSignatureAlgorithm): def __init__( self, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], + algorithm: asym_utils.Prehashed | hashes.HashAlgorithm, + deterministic_signing: bool = False, ): + from cryptography.hazmat.backends.openssl.backend import backend + + if ( + deterministic_signing + and not backend.ecdsa_deterministic_supported() + ): + raise UnsupportedAlgorithm( + "ECDSA with deterministic signature (RFC 6979) is not " + "supported by this version of OpenSSL.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, + ) self._algorithm = algorithm + self._deterministic_signing = deterministic_signing @property def algorithm( self, - ) -> typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm]: + ) -> asym_utils.Prehashed | hashes.HashAlgorithm: return self._algorithm + @property + def deterministic_signing( + self, + ) -> bool: + return self._deterministic_signing -def generate_private_key( - curve: EllipticCurve, backend: typing.Any = None -) -> EllipticCurvePrivateKey: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - return ossl.generate_elliptic_curve_private_key(curve) +generate_private_key = rust_openssl.ec.generate_private_key def derive_private_key( @@ -330,160 +357,13 @@ def derive_private_key( curve: EllipticCurve, backend: typing.Any = None, ) -> EllipticCurvePrivateKey: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - if not isinstance(private_value, int): raise TypeError("private_value must be an integer type.") if private_value <= 0: raise ValueError("private_value must be a positive integer.") - if not isinstance(curve, EllipticCurve): - raise TypeError("curve must provide the EllipticCurve interface.") - - return ossl.derive_elliptic_curve_private_key(private_value, curve) - - -class EllipticCurvePublicNumbers: - def __init__(self, x: int, y: int, curve: EllipticCurve): - if not isinstance(x, int) or not isinstance(y, int): - raise TypeError("x and y must be integers.") - - if not isinstance(curve, EllipticCurve): - raise TypeError("curve must provide the EllipticCurve interface.") - - self._y = y - self._x = x - self._curve = curve - - def public_key(self, backend: typing.Any = None) -> EllipticCurvePublicKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_elliptic_curve_public_numbers(self) - - def encode_point(self) -> bytes: - warnings.warn( - "encode_point has been deprecated on EllipticCurvePublicNumbers" - " and will be removed in a future version. Please use " - "EllipticCurvePublicKey.public_bytes to obtain both " - "compressed and uncompressed point encoding.", - utils.PersistentlyDeprecated2019, - stacklevel=2, - ) - # key_size is in bits. Convert to bytes and round up - byte_length = (self.curve.key_size + 7) // 8 - return ( - b"\x04" - + utils.int_to_bytes(self.x, byte_length) - + utils.int_to_bytes(self.y, byte_length) - ) - - @classmethod - def from_encoded_point( - cls, curve: EllipticCurve, data: bytes - ) -> "EllipticCurvePublicNumbers": - if not isinstance(curve, EllipticCurve): - raise TypeError("curve must be an EllipticCurve instance") - - warnings.warn( - "Support for unsafe construction of public numbers from " - "encoded data will be removed in a future version. " - "Please use EllipticCurvePublicKey.from_encoded_point", - utils.PersistentlyDeprecated2019, - stacklevel=2, - ) - - if data.startswith(b"\x04"): - # key_size is in bits. Convert to bytes and round up - byte_length = (curve.key_size + 7) // 8 - if len(data) == 2 * byte_length + 1: - x = int.from_bytes(data[1 : byte_length + 1], "big") - y = int.from_bytes(data[byte_length + 1 :], "big") - return cls(x, y, curve) - else: - raise ValueError("Invalid elliptic curve point data length") - else: - raise ValueError("Unsupported elliptic curve point type") - - @property - def curve(self) -> EllipticCurve: - return self._curve - - @property - def x(self) -> int: - return self._x - - @property - def y(self) -> int: - return self._y - - def __eq__(self, other: object) -> bool: - if not isinstance(other, EllipticCurvePublicNumbers): - return NotImplemented - - return ( - self.x == other.x - and self.y == other.y - and self.curve.name == other.curve.name - and self.curve.key_size == other.curve.key_size - ) - - def __hash__(self) -> int: - return hash((self.x, self.y, self.curve.name, self.curve.key_size)) - - def __repr__(self) -> str: - return ( - "".format(self) - ) - - -class EllipticCurvePrivateNumbers: - def __init__( - self, private_value: int, public_numbers: EllipticCurvePublicNumbers - ): - if not isinstance(private_value, int): - raise TypeError("private_value must be an integer.") - - if not isinstance(public_numbers, EllipticCurvePublicNumbers): - raise TypeError( - "public_numbers must be an EllipticCurvePublicNumbers " - "instance." - ) - - self._private_value = private_value - self._public_numbers = public_numbers - - def private_key( - self, backend: typing.Any = None - ) -> EllipticCurvePrivateKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_elliptic_curve_private_numbers(self) - - @property - def private_value(self) -> int: - return self._private_value - - @property - def public_numbers(self) -> EllipticCurvePublicNumbers: - return self._public_numbers - - def __eq__(self, other: object) -> bool: - if not isinstance(other, EllipticCurvePrivateNumbers): - return NotImplemented - - return ( - self.private_value == other.private_value - and self.public_numbers == other.public_numbers - ) - - def __hash__(self) -> int: - return hash((self.private_value, self.public_numbers)) + return rust_openssl.ec.derive_private_key(private_value, curve) class ECDH: @@ -513,7 +393,7 @@ class ECDH: } -def get_curve_for_oid(oid: ObjectIdentifier) -> typing.Type[EllipticCurve]: +def get_curve_for_oid(oid: ObjectIdentifier) -> type[EllipticCurve]: try: return _OID_TO_CURVE[oid] except KeyError: diff --git a/src/cryptography/hazmat/primitives/asymmetric/ed25519.py b/src/cryptography/hazmat/primitives/asymmetric/ed25519.py index 4327702..3a26185 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ed25519.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ed25519.py @@ -2,20 +2,18 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization -_ED25519_KEY_SIZE = 32 -_ED25519_SIG_SIZE = 64 - - class Ed25519PublicKey(metaclass=abc.ABCMeta): @classmethod - def from_public_bytes(cls, data: bytes) -> "Ed25519PublicKey": + def from_public_bytes(cls, data: bytes) -> Ed25519PublicKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed25519_supported(): @@ -24,7 +22,7 @@ def from_public_bytes(cls, data: bytes) -> "Ed25519PublicKey": _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed25519_load_public_bytes(data) + return rust_openssl.ed25519.from_public_bytes(data) @abc.abstractmethod def public_bytes( @@ -36,16 +34,32 @@ def public_bytes( The serialized bytes of the public key. """ + @abc.abstractmethod + def public_bytes_raw(self) -> bytes: + """ + The raw bytes of the public key. + Equivalent to public_bytes(Raw, Raw). + """ + @abc.abstractmethod def verify(self, signature: bytes, data: bytes) -> None: """ Verify the signature. """ + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + + +Ed25519PublicKey.register(rust_openssl.ed25519.Ed25519PublicKey) + class Ed25519PrivateKey(metaclass=abc.ABCMeta): @classmethod - def generate(cls) -> "Ed25519PrivateKey": + def generate(cls) -> Ed25519PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed25519_supported(): @@ -54,10 +68,10 @@ def generate(cls) -> "Ed25519PrivateKey": _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed25519_generate_key() + return rust_openssl.ed25519.generate_key() @classmethod - def from_private_bytes(cls, data: bytes) -> "Ed25519PrivateKey": + def from_private_bytes(cls, data: bytes) -> Ed25519PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed25519_supported(): @@ -66,7 +80,7 @@ def from_private_bytes(cls, data: bytes) -> "Ed25519PrivateKey": _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed25519_load_private_bytes(data) + return rust_openssl.ed25519.from_private_bytes(data) @abc.abstractmethod def public_key(self) -> Ed25519PublicKey: @@ -85,8 +99,18 @@ def private_bytes( The serialized bytes of the private key. """ + @abc.abstractmethod + def private_bytes_raw(self) -> bytes: + """ + The raw bytes of the private key. + Equivalent to private_bytes(Raw, Raw, NoEncryption()). + """ + @abc.abstractmethod def sign(self, data: bytes) -> bytes: """ Signs the data. """ + + +Ed25519PrivateKey.register(rust_openssl.ed25519.Ed25519PrivateKey) diff --git a/src/cryptography/hazmat/primitives/asymmetric/ed448.py b/src/cryptography/hazmat/primitives/asymmetric/ed448.py index 27bc27c..78c82c4 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ed448.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ed448.py @@ -2,16 +2,18 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization class Ed448PublicKey(metaclass=abc.ABCMeta): @classmethod - def from_public_bytes(cls, data: bytes) -> "Ed448PublicKey": + def from_public_bytes(cls, data: bytes) -> Ed448PublicKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed448_supported(): @@ -20,7 +22,7 @@ def from_public_bytes(cls, data: bytes) -> "Ed448PublicKey": _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed448_load_public_bytes(data) + return rust_openssl.ed448.from_public_bytes(data) @abc.abstractmethod def public_bytes( @@ -32,16 +34,33 @@ def public_bytes( The serialized bytes of the public key. """ + @abc.abstractmethod + def public_bytes_raw(self) -> bytes: + """ + The raw bytes of the public key. + Equivalent to public_bytes(Raw, Raw). + """ + @abc.abstractmethod def verify(self, signature: bytes, data: bytes) -> None: """ Verify the signature. """ + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + + +if hasattr(rust_openssl, "ed448"): + Ed448PublicKey.register(rust_openssl.ed448.Ed448PublicKey) + class Ed448PrivateKey(metaclass=abc.ABCMeta): @classmethod - def generate(cls) -> "Ed448PrivateKey": + def generate(cls) -> Ed448PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed448_supported(): @@ -49,10 +68,11 @@ def generate(cls) -> "Ed448PrivateKey": "ed448 is not supported by this version of OpenSSL.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed448_generate_key() + + return rust_openssl.ed448.generate_key() @classmethod - def from_private_bytes(cls, data: bytes) -> "Ed448PrivateKey": + def from_private_bytes(cls, data: bytes) -> Ed448PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.ed448_supported(): @@ -61,7 +81,7 @@ def from_private_bytes(cls, data: bytes) -> "Ed448PrivateKey": _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, ) - return backend.ed448_load_private_bytes(data) + return rust_openssl.ed448.from_private_bytes(data) @abc.abstractmethod def public_key(self) -> Ed448PublicKey: @@ -85,3 +105,14 @@ def private_bytes( """ The serialized bytes of the private key. """ + + @abc.abstractmethod + def private_bytes_raw(self) -> bytes: + """ + The raw bytes of the private key. + Equivalent to private_bytes(Raw, Raw, NoEncryption()). + """ + + +if hasattr(rust_openssl, "x448"): + Ed448PrivateKey.register(rust_openssl.ed448.Ed448PrivateKey) diff --git a/src/cryptography/hazmat/primitives/asymmetric/padding.py b/src/cryptography/hazmat/primitives/asymmetric/padding.py index dd3c648..b4babf4 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/src/cryptography/hazmat/primitives/asymmetric/padding.py @@ -2,9 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc -import typing from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives._asymmetric import ( @@ -34,12 +34,12 @@ class PSS(AsymmetricPadding): AUTO = _Auto() DIGEST_LENGTH = _DigestLength() name = "EMSA-PSS" - _salt_length: typing.Union[int, _MaxLength, _Auto, _DigestLength] + _salt_length: int | _MaxLength | _Auto | _DigestLength def __init__( self, - mgf: "MGF", - salt_length: typing.Union[int, _MaxLength, _Auto, _DigestLength], + mgf: MGF, + salt_length: int | _MaxLength | _Auto | _DigestLength, ) -> None: self._mgf = mgf @@ -56,15 +56,19 @@ def __init__( self._salt_length = salt_length + @property + def mgf(self) -> MGF: + return self._mgf + class OAEP(AsymmetricPadding): name = "EME-OAEP" def __init__( self, - mgf: "MGF", + mgf: MGF, algorithm: hashes.HashAlgorithm, - label: typing.Optional[bytes], + label: bytes | None, ): if not isinstance(algorithm, hashes.HashAlgorithm): raise TypeError("Expected instance of hashes.HashAlgorithm.") @@ -73,6 +77,14 @@ def __init__( self._algorithm = algorithm self._label = label + @property + def algorithm(self) -> hashes.HashAlgorithm: + return self._algorithm + + @property + def mgf(self) -> MGF: + return self._mgf + class MGF(metaclass=abc.ABCMeta): _algorithm: hashes.HashAlgorithm @@ -89,7 +101,7 @@ def __init__(self, algorithm: hashes.HashAlgorithm): def calculate_max_pss_salt_length( - key: typing.Union["rsa.RSAPrivateKey", "rsa.RSAPublicKey"], + key: rsa.RSAPrivateKey | rsa.RSAPublicKey, hash_algorithm: hashes.HashAlgorithm, ) -> int: if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)): diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py index 5ffe767..7a387b5 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -2,16 +2,16 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import typing from math import gcd +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization, hashes from cryptography.hazmat.primitives._asymmetric import AsymmetricPadding -from cryptography.hazmat.primitives.asymmetric import ( - utils as asym_utils, -) +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils class RSAPrivateKey(metaclass=abc.ABCMeta): @@ -21,14 +21,15 @@ def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> bytes: Decrypts the provided ciphertext. """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the public modulus. """ @abc.abstractmethod - def public_key(self) -> "RSAPublicKey": + def public_key(self) -> RSAPublicKey: """ The RSAPublicKey associated with this private key. """ @@ -38,14 +39,14 @@ def sign( self, data: bytes, padding: AsymmetricPadding, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], + algorithm: asym_utils.Prehashed | hashes.HashAlgorithm, ) -> bytes: """ Signs the data. """ @abc.abstractmethod - def private_numbers(self) -> "RSAPrivateNumbers": + def private_numbers(self) -> RSAPrivateNumbers: """ Returns an RSAPrivateNumbers. """ @@ -63,6 +64,7 @@ def private_bytes( RSAPrivateKeyWithSerialization = RSAPrivateKey +RSAPrivateKey.register(rust_openssl.rsa.RSAPrivateKey) class RSAPublicKey(metaclass=abc.ABCMeta): @@ -72,14 +74,15 @@ def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes: Encrypts the given plaintext. """ - @abc.abstractproperty + @property + @abc.abstractmethod def key_size(self) -> int: """ The bit length of the public modulus. """ @abc.abstractmethod - def public_numbers(self) -> "RSAPublicNumbers": + def public_numbers(self) -> RSAPublicNumbers: """ Returns an RSAPublicNumbers """ @@ -100,7 +103,7 @@ def verify( signature: bytes, data: bytes, padding: AsymmetricPadding, - algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm], + algorithm: asym_utils.Prehashed | hashes.HashAlgorithm, ) -> None: """ Verifies the signature of the data. @@ -111,14 +114,24 @@ def recover_data_from_signature( self, signature: bytes, padding: AsymmetricPadding, - algorithm: typing.Optional[hashes.HashAlgorithm], + algorithm: hashes.HashAlgorithm | None, ) -> bytes: """ Recovers the original data from the signature. """ + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + RSAPublicKeyWithSerialization = RSAPublicKey +RSAPublicKey.register(rust_openssl.rsa.RSAPublicKey) + +RSAPrivateNumbers = rust_openssl.rsa.RSAPrivateNumbers +RSAPublicNumbers = rust_openssl.rsa.RSAPublicNumbers def generate_private_key( @@ -126,10 +139,8 @@ def generate_private_key( key_size: int, backend: typing.Any = None, ) -> RSAPrivateKey: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - _verify_rsa_parameters(public_exponent, key_size) - return ossl.generate_rsa_private_key(public_exponent, key_size) + return rust_openssl.rsa.generate_private_key(public_exponent, key_size) def _verify_rsa_parameters(public_exponent: int, key_size: int) -> None: @@ -139,66 +150,8 @@ def _verify_rsa_parameters(public_exponent: int, key_size: int) -> None: "65537. Almost everyone should choose 65537 here!" ) - if key_size < 512: - raise ValueError("key_size must be at least 512-bits.") - - -def _check_private_key_components( - p: int, - q: int, - private_exponent: int, - dmp1: int, - dmq1: int, - iqmp: int, - public_exponent: int, - modulus: int, -) -> None: - if modulus < 3: - raise ValueError("modulus must be >= 3.") - - if p >= modulus: - raise ValueError("p must be < modulus.") - - if q >= modulus: - raise ValueError("q must be < modulus.") - - if dmp1 >= modulus: - raise ValueError("dmp1 must be < modulus.") - - if dmq1 >= modulus: - raise ValueError("dmq1 must be < modulus.") - - if iqmp >= modulus: - raise ValueError("iqmp must be < modulus.") - - if private_exponent >= modulus: - raise ValueError("private_exponent must be < modulus.") - - if public_exponent < 3 or public_exponent >= modulus: - raise ValueError("public_exponent must be >= 3 and < modulus.") - - if public_exponent & 1 == 0: - raise ValueError("public_exponent must be odd.") - - if dmp1 & 1 == 0: - raise ValueError("dmp1 must be odd.") - - if dmq1 & 1 == 0: - raise ValueError("dmq1 must be odd.") - - if p * q != modulus: - raise ValueError("p*q must equal modulus.") - - -def _check_public_key_components(e: int, n: int) -> None: - if n < 3: - raise ValueError("n must be >= 3.") - - if e < 3 or e >= n: - raise ValueError("e must be >= 3 and < n.") - - if e & 1 == 0: - raise ValueError("e must be odd.") + if key_size < 1024: + raise ValueError("key_size must be at least 1024-bits.") def _modinv(e: int, m: int) -> int: @@ -237,15 +190,34 @@ def rsa_crt_dmq1(private_exponent: int, q: int) -> int: return private_exponent % (q - 1) +def rsa_recover_private_exponent(e: int, p: int, q: int) -> int: + """ + Compute the RSA private_exponent (d) given the public exponent (e) + and the RSA primes p and q. + + This uses the Carmichael totient function to generate the + smallest possible working value of the private exponent. + """ + # This lambda_n is the Carmichael totient function. + # The original RSA paper uses the Euler totient function + # here: phi_n = (p - 1) * (q - 1) + # Either version of the private exponent will work, but the + # one generated by the older formulation may be larger + # than necessary. (lambda_n always divides phi_n) + # + # TODO: Replace with lcm(p - 1, q - 1) once the minimum + # supported Python version is >= 3.9. + lambda_n = (p - 1) * (q - 1) // gcd(p - 1, q - 1) + return _modinv(e, lambda_n) + + # Controls the number of iterations rsa_recover_prime_factors will perform # to obtain the prime factors. Each iteration increments by 2 so the actual # maximum attempts is half this number. _MAX_RECOVERY_ATTEMPTS = 1000 -def rsa_recover_prime_factors( - n: int, e: int, d: int -) -> typing.Tuple[int, int]: +def rsa_recover_prime_factors(n: int, e: int, d: int) -> tuple[int, int]: """ Compute factors p and q from the private exponent d. We assume that n has no more than two factors. This function is adapted from code in PyCrypto. @@ -286,140 +258,3 @@ def rsa_recover_prime_factors( assert r == 0 p, q = sorted((p, q), reverse=True) return (p, q) - - -class RSAPrivateNumbers: - def __init__( - self, - p: int, - q: int, - d: int, - dmp1: int, - dmq1: int, - iqmp: int, - public_numbers: "RSAPublicNumbers", - ): - if ( - not isinstance(p, int) - or not isinstance(q, int) - or not isinstance(d, int) - or not isinstance(dmp1, int) - or not isinstance(dmq1, int) - or not isinstance(iqmp, int) - ): - raise TypeError( - "RSAPrivateNumbers p, q, d, dmp1, dmq1, iqmp arguments must" - " all be an integers." - ) - - if not isinstance(public_numbers, RSAPublicNumbers): - raise TypeError( - "RSAPrivateNumbers public_numbers must be an RSAPublicNumbers" - " instance." - ) - - self._p = p - self._q = q - self._d = d - self._dmp1 = dmp1 - self._dmq1 = dmq1 - self._iqmp = iqmp - self._public_numbers = public_numbers - - @property - def p(self) -> int: - return self._p - - @property - def q(self) -> int: - return self._q - - @property - def d(self) -> int: - return self._d - - @property - def dmp1(self) -> int: - return self._dmp1 - - @property - def dmq1(self) -> int: - return self._dmq1 - - @property - def iqmp(self) -> int: - return self._iqmp - - @property - def public_numbers(self) -> "RSAPublicNumbers": - return self._public_numbers - - def private_key(self, backend: typing.Any = None) -> RSAPrivateKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_rsa_private_numbers(self) - - def __eq__(self, other: object) -> bool: - if not isinstance(other, RSAPrivateNumbers): - return NotImplemented - - return ( - self.p == other.p - and self.q == other.q - and self.d == other.d - and self.dmp1 == other.dmp1 - and self.dmq1 == other.dmq1 - and self.iqmp == other.iqmp - and self.public_numbers == other.public_numbers - ) - - def __hash__(self) -> int: - return hash( - ( - self.p, - self.q, - self.d, - self.dmp1, - self.dmq1, - self.iqmp, - self.public_numbers, - ) - ) - - -class RSAPublicNumbers: - def __init__(self, e: int, n: int): - if not isinstance(e, int) or not isinstance(n, int): - raise TypeError("RSAPublicNumbers arguments must be integers.") - - self._e = e - self._n = n - - @property - def e(self) -> int: - return self._e - - @property - def n(self) -> int: - return self._n - - def public_key(self, backend: typing.Any = None) -> RSAPublicKey: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - return ossl.load_rsa_public_numbers(self) - - def __repr__(self) -> str: - return "".format(self) - - def __eq__(self, other: object) -> bool: - if not isinstance(other, RSAPublicNumbers): - return NotImplemented - - return self.e == other.e and self.n == other.n - - def __hash__(self) -> int: - return hash((self.e, self.n)) diff --git a/src/cryptography/hazmat/primitives/asymmetric/types.py b/src/cryptography/hazmat/primitives/asymmetric/types.py index d497815..1fe4eaf 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/types.py +++ b/src/cryptography/hazmat/primitives/asymmetric/types.py @@ -2,22 +2,24 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import typing +from cryptography import utils from cryptography.hazmat.primitives.asymmetric import ( dh, dsa, ec, - ed25519, ed448, + ed25519, rsa, - x25519, x448, + x25519, ) - # Every asymmetric key type -PUBLIC_KEY_TYPES = typing.Union[ +PublicKeyTypes = typing.Union[ dh.DHPublicKey, dsa.DSAPublicKey, rsa.RSAPublicKey, @@ -27,8 +29,16 @@ x25519.X25519PublicKey, x448.X448PublicKey, ] +PUBLIC_KEY_TYPES = PublicKeyTypes +utils.deprecated( + PUBLIC_KEY_TYPES, + __name__, + "Use PublicKeyTypes instead", + utils.DeprecatedIn40, + name="PUBLIC_KEY_TYPES", +) # Every asymmetric key type -PRIVATE_KEY_TYPES = typing.Union[ +PrivateKeyTypes = typing.Union[ dh.DHPrivateKey, ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey, @@ -38,27 +48,51 @@ x25519.X25519PrivateKey, x448.X448PrivateKey, ] +PRIVATE_KEY_TYPES = PrivateKeyTypes +utils.deprecated( + PRIVATE_KEY_TYPES, + __name__, + "Use PrivateKeyTypes instead", + utils.DeprecatedIn40, + name="PRIVATE_KEY_TYPES", +) # Just the key types we allow to be used for x509 signing. This mirrors # the certificate public key types -CERTIFICATE_PRIVATE_KEY_TYPES = typing.Union[ +CertificateIssuerPrivateKeyTypes = typing.Union[ ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey, rsa.RSAPrivateKey, dsa.DSAPrivateKey, ec.EllipticCurvePrivateKey, ] +CERTIFICATE_PRIVATE_KEY_TYPES = CertificateIssuerPrivateKeyTypes +utils.deprecated( + CERTIFICATE_PRIVATE_KEY_TYPES, + __name__, + "Use CertificateIssuerPrivateKeyTypes instead", + utils.DeprecatedIn40, + name="CERTIFICATE_PRIVATE_KEY_TYPES", +) # Just the key types we allow to be used for x509 signing. This mirrors # the certificate private key types -CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES = typing.Union[ +CertificateIssuerPublicKeyTypes = typing.Union[ dsa.DSAPublicKey, rsa.RSAPublicKey, ec.EllipticCurvePublicKey, ed25519.Ed25519PublicKey, ed448.Ed448PublicKey, ] +CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES = CertificateIssuerPublicKeyTypes +utils.deprecated( + CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, + __name__, + "Use CertificateIssuerPublicKeyTypes instead", + utils.DeprecatedIn40, + name="CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES", +) # This type removes DHPublicKey. x448/x25519 can be a public key # but cannot be used in signing so they are allowed here. -CERTIFICATE_PUBLIC_KEY_TYPES = typing.Union[ +CertificatePublicKeyTypes = typing.Union[ dsa.DSAPublicKey, rsa.RSAPublicKey, ec.EllipticCurvePublicKey, @@ -67,3 +101,11 @@ x25519.X25519PublicKey, x448.X448PublicKey, ] +CERTIFICATE_PUBLIC_KEY_TYPES = CertificatePublicKeyTypes +utils.deprecated( + CERTIFICATE_PUBLIC_KEY_TYPES, + __name__, + "Use CertificatePublicKeyTypes instead", + utils.DeprecatedIn40, + name="CERTIFICATE_PUBLIC_KEY_TYPES", +) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 638ecb3..826b956 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -2,11 +2,11 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations from cryptography.hazmat.bindings._rust import asn1 from cryptography.hazmat.primitives import hashes - decode_dss_signature = asn1.decode_dss_signature encode_dss_signature = asn1.encode_dss_signature diff --git a/src/cryptography/hazmat/primitives/asymmetric/x25519.py b/src/cryptography/hazmat/primitives/asymmetric/x25519.py index 690af78..0cfa36e 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/x25519.py +++ b/src/cryptography/hazmat/primitives/asymmetric/x25519.py @@ -2,16 +2,18 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization class X25519PublicKey(metaclass=abc.ABCMeta): @classmethod - def from_public_bytes(cls, data: bytes) -> "X25519PublicKey": + def from_public_bytes(cls, data: bytes) -> X25519PublicKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x25519_supported(): @@ -20,7 +22,7 @@ def from_public_bytes(cls, data: bytes) -> "X25519PublicKey": _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x25519_load_public_bytes(data) + return rust_openssl.x25519.from_public_bytes(data) @abc.abstractmethod def public_bytes( @@ -32,10 +34,26 @@ def public_bytes( The serialized bytes of the public key. """ + @abc.abstractmethod + def public_bytes_raw(self) -> bytes: + """ + The raw bytes of the public key. + Equivalent to public_bytes(Raw, Raw). + """ + + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + + +X25519PublicKey.register(rust_openssl.x25519.X25519PublicKey) + class X25519PrivateKey(metaclass=abc.ABCMeta): @classmethod - def generate(cls) -> "X25519PrivateKey": + def generate(cls) -> X25519PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x25519_supported(): @@ -43,10 +61,10 @@ def generate(cls) -> "X25519PrivateKey": "X25519 is not supported by this version of OpenSSL.", _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x25519_generate_key() + return rust_openssl.x25519.generate_key() @classmethod - def from_private_bytes(cls, data: bytes) -> "X25519PrivateKey": + def from_private_bytes(cls, data: bytes) -> X25519PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x25519_supported(): @@ -55,12 +73,12 @@ def from_private_bytes(cls, data: bytes) -> "X25519PrivateKey": _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x25519_load_private_bytes(data) + return rust_openssl.x25519.from_private_bytes(data) @abc.abstractmethod def public_key(self) -> X25519PublicKey: """ - The serialized bytes of the public key. + Returns the public key associated with this private key """ @abc.abstractmethod @@ -74,8 +92,18 @@ def private_bytes( The serialized bytes of the private key. """ + @abc.abstractmethod + def private_bytes_raw(self) -> bytes: + """ + The raw bytes of the private key. + Equivalent to private_bytes(Raw, Raw, NoEncryption()). + """ + @abc.abstractmethod def exchange(self, peer_public_key: X25519PublicKey) -> bytes: """ Performs a key exchange operation using the provided peer's public key. """ + + +X25519PrivateKey.register(rust_openssl.x25519.X25519PrivateKey) diff --git a/src/cryptography/hazmat/primitives/asymmetric/x448.py b/src/cryptography/hazmat/primitives/asymmetric/x448.py index 7f71c27..86086ab 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/x448.py +++ b/src/cryptography/hazmat/primitives/asymmetric/x448.py @@ -2,16 +2,18 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import _serialization class X448PublicKey(metaclass=abc.ABCMeta): @classmethod - def from_public_bytes(cls, data: bytes) -> "X448PublicKey": + def from_public_bytes(cls, data: bytes) -> X448PublicKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x448_supported(): @@ -20,7 +22,7 @@ def from_public_bytes(cls, data: bytes) -> "X448PublicKey": _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x448_load_public_bytes(data) + return rust_openssl.x448.from_public_bytes(data) @abc.abstractmethod def public_bytes( @@ -32,10 +34,27 @@ def public_bytes( The serialized bytes of the public key. """ + @abc.abstractmethod + def public_bytes_raw(self) -> bytes: + """ + The raw bytes of the public key. + Equivalent to public_bytes(Raw, Raw). + """ + + @abc.abstractmethod + def __eq__(self, other: object) -> bool: + """ + Checks equality. + """ + + +if hasattr(rust_openssl, "x448"): + X448PublicKey.register(rust_openssl.x448.X448PublicKey) + class X448PrivateKey(metaclass=abc.ABCMeta): @classmethod - def generate(cls) -> "X448PrivateKey": + def generate(cls) -> X448PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x448_supported(): @@ -43,10 +62,11 @@ def generate(cls) -> "X448PrivateKey": "X448 is not supported by this version of OpenSSL.", _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x448_generate_key() + + return rust_openssl.x448.generate_key() @classmethod - def from_private_bytes(cls, data: bytes) -> "X448PrivateKey": + def from_private_bytes(cls, data: bytes) -> X448PrivateKey: from cryptography.hazmat.backends.openssl.backend import backend if not backend.x448_supported(): @@ -55,12 +75,12 @@ def from_private_bytes(cls, data: bytes) -> "X448PrivateKey": _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM, ) - return backend.x448_load_private_bytes(data) + return rust_openssl.x448.from_private_bytes(data) @abc.abstractmethod def public_key(self) -> X448PublicKey: """ - The serialized bytes of the public key. + Returns the public key associated with this private key """ @abc.abstractmethod @@ -74,8 +94,19 @@ def private_bytes( The serialized bytes of the private key. """ + @abc.abstractmethod + def private_bytes_raw(self) -> bytes: + """ + The raw bytes of the private key. + Equivalent to private_bytes(Raw, Raw, NoEncryption()). + """ + @abc.abstractmethod def exchange(self, peer_public_key: X448PublicKey) -> bytes: """ Performs a key exchange operation using the provided peer's public key. """ + + +if hasattr(rust_openssl, "x448"): + X448PrivateKey.register(rust_openssl.x448.X448PrivateKey) diff --git a/src/cryptography/hazmat/primitives/ciphers/__init__.py b/src/cryptography/hazmat/primitives/ciphers/__init__.py index 874dbd4..10c15d0 100644 --- a/src/cryptography/hazmat/primitives/ciphers/__init__.py +++ b/src/cryptography/hazmat/primitives/ciphers/__init__.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations from cryptography.hazmat.primitives._cipheralgorithm import ( BlockCipherAlgorithm, @@ -15,13 +16,12 @@ CipherContext, ) - __all__ = [ - "Cipher", - "CipherAlgorithm", - "BlockCipherAlgorithm", - "CipherContext", "AEADCipherContext", "AEADDecryptionContext", "AEADEncryptionContext", + "BlockCipherAlgorithm", + "Cipher", + "CipherAlgorithm", + "CipherContext", ] diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py index 3cdb3eb..c8a582d 100644 --- a/src/cryptography/hazmat/primitives/ciphers/aead.py +++ b/src/cryptography/hazmat/primitives/ciphers/aead.py @@ -2,360 +2,22 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - -import os -import typing - -from cryptography import exceptions, utils -from cryptography.hazmat.backends.openssl import aead -from cryptography.hazmat.backends.openssl.backend import backend - - -class ChaCha20Poly1305: - _MAX_SIZE = 2**31 - 1 - - def __init__(self, key: bytes): - if not backend.aead_cipher_supported(self): - raise exceptions.UnsupportedAlgorithm( - "ChaCha20Poly1305 is not supported by this version of OpenSSL", - exceptions._Reasons.UNSUPPORTED_CIPHER, - ) - utils._check_byteslike("key", key) - - if len(key) != 32: - raise ValueError("ChaCha20Poly1305 key must be 32 bytes.") - - self._key = key - - @classmethod - def generate_key(cls) -> bytes: - return os.urandom(32) - - def encrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - if len(data) > self._MAX_SIZE or len(associated_data) > self._MAX_SIZE: - # This is OverflowError to match what cffi would raise - raise OverflowError( - "Data or associated data too long. Max 2**31 - 1 bytes" - ) - - self._check_params(nonce, data, associated_data) - return aead._encrypt(backend, self, nonce, data, [associated_data], 16) - - def decrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - self._check_params(nonce, data, associated_data) - return aead._decrypt(backend, self, nonce, data, [associated_data], 16) - - def _check_params( - self, - nonce: bytes, - data: bytes, - associated_data: bytes, - ) -> None: - utils._check_byteslike("nonce", nonce) - utils._check_bytes("data", data) - utils._check_bytes("associated_data", associated_data) - if len(nonce) != 12: - raise ValueError("Nonce must be 12 bytes") - - -class AESCCM: - _MAX_SIZE = 2**31 - 1 - - def __init__(self, key: bytes, tag_length: int = 16): - utils._check_byteslike("key", key) - if len(key) not in (16, 24, 32): - raise ValueError("AESCCM key must be 128, 192, or 256 bits.") - - self._key = key - if not isinstance(tag_length, int): - raise TypeError("tag_length must be an integer") - - if tag_length not in (4, 6, 8, 10, 12, 14, 16): - raise ValueError("Invalid tag_length") - - self._tag_length = tag_length - - if not backend.aead_cipher_supported(self): - raise exceptions.UnsupportedAlgorithm( - "AESCCM is not supported by this version of OpenSSL", - exceptions._Reasons.UNSUPPORTED_CIPHER, - ) - - @classmethod - def generate_key(cls, bit_length: int) -> bytes: - if not isinstance(bit_length, int): - raise TypeError("bit_length must be an integer") - - if bit_length not in (128, 192, 256): - raise ValueError("bit_length must be 128, 192, or 256") - - return os.urandom(bit_length // 8) - - def encrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - if len(data) > self._MAX_SIZE or len(associated_data) > self._MAX_SIZE: - # This is OverflowError to match what cffi would raise - raise OverflowError( - "Data or associated data too long. Max 2**31 - 1 bytes" - ) - - self._check_params(nonce, data, associated_data) - self._validate_lengths(nonce, len(data)) - return aead._encrypt( - backend, self, nonce, data, [associated_data], self._tag_length - ) - - def decrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - self._check_params(nonce, data, associated_data) - return aead._decrypt( - backend, self, nonce, data, [associated_data], self._tag_length - ) - - def _validate_lengths(self, nonce: bytes, data_len: int) -> None: - # For information about computing this, see - # https://tools.ietf.org/html/rfc3610#section-2.1 - l_val = 15 - len(nonce) - if 2 ** (8 * l_val) < data_len: - raise ValueError("Data too long for nonce") - - def _check_params( - self, nonce: bytes, data: bytes, associated_data: bytes - ) -> None: - utils._check_byteslike("nonce", nonce) - utils._check_bytes("data", data) - utils._check_bytes("associated_data", associated_data) - if not 7 <= len(nonce) <= 13: - raise ValueError("Nonce must be between 7 and 13 bytes") - - -class AESGCM: - _MAX_SIZE = 2**31 - 1 - - def __init__(self, key: bytes): - utils._check_byteslike("key", key) - if len(key) not in (16, 24, 32): - raise ValueError("AESGCM key must be 128, 192, or 256 bits.") - - self._key = key - - @classmethod - def generate_key(cls, bit_length: int) -> bytes: - if not isinstance(bit_length, int): - raise TypeError("bit_length must be an integer") - - if bit_length not in (128, 192, 256): - raise ValueError("bit_length must be 128, 192, or 256") - - return os.urandom(bit_length // 8) - - def encrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - if len(data) > self._MAX_SIZE or len(associated_data) > self._MAX_SIZE: - # This is OverflowError to match what cffi would raise - raise OverflowError( - "Data or associated data too long. Max 2**31 - 1 bytes" - ) - - self._check_params(nonce, data, associated_data) - return aead._encrypt(backend, self, nonce, data, [associated_data], 16) - - def decrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - self._check_params(nonce, data, associated_data) - return aead._decrypt(backend, self, nonce, data, [associated_data], 16) - - def _check_params( - self, - nonce: bytes, - data: bytes, - associated_data: bytes, - ) -> None: - utils._check_byteslike("nonce", nonce) - utils._check_bytes("data", data) - utils._check_bytes("associated_data", associated_data) - if len(nonce) < 8 or len(nonce) > 128: - raise ValueError("Nonce must be between 8 and 128 bytes") - - -class AESOCB3: - _MAX_SIZE = 2**31 - 1 - - def __init__(self, key: bytes): - utils._check_byteslike("key", key) - if len(key) not in (16, 24, 32): - raise ValueError("AESOCB3 key must be 128, 192, or 256 bits.") - - self._key = key - - if not backend.aead_cipher_supported(self): - raise exceptions.UnsupportedAlgorithm( - "OCB3 is not supported by this version of OpenSSL", - exceptions._Reasons.UNSUPPORTED_CIPHER, - ) - - @classmethod - def generate_key(cls, bit_length: int) -> bytes: - if not isinstance(bit_length, int): - raise TypeError("bit_length must be an integer") - - if bit_length not in (128, 192, 256): - raise ValueError("bit_length must be 128, 192, or 256") - - return os.urandom(bit_length // 8) - - def encrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - if len(data) > self._MAX_SIZE or len(associated_data) > self._MAX_SIZE: - # This is OverflowError to match what cffi would raise - raise OverflowError( - "Data or associated data too long. Max 2**31 - 1 bytes" - ) - - self._check_params(nonce, data, associated_data) - return aead._encrypt(backend, self, nonce, data, [associated_data], 16) - - def decrypt( - self, - nonce: bytes, - data: bytes, - associated_data: typing.Optional[bytes], - ) -> bytes: - if associated_data is None: - associated_data = b"" - - self._check_params(nonce, data, associated_data) - return aead._decrypt(backend, self, nonce, data, [associated_data], 16) - - def _check_params( - self, - nonce: bytes, - data: bytes, - associated_data: bytes, - ) -> None: - utils._check_byteslike("nonce", nonce) - utils._check_bytes("data", data) - utils._check_bytes("associated_data", associated_data) - if len(nonce) < 12 or len(nonce) > 15: - raise ValueError("Nonce must be between 12 and 15 bytes") - - -class AESSIV(object): - _MAX_SIZE = 2**31 - 1 - - def __init__(self, key: bytes): - utils._check_byteslike("key", key) - if len(key) not in (32, 48, 64): - raise ValueError("AESSIV key must be 256, 384, or 512 bits.") - - self._key = key - - if not backend.aead_cipher_supported(self): - raise exceptions.UnsupportedAlgorithm( - "AES-SIV is not supported by this version of OpenSSL", - exceptions._Reasons.UNSUPPORTED_CIPHER, - ) - - @classmethod - def generate_key(cls, bit_length: int) -> bytes: - if not isinstance(bit_length, int): - raise TypeError("bit_length must be an integer") - - if bit_length not in (256, 384, 512): - raise ValueError("bit_length must be 256, 384, or 512") - - return os.urandom(bit_length // 8) - - def encrypt( - self, - data: bytes, - associated_data: typing.Optional[typing.List[bytes]], - ) -> bytes: - if associated_data is None: - associated_data = [] - - self._check_params(data, associated_data) - - if len(data) > self._MAX_SIZE or any( - len(ad) > self._MAX_SIZE for ad in associated_data - ): - # This is OverflowError to match what cffi would raise - raise OverflowError( - "Data or associated data too long. Max 2**31 - 1 bytes" - ) - - return aead._encrypt(backend, self, b"", data, associated_data, 16) - - def decrypt( - self, - data: bytes, - associated_data: typing.Optional[typing.List[bytes]], - ) -> bytes: - if associated_data is None: - associated_data = [] - - self._check_params(data, associated_data) - - return aead._decrypt(backend, self, b"", data, associated_data, 16) - - def _check_params( - self, - data: bytes, - associated_data: typing.List, - ) -> None: - utils._check_bytes("data", data) - if not isinstance(associated_data, list) or not all( - isinstance(x, bytes) for x in associated_data - ): - raise TypeError("associated_data must be a list of bytes or None") +from __future__ import annotations + +from cryptography.hazmat.bindings._rust import openssl as rust_openssl + +__all__ = [ + "AESCCM", + "AESGCM", + "AESGCMSIV", + "AESOCB3", + "AESSIV", + "ChaCha20Poly1305", +] + +AESGCM = rust_openssl.aead.AESGCM +ChaCha20Poly1305 = rust_openssl.aead.ChaCha20Poly1305 +AESCCM = rust_openssl.aead.AESCCM +AESSIV = rust_openssl.aead.AESSIV +AESOCB3 = rust_openssl.aead.AESOCB3 +AESGCMSIV = rust_openssl.aead.AESGCMSIV diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py index 6138542..1051ba3 100644 --- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -2,29 +2,35 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations from cryptography import utils +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + ARC4 as ARC4, +) +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + CAST5 as CAST5, +) +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + IDEA as IDEA, +) +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + SEED as SEED, +) +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + Blowfish as Blowfish, +) +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + TripleDES as TripleDES, +) +from cryptography.hazmat.primitives._cipheralgorithm import _verify_key_size from cryptography.hazmat.primitives.ciphers import ( BlockCipherAlgorithm, CipherAlgorithm, ) -def _verify_key_size(algorithm: CipherAlgorithm, key: bytes) -> bytes: - # Verify that the key is instance of bytes - utils._check_byteslike("key", key) - - # Verify that the key size matches the expected key size - if len(key) * 8 not in algorithm.key_sizes: - raise ValueError( - "Invalid key size ({}) for {}.".format( - len(key) * 8, algorithm.name - ) - ) - return key - - -class AES(CipherAlgorithm, BlockCipherAlgorithm): +class AES(BlockCipherAlgorithm): name = "AES" block_size = 128 # 512 added to support AES-256-XTS, which uses 512-bit keys @@ -38,7 +44,7 @@ def key_size(self) -> int: return len(self.key) * 8 -class AES128(CipherAlgorithm, BlockCipherAlgorithm): +class AES128(BlockCipherAlgorithm): name = "AES" block_size = 128 key_sizes = frozenset([128]) @@ -48,7 +54,7 @@ def __init__(self, key: bytes): self.key = _verify_key_size(self, key) -class AES256(CipherAlgorithm, BlockCipherAlgorithm): +class AES256(BlockCipherAlgorithm): name = "AES" block_size = 128 key_sizes = frozenset([256]) @@ -58,7 +64,7 @@ def __init__(self, key: bytes): self.key = _verify_key_size(self, key) -class Camellia(CipherAlgorithm, BlockCipherAlgorithm): +class Camellia(BlockCipherAlgorithm): name = "camellia" block_size = 128 key_sizes = frozenset([128, 192, 256]) @@ -71,122 +77,66 @@ def key_size(self) -> int: return len(self.key) * 8 -class TripleDES(CipherAlgorithm, BlockCipherAlgorithm): - name = "3DES" - block_size = 64 - key_sizes = frozenset([64, 128, 192]) - - def __init__(self, key: bytes): - if len(key) == 8: - key += key + key - elif len(key) == 16: - key += key[:8] - self.key = _verify_key_size(self, key) - - @property - def key_size(self) -> int: - return len(self.key) * 8 - - -class Blowfish(CipherAlgorithm, BlockCipherAlgorithm): - name = "Blowfish" - block_size = 64 - key_sizes = frozenset(range(32, 449, 8)) - - def __init__(self, key: bytes): - self.key = _verify_key_size(self, key) +utils.deprecated( + ARC4, + __name__, + "ARC4 has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and " + "will be removed from this module in 48.0.0.", + utils.DeprecatedIn43, + name="ARC4", +) - @property - def key_size(self) -> int: - return len(self.key) * 8 +utils.deprecated( + TripleDES, + __name__, + "TripleDES has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and " + "will be removed from this module in 48.0.0.", + utils.DeprecatedIn43, + name="TripleDES", +) -_BlowfishInternal = Blowfish utils.deprecated( Blowfish, __name__, - "Blowfish has been deprecated", + "Blowfish has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.Blowfish and " + "will be removed from this module in 45.0.0.", utils.DeprecatedIn37, name="Blowfish", ) -class CAST5(CipherAlgorithm, BlockCipherAlgorithm): - name = "CAST5" - block_size = 64 - key_sizes = frozenset(range(40, 129, 8)) - - def __init__(self, key: bytes): - self.key = _verify_key_size(self, key) - - @property - def key_size(self) -> int: - return len(self.key) * 8 - - -_CAST5Internal = CAST5 utils.deprecated( CAST5, __name__, - "CAST5 has been deprecated", + "CAST5 has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.CAST5 and " + "will be removed from this module in 45.0.0.", utils.DeprecatedIn37, name="CAST5", ) -class ARC4(CipherAlgorithm): - name = "RC4" - key_sizes = frozenset([40, 56, 64, 80, 128, 160, 192, 256]) - - def __init__(self, key: bytes): - self.key = _verify_key_size(self, key) - - @property - def key_size(self) -> int: - return len(self.key) * 8 - - -class IDEA(CipherAlgorithm, BlockCipherAlgorithm): - name = "IDEA" - block_size = 64 - key_sizes = frozenset([128]) - - def __init__(self, key: bytes): - self.key = _verify_key_size(self, key) - - @property - def key_size(self) -> int: - return len(self.key) * 8 - - -_IDEAInternal = IDEA utils.deprecated( IDEA, __name__, - "IDEA has been deprecated", + "IDEA has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.IDEA and " + "will be removed from this module in 45.0.0.", utils.DeprecatedIn37, name="IDEA", ) -class SEED(CipherAlgorithm, BlockCipherAlgorithm): - name = "SEED" - block_size = 128 - key_sizes = frozenset([128]) - - def __init__(self, key: bytes): - self.key = _verify_key_size(self, key) - - @property - def key_size(self) -> int: - return len(self.key) * 8 - - -_SEEDInternal = SEED utils.deprecated( SEED, __name__, - "SEED has been deprecated", + "SEED has been moved to " + "cryptography.hazmat.decrepit.ciphers.algorithms.SEED and " + "will be removed from this module in 45.0.0.", utils.DeprecatedIn37, name="SEED", ) @@ -214,7 +164,7 @@ def key_size(self) -> int: return len(self.key) * 8 -class SM4(CipherAlgorithm, BlockCipherAlgorithm): +class SM4(BlockCipherAlgorithm): name = "SM4" block_size = 128 key_sizes = frozenset([128]) diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py index 2ea7fc6..ebfa805 100644 --- a/src/cryptography/hazmat/primitives/ciphers/base.py +++ b/src/cryptography/hazmat/primitives/ciphers/base.py @@ -2,25 +2,16 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import typing -from cryptography.exceptions import ( - AlreadyFinalized, - AlreadyUpdated, - NotYetFinalized, -) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives._cipheralgorithm import CipherAlgorithm from cryptography.hazmat.primitives.ciphers import modes -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.ciphers import ( - _CipherContext as _BackendCipherContext, - ) - - class CipherContext(metaclass=abc.ABCMeta): @abc.abstractmethod def update(self, data: bytes) -> bytes: @@ -42,6 +33,14 @@ def finalize(self) -> bytes: Returns the results of processing the final block as bytes. """ + @abc.abstractmethod + def reset_nonce(self, nonce: bytes) -> None: + """ + Resets the nonce for the cipher context to the provided value. + Raises an exception if it does not support reset or if the + provided nonce does not have a valid length. + """ + class AEADCipherContext(CipherContext, metaclass=abc.ABCMeta): @abc.abstractmethod @@ -61,7 +60,8 @@ def finalize_with_tag(self, tag: bytes) -> bytes: class AEADEncryptionContext(AEADCipherContext, metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def tag(self) -> bytes: """ Returns tag bytes. This is only available after encryption is @@ -80,8 +80,7 @@ def __init__( algorithm: CipherAlgorithm, mode: Mode, backend: typing.Any = None, - ): - + ) -> None: if not isinstance(algorithm, CipherAlgorithm): raise TypeError("Expected interface of CipherAlgorithm.") @@ -96,15 +95,13 @@ def __init__( @typing.overload def encryptor( - self: "Cipher[modes.ModeWithAuthenticationTag]", - ) -> AEADEncryptionContext: - ... + self: Cipher[modes.ModeWithAuthenticationTag], + ) -> AEADEncryptionContext: ... @typing.overload def encryptor( - self: "_CIPHER_TYPE", - ) -> CipherContext: - ... + self: _CIPHER_TYPE, + ) -> CipherContext: ... def encryptor(self): if isinstance(self.mode, modes.ModeWithAuthenticationTag): @@ -112,45 +109,25 @@ def encryptor(self): raise ValueError( "Authentication tag must be None when encrypting." ) - from cryptography.hazmat.backends.openssl.backend import backend - ctx = backend.create_symmetric_encryption_ctx( + return rust_openssl.ciphers.create_encryption_ctx( self.algorithm, self.mode ) - return self._wrap_ctx(ctx, encrypt=True) @typing.overload def decryptor( - self: "Cipher[modes.ModeWithAuthenticationTag]", - ) -> AEADDecryptionContext: - ... + self: Cipher[modes.ModeWithAuthenticationTag], + ) -> AEADDecryptionContext: ... @typing.overload def decryptor( - self: "_CIPHER_TYPE", - ) -> CipherContext: - ... + self: _CIPHER_TYPE, + ) -> CipherContext: ... def decryptor(self): - from cryptography.hazmat.backends.openssl.backend import backend - - ctx = backend.create_symmetric_decryption_ctx( + return rust_openssl.ciphers.create_decryption_ctx( self.algorithm, self.mode ) - return self._wrap_ctx(ctx, encrypt=False) - - def _wrap_ctx( - self, ctx: "_BackendCipherContext", encrypt: bool - ) -> typing.Union[ - AEADEncryptionContext, AEADDecryptionContext, CipherContext - ]: - if isinstance(self.mode, modes.ModeWithAuthenticationTag): - if encrypt: - return _AEADEncryptionContext(ctx) - else: - return _AEADDecryptionContext(ctx) - else: - return _CipherContext(ctx) _CIPHER_TYPE = Cipher[ @@ -163,107 +140,6 @@ def _wrap_ctx( ] ] - -class _CipherContext(CipherContext): - _ctx: typing.Optional["_BackendCipherContext"] - - def __init__(self, ctx: "_BackendCipherContext") -> None: - self._ctx = ctx - - def update(self, data: bytes) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - return self._ctx.update(data) - - def update_into(self, data: bytes, buf: bytes) -> int: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - return self._ctx.update_into(data, buf) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - data = self._ctx.finalize() - self._ctx = None - return data - - -class _AEADCipherContext(AEADCipherContext): - _ctx: typing.Optional["_BackendCipherContext"] - _tag: typing.Optional[bytes] - - def __init__(self, ctx: "_BackendCipherContext") -> None: - self._ctx = ctx - self._bytes_processed = 0 - self._aad_bytes_processed = 0 - self._tag = None - self._updated = False - - def _check_limit(self, data_size: int) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - self._updated = True - self._bytes_processed += data_size - if self._bytes_processed > self._ctx._mode._MAX_ENCRYPTED_BYTES: - raise ValueError( - "{} has a maximum encrypted byte limit of {}".format( - self._ctx._mode.name, self._ctx._mode._MAX_ENCRYPTED_BYTES - ) - ) - - def update(self, data: bytes) -> bytes: - self._check_limit(len(data)) - # mypy needs this assert even though _check_limit already checked - assert self._ctx is not None - return self._ctx.update(data) - - def update_into(self, data: bytes, buf: bytes) -> int: - self._check_limit(len(data)) - # mypy needs this assert even though _check_limit already checked - assert self._ctx is not None - return self._ctx.update_into(data, buf) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - data = self._ctx.finalize() - self._tag = self._ctx.tag - self._ctx = None - return data - - def authenticate_additional_data(self, data: bytes) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - if self._updated: - raise AlreadyUpdated("Update has been called on this context.") - - self._aad_bytes_processed += len(data) - if self._aad_bytes_processed > self._ctx._mode._MAX_AAD_BYTES: - raise ValueError( - "{} has a maximum AAD byte limit of {}".format( - self._ctx._mode.name, self._ctx._mode._MAX_AAD_BYTES - ) - ) - - self._ctx.authenticate_additional_data(data) - - -class _AEADDecryptionContext(_AEADCipherContext, AEADDecryptionContext): - def finalize_with_tag(self, tag: bytes) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - data = self._ctx.finalize_with_tag(tag) - self._tag = self._ctx.tag - self._ctx = None - return data - - -class _AEADEncryptionContext(_AEADCipherContext, AEADEncryptionContext): - @property - def tag(self) -> bytes: - if self._ctx is not None: - raise NotYetFinalized( - "You must finalize encryption before " "getting the tag." - ) - assert self._tag is not None - return self._tag +CipherContext.register(rust_openssl.ciphers.CipherContext) +AEADEncryptionContext.register(rust_openssl.ciphers.AEADEncryptionContext) +AEADDecryptionContext.register(rust_openssl.ciphers.AEADDecryptionContext) diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py index d04e08c..1dd2cc1 100644 --- a/src/cryptography/hazmat/primitives/ciphers/modes.py +++ b/src/cryptography/hazmat/primitives/ciphers/modes.py @@ -2,9 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc -import typing from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, _Reasons @@ -16,7 +16,8 @@ class Mode(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def name(self) -> str: """ A string naming this mode (e.g. "ECB", "CBC"). @@ -31,7 +32,8 @@ def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: class ModeWithInitializationVector(Mode, metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def initialization_vector(self) -> bytes: """ The value of the initialization vector for this mode as bytes. @@ -39,7 +41,8 @@ def initialization_vector(self) -> bytes: class ModeWithTweak(Mode, metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def tweak(self) -> bytes: """ The value of the tweak for this mode as bytes. @@ -47,7 +50,8 @@ def tweak(self) -> bytes: class ModeWithNonce(Mode, metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def nonce(self) -> bytes: """ The value of the nonce for this mode as bytes. @@ -55,8 +59,9 @@ def nonce(self) -> bytes: class ModeWithAuthenticationTag(Mode, metaclass=abc.ABCMeta): - @abc.abstractproperty - def tag(self) -> typing.Optional[bytes]: + @property + @abc.abstractmethod + def tag(self) -> bytes | None: """ The value of the tag supplied to the constructor of this mode. """ @@ -72,12 +77,9 @@ def _check_aes_key_length(self: Mode, algorithm: CipherAlgorithm) -> None: def _check_iv_length( self: ModeWithInitializationVector, algorithm: BlockCipherAlgorithm ) -> None: - if len(self.initialization_vector) * 8 != algorithm.block_size: - raise ValueError( - "Invalid IV size ({}) for {}.".format( - len(self.initialization_vector), self.name - ) - ) + iv_len = len(self.initialization_vector) + if iv_len * 8 != algorithm.block_size: + raise ValueError(f"Invalid IV size ({iv_len}) for {self.name}.") def _check_nonce_length( @@ -89,9 +91,7 @@ def _check_nonce_length( _Reasons.UNSUPPORTED_CIPHER, ) if len(nonce) * 8 != algorithm.block_size: - raise ValueError( - "Invalid nonce size ({}) for {}.".format(len(nonce), name) - ) + raise ValueError(f"Invalid nonce size ({len(nonce)}) for {name}.") def _check_iv_and_key_length( @@ -221,7 +221,7 @@ class GCM(ModeWithInitializationVector, ModeWithAuthenticationTag): def __init__( self, initialization_vector: bytes, - tag: typing.Optional[bytes] = None, + tag: bytes | None = None, min_tag_length: int = 16, ): # OpenSSL 3.0.0 constrains GCM IVs to [64, 1024] bits inclusive @@ -239,15 +239,14 @@ def __init__( raise ValueError("min_tag_length must be >= 4") if len(tag) < min_tag_length: raise ValueError( - "Authentication tag must be {} bytes or longer.".format( - min_tag_length - ) + f"Authentication tag must be {min_tag_length} bytes or " + "longer." ) self._tag = tag self._min_tag_length = min_tag_length @property - def tag(self) -> typing.Optional[bytes]: + def tag(self) -> bytes | None: return self._tag @property @@ -264,7 +263,6 @@ def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: block_size_bytes = algorithm.block_size // 8 if self._tag is not None and len(self._tag) > block_size_bytes: raise ValueError( - "Authentication tag cannot be more than {} bytes.".format( - block_size_bytes - ) + f"Authentication tag cannot be more than {block_size_bytes} " + "bytes." ) diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py index e08d65e..2c67ce2 100644 --- a/src/cryptography/hazmat/primitives/cmac.py +++ b/src/cryptography/hazmat/primitives/cmac.py @@ -2,65 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -import typing +from cryptography.hazmat.bindings._rust import openssl as rust_openssl -from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, -) -from cryptography.hazmat.primitives import ciphers - -if typing.TYPE_CHECKING: - from cryptography.hazmat.backends.openssl.cmac import _CMACContext - - -class CMAC: - _ctx: typing.Optional["_CMACContext"] - _algorithm: ciphers.BlockCipherAlgorithm - - def __init__( - self, - algorithm: ciphers.BlockCipherAlgorithm, - backend: typing.Any = None, - ctx: typing.Optional["_CMACContext"] = None, - ): - if not isinstance(algorithm, ciphers.BlockCipherAlgorithm): - raise TypeError("Expected instance of BlockCipherAlgorithm.") - self._algorithm = algorithm - - if ctx is None: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - self._ctx = ossl.create_cmac_ctx(self._algorithm) - else: - self._ctx = ctx - - def update(self, data: bytes) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - - utils._check_bytes("data", data) - self._ctx.update(data) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - digest = self._ctx.finalize() - self._ctx = None - return digest - - def verify(self, signature: bytes) -> None: - utils._check_bytes("signature", signature) - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - - ctx, self._ctx = self._ctx, None - ctx.verify(signature) - - def copy(self) -> "CMAC": - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - return CMAC(self._algorithm, ctx=self._ctx.copy()) +__all__ = ["CMAC"] +CMAC = rust_openssl.cmac.CMAC diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py index a02fa9c..3975c71 100644 --- a/src/cryptography/hazmat/primitives/constant_time.py +++ b/src/cryptography/hazmat/primitives/constant_time.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import hmac diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py index cc0771d..b819e39 100644 --- a/src/cryptography/hazmat/primitives/hashes.py +++ b/src/cryptography/hazmat/primitives/hashes.py @@ -2,30 +2,55 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import abc -import typing -from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, -) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl + +__all__ = [ + "MD5", + "SHA1", + "SHA3_224", + "SHA3_256", + "SHA3_384", + "SHA3_512", + "SHA224", + "SHA256", + "SHA384", + "SHA512", + "SHA512_224", + "SHA512_256", + "SHAKE128", + "SHAKE256", + "SM3", + "BLAKE2b", + "BLAKE2s", + "ExtendableOutputFunction", + "Hash", + "HashAlgorithm", + "HashContext", +] class HashAlgorithm(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def name(self) -> str: """ A string naming this algorithm (e.g. "sha256", "md5"). """ - @abc.abstractproperty + @property + @abc.abstractmethod def digest_size(self) -> int: """ The size of the resulting digest in bytes. """ - @abc.abstractproperty - def block_size(self) -> typing.Optional[int]: + @property + @abc.abstractmethod + def block_size(self) -> int | None: """ The internal block size of the hash function, or None if the hash function does not use blocks internally (e.g. SHA3). @@ -33,7 +58,8 @@ def block_size(self) -> typing.Optional[int]: class HashContext(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def algorithm(self) -> HashAlgorithm: """ A HashAlgorithm that will be used by this context. @@ -52,63 +78,22 @@ def finalize(self) -> bytes: """ @abc.abstractmethod - def copy(self) -> "HashContext": + def copy(self) -> HashContext: """ Return a HashContext that is a copy of the current context. """ +Hash = rust_openssl.hashes.Hash +HashContext.register(Hash) + + class ExtendableOutputFunction(metaclass=abc.ABCMeta): """ An interface for extendable output functions. """ -class Hash(HashContext): - _ctx: typing.Optional[HashContext] - - def __init__( - self, - algorithm: HashAlgorithm, - backend: typing.Any = None, - ctx: typing.Optional["HashContext"] = None, - ): - if not isinstance(algorithm, HashAlgorithm): - raise TypeError("Expected instance of hashes.HashAlgorithm.") - self._algorithm = algorithm - - if ctx is None: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - self._ctx = ossl.create_hash_ctx(self.algorithm) - else: - self._ctx = ctx - - @property - def algorithm(self) -> HashAlgorithm: - return self._algorithm - - def update(self, data: bytes) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - utils._check_byteslike("data", data) - self._ctx.update(data) - - def copy(self) -> "Hash": - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - return Hash(self.algorithm, ctx=self._ctx.copy()) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - digest = self._ctx.finalize() - self._ctx = None - return digest - - class SHA1(HashAlgorithm): name = "sha1" digest_size = 20 @@ -224,7 +209,6 @@ class BLAKE2b(HashAlgorithm): block_size = 128 def __init__(self, digest_size: int): - if digest_size != 64: raise ValueError("Digest size must be 64") @@ -242,7 +226,6 @@ class BLAKE2s(HashAlgorithm): _min_digest_size = 1 def __init__(self, digest_size: int): - if digest_size != 32: raise ValueError("Digest size must be 32") diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py index 1577326..a9442d5 100644 --- a/src/cryptography/hazmat/primitives/hmac.py +++ b/src/cryptography/hazmat/primitives/hmac.py @@ -2,71 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -import typing - -from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, -) -from cryptography.hazmat.backends.openssl.hmac import _HMACContext +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import hashes +__all__ = ["HMAC"] -class HMAC(hashes.HashContext): - _ctx: typing.Optional[_HMACContext] - - def __init__( - self, - key: bytes, - algorithm: hashes.HashAlgorithm, - backend: typing.Any = None, - ctx=None, - ): - if not isinstance(algorithm, hashes.HashAlgorithm): - raise TypeError("Expected instance of hashes.HashAlgorithm.") - self._algorithm = algorithm - - self._key = key - if ctx is None: - from cryptography.hazmat.backends.openssl.backend import ( - backend as ossl, - ) - - self._ctx = ossl.create_hmac_ctx(key, self.algorithm) - else: - self._ctx = ctx - - @property - def algorithm(self) -> hashes.HashAlgorithm: - return self._algorithm - - def update(self, data: bytes) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - utils._check_byteslike("data", data) - self._ctx.update(data) - - def copy(self) -> "HMAC": - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - return HMAC( - self._key, - self.algorithm, - ctx=self._ctx.copy(), - ) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - digest = self._ctx.finalize() - self._ctx = None - return digest - - def verify(self, signature: bytes) -> None: - utils._check_bytes("signature", signature) - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - - ctx, self._ctx = self._ctx, None - ctx.verify(signature) +HMAC = rust_openssl.hmac.HMAC +hashes.HashContext.register(HMAC) diff --git a/src/cryptography/hazmat/primitives/kdf/__init__.py b/src/cryptography/hazmat/primitives/kdf/__init__.py index 38e2f8b..79bb459 100644 --- a/src/cryptography/hazmat/primitives/kdf/__init__.py +++ b/src/cryptography/hazmat/primitives/kdf/__init__.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc diff --git a/src/cryptography/hazmat/primitives/kdf/concatkdf.py b/src/cryptography/hazmat/primitives/kdf/concatkdf.py index 0b0262e..96d9d4c 100644 --- a/src/cryptography/hazmat/primitives/kdf/concatkdf.py +++ b/src/cryptography/hazmat/primitives/kdf/concatkdf.py @@ -2,14 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, - InvalidKey, -) +from cryptography.exceptions import AlreadyFinalized, InvalidKey from cryptography.hazmat.primitives import constant_time, hashes, hmac from cryptography.hazmat.primitives.kdf import KeyDerivationFunction @@ -21,13 +19,11 @@ def _int_to_u32be(n: int) -> bytes: def _common_args_checks( algorithm: hashes.HashAlgorithm, length: int, - otherinfo: typing.Optional[bytes], + otherinfo: bytes | None, ) -> None: max_length = algorithm.digest_size * (2**32 - 1) if length > max_length: - raise ValueError( - "Cannot derive keys larger than {} bits.".format(max_length) - ) + raise ValueError(f"Cannot derive keys larger than {max_length} bits.") if otherinfo is not None: utils._check_bytes("otherinfo", otherinfo) @@ -60,7 +56,7 @@ def __init__( self, algorithm: hashes.HashAlgorithm, length: int, - otherinfo: typing.Optional[bytes], + otherinfo: bytes | None, backend: typing.Any = None, ): _common_args_checks(algorithm, length, otherinfo) @@ -91,8 +87,8 @@ def __init__( self, algorithm: hashes.HashAlgorithm, length: int, - salt: typing.Optional[bytes], - otherinfo: typing.Optional[bytes], + salt: bytes | None, + otherinfo: bytes | None, backend: typing.Any = None, ): _common_args_checks(algorithm, length, otherinfo) @@ -101,9 +97,7 @@ def __init__( self._otherinfo: bytes = otherinfo if otherinfo is not None else b"" if algorithm.block_size is None: - raise TypeError( - "{} is unsupported for ConcatKDF".format(algorithm.name) - ) + raise TypeError(f"{algorithm.name} is unsupported for ConcatKDF") if salt is None: salt = b"\x00" * algorithm.block_size diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py index 44889b6..ee562d2 100644 --- a/src/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py @@ -2,14 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, - InvalidKey, -) +from cryptography.exceptions import AlreadyFinalized, InvalidKey from cryptography.hazmat.primitives import constant_time, hashes, hmac from cryptography.hazmat.primitives.kdf import KeyDerivationFunction @@ -19,8 +17,8 @@ def __init__( self, algorithm: hashes.HashAlgorithm, length: int, - salt: typing.Optional[bytes], - info: typing.Optional[bytes], + salt: bytes | None, + info: bytes | None, backend: typing.Any = None, ): self._algorithm = algorithm @@ -53,7 +51,7 @@ def __init__( self, algorithm: hashes.HashAlgorithm, length: int, - info: typing.Optional[bytes], + info: bytes | None, backend: typing.Any = None, ): self._algorithm = algorithm @@ -62,7 +60,7 @@ def __init__( if length > max_length: raise ValueError( - "Cannot derive keys larger than {} octets.".format(max_length) + f"Cannot derive keys larger than {max_length} octets." ) self._length = length diff --git a/src/cryptography/hazmat/primitives/kdf/kbkdf.py b/src/cryptography/hazmat/primitives/kdf/kbkdf.py index 7f185a9..802b484 100644 --- a/src/cryptography/hazmat/primitives/kdf/kbkdf.py +++ b/src/cryptography/hazmat/primitives/kdf/kbkdf.py @@ -2,6 +2,8 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import typing from cryptography import utils @@ -38,12 +40,12 @@ def __init__( mode: Mode, length: int, rlen: int, - llen: typing.Optional[int], + llen: int | None, location: CounterLocation, - break_location: typing.Optional[int], - label: typing.Optional[bytes], - context: typing.Optional[bytes], - fixed: typing.Optional[bytes], + break_location: int | None, + label: bytes | None, + context: bytes | None, + fixed: bytes | None, ): assert callable(prf) @@ -73,7 +75,7 @@ def __init__( if (label or context) and fixed: raise ValueError( - "When supplying fixed data, " "label and context are ignored." + "When supplying fixed data, label and context are ignored." ) if rlen is None or not self._valid_byte_length(rlen): @@ -85,6 +87,9 @@ def __init__( if llen is not None and not isinstance(llen, int): raise TypeError("llen must be an integer") + if llen == 0: + raise ValueError("llen must be non-zero") + if label is None: label = b"" @@ -179,14 +184,14 @@ def __init__( mode: Mode, length: int, rlen: int, - llen: typing.Optional[int], + llen: int | None, location: CounterLocation, - label: typing.Optional[bytes], - context: typing.Optional[bytes], - fixed: typing.Optional[bytes], + label: bytes | None, + context: bytes | None, + fixed: bytes | None, backend: typing.Any = None, *, - break_location: typing.Optional[int] = None, + break_location: int | None = None, ): if not isinstance(algorithm, hashes.HashAlgorithm): raise UnsupportedAlgorithm( @@ -237,14 +242,14 @@ def __init__( mode: Mode, length: int, rlen: int, - llen: typing.Optional[int], + llen: int | None, location: CounterLocation, - label: typing.Optional[bytes], - context: typing.Optional[bytes], - fixed: typing.Optional[bytes], + label: bytes | None, + context: bytes | None, + fixed: bytes | None, backend: typing.Any = None, *, - break_location: typing.Optional[int] = None, + break_location: int | None = None, ): if not issubclass( algorithm, ciphers.BlockCipherAlgorithm @@ -255,7 +260,7 @@ def __init__( ) self._algorithm = algorithm - self._cipher: typing.Optional[ciphers.BlockCipherAlgorithm] = None + self._cipher: ciphers.BlockCipherAlgorithm | None = None self._deriver = _KBKDFDeriver( self._prf, diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py index 8d23f8c..82689eb 100644 --- a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing @@ -12,6 +13,7 @@ UnsupportedAlgorithm, _Reasons, ) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import constant_time, hashes from cryptography.hazmat.primitives.kdf import KeyDerivationFunction @@ -31,9 +33,7 @@ def __init__( if not ossl.pbkdf2_hmac_supported(algorithm): raise UnsupportedAlgorithm( - "{} is not supported for PBKDF2 by this backend.".format( - algorithm.name - ), + f"{algorithm.name} is not supported for PBKDF2.", _Reasons.UNSUPPORTED_HASH, ) self._used = False @@ -48,15 +48,12 @@ def derive(self, key_material: bytes) -> bytes: raise AlreadyFinalized("PBKDF2 instances can only be used once.") self._used = True - utils._check_byteslike("key_material", key_material) - from cryptography.hazmat.backends.openssl.backend import backend - - return backend.derive_pbkdf2_hmac( + return rust_openssl.kdf.derive_pbkdf2_hmac( + key_material, self._algorithm, - self._length, self._salt, self._iterations, - key_material, + self._length, ) def verify(self, key_material: bytes, expected_key: bytes) -> None: diff --git a/src/cryptography/hazmat/primitives/kdf/scrypt.py b/src/cryptography/hazmat/primitives/kdf/scrypt.py index ff81bbb..05a4f67 100644 --- a/src/cryptography/hazmat/primitives/kdf/scrypt.py +++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import sys import typing @@ -12,10 +13,10 @@ InvalidKey, UnsupportedAlgorithm, ) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.kdf import KeyDerivationFunction - # This is used by the scrypt tests to skip tests that require more memory # than the MEM_LIMIT _MEM_LIMIT = sys.maxsize // 2 @@ -62,10 +63,15 @@ def derive(self, key_material: bytes) -> bytes: self._used = True utils._check_byteslike("key_material", key_material) - from cryptography.hazmat.backends.openssl.backend import backend - return backend.derive_scrypt( - key_material, self._salt, self._length, self._n, self._r, self._p + return rust_openssl.kdf.derive_scrypt( + key_material, + self._salt, + self._n, + self._r, + self._p, + _MEM_LIMIT, + self._length, ) def verify(self, key_material: bytes, expected_key: bytes) -> None: diff --git a/src/cryptography/hazmat/primitives/kdf/x963kdf.py b/src/cryptography/hazmat/primitives/kdf/x963kdf.py index aa6bcc1..6e38366 100644 --- a/src/cryptography/hazmat/primitives/kdf/x963kdf.py +++ b/src/cryptography/hazmat/primitives/kdf/x963kdf.py @@ -2,14 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, - InvalidKey, -) +from cryptography.exceptions import AlreadyFinalized, InvalidKey from cryptography.hazmat.primitives import constant_time, hashes from cryptography.hazmat.primitives.kdf import KeyDerivationFunction @@ -23,14 +21,12 @@ def __init__( self, algorithm: hashes.HashAlgorithm, length: int, - sharedinfo: typing.Optional[bytes], + sharedinfo: bytes | None, backend: typing.Any = None, ): max_len = algorithm.digest_size * (2**32 - 1) if length > max_len: - raise ValueError( - "Cannot derive keys larger than {} bits.".format(max_len) - ) + raise ValueError(f"Cannot derive keys larger than {max_len} bits.") if sharedinfo is not None: utils._check_bytes("sharedinfo", sharedinfo) diff --git a/src/cryptography/hazmat/primitives/keywrap.py b/src/cryptography/hazmat/primitives/keywrap.py index 64771ca..b93d87d 100644 --- a/src/cryptography/hazmat/primitives/keywrap.py +++ b/src/cryptography/hazmat/primitives/keywrap.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import typing @@ -14,7 +15,7 @@ def _wrap_core( wrapping_key: bytes, a: bytes, - r: typing.List[bytes], + r: list[bytes], ) -> bytes: # RFC 3394 Key Wrap - 2.2.1 (index method) encryptor = Cipher(AES(wrapping_key), ECB()).encryptor() @@ -57,8 +58,8 @@ def aes_key_wrap( def _unwrap_core( wrapping_key: bytes, a: bytes, - r: typing.List[bytes], -) -> typing.Tuple[bytes, typing.List[bytes]]: + r: list[bytes], +) -> tuple[bytes, list[bytes]]: # Implement RFC 3394 Key Unwrap - 2.2.2 (index method) decryptor = Cipher(AES(wrapping_key), ECB()).decryptor() n = len(r) @@ -85,7 +86,7 @@ def aes_key_wrap_with_padding( if len(wrapping_key) not in [16, 24, 32]: raise ValueError("The wrapping key must be a valid AES key length") - aiv = b"\xA6\x59\x59\xA6" + len(key_to_wrap).to_bytes( + aiv = b"\xa6\x59\x59\xa6" + len(key_to_wrap).to_bytes( length=4, byteorder="big" ) # pad the key to wrap if necessary diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py index d6c1d91..d1ca775 100644 --- a/src/cryptography/hazmat/primitives/padding.py +++ b/src/cryptography/hazmat/primitives/padding.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import typing @@ -9,6 +10,7 @@ from cryptography import utils from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.bindings._rust import ( + PKCS7PaddingContext, check_ansix923_padding, check_pkcs7_padding, ) @@ -37,8 +39,8 @@ def _byte_padding_check(block_size: int) -> None: def _byte_padding_update( - buffer_: typing.Optional[bytes], data: bytes, block_size: int -) -> typing.Tuple[bytes, bytes]: + buffer_: bytes | None, data: bytes, block_size: int +) -> tuple[bytes, bytes]: if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") @@ -55,7 +57,7 @@ def _byte_padding_update( def _byte_padding_pad( - buffer_: typing.Optional[bytes], + buffer_: bytes | None, block_size: int, paddingfn: typing.Callable[[int], bytes], ) -> bytes: @@ -67,8 +69,8 @@ def _byte_padding_pad( def _byte_unpadding_update( - buffer_: typing.Optional[bytes], data: bytes, block_size: int -) -> typing.Tuple[bytes, bytes]: + buffer_: bytes | None, data: bytes, block_size: int +) -> tuple[bytes, bytes]: if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") @@ -85,7 +87,7 @@ def _byte_unpadding_update( def _byte_unpadding_check( - buffer_: typing.Optional[bytes], + buffer_: bytes | None, block_size: int, checkfn: typing.Callable[[bytes], int], ) -> bytes: @@ -110,39 +112,14 @@ def __init__(self, block_size: int): self.block_size = block_size def padder(self) -> PaddingContext: - return _PKCS7PaddingContext(self.block_size) + return PKCS7PaddingContext(self.block_size) def unpadder(self) -> PaddingContext: return _PKCS7UnpaddingContext(self.block_size) -class _PKCS7PaddingContext(PaddingContext): - _buffer: typing.Optional[bytes] - - def __init__(self, block_size: int): - self.block_size = block_size - # TODO: more copies than necessary, we should use zero-buffer (#193) - self._buffer = b"" - - def update(self, data: bytes) -> bytes: - self._buffer, result = _byte_padding_update( - self._buffer, data, self.block_size - ) - return result - - def _padding(self, size: int) -> bytes: - return bytes([size]) * size - - def finalize(self) -> bytes: - result = _byte_padding_pad( - self._buffer, self.block_size, self._padding - ) - self._buffer = None - return result - - class _PKCS7UnpaddingContext(PaddingContext): - _buffer: typing.Optional[bytes] + _buffer: bytes | None def __init__(self, block_size: int): self.block_size = block_size @@ -163,6 +140,9 @@ def finalize(self) -> bytes: return result +PaddingContext.register(PKCS7PaddingContext) + + class ANSIX923: def __init__(self, block_size: int): _byte_padding_check(block_size) @@ -176,7 +156,7 @@ def unpadder(self) -> PaddingContext: class _ANSIX923PaddingContext(PaddingContext): - _buffer: typing.Optional[bytes] + _buffer: bytes | None def __init__(self, block_size: int): self.block_size = block_size @@ -201,7 +181,7 @@ def finalize(self) -> bytes: class _ANSIX923UnpaddingContext(PaddingContext): - _buffer: typing.Optional[bytes] + _buffer: bytes | None def __init__(self, block_size: int): self.block_size = block_size diff --git a/src/cryptography/hazmat/primitives/poly1305.py b/src/cryptography/hazmat/primitives/poly1305.py index 7fcf4a5..7f5a77a 100644 --- a/src/cryptography/hazmat/primitives/poly1305.py +++ b/src/cryptography/hazmat/primitives/poly1305.py @@ -2,59 +2,10 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. -import typing +from __future__ import annotations -from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, - UnsupportedAlgorithm, - _Reasons, -) -from cryptography.hazmat.backends.openssl.poly1305 import _Poly1305Context +from cryptography.hazmat.bindings._rust import openssl as rust_openssl +__all__ = ["Poly1305"] -class Poly1305: - _ctx: typing.Optional[_Poly1305Context] - - def __init__(self, key: bytes): - from cryptography.hazmat.backends.openssl.backend import backend - - if not backend.poly1305_supported(): - raise UnsupportedAlgorithm( - "poly1305 is not supported by this version of OpenSSL.", - _Reasons.UNSUPPORTED_MAC, - ) - self._ctx = backend.create_poly1305_ctx(key) - - def update(self, data: bytes) -> None: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - utils._check_byteslike("data", data) - self._ctx.update(data) - - def finalize(self) -> bytes: - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - mac = self._ctx.finalize() - self._ctx = None - return mac - - def verify(self, tag: bytes) -> None: - utils._check_bytes("tag", tag) - if self._ctx is None: - raise AlreadyFinalized("Context was already finalized.") - - ctx, self._ctx = self._ctx, None - ctx.verify(tag) - - @classmethod - def generate_tag(cls, key: bytes, data: bytes) -> bytes: - p = Poly1305(key) - p.update(data) - return p.finalize() - - @classmethod - def verify_tag(cls, key: bytes, data: bytes, tag: bytes) -> None: - p = Poly1305(key) - p.update(data) - p.verify(tag) +Poly1305 = rust_openssl.poly1305.Poly1305 diff --git a/src/cryptography/hazmat/primitives/serialization/__init__.py b/src/cryptography/hazmat/primitives/serialization/__init__.py index 6024150..07b2264 100644 --- a/src/cryptography/hazmat/primitives/serialization/__init__.py +++ b/src/cryptography/hazmat/primitives/serialization/__init__.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations from cryptography.hazmat.primitives._serialization import ( BestAvailableEncryption, @@ -22,12 +23,34 @@ load_pem_public_key, ) from cryptography.hazmat.primitives.serialization.ssh import ( + SSHCertificate, + SSHCertificateBuilder, + SSHCertificateType, + SSHCertPrivateKeyTypes, + SSHCertPublicKeyTypes, + SSHPrivateKeyTypes, + SSHPublicKeyTypes, load_ssh_private_key, + load_ssh_public_identity, load_ssh_public_key, ) - __all__ = [ + "BestAvailableEncryption", + "Encoding", + "KeySerializationEncryption", + "NoEncryption", + "ParameterFormat", + "PrivateFormat", + "PublicFormat", + "SSHCertPrivateKeyTypes", + "SSHCertPublicKeyTypes", + "SSHCertificate", + "SSHCertificateBuilder", + "SSHCertificateType", + "SSHPrivateKeyTypes", + "SSHPublicKeyTypes", + "_KeySerializationEncryption", "load_der_parameters", "load_der_private_key", "load_der_public_key", @@ -35,13 +58,6 @@ "load_pem_private_key", "load_pem_public_key", "load_ssh_private_key", + "load_ssh_public_identity", "load_ssh_public_key", - "Encoding", - "PrivateFormat", - "PublicFormat", - "ParameterFormat", - "KeySerializationEncryption", - "BestAvailableEncryption", - "NoEncryption", - "_KeySerializationEncryption", ] diff --git a/src/cryptography/hazmat/primitives/serialization/base.py b/src/cryptography/hazmat/primitives/serialization/base.py index 059b6e4..e7c998b 100644 --- a/src/cryptography/hazmat/primitives/serialization/base.py +++ b/src/cryptography/hazmat/primitives/serialization/base.py @@ -2,63 +2,13 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from cryptography.hazmat.bindings._rust import openssl as rust_openssl -import typing +load_pem_private_key = rust_openssl.keys.load_pem_private_key +load_der_private_key = rust_openssl.keys.load_der_private_key -from cryptography.hazmat.primitives.asymmetric import dh -from cryptography.hazmat.primitives.asymmetric.types import ( - PRIVATE_KEY_TYPES, - PUBLIC_KEY_TYPES, -) +load_pem_public_key = rust_openssl.keys.load_pem_public_key +load_der_public_key = rust_openssl.keys.load_der_public_key - -def load_pem_private_key( - data: bytes, - password: typing.Optional[bytes], - backend: typing.Any = None, -) -> PRIVATE_KEY_TYPES: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_pem_private_key(data, password) - - -def load_pem_public_key( - data: bytes, backend: typing.Any = None -) -> PUBLIC_KEY_TYPES: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_pem_public_key(data) - - -def load_pem_parameters( - data: bytes, backend: typing.Any = None -) -> "dh.DHParameters": - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_pem_parameters(data) - - -def load_der_private_key( - data: bytes, - password: typing.Optional[bytes], - backend: typing.Any = None, -) -> PRIVATE_KEY_TYPES: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_der_private_key(data, password) - - -def load_der_public_key( - data: bytes, backend: typing.Any = None -) -> PUBLIC_KEY_TYPES: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_der_public_key(data) - - -def load_der_parameters( - data: bytes, backend: typing.Any = None -) -> "dh.DHParameters": - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_der_parameters(data) +load_pem_parameters = rust_openssl.dh.from_pem_parameters +load_der_parameters = rust_openssl.dh.from_der_parameters diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs12.py b/src/cryptography/hazmat/primitives/serialization/pkcs12.py index 662ea75..549e1f9 100644 --- a/src/cryptography/hazmat/primitives/serialization/pkcs12.py +++ b/src/cryptography/hazmat/primitives/serialization/pkcs12.py @@ -2,32 +2,34 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import typing from cryptography import x509 +from cryptography.hazmat.bindings._rust import pkcs12 as rust_pkcs12 from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives._serialization import PBES as PBES from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, - ed25519, ed448, + ed25519, rsa, ) -from cryptography.hazmat.primitives.asymmetric.types import ( - PRIVATE_KEY_TYPES, -) +from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes __all__ = [ "PBES", "PKCS12Certificate", "PKCS12KeyAndCertificates", + "PKCS12PrivateKeyTypes", "load_key_and_certificates", "load_pkcs12", "serialize_key_and_certificates", ] -_ALLOWED_PKCS12_TYPES = typing.Union[ +PKCS12PrivateKeyTypes = typing.Union[ rsa.RSAPrivateKey, dsa.DSAPrivateKey, ec.EllipticCurvePrivateKey, @@ -36,51 +38,15 @@ ] -class PKCS12Certificate: - def __init__( - self, - cert: x509.Certificate, - friendly_name: typing.Optional[bytes], - ): - if not isinstance(cert, x509.Certificate): - raise TypeError("Expecting x509.Certificate object") - if friendly_name is not None and not isinstance(friendly_name, bytes): - raise TypeError("friendly_name must be bytes or None") - self._cert = cert - self._friendly_name = friendly_name - - @property - def friendly_name(self) -> typing.Optional[bytes]: - return self._friendly_name - - @property - def certificate(self) -> x509.Certificate: - return self._cert - - def __eq__(self, other: object) -> bool: - if not isinstance(other, PKCS12Certificate): - return NotImplemented - - return ( - self.certificate == other.certificate - and self.friendly_name == other.friendly_name - ) - - def __hash__(self) -> int: - return hash((self.certificate, self.friendly_name)) - - def __repr__(self) -> str: - return "".format( - self.certificate, self.friendly_name - ) +PKCS12Certificate = rust_pkcs12.PKCS12Certificate class PKCS12KeyAndCertificates: def __init__( self, - key: typing.Optional[PRIVATE_KEY_TYPES], - cert: typing.Optional[PKCS12Certificate], - additional_certs: typing.List[PKCS12Certificate], + key: PrivateKeyTypes | None, + cert: PKCS12Certificate | None, + additional_certs: list[PKCS12Certificate], ): if key is not None and not isinstance( key, @@ -111,15 +77,15 @@ def __init__( self._additional_certs = additional_certs @property - def key(self) -> typing.Optional[PRIVATE_KEY_TYPES]: + def key(self) -> PrivateKeyTypes | None: return self._key @property - def cert(self) -> typing.Optional[PKCS12Certificate]: + def cert(self) -> PKCS12Certificate | None: return self._cert @property - def additional_certs(self) -> typing.List[PKCS12Certificate]: + def additional_certs(self) -> list[PKCS12Certificate]: return self._additional_certs def __eq__(self, other: object) -> bool: @@ -142,41 +108,21 @@ def __repr__(self) -> str: return fmt.format(self.key, self.cert, self.additional_certs) -def load_key_and_certificates( - data: bytes, - password: typing.Optional[bytes], - backend: typing.Any = None, -) -> typing.Tuple[ - typing.Optional[PRIVATE_KEY_TYPES], - typing.Optional[x509.Certificate], - typing.List[x509.Certificate], -]: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_key_and_certificates_from_pkcs12(data, password) +load_key_and_certificates = rust_pkcs12.load_key_and_certificates +load_pkcs12 = rust_pkcs12.load_pkcs12 -def load_pkcs12( - data: bytes, - password: typing.Optional[bytes], - backend: typing.Any = None, -) -> PKCS12KeyAndCertificates: - from cryptography.hazmat.backends.openssl.backend import backend as ossl - - return ossl.load_pkcs12(data, password) - - -_PKCS12_CAS_TYPES = typing.Union[ +_PKCS12CATypes = typing.Union[ x509.Certificate, PKCS12Certificate, ] def serialize_key_and_certificates( - name: typing.Optional[bytes], - key: typing.Optional[_ALLOWED_PKCS12_TYPES], - cert: typing.Optional[x509.Certificate], - cas: typing.Optional[typing.Iterable[_PKCS12_CAS_TYPES]], + name: bytes | None, + key: PKCS12PrivateKeyTypes | None, + cert: x509.Certificate | None, + cas: typing.Iterable[_PKCS12CATypes] | None, encryption_algorithm: serialization.KeySerializationEncryption, ) -> bytes: if key is not None and not isinstance( @@ -193,22 +139,6 @@ def serialize_key_and_certificates( "Key must be RSA, DSA, EllipticCurve, ED25519, or ED448" " private key, or None." ) - if cert is not None and not isinstance(cert, x509.Certificate): - raise TypeError("cert must be a certificate or None") - - if cas is not None: - cas = list(cas) - if not all( - isinstance( - val, - ( - x509.Certificate, - PKCS12Certificate, - ), - ) - for val in cas - ): - raise TypeError("all values in cas must be certificates") if not isinstance( encryption_algorithm, serialization.KeySerializationEncryption @@ -221,8 +151,6 @@ def serialize_key_and_certificates( if key is None and cert is None and not cas: raise ValueError("You must supply at least one of key, cert, or cas") - from cryptography.hazmat.backends.openssl.backend import backend - - return backend.serialize_key_and_certificates_to_pkcs12( + return rust_pkcs12.serialize_key_and_certificates( name, key, cert, cas, encryption_algorithm ) diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs7.py b/src/cryptography/hazmat/primitives/serialization/pkcs7.py index 6641416..97ea9db 100644 --- a/src/cryptography/hazmat/primitives/serialization/pkcs7.py +++ b/src/cryptography/hazmat/primitives/serialization/pkcs7.py @@ -2,45 +2,36 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + +import email.base64mime +import email.generator +import email.message +import email.policy +import io import typing -from cryptography import utils -from cryptography import x509 +from cryptography import utils, x509 +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.bindings._rust import pkcs7 as rust_pkcs7 from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ec, rsa +from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa from cryptography.utils import _check_byteslike +load_pem_pkcs7_certificates = rust_pkcs7.load_pem_pkcs7_certificates -def load_pem_pkcs7_certificates(data: bytes) -> typing.List[x509.Certificate]: - from cryptography.hazmat.backends.openssl.backend import backend - - return backend.load_pem_pkcs7_certificates(data) - - -def load_der_pkcs7_certificates(data: bytes) -> typing.List[x509.Certificate]: - from cryptography.hazmat.backends.openssl.backend import backend - - return backend.load_der_pkcs7_certificates(data) - - -def serialize_certificates( - certs: typing.List[x509.Certificate], - encoding: serialization.Encoding, -) -> bytes: - from cryptography.hazmat.backends.openssl.backend import backend - - return backend.pkcs7_serialize_certificates(certs, encoding) +load_der_pkcs7_certificates = rust_pkcs7.load_der_pkcs7_certificates +serialize_certificates = rust_pkcs7.serialize_certificates -_ALLOWED_PKCS7_HASH_TYPES = typing.Union[ - hashes.SHA1, +PKCS7HashTypes = typing.Union[ hashes.SHA224, hashes.SHA256, hashes.SHA384, hashes.SHA512, ] -_ALLOWED_PRIVATE_KEY_TYPES = typing.Union[ +PKCS7PrivateKeyTypes = typing.Union[ rsa.RSAPrivateKey, ec.EllipticCurvePrivateKey ] @@ -57,21 +48,22 @@ class PKCS7Options(utils.Enum): class PKCS7SignatureBuilder: def __init__( self, - data: typing.Optional[bytes] = None, - signers: typing.List[ - typing.Tuple[ + data: bytes | None = None, + signers: list[ + tuple[ x509.Certificate, - _ALLOWED_PRIVATE_KEY_TYPES, - _ALLOWED_PKCS7_HASH_TYPES, + PKCS7PrivateKeyTypes, + PKCS7HashTypes, + padding.PSS | padding.PKCS1v15 | None, ] ] = [], - additional_certs: typing.List[x509.Certificate] = [], + additional_certs: list[x509.Certificate] = [], ): self._data = data self._signers = signers self._additional_certs = additional_certs - def set_data(self, data: bytes) -> "PKCS7SignatureBuilder": + def set_data(self, data: bytes) -> PKCS7SignatureBuilder: _check_byteslike("data", data) if self._data is not None: raise ValueError("data may only be set once") @@ -81,13 +73,14 @@ def set_data(self, data: bytes) -> "PKCS7SignatureBuilder": def add_signer( self, certificate: x509.Certificate, - private_key: _ALLOWED_PRIVATE_KEY_TYPES, - hash_algorithm: _ALLOWED_PKCS7_HASH_TYPES, - ) -> "PKCS7SignatureBuilder": + private_key: PKCS7PrivateKeyTypes, + hash_algorithm: PKCS7HashTypes, + *, + rsa_padding: padding.PSS | padding.PKCS1v15 | None = None, + ) -> PKCS7SignatureBuilder: if not isinstance( hash_algorithm, ( - hashes.SHA1, hashes.SHA224, hashes.SHA256, hashes.SHA384, @@ -95,7 +88,7 @@ def add_signer( ), ): raise TypeError( - "hash_algorithm must be one of hashes.SHA1, SHA224, " + "hash_algorithm must be one of hashes.SHA224, " "SHA256, SHA384, or SHA512" ) if not isinstance(certificate, x509.Certificate): @@ -106,19 +99,28 @@ def add_signer( ): raise TypeError("Only RSA & EC keys are supported at this time.") + if rsa_padding is not None: + if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)): + raise TypeError("Padding must be PSS or PKCS1v15") + if not isinstance(private_key, rsa.RSAPrivateKey): + raise TypeError("Padding is only supported for RSA keys") + return PKCS7SignatureBuilder( self._data, - self._signers + [(certificate, private_key, hash_algorithm)], + [ + *self._signers, + (certificate, private_key, hash_algorithm, rsa_padding), + ], ) def add_certificate( self, certificate: x509.Certificate - ) -> "PKCS7SignatureBuilder": + ) -> PKCS7SignatureBuilder: if not isinstance(certificate, x509.Certificate): raise TypeError("certificate must be a x509.Certificate") return PKCS7SignatureBuilder( - self._data, self._signers, self._additional_certs + [certificate] + self._data, self._signers, [*self._additional_certs, certificate] ) def sign( @@ -173,8 +175,162 @@ def sign( "both values." ) + return rust_pkcs7.sign_and_serialize(self, encoding, options) + + +class PKCS7EnvelopeBuilder: + def __init__( + self, + *, + _data: bytes | None = None, + _recipients: list[x509.Certificate] | None = None, + ): from cryptography.hazmat.backends.openssl.backend import ( backend as ossl, ) - return ossl.pkcs7_sign(self, encoding, options) + if not ossl.rsa_encryption_supported(padding=padding.PKCS1v15()): + raise UnsupportedAlgorithm( + "RSA with PKCS1 v1.5 padding is not supported by this version" + " of OpenSSL.", + _Reasons.UNSUPPORTED_PADDING, + ) + self._data = _data + self._recipients = _recipients if _recipients is not None else [] + + def set_data(self, data: bytes) -> PKCS7EnvelopeBuilder: + _check_byteslike("data", data) + if self._data is not None: + raise ValueError("data may only be set once") + + return PKCS7EnvelopeBuilder(_data=data, _recipients=self._recipients) + + def add_recipient( + self, + certificate: x509.Certificate, + ) -> PKCS7EnvelopeBuilder: + if not isinstance(certificate, x509.Certificate): + raise TypeError("certificate must be a x509.Certificate") + + if not isinstance(certificate.public_key(), rsa.RSAPublicKey): + raise TypeError("Only RSA keys are supported at this time.") + + return PKCS7EnvelopeBuilder( + _data=self._data, + _recipients=[ + *self._recipients, + certificate, + ], + ) + + def encrypt( + self, + encoding: serialization.Encoding, + options: typing.Iterable[PKCS7Options], + ) -> bytes: + if len(self._recipients) == 0: + raise ValueError("Must have at least one recipient") + if self._data is None: + raise ValueError("You must add data to encrypt") + options = list(options) + if not all(isinstance(x, PKCS7Options) for x in options): + raise ValueError("options must be from the PKCS7Options enum") + if encoding not in ( + serialization.Encoding.PEM, + serialization.Encoding.DER, + serialization.Encoding.SMIME, + ): + raise ValueError( + "Must be PEM, DER, or SMIME from the Encoding enum" + ) + + # Only allow options that make sense for encryption + if any( + opt not in [PKCS7Options.Text, PKCS7Options.Binary] + for opt in options + ): + raise ValueError( + "Only the following options are supported for encryption: " + "Text, Binary" + ) + elif PKCS7Options.Text in options and PKCS7Options.Binary in options: + # OpenSSL accepts both options at the same time, but ignores Text. + # We fail defensively to avoid unexpected outputs. + raise ValueError( + "Cannot use Binary and Text options at the same time" + ) + + return rust_pkcs7.encrypt_and_serialize(self, encoding, options) + + +def _smime_signed_encode( + data: bytes, signature: bytes, micalg: str, text_mode: bool +) -> bytes: + # This function works pretty hard to replicate what OpenSSL does + # precisely. For good and for ill. + + m = email.message.Message() + m.add_header("MIME-Version", "1.0") + m.add_header( + "Content-Type", + "multipart/signed", + protocol="application/x-pkcs7-signature", + micalg=micalg, + ) + + m.preamble = "This is an S/MIME signed message\n" + + msg_part = OpenSSLMimePart() + msg_part.set_payload(data) + if text_mode: + msg_part.add_header("Content-Type", "text/plain") + m.attach(msg_part) + + sig_part = email.message.MIMEPart() + sig_part.add_header( + "Content-Type", "application/x-pkcs7-signature", name="smime.p7s" + ) + sig_part.add_header("Content-Transfer-Encoding", "base64") + sig_part.add_header( + "Content-Disposition", "attachment", filename="smime.p7s" + ) + sig_part.set_payload( + email.base64mime.body_encode(signature, maxlinelen=65) + ) + del sig_part["MIME-Version"] + m.attach(sig_part) + + fp = io.BytesIO() + g = email.generator.BytesGenerator( + fp, + maxheaderlen=0, + mangle_from_=False, + policy=m.policy.clone(linesep="\r\n"), + ) + g.flatten(m) + return fp.getvalue() + + +def _smime_enveloped_encode(data: bytes) -> bytes: + m = email.message.Message() + m.add_header("MIME-Version", "1.0") + m.add_header("Content-Disposition", "attachment", filename="smime.p7m") + m.add_header( + "Content-Type", + "application/pkcs7-mime", + smime_type="enveloped-data", + name="smime.p7m", + ) + m.add_header("Content-Transfer-Encoding", "base64") + + m.set_payload(email.base64mime.body_encode(data, maxlinelen=65)) + + return m.as_bytes(policy=m.policy.clone(linesep="\n", max_line_length=0)) + + +class OpenSSLMimePart(email.message.MIMEPart): + # A MIMEPart subclass that replicates OpenSSL's behavior of not including + # a newline if there are no headers. + def _write_headers(self, generator) -> None: + if list(self.raw_items()): + generator._write_headers(self) diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py index 7125bad..c01afb0 100644 --- a/src/cryptography/hazmat/primitives/serialization/ssh.py +++ b/src/cryptography/hazmat/primitives/serialization/ssh.py @@ -2,17 +2,34 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import binascii +import enum import os import re import typing +import warnings from base64 import encodebytes as _base64_encode +from dataclasses import dataclass from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm -from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, rsa -from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ( + dsa, + ec, + ed25519, + padding, + rsa, +) +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils +from cryptography.hazmat.primitives.ciphers import ( + AEADDecryptionContext, + Cipher, + algorithms, + modes, +) from cryptography.hazmat.primitives.serialization import ( Encoding, KeySerializationEncryption, @@ -47,6 +64,15 @@ def _bcrypt_kdf( _ECDSA_NISTP521 = b"ecdsa-sha2-nistp521" _CERT_SUFFIX = b"-cert-v01@openssh.com" +# U2F application string suffixed pubkey +_SK_SSH_ED25519 = b"sk-ssh-ed25519@openssh.com" +_SK_SSH_ECDSA_NISTP256 = b"sk-ecdsa-sha2-nistp256@openssh.com" + +# These are not key types, only algorithms, so they cannot appear +# as a public key type +_SSH_RSA_SHA256 = b"rsa-sha2-256" +_SSH_RSA_SHA512 = b"rsa-sha2-512" + _SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)") _SK_MAGIC = b"openssh-key-v1\0" _SK_START = b"-----BEGIN OPENSSH PRIVATE KEY-----" @@ -62,18 +88,47 @@ def _bcrypt_kdf( # padding for max blocksize _PADDING = memoryview(bytearray(range(1, 1 + 16))) + +@dataclass +class _SSHCipher: + alg: type[algorithms.AES] + key_len: int + mode: type[modes.CTR] | type[modes.CBC] | type[modes.GCM] + block_len: int + iv_len: int + tag_len: int | None + is_aead: bool + + # ciphers that are actually used in key wrapping -_SSH_CIPHERS: typing.Dict[ - bytes, - typing.Tuple[ - typing.Type[algorithms.AES], - int, - typing.Union[typing.Type[modes.CTR], typing.Type[modes.CBC]], - int, - ], -] = { - b"aes256-ctr": (algorithms.AES, 32, modes.CTR, 16), - b"aes256-cbc": (algorithms.AES, 32, modes.CBC, 16), +_SSH_CIPHERS: dict[bytes, _SSHCipher] = { + b"aes256-ctr": _SSHCipher( + alg=algorithms.AES, + key_len=32, + mode=modes.CTR, + block_len=16, + iv_len=16, + tag_len=None, + is_aead=False, + ), + b"aes256-cbc": _SSHCipher( + alg=algorithms.AES, + key_len=32, + mode=modes.CBC, + block_len=16, + iv_len=16, + tag_len=None, + is_aead=False, + ), + b"aes256-gcm@openssh.com": _SSHCipher( + alg=algorithms.AES, + key_len=32, + mode=modes.GCM, + block_len=16, + iv_len=12, + tag_len=16, + is_aead=True, + ), } # map local curve name to key type @@ -84,6 +139,25 @@ def _bcrypt_kdf( } +def _get_ssh_key_type(key: SSHPrivateKeyTypes | SSHPublicKeyTypes) -> bytes: + if isinstance(key, ec.EllipticCurvePrivateKey): + key_type = _ecdsa_key_type(key.public_key()) + elif isinstance(key, ec.EllipticCurvePublicKey): + key_type = _ecdsa_key_type(key) + elif isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)): + key_type = _SSH_RSA + elif isinstance(key, (dsa.DSAPrivateKey, dsa.DSAPublicKey)): + key_type = _SSH_DSA + elif isinstance( + key, (ed25519.Ed25519PrivateKey, ed25519.Ed25519PublicKey) + ): + key_type = _SSH_ED25519 + else: + raise ValueError("Unsupported key type") + + return key_type + + def _ecdsa_key_type(public_key: ec.EllipticCurvePublicKey) -> bytes: """Return SSH key_type and curve_name for private key.""" curve = public_key.curve @@ -116,34 +190,39 @@ def _check_empty(data: bytes) -> None: def _init_cipher( ciphername: bytes, - password: typing.Optional[bytes], + password: bytes | None, salt: bytes, rounds: int, -) -> Cipher[typing.Union[modes.CBC, modes.CTR]]: +) -> Cipher[modes.CBC | modes.CTR | modes.GCM]: """Generate key + iv and return cipher.""" if not password: raise ValueError("Key is password-protected.") - algo, key_len, mode, iv_len = _SSH_CIPHERS[ciphername] - seed = _bcrypt_kdf(password, salt, key_len + iv_len, rounds, True) - return Cipher(algo(seed[:key_len]), mode(seed[key_len:])) + ciph = _SSH_CIPHERS[ciphername] + seed = _bcrypt_kdf( + password, salt, ciph.key_len + ciph.iv_len, rounds, True + ) + return Cipher( + ciph.alg(seed[: ciph.key_len]), + ciph.mode(seed[ciph.key_len :]), + ) -def _get_u32(data: memoryview) -> typing.Tuple[int, memoryview]: +def _get_u32(data: memoryview) -> tuple[int, memoryview]: """Uint32""" if len(data) < 4: raise ValueError("Invalid data") return int.from_bytes(data[:4], byteorder="big"), data[4:] -def _get_u64(data: memoryview) -> typing.Tuple[int, memoryview]: +def _get_u64(data: memoryview) -> tuple[int, memoryview]: """Uint64""" if len(data) < 8: raise ValueError("Invalid data") return int.from_bytes(data[:8], byteorder="big"), data[8:] -def _get_sshstr(data: memoryview) -> typing.Tuple[memoryview, memoryview]: +def _get_sshstr(data: memoryview) -> tuple[memoryview, memoryview]: """Bytes with u32 length prefix""" n, data = _get_u32(data) if n > len(data): @@ -151,7 +230,7 @@ def _get_sshstr(data: memoryview) -> typing.Tuple[memoryview, memoryview]: return data[:n], data[n:] -def _get_mpint(data: memoryview) -> typing.Tuple[int, memoryview]: +def _get_mpint(data: memoryview) -> tuple[int, memoryview]: """Big integer.""" val, data = _get_sshstr(data) if val and val[0] > 0x7F: @@ -172,11 +251,9 @@ def _to_mpint(val: int) -> bytes: class _FragList: """Build recursive structure without data copy.""" - flist: typing.List[bytes] + flist: list[bytes] - def __init__( - self, init: typing.Optional[typing.List[bytes]] = None - ) -> None: + def __init__(self, init: list[bytes] | None = None) -> None: self.flist = [] if init: self.flist.extend(init) @@ -189,7 +266,11 @@ def put_u32(self, val: int) -> None: """Big-endian uint32""" self.flist.append(val.to_bytes(length=4, byteorder="big")) - def put_sshstr(self, val: typing.Union[bytes, "_FragList"]) -> None: + def put_u64(self, val: int) -> None: + """Big-endian uint64""" + self.flist.append(val.to_bytes(length=8, byteorder="big")) + + def put_sshstr(self, val: bytes | _FragList) -> None: """Bytes prefixed with u32 length""" if isinstance(val, (bytes, memoryview, bytearray)): self.put_u32(len(val)) @@ -230,7 +311,9 @@ class _SSHFormatRSA: mpint n, e, d, iqmp, p, q """ - def get_public(self, data: memoryview): + def get_public( + self, data: memoryview + ) -> tuple[tuple[int, int], memoryview]: """RSA public fields""" e, data = _get_mpint(data) n, data = _get_mpint(data) @@ -238,7 +321,7 @@ def get_public(self, data: memoryview): def load_public( self, data: memoryview - ) -> typing.Tuple[rsa.RSAPublicKey, memoryview]: + ) -> tuple[rsa.RSAPublicKey, memoryview]: """Make RSA public key from data.""" (e, n), data = self.get_public(data) public_numbers = rsa.RSAPublicNumbers(e, n) @@ -247,7 +330,7 @@ def load_public( def load_private( self, data: memoryview, pubfields - ) -> typing.Tuple[rsa.RSAPrivateKey, memoryview]: + ) -> tuple[rsa.RSAPrivateKey, memoryview]: """Make RSA private key from data.""" n, data = _get_mpint(data) e, data = _get_mpint(data) @@ -300,9 +383,7 @@ class _SSHFormatDSA: mpint p, q, g, y, x """ - def get_public( - self, data: memoryview - ) -> typing.Tuple[typing.Tuple, memoryview]: + def get_public(self, data: memoryview) -> tuple[tuple, memoryview]: """DSA public fields""" p, data = _get_mpint(data) q, data = _get_mpint(data) @@ -312,7 +393,7 @@ def get_public( def load_public( self, data: memoryview - ) -> typing.Tuple[dsa.DSAPublicKey, memoryview]: + ) -> tuple[dsa.DSAPublicKey, memoryview]: """Make DSA public key from data.""" (p, q, g, y), data = self.get_public(data) parameter_numbers = dsa.DSAParameterNumbers(p, q, g) @@ -323,7 +404,7 @@ def load_public( def load_private( self, data: memoryview, pubfields - ) -> typing.Tuple[dsa.DSAPrivateKey, memoryview]: + ) -> tuple[dsa.DSAPrivateKey, memoryview]: """Make DSA private key from data.""" (p, q, g, y), data = self.get_public(data) x, data = _get_mpint(data) @@ -381,7 +462,7 @@ def __init__(self, ssh_curve_name: bytes, curve: ec.EllipticCurve): def get_public( self, data: memoryview - ) -> typing.Tuple[typing.Tuple, memoryview]: + ) -> tuple[tuple[memoryview, memoryview], memoryview]: """ECDSA public fields""" curve, data = _get_sshstr(data) point, data = _get_sshstr(data) @@ -393,9 +474,9 @@ def get_public( def load_public( self, data: memoryview - ) -> typing.Tuple[ec.EllipticCurvePublicKey, memoryview]: + ) -> tuple[ec.EllipticCurvePublicKey, memoryview]: """Make ECDSA public key from data.""" - (curve_name, point), data = self.get_public(data) + (_, point), data = self.get_public(data) public_key = ec.EllipticCurvePublicKey.from_encoded_point( self.curve, point.tobytes() ) @@ -403,7 +484,7 @@ def load_public( def load_private( self, data: memoryview, pubfields - ) -> typing.Tuple[ec.EllipticCurvePrivateKey, memoryview]: + ) -> tuple[ec.EllipticCurvePrivateKey, memoryview]: """Make ECDSA private key from data.""" (curve_name, point), data = self.get_public(data) secret, data = _get_mpint(data) @@ -446,14 +527,14 @@ class _SSHFormatEd25519: def get_public( self, data: memoryview - ) -> typing.Tuple[typing.Tuple, memoryview]: + ) -> tuple[tuple[memoryview], memoryview]: """Ed25519 public fields""" point, data = _get_sshstr(data) return (point,), data def load_public( self, data: memoryview - ) -> typing.Tuple[ed25519.Ed25519PublicKey, memoryview]: + ) -> tuple[ed25519.Ed25519PublicKey, memoryview]: """Make Ed25519 public key from data.""" (point,), data = self.get_public(data) public_key = ed25519.Ed25519PublicKey.from_public_bytes( @@ -463,7 +544,7 @@ def load_public( def load_private( self, data: memoryview, pubfields - ) -> typing.Tuple[ed25519.Ed25519PrivateKey, memoryview]: + ) -> tuple[ed25519.Ed25519PrivateKey, memoryview]: """Make Ed25519 private key from data.""" (point,), data = self.get_public(data) keypair, data = _get_sshstr(data) @@ -501,6 +582,56 @@ def encode_private( f_priv.put_sshstr(f_keypair) +def load_application(data) -> tuple[memoryview, memoryview]: + """ + U2F application strings + """ + application, data = _get_sshstr(data) + if not application.tobytes().startswith(b"ssh:"): + raise ValueError( + "U2F application string does not start with b'ssh:' " + f"({application})" + ) + return application, data + + +class _SSHFormatSKEd25519: + """ + The format of a sk-ssh-ed25519@openssh.com public key is: + + string "sk-ssh-ed25519@openssh.com" + string public key + string application (user-specified, but typically "ssh:") + """ + + def load_public( + self, data: memoryview + ) -> tuple[ed25519.Ed25519PublicKey, memoryview]: + """Make Ed25519 public key from data.""" + public_key, data = _lookup_kformat(_SSH_ED25519).load_public(data) + _, data = load_application(data) + return public_key, data + + +class _SSHFormatSKECDSA: + """ + The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is: + + string "sk-ecdsa-sha2-nistp256@openssh.com" + string curve name + ec_point Q + string application (user-specified, but typically "ssh:") + """ + + def load_public( + self, data: memoryview + ) -> tuple[ec.EllipticCurvePublicKey, memoryview]: + """Make ECDSA public key from data.""" + public_key, data = _lookup_kformat(_ECDSA_NISTP256).load_public(data) + _, data = load_application(data) + return public_key, data + + _KEY_FORMATS = { _SSH_RSA: _SSHFormatRSA(), _SSH_DSA: _SSHFormatDSA(), @@ -508,6 +639,8 @@ def encode_private( _ECDSA_NISTP256: _SSHFormatECDSA(b"nistp256", ec.SECP256R1()), _ECDSA_NISTP384: _SSHFormatECDSA(b"nistp384", ec.SECP384R1()), _ECDSA_NISTP521: _SSHFormatECDSA(b"nistp521", ec.SECP521R1()), + _SK_SSH_ED25519: _SSHFormatSKEd25519(), + _SK_SSH_ECDSA_NISTP256: _SSHFormatSKECDSA(), } @@ -520,7 +653,7 @@ def _lookup_kformat(key_type: bytes): raise UnsupportedAlgorithm(f"Unsupported key type: {key_type!r}") -_SSH_PRIVATE_KEY_TYPES = typing.Union[ +SSHPrivateKeyTypes = typing.Union[ ec.EllipticCurvePrivateKey, rsa.RSAPrivateKey, dsa.DSAPrivateKey, @@ -530,9 +663,9 @@ def _lookup_kformat(key_type: bytes): def load_ssh_private_key( data: bytes, - password: typing.Optional[bytes], + password: bytes | None, backend: typing.Any = None, -) -> _SSH_PRIVATE_KEY_TYPES: +) -> SSHPrivateKeyTypes: """Load private key from OpenSSH custom encoding.""" utils._check_byteslike("data", data) if password is not None: @@ -563,10 +696,6 @@ def load_ssh_private_key( pubfields, pubdata = kformat.get_public(pubdata) _check_empty(pubdata) - # load secret data - edata, data = _get_sshstr(data) - _check_empty(data) - if (ciphername, kdfname) != (_NONE, _NONE): ciphername_bytes = ciphername.tobytes() if ciphername_bytes not in _SSH_CIPHERS: @@ -575,14 +704,36 @@ def load_ssh_private_key( ) if kdfname != _BCRYPT: raise UnsupportedAlgorithm(f"Unsupported KDF: {kdfname!r}") - blklen = _SSH_CIPHERS[ciphername_bytes][3] + blklen = _SSH_CIPHERS[ciphername_bytes].block_len + tag_len = _SSH_CIPHERS[ciphername_bytes].tag_len + # load secret data + edata, data = _get_sshstr(data) + # see https://bugzilla.mindrot.org/show_bug.cgi?id=3553 for + # information about how OpenSSH handles AEAD tags + if _SSH_CIPHERS[ciphername_bytes].is_aead: + tag = bytes(data) + if len(tag) != tag_len: + raise ValueError("Corrupt data: invalid tag length for cipher") + else: + _check_empty(data) _check_block_size(edata, blklen) salt, kbuf = _get_sshstr(kdfoptions) rounds, kbuf = _get_u32(kbuf) _check_empty(kbuf) ciph = _init_cipher(ciphername_bytes, password, salt.tobytes(), rounds) - edata = memoryview(ciph.decryptor().update(edata)) + dec = ciph.decryptor() + edata = memoryview(dec.update(edata)) + if _SSH_CIPHERS[ciphername_bytes].is_aead: + assert isinstance(dec, AEADDecryptionContext) + _check_empty(dec.finalize_with_tag(tag)) + else: + # _check_block_size requires data to be a full block so there + # should be no output from finalize + _check_empty(dec.finalize()) else: + # load secret data + edata, data = _get_sshstr(data) + _check_empty(data) blklen = 8 _check_block_size(edata, blklen) ck1, edata = _get_u32(edata) @@ -595,41 +746,48 @@ def load_ssh_private_key( if key_type != pub_key_type: raise ValueError("Corrupt data: key type mismatch") private_key, edata = kformat.load_private(edata, pubfields) - comment, edata = _get_sshstr(edata) + # We don't use the comment + _, edata = _get_sshstr(edata) # yes, SSH does padding check *after* all other parsing is done. # need to follow as it writes zero-byte padding too. if edata != _PADDING[: len(edata)]: raise ValueError("Corrupt data: invalid padding") + if isinstance(private_key, dsa.DSAPrivateKey): + warnings.warn( + "SSH DSA keys are deprecated and will be removed in a future " + "release.", + utils.DeprecatedIn40, + stacklevel=2, + ) + return private_key def _serialize_ssh_private_key( - private_key: _SSH_PRIVATE_KEY_TYPES, + private_key: SSHPrivateKeyTypes, password: bytes, encryption_algorithm: KeySerializationEncryption, ) -> bytes: """Serialize private key with OpenSSH custom encoding.""" utils._check_bytes("password", password) + if isinstance(private_key, dsa.DSAPrivateKey): + warnings.warn( + "SSH DSA key support is deprecated and will be " + "removed in a future release", + utils.DeprecatedIn40, + stacklevel=4, + ) - if isinstance(private_key, ec.EllipticCurvePrivateKey): - key_type = _ecdsa_key_type(private_key.public_key()) - elif isinstance(private_key, rsa.RSAPrivateKey): - key_type = _SSH_RSA - elif isinstance(private_key, dsa.DSAPrivateKey): - key_type = _SSH_DSA - elif isinstance(private_key, ed25519.Ed25519PrivateKey): - key_type = _SSH_ED25519 - else: - raise ValueError("Unsupported key type") + key_type = _get_ssh_key_type(private_key) kformat = _lookup_kformat(key_type) # setup parameters f_kdfoptions = _FragList() if password: ciphername = _DEFAULT_CIPHER - blklen = _SSH_CIPHERS[ciphername][3] + blklen = _SSH_CIPHERS[ciphername].block_len kdfname = _BCRYPT rounds = _DEFAULT_ROUNDS if ( @@ -684,18 +842,168 @@ def _serialize_ssh_private_key( return _ssh_pem_encode(buf[:mlen]) -_SSH_PUBLIC_KEY_TYPES = typing.Union[ +SSHPublicKeyTypes = typing.Union[ ec.EllipticCurvePublicKey, rsa.RSAPublicKey, dsa.DSAPublicKey, ed25519.Ed25519PublicKey, ] +SSHCertPublicKeyTypes = typing.Union[ + ec.EllipticCurvePublicKey, + rsa.RSAPublicKey, + ed25519.Ed25519PublicKey, +] -def load_ssh_public_key( - data: bytes, backend: typing.Any = None -) -> _SSH_PUBLIC_KEY_TYPES: - """Load public key from OpenSSH one-line format.""" + +class SSHCertificateType(enum.Enum): + USER = 1 + HOST = 2 + + +class SSHCertificate: + def __init__( + self, + _nonce: memoryview, + _public_key: SSHPublicKeyTypes, + _serial: int, + _cctype: int, + _key_id: memoryview, + _valid_principals: list[bytes], + _valid_after: int, + _valid_before: int, + _critical_options: dict[bytes, bytes], + _extensions: dict[bytes, bytes], + _sig_type: memoryview, + _sig_key: memoryview, + _inner_sig_type: memoryview, + _signature: memoryview, + _tbs_cert_body: memoryview, + _cert_key_type: bytes, + _cert_body: memoryview, + ): + self._nonce = _nonce + self._public_key = _public_key + self._serial = _serial + try: + self._type = SSHCertificateType(_cctype) + except ValueError: + raise ValueError("Invalid certificate type") + self._key_id = _key_id + self._valid_principals = _valid_principals + self._valid_after = _valid_after + self._valid_before = _valid_before + self._critical_options = _critical_options + self._extensions = _extensions + self._sig_type = _sig_type + self._sig_key = _sig_key + self._inner_sig_type = _inner_sig_type + self._signature = _signature + self._cert_key_type = _cert_key_type + self._cert_body = _cert_body + self._tbs_cert_body = _tbs_cert_body + + @property + def nonce(self) -> bytes: + return bytes(self._nonce) + + def public_key(self) -> SSHCertPublicKeyTypes: + # make mypy happy until we remove DSA support entirely and + # the underlying union won't have a disallowed type + return typing.cast(SSHCertPublicKeyTypes, self._public_key) + + @property + def serial(self) -> int: + return self._serial + + @property + def type(self) -> SSHCertificateType: + return self._type + + @property + def key_id(self) -> bytes: + return bytes(self._key_id) + + @property + def valid_principals(self) -> list[bytes]: + return self._valid_principals + + @property + def valid_before(self) -> int: + return self._valid_before + + @property + def valid_after(self) -> int: + return self._valid_after + + @property + def critical_options(self) -> dict[bytes, bytes]: + return self._critical_options + + @property + def extensions(self) -> dict[bytes, bytes]: + return self._extensions + + def signature_key(self) -> SSHCertPublicKeyTypes: + sigformat = _lookup_kformat(self._sig_type) + signature_key, sigkey_rest = sigformat.load_public(self._sig_key) + _check_empty(sigkey_rest) + return signature_key + + def public_bytes(self) -> bytes: + return ( + bytes(self._cert_key_type) + + b" " + + binascii.b2a_base64(bytes(self._cert_body), newline=False) + ) + + def verify_cert_signature(self) -> None: + signature_key = self.signature_key() + if isinstance(signature_key, ed25519.Ed25519PublicKey): + signature_key.verify( + bytes(self._signature), bytes(self._tbs_cert_body) + ) + elif isinstance(signature_key, ec.EllipticCurvePublicKey): + # The signature is encoded as a pair of big-endian integers + r, data = _get_mpint(self._signature) + s, data = _get_mpint(data) + _check_empty(data) + computed_sig = asym_utils.encode_dss_signature(r, s) + hash_alg = _get_ec_hash_alg(signature_key.curve) + signature_key.verify( + computed_sig, bytes(self._tbs_cert_body), ec.ECDSA(hash_alg) + ) + else: + assert isinstance(signature_key, rsa.RSAPublicKey) + if self._inner_sig_type == _SSH_RSA: + hash_alg = hashes.SHA1() + elif self._inner_sig_type == _SSH_RSA_SHA256: + hash_alg = hashes.SHA256() + else: + assert self._inner_sig_type == _SSH_RSA_SHA512 + hash_alg = hashes.SHA512() + signature_key.verify( + bytes(self._signature), + bytes(self._tbs_cert_body), + padding.PKCS1v15(), + hash_alg, + ) + + +def _get_ec_hash_alg(curve: ec.EllipticCurve) -> hashes.HashAlgorithm: + if isinstance(curve, ec.SECP256R1): + return hashes.SHA256() + elif isinstance(curve, ec.SECP384R1): + return hashes.SHA384() + else: + assert isinstance(curve, ec.SECP521R1) + return hashes.SHA512() + + +def _load_ssh_public_identity( + data: bytes, + _legacy_dsa_allowed=False, +) -> SSHCertificate | SSHPublicKeyTypes: utils._check_byteslike("data", data) m = _SSH_PUBKEY_RC.match(data) @@ -704,16 +1012,22 @@ def load_ssh_public_key( key_type = orig_key_type = m.group(1) key_body = m.group(2) with_cert = False - if _CERT_SUFFIX == key_type[-len(_CERT_SUFFIX) :]: + if key_type.endswith(_CERT_SUFFIX): with_cert = True key_type = key_type[: -len(_CERT_SUFFIX)] + if key_type == _SSH_DSA and not _legacy_dsa_allowed: + raise UnsupportedAlgorithm( + "DSA keys aren't supported in SSH certificates" + ) kformat = _lookup_kformat(key_type) try: rest = memoryview(binascii.a2b_base64(key_body)) except (TypeError, binascii.Error): - raise ValueError("Invalid key format") + raise ValueError("Invalid format") + if with_cert: + cert_body = rest inner_key_type, rest = _get_sshstr(rest) if inner_key_type != orig_key_type: raise ValueError("Invalid key format") @@ -725,29 +1039,118 @@ def load_ssh_public_key( cctype, rest = _get_u32(rest) key_id, rest = _get_sshstr(rest) principals, rest = _get_sshstr(rest) + valid_principals = [] + while principals: + principal, principals = _get_sshstr(principals) + valid_principals.append(bytes(principal)) valid_after, rest = _get_u64(rest) valid_before, rest = _get_u64(rest) crit_options, rest = _get_sshstr(rest) - extensions, rest = _get_sshstr(rest) - reserved, rest = _get_sshstr(rest) - sig_key, rest = _get_sshstr(rest) - signature, rest = _get_sshstr(rest) - _check_empty(rest) + critical_options = _parse_exts_opts(crit_options) + exts, rest = _get_sshstr(rest) + extensions = _parse_exts_opts(exts) + # Get the reserved field, which is unused. + _, rest = _get_sshstr(rest) + sig_key_raw, rest = _get_sshstr(rest) + sig_type, sig_key = _get_sshstr(sig_key_raw) + if sig_type == _SSH_DSA and not _legacy_dsa_allowed: + raise UnsupportedAlgorithm( + "DSA signatures aren't supported in SSH certificates" + ) + # Get the entire cert body and subtract the signature + tbs_cert_body = cert_body[: -len(rest)] + signature_raw, rest = _get_sshstr(rest) + _check_empty(rest) + inner_sig_type, sig_rest = _get_sshstr(signature_raw) + # RSA certs can have multiple algorithm types + if ( + sig_type == _SSH_RSA + and inner_sig_type + not in [_SSH_RSA_SHA256, _SSH_RSA_SHA512, _SSH_RSA] + ) or (sig_type != _SSH_RSA and inner_sig_type != sig_type): + raise ValueError("Signature key type does not match") + signature, sig_rest = _get_sshstr(sig_rest) + _check_empty(sig_rest) + return SSHCertificate( + nonce, + public_key, + serial, + cctype, + key_id, + valid_principals, + valid_after, + valid_before, + critical_options, + extensions, + sig_type, + sig_key, + inner_sig_type, + signature, + tbs_cert_body, + orig_key_type, + cert_body, + ) + else: + _check_empty(rest) + return public_key + + +def load_ssh_public_identity( + data: bytes, +) -> SSHCertificate | SSHPublicKeyTypes: + return _load_ssh_public_identity(data) + + +def _parse_exts_opts(exts_opts: memoryview) -> dict[bytes, bytes]: + result: dict[bytes, bytes] = {} + last_name = None + while exts_opts: + name, exts_opts = _get_sshstr(exts_opts) + bname: bytes = bytes(name) + if bname in result: + raise ValueError("Duplicate name") + if last_name is not None and bname < last_name: + raise ValueError("Fields not lexically sorted") + value, exts_opts = _get_sshstr(exts_opts) + if len(value) > 0: + value, extra = _get_sshstr(value) + if len(extra) > 0: + raise ValueError("Unexpected extra data after value") + result[bname] = bytes(value) + last_name = bname + return result + + +def load_ssh_public_key( + data: bytes, backend: typing.Any = None +) -> SSHPublicKeyTypes: + cert_or_key = _load_ssh_public_identity(data, _legacy_dsa_allowed=True) + public_key: SSHPublicKeyTypes + if isinstance(cert_or_key, SSHCertificate): + public_key = cert_or_key.public_key() + else: + public_key = cert_or_key + + if isinstance(public_key, dsa.DSAPublicKey): + warnings.warn( + "SSH DSA keys are deprecated and will be removed in a future " + "release.", + utils.DeprecatedIn40, + stacklevel=2, + ) return public_key -def serialize_ssh_public_key(public_key: _SSH_PUBLIC_KEY_TYPES) -> bytes: +def serialize_ssh_public_key(public_key: SSHPublicKeyTypes) -> bytes: """One-line public key format for OpenSSH""" - if isinstance(public_key, ec.EllipticCurvePublicKey): - key_type = _ecdsa_key_type(public_key) - elif isinstance(public_key, rsa.RSAPublicKey): - key_type = _SSH_RSA - elif isinstance(public_key, dsa.DSAPublicKey): - key_type = _SSH_DSA - elif isinstance(public_key, ed25519.Ed25519PublicKey): - key_type = _SSH_ED25519 - else: - raise ValueError("Unsupported key type") + if isinstance(public_key, dsa.DSAPublicKey): + warnings.warn( + "SSH DSA key support is deprecated and will be " + "removed in a future release", + utils.DeprecatedIn40, + stacklevel=4, + ) + key_type = _get_ssh_key_type(public_key) kformat = _lookup_kformat(key_type) f_pub = _FragList() @@ -756,3 +1159,411 @@ def serialize_ssh_public_key(public_key: _SSH_PUBLIC_KEY_TYPES) -> bytes: pub = binascii.b2a_base64(f_pub.tobytes()).strip() return b"".join([key_type, b" ", pub]) + + +SSHCertPrivateKeyTypes = typing.Union[ + ec.EllipticCurvePrivateKey, + rsa.RSAPrivateKey, + ed25519.Ed25519PrivateKey, +] + + +# This is an undocumented limit enforced in the openssh codebase for sshd and +# ssh-keygen, but it is undefined in the ssh certificates spec. +_SSHKEY_CERT_MAX_PRINCIPALS = 256 + + +class SSHCertificateBuilder: + def __init__( + self, + _public_key: SSHCertPublicKeyTypes | None = None, + _serial: int | None = None, + _type: SSHCertificateType | None = None, + _key_id: bytes | None = None, + _valid_principals: list[bytes] = [], + _valid_for_all_principals: bool = False, + _valid_before: int | None = None, + _valid_after: int | None = None, + _critical_options: list[tuple[bytes, bytes]] = [], + _extensions: list[tuple[bytes, bytes]] = [], + ): + self._public_key = _public_key + self._serial = _serial + self._type = _type + self._key_id = _key_id + self._valid_principals = _valid_principals + self._valid_for_all_principals = _valid_for_all_principals + self._valid_before = _valid_before + self._valid_after = _valid_after + self._critical_options = _critical_options + self._extensions = _extensions + + def public_key( + self, public_key: SSHCertPublicKeyTypes + ) -> SSHCertificateBuilder: + if not isinstance( + public_key, + ( + ec.EllipticCurvePublicKey, + rsa.RSAPublicKey, + ed25519.Ed25519PublicKey, + ), + ): + raise TypeError("Unsupported key type") + if self._public_key is not None: + raise ValueError("public_key already set") + + return SSHCertificateBuilder( + _public_key=public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def serial(self, serial: int) -> SSHCertificateBuilder: + if not isinstance(serial, int): + raise TypeError("serial must be an integer") + if not 0 <= serial < 2**64: + raise ValueError("serial must be between 0 and 2**64") + if self._serial is not None: + raise ValueError("serial already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def type(self, type: SSHCertificateType) -> SSHCertificateBuilder: + if not isinstance(type, SSHCertificateType): + raise TypeError("type must be an SSHCertificateType") + if self._type is not None: + raise ValueError("type already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def key_id(self, key_id: bytes) -> SSHCertificateBuilder: + if not isinstance(key_id, bytes): + raise TypeError("key_id must be bytes") + if self._key_id is not None: + raise ValueError("key_id already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def valid_principals( + self, valid_principals: list[bytes] + ) -> SSHCertificateBuilder: + if self._valid_for_all_principals: + raise ValueError( + "Principals can't be set because the cert is valid " + "for all principals" + ) + if ( + not all(isinstance(x, bytes) for x in valid_principals) + or not valid_principals + ): + raise TypeError( + "principals must be a list of bytes and can't be empty" + ) + if self._valid_principals: + raise ValueError("valid_principals already set") + + if len(valid_principals) > _SSHKEY_CERT_MAX_PRINCIPALS: + raise ValueError( + "Reached or exceeded the maximum number of valid_principals" + ) + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def valid_for_all_principals(self): + if self._valid_principals: + raise ValueError( + "valid_principals already set, can't set " + "valid_for_all_principals" + ) + if self._valid_for_all_principals: + raise ValueError("valid_for_all_principals already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=True, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def valid_before(self, valid_before: int | float) -> SSHCertificateBuilder: + if not isinstance(valid_before, (int, float)): + raise TypeError("valid_before must be an int or float") + valid_before = int(valid_before) + if valid_before < 0 or valid_before >= 2**64: + raise ValueError("valid_before must [0, 2**64)") + if self._valid_before is not None: + raise ValueError("valid_before already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def valid_after(self, valid_after: int | float) -> SSHCertificateBuilder: + if not isinstance(valid_after, (int, float)): + raise TypeError("valid_after must be an int or float") + valid_after = int(valid_after) + if valid_after < 0 or valid_after >= 2**64: + raise ValueError("valid_after must [0, 2**64)") + if self._valid_after is not None: + raise ValueError("valid_after already set") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=valid_after, + _critical_options=self._critical_options, + _extensions=self._extensions, + ) + + def add_critical_option( + self, name: bytes, value: bytes + ) -> SSHCertificateBuilder: + if not isinstance(name, bytes) or not isinstance(value, bytes): + raise TypeError("name and value must be bytes") + # This is O(n**2) + if name in [name for name, _ in self._critical_options]: + raise ValueError("Duplicate critical option name") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=[*self._critical_options, (name, value)], + _extensions=self._extensions, + ) + + def add_extension( + self, name: bytes, value: bytes + ) -> SSHCertificateBuilder: + if not isinstance(name, bytes) or not isinstance(value, bytes): + raise TypeError("name and value must be bytes") + # This is O(n**2) + if name in [name for name, _ in self._extensions]: + raise ValueError("Duplicate extension name") + + return SSHCertificateBuilder( + _public_key=self._public_key, + _serial=self._serial, + _type=self._type, + _key_id=self._key_id, + _valid_principals=self._valid_principals, + _valid_for_all_principals=self._valid_for_all_principals, + _valid_before=self._valid_before, + _valid_after=self._valid_after, + _critical_options=self._critical_options, + _extensions=[*self._extensions, (name, value)], + ) + + def sign(self, private_key: SSHCertPrivateKeyTypes) -> SSHCertificate: + if not isinstance( + private_key, + ( + ec.EllipticCurvePrivateKey, + rsa.RSAPrivateKey, + ed25519.Ed25519PrivateKey, + ), + ): + raise TypeError("Unsupported private key type") + + if self._public_key is None: + raise ValueError("public_key must be set") + + # Not required + serial = 0 if self._serial is None else self._serial + + if self._type is None: + raise ValueError("type must be set") + + # Not required + key_id = b"" if self._key_id is None else self._key_id + + # A zero length list is valid, but means the certificate + # is valid for any principal of the specified type. We require + # the user to explicitly set valid_for_all_principals to get + # that behavior. + if not self._valid_principals and not self._valid_for_all_principals: + raise ValueError( + "valid_principals must be set if valid_for_all_principals " + "is False" + ) + + if self._valid_before is None: + raise ValueError("valid_before must be set") + + if self._valid_after is None: + raise ValueError("valid_after must be set") + + if self._valid_after > self._valid_before: + raise ValueError("valid_after must be earlier than valid_before") + + # lexically sort our byte strings + self._critical_options.sort(key=lambda x: x[0]) + self._extensions.sort(key=lambda x: x[0]) + + key_type = _get_ssh_key_type(self._public_key) + cert_prefix = key_type + _CERT_SUFFIX + + # Marshal the bytes to be signed + nonce = os.urandom(32) + kformat = _lookup_kformat(key_type) + f = _FragList() + f.put_sshstr(cert_prefix) + f.put_sshstr(nonce) + kformat.encode_public(self._public_key, f) + f.put_u64(serial) + f.put_u32(self._type.value) + f.put_sshstr(key_id) + fprincipals = _FragList() + for p in self._valid_principals: + fprincipals.put_sshstr(p) + f.put_sshstr(fprincipals.tobytes()) + f.put_u64(self._valid_after) + f.put_u64(self._valid_before) + fcrit = _FragList() + for name, value in self._critical_options: + fcrit.put_sshstr(name) + if len(value) > 0: + foptval = _FragList() + foptval.put_sshstr(value) + fcrit.put_sshstr(foptval.tobytes()) + else: + fcrit.put_sshstr(value) + f.put_sshstr(fcrit.tobytes()) + fext = _FragList() + for name, value in self._extensions: + fext.put_sshstr(name) + if len(value) > 0: + fextval = _FragList() + fextval.put_sshstr(value) + fext.put_sshstr(fextval.tobytes()) + else: + fext.put_sshstr(value) + f.put_sshstr(fext.tobytes()) + f.put_sshstr(b"") # RESERVED FIELD + # encode CA public key + ca_type = _get_ssh_key_type(private_key) + caformat = _lookup_kformat(ca_type) + caf = _FragList() + caf.put_sshstr(ca_type) + caformat.encode_public(private_key.public_key(), caf) + f.put_sshstr(caf.tobytes()) + # Sigs according to the rules defined for the CA's public key + # (RFC4253 section 6.6 for ssh-rsa, RFC5656 for ECDSA, + # and RFC8032 for Ed25519). + if isinstance(private_key, ed25519.Ed25519PrivateKey): + signature = private_key.sign(f.tobytes()) + fsig = _FragList() + fsig.put_sshstr(ca_type) + fsig.put_sshstr(signature) + f.put_sshstr(fsig.tobytes()) + elif isinstance(private_key, ec.EllipticCurvePrivateKey): + hash_alg = _get_ec_hash_alg(private_key.curve) + signature = private_key.sign(f.tobytes(), ec.ECDSA(hash_alg)) + r, s = asym_utils.decode_dss_signature(signature) + fsig = _FragList() + fsig.put_sshstr(ca_type) + fsigblob = _FragList() + fsigblob.put_mpint(r) + fsigblob.put_mpint(s) + fsig.put_sshstr(fsigblob.tobytes()) + f.put_sshstr(fsig.tobytes()) + + else: + assert isinstance(private_key, rsa.RSAPrivateKey) + # Just like Golang, we're going to use SHA512 for RSA + # https://cs.opensource.google/go/x/crypto/+/refs/tags/ + # v0.4.0:ssh/certs.go;l=445 + # RFC 8332 defines SHA256 and 512 as options + fsig = _FragList() + fsig.put_sshstr(_SSH_RSA_SHA512) + signature = private_key.sign( + f.tobytes(), padding.PKCS1v15(), hashes.SHA512() + ) + fsig.put_sshstr(signature) + f.put_sshstr(fsig.tobytes()) + + cert_data = binascii.b2a_base64(f.tobytes()).strip() + # load_ssh_public_identity returns a union, but this is + # guaranteed to be an SSHCertificate, so we cast to make + # mypy happy. + return typing.cast( + SSHCertificate, + load_ssh_public_identity(b"".join([cert_prefix, b" ", cert_data])), + ) diff --git a/src/cryptography/hazmat/primitives/twofactor/__init__.py b/src/cryptography/hazmat/primitives/twofactor/__init__.py index 8a8b30f..c1af423 100644 --- a/src/cryptography/hazmat/primitives/twofactor/__init__.py +++ b/src/cryptography/hazmat/primitives/twofactor/__init__.py @@ -2,6 +2,8 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + class InvalidToken(Exception): pass diff --git a/src/cryptography/hazmat/primitives/twofactor/hotp.py b/src/cryptography/hazmat/primitives/twofactor/hotp.py index 9730af2..af5ab6e 100644 --- a/src/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/src/cryptography/hazmat/primitives/twofactor/hotp.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import base64 import typing @@ -11,16 +12,15 @@ from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 from cryptography.hazmat.primitives.twofactor import InvalidToken - -_ALLOWED_HASH_TYPES = typing.Union[SHA1, SHA256, SHA512] +HOTPHashTypes = typing.Union[SHA1, SHA256, SHA512] def _generate_uri( - hotp: "HOTP", + hotp: HOTP, type_name: str, account_name: str, - issuer: typing.Optional[str], - extra_parameters: typing.List[typing.Tuple[str, int]], + issuer: str | None, + extra_parameters: list[tuple[str, int]], ) -> str: parameters = [ ("digits", hotp._length), @@ -46,7 +46,7 @@ def __init__( self, key: bytes, length: int, - algorithm: _ALLOWED_HASH_TYPES, + algorithm: HOTPHashTypes, backend: typing.Any = None, enforce_key_length: bool = True, ) -> None: @@ -57,7 +57,7 @@ def __init__( raise TypeError("Length parameter must be an integer type.") if length < 6 or length > 8: - raise ValueError("Length of HOTP has to be between 6 to 8.") + raise ValueError("Length of HOTP has to be between 6 and 8.") if not isinstance(algorithm, (SHA1, SHA256, SHA512)): raise TypeError("Algorithm must be SHA1, SHA256 or SHA512.") @@ -85,7 +85,7 @@ def _dynamic_truncate(self, counter: int) -> int: return int.from_bytes(p, byteorder="big") & 0x7FFFFFFF def get_provisioning_uri( - self, account_name: str, counter: int, issuer: typing.Optional[str] + self, account_name: str, counter: int, issuer: str | None ) -> str: return _generate_uri( self, "hotp", account_name, issuer, [("counter", int(counter))] diff --git a/src/cryptography/hazmat/primitives/twofactor/totp.py b/src/cryptography/hazmat/primitives/twofactor/totp.py index 317baba..68a5077 100644 --- a/src/cryptography/hazmat/primitives/twofactor/totp.py +++ b/src/cryptography/hazmat/primitives/twofactor/totp.py @@ -2,13 +2,15 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import typing from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor import InvalidToken from cryptography.hazmat.primitives.twofactor.hotp import ( HOTP, - _ALLOWED_HASH_TYPES, + HOTPHashTypes, _generate_uri, ) @@ -18,7 +20,7 @@ def __init__( self, key: bytes, length: int, - algorithm: _ALLOWED_HASH_TYPES, + algorithm: HOTPHashTypes, time_step: int, backend: typing.Any = None, enforce_key_length: bool = True, @@ -28,7 +30,7 @@ def __init__( key, length, algorithm, enforce_key_length=enforce_key_length ) - def generate(self, time: typing.Union[int, float]) -> bytes: + def generate(self, time: int | float) -> bytes: counter = int(time / self._time_step) return self._hotp.generate(counter) @@ -37,7 +39,7 @@ def verify(self, totp: bytes, time: int) -> None: raise InvalidToken("Supplied TOTP value does not match.") def get_provisioning_uri( - self, account_name: str, issuer: typing.Optional[str] + self, account_name: str, issuer: str | None ) -> str: return _generate_uri( self._hotp, diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 67d813b..706d0ae 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -2,10 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -import abc import enum -import inspect import sys import types import typing @@ -13,7 +12,7 @@ # We use a UserWarning subclass, instead of DeprecationWarning, because CPython -# decided deprecation warnings should be invisble by default. +# decided deprecation warnings should be invisible by default. class CryptographyDeprecationWarning(UserWarning): pass @@ -21,26 +20,29 @@ class CryptographyDeprecationWarning(UserWarning): # Several APIs were deprecated with no specific end-of-life date because of the # ubiquity of their use. They should not be removed until we agree on when that # cycle ends. -PersistentlyDeprecated2019 = CryptographyDeprecationWarning -DeprecatedIn35 = CryptographyDeprecationWarning DeprecatedIn36 = CryptographyDeprecationWarning DeprecatedIn37 = CryptographyDeprecationWarning -DeprecatedIn38 = CryptographyDeprecationWarning +DeprecatedIn40 = CryptographyDeprecationWarning +DeprecatedIn41 = CryptographyDeprecationWarning +DeprecatedIn42 = CryptographyDeprecationWarning +DeprecatedIn43 = CryptographyDeprecationWarning def _check_bytes(name: str, value: bytes) -> None: if not isinstance(value, bytes): - raise TypeError("{} must be bytes".format(name)) + raise TypeError(f"{name} must be bytes") def _check_byteslike(name: str, value: bytes) -> None: try: memoryview(value) except TypeError: - raise TypeError("{} must be bytes-like".format(name)) + raise TypeError(f"{name} must be bytes-like") -def int_to_bytes(integer: int, length: typing.Optional[int] = None) -> bytes: +def int_to_bytes(integer: int, length: int | None = None) -> bytes: + if length == 0: + raise ValueError("length argument can't be 0") return integer.to_bytes( length or (integer.bit_length() + 7) // 8 or 1, "big" ) @@ -50,39 +52,6 @@ class InterfaceNotImplemented(Exception): pass -def strip_annotation(signature: inspect.Signature) -> inspect.Signature: - return inspect.Signature( - [ - param.replace(annotation=inspect.Parameter.empty) - for param in signature.parameters.values() - ] - ) - - -def verify_interface( - iface: abc.ABCMeta, klass: object, *, check_annotations: bool = False -): - for method in iface.__abstractmethods__: - if not hasattr(klass, method): - raise InterfaceNotImplemented( - "{} is missing a {!r} method".format(klass, method) - ) - if isinstance(getattr(iface, method), abc.abstractproperty): - # Can't properly verify these yet. - continue - sig = inspect.signature(getattr(iface, method)) - actual = inspect.signature(getattr(klass, method)) - if check_annotations: - ok = sig == actual - else: - ok = strip_annotation(sig) == strip_annotation(actual) - if not ok: - raise InterfaceNotImplemented( - "{}.{}'s signature differs from the expected. Expected: " - "{!r}. Received: {!r}".format(klass, method, sig, actual) - ) - - class _DeprecatedValue: def __init__(self, value: object, message: str, warning_class): self.value = value @@ -113,15 +82,15 @@ def __delattr__(self, attr: str) -> None: delattr(self._module, attr) def __dir__(self) -> typing.Sequence[str]: - return ["_module"] + dir(self._module) + return ["_module", *dir(self._module)] def deprecated( value: object, module_name: str, message: str, - warning_class: typing.Type[Warning], - name: typing.Optional[str] = None, + warning_class: type[Warning], + name: str | None = None, ) -> _DeprecatedValue: module = sys.modules[module_name] if not isinstance(module, _ModuleWithDeprecations): @@ -134,7 +103,7 @@ def deprecated( def cached_property(func: typing.Callable) -> property: - cached_name = "_cached_{}".format(func) + cached_name = f"_cached_{func}" sentinel = object() def inner(instance: object): diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 906075d..26c6444 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -2,8 +2,9 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations -from cryptography.x509 import certificate_transparency +from cryptography.x509 import certificate_transparency, verification from cryptography.x509.base import ( Attribute, AttributeNotFound, @@ -22,6 +23,7 @@ load_der_x509_crl, load_der_x509_csr, load_pem_x509_certificate, + load_pem_x509_certificates, load_pem_x509_crl, load_pem_x509_csr, random_serial_number, @@ -31,19 +33,19 @@ AuthorityInformationAccess, AuthorityKeyIdentifier, BasicConstraints, + CertificateIssuer, + CertificatePolicies, CRLDistributionPoints, CRLNumber, CRLReason, - CertificateIssuer, - CertificatePolicies, DeltaCRLIndicator, DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound, - ExtensionType, Extensions, + ExtensionType, FreshestCRL, GeneralNames, InhibitAnyPolicy, @@ -51,14 +53,16 @@ IssuerAlternativeName, IssuingDistributionPoint, KeyUsage, + MSCertificateTemplate, NameConstraints, NoticeReference, + OCSPAcceptableResponses, OCSPNoCheck, OCSPNonce, PolicyConstraints, PolicyInformation, - PrecertPoison, PrecertificateSignedCertificateTimestamps, + PrecertPoison, ReasonFlags, SignedCertificateTimestamps, SubjectAlternativeName, @@ -70,13 +74,13 @@ UserNotice, ) from cryptography.x509.general_name import ( - DNSName, DirectoryName, + DNSName, GeneralName, IPAddress, OtherName, - RFC822Name, RegisteredID, + RFC822Name, UniformResourceIdentifier, UnsupportedGeneralNameType, ) @@ -87,16 +91,16 @@ ) from cryptography.x509.oid import ( AuthorityInformationAccessOID, - CRLEntryExtensionOID, CertificatePoliciesOID, + CRLEntryExtensionOID, ExtendedKeyUsageOID, ExtensionOID, NameOID, ObjectIdentifier, + PublicKeyAlgorithmOID, SignatureAlgorithmOID, ) - OID_AUTHORITY_INFORMATION_ACCESS = ExtensionOID.AUTHORITY_INFORMATION_ACCESS OID_AUTHORITY_KEY_IDENTIFIER = ExtensionOID.AUTHORITY_KEY_IDENTIFIER OID_BASIC_CONSTRAINTS = ExtensionOID.BASIC_CONSTRAINTS @@ -167,83 +171,89 @@ OID_OCSP = AuthorityInformationAccessOID.OCSP __all__ = [ - "certificate_transparency", - "load_pem_x509_certificate", - "load_der_x509_certificate", - "load_pem_x509_csr", - "load_der_x509_csr", - "load_pem_x509_crl", - "load_der_x509_crl", - "random_serial_number", + "OID_CA_ISSUERS", + "OID_OCSP", + "AccessDescription", "Attribute", "AttributeNotFound", "Attributes", - "InvalidVersion", + "AuthorityInformationAccess", + "AuthorityKeyIdentifier", + "BasicConstraints", + "CRLDistributionPoints", + "CRLNumber", + "CRLReason", + "Certificate", + "CertificateBuilder", + "CertificateIssuer", + "CertificatePolicies", + "CertificateRevocationList", + "CertificateRevocationListBuilder", + "CertificateSigningRequest", + "CertificateSigningRequestBuilder", + "DNSName", "DeltaCRLIndicator", + "DirectoryName", + "DistributionPoint", "DuplicateExtension", + "ExtendedKeyUsage", + "Extension", "ExtensionNotFound", - "UnsupportedGeneralNameType", - "NameAttribute", - "Name", - "RelativeDistinguishedName", - "ObjectIdentifier", "ExtensionType", "Extensions", - "Extension", - "ExtendedKeyUsage", "FreshestCRL", + "GeneralName", + "GeneralNames", + "IPAddress", + "InhibitAnyPolicy", + "InvalidVersion", + "InvalidityDate", + "IssuerAlternativeName", "IssuingDistributionPoint", - "TLSFeature", - "TLSFeatureType", - "OCSPNoCheck", - "BasicConstraints", - "CRLNumber", "KeyUsage", - "AuthorityInformationAccess", - "SubjectInformationAccess", - "AccessDescription", - "CertificatePolicies", - "PolicyInformation", - "UserNotice", - "NoticeReference", - "SubjectKeyIdentifier", + "MSCertificateTemplate", + "Name", + "NameAttribute", "NameConstraints", - "CRLDistributionPoints", - "DistributionPoint", - "ReasonFlags", - "InhibitAnyPolicy", - "SubjectAlternativeName", - "IssuerAlternativeName", - "AuthorityKeyIdentifier", - "GeneralNames", - "GeneralName", + "NameOID", + "NoticeReference", + "OCSPAcceptableResponses", + "OCSPNoCheck", + "OCSPNonce", + "ObjectIdentifier", + "OtherName", + "PolicyConstraints", + "PolicyInformation", + "PrecertPoison", + "PrecertificateSignedCertificateTimestamps", + "PublicKeyAlgorithmOID", "RFC822Name", - "DNSName", - "UniformResourceIdentifier", + "ReasonFlags", "RegisteredID", - "DirectoryName", - "IPAddress", - "OtherName", - "Certificate", - "CertificateRevocationList", - "CertificateRevocationListBuilder", - "CertificateSigningRequest", + "RelativeDistinguishedName", "RevokedCertificate", "RevokedCertificateBuilder", - "CertificateSigningRequestBuilder", - "CertificateBuilder", - "Version", - "OID_CA_ISSUERS", - "OID_OCSP", - "CertificateIssuer", - "CRLReason", - "InvalidityDate", - "UnrecognizedExtension", - "PolicyConstraints", - "PrecertificateSignedCertificateTimestamps", - "PrecertPoison", - "OCSPNonce", - "SignedCertificateTimestamps", "SignatureAlgorithmOID", - "NameOID", + "SignedCertificateTimestamps", + "SubjectAlternativeName", + "SubjectInformationAccess", + "SubjectKeyIdentifier", + "TLSFeature", + "TLSFeatureType", + "UniformResourceIdentifier", + "UnrecognizedExtension", + "UnsupportedGeneralNameType", + "UserNotice", + "Version", + "certificate_transparency", + "load_der_x509_certificate", + "load_der_x509_crl", + "load_der_x509_csr", + "load_pem_x509_certificate", + "load_pem_x509_certificates", + "load_pem_x509_crl", + "load_pem_x509_csr", + "random_serial_number", + "verification", + "verification", ] diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 9f6c41a..6ed41e6 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -2,11 +2,13 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import datetime import os import typing +import warnings from cryptography import utils from cryptography.hazmat.bindings._rust import x509 as rust_x509 @@ -14,39 +16,52 @@ from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, - ed25519, ed448, + ed25519, + padding, rsa, - x25519, x448, + x25519, ) from cryptography.hazmat.primitives.asymmetric.types import ( - CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, - CERTIFICATE_PRIVATE_KEY_TYPES, - CERTIFICATE_PUBLIC_KEY_TYPES, + CertificateIssuerPrivateKeyTypes, + CertificateIssuerPublicKeyTypes, + CertificatePublicKeyTypes, ) from cryptography.x509.extensions import ( Extension, - ExtensionType, Extensions, + ExtensionType, _make_sequence_methods, ) from cryptography.x509.name import Name, _ASN1Type from cryptography.x509.oid import ObjectIdentifier - _EARLIEST_UTC_TIME = datetime.datetime(1950, 1, 1) +# This must be kept in sync with sign.rs's list of allowable types in +# identify_hash_type +_AllowedHashTypes = typing.Union[ + hashes.SHA224, + hashes.SHA256, + hashes.SHA384, + hashes.SHA512, + hashes.SHA3_224, + hashes.SHA3_256, + hashes.SHA3_384, + hashes.SHA3_512, +] + class AttributeNotFound(Exception): def __init__(self, msg: str, oid: ObjectIdentifier) -> None: - super(AttributeNotFound, self).__init__(msg) + super().__init__(msg) self.oid = oid def _reject_duplicate_extension( extension: Extension[ExtensionType], - extensions: typing.List[Extension[ExtensionType]], + extensions: list[Extension[ExtensionType]], ) -> None: # This is quadratic in the number of extensions for e in extensions: @@ -56,9 +71,7 @@ def _reject_duplicate_extension( def _reject_duplicate_attribute( oid: ObjectIdentifier, - attributes: typing.List[ - typing.Tuple[ObjectIdentifier, bytes, typing.Optional[int]] - ], + attributes: list[tuple[ObjectIdentifier, bytes, int | None]], ) -> None: # This is quadratic in the number of attributes for attr_oid, _, _ in attributes: @@ -100,7 +113,7 @@ def value(self) -> bytes: return self._value def __repr__(self) -> str: - return "".format(self.oid, self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, Attribute): @@ -126,14 +139,14 @@ def __init__( __len__, __iter__, __getitem__ = _make_sequence_methods("_attributes") def __repr__(self) -> str: - return "".format(self._attributes) + return f"" def get_attribute_for_oid(self, oid: ObjectIdentifier) -> Attribute: for attr in self: if attr.oid == oid: return attr - raise AttributeNotFound("No {} attribute was found".format(oid), oid) + raise AttributeNotFound(f"No {oid} attribute was found", oid) class Version(utils.Enum): @@ -143,7 +156,7 @@ class Version(utils.Enum): class InvalidVersion(Exception): def __init__(self, msg: str, parsed_version: int) -> None: - super(InvalidVersion, self).__init__(msg) + super().__init__(msg) self.parsed_version = parsed_version @@ -154,82 +167,124 @@ def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: Returns bytes using digest passed. """ - @abc.abstractproperty + @property + @abc.abstractmethod def serial_number(self) -> int: """ Returns certificate serial number """ - @abc.abstractproperty + @property + @abc.abstractmethod def version(self) -> Version: """ Returns the certificate version """ @abc.abstractmethod - def public_key(self) -> CERTIFICATE_PUBLIC_KEY_TYPES: + def public_key(self) -> CertificatePublicKeyTypes: """ Returns the public key """ - @abc.abstractproperty + @property + @abc.abstractmethod + def public_key_algorithm_oid(self) -> ObjectIdentifier: + """ + Returns the ObjectIdentifier of the public key. + """ + + @property + @abc.abstractmethod def not_valid_before(self) -> datetime.datetime: """ Not before time (represented as UTC datetime) """ - @abc.abstractproperty + @property + @abc.abstractmethod + def not_valid_before_utc(self) -> datetime.datetime: + """ + Not before time (represented as a non-naive UTC datetime) + """ + + @property + @abc.abstractmethod def not_valid_after(self) -> datetime.datetime: """ Not after time (represented as UTC datetime) """ - @abc.abstractproperty + @property + @abc.abstractmethod + def not_valid_after_utc(self) -> datetime.datetime: + """ + Not after time (represented as a non-naive UTC datetime) + """ + + @property + @abc.abstractmethod def issuer(self) -> Name: """ Returns the issuer name object. """ - @abc.abstractproperty + @property + @abc.abstractmethod def subject(self) -> Name: """ Returns the subject name object. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_hash_algorithm( self, - ) -> typing.Optional[hashes.HashAlgorithm]: + ) -> hashes.HashAlgorithm | None: """ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_algorithm_oid(self) -> ObjectIdentifier: """ Returns the ObjectIdentifier of the signature algorithm. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def signature_algorithm_parameters( + self, + ) -> None | padding.PSS | padding.PKCS1v15 | ec.ECDSA: + """ + Returns the signature algorithm parameters. + """ + + @property + @abc.abstractmethod def extensions(self) -> Extensions: """ Returns an Extensions object. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature(self) -> bytes: """ Returns the signature bytes. """ - @abc.abstractproperty + @property + @abc.abstractmethod def tbs_certificate_bytes(self) -> bytes: """ Returns the tbsCertificate payload bytes as defined in RFC 5280. """ - @abc.abstractproperty + @property + @abc.abstractmethod def tbs_precertificate_bytes(self) -> bytes: """ Returns the tbsCertificate payload bytes with the SCT list extension @@ -254,25 +309,44 @@ def public_bytes(self, encoding: serialization.Encoding) -> bytes: Serializes the certificate to PEM or DER format. """ + @abc.abstractmethod + def verify_directly_issued_by(self, issuer: Certificate) -> None: + """ + This method verifies that certificate issuer name matches the + issuer subject name and that the certificate is signed by the + issuer's private key. No other validation is performed. + """ + # Runtime isinstance checks need this since the rust class is not a subclass. Certificate.register(rust_x509.Certificate) class RevokedCertificate(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def serial_number(self) -> int: """ Returns the serial number of the revoked certificate. """ - @abc.abstractproperty + @property + @abc.abstractmethod def revocation_date(self) -> datetime.datetime: """ Returns the date of when this certificate was revoked. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def revocation_date_utc(self) -> datetime.datetime: + """ + Returns the date of when this certificate was revoked as a non-naive + UTC datetime. + """ + + @property + @abc.abstractmethod def extensions(self) -> Extensions: """ Returns an Extensions object containing a list of Revoked extensions. @@ -300,8 +374,18 @@ def serial_number(self) -> int: @property def revocation_date(self) -> datetime.datetime: + warnings.warn( + "Properties that return a naïve datetime object have been " + "deprecated. Please switch to revocation_date_utc.", + utils.DeprecatedIn42, + stacklevel=2, + ) return self._revocation_date + @property + def revocation_date_utc(self) -> datetime.datetime: + return self._revocation_date.replace(tzinfo=datetime.timezone.utc) + @property def extensions(self) -> Extensions: return self._extensions @@ -323,58 +407,91 @@ def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: @abc.abstractmethod def get_revoked_certificate_by_serial_number( self, serial_number: int - ) -> typing.Optional[RevokedCertificate]: + ) -> RevokedCertificate | None: """ Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_hash_algorithm( self, - ) -> typing.Optional[hashes.HashAlgorithm]: + ) -> hashes.HashAlgorithm | None: """ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_algorithm_oid(self) -> ObjectIdentifier: """ Returns the ObjectIdentifier of the signature algorithm. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def signature_algorithm_parameters( + self, + ) -> None | padding.PSS | padding.PKCS1v15 | ec.ECDSA: + """ + Returns the signature algorithm parameters. + """ + + @property + @abc.abstractmethod def issuer(self) -> Name: """ Returns the X509Name with the issuer of this CRL. """ - @abc.abstractproperty - def next_update(self) -> typing.Optional[datetime.datetime]: + @property + @abc.abstractmethod + def next_update(self) -> datetime.datetime | None: """ Returns the date of next update for this CRL. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def next_update_utc(self) -> datetime.datetime | None: + """ + Returns the date of next update for this CRL as a non-naive UTC + datetime. + """ + + @property + @abc.abstractmethod def last_update(self) -> datetime.datetime: """ Returns the date of last update for this CRL. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def last_update_utc(self) -> datetime.datetime: + """ + Returns the date of last update for this CRL as a non-naive UTC + datetime. + """ + + @property + @abc.abstractmethod def extensions(self) -> Extensions: """ Returns an Extensions object containing a list of CRL extensions. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature(self) -> bytes: """ Returns the signature bytes. """ - @abc.abstractproperty + @property + @abc.abstractmethod def tbs_certlist_bytes(self) -> bytes: """ Returns the tbsCertList payload bytes as defined in RFC 5280. @@ -393,17 +510,15 @@ def __len__(self) -> int: """ @typing.overload - def __getitem__(self, idx: int) -> RevokedCertificate: - ... + def __getitem__(self, idx: int) -> RevokedCertificate: ... @typing.overload - def __getitem__(self, idx: slice) -> typing.List[RevokedCertificate]: - ... + def __getitem__(self, idx: slice) -> list[RevokedCertificate]: ... @abc.abstractmethod def __getitem__( - self, idx: typing.Union[int, slice] - ) -> typing.Union[RevokedCertificate, typing.List[RevokedCertificate]]: + self, idx: int | slice + ) -> RevokedCertificate | list[RevokedCertificate]: """ Returns a revoked certificate (or slice of revoked certificates). """ @@ -416,7 +531,7 @@ def __iter__(self) -> typing.Iterator[RevokedCertificate]: @abc.abstractmethod def is_signature_valid( - self, public_key: CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES + self, public_key: CertificateIssuerPublicKeyTypes ) -> bool: """ Verifies signature of revocation list against given public key. @@ -440,39 +555,53 @@ def __hash__(self) -> int: """ @abc.abstractmethod - def public_key(self) -> CERTIFICATE_PUBLIC_KEY_TYPES: + def public_key(self) -> CertificatePublicKeyTypes: """ Returns the public key """ - @abc.abstractproperty + @property + @abc.abstractmethod def subject(self) -> Name: """ Returns the subject name object. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_hash_algorithm( self, - ) -> typing.Optional[hashes.HashAlgorithm]: + ) -> hashes.HashAlgorithm | None: """ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_algorithm_oid(self) -> ObjectIdentifier: """ Returns the ObjectIdentifier of the signature algorithm. """ - @abc.abstractproperty + @property + @abc.abstractmethod + def signature_algorithm_parameters( + self, + ) -> None | padding.PSS | padding.PKCS1v15 | ec.ECDSA: + """ + Returns the signature algorithm parameters. + """ + + @property + @abc.abstractmethod def extensions(self) -> Extensions: """ Returns the extensions in the signing request. """ - @abc.abstractproperty + @property + @abc.abstractmethod def attributes(self) -> Attributes: """ Returns an Attributes object. @@ -484,20 +613,23 @@ def public_bytes(self, encoding: serialization.Encoding) -> bytes: Encodes the request to PEM or DER format. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature(self) -> bytes: """ Returns the signature bytes. """ - @abc.abstractproperty + @property + @abc.abstractmethod def tbs_certrequest_bytes(self) -> bytes: """ Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. """ - @abc.abstractproperty + @property + @abc.abstractmethod def is_signature_valid(self) -> bool: """ Verifies signature of signing request. @@ -514,56 +646,24 @@ def get_attribute_for_oid(self, oid: ObjectIdentifier) -> bytes: CertificateSigningRequest.register(rust_x509.CertificateSigningRequest) -# Backend argument preserved for API compatibility, but ignored. -def load_pem_x509_certificate( - data: bytes, backend: typing.Any = None -) -> Certificate: - return rust_x509.load_pem_x509_certificate(data) - +load_pem_x509_certificate = rust_x509.load_pem_x509_certificate +load_der_x509_certificate = rust_x509.load_der_x509_certificate -# Backend argument preserved for API compatibility, but ignored. -def load_der_x509_certificate( - data: bytes, backend: typing.Any = None -) -> Certificate: - return rust_x509.load_der_x509_certificate(data) +load_pem_x509_certificates = rust_x509.load_pem_x509_certificates +load_pem_x509_csr = rust_x509.load_pem_x509_csr +load_der_x509_csr = rust_x509.load_der_x509_csr -# Backend argument preserved for API compatibility, but ignored. -def load_pem_x509_csr( - data: bytes, backend: typing.Any = None -) -> CertificateSigningRequest: - return rust_x509.load_pem_x509_csr(data) - - -# Backend argument preserved for API compatibility, but ignored. -def load_der_x509_csr( - data: bytes, backend: typing.Any = None -) -> CertificateSigningRequest: - return rust_x509.load_der_x509_csr(data) - - -# Backend argument preserved for API compatibility, but ignored. -def load_pem_x509_crl( - data: bytes, backend: typing.Any = None -) -> CertificateRevocationList: - return rust_x509.load_pem_x509_crl(data) - - -# Backend argument preserved for API compatibility, but ignored. -def load_der_x509_crl( - data: bytes, backend: typing.Any = None -) -> CertificateRevocationList: - return rust_x509.load_der_x509_crl(data) +load_pem_x509_crl = rust_x509.load_pem_x509_crl +load_der_x509_crl = rust_x509.load_der_x509_crl class CertificateSigningRequestBuilder: def __init__( self, - subject_name: typing.Optional[Name] = None, - extensions: typing.List[Extension[ExtensionType]] = [], - attributes: typing.List[ - typing.Tuple[ObjectIdentifier, bytes, typing.Optional[int]] - ] = [], + subject_name: Name | None = None, + extensions: list[Extension[ExtensionType]] = [], + attributes: list[tuple[ObjectIdentifier, bytes, int | None]] = [], ): """ Creates an empty X.509 certificate request (v1). @@ -572,7 +672,7 @@ def __init__( self._extensions = extensions self._attributes = attributes - def subject_name(self, name: Name) -> "CertificateSigningRequestBuilder": + def subject_name(self, name: Name) -> CertificateSigningRequestBuilder: """ Sets the certificate requestor's distinguished name. """ @@ -586,7 +686,7 @@ def subject_name(self, name: Name) -> "CertificateSigningRequestBuilder": def add_extension( self, extval: ExtensionType, critical: bool - ) -> "CertificateSigningRequestBuilder": + ) -> CertificateSigningRequestBuilder: """ Adds an X.509 extension to the certificate request. """ @@ -598,7 +698,7 @@ def add_extension( return CertificateSigningRequestBuilder( self._subject_name, - self._extensions + [extension], + [*self._extensions, extension], self._attributes, ) @@ -607,8 +707,8 @@ def add_attribute( oid: ObjectIdentifier, value: bytes, *, - _tag: typing.Optional[_ASN1Type] = None, - ) -> "CertificateSigningRequestBuilder": + _tag: _ASN1Type | None = None, + ) -> CertificateSigningRequestBuilder: """ Adds an X.509 attribute with an OID and associated value. """ @@ -631,35 +731,46 @@ def add_attribute( return CertificateSigningRequestBuilder( self._subject_name, self._extensions, - self._attributes + [(oid, value, tag)], + [*self._attributes, (oid, value, tag)], ) def sign( self, - private_key: CERTIFICATE_PRIVATE_KEY_TYPES, - algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: CertificateIssuerPrivateKeyTypes, + algorithm: _AllowedHashTypes | None, backend: typing.Any = None, + *, + rsa_padding: padding.PSS | padding.PKCS1v15 | None = None, ) -> CertificateSigningRequest: """ Signs the request using the requestor's private key. """ if self._subject_name is None: raise ValueError("A CertificateSigningRequest must have a subject") - return rust_x509.create_x509_csr(self, private_key, algorithm) + + if rsa_padding is not None: + if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)): + raise TypeError("Padding must be PSS or PKCS1v15") + if not isinstance(private_key, rsa.RSAPrivateKey): + raise TypeError("Padding is only supported for RSA keys") + + return rust_x509.create_x509_csr( + self, private_key, algorithm, rsa_padding + ) class CertificateBuilder: - _extensions: typing.List[Extension[ExtensionType]] + _extensions: list[Extension[ExtensionType]] def __init__( self, - issuer_name: typing.Optional[Name] = None, - subject_name: typing.Optional[Name] = None, - public_key: typing.Optional[CERTIFICATE_PUBLIC_KEY_TYPES] = None, - serial_number: typing.Optional[int] = None, - not_valid_before: typing.Optional[datetime.datetime] = None, - not_valid_after: typing.Optional[datetime.datetime] = None, - extensions: typing.List[Extension[ExtensionType]] = [], + issuer_name: Name | None = None, + subject_name: Name | None = None, + public_key: CertificatePublicKeyTypes | None = None, + serial_number: int | None = None, + not_valid_before: datetime.datetime | None = None, + not_valid_after: datetime.datetime | None = None, + extensions: list[Extension[ExtensionType]] = [], ) -> None: self._version = Version.v3 self._issuer_name = issuer_name @@ -670,7 +781,7 @@ def __init__( self._not_valid_after = not_valid_after self._extensions = extensions - def issuer_name(self, name: Name) -> "CertificateBuilder": + def issuer_name(self, name: Name) -> CertificateBuilder: """ Sets the CA's distinguished name. """ @@ -688,7 +799,7 @@ def issuer_name(self, name: Name) -> "CertificateBuilder": self._extensions, ) - def subject_name(self, name: Name) -> "CertificateBuilder": + def subject_name(self, name: Name) -> CertificateBuilder: """ Sets the requestor's distinguished name. """ @@ -708,8 +819,8 @@ def subject_name(self, name: Name) -> "CertificateBuilder": def public_key( self, - key: CERTIFICATE_PUBLIC_KEY_TYPES, - ) -> "CertificateBuilder": + key: CertificatePublicKeyTypes, + ) -> CertificateBuilder: """ Sets the requestor's public key (as found in the signing request). """ @@ -743,7 +854,7 @@ def public_key( self._extensions, ) - def serial_number(self, number: int) -> "CertificateBuilder": + def serial_number(self, number: int) -> CertificateBuilder: """ Sets the certificate serial number. """ @@ -758,7 +869,7 @@ def serial_number(self, number: int) -> "CertificateBuilder": # zero. if number.bit_length() >= 160: # As defined in RFC 5280 raise ValueError( - "The serial number should not be more than 159 " "bits." + "The serial number should not be more than 159 bits." ) return CertificateBuilder( self._issuer_name, @@ -770,9 +881,7 @@ def serial_number(self, number: int) -> "CertificateBuilder": self._extensions, ) - def not_valid_before( - self, time: datetime.datetime - ) -> "CertificateBuilder": + def not_valid_before(self, time: datetime.datetime) -> CertificateBuilder: """ Sets the certificate activation time. """ @@ -801,7 +910,7 @@ def not_valid_before( self._extensions, ) - def not_valid_after(self, time: datetime.datetime) -> "CertificateBuilder": + def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder: """ Sets the certificate expiration time. """ @@ -835,7 +944,7 @@ def not_valid_after(self, time: datetime.datetime) -> "CertificateBuilder": def add_extension( self, extval: ExtensionType, critical: bool - ) -> "CertificateBuilder": + ) -> CertificateBuilder: """ Adds an X.509 extension to the certificate. """ @@ -852,14 +961,16 @@ def add_extension( self._serial_number, self._not_valid_before, self._not_valid_after, - self._extensions + [extension], + [*self._extensions, extension], ) def sign( self, - private_key: CERTIFICATE_PRIVATE_KEY_TYPES, - algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: CertificateIssuerPrivateKeyTypes, + algorithm: _AllowedHashTypes | None, backend: typing.Any = None, + *, + rsa_padding: padding.PSS | padding.PKCS1v15 | None = None, ) -> Certificate: """ Signs the certificate using the CA's private key. @@ -882,20 +993,28 @@ def sign( if self._public_key is None: raise ValueError("A certificate must have a public key") - return rust_x509.create_x509_certificate(self, private_key, algorithm) + if rsa_padding is not None: + if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)): + raise TypeError("Padding must be PSS or PKCS1v15") + if not isinstance(private_key, rsa.RSAPrivateKey): + raise TypeError("Padding is only supported for RSA keys") + + return rust_x509.create_x509_certificate( + self, private_key, algorithm, rsa_padding + ) class CertificateRevocationListBuilder: - _extensions: typing.List[Extension[ExtensionType]] - _revoked_certificates: typing.List[RevokedCertificate] + _extensions: list[Extension[ExtensionType]] + _revoked_certificates: list[RevokedCertificate] def __init__( self, - issuer_name: typing.Optional[Name] = None, - last_update: typing.Optional[datetime.datetime] = None, - next_update: typing.Optional[datetime.datetime] = None, - extensions: typing.List[Extension[ExtensionType]] = [], - revoked_certificates: typing.List[RevokedCertificate] = [], + issuer_name: Name | None = None, + last_update: datetime.datetime | None = None, + next_update: datetime.datetime | None = None, + extensions: list[Extension[ExtensionType]] = [], + revoked_certificates: list[RevokedCertificate] = [], ): self._issuer_name = issuer_name self._last_update = last_update @@ -905,7 +1024,7 @@ def __init__( def issuer_name( self, issuer_name: Name - ) -> "CertificateRevocationListBuilder": + ) -> CertificateRevocationListBuilder: if not isinstance(issuer_name, Name): raise TypeError("Expecting x509.Name object.") if self._issuer_name is not None: @@ -920,7 +1039,7 @@ def issuer_name( def last_update( self, last_update: datetime.datetime - ) -> "CertificateRevocationListBuilder": + ) -> CertificateRevocationListBuilder: if not isinstance(last_update, datetime.datetime): raise TypeError("Expecting datetime object.") if self._last_update is not None: @@ -928,7 +1047,7 @@ def last_update( last_update = _convert_to_naive_utc_time(last_update) if last_update < _EARLIEST_UTC_TIME: raise ValueError( - "The last update date must be on or after" " 1950 January 1." + "The last update date must be on or after 1950 January 1." ) if self._next_update is not None and last_update > self._next_update: raise ValueError( @@ -944,7 +1063,7 @@ def last_update( def next_update( self, next_update: datetime.datetime - ) -> "CertificateRevocationListBuilder": + ) -> CertificateRevocationListBuilder: if not isinstance(next_update, datetime.datetime): raise TypeError("Expecting datetime object.") if self._next_update is not None: @@ -952,7 +1071,7 @@ def next_update( next_update = _convert_to_naive_utc_time(next_update) if next_update < _EARLIEST_UTC_TIME: raise ValueError( - "The last update date must be on or after" " 1950 January 1." + "The last update date must be on or after 1950 January 1." ) if self._last_update is not None and next_update < self._last_update: raise ValueError( @@ -968,7 +1087,7 @@ def next_update( def add_extension( self, extval: ExtensionType, critical: bool - ) -> "CertificateRevocationListBuilder": + ) -> CertificateRevocationListBuilder: """ Adds an X.509 extension to the certificate revocation list. """ @@ -981,13 +1100,13 @@ def add_extension( self._issuer_name, self._last_update, self._next_update, - self._extensions + [extension], + [*self._extensions, extension], self._revoked_certificates, ) def add_revoked_certificate( self, revoked_certificate: RevokedCertificate - ) -> "CertificateRevocationListBuilder": + ) -> CertificateRevocationListBuilder: """ Adds a revoked certificate to the CRL. """ @@ -999,14 +1118,16 @@ def add_revoked_certificate( self._last_update, self._next_update, self._extensions, - self._revoked_certificates + [revoked_certificate], + [*self._revoked_certificates, revoked_certificate], ) def sign( self, - private_key: CERTIFICATE_PRIVATE_KEY_TYPES, - algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: CertificateIssuerPrivateKeyTypes, + algorithm: _AllowedHashTypes | None, backend: typing.Any = None, + *, + rsa_padding: padding.PSS | padding.PKCS1v15 | None = None, ) -> CertificateRevocationList: if self._issuer_name is None: raise ValueError("A CRL must have an issuer name") @@ -1017,21 +1138,29 @@ def sign( if self._next_update is None: raise ValueError("A CRL must have a next update time") - return rust_x509.create_x509_crl(self, private_key, algorithm) + if rsa_padding is not None: + if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)): + raise TypeError("Padding must be PSS or PKCS1v15") + if not isinstance(private_key, rsa.RSAPrivateKey): + raise TypeError("Padding is only supported for RSA keys") + + return rust_x509.create_x509_crl( + self, private_key, algorithm, rsa_padding + ) class RevokedCertificateBuilder: def __init__( self, - serial_number: typing.Optional[int] = None, - revocation_date: typing.Optional[datetime.datetime] = None, - extensions: typing.List[Extension[ExtensionType]] = [], + serial_number: int | None = None, + revocation_date: datetime.datetime | None = None, + extensions: list[Extension[ExtensionType]] = [], ): self._serial_number = serial_number self._revocation_date = revocation_date self._extensions = extensions - def serial_number(self, number: int) -> "RevokedCertificateBuilder": + def serial_number(self, number: int) -> RevokedCertificateBuilder: if not isinstance(number, int): raise TypeError("Serial number must be of integral type.") if self._serial_number is not None: @@ -1043,7 +1172,7 @@ def serial_number(self, number: int) -> "RevokedCertificateBuilder": # zero. if number.bit_length() >= 160: # As defined in RFC 5280 raise ValueError( - "The serial number should not be more than 159 " "bits." + "The serial number should not be more than 159 bits." ) return RevokedCertificateBuilder( number, self._revocation_date, self._extensions @@ -1051,7 +1180,7 @@ def serial_number(self, number: int) -> "RevokedCertificateBuilder": def revocation_date( self, time: datetime.datetime - ) -> "RevokedCertificateBuilder": + ) -> RevokedCertificateBuilder: if not isinstance(time, datetime.datetime): raise TypeError("Expecting datetime object.") if self._revocation_date is not None: @@ -1059,7 +1188,7 @@ def revocation_date( time = _convert_to_naive_utc_time(time) if time < _EARLIEST_UTC_TIME: raise ValueError( - "The revocation date must be on or after" " 1950 January 1." + "The revocation date must be on or after 1950 January 1." ) return RevokedCertificateBuilder( self._serial_number, time, self._extensions @@ -1067,7 +1196,7 @@ def revocation_date( def add_extension( self, extval: ExtensionType, critical: bool - ) -> "RevokedCertificateBuilder": + ) -> RevokedCertificateBuilder: if not isinstance(extval, ExtensionType): raise TypeError("extension must be an ExtensionType") @@ -1076,7 +1205,7 @@ def add_extension( return RevokedCertificateBuilder( self._serial_number, self._revocation_date, - self._extensions + [extension], + [*self._extensions, extension], ) def build(self, backend: typing.Any = None) -> RevokedCertificate: diff --git a/src/cryptography/x509/certificate_transparency.py b/src/cryptography/x509/certificate_transparency.py index 18c7cf7..73647ee 100644 --- a/src/cryptography/x509/certificate_transparency.py +++ b/src/cryptography/x509/certificate_transparency.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import datetime @@ -36,49 +37,57 @@ class SignatureAlgorithm(utils.Enum): class SignedCertificateTimestamp(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def version(self) -> Version: """ Returns the SCT version. """ - @abc.abstractproperty + @property + @abc.abstractmethod def log_id(self) -> bytes: """ Returns an identifier indicating which log this SCT is for. """ - @abc.abstractproperty + @property + @abc.abstractmethod def timestamp(self) -> datetime.datetime: """ Returns the timestamp for this SCT. """ - @abc.abstractproperty + @property + @abc.abstractmethod def entry_type(self) -> LogEntryType: """ Returns whether this is an SCT for a certificate or pre-certificate. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_hash_algorithm(self) -> HashAlgorithm: """ Returns the hash algorithm used for the SCT's signature. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_algorithm(self) -> SignatureAlgorithm: """ Returns the signing algorithm used for the SCT's signature. """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature(self) -> bytes: """ Returns the signature for this SCT. """ - @abc.abstractproperty + @property + @abc.abstractmethod def extension_bytes(self) -> bytes: """ Returns the raw bytes of any extensions for this SCT. diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index cc8f25e..5e7486a 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import datetime @@ -16,29 +17,29 @@ from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey from cryptography.hazmat.primitives.asymmetric.types import ( - CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, - CERTIFICATE_PUBLIC_KEY_TYPES, + CertificateIssuerPublicKeyTypes, + CertificatePublicKeyTypes, ) from cryptography.x509.certificate_transparency import ( SignedCertificateTimestamp, ) from cryptography.x509.general_name import ( - DNSName, DirectoryName, + DNSName, GeneralName, IPAddress, OtherName, - RFC822Name, RegisteredID, + RFC822Name, UniformResourceIdentifier, - _IPADDRESS_TYPES, + _IPAddressTypes, ) from cryptography.x509.name import Name, RelativeDistinguishedName from cryptography.x509.oid import ( CRLEntryExtensionOID, ExtensionOID, - OCSPExtensionOID, ObjectIdentifier, + OCSPExtensionOID, ) ExtensionTypeVar = typing.TypeVar( @@ -47,7 +48,7 @@ def _key_identifier_from_public_key( - public_key: CERTIFICATE_PUBLIC_KEY_TYPES, + public_key: CertificatePublicKeyTypes, ) -> bytes: if isinstance(public_key, RSAPublicKey): data = public_key.public_bytes( @@ -85,13 +86,13 @@ def getitem_method(self, idx): class DuplicateExtension(Exception): def __init__(self, msg: str, oid: ObjectIdentifier) -> None: - super(DuplicateExtension, self).__init__(msg) + super().__init__(msg) self.oid = oid class ExtensionNotFound(Exception): def __init__(self, msg: str, oid: ObjectIdentifier) -> None: - super(ExtensionNotFound, self).__init__(msg) + super().__init__(msg) self.oid = oid @@ -103,30 +104,28 @@ def public_bytes(self) -> bytes: Serializes the extension type to DER. """ raise NotImplementedError( - "public_bytes is not implemented for extension type {0!r}".format( - self - ) + f"public_bytes is not implemented for extension type {self!r}" ) class Extensions: def __init__( - self, extensions: typing.Iterable["Extension[ExtensionType]"] + self, extensions: typing.Iterable[Extension[ExtensionType]] ) -> None: self._extensions = list(extensions) def get_extension_for_oid( self, oid: ObjectIdentifier - ) -> "Extension[ExtensionType]": + ) -> Extension[ExtensionType]: for ext in self: if ext.oid == oid: return ext - raise ExtensionNotFound("No {} extension was found".format(oid), oid) + raise ExtensionNotFound(f"No {oid} extension was found", oid) def get_extension_for_class( - self, extclass: typing.Type[ExtensionTypeVar] - ) -> "Extension[ExtensionTypeVar]": + self, extclass: type[ExtensionTypeVar] + ) -> Extension[ExtensionTypeVar]: if extclass is UnrecognizedExtension: raise TypeError( "UnrecognizedExtension can't be used with " @@ -139,13 +138,13 @@ def get_extension_for_class( return ext raise ExtensionNotFound( - "No {} extension was found".format(extclass), extclass.oid + f"No {extclass} extension was found", extclass.oid ) __len__, __iter__, __getitem__ = _make_sequence_methods("_extensions") def __repr__(self) -> str: - return "".format(self._extensions) + return f"" class CRLNumber(ExtensionType): @@ -167,7 +166,7 @@ def __hash__(self) -> int: return hash(self.crl_number) def __repr__(self) -> str: - return "".format(self.crl_number) + return f"" @property def crl_number(self) -> int: @@ -182,9 +181,9 @@ class AuthorityKeyIdentifier(ExtensionType): def __init__( self, - key_identifier: typing.Optional[bytes], - authority_cert_issuer: typing.Optional[typing.Iterable[GeneralName]], - authority_cert_serial_number: typing.Optional[int], + key_identifier: bytes | None, + authority_cert_issuer: typing.Iterable[GeneralName] | None, + authority_cert_serial_number: int | None, ) -> None: if (authority_cert_issuer is None) != ( authority_cert_serial_number is None @@ -213,15 +212,15 @@ def __init__( self._authority_cert_issuer = authority_cert_issuer self._authority_cert_serial_number = authority_cert_serial_number - # This takes a subset of CERTIFICATE_PUBLIC_KEY_TYPES because an issuer + # This takes a subset of CertificatePublicKeyTypes because an issuer # cannot have an X25519/X448 key. This introduces some unfortunate # asymmetry that requires typing users to explicitly # narrow their type, but we should make this accurate and not just # convenient. @classmethod def from_issuer_public_key( - cls, public_key: CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES - ) -> "AuthorityKeyIdentifier": + cls, public_key: CertificateIssuerPublicKeyTypes + ) -> AuthorityKeyIdentifier: digest = _key_identifier_from_public_key(public_key) return cls( key_identifier=digest, @@ -231,8 +230,8 @@ def from_issuer_public_key( @classmethod def from_issuer_subject_key_identifier( - cls, ski: "SubjectKeyIdentifier" - ) -> "AuthorityKeyIdentifier": + cls, ski: SubjectKeyIdentifier + ) -> AuthorityKeyIdentifier: return cls( key_identifier=ski.digest, authority_cert_issuer=None, @@ -241,10 +240,10 @@ def from_issuer_subject_key_identifier( def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: @@ -268,17 +267,17 @@ def __hash__(self) -> int: ) @property - def key_identifier(self) -> typing.Optional[bytes]: + def key_identifier(self) -> bytes | None: return self._key_identifier @property def authority_cert_issuer( self, - ) -> typing.Optional[typing.List[GeneralName]]: + ) -> list[GeneralName] | None: return self._authority_cert_issuer @property - def authority_cert_serial_number(self) -> typing.Optional[int]: + def authority_cert_serial_number(self) -> int | None: return self._authority_cert_serial_number def public_bytes(self) -> bytes: @@ -293,8 +292,8 @@ def __init__(self, digest: bytes) -> None: @classmethod def from_public_key( - cls, public_key: CERTIFICATE_PUBLIC_KEY_TYPES - ) -> "SubjectKeyIdentifier": + cls, public_key: CertificatePublicKeyTypes + ) -> SubjectKeyIdentifier: return cls(_key_identifier_from_public_key(public_key)) @property @@ -306,7 +305,7 @@ def key_identifier(self) -> bytes: return self._digest def __repr__(self) -> str: - return "".format(self.digest) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, SubjectKeyIdentifier): @@ -325,7 +324,7 @@ class AuthorityInformationAccess(ExtensionType): oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS def __init__( - self, descriptions: typing.Iterable["AccessDescription"] + self, descriptions: typing.Iterable[AccessDescription] ) -> None: descriptions = list(descriptions) if not all(isinstance(x, AccessDescription) for x in descriptions): @@ -339,7 +338,7 @@ def __init__( __len__, __iter__, __getitem__ = _make_sequence_methods("_descriptions") def __repr__(self) -> str: - return "".format(self._descriptions) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, AuthorityInformationAccess): @@ -358,7 +357,7 @@ class SubjectInformationAccess(ExtensionType): oid = ExtensionOID.SUBJECT_INFORMATION_ACCESS def __init__( - self, descriptions: typing.Iterable["AccessDescription"] + self, descriptions: typing.Iterable[AccessDescription] ) -> None: descriptions = list(descriptions) if not all(isinstance(x, AccessDescription) for x in descriptions): @@ -372,7 +371,7 @@ def __init__( __len__, __iter__, __getitem__ = _make_sequence_methods("_descriptions") def __repr__(self) -> str: - return "".format(self._descriptions) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, SubjectInformationAccess): @@ -402,8 +401,8 @@ def __init__( def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: @@ -430,7 +429,7 @@ def access_location(self) -> GeneralName: class BasicConstraints(ExtensionType): oid = ExtensionOID.BASIC_CONSTRAINTS - def __init__(self, ca: bool, path_length: typing.Optional[int]) -> None: + def __init__(self, ca: bool, path_length: int | None) -> None: if not isinstance(ca, bool): raise TypeError("ca must be a boolean value") @@ -452,13 +451,14 @@ def ca(self) -> bool: return self._ca @property - def path_length(self) -> typing.Optional[int]: + def path_length(self) -> int | None: return self._path_length def __repr__(self) -> str: return ( - "" - ).format(self) + f"" + ) def __eq__(self, other: object) -> bool: if not isinstance(other, BasicConstraints): @@ -496,7 +496,7 @@ def __hash__(self) -> int: return hash(self.crl_number) def __repr__(self) -> str: - return "".format(self) + return f"" def public_bytes(self) -> bytes: return rust_x509.encode_extension_value(self) @@ -506,7 +506,7 @@ class CRLDistributionPoints(ExtensionType): oid = ExtensionOID.CRL_DISTRIBUTION_POINTS def __init__( - self, distribution_points: typing.Iterable["DistributionPoint"] + self, distribution_points: typing.Iterable[DistributionPoint] ) -> None: distribution_points = list(distribution_points) if not all( @@ -524,7 +524,7 @@ def __init__( ) def __repr__(self) -> str: - return "".format(self._distribution_points) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, CRLDistributionPoints): @@ -543,7 +543,7 @@ class FreshestCRL(ExtensionType): oid = ExtensionOID.FRESHEST_CRL def __init__( - self, distribution_points: typing.Iterable["DistributionPoint"] + self, distribution_points: typing.Iterable[DistributionPoint] ) -> None: distribution_points = list(distribution_points) if not all( @@ -561,7 +561,7 @@ def __init__( ) def __repr__(self) -> str: - return "".format(self._distribution_points) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, FreshestCRL): @@ -579,16 +579,21 @@ def public_bytes(self) -> bytes: class DistributionPoint: def __init__( self, - full_name: typing.Optional[typing.Iterable[GeneralName]], - relative_name: typing.Optional[RelativeDistinguishedName], - reasons: typing.Optional[typing.FrozenSet["ReasonFlags"]], - crl_issuer: typing.Optional[typing.Iterable[GeneralName]], + full_name: typing.Iterable[GeneralName] | None, + relative_name: RelativeDistinguishedName | None, + reasons: frozenset[ReasonFlags] | None, + crl_issuer: typing.Iterable[GeneralName] | None, ) -> None: if full_name and relative_name: raise ValueError( "You cannot provide both full_name and relative_name, at " "least one must be None." ) + if not full_name and not relative_name and not crl_issuer: + raise ValueError( + "Either full_name, relative_name or crl_issuer must be " + "provided." + ) if full_name is not None: full_name = list(full_name) @@ -625,12 +630,6 @@ def __init__( "DistributionPoint" ) - if reasons and not crl_issuer and not (full_name or relative_name): - raise ValueError( - "You must supply crl_issuer, full_name, or relative_name when " - "reasons is not None" - ) - self._full_name = full_name self._relative_name = relative_name self._reasons = reasons @@ -656,35 +655,31 @@ def __eq__(self, other: object) -> bool: def __hash__(self) -> int: if self.full_name is not None: - fn: typing.Optional[typing.Tuple[GeneralName, ...]] = tuple( - self.full_name - ) + fn: tuple[GeneralName, ...] | None = tuple(self.full_name) else: fn = None if self.crl_issuer is not None: - crl_issuer: typing.Optional[ - typing.Tuple[GeneralName, ...] - ] = tuple(self.crl_issuer) + crl_issuer: tuple[GeneralName, ...] | None = tuple(self.crl_issuer) else: crl_issuer = None return hash((fn, self.relative_name, self.reasons, crl_issuer)) @property - def full_name(self) -> typing.Optional[typing.List[GeneralName]]: + def full_name(self) -> list[GeneralName] | None: return self._full_name @property - def relative_name(self) -> typing.Optional[RelativeDistinguishedName]: + def relative_name(self) -> RelativeDistinguishedName | None: return self._relative_name @property - def reasons(self) -> typing.Optional[typing.FrozenSet["ReasonFlags"]]: + def reasons(self) -> frozenset[ReasonFlags] | None: return self._reasons @property - def crl_issuer(self) -> typing.Optional[typing.List[GeneralName]]: + def crl_issuer(self) -> list[GeneralName] | None: return self._crl_issuer @@ -735,14 +730,39 @@ class ReasonFlags(utils.Enum): ReasonFlags.aa_compromise: 8, } +# CRLReason ::= ENUMERATED { +# unspecified (0), +# keyCompromise (1), +# cACompromise (2), +# affiliationChanged (3), +# superseded (4), +# cessationOfOperation (5), +# certificateHold (6), +# -- value 7 is not used +# removeFromCRL (8), +# privilegeWithdrawn (9), +# aACompromise (10) } +_CRL_ENTRY_REASON_ENUM_TO_CODE = { + ReasonFlags.unspecified: 0, + ReasonFlags.key_compromise: 1, + ReasonFlags.ca_compromise: 2, + ReasonFlags.affiliation_changed: 3, + ReasonFlags.superseded: 4, + ReasonFlags.cessation_of_operation: 5, + ReasonFlags.certificate_hold: 6, + ReasonFlags.remove_from_crl: 8, + ReasonFlags.privilege_withdrawn: 9, + ReasonFlags.aa_compromise: 10, +} + class PolicyConstraints(ExtensionType): oid = ExtensionOID.POLICY_CONSTRAINTS def __init__( self, - require_explicit_policy: typing.Optional[int], - inhibit_policy_mapping: typing.Optional[int], + require_explicit_policy: int | None, + inhibit_policy_mapping: int | None, ) -> None: if require_explicit_policy is not None and not isinstance( require_explicit_policy, int @@ -790,11 +810,11 @@ def __hash__(self) -> int: ) @property - def require_explicit_policy(self) -> typing.Optional[int]: + def require_explicit_policy(self) -> int | None: return self._require_explicit_policy @property - def inhibit_policy_mapping(self) -> typing.Optional[int]: + def inhibit_policy_mapping(self) -> int | None: return self._inhibit_policy_mapping def public_bytes(self) -> bytes: @@ -804,7 +824,7 @@ def public_bytes(self) -> bytes: class CertificatePolicies(ExtensionType): oid = ExtensionOID.CERTIFICATE_POLICIES - def __init__(self, policies: typing.Iterable["PolicyInformation"]) -> None: + def __init__(self, policies: typing.Iterable[PolicyInformation]) -> None: policies = list(policies) if not all(isinstance(x, PolicyInformation) for x in policies): raise TypeError( @@ -817,7 +837,7 @@ def __init__(self, policies: typing.Iterable["PolicyInformation"]) -> None: __len__, __iter__, __getitem__ = _make_sequence_methods("_policies") def __repr__(self) -> str: - return "".format(self._policies) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, CertificatePolicies): @@ -836,9 +856,7 @@ class PolicyInformation: def __init__( self, policy_identifier: ObjectIdentifier, - policy_qualifiers: typing.Optional[ - typing.Iterable[typing.Union[str, "UserNotice"]] - ], + policy_qualifiers: typing.Iterable[str | UserNotice] | None, ) -> None: if not isinstance(policy_identifier, ObjectIdentifier): raise TypeError("policy_identifier must be an ObjectIdentifier") @@ -859,8 +877,8 @@ def __init__( def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: @@ -874,9 +892,9 @@ def __eq__(self, other: object) -> bool: def __hash__(self) -> int: if self.policy_qualifiers is not None: - pq: typing.Optional[ - typing.Tuple[typing.Union[str, "UserNotice"], ...] - ] = tuple(self.policy_qualifiers) + pq: tuple[str | UserNotice, ...] | None = tuple( + self.policy_qualifiers + ) else: pq = None @@ -889,15 +907,15 @@ def policy_identifier(self) -> ObjectIdentifier: @property def policy_qualifiers( self, - ) -> typing.Optional[typing.List[typing.Union[str, "UserNotice"]]]: + ) -> list[str | UserNotice] | None: return self._policy_qualifiers class UserNotice: def __init__( self, - notice_reference: typing.Optional["NoticeReference"], - explicit_text: typing.Optional[str], + notice_reference: NoticeReference | None, + explicit_text: str | None, ) -> None: if notice_reference and not isinstance( notice_reference, NoticeReference @@ -911,8 +929,8 @@ def __init__( def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: @@ -928,18 +946,18 @@ def __hash__(self) -> int: return hash((self.notice_reference, self.explicit_text)) @property - def notice_reference(self) -> typing.Optional["NoticeReference"]: + def notice_reference(self) -> NoticeReference | None: return self._notice_reference @property - def explicit_text(self) -> typing.Optional[str]: + def explicit_text(self) -> str | None: return self._explicit_text class NoticeReference: def __init__( self, - organization: typing.Optional[str], + organization: str | None, notice_numbers: typing.Iterable[int], ) -> None: self._organization = organization @@ -951,8 +969,8 @@ def __init__( def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: @@ -968,11 +986,11 @@ def __hash__(self) -> int: return hash((self.organization, tuple(self.notice_numbers))) @property - def organization(self) -> typing.Optional[str]: + def organization(self) -> str | None: return self._organization @property - def notice_numbers(self) -> typing.List[int]: + def notice_numbers(self) -> list[int]: return self._notice_numbers @@ -991,7 +1009,7 @@ def __init__(self, usages: typing.Iterable[ObjectIdentifier]) -> None: __len__, __iter__, __getitem__ = _make_sequence_methods("_usages") def __repr__(self) -> str: - return "".format(self._usages) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, ExtendedKeyUsage): @@ -1047,7 +1065,7 @@ def public_bytes(self) -> bytes: class TLSFeature(ExtensionType): oid = ExtensionOID.TLS_FEATURE - def __init__(self, features: typing.Iterable["TLSFeatureType"]) -> None: + def __init__(self, features: typing.Iterable[TLSFeatureType]) -> None: features = list(features) if ( not all(isinstance(x, TLSFeatureType) for x in features) @@ -1063,7 +1081,7 @@ def __init__(self, features: typing.Iterable["TLSFeatureType"]) -> None: __len__, __iter__, __getitem__ = _make_sequence_methods("_features") def __repr__(self) -> str: - return "".format(self) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, TLSFeature): @@ -1105,7 +1123,7 @@ def __init__(self, skip_certs: int) -> None: self._skip_certs = skip_certs def __repr__(self) -> str: - return "".format(self) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, InhibitAnyPolicy): @@ -1213,14 +1231,14 @@ def __repr__(self) -> str: decipher_only = False return ( - "" - ).format(self, encipher_only, decipher_only) + f"" + ) def __eq__(self, other: object) -> bool: if not isinstance(other, KeyUsage): @@ -1262,8 +1280,8 @@ class NameConstraints(ExtensionType): def __init__( self, - permitted_subtrees: typing.Optional[typing.Iterable[GeneralName]], - excluded_subtrees: typing.Optional[typing.Iterable[GeneralName]], + permitted_subtrees: typing.Iterable[GeneralName] | None, + excluded_subtrees: typing.Iterable[GeneralName] | None, ) -> None: if permitted_subtrees is not None: permitted_subtrees = list(permitted_subtrees) @@ -1277,7 +1295,7 @@ def __init__( "or None" ) - self._validate_ip_name(permitted_subtrees) + self._validate_tree(permitted_subtrees) if excluded_subtrees is not None: excluded_subtrees = list(excluded_subtrees) @@ -1291,7 +1309,7 @@ def __init__( "or None" ) - self._validate_ip_name(excluded_subtrees) + self._validate_tree(excluded_subtrees) if permitted_subtrees is None and excluded_subtrees is None: raise ValueError( @@ -1311,6 +1329,10 @@ def __eq__(self, other: object) -> bool: and self.permitted_subtrees == other.permitted_subtrees ) + def _validate_tree(self, tree: typing.Iterable[GeneralName]) -> None: + self._validate_ip_name(tree) + self._validate_dns_name(tree) + def _validate_ip_name(self, tree: typing.Iterable[GeneralName]) -> None: if any( isinstance(name, IPAddress) @@ -1324,24 +1346,29 @@ def _validate_ip_name(self, tree: typing.Iterable[GeneralName]) -> None: " IPv6Network object" ) + def _validate_dns_name(self, tree: typing.Iterable[GeneralName]) -> None: + if any( + isinstance(name, DNSName) and "*" in name.value for name in tree + ): + raise ValueError( + "DNSName name constraints must not contain the '*' wildcard" + " character" + ) + def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __hash__(self) -> int: if self.permitted_subtrees is not None: - ps: typing.Optional[typing.Tuple[GeneralName, ...]] = tuple( - self.permitted_subtrees - ) + ps: tuple[GeneralName, ...] | None = tuple(self.permitted_subtrees) else: ps = None if self.excluded_subtrees is not None: - es: typing.Optional[typing.Tuple[GeneralName, ...]] = tuple( - self.excluded_subtrees - ) + es: tuple[GeneralName, ...] | None = tuple(self.excluded_subtrees) else: es = None @@ -1350,13 +1377,13 @@ def __hash__(self) -> int: @property def permitted_subtrees( self, - ) -> typing.Optional[typing.List[GeneralName]]: + ) -> list[GeneralName] | None: return self._permitted_subtrees @property def excluded_subtrees( self, - ) -> typing.Optional[typing.List[GeneralName]]: + ) -> list[GeneralName] | None: return self._excluded_subtrees def public_bytes(self) -> bytes: @@ -1393,9 +1420,9 @@ def value(self) -> ExtensionTypeVar: def __repr__(self) -> str: return ( - "" - ).format(self) + f"" + ) def __eq__(self, other: object) -> bool: if not isinstance(other, Extension): @@ -1427,58 +1454,49 @@ def __init__(self, general_names: typing.Iterable[GeneralName]) -> None: @typing.overload def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[UniformResourceIdentifier], - typing.Type[RFC822Name], - ], - ) -> typing.List[str]: - ... + type: type[DNSName] + | type[UniformResourceIdentifier] + | type[RFC822Name], + ) -> list[str]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[DirectoryName], - ) -> typing.List[Name]: - ... + type: type[DirectoryName], + ) -> list[Name]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[RegisteredID], - ) -> typing.List[ObjectIdentifier]: - ... + type: type[RegisteredID], + ) -> list[ObjectIdentifier]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[IPAddress] - ) -> typing.List[_IPADDRESS_TYPES]: - ... + self, type: type[IPAddress] + ) -> list[_IPAddressTypes]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[OtherName] - ) -> typing.List[OtherName]: - ... + self, type: type[OtherName] + ) -> list[OtherName]: ... def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[DirectoryName], - typing.Type[IPAddress], - typing.Type[OtherName], - typing.Type[RFC822Name], - typing.Type[RegisteredID], - typing.Type[UniformResourceIdentifier], - ], - ) -> typing.Union[ - typing.List[_IPADDRESS_TYPES], - typing.List[str], - typing.List[OtherName], - typing.List[Name], - typing.List[ObjectIdentifier], - ]: + type: type[DNSName] + | type[DirectoryName] + | type[IPAddress] + | type[OtherName] + | type[RFC822Name] + | type[RegisteredID] + | type[UniformResourceIdentifier], + ) -> ( + list[_IPAddressTypes] + | list[str] + | list[OtherName] + | list[Name] + | list[ObjectIdentifier] + ): # Return the value of each GeneralName, except for OtherName instances # which we return directly because it has two important properties not # just one value. @@ -1488,7 +1506,7 @@ def get_values_for_type( return list(objs) def __repr__(self) -> str: - return "".format(self._general_names) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, GeneralNames): @@ -1511,62 +1529,53 @@ def __init__(self, general_names: typing.Iterable[GeneralName]) -> None: @typing.overload def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[UniformResourceIdentifier], - typing.Type[RFC822Name], - ], - ) -> typing.List[str]: - ... + type: type[DNSName] + | type[UniformResourceIdentifier] + | type[RFC822Name], + ) -> list[str]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[DirectoryName], - ) -> typing.List[Name]: - ... + type: type[DirectoryName], + ) -> list[Name]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[RegisteredID], - ) -> typing.List[ObjectIdentifier]: - ... + type: type[RegisteredID], + ) -> list[ObjectIdentifier]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[IPAddress] - ) -> typing.List[_IPADDRESS_TYPES]: - ... + self, type: type[IPAddress] + ) -> list[_IPAddressTypes]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[OtherName] - ) -> typing.List[OtherName]: - ... + self, type: type[OtherName] + ) -> list[OtherName]: ... def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[DirectoryName], - typing.Type[IPAddress], - typing.Type[OtherName], - typing.Type[RFC822Name], - typing.Type[RegisteredID], - typing.Type[UniformResourceIdentifier], - ], - ) -> typing.Union[ - typing.List[_IPADDRESS_TYPES], - typing.List[str], - typing.List[OtherName], - typing.List[Name], - typing.List[ObjectIdentifier], - ]: + type: type[DNSName] + | type[DirectoryName] + | type[IPAddress] + | type[OtherName] + | type[RFC822Name] + | type[RegisteredID] + | type[UniformResourceIdentifier], + ) -> ( + list[_IPAddressTypes] + | list[str] + | list[OtherName] + | list[Name] + | list[ObjectIdentifier] + ): return self._general_names.get_values_for_type(type) def __repr__(self) -> str: - return "".format(self._general_names) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, SubjectAlternativeName): @@ -1592,62 +1601,53 @@ def __init__(self, general_names: typing.Iterable[GeneralName]) -> None: @typing.overload def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[UniformResourceIdentifier], - typing.Type[RFC822Name], - ], - ) -> typing.List[str]: - ... + type: type[DNSName] + | type[UniformResourceIdentifier] + | type[RFC822Name], + ) -> list[str]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[DirectoryName], - ) -> typing.List[Name]: - ... + type: type[DirectoryName], + ) -> list[Name]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[RegisteredID], - ) -> typing.List[ObjectIdentifier]: - ... + type: type[RegisteredID], + ) -> list[ObjectIdentifier]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[IPAddress] - ) -> typing.List[_IPADDRESS_TYPES]: - ... + self, type: type[IPAddress] + ) -> list[_IPAddressTypes]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[OtherName] - ) -> typing.List[OtherName]: - ... + self, type: type[OtherName] + ) -> list[OtherName]: ... def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[DirectoryName], - typing.Type[IPAddress], - typing.Type[OtherName], - typing.Type[RFC822Name], - typing.Type[RegisteredID], - typing.Type[UniformResourceIdentifier], - ], - ) -> typing.Union[ - typing.List[_IPADDRESS_TYPES], - typing.List[str], - typing.List[OtherName], - typing.List[Name], - typing.List[ObjectIdentifier], - ]: + type: type[DNSName] + | type[DirectoryName] + | type[IPAddress] + | type[OtherName] + | type[RFC822Name] + | type[RegisteredID] + | type[UniformResourceIdentifier], + ) -> ( + list[_IPAddressTypes] + | list[str] + | list[OtherName] + | list[Name] + | list[ObjectIdentifier] + ): return self._general_names.get_values_for_type(type) def __repr__(self) -> str: - return "".format(self._general_names) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, IssuerAlternativeName): @@ -1673,62 +1673,53 @@ def __init__(self, general_names: typing.Iterable[GeneralName]) -> None: @typing.overload def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[UniformResourceIdentifier], - typing.Type[RFC822Name], - ], - ) -> typing.List[str]: - ... + type: type[DNSName] + | type[UniformResourceIdentifier] + | type[RFC822Name], + ) -> list[str]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[DirectoryName], - ) -> typing.List[Name]: - ... + type: type[DirectoryName], + ) -> list[Name]: ... @typing.overload def get_values_for_type( self, - type: typing.Type[RegisteredID], - ) -> typing.List[ObjectIdentifier]: - ... + type: type[RegisteredID], + ) -> list[ObjectIdentifier]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[IPAddress] - ) -> typing.List[_IPADDRESS_TYPES]: - ... + self, type: type[IPAddress] + ) -> list[_IPAddressTypes]: ... @typing.overload def get_values_for_type( - self, type: typing.Type[OtherName] - ) -> typing.List[OtherName]: - ... + self, type: type[OtherName] + ) -> list[OtherName]: ... def get_values_for_type( self, - type: typing.Union[ - typing.Type[DNSName], - typing.Type[DirectoryName], - typing.Type[IPAddress], - typing.Type[OtherName], - typing.Type[RFC822Name], - typing.Type[RegisteredID], - typing.Type[UniformResourceIdentifier], - ], - ) -> typing.Union[ - typing.List[_IPADDRESS_TYPES], - typing.List[str], - typing.List[OtherName], - typing.List[Name], - typing.List[ObjectIdentifier], - ]: + type: type[DNSName] + | type[DirectoryName] + | type[IPAddress] + | type[OtherName] + | type[RFC822Name] + | type[RegisteredID] + | type[UniformResourceIdentifier], + ) -> ( + list[_IPAddressTypes] + | list[str] + | list[OtherName] + | list[Name] + | list[ObjectIdentifier] + ): return self._general_names.get_values_for_type(type) def __repr__(self) -> str: - return "".format(self._general_names) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, CertificateIssuer): @@ -1753,7 +1744,7 @@ def __init__(self, reason: ReasonFlags) -> None: self._reason = reason def __repr__(self) -> str: - return "".format(self._reason) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, CRLReason): @@ -1782,9 +1773,7 @@ def __init__(self, invalidity_date: datetime.datetime) -> None: self._invalidity_date = invalidity_date def __repr__(self) -> str: - return "".format( - self._invalidity_date - ) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, InvalidityDate): @@ -1799,6 +1788,13 @@ def __hash__(self) -> int: def invalidity_date(self) -> datetime.datetime: return self._invalidity_date + @property + def invalidity_date_utc(self) -> datetime.datetime: + if self._invalidity_date.tzinfo is None: + return self._invalidity_date.replace(tzinfo=datetime.timezone.utc) + else: + return self._invalidity_date.astimezone(tz=datetime.timezone.utc) + def public_bytes(self) -> bytes: return rust_x509.encode_extension_value(self) @@ -1828,9 +1824,7 @@ def __init__( ) def __repr__(self) -> str: - return "".format( - list(self) - ) + return f"" def __hash__(self) -> int: return hash(tuple(self._signed_certificate_timestamps)) @@ -1873,7 +1867,7 @@ def __init__( ) def __repr__(self) -> str: - return "".format(list(self)) + return f"" def __hash__(self) -> int: return hash(tuple(self._signed_certificate_timestamps)) @@ -1910,7 +1904,7 @@ def __hash__(self) -> int: return hash(self.nonce) def __repr__(self) -> str: - return "".format(self) + return f"" @property def nonce(self) -> bytes: @@ -1920,16 +1914,45 @@ def public_bytes(self) -> bytes: return rust_x509.encode_extension_value(self) +class OCSPAcceptableResponses(ExtensionType): + oid = OCSPExtensionOID.ACCEPTABLE_RESPONSES + + def __init__(self, responses: typing.Iterable[ObjectIdentifier]) -> None: + responses = list(responses) + if any(not isinstance(r, ObjectIdentifier) for r in responses): + raise TypeError("All responses must be ObjectIdentifiers") + + self._responses = responses + + def __eq__(self, other: object) -> bool: + if not isinstance(other, OCSPAcceptableResponses): + return NotImplemented + + return self._responses == other._responses + + def __hash__(self) -> int: + return hash(tuple(self._responses)) + + def __repr__(self) -> str: + return f"" + + def __iter__(self) -> typing.Iterator[ObjectIdentifier]: + return iter(self._responses) + + def public_bytes(self) -> bytes: + return rust_x509.encode_extension_value(self) + + class IssuingDistributionPoint(ExtensionType): oid = ExtensionOID.ISSUING_DISTRIBUTION_POINT def __init__( self, - full_name: typing.Optional[typing.Iterable[GeneralName]], - relative_name: typing.Optional[RelativeDistinguishedName], + full_name: typing.Iterable[GeneralName] | None, + relative_name: RelativeDistinguishedName | None, only_contains_user_certs: bool, only_contains_ca_certs: bool, - only_some_reasons: typing.Optional[typing.FrozenSet[ReasonFlags]], + only_some_reasons: frozenset[ReasonFlags] | None, indirect_crl: bool, only_contains_attribute_certs: bool, ) -> None: @@ -2008,14 +2031,14 @@ def __init__( def __repr__(self) -> str: return ( - "".format(self) + f"{self.only_contains_attribute_certs})>" ) def __eq__(self, other: object) -> bool: @@ -2047,11 +2070,11 @@ def __hash__(self) -> int: ) @property - def full_name(self) -> typing.Optional[typing.List[GeneralName]]: + def full_name(self) -> list[GeneralName] | None: return self._full_name @property - def relative_name(self) -> typing.Optional[RelativeDistinguishedName]: + def relative_name(self) -> RelativeDistinguishedName | None: return self._relative_name @property @@ -2065,7 +2088,7 @@ def only_contains_ca_certs(self) -> bool: @property def only_some_reasons( self, - ) -> typing.Optional[typing.FrozenSet[ReasonFlags]]: + ) -> frozenset[ReasonFlags] | None: return self._only_some_reasons @property @@ -2080,6 +2103,65 @@ def public_bytes(self) -> bytes: return rust_x509.encode_extension_value(self) +class MSCertificateTemplate(ExtensionType): + oid = ExtensionOID.MS_CERTIFICATE_TEMPLATE + + def __init__( + self, + template_id: ObjectIdentifier, + major_version: int | None, + minor_version: int | None, + ) -> None: + if not isinstance(template_id, ObjectIdentifier): + raise TypeError("oid must be an ObjectIdentifier") + self._template_id = template_id + if ( + major_version is not None and not isinstance(major_version, int) + ) or ( + minor_version is not None and not isinstance(minor_version, int) + ): + raise TypeError( + "major_version and minor_version must be integers or None" + ) + self._major_version = major_version + self._minor_version = minor_version + + @property + def template_id(self) -> ObjectIdentifier: + return self._template_id + + @property + def major_version(self) -> int | None: + return self._major_version + + @property + def minor_version(self) -> int | None: + return self._minor_version + + def __repr__(self) -> str: + return ( + f"" + ) + + def __eq__(self, other: object) -> bool: + if not isinstance(other, MSCertificateTemplate): + return NotImplemented + + return ( + self.template_id == other.template_id + and self.major_version == other.major_version + and self.minor_version == other.minor_version + ) + + def __hash__(self) -> int: + return hash((self.template_id, self.major_version, self.minor_version)) + + def public_bytes(self) -> bytes: + return rust_x509.encode_extension_value(self) + + class UnrecognizedExtension(ExtensionType): def __init__(self, oid: ObjectIdentifier, value: bytes) -> None: if not isinstance(oid, ObjectIdentifier): @@ -2097,8 +2179,8 @@ def value(self) -> bytes: def __repr__(self) -> str: return ( - "".format(self) + f"" ) def __eq__(self, other: object) -> bool: diff --git a/src/cryptography/x509/general_name.py b/src/cryptography/x509/general_name.py index 9939233..672f287 100644 --- a/src/cryptography/x509/general_name.py +++ b/src/cryptography/x509/general_name.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import ipaddress @@ -11,8 +12,7 @@ from cryptography.x509.name import Name from cryptography.x509.oid import ObjectIdentifier - -_IPADDRESS_TYPES = typing.Union[ +_IPAddressTypes = typing.Union[ ipaddress.IPv4Address, ipaddress.IPv6Address, ipaddress.IPv4Network, @@ -25,7 +25,8 @@ class UnsupportedGeneralNameType(Exception): class GeneralName(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def value(self) -> typing.Any: """ Return the value of the object @@ -59,13 +60,13 @@ def value(self) -> str: return self._value @classmethod - def _init_without_validation(cls, value: str) -> "RFC822Name": + def _init_without_validation(cls, value: str) -> RFC822Name: instance = cls.__new__(cls) instance._value = value return instance def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, RFC822Name): @@ -98,13 +99,13 @@ def value(self) -> str: return self._value @classmethod - def _init_without_validation(cls, value: str) -> "DNSName": + def _init_without_validation(cls, value: str) -> DNSName: instance = cls.__new__(cls) instance._value = value return instance def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, DNSName): @@ -137,15 +138,13 @@ def value(self) -> str: return self._value @classmethod - def _init_without_validation( - cls, value: str - ) -> "UniformResourceIdentifier": + def _init_without_validation(cls, value: str) -> UniformResourceIdentifier: instance = cls.__new__(cls) instance._value = value return instance def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, UniformResourceIdentifier): @@ -169,7 +168,7 @@ def value(self) -> Name: return self._value def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, DirectoryName): @@ -193,7 +192,7 @@ def value(self) -> ObjectIdentifier: return self._value def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, RegisteredID): @@ -206,7 +205,7 @@ def __hash__(self) -> int: class IPAddress(GeneralName): - def __init__(self, value: _IPADDRESS_TYPES) -> None: + def __init__(self, value: _IPAddressTypes) -> None: if not isinstance( value, ( @@ -225,7 +224,7 @@ def __init__(self, value: _IPADDRESS_TYPES) -> None: self._value = value @property - def value(self) -> _IPADDRESS_TYPES: + def value(self) -> _IPAddressTypes: return self._value def _packed(self) -> bytes: @@ -239,7 +238,7 @@ def _packed(self) -> bytes: ) def __repr__(self) -> str: - return "".format(self.value) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, IPAddress): @@ -270,9 +269,7 @@ def value(self) -> bytes: return self._value def __repr__(self) -> str: - return "".format( - self.type_id, self.value - ) + return f"" def __eq__(self, other: object) -> bool: if not isinstance(other, OtherName): diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py index 702fb4b..1b6b89d 100644 --- a/src/cryptography/x509/name.py +++ b/src/cryptography/x509/name.py @@ -2,6 +2,8 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + import binascii import re import sys @@ -9,9 +11,7 @@ import warnings from cryptography import utils -from cryptography.hazmat.bindings._rust import ( - x509 as rust_x509, -) +from cryptography.hazmat.bindings._rust import x509 as rust_x509 from cryptography.x509.oid import NameOID, ObjectIdentifier @@ -31,7 +31,7 @@ class _ASN1Type(utils.Enum): _ASN1_TYPE_TO_ENUM = {i.value: i for i in _ASN1Type} -_NAMEOID_DEFAULT_TYPE: typing.Dict[ObjectIdentifier, _ASN1Type] = { +_NAMEOID_DEFAULT_TYPE: dict[ObjectIdentifier, _ASN1Type] = { NameOID.COUNTRY_NAME: _ASN1Type.PrintableString, NameOID.JURISDICTION_COUNTRY_NAME: _ASN1Type.PrintableString, NameOID.SERIAL_NUMBER: _ASN1Type.PrintableString, @@ -59,8 +59,14 @@ class _ASN1Type(utils.Enum): } _NAME_TO_NAMEOID = {v: k for k, v in _NAMEOID_TO_NAME.items()} +_NAMEOID_LENGTH_LIMIT = { + NameOID.COUNTRY_NAME: (2, 2), + NameOID.JURISDICTION_COUNTRY_NAME: (2, 2), + NameOID.COMMON_NAME: (1, 64), +} + -def _escape_dn_value(val: typing.Union[str, bytes]) -> str: +def _escape_dn_value(val: str | bytes) -> str: """Escape special characters in RFC4514 Distinguished Name value.""" if not val: @@ -112,8 +118,8 @@ class NameAttribute: def __init__( self, oid: ObjectIdentifier, - value: typing.Union[str, bytes], - _type: typing.Optional[_ASN1Type] = None, + value: str | bytes, + _type: _ASN1Type | None = None, *, _validate: bool = True, ) -> None: @@ -132,22 +138,20 @@ def __init__( if not isinstance(value, str): raise TypeError("value argument must be a str") - if ( - oid == NameOID.COUNTRY_NAME - or oid == NameOID.JURISDICTION_COUNTRY_NAME - ): + length_limits = _NAMEOID_LENGTH_LIMIT.get(oid) + if length_limits is not None: + min_length, max_length = length_limits assert isinstance(value, str) c_len = len(value.encode("utf8")) - if c_len != 2 and _validate is True: - raise ValueError( - "Country name must be a 2 character country code" - ) - elif c_len != 2: - warnings.warn( - "Country names should be two characters, but the " - "attribute is {} characters in length.".format(c_len), - stacklevel=2, + if c_len < min_length or c_len > max_length: + msg = ( + f"Attribute's length must be >= {min_length} and " + f"<= {max_length}, but it was {c_len}" ) + if _validate is True: + raise ValueError(msg) + else: + warnings.warn(msg, stacklevel=2) # The appropriate ASN1 string type varies by OID and is defined across # multiple RFCs including 2459, 3280, and 5280. In general UTF8String @@ -170,7 +174,7 @@ def oid(self) -> ObjectIdentifier: return self._oid @property - def value(self) -> typing.Union[str, bytes]: + def value(self) -> str | bytes: return self._value @property @@ -182,7 +186,7 @@ def rfc4514_attribute_name(self) -> str: return _NAMEOID_TO_NAME.get(self.oid, self.oid.dotted_string) def rfc4514_string( - self, attr_name_overrides: typing.Optional[_OidNameMap] = None + self, attr_name_overrides: _OidNameMap | None = None ) -> str: """ Format as RFC4514 Distinguished Name string. @@ -208,7 +212,7 @@ def __hash__(self) -> int: return hash((self.oid, self.value)) def __repr__(self) -> str: - return "".format(self) + return f"" class RelativeDistinguishedName: @@ -228,11 +232,11 @@ def __init__(self, attributes: typing.Iterable[NameAttribute]): def get_attributes_for_oid( self, oid: ObjectIdentifier - ) -> typing.List[NameAttribute]: + ) -> list[NameAttribute]: return [i for i in self if i.oid == oid] def rfc4514_string( - self, attr_name_overrides: typing.Optional[_OidNameMap] = None + self, attr_name_overrides: _OidNameMap | None = None ) -> str: """ Format as RFC4514 Distinguished Name string. @@ -261,25 +265,21 @@ def __len__(self) -> int: return len(self._attributes) def __repr__(self) -> str: - return "".format(self.rfc4514_string()) + return f"" class Name: @typing.overload - def __init__(self, attributes: typing.Iterable[NameAttribute]) -> None: - ... + def __init__(self, attributes: typing.Iterable[NameAttribute]) -> None: ... @typing.overload def __init__( self, attributes: typing.Iterable[RelativeDistinguishedName] - ) -> None: - ... + ) -> None: ... def __init__( self, - attributes: typing.Iterable[ - typing.Union[NameAttribute, RelativeDistinguishedName] - ], + attributes: typing.Iterable[NameAttribute | RelativeDistinguishedName], ) -> None: attributes = list(attributes) if all(isinstance(x, NameAttribute) for x in attributes): @@ -301,12 +301,12 @@ def __init__( def from_rfc4514_string( cls, data: str, - attr_name_overrides: typing.Optional[_NameOidMap] = None, - ) -> "Name": + attr_name_overrides: _NameOidMap | None = None, + ) -> Name: return _RFC4514NameParser(data, attr_name_overrides or {}).parse() def rfc4514_string( - self, attr_name_overrides: typing.Optional[_OidNameMap] = None + self, attr_name_overrides: _OidNameMap | None = None ) -> str: """ Format as RFC4514 Distinguished Name string. @@ -325,11 +325,11 @@ def rfc4514_string( def get_attributes_for_oid( self, oid: ObjectIdentifier - ) -> typing.List[NameAttribute]: + ) -> list[NameAttribute]: return [i for i in self if i.oid == oid] @property - def rdns(self) -> typing.List[RelativeDistinguishedName]: + def rdns(self) -> list[RelativeDistinguishedName]: return self._attributes def public_bytes(self, backend: typing.Any = None) -> bytes: @@ -348,15 +348,14 @@ def __hash__(self) -> int: def __iter__(self) -> typing.Iterator[NameAttribute]: for rdn in self._attributes: - for ava in rdn: - yield ava + yield from rdn def __len__(self) -> int: return sum(len(rdn) for rdn in self._attributes) def __repr__(self) -> str: rdns = ",".join(attr.rfc4514_string() for attr in self._attributes) - return "".format(rdns) + return f"" class _RFC4514NameParser: @@ -395,7 +394,7 @@ def __init__(self, data: str, attr_name_overrides: _NameOidMap) -> None: def _has_data(self) -> bool: return self._idx < len(self._data) - def _peek(self) -> typing.Optional[str]: + def _peek(self) -> str | None: if self._has_data(): return self._data[self._idx] return None @@ -422,6 +421,10 @@ def parse(self) -> Name: we parse it, we need to reverse again to get the RDNs on the correct order. """ + + if not self._has_data(): + return Name([]) + rdns = [self._parse_rdn()] while self._has_data(): diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index c01e77a..dbb475d 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -2,17 +2,17 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations import abc import datetime import typing -from cryptography import utils -from cryptography import x509 +from cryptography import utils, x509 from cryptography.hazmat.bindings._rust import ocsp from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric.types import ( - CERTIFICATE_PRIVATE_KEY_TYPES, + CertificateIssuerPrivateKeyTypes, ) from cryptography.x509.base import ( _EARLIEST_UTC_TIME, @@ -65,9 +65,9 @@ def __init__( algorithm: hashes.HashAlgorithm, cert_status: OCSPCertStatus, this_update: datetime.datetime, - next_update: typing.Optional[datetime.datetime], - revocation_time: typing.Optional[datetime.datetime], - revocation_reason: typing.Optional[x509.ReasonFlags], + next_update: datetime.datetime | None, + revocation_time: datetime.datetime | None, + revocation_reason: x509.ReasonFlags | None, ): if not isinstance(cert, x509.Certificate) or not isinstance( issuer, x509.Certificate @@ -128,25 +128,29 @@ def __init__( class OCSPRequest(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def issuer_key_hash(self) -> bytes: """ The hash of the issuer public key """ - @abc.abstractproperty + @property + @abc.abstractmethod def issuer_name_hash(self) -> bytes: """ The hash of the issuer name """ - @abc.abstractproperty + @property + @abc.abstractmethod def hash_algorithm(self) -> hashes.HashAlgorithm: """ The hash algorithm used in the issuer name and key hashes """ - @abc.abstractproperty + @property + @abc.abstractmethod def serial_number(self) -> int: """ The serial number of the cert whose status is being checked @@ -158,7 +162,8 @@ def public_bytes(self, encoding: serialization.Encoding) -> bytes: Serializes the request to DER """ - @abc.abstractproperty + @property + @abc.abstractmethod def extensions(self) -> x509.Extensions: """ The list of request extensions. Not single request extensions. @@ -166,58 +171,92 @@ def extensions(self) -> x509.Extensions: class OCSPSingleResponse(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def certificate_status(self) -> OCSPCertStatus: """ The status of the certificate (an element from the OCSPCertStatus enum) """ - @abc.abstractproperty - def revocation_time(self) -> typing.Optional[datetime.datetime]: + @property + @abc.abstractmethod + def revocation_time(self) -> datetime.datetime | None: """ The date of when the certificate was revoked or None if not revoked. """ - @abc.abstractproperty - def revocation_reason(self) -> typing.Optional[x509.ReasonFlags]: + @property + @abc.abstractmethod + def revocation_time_utc(self) -> datetime.datetime | None: + """ + The date of when the certificate was revoked or None if not + revoked. Represented as a non-naive UTC datetime. + """ + + @property + @abc.abstractmethod + def revocation_reason(self) -> x509.ReasonFlags | None: """ The reason the certificate was revoked or None if not specified or not revoked. """ - @abc.abstractproperty + @property + @abc.abstractmethod def this_update(self) -> datetime.datetime: """ The most recent time at which the status being indicated is known by the responder to have been correct """ - @abc.abstractproperty - def next_update(self) -> typing.Optional[datetime.datetime]: + @property + @abc.abstractmethod + def this_update_utc(self) -> datetime.datetime: + """ + The most recent time at which the status being indicated is known by + the responder to have been correct. Represented as a non-naive UTC + datetime. + """ + + @property + @abc.abstractmethod + def next_update(self) -> datetime.datetime | None: """ The time when newer information will be available """ - @abc.abstractproperty + @property + @abc.abstractmethod + def next_update_utc(self) -> datetime.datetime | None: + """ + The time when newer information will be available. Represented as a + non-naive UTC datetime. + """ + + @property + @abc.abstractmethod def issuer_key_hash(self) -> bytes: """ The hash of the issuer public key """ - @abc.abstractproperty + @property + @abc.abstractmethod def issuer_name_hash(self) -> bytes: """ The hash of the issuer name """ - @abc.abstractproperty + @property + @abc.abstractmethod def hash_algorithm(self) -> hashes.HashAlgorithm: """ The hash algorithm used in the issuer name and key hashes """ - @abc.abstractproperty + @property + @abc.abstractmethod def serial_number(self) -> int: """ The serial number of the cert whose status is being checked @@ -225,136 +264,190 @@ def serial_number(self) -> int: class OCSPResponse(metaclass=abc.ABCMeta): - @abc.abstractproperty + @property + @abc.abstractmethod def responses(self) -> typing.Iterator[OCSPSingleResponse]: """ An iterator over the individual SINGLERESP structures in the response """ - @abc.abstractproperty + @property + @abc.abstractmethod def response_status(self) -> OCSPResponseStatus: """ The status of the response. This is a value from the OCSPResponseStatus enumeration """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_algorithm_oid(self) -> x509.ObjectIdentifier: """ The ObjectIdentifier of the signature algorithm """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature_hash_algorithm( self, - ) -> typing.Optional[hashes.HashAlgorithm]: + ) -> hashes.HashAlgorithm | None: """ Returns a HashAlgorithm corresponding to the type of the digest signed """ - @abc.abstractproperty + @property + @abc.abstractmethod def signature(self) -> bytes: """ The signature bytes """ - @abc.abstractproperty + @property + @abc.abstractmethod def tbs_response_bytes(self) -> bytes: """ The tbsResponseData bytes """ - @abc.abstractproperty - def certificates(self) -> typing.List[x509.Certificate]: + @property + @abc.abstractmethod + def certificates(self) -> list[x509.Certificate]: """ A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. """ - @abc.abstractproperty - def responder_key_hash(self) -> typing.Optional[bytes]: + @property + @abc.abstractmethod + def responder_key_hash(self) -> bytes | None: """ The responder's key hash or None """ - @abc.abstractproperty - def responder_name(self) -> typing.Optional[x509.Name]: + @property + @abc.abstractmethod + def responder_name(self) -> x509.Name | None: """ The responder's Name or None """ - @abc.abstractproperty + @property + @abc.abstractmethod def produced_at(self) -> datetime.datetime: """ The time the response was produced """ - @abc.abstractproperty + @property + @abc.abstractmethod + def produced_at_utc(self) -> datetime.datetime: + """ + The time the response was produced. Represented as a non-naive UTC + datetime. + """ + + @property + @abc.abstractmethod def certificate_status(self) -> OCSPCertStatus: """ The status of the certificate (an element from the OCSPCertStatus enum) """ - @abc.abstractproperty - def revocation_time(self) -> typing.Optional[datetime.datetime]: + @property + @abc.abstractmethod + def revocation_time(self) -> datetime.datetime | None: """ The date of when the certificate was revoked or None if not revoked. """ - @abc.abstractproperty - def revocation_reason(self) -> typing.Optional[x509.ReasonFlags]: + @property + @abc.abstractmethod + def revocation_time_utc(self) -> datetime.datetime | None: + """ + The date of when the certificate was revoked or None if not + revoked. Represented as a non-naive UTC datetime. + """ + + @property + @abc.abstractmethod + def revocation_reason(self) -> x509.ReasonFlags | None: """ The reason the certificate was revoked or None if not specified or not revoked. """ - @abc.abstractproperty + @property + @abc.abstractmethod def this_update(self) -> datetime.datetime: """ The most recent time at which the status being indicated is known by the responder to have been correct """ - @abc.abstractproperty - def next_update(self) -> typing.Optional[datetime.datetime]: + @property + @abc.abstractmethod + def this_update_utc(self) -> datetime.datetime: + """ + The most recent time at which the status being indicated is known by + the responder to have been correct. Represented as a non-naive UTC + datetime. + """ + + @property + @abc.abstractmethod + def next_update(self) -> datetime.datetime | None: """ The time when newer information will be available """ - @abc.abstractproperty + @property + @abc.abstractmethod + def next_update_utc(self) -> datetime.datetime | None: + """ + The time when newer information will be available. Represented as a + non-naive UTC datetime. + """ + + @property + @abc.abstractmethod def issuer_key_hash(self) -> bytes: """ The hash of the issuer public key """ - @abc.abstractproperty + @property + @abc.abstractmethod def issuer_name_hash(self) -> bytes: """ The hash of the issuer name """ - @abc.abstractproperty + @property + @abc.abstractmethod def hash_algorithm(self) -> hashes.HashAlgorithm: """ The hash algorithm used in the issuer name and key hashes """ - @abc.abstractproperty + @property + @abc.abstractmethod def serial_number(self) -> int: """ The serial number of the cert whose status is being checked """ - @abc.abstractproperty + @property + @abc.abstractmethod def extensions(self) -> x509.Extensions: """ The list of response extensions. Not single response extensions. """ - @abc.abstractproperty + @property + @abc.abstractmethod def single_extensions(self) -> x509.Extensions: """ The list of single response extensions. Not response extensions. @@ -367,17 +460,24 @@ def public_bytes(self, encoding: serialization.Encoding) -> bytes: """ +OCSPRequest.register(ocsp.OCSPRequest) +OCSPResponse.register(ocsp.OCSPResponse) +OCSPSingleResponse.register(ocsp.OCSPSingleResponse) + + class OCSPRequestBuilder: def __init__( self, - request: typing.Optional[ - typing.Tuple[ - x509.Certificate, x509.Certificate, hashes.HashAlgorithm - ] - ] = None, - extensions: typing.List[x509.Extension[x509.ExtensionType]] = [], + request: tuple[ + x509.Certificate, x509.Certificate, hashes.HashAlgorithm + ] + | None = None, + request_hash: tuple[bytes, bytes, int, hashes.HashAlgorithm] + | None = None, + extensions: list[x509.Extension[x509.ExtensionType]] = [], ) -> None: self._request = request + self._request_hash = request_hash self._extensions = extensions def add_certificate( @@ -385,8 +485,8 @@ def add_certificate( cert: x509.Certificate, issuer: x509.Certificate, algorithm: hashes.HashAlgorithm, - ) -> "OCSPRequestBuilder": - if self._request is not None: + ) -> OCSPRequestBuilder: + if self._request is not None or self._request_hash is not None: raise ValueError("Only one certificate can be added to a request") _verify_algorithm(algorithm) @@ -395,11 +495,43 @@ def add_certificate( ): raise TypeError("cert and issuer must be a Certificate") - return OCSPRequestBuilder((cert, issuer, algorithm), self._extensions) + return OCSPRequestBuilder( + (cert, issuer, algorithm), self._request_hash, self._extensions + ) + + def add_certificate_by_hash( + self, + issuer_name_hash: bytes, + issuer_key_hash: bytes, + serial_number: int, + algorithm: hashes.HashAlgorithm, + ) -> OCSPRequestBuilder: + if self._request is not None or self._request_hash is not None: + raise ValueError("Only one certificate can be added to a request") + + if not isinstance(serial_number, int): + raise TypeError("serial_number must be an integer") + + _verify_algorithm(algorithm) + utils._check_bytes("issuer_name_hash", issuer_name_hash) + utils._check_bytes("issuer_key_hash", issuer_key_hash) + if algorithm.digest_size != len( + issuer_name_hash + ) or algorithm.digest_size != len(issuer_key_hash): + raise ValueError( + "issuer_name_hash and issuer_key_hash must be the same length " + "as the digest size of the algorithm" + ) + + return OCSPRequestBuilder( + self._request, + (issuer_name_hash, issuer_key_hash, serial_number, algorithm), + self._extensions, + ) def add_extension( self, extval: x509.ExtensionType, critical: bool - ) -> "OCSPRequestBuilder": + ) -> OCSPRequestBuilder: if not isinstance(extval, x509.ExtensionType): raise TypeError("extension must be an ExtensionType") @@ -407,11 +539,11 @@ def add_extension( _reject_duplicate_extension(extension, self._extensions) return OCSPRequestBuilder( - self._request, self._extensions + [extension] + self._request, self._request_hash, [*self._extensions, extension] ) def build(self) -> OCSPRequest: - if self._request is None: + if self._request is None and self._request_hash is None: raise ValueError("You must add a certificate before building") return ocsp.create_ocsp_request(self) @@ -420,12 +552,11 @@ def build(self) -> OCSPRequest: class OCSPResponseBuilder: def __init__( self, - response: typing.Optional[_SingleResponse] = None, - responder_id: typing.Optional[ - typing.Tuple[x509.Certificate, OCSPResponderEncoding] - ] = None, - certs: typing.Optional[typing.List[x509.Certificate]] = None, - extensions: typing.List[x509.Extension[x509.ExtensionType]] = [], + response: _SingleResponse | None = None, + responder_id: tuple[x509.Certificate, OCSPResponderEncoding] + | None = None, + certs: list[x509.Certificate] | None = None, + extensions: list[x509.Extension[x509.ExtensionType]] = [], ): self._response = response self._responder_id = responder_id @@ -439,10 +570,10 @@ def add_response( algorithm: hashes.HashAlgorithm, cert_status: OCSPCertStatus, this_update: datetime.datetime, - next_update: typing.Optional[datetime.datetime], - revocation_time: typing.Optional[datetime.datetime], - revocation_reason: typing.Optional[x509.ReasonFlags], - ) -> "OCSPResponseBuilder": + next_update: datetime.datetime | None, + revocation_time: datetime.datetime | None, + revocation_reason: x509.ReasonFlags | None, + ) -> OCSPResponseBuilder: if self._response is not None: raise ValueError("Only one response per OCSPResponse.") @@ -465,7 +596,7 @@ def add_response( def responder_id( self, encoding: OCSPResponderEncoding, responder_cert: x509.Certificate - ) -> "OCSPResponseBuilder": + ) -> OCSPResponseBuilder: if self._responder_id is not None: raise ValueError("responder_id can only be set once") if not isinstance(responder_cert, x509.Certificate): @@ -484,7 +615,7 @@ def responder_id( def certificates( self, certs: typing.Iterable[x509.Certificate] - ) -> "OCSPResponseBuilder": + ) -> OCSPResponseBuilder: if self._certs is not None: raise ValueError("certificates may only be set once") certs = list(certs) @@ -501,7 +632,7 @@ def certificates( def add_extension( self, extval: x509.ExtensionType, critical: bool - ) -> "OCSPResponseBuilder": + ) -> OCSPResponseBuilder: if not isinstance(extval, x509.ExtensionType): raise TypeError("extension must be an ExtensionType") @@ -512,13 +643,13 @@ def add_extension( self._response, self._responder_id, self._certs, - self._extensions + [extension], + [*self._extensions, extension], ) def sign( self, - private_key: CERTIFICATE_PRIVATE_KEY_TYPES, - algorithm: typing.Optional[hashes.HashAlgorithm], + private_key: CertificateIssuerPrivateKeyTypes, + algorithm: hashes.HashAlgorithm | None, ) -> OCSPResponse: if self._response is None: raise ValueError("You must add a response before signing") @@ -543,9 +674,5 @@ def build_unsuccessful( return ocsp.create_ocsp_response(response_status, None, None, None) -def load_der_ocsp_request(data: bytes) -> OCSPRequest: - return ocsp.load_der_ocsp_request(data) - - -def load_der_ocsp_response(data: bytes) -> OCSPResponse: - return ocsp.load_der_ocsp_response(data) +load_der_ocsp_request = ocsp.load_der_ocsp_request +load_der_ocsp_response = ocsp.load_der_ocsp_response diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index 9bfac75..d4e409e 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -2,21 +2,23 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +from __future__ import annotations + from cryptography.hazmat._oid import ( AttributeOID, AuthorityInformationAccessOID, - CRLEntryExtensionOID, CertificatePoliciesOID, + CRLEntryExtensionOID, ExtendedKeyUsageOID, ExtensionOID, NameOID, - OCSPExtensionOID, ObjectIdentifier, + OCSPExtensionOID, + PublicKeyAlgorithmOID, SignatureAlgorithmOID, SubjectInformationAccessOID, ) - __all__ = [ "AttributeOID", "AuthorityInformationAccessOID", @@ -27,6 +29,7 @@ "NameOID", "OCSPExtensionOID", "ObjectIdentifier", + "PublicKeyAlgorithmOID", "SignatureAlgorithmOID", "SubjectInformationAccessOID", ] diff --git a/src/cryptography/x509/verification.py b/src/cryptography/x509/verification.py new file mode 100644 index 0000000..b836506 --- /dev/null +++ b/src/cryptography/x509/verification.py @@ -0,0 +1,28 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +import typing + +from cryptography.hazmat.bindings._rust import x509 as rust_x509 +from cryptography.x509.general_name import DNSName, IPAddress + +__all__ = [ + "ClientVerifier", + "PolicyBuilder", + "ServerVerifier", + "Store", + "Subject", + "VerificationError", + "VerifiedClient", +] + +Store = rust_x509.Store +Subject = typing.Union[DNSName, IPAddress] +VerifiedClient = rust_x509.VerifiedClient +ClientVerifier = rust_x509.ClientVerifier +ServerVerifier = rust_x509.ServerVerifier +PolicyBuilder = rust_x509.PolicyBuilder +VerificationError = rust_x509.VerificationError diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index 4a0ecfd..fe3398f 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -2,42 +2,20 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "Inflector" -version = "0.11.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3" - -[[package]] -name = "aliasable" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd" - -[[package]] -name = "android_system_properties" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" -dependencies = [ - "libc", -] - [[package]] name = "asn1" -version = "0.12.2" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22c27c85cd71c1bf4373c7c1aa752b73d2df799277c0930af16fffbf3444f210" +checksum = "532ceda058281b62096b2add4ab00ab3a453d30dee28b8890f62461a0109ebbd" dependencies = [ "asn1_derive", - "chrono", ] [[package]] name = "asn1_derive" -version = "0.12.2" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d48d1854a01241e8d22f8f5ae4e2dc332f66c5946e1772f5576886d83e18e1b7" +checksum = "56e6076d38cc17cc22b0f65f31170a2ee1975e6b07f0012893aefd86ce19c987" dependencies = [ "proc-macro2", "quote", @@ -46,27 +24,27 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "base64" -version = "0.13.0" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bitflags" -version = "1.3.2" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] -name = "bumpalo" -version = "3.10.0" +name = "cc" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3" +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" [[package]] name = "cfg-if" @@ -75,286 +53,243 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] -name = "chrono" -version = "0.4.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1" +name = "cryptography-cffi" +version = "0.1.0" dependencies = [ - "iana-time-zone", - "num-integer", - "num-traits", - "winapi", + "cc", + "openssl-sys", + "pyo3", ] [[package]] -name = "core-foundation-sys" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" +name = "cryptography-keepalive" +version = "0.1.0" +dependencies = [ + "pyo3", +] [[package]] -name = "cryptography-rust" +name = "cryptography-key-parsing" version = "0.1.0" dependencies = [ "asn1", - "chrono", - "once_cell", - "ouroboros", - "pem", - "pyo3", + "cfg-if", + "cryptography-x509", + "openssl", + "openssl-sys", ] [[package]] -name = "iana-time-zone" -version = "0.1.47" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c495f162af0bf17656d0014a0eded5f3cd2f365fdd204548c2869db89359dc7" +name = "cryptography-openssl" +version = "0.1.0" dependencies = [ - "android_system_properties", - "core-foundation-sys", - "js-sys", - "once_cell", - "wasm-bindgen", - "winapi", + "cfg-if", + "foreign-types", + "foreign-types-shared", + "openssl", + "openssl-sys", ] [[package]] -name = "indoc" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8" +name = "cryptography-rust" +version = "0.1.0" dependencies = [ - "indoc-impl", - "proc-macro-hack", + "asn1", + "cfg-if", + "cryptography-cffi", + "cryptography-keepalive", + "cryptography-key-parsing", + "cryptography-openssl", + "cryptography-x509", + "cryptography-x509-verification", + "foreign-types-shared", + "once_cell", + "openssl", + "openssl-sys", + "pem", + "pyo3", + "self_cell", ] [[package]] -name = "indoc-impl" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0" +name = "cryptography-x509" +version = "0.1.0" dependencies = [ - "proc-macro-hack", - "proc-macro2", - "quote", - "syn", - "unindent", + "asn1", ] [[package]] -name = "instant" -version = "0.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +name = "cryptography-x509-verification" +version = "0.1.0" dependencies = [ - "cfg-if", + "asn1", + "cryptography-key-parsing", + "cryptography-x509", + "once_cell", + "pem", ] [[package]] -name = "js-sys" -version = "0.3.59" +name = "foreign-types" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "258451ab10b34f8af53416d1fdab72c22e805f0c92a1136d59470ec0b11138b2" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" dependencies = [ - "wasm-bindgen", + "foreign-types-shared", ] [[package]] -name = "libc" -version = "0.2.132" +name = "foreign-types-shared" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] -name = "lock_api" -version = "0.4.8" +name = "heck" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390" -dependencies = [ - "autocfg", - "scopeguard", -] +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] -name = "log" -version = "0.4.17" +name = "indoc" +version = "2.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" -dependencies = [ - "cfg-if", -] +checksum = "b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5" [[package]] -name = "num-integer" -version = "0.1.45" +name = "libc" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" -dependencies = [ - "autocfg", - "num-traits", -] +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] -name = "num-traits" -version = "0.2.15" +name = "memoffset" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" dependencies = [ "autocfg", ] [[package]] name = "once_cell" -version = "1.14.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] -name = "ouroboros" -version = "0.15.4" +name = "openssl" +version = "0.10.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f56a2b0aa5fc88687aaf63e85a7974422790ce3419a2e1a15870f8a55227822" +checksum = "c2823eb4c6453ed64055057ea8bd416eda38c71018723869dd043a3b1186115e" dependencies = [ - "aliasable", - "ouroboros_macro", + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", ] [[package]] -name = "ouroboros_macro" -version = "0.15.4" +name = "openssl-macros" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c40641e27d0eb38cae3dee081d920104d2db47a8e853c1a592ef68d33f5ebf4" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ - "Inflector", - "proc-macro-error", "proc-macro2", "quote", "syn", ] [[package]] -name = "parking_lot" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" -dependencies = [ - "instant", - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.8.5" +name = "openssl-sys" +version = "0.9.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" +checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" dependencies = [ - "cfg-if", - "instant", + "cc", "libc", - "redox_syscall", - "smallvec", - "winapi", -] - -[[package]] -name = "paste" -version = "0.1.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" -dependencies = [ - "paste-impl", - "proc-macro-hack", -] - -[[package]] -name = "paste-impl" -version = "0.1.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" -dependencies = [ - "proc-macro-hack", + "pkg-config", + "vcpkg", ] [[package]] name = "pem" -version = "1.1.0" +version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4" +checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae" dependencies = [ "base64", ] [[package]] -name = "proc-macro-error" -version = "1.0.4" +name = "pkg-config" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn", - "version_check", -] +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] -name = "proc-macro-error-attr" -version = "1.0.4" +name = "portable-atomic" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - -[[package]] -name = "proc-macro-hack" -version = "0.5.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" +checksum = "da544ee218f0d287a911e9c99a39a8c9bc8fcad3cb8db5959940044ecfc67265" [[package]] name = "proc-macro2" -version = "1.0.43" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "pyo3" -version = "0.15.2" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752" +checksum = "831e8e819a138c36e212f3af3fd9eeffed6bf1510a805af35b0edee5ffa59433" dependencies = [ "cfg-if", "indoc", "libc", - "parking_lot", - "paste", + "memoffset", + "once_cell", + "portable-atomic", "pyo3-build-config", + "pyo3-ffi", "pyo3-macros", "unindent", ] [[package]] name = "pyo3-build-config" -version = "0.15.2" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410" +checksum = "1e8730e591b14492a8945cdff32f089250b05f5accecf74aeddf9e8272ce1fa8" dependencies = [ "once_cell", + "target-lexicon", +] + +[[package]] +name = "pyo3-ffi" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e97e919d2df92eb88ca80a037969f44e5e70356559654962cbb3316d00300c6" +dependencies = [ + "libc", + "pyo3-build-config", ] [[package]] name = "pyo3-macros" -version = "0.15.2" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a" +checksum = "eb57983022ad41f9e683a599f2fd13c3664d7063a3ac5714cae4b7bee7d3f206" dependencies = [ + "proc-macro2", "pyo3-macros-backend", "quote", "syn", @@ -362,10 +297,11 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.15.2" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095" +checksum = "ec480c0c51ddec81019531705acac51bcdbeae563557c982aa8263bb96880372" dependencies = [ + "heck", "proc-macro2", "pyo3-build-config", "quote", @@ -374,39 +310,24 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.21" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] [[package]] -name = "redox_syscall" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" -dependencies = [ - "bitflags", -] - -[[package]] -name = "scopeguard" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" - -[[package]] -name = "smallvec" -version = "1.9.0" +name = "self_cell" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" +checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" [[package]] name = "syn" -version = "1.0.99" +version = "2.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13" +checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462" dependencies = [ "proc-macro2", "quote", @@ -414,95 +335,25 @@ dependencies = [ ] [[package]] -name = "unicode-ident" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf" - -[[package]] -name = "unindent" -version = "0.1.10" +name = "target-lexicon" +version = "0.12.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58ee9362deb4a96cef4d437d1ad49cffc9b9e92d202b6995674e928ce684f112" +checksum = "4873307b7c257eddcb50c9bedf158eb669578359fb28428bef438fec8e6ba7c2" [[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "wasm-bindgen" -version = "0.2.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7652e3f6c4706c8d9cd54832c4a4ccb9b5336e2c3bd154d5cccfbf1c1f5f7d" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "662cd44805586bd52971b9586b1df85cdbbd9112e4ef4d8f41559c334dc6ac3f" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b260f13d3012071dfb1512849c033b1925038373aea48ced3012c09df952c602" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5be8e654bdd9b79216c2929ab90721aa82faf65c48cdf08bdc4e7f51357b80da" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6598dd0bd3c7d51095ff6531a5b23e02acdc81804e30d8f07afb77b7215a140a" - -[[package]] -name = "winapi" -version = "0.3.9" +name = "unicode-ident" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" +name = "unindent" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce" [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" +name = "vcpkg" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 49e70a3..d58ee9e 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -1,17 +1,35 @@ -[package] -name = "cryptography-rust" +[workspace.package] version = "0.1.0" authors = ["The cryptography developers "] -edition = "2018" +edition = "2021" publish = false +# This specifies the MSRV +rust-version = "1.65.0" + +[package] +name = "cryptography-rust" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true [dependencies] once_cell = "1" -pyo3 = { version = "0.15.2" } -asn1 = { version = "0.12.2", default-features = false, features = ["derive"] } -pem = "1.1" -chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] } -ouroboros = "0.15" +cfg-if = "1" +pyo3 = { version = "0.22.2", features = ["abi3"] } +asn1 = { version = "0.16.2", default-features = false } +cryptography-cffi = { path = "cryptography-cffi" } +cryptography-keepalive = { path = "cryptography-keepalive" } +cryptography-key-parsing = { path = "cryptography-key-parsing" } +cryptography-x509 = { path = "cryptography-x509" } +cryptography-x509-verification = { path = "cryptography-x509-verification" } +cryptography-openssl = { path = "cryptography-openssl" } +pem = { version = "3", default-features = false } +openssl = "0.10.65" +openssl-sys = "0.9.103" +foreign-types-shared = "0.1" +self_cell = "1" [features] extension-module = ["pyo3/extension-module"] @@ -22,5 +40,14 @@ name = "cryptography_rust" crate-type = ["cdylib"] [profile.release] -lto = "thin" overflow-checks = true + +[workspace] +members = [ + "cryptography-cffi", + "cryptography-keepalive", + "cryptography-key-parsing", + "cryptography-openssl", + "cryptography-x509", + "cryptography-x509-verification", +] diff --git a/src/rust/build.rs b/src/rust/build.rs new file mode 100644 index 0000000..5abe0ce --- /dev/null +++ b/src/rust/build.rs @@ -0,0 +1,39 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::env; + +#[allow(clippy::unusual_byte_groupings)] +fn main() { + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_LIBRESSL)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_BORINGSSL)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_OSSLCONF, values(\"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_SM4\"))"); + + if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { + let version = u64::from_str_radix(&version, 16).unwrap(); + + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_300_OR_GREATER"); + } + if version >= 0x3_02_00_00_0 { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_320_OR_GREATER"); + } + } + + if env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_LIBRESSL"); + } + + if env::var("DEP_OPENSSL_BORINGSSL").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_BORINGSSL"); + } + + if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { + for var in vars.split(',') { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_OSSLCONF=\"{var}\""); + } + } +} diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml new file mode 100644 index 0000000..f983dbd --- /dev/null +++ b/src/rust/cryptography-cffi/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "cryptography-cffi" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true + +[dependencies] +pyo3 = { version = "0.22.2", features = ["abi3"] } +openssl-sys = "0.9.103" + +[build-dependencies] +cc = "1.1.6" diff --git a/src/rust/cryptography-cffi/build.rs b/src/rust/cryptography-cffi/build.rs new file mode 100644 index 0000000..8a2c968 --- /dev/null +++ b/src/rust/cryptography-cffi/build.rs @@ -0,0 +1,145 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::env; +use std::path::Path; +use std::process::Command; + +fn main() { + println!("cargo:rustc-check-cfg=cfg(python_implementation, values(\"CPython\", \"PyPy\"))"); + + let target = env::var("TARGET").unwrap(); + let openssl_static = env::var("OPENSSL_STATIC") + .map(|x| x == "1") + .unwrap_or(false); + if target.contains("apple") && openssl_static { + // On (older) OSX we need to link against the clang runtime, + // which is hidden in some non-default path. + // + // More details at https://github.com/alexcrichton/curl-rust/issues/279. + if let Some(path) = macos_link_search_path() { + println!("cargo:rustc-link-lib=clang_rt.osx"); + println!("cargo:rustc-link-search={path}"); + } + } + + let out_dir = env::var("OUT_DIR").unwrap(); + // FIXME: maybe pyo3-build-config should provide a way to do this? + let python = env::var("PYO3_PYTHON").unwrap_or_else(|_| "python3".to_string()); + println!("cargo:rerun-if-env-changed=PYO3_PYTHON"); + println!("cargo:rerun-if-changed=../../_cffi_src/"); + println!("cargo:rerun-if-changed=../../cryptography/__about__.py"); + let output = Command::new(&python) + .env("OUT_DIR", &out_dir) + .arg("../../_cffi_src/build_openssl.py") + .output() + .expect("failed to execute build_openssl.py"); + if !output.status.success() { + panic!( + "failed to run build_openssl.py, stdout: \n{}\nstderr: \n{}\n", + String::from_utf8(output.stdout).unwrap(), + String::from_utf8(output.stderr).unwrap() + ); + } + + let python_impl = run_python_script( + &python, + "import platform; print(platform.python_implementation(), end='')", + ) + .unwrap(); + println!("cargo:rustc-cfg=python_implementation=\"{python_impl}\""); + let python_includes = run_python_script( + &python, + "import os; \ + import setuptools.dist; \ + import setuptools.command.build_ext; \ + b = setuptools.command.build_ext.build_ext(setuptools.dist.Distribution()); \ + b.finalize_options(); \ + print(os.pathsep.join(b.include_dirs), end='')", + ) + .unwrap(); + let openssl_include = + std::env::var_os("DEP_OPENSSL_INCLUDE").expect("unable to find openssl include path"); + let openssl_c = Path::new(&out_dir).join("_openssl.c"); + + let mut build = cc::Build::new(); + build + .file(openssl_c) + .include(openssl_include) + .flag_if_supported("-Wconversion") + .flag_if_supported("-Wno-error=sign-conversion") + .flag_if_supported("-Wno-unused-parameter"); + + // We use the `-fmacro-prefix-map` option to replace the output directory in macros with a dot. + // This is because we don't want a potentially random build path to end up in the binary because + // CFFI generated code uses the __FILE__ macro in its debug messages. + if let Some(out_dir_str) = Path::new(&out_dir).to_str() { + build.flag_if_supported(format!("-fmacro-prefix-map={}=.", out_dir_str).as_str()); + } + + for python_include in env::split_paths(&python_includes) { + build.include(python_include); + } + + // Enable abi3 mode if we're not using PyPy. + if python_impl != "PyPy" { + // cp37 (Python 3.7 to help our grep when we some day drop 3.7 support) + build.define("Py_LIMITED_API", "0x030700f0"); + } + + if cfg!(windows) { + build.define("WIN32_LEAN_AND_MEAN", None); + } + + build.compile("_openssl.a"); +} + +/// Run a python script using the specified interpreter binary. +fn run_python_script(interpreter: impl AsRef, script: &str) -> Result { + let interpreter = interpreter.as_ref(); + let out = Command::new(interpreter) + .env("PYTHONIOENCODING", "utf-8") + .arg("-c") + .arg(script) + .output(); + + match out { + Err(err) => Err(format!( + "failed to run the Python interpreter at {}: {}", + interpreter.display(), + err + )), + Ok(ok) if !ok.status.success() => Err(format!( + "Python script failed: {}", + String::from_utf8(ok.stderr).expect("failed to parse Python script stderr as utf-8") + )), + Ok(ok) => Ok( + String::from_utf8(ok.stdout).expect("failed to parse Python script stdout as utf-8") + ), + } +} + +fn macos_link_search_path() -> Option { + let output = Command::new("clang") + .arg("--print-search-dirs") + .output() + .ok()?; + if !output.status.success() { + println!( + "failed to run 'clang --print-search-dirs', continuing without a link search path" + ); + return None; + } + + let stdout = String::from_utf8_lossy(&output.stdout); + for line in stdout.lines() { + if line.contains("libraries: =") { + let path = line.split('=').nth(1)?; + return Some(format!("{path}/lib/darwin")); + } + } + + println!("failed to determine link search path, continuing without it"); + None +} diff --git a/src/rust/cryptography-cffi/src/lib.rs b/src/rust/cryptography-cffi/src/lib.rs new file mode 100644 index 0000000..b927fae --- /dev/null +++ b/src/rust/cryptography-cffi/src/lib.rs @@ -0,0 +1,33 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] + +#[cfg(python_implementation = "PyPy")] +extern "C" { + fn Cryptography_make_openssl_module() -> std::os::raw::c_int; +} +#[cfg(not(python_implementation = "PyPy"))] +extern "C" { + fn PyInit__openssl() -> *mut pyo3::ffi::PyObject; +} + +pub fn create_module( + py: pyo3::Python<'_>, +) -> pyo3::PyResult> { + #[cfg(python_implementation = "PyPy")] + let openssl_mod = unsafe { + let res = Cryptography_make_openssl_module(); + assert_eq!(res, 0); + pyo3::types::PyModule::import_bound(py, "_openssl")?.clone() + }; + #[cfg(not(python_implementation = "PyPy"))] + // SAFETY: `PyInit__openssl` returns an owned reference. + let openssl_mod = unsafe { + let ptr = PyInit__openssl(); + pyo3::Py::from_owned_ptr_or_err(py, ptr)?.bind(py).clone() + }; + + Ok(openssl_mod) +} diff --git a/src/rust/cryptography-keepalive/Cargo.toml b/src/rust/cryptography-keepalive/Cargo.toml new file mode 100644 index 0000000..d281a1b --- /dev/null +++ b/src/rust/cryptography-keepalive/Cargo.toml @@ -0,0 +1,10 @@ +[package] +name = "cryptography-keepalive" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true + +[dependencies] +pyo3 = { version = "0.22.2", features = ["abi3"] } diff --git a/src/rust/cryptography-keepalive/src/lib.rs b/src/rust/cryptography-keepalive/src/lib.rs new file mode 100644 index 0000000..9542f9e --- /dev/null +++ b/src/rust/cryptography-keepalive/src/lib.rs @@ -0,0 +1,47 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] + +use pyo3::pybacked::{PyBackedBytes, PyBackedStr}; +use std::cell::UnsafeCell; +use std::ops::Deref; + +pub struct KeepAlive { + values: UnsafeCell>, +} + +/// # Safety +/// Implementers of this trait must ensure that the value returned by +/// `deref()` must remain valid, even if `self` is moved. +pub unsafe trait StableDeref: Deref {} +// SAFETY: `Vec`'s data is on the heap, so as long as it's not mutated, the +// slice returned by `deref` remains valid. +unsafe impl StableDeref for Vec {} +// SAFETY: `PyBackedBytes`'s data is on the heap and `bytes` objects in +// Python are immutable. +unsafe impl StableDeref for PyBackedBytes {} +// SAFETY: `PyBackedStr`'s data is on the heap and `str` objects in +// Python are immutable. +unsafe impl StableDeref for PyBackedStr {} + +#[allow(clippy::new_without_default)] +impl KeepAlive { + pub fn new() -> Self { + KeepAlive { + values: UnsafeCell::new(vec![]), + } + } + + pub fn add(&self, v: T) -> &T::Target { + // SAFETY: We only ever append to `self.values`, which, when combined + // with the invariants of `StableDeref`, means that the result of + // `deref()` will always be valid for the lifetime of `&self`. + unsafe { + let values = &mut *self.values.get(); + values.push(v); + values.last().unwrap().deref() + } + } +} diff --git a/src/rust/cryptography-key-parsing/Cargo.toml b/src/rust/cryptography-key-parsing/Cargo.toml new file mode 100644 index 0000000..d1f945f --- /dev/null +++ b/src/rust/cryptography-key-parsing/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "cryptography-key-parsing" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true + +[dependencies] +asn1 = { version = "0.16.2", default-features = false } +cfg-if = "1" +openssl = "0.10.65" +openssl-sys = "0.9.103" +cryptography-x509 = { path = "../cryptography-x509" } diff --git a/src/rust/cryptography-key-parsing/build.rs b/src/rust/cryptography-key-parsing/build.rs new file mode 100644 index 0000000..15f34f3 --- /dev/null +++ b/src/rust/cryptography-key-parsing/build.rs @@ -0,0 +1,18 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::env; + +fn main() { + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_LIBRESSL)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_BORINGSSL)"); + + if env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_LIBRESSL"); + } + + if env::var("DEP_OPENSSL_BORINGSSL").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_BORINGSSL"); + } +} diff --git a/src/rust/cryptography-key-parsing/src/lib.rs b/src/rust/cryptography-key-parsing/src/lib.rs new file mode 100644 index 0000000..c97bc3f --- /dev/null +++ b/src/rust/cryptography-key-parsing/src/lib.rs @@ -0,0 +1,48 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![forbid(unsafe_code)] +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] +#![allow(unknown_lints, clippy::result_large_err)] + +pub mod rsa; +pub mod spki; + +pub enum KeyParsingError { + InvalidKey, + ExplicitCurveUnsupported, + UnsupportedKeyType(asn1::ObjectIdentifier), + UnsupportedEllipticCurve(asn1::ObjectIdentifier), + Parse(asn1::ParseError), + OpenSSL(openssl::error::ErrorStack), +} + +impl From for KeyParsingError { + fn from(e: asn1::ParseError) -> KeyParsingError { + KeyParsingError::Parse(e) + } +} + +impl From for KeyParsingError { + fn from(e: openssl::error::ErrorStack) -> KeyParsingError { + KeyParsingError::OpenSSL(e) + } +} + +pub type KeyParsingResult = Result; + +#[cfg(test)] +mod tests { + use super::KeyParsingError; + + #[test] + fn test_key_parsing_error_from() { + let e = openssl::error::ErrorStack::get(); + + assert!(matches!( + KeyParsingError::from(e), + KeyParsingError::OpenSSL(_) + )); + } +} diff --git a/src/rust/cryptography-key-parsing/src/rsa.rs b/src/rust/cryptography-key-parsing/src/rsa.rs new file mode 100644 index 0000000..bf33a49 --- /dev/null +++ b/src/rust/cryptography-key-parsing/src/rsa.rs @@ -0,0 +1,23 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::KeyParsingResult; + +#[derive(asn1::Asn1Read)] +pub struct Pkcs1RsaPublicKey<'a> { + pub n: asn1::BigUint<'a>, + e: asn1::BigUint<'a>, +} + +pub fn parse_pkcs1_public_key( + data: &[u8], +) -> KeyParsingResult> { + let k = asn1::parse_single::>(data)?; + + let n = openssl::bn::BigNum::from_slice(k.n.as_bytes())?; + let e = openssl::bn::BigNum::from_slice(k.e.as_bytes())?; + + let rsa = openssl::rsa::Rsa::from_public_components(n, e)?; + Ok(openssl::pkey::PKey::from_rsa(rsa)?) +} diff --git a/src/rust/cryptography-key-parsing/src/spki.rs b/src/rust/cryptography-key-parsing/src/spki.rs new file mode 100644 index 0000000..db4f69d --- /dev/null +++ b/src/rust/cryptography-key-parsing/src/spki.rs @@ -0,0 +1,136 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use cryptography_x509::common::{AlgorithmParameters, EcParameters, SubjectPublicKeyInfo}; + +use crate::{KeyParsingError, KeyParsingResult}; + +pub fn parse_public_key( + data: &[u8], +) -> KeyParsingResult> { + let k = asn1::parse_single::>(data)?; + + match k.algorithm.params { + AlgorithmParameters::Ec(ec_params) => match ec_params { + EcParameters::NamedCurve(curve_oid) => { + let curve_nid = match curve_oid { + cryptography_x509::oid::EC_SECP192R1 => openssl::nid::Nid::X9_62_PRIME192V1, + cryptography_x509::oid::EC_SECP224R1 => openssl::nid::Nid::SECP224R1, + cryptography_x509::oid::EC_SECP256R1 => openssl::nid::Nid::X9_62_PRIME256V1, + cryptography_x509::oid::EC_SECP384R1 => openssl::nid::Nid::SECP384R1, + cryptography_x509::oid::EC_SECP521R1 => openssl::nid::Nid::SECP521R1, + + cryptography_x509::oid::EC_SECP256K1 => openssl::nid::Nid::SECP256K1, + + cryptography_x509::oid::EC_SECT233R1 => openssl::nid::Nid::SECT233R1, + cryptography_x509::oid::EC_SECT283R1 => openssl::nid::Nid::SECT283R1, + cryptography_x509::oid::EC_SECT409R1 => openssl::nid::Nid::SECT409R1, + cryptography_x509::oid::EC_SECT571R1 => openssl::nid::Nid::SECT571R1, + + cryptography_x509::oid::EC_SECT163R2 => openssl::nid::Nid::SECT163R2, + + cryptography_x509::oid::EC_SECT163K1 => openssl::nid::Nid::SECT163K1, + cryptography_x509::oid::EC_SECT233K1 => openssl::nid::Nid::SECT233K1, + cryptography_x509::oid::EC_SECT283K1 => openssl::nid::Nid::SECT283K1, + cryptography_x509::oid::EC_SECT409K1 => openssl::nid::Nid::SECT409K1, + cryptography_x509::oid::EC_SECT571K1 => openssl::nid::Nid::SECT571K1, + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + cryptography_x509::oid::EC_BRAINPOOLP256R1 => { + openssl::nid::Nid::BRAINPOOL_P256R1 + } + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + cryptography_x509::oid::EC_BRAINPOOLP384R1 => { + openssl::nid::Nid::BRAINPOOL_P384R1 + } + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + cryptography_x509::oid::EC_BRAINPOOLP512R1 => { + openssl::nid::Nid::BRAINPOOL_P512R1 + } + + _ => return Err(KeyParsingError::UnsupportedEllipticCurve(curve_oid)), + }; + + let group = openssl::ec::EcGroup::from_curve_name(curve_nid) + .map_err(|_| KeyParsingError::UnsupportedEllipticCurve(curve_oid))?; + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let ec_point = openssl::ec::EcPoint::from_bytes( + &group, + k.subject_public_key.as_bytes(), + &mut bn_ctx, + ) + .map_err(|_| KeyParsingError::InvalidKey)?; + let ec_key = openssl::ec::EcKey::from_public_key(&group, &ec_point)?; + Ok(openssl::pkey::PKey::from_ec_key(ec_key)?) + } + EcParameters::ImplicitCurve(_) | EcParameters::SpecifiedCurve(_) => { + Err(KeyParsingError::ExplicitCurveUnsupported) + } + }, + AlgorithmParameters::Ed25519 => Ok(openssl::pkey::PKey::public_key_from_raw_bytes( + k.subject_public_key.as_bytes(), + openssl::pkey::Id::ED25519, + )?), + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + AlgorithmParameters::Ed448 => Ok(openssl::pkey::PKey::public_key_from_raw_bytes( + k.subject_public_key.as_bytes(), + openssl::pkey::Id::ED448, + )?), + AlgorithmParameters::X25519 => Ok(openssl::pkey::PKey::public_key_from_raw_bytes( + k.subject_public_key.as_bytes(), + openssl::pkey::Id::X25519, + )?), + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + AlgorithmParameters::X448 => Ok(openssl::pkey::PKey::public_key_from_raw_bytes( + k.subject_public_key.as_bytes(), + openssl::pkey::Id::X448, + )?), + AlgorithmParameters::Rsa(_) | AlgorithmParameters::RsaPss(_) => { + // RSA-PSS keys are treated the same as bare RSA keys. + crate::rsa::parse_pkcs1_public_key(k.subject_public_key.as_bytes()) + } + AlgorithmParameters::Dsa(dsa_params) => { + let p = openssl::bn::BigNum::from_slice(dsa_params.p.as_bytes())?; + let q = openssl::bn::BigNum::from_slice(dsa_params.q.as_bytes())?; + let g = openssl::bn::BigNum::from_slice(dsa_params.g.as_bytes())?; + + let pub_key_int = + asn1::parse_single::>(k.subject_public_key.as_bytes())?; + let pub_key = openssl::bn::BigNum::from_slice(pub_key_int.as_bytes())?; + + let dsa = openssl::dsa::Dsa::from_public_components(p, q, g, pub_key)?; + Ok(openssl::pkey::PKey::from_dsa(dsa)?) + } + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + AlgorithmParameters::Dh(dh_params) => { + let p = openssl::bn::BigNum::from_slice(dh_params.p.as_bytes())?; + let q = openssl::bn::BigNum::from_slice(dh_params.q.as_bytes())?; + let g = openssl::bn::BigNum::from_slice(dh_params.g.as_bytes())?; + let dh = openssl::dh::Dh::from_pqg(p, Some(q), g)?; + + let pub_key_int = + asn1::parse_single::>(k.subject_public_key.as_bytes())?; + let pub_key = openssl::bn::BigNum::from_slice(pub_key_int.as_bytes())?; + let dh = dh.set_public_key(pub_key)?; + + Ok(openssl::pkey::PKey::from_dh(dh)?) + } + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + AlgorithmParameters::DhKeyAgreement(dh_params) => { + let p = openssl::bn::BigNum::from_slice(dh_params.p.as_bytes())?; + let g = openssl::bn::BigNum::from_slice(dh_params.g.as_bytes())?; + let dh = openssl::dh::Dh::from_pqg(p, None, g)?; + + let pub_key_int = + asn1::parse_single::>(k.subject_public_key.as_bytes())?; + let pub_key = openssl::bn::BigNum::from_slice(pub_key_int.as_bytes())?; + let dh = dh.set_public_key(pub_key)?; + + Ok(openssl::pkey::PKey::from_dh(dh)?) + } + _ => Err(KeyParsingError::UnsupportedKeyType( + k.algorithm.oid().clone(), + )), + } +} diff --git a/src/rust/cryptography-openssl/Cargo.toml b/src/rust/cryptography-openssl/Cargo.toml new file mode 100644 index 0000000..c0f3f5d --- /dev/null +++ b/src/rust/cryptography-openssl/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "cryptography-openssl" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true + +[dependencies] +cfg-if = "1" +openssl = "0.10.65" +ffi = { package = "openssl-sys", version = "0.9.101" } +foreign-types = "0.3" +foreign-types-shared = "0.1" diff --git a/src/rust/cryptography-openssl/build.rs b/src/rust/cryptography-openssl/build.rs new file mode 100644 index 0000000..00e1df1 --- /dev/null +++ b/src/rust/cryptography-openssl/build.rs @@ -0,0 +1,33 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::env; + +#[allow(clippy::unusual_byte_groupings)] +fn main() { + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_LIBRESSL)"); + println!("cargo:rustc-check-cfg=cfg(CRYPTOGRAPHY_IS_BORINGSSL)"); + + if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { + let version = u64::from_str_radix(&version, 16).unwrap(); + + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_300_OR_GREATER"); + } + if version >= 0x3_02_00_00_0 { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_320_OR_GREATER"); + } + } + + if env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_LIBRESSL"); + } + + if env::var("DEP_OPENSSL_BORINGSSL").is_ok() { + println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_BORINGSSL"); + println!("cargo:rustc-link-lib=stdc++"); + } +} diff --git a/src/rust/cryptography-openssl/src/aead.rs b/src/rust/cryptography-openssl/src/aead.rs new file mode 100644 index 0000000..42f0fd7 --- /dev/null +++ b/src/rust/cryptography-openssl/src/aead.rs @@ -0,0 +1,97 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::{cvt, cvt_p, OpenSSLResult}; +use foreign_types_shared::{ForeignType, ForeignTypeRef}; + +pub enum AeadType { + ChaCha20Poly1305, +} + +foreign_types::foreign_type! { + type CType = ffi::EVP_AEAD_CTX; + fn drop = ffi::EVP_AEAD_CTX_free; + + pub struct AeadCtx; + pub struct AeadCtxRef; +} + +// SAFETY: Can safely be used from multiple threads concurrently. +unsafe impl Sync for AeadCtx {} +// SAFETY: Can safely be sent between threads. +unsafe impl Send for AeadCtx {} + +impl AeadCtx { + pub fn new(aead: AeadType, key: &[u8]) -> OpenSSLResult { + let aead = match aead { + // SAFETY: No preconditions. + AeadType::ChaCha20Poly1305 => unsafe { ffi::EVP_aead_chacha20_poly1305() }, + }; + + // SAFETY: We're passing a valid key and aead. + unsafe { + let ctx = cvt_p(ffi::EVP_AEAD_CTX_new( + aead, + key.as_ptr(), + key.len(), + ffi::EVP_AEAD_DEFAULT_TAG_LENGTH as usize, + ))?; + Ok(AeadCtx::from_ptr(ctx)) + } + } +} + +impl AeadCtxRef { + pub fn encrypt( + &self, + data: &[u8], + nonce: &[u8], + ad: &[u8], + out: &mut [u8], + ) -> OpenSSLResult<()> { + let mut out_len = out.len(); + // SAFETY: All the lengths and pointers are known valid. + unsafe { + cvt(ffi::EVP_AEAD_CTX_seal( + self.as_ptr(), + out.as_mut_ptr(), + &mut out_len, + out.len(), + nonce.as_ptr(), + nonce.len(), + data.as_ptr(), + data.len(), + ad.as_ptr(), + ad.len(), + ))?; + } + Ok(()) + } + + pub fn decrypt( + &self, + data: &[u8], + nonce: &[u8], + ad: &[u8], + out: &mut [u8], + ) -> OpenSSLResult<()> { + let mut out_len = out.len(); + // SAFETY: All the lengths and pointers are known valid. + unsafe { + cvt(ffi::EVP_AEAD_CTX_open( + self.as_ptr(), + out.as_mut_ptr(), + &mut out_len, + out.len(), + nonce.as_ptr(), + nonce.len(), + data.as_ptr(), + data.len(), + ad.as_ptr(), + ad.len(), + ))?; + } + Ok(()) + } +} diff --git a/src/rust/cryptography-openssl/src/cmac.rs b/src/rust/cryptography-openssl/src/cmac.rs new file mode 100644 index 0000000..2f4d226 --- /dev/null +++ b/src/rust/cryptography-openssl/src/cmac.rs @@ -0,0 +1,73 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::ptr; + +use foreign_types_shared::{ForeignType, ForeignTypeRef}; + +use crate::hmac::DigestBytes; +use crate::{cvt, cvt_p, OpenSSLResult}; + +foreign_types::foreign_type! { + type CType = ffi::CMAC_CTX; + fn drop = ffi::CMAC_CTX_free; + + pub struct Cmac; + pub struct CmacRef; +} + +// SAFETY: It's safe to have `&` references from multiple threads. +unsafe impl Sync for Cmac {} +// SAFETY: It's safe to move the `Cmac` from one thread to another. +unsafe impl Send for Cmac {} + +impl Cmac { + pub fn new(key: &[u8], cipher: &openssl::cipher::CipherRef) -> OpenSSLResult { + // SAFETY: All FFI conditions are handled. + unsafe { + let ctx = Cmac::from_ptr(cvt_p(ffi::CMAC_CTX_new())?); + cvt(ffi::CMAC_Init( + ctx.as_ptr(), + key.as_ptr().cast(), + key.len(), + cipher.as_ptr(), + ptr::null_mut(), + ))?; + Ok(ctx) + } + } +} + +impl CmacRef { + pub fn update(&mut self, data: &[u8]) -> OpenSSLResult<()> { + // SAFETY: All FFI conditions are handled. + unsafe { + cvt(ffi::CMAC_Update( + self.as_ptr(), + data.as_ptr().cast(), + data.len(), + ))?; + } + Ok(()) + } + + pub fn finish(&mut self) -> OpenSSLResult { + let mut buf = [0; ffi::EVP_MAX_MD_SIZE as usize]; + let mut len = ffi::EVP_MAX_MD_SIZE as usize; + // SAFETY: All FFI conditions are handled. + unsafe { + cvt(ffi::CMAC_Final(self.as_ptr(), buf.as_mut_ptr(), &mut len))?; + } + Ok(DigestBytes { buf, len }) + } + + pub fn copy(&self) -> OpenSSLResult { + // SAFETY: All FFI conditions are handled. + unsafe { + let h = Cmac::from_ptr(cvt_p(ffi::CMAC_CTX_new())?); + cvt(ffi::CMAC_CTX_copy(h.as_ptr(), self.as_ptr()))?; + Ok(h) + } + } +} diff --git a/src/rust/cryptography-openssl/src/fips.rs b/src/rust/cryptography-openssl/src/fips.rs new file mode 100644 index 0000000..b14d2a5 --- /dev/null +++ b/src/rust/cryptography-openssl/src/fips.rs @@ -0,0 +1,36 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +use crate::{cvt, OpenSSLResult}; +#[cfg(all( + CRYPTOGRAPHY_OPENSSL_300_OR_GREATER, + not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)) +))] +use std::ptr; + +pub fn is_enabled() -> bool { + cfg_if::cfg_if! { + if #[cfg(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL))] { + false + } else if #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] { + // SAFETY: No pre-conditions + unsafe { + ffi::EVP_default_properties_is_fips_enabled(ptr::null_mut()) == 1 + } + } else { + openssl::fips::enabled() + } + } +} + +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +pub fn enable() -> OpenSSLResult<()> { + // SAFETY: No pre-conditions + unsafe { + cvt(ffi::EVP_default_properties_enable_fips(ptr::null_mut(), 1))?; + } + + Ok(()) +} diff --git a/src/rust/cryptography-openssl/src/hmac.rs b/src/rust/cryptography-openssl/src/hmac.rs new file mode 100644 index 0000000..64abf83 --- /dev/null +++ b/src/rust/cryptography-openssl/src/hmac.rs @@ -0,0 +1,104 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::ptr; + +use foreign_types_shared::{ForeignType, ForeignTypeRef}; + +use crate::{cvt, cvt_p, OpenSSLResult}; + +foreign_types::foreign_type! { + type CType = ffi::HMAC_CTX; + fn drop = ffi::HMAC_CTX_free; + + pub struct Hmac; + pub struct HmacRef; +} + +// SAFETY: It's safe to have `&` references from multiple threads. +unsafe impl Sync for Hmac {} +// SAFETY: It's safe to move the `Hmac` from one thread to another. +unsafe impl Send for Hmac {} + +impl Hmac { + // On BoringSSL, the length is a size_t, so the length conversion is a + // no-op. + #[cfg_attr(CRYPTOGRAPHY_IS_BORINGSSL, allow(clippy::useless_conversion))] + pub fn new(key: &[u8], md: openssl::hash::MessageDigest) -> OpenSSLResult { + // SAFETY: All FFI conditions are handled. + unsafe { + let h = Hmac::from_ptr(cvt_p(ffi::HMAC_CTX_new())?); + cvt(ffi::HMAC_Init_ex( + h.as_ptr(), + key.as_ptr().cast(), + key.len() + .try_into() + .expect("Key too long for OpenSSL's length type"), + md.as_ptr(), + ptr::null_mut(), + ))?; + Ok(h) + } + } +} + +impl HmacRef { + pub fn update(&mut self, data: &[u8]) -> OpenSSLResult<()> { + // SAFETY: All FFI conditions are handled. + unsafe { + cvt(ffi::HMAC_Update(self.as_ptr(), data.as_ptr(), data.len()))?; + } + Ok(()) + } + + pub fn finish(&mut self) -> OpenSSLResult { + let mut buf = [0; ffi::EVP_MAX_MD_SIZE as usize]; + let mut len = ffi::EVP_MAX_MD_SIZE as std::os::raw::c_uint; + // SAFETY: All FFI conditions are handled. + unsafe { + cvt(ffi::HMAC_Final(self.as_ptr(), buf.as_mut_ptr(), &mut len))?; + } + Ok(DigestBytes { + buf, + len: len.try_into().unwrap(), + }) + } + + pub fn copy(&self) -> OpenSSLResult { + // SAFETY: All FFI conditions are handled. + unsafe { + let h = Hmac::from_ptr(cvt_p(ffi::HMAC_CTX_new())?); + cvt(ffi::HMAC_CTX_copy(h.as_ptr(), self.as_ptr()))?; + Ok(h) + } + } +} + +pub struct DigestBytes { + pub(crate) buf: [u8; ffi::EVP_MAX_MD_SIZE as usize], + pub(crate) len: usize, +} + +impl std::ops::Deref for DigestBytes { + type Target = [u8]; + + #[inline] + fn deref(&self) -> &[u8] { + &self.buf[..self.len] + } +} + +#[cfg(test)] +mod tests { + use super::DigestBytes; + + #[test] + fn test_digest_bytes() { + let d = DigestBytes { + buf: [19; ffi::EVP_MAX_MD_SIZE as usize], + len: 12, + }; + assert_eq!(&*d, b"\x13\x13\x13\x13\x13\x13\x13\x13\x13\x13\x13\x13"); + } +} diff --git a/src/rust/cryptography-openssl/src/lib.rs b/src/rust/cryptography-openssl/src/lib.rs new file mode 100644 index 0000000..d0fb6ff --- /dev/null +++ b/src/rust/cryptography-openssl/src/lib.rs @@ -0,0 +1,44 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] + +#[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] +pub mod aead; +pub mod cmac; +pub mod fips; +pub mod hmac; +#[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))] +pub mod poly1305; + +pub type OpenSSLResult = Result; + +#[inline] +fn cvt(r: std::os::raw::c_int) -> Result { + if r <= 0 { + Err(openssl::error::ErrorStack::get()) + } else { + Ok(r) + } +} + +#[inline] +fn cvt_p(r: *mut T) -> Result<*mut T, openssl::error::ErrorStack> { + if r.is_null() { + Err(openssl::error::ErrorStack::get()) + } else { + Ok(r) + } +} + +#[cfg(test)] +mod tests { + use std::ptr; + + #[test] + fn test_cvt() { + assert!(crate::cvt(-1).is_err()); + assert!(crate::cvt_p(ptr::null_mut::<()>()).is_err()); + } +} diff --git a/src/rust/cryptography-openssl/src/poly1305.rs b/src/rust/cryptography-openssl/src/poly1305.rs new file mode 100644 index 0000000..e386bc2 --- /dev/null +++ b/src/rust/cryptography-openssl/src/poly1305.rs @@ -0,0 +1,49 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::mem::MaybeUninit; + +pub struct Poly1305State { + // The state data must be allocated in the heap so that its address does not change. This is + // because BoringSSL APIs that take a `poly1305_state*` ignore all the data before an aligned + // address. Since a stack-allocated struct would change address on every copy, BoringSSL would + // interpret each copy differently, causing unexpected behavior. + context: Box, +} + +impl Poly1305State { + pub fn new(key: &[u8]) -> Poly1305State { + assert_eq!(key.len(), 32); + let mut ctx: Box> = + Box::new(MaybeUninit::::uninit()); + + // SAFETY: After initializing the context, unwrap the + // `Box>` into a `Box` + // while keeping the same memory address. See the docstring of the + // `Poly1305State` struct above for the rationale. + let initialized_ctx: Box = unsafe { + ffi::CRYPTO_poly1305_init(ctx.as_mut().as_mut_ptr(), key.as_ptr()); + let raw_ctx_ptr = (*Box::into_raw(ctx)).as_mut_ptr(); + Box::from_raw(raw_ctx_ptr) + }; + + Poly1305State { + context: initialized_ctx, + } + } + + pub fn update(&mut self, data: &[u8]) { + // SAFETY: context is valid, as is the data ptr. + unsafe { + ffi::CRYPTO_poly1305_update(self.context.as_mut(), data.as_ptr(), data.len()); + }; + } + + pub fn finalize(&mut self, output: &mut [u8]) { + assert_eq!(output.len(), 16); + // SAFETY: context is valid and we verified that the output is the + // right length. + unsafe { ffi::CRYPTO_poly1305_finish(self.context.as_mut(), output.as_mut_ptr()) }; + } +} diff --git a/src/rust/cryptography-x509-verification/Cargo.toml b/src/rust/cryptography-x509-verification/Cargo.toml new file mode 100644 index 0000000..2e1e749 --- /dev/null +++ b/src/rust/cryptography-x509-verification/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "cryptography-x509-verification" +version.workspace = true +authors.workspace = true +edition.workspace = true +publish.workspace = true +rust-version.workspace = true + +[dependencies] +asn1 = { version = "0.16.2", default-features = false } +cryptography-x509 = { path = "../cryptography-x509" } +cryptography-key-parsing = { path = "../cryptography-key-parsing" } +once_cell = "1" + +[dev-dependencies] +pem = { version = "3", default-features = false } diff --git a/src/rust/cryptography-x509-verification/src/certificate.rs b/src/rust/cryptography-x509-verification/src/certificate.rs new file mode 100644 index 0000000..2260fd6 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/certificate.rs @@ -0,0 +1,91 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +//! Validation-specific certificate functionality. + +use cryptography_x509::certificate::Certificate; + +pub(crate) fn cert_is_self_issued(cert: &Certificate<'_>) -> bool { + cert.issuer() == cert.subject() +} + +#[cfg(test)] +pub(crate) mod tests { + use super::cert_is_self_issued; + use crate::certificate::Certificate; + use crate::ops::tests::{cert, v1_cert_pem}; + use crate::ops::CryptoOps; + + #[test] + fn test_certificate_v1() { + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + + assert!(!cert_is_self_issued(&cert)); + } + + fn ca_pem() -> pem::Pem { + // From vectors/cryptography_vectors/x509/custom/ca/ca.pem + pem::parse( + "-----BEGIN CERTIFICATE----- +MIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYDVQQGEwJVUzEYMBYG +A1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEwMFoXDTM4MTIzMTA4 +MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPuwECLBnUGq0/N2CxS +JE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC177F+QWjEzARMA8G +A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES742XWm64tkGnz8Dn +pG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NEziT4pQtyESE0uRVK +Xw4nMqk= +-----END CERTIFICATE-----", + ) + .unwrap() + } + + #[test] + fn test_certificate_ca() { + let cert_pem = ca_pem(); + let cert = cert(&cert_pem); + + assert!(cert_is_self_issued(&cert)); + } + + pub(crate) struct PublicKeyErrorOps {} + impl CryptoOps for PublicKeyErrorOps { + type Key = (); + type Err = (); + type CertificateExtra = (); + + fn public_key(&self, _cert: &Certificate<'_>) -> Result { + // Simulate failing to retrieve a public key. + Err(()) + } + + fn verify_signed_by( + &self, + _cert: &Certificate<'_>, + _key: &Self::Key, + ) -> Result<(), Self::Err> { + Ok(()) + } + } + + #[test] + fn test_certificate_public_key_error() { + let cert_pem = ca_pem(); + let cert = cert(&cert_pem); + + assert!(cert_is_self_issued(&cert)); + } + + #[test] + fn test_certificate_public_key_error_ops() { + // Just to get coverage on the `PublicKeyErrorOps` helper. + let cert_pem = ca_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + + assert!(ops.public_key(&cert).is_err()); + assert!(ops.verify_signed_by(&cert, &()).is_ok()); + } +} diff --git a/src/rust/cryptography-x509-verification/src/lib.rs b/src/rust/cryptography-x509-verification/src/lib.rs new file mode 100644 index 0000000..5ae8ef9 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/lib.rs @@ -0,0 +1,464 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![forbid(unsafe_code)] +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] +#![allow(unknown_lints, clippy::result_large_err)] + +pub mod certificate; +pub mod ops; +pub mod policy; +pub mod trust_store; +pub mod types; + +use std::fmt::Display; +use std::vec; + +use asn1::ObjectIdentifier; +use cryptography_x509::extensions::{DuplicateExtensionsError, Extensions}; +use cryptography_x509::{ + extensions::{NameConstraints, SubjectAlternativeName}, + name::GeneralName, + oid::{NAME_CONSTRAINTS_OID, SUBJECT_ALTERNATIVE_NAME_OID}, +}; +use types::{RFC822Constraint, RFC822Name}; + +use crate::certificate::cert_is_self_issued; +use crate::ops::{CryptoOps, VerificationCertificate}; +use crate::policy::Policy; +use crate::trust_store::Store; +use crate::types::DNSName; +use crate::types::{DNSConstraint, IPAddress, IPConstraint}; +use crate::ApplyNameConstraintStatus::{Applied, Skipped}; + +#[derive(Debug)] +pub enum ValidationError { + CandidatesExhausted(Box), + Malformed(asn1::ParseError), + ExtensionError { + oid: ObjectIdentifier, + reason: &'static str, + }, + FatalError(&'static str), + Other(String), +} + +impl From for ValidationError { + fn from(value: asn1::ParseError) -> Self { + Self::Malformed(value) + } +} + +impl From for ValidationError { + fn from(value: DuplicateExtensionsError) -> Self { + Self::ExtensionError { + oid: value.0, + reason: "duplicate extension", + } + } +} + +impl Display for ValidationError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + ValidationError::CandidatesExhausted(inner) => { + write!(f, "candidates exhausted: {inner}") + } + ValidationError::Malformed(err) => err.fmt(f), + ValidationError::ExtensionError { oid, reason } => { + write!(f, "invalid extension: {oid}: {reason}") + } + ValidationError::FatalError(err) => write!(f, "fatal error: {err}"), + ValidationError::Other(err) => write!(f, "{err}"), + } + } +} + +struct Budget { + name_constraint_checks: usize, +} + +impl Budget { + // Same limit as other validators + const DEFAULT_NAME_CONSTRAINT_CHECK_LIMIT: usize = 1 << 20; + + fn new() -> Budget { + Budget { + name_constraint_checks: Self::DEFAULT_NAME_CONSTRAINT_CHECK_LIMIT, + } + } + + fn name_constraint_check(&mut self) -> Result<(), ValidationError> { + self.name_constraint_checks = + self.name_constraint_checks + .checked_sub(1) + .ok_or(ValidationError::FatalError( + "Exceeded maximum name constraint check limit", + ))?; + Ok(()) + } +} + +struct NameChain<'a, 'chain> { + child: Option<&'a NameChain<'a, 'chain>>, + sans: SubjectAlternativeName<'chain>, +} + +impl<'a, 'chain> NameChain<'a, 'chain> { + fn new( + child: Option<&'a NameChain<'a, 'chain>>, + extensions: &Extensions<'chain>, + self_issued_intermediate: bool, + ) -> Result { + let sans = match ( + self_issued_intermediate, + extensions.get_extension(&SUBJECT_ALTERNATIVE_NAME_OID), + ) { + (false, Some(sans)) => sans.value::>()?, + // TODO: there really ought to be a better way to express an empty + // `asn1::SequenceOf`. + _ => asn1::parse_single(b"\x30\x00")?, + }; + + Ok(Self { child, sans }) + } + + fn evaluate_single_constraint( + &self, + constraint: &GeneralName<'chain>, + san: &GeneralName<'chain>, + budget: &mut Budget, + ) -> Result { + budget.name_constraint_check()?; + + match (constraint, san) { + (GeneralName::DNSName(pattern), GeneralName::DNSName(name)) => { + match (DNSConstraint::new(pattern.0), DNSName::new(name.0)) { + (Some(pattern), Some(name)) => Ok(Applied(pattern.matches(&name))), + (_, None) => Err(ValidationError::Other(format!( + "unsatisfiable DNS name constraint: malformed SAN {}", + name.0 + ))), + (None, _) => Err(ValidationError::Other(format!( + "malformed DNS name constraint: {}", + pattern.0 + ))), + } + } + (GeneralName::IPAddress(pattern), GeneralName::IPAddress(name)) => { + match ( + IPConstraint::from_bytes(pattern), + IPAddress::from_bytes(name), + ) { + (Some(pattern), Some(name)) => Ok(Applied(pattern.matches(&name))), + (_, None) => Err(ValidationError::Other(format!( + "unsatisfiable IP name constraint: malformed SAN {:?}", + name, + ))), + (None, _) => Err(ValidationError::Other(format!( + "malformed IP name constraints: {:?}", + pattern + ))), + } + } + (GeneralName::RFC822Name(pattern), GeneralName::RFC822Name(name)) => { + match (RFC822Constraint::new(pattern.0), RFC822Name::new(name.0)) { + (Some(pattern), Some(name)) => Ok(Applied(pattern.matches(&name))), + (_, None) => Err(ValidationError::Other(format!( + "unsatisfiable RFC822 name constraint: malformed SAN {:?}", + name.0, + ))), + (None, _) => Err(ValidationError::Other(format!( + "malformed RFC822 name constraints: {:?}", + pattern.0 + ))), + } + } + // All other matching pairs of (constraint, name) are currently unsupported. + (GeneralName::OtherName(_), GeneralName::OtherName(_)) + | (GeneralName::X400Address(_), GeneralName::X400Address(_)) + | (GeneralName::DirectoryName(_), GeneralName::DirectoryName(_)) + | (GeneralName::EDIPartyName(_), GeneralName::EDIPartyName(_)) + | ( + GeneralName::UniformResourceIdentifier(_), + GeneralName::UniformResourceIdentifier(_), + ) + | (GeneralName::RegisteredID(_), GeneralName::RegisteredID(_)) => Err( + ValidationError::Other("unsupported name constraint".to_string()), + ), + _ => Ok(Skipped), + } + } + + fn evaluate_constraints( + &self, + constraints: &NameConstraints<'chain>, + budget: &mut Budget, + ) -> Result<(), ValidationError> { + if let Some(child) = self.child { + child.evaluate_constraints(constraints, budget)?; + } + + for san in self.sans.clone() { + // If there are no applicable constraints, the SAN is considered valid so the default is true. + let mut permit = true; + if let Some(permitted_subtrees) = &constraints.permitted_subtrees { + for p in permitted_subtrees.unwrap_read().clone() { + let status = self.evaluate_single_constraint(&p.base, &san, budget)?; + if status.is_applied() { + permit = status.is_match(); + if permit { + break; + } + } + } + } + + if !permit { + return Err(ValidationError::Other( + "no permitted name constraints matched SAN".into(), + )); + } + + if let Some(excluded_subtrees) = &constraints.excluded_subtrees { + for e in excluded_subtrees.unwrap_read().clone() { + let status = self.evaluate_single_constraint(&e.base, &san, budget)?; + if status.is_match() { + return Err(ValidationError::Other( + "excluded name constraint matched SAN".into(), + )); + } + } + } + } + + Ok(()) + } +} + +pub type Chain<'a, 'c, B> = Vec<&'a VerificationCertificate<'c, B>>; + +pub fn verify<'a, 'chain: 'a, B: CryptoOps>( + leaf: &'a VerificationCertificate<'chain, B>, + intermediates: &'a [&'a VerificationCertificate<'chain, B>], + policy: &'a Policy<'_, B>, + store: &'a Store<'chain, B>, +) -> Result, ValidationError> { + let builder = ChainBuilder::new(intermediates, policy, store); + + let mut budget = Budget::new(); + builder.build_chain(leaf, &mut budget) +} + +struct ChainBuilder<'a, 'chain, B: CryptoOps> { + intermediates: &'a [&'a VerificationCertificate<'chain, B>], + policy: &'a Policy<'a, B>, + store: &'a Store<'chain, B>, +} + +// When applying a name constraint, we need to distinguish between a few different scenarios: +// * `Applied(true)`: The name constraint is the same type as the SAN and matches. +// * `Applied(false)`: The name constraint is the same type as the SAN and does not match. +// * `Skipped`: The name constraint is a different type to the SAN. +enum ApplyNameConstraintStatus { + Applied(bool), + Skipped, +} + +impl ApplyNameConstraintStatus { + fn is_applied(&self) -> bool { + matches!(self, Applied(_)) + } + + fn is_match(&self) -> bool { + matches!(self, Applied(true)) + } +} + +impl<'a, 'chain: 'a, B: CryptoOps> ChainBuilder<'a, 'chain, B> { + fn new( + intermediates: &'a [&'a VerificationCertificate<'chain, B>], + policy: &'a Policy<'a, B>, + store: &'a Store<'chain, B>, + ) -> Self { + Self { + intermediates, + policy, + store, + } + } + + fn potential_issuers( + &self, + cert: &'a VerificationCertificate<'chain, B>, + ) -> impl Iterator> + '_ { + // TODO: Optimizations: + // * Search by AKI and other identifiers? + self.store + .get_by_subject(&cert.certificate().tbs_cert.issuer) + .iter() + .chain(self.intermediates.iter().copied().filter(|&candidate| { + candidate.certificate().subject() == cert.certificate().issuer() + })) + } + + fn build_chain_inner( + &self, + working_cert: &'a VerificationCertificate<'chain, B>, + current_depth: u8, + working_cert_extensions: &Extensions<'chain>, + name_chain: NameChain<'_, 'chain>, + budget: &mut Budget, + ) -> Result, ValidationError> { + if let Some(nc) = working_cert_extensions.get_extension(&NAME_CONSTRAINTS_OID) { + name_chain.evaluate_constraints(&nc.value()?, budget)?; + } + + // Look in the store's root set to see if the working cert is listed. + // If it is, we've reached the end. + if self.store.contains(working_cert) { + return Ok(vec![working_cert]); + } + + // Check that our current depth does not exceed our policy-configured + // max depth. We do this after the root set check, since the depth + // only measures the intermediate chain's length, not the root or leaf. + if current_depth > self.policy.max_chain_depth { + return Err(ValidationError::Other( + "chain construction exceeds max depth".into(), + )); + } + + // Otherwise, we collect a list of potential issuers for this cert, + // and continue with the first that verifies. + let mut last_err: Option = None; + for issuing_cert_candidate in self.potential_issuers(working_cert) { + // A candidate issuer is said to verify if it both + // signs for the working certificate and conforms to the + // policy. + let issuer_extensions = issuing_cert_candidate.certificate().extensions()?; + match self.policy.valid_issuer( + issuing_cert_candidate, + working_cert.certificate(), + current_depth, + &issuer_extensions, + ) { + Ok(_) => { + match self.build_chain_inner( + issuing_cert_candidate, + // NOTE(ww): According to RFC 5280, we should only + // increase the chain depth when the certificate is **not** + // self-issued. In practice however, implementations widely + // ignore this requirement, and unconditionally increment + // the depth with every chain member. We choose to do the same; + // see `pathlen::self-issued-certs-pathlen` from x509-limbo + // for the testcase we intentionally fail. + // + // Implementation note for someone looking to change this in the future: + // care should be taken to avoid infinite recursion with self-signed + // certificates in the intermediate set; changing this behavior will + // also require a "is not self-signed" check on intermediate candidates. + // + // See https://gist.github.com/woodruffw/776153088e0df3fc2f0675c5e835f7b8 + // for an example of this change. + current_depth.checked_add(1).ok_or_else(|| { + ValidationError::Other( + "current depth calculation overflowed".to_string(), + ) + })?, + &issuer_extensions, + NameChain::new( + Some(&name_chain), + &issuer_extensions, + // Per RFC 5280 4.2.1.10: Name constraints are not applied + // to subjects in self-issued certificates, *unless* the + // certificate is the "final" (i.e., leaf) certificate in the path. + // We accomplish this by only collecting the SANs when the issuing + // candidate (which is a non-leaf by definition) isn't self-issued. + cert_is_self_issued(issuing_cert_candidate.certificate()), + )?, + budget, + ) { + Ok(mut chain) => { + chain.push(working_cert); + return Ok(chain); + } + // Immediately return on fatal error. + Err(e @ ValidationError::FatalError(..)) => return Err(e), + Err(e) => last_err = Some(e), + }; + } + Err(e) => last_err = Some(e), + }; + } + + // We only reach this if we fail to hit our base case above, or if + // a chain building step fails to find a next valid certificate. + Err(ValidationError::CandidatesExhausted(last_err.map_or_else( + || { + Box::new(ValidationError::Other( + "all candidates exhausted with no interior errors".to_string(), + )) + }, + |e| match e { + // Avoid spamming the user with nested `CandidatesExhausted` errors. + ValidationError::CandidatesExhausted(e) => e, + _ => Box::new(e), + }, + ))) + } + + fn build_chain( + &self, + leaf: &'a VerificationCertificate<'chain, B>, + budget: &mut Budget, + ) -> Result, ValidationError> { + // Before anything else, check whether the given leaf cert + // is well-formed according to our policy (and its underlying + // certificate profile). + // + // The leaf must be an EE; a CA cert in the leaf position will be rejected. + let leaf_extensions = leaf.certificate().extensions()?; + + self.policy + .permits_ee(leaf.certificate(), &leaf_extensions)?; + + let mut chain = self.build_chain_inner( + leaf, + 0, + &leaf_extensions, + NameChain::new(None, &leaf_extensions, false)?, + budget, + )?; + // We build the chain in reverse order, fix it now. + chain.reverse(); + Ok(chain) + } +} + +#[cfg(test)] +mod tests { + use asn1::ParseError; + use cryptography_x509::oid::SUBJECT_ALTERNATIVE_NAME_OID; + + use crate::ValidationError; + + #[test] + fn test_validationerror_display() { + let err = ValidationError::Malformed(ParseError::new(asn1::ParseErrorKind::InvalidLength)); + assert_eq!(err.to_string(), "ASN.1 parsing error: invalid length"); + + let err = ValidationError::ExtensionError { + oid: SUBJECT_ALTERNATIVE_NAME_OID, + reason: "duplicate extension", + }; + assert_eq!( + err.to_string(), + "invalid extension: 2.5.29.17: duplicate extension" + ); + + let err = ValidationError::FatalError("oops"); + assert_eq!(err.to_string(), "fatal error: oops"); + } +} diff --git a/src/rust/cryptography-x509-verification/src/ops.rs b/src/rust/cryptography-x509-verification/src/ops.rs new file mode 100644 index 0000000..1b2f593 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/ops.rs @@ -0,0 +1,87 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use cryptography_x509::certificate::Certificate; + +pub struct VerificationCertificate<'a, B: CryptoOps> { + cert: Certificate<'a>, + public_key: once_cell::sync::OnceCell, + extra: B::CertificateExtra, +} + +impl<'a, B: CryptoOps> VerificationCertificate<'a, B> { + pub fn new(cert: Certificate<'a>, extra: B::CertificateExtra) -> Self { + VerificationCertificate { + cert, + extra, + public_key: once_cell::sync::OnceCell::new(), + } + } + + pub fn certificate(&self) -> &Certificate<'a> { + &self.cert + } + + pub fn public_key(&self, ops: &B) -> Result<&B::Key, B::Err> { + self.public_key + .get_or_try_init(|| ops.public_key(self.certificate())) + } + + pub fn extra(&self) -> &B::CertificateExtra { + &self.extra + } +} + +impl PartialEq for VerificationCertificate<'_, B> { + fn eq(&self, other: &Self) -> bool { + self.cert == other.cert + } +} +impl Eq for VerificationCertificate<'_, B> {} + +pub trait CryptoOps { + /// A public key type for this cryptographic backend. + type Key; + + /// An error type for this cryptographic backend. + type Err; + + /// Extra data that's passed around with the certificate. + type CertificateExtra; + + /// Extracts the public key from the given `Certificate` in + /// a `Key` format known by the cryptographic backend, or `None` + /// if the key is malformed. + fn public_key(&self, cert: &Certificate<'_>) -> Result; + + /// Verifies the signature on `Certificate` using the given + /// `Key`. + fn verify_signed_by(&self, cert: &Certificate<'_>, key: &Self::Key) -> Result<(), Self::Err>; +} + +#[cfg(test)] +pub(crate) mod tests { + use cryptography_x509::certificate::Certificate; + + pub(crate) fn v1_cert_pem() -> pem::Pem { + pem::parse( + " +-----BEGIN CERTIFICATE----- +MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz +MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO +/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE +Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ +zl9HYIMxATFyqSiD9jsx +-----END CERTIFICATE-----", + ) + .unwrap() + } + + pub(crate) fn cert(cert_pem: &pem::Pem) -> Certificate<'_> { + asn1::parse_single(cert_pem.contents()).unwrap() + } +} diff --git a/src/rust/cryptography-x509-verification/src/policy/extension.rs b/src/rust/cryptography-x509-verification/src/policy/extension.rs new file mode 100644 index 0000000..1c8ae00 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/policy/extension.rs @@ -0,0 +1,766 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use cryptography_x509::oid::{ + AUTHORITY_INFORMATION_ACCESS_OID, AUTHORITY_KEY_IDENTIFIER_OID, BASIC_CONSTRAINTS_OID, + EXTENDED_KEY_USAGE_OID, KEY_USAGE_OID, NAME_CONSTRAINTS_OID, SUBJECT_ALTERNATIVE_NAME_OID, + SUBJECT_KEY_IDENTIFIER_OID, +}; +use cryptography_x509::{ + certificate::Certificate, + extensions::{Extension, Extensions}, +}; + +use crate::{ops::CryptoOps, policy::Policy, ValidationError}; + +pub(crate) struct ExtensionPolicy { + pub(crate) authority_information_access: ExtensionValidator, + pub(crate) authority_key_identifier: ExtensionValidator, + pub(crate) subject_key_identifier: ExtensionValidator, + pub(crate) key_usage: ExtensionValidator, + pub(crate) subject_alternative_name: ExtensionValidator, + pub(crate) basic_constraints: ExtensionValidator, + pub(crate) name_constraints: ExtensionValidator, + pub(crate) extended_key_usage: ExtensionValidator, +} + +impl ExtensionPolicy { + pub(crate) fn permits( + &self, + policy: &Policy<'_, B>, + cert: &Certificate<'_>, + extensions: &Extensions<'_>, + ) -> Result<(), ValidationError> { + let mut authority_information_access_seen = false; + let mut authority_key_identifier_seen = false; + let mut subject_key_identifier_seen = false; + let mut key_usage_seen = false; + let mut subject_alternative_name_seen = false; + let mut basic_constraints_seen = false; + let mut name_constraints_seen = false; + let mut extended_key_usage_seen = false; + + // Iterate over each extension and run its policy. + for ext in extensions.iter() { + match ext.extn_id { + AUTHORITY_INFORMATION_ACCESS_OID => { + authority_information_access_seen = true; + self.authority_information_access + .permits(policy, cert, Some(&ext))?; + } + AUTHORITY_KEY_IDENTIFIER_OID => { + authority_key_identifier_seen = true; + self.authority_key_identifier + .permits(policy, cert, Some(&ext))?; + } + SUBJECT_KEY_IDENTIFIER_OID => { + subject_key_identifier_seen = true; + self.subject_key_identifier + .permits(policy, cert, Some(&ext))?; + } + KEY_USAGE_OID => { + key_usage_seen = true; + self.key_usage.permits(policy, cert, Some(&ext))?; + } + SUBJECT_ALTERNATIVE_NAME_OID => { + subject_alternative_name_seen = true; + self.subject_alternative_name + .permits(policy, cert, Some(&ext))?; + } + BASIC_CONSTRAINTS_OID => { + basic_constraints_seen = true; + self.basic_constraints.permits(policy, cert, Some(&ext))?; + } + NAME_CONSTRAINTS_OID => { + name_constraints_seen = true; + self.name_constraints.permits(policy, cert, Some(&ext))?; + } + EXTENDED_KEY_USAGE_OID => { + extended_key_usage_seen = true; + self.extended_key_usage.permits(policy, cert, Some(&ext))?; + } + _ if ext.critical => { + return Err(ValidationError::ExtensionError { + oid: ext.extn_id, + reason: "certificate contains unaccounted-for critical extensions", + }); + } + _ => {} + } + } + + // Now we check if there were any required extensions that aren't + // present + if !authority_information_access_seen { + self.authority_information_access + .permits(policy, cert, None)?; + } + if !authority_key_identifier_seen { + self.authority_key_identifier.permits(policy, cert, None)?; + } + if !subject_key_identifier_seen { + self.subject_key_identifier.permits(policy, cert, None)?; + } + if !key_usage_seen { + self.key_usage.permits(policy, cert, None)?; + } + if !subject_alternative_name_seen { + self.subject_alternative_name.permits(policy, cert, None)?; + } + if !basic_constraints_seen { + self.basic_constraints.permits(policy, cert, None)?; + } + if !name_constraints_seen { + self.name_constraints.permits(policy, cert, None)?; + } + if !extended_key_usage_seen { + self.extended_key_usage.permits(policy, cert, None)?; + } + + Ok(()) + } +} + +/// Represents different criticality states for an extension. +pub(crate) enum Criticality { + /// The extension MUST be marked as critical. + Critical, + /// The extension MAY be marked as critical. + Agnostic, + /// The extension MUST NOT be marked as critical. + NonCritical, +} + +impl Criticality { + pub(crate) fn permits(&self, critical: bool) -> bool { + match (self, critical) { + (Criticality::Critical, true) => true, + (Criticality::Critical, false) => false, + (Criticality::Agnostic, _) => true, + (Criticality::NonCritical, true) => false, + (Criticality::NonCritical, false) => true, + } + } +} + +type PresentExtensionValidatorCallback = + fn(&Policy<'_, B>, &Certificate<'_>, &Extension<'_>) -> Result<(), ValidationError>; + +type MaybeExtensionValidatorCallback = + fn(&Policy<'_, B>, &Certificate<'_>, Option<&Extension<'_>>) -> Result<(), ValidationError>; + +/// Represents different validation states for an extension. +pub(crate) enum ExtensionValidator { + /// The extension MUST NOT be present. + NotPresent, + /// The extension MUST be present. + Present { + /// The extension's criticality. + criticality: Criticality, + /// An optional validator over the extension's inner contents, with + /// the surrounding `Policy` as context. + validator: Option>, + }, + /// The extension MAY be present; the interior validator is + /// always called if supplied, including if the extension is not present. + MaybePresent { + criticality: Criticality, + validator: Option>, + }, +} + +impl ExtensionValidator { + pub(crate) fn not_present() -> Self { + Self::NotPresent + } + + pub(crate) fn present( + criticality: Criticality, + validator: Option>, + ) -> Self { + Self::Present { + criticality, + validator, + } + } + + pub(crate) fn maybe_present( + criticality: Criticality, + validator: Option>, + ) -> Self { + Self::MaybePresent { + criticality, + validator, + } + } + + pub(crate) fn permits( + &self, + policy: &Policy<'_, B>, + cert: &Certificate<'_>, + extension: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + match (self, extension) { + // Extension MUST NOT be present and isn't; OK. + (ExtensionValidator::NotPresent, None) => Ok(()), + // Extension MUST NOT be present but is; NOT OK. + (ExtensionValidator::NotPresent, Some(extn)) => Err(ValidationError::ExtensionError { + oid: extn.extn_id.clone(), + reason: "Certificate contains prohibited extension", + }), + // Extension MUST be present but is not; NOT OK. + (ExtensionValidator::Present { .. }, None) => Err(ValidationError::Other( + "Certificate is missing required extension".to_string(), + )), + // Extension MUST be present and is; check it. + ( + ExtensionValidator::Present { + criticality, + validator, + }, + Some(extn), + ) => { + if !criticality.permits(extn.critical) { + return Err(ValidationError::ExtensionError { + oid: extn.extn_id.clone(), + reason: "Certificate extension has incorrect criticality", + }); + } + + // If a custom validator is supplied, apply it. + validator.map_or(Ok(()), |v| v(policy, cert, extn)) + } + // Extension MAY be present. + ( + ExtensionValidator::MaybePresent { + criticality, + validator, + }, + extn, + ) => { + match extn { + // If the extension is present, apply our criticality check. + Some(extn) if !criticality.permits(extn.critical) => { + Err(ValidationError::ExtensionError { + oid: extn.extn_id.clone(), + reason: "Certificate extension has incorrect criticality", + }) + } + // If a custom validator is supplied, apply it. + _ => validator.map_or(Ok(()), |v| v(policy, cert, extn)), + } + } + } + } +} + +pub(crate) mod ee { + use cryptography_x509::{ + certificate::Certificate, + extensions::{ + BasicConstraints, ExtendedKeyUsage, Extension, KeyUsage, SubjectAlternativeName, + }, + }; + + use crate::{ + ops::CryptoOps, + policy::{Policy, ValidationError}, + }; + + pub(crate) fn basic_constraints( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + let basic_constraints: BasicConstraints = extn.value()?; + + if basic_constraints.ca { + return Err(ValidationError::Other( + "basicConstraints.cA must not be asserted in an EE certificate".to_string(), + )); + } + } + + Ok(()) + } + + pub(crate) fn subject_alternative_name( + policy: &Policy<'_, B>, + cert: &Certificate<'_>, + extn: &Extension<'_>, + ) -> Result<(), ValidationError> { + match (cert.subject().is_empty(), extn.critical) { + // If the subject is empty, the SAN MUST be critical. + (true, false) => { + return Err(ValidationError::Other( + "EE subjectAltName MUST be critical when subject is empty".to_string(), + )); + } + // If the subject is non-empty, the SAN MUST NOT be critical. + (false, true) => { + return Err(ValidationError::Other( + "EE subjectAltName MUST NOT be critical when subject is nonempty".to_string(), + )) + } + _ => (), + }; + + // NOTE: We only verify the SAN against the policy's subject if the + // policy actually contains one. This enables both client and server + // profiles to use this validator, **with the expectation** that + // server profile construction requires a subject to be present. + if let Some(sub) = policy.subject.as_ref() { + let san: SubjectAlternativeName<'_> = extn.value()?; + if !sub.matches(&san) { + return Err(ValidationError::Other( + "leaf certificate has no matching subjectAltName".into(), + )); + } + } + + Ok(()) + } + + pub(crate) fn extended_key_usage( + policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + let mut ekus: ExtendedKeyUsage<'_> = extn.value()?; + + // CABF requires EKUs in EE certs, but this is widely ignored + // by implementations (which treat a missing EKU as "any EKU"). + // On the other hand, if the EKU is present, it **must** be + // the one specified in the policy (e.g., `serverAuth`) and + // **must not** be the explicit `anyExtendedKeyUsage` EKU. + // See: CABF 7.1.2.7.10. + if ekus.any(|eku| eku == policy.extended_key_usage) { + Ok(()) + } else { + Err(ValidationError::Other("required EKU not found".to_string())) + } + } else { + Ok(()) + } + } + + pub(crate) fn key_usage( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + let key_usage: KeyUsage<'_> = extn.value()?; + + if key_usage.key_cert_sign() { + return Err(ValidationError::Other( + "EE keyUsage must not assert keyCertSign".to_string(), + )); + } + } + + Ok(()) + } +} + +pub(crate) mod ca { + use cryptography_x509::{ + certificate::Certificate, + extensions::{ + AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, Extension, KeyUsage, + NameConstraints, + }, + oid::EKU_ANY_KEY_USAGE_OID, + }; + + use crate::{ + ops::CryptoOps, + policy::{Policy, ValidationError}, + }; + + pub(crate) fn authority_key_identifier( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + // CABF: AKI is required on all CA certificates *except* root CA certificates, + // where is it merely recommended. This is slightly different from RFC 5280, + // which requires AKI on all CA certificates *except* self-signed root CA certificates. + // + // This discrepancy poses a challenge: from a strict CABF perspective we should + // require the AKI unless we're on a root CA, but we lack the context to determine that + // here. We *could* infer that we're on a root by checking whether the CA is self-signed, + // but many root CAs still use RSA with SHA-1 (which is intentionally unsupported + // for signature verification). + // + // Consequently, the best we can currently do here is check whether the AKI conforms + // to the CABF mandated format, *if* it exists. This means that we will accept + // some chains that are not strictly CABF compliant (e.g. ones where intermediate + // CAs are missing AKIs), but this is a relatively minor discrepancy. + if let Some(extn) = extn { + let aki: AuthorityKeyIdentifier<'_> = extn.value()?; + // 7.1.2.11.1 Authority Key Identifier: + + // keyIdentifier MUST be present. + // TODO: Check that keyIdentifier matches subjectKeyIdentifier. + if aki.key_identifier.is_none() { + return Err(ValidationError::Other( + "authorityKeyIdentifier must contain keyIdentifier".to_string(), + )); + } + + // authorityCertIssuer and authorityCertSerialNumber MUST NOT be present. + if aki.authority_cert_issuer.is_some() { + return Err(ValidationError::Other( + "authorityKeyIdentifier must not contain authorityCertIssuer".to_string(), + )); + } + + if aki.authority_cert_serial_number.is_some() { + return Err(ValidationError::Other( + "authorityKeyIdentifier must not contain authorityCertSerialNumber".to_string(), + )); + } + } + + Ok(()) + } + + pub(crate) fn key_usage( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: &Extension<'_>, + ) -> Result<(), ValidationError> { + let key_usage: KeyUsage<'_> = extn.value()?; + + if !key_usage.key_cert_sign() { + return Err(ValidationError::Other( + "keyUsage.keyCertSign must be asserted in a CA certificate".to_string(), + )); + } + + Ok(()) + } + + pub(crate) fn basic_constraints( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: &Extension<'_>, + ) -> Result<(), ValidationError> { + let basic_constraints: BasicConstraints = extn.value()?; + + if !basic_constraints.ca { + return Err(ValidationError::Other( + "basicConstraints.cA must be asserted in a CA certificate".to_string(), + )); + } + + // NOTE: basicConstraints.pathLength is checked as part of + // `Policy::permits_ca`, since we need the current chain building + // depth to check it. + + Ok(()) + } + + pub(crate) fn name_constraints( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + let name_constraints: NameConstraints<'_> = extn.value()?; + + let permitted_subtrees_empty = name_constraints + .permitted_subtrees + .as_ref() + .map_or(true, |pst| pst.unwrap_read().is_empty()); + let excluded_subtrees_empty = name_constraints + .excluded_subtrees + .as_ref() + .map_or(true, |est| est.unwrap_read().is_empty()); + + if permitted_subtrees_empty && excluded_subtrees_empty { + return Err(ValidationError::Other( + "nameConstraints must have non-empty permittedSubtrees or excludedSubtrees" + .to_string(), + )); + } + + // NOTE: Both RFC 5280 and CABF require each `GeneralSubtree` + // to have `minimum=0` and `maximum=NULL`, but experimentally + // not many validators check for this. + } + + Ok(()) + } + + pub(crate) fn extended_key_usage( + policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + let mut ekus: ExtendedKeyUsage<'_> = extn.value()?; + + // NOTE: CABF explicitly forbids anyEKU in and most CA certs, + // but this is widely (universally?) ignored by other implementations. + if ekus.any(|eku| eku == policy.extended_key_usage || eku == EKU_ANY_KEY_USAGE_OID) { + Ok(()) + } else { + Err(ValidationError::Other("required EKU not found".to_string())) + } + } else { + Ok(()) + } + } +} + +pub(crate) mod common { + use cryptography_x509::{ + certificate::Certificate, + extensions::{Extension, SequenceOfAccessDescriptions}, + }; + + use crate::{ + ops::CryptoOps, + policy::{Policy, ValidationError}, + }; + + pub(crate) fn authority_information_access( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + extn: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + if let Some(extn) = extn { + // We don't currently do anything useful with these, but we + // do check that they're well-formed. + let _: SequenceOfAccessDescriptions<'_> = extn.value()?; + } + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use asn1::{ObjectIdentifier, SimpleAsn1Writable}; + use cryptography_x509::certificate::Certificate; + use cryptography_x509::extensions::{BasicConstraints, Extension}; + use cryptography_x509::oid::BASIC_CONSTRAINTS_OID; + + use super::{Criticality, ExtensionValidator}; + use crate::certificate::tests::PublicKeyErrorOps; + use crate::ops::tests::{cert, v1_cert_pem}; + use crate::ops::CryptoOps; + use crate::policy::{Policy, Subject, ValidationError}; + use crate::types::DNSName; + + #[test] + fn test_criticality_variants() { + let criticality = Criticality::Critical; + assert!(criticality.permits(true)); + assert!(!criticality.permits(false)); + + let criticality = Criticality::Agnostic; + assert!(criticality.permits(true)); + assert!(criticality.permits(false)); + + let criticality = Criticality::NonCritical; + assert!(!criticality.permits(true)); + assert!(criticality.permits(false)); + } + + fn epoch() -> asn1::DateTime { + asn1::DateTime::new(1970, 1, 1, 0, 0, 0).unwrap() + } + + fn create_encoded_extension( + oid: ObjectIdentifier, + critical: bool, + ext: &T, + ) -> Vec { + let ext_value = asn1::write_single(&ext).unwrap(); + let ext = Extension { + extn_id: oid, + critical, + extn_value: &ext_value, + }; + asn1::write_single(&ext).unwrap() + } + + fn present_extension_validator( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + _ext: &Extension<'_>, + ) -> Result<(), ValidationError> { + Ok(()) + } + + #[test] + fn test_extension_validator_present() { + // The certificate doesn't get used for this validator, so the certificate we use isn't important. + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + let policy = Policy::server( + ops, + Subject::DNS(DNSName::new("example.com").unwrap()), + epoch(), + None, + ); + + // Test a policy that stipulates that a given extension MUST be present. + let extension_validator = + ExtensionValidator::present(Criticality::Critical, Some(present_extension_validator)); + + // Check the case where the extension is present. + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc); + let raw_ext = asn1::parse_single(&der_ext).unwrap(); + assert!(extension_validator + .permits(&policy, &cert, Some(&raw_ext)) + .is_ok()); + + // Check the case where the extension isn't present. + assert!(extension_validator.permits(&policy, &cert, None).is_err()); + } + + fn maybe_extension_validator( + _policy: &Policy<'_, B>, + _cert: &Certificate<'_>, + _ext: Option<&Extension<'_>>, + ) -> Result<(), ValidationError> { + Ok(()) + } + + #[test] + fn test_extension_validator_maybe() { + // The certificate doesn't get used for this validator, so the certificate we use isn't important. + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + let policy = Policy::server( + ops, + Subject::DNS(DNSName::new("example.com").unwrap()), + epoch(), + None, + ); + + // Test a validator that stipulates that a given extension CAN be present. + let extension_validator = ExtensionValidator::maybe_present( + Criticality::Critical, + Some(maybe_extension_validator), + ); + + // Check the case where the extension is present. + let bc = BasicConstraints { + ca: false, + path_length: Some(3), + }; + let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc); + let raw_ext = asn1::parse_single(&der_ext).unwrap(); + assert!(extension_validator + .permits(&policy, &cert, Some(&raw_ext)) + .is_ok()); + + // Check the case where the extension isn't present. + assert!(extension_validator.permits(&policy, &cert, None).is_ok()); + } + + #[test] + fn test_extension_validator_not_present() { + // The certificate doesn't get used for this validator, so the certificate we use isn't important. + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + let policy = Policy::server( + ops, + Subject::DNS(DNSName::new("example.com").unwrap()), + epoch(), + None, + ); + + // Test a validator that stipulates that a given extension MUST NOT be present. + let extension_validator = ExtensionValidator::not_present(); + + // Check the case where the extension is present. + let bc = BasicConstraints { + ca: false, + path_length: Some(3), + }; + let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc); + let raw_ext = asn1::parse_single(&der_ext).unwrap(); + assert!(extension_validator + .permits(&policy, &cert, Some(&raw_ext)) + .is_err()); + + // Check the case where the extension isn't present. + assert!(extension_validator.permits(&policy, &cert, None).is_ok()); + } + + #[test] + fn test_extension_validator_present_incorrect_criticality() { + // The certificate doesn't get used for this validator, so the certificate we use isn't important. + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + let policy = Policy::server( + ops, + Subject::DNS(DNSName::new("example.com").unwrap()), + epoch(), + None, + ); + + // Test a present policy that stipulates that a given extension MUST be critical. + let extension_validator = + ExtensionValidator::present(Criticality::Critical, Some(present_extension_validator)); + + // Mark the extension as non-critical despite our policy stipulating that it must be critical. + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, false, &bc); + let raw_ext = asn1::parse_single(&der_ext).unwrap(); + assert!(extension_validator + .permits(&policy, &cert, Some(&raw_ext)) + .is_err()); + } + + #[test] + fn test_extension_validator_maybe_present_incorrect_criticality() { + // The certificate doesn't get used for this validator, so the certificate we use isn't important. + let cert_pem = v1_cert_pem(); + let cert = cert(&cert_pem); + let ops = PublicKeyErrorOps {}; + let policy = Policy::server( + ops, + Subject::DNS(DNSName::new("example.com").unwrap()), + epoch(), + None, + ); + + // Test a maybe present validator that stipulates that a given extension MUST be critical. + let extension_validator = ExtensionValidator::maybe_present( + Criticality::Critical, + Some(maybe_extension_validator), + ); + + // Mark the extension as non-critical despite our policy stipulating that it must be critical. + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, false, &bc); + let raw_ext = asn1::parse_single(&der_ext).unwrap(); + assert!(extension_validator + .permits(&policy, &cert, Some(&raw_ext)) + .is_err()); + } +} diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs new file mode 100644 index 0000000..5616a83 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/policy/mod.rs @@ -0,0 +1,816 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +mod extension; + +use std::collections::HashSet; +use std::ops::Range; +use std::sync::Arc; + +use asn1::ObjectIdentifier; +use cryptography_key_parsing::rsa::Pkcs1RsaPublicKey; +use cryptography_x509::certificate::Certificate; +use cryptography_x509::common::{ + AlgorithmIdentifier, AlgorithmParameters, EcParameters, RsaPssParameters, Time, + PSS_SHA256_HASH_ALG, PSS_SHA256_MASK_GEN_ALG, PSS_SHA384_HASH_ALG, PSS_SHA384_MASK_GEN_ALG, + PSS_SHA512_HASH_ALG, PSS_SHA512_MASK_GEN_ALG, +}; +use cryptography_x509::extensions::{BasicConstraints, Extensions, SubjectAlternativeName}; +use cryptography_x509::name::GeneralName; +use cryptography_x509::oid::{ + BASIC_CONSTRAINTS_OID, EC_SECP256R1, EC_SECP384R1, EC_SECP521R1, EKU_CLIENT_AUTH_OID, + EKU_SERVER_AUTH_OID, +}; +use once_cell::sync::Lazy; + +use crate::ops::CryptoOps; +use crate::policy::extension::{ca, common, ee, Criticality, ExtensionPolicy, ExtensionValidator}; +use crate::types::{DNSName, DNSPattern, IPAddress}; +use crate::{ValidationError, VerificationCertificate}; + +// RSA key constraints, as defined in CA/B 6.1.5. +static WEBPKI_MINIMUM_RSA_MODULUS: usize = 2048; + +// SubjectPublicKeyInfo AlgorithmIdentifier constants, as defined in CA/B 7.1.3.1. + +// RSA +static SPKI_RSA: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Rsa(Some(())), +}; + +// SECP256R1 +static SPKI_SECP256R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Ec(EcParameters::NamedCurve(EC_SECP256R1)), +}; + +// SECP384R1 +static SPKI_SECP384R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Ec(EcParameters::NamedCurve(EC_SECP384R1)), +}; + +// SECP521R1 +static SPKI_SECP521R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Ec(EcParameters::NamedCurve(EC_SECP521R1)), +}; + +/// Permitted algorithms, from CA/B Forum's Baseline Requirements, section 7.1.3.1 (page 96) +/// https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf +pub static WEBPKI_PERMITTED_SPKI_ALGORITHMS: Lazy>>> = + Lazy::new(|| { + Arc::new(HashSet::from([ + SPKI_RSA.clone(), + SPKI_SECP256R1.clone(), + SPKI_SECP384R1.clone(), + SPKI_SECP521R1.clone(), + ])) + }); + +// Signature AlgorithmIdentifier constants, as defined in CA/B 7.1.3.2. + +// RSASSA‐PKCS1‐v1_5 with SHA‐256 +static RSASSA_PKCS1V15_SHA256: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaWithSha256(Some(())), +}; + +// RSASSA‐PKCS1‐v1_5 with SHA‐384 +static RSASSA_PKCS1V15_SHA384: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaWithSha384(Some(())), +}; + +// RSASSA‐PKCS1‐v1_5 with SHA‐512 +static RSASSA_PKCS1V15_SHA512: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaWithSha512(Some(())), +}; + +// RSASSA‐PSS with SHA‐256, MGF‐1 with SHA‐256, and a salt length of 32 bytes +static RSASSA_PSS_SHA256: Lazy> = Lazy::new(|| AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaPss(Some(Box::new(RsaPssParameters { + hash_algorithm: PSS_SHA256_HASH_ALG, + mask_gen_algorithm: PSS_SHA256_MASK_GEN_ALG, + salt_length: 32, + _trailer_field: None, + }))), +}); + +// RSASSA‐PSS with SHA‐384, MGF‐1 with SHA‐384, and a salt length of 48 bytes +static RSASSA_PSS_SHA384: Lazy> = Lazy::new(|| AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaPss(Some(Box::new(RsaPssParameters { + hash_algorithm: PSS_SHA384_HASH_ALG, + mask_gen_algorithm: PSS_SHA384_MASK_GEN_ALG, + salt_length: 48, + _trailer_field: None, + }))), +}); + +// RSASSA‐PSS with SHA‐512, MGF‐1 with SHA‐512, and a salt length of 64 bytes +static RSASSA_PSS_SHA512: Lazy> = Lazy::new(|| AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::RsaPss(Some(Box::new(RsaPssParameters { + hash_algorithm: PSS_SHA512_HASH_ALG, + mask_gen_algorithm: PSS_SHA512_MASK_GEN_ALG, + salt_length: 64, + _trailer_field: None, + }))), +}); + +// For P-256: the signature MUST use ECDSA with SHA‐256 +static ECDSA_SHA256: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::EcDsaWithSha256(None), +}; + +// For P-384: the signature MUST use ECDSA with SHA‐384 +static ECDSA_SHA384: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::EcDsaWithSha384(None), +}; + +// For P-521: the signature MUST use ECDSA with SHA‐512 +static ECDSA_SHA512: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::EcDsaWithSha512(None), +}; + +/// Permitted algorithms, from CA/B Forum's Baseline Requirements, section 7.1.3.2 (pages 96-98) +/// https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf +pub static WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS: Lazy>>> = + Lazy::new(|| { + Arc::new(HashSet::from([ + RSASSA_PKCS1V15_SHA256.clone(), + RSASSA_PKCS1V15_SHA384.clone(), + RSASSA_PKCS1V15_SHA512.clone(), + RSASSA_PSS_SHA256.clone(), + RSASSA_PSS_SHA384.clone(), + RSASSA_PSS_SHA512.clone(), + ECDSA_SHA256.clone(), + ECDSA_SHA384.clone(), + ECDSA_SHA512.clone(), + ])) + }); + +/// A default reasonable maximum chain depth. +/// +/// This depth was chosen to balance between common validation lengths +/// (chains in the Web PKI are ordinarily no longer than 2 or 3 intermediates +/// in the longest cases) and support for pathological cases. +/// +/// Relatively little prior art for selecting a default depth exists; +/// OpenSSL defaults to a limit of 100, which is far more permissive than +/// necessary. +const DEFAULT_MAX_CHAIN_DEPTH: u8 = 8; + +/// Represents a logical certificate "subject," i.e. a principal matching +/// one of the names listed in a certificate's `subjectAltNames` extension. +pub enum Subject<'a> { + DNS(DNSName<'a>), + IP(IPAddress), +} + +impl Subject<'_> { + fn subject_alt_name_matches(&self, general_name: &GeneralName<'_>) -> bool { + match (general_name, self) { + (GeneralName::DNSName(pattern), Self::DNS(name)) => { + DNSPattern::new(pattern.0).map_or(false, |p| p.matches(name)) + } + (GeneralName::IPAddress(addr), Self::IP(name)) => { + IPAddress::from_bytes(addr).map_or(false, |addr| addr == *name) + } + _ => false, + } + } + + /// Returns true if any of the names in the given `SubjectAlternativeName` + /// match this `Subject`. + pub fn matches(&self, san: &SubjectAlternativeName<'_>) -> bool { + san.clone().any(|gn| self.subject_alt_name_matches(&gn)) + } +} + +/// A `Policy` describes user-configurable aspects of X.509 path validation. +pub struct Policy<'a, B: CryptoOps> { + pub ops: B, + + /// A top-level constraint on the length of intermediate CA paths + /// constructed under this policy. + /// + /// Per RFC 5280, this limits the length of the non-self-issued intermediate + /// CA chain, without counting either the leaf or trust anchor. + pub max_chain_depth: u8, + + /// A subject (i.e. DNS name or other name format) that any EE certificates + /// validated by this policy must match. + pub subject: Option>, + + /// The validation time. All certificates validated by this policy must + /// be valid at this time. + pub validation_time: asn1::DateTime, + + /// An extended key usage that must appear in EEs validated by this policy. + pub extended_key_usage: ObjectIdentifier, + + /// The minimum RSA modulus, in bits. + /// This is equivalent to the public key size, e.g. 2048 for an RSA-2048 key. + pub minimum_rsa_modulus: usize, + + /// The set of permitted public key algorithms, identified by their + /// algorithm identifiers. + pub permitted_public_key_algorithms: Arc>>, + + /// The set of permitted signature algorithms, identified by their + /// algorithm identifiers. + pub permitted_signature_algorithms: Arc>>, + + ca_extension_policy: ExtensionPolicy, + ee_extension_policy: ExtensionPolicy, +} + +impl<'a, B: CryptoOps> Policy<'a, B> { + fn new( + ops: B, + subject: Option>, + time: asn1::DateTime, + max_chain_depth: Option, + extended_key_usage: ObjectIdentifier, + ) -> Self { + Self { + ops, + max_chain_depth: max_chain_depth.unwrap_or(DEFAULT_MAX_CHAIN_DEPTH), + subject, + validation_time: time, + extended_key_usage, + minimum_rsa_modulus: WEBPKI_MINIMUM_RSA_MODULUS, + permitted_public_key_algorithms: Arc::clone(&*WEBPKI_PERMITTED_SPKI_ALGORITHMS), + permitted_signature_algorithms: Arc::clone(&*WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS), + ca_extension_policy: ExtensionPolicy { + // 5280 4.2.2.1: Authority Information Access + authority_information_access: ExtensionValidator::maybe_present( + Criticality::NonCritical, + Some(common::authority_information_access), + ), + // 5280 4.2.1.1: Authority Key Identifier + authority_key_identifier: ExtensionValidator::maybe_present( + Criticality::NonCritical, + Some(ca::authority_key_identifier), + ), + // 5280 4.2.1.2: Subject Key Identifier + // NOTE: CABF requires SKI in CA certificates, but many older CAs lack it. + // We choose to be permissive here. + subject_key_identifier: ExtensionValidator::maybe_present( + Criticality::NonCritical, + None, + ), + // 5280 4.2.1.3: Key Usage + key_usage: ExtensionValidator::present(Criticality::Agnostic, Some(ca::key_usage)), + subject_alternative_name: ExtensionValidator::maybe_present( + Criticality::Agnostic, + None, + ), + // 5280 4.2.1.9: Basic Constraints + basic_constraints: ExtensionValidator::present( + Criticality::Critical, + Some(ca::basic_constraints), + ), + // 5280 4.2.1.10: Name Constraints + // NOTE: MUST be critical in 5280, but CABF relaxes to MAY. + name_constraints: ExtensionValidator::maybe_present( + Criticality::Agnostic, + Some(ca::name_constraints), + ), + // 5280: 4.2.1.12: Extended Key Usage + // NOTE: CABF requires EKUs in many non-root CA certs, but validators widely + // ignore this requirement and treat a missing EKU as "any EKU". + // We choose to be permissive here. + extended_key_usage: ExtensionValidator::maybe_present( + Criticality::NonCritical, + Some(ca::extended_key_usage), + ), + }, + ee_extension_policy: ExtensionPolicy { + // 5280 4.2.2.1: Authority Information Access + authority_information_access: ExtensionValidator::maybe_present( + Criticality::NonCritical, + Some(common::authority_information_access), + ), + // 5280 4.2.1.1.: Authority Key Identifier + authority_key_identifier: ExtensionValidator::present( + Criticality::NonCritical, + None, + ), + subject_key_identifier: ExtensionValidator::maybe_present( + Criticality::Agnostic, + None, + ), + // 5280 4.2.1.3: Key Usage + key_usage: ExtensionValidator::maybe_present( + Criticality::Agnostic, + Some(ee::key_usage), + ), + // CA/B 7.1.2.7.12 Subscriber Certificate Subject Alternative Name + // This validator handles both client and server cases by only matching against + // the SAN if the profile contains a subject, which it won't in the client + // validation case. + subject_alternative_name: ExtensionValidator::present( + Criticality::Agnostic, + Some(ee::subject_alternative_name), + ), + // 5280 4.2.1.9: Basic Constraints + basic_constraints: ExtensionValidator::maybe_present( + Criticality::Agnostic, + Some(ee::basic_constraints), + ), + // 5280 4.2.1.10: Name Constraints + name_constraints: ExtensionValidator::not_present(), + // CA/B: 7.1.2.7.10: Subscriber Certificate Extended Key Usage + // NOTE: CABF requires EKUs in EE certs, while RFC 5280 does not. + extended_key_usage: ExtensionValidator::maybe_present( + Criticality::NonCritical, + Some(ee::extended_key_usage), + ), + }, + } + } + + /// Create a new policy with suitable defaults for client certification + /// validation. + /// + /// **IMPORTANT**: This is **not** the appropriate API for verifying + /// website (i.e. server) certificates. For that, you **must** use + /// [`Policy::server`]. + pub fn client(ops: B, time: asn1::DateTime, max_chain_depth: Option) -> Self { + Self::new( + ops, + None, + time, + max_chain_depth, + EKU_CLIENT_AUTH_OID.clone(), + ) + } + + /// Create a new policy with defaults for the server certificate profile + /// defined in the CA/B Forum's Basic Requirements. + pub fn server( + ops: B, + subject: Subject<'a>, + time: asn1::DateTime, + max_chain_depth: Option, + ) -> Self { + Self::new( + ops, + Some(subject), + time, + max_chain_depth, + EKU_SERVER_AUTH_OID.clone(), + ) + } + + fn permits_basic(&self, cert: &Certificate<'_>) -> Result<(), ValidationError> { + // CA/B 7.1.1: + // Certificates MUST be of type X.509 v3. + if cert.tbs_cert.version != 2 { + return Err(ValidationError::Other( + "certificate must be an X509v3 certificate".to_string(), + )); + } + + // 5280 4.1.1.2 / 4.1.2.3: signatureAlgorithm / TBS Certificate Signature + // The top-level signatureAlgorithm and TBSCert signature algorithm + // MUST match. + if cert.signature_alg != cert.tbs_cert.signature_alg { + return Err(ValidationError::Other( + "mismatch between signatureAlgorithm and SPKI algorithm".to_string(), + )); + } + + // 5280 4.1.2.2: Serial Number + // Per 5280: The serial number MUST be a positive integer. + // In practice, there are a few roots in common trust stores (like certifi) + // that have `serial == 0`, so we can't enforce this yet. + let serial = cert.tbs_cert.serial; + if !(1..=21).contains(&serial.as_bytes().len()) { + // Conforming CAs MUST NOT use serial numbers longer than 20 octets. + // NOTE: In practice, this requires us to check for an encoding of + // 21 octets, since some CAs generate 20 bytes of randomness and + // then forget to check whether that number would be negative, resulting + // in a 21-byte encoding. + return Err(ValidationError::Other( + "certificate must have a serial between 1 and 20 octets".to_string(), + )); + } else if serial.is_negative() { + return Err(ValidationError::Other( + "certificate serial number cannot be negative".to_string(), + )); + } + + // 5280 4.1.2.4: Issuer + // The issuer MUST be a non-empty distinguished name. + if cert.issuer().is_empty() { + return Err(ValidationError::Other( + "certificate must have a non-empty Issuer".to_string(), + )); + } + + // 5280 4.1.2.5: Validity + // Validity dates before 2050 MUST be encoded as UTCTime; + // dates in or after 2050 MUST be encoded as GeneralizedTime. + let not_before = cert.tbs_cert.validity.not_before.as_datetime(); + let not_after = cert.tbs_cert.validity.not_after.as_datetime(); + permits_validity_date(&cert.tbs_cert.validity.not_before)?; + permits_validity_date(&cert.tbs_cert.validity.not_after)?; + if &self.validation_time < not_before || &self.validation_time > not_after { + return Err(ValidationError::Other( + "cert is not valid at validation time".to_string(), + )); + } + + Ok(()) + } + + /// Checks whether the given CA certificate is compatible with this policy. + pub(crate) fn permits_ca( + &self, + cert: &Certificate<'_>, + current_depth: u8, + extensions: &Extensions<'_>, + ) -> Result<(), ValidationError> { + self.permits_basic(cert)?; + + // 5280 4.1.2.6: Subject + // CA certificates MUST have a subject populated with a non-empty distinguished name. + // No check required here: `permits_basic` checks that the issuer is non-empty + // and `ChainBuilder::potential_issuers` enforces subject/issuer matching, + // meaning that an CA with an empty subject cannot occur in a built chain. + + // NOTE: This conceptually belongs in `valid_issuer`, but is easier + // to test here. It's also conceptually an extension policy, but + // requires a bit of extra external state (`current_depth`) that isn't + // presently convenient to push into that layer. + // + // NOTE: BasicConstraints is required via `ca_extension_policies`, + // so we always take this branch. + if let Some(bc) = extensions.get_extension(&BASIC_CONSTRAINTS_OID) { + let bc: BasicConstraints = bc.value()?; + + if bc + .path_length + .map_or(false, |len| u64::from(current_depth) > len) + { + return Err(ValidationError::Other( + "path length constraint violated".to_string(), + ))?; + } + } + + self.ca_extension_policy.permits(self, cert, extensions)?; + + Ok(()) + } + + /// Checks whether the given EE certificate is compatible with this policy. + pub(crate) fn permits_ee( + &self, + cert: &Certificate<'_>, + extensions: &Extensions<'_>, + ) -> Result<(), ValidationError> { + self.permits_basic(cert)?; + + self.ee_extension_policy.permits(self, cert, extensions)?; + + Ok(()) + } + + /// Checks whether `issuer` is a valid issuing CA for `child` at a + /// path-building depth of `current_depth`. + /// + /// This checks that `issuer` is permitted under this policy and that + /// it was used to sign for `child`. + /// + /// As a precondition, the caller must have already checked that + /// `issuer.subject() == child.issuer()`. + /// + /// On success, this function returns the new path-building depth. This + /// may or may not be a higher number than the original depth, depending + /// on the kind of validation performed (e.g., whether the issuer was + /// self-issued). + pub(crate) fn valid_issuer( + &self, + issuer: &VerificationCertificate<'_, B>, + child: &Certificate<'_>, + current_depth: u8, + issuer_extensions: &Extensions<'_>, + ) -> Result<(), ValidationError> { + // The issuer needs to be a valid CA at the current depth. + self.permits_ca(issuer.certificate(), current_depth, issuer_extensions)?; + + // CA/B 7.1.3.1 SubjectPublicKeyInfo + // NOTE: We check the issuer's SPKI here, since the issuer is + // definitionally a CA and thus subject to CABF key requirements. + if !self + .permitted_public_key_algorithms + .contains(&issuer.certificate().tbs_cert.spki.algorithm) + { + return Err(ValidationError::Other(format!( + "Forbidden public key algorithm: {:?}", + &child.tbs_cert.spki.algorithm + ))); + } + + // CA/B 7.1.3.2 Signature AlgorithmIdentifier + // NOTE: We check the child's signature here, since the issuer's + // signature is not necessarily subject to signature checks (e.g. + // if it's a root). This works out transitively, as any non root-issuer + // will be checked in its recursive step (where it'll be in the child + // position). + if !self + .permitted_signature_algorithms + .contains(&child.signature_alg) + { + return Err(ValidationError::Other(format!( + "Forbidden signature algorithm: {:?}", + &child.signature_alg + ))); + } + + // CA/B 6.1.5: Key sizes + // NOTE: We don't currently enforce that RSA moduli are divisible by 8, + // since other implementations don't bother. + let issuer_spki = &issuer.certificate().tbs_cert.spki; + if matches!( + issuer_spki.algorithm.params, + AlgorithmParameters::Rsa(_) | AlgorithmParameters::RsaPss(_) + ) { + let rsa_key: Pkcs1RsaPublicKey<'_> = + asn1::parse_single(issuer_spki.subject_public_key.as_bytes())?; + + if rsa_key.n.as_bytes().len() * 8 < self.minimum_rsa_modulus { + return Err(ValidationError::Other("RSA key is too weak".into())); + } + } + + let pk = issuer + .public_key(&self.ops) + .map_err(|_| ValidationError::Other("issuer has malformed public key".to_string()))?; + if self.ops.verify_signed_by(child, pk).is_err() { + return Err(ValidationError::Other( + "signature does not match".to_string(), + )); + } + + Ok(()) + } +} + +fn permits_validity_date(validity_date: &Time) -> Result<(), ValidationError> { + const GENERALIZED_DATE_INVALIDITY_RANGE: Range = 1950..2050; + + // NOTE: The inverse check on `asn1::UtcTime` is already done for us + // by the variant's constructor. + if let Time::GeneralizedTime(_) = validity_date { + if GENERALIZED_DATE_INVALIDITY_RANGE.contains(&validity_date.as_datetime().year()) { + return Err(ValidationError::Other( + "validity dates between 1950 and 2049 must be UtcTime".to_string(), + )); + } + } + + Ok(()) +} + +#[cfg(test)] +mod tests { + use std::ops::Deref; + + use asn1::{DateTime, SequenceOfWriter}; + use cryptography_x509::common::Time; + use cryptography_x509::{ + extensions::SubjectAlternativeName, + name::{GeneralName, UnvalidatedIA5String}, + }; + + use super::{ + permits_validity_date, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSASSA_PKCS1V15_SHA256, + RSASSA_PKCS1V15_SHA384, RSASSA_PKCS1V15_SHA512, RSASSA_PSS_SHA256, RSASSA_PSS_SHA384, + RSASSA_PSS_SHA512, WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS, + }; + use crate::{ + policy::{ + Subject, SPKI_RSA, SPKI_SECP256R1, SPKI_SECP384R1, SPKI_SECP521R1, + WEBPKI_PERMITTED_SPKI_ALGORITHMS, + }, + types::{DNSName, IPAddress}, + }; + + #[test] + fn test_webpki_permitted_spki_algorithms_canonical_encodings() { + { + assert!(WEBPKI_PERMITTED_SPKI_ALGORITHMS.contains(&SPKI_RSA)); + let exp_encoding = b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00"; + assert_eq!(asn1::write_single(&SPKI_RSA).unwrap(), exp_encoding); + } + + { + assert!(WEBPKI_PERMITTED_SPKI_ALGORITHMS.contains(&SPKI_SECP256R1)); + let exp_encoding = b"0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07"; + assert_eq!(asn1::write_single(&SPKI_SECP256R1).unwrap(), exp_encoding); + } + + { + assert!(WEBPKI_PERMITTED_SPKI_ALGORITHMS.contains(&SPKI_SECP384R1)); + let exp_encoding = b"0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\x00\""; + assert_eq!(asn1::write_single(&SPKI_SECP384R1).unwrap(), exp_encoding); + } + + { + assert!(WEBPKI_PERMITTED_SPKI_ALGORITHMS.contains(&SPKI_SECP521R1)); + let exp_encoding = b"0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\x00#"; + assert_eq!(asn1::write_single(&SPKI_SECP521R1).unwrap(), exp_encoding); + } + } + + #[test] + fn test_webpki_permitted_signature_algorithms_canonical_encodings() { + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PKCS1V15_SHA256)); + let exp_encoding = b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00"; + assert_eq!( + asn1::write_single(&RSASSA_PKCS1V15_SHA256).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PKCS1V15_SHA384)); + let exp_encoding = b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\x00"; + assert_eq!( + asn1::write_single(&RSASSA_PKCS1V15_SHA384).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PKCS1V15_SHA512)); + let exp_encoding = b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\r\x05\x00"; + assert_eq!( + asn1::write_single(&RSASSA_PKCS1V15_SHA512).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PSS_SHA256.deref())); + let exp_encoding = b"0A\x06\t*\x86H\x86\xf7\r\x01\x01\n04\xa0\x0f0\r\x06\t`\x86H\x01e\x03\x04\x02\x01\x05\x00\xa1\x1c0\x1a\x06\t*\x86H\x86\xf7\r\x01\x01\x080\r\x06\t`\x86H\x01e\x03\x04\x02\x01\x05\x00\xa2\x03\x02\x01 "; + assert_eq!( + asn1::write_single(&RSASSA_PSS_SHA256.deref()).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PSS_SHA384.deref())); + let exp_encoding = b"0A\x06\t*\x86H\x86\xf7\r\x01\x01\n04\xa0\x0f0\r\x06\t`\x86H\x01e\x03\x04\x02\x02\x05\x00\xa1\x1c0\x1a\x06\t*\x86H\x86\xf7\r\x01\x01\x080\r\x06\t`\x86H\x01e\x03\x04\x02\x02\x05\x00\xa2\x03\x02\x010"; + assert_eq!( + asn1::write_single(&RSASSA_PSS_SHA384.deref()).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&RSASSA_PSS_SHA512.deref())); + let exp_encoding = b"0A\x06\t*\x86H\x86\xf7\r\x01\x01\n04\xa0\x0f0\r\x06\t`\x86H\x01e\x03\x04\x02\x03\x05\x00\xa1\x1c0\x1a\x06\t*\x86H\x86\xf7\r\x01\x01\x080\r\x06\t`\x86H\x01e\x03\x04\x02\x03\x05\x00\xa2\x03\x02\x01@"; + assert_eq!( + asn1::write_single(&RSASSA_PSS_SHA512.deref()).unwrap(), + exp_encoding + ); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&ECDSA_SHA256)); + let exp_encoding = b"0\n\x06\x08*\x86H\xce=\x04\x03\x02"; + assert_eq!(asn1::write_single(&ECDSA_SHA256).unwrap(), exp_encoding); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&ECDSA_SHA384)); + let exp_encoding = b"0\n\x06\x08*\x86H\xce=\x04\x03\x03"; + assert_eq!(asn1::write_single(&ECDSA_SHA384).unwrap(), exp_encoding); + } + + { + assert!(WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS.contains(&ECDSA_SHA512)); + let exp_encoding = b"0\n\x06\x08*\x86H\xce=\x04\x03\x04"; + assert_eq!(asn1::write_single(&ECDSA_SHA512).unwrap(), exp_encoding); + } + } + + #[test] + fn test_subject_matches() { + let domain_sub = Subject::DNS(DNSName::new("test.cryptography.io").unwrap()); + let ip_sub = Subject::IP(IPAddress::from_str("127.0.0.1").unwrap()); + + // Single SAN, domain wildcard. + { + let domain_gn = GeneralName::DNSName(UnvalidatedIA5String("*.cryptography.io")); + let san_der = asn1::write_single(&SequenceOfWriter::new([domain_gn])).unwrap(); + let any_cryptography_io = + asn1::parse_single::>(&san_der).unwrap(); + + assert!(domain_sub.matches(&any_cryptography_io)); + assert!(!ip_sub.matches(&any_cryptography_io)); + } + + // Single SAN, IP address. + { + let ip_gn = GeneralName::IPAddress(&[127, 0, 0, 1]); + let san_der = asn1::write_single(&SequenceOfWriter::new([ip_gn])).unwrap(); + let localhost = asn1::parse_single::>(&san_der).unwrap(); + + assert!(ip_sub.matches(&localhost)); + assert!(!domain_sub.matches(&localhost)); + } + + // Multiple SANs, both domain wildcard and IP address. + { + let domain_gn = GeneralName::DNSName(UnvalidatedIA5String("*.cryptography.io")); + let ip_gn = GeneralName::IPAddress(&[127, 0, 0, 1]); + let san_der = asn1::write_single(&SequenceOfWriter::new([domain_gn, ip_gn])).unwrap(); + + let any_cryptography_io_or_localhost = + asn1::parse_single::>(&san_der).unwrap(); + + assert!(domain_sub.matches(&any_cryptography_io_or_localhost)); + assert!(ip_sub.matches(&any_cryptography_io_or_localhost)); + } + + // Single SAN, invalid domain pattern. + { + let domain_gn = GeneralName::DNSName(UnvalidatedIA5String("*es*.cryptography.io")); + let san_der = asn1::write_single(&SequenceOfWriter::new([domain_gn])).unwrap(); + let any_cryptography_io = + asn1::parse_single::>(&san_der).unwrap(); + + assert!(!domain_sub.matches(&any_cryptography_io)); + } + } + + #[test] + fn test_validity_date() { + { + // Pre-2050 date. + let utc_dt = DateTime::new(1980, 1, 1, 0, 0, 0).unwrap(); + let generalized_dt = utc_dt.clone(); + let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap()); + let generalized_validity = + Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&utc_validity).is_ok()); + assert!(permits_validity_date(&generalized_validity).is_err()); + } + { + // 2049 date. + let utc_dt = DateTime::new(2049, 1, 1, 0, 0, 0).unwrap(); + let generalized_dt = utc_dt.clone(); + let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap()); + let generalized_validity = + Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&utc_validity).is_ok()); + assert!(permits_validity_date(&generalized_validity).is_err()); + } + { + // 2050 date. + let utc_dt = DateTime::new(2050, 1, 1, 0, 0, 0).unwrap(); + let generalized_dt = utc_dt.clone(); + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = + Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + { + // 2051 date. + let utc_dt = DateTime::new(2051, 1, 1, 0, 0, 0).unwrap(); + let generalized_dt = utc_dt.clone(); + // The `asn1::UtcTime` constructor prevents this. + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = + Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + { + // Post-2050 date. + let utc_dt = DateTime::new(3050, 1, 1, 0, 0, 0).unwrap(); + let generalized_dt = utc_dt.clone(); + // The `asn1::UtcTime` constructor prevents this. + assert!(asn1::UtcTime::new(utc_dt).is_err()); + let generalized_validity = + Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap()); + assert!(permits_validity_date(&generalized_validity).is_ok()); + } + } +} diff --git a/src/rust/cryptography-x509-verification/src/trust_store.rs b/src/rust/cryptography-x509-verification/src/trust_store.rs new file mode 100644 index 0000000..1d76bd5 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/trust_store.rs @@ -0,0 +1,60 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::collections::HashMap; + +use cryptography_x509::name::Name; + +use crate::CryptoOps; +use crate::VerificationCertificate; + +/// A `Store` represents the core state needed for X.509 path validation. +pub struct Store<'a, B: CryptoOps> { + by_subject: HashMap, Vec>>, +} + +impl<'a, B: CryptoOps> Store<'a, B> { + /// Create a new `Store` from the given iterable certificate source. + pub fn new(trusted: impl IntoIterator>) -> Self { + let mut by_subject: HashMap, Vec>> = HashMap::new(); + for cert in trusted { + by_subject + .entry(cert.certificate().tbs_cert.subject.clone()) + .or_default() + .push(cert); + } + Store { by_subject } + } + + /// Returns whether this store contains the given certificate. + pub fn contains(&self, cert: &VerificationCertificate<'a, B>) -> bool { + self.get_by_subject(&cert.certificate().tbs_cert.subject) + .contains(cert) + } + + pub fn get_by_subject(&self, subject: &Name<'a>) -> &[VerificationCertificate<'a, B>] { + self.by_subject + .get(subject) + .map(|v| v.as_slice()) + .unwrap_or_default() + } +} + +#[cfg(test)] +mod tests { + use super::Store; + use crate::certificate::tests::PublicKeyErrorOps; + use crate::ops::tests::{cert, v1_cert_pem}; + use crate::VerificationCertificate; + + #[test] + fn test_store() { + let cert_pem = v1_cert_pem(); + let cert1 = VerificationCertificate::new(cert(&cert_pem), ()); + let cert2 = VerificationCertificate::new(cert(&cert_pem), ()); + let store = Store::<'_, PublicKeyErrorOps>::new([cert1]); + + assert!(store.contains(&cert2)); + } +} diff --git a/src/rust/cryptography-x509-verification/src/types.rs b/src/rust/cryptography-x509-verification/src/types.rs new file mode 100644 index 0000000..dfb05b9 --- /dev/null +++ b/src/rust/cryptography-x509-verification/src/types.rs @@ -0,0 +1,863 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::net::IpAddr; +use std::str::FromStr; + +use asn1::IA5String; + +// RFC 2822 3.2.4 +static ATEXT_CHARS: &str = "!#$%&'*+-/=?^_`{|}~"; + +/// A `DNSName` is an `asn1::IA5String` with additional invariant preservations +/// per [RFC 5280 4.2.1.6], which in turn uses the preferred name syntax defined +/// in [RFC 1034 3.5] and amended in [RFC 1123 2.1]. +/// +/// Non-ASCII domain names (i.e., internationalized names) must be pre-encoded; +/// comparisons are case-insensitive. +/// +/// [RFC 5280 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 +/// [RFC 1034 3.5]: https://datatracker.ietf.org/doc/html/rfc1034#section-3.5 +/// [RFC 1123 2.1]: https://datatracker.ietf.org/doc/html/rfc1123#section-2.1 +/// +/// ```rust +/// # use cryptography_x509_verification::types::DNSName; +/// assert_eq!(DNSName::new("foo.com").unwrap(), DNSName::new("FOO.com").unwrap()); +/// ``` +#[derive(Clone, Debug)] +pub struct DNSName<'a>(asn1::IA5String<'a>); + +impl<'a> DNSName<'a> { + pub fn new(value: &'a str) -> Option { + // Domains cannot be empty and must (practically) + // be less than 253 characters (255 in RFC 1034's octet encoding). + if value.is_empty() || value.len() > 253 { + None + } else { + for label in value.split('.') { + // Individual labels cannot be empty; cannot exceed 63 characters; + // cannot start or end with `-`. + // NOTE: RFC 1034's grammar prohibits consecutive hyphens, but these + // are used as part of the IDN prefix (e.g. `xn--`)'; we allow them here. + if label.is_empty() + || label.len() > 63 + || label.starts_with('-') + || label.ends_with('-') + { + return None; + } + + // Labels must only contain `a-zA-Z0-9-`. + if !label.chars().all(|c| c.is_ascii_alphanumeric() || c == '-') { + return None; + } + } + asn1::IA5String::new(value).map(Self) + } + } + + pub fn as_str(&self) -> &'a str { + self.0.as_str() + } + + /// Return this `DNSName`'s parent domain, if it has one. + /// + /// ```rust + /// # use cryptography_x509_verification::types::DNSName; + /// let domain = DNSName::new("foo.example.com").unwrap(); + /// assert_eq!(domain.parent().unwrap().as_str(), "example.com"); + /// ``` + pub fn parent(&self) -> Option { + match self.as_str().split_once('.') { + Some((_, parent)) => Self::new(parent), + None => None, + } + } + + /// Returns this DNS name's labels, in reversed order + /// (from top-level domain to most-specific subdomain). + fn rlabels(&self) -> impl Iterator { + self.as_str().rsplit('.') + } + + /// Returns true if this domain is a subdomain of the other domain. + fn is_subdomain_of(&self, other: &DNSName<'_>) -> bool { + // NOTE: This is nearly identical to `DNSConstraint::matches`, + // except that the subdomain must be strictly longer than the parent domain. + self.as_str().len() > other.as_str().len() + && self + .rlabels() + .zip(other.rlabels()) + .all(|(a, o)| a.eq_ignore_ascii_case(o)) + } +} + +impl PartialEq for DNSName<'_> { + fn eq(&self, other: &Self) -> bool { + // DNS names are always case-insensitive. + self.as_str().eq_ignore_ascii_case(other.as_str()) + } +} + +/// A `DNSPattern` represents a subset of the domain name wildcard matching +/// behavior defined in [RFC 6125 6.4.3]. In particular, all DNS patterns +/// must either be exact matches (post-normalization) *or* a single wildcard +/// matching a full label in the left-most label position. Partial label matching +/// (e.g. `f*o.example.com`) is not supported, nor is non-left-most matching +/// (e.g. `foo.*.example.com`). +/// +/// [RFC 6125 6.4.3]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3 +#[derive(Debug, PartialEq)] +pub enum DNSPattern<'a> { + Exact(DNSName<'a>), + Wildcard(DNSName<'a>), +} + +impl<'a> DNSPattern<'a> { + pub fn new(pat: &'a str) -> Option { + if let Some(pat) = pat.strip_prefix("*.") { + DNSName::new(pat).map(Self::Wildcard) + } else { + DNSName::new(pat).map(Self::Exact) + } + } + + pub fn matches(&self, name: &DNSName<'_>) -> bool { + match self { + Self::Exact(pat) => pat == name, + Self::Wildcard(pat) => match name.parent() { + Some(ref parent) => pat == parent, + // No parent means we have a single label; wildcards cannot match single labels. + None => false, + }, + } + } +} + +/// A `DNSConstraint` represents a DNS name constraint as defined in [RFC 5280 4.2.1.10]. +/// +/// [RFC 5280 4.2.1.10]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 +pub struct DNSConstraint<'a>(DNSName<'a>); + +impl<'a> DNSConstraint<'a> { + pub fn new(pattern: &'a str) -> Option { + DNSName::new(pattern).map(Self) + } + + /// Returns true if this `DNSConstraint` matches the given name. + /// + /// Constraint matching is defined by RFC 5280: any DNS name that can + /// be constructed by simply adding zero or more labels to the left-hand + /// side of the name satisfies the name constraint. + /// + /// ```rust + /// # use cryptography_x509_verification::types::{DNSConstraint, DNSName}; + /// let example_com = DNSName::new("example.com").unwrap(); + /// let badexample_com = DNSName::new("badexample.com").unwrap(); + /// let foo_example_com = DNSName::new("foo.example.com").unwrap(); + /// assert!(DNSConstraint::new(example_com.as_str()).unwrap().matches(&example_com)); + /// assert!(DNSConstraint::new(example_com.as_str()).unwrap().matches(&foo_example_com)); + /// assert!(!DNSConstraint::new(example_com.as_str()).unwrap().matches(&badexample_com)); + /// ``` + pub fn matches(&self, name: &DNSName<'_>) -> bool { + // NOTE: This may seem like an obtuse way to perform label matching, + // but it saves us a few allocations: doing a substring check instead + // would require us to clone each string and do case normalization. + // Note also that we check the length in advance: Rust's zip + // implementation terminates with the shorter iterator, so we need + // to first check that the candidate name is at least as long as + // the constraint it's matching against. + name.as_str().len() >= self.0.as_str().len() + && self + .0 + .rlabels() + .zip(name.rlabels()) + .all(|(a, o)| a.eq_ignore_ascii_case(o)) + } +} + +#[derive(Copy, Clone, Debug, PartialEq, Eq)] +pub struct IPAddress(IpAddr); + +/// An `IPAddress` represents an IP address as defined in [RFC 5280 4.2.1.6]. +/// +/// [RFC 5280 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 +impl IPAddress { + #[allow(clippy::should_implement_trait)] + pub fn from_str(s: &str) -> Option { + IpAddr::from_str(s).ok().map(Self::from) + } + + /// Constructs an `IPAddress` from a slice. The provided data must be + /// 4 (IPv4) or 16 (IPv6) bytes in "network byte order", as specified by + /// [RFC 5280]. + /// + /// [RFC 5280]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 + pub fn from_bytes(b: &[u8]) -> Option { + match b.len() { + 4 => { + let b: [u8; 4] = b.try_into().ok()?; + Some(IpAddr::from(b).into()) + } + 16 => { + let b: [u8; 16] = b.try_into().ok()?; + Some(IpAddr::from(b).into()) + } + _ => None, + } + } + + /// Parses the octets of the `IPAddress` as a mask. If it is well-formed, + /// i.e., has only one contiguous block of set bits starting from the most + /// significant bit, a prefix is returned. + pub fn as_prefix(&self) -> Option { + let (leading, total) = match self.0 { + IpAddr::V4(a) => { + let data = u32::from_be_bytes(a.octets()); + (data.leading_ones(), data.count_ones()) + } + IpAddr::V6(a) => { + let data = u128::from_be_bytes(a.octets()); + (data.leading_ones(), data.count_ones()) + } + }; + + if leading != total { + None + } else { + Some(leading as u8) + } + } + + /// Returns a new `IPAddress` with the first `prefix` bits of the `IPAddress`. + /// + /// ```rust + /// # use cryptography_x509_verification::types::IPAddress; + /// let ip = IPAddress::from_str("192.0.2.1").unwrap(); + /// assert_eq!(ip.mask(24), IPAddress::from_str("192.0.2.0").unwrap()); + /// ``` + pub fn mask(&self, prefix: u8) -> Self { + match self.0 { + IpAddr::V4(a) => { + let prefix = 32u8.saturating_sub(prefix).into(); + let masked = u32::from_be_bytes(a.octets()) + & u32::MAX + .checked_shr(prefix) + .unwrap_or(0) + .checked_shl(prefix) + .unwrap_or(0); + Self::from_bytes(&masked.to_be_bytes()).unwrap() + } + IpAddr::V6(a) => { + let prefix = 128u8.saturating_sub(prefix).into(); + let masked = u128::from_be_bytes(a.octets()) + & u128::MAX + .checked_shr(prefix) + .unwrap_or(0) + .checked_shl(prefix) + .unwrap_or(0); + Self::from_bytes(&masked.to_be_bytes()).unwrap() + } + } + } +} + +impl From for IPAddress { + fn from(addr: IpAddr) -> Self { + Self(addr) + } +} + +#[derive(Debug, PartialEq, Eq)] +pub struct IPConstraint { + address: IPAddress, + prefix: u8, +} + +/// An `IPConstraint` represents a CIDR-style IP address range used in a name constraints +/// extension, as defined by [RFC 5280 4.2.1.10]. +/// +/// [RFC 5280 4.2.1.10]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 +impl IPConstraint { + /// Constructs an `IPConstraint` from a slice. The input slice must be 8 (IPv4) + /// or 32 (IPv6) bytes long and contain two IP addresses, the first being + /// a subnet and the second defining the subnet's mask. + /// + /// The subnet mask must contain only one contiguous run of set bits starting + /// from the most significant bit. For example, a valid IPv4 subnet mask would + /// be FF FF 00 00, whereas an invalid IPv4 subnet mask would be FF EF 00 00. + pub fn from_bytes(b: &[u8]) -> Option { + let slice_idx = match b.len() { + 8 => 4, + 32 => 16, + _ => return None, + }; + + let prefix = IPAddress::from_bytes(&b[slice_idx..])?.as_prefix()?; + Some(IPConstraint { + address: IPAddress::from_bytes(&b[..slice_idx])?.mask(prefix), + prefix, + }) + } + + /// Determines if the `addr` is within the `IPConstraint`. + /// + /// ```rust + /// # use cryptography_x509_verification::types::{IPAddress, IPConstraint}; + /// let range_bytes = b"\xc6\x33\x64\x00\xff\xff\xff\x00"; + /// let range = IPConstraint::from_bytes(range_bytes).unwrap(); + /// assert!(range.matches(&IPAddress::from_str("198.51.100.42").unwrap())); + /// ``` + pub fn matches(&self, addr: &IPAddress) -> bool { + self.address == addr.mask(self.prefix) + } +} + +/// An `RFC822Name` represents an email address, as defined in [RFC 822 6.1] +/// and as amended by [RFC 2821 4.1.2]. In particular, it represents the `Mailbox` +/// rule from RFC 2821's grammar. +/// +/// This type does not currently support the quoted local-part form; email +/// addresses that use this form will be rejected. +/// +/// [RFC 822 6.1]: https://datatracker.ietf.org/doc/html/rfc822#section-6.1 +/// [RFC 2821 4.1.2]: https://datatracker.ietf.org/doc/html/rfc2821#section-4.1.2 +#[derive(PartialEq)] +pub struct RFC822Name<'a> { + pub mailbox: IA5String<'a>, + pub domain: DNSName<'a>, +} + +impl<'a> RFC822Name<'a> { + pub fn new(value: &'a str) -> Option { + // Mailbox = Local-part "@" Domain + // Both must be present. + let (local_part, domain) = value.split_once('@')?; + let local_part = IA5String::new(local_part)?; + + // Local-part = Dot-string / Quoted-string + // NOTE(ww): We do not support the Quoted-string form, for now. + // + // Dot-string: Atom *("." Atom) + // Atom = 1*atext + // + // NOTE(ww): `atext`'s production is in RFC 2822 3.2.4. + for component in local_part.as_str().split('.') { + if component.is_empty() + || !component + .chars() + .all(|c| c.is_ascii_alphanumeric() || ATEXT_CHARS.contains(c)) + { + return None; + } + } + + Some(Self { + mailbox: local_part, + domain: DNSName::new(domain)?, + }) + } +} + +/// An `RFC822Constraint` represents a Name Constraint on email addresses. +pub enum RFC822Constraint<'a> { + /// A constraint for an exact match on a specific email address. + Exact(RFC822Name<'a>), + /// A constraint for any mailbox on a particular domain. + OnDomain(DNSName<'a>), + /// A constraint for any mailbox *within* a particular domain. + /// For example, `InDomain("example.com")` will match `foo@bar.example.com` + /// but not `foo@example.com`, since `bar.example.com` is in `example.com` + /// but `example.com` is not within itself. + InDomain(DNSName<'a>), +} + +impl<'a> RFC822Constraint<'a> { + pub fn new(constraint: &'a str) -> Option { + if let Some(constraint) = constraint.strip_prefix('.') { + Some(Self::InDomain(DNSName::new(constraint)?)) + } else if let Some(email) = RFC822Name::new(constraint) { + Some(Self::Exact(email)) + } else { + Some(Self::OnDomain(DNSName::new(constraint)?)) + } + } + + pub fn matches(&self, email: &RFC822Name<'_>) -> bool { + match self { + Self::Exact(pat) => pat == email, + Self::OnDomain(pat) => &email.domain == pat, + Self::InDomain(pat) => email.domain.is_subdomain_of(pat), + } + } +} + +#[cfg(test)] +mod tests { + use crate::types::{DNSConstraint, DNSName, DNSPattern, IPAddress, IPConstraint, RFC822Name}; + + use super::RFC822Constraint; + + #[test] + fn test_dnsname_debug_trait() { + // Just to get coverage on the `Debug` derive. + assert_eq!( + "DNSName(IA5String(\"example.com\"))", + format!("{:?}", DNSName::new("example.com").unwrap()) + ); + } + + #[test] + fn test_dnsname_new() { + assert_eq!(DNSName::new(""), None); + assert_eq!(DNSName::new("."), None); + assert_eq!(DNSName::new(".."), None); + assert_eq!(DNSName::new(".a."), None); + assert_eq!(DNSName::new("a.a."), None); + assert_eq!(DNSName::new(".a"), None); + assert_eq!(DNSName::new("a."), None); + assert_eq!(DNSName::new("a.."), None); + assert_eq!(DNSName::new(" "), None); + assert_eq!(DNSName::new("\t"), None); + assert_eq!(DNSName::new(" whitespace "), None); + assert_eq!(DNSName::new("white. space"), None); + assert_eq!(DNSName::new("!badlabel!"), None); + assert_eq!(DNSName::new("bad!label"), None); + assert_eq!(DNSName::new("goodlabel.!badlabel!"), None); + assert_eq!(DNSName::new("-foo.bar.example.com"), None); + assert_eq!(DNSName::new("foo-.bar.example.com"), None); + assert_eq!(DNSName::new("foo.-bar.example.com"), None); + assert_eq!(DNSName::new("foo.bar-.example.com"), None); + assert_eq!(DNSName::new(&"a".repeat(64)), None); + assert_eq!(DNSName::new("⚠️"), None); + assert_eq!(DNSName::new(".foo.example"), None); + assert_eq!(DNSName::new(".example.com"), None); + + let long_valid_label = "a".repeat(63); + let long_name = std::iter::repeat(long_valid_label) + .take(5) + .collect::>() + .join("."); + assert_eq!(DNSName::new(&long_name), None); + + assert_eq!( + DNSName::new(&"a".repeat(63)).unwrap().as_str(), + "a".repeat(63) + ); + assert_eq!(DNSName::new("example.com").unwrap().as_str(), "example.com"); + assert_eq!( + DNSName::new("123.example.com").unwrap().as_str(), + "123.example.com" + ); + assert_eq!(DNSName::new("EXAMPLE.com").unwrap().as_str(), "EXAMPLE.com"); + assert_eq!(DNSName::new("EXAMPLE.COM").unwrap().as_str(), "EXAMPLE.COM"); + assert_eq!( + DNSName::new("xn--bcher-kva.example").unwrap().as_str(), + "xn--bcher-kva.example" + ); + } + + #[test] + fn test_dnsname_equality() { + assert_ne!( + DNSName::new("foo.example.com").unwrap(), + DNSName::new("example.com").unwrap() + ); + + // DNS name comparisons are case insensitive. + assert_eq!( + DNSName::new("EXAMPLE.COM").unwrap(), + DNSName::new("example.com").unwrap() + ); + assert_eq!( + DNSName::new("ExAmPLe.CoM").unwrap(), + DNSName::new("eXaMplE.cOm").unwrap() + ); + } + + #[test] + fn test_dnsname_parent() { + assert_eq!(DNSName::new("localhost").unwrap().parent(), None); + assert_eq!( + DNSName::new("example.com").unwrap().parent().unwrap(), + DNSName::new("com").unwrap() + ); + assert_eq!( + DNSName::new("foo.example.com").unwrap().parent().unwrap(), + DNSName::new("example.com").unwrap() + ); + } + + #[test] + fn test_dnsname_is_subdomain_of() { + for (sup, sub, check) in &[ + // good cases + ("example.com", "sub.example.com", true), + ("example.com", "a.b.example.com", true), + ("sub.example.com", "sub.sub.example.com", true), + ("sub.example.com", "sub.sub.sub.example.com", true), + ("com", "example.com", true), + ("example.com", "com.example.com", true), + ("example.com", "com.example.example.com", true), + // bad cases + ("example.com", "example.com", false), + ("example.com", "com", false), + ("sub.example.com", "example.com", false), + ("sub.sub.example.com", "sub.sub.example.com", false), + ("sub.sub.example.com", "example.com", false), + ("com.example.com", "com.example.com", false), + ("com.example.example.com", "com.example.example.com", false), + ] { + let sup = DNSName::new(sup).unwrap(); + let sub = DNSName::new(sub).unwrap(); + + assert_eq!(sub.is_subdomain_of(&sup), *check); + } + } + + #[test] + fn test_dnspattern_new() { + assert_eq!(DNSPattern::new("*"), None); + assert_eq!(DNSPattern::new("*."), None); + assert_eq!(DNSPattern::new("f*o.example.com"), None); + assert_eq!(DNSPattern::new("*oo.example.com"), None); + assert_eq!(DNSPattern::new("fo*.example.com"), None); + assert_eq!(DNSPattern::new("foo.*.example.com"), None); + assert_eq!(DNSPattern::new("*.foo.*.example.com"), None); + + assert_eq!( + DNSPattern::new("example.com").unwrap(), + DNSPattern::Exact(DNSName::new("example.com").unwrap()) + ); + assert_eq!( + DNSPattern::new("*.example.com").unwrap(), + DNSPattern::Wildcard(DNSName::new("example.com").unwrap()) + ); + } + + #[test] + fn test_dnspattern_matches() { + let exactly_localhost = DNSPattern::new("localhost").unwrap(); + let any_localhost = DNSPattern::new("*.localhost").unwrap(); + let exactly_example_com = DNSPattern::new("example.com").unwrap(); + let any_example_com = DNSPattern::new("*.example.com").unwrap(); + + // Exact patterns match only the exact name. + assert!(exactly_localhost.matches(&DNSName::new("localhost").unwrap())); + assert!(exactly_localhost.matches(&DNSName::new("LOCALHOST").unwrap())); + assert!(exactly_example_com.matches(&DNSName::new("example.com").unwrap())); + assert!(exactly_example_com.matches(&DNSName::new("EXAMPLE.com").unwrap())); + assert!(!exactly_example_com.matches(&DNSName::new("foo.example.com").unwrap())); + + // Wildcard patterns match any subdomain, but not the parent or nested subdomains. + assert!(any_example_com.matches(&DNSName::new("foo.example.com").unwrap())); + assert!(any_example_com.matches(&DNSName::new("bar.example.com").unwrap())); + assert!(any_example_com.matches(&DNSName::new("BAZ.example.com").unwrap())); + assert!(!any_example_com.matches(&DNSName::new("example.com").unwrap())); + assert!(!any_example_com.matches(&DNSName::new("foo.bar.example.com").unwrap())); + assert!(!any_example_com.matches(&DNSName::new("foo.bar.baz.example.com").unwrap())); + assert!(!any_localhost.matches(&DNSName::new("localhost").unwrap())); + } + + #[test] + fn test_dnsconstraint_new() { + assert!(DNSConstraint::new("").is_none()); + assert!(DNSConstraint::new(".").is_none()); + assert!(DNSConstraint::new("*.").is_none()); + assert!(DNSConstraint::new("*").is_none()); + assert!(DNSConstraint::new(".example").is_none()); + assert!(DNSConstraint::new("*.example").is_none()); + assert!(DNSConstraint::new("*.example.com").is_none()); + + assert!(DNSConstraint::new("example").is_some()); + assert!(DNSConstraint::new("example.com").is_some()); + assert!(DNSConstraint::new("foo.example.com").is_some()); + } + + #[test] + fn test_dnsconstraint_matches() { + let example_com = DNSConstraint::new("example.com").unwrap(); + + // Exact domain and arbitrary subdomains match. + assert!(example_com.matches(&DNSName::new("example.com").unwrap())); + assert!(example_com.matches(&DNSName::new("foo.example.com").unwrap())); + assert!(example_com.matches(&DNSName::new("foo.bar.baz.quux.example.com").unwrap())); + + // Parent domains, distinct domains, and substring domains do not match. + assert!(!example_com.matches(&DNSName::new("com").unwrap())); + assert!(!example_com.matches(&DNSName::new("badexample.com").unwrap())); + assert!(!example_com.matches(&DNSName::new("wrong.com").unwrap())); + } + + #[test] + fn test_ipaddress_from_str() { + assert_ne!(IPAddress::from_str("192.168.1.1"), None) + } + + #[test] + fn test_ipaddress_from_bytes() { + let ipv4 = b"\xc0\x00\x02\x01"; + let ipv6 = b"\x20\x01\x0d\xb8\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x01"; + let bad = b"\xde\xad"; + + assert_eq!( + IPAddress::from_bytes(ipv4).unwrap(), + IPAddress::from_str("192.0.2.1").unwrap(), + ); + assert_eq!( + IPAddress::from_bytes(ipv6).unwrap(), + IPAddress::from_str("2001:db8::1").unwrap(), + ); + assert_eq!(IPAddress::from_bytes(bad), None); + } + + #[test] + fn test_ipaddress_as_prefix() { + let ipv4 = IPAddress::from_str("255.255.255.0").unwrap(); + let ipv6 = IPAddress::from_str("ffff:ffff:ffff:ffff::").unwrap(); + let ipv4_nonmask = IPAddress::from_str("192.0.2.1").unwrap(); + let ipv6_nonmask = IPAddress::from_str("2001:db8::1").unwrap(); + + assert_eq!(ipv4.as_prefix(), Some(24)); + assert_eq!(ipv6.as_prefix(), Some(64)); + assert_eq!(ipv4_nonmask.as_prefix(), None); + assert_eq!(ipv6_nonmask.as_prefix(), None); + } + + #[test] + fn test_ipaddress_mask() { + let ipv4 = IPAddress::from_str("192.0.2.252").unwrap(); + let ipv6 = IPAddress::from_str("2001:db8::f00:01ba").unwrap(); + + assert_eq!(ipv4.mask(0), IPAddress::from_str("0.0.0.0").unwrap()); + assert_eq!(ipv4.mask(64), ipv4); + assert_eq!(ipv4.mask(32), ipv4); + assert_eq!(ipv4.mask(24), IPAddress::from_str("192.0.2.0").unwrap()); + assert_eq!(ipv6.mask(0), IPAddress::from_str("::0").unwrap()); + assert_eq!(ipv6.mask(130), ipv6); + assert_eq!(ipv6.mask(128), ipv6); + assert_eq!(ipv6.mask(64), IPAddress::from_str("2001:db8::").unwrap()); + assert_eq!( + ipv6.mask(103), + IPAddress::from_str("2001:db8::e00:0").unwrap() + ); + } + + #[test] + fn test_ipconstraint_from_bytes() { + let ipv4_bad = b"\xc0\xa8\x01\x01\xff\xfe\xff\x00"; + let ipv4_bad_many_bits = b"\xc0\xa8\x01\x01\xff\xfc\xff\x00"; + let ipv4_bad_octet = b"\xc0\xa8\x01\x01\x00\xff\xff\xff"; + let ipv6_bad = b"\ + \x26\x01\x00\x00\x00\x00\x00\x01\ + \x00\x00\x00\x00\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x01\ + \x00\x00\x00\x00\x00\x00\x00\x00"; + let ipv6_good = b"\ + \x20\x01\x0d\xb8\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x01\ + \xf0\x00\x00\x00\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x00"; + let bad = b"\xff\xff\xff"; + + assert_eq!(IPConstraint::from_bytes(ipv4_bad), None); + assert_eq!(IPConstraint::from_bytes(ipv4_bad_many_bits), None); + assert_eq!(IPConstraint::from_bytes(ipv4_bad_octet), None); + assert_eq!(IPConstraint::from_bytes(ipv6_bad), None); + assert_ne!(IPConstraint::from_bytes(ipv6_good), None); + assert_eq!(IPConstraint::from_bytes(bad), None); + + // 192.168.1.1/16 + let ipv4_with_extra = b"\xc0\xa8\x01\x01\xff\xff\x00\x00"; + assert_ne!(IPConstraint::from_bytes(ipv4_with_extra), None); + + // 192.168.0.0/16 + let ipv4_masked = b"\xc0\xa8\x00\x00\xff\xff\x00\x00"; + assert_eq!( + IPConstraint::from_bytes(ipv4_with_extra), + IPConstraint::from_bytes(ipv4_masked) + ); + } + + #[test] + fn test_ipconstraint_matches() { + // 192.168.1.1/16 + let ipv4 = IPConstraint::from_bytes(b"\xc0\xa8\x01\x01\xff\xff\x00\x00").unwrap(); + let ipv4_32 = IPConstraint::from_bytes(b"\xc0\x00\x02\xde\xff\xff\xff\xff").unwrap(); + let ipv6 = IPConstraint::from_bytes( + b"\x26\x00\x0d\xb8\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x01\ + \xff\xff\xff\xff\x00\x00\x00\x00\ + \x00\x00\x00\x00\x00\x00\x00\x00", + ) + .unwrap(); + let ipv6_128 = IPConstraint::from_bytes( + b"\x26\x00\x0d\xb8\x00\x00\x00\x00\ + \x00\x00\x00\x00\xff\x00\xde\xde\ + \xff\xff\xff\xff\xff\xff\xff\xff\ + \xff\xff\xff\xff\xff\xff\xff\xff", + ) + .unwrap(); + + assert!(ipv4.matches(&IPAddress::from_str("192.168.0.50").unwrap())); + assert!(!ipv4.matches(&IPAddress::from_str("192.160.0.50").unwrap())); + assert!(ipv4_32.matches(&IPAddress::from_str("192.0.2.222").unwrap())); + assert!(!ipv4_32.matches(&IPAddress::from_str("192.5.2.222").unwrap())); + assert!(!ipv4_32.matches(&IPAddress::from_str("192.0.2.1").unwrap())); + assert!(ipv6.matches(&IPAddress::from_str("2600:db8::abba").unwrap())); + assert!(ipv6_128.matches(&IPAddress::from_str("2600:db8::ff00:dede").unwrap())); + assert!(!ipv6_128.matches(&IPAddress::from_str("2600::ff00:dede").unwrap())); + assert!(!ipv6_128.matches(&IPAddress::from_str("2600:db8::ff00:0").unwrap())); + } + + #[test] + fn test_rfc822name() { + for bad_case in &[ + "", + // Missing local-part. + "@example.com", + " @example.com", + " @example.com", + // Missing domain cases. + "foo", + "foo@", + "foo@ ", + "foo@ ", + // Invalid domains. + "foo@!!!", + "foo@white space", + "foo@🙈", + // Invalid local part (empty mailbox sections). + ".@example.com", + "foo.@example.com", + ".foo@example.com", + ".foo.@example.com", + ".f.o.o.@example.com", + // Invalid local part (@ in mailbox). + "lol@lol@example.com", + "lol\\@lol@example.com", + "example@example.com@example.com", + "@@example.com", + // Invalid local part (invalid characters). + "lol\"lol@example.com", + "lol;lol@example.com", + "🙈@example.com", + // Intentionally unsupported quoted local parts. + "\"validbutunsupported\"@example.com", + ] { + assert!(RFC822Name::new(bad_case).is_none()); + } + + // Each good case is (address, (mailbox, domain)). + for (address, (mailbox, domain)) in &[ + // Normal mailboxes. + ("foo@example.com", ("foo", "example.com")), + ("foo.bar@example.com", ("foo.bar", "example.com")), + ("foo.bar.baz@example.com", ("foo.bar.baz", "example.com")), + ("1.2.3.4.5@example.com", ("1.2.3.4.5", "example.com")), + // Mailboxes with special but valid characters. + ("{legal}@example.com", ("{legal}", "example.com")), + ("{&*.legal}@example.com", ("{&*.legal}", "example.com")), + ("``````````@example.com", ("``````````", "example.com")), + ("hello?@sub.example.com", ("hello?", "sub.example.com")), + ] { + let parsed = RFC822Name::new(&address).unwrap(); + assert_eq!(&parsed.mailbox.as_str(), mailbox); + assert_eq!(&parsed.domain.as_str(), domain); + } + } + + #[test] + fn test_rfc822constraint_new() { + for (case, valid) in &[ + // good cases + ("foo@example.com", true), + ("foo.bar@example.com", true), + ("foo!bar@example.com", true), + ("example.com", true), + ("sub.example.com", true), + ("foo@sub.example.com", true), + ("foo.bar@sub.example.com", true), + ("foo!bar@sub.example.com", true), + (".example.com", true), + (".sub.example.com", true), + // bad cases + ("@example.com", false), + ("@@example.com", false), + ("foo@.example.com", false), + (".foo@example.com", false), + (".foo.@example.com", false), + ("foo.@example.com", false), + ("invaliddomain!", false), + ("..example.com", false), + ("foo..example.com", false), + (".foo..example.com", false), + ("..foo..example.com", false), + ] { + assert_eq!(RFC822Constraint::new(case).is_some(), *valid); + } + } + + #[test] + fn test_rfc822constraint_matches() { + { + let exact = RFC822Constraint::new("foo@example.com").unwrap(); + + // Ordinary exact match. + assert!(exact.matches(&RFC822Name::new("foo@example.com").unwrap())); + // Case changes are okay in the domain. + assert!(exact.matches(&RFC822Name::new("foo@EXAMPLE.com").unwrap())); + + // Case changes are not okay in the mailbox. + assert!(!exact.matches(&RFC822Name::new("Foo@example.com").unwrap())); + assert!(!exact.matches(&RFC822Name::new("FOO@example.com").unwrap())); + + // Different mailboxes and domains do not match. + assert!(!exact.matches(&RFC822Name::new("foo.bar@example.com").unwrap())); + assert!(!exact.matches(&RFC822Name::new("foo@sub.example.com").unwrap())); + } + + { + let on_domain = RFC822Constraint::new("example.com").unwrap(); + + // Ordinary domain matches. + assert!(on_domain.matches(&RFC822Name::new("foo@example.com").unwrap())); + assert!(on_domain.matches(&RFC822Name::new("bar@example.com").unwrap())); + assert!(on_domain.matches(&RFC822Name::new("foo.bar@example.com").unwrap())); + assert!(on_domain.matches(&RFC822Name::new("foo!bar@example.com").unwrap())); + // Case changes are okay in the domain and in the mailbox, + // since any mailbox on the domain is okay. + assert!(on_domain.matches(&RFC822Name::new("foo@EXAMPLE.com").unwrap())); + assert!(on_domain.matches(&RFC822Name::new("FOO@example.com").unwrap())); + + // Subdomains and other domains do not match. + assert!(!on_domain.matches(&RFC822Name::new("foo@sub.example.com").unwrap())); + assert!(!on_domain.matches(&RFC822Name::new("foo@localhost").unwrap())); + } + + { + let in_domain = RFC822Constraint::new(".example.com").unwrap(); + + // Any subdomain and mailbox matches. + assert!(in_domain.matches(&RFC822Name::new("foo@sub.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo@sub.sub.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo@com.example.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo.bar@com.example.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo!bar@com.example.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("bar@com.example.example.com").unwrap())); + // Case changes are okay in the subdomains and in the mailbox, since any mailbox + // in the domain is okay. + assert!(in_domain.matches(&RFC822Name::new("foo@SUB.example.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo@sub.EXAMPLE.com").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("foo@sub.example.COM").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("FOO@sub.example.COM").unwrap())); + assert!(in_domain.matches(&RFC822Name::new("FOO@sub.example.com").unwrap())); + + // Superdomains and other domains do not match. + assert!(!in_domain.matches(&RFC822Name::new("foo@example.com").unwrap())); + assert!(!in_domain.matches(&RFC822Name::new("foo@com").unwrap())); + } + } +} diff --git a/src/rust/cryptography-x509/Cargo.toml b/src/rust/cryptography-x509/Cargo.toml new file mode 100644 index 0000000..8da775c --- /dev/null +++ b/src/rust/cryptography-x509/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "cryptography-x509" +version = "0.1.0" +authors = ["The cryptography developers "] +edition = "2021" +publish = false +# This specifies the MSRV +rust-version = "1.65.0" + +[dependencies] +asn1 = { version = "0.16.2", default-features = false } diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs new file mode 100644 index 0000000..6db6ead --- /dev/null +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -0,0 +1,68 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::common; +use crate::extensions; +use crate::extensions::DuplicateExtensionsError; +use crate::extensions::Extensions; +use crate::name; +use crate::name::NameReadable; + +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] +pub struct Certificate<'a> { + pub tbs_cert: TbsCertificate<'a>, + pub signature_alg: common::AlgorithmIdentifier<'a>, + pub signature: asn1::BitString<'a>, +} + +impl<'a> Certificate<'a> { + /// Returns the certificate's issuer. + pub fn issuer(&self) -> &NameReadable<'_> { + self.tbs_cert.issuer.unwrap_read() + } + + /// Returns the certificate's subject. + pub fn subject(&self) -> &NameReadable<'_> { + self.tbs_cert.subject.unwrap_read() + } + + /// Returns an iterable container over the certificate's extension, or + /// an error if the extension set contains a duplicate extension. + pub fn extensions(&self) -> Result, DuplicateExtensionsError> { + self.tbs_cert.extensions() + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] +pub struct TbsCertificate<'a> { + #[explicit(0)] + #[default(0)] + pub version: u8, + pub serial: asn1::BigInt<'a>, + pub signature_alg: common::AlgorithmIdentifier<'a>, + + pub issuer: name::Name<'a>, + pub validity: Validity, + pub subject: name::Name<'a>, + + pub spki: common::WithTlv<'a, common::SubjectPublicKeyInfo<'a>>, + #[implicit(1)] + pub issuer_unique_id: Option>, + #[implicit(2)] + pub subject_unique_id: Option>, + #[explicit(3)] + pub raw_extensions: Option>, +} + +impl<'a> TbsCertificate<'a> { + pub fn extensions(&self) -> Result, DuplicateExtensionsError> { + Extensions::from_raw_extensions(self.raw_extensions.as_ref()) + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] +pub struct Validity { + pub not_before: common::Time, + pub not_after: common::Time, +} diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs new file mode 100644 index 0000000..0b95553 --- /dev/null +++ b/src/rust/cryptography-x509/src/common.rs @@ -0,0 +1,590 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use asn1::Asn1DefinedByWritable; + +use crate::oid; + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash, Clone, Eq, Debug)] +pub struct AlgorithmIdentifier<'a> { + pub oid: asn1::DefinedByMarker, + #[defined_by(oid)] + pub params: AlgorithmParameters<'a>, +} + +impl AlgorithmIdentifier<'_> { + pub fn oid(&self) -> &asn1::ObjectIdentifier { + self.params.item() + } +} + +#[derive(asn1::Asn1DefinedByRead, asn1::Asn1DefinedByWrite, PartialEq, Eq, Hash, Clone, Debug)] +pub enum AlgorithmParameters<'a> { + #[defined_by(oid::SHA1_OID)] + Sha1(Option), + #[defined_by(oid::SHA224_OID)] + Sha224(Option), + #[defined_by(oid::SHA256_OID)] + Sha256(Option), + #[defined_by(oid::SHA384_OID)] + Sha384(Option), + #[defined_by(oid::SHA512_OID)] + Sha512(Option), + #[defined_by(oid::SHA3_224_OID)] + Sha3_224(Option), + #[defined_by(oid::SHA3_256_OID)] + Sha3_256(Option), + #[defined_by(oid::SHA3_384_OID)] + Sha3_384(Option), + #[defined_by(oid::SHA3_512_OID)] + Sha3_512(Option), + + #[defined_by(oid::ED25519_OID)] + Ed25519, + #[defined_by(oid::ED448_OID)] + Ed448, + + #[defined_by(oid::X25519_OID)] + X25519, + #[defined_by(oid::X448_OID)] + X448, + + // These encodings are only used in SPKI AlgorithmIdentifiers. + #[defined_by(oid::EC_OID)] + Ec(EcParameters<'a>), + + #[defined_by(oid::RSA_OID)] + Rsa(Option), + + // These ECDSA algorithms should have no parameters, + // but Java 11 (up to at least 11.0.19) encodes them + // with NULL parameters. The JDK team is looking to + // backport the fix as of June 2023. + #[defined_by(oid::ECDSA_WITH_SHA224_OID)] + EcDsaWithSha224(Option), + #[defined_by(oid::ECDSA_WITH_SHA256_OID)] + EcDsaWithSha256(Option), + #[defined_by(oid::ECDSA_WITH_SHA384_OID)] + EcDsaWithSha384(Option), + #[defined_by(oid::ECDSA_WITH_SHA512_OID)] + EcDsaWithSha512(Option), + + #[defined_by(oid::ECDSA_WITH_SHA3_224_OID)] + EcDsaWithSha3_224, + #[defined_by(oid::ECDSA_WITH_SHA3_256_OID)] + EcDsaWithSha3_256, + #[defined_by(oid::ECDSA_WITH_SHA3_384_OID)] + EcDsaWithSha3_384, + #[defined_by(oid::ECDSA_WITH_SHA3_512_OID)] + EcDsaWithSha3_512, + + #[defined_by(oid::RSA_WITH_SHA1_OID)] + RsaWithSha1(Option), + #[defined_by(oid::RSA_WITH_SHA1_ALT_OID)] + RsaWithSha1Alt(Option), + + #[defined_by(oid::RSA_WITH_SHA224_OID)] + RsaWithSha224(Option), + #[defined_by(oid::RSA_WITH_SHA256_OID)] + RsaWithSha256(Option), + #[defined_by(oid::RSA_WITH_SHA384_OID)] + RsaWithSha384(Option), + #[defined_by(oid::RSA_WITH_SHA512_OID)] + RsaWithSha512(Option), + + #[defined_by(oid::RSA_WITH_SHA3_224_OID)] + RsaWithSha3_224(Option), + #[defined_by(oid::RSA_WITH_SHA3_256_OID)] + RsaWithSha3_256(Option), + #[defined_by(oid::RSA_WITH_SHA3_384_OID)] + RsaWithSha3_384(Option), + #[defined_by(oid::RSA_WITH_SHA3_512_OID)] + RsaWithSha3_512(Option), + + // RsaPssParameters must be present in Certificate::tbs_cert::signature_alg::params + // and Certificate::signature_alg::params, but Certificate::tbs_cert::spki::algorithm::oid + // also uses RSASSA_PSS_OID and the params field is omitted since it has no meaning there. + #[defined_by(oid::RSASSA_PSS_OID)] + RsaPss(Option>>), + + #[defined_by(oid::DSA_OID)] + Dsa(DssParams<'a>), + + #[defined_by(oid::DSA_WITH_SHA224_OID)] + DsaWithSha224(Option), + #[defined_by(oid::DSA_WITH_SHA256_OID)] + DsaWithSha256(Option), + #[defined_by(oid::DSA_WITH_SHA384_OID)] + DsaWithSha384(Option), + #[defined_by(oid::DSA_WITH_SHA512_OID)] + DsaWithSha512(Option), + + #[defined_by(oid::DH_OID)] + Dh(DHXParams<'a>), + #[defined_by(oid::DH_KEY_AGREEMENT_OID)] + DhKeyAgreement(BasicDHParams<'a>), + + #[defined_by(oid::PBES2_OID)] + Pbes2(PBES2Params<'a>), + + #[defined_by(oid::PBKDF2_OID)] + Pbkdf2(PBKDF2Params<'a>), + + #[defined_by(oid::HMAC_WITH_SHA1_OID)] + HmacWithSha1(asn1::Null), + #[defined_by(oid::HMAC_WITH_SHA256_OID)] + HmacWithSha256(asn1::Null), + + // Used only in PKCS#7 AlgorithmIdentifiers + // https://datatracker.ietf.org/doc/html/rfc3565#section-4.1 + // + // From RFC 3565 section 4.1: + // The AlgorithmIdentifier parameters field MUST be present, and the + // parameters field MUST contain a AES-IV: + // + // AES-IV ::= OCTET STRING (SIZE(16)) + #[defined_by(oid::AES_128_CBC_OID)] + Aes128Cbc([u8; 16]), + #[defined_by(oid::AES_256_CBC_OID)] + Aes256Cbc([u8; 16]), + + #[defined_by(oid::PBES1_WITH_SHA_AND_3KEY_TRIPLEDES_CBC)] + Pbes1WithShaAnd3KeyTripleDesCbc(PBES1Params), + + #[default] + Other(asn1::ObjectIdentifier, Option>), +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] +pub struct SubjectPublicKeyInfo<'a> { + pub algorithm: AlgorithmIdentifier<'a>, + pub subject_public_key: asn1::BitString<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] +pub struct AttributeTypeValue<'a> { + pub type_id: asn1::ObjectIdentifier, + pub value: RawTlv<'a>, +} + +// Like `asn1::Tlv` but doesn't store `full_data` so it can be constructed from +// an un-encoded tag and value. +#[derive(Hash, PartialEq, Eq, Clone)] +pub struct RawTlv<'a> { + tag: asn1::Tag, + value: &'a [u8], +} + +impl<'a> RawTlv<'a> { + pub fn new(tag: asn1::Tag, value: &'a [u8]) -> Self { + RawTlv { tag, value } + } + + pub fn tag(&self) -> asn1::Tag { + self.tag + } + pub fn data(&self) -> &'a [u8] { + self.value + } +} +impl<'a> asn1::Asn1Readable<'a> for RawTlv<'a> { + fn parse(parser: &mut asn1::Parser<'a>) -> asn1::ParseResult { + let tlv = parser.read_element::>()?; + Ok(RawTlv::new(tlv.tag(), tlv.data())) + } + + fn can_parse(_tag: asn1::Tag) -> bool { + true + } +} +impl<'a> asn1::Asn1Writable for RawTlv<'a> { + fn write(&self, w: &mut asn1::Writer<'_>) -> asn1::WriteResult { + w.write_tlv(self.tag, move |dest| dest.push_slice(self.value)) + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] +pub enum Time { + UtcTime(asn1::UtcTime), + GeneralizedTime(asn1::GeneralizedTime), +} + +impl Time { + pub fn as_datetime(&self) -> &asn1::DateTime { + match self { + Time::UtcTime(data) => data.as_datetime(), + Time::GeneralizedTime(data) => data.as_datetime(), + } + } +} + +#[derive(Hash, PartialEq, Eq, Clone)] +pub enum Asn1ReadableOrWritable { + Read(T), + Write(U), +} + +impl Asn1ReadableOrWritable { + pub fn new_read(v: T) -> Self { + Asn1ReadableOrWritable::Read(v) + } + + pub fn new_write(v: U) -> Self { + Asn1ReadableOrWritable::Write(v) + } + + pub fn unwrap_read(&self) -> &T { + match self { + Asn1ReadableOrWritable::Read(v) => v, + Asn1ReadableOrWritable::Write(_) => panic!("unwrap_read called on a Write value"), + } + } +} + +impl<'a, T: asn1::SimpleAsn1Readable<'a>, U> asn1::SimpleAsn1Readable<'a> + for Asn1ReadableOrWritable +{ + const TAG: asn1::Tag = T::TAG; + fn parse_data(data: &'a [u8]) -> asn1::ParseResult { + Ok(Self::new_read(T::parse_data(data)?)) + } +} + +impl asn1::SimpleAsn1Writable + for Asn1ReadableOrWritable +{ + const TAG: asn1::Tag = U::TAG; + fn write_data(&self, w: &mut asn1::WriteBuf) -> asn1::WriteResult { + match self { + Asn1ReadableOrWritable::Read(v) => T::write_data(v, w), + Asn1ReadableOrWritable::Write(v) => U::write_data(v, w), + } + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct DssSignature<'a> { + pub r: asn1::BigUint<'a>, + pub s: asn1::BigUint<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct DHParams<'a> { + pub p: asn1::BigUint<'a>, + pub g: asn1::BigUint<'a>, + pub q: Option>, +} + +// From PKCS#3 Section 9 +// DHParameter ::= SEQUENCE { +// prime INTEGER, -- p +// base INTEGER, -- g +// privateValueLength INTEGER OPTIONAL +// } +#[derive(asn1::Asn1Read, asn1::Asn1Write, Clone, PartialEq, Eq, Debug, Hash)] +pub struct BasicDHParams<'a> { + pub p: asn1::BigUint<'a>, + pub g: asn1::BigUint<'a>, + pub private_value_length: Option, +} + +// From https://www.rfc-editor.org/rfc/rfc3279#section-2.3.3 +// DomainParameters ::= SEQUENCE { +// p INTEGER, -- odd prime, p=jq +1 +// g INTEGER, -- generator, g +// q INTEGER, -- factor of p-1 +// j INTEGER OPTIONAL, -- subgroup factor +// validationParms ValidationParms OPTIONAL +// } +#[derive(asn1::Asn1Read, asn1::Asn1Write, Clone, PartialEq, Eq, Debug, Hash)] +pub struct DHXParams<'a> { + pub p: asn1::BigUint<'a>, + pub g: asn1::BigUint<'a>, + pub q: asn1::BigUint<'a>, + pub j: Option>, + // No support for this, so don't bother filling out the fields. + pub validation_params: Option>, +} + +// RSA-PSS ASN.1 default hash algorithm +pub const PSS_SHA1_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Sha1(Some(())), +}; + +// RSA-PSS ASN.1 hash algorithm definitions specified under the CA/B Forum BRs. +pub const PSS_SHA256_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Sha256(Some(())), +}; + +pub const PSS_SHA384_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Sha384(Some(())), +}; + +pub const PSS_SHA512_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Sha512(Some(())), +}; + +// This is defined as an AlgorithmIdentifier in RFC 4055, +// but the mask generation algorithm **must** contain an AlgorithmIdentifier +// in its params, so we define it this way. +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, Clone, PartialEq, Eq, Debug)] +pub struct MaskGenAlgorithm<'a> { + pub oid: asn1::ObjectIdentifier, + pub params: AlgorithmIdentifier<'a>, +} + +// RSA-PSS ASN.1 default mask gen algorithm +pub const PSS_SHA1_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorithm { + oid: oid::MGF1_OID, + params: PSS_SHA1_HASH_ALG, +}; + +// RSA-PSS ASN.1 mask gen algorithms defined under the CA/B Forum BRs. +pub const PSS_SHA256_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorithm { + oid: oid::MGF1_OID, + params: PSS_SHA256_HASH_ALG, +}; + +pub const PSS_SHA384_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorithm { + oid: oid::MGF1_OID, + params: PSS_SHA384_HASH_ALG, +}; + +pub const PSS_SHA512_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorithm { + oid: oid::MGF1_OID, + params: PSS_SHA512_HASH_ALG, +}; + +// From RFC 5480 section 2.1.1: +// ECParameters ::= CHOICE { +// namedCurve OBJECT IDENTIFIER +// -- implicitCurve NULL +// -- specifiedCurve SpecifiedECDomain } +// +// Only the namedCurve form may appear in PKIX. Other forms may be found in +// other PKIs. +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, Clone, PartialEq, Eq, Debug)] +pub enum EcParameters<'a> { + NamedCurve(asn1::ObjectIdentifier), + ImplicitCurve(asn1::Null), + SpecifiedCurve(asn1::Sequence<'a>), +} + +// From RFC 4055 section 3.1: +// RSASSA-PSS-params ::= SEQUENCE { +// hashAlgorithm [0] HashAlgorithm DEFAULT +// sha1Identifier, +// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT +// mgf1SHA1Identifier, +// saltLength [2] INTEGER DEFAULT 20, +// trailerField [3] INTEGER DEFAULT 1 } +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, Clone, PartialEq, Eq, Debug)] +pub struct RsaPssParameters<'a> { + #[explicit(0)] + #[default(PSS_SHA1_HASH_ALG)] + pub hash_algorithm: AlgorithmIdentifier<'a>, + #[explicit(1)] + #[default(PSS_SHA1_MASK_GEN_ALG)] + pub mask_gen_algorithm: MaskGenAlgorithm<'a>, + #[explicit(2)] + #[default(20u16)] + pub salt_length: u16, + // While the RFC describes this field as `DEFAULT 1`, it also states that + // parsers must accept this field being encoded with a value of 1, in + // conflict with DER's requirement that field DEFAULT values not be + // encoded. Thus we just treat this as an optional field. + // + // Users of this struct should supply `None` to indicate the DEFAULT value + // of 1, or `Some` to indicate a different value. Note that if you supply + // `Some(1)` this will result in encoding a violation of the DER rules, + // thus this should never be done except to round-trip an existing + // structure. + #[explicit(3)] + pub _trailer_field: Option, +} + +// https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.2 +// +// Dss-Parms ::= SEQUENCE { +// p INTEGER, +// q INTEGER, +// g INTEGER +// } +#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, Clone, PartialEq, Eq, Debug)] +pub struct DssParams<'a> { + pub p: asn1::BigUint<'a>, + pub q: asn1::BigUint<'a>, + pub g: asn1::BigUint<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone, Debug)] +pub struct PBES2Params<'a> { + pub key_derivation_func: Box>, + pub encryption_scheme: Box>, +} + +const HMAC_SHA1_ALG: AlgorithmIdentifier<'static> = AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::HmacWithSha1(()), +}; + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone, Debug)] +pub struct PBKDF2Params<'a> { + // This is technically a CHOICE that can be an otherSource. We don't + // support that. + pub salt: &'a [u8], + pub iteration_count: u64, + pub key_length: Option, + #[default(HMAC_SHA1_ALG)] + pub prf: Box>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone, Debug)] +pub struct PBES1Params { + pub salt: [u8; 8], + pub iterations: u64, +} + +/// A VisibleString ASN.1 element whose contents is not validated as meeting the +/// requirements (visible characters of IA5), and instead is only known to be +/// valid UTF-8. +pub struct UnvalidatedVisibleString<'a>(pub &'a str); + +impl<'a> UnvalidatedVisibleString<'a> { + pub fn as_str(&self) -> &'a str { + self.0 + } +} + +impl<'a> asn1::SimpleAsn1Readable<'a> for UnvalidatedVisibleString<'a> { + const TAG: asn1::Tag = asn1::VisibleString::TAG; + fn parse_data(data: &'a [u8]) -> asn1::ParseResult { + Ok(UnvalidatedVisibleString( + std::str::from_utf8(data) + .map_err(|_| asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue))?, + )) + } +} + +impl<'a> asn1::SimpleAsn1Writable for UnvalidatedVisibleString<'a> { + const TAG: asn1::Tag = asn1::VisibleString::TAG; + fn write_data(&self, _: &mut asn1::WriteBuf) -> asn1::WriteResult { + unimplemented!(); + } +} + +/// A BMPString ASN.1 element, where it is stored as a UTF-8 string in memory. +pub struct Utf8StoredBMPString<'a>(pub &'a str); + +impl<'a> Utf8StoredBMPString<'a> { + pub fn new(s: &'a str) -> Self { + Utf8StoredBMPString(s) + } +} + +impl<'a> asn1::SimpleAsn1Writable for Utf8StoredBMPString<'a> { + const TAG: asn1::Tag = asn1::BMPString::TAG; + fn write_data(&self, writer: &mut asn1::WriteBuf) -> asn1::WriteResult { + for ch in self.0.encode_utf16() { + writer.push_slice(&ch.to_be_bytes())?; + } + Ok(()) + } +} + +#[derive(Clone)] +pub struct WithTlv<'a, T> { + tlv: asn1::Tlv<'a>, + value: T, +} + +impl<'a, T> WithTlv<'a, T> { + pub fn tlv(&self) -> &asn1::Tlv<'a> { + &self.tlv + } +} + +impl std::ops::Deref for WithTlv<'_, T> { + type Target = T; + + fn deref(&self) -> &Self::Target { + &self.value + } +} + +impl<'a, T: asn1::Asn1Readable<'a>> asn1::Asn1Readable<'a> for WithTlv<'a, T> { + fn parse(p: &mut asn1::Parser<'a>) -> asn1::ParseResult { + let tlv = p.read_element::>()?; + Ok(Self { + tlv, + value: tlv.parse()?, + }) + } + + fn can_parse(t: asn1::Tag) -> bool { + T::can_parse(t) + } +} + +impl<'a, T: asn1::Asn1Writable> asn1::Asn1Writable for WithTlv<'a, T> { + fn write(&self, w: &mut asn1::Writer<'_>) -> asn1::WriteResult<()> { + self.value.write(w) + } +} + +impl PartialEq for WithTlv<'_, T> { + fn eq(&self, other: &Self) -> bool { + self.value == other.value + } +} +impl Eq for WithTlv<'_, T> {} +impl std::hash::Hash for WithTlv<'_, T> { + fn hash(&self, state: &mut H) { + self.value.hash(state) + } +} + +#[cfg(test)] +mod tests { + use asn1::Asn1Readable; + + use super::{Asn1ReadableOrWritable, RawTlv, UnvalidatedVisibleString, WithTlv}; + + #[test] + #[should_panic] + fn test_unvalidated_visible_string_write() { + let v = UnvalidatedVisibleString("foo"); + asn1::write_single(&v).unwrap(); + } + + #[test] + #[should_panic] + fn test_asn1_readable_or_writable_unwrap_read() { + Asn1ReadableOrWritable::::new_write(17).unwrap_read(); + } + + #[test] + fn test_asn1_readable_or_writable_write_read_data() { + let v = Asn1ReadableOrWritable::::new_read(17); + assert_eq!(&asn1::write_single(&v).unwrap(), b"\x02\x01\x11"); + } + + #[test] + fn test_raw_tlv_can_parse() { + let t = asn1::Tag::from_bytes(&[0]).unwrap().0; + assert!(RawTlv::can_parse(t)); + } + + #[test] + fn test_with_raw_tlv_can_parse() { + let t = asn1::Tag::from_bytes(&[0x30]).unwrap().0; + + assert!(WithTlv::>::can_parse(t)); + assert!(!WithTlv::::can_parse(t)); + } +} diff --git a/src/rust/cryptography-x509/src/crl.rs b/src/rust/cryptography-x509/src/crl.rs new file mode 100644 index 0000000..acd4adb --- /dev/null +++ b/src/rust/cryptography-x509/src/crl.rs @@ -0,0 +1,68 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::{common, extensions, name}; + +pub type ReasonFlags<'a> = + Option, asn1::OwnedBitString>>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash)] +pub struct CertificateRevocationList<'a> { + pub tbs_cert_list: TBSCertList<'a>, + pub signature_algorithm: common::AlgorithmIdentifier<'a>, + pub signature_value: asn1::BitString<'a>, +} + +pub type RevokedCertificates<'a> = Option< + common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, RevokedCertificate<'a>>, + asn1::SequenceOfWriter<'a, RevokedCertificate<'a>, Vec>>, + >, +>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash)] +pub struct TBSCertList<'a> { + pub version: Option, + pub signature: common::AlgorithmIdentifier<'a>, + pub issuer: name::Name<'a>, + pub this_update: common::Time, + pub next_update: Option, + pub revoked_certificates: RevokedCertificates<'a>, + #[explicit(0)] + pub raw_crl_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] +pub struct RevokedCertificate<'a> { + pub user_certificate: asn1::BigUint<'a>, + pub revocation_date: common::Time, + pub raw_crl_entry_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct IssuingDistributionPoint<'a> { + #[explicit(0)] + pub distribution_point: Option>, + + #[implicit(1)] + #[default(false)] + pub only_contains_user_certs: bool, + + #[implicit(2)] + #[default(false)] + pub only_contains_ca_certs: bool, + + #[implicit(3)] + pub only_some_reasons: ReasonFlags<'a>, + + #[implicit(4)] + #[default(false)] + pub indirect_crl: bool, + + #[implicit(5)] + #[default(false)] + pub only_contains_attribute_certs: bool, +} + +pub type CRLReason = asn1::Enumerated; diff --git a/src/rust/cryptography-x509/src/csr.rs b/src/rust/cryptography-x509/src/csr.rs new file mode 100644 index 0000000..790134b --- /dev/null +++ b/src/rust/cryptography-x509/src/csr.rs @@ -0,0 +1,68 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::common; +use crate::extensions; +use crate::name; +use crate::oid; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct Csr<'a> { + pub csr_info: CertificationRequestInfo<'a>, + pub signature_alg: common::AlgorithmIdentifier<'a>, + pub signature: asn1::BitString<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct CertificationRequestInfo<'a> { + pub version: u8, + pub subject: name::Name<'a>, + pub spki: common::WithTlv<'a, common::SubjectPublicKeyInfo<'a>>, + #[implicit(0, required)] + pub attributes: Attributes<'a>, +} + +impl CertificationRequestInfo<'_> { + pub fn get_extension_attribute( + &self, + ) -> Result>, asn1::ParseError> { + for attribute in self.attributes.unwrap_read().clone() { + if attribute.type_id == oid::EXTENSION_REQUEST + || attribute.type_id == oid::MS_EXTENSION_REQUEST + { + check_attribute_length(attribute.values.unwrap_read().clone())?; + let val = attribute.values.unwrap_read().clone().next().unwrap(); + let exts = asn1::parse_single(val.full_data())?; + return Ok(Some(exts)); + } + } + Ok(None) + } +} + +pub fn check_attribute_length<'a>( + values: asn1::SetOf<'a, asn1::Tlv<'a>>, +) -> Result<(), asn1::ParseError> { + if values.count() > 1 { + // TODO: We should raise a more specific error here + // Only single-valued attributes are supported + Err(asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue)) + } else { + Ok(()) + } +} + +pub type Attributes<'a> = common::Asn1ReadableOrWritable< + asn1::SetOf<'a, Attribute<'a>>, + asn1::SetOfWriter<'a, Attribute<'a>, Vec>>, +>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct Attribute<'a> { + pub type_id: asn1::ObjectIdentifier, + pub values: common::Asn1ReadableOrWritable< + asn1::SetOf<'a, asn1::Tlv<'a>>, + asn1::SetOfWriter<'a, common::RawTlv<'a>, [common::RawTlv<'a>; 1]>, + >, +} diff --git a/src/rust/cryptography-x509/src/extensions.rs b/src/rust/cryptography-x509/src/extensions.rs new file mode 100644 index 0000000..51df9fb --- /dev/null +++ b/src/rust/cryptography-x509/src/extensions.rs @@ -0,0 +1,375 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::collections::HashSet; + +use crate::common; +use crate::crl; +use crate::name; + +pub struct DuplicateExtensionsError(pub asn1::ObjectIdentifier); + +pub type RawExtensions<'a> = common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, Extension<'a>>, + asn1::SequenceOfWriter<'a, Extension<'a>, Vec>>, +>; + +/// An invariant-enforcing wrapper for `RawExtensions`. +/// +/// In particular, an `Extensions` cannot be constructed from a `RawExtensions` +/// that contains duplicated extensions (by OID). +pub struct Extensions<'a>(Option>); + +impl<'a> Extensions<'a> { + /// Create an `Extensions` from the given `RawExtensions`. + /// + /// Returns an `Err` variant containing the first duplicated extension's + /// OID, if there are any duplicates. + pub fn from_raw_extensions( + raw: Option<&RawExtensions<'a>>, + ) -> Result { + match raw { + Some(raw_exts) => { + let mut seen_oids = HashSet::new(); + + for ext in raw_exts.unwrap_read().clone() { + if !seen_oids.insert(ext.extn_id.clone()) { + return Err(DuplicateExtensionsError(ext.extn_id)); + } + } + + Ok(Self(Some(raw_exts.clone()))) + } + None => Ok(Self(None)), + } + } + + /// Retrieves the extension identified by the given OID, + /// or None if the extension is not present (or no extensions are present). + pub fn get_extension(&self, oid: &asn1::ObjectIdentifier) -> Option> { + self.iter().find(|ext| &ext.extn_id == oid) + } + + /// Returns a reference to the underlying extensions. + pub fn as_raw(&self) -> Option<&RawExtensions<'a>> { + self.0.as_ref() + } + + /// Returns an iterator over the underlying extensions. + pub fn iter(&self) -> impl Iterator> { + self.as_raw() + .map(|raw| raw.unwrap_read().clone()) + .into_iter() + .flatten() + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] +pub struct Extension<'a> { + pub extn_id: asn1::ObjectIdentifier, + #[default(false)] + pub critical: bool, + pub extn_value: &'a [u8], +} + +impl<'a> Extension<'a> { + pub fn value>(&self) -> asn1::ParseResult { + asn1::parse_single(self.extn_value) + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct PolicyConstraints { + #[implicit(0)] + pub require_explicit_policy: Option, + #[implicit(1)] + pub inhibit_policy_mapping: Option, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct AccessDescription<'a> { + pub access_method: asn1::ObjectIdentifier, + pub access_location: name::GeneralName<'a>, +} + +pub type SequenceOfAccessDescriptions<'a> = common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, AccessDescription<'a>>, + asn1::SequenceOfWriter<'a, AccessDescription<'a>, Vec>>, +>; + +// Needed due to clippy type complexity warning. +type SequenceOfPolicyQualifiers<'a> = common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, PolicyQualifierInfo<'a>>, + asn1::SequenceOfWriter<'a, PolicyQualifierInfo<'a>, Vec>>, +>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct PolicyInformation<'a> { + pub policy_identifier: asn1::ObjectIdentifier, + pub policy_qualifiers: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct PolicyQualifierInfo<'a> { + pub policy_qualifier_id: asn1::ObjectIdentifier, + pub qualifier: Qualifier<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum Qualifier<'a> { + CpsUri(asn1::IA5String<'a>), + UserNotice(UserNotice<'a>), +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct UserNotice<'a> { + pub notice_ref: Option>, + pub explicit_text: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct NoticeReference<'a> { + pub organization: DisplayText<'a>, + pub notice_numbers: common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, asn1::BigUint<'a>>, + asn1::SequenceOfWriter<'a, asn1::BigUint<'a>, Vec>>, + >, +} + +// DisplayText also allows BMPString, which we currently do not support. +#[allow(clippy::enum_variant_names)] +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum DisplayText<'a> { + IA5String(asn1::IA5String<'a>), + Utf8String(asn1::Utf8String<'a>), + // Not validated due to certificates with UTF-8 in VisibleString. See PR #8884 + VisibleString(common::UnvalidatedVisibleString<'a>), + BmpString(asn1::BMPString<'a>), +} + +// Needed due to clippy type complexity warning. +pub type SequenceOfSubtrees<'a> = common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, GeneralSubtree<'a>>, + asn1::SequenceOfWriter<'a, GeneralSubtree<'a>, Vec>>, +>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct NameConstraints<'a> { + #[implicit(0)] + pub permitted_subtrees: Option>, + + #[implicit(1)] + pub excluded_subtrees: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct GeneralSubtree<'a> { + pub base: name::GeneralName<'a>, + + #[implicit(0)] + #[default(0u64)] + pub minimum: u64, + + #[implicit(1)] + pub maximum: Option, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct MSCertificateTemplate { + pub template_id: asn1::ObjectIdentifier, + pub major_version: Option, + pub minor_version: Option, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct DistributionPoint<'a> { + #[explicit(0)] + pub distribution_point: Option>, + + #[implicit(1)] + pub reasons: crl::ReasonFlags<'a>, + + #[implicit(2)] + pub crl_issuer: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum DistributionPointName<'a> { + #[implicit(0)] + FullName(name::SequenceOfGeneralName<'a>), + + #[implicit(1)] + NameRelativeToCRLIssuer( + common::Asn1ReadableOrWritable< + asn1::SetOf<'a, common::AttributeTypeValue<'a>>, + asn1::SetOfWriter< + 'a, + common::AttributeTypeValue<'a>, + Vec>, + >, + >, + ), +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct AuthorityKeyIdentifier<'a> { + #[implicit(0)] + pub key_identifier: Option<&'a [u8]>, + #[implicit(1)] + pub authority_cert_issuer: Option>, + #[implicit(2)] + pub authority_cert_serial_number: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct BasicConstraints { + #[default(false)] + pub ca: bool, + pub path_length: Option, +} + +pub type SubjectAlternativeName<'a> = asn1::SequenceOf<'a, name::GeneralName<'a>>; +pub type IssuerAlternativeName<'a> = asn1::SequenceOf<'a, name::GeneralName<'a>>; +pub type ExtendedKeyUsage<'a> = asn1::SequenceOf<'a, asn1::ObjectIdentifier>; + +pub struct KeyUsage<'a>(asn1::BitString<'a>); + +impl<'a> asn1::SimpleAsn1Readable<'a> for KeyUsage<'a> { + const TAG: asn1::Tag = asn1::BitString::TAG; + + fn parse_data(data: &'a [u8]) -> asn1::ParseResult { + asn1::BitString::parse_data(data).map(Self) + } +} + +impl KeyUsage<'_> { + pub fn is_zeroed(&self) -> bool { + self.0.as_bytes().iter().all(|&b| b == 0) + } + + pub fn digital_signature(&self) -> bool { + self.0.has_bit_set(0) + } + + pub fn content_commitment(&self) -> bool { + self.0.has_bit_set(1) + } + + pub fn key_encipherment(&self) -> bool { + self.0.has_bit_set(2) + } + + pub fn data_encipherment(&self) -> bool { + self.0.has_bit_set(3) + } + + pub fn key_agreement(&self) -> bool { + self.0.has_bit_set(4) + } + + pub fn key_cert_sign(&self) -> bool { + self.0.has_bit_set(5) + } + + pub fn crl_sign(&self) -> bool { + self.0.has_bit_set(6) + } + + pub fn encipher_only(&self) -> bool { + self.0.has_bit_set(7) + } + + pub fn decipher_only(&self) -> bool { + self.0.has_bit_set(8) + } +} + +#[cfg(test)] +mod tests { + use super::{BasicConstraints, Extension, Extensions, KeyUsage}; + use crate::oid::{AUTHORITY_KEY_IDENTIFIER_OID, BASIC_CONSTRAINTS_OID}; + + #[test] + fn test_get_extension() { + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let extension = Extension { + extn_id: BASIC_CONSTRAINTS_OID, + critical: true, + extn_value: &asn1::write_single(&bc).unwrap(), + }; + let extensions = asn1::SequenceOfWriter::new(vec![extension]); + + let der = asn1::write_single(&extensions).unwrap(); + let raw = asn1::parse_single(&der).unwrap(); + + let extensions = Extensions::from_raw_extensions(Some(&raw)).ok().unwrap(); + + assert!(&extensions.get_extension(&BASIC_CONSTRAINTS_OID).is_some()); + assert!(&extensions + .get_extension(&AUTHORITY_KEY_IDENTIFIER_OID) + .is_none()); + } + + #[test] + fn test_extensions_iter() { + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let extension = Extension { + extn_id: BASIC_CONSTRAINTS_OID, + critical: true, + extn_value: &asn1::write_single(&bc).unwrap(), + }; + let extensions = asn1::SequenceOfWriter::new(vec![extension]); + + let der = asn1::write_single(&extensions).unwrap(); + let parsed = asn1::parse_single(&der).unwrap(); + + let extensions = Extensions::from_raw_extensions(Some(&parsed)).ok().unwrap(); + + let extension_list: Vec<_> = extensions.iter().collect(); + assert_eq!(extension_list.len(), 1); + } + + #[test] + fn test_extension_value() { + let bc = BasicConstraints { + ca: true, + path_length: Some(3), + }; + let extension = Extension { + extn_id: BASIC_CONSTRAINTS_OID, + critical: true, + extn_value: &asn1::write_single(&bc).unwrap(), + }; + + let extracted: BasicConstraints = extension.value().unwrap(); + assert_eq!(bc.ca, extracted.ca); + assert_eq!(bc.path_length, extracted.path_length); + } + + #[test] + fn test_keyusage() { + // let ku: KeyUsage = asn1::parse_single(data) + let ku_bits = [0b1111_1111u8, 0b1000_0000u8]; + let ku_bitstring = asn1::BitString::new(&ku_bits, 7).unwrap(); + let asn1 = asn1::write_single(&ku_bitstring).unwrap(); + + let ku: KeyUsage<'_> = asn1::parse_single(&asn1).unwrap(); + assert!(!ku.is_zeroed()); + assert!(ku.digital_signature()); + assert!(ku.content_commitment()); + assert!(ku.key_encipherment()); + assert!(ku.data_encipherment()); + assert!(ku.key_agreement()); + assert!(ku.key_cert_sign()); + assert!(ku.crl_sign()); + assert!(ku.encipher_only()); + assert!(ku.decipher_only()); + } +} diff --git a/src/rust/cryptography-x509/src/lib.rs b/src/rust/cryptography-x509/src/lib.rs new file mode 100644 index 0000000..54c3b12 --- /dev/null +++ b/src/rust/cryptography-x509/src/lib.rs @@ -0,0 +1,19 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![forbid(unsafe_code)] +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] +#![allow(unknown_lints, clippy::result_large_err)] + +pub mod certificate; +pub mod common; +pub mod crl; +pub mod csr; +pub mod extensions; +pub mod name; +pub mod ocsp_req; +pub mod ocsp_resp; +pub mod oid; +pub mod pkcs12; +pub mod pkcs7; diff --git a/src/rust/cryptography-x509/src/name.rs b/src/rust/cryptography-x509/src/name.rs new file mode 100644 index 0000000..21b6cc8 --- /dev/null +++ b/src/rust/cryptography-x509/src/name.rs @@ -0,0 +1,88 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::common; + +pub type NameReadable<'a> = asn1::SequenceOf<'a, asn1::SetOf<'a, common::AttributeTypeValue<'a>>>; + +pub type Name<'a> = common::Asn1ReadableOrWritable< + NameReadable<'a>, + asn1::SequenceOfWriter< + 'a, + asn1::SetOfWriter<'a, common::AttributeTypeValue<'a>, Vec>>, + Vec< + asn1::SetOfWriter< + 'a, + common::AttributeTypeValue<'a>, + Vec>, + >, + >, + >, +>; + +/// An IA5String ASN.1 element whose contents is not validated as meeting the +/// requirements (ASCII characters only), and instead is only known to be +/// valid UTF-8. +pub struct UnvalidatedIA5String<'a>(pub &'a str); + +impl<'a> asn1::SimpleAsn1Readable<'a> for UnvalidatedIA5String<'a> { + const TAG: asn1::Tag = asn1::IA5String::TAG; + fn parse_data(data: &'a [u8]) -> asn1::ParseResult { + Ok(UnvalidatedIA5String(std::str::from_utf8(data).map_err( + |_| asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue), + )?)) + } +} + +impl<'a> asn1::SimpleAsn1Writable for UnvalidatedIA5String<'a> { + const TAG: asn1::Tag = asn1::IA5String::TAG; + fn write_data(&self, dest: &mut asn1::WriteBuf) -> asn1::WriteResult { + dest.push_slice(self.0.as_bytes()) + } +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash)] +pub struct OtherName<'a> { + pub type_id: asn1::ObjectIdentifier, + #[explicit(0, required)] + pub value: asn1::Tlv<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum GeneralName<'a> { + #[implicit(0)] + OtherName(OtherName<'a>), + + #[implicit(1)] + RFC822Name(UnvalidatedIA5String<'a>), + + #[implicit(2)] + DNSName(UnvalidatedIA5String<'a>), + + #[implicit(3)] + // unsupported + X400Address(asn1::Sequence<'a>), + + // Name is explicit per RFC 5280 Appendix A.1. + #[explicit(4)] + DirectoryName(Name<'a>), + + #[implicit(5)] + // unsupported + EDIPartyName(asn1::Sequence<'a>), + + #[implicit(6)] + UniformResourceIdentifier(UnvalidatedIA5String<'a>), + + #[implicit(7)] + IPAddress(&'a [u8]), + + #[implicit(8)] + RegisteredID(asn1::ObjectIdentifier), +} + +pub(crate) type SequenceOfGeneralName<'a> = common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, GeneralName<'a>>, + asn1::SequenceOfWriter<'a, GeneralName<'a>, Vec>>, +>; diff --git a/src/rust/cryptography-x509/src/ocsp_req.rs b/src/rust/cryptography-x509/src/ocsp_req.rs new file mode 100644 index 0000000..163c40f --- /dev/null +++ b/src/rust/cryptography-x509/src/ocsp_req.rs @@ -0,0 +1,45 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::{common, extensions, name}; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct TBSRequest<'a> { + #[explicit(0)] + #[default(0)] + pub version: u8, + #[explicit(1)] + pub requestor_name: Option>, + pub request_list: common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, Request<'a>>, + asn1::SequenceOfWriter<'a, Request<'a>>, + >, + #[explicit(2)] + pub raw_request_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct Request<'a> { + pub req_cert: CertID<'a>, + #[explicit(0)] + pub single_request_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct CertID<'a> { + pub hash_algorithm: common::AlgorithmIdentifier<'a>, + pub issuer_name_hash: &'a [u8], + pub issuer_key_hash: &'a [u8], + pub serial_number: asn1::BigInt<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct OCSPRequest<'a> { + pub tbs_request: TBSRequest<'a>, + // Parsing out the full structure, which includes the entirety of a + // certificate is more trouble than it's worth, since it's not in the + // Python API. + #[explicit(0)] + pub optional_signature: Option>, +} diff --git a/src/rust/cryptography-x509/src/ocsp_resp.rs b/src/rust/cryptography-x509/src/ocsp_resp.rs new file mode 100644 index 0000000..f40707e --- /dev/null +++ b/src/rust/cryptography-x509/src/ocsp_resp.rs @@ -0,0 +1,85 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::{certificate, common, crl, extensions, name, ocsp_req}; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct OCSPResponse<'a> { + pub response_status: asn1::Enumerated, + #[explicit(0)] + pub response_bytes: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct ResponseBytes<'a> { + pub response_type: asn1::ObjectIdentifier, + pub response: asn1::OctetStringEncoded>, +} + +pub type OCSPCerts<'a> = Option< + common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, certificate::Certificate<'a>>, + asn1::SequenceOfWriter<'a, certificate::Certificate<'a>, Vec>>, + >, +>; + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct BasicOCSPResponse<'a> { + pub tbs_response_data: ResponseData<'a>, + pub signature_algorithm: common::AlgorithmIdentifier<'a>, + pub signature: asn1::BitString<'a>, + #[explicit(0)] + pub certs: OCSPCerts<'a>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct ResponseData<'a> { + #[explicit(0)] + #[default(0)] + pub version: u8, + pub responder_id: ResponderId<'a>, + pub produced_at: asn1::GeneralizedTime, + pub responses: common::Asn1ReadableOrWritable< + asn1::SequenceOf<'a, SingleResponse<'a>>, + asn1::SequenceOfWriter<'a, SingleResponse<'a>, Vec>>, + >, + #[explicit(1)] + pub raw_response_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum ResponderId<'a> { + #[explicit(1)] + ByName(name::Name<'a>), + #[explicit(2)] + ByKey(&'a [u8]), +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct SingleResponse<'a> { + pub cert_id: ocsp_req::CertID<'a>, + pub cert_status: CertStatus, + pub this_update: asn1::GeneralizedTime, + #[explicit(0)] + pub next_update: Option, + #[explicit(1)] + pub raw_single_extensions: Option>, +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub enum CertStatus { + #[implicit(0)] + Good(()), + #[implicit(1)] + Revoked(RevokedInfo), + #[implicit(2)] + Unknown(()), +} + +#[derive(asn1::Asn1Read, asn1::Asn1Write)] +pub struct RevokedInfo { + pub revocation_time: asn1::GeneralizedTime, + #[explicit(0)] + pub revocation_reason: Option, +} diff --git a/src/rust/cryptography-x509/src/oid.rs b/src/rust/cryptography-x509/src/oid.rs new file mode 100644 index 0000000..fbc440e --- /dev/null +++ b/src/rust/cryptography-x509/src/oid.rs @@ -0,0 +1,162 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +// X.509v3 extensions +pub const EXTENSION_REQUEST: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 14); +pub const MS_EXTENSION_REQUEST: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 311, 2, 1, 14); +pub const MS_CERTIFICATE_TEMPLATE: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 311, 21, 7); +pub const PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 2); +pub const PRECERT_POISON_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 3); +pub const SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 5); +pub const AUTHORITY_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 1); +pub const SUBJECT_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 11); +pub const TLS_FEATURE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 24); +pub const CP_CPS_URI_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 2, 1); +pub const CP_USER_NOTICE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 2, 2); +pub const NONCE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 2); +pub const OCSP_NO_CHECK_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 5); +pub const SUBJECT_DIRECTORY_ATTRIBUTES_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 9); +pub const SUBJECT_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 14); +pub const KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 15); +pub const SUBJECT_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 17); +pub const ISSUER_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 18); +pub const BASIC_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 19); +pub const CRL_NUMBER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 20); +pub const CRL_REASON_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 21); +pub const INVALIDITY_DATE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 24); +pub const DELTA_CRL_INDICATOR_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 27); +pub const ISSUING_DISTRIBUTION_POINT_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 28); +pub const CERTIFICATE_ISSUER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 29); +pub const NAME_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 30); +pub const CRL_DISTRIBUTION_POINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 31); +pub const CERTIFICATE_POLICIES_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 32); +pub const AUTHORITY_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 35); +pub const POLICY_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 36); +pub const EXTENDED_KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 37); +pub const FRESHEST_CRL_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 46); +pub const INHIBIT_ANY_POLICY_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 54); +pub const ACCEPTABLE_RESPONSES_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 4); + +// Public key identifiers +pub const EC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 2, 1); + +pub const EC_SECP192R1: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 3, 1, 1); +pub const EC_SECP224R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 33); +pub const EC_SECP256R1: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 3, 1, 7); +pub const EC_SECP384R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 34); +pub const EC_SECP521R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 35); + +pub const EC_SECP256K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 10); + +pub const EC_SECT233R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 27); +pub const EC_SECT283R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 17); +pub const EC_SECT409R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 37); +pub const EC_SECT571R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 39); + +pub const EC_SECT163R2: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 15); + +pub const EC_SECT163K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 1); +pub const EC_SECT233K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 26); +pub const EC_SECT283K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 16); +pub const EC_SECT409K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 36); +pub const EC_SECT571K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0, 38); + +pub const EC_BRAINPOOLP256R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 36, 3, 3, 2, 8, 1, 1, 7); +pub const EC_BRAINPOOLP384R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 36, 3, 3, 2, 8, 1, 1, 11); +pub const EC_BRAINPOOLP512R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 36, 3, 3, 2, 8, 1, 1, 13); + +pub const RSA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 1); + +// Signing methods +pub const ECDSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 4, 3, 1); +pub const ECDSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 4, 3, 2); +pub const ECDSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 4, 3, 3); +pub const ECDSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 4, 3, 4); +pub const ECDSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 9); +pub const ECDSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 10); +pub const ECDSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 11); +pub const ECDSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 12); + +pub const RSA_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 5); +pub const RSA_WITH_SHA1_ALT_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 14, 3, 2, 29); +pub const RSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 14); +pub const RSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 11); +pub const RSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 12); +pub const RSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 13); +pub const RSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 13); +pub const RSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 14); +pub const RSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 15); +pub const RSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier = + asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 16); + +pub const DSA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10040, 4, 1); +pub const DSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 1); +pub const DSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 2); +pub const DSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 3); +pub const DSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 4); + +pub const DH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10046, 2, 1); +pub const DH_KEY_AGREEMENT_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 3, 1); + +pub const X25519_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 110); +pub const X448_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 111); + +pub const ED25519_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 112); +pub const ED448_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 113); + +// Hashes +pub const SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 14, 3, 2, 26); +pub const SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 4); +pub const SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 1); +pub const SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 2); +pub const SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 3); +pub const SHA3_224_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 37476, 3, 2, 1, 99, 7, 224); +pub const SHA3_256_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 37476, 3, 2, 1, 99, 7, 256); +pub const SHA3_384_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 37476, 3, 2, 1, 99, 7, 384); +pub const SHA3_512_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 37476, 3, 2, 1, 99, 7, 512); + +pub const MGF1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 8); +pub const RSASSA_PSS_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 10); + +// Extended key usages +pub const EKU_SERVER_AUTH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 1); +pub const EKU_CLIENT_AUTH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 2); +pub const EKU_CODE_SIGNING_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 3); +pub const EKU_EMAIL_PROTECTION_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 4); +pub const EKU_TIME_STAMPING_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 8); +pub const EKU_OCSP_SIGNING_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 3, 9); +pub const EKU_ANY_KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 37, 0); +pub const EKU_CERTIFICATE_TRANSPARENCY_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 4); + +pub const PBES2_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 5, 13); +pub const PBKDF2_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 5, 12); + +pub const PBES1_WITH_SHA_AND_3KEY_TRIPLEDES_CBC: asn1::ObjectIdentifier = + asn1::oid!(1, 2, 840, 113549, 1, 12, 1, 3); + +pub const AES_256_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 42); +pub const AES_192_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 22); +pub const AES_128_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 2); + +pub const HMAC_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 7); +pub const HMAC_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 9); diff --git a/src/rust/cryptography-x509/src/pkcs12.rs b/src/rust/cryptography-x509/src/pkcs12.rs new file mode 100644 index 0000000..fdcbc91 --- /dev/null +++ b/src/rust/cryptography-x509/src/pkcs12.rs @@ -0,0 +1,80 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::common::{AlgorithmIdentifier, Utf8StoredBMPString}; +use crate::pkcs7; + +pub const CERT_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 12, 10, 1, 3); +pub const KEY_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 12, 10, 1, 1); +pub const SHROUDED_KEY_BAG_OID: asn1::ObjectIdentifier = + asn1::oid!(1, 2, 840, 113549, 1, 12, 10, 1, 2); +pub const X509_CERTIFICATE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 22, 1); +pub const FRIENDLY_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 20); + +#[derive(asn1::Asn1Write)] +pub struct Pfx<'a> { + pub version: u8, + pub auth_safe: pkcs7::ContentInfo<'a>, + pub mac_data: Option>, +} + +#[derive(asn1::Asn1Write)] +pub struct MacData<'a> { + pub mac: pkcs7::DigestInfo<'a>, + pub salt: &'a [u8], + #[default(1u64)] + pub iterations: u64, +} + +#[derive(asn1::Asn1Write)] +pub struct SafeBag<'a> { + pub _bag_id: asn1::DefinedByMarker, + #[defined_by(_bag_id)] + pub bag_value: asn1::Explicit, 0>, + pub attributes: Option, Vec>>>, +} + +#[derive(asn1::Asn1Write)] +pub struct Attribute<'a> { + pub _attr_id: asn1::DefinedByMarker, + #[defined_by(_attr_id)] + pub attr_values: AttributeSet<'a>, +} + +#[derive(asn1::Asn1DefinedByWrite)] +pub enum AttributeSet<'a> { + #[defined_by(FRIENDLY_NAME_OID)] + FriendlyName(asn1::SetOfWriter<'a, Utf8StoredBMPString<'a>, [Utf8StoredBMPString<'a>; 1]>), +} + +#[derive(asn1::Asn1DefinedByWrite)] +pub enum BagValue<'a> { + #[defined_by(CERT_BAG_OID)] + CertBag(CertBag<'a>), + + #[defined_by(KEY_BAG_OID)] + KeyBag(asn1::Tlv<'a>), + + #[defined_by(SHROUDED_KEY_BAG_OID)] + ShroudedKeyBag(EncryptedPrivateKeyInfo<'a>), +} + +#[derive(asn1::Asn1Write)] +pub struct CertBag<'a> { + pub _cert_id: asn1::DefinedByMarker, + #[defined_by(_cert_id)] + pub cert_value: asn1::Explicit, 0>, +} + +#[derive(asn1::Asn1DefinedByWrite)] +pub enum CertType<'a> { + #[defined_by(X509_CERTIFICATE_OID)] + X509(asn1::OctetStringEncoded>), +} + +#[derive(asn1::Asn1Write)] +pub struct EncryptedPrivateKeyInfo<'a> { + pub encryption_algorithm: AlgorithmIdentifier<'a>, + pub encrypted_data: &'a [u8], +} diff --git a/src/rust/cryptography-x509/src/pkcs7.rs b/src/rust/cryptography-x509/src/pkcs7.rs new file mode 100644 index 0000000..aff6ee2 --- /dev/null +++ b/src/rust/cryptography-x509/src/pkcs7.rs @@ -0,0 +1,101 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::{certificate, common, csr, name}; + +pub const PKCS7_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 1); +pub const PKCS7_SIGNED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 2); +pub const PKCS7_ENVELOPED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 3); +pub const PKCS7_ENCRYPTED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 6); + +#[derive(asn1::Asn1Write)] +pub struct ContentInfo<'a> { + pub _content_type: asn1::DefinedByMarker, + + #[defined_by(_content_type)] + pub content: Content<'a>, +} + +#[derive(asn1::Asn1DefinedByWrite)] +pub enum Content<'a> { + #[defined_by(PKCS7_ENVELOPED_DATA_OID)] + EnvelopedData(asn1::Explicit>, 0>), + #[defined_by(PKCS7_SIGNED_DATA_OID)] + SignedData(asn1::Explicit>, 0>), + #[defined_by(PKCS7_DATA_OID)] + Data(Option>), + #[defined_by(PKCS7_ENCRYPTED_DATA_OID)] + EncryptedData(asn1::Explicit, 0>), +} + +#[derive(asn1::Asn1Write)] +pub struct SignedData<'a> { + pub version: u8, + pub digest_algorithms: asn1::SetOfWriter<'a, common::AlgorithmIdentifier<'a>>, + pub content_info: ContentInfo<'a>, + #[implicit(0)] + pub certificates: Option>>, + + // We don't ever supply any of these, so for now, don't fill out the fields. + #[implicit(1)] + pub crls: Option>>, + + pub signer_infos: asn1::SetOfWriter<'a, SignerInfo<'a>>, +} + +#[derive(asn1::Asn1Write)] +pub struct SignerInfo<'a> { + pub version: u8, + pub issuer_and_serial_number: IssuerAndSerialNumber<'a>, + pub digest_algorithm: common::AlgorithmIdentifier<'a>, + #[implicit(0)] + pub authenticated_attributes: Option>, + + pub digest_encryption_algorithm: common::AlgorithmIdentifier<'a>, + pub encrypted_digest: &'a [u8], + + #[implicit(1)] + pub unauthenticated_attributes: Option>, +} + +#[derive(asn1::Asn1Write)] +pub struct EnvelopedData<'a> { + pub version: u8, + pub recipient_infos: asn1::SetOfWriter<'a, RecipientInfo<'a>>, + pub encrypted_content_info: EncryptedContentInfo<'a>, +} + +#[derive(asn1::Asn1Write)] +pub struct RecipientInfo<'a> { + pub version: u8, + pub issuer_and_serial_number: IssuerAndSerialNumber<'a>, + pub key_encryption_algorithm: common::AlgorithmIdentifier<'a>, + pub encrypted_key: &'a [u8], +} + +#[derive(asn1::Asn1Write)] +pub struct IssuerAndSerialNumber<'a> { + pub issuer: name::Name<'a>, + pub serial_number: asn1::BigInt<'a>, +} + +#[derive(asn1::Asn1Write)] +pub struct EncryptedData<'a> { + pub version: u8, + pub encrypted_content_info: EncryptedContentInfo<'a>, +} + +#[derive(asn1::Asn1Write)] +pub struct EncryptedContentInfo<'a> { + pub content_type: asn1::ObjectIdentifier, + pub content_encryption_algorithm: common::AlgorithmIdentifier<'a>, + #[implicit(0)] + pub encrypted_content: Option<&'a [u8]>, +} + +#[derive(asn1::Asn1Write)] +pub struct DigestInfo<'a> { + pub algorithm: common::AlgorithmIdentifier<'a>, + pub digest: &'a [u8], +} diff --git a/src/rust/src/asn1.rs b/src/rust/src/asn1.rs index 1ca443d..366fc69 100644 --- a/src/rust/src/asn1.rs +++ b/src/rust/src/asn1.rs @@ -2,86 +2,21 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::x509::Name; -use pyo3::basic::CompareOp; +use cryptography_x509::common::{DssSignature, SubjectPublicKeyInfo}; +use pyo3::pybacked::PyBackedBytes; use pyo3::types::IntoPyDict; +use pyo3::types::PyAnyMethods; use pyo3::ToPyObject; -pub enum PyAsn1Error { - Asn1Parse(asn1::ParseError), - Asn1Write(asn1::WriteError), - Py(pyo3::PyErr), -} +use crate::error::{CryptographyError, CryptographyResult}; +use crate::types; -impl From for PyAsn1Error { - fn from(e: asn1::ParseError) -> PyAsn1Error { - PyAsn1Error::Asn1Parse(e) - } -} - -impl From for PyAsn1Error { - fn from(e: asn1::WriteError) -> PyAsn1Error { - PyAsn1Error::Asn1Write(e) - } -} - -impl From for PyAsn1Error { - fn from(e: pyo3::PyErr) -> PyAsn1Error { - PyAsn1Error::Py(e) - } -} - -impl From> for PyAsn1Error { - fn from(e: pyo3::PyDowncastError<'_>) -> PyAsn1Error { - PyAsn1Error::Py(e.into()) - } -} - -impl From for PyAsn1Error { - fn from(e: pem::PemError) -> PyAsn1Error { - PyAsn1Error::Py(pyo3::exceptions::PyValueError::new_err(format!( - "Unable to load PEM file. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. {:?}", - e - ))) - } -} - -impl From for pyo3::PyErr { - fn from(e: PyAsn1Error) -> pyo3::PyErr { - match e { - PyAsn1Error::Asn1Parse(asn1_error) => pyo3::exceptions::PyValueError::new_err(format!( - "error parsing asn1 value: {:?}", - asn1_error - )), - PyAsn1Error::Asn1Write(asn1::WriteError::AllocationError) => { - pyo3::exceptions::PyMemoryError::new_err( - "failed to allocate memory while performing ASN.1 serialization", - ) - } - PyAsn1Error::Py(py_error) => py_error, - } - } -} - -impl PyAsn1Error { - pub(crate) fn add_location(self, loc: asn1::ParseLocation) -> Self { - match self { - PyAsn1Error::Py(e) => PyAsn1Error::Py(e), - PyAsn1Error::Asn1Parse(e) => PyAsn1Error::Asn1Parse(e.add_location(loc)), - PyAsn1Error::Asn1Write(e) => PyAsn1Error::Asn1Write(e), - } - } -} - -// The primary purpose of this alias is for brevity to keep function signatures -// to a single-line as a work around for coverage issues. See -// https://github.com/pyca/cryptography/pull/6173 -pub(crate) type PyAsn1Result = Result; - -pub(crate) fn py_oid_to_oid(py_oid: &pyo3::PyAny) -> pyo3::PyResult { +pub(crate) fn py_oid_to_oid( + py_oid: pyo3::Bound<'_, pyo3::PyAny>, +) -> pyo3::PyResult { Ok(py_oid - .downcast::>()? - .borrow() + .downcast::()? + .get() .oid .clone()) } @@ -89,49 +24,40 @@ pub(crate) fn py_oid_to_oid(py_oid: &pyo3::PyAny) -> pyo3::PyResult( py: pyo3::Python<'p>, oid: &asn1::ObjectIdentifier, -) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok(pyo3::Py::new(py, crate::oid::ObjectIdentifier { oid: oid.clone() })?.into_ref(py)) -} - -#[derive(asn1::Asn1Read)] -struct AlgorithmIdentifier<'a> { - _oid: asn1::ObjectIdentifier, - _params: Option>, +) -> pyo3::PyResult> { + Ok(pyo3::Bound::new(py, crate::oid::ObjectIdentifier { oid: oid.clone() })?.into_any()) } -#[derive(asn1::Asn1Read)] -struct Spki<'a> { - _algorithm: AlgorithmIdentifier<'a>, - data: asn1::BitString<'a>, -} - -#[pyo3::prelude::pyfunction] -fn parse_spki_for_data(py: pyo3::Python<'_>, data: &[u8]) -> Result { - let spki = asn1::parse_single::>(data)?; - if spki.data.padding_bits() != 0 { +#[pyo3::pyfunction] +fn parse_spki_for_data<'p>( + py: pyo3::Python<'p>, + data: &[u8], +) -> Result, CryptographyError> { + let spki = asn1::parse_single::>(data)?; + if spki.subject_public_key.padding_bits() != 0 { return Err(pyo3::exceptions::PyValueError::new_err("Invalid public key encoding").into()); } - Ok(pyo3::types::PyBytes::new(py, spki.data.as_bytes()).to_object(py)) -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct DssSignature<'a> { - r: asn1::BigUint<'a>, - s: asn1::BigUint<'a>, + Ok(pyo3::types::PyBytes::new_bound( + py, + spki.subject_public_key.as_bytes(), + )) } pub(crate) fn big_byte_slice_to_py_int<'p>( py: pyo3::Python<'p>, v: &'_ [u8], -) -> pyo3::PyResult<&'p pyo3::PyAny> { - let int_type = py.get_type::(); - let kwargs = [("signed", true)].into_py_dict(py); - int_type.call_method("from_bytes", (v, "big"), Some(kwargs)) +) -> pyo3::PyResult> { + let int_type = py.get_type_bound::(); + let kwargs = [("signed", true)].into_py_dict_bound(py); + int_type.call_method(pyo3::intern!(py, "from_bytes"), (v, "big"), Some(&kwargs)) } -#[pyo3::prelude::pyfunction] -fn decode_dss_signature(py: pyo3::Python<'_>, data: &[u8]) -> Result { +#[pyo3::pyfunction] +fn decode_dss_signature( + py: pyo3::Python<'_>, + data: &[u8], +) -> Result { let sig = asn1::parse_single::>(data)?; Ok(( @@ -143,10 +69,9 @@ fn decode_dss_signature(py: pyo3::Python<'_>, data: &[u8]) -> Result( py: pyo3::Python<'p>, - v: &'p pyo3::types::PyLong, -) -> pyo3::PyResult<&'p [u8]> { - let zero = (0).to_object(py); - if v.rich_compare(zero, CompareOp::Lt)?.is_true()? { + v: pyo3::Bound<'p, pyo3::types::PyLong>, +) -> pyo3::PyResult { + if v.lt(0)? { return Err(pyo3::exceptions::PyValueError::new_err( "Negative integers are not supported", )); @@ -155,137 +80,59 @@ pub(crate) fn py_uint_to_big_endian_bytes<'p>( // Round the length up so that we prefix an extra \x00. This ensures that // integers that'd have the high bit set in their first octet are not // encoded as negative in DER. - let n = v.call_method0("bit_length")?.extract::()? / 8 + 1; - v.call_method1("to_bytes", (n, "big"))?.extract() + let n = v + .call_method0(pyo3::intern!(py, "bit_length"))? + .extract::()? + / 8 + + 1; + v.call_method1(pyo3::intern!(py, "to_bytes"), (n, "big"))? + .extract() } -#[pyo3::prelude::pyfunction] -fn encode_dss_signature( - py: pyo3::Python<'_>, - r: &pyo3::types::PyLong, - s: &pyo3::types::PyLong, -) -> PyAsn1Result { - let sig = DssSignature { - r: asn1::BigUint::new(py_uint_to_big_endian_bytes(py, r)?).unwrap(), - s: asn1::BigUint::new(py_uint_to_big_endian_bytes(py, s)?).unwrap(), - }; - let result = asn1::write_single(&sig)?; - Ok(pyo3::types::PyBytes::new(py, &result).to_object(py)) -} - -#[pyo3::prelude::pyclass] -struct TestCertificate { - #[pyo3(get)] - not_before_tag: u8, - #[pyo3(get)] - not_after_tag: u8, - #[pyo3(get)] - issuer_value_tags: Vec, - #[pyo3(get)] - subject_value_tags: Vec, -} - -#[derive(asn1::Asn1Read)] -struct Asn1Certificate<'a> { - tbs_cert: TbsCertificate<'a>, - _signature_alg: asn1::Sequence<'a>, - _signature: asn1::BitString<'a>, -} - -#[derive(asn1::Asn1Read)] -struct TbsCertificate<'a> { - #[explicit(0)] - _version: Option, - _serial: asn1::BigUint<'a>, - _signature_alg: asn1::Sequence<'a>, - - issuer: Name<'a>, - validity: Validity<'a>, - subject: Name<'a>, - - _spki: asn1::Sequence<'a>, - #[implicit(1)] - _issuer_unique_id: Option>, - #[implicit(2)] - _subject_unique_id: Option>, - #[explicit(3)] - _extensions: Option>, -} - -#[derive(asn1::Asn1Read)] -struct Validity<'a> { - not_before: asn1::Tlv<'a>, - not_after: asn1::Tlv<'a>, -} - -fn parse_name_value_tags(rdns: &mut Name<'_>) -> Vec { - let mut tags = vec![]; - for rdn in rdns.unwrap_read().clone() { - let mut attributes = rdn.collect::>(); - assert_eq!(attributes.len(), 1); - - tags.push(attributes.pop().unwrap().value.tag().as_u8().unwrap()); +pub(crate) fn encode_der_data<'p>( + py: pyo3::Python<'p>, + pem_tag: String, + data: Vec, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + if encoding.is(&types::ENCODING_DER.get(py)?) { + Ok(pyo3::types::PyBytes::new_bound(py, &data)) + } else if encoding.is(&types::ENCODING_PEM.get(py)?) { + Ok(pyo3::types::PyBytes::new_bound( + py, + &pem::encode_config( + &pem::Pem::new(pem_tag, data), + pem::EncodeConfig::new().set_line_ending(pem::LineEnding::LF), + ) + .into_bytes(), + )) + } else { + Err( + pyo3::exceptions::PyTypeError::new_err("encoding must be Encoding.DER or Encoding.PEM") + .into(), + ) } - tags } -#[pyo3::prelude::pyfunction] -fn test_parse_certificate(data: &[u8]) -> Result { - let mut asn1_cert = asn1::parse_single::>(data)?; - - Ok(TestCertificate { - not_before_tag: asn1_cert - .tbs_cert - .validity - .not_before - .tag() - .as_u8() - .unwrap(), - not_after_tag: asn1_cert.tbs_cert.validity.not_after.tag().as_u8().unwrap(), - issuer_value_tags: parse_name_value_tags(&mut asn1_cert.tbs_cert.issuer), - subject_value_tags: parse_name_value_tags(&mut asn1_cert.tbs_cert.subject), - }) -} - -pub(crate) fn create_submodule(py: pyo3::Python<'_>) -> pyo3::PyResult<&pyo3::prelude::PyModule> { - let submod = pyo3::prelude::PyModule::new(py, "asn1")?; - submod.add_wrapped(pyo3::wrap_pyfunction!(parse_spki_for_data))?; - - submod.add_wrapped(pyo3::wrap_pyfunction!(decode_dss_signature))?; - submod.add_wrapped(pyo3::wrap_pyfunction!(encode_dss_signature))?; - - submod.add_wrapped(pyo3::wrap_pyfunction!(test_parse_certificate))?; - - Ok(submod) +#[pyo3::pyfunction] +fn encode_dss_signature<'p>( + py: pyo3::Python<'p>, + r: pyo3::Bound<'_, pyo3::types::PyLong>, + s: pyo3::Bound<'_, pyo3::types::PyLong>, +) -> CryptographyResult> { + let r_bytes = py_uint_to_big_endian_bytes(py, r)?; + let s_bytes = py_uint_to_big_endian_bytes(py, s)?; + let sig = DssSignature { + r: asn1::BigUint::new(&r_bytes).unwrap(), + s: asn1::BigUint::new(&s_bytes).unwrap(), + }; + let result = asn1::write_single(&sig)?; + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } -#[cfg(test)] -mod tests { - use super::PyAsn1Error; - - #[test] - fn test_pyasn1error_from() { - pyo3::prepare_freethreaded_python(); - pyo3::Python::with_gil(|py| { - let e: PyAsn1Error = asn1::WriteError::AllocationError.into(); - assert!(matches!( - e, - PyAsn1Error::Asn1Write(asn1::WriteError::AllocationError) - )); - let py_e: pyo3::PyErr = e.into(); - assert!(py_e.is_instance::(py)); - - let e: PyAsn1Error = pyo3::PyDowncastError::new(py.None().as_ref(py), "abc").into(); - assert!(matches!(e, PyAsn1Error::Py(_))); - }) - } - - #[test] - fn test_pyasn1error_add_location() { - let py_err = pyo3::PyErr::new::("Error!"); - PyAsn1Error::Py(py_err).add_location(asn1::ParseLocation::Field("meh")); - - let asn1_write_err = asn1::WriteError::AllocationError; - PyAsn1Error::Asn1Write(asn1_write_err).add_location(asn1::ParseLocation::Field("meh")); - } +#[pyo3::pymodule] +#[pyo3(name = "asn1")] +pub(crate) mod asn1_mod { + #[pymodule_export] + use super::{decode_dss_signature, encode_dss_signature, parse_spki_for_data}; } diff --git a/src/rust/src/backend/aead.rs b/src/rust/src/backend/aead.rs new file mode 100644 index 0000000..d67bae7 --- /dev/null +++ b/src/rust/src/backend/aead.rs @@ -0,0 +1,1160 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; +use pyo3::types::{PyAnyMethods, PyListMethods}; + +fn check_length(data: &[u8]) -> CryptographyResult<()> { + if data.len() > (i32::MAX as usize) { + // This is OverflowError to match what cffi would raise + return Err(CryptographyError::from( + pyo3::exceptions::PyOverflowError::new_err( + "Data or associated data too long. Max 2**31 - 1 bytes", + ), + )); + } + + Ok(()) +} + +enum Aad<'a> { + Single(CffiBuf<'a>), + List(pyo3::Bound<'a, pyo3::types::PyList>), +} + +struct EvpCipherAead { + base_encryption_ctx: openssl::cipher_ctx::CipherCtx, + base_decryption_ctx: openssl::cipher_ctx::CipherCtx, + tag_len: usize, + tag_first: bool, +} + +impl EvpCipherAead { + fn new( + cipher: &openssl::cipher::CipherRef, + key: &[u8], + tag_len: usize, + tag_first: bool, + ) -> CryptographyResult { + let mut base_encryption_ctx = openssl::cipher_ctx::CipherCtx::new()?; + base_encryption_ctx.encrypt_init(Some(cipher), Some(key), None)?; + let mut base_decryption_ctx = openssl::cipher_ctx::CipherCtx::new()?; + base_decryption_ctx.decrypt_init(Some(cipher), Some(key), None)?; + + Ok(EvpCipherAead { + base_encryption_ctx, + base_decryption_ctx, + tag_len, + tag_first, + }) + } + + fn process_aad( + ctx: &mut openssl::cipher_ctx::CipherCtx, + aad: Option>, + ) -> CryptographyResult<()> { + match aad { + Some(Aad::Single(ad)) => { + check_length(ad.as_bytes())?; + ctx.cipher_update(ad.as_bytes(), None)?; + } + Some(Aad::List(ads)) => { + for ad in ads.iter() { + let ad = ad.extract::>()?; + check_length(ad.as_bytes())?; + ctx.cipher_update(ad.as_bytes(), None)?; + } + } + None => {} + } + + Ok(()) + } + + fn process_data( + ctx: &mut openssl::cipher_ctx::CipherCtx, + data: &[u8], + out: &mut [u8], + is_ccm: bool, + ) -> CryptographyResult<()> { + let bs = ctx.block_size(); + + // For AEADs that operate as if they are streaming there's an easy + // path. For AEADs that are more like block ciphers (notably, OCB), + // this is a bit more complicated. + if bs == 1 { + let n = ctx.cipher_update(data, Some(out))?; + assert_eq!(n, data.len()); + + if !is_ccm { + let mut final_block = [0]; + let n = ctx.cipher_final(&mut final_block)?; + assert_eq!(n, 0); + } + } else { + // Our algorithm here is: split the data into the full chunks, and + // the remaining partial chunk. Feed the full chunks into OpenSSL + // and let it write the results to `out`. Then feed the trailer + // in, allowing it to write the results to a buffer on the + // stack -- this never writes anything. Finally, finalize the AEAD + // and let it write the results to the stack buffer, then copy + // from the stack buffer over to `out`. The indirection via the + // stack buffer is required because OpenSSL uses it as scratch + // space, and `out` wouldn't be long enough. + let (initial, trailer) = data.split_at((data.len() / bs) * bs); + + let n = + // SAFETY: `initial.len()` is a precise multiple of the block + // size, which means the space required in the output is + // exactly `initial.len()`. + unsafe { ctx.cipher_update_unchecked(initial, Some(&mut out[..initial.len()]))? }; + assert_eq!(n, initial.len()); + + assert!(bs <= 16); + let mut buf = [0; 32]; + let n = ctx.cipher_update(trailer, Some(&mut buf))?; + assert_eq!(n, 0); + + let n = ctx.cipher_final(&mut buf)?; + assert_eq!(n, trailer.len()); + out[initial.len()..].copy_from_slice(&buf[..n]); + } + + Ok(()) + } + + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + plaintext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + let mut ctx = openssl::cipher_ctx::CipherCtx::new()?; + ctx.copy(&self.base_encryption_ctx)?; + Self::encrypt_with_context( + py, + ctx, + plaintext, + aad, + nonce, + self.tag_len, + self.tag_first, + false, + ) + } + + #[allow(clippy::too_many_arguments)] + fn encrypt_with_context<'p>( + py: pyo3::Python<'p>, + mut ctx: openssl::cipher_ctx::CipherCtx, + plaintext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + tag_len: usize, + tag_first: bool, + is_ccm: bool, + ) -> CryptographyResult> { + check_length(plaintext)?; + + if !is_ccm { + if let Some(nonce) = nonce { + ctx.set_iv_length(nonce.len())?; + } + ctx.encrypt_init(None, None, nonce)?; + } + if is_ccm { + ctx.set_data_len(plaintext.len())?; + } + + Self::process_aad(&mut ctx, aad)?; + + Ok(pyo3::types::PyBytes::new_bound_with( + py, + plaintext.len() + tag_len, + |b| { + let ciphertext; + let tag; + if tag_first { + (tag, ciphertext) = b.split_at_mut(tag_len); + } else { + (ciphertext, tag) = b.split_at_mut(plaintext.len()); + } + + Self::process_data(&mut ctx, plaintext, ciphertext, is_ccm)?; + + ctx.tag(tag).map_err(CryptographyError::from)?; + + Ok(()) + }, + )?) + } + + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + ciphertext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + let mut ctx = openssl::cipher_ctx::CipherCtx::new()?; + ctx.copy(&self.base_decryption_ctx)?; + Self::decrypt_with_context( + py, + ctx, + ciphertext, + aad, + nonce, + self.tag_len, + self.tag_first, + false, + ) + } + + #[allow(clippy::too_many_arguments)] + fn decrypt_with_context<'p>( + py: pyo3::Python<'p>, + mut ctx: openssl::cipher_ctx::CipherCtx, + ciphertext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + tag_len: usize, + tag_first: bool, + is_ccm: bool, + ) -> CryptographyResult> { + if ciphertext.len() < tag_len { + return Err(CryptographyError::from(exceptions::InvalidTag::new_err(()))); + } + + let tag; + let ciphertext_data; + if tag_first { + // RFC 5297 defines the output as IV || C, where the tag we generate + // is the "IV" and C is the ciphertext. This is the opposite of our + // other AEADs, which are Ciphertext || Tag. + (tag, ciphertext_data) = ciphertext.split_at(tag_len); + } else { + (ciphertext_data, tag) = ciphertext.split_at(ciphertext.len() - tag_len); + } + + if !is_ccm { + if let Some(nonce) = nonce { + ctx.set_iv_length(nonce.len())?; + } + + ctx.decrypt_init(None, None, nonce)?; + ctx.set_tag(tag)?; + } + if is_ccm { + ctx.set_data_len(ciphertext_data.len())?; + } + + Self::process_aad(&mut ctx, aad)?; + + Ok(pyo3::types::PyBytes::new_bound_with( + py, + ciphertext_data.len(), + |b| { + Self::process_data(&mut ctx, ciphertext_data, b, is_ccm) + .map_err(|_| exceptions::InvalidTag::new_err(()))?; + + Ok(()) + }, + )?) + } +} + +struct LazyEvpCipherAead { + cipher: &'static openssl::cipher::CipherRef, + key: pyo3::Py, + + tag_len: usize, + tag_first: bool, + is_ccm: bool, +} + +impl LazyEvpCipherAead { + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + fn new( + cipher: &'static openssl::cipher::CipherRef, + key: pyo3::Py, + tag_len: usize, + tag_first: bool, + is_ccm: bool, + ) -> LazyEvpCipherAead { + LazyEvpCipherAead { + cipher, + key, + tag_len, + tag_first, + is_ccm, + } + } + + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + plaintext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + let key_buf = self.key.bind(py).extract::>()?; + + let mut encryption_ctx = openssl::cipher_ctx::CipherCtx::new()?; + if self.is_ccm { + encryption_ctx.encrypt_init(Some(self.cipher), None, None)?; + encryption_ctx.set_iv_length(nonce.as_ref().unwrap().len())?; + encryption_ctx.set_tag_length(self.tag_len)?; + encryption_ctx.encrypt_init(None, Some(key_buf.as_bytes()), nonce)?; + } else { + encryption_ctx.encrypt_init(Some(self.cipher), Some(key_buf.as_bytes()), None)?; + } + + EvpCipherAead::encrypt_with_context( + py, + encryption_ctx, + plaintext, + aad, + nonce, + self.tag_len, + self.tag_first, + self.is_ccm, + ) + } + + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + ciphertext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + let key_buf = self.key.bind(py).extract::>()?; + + let mut decryption_ctx = openssl::cipher_ctx::CipherCtx::new()?; + if self.is_ccm { + decryption_ctx.decrypt_init(Some(self.cipher), None, None)?; + decryption_ctx.set_iv_length(nonce.as_ref().unwrap().len())?; + + if ciphertext.len() < self.tag_len { + return Err(CryptographyError::from(exceptions::InvalidTag::new_err(()))); + } + + let (_, tag) = ciphertext.split_at(ciphertext.len() - self.tag_len); + decryption_ctx.set_tag(tag)?; + + decryption_ctx.decrypt_init(None, Some(key_buf.as_bytes()), nonce)?; + } else { + decryption_ctx.decrypt_init(Some(self.cipher), Some(key_buf.as_bytes()), None)?; + } + + EvpCipherAead::decrypt_with_context( + py, + decryption_ctx, + ciphertext, + aad, + nonce, + self.tag_len, + self.tag_first, + self.is_ccm, + ) + } +} + +#[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] +struct EvpAead { + ctx: cryptography_openssl::aead::AeadCtx, + tag_len: usize, +} + +#[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] +impl EvpAead { + fn new( + algorithm: cryptography_openssl::aead::AeadType, + key: &[u8], + tag_len: usize, + ) -> CryptographyResult { + Ok(EvpAead { + ctx: cryptography_openssl::aead::AeadCtx::new(algorithm, key)?, + tag_len, + }) + } + + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + plaintext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + check_length(plaintext)?; + + let ad = if let Some(Aad::Single(ad)) = &aad { + check_length(ad.as_bytes())?; + ad.as_bytes() + } else { + assert!(aad.is_none()); + b"" + }; + Ok(pyo3::types::PyBytes::new_bound_with( + py, + plaintext.len() + self.tag_len, + |b| { + self.ctx + .encrypt(plaintext, nonce.unwrap_or(b""), ad, b) + .map_err(CryptographyError::from)?; + Ok(()) + }, + )?) + } + + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + ciphertext: &[u8], + aad: Option>, + nonce: Option<&[u8]>, + ) -> CryptographyResult> { + if ciphertext.len() < self.tag_len { + return Err(CryptographyError::from(exceptions::InvalidTag::new_err(()))); + } + + let ad = if let Some(Aad::Single(ad)) = &aad { + check_length(ad.as_bytes())?; + ad.as_bytes() + } else { + assert!(aad.is_none()); + b"" + }; + + Ok(pyo3::types::PyBytes::new_bound_with( + py, + ciphertext.len() - self.tag_len, + |b| { + self.ctx + .decrypt(ciphertext, nonce.unwrap_or(b""), ad, b) + .map_err(|_| exceptions::InvalidTag::new_err(()))?; + + Ok(()) + }, + )?) + } +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.aead")] +struct ChaCha20Poly1305 { + #[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] + ctx: EvpAead, + #[cfg(any( + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER, + CRYPTOGRAPHY_IS_LIBRESSL, + all( + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER), + not(CRYPTOGRAPHY_IS_BORINGSSL) + ) + ))] + ctx: EvpCipherAead, + #[cfg(not(any( + CRYPTOGRAPHY_IS_LIBRESSL, + CRYPTOGRAPHY_IS_BORINGSSL, + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER), + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER + )))] + ctx: LazyEvpCipherAead, +} + +#[pyo3::pymethods] +impl ChaCha20Poly1305 { + #[new] + fn new(py: pyo3::Python<'_>, key: pyo3::Py) -> CryptographyResult { + let key_buf = key.extract::>(py)?; + if key_buf.as_bytes().len() != 32 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("ChaCha20Poly1305 key must be 32 bytes."), + )); + } + + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] { + Ok(ChaCha20Poly1305 { + ctx: EvpAead::new( + cryptography_openssl::aead::AeadType::ChaCha20Poly1305, + key_buf.as_bytes(), + 16, + )?, + }) + } else if #[cfg(any( + CRYPTOGRAPHY_IS_LIBRESSL, + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER, + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER + )))] { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "ChaCha20Poly1305 is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + + Ok(ChaCha20Poly1305 { + ctx: EvpCipherAead::new( + openssl::cipher::Cipher::chacha20_poly1305(), + key_buf.as_bytes(), + 16, + false, + )?, + }) + } else { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "ChaCha20Poly1305 is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + + Ok(ChaCha20Poly1305{ + ctx: LazyEvpCipherAead::new( + openssl::cipher::Cipher::chacha20_poly1305(), + key, + 16, + false, + false, + ) + }) + } + } + } + + #[staticmethod] + fn generate_key(py: pyo3::Python<'_>) -> CryptographyResult> { + Ok(types::OS_URANDOM.get(py)?.call1((32,))?) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() != 12 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be 12 bytes"), + )); + } + + self.ctx + .encrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() != 12 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be 12 bytes"), + )); + } + + self.ctx + .decrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.aead", + name = "AESGCM" +)] +struct AesGcm { + #[cfg(any( + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER, + CRYPTOGRAPHY_IS_LIBRESSL, + CRYPTOGRAPHY_IS_BORINGSSL, + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER), + ))] + ctx: EvpCipherAead, + + #[cfg(not(any( + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER, + CRYPTOGRAPHY_IS_LIBRESSL, + CRYPTOGRAPHY_IS_BORINGSSL, + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER), + )))] + ctx: LazyEvpCipherAead, +} + +#[pyo3::pymethods] +impl AesGcm { + #[new] + fn new(py: pyo3::Python<'_>, key: pyo3::Py) -> CryptographyResult { + let key_buf = key.extract::>(py)?; + let cipher = match key_buf.as_bytes().len() { + 16 => openssl::cipher::Cipher::aes_128_gcm(), + 24 => openssl::cipher::Cipher::aes_192_gcm(), + 32 => openssl::cipher::Cipher::aes_256_gcm(), + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "AESGCM key must be 128, 192, or 256 bits.", + ), + )) + } + }; + + cfg_if::cfg_if! { + if #[cfg(any( + CRYPTOGRAPHY_OPENSSL_320_OR_GREATER, + CRYPTOGRAPHY_IS_BORINGSSL, + CRYPTOGRAPHY_IS_LIBRESSL, + not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER, + )))] { + Ok(AesGcm { + ctx: EvpCipherAead::new(cipher, key_buf.as_bytes(), 16, false)?, + }) + } else { + Ok(AesGcm { + ctx: LazyEvpCipherAead::new(cipher, key, 16, false, false), + }) + + } + } + } + + #[staticmethod] + fn generate_key( + py: pyo3::Python<'_>, + bit_length: usize, + ) -> CryptographyResult> { + if bit_length != 128 && bit_length != 192 && bit_length != 256 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"), + )); + } + + Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 8 || nonce_bytes.len() > 128 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 8 and 128 bytes"), + )); + } + + self.ctx + .encrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 8 || nonce_bytes.len() > 128 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 8 and 128 bytes"), + )); + } + + self.ctx + .decrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.aead", + name = "AESCCM" +)] +struct AesCcm { + ctx: LazyEvpCipherAead, +} + +#[pyo3::pymethods] +impl AesCcm { + #[new] + #[pyo3(signature = (key, tag_length=None))] + fn new( + py: pyo3::Python<'_>, + key: pyo3::Py, + tag_length: Option, + ) -> CryptographyResult { + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] { + let _ = py; + let _ = key; + let _ = tag_length; + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-CCM is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )) + } else { + let key_buf = key.extract::>(py)?; + let cipher = match key_buf.as_bytes().len() { + 16 => openssl::cipher::Cipher::aes_128_ccm(), + 24 => openssl::cipher::Cipher::aes_192_ccm(), + 32 => openssl::cipher::Cipher::aes_256_ccm(), + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "AESCCM key must be 128, 192, or 256 bits.", + ), + )) + } + }; + let tag_length = tag_length.unwrap_or(16); + if ![4, 6, 8, 10, 12, 14, 16].contains(&tag_length) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid tag_length"), + )); + } + + Ok(AesCcm { + ctx: LazyEvpCipherAead::new(cipher, key, tag_length, false, true), + }) + } + } + } + + #[staticmethod] + fn generate_key( + py: pyo3::Python<'_>, + bit_length: usize, + ) -> CryptographyResult> { + if bit_length != 128 && bit_length != 192 && bit_length != 256 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"), + )); + } + + Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let data_bytes = data.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 7 || nonce_bytes.len() > 13 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 7 and 13 bytes"), + )); + } + + check_length(data_bytes)?; + // For information about computing this, see + // https://tools.ietf.org/html/rfc3610#section-2.1 + let l_val = 15 - nonce_bytes.len(); + let max_length = 1usize.checked_shl(8 * l_val as u32); + // If `max_length` overflowed, then it's not possible for data to be + // longer than it. + if max_length.map(|v| v < data_bytes.len()).unwrap_or(false) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Data too long for nonce"), + )); + } + + self.ctx.encrypt(py, data_bytes, aad, Some(nonce_bytes)) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let data_bytes = data.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 7 || nonce_bytes.len() > 13 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 7 and 13 bytes"), + )); + } + // For information about computing this, see + // https://tools.ietf.org/html/rfc3610#section-2.1 + let l_val = 15 - nonce_bytes.len(); + let max_length = 1usize.checked_shl(8 * l_val as u32); + // If `max_length` overflowed, then it's not possible for data to be + // longer than it. + if max_length.map(|v| v < data_bytes.len()).unwrap_or(false) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Data too long for nonce"), + )); + } + + self.ctx.decrypt(py, data_bytes, aad, Some(nonce_bytes)) + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.aead", + name = "AESSIV" +)] +struct AesSiv { + ctx: EvpCipherAead, +} + +#[pyo3::pymethods] +impl AesSiv { + #[new] + fn new(key: CffiBuf<'_>) -> CryptographyResult { + let cipher_name = match key.as_bytes().len() { + 32 => "aes-128-siv", + 48 => "aes-192-siv", + 64 => "aes-256-siv", + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "AESSIV key must be 256, 384, or 512 bits.", + ), + )) + } + }; + + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-SIV is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + + let cipher = openssl::cipher::Cipher::fetch(None, cipher_name, None)?; + Ok(AesSiv { + ctx: EvpCipherAead::new(&cipher, key.as_bytes(), 16, true)?, + }) + } else { + _ = cipher_name; + + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-SIV is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )) + } + } + } + + #[staticmethod] + fn generate_key( + py: pyo3::Python<'_>, + bit_length: usize, + ) -> CryptographyResult> { + if bit_length != 256 && bit_length != 384 && bit_length != 512 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("bit_length must be 256, 384, or 512"), + )); + } + + Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?) + } + + #[pyo3(signature = (data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let data_bytes = data.as_bytes(); + let aad = associated_data.map(Aad::List); + + if data_bytes.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("data must not be zero length"), + )); + }; + self.ctx.encrypt(py, data_bytes, aad, None) + } + + #[pyo3(signature = (data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let aad = associated_data.map(Aad::List); + self.ctx.decrypt(py, data.as_bytes(), aad, None) + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.aead", + name = "AESOCB3" +)] +struct AesOcb3 { + ctx: EvpCipherAead, +} + +#[pyo3::pymethods] +impl AesOcb3 { + #[new] + fn new(key: CffiBuf<'_>) -> CryptographyResult { + cfg_if::cfg_if! { + if #[cfg(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL))] { + _ = key; + + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-OCB3 is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )) + } else { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-OCB3 is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + + let cipher = match key.as_bytes().len() { + 16 => openssl::cipher::Cipher::aes_128_ocb(), + 24 => openssl::cipher::Cipher::aes_192_ocb(), + 32 => openssl::cipher::Cipher::aes_256_ocb(), + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "AESOCB3 key must be 128, 192, or 256 bits.", + ), + )) + } + }; + + Ok(AesOcb3 { + ctx: EvpCipherAead::new(cipher, key.as_bytes(), 16, false)?, + }) + } + } + } + + #[staticmethod] + fn generate_key( + py: pyo3::Python<'_>, + bit_length: usize, + ) -> CryptographyResult> { + if bit_length != 128 && bit_length != 192 && bit_length != 256 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"), + )); + } + + Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 12 || nonce_bytes.len() > 15 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 12 and 15 bytes"), + )); + } + + self.ctx + .encrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if nonce_bytes.len() < 12 || nonce_bytes.len() > 15 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be between 12 and 15 bytes"), + )); + } + + self.ctx + .decrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.aead", + name = "AESGCMSIV" +)] +struct AesGcmSiv { + ctx: EvpCipherAead, +} + +#[pyo3::pymethods] +impl AesGcmSiv { + #[new] + fn new(key: CffiBuf<'_>) -> CryptographyResult { + let cipher_name = match key.as_bytes().len() { + 16 => "aes-128-gcm-siv", + 24 => "aes-192-gcm-siv", + 32 => "aes-256-gcm-siv", + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "AES-GCM-SIV key must be 128, 192 or 256 bits.", + ), + )) + } + }; + + cfg_if::cfg_if! { + if #[cfg(not(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER))] { + let _ = cipher_name; + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-GCM-SIV is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )) + } else { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "AES-GCM-SIV is not supported by this version of OpenSSL", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + let cipher = openssl::cipher::Cipher::fetch(None, cipher_name, None)?; + Ok(AesGcmSiv { + ctx: EvpCipherAead::new(&cipher, key.as_bytes(), 16, false)?, + }) + } + } + } + + #[staticmethod] + fn generate_key( + py: pyo3::Python<'_>, + bit_length: usize, + ) -> CryptographyResult> { + if bit_length != 128 && bit_length != 192 && bit_length != 256 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"), + )); + } + + Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let data_bytes = data.as_bytes(); + let aad = associated_data.map(Aad::Single); + + if data_bytes.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("data must not be zero length"), + )); + }; + if nonce_bytes.len() != 12 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be 12 bytes long"), + )); + } + self.ctx.encrypt(py, data_bytes, aad, Some(nonce_bytes)) + } + + #[pyo3(signature = (nonce, data, associated_data))] + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + nonce: CffiBuf<'_>, + data: CffiBuf<'_>, + associated_data: Option>, + ) -> CryptographyResult> { + let nonce_bytes = nonce.as_bytes(); + let aad = associated_data.map(Aad::Single); + if nonce_bytes.len() != 12 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Nonce must be 12 bytes long"), + )); + } + self.ctx + .decrypt(py, data.as_bytes(), aad, Some(nonce_bytes)) + } +} + +#[pyo3::pymodule] +pub(crate) mod aead { + #[pymodule_export] + use super::{AesCcm, AesGcm, AesGcmSiv, AesOcb3, AesSiv, ChaCha20Poly1305}; +} diff --git a/src/rust/src/backend/cipher_registry.rs b/src/rust/src/backend/cipher_registry.rs new file mode 100644 index 0000000..6157010 --- /dev/null +++ b/src/rust/src/backend/cipher_registry.rs @@ -0,0 +1,329 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::collections::HashMap; + +use openssl::cipher::Cipher; +use pyo3::types::PyAnyMethods; + +use crate::error::CryptographyResult; +use crate::types; + +struct RegistryKey { + algorithm: pyo3::PyObject, + mode: pyo3::PyObject, + key_size: Option, + + algorithm_hash: isize, + mode_hash: isize, +} + +impl RegistryKey { + fn new( + py: pyo3::Python<'_>, + algorithm: pyo3::PyObject, + mode: pyo3::PyObject, + key_size: Option, + ) -> CryptographyResult { + Ok(Self { + algorithm: algorithm.clone_ref(py), + mode: mode.clone_ref(py), + key_size, + algorithm_hash: algorithm.bind(py).hash()?, + mode_hash: mode.bind(py).hash()?, + }) + } +} + +impl PartialEq for RegistryKey { + fn eq(&self, other: &RegistryKey) -> bool { + self.algorithm.is(&other.algorithm) + && self.mode.is(&other.mode) + && (self.key_size == other.key_size + || self.key_size.is_none() + || other.key_size.is_none()) + } +} + +impl Eq for RegistryKey {} + +impl std::hash::Hash for RegistryKey { + fn hash(&self, state: &mut H) { + self.algorithm_hash.hash(state); + self.mode_hash.hash(state); + } +} + +enum RegistryCipher { + Ref(&'static openssl::cipher::CipherRef), + Owned(Cipher), +} + +impl From<&'static openssl::cipher::CipherRef> for RegistryCipher { + fn from(c: &'static openssl::cipher::CipherRef) -> RegistryCipher { + RegistryCipher::Ref(c) + } +} + +impl From for RegistryCipher { + fn from(c: Cipher) -> RegistryCipher { + RegistryCipher::Owned(c) + } +} + +struct RegistryBuilder<'p> { + py: pyo3::Python<'p>, + m: HashMap, +} + +impl<'p> RegistryBuilder<'p> { + fn new(py: pyo3::Python<'p>) -> Self { + RegistryBuilder { + py, + m: HashMap::new(), + } + } + + fn add( + &mut self, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + mode: &pyo3::Bound<'_, pyo3::PyAny>, + key_size: Option, + cipher: impl Into, + ) -> CryptographyResult<()> { + self.m.insert( + RegistryKey::new( + self.py, + algorithm.clone().unbind(), + mode.clone().unbind(), + key_size, + )?, + cipher.into(), + ); + + Ok(()) + } + + fn build(self) -> HashMap { + self.m + } +} + +fn get_cipher_registry( + py: pyo3::Python<'_>, +) -> CryptographyResult<&HashMap> { + static REGISTRY: pyo3::sync::GILOnceCell> = + pyo3::sync::GILOnceCell::new(); + + REGISTRY.get_or_try_init(py, || { + let mut m = RegistryBuilder::new(py); + + let aes = types::AES.get(py)?; + let aes128 = types::AES128.get(py)?; + let aes256 = types::AES256.get(py)?; + let triple_des = types::TRIPLE_DES.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAMELLIA"))] + let camellia = types::CAMELLIA.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_BF"))] + let blowfish = types::BLOWFISH.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAST"))] + let cast5 = types::CAST5.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_IDEA"))] + let idea = types::IDEA.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SM4"))] + let sm4 = types::SM4.get(py)?; + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SEED"))] + let seed = types::SEED.get(py)?; + let arc4 = types::ARC4.get(py)?; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + let chacha20 = types::CHACHA20.get(py)?; + let rc2 = types::RC2.get(py)?; + + let cbc = types::CBC.get(py)?; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + let cfb = types::CFB.get(py)?; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + let cfb8 = types::CFB8.get(py)?; + let ofb = types::OFB.get(py)?; + let ecb = types::ECB.get(py)?; + let ctr = types::CTR.get(py)?; + let gcm = types::GCM.get(py)?; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + let xts = types::XTS.get(py)?; + + let none = py.None(); + let none_type = none.bind(py).get_type(); + + m.add(&aes, &cbc, Some(128), Cipher::aes_128_cbc())?; + m.add(&aes, &cbc, Some(192), Cipher::aes_192_cbc())?; + m.add(&aes, &cbc, Some(256), Cipher::aes_256_cbc())?; + + m.add(&aes, &ofb, Some(128), Cipher::aes_128_ofb())?; + m.add(&aes, &ofb, Some(192), Cipher::aes_192_ofb())?; + m.add(&aes, &ofb, Some(256), Cipher::aes_256_ofb())?; + + m.add(&aes, &gcm, Some(128), Cipher::aes_128_gcm())?; + m.add(&aes, &gcm, Some(192), Cipher::aes_192_gcm())?; + m.add(&aes, &gcm, Some(256), Cipher::aes_256_gcm())?; + + m.add(&aes, &ctr, Some(128), Cipher::aes_128_ctr())?; + m.add(&aes, &ctr, Some(192), Cipher::aes_192_ctr())?; + m.add(&aes, &ctr, Some(256), Cipher::aes_256_ctr())?; + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + { + m.add(&aes, &cfb8, Some(128), Cipher::aes_128_cfb8())?; + m.add(&aes, &cfb8, Some(192), Cipher::aes_192_cfb8())?; + m.add(&aes, &cfb8, Some(256), Cipher::aes_256_cfb8())?; + + m.add(&aes, &cfb, Some(128), Cipher::aes_128_cfb128())?; + m.add(&aes, &cfb, Some(192), Cipher::aes_192_cfb128())?; + m.add(&aes, &cfb, Some(256), Cipher::aes_256_cfb128())?; + } + + m.add(&aes, &ecb, Some(128), Cipher::aes_128_ecb())?; + m.add(&aes, &ecb, Some(192), Cipher::aes_192_ecb())?; + m.add(&aes, &ecb, Some(256), Cipher::aes_256_ecb())?; + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + { + m.add(&aes, &xts, Some(256), Cipher::aes_128_xts())?; + m.add(&aes, &xts, Some(512), Cipher::aes_256_xts())?; + } + + m.add(&aes128, &cbc, Some(128), Cipher::aes_128_cbc())?; + m.add(&aes256, &cbc, Some(256), Cipher::aes_256_cbc())?; + + m.add(&aes128, &ofb, Some(128), Cipher::aes_128_ofb())?; + m.add(&aes256, &ofb, Some(256), Cipher::aes_256_ofb())?; + + m.add(&aes128, &gcm, Some(128), Cipher::aes_128_gcm())?; + m.add(&aes256, &gcm, Some(256), Cipher::aes_256_gcm())?; + + m.add(&aes128, &ctr, Some(128), Cipher::aes_128_ctr())?; + m.add(&aes256, &ctr, Some(256), Cipher::aes_256_ctr())?; + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + { + m.add(&aes128, &cfb8, Some(128), Cipher::aes_128_cfb8())?; + m.add(&aes256, &cfb8, Some(256), Cipher::aes_256_cfb8())?; + + m.add(&aes128, &cfb, Some(128), Cipher::aes_128_cfb128())?; + m.add(&aes256, &cfb, Some(256), Cipher::aes_256_cfb128())?; + } + + m.add(&aes128, &ecb, Some(128), Cipher::aes_128_ecb())?; + m.add(&aes256, &ecb, Some(256), Cipher::aes_256_ecb())?; + + m.add(&triple_des, &cbc, Some(192), Cipher::des_ede3_cbc())?; + m.add(&triple_des, &ecb, Some(192), Cipher::des_ede3_ecb())?; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + { + m.add(&triple_des, &cfb8, Some(192), Cipher::des_ede3_cfb8())?; + m.add(&triple_des, &cfb, Some(192), Cipher::des_ede3_cfb64())?; + m.add(&triple_des, &ofb, Some(192), Cipher::des_ede3_ofb())?; + } + + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAMELLIA"))] + { + m.add(&camellia, &cbc, Some(128), Cipher::camellia128_cbc())?; + m.add(&camellia, &cbc, Some(192), Cipher::camellia192_cbc())?; + m.add(&camellia, &cbc, Some(256), Cipher::camellia256_cbc())?; + + m.add(&camellia, &ecb, Some(128), Cipher::camellia128_ecb())?; + m.add(&camellia, &ecb, Some(192), Cipher::camellia192_ecb())?; + m.add(&camellia, &ecb, Some(256), Cipher::camellia256_ecb())?; + + m.add(&camellia, &ofb, Some(128), Cipher::camellia128_ofb())?; + m.add(&camellia, &ofb, Some(192), Cipher::camellia192_ofb())?; + m.add(&camellia, &ofb, Some(256), Cipher::camellia256_ofb())?; + + m.add(&camellia, &cfb, Some(128), Cipher::camellia128_cfb128())?; + m.add(&camellia, &cfb, Some(192), Cipher::camellia192_cfb128())?; + m.add(&camellia, &cfb, Some(256), Cipher::camellia256_cfb128())?; + } + + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SM4"))] + { + m.add(&sm4, &cbc, Some(128), Cipher::sm4_cbc())?; + m.add(&sm4, &ctr, Some(128), Cipher::sm4_ctr())?; + m.add(&sm4, &cfb, Some(128), Cipher::sm4_cfb128())?; + m.add(&sm4, &ofb, Some(128), Cipher::sm4_ofb())?; + m.add(&sm4, &ecb, Some(128), Cipher::sm4_ecb())?; + + #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] + if let Ok(c) = Cipher::fetch(None, "sm4-gcm", None) { + m.add(&sm4, &gcm, Some(128), c)?; + } + } + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + m.add(&chacha20, none_type.as_any(), None, Cipher::chacha20())?; + + // Don't register legacy ciphers if they're unavailable. In theory + // this shouldn't be necessary but OpenSSL 3 will return an EVP_CIPHER + // even when the cipher is unavailable. + if cfg!(not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)) + || types::LEGACY_PROVIDER_LOADED.get(py)?.is_truthy()? + { + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_BF"))] + { + m.add(&blowfish, &cbc, None, Cipher::bf_cbc())?; + m.add(&blowfish, &cfb, None, Cipher::bf_cfb64())?; + m.add(&blowfish, &ofb, None, Cipher::bf_ofb())?; + m.add(&blowfish, &ecb, None, Cipher::bf_ecb())?; + } + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SEED"))] + { + m.add(&seed, &cbc, Some(128), Cipher::seed_cbc())?; + m.add(&seed, &cfb, Some(128), Cipher::seed_cfb128())?; + m.add(&seed, &ofb, Some(128), Cipher::seed_ofb())?; + m.add(&seed, &ecb, Some(128), Cipher::seed_ecb())?; + } + + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAST"))] + { + m.add(&cast5, &cbc, None, Cipher::cast5_cbc())?; + m.add(&cast5, &ecb, None, Cipher::cast5_ecb())?; + m.add(&cast5, &ofb, None, Cipher::cast5_ofb())?; + m.add(&cast5, &cfb, None, Cipher::cast5_cfb64())?; + } + + #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_IDEA"))] + { + m.add(&idea, &cbc, Some(128), Cipher::idea_cbc())?; + m.add(&idea, &ecb, Some(128), Cipher::idea_ecb())?; + m.add(&idea, &ofb, Some(128), Cipher::idea_ofb())?; + m.add(&idea, &cfb, Some(128), Cipher::idea_cfb64())?; + } + + m.add(&arc4, none_type.as_any(), None, Cipher::rc4())?; + + if let Some(rc2_cbc) = Cipher::from_nid(openssl::nid::Nid::RC2_CBC) { + m.add(&rc2, &cbc, Some(128), rc2_cbc)?; + } + } + + Ok(m.build()) + }) +} + +pub(crate) fn get_cipher<'py>( + py: pyo3::Python<'py>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode_cls: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let registry = get_cipher_registry(py)?; + + let key_size = algorithm + .getattr(pyo3::intern!(py, "key_size"))? + .extract()?; + let key = RegistryKey::new(py, algorithm.get_type().into(), mode_cls.into(), key_size)?; + + match registry.get(&key) { + Some(RegistryCipher::Ref(c)) => Ok(Some(c)), + Some(RegistryCipher::Owned(c)) => Ok(Some(c)), + None => Ok(None), + } +} diff --git a/src/rust/src/backend/ciphers.rs b/src/rust/src/backend/ciphers.rs new file mode 100644 index 0000000..b1a2c24 --- /dev/null +++ b/src/rust/src/backend/ciphers.rs @@ -0,0 +1,614 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::cipher_registry; +use crate::buf::{CffiBuf, CffiMutBuf}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; +use crate::types; +use pyo3::types::PyAnyMethods; +use pyo3::IntoPy; + +pub(crate) struct CipherContext { + ctx: openssl::cipher_ctx::CipherCtx, + py_mode: pyo3::PyObject, + py_algorithm: pyo3::PyObject, + side: openssl::symm::Mode, +} + +impl CipherContext { + pub(crate) fn new( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode: pyo3::Bound<'_, pyo3::PyAny>, + side: openssl::symm::Mode, + ) -> CryptographyResult { + let cipher = + match cipher_registry::get_cipher(py, algorithm.clone(), mode.get_type().into_any())? { + Some(c) => c, + None => { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!( + "cipher {} in {} mode is not supported ", + algorithm.getattr(pyo3::intern!(py, "name"))?, + if mode.is_truthy()? { + mode.getattr(pyo3::intern!(py, "name"))? + } else { + mode + } + ), + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )) + } + }; + + let iv_nonce = if mode.is_instance(&types::MODE_WITH_INITIALIZATION_VECTOR.get(py)?)? { + Some( + mode.getattr(pyo3::intern!(py, "initialization_vector"))? + .extract::>()?, + ) + } else if mode.is_instance(&types::MODE_WITH_TWEAK.get(py)?)? { + Some( + mode.getattr(pyo3::intern!(py, "tweak"))? + .extract::>()?, + ) + } else if mode.is_instance(&types::MODE_WITH_NONCE.get(py)?)? { + Some( + mode.getattr(pyo3::intern!(py, "nonce"))? + .extract::>()?, + ) + } else if algorithm.is_instance(&types::CHACHA20.get(py)?)? { + Some( + algorithm + .getattr(pyo3::intern!(py, "nonce"))? + .extract::>()?, + ) + } else { + None + }; + + let key = algorithm + .getattr(pyo3::intern!(py, "key"))? + .extract::>()?; + + let init_op = match side { + openssl::symm::Mode::Encrypt => openssl::cipher_ctx::CipherCtxRef::encrypt_init, + openssl::symm::Mode::Decrypt => openssl::cipher_ctx::CipherCtxRef::decrypt_init, + }; + + let mut ctx = openssl::cipher_ctx::CipherCtx::new()?; + init_op(&mut ctx, Some(cipher), None, None)?; + ctx.set_key_length(key.as_bytes().len())?; + + if let Some(iv) = iv_nonce.as_ref() { + if cipher.iv_length() != 0 && cipher.iv_length() != iv.as_bytes().len() { + ctx.set_iv_length(iv.as_bytes().len())?; + } + } + + if mode.is_instance(&types::XTS.get(py)?)? { + init_op( + &mut ctx, + None, + Some(key.as_bytes()), + iv_nonce.as_ref().map(|b| b.as_bytes()), + ) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "In XTS mode duplicated keys are not allowed", + ) + })?; + } else { + init_op( + &mut ctx, + None, + Some(key.as_bytes()), + iv_nonce.as_ref().map(|b| b.as_bytes()), + )?; + }; + + ctx.set_padding(false); + + Ok(CipherContext { + ctx, + py_mode: mode.into(), + py_algorithm: algorithm.into(), + side, + }) + } + + fn reset_nonce(&mut self, py: pyo3::Python<'_>, nonce: CffiBuf<'_>) -> CryptographyResult<()> { + if !self + .py_mode + .bind(py) + .is_instance(&types::MODE_WITH_NONCE.get(py)?)? + && !self + .py_algorithm + .bind(py) + .is_instance(&types::CHACHA20.get(py)?)? + { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "This algorithm or mode does not support resetting the nonce.", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )), + )); + } + if nonce.as_bytes().len() != self.ctx.iv_length() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Nonce must be {} bytes long", + self.ctx.iv_length() + )), + )); + } + let init_op = match self.side { + openssl::symm::Mode::Encrypt => openssl::cipher_ctx::CipherCtxRef::encrypt_init, + openssl::symm::Mode::Decrypt => openssl::cipher_ctx::CipherCtxRef::decrypt_init, + }; + init_op(&mut self.ctx, None, None, Some(nonce.as_bytes()))?; + Ok(()) + } + + fn update<'p>( + &mut self, + py: pyo3::Python<'p>, + buf: &[u8], + ) -> CryptographyResult> { + let mut out_buf = vec![0; buf.len() + self.ctx.block_size()]; + let n = self.update_into(py, buf, &mut out_buf)?; + Ok(pyo3::types::PyBytes::new_bound(py, &out_buf[..n])) + } + + pub(crate) fn update_into( + &mut self, + py: pyo3::Python<'_>, + buf: &[u8], + out_buf: &mut [u8], + ) -> CryptographyResult { + if out_buf.len() < (buf.len() + self.ctx.block_size() - 1) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "buffer must be at least {} bytes for this payload", + buf.len() + self.ctx.block_size() - 1 + )), + )); + } + + let mut total_written = 0; + for chunk in buf.chunks(1 << 29) { + // SAFETY: We ensure that outbuf is sufficiently large above. + unsafe { + let n = if self.py_mode.bind(py).is_instance(&types::XTS.get(py)?)? { + self.ctx.cipher_update_unchecked(chunk, Some(&mut out_buf[total_written..])).map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "In XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes." + ) + })? + } else { + self.ctx + .cipher_update_unchecked(chunk, Some(&mut out_buf[total_written..]))? + }; + total_written += n; + } + } + + Ok(total_written) + } + + fn authenticate_additional_data(&mut self, buf: &[u8]) -> CryptographyResult<()> { + self.ctx.cipher_update(buf, None)?; + Ok(()) + } + + pub(crate) fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let mut out_buf = vec![0; self.ctx.block_size()]; + let n = self.ctx.cipher_final(&mut out_buf).or_else(|e| { + if e.errors().is_empty() + && self + .py_mode + .bind(py) + .is_instance(&types::MODE_WITH_AUTHENTICATION_TAG.get(py)?)? + { + return Err(CryptographyError::from(exceptions::InvalidTag::new_err(()))); + } + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "The length of the provided data is not a multiple of the block length.", + ), + )) + })?; + Ok(pyo3::types::PyBytes::new_bound(py, &out_buf[..n])) + } +} + +#[pyo3::pyclass( + module = "cryptography.hazmat.bindings._rust.openssl.ciphers", + name = "CipherContext" +)] +struct PyCipherContext { + ctx: Option, +} + +#[pyo3::pyclass( + module = "cryptography.hazmat.bindings._rust.openssl.ciphers", + name = "AEADEncryptionContext" +)] +struct PyAEADEncryptionContext { + ctx: Option, + tag: Option>, + updated: bool, + bytes_remaining: u64, + aad_bytes_remaining: u64, +} + +#[pyo3::pyclass( + module = "cryptography.hazmat.bindings._rust.openssl.ciphers", + name = "AEADDecryptionContext" +)] +struct PyAEADDecryptionContext { + ctx: Option, + updated: bool, + bytes_remaining: u64, + aad_bytes_remaining: u64, +} + +fn get_mut_ctx(ctx: Option<&mut CipherContext>) -> pyo3::PyResult<&mut CipherContext> { + ctx.ok_or_else(|| exceptions::AlreadyFinalized::new_err("Context was already finalized.")) +} + +#[pyo3::pymethods] +impl PyCipherContext { + fn update<'p>( + &mut self, + py: pyo3::Python<'p>, + buf: CffiBuf<'_>, + ) -> CryptographyResult> { + get_mut_ctx(self.ctx.as_mut())?.update(py, buf.as_bytes()) + } + + fn reset_nonce(&mut self, py: pyo3::Python<'_>, nonce: CffiBuf<'_>) -> CryptographyResult<()> { + get_mut_ctx(self.ctx.as_mut())?.reset_nonce(py, nonce) + } + + fn update_into( + &mut self, + py: pyo3::Python<'_>, + buf: CffiBuf<'_>, + mut out_buf: CffiMutBuf<'_>, + ) -> CryptographyResult { + get_mut_ctx(self.ctx.as_mut())?.update_into(py, buf.as_bytes(), out_buf.as_mut_bytes()) + } + + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let result = get_mut_ctx(self.ctx.as_mut())?.finalize(py)?; + self.ctx = None; + Ok(result) + } +} + +#[pyo3::pymethods] +impl PyAEADEncryptionContext { + fn update<'p>( + &mut self, + py: pyo3::Python<'p>, + buf: CffiBuf<'_>, + ) -> CryptographyResult> { + let data = buf.as_bytes(); + + self.updated = true; + self.bytes_remaining = self + .bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum encrypted byte limit") + })?; + get_mut_ctx(self.ctx.as_mut())?.update(py, data) + } + + fn update_into( + &mut self, + py: pyo3::Python<'_>, + buf: CffiBuf<'_>, + mut out_buf: CffiMutBuf<'_>, + ) -> CryptographyResult { + let data = buf.as_bytes(); + + self.updated = true; + self.bytes_remaining = self + .bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum encrypted byte limit") + })?; + get_mut_ctx(self.ctx.as_mut())?.update_into(py, data, out_buf.as_mut_bytes()) + } + + fn authenticate_additional_data(&mut self, buf: CffiBuf<'_>) -> CryptographyResult<()> { + let ctx = get_mut_ctx(self.ctx.as_mut())?; + if self.updated { + return Err(CryptographyError::from( + exceptions::AlreadyUpdated::new_err("Update has been called on this context."), + )); + } + + let data = buf.as_bytes(); + self.aad_bytes_remaining = self + .aad_bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum AAD byte limit") + })?; + ctx.authenticate_additional_data(data) + } + + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let ctx = get_mut_ctx(self.ctx.as_mut())?; + let result = ctx.finalize(py)?; + + // XXX: do not hard code 16 + let tag = pyo3::types::PyBytes::new_bound_with(py, 16, |t| { + ctx.ctx.tag(t).map_err(CryptographyError::from)?; + Ok(()) + })?; + self.tag = Some(tag.unbind()); + self.ctx = None; + + Ok(result) + } + + #[getter] + fn tag(&self, py: pyo3::Python<'_>) -> CryptographyResult> { + Ok(self + .tag + .as_ref() + .ok_or_else(|| { + exceptions::NotYetFinalized::new_err( + "You must finalize encryption before getting the tag.", + ) + })? + .clone_ref(py)) + } + + fn reset_nonce(&mut self, py: pyo3::Python<'_>, nonce: CffiBuf<'_>) -> CryptographyResult<()> { + get_mut_ctx(self.ctx.as_mut())?.reset_nonce(py, nonce) + } +} + +#[pyo3::pymethods] +impl PyAEADDecryptionContext { + fn update<'p>( + &mut self, + py: pyo3::Python<'p>, + buf: CffiBuf<'_>, + ) -> CryptographyResult> { + let data = buf.as_bytes(); + + self.updated = true; + self.bytes_remaining = self + .bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum encrypted byte limit") + })?; + get_mut_ctx(self.ctx.as_mut())?.update(py, data) + } + + fn update_into( + &mut self, + py: pyo3::Python<'_>, + buf: CffiBuf<'_>, + mut out_buf: CffiMutBuf<'_>, + ) -> CryptographyResult { + let data = buf.as_bytes(); + + self.updated = true; + self.bytes_remaining = self + .bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum encrypted byte limit") + })?; + get_mut_ctx(self.ctx.as_mut())?.update_into(py, data, out_buf.as_mut_bytes()) + } + + fn authenticate_additional_data(&mut self, buf: CffiBuf<'_>) -> CryptographyResult<()> { + let ctx = get_mut_ctx(self.ctx.as_mut())?; + if self.updated { + return Err(CryptographyError::from( + exceptions::AlreadyUpdated::new_err("Update has been called on this context."), + )); + } + + let data = buf.as_bytes(); + self.aad_bytes_remaining = self + .aad_bytes_remaining + .checked_sub(data.len().try_into().unwrap()) + .ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Exceeded maximum AAD byte limit") + })?; + ctx.authenticate_additional_data(data) + } + + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let ctx = get_mut_ctx(self.ctx.as_mut())?; + + if ctx + .py_mode + .bind(py) + .getattr(pyo3::intern!(py, "tag"))? + .is_none() + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Authentication tag must be provided when decrypting.", + ), + )); + } + + let result = ctx.finalize(py)?; + self.ctx = None; + Ok(result) + } + + fn finalize_with_tag<'p>( + &mut self, + py: pyo3::Python<'p>, + tag: &[u8], + ) -> CryptographyResult> { + let ctx = get_mut_ctx(self.ctx.as_mut())?; + + if !ctx + .py_mode + .bind(py) + .getattr(pyo3::intern!(py, "tag"))? + .is_none() + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Authentication tag must be provided only once.", + ), + )); + } + + let min_tag_length = ctx + .py_mode + .bind(py) + .getattr(pyo3::intern!(py, "_min_tag_length"))? + .extract()?; + // XXX: Do not hard code 16 + if tag.len() < min_tag_length { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Authentication tag must be {} bytes or longer.", + min_tag_length + )), + )); + } else if tag.len() > 16 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Authentication tag cannot be more than {} bytes.", + 16 + )), + )); + } + + ctx.ctx.set_tag(tag)?; + let result = ctx.finalize(py)?; + self.ctx = None; + Ok(result) + } + + fn reset_nonce(&mut self, py: pyo3::Python<'_>, nonce: CffiBuf<'_>) -> CryptographyResult<()> { + get_mut_ctx(self.ctx.as_mut())?.reset_nonce(py, nonce) + } +} + +#[pyo3::pyfunction] +fn create_encryption_ctx( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let ctx = CipherContext::new(py, algorithm, mode.clone(), openssl::symm::Mode::Encrypt)?; + + if mode.is_instance(&types::MODE_WITH_AUTHENTICATION_TAG.get(py)?)? { + Ok(PyAEADEncryptionContext { + ctx: Some(ctx), + tag: None, + updated: false, + bytes_remaining: mode + .getattr(pyo3::intern!(py, "_MAX_ENCRYPTED_BYTES"))? + .extract()?, + aad_bytes_remaining: mode + .getattr(pyo3::intern!(py, "_MAX_AAD_BYTES"))? + .extract()?, + } + .into_py(py)) + } else { + Ok(PyCipherContext { ctx: Some(ctx) }.into_py(py)) + } +} + +#[pyo3::pyfunction] +fn create_decryption_ctx( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let mut ctx = CipherContext::new(py, algorithm, mode.clone(), openssl::symm::Mode::Decrypt)?; + + if mode.is_instance(&types::MODE_WITH_AUTHENTICATION_TAG.get(py)?)? { + if let Some(tag) = mode + .getattr(pyo3::intern!(py, "tag"))? + .extract::>()? + { + ctx.ctx.set_tag(&tag)?; + } + + Ok(PyAEADDecryptionContext { + ctx: Some(ctx), + updated: false, + bytes_remaining: mode + .getattr(pyo3::intern!(py, "_MAX_ENCRYPTED_BYTES"))? + .extract()?, + aad_bytes_remaining: mode + .getattr(pyo3::intern!(py, "_MAX_AAD_BYTES"))? + .extract()?, + } + .into_py(py)) + } else { + Ok(PyCipherContext { ctx: Some(ctx) }.into_py(py)) + } +} + +#[pyo3::pyfunction] +fn cipher_supported( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + Ok(cipher_registry::get_cipher(py, algorithm, mode.get_type().into_any())?.is_some()) +} + +#[pyo3::pyfunction] +fn _advance(ctx: pyo3::Bound<'_, pyo3::PyAny>, n: u64) { + if let Ok(c) = ctx.downcast::() { + c.borrow_mut().bytes_remaining -= n; + } else if let Ok(c) = ctx.downcast::() { + c.borrow_mut().bytes_remaining -= n; + } +} + +#[pyo3::pyfunction] +fn _advance_aad(ctx: pyo3::Bound<'_, pyo3::PyAny>, n: u64) { + if let Ok(c) = ctx.downcast::() { + c.borrow_mut().aad_bytes_remaining -= n; + } else if let Ok(c) = ctx.downcast::() { + c.borrow_mut().aad_bytes_remaining -= n; + } +} + +#[pyo3::pymodule] +pub(crate) mod ciphers { + #[pymodule_export] + use super::{ + _advance, _advance_aad, cipher_supported, create_decryption_ctx, create_encryption_ctx, + PyAEADDecryptionContext, PyAEADEncryptionContext, PyCipherContext, + }; +} diff --git a/src/rust/src/backend/cmac.rs b/src/rust/src/backend/cmac.rs new file mode 100644 index 0000000..6a87379 --- /dev/null +++ b/src/rust/src/backend/cmac.rs @@ -0,0 +1,107 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::cipher_registry; +use crate::backend::hashes::already_finalized_error; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; +use pyo3::types::{PyAnyMethods, PyBytesMethods}; + +#[pyo3::pyclass( + module = "cryptography.hazmat.bindings._rust.openssl.cmac", + name = "CMAC" +)] +struct Cmac { + ctx: Option, +} + +impl Cmac { + fn get_ctx(&self) -> CryptographyResult<&cryptography_openssl::cmac::Cmac> { + if let Some(ctx) = self.ctx.as_ref() { + return Ok(ctx); + }; + Err(already_finalized_error()) + } + + fn get_mut_ctx(&mut self) -> CryptographyResult<&mut cryptography_openssl::cmac::Cmac> { + if let Some(ctx) = self.ctx.as_mut() { + return Ok(ctx); + } + Err(already_finalized_error()) + } +} + +#[pyo3::pymethods] +impl Cmac { + #[new] + #[pyo3(signature = (algorithm, backend=None))] + fn new( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + if !algorithm.is_instance(&types::BLOCK_CIPHER_ALGORITHM.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Expected instance of BlockCipherAlgorithm.", + ), + )); + } + + let cipher = cipher_registry::get_cipher(py, algorithm.clone(), types::CBC.get(py)?)? + .ok_or_else(|| { + exceptions::UnsupportedAlgorithm::new_err(( + "CMAC is not supported with this algorithm", + exceptions::Reasons::UNSUPPORTED_CIPHER, + )) + })?; + + let key = algorithm + .getattr(pyo3::intern!(py, "key"))? + .extract::>()?; + let ctx = cryptography_openssl::cmac::Cmac::new(key.as_bytes(), cipher)?; + Ok(Cmac { ctx: Some(ctx) }) + } + + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + self.get_mut_ctx()?.update(data.as_bytes())?; + Ok(()) + } + + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let data = self.get_mut_ctx()?.finish()?; + self.ctx = None; + Ok(pyo3::types::PyBytes::new_bound(py, &data)) + } + + fn verify(&mut self, py: pyo3::Python<'_>, signature: &[u8]) -> CryptographyResult<()> { + let actual = self.finalize(py)?; + let actual = actual.as_bytes(); + if actual.len() != signature.len() || !openssl::memcmp::eq(actual, signature) { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err("Signature did not match digest."), + )); + } + + Ok(()) + } + + fn copy(&self) -> CryptographyResult { + Ok(Cmac { + ctx: Some(self.get_ctx()?.copy()?), + }) + } +} + +#[pyo3::pymodule] +pub(crate) mod cmac { + #[pymodule_export] + use super::Cmac; +} diff --git a/src/rust/src/backend/dh.rs b/src/rust/src/backend/dh.rs new file mode 100644 index 0000000..e6cdbb6 --- /dev/null +++ b/src/rust/src/backend/dh.rs @@ -0,0 +1,548 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use cryptography_x509::common; + +use crate::asn1::encode_der_data; +use crate::backend::utils; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{types, x509}; +use pyo3::types::PyAnyMethods; + +const MIN_MODULUS_SIZE: u32 = 512; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.dh")] +pub(crate) struct DHPrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.dh")] +pub(crate) struct DHPublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.dh")] +struct DHParameters { + dh: openssl::dh::Dh, +} + +#[pyo3::pyfunction] +#[pyo3(signature = (generator, key_size, backend=None))] +fn generate_parameters( + generator: u32, + key_size: u32, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + + if key_size < MIN_MODULUS_SIZE { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "DH key_size must be at least {MIN_MODULUS_SIZE} bits" + )), + )); + } + if generator != 2 && generator != 5 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("DH generator must be 2 or 5"), + )); + } + + let dh = openssl::dh::Dh::generate_params(key_size, generator) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Unable to generate DH parameters"))?; + Ok(DHParameters { dh }) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> DHPrivateKey { + DHPrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> DHPublicKey { + DHPublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +fn from_der_parameters( + data: &[u8], + backend: Option>, +) -> CryptographyResult { + let _ = backend; + let asn1_params = asn1::parse_single::>(data)?; + + let p = openssl::bn::BigNum::from_slice(asn1_params.p.as_bytes())?; + let q = asn1_params + .q + .map(|q| openssl::bn::BigNum::from_slice(q.as_bytes())) + .transpose()?; + let g = openssl::bn::BigNum::from_slice(asn1_params.g.as_bytes())?; + + Ok(DHParameters { + dh: openssl::dh::Dh::from_pqg(p, q, g)?, + }) +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +fn from_pem_parameters( + data: &[u8], + backend: Option>, +) -> CryptographyResult { + let _ = backend; + let parsed = x509::find_in_pem( + data, + |p| p.tag() == "DH PARAMETERS" || p.tag() == "X9.42 DH PARAMETERS", + "Valid PEM but no BEGIN DH PARAMETERS/END DH PARAMETERS delimiters. Are you sure this is a DH parameters?", + )?; + + from_der_parameters(parsed.contents(), None) +} + +fn dh_parameters_from_numbers( + py: pyo3::Python<'_>, + numbers: &DHParameterNumbers, +) -> CryptographyResult> { + let p = utils::py_int_to_bn(py, numbers.p.bind(py))?; + let q = numbers + .q + .as_ref() + .map(|v| utils::py_int_to_bn(py, v.bind(py))) + .transpose()?; + let g = utils::py_int_to_bn(py, numbers.g.bind(py))?; + + Ok(openssl::dh::Dh::from_pqg(p, q, g)?) +} + +fn clone_dh( + dh: &openssl::dh::Dh, +) -> CryptographyResult> { + let p = dh.prime_p().to_owned()?; + let q = dh.prime_q().map(|q| q.to_owned()).transpose()?; + let g = dh.generator().to_owned()?; + Ok(openssl::dh::Dh::from_pqg(p, q, g)?) +} + +#[pyo3::pymethods] +impl DHPrivateKey { + #[getter] + fn key_size(&self) -> i32 { + self.pkey.dh().unwrap().prime_p().num_bits() + } + + fn exchange<'p>( + &self, + py: pyo3::Python<'p>, + peer_public_key: &DHPublicKey, + ) -> CryptographyResult> { + let mut deriver = openssl::derive::Deriver::new(&self.pkey)?; + deriver + .set_peer(&peer_public_key.pkey) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Error computing shared key."))?; + + let len = deriver.len()?; + Ok(pyo3::types::PyBytes::new_bound_with(py, len, |b| { + let n = deriver.derive(b).unwrap(); + + let pad = b.len() - n; + if pad > 0 { + b.copy_within(0..n, pad); + for c in b.iter_mut().take(pad) { + *c = 0; + } + } + Ok(()) + })?) + } + + fn private_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let dh = self.pkey.dh().unwrap(); + + let py_p = utils::bn_to_py_int(py, dh.prime_p())?; + let py_q = dh + .prime_q() + .map(|q| utils::bn_to_py_int(py, q)) + .transpose()?; + let py_g = utils::bn_to_py_int(py, dh.generator())?; + + let py_pub_key = utils::bn_to_py_int(py, dh.public_key())?; + let py_private_key = utils::bn_to_py_int(py, dh.private_key())?; + + let parameter_numbers = DHParameterNumbers { + p: py_p.extract()?, + q: py_q.map(|q| q.extract()).transpose()?, + g: py_g.extract()?, + }; + let public_numbers = DHPublicNumbers { + y: py_pub_key.extract()?, + parameter_numbers: pyo3::Py::new(py, parameter_numbers)?, + }; + + Ok(DHPrivateNumbers { + x: py_private_key.extract()?, + public_numbers: pyo3::Py::new(py, public_numbers)?, + }) + } + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + fn public_key(&self) -> CryptographyResult { + let orig_dh = self.pkey.dh().unwrap(); + let dh = clone_dh(&orig_dh)?; + + let pkey = + openssl::pkey::PKey::from_dh(dh.set_public_key(orig_dh.public_key().to_owned()?)?)?; + + Ok(DHPublicKey { pkey }) + } + + fn parameters(&self) -> CryptographyResult { + Ok(DHParameters { + dh: clone_dh(&self.pkey.dh().unwrap())?, + }) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + if !format.is(&types::PRIVATE_FORMAT_PKCS8.get(py)?) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "DH private keys support only PKCS8 serialization", + ), + )); + } + + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + false, + ) + } +} + +#[pyo3::pymethods] +impl DHPublicKey { + #[getter] + fn key_size(&self) -> i32 { + self.pkey.dh().unwrap().prime_p().num_bits() + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + if !format.is(&types::PUBLIC_FORMAT_SUBJECT_PUBLIC_KEY_INFO.get(py)?) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "DH public keys support only SubjectPublicKeyInfo serialization", + ), + )); + } + + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, false) + } + + fn parameters(&self) -> CryptographyResult { + Ok(DHParameters { + dh: clone_dh(&self.pkey.dh().unwrap())?, + }) + } + + fn public_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let dh = self.pkey.dh().unwrap(); + + let py_p = utils::bn_to_py_int(py, dh.prime_p())?; + let py_q = dh + .prime_q() + .map(|q| utils::bn_to_py_int(py, q)) + .transpose()?; + let py_g = utils::bn_to_py_int(py, dh.generator())?; + + let py_pub_key = utils::bn_to_py_int(py, dh.public_key())?; + + let parameter_numbers = DHParameterNumbers { + p: py_p.extract()?, + q: py_q.map(|q| q.extract()).transpose()?, + g: py_g.extract()?, + }; + + Ok(DHPublicNumbers { + y: py_pub_key.extract()?, + parameter_numbers: pyo3::Py::new(py, parameter_numbers)?, + }) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymethods] +impl DHParameters { + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + fn generate_private_key(&self) -> CryptographyResult { + let dh = clone_dh(&self.dh)?.generate_key()?; + Ok(DHPrivateKey { + pkey: openssl::pkey::PKey::from_dh(dh)?, + }) + } + + fn parameter_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let py_p = utils::bn_to_py_int(py, self.dh.prime_p())?; + let py_q = self + .dh + .prime_q() + .map(|q| utils::bn_to_py_int(py, q)) + .transpose()?; + let py_g = utils::bn_to_py_int(py, self.dh.generator())?; + + Ok(DHParameterNumbers { + p: py_p.extract()?, + q: py_q.map(|q| q.extract()).transpose()?, + g: py_g.extract()?, + }) + } + + fn parameter_bytes<'p>( + &self, + py: pyo3::Python<'p>, + encoding: pyo3::Bound<'p, pyo3::PyAny>, + format: pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + if !format.is(&types::PARAMETER_FORMAT_PKCS3.get(py)?) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Only PKCS3 serialization is supported"), + )); + } + + let p_bytes = utils::bn_to_big_endian_bytes(self.dh.prime_p())?; + let q_bytes = self + .dh + .prime_q() + .map(utils::bn_to_big_endian_bytes) + .transpose()?; + let g_bytes = utils::bn_to_big_endian_bytes(self.dh.generator())?; + let asn1dh_params = common::DHParams { + p: asn1::BigUint::new(&p_bytes).unwrap(), + q: q_bytes.as_ref().map(|q| asn1::BigUint::new(q).unwrap()), + g: asn1::BigUint::new(&g_bytes).unwrap(), + }; + let data = asn1::write_single(&asn1dh_params)?; + let tag = if q_bytes.is_none() { + "DH PARAMETERS" + } else { + "X9.42 DH PARAMETERS" + }; + encode_der_data(py, tag.to_string(), data, &encoding) + } +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")] +struct DHPrivateNumbers { + #[pyo3(get)] + x: pyo3::Py, + #[pyo3(get)] + public_numbers: pyo3::Py, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")] +struct DHPublicNumbers { + #[pyo3(get)] + y: pyo3::Py, + #[pyo3(get)] + parameter_numbers: pyo3::Py, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")] +struct DHParameterNumbers { + #[pyo3(get)] + p: pyo3::Py, + #[pyo3(get)] + g: pyo3::Py, + #[pyo3(get)] + q: Option>, +} + +#[pyo3::pymethods] +impl DHPrivateNumbers { + #[new] + fn new( + x: pyo3::Py, + public_numbers: pyo3::Py, + ) -> DHPrivateNumbers { + DHPrivateNumbers { x, public_numbers } + } + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + #[pyo3(signature = (backend=None))] + fn private_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let dh = dh_parameters_from_numbers(py, self.public_numbers.get().parameter_numbers.get())?; + + let pub_key = utils::py_int_to_bn(py, self.public_numbers.get().y.bind(py))?; + let priv_key = utils::py_int_to_bn(py, self.x.bind(py))?; + + let dh = dh.set_key(pub_key, priv_key)?; + if !dh.check_key()? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "DH private numbers did not pass safety checks.", + ), + )); + } + + let pkey = openssl::pkey::PKey::from_dh(dh)?; + Ok(DHPrivateKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.x.bind(py).eq(other.x.bind(py))? + && self + .public_numbers + .bind(py) + .eq(other.public_numbers.bind(py))?) + } +} + +#[pyo3::pymethods] +impl DHPublicNumbers { + #[new] + fn new( + y: pyo3::Py, + parameter_numbers: pyo3::Py, + ) -> DHPublicNumbers { + DHPublicNumbers { + y, + parameter_numbers, + } + } + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + #[pyo3(signature = (backend=None))] + fn public_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let dh = dh_parameters_from_numbers(py, self.parameter_numbers.get())?; + + let pub_key = utils::py_int_to_bn(py, self.y.bind(py))?; + + let pkey = openssl::pkey::PKey::from_dh(dh.set_public_key(pub_key)?)?; + + Ok(DHPublicKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.y.bind(py).eq(other.y.bind(py))? + && self + .parameter_numbers + .bind(py) + .eq(other.parameter_numbers.bind(py))?) + } +} + +#[pyo3::pymethods] +impl DHParameterNumbers { + #[new] + #[pyo3(signature = (p, g, q=None))] + fn new( + py: pyo3::Python<'_>, + p: pyo3::Py, + g: pyo3::Py, + q: Option>, + ) -> CryptographyResult { + if g.bind(py).lt(2)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("DH generator must be 2 or greater"), + )); + } + + if p.bind(py) + .call_method0("bit_length")? + .lt(MIN_MODULUS_SIZE)? + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "p (modulus) must be at least {MIN_MODULUS_SIZE}-bit" + )), + )); + } + + Ok(DHParameterNumbers { p, g, q }) + } + + #[pyo3(signature = (backend=None))] + fn parameters( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let dh = dh_parameters_from_numbers(py, self)?; + Ok(DHParameters { dh }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + let q_equal = match (self.q.as_ref(), other.q.as_ref()) { + (Some(self_q), Some(other_q)) => self_q.bind(py).eq(other_q.bind(py))?, + (None, None) => true, + _ => false, + }; + Ok(self.p.bind(py).eq(other.p.bind(py))? + && self.g.bind(py).eq(other.g.bind(py))? + && q_equal) + } +} + +#[pyo3::pymodule] +pub(crate) mod dh { + #[pymodule_export] + use super::{ + from_der_parameters, from_pem_parameters, generate_parameters, DHParameterNumbers, + DHParameters, DHPrivateKey, DHPrivateNumbers, DHPublicKey, DHPublicNumbers, + }; +} diff --git a/src/rust/src/backend/dsa.rs b/src/rust/src/backend/dsa.rs new file mode 100644 index 0000000..f46cb28 --- /dev/null +++ b/src/rust/src/backend/dsa.rs @@ -0,0 +1,508 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; +use pyo3::types::PyAnyMethods; + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.dsa", + name = "DSAPrivateKey" +)] +pub(crate) struct DsaPrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.dsa", + name = "DSAPublicKey" +)] +pub(crate) struct DsaPublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.dsa", + name = "DSAParameters" +)] +struct DsaParameters { + dsa: openssl::dsa::Dsa, +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> DsaPrivateKey { + DsaPrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> DsaPublicKey { + DsaPublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn generate_parameters(key_size: u32) -> CryptographyResult { + let dsa = openssl::dsa::Dsa::generate_params(key_size)?; + Ok(DsaParameters { dsa }) +} + +fn clone_dsa_params( + d: &openssl::dsa::Dsa, +) -> Result, openssl::error::ErrorStack> { + openssl::dsa::Dsa::from_pqg(d.p().to_owned()?, d.q().to_owned()?, d.g().to_owned()?) +} + +#[pyo3::pymethods] +impl DsaPrivateKey { + fn sign<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult> { + let (data, _) = utils::calculate_digest_and_algorithm(py, data.as_bytes(), &algorithm)?; + + let mut signer = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + signer.sign_init()?; + let mut sig = vec![]; + signer.sign_to_vec(data.as_bytes(), &mut sig)?; + Ok(pyo3::types::PyBytes::new_bound(py, &sig)) + } + + #[getter] + fn key_size(&self) -> i32 { + self.pkey.dsa().unwrap().p().num_bits() + } + + fn public_key(&self) -> CryptographyResult { + let priv_dsa = self.pkey.dsa()?; + let pub_dsa = openssl::dsa::Dsa::from_public_components( + priv_dsa.p().to_owned()?, + priv_dsa.q().to_owned()?, + priv_dsa.g().to_owned()?, + priv_dsa.pub_key().to_owned()?, + ) + .unwrap(); + let pkey = openssl::pkey::PKey::from_dsa(pub_dsa)?; + Ok(DsaPublicKey { pkey }) + } + + fn parameters(&self) -> CryptographyResult { + let dsa = clone_dsa_params(&self.pkey.dsa().unwrap())?; + Ok(DsaParameters { dsa }) + } + + fn private_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let dsa = self.pkey.dsa().unwrap(); + + let py_p = utils::bn_to_py_int(py, dsa.p())?; + let py_q = utils::bn_to_py_int(py, dsa.q())?; + let py_g = utils::bn_to_py_int(py, dsa.g())?; + + let py_pub_key = utils::bn_to_py_int(py, dsa.pub_key())?; + let py_private_key = utils::bn_to_py_int(py, dsa.priv_key())?; + + let parameter_numbers = DsaParameterNumbers { + p: py_p.extract()?, + q: py_q.extract()?, + g: py_g.extract()?, + }; + let public_numbers = DsaPublicNumbers { + y: py_pub_key.extract()?, + parameter_numbers: pyo3::Py::new(py, parameter_numbers)?, + }; + Ok(DsaPrivateNumbers { + x: py_private_key.extract()?, + public_numbers: pyo3::Py::new(py, public_numbers)?, + }) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + false, + ) + } +} + +#[pyo3::pymethods] +impl DsaPublicKey { + fn verify( + &self, + py: pyo3::Python<'_>, + signature: CffiBuf<'_>, + data: CffiBuf<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult<()> { + let (data, _) = utils::calculate_digest_and_algorithm(py, data.as_bytes(), &algorithm)?; + + let mut verifier = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + verifier.verify_init()?; + let valid = verifier + .verify(data.as_bytes(), signature.as_bytes()) + .unwrap_or(false); + if !valid { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err(()), + )); + } + + Ok(()) + } + + #[getter] + fn key_size(&self) -> i32 { + self.pkey.dsa().unwrap().p().num_bits() + } + + fn parameters(&self) -> CryptographyResult { + let dsa = clone_dsa_params(&self.pkey.dsa().unwrap())?; + Ok(DsaParameters { dsa }) + } + + fn public_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let dsa = self.pkey.dsa().unwrap(); + + let py_p = utils::bn_to_py_int(py, dsa.p())?; + let py_q = utils::bn_to_py_int(py, dsa.q())?; + let py_g = utils::bn_to_py_int(py, dsa.g())?; + + let py_pub_key = utils::bn_to_py_int(py, dsa.pub_key())?; + + let parameter_numbers = DsaParameterNumbers { + p: py_p.extract()?, + q: py_q.extract()?, + g: py_g.extract()?, + }; + Ok(DsaPublicNumbers { + y: py_pub_key.extract()?, + parameter_numbers: pyo3::Py::new(py, parameter_numbers)?, + }) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, false) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymethods] +impl DsaParameters { + fn generate_private_key(&self) -> CryptographyResult { + let dsa = clone_dsa_params(&self.dsa)?.generate_key()?; + let pkey = openssl::pkey::PKey::from_dsa(dsa)?; + Ok(DsaPrivateKey { pkey }) + } + + fn parameter_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let py_p = utils::bn_to_py_int(py, self.dsa.p())?; + let py_q = utils::bn_to_py_int(py, self.dsa.q())?; + let py_g = utils::bn_to_py_int(py, self.dsa.g())?; + + Ok(DsaParameterNumbers { + p: py_p.extract()?, + q: py_q.extract()?, + g: py_g.extract()?, + }) + } +} + +fn check_dsa_parameters( + py: pyo3::Python<'_>, + parameters: &DsaParameterNumbers, +) -> CryptographyResult<()> { + if ![1024, 2048, 3072, 4096].contains( + ¶meters + .p + .bind(py) + .call_method0("bit_length")? + .extract::()?, + ) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "p must be exactly 1024, 2048, 3072, or 4096 bits long", + ), + )); + } + + if ![160, 224, 256].contains( + ¶meters + .q + .bind(py) + .call_method0("bit_length")? + .extract::()?, + ) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("q must be exactly 160, 224, or 256 bits long"), + )); + } + + if parameters.g.bind(py).le(1)? || parameters.g.bind(py).ge(parameters.p.bind(py))? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("g, p don't satisfy 1 < g < p."), + )); + } + + Ok(()) +} + +fn check_dsa_private_numbers( + py: pyo3::Python<'_>, + numbers: &DsaPrivateNumbers, +) -> CryptographyResult<()> { + let params = numbers.public_numbers.get().parameter_numbers.get(); + check_dsa_parameters(py, params)?; + + if numbers.x.bind(py).le(0)? || numbers.x.bind(py).ge(params.q.bind(py))? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("x must be > 0 and < q."), + )); + } + + if numbers.public_numbers.get().y.bind(py).ne(params + .g + .bind(py) + .pow(numbers.x.bind(py), Some(params.p.bind(py)))?)? + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("y must be equal to (g ** x % p)."), + )); + } + + Ok(()) +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.primitives.asymmetric.dsa", + name = "DSAPrivateNumbers" +)] +struct DsaPrivateNumbers { + #[pyo3(get)] + x: pyo3::Py, + #[pyo3(get)] + public_numbers: pyo3::Py, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.primitives.asymmetric.dsa", + name = "DSAPublicNumbers" +)] +struct DsaPublicNumbers { + #[pyo3(get)] + y: pyo3::Py, + #[pyo3(get)] + parameter_numbers: pyo3::Py, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.primitives.asymmetric.dsa", + name = "DSAParameterNumbers" +)] +struct DsaParameterNumbers { + #[pyo3(get)] + p: pyo3::Py, + #[pyo3(get)] + q: pyo3::Py, + #[pyo3(get)] + g: pyo3::Py, +} + +#[pyo3::pymethods] +impl DsaPrivateNumbers { + #[new] + fn new( + x: pyo3::Py, + public_numbers: pyo3::Py, + ) -> DsaPrivateNumbers { + DsaPrivateNumbers { x, public_numbers } + } + + #[pyo3(signature = (backend=None))] + fn private_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let public_numbers = self.public_numbers.get(); + let parameter_numbers = public_numbers.parameter_numbers.get(); + + check_dsa_private_numbers(py, self)?; + + let dsa = openssl::dsa::Dsa::from_private_components( + utils::py_int_to_bn(py, parameter_numbers.p.bind(py))?, + utils::py_int_to_bn(py, parameter_numbers.q.bind(py))?, + utils::py_int_to_bn(py, parameter_numbers.g.bind(py))?, + utils::py_int_to_bn(py, self.x.bind(py))?, + utils::py_int_to_bn(py, public_numbers.y.bind(py))?, + ) + .unwrap(); + let pkey = openssl::pkey::PKey::from_dsa(dsa)?; + Ok(DsaPrivateKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.x.bind(py).eq(other.x.bind(py))? + && self + .public_numbers + .bind(py) + .eq(other.public_numbers.bind(py))?) + } +} + +#[pyo3::pymethods] +impl DsaPublicNumbers { + #[new] + fn new( + y: pyo3::Py, + parameter_numbers: pyo3::Py, + ) -> DsaPublicNumbers { + DsaPublicNumbers { + y, + parameter_numbers, + } + } + + #[pyo3(signature = (backend=None))] + fn public_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let parameter_numbers = self.parameter_numbers.get(); + + check_dsa_parameters(py, parameter_numbers)?; + + let dsa = openssl::dsa::Dsa::from_public_components( + utils::py_int_to_bn(py, parameter_numbers.p.bind(py))?, + utils::py_int_to_bn(py, parameter_numbers.q.bind(py))?, + utils::py_int_to_bn(py, parameter_numbers.g.bind(py))?, + utils::py_int_to_bn(py, self.y.bind(py))?, + ) + .unwrap(); + let pkey = openssl::pkey::PKey::from_dsa(dsa)?; + Ok(DsaPublicKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.y.bind(py).eq(other.y.bind(py))? + && self + .parameter_numbers + .bind(py) + .eq(other.parameter_numbers.bind(py))?) + } + + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let y = self.y.bind(py); + let parameter_numbers = self.parameter_numbers.bind(py).repr()?; + Ok(format!( + "" + )) + } +} + +#[pyo3::pymethods] +impl DsaParameterNumbers { + #[new] + fn new( + p: pyo3::Py, + q: pyo3::Py, + g: pyo3::Py, + ) -> DsaParameterNumbers { + DsaParameterNumbers { p, q, g } + } + + #[pyo3(signature = (backend=None))] + fn parameters( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + check_dsa_parameters(py, self)?; + + let dsa = openssl::dsa::Dsa::from_pqg( + utils::py_int_to_bn(py, self.p.bind(py))?, + utils::py_int_to_bn(py, self.q.bind(py))?, + utils::py_int_to_bn(py, self.g.bind(py))?, + ) + .unwrap(); + Ok(DsaParameters { dsa }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.p.bind(py).eq(other.p.bind(py))? + && self.q.bind(py).eq(other.q.bind(py))? + && self.g.bind(py).eq(other.g.bind(py))?) + } + + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let p = self.p.bind(py); + let q = self.q.bind(py); + let g = self.g.bind(py); + Ok(format!("")) + } +} + +#[pyo3::pymodule] +pub(crate) mod dsa { + #[pymodule_export] + use super::{ + generate_parameters, DsaParameterNumbers, DsaParameters, DsaPrivateKey, DsaPrivateNumbers, + DsaPublicKey, DsaPublicNumbers, + }; +} diff --git a/src/rust/src/backend/ec.rs b/src/rust/src/backend/ec.rs new file mode 100644 index 0000000..1573545 --- /dev/null +++ b/src/rust/src/backend/ec.rs @@ -0,0 +1,680 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::collections::hash_map::DefaultHasher; +use std::hash::{Hash, Hasher}; + +use pyo3::types::{PyAnyMethods, PyDictMethods}; + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ec")] +pub(crate) struct ECPrivateKey { + pkey: openssl::pkey::PKey, + #[pyo3(get)] + curve: pyo3::Py, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ec")] +pub(crate) struct ECPublicKey { + pkey: openssl::pkey::PKey, + #[pyo3(get)] + curve: pyo3::Py, +} + +fn curve_from_py_curve( + py: pyo3::Python<'_>, + py_curve: pyo3::Bound<'_, pyo3::PyAny>, + allow_curve_class: bool, +) -> CryptographyResult { + if !py_curve.is_instance(&types::ELLIPTIC_CURVE.get(py)?)? { + if allow_curve_class { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + let warning_msg = "Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography."; + pyo3::PyErr::warn_bound(py, &warning_cls, warning_msg, 1)?; + } else { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err("curve must be an EllipticCurve instance"), + )); + } + } + + let py_curve_name = py_curve.getattr(pyo3::intern!(py, "name"))?; + let nid = match &*py_curve_name.extract::()? { + "secp192r1" => openssl::nid::Nid::X9_62_PRIME192V1, + "secp224r1" => openssl::nid::Nid::SECP224R1, + "secp256r1" => openssl::nid::Nid::X9_62_PRIME256V1, + "secp384r1" => openssl::nid::Nid::SECP384R1, + "secp521r1" => openssl::nid::Nid::SECP521R1, + + "secp256k1" => openssl::nid::Nid::SECP256K1, + + "sect233r1" => openssl::nid::Nid::SECT233R1, + "sect283r1" => openssl::nid::Nid::SECT283R1, + "sect409r1" => openssl::nid::Nid::SECT409R1, + "sect571r1" => openssl::nid::Nid::SECT571R1, + + "sect163r2" => openssl::nid::Nid::SECT163R2, + + "sect163k1" => openssl::nid::Nid::SECT163K1, + "sect233k1" => openssl::nid::Nid::SECT233K1, + "sect283k1" => openssl::nid::Nid::SECT283K1, + "sect409k1" => openssl::nid::Nid::SECT409K1, + "sect571k1" => openssl::nid::Nid::SECT571K1, + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + "brainpoolP256r1" => openssl::nid::Nid::BRAINPOOL_P256R1, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + "brainpoolP384r1" => openssl::nid::Nid::BRAINPOOL_P384R1, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + "brainpoolP512r1" => openssl::nid::Nid::BRAINPOOL_P512R1, + + curve_name => { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!("Curve {curve_name} is not supported"), + exceptions::Reasons::UNSUPPORTED_ELLIPTIC_CURVE, + )), + )); + } + }; + + Ok(openssl::ec::EcGroup::from_curve_name(nid)?) +} + +fn py_curve_from_curve<'p>( + py: pyo3::Python<'p>, + curve: &openssl::ec::EcGroupRef, +) -> CryptographyResult> { + if curve.asn1_flag() == openssl::ec::Asn1Flag::EXPLICIT_CURVE { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "ECDSA keys with explicit parameters are unsupported at this time", + ), + )); + } + + let name = curve.curve_name().unwrap().short_name()?; + + types::CURVE_TYPES + .get(py)? + .extract::>()? + .get_item(name)? + .ok_or_else(|| { + CryptographyError::from(exceptions::UnsupportedAlgorithm::new_err(( + format!("{name} is not a supported elliptic curve"), + exceptions::Reasons::UNSUPPORTED_ELLIPTIC_CURVE, + ))) + }) +} + +fn check_key_infinity( + ec: &openssl::ec::EcKeyRef, +) -> CryptographyResult<()> { + if ec.public_key().is_infinity(ec.group()) { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Cannot load an EC public key where the point is at infinity", + ), + )); + } + Ok(()) +} + +#[pyo3::pyfunction] +fn curve_supported(py: pyo3::Python<'_>, py_curve: pyo3::Bound<'_, pyo3::PyAny>) -> bool { + curve_from_py_curve(py, py_curve, false).is_ok() +} + +pub(crate) fn private_key_from_pkey( + py: pyo3::Python<'_>, + pkey: &openssl::pkey::PKeyRef, +) -> CryptographyResult { + let curve = py_curve_from_curve(py, pkey.ec_key().unwrap().group())?; + check_key_infinity(&pkey.ec_key().unwrap())?; + Ok(ECPrivateKey { + pkey: pkey.to_owned(), + curve: curve.into(), + }) +} + +pub(crate) fn public_key_from_pkey( + py: pyo3::Python<'_>, + pkey: &openssl::pkey::PKeyRef, +) -> CryptographyResult { + let ec = pkey.ec_key()?; + let curve = py_curve_from_curve(py, ec.group())?; + check_key_infinity(&ec)?; + Ok(ECPublicKey { + pkey: pkey.to_owned(), + curve: curve.into(), + }) +} +#[pyo3::pyfunction] +#[pyo3(signature = (curve, backend=None))] +fn generate_private_key( + py: pyo3::Python<'_>, + curve: pyo3::Bound<'_, pyo3::PyAny>, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + + let ossl_curve = curve_from_py_curve(py, curve, true)?; + let key = openssl::ec::EcKey::generate(&ossl_curve)?; + + Ok(ECPrivateKey { + pkey: openssl::pkey::PKey::from_ec_key(key)?, + curve: py_curve_from_curve(py, &ossl_curve)?.into(), + }) +} + +#[pyo3::pyfunction] +fn derive_private_key( + py: pyo3::Python<'_>, + py_private_value: &pyo3::Bound<'_, pyo3::types::PyLong>, + py_curve: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let curve = curve_from_py_curve(py, py_curve.clone(), false)?; + let private_value = utils::py_int_to_bn(py, py_private_value)?; + + let mut point = openssl::ec::EcPoint::new(&curve)?; + let bn_ctx = openssl::bn::BigNumContext::new()?; + point.mul_generator(&curve, &private_value, &bn_ctx)?; + let ec = openssl::ec::EcKey::from_private_components(&curve, &private_value, &point) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid EC key"))?; + check_key_infinity(&ec)?; + let pkey = openssl::pkey::PKey::from_ec_key(ec)?; + + Ok(ECPrivateKey { + pkey, + curve: py_curve.into(), + }) +} + +#[pyo3::pyfunction] +fn from_public_bytes( + py: pyo3::Python<'_>, + py_curve: pyo3::Bound<'_, pyo3::PyAny>, + data: &[u8], +) -> CryptographyResult { + let curve = curve_from_py_curve(py, py_curve.clone(), false)?; + + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let point = openssl::ec::EcPoint::from_bytes(&curve, data, &mut bn_ctx) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid EC key."))?; + let ec = openssl::ec::EcKey::from_public_key(&curve, &point)?; + let pkey = openssl::pkey::PKey::from_ec_key(ec)?; + + Ok(ECPublicKey { + pkey, + curve: py_curve.into(), + }) +} + +#[pyo3::pymethods] +impl ECPrivateKey { + #[getter] + fn key_size<'p>( + &'p self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + self.curve.bind(py).getattr(pyo3::intern!(py, "key_size")) + } + + fn exchange<'p>( + &self, + py: pyo3::Python<'p>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + peer_public_key: &ECPublicKey, + ) -> CryptographyResult> { + if !algorithm.is_instance(&types::ECDH.get(py)?)? { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "Unsupported EC exchange algorithm", + exceptions::Reasons::UNSUPPORTED_EXCHANGE_ALGORITHM, + )), + )); + } + + let mut deriver = openssl::derive::Deriver::new(&self.pkey)?; + // If `set_peer_ex` is available, we don't valid the key. This is + // because we already validated it sufficiently when we created the + // ECPublicKey object. + #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] + deriver + .set_peer_ex(&peer_public_key.pkey, false) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Error computing shared key."))?; + + #[cfg(not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER))] + deriver + .set_peer(&peer_public_key.pkey) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Error computing shared key."))?; + + let len = deriver.len()?; + Ok(pyo3::types::PyBytes::new_bound_with(py, len, |b| { + let n = deriver.derive(b).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("Error computing shared key.") + })?; + assert_eq!(n, b.len()); + Ok(()) + })?) + } + + fn sign<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + signature_algorithm: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult> { + if !signature_algorithm.is_instance(&types::ECDSA.get(py)?)? { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "Unsupported elliptic curve signature algorithm", + exceptions::Reasons::UNSUPPORTED_PUBLIC_KEY_ALGORITHM, + )), + )); + } + let bound_algorithm = signature_algorithm.getattr(pyo3::intern!(py, "algorithm"))?; + let (data, algo) = + utils::calculate_digest_and_algorithm(py, data.as_bytes(), &bound_algorithm)?; + + let mut signer = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + signer.sign_init()?; + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)]{ + let deterministic: bool = signature_algorithm + .getattr(pyo3::intern!(py, "deterministic_signing"))? + .extract()?; + if deterministic { + let hash_function_name = algo + .getattr(pyo3::intern!(py, "name"))? + .extract::()?; + let hash_function = openssl::md::Md::fetch(None, &hash_function_name, None)?; + // Setting a deterministic nonce type requires to explicitly set the hash function. + // See https://github.com/openssl/openssl/issues/23205 + signer.set_signature_md(&hash_function)?; + signer.set_nonce_type(openssl::pkey_ctx::NonceType::DETERMINISTIC_K)?; + } else { + signer.set_nonce_type(openssl::pkey_ctx::NonceType::RANDOM_K)?; + } + } else { + let _ = algo; + } + } + + // TODO: This does an extra allocation and copy. This can't easily use + // `PyBytes::new_with` because the exact length of the signature isn't + // easily known a priori (if `r` or `s` has a leading 0, the signature + // will be a byte or two shorter than the maximum possible length). + let mut sig = vec![]; + signer.sign_to_vec(data.as_bytes(), &mut sig)?; + Ok(pyo3::types::PyBytes::new_bound(py, &sig)) + } + + fn public_key(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let orig_ec = self.pkey.ec_key().unwrap(); + let ec = openssl::ec::EcKey::from_public_key(orig_ec.group(), orig_ec.public_key())?; + let pkey = openssl::pkey::PKey::from_ec_key(ec)?; + + Ok(ECPublicKey { + pkey, + curve: self.curve.clone_ref(py), + }) + } + + fn private_numbers( + &self, + py: pyo3::Python<'_>, + ) -> CryptographyResult { + let ec = self.pkey.ec_key().unwrap(); + + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let mut x = openssl::bn::BigNum::new()?; + let mut y = openssl::bn::BigNum::new()?; + ec.public_key() + .affine_coordinates(ec.group(), &mut x, &mut y, &mut bn_ctx)?; + let py_x = utils::bn_to_py_int(py, &x)?; + let py_y = utils::bn_to_py_int(py, &y)?; + + let py_private_key = utils::bn_to_py_int(py, ec.private_key())?; + + let public_numbers = EllipticCurvePublicNumbers { + x: py_x.extract()?, + y: py_y.extract()?, + curve: self.curve.clone_ref(py), + }; + + Ok(EllipticCurvePrivateNumbers { + private_value: py_private_key.extract()?, + public_numbers: pyo3::Py::new(py, public_numbers)?, + }) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + false, + ) + } +} + +#[pyo3::pymethods] +impl ECPublicKey { + #[getter] + fn key_size<'p>( + &'p self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + self.curve.bind(py).getattr(pyo3::intern!(py, "key_size")) + } + + fn verify( + &self, + py: pyo3::Python<'_>, + signature: CffiBuf<'_>, + data: CffiBuf<'_>, + signature_algorithm: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult<()> { + if !signature_algorithm.is_instance(&types::ECDSA.get(py)?)? { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "Unsupported elliptic curve signature algorithm", + exceptions::Reasons::UNSUPPORTED_PUBLIC_KEY_ALGORITHM, + )), + )); + } + + let (data, _) = utils::calculate_digest_and_algorithm( + py, + data.as_bytes(), + &signature_algorithm.getattr(pyo3::intern!(py, "algorithm"))?, + )?; + + let mut verifier = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + verifier.verify_init()?; + let valid = verifier + .verify(data.as_bytes(), signature.as_bytes()) + .unwrap_or(false); + if !valid { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err(()), + )); + } + + Ok(()) + } + + fn public_numbers( + &self, + py: pyo3::Python<'_>, + ) -> CryptographyResult { + let ec = self.pkey.ec_key().unwrap(); + + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let mut x = openssl::bn::BigNum::new()?; + let mut y = openssl::bn::BigNum::new()?; + ec.public_key() + .affine_coordinates(ec.group(), &mut x, &mut y, &mut bn_ctx)?; + let py_x = utils::bn_to_py_int(py, &x)?; + let py_y = utils::bn_to_py_int(py, &y)?; + + Ok(EllipticCurvePublicNumbers { + x: py_x.extract()?, + y: py_y.extract()?, + curve: self.curve.clone_ref(py), + }) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, false) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.ec")] +struct EllipticCurvePrivateNumbers { + #[pyo3(get)] + private_value: pyo3::Py, + #[pyo3(get)] + public_numbers: pyo3::Py, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.ec")] +struct EllipticCurvePublicNumbers { + #[pyo3(get)] + x: pyo3::Py, + #[pyo3(get)] + y: pyo3::Py, + #[pyo3(get)] + curve: pyo3::Py, +} + +fn public_key_from_numbers( + py: pyo3::Python<'_>, + numbers: &EllipticCurvePublicNumbers, + curve: &openssl::ec::EcGroupRef, +) -> CryptographyResult> { + if numbers.x.bind(py).lt(0)? || numbers.y.bind(py).lt(0)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Invalid EC key. Both x and y must be non-negative.", + ), + )); + } + + let x = utils::py_int_to_bn(py, numbers.x.bind(py))?; + let y = utils::py_int_to_bn(py, numbers.y.bind(py))?; + + let mut point = openssl::ec::EcPoint::new(curve)?; + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + point + .set_affine_coordinates_gfp(curve, &x, &y, &mut bn_ctx) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "Invalid EC key. Point is not on the curve specified.", + ) + })?; + + Ok(openssl::ec::EcKey::from_public_key(curve, &point)?) +} + +#[pyo3::pymethods] +impl EllipticCurvePrivateNumbers { + #[new] + fn new( + private_value: pyo3::Py, + public_numbers: pyo3::Py, + ) -> EllipticCurvePrivateNumbers { + EllipticCurvePrivateNumbers { + private_value, + public_numbers, + } + } + + #[pyo3(signature = (backend=None))] + fn private_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let curve = + curve_from_py_curve(py, self.public_numbers.get().curve.bind(py).clone(), false)?; + let public_key = public_key_from_numbers(py, self.public_numbers.get(), &curve)?; + let private_value = utils::py_int_to_bn(py, self.private_value.bind(py))?; + + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let mut expected_pub = openssl::ec::EcPoint::new(&curve)?; + expected_pub.mul_generator(&curve, &private_value, &bn_ctx)?; + if !expected_pub.eq(&curve, public_key.public_key(), &mut bn_ctx)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid EC key."), + )); + } + + let private_key = openssl::ec::EcKey::from_private_components( + &curve, + &private_value, + public_key.public_key(), + ) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid EC key."))?; + + let pkey = openssl::pkey::PKey::from_ec_key(private_key)?; + + Ok(ECPrivateKey { + pkey, + curve: self.public_numbers.get().curve.clone_ref(py), + }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self + .private_value + .bind(py) + .eq(other.private_value.bind(py))? + && self + .public_numbers + .bind(py) + .eq(other.public_numbers.bind(py))?) + } + + fn __hash__(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let mut hasher = DefaultHasher::new(); + self.private_value.bind(py).hash()?.hash(&mut hasher); + self.public_numbers.bind(py).hash()?.hash(&mut hasher); + Ok(hasher.finish()) + } +} + +#[pyo3::pymethods] +impl EllipticCurvePublicNumbers { + #[new] + fn new( + py: pyo3::Python<'_>, + x: pyo3::Py, + y: pyo3::Py, + curve: pyo3::Py, + ) -> CryptographyResult { + if !curve + .bind(py) + .is_instance(&types::ELLIPTIC_CURVE.get(py)?)? + { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "curve must provide the EllipticCurve interface.", + ), + )); + } + + Ok(EllipticCurvePublicNumbers { x, y, curve }) + } + + #[pyo3(signature = (backend=None))] + fn public_key( + &self, + py: pyo3::Python<'_>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + let curve = curve_from_py_curve(py, self.curve.bind(py).clone(), false)?; + let public_key = public_key_from_numbers(py, self, &curve)?; + + let pkey = openssl::pkey::PKey::from_ec_key(public_key)?; + + Ok(ECPublicKey { + pkey, + curve: self.curve.clone_ref(py), + }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.x.bind(py).eq(other.x.bind(py))? + && self.y.bind(py).eq(other.y.bind(py))? + && self + .curve + .bind(py) + .getattr(pyo3::intern!(py, "name"))? + .eq(other.curve.bind(py).getattr(pyo3::intern!(py, "name"))?)? + && self + .curve + .bind(py) + .getattr(pyo3::intern!(py, "key_size"))? + .eq(other + .curve + .bind(py) + .getattr(pyo3::intern!(py, "key_size"))?)?) + } + + fn __hash__(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let mut hasher = DefaultHasher::new(); + self.x.bind(py).hash()?.hash(&mut hasher); + self.y.bind(py).hash()?.hash(&mut hasher); + self.curve + .bind(py) + .getattr(pyo3::intern!(py, "name"))? + .hash()? + .hash(&mut hasher); + self.curve + .bind(py) + .getattr(pyo3::intern!(py, "key_size"))? + .hash()? + .hash(&mut hasher); + Ok(hasher.finish()) + } + + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let x = self.x.bind(py); + let y = self.y.bind(py); + let curve_name = self.curve.bind(py).getattr(pyo3::intern!(py, "name"))?; + Ok(format!( + "" + )) + } +} + +#[pyo3::pymodule] +pub(crate) mod ec { + #[pymodule_export] + use super::{ + curve_supported, derive_private_key, from_public_bytes, generate_private_key, ECPrivateKey, + ECPublicKey, EllipticCurvePrivateNumbers, EllipticCurvePublicNumbers, + }; +} diff --git a/src/rust/src/backend/ed25519.rs b/src/rust/src/backend/ed25519.rs new file mode 100644 index 0000000..3460640 --- /dev/null +++ b/src/rust/src/backend/ed25519.rs @@ -0,0 +1,168 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ed25519")] +pub(crate) struct Ed25519PrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ed25519")] +pub(crate) struct Ed25519PublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyfunction] +fn generate_key() -> CryptographyResult { + Ok(Ed25519PrivateKey { + pkey: openssl::pkey::PKey::generate_ed25519()?, + }) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> Ed25519PrivateKey { + Ed25519PrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> Ed25519PublicKey { + Ed25519PublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn from_private_bytes(data: CffiBuf<'_>) -> pyo3::PyResult { + let pkey = openssl::pkey::PKey::private_key_from_raw_bytes( + data.as_bytes(), + openssl::pkey::Id::ED25519, + ) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An Ed25519 private key is 32 bytes long") + })?; + Ok(Ed25519PrivateKey { pkey }) +} + +#[pyo3::pyfunction] +fn from_public_bytes(data: &[u8]) -> pyo3::PyResult { + let pkey = openssl::pkey::PKey::public_key_from_raw_bytes(data, openssl::pkey::Id::ED25519) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An Ed25519 public key is 32 bytes long") + })?; + Ok(Ed25519PublicKey { pkey }) +} + +#[pyo3::pymethods] +impl Ed25519PrivateKey { + fn sign<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + ) -> CryptographyResult> { + let mut signer = openssl::sign::Signer::new_without_digest(&self.pkey)?; + let len = signer.len()?; + Ok(pyo3::types::PyBytes::new_bound_with(py, len, |b| { + let n = signer + .sign_oneshot(b, data.as_bytes()) + .map_err(CryptographyError::from)?; + assert_eq!(n, b.len()); + Ok(()) + })?) + } + + fn public_key(&self) -> CryptographyResult { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(Ed25519PublicKey { + pkey: openssl::pkey::PKey::public_key_from_raw_bytes( + &raw_bytes, + openssl::pkey::Id::ED25519, + )?, + }) + } + + fn private_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_private_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + true, + ) + } +} + +#[pyo3::pymethods] +impl Ed25519PublicKey { + fn verify(&self, signature: CffiBuf<'_>, data: CffiBuf<'_>) -> CryptographyResult<()> { + let valid = openssl::sign::Verifier::new_without_digest(&self.pkey)? + .verify_oneshot(signature.as_bytes(), data.as_bytes()) + .unwrap_or(false); + + if !valid { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err(()), + )); + } + + Ok(()) + } + + fn public_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, true) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymodule] +pub(crate) mod ed25519 { + #[pymodule_export] + use super::{ + from_private_bytes, from_public_bytes, generate_key, Ed25519PrivateKey, Ed25519PublicKey, + }; +} diff --git a/src/rust/src/backend/ed448.rs b/src/rust/src/backend/ed448.rs new file mode 100644 index 0000000..d27f6b3 --- /dev/null +++ b/src/rust/src/backend/ed448.rs @@ -0,0 +1,165 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ed448")] +pub(crate) struct Ed448PrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ed448")] +pub(crate) struct Ed448PublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyfunction] +fn generate_key() -> CryptographyResult { + Ok(Ed448PrivateKey { + pkey: openssl::pkey::PKey::generate_ed448()?, + }) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> Ed448PrivateKey { + Ed448PrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> Ed448PublicKey { + Ed448PublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn from_private_bytes(data: CffiBuf<'_>) -> pyo3::PyResult { + let pkey = + openssl::pkey::PKey::private_key_from_raw_bytes(data.as_bytes(), openssl::pkey::Id::ED448) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An Ed448 private key is 56 bytes long") + })?; + Ok(Ed448PrivateKey { pkey }) +} + +#[pyo3::pyfunction] +fn from_public_bytes(data: &[u8]) -> pyo3::PyResult { + let pkey = openssl::pkey::PKey::public_key_from_raw_bytes(data, openssl::pkey::Id::ED448) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An Ed448 public key is 57 bytes long") + })?; + Ok(Ed448PublicKey { pkey }) +} + +#[pyo3::pymethods] +impl Ed448PrivateKey { + fn sign<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + ) -> CryptographyResult> { + let mut signer = openssl::sign::Signer::new_without_digest(&self.pkey)?; + let len = signer.len()?; + Ok(pyo3::types::PyBytes::new_bound_with(py, len, |b| { + let n = signer + .sign_oneshot(b, data.as_bytes()) + .map_err(CryptographyError::from)?; + assert_eq!(n, b.len()); + Ok(()) + })?) + } + + fn public_key(&self) -> CryptographyResult { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(Ed448PublicKey { + pkey: openssl::pkey::PKey::public_key_from_raw_bytes( + &raw_bytes, + openssl::pkey::Id::ED448, + )?, + }) + } + + fn private_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_private_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + true, + ) + } +} + +#[pyo3::pymethods] +impl Ed448PublicKey { + fn verify(&self, signature: CffiBuf<'_>, data: CffiBuf<'_>) -> CryptographyResult<()> { + let valid = openssl::sign::Verifier::new_without_digest(&self.pkey)? + .verify_oneshot(signature.as_bytes(), data.as_bytes())?; + + if !valid { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err(()), + )); + } + + Ok(()) + } + + fn public_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, true) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymodule] +pub(crate) mod ed448 { + #[pymodule_export] + use super::{ + from_private_bytes, from_public_bytes, generate_key, Ed448PrivateKey, Ed448PublicKey, + }; +} diff --git a/src/rust/src/backend/hashes.rs b/src/rust/src/backend/hashes.rs new file mode 100644 index 0000000..4226b4b --- /dev/null +++ b/src/rust/src/backend/hashes.rs @@ -0,0 +1,145 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use pyo3::types::PyAnyMethods; +use pyo3::IntoPy; +use std::borrow::Cow; + +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; + +#[pyo3::pyclass(module = "cryptography.hazmat.bindings._rust.openssl.hashes")] +pub(crate) struct Hash { + #[pyo3(get)] + algorithm: pyo3::Py, + ctx: Option, +} + +pub(crate) fn already_finalized_error() -> CryptographyError { + CryptographyError::from(exceptions::AlreadyFinalized::new_err( + "Context was already finalized.", + )) +} + +impl Hash { + fn get_ctx(&self) -> CryptographyResult<&openssl::hash::Hasher> { + if let Some(ctx) = self.ctx.as_ref() { + return Ok(ctx); + }; + Err(already_finalized_error()) + } + + fn get_mut_ctx(&mut self) -> CryptographyResult<&mut openssl::hash::Hasher> { + if let Some(ctx) = self.ctx.as_mut() { + return Ok(ctx); + } + Err(already_finalized_error()) + } +} + +pub(crate) fn message_digest_from_algorithm( + py: pyo3::Python<'_>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + if !algorithm.is_instance(&types::HASH_ALGORITHM.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err("Expected instance of hashes.HashAlgorithm."), + )); + } + + let name = algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::()?; + let openssl_name = if name == "blake2b" || name == "blake2s" { + let digest_size = algorithm + .getattr(pyo3::intern!(py, "digest_size"))? + .extract::()?; + Cow::Owned(format!("{}{}", name, digest_size * 8)) + } else { + Cow::Borrowed(name.as_ref()) + }; + + match openssl::hash::MessageDigest::from_name(&openssl_name) { + Some(md) => Ok(md), + None => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!("{name} is not a supported hash on this backend"), + exceptions::Reasons::UNSUPPORTED_HASH, + )), + )), + } +} + +impl Hash { + pub(crate) fn update_bytes(&mut self, data: &[u8]) -> CryptographyResult<()> { + self.get_mut_ctx()?.update(data)?; + Ok(()) + } +} + +#[pyo3::pymethods] +impl Hash { + #[new] + #[pyo3(signature = (algorithm, backend=None))] + pub(crate) fn new( + py: pyo3::Python<'_>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + backend: Option<&pyo3::Bound<'_, pyo3::PyAny>>, + ) -> CryptographyResult { + let _ = backend; + + let md = message_digest_from_algorithm(py, algorithm)?; + let ctx = openssl::hash::Hasher::new(md)?; + + Ok(Hash { + algorithm: algorithm.clone().into_py(py), + ctx: Some(ctx), + }) + } + + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + self.update_bytes(data.as_bytes()) + } + + pub(crate) fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + #[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] + { + let algorithm = self.algorithm.clone_ref(py); + let algorithm = algorithm.bind(py); + if algorithm.is_instance(&types::EXTENDABLE_OUTPUT_FUNCTION.get(py)?)? { + let ctx = self.get_mut_ctx()?; + let digest_size = algorithm + .getattr(pyo3::intern!(py, "digest_size"))? + .extract::()?; + let result = pyo3::types::PyBytes::new_bound_with(py, digest_size, |b| { + ctx.finish_xof(b).unwrap(); + Ok(()) + })?; + self.ctx = None; + return Ok(result); + } + } + + let data = self.get_mut_ctx()?.finish()?; + self.ctx = None; + Ok(pyo3::types::PyBytes::new_bound(py, &data)) + } + + fn copy(&self, py: pyo3::Python<'_>) -> CryptographyResult { + Ok(Hash { + algorithm: self.algorithm.clone_ref(py), + ctx: Some(self.get_ctx()?.clone()), + }) + } +} + +#[pyo3::pymodule] +pub(crate) mod hashes { + #[pymodule_export] + use super::Hash; +} diff --git a/src/rust/src/backend/hmac.rs b/src/rust/src/backend/hmac.rs new file mode 100644 index 0000000..d70d499 --- /dev/null +++ b/src/rust/src/backend/hmac.rs @@ -0,0 +1,113 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::hashes::{already_finalized_error, message_digest_from_algorithm}; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; +use pyo3::types::PyBytesMethods; + +#[pyo3::pyclass( + module = "cryptography.hazmat.bindings._rust.openssl.hmac", + name = "HMAC" +)] +pub(crate) struct Hmac { + #[pyo3(get)] + algorithm: pyo3::Py, + ctx: Option, +} + +impl Hmac { + pub(crate) fn new_bytes( + py: pyo3::Python<'_>, + key: &[u8], + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult { + let md = message_digest_from_algorithm(py, algorithm)?; + let ctx = cryptography_openssl::hmac::Hmac::new(key, md).map_err(|_| { + exceptions::UnsupportedAlgorithm::new_err(( + "Digest is not supported for HMAC", + exceptions::Reasons::UNSUPPORTED_HASH, + )) + })?; + + Ok(Hmac { + ctx: Some(ctx), + algorithm: algorithm.clone().unbind(), + }) + } + + pub(crate) fn update_bytes(&mut self, data: &[u8]) -> CryptographyResult<()> { + self.get_mut_ctx()?.update(data)?; + Ok(()) + } + + fn get_ctx(&self) -> CryptographyResult<&cryptography_openssl::hmac::Hmac> { + if let Some(ctx) = self.ctx.as_ref() { + return Ok(ctx); + }; + Err(already_finalized_error()) + } + + fn get_mut_ctx(&mut self) -> CryptographyResult<&mut cryptography_openssl::hmac::Hmac> { + if let Some(ctx) = self.ctx.as_mut() { + return Ok(ctx); + } + Err(already_finalized_error()) + } +} + +#[pyo3::pymethods] +impl Hmac { + #[new] + #[pyo3(signature = (key, algorithm, backend=None))] + fn new( + py: pyo3::Python<'_>, + key: CffiBuf<'_>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + backend: Option>, + ) -> CryptographyResult { + let _ = backend; + + Hmac::new_bytes(py, key.as_bytes(), algorithm) + } + + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + self.update_bytes(data.as_bytes()) + } + + pub(crate) fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let data = self.get_mut_ctx()?.finish()?; + self.ctx = None; + Ok(pyo3::types::PyBytes::new_bound(py, &data)) + } + + fn verify(&mut self, py: pyo3::Python<'_>, signature: &[u8]) -> CryptographyResult<()> { + let actual_bound = self.finalize(py)?; + let actual = actual_bound.as_bytes(); + if actual.len() != signature.len() || !openssl::memcmp::eq(actual, signature) { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err("Signature did not match digest."), + )); + } + + Ok(()) + } + + fn copy(&self, py: pyo3::Python<'_>) -> CryptographyResult { + Ok(Hmac { + ctx: Some(self.get_ctx()?.copy()?), + algorithm: self.algorithm.clone_ref(py), + }) + } +} + +#[pyo3::pymodule] +pub(crate) mod hmac { + #[pymodule_export] + use super::Hmac; +} diff --git a/src/rust/src/backend/kdf.rs b/src/rust/src/backend/kdf.rs new file mode 100644 index 0000000..8c6a151 --- /dev/null +++ b/src/rust/src/backend/kdf.rs @@ -0,0 +1,58 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::hashes; +use crate::buf::CffiBuf; +use crate::error::CryptographyResult; + +#[pyo3::pyfunction] +pub(crate) fn derive_pbkdf2_hmac<'p>( + py: pyo3::Python<'p>, + key_material: CffiBuf<'_>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + salt: &[u8], + iterations: usize, + length: usize, +) -> CryptographyResult> { + let md = hashes::message_digest_from_algorithm(py, algorithm)?; + + Ok(pyo3::types::PyBytes::new_bound_with(py, length, |b| { + openssl::pkcs5::pbkdf2_hmac(key_material.as_bytes(), salt, iterations, md, b).unwrap(); + Ok(()) + })?) +} + +#[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))] +#[pyo3::pyfunction] +#[allow(clippy::too_many_arguments)] +fn derive_scrypt<'p>( + py: pyo3::Python<'p>, + key_material: CffiBuf<'_>, + salt: &[u8], + n: u64, + r: u64, + p: u64, + max_mem: u64, + length: usize, +) -> CryptographyResult> { + Ok(pyo3::types::PyBytes::new_bound_with(py, length, |b| { + openssl::pkcs5::scrypt(key_material.as_bytes(), salt, n, r, p, max_mem, b).map_err(|_| { + // memory required formula explained here: + // https://blog.filippo.io/the-scrypt-parameters/ + let min_memory = 128 * n * r / (1024 * 1024); + pyo3::exceptions::PyMemoryError::new_err(format!( + "Not enough memory to derive key. These parameters require {min_memory}MB of memory." + )) + }) + })?) +} + +#[pyo3::pymodule] +pub(crate) mod kdf { + #[pymodule_export] + use super::derive_pbkdf2_hmac; + #[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))] + #[pymodule_export] + use super::derive_scrypt; +} diff --git a/src/rust/src/backend/keys.rs b/src/rust/src/backend/keys.rs new file mode 100644 index 0000000..c16ff86 --- /dev/null +++ b/src/rust/src/backend/keys.rs @@ -0,0 +1,261 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use pyo3::IntoPy; + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; + +#[pyo3::pyfunction] +#[pyo3(signature = (data, password, backend=None, *, unsafe_skip_rsa_key_validation=false))] +fn load_der_private_key( + py: pyo3::Python<'_>, + data: CffiBuf<'_>, + password: Option>, + backend: Option>, + unsafe_skip_rsa_key_validation: bool, +) -> CryptographyResult { + let _ = backend; + if let Ok(pkey) = openssl::pkey::PKey::private_key_from_der(data.as_bytes()) { + if password.is_some() { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Password was given but private key is not encrypted.", + ), + )); + } + return private_key_from_pkey(py, &pkey, unsafe_skip_rsa_key_validation); + } + + let password = password.as_ref().map(CffiBuf::as_bytes); + let mut status = utils::PasswordCallbackStatus::Unused; + let pkey = openssl::pkey::PKey::private_key_from_pkcs8_callback( + data.as_bytes(), + utils::password_callback(&mut status, password), + ); + let pkey = utils::handle_key_load_result(py, pkey, status, password)?; + private_key_from_pkey(py, &pkey, unsafe_skip_rsa_key_validation) +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, password, backend=None, *, unsafe_skip_rsa_key_validation=false))] +fn load_pem_private_key( + py: pyo3::Python<'_>, + data: CffiBuf<'_>, + password: Option>, + backend: Option>, + unsafe_skip_rsa_key_validation: bool, +) -> CryptographyResult { + let _ = backend; + let password = password.as_ref().map(CffiBuf::as_bytes); + let mut status = utils::PasswordCallbackStatus::Unused; + let pkey = openssl::pkey::PKey::private_key_from_pem_callback( + data.as_bytes(), + utils::password_callback(&mut status, password), + ); + let pkey = utils::handle_key_load_result(py, pkey, status, password)?; + private_key_from_pkey(py, &pkey, unsafe_skip_rsa_key_validation) +} + +pub(crate) fn private_key_from_pkey( + py: pyo3::Python<'_>, + pkey: &openssl::pkey::PKeyRef, + unsafe_skip_rsa_key_validation: bool, +) -> CryptographyResult { + match pkey.id() { + openssl::pkey::Id::RSA => Ok(crate::backend::rsa::private_key_from_pkey( + pkey, + unsafe_skip_rsa_key_validation, + )? + .into_py(py)), + openssl::pkey::Id::RSA_PSS => { + // At the moment the way we handle RSA PSS keys is to strip the + // PSS constraints from them and treat them as normal RSA keys + // Unfortunately the RSA * itself tracks this data so we need to + // extract, serialize, and reload it without the constraints. + let der_bytes = pkey.rsa()?.private_key_to_der()?; + let rsa = openssl::rsa::Rsa::private_key_from_der(&der_bytes)?; + let pkey = openssl::pkey::PKey::from_rsa(rsa)?; + Ok( + crate::backend::rsa::private_key_from_pkey(&pkey, unsafe_skip_rsa_key_validation)? + .into_py(py), + ) + } + openssl::pkey::Id::EC => { + Ok(crate::backend::ec::private_key_from_pkey(py, pkey)?.into_py(py)) + } + openssl::pkey::Id::X25519 => { + Ok(crate::backend::x25519::private_key_from_pkey(pkey).into_py(py)) + } + + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::X448 => { + Ok(crate::backend::x448::private_key_from_pkey(pkey).into_py(py)) + } + + openssl::pkey::Id::ED25519 => { + Ok(crate::backend::ed25519::private_key_from_pkey(pkey).into_py(py)) + } + + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::ED448 => { + Ok(crate::backend::ed448::private_key_from_pkey(pkey).into_py(py)) + } + openssl::pkey::Id::DSA => Ok(crate::backend::dsa::private_key_from_pkey(pkey).into_py(py)), + openssl::pkey::Id::DH => Ok(crate::backend::dh::private_key_from_pkey(pkey).into_py(py)), + + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::DHX => Ok(crate::backend::dh::private_key_from_pkey(pkey).into_py(py)), + _ => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err("Unsupported key type."), + )), + } +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +fn load_der_public_key( + py: pyo3::Python<'_>, + data: CffiBuf<'_>, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + load_der_public_key_bytes(py, data.as_bytes()) +} + +pub(crate) fn load_der_public_key_bytes( + py: pyo3::Python<'_>, + data: &[u8], +) -> CryptographyResult { + match cryptography_key_parsing::spki::parse_public_key(data) { + Ok(pkey) => public_key_from_pkey(py, &pkey, pkey.id()), + // It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still need + // to check to see if it is a pure PKCS1 RSA public key (not embedded + // in a subjectPublicKeyInfo) + Err(e) => { + // Use the original error. + let pkey = + cryptography_key_parsing::rsa::parse_pkcs1_public_key(data).map_err(|_| e)?; + public_key_from_pkey(py, &pkey, pkey.id()) + } + } +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +fn load_pem_public_key( + py: pyo3::Python<'_>, + data: CffiBuf<'_>, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + let p = pem::parse(data.as_bytes())?; + let pkey = match p.tag() { + "RSA PUBLIC KEY" => { + // We try to parse it as a PKCS1 first since that's the PEM delimiter, and if + // that fails we try to parse it as an SPKI. This is to match the permissiveness + // of OpenSSL, which doesn't care about the delimiter. + match cryptography_key_parsing::rsa::parse_pkcs1_public_key(p.contents()) { + Ok(pkey) => pkey, + Err(err) => { + let pkey = cryptography_key_parsing::spki::parse_public_key(p.contents()) + .map_err(|_| err)?; + if pkey.id() != openssl::pkey::Id::RSA { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Incorrect PEM delimiter for key type.", + ), + )); + } + pkey + } + } + } + "PUBLIC KEY" => cryptography_key_parsing::spki::parse_public_key(p.contents())?, + _ => return Err(CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "Valid PEM but no BEGIN PUBLIC KEY/END PUBLIC KEY delimiters. Are you sure this is a public key?" + ))), + }; + public_key_from_pkey(py, &pkey, pkey.id()) +} + +fn public_key_from_pkey( + py: pyo3::Python<'_>, + pkey: &openssl::pkey::PKeyRef, + id: openssl::pkey::Id, +) -> CryptographyResult { + // `id` is a separate argument so we can test this while passing something + // unsupported. + match id { + openssl::pkey::Id::RSA => Ok(crate::backend::rsa::public_key_from_pkey(pkey).into_py(py)), + openssl::pkey::Id::EC => { + Ok(crate::backend::ec::public_key_from_pkey(py, pkey)?.into_py(py)) + } + openssl::pkey::Id::X25519 => { + Ok(crate::backend::x25519::public_key_from_pkey(pkey).into_py(py)) + } + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::X448 => Ok(crate::backend::x448::public_key_from_pkey(pkey).into_py(py)), + + openssl::pkey::Id::ED25519 => { + Ok(crate::backend::ed25519::public_key_from_pkey(pkey).into_py(py)) + } + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::ED448 => { + Ok(crate::backend::ed448::public_key_from_pkey(pkey).into_py(py)) + } + + openssl::pkey::Id::DSA => Ok(crate::backend::dsa::public_key_from_pkey(pkey).into_py(py)), + openssl::pkey::Id::DH => Ok(crate::backend::dh::public_key_from_pkey(pkey).into_py(py)), + + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + openssl::pkey::Id::DHX => Ok(crate::backend::dh::public_key_from_pkey(pkey).into_py(py)), + + _ => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err("Unsupported key type."), + )), + } +} + +#[pyo3::pymodule] +pub(crate) mod keys { + #[pymodule_export] + use super::{ + load_der_private_key, load_der_public_key, load_pem_private_key, load_pem_public_key, + }; +} + +#[cfg(test)] +mod tests { + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + use super::{private_key_from_pkey, public_key_from_pkey}; + + #[test] + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + fn test_public_key_from_pkey_unknown_key() { + pyo3::prepare_freethreaded_python(); + + pyo3::Python::with_gil(|py| { + let pkey = + openssl::pkey::PKey::public_key_from_raw_bytes(&[0; 32], openssl::pkey::Id::X25519) + .unwrap(); + // Pass a nonsense id for this key to test the unsupported + // algorithm path. + assert!(public_key_from_pkey(py, &pkey, openssl::pkey::Id::CMAC).is_err()); + }); + } + + #[test] + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + fn test_private_key_from_pkey_unknown_key() { + pyo3::prepare_freethreaded_python(); + + pyo3::Python::with_gil(|py| { + let pkey = openssl::pkey::PKey::hmac(&[0; 32]).unwrap(); + assert!(private_key_from_pkey(py, &pkey, false).is_err()); + }); + } +} diff --git a/src/rust/src/backend/mod.rs b/src/rust/src/backend/mod.rs new file mode 100644 index 0000000..a447565 --- /dev/null +++ b/src/rust/src/backend/mod.rs @@ -0,0 +1,24 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +pub(crate) mod aead; +pub(crate) mod cipher_registry; +pub(crate) mod ciphers; +pub(crate) mod cmac; +pub(crate) mod dh; +pub(crate) mod dsa; +pub(crate) mod ec; +pub(crate) mod ed25519; +#[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] +pub(crate) mod ed448; +pub(crate) mod hashes; +pub(crate) mod hmac; +pub(crate) mod kdf; +pub(crate) mod keys; +pub(crate) mod poly1305; +pub(crate) mod rsa; +pub(crate) mod utils; +pub(crate) mod x25519; +#[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] +pub(crate) mod x448; diff --git a/src/rust/src/backend/poly1305.rs b/src/rust/src/backend/poly1305.rs new file mode 100644 index 0000000..e998a43 --- /dev/null +++ b/src/rust/src/backend/poly1305.rs @@ -0,0 +1,172 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::hashes::already_finalized_error; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; +use pyo3::types::PyBytesMethods; + +#[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))] +struct Poly1305Boring { + context: cryptography_openssl::poly1305::Poly1305State, +} + +#[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))] +impl Poly1305Boring { + fn new(key: CffiBuf<'_>) -> CryptographyResult { + if key.as_bytes().len() != 32 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("A poly1305 key is 32 bytes long"), + )); + } + let ctx = cryptography_openssl::poly1305::Poly1305State::new(key.as_bytes()); + Ok(Poly1305Boring { context: ctx }) + } + + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + self.context.update(data.as_bytes()); + Ok(()) + } + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let result = pyo3::types::PyBytes::new_bound_with(py, 16usize, |b| { + self.context.finalize(b.as_mut()); + Ok(()) + })?; + Ok(result) + } +} + +#[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] +struct Poly1305Open { + signer: openssl::sign::Signer<'static>, +} + +#[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] +impl Poly1305Open { + fn new(key: CffiBuf<'_>) -> CryptographyResult { + if cryptography_openssl::fips::is_enabled() { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "poly1305 is not supported by this version of OpenSSL.", + exceptions::Reasons::UNSUPPORTED_MAC, + )), + )); + } + + let pkey = openssl::pkey::PKey::private_key_from_raw_bytes( + key.as_bytes(), + openssl::pkey::Id::POLY1305, + ) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("A poly1305 key is 32 bytes long"))?; + + Ok(Poly1305Open { + signer: openssl::sign::Signer::new_without_digest(&pkey).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("A poly1305 key is 32 bytes long") + })?, + }) + } + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + let buf = data.as_bytes(); + self.signer.update(buf)?; + Ok(()) + } + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let result = pyo3::types::PyBytes::new_bound_with(py, self.signer.len()?, |b| { + let n = self.signer.sign(b).unwrap(); + assert_eq!(n, b.len()); + Ok(()) + })?; + Ok(result) + } +} + +#[pyo3::pyclass(module = "cryptography.hazmat.bindings._rust.openssl.poly1305")] +struct Poly1305 { + #[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))] + inner: Option, + #[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] + inner: Option, +} + +#[pyo3::pymethods] +impl Poly1305 { + #[new] + fn new(key: CffiBuf<'_>) -> CryptographyResult { + #[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))] + return Ok(Poly1305 { + inner: Some(Poly1305Boring::new(key)?), + }); + #[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] + return Ok(Poly1305 { + inner: Some(Poly1305Open::new(key)?), + }); + } + + #[staticmethod] + fn generate_tag<'p>( + py: pyo3::Python<'p>, + key: CffiBuf<'_>, + data: CffiBuf<'_>, + ) -> CryptographyResult> { + let mut p = Poly1305::new(key)?; + p.update(data)?; + p.finalize(py) + } + + #[staticmethod] + fn verify_tag( + py: pyo3::Python<'_>, + key: CffiBuf<'_>, + data: CffiBuf<'_>, + tag: &[u8], + ) -> CryptographyResult<()> { + let mut p = Poly1305::new(key)?; + p.update(data)?; + p.verify(py, tag) + } + + fn update(&mut self, data: CffiBuf<'_>) -> CryptographyResult<()> { + self.inner + .as_mut() + .map_or(Err(already_finalized_error()), |b| b.update(data)) + } + + fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let res = self + .inner + .as_mut() + .map_or(Err(already_finalized_error()), |b| b.finalize(py)); + self.inner = None; + + res + } + + fn verify(&mut self, py: pyo3::Python<'_>, signature: &[u8]) -> CryptographyResult<()> { + let actual_bound = self.finalize(py)?; + let actual = actual_bound.as_bytes(); + if actual.len() != signature.len() || !openssl::memcmp::eq(actual, signature) { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err("Value did not match computed tag."), + )); + } + + Ok(()) + } +} + +#[pyo3::pymodule] +pub(crate) mod poly1305 { + #[pymodule_export] + use super::Poly1305; +} diff --git a/src/rust/src/backend/rsa.rs b/src/rust/src/backend/rsa.rs new file mode 100644 index 0000000..3c01e74 --- /dev/null +++ b/src/rust/src/backend/rsa.rs @@ -0,0 +1,823 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::collections::hash_map::DefaultHasher; +use std::hash::{Hash, Hasher}; + +use crate::backend::{hashes, utils}; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; +use pyo3::types::PyAnyMethods; + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.rsa", + name = "RSAPrivateKey" +)] +pub(crate) struct RsaPrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.bindings._rust.openssl.rsa", + name = "RSAPublicKey" +)] +pub(crate) struct RsaPublicKey { + pkey: openssl::pkey::PKey, +} + +fn check_rsa_private_key( + rsa: &openssl::rsa::Rsa, +) -> CryptographyResult<()> { + if !rsa.check_key().unwrap_or(false) || rsa.p().unwrap().is_even() || rsa.q().unwrap().is_even() + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid private key"), + )); + } + Ok(()) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, + unsafe_skip_rsa_key_validation: bool, +) -> CryptographyResult { + if !unsafe_skip_rsa_key_validation { + check_rsa_private_key(&pkey.rsa().unwrap())?; + } + Ok(RsaPrivateKey { + pkey: pkey.to_owned(), + }) +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> RsaPublicKey { + RsaPublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn generate_private_key(public_exponent: u32, key_size: u32) -> CryptographyResult { + let e = openssl::bn::BigNum::from_u32(public_exponent)?; + let rsa = openssl::rsa::Rsa::generate_with_e(key_size, &e)?; + let pkey = openssl::pkey::PKey::from_rsa(rsa)?; + Ok(RsaPrivateKey { pkey }) +} + +fn oaep_hash_supported(md: &openssl::hash::MessageDigest) -> bool { + (!cryptography_openssl::fips::is_enabled() && md == &openssl::hash::MessageDigest::sha1()) + || md == &openssl::hash::MessageDigest::sha224() + || md == &openssl::hash::MessageDigest::sha256() + || md == &openssl::hash::MessageDigest::sha384() + || md == &openssl::hash::MessageDigest::sha512() +} + +fn setup_encryption_ctx( + py: pyo3::Python<'_>, + ctx: &mut openssl::pkey_ctx::PkeyCtx, + padding: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult<()> { + if !padding.is_instance(&types::ASYMMETRIC_PADDING.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Padding must be an instance of AsymmetricPadding.", + ), + )); + } + + let padding_enum = if padding.is_instance(&types::PKCS1V15.get(py)?)? { + openssl::rsa::Padding::PKCS1 + } else if padding.is_instance(&types::OAEP.get(py)?)? { + if !padding + .getattr(pyo3::intern!(py, "_mgf"))? + .is_instance(&types::MGF1.get(py)?)? + { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "Only MGF1 is supported.", + exceptions::Reasons::UNSUPPORTED_MGF, + )), + )); + } + + openssl::rsa::Padding::PKCS1_OAEP + } else { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!( + "{} is not supported by this backend.", + padding.getattr(pyo3::intern!(py, "name"))? + ), + exceptions::Reasons::UNSUPPORTED_PADDING, + )), + )); + }; + + ctx.set_rsa_padding(padding_enum)?; + + if padding_enum == openssl::rsa::Padding::PKCS1_OAEP { + let mgf1_md = hashes::message_digest_from_algorithm( + py, + &padding + .getattr(pyo3::intern!(py, "_mgf"))? + .getattr(pyo3::intern!(py, "_algorithm"))?, + )?; + let oaep_md = hashes::message_digest_from_algorithm( + py, + &padding.getattr(pyo3::intern!(py, "_algorithm"))?, + )?; + + if !oaep_hash_supported(&mgf1_md) || !oaep_hash_supported(&oaep_md) { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "This combination of padding and hash algorithm is not supported", + exceptions::Reasons::UNSUPPORTED_PADDING, + )), + )); + } + + ctx.set_rsa_mgf1_md(openssl::md::Md::from_nid(mgf1_md.type_()).unwrap())?; + ctx.set_rsa_oaep_md(openssl::md::Md::from_nid(oaep_md.type_()).unwrap())?; + + if let Some(label) = padding + .getattr(pyo3::intern!(py, "_label"))? + .extract::>()? + { + if !label.is_empty() { + ctx.set_rsa_oaep_label(&label)?; + } + } + } + + Ok(()) +} + +fn setup_signature_ctx( + py: pyo3::Python<'_>, + ctx: &mut openssl::pkey_ctx::PkeyCtx, + padding: &pyo3::Bound<'_, pyo3::PyAny>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + key_size: usize, + is_signing: bool, +) -> CryptographyResult<()> { + if !padding.is_instance(&types::ASYMMETRIC_PADDING.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Padding must be an instance of AsymmetricPadding.", + ), + )); + } + + let padding_enum = if padding.is_instance(&types::PKCS1V15.get(py)?)? { + openssl::rsa::Padding::PKCS1 + } else if padding.is_instance(&types::PSS.get(py)?)? { + if !padding + .getattr(pyo3::intern!(py, "_mgf"))? + .is_instance(&types::MGF1.get(py)?)? + { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "Only MGF1 is supported.", + exceptions::Reasons::UNSUPPORTED_MGF, + )), + )); + } + + // PSS padding requires a hash algorithm + if !algorithm.is_instance(&types::HASH_ALGORITHM.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Expected instance of hashes.HashAlgorithm.", + ), + )); + } + + if algorithm + .getattr(pyo3::intern!(py, "digest_size"))? + .extract::()? + + 2 + > key_size + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Digest too large for key size. Use a larger key or different digest.", + ), + )); + } + + openssl::rsa::Padding::PKCS1_PSS + } else { + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!( + "{} is not supported by this backend.", + padding.getattr(pyo3::intern!(py, "name"))? + ), + exceptions::Reasons::UNSUPPORTED_PADDING, + )), + )); + }; + + if !algorithm.is_none() { + let md = hashes::message_digest_from_algorithm(py, algorithm)?; + ctx.set_signature_md(openssl::md::Md::from_nid(md.type_()).unwrap()) + .or_else(|_| { + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!( + "{} is not supported by this backend for RSA signing.", + algorithm.getattr(pyo3::intern!(py, "name"))? + ), + exceptions::Reasons::UNSUPPORTED_HASH, + )), + )) + })?; + } + ctx.set_rsa_padding(padding_enum).or_else(|_| { + Err(exceptions::UnsupportedAlgorithm::new_err(( + format!( + "{} is not supported for the RSA signature operation", + padding.getattr(pyo3::intern!(py, "name"))? + ), + exceptions::Reasons::UNSUPPORTED_PADDING, + ))) + })?; + + if padding_enum == openssl::rsa::Padding::PKCS1_PSS { + let salt = padding.getattr(pyo3::intern!(py, "_salt_length"))?; + if salt.is_instance(&types::PADDING_MAX_LENGTH.get(py)?)? { + ctx.set_rsa_pss_saltlen(openssl::sign::RsaPssSaltlen::MAXIMUM_LENGTH)?; + } else if salt.is_instance(&types::PADDING_DIGEST_LENGTH.get(py)?)? { + ctx.set_rsa_pss_saltlen(openssl::sign::RsaPssSaltlen::DIGEST_LENGTH)?; + } else if salt.is_instance(&types::PADDING_AUTO.get(py)?)? { + if is_signing { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "PSS salt length can only be set to Auto when verifying", + ), + )); + } + } else { + ctx.set_rsa_pss_saltlen(openssl::sign::RsaPssSaltlen::custom(salt.extract::()?))?; + }; + + let mgf1_md = hashes::message_digest_from_algorithm( + py, + &padding + .getattr(pyo3::intern!(py, "_mgf"))? + .getattr(pyo3::intern!(py, "_algorithm"))?, + )?; + ctx.set_rsa_mgf1_md(openssl::md::Md::from_nid(mgf1_md.type_()).unwrap())?; + } + + Ok(()) +} + +#[pyo3::pymethods] +impl RsaPrivateKey { + fn sign<'p>( + &self, + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + padding: &pyo3::Bound<'p, pyo3::PyAny>, + algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let (data, algorithm) = + utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?; + + let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + ctx.sign_init().map_err(|_| { + pyo3::exceptions::PyValueError::new_err("Unable to sign/verify with this key") + })?; + setup_signature_ctx(py, &mut ctx, padding, &algorithm, self.pkey.size(), true)?; + + let length = ctx.sign(data.as_bytes(), None)?; + Ok(pyo3::types::PyBytes::new_bound_with(py, length, |b| { + let length = ctx.sign(data.as_bytes(), Some(b)).map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "Digest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt", + ) + })?; + assert_eq!(length, b.len()); + Ok(()) + })?.into_any()) + } + + fn decrypt<'p>( + &self, + py: pyo3::Python<'p>, + ciphertext: &[u8], + padding: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let key_size_bytes = + usize::try_from((self.pkey.rsa().unwrap().n().num_bits() + 7) / 8).unwrap(); + if key_size_bytes != ciphertext.len() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Ciphertext length must be equal to key size.", + ), + )); + } + + let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + ctx.decrypt_init()?; + + setup_encryption_ctx(py, &mut ctx, padding)?; + + // Everything from this line onwards is written with the goal of being + // as constant-time as is practical given the constraints of + // rust-openssl and our API. See Bleichenbacher's '98 attack on RSA, + // and its many many variants. As such, you should not attempt to + // change this (particularly to "clean it up") without understanding + // why it was written this way (see Chesterton's Fence), and without + // measuring to verify you have not introduced observable time + // differences. + // + // Once OpenSSL 3.2.0 is out, this can be simplified, as OpenSSL will + // have its own mitigations for Bleichenbacher's attack. + let length = ctx.decrypt(ciphertext, None).unwrap(); + let mut plaintext = vec![0; length]; + let result = ctx.decrypt(ciphertext, Some(&mut plaintext)); + + let py_result = + pyo3::types::PyBytes::new_bound(py, &plaintext[..*result.as_ref().unwrap_or(&length)]); + if result.is_err() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Decryption failed"), + )); + } + Ok(py_result) + } + + #[getter] + fn key_size(&self) -> i32 { + self.pkey.rsa().unwrap().n().num_bits() + } + + fn public_key(&self) -> CryptographyResult { + let priv_rsa = self.pkey.rsa().unwrap(); + let rsa = openssl::rsa::Rsa::from_public_components( + priv_rsa.n().to_owned()?, + priv_rsa.e().to_owned()?, + ) + .unwrap(); + let pkey = openssl::pkey::PKey::from_rsa(rsa)?; + Ok(RsaPublicKey { pkey }) + } + + fn private_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let rsa = self.pkey.rsa().unwrap(); + + let py_p = utils::bn_to_py_int(py, rsa.p().unwrap())?; + let py_q = utils::bn_to_py_int(py, rsa.q().unwrap())?; + let py_d = utils::bn_to_py_int(py, rsa.d())?; + let py_dmp1 = utils::bn_to_py_int(py, rsa.dmp1().unwrap())?; + let py_dmq1 = utils::bn_to_py_int(py, rsa.dmq1().unwrap())?; + let py_iqmp = utils::bn_to_py_int(py, rsa.iqmp().unwrap())?; + let py_e = utils::bn_to_py_int(py, rsa.e())?; + let py_n = utils::bn_to_py_int(py, rsa.n())?; + + let public_numbers = RsaPublicNumbers { + e: py_e.extract()?, + n: py_n.extract()?, + }; + Ok(RsaPrivateNumbers { + p: py_p.extract()?, + q: py_q.extract()?, + d: py_d.extract()?, + dmp1: py_dmp1.extract()?, + dmq1: py_dmq1.extract()?, + iqmp: py_iqmp.extract()?, + public_numbers: pyo3::Py::new(py, public_numbers)?, + }) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + true, + false, + ) + } +} + +#[pyo3::pymethods] +impl RsaPublicKey { + fn verify( + &self, + py: pyo3::Python<'_>, + signature: CffiBuf<'_>, + data: CffiBuf<'_>, + padding: &pyo3::Bound<'_, pyo3::PyAny>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult<()> { + let (data, algorithm) = + utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?; + + let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + ctx.verify_init()?; + setup_signature_ctx(py, &mut ctx, padding, &algorithm, self.pkey.size(), false)?; + + let valid = ctx + .verify(data.as_bytes(), signature.as_bytes()) + .unwrap_or(false); + if !valid { + return Err(CryptographyError::from( + exceptions::InvalidSignature::new_err(()), + )); + } + + Ok(()) + } + + fn encrypt<'p>( + &self, + py: pyo3::Python<'p>, + plaintext: &[u8], + padding: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + ctx.encrypt_init()?; + + setup_encryption_ctx(py, &mut ctx, padding)?; + + let length = ctx.encrypt(plaintext, None)?; + Ok(pyo3::types::PyBytes::new_bound_with(py, length, |b| { + let length = ctx + .encrypt(plaintext, Some(b)) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Encryption failed"))?; + assert_eq!(length, b.len()); + Ok(()) + })?) + } + + fn recover_data_from_signature<'p>( + &self, + py: pyo3::Python<'p>, + signature: &[u8], + padding: &pyo3::Bound<'_, pyo3::PyAny>, + algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult> { + if algorithm.is_instance(&types::PREHASHED.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Prehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.", + ), + )); + } + + let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?; + ctx.verify_recover_init()?; + setup_signature_ctx(py, &mut ctx, padding, algorithm, self.pkey.size(), false)?; + + let length = ctx.verify_recover(signature, None)?; + let mut buf = vec![0u8; length]; + let length = ctx + .verify_recover(signature, Some(&mut buf)) + .map_err(|_| exceptions::InvalidSignature::new_err(()))?; + + Ok(pyo3::types::PyBytes::new_bound(py, &buf[..length])) + } + + #[getter] + fn key_size(&self) -> i32 { + self.pkey.rsa().unwrap().n().num_bits() + } + + fn public_numbers(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let rsa = self.pkey.rsa().unwrap(); + + let py_e = utils::bn_to_py_int(py, rsa.e())?; + let py_n = utils::bn_to_py_int(py, rsa.n())?; + + Ok(RsaPublicNumbers { + e: py_e.extract()?, + n: py_n.extract()?, + }) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, true, false) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.primitives.asymmetric.rsa", + name = "RSAPrivateNumbers" +)] +struct RsaPrivateNumbers { + #[pyo3(get)] + p: pyo3::Py, + #[pyo3(get)] + q: pyo3::Py, + #[pyo3(get)] + d: pyo3::Py, + #[pyo3(get)] + dmp1: pyo3::Py, + #[pyo3(get)] + dmq1: pyo3::Py, + #[pyo3(get)] + iqmp: pyo3::Py, + #[pyo3(get)] + public_numbers: pyo3::Py, +} + +#[pyo3::pyclass( + frozen, + module = "cryptography.hazmat.primitives.asymmetric.rsa", + name = "RSAPublicNumbers" +)] +struct RsaPublicNumbers { + #[pyo3(get)] + e: pyo3::Py, + #[pyo3(get)] + n: pyo3::Py, +} + +#[allow(clippy::too_many_arguments)] +fn check_private_key_components( + p: &pyo3::Bound<'_, pyo3::types::PyLong>, + q: &pyo3::Bound<'_, pyo3::types::PyLong>, + private_exponent: &pyo3::Bound<'_, pyo3::types::PyLong>, + dmp1: &pyo3::Bound<'_, pyo3::types::PyLong>, + dmq1: &pyo3::Bound<'_, pyo3::types::PyLong>, + iqmp: &pyo3::Bound<'_, pyo3::types::PyLong>, + public_exponent: &pyo3::Bound<'_, pyo3::types::PyLong>, + modulus: &pyo3::Bound<'_, pyo3::types::PyLong>, +) -> CryptographyResult<()> { + if modulus.lt(3)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("modulus must be >= 3."), + )); + } + + if p.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("p must be < modulus."), + )); + } + + if q.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("q must be < modulus."), + )); + } + + if dmp1.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("dmp1 must be < modulus."), + )); + } + + if dmq1.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("dmq1 must be < modulus."), + )); + } + + if iqmp.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("iqmp must be < modulus."), + )); + } + + if private_exponent.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("private_exponent must be < modulus."), + )); + } + + if public_exponent.lt(3)? || public_exponent.ge(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("public_exponent must be >= 3 and < modulus."), + )); + } + + if public_exponent.bitand(1)?.eq(0)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("public_exponent must be odd."), + )); + } + + if dmp1.bitand(1)?.eq(0)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("dmp1 must be odd."), + )); + } + + if dmq1.bitand(1)?.eq(0)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("dmq1 must be odd."), + )); + } + + if p.mul(q)?.ne(modulus)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("p*q must equal modulus."), + )); + } + + Ok(()) +} + +#[pyo3::pymethods] +impl RsaPrivateNumbers { + #[new] + fn new( + p: pyo3::Py, + q: pyo3::Py, + d: pyo3::Py, + dmp1: pyo3::Py, + dmq1: pyo3::Py, + iqmp: pyo3::Py, + public_numbers: pyo3::Py, + ) -> RsaPrivateNumbers { + Self { + p, + q, + d, + dmp1, + dmq1, + iqmp, + public_numbers, + } + } + + #[pyo3(signature = (backend = None, *, unsafe_skip_rsa_key_validation = false))] + fn private_key( + &self, + py: pyo3::Python<'_>, + backend: Option<&pyo3::Bound<'_, pyo3::PyAny>>, + unsafe_skip_rsa_key_validation: bool, + ) -> CryptographyResult { + let _ = backend; + + check_private_key_components( + self.p.bind(py), + self.q.bind(py), + self.d.bind(py), + self.dmp1.bind(py), + self.dmq1.bind(py), + self.iqmp.bind(py), + self.public_numbers.get().e.bind(py), + self.public_numbers.get().n.bind(py), + )?; + let public_numbers = self.public_numbers.get(); + let rsa = openssl::rsa::Rsa::from_private_components( + utils::py_int_to_bn(py, public_numbers.n.bind(py))?, + utils::py_int_to_bn(py, public_numbers.e.bind(py))?, + utils::py_int_to_bn(py, self.d.bind(py))?, + utils::py_int_to_bn(py, self.p.bind(py))?, + utils::py_int_to_bn(py, self.q.bind(py))?, + utils::py_int_to_bn(py, self.dmp1.bind(py))?, + utils::py_int_to_bn(py, self.dmq1.bind(py))?, + utils::py_int_to_bn(py, self.iqmp.bind(py))?, + ) + .unwrap(); + if !unsafe_skip_rsa_key_validation { + check_rsa_private_key(&rsa)?; + } + let pkey = openssl::pkey::PKey::from_rsa(rsa)?; + Ok(RsaPrivateKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.p.bind(py).eq(other.p.bind(py))? + && self.q.bind(py).eq(other.q.bind(py))? + && self.d.bind(py).eq(other.d.bind(py))? + && self.dmp1.bind(py).eq(other.dmp1.bind(py))? + && self.dmq1.bind(py).eq(other.dmq1.bind(py))? + && self.iqmp.bind(py).eq(other.iqmp.bind(py))? + && self + .public_numbers + .bind(py) + .eq(other.public_numbers.bind(py))?) + } + + fn __hash__(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let mut hasher = DefaultHasher::new(); + self.p.bind(py).hash()?.hash(&mut hasher); + self.q.bind(py).hash()?.hash(&mut hasher); + self.d.bind(py).hash()?.hash(&mut hasher); + self.dmp1.bind(py).hash()?.hash(&mut hasher); + self.dmq1.bind(py).hash()?.hash(&mut hasher); + self.iqmp.bind(py).hash()?.hash(&mut hasher); + self.public_numbers.bind(py).hash()?.hash(&mut hasher); + Ok(hasher.finish()) + } +} + +fn check_public_key_components( + e: &pyo3::Bound<'_, pyo3::types::PyLong>, + n: &pyo3::Bound<'_, pyo3::types::PyLong>, +) -> CryptographyResult<()> { + if n.lt(3)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("n must be >= 3."), + )); + } + + if e.lt(3)? || e.ge(n)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("e must be >= 3 and < n."), + )); + } + + if e.bitand(1)?.eq(0)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("e must be odd."), + )); + } + + Ok(()) +} + +#[pyo3::pymethods] +impl RsaPublicNumbers { + #[new] + fn new(e: pyo3::Py, n: pyo3::Py) -> RsaPublicNumbers { + RsaPublicNumbers { e, n } + } + + #[pyo3(signature = (backend=None))] + fn public_key( + &self, + py: pyo3::Python<'_>, + backend: Option<&pyo3::Bound<'_, pyo3::PyAny>>, + ) -> CryptographyResult { + let _ = backend; + + check_public_key_components(self.e.bind(py), self.n.bind(py))?; + + let rsa = openssl::rsa::Rsa::from_public_components( + utils::py_int_to_bn(py, self.n.bind(py))?, + utils::py_int_to_bn(py, self.e.bind(py))?, + ) + .unwrap(); + let pkey = openssl::pkey::PKey::from_rsa(rsa)?; + Ok(RsaPublicKey { pkey }) + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + Ok(self.e.bind(py).eq(other.e.bind(py))? && self.n.bind(py).eq(other.n.bind(py))?) + } + + fn __hash__(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let mut hasher = DefaultHasher::new(); + self.e.bind(py).hash()?.hash(&mut hasher); + self.n.bind(py).hash()?.hash(&mut hasher); + Ok(hasher.finish()) + } + + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let e = self.e.bind(py); + let n = self.n.bind(py); + Ok(format!("")) + } +} + +#[pyo3::pymodule] +pub(crate) mod rsa { + #[pymodule_export] + use super::{ + generate_private_key, RsaPrivateKey, RsaPrivateNumbers, RsaPublicKey, RsaPublicNumbers, + }; +} diff --git a/src/rust/src/backend/utils.rs b/src/rust/src/backend/utils.rs new file mode 100644 index 0000000..616ace7 --- /dev/null +++ b/src/rust/src/backend/utils.rs @@ -0,0 +1,469 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::hashes::Hash; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{error, types}; +use pyo3::types::{PyAnyMethods, PyBytesMethods}; +use pyo3::ToPyObject; + +pub(crate) fn py_int_to_bn( + py: pyo3::Python<'_>, + v: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let n = v + .call_method0(pyo3::intern!(py, "bit_length"))? + .extract::()? + / 8 + + 1; + let bytes = v + .call_method1(pyo3::intern!(py, "to_bytes"), (n, pyo3::intern!(py, "big")))? + .extract::()?; + + Ok(openssl::bn::BigNum::from_slice(&bytes)?) +} + +pub(crate) fn bn_to_py_int<'p>( + py: pyo3::Python<'p>, + b: &openssl::bn::BigNumRef, +) -> CryptographyResult> { + assert!(!b.is_negative()); + + let int_type = py.get_type_bound::(); + Ok(int_type.call_method1( + pyo3::intern!(py, "from_bytes"), + (b.to_vec(), pyo3::intern!(py, "big")), + )?) +} + +pub(crate) fn bn_to_big_endian_bytes(b: &openssl::bn::BigNumRef) -> CryptographyResult> { + Ok(b.to_vec_padded(b.num_bits() / 8 + 1)?) +} + +#[allow(clippy::too_many_arguments)] +pub(crate) fn pkey_private_bytes<'p>( + py: pyo3::Python<'p>, + key_obj: &pyo3::Bound<'p, pyo3::PyAny>, + pkey: &openssl::pkey::PKey, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + openssh_allowed: bool, + raw_allowed: bool, +) -> CryptographyResult> { + if !encoding.is_instance(&types::ENCODING.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "encoding must be an item from the Encoding enum", + ), + )); + } + if !format.is_instance(&types::PRIVATE_FORMAT.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "format must be an item from the PrivateFormat enum", + ), + )); + } + if !encryption_algorithm.is_instance(&types::KEY_SERIALIZATION_ENCRYPTION.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Encryption algorithm must be a KeySerializationEncryption instance", + ), + )); + } + + if raw_allowed + && (encoding.is(&types::ENCODING_RAW.get(py)?) + || format.is(&types::PRIVATE_FORMAT_RAW.get(py)?)) + { + if !encoding.is(&types::ENCODING_RAW.get(py)?) + || !format.is(&types::PRIVATE_FORMAT_RAW.get(py)?) + || !encryption_algorithm.is_instance(&types::NO_ENCRYPTION.get(py)?)? + { + return Err(CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "When using Raw both encoding and format must be Raw and encryption_algorithm must be NoEncryption()" + ))); + } + let raw_bytes = pkey.raw_private_key()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)); + } + + let py_password; + let password = if encryption_algorithm.is_instance(&types::NO_ENCRYPTION.get(py)?)? { + b"" as &[u8] + } else if encryption_algorithm.is_instance(&types::BEST_AVAILABLE_ENCRYPTION.get(py)?)? + || (encryption_algorithm.is_instance(&types::ENCRYPTION_BUILDER.get(py)?)? + && encryption_algorithm + .getattr(pyo3::intern!(py, "_format"))? + .is(format)) + { + py_password = encryption_algorithm + .getattr(pyo3::intern!(py, "password"))? + .extract::()?; + &py_password + } else { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Unsupported encryption type"), + )); + }; + + if password.len() > 1023 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Passwords longer than 1023 bytes are not supported by this backend", + ), + )); + } + + if format.is(&types::PRIVATE_FORMAT_PKCS8.get(py)?) { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = if password.is_empty() { + pkey.private_key_to_pem_pkcs8()? + } else { + pkey.private_key_to_pem_pkcs8_passphrase( + openssl::symm::Cipher::aes_256_cbc(), + password, + )? + }; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + let der_bytes = if password.is_empty() { + pkey.private_key_to_pkcs8()? + } else { + pkey.private_key_to_pkcs8_passphrase( + openssl::symm::Cipher::aes_256_cbc(), + password, + )? + }; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Unsupported encoding for PKCS8"), + )); + } + + if format.is(&types::PRIVATE_FORMAT_TRADITIONAL_OPENSSL.get(py)?) { + if cryptography_openssl::fips::is_enabled() && !password.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Encrypted traditional OpenSSL format is not supported in FIPS mode", + ), + )); + } + if let Ok(rsa) = pkey.rsa() { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = if password.is_empty() { + rsa.private_key_to_pem()? + } else { + rsa.private_key_to_pem_passphrase( + openssl::symm::Cipher::aes_256_cbc(), + password, + )? + }; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + if !password.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Encryption is not supported for DER encoded traditional OpenSSL keys", + ), + )); + } + + let der_bytes = rsa.private_key_to_der()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + } else if let Ok(dsa) = pkey.dsa() { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = if password.is_empty() { + dsa.private_key_to_pem()? + } else { + dsa.private_key_to_pem_passphrase( + openssl::symm::Cipher::aes_256_cbc(), + password, + )? + }; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + if !password.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Encryption is not supported for DER encoded traditional OpenSSL keys", + ), + )); + } + + let der_bytes = dsa.private_key_to_der()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + } else if let Ok(ec) = pkey.ec_key() { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = if password.is_empty() { + ec.private_key_to_pem()? + } else { + ec.private_key_to_pem_passphrase( + openssl::symm::Cipher::aes_256_cbc(), + password, + )? + }; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + if !password.is_empty() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Encryption is not supported for DER encoded traditional OpenSSL keys", + ), + )); + } + + let der_bytes = ec.private_key_to_der()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + } + } + + // OpenSSH + PEM + if openssh_allowed && format.is(&types::PRIVATE_FORMAT_OPENSSH.get(py)?) { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + return Ok(types::SERIALIZE_SSH_PRIVATE_KEY + .get(py)? + .call1((key_obj, password, encryption_algorithm))? + .extract()?); + } + + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "OpenSSH private key format can only be used with PEM encoding", + ), + )); + } + + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("format is invalid with this key"), + )) +} + +pub(crate) fn pkey_public_bytes<'p>( + py: pyo3::Python<'p>, + key_obj: &pyo3::Bound<'p, pyo3::PyAny>, + pkey: &openssl::pkey::PKey, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + openssh_allowed: bool, + raw_allowed: bool, +) -> CryptographyResult> { + if !encoding.is_instance(&types::ENCODING.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "encoding must be an item from the Encoding enum", + ), + )); + } + if !format.is_instance(&types::PUBLIC_FORMAT.get(py)?)? { + return Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "format must be an item from the PublicFormat enum", + ), + )); + } + + if raw_allowed + && (encoding.is(&types::ENCODING_RAW.get(py)?) + || format.is(&types::PUBLIC_FORMAT_RAW.get(py)?)) + { + if !encoding.is(&types::ENCODING_RAW.get(py)?) + || !format.is(&types::PUBLIC_FORMAT_RAW.get(py)?) + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "When using Raw both encoding and format must be Raw", + ), + )); + } + let raw_bytes = pkey.raw_public_key()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)); + } + + // SubjectPublicKeyInfo + PEM/DER + if format.is(&types::PUBLIC_FORMAT_SUBJECT_PUBLIC_KEY_INFO.get(py)?) { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = pkey.public_key_to_pem()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + let der_bytes = pkey.public_key_to_der()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "SubjectPublicKeyInfo works only with PEM or DER encoding", + ), + )); + } + + if let Ok(ec) = pkey.ec_key() { + if encoding.is(&types::ENCODING_X962.get(py)?) { + let point_form = if format.is(&types::PUBLIC_FORMAT_UNCOMPRESSED_POINT.get(py)?) { + openssl::ec::PointConversionForm::UNCOMPRESSED + } else if format.is(&types::PUBLIC_FORMAT_COMPRESSED_POINT.get(py)?) { + openssl::ec::PointConversionForm::COMPRESSED + } else { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "X962 encoding must be used with CompressedPoint or UncompressedPoint format" + ) + )); + }; + let mut bn_ctx = openssl::bn::BigNumContext::new()?; + let data = ec + .public_key() + .to_bytes(ec.group(), point_form, &mut bn_ctx)?; + return Ok(pyo3::types::PyBytes::new_bound(py, &data)); + } + } + + if let Ok(rsa) = pkey.rsa() { + if format.is(&types::PUBLIC_FORMAT_PKCS1.get(py)?) { + if encoding.is(&types::ENCODING_PEM.get(py)?) { + let pem_bytes = rsa.public_key_to_pem_pkcs1()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &pem_bytes)); + } else if encoding.is(&types::ENCODING_DER.get(py)?) { + let der_bytes = rsa.public_key_to_der_pkcs1()?; + return Ok(pyo3::types::PyBytes::new_bound(py, &der_bytes)); + } + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "PKCS1 works only with PEM or DER encoding", + ), + )); + } + } + + // OpenSSH + OpenSSH + if openssh_allowed && format.is(&types::PUBLIC_FORMAT_OPENSSH.get(py)?) { + if encoding.is(&types::ENCODING_OPENSSH.get(py)?) { + return Ok(types::SERIALIZE_SSH_PUBLIC_KEY + .get(py)? + .call1((key_obj,))? + .extract()?); + } + + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "OpenSSH format must be used with OpenSSH encoding", + ), + )); + } + + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("format is invalid with this key"), + )) +} + +pub(crate) enum BytesOrPyBytes<'a> { + Bytes(&'a [u8]), + PyBytes(pyo3::Bound<'a, pyo3::types::PyBytes>), +} + +impl BytesOrPyBytes<'_> { + pub(crate) fn as_bytes(&self) -> &[u8] { + match self { + BytesOrPyBytes::Bytes(v) => v, + BytesOrPyBytes::PyBytes(v) => v.as_bytes(), + } + } +} + +pub(crate) fn calculate_digest_and_algorithm<'p>( + py: pyo3::Python<'p>, + data: &'p [u8], + algorithm: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult<(BytesOrPyBytes<'p>, pyo3::Bound<'p, pyo3::PyAny>)> { + let (algorithm, data) = if algorithm.is_instance(&types::PREHASHED.get(py)?)? { + ( + algorithm.getattr("_algorithm")?, + BytesOrPyBytes::Bytes(data), + ) + } else { + // Potential optimization: rather than allocate a PyBytes in + // `h.finalize()`, have a way to get the `DigestBytes` directly. + let mut h = Hash::new(py, algorithm, None)?; + h.update_bytes(data)?; + (algorithm.clone(), BytesOrPyBytes::PyBytes(h.finalize(py)?)) + }; + + if data.as_bytes().len() != algorithm.getattr("digest_size")?.extract()? { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "The provided data must be the same length as the hash algorithm's digest size.", + ), + )); + } + + Ok((data, algorithm)) +} + +pub(crate) enum PasswordCallbackStatus { + Unused, + Used, + BufferTooSmall(usize), +} + +pub(crate) fn password_callback<'a>( + status: &'a mut PasswordCallbackStatus, + password: Option<&'a [u8]>, +) -> impl FnOnce(&mut [u8]) -> Result + 'a { + move |buf| { + *status = PasswordCallbackStatus::Used; + match password.as_ref() { + Some(p) if p.len() <= buf.len() => { + buf[..p.len()].copy_from_slice(p); + Ok(p.len()) + } + Some(_) => { + *status = PasswordCallbackStatus::BufferTooSmall(buf.len()); + Ok(0) + } + None => Ok(0), + } + } +} + +pub(crate) fn handle_key_load_result( + py: pyo3::Python<'_>, + pkey: Result, openssl::error::ErrorStack>, + status: PasswordCallbackStatus, + password: Option<&[u8]>, +) -> CryptographyResult> { + match (pkey, status, password) { + (Ok(k), PasswordCallbackStatus::Unused, None) + | (Ok(k), PasswordCallbackStatus::Used, Some(_)) => Ok(k), + + (Ok(_), PasswordCallbackStatus::Unused, Some(_)) => Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Password was given but private key is not encrypted.", + ), + )), + + (_, PasswordCallbackStatus::Used, None | Some(b"")) => Err(CryptographyError::from( + pyo3::exceptions::PyTypeError::new_err( + "Password was not given but private key is encrypted", + ), + )), + (_, PasswordCallbackStatus::BufferTooSmall(size), _) => Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Passwords longer than {size} bytes are not supported" + )), + )), + (Err(e), _, _) => { + let errors = error::list_from_openssl_error(py, e); + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(( + "Could not deserialize key data. The data may be in an incorrect format, the provided password may be incorrect, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).", + errors.to_object(py), + )) + )) + } + } +} diff --git a/src/rust/src/backend/x25519.rs b/src/rust/src/backend/x25519.rs new file mode 100644 index 0000000..84f355f --- /dev/null +++ b/src/rust/src/backend/x25519.rs @@ -0,0 +1,158 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::CryptographyResult; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.x25519")] +pub(crate) struct X25519PrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.x25519")] +pub(crate) struct X25519PublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyfunction] +fn generate_key() -> CryptographyResult { + Ok(X25519PrivateKey { + pkey: openssl::pkey::PKey::generate_x25519()?, + }) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> X25519PrivateKey { + X25519PrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> X25519PublicKey { + X25519PublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn from_private_bytes(data: CffiBuf<'_>) -> pyo3::PyResult { + let pkey = + openssl::pkey::PKey::private_key_from_raw_bytes(data.as_bytes(), openssl::pkey::Id::X25519) + .map_err(|e| { + pyo3::exceptions::PyValueError::new_err(format!( + "An X25519 private key is 32 bytes long: {e}" + )) + })?; + Ok(X25519PrivateKey { pkey }) +} + +#[pyo3::pyfunction] +fn from_public_bytes(data: &[u8]) -> pyo3::PyResult { + let pkey = openssl::pkey::PKey::public_key_from_raw_bytes(data, openssl::pkey::Id::X25519) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An X25519 public key is 32 bytes long") + })?; + Ok(X25519PublicKey { pkey }) +} + +#[pyo3::pymethods] +impl X25519PrivateKey { + fn exchange<'p>( + &self, + py: pyo3::Python<'p>, + peer_public_key: &X25519PublicKey, + ) -> CryptographyResult> { + let mut deriver = openssl::derive::Deriver::new(&self.pkey)?; + deriver.set_peer(&peer_public_key.pkey)?; + + Ok(pyo3::types::PyBytes::new_bound_with( + py, + deriver.len()?, + |b| { + let n = deriver.derive(b).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("Error computing shared key.") + })?; + assert_eq!(n, b.len()); + Ok(()) + }, + )?) + } + + fn public_key(&self) -> CryptographyResult { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(X25519PublicKey { + pkey: openssl::pkey::PKey::public_key_from_raw_bytes( + &raw_bytes, + openssl::pkey::Id::X25519, + )?, + }) + } + + fn private_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_private_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + false, + true, + ) + } +} + +#[pyo3::pymethods] +impl X25519PublicKey { + fn public_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, false, true) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymodule] +pub(crate) mod x25519 { + #[pymodule_export] + use super::{ + from_private_bytes, from_public_bytes, generate_key, X25519PrivateKey, X25519PublicKey, + }; +} diff --git a/src/rust/src/backend/x448.rs b/src/rust/src/backend/x448.rs new file mode 100644 index 0000000..0e9aa1c --- /dev/null +++ b/src/rust/src/backend/x448.rs @@ -0,0 +1,157 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::utils; +use crate::buf::CffiBuf; +use crate::error::CryptographyResult; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.x448")] +pub(crate) struct X448PrivateKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.x448")] +pub(crate) struct X448PublicKey { + pkey: openssl::pkey::PKey, +} + +#[pyo3::pyfunction] +fn generate_key() -> CryptographyResult { + Ok(X448PrivateKey { + pkey: openssl::pkey::PKey::generate_x448()?, + }) +} + +pub(crate) fn private_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> X448PrivateKey { + X448PrivateKey { + pkey: pkey.to_owned(), + } +} + +pub(crate) fn public_key_from_pkey( + pkey: &openssl::pkey::PKeyRef, +) -> X448PublicKey { + X448PublicKey { + pkey: pkey.to_owned(), + } +} + +#[pyo3::pyfunction] +fn from_private_bytes(data: CffiBuf<'_>) -> pyo3::PyResult { + let pkey = + openssl::pkey::PKey::private_key_from_raw_bytes(data.as_bytes(), openssl::pkey::Id::X448) + .map_err(|e| { + pyo3::exceptions::PyValueError::new_err(format!( + "An X448 private key is 56 bytes long: {e}" + )) + })?; + Ok(X448PrivateKey { pkey }) +} +#[pyo3::pyfunction] +fn from_public_bytes(data: &[u8]) -> pyo3::PyResult { + let pkey = openssl::pkey::PKey::public_key_from_raw_bytes(data, openssl::pkey::Id::X448) + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err("An X448 public key is 32 bytes long") + })?; + Ok(X448PublicKey { pkey }) +} + +#[pyo3::pymethods] +impl X448PrivateKey { + fn exchange<'p>( + &self, + py: pyo3::Python<'p>, + peer_public_key: &X448PublicKey, + ) -> CryptographyResult> { + let mut deriver = openssl::derive::Deriver::new(&self.pkey)?; + deriver.set_peer(&peer_public_key.pkey)?; + + Ok(pyo3::types::PyBytes::new_bound_with( + py, + deriver.len()?, + |b| { + let n = deriver.derive(b).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("Error computing shared key.") + })?; + assert_eq!(n, b.len()); + Ok(()) + }, + )?) + } + + fn public_key(&self) -> CryptographyResult { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(X448PublicKey { + pkey: openssl::pkey::PKey::public_key_from_raw_bytes( + &raw_bytes, + openssl::pkey::Id::X448, + )?, + }) + } + + fn private_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_private_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn private_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_private_bytes( + py, + slf, + &slf.borrow().pkey, + encoding, + format, + encryption_algorithm, + false, + true, + ) + } +} + +#[pyo3::pymethods] +impl X448PublicKey { + fn public_bytes_raw<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let raw_bytes = self.pkey.raw_public_key()?; + Ok(pyo3::types::PyBytes::new_bound(py, &raw_bytes)) + } + + fn public_bytes<'p>( + slf: &pyo3::Bound<'p, Self>, + py: pyo3::Python<'p>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + format: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + utils::pkey_public_bytes(py, slf, &slf.borrow().pkey, encoding, format, false, true) + } + + fn __eq__(&self, other: pyo3::PyRef<'_, Self>) -> bool { + self.pkey.public_eq(&other.pkey) + } + + fn __copy__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { + slf + } +} + +#[pyo3::pymodule] +pub(crate) mod x448 { + #[pymodule_export] + use super::{ + from_private_bytes, from_public_bytes, generate_key, X448PrivateKey, X448PublicKey, + }; +} diff --git a/src/rust/src/buf.rs b/src/rust/src/buf.rs new file mode 100644 index 0000000..303e5ff --- /dev/null +++ b/src/rust/src/buf.rs @@ -0,0 +1,118 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::types; +use pyo3::types::IntoPyDict; +use pyo3::types::PyAnyMethods; +use std::slice; + +pub(crate) struct CffiBuf<'p> { + pyobj: pyo3::Bound<'p, pyo3::PyAny>, + _bufobj: pyo3::Bound<'p, pyo3::PyAny>, + buf: &'p [u8], +} + +fn _extract_buffer_length<'p>( + pyobj: &pyo3::Bound<'p, pyo3::PyAny>, + mutable: bool, +) -> pyo3::PyResult<(pyo3::Bound<'p, pyo3::PyAny>, usize)> { + let py = pyobj.py(); + let bufobj = if mutable { + let kwargs = [(pyo3::intern!(py, "require_writable"), true)].into_py_dict_bound(py); + types::FFI_FROM_BUFFER + .get(py)? + .call((pyobj,), Some(&kwargs))? + } else { + types::FFI_FROM_BUFFER.get(py)?.call1((pyobj,))? + }; + let ptrval = types::FFI_CAST + .get(py)? + .call1((pyo3::intern!(py, "uintptr_t"), bufobj.clone()))? + .call_method0(pyo3::intern!(py, "__int__"))? + .extract::()?; + Ok((bufobj, ptrval)) +} + +impl<'a> CffiBuf<'a> { + pub(crate) fn from_bytes(py: pyo3::Python<'a>, buf: &'a [u8]) -> Self { + CffiBuf { + pyobj: py.None().into_bound(py), + _bufobj: py.None().into_bound(py), + buf, + } + } + + pub(crate) fn as_bytes(&self) -> &[u8] { + self.buf + } + + pub(crate) fn into_pyobj(self) -> pyo3::Bound<'a, pyo3::PyAny> { + self.pyobj + } +} + +impl<'a> pyo3::conversion::FromPyObject<'a> for CffiBuf<'a> { + fn extract_bound(pyobj: &pyo3::Bound<'a, pyo3::PyAny>) -> pyo3::PyResult { + let (bufobj, ptrval) = _extract_buffer_length(pyobj, false)?; + let len = bufobj.len()?; + let buf = if len == 0 { + &[] + } else { + // SAFETY: _extract_buffer_length ensures that we have a valid ptr + // and length (and we ensure we meet slice's requirements for + // 0-length slices above), we're keeping pyobj alive which ensures + // the buffer is valid. But! There is no actually guarantee + // against concurrent mutation. See + // https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/ + // for details. This is the same as our cffi status quo ante, so + // we're doing an unsound thing and living with it. + unsafe { slice::from_raw_parts(ptrval as *const u8, len) } + }; + + Ok(CffiBuf { + pyobj: pyobj.clone(), + _bufobj: bufobj, + buf, + }) + } +} + +pub(crate) struct CffiMutBuf<'p> { + _pyobj: pyo3::Bound<'p, pyo3::PyAny>, + _bufobj: pyo3::Bound<'p, pyo3::PyAny>, + buf: &'p mut [u8], +} + +impl CffiMutBuf<'_> { + pub(crate) fn as_mut_bytes(&mut self) -> &mut [u8] { + self.buf + } +} + +impl<'a> pyo3::conversion::FromPyObject<'a> for CffiMutBuf<'a> { + fn extract_bound(pyobj: &pyo3::Bound<'a, pyo3::PyAny>) -> pyo3::PyResult { + let (bufobj, ptrval) = _extract_buffer_length(pyobj, true)?; + + let len = bufobj.len()?; + let buf = if len == 0 { + &mut [] + } else { + // SAFETY: _extract_buffer_length ensures that we have a valid ptr + // and length (and we ensure we meet slice's requirements for + // 0-length slices above), we're keeping pyobj alive which ensures + // the buffer is valid. But! There is no actually guarantee + // against concurrent mutation. See + // https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/ + // for details. This is the same as our cffi status quo ante, so + // we're doing an unsound thing and living with it. + unsafe { slice::from_raw_parts_mut(ptrval as *mut u8, len) } + }; + + Ok(CffiMutBuf { + _pyobj: pyobj.clone(), + _bufobj: bufobj, + buf, + }) + } +} diff --git a/src/rust/src/error.rs b/src/rust/src/error.rs new file mode 100644 index 0000000..81901e1 --- /dev/null +++ b/src/rust/src/error.rs @@ -0,0 +1,243 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use pyo3::types::PyListMethods; +use pyo3::ToPyObject; + +use crate::exceptions; + +pub enum CryptographyError { + Asn1Parse(asn1::ParseError), + Asn1Write(asn1::WriteError), + KeyParsing(asn1::ParseError), + Py(pyo3::PyErr), + OpenSSL(openssl::error::ErrorStack), +} + +impl From for CryptographyError { + fn from(e: asn1::ParseError) -> CryptographyError { + CryptographyError::Asn1Parse(e) + } +} + +impl From for CryptographyError { + fn from(e: asn1::WriteError) -> CryptographyError { + CryptographyError::Asn1Write(e) + } +} + +impl From for CryptographyError { + fn from(e: pyo3::PyErr) -> CryptographyError { + CryptographyError::Py(e) + } +} + +impl From> for CryptographyError { + fn from(e: pyo3::DowncastError<'_, '_>) -> CryptographyError { + CryptographyError::Py(e.into()) + } +} + +impl From for CryptographyError { + fn from(e: openssl::error::ErrorStack) -> CryptographyError { + CryptographyError::OpenSSL(e) + } +} + +impl From for CryptographyError { + fn from(e: pem::PemError) -> CryptographyError { + CryptographyError::Py(pyo3::exceptions::PyValueError::new_err(format!( + "Unable to load PEM file. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. {e:?}" + ))) + } +} + +impl From for CryptographyError { + fn from(e: cryptography_key_parsing::KeyParsingError) -> CryptographyError { + match e { + cryptography_key_parsing::KeyParsingError::Parse(e) => CryptographyError::KeyParsing(e), + cryptography_key_parsing::KeyParsingError::OpenSSL(e) => CryptographyError::OpenSSL(e), + cryptography_key_parsing::KeyParsingError::InvalidKey => { + CryptographyError::Py(pyo3::exceptions::PyValueError::new_err("Invalid key")) + } + cryptography_key_parsing::KeyParsingError::ExplicitCurveUnsupported => { + CryptographyError::Py(pyo3::exceptions::PyValueError::new_err( + "ECDSA keys with explicit parameters are unsupported at this time", + )) + } + cryptography_key_parsing::KeyParsingError::UnsupportedKeyType(oid) => { + CryptographyError::Py(pyo3::exceptions::PyValueError::new_err(format!( + "Unknown key type: {oid}" + ))) + } + cryptography_key_parsing::KeyParsingError::UnsupportedEllipticCurve(oid) => { + CryptographyError::Py(exceptions::UnsupportedAlgorithm::new_err(( + format!("Curve {oid} is not supported"), + exceptions::Reasons::UNSUPPORTED_ELLIPTIC_CURVE, + ))) + } + } + } +} + +pub(crate) fn list_from_openssl_error( + py: pyo3::Python<'_>, + error_stack: openssl::error::ErrorStack, +) -> pyo3::Bound<'_, pyo3::types::PyList> { + let errors = pyo3::types::PyList::empty_bound(py); + for e in error_stack.errors() { + errors + .append( + pyo3::Bound::new(py, OpenSSLError { e: e.clone() }) + .expect("Failed to create OpenSSLError"), + ) + .expect("Failed to append to list"); + } + errors +} + +impl From for pyo3::PyErr { + fn from(e: CryptographyError) -> pyo3::PyErr { + match e { + CryptographyError::Asn1Parse(asn1_error) => pyo3::exceptions::PyValueError::new_err( + format!("error parsing asn1 value: {asn1_error:?}"), + ), + CryptographyError::Asn1Write(asn1::WriteError::AllocationError) => { + pyo3::exceptions::PyMemoryError::new_err( + "failed to allocate memory while performing ASN.1 serialization", + ) + } + CryptographyError::KeyParsing(asn1_error) => pyo3::exceptions::PyValueError::new_err( + format!("Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters). Details: {asn1_error}"), + ), + CryptographyError::Py(py_error) => py_error, + CryptographyError::OpenSSL(error_stack) => pyo3::Python::with_gil(|py| { + let errors = list_from_openssl_error(py, error_stack); + exceptions::InternalError::new_err(( + format!( + "Unknown OpenSSL error. This error is commonly encountered + when another library is not cleaning up the OpenSSL error + stack. If you are using cryptography with another library + that uses OpenSSL try disabling it before reporting a bug. + Otherwise please file an issue at + https://github.com/pyca/cryptography/issues with + information on how to reproduce this. ({errors:?})" + ), + errors.to_object(py), + )) + }), + } + } +} + +impl CryptographyError { + pub(crate) fn add_location(self, loc: asn1::ParseLocation) -> Self { + match self { + CryptographyError::Py(e) => CryptographyError::Py(e), + CryptographyError::Asn1Parse(e) => CryptographyError::Asn1Parse(e.add_location(loc)), + CryptographyError::KeyParsing(e) => CryptographyError::KeyParsing(e.add_location(loc)), + CryptographyError::Asn1Write(e) => CryptographyError::Asn1Write(e), + CryptographyError::OpenSSL(e) => CryptographyError::OpenSSL(e), + } + } +} + +// The primary purpose of this alias is for brevity to keep function signatures +// to a single-line as a work around for coverage issues. See +// https://github.com/pyca/cryptography/pull/6173 +pub(crate) type CryptographyResult = Result; + +#[pyo3::pyfunction] +pub(crate) fn raise_openssl_error() -> crate::error::CryptographyResult<()> { + Err(openssl::error::ErrorStack::get().into()) +} + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl")] +pub(crate) struct OpenSSLError { + e: openssl::error::Error, +} + +#[pyo3::pymethods] +impl OpenSSLError { + #[getter] + fn lib(&self) -> i32 { + self.e.library_code() + } + + #[getter] + fn reason(&self) -> i32 { + self.e.reason_code() + } + + #[getter] + fn reason_text(&self) -> &[u8] { + self.e.reason().unwrap_or("").as_bytes() + } + + fn __repr__(&self) -> pyo3::PyResult { + Ok(format!( + "", + self.e.code(), + self.e.library_code(), + self.e.reason_code(), + self.e.reason().unwrap_or("") + )) + } +} + +#[pyo3::pyfunction] +pub(crate) fn capture_error_stack( + py: pyo3::Python<'_>, +) -> pyo3::PyResult> { + let errs = pyo3::types::PyList::empty_bound(py); + for e in openssl::error::ErrorStack::get().errors() { + errs.append(pyo3::Bound::new(py, OpenSSLError { e: e.clone() })?)?; + } + Ok(errs) +} + +#[cfg(test)] +mod tests { + use super::CryptographyError; + + #[test] + fn test_cryptographyerror_from() { + pyo3::prepare_freethreaded_python(); + pyo3::Python::with_gil(|py| { + let e: CryptographyError = asn1::WriteError::AllocationError.into(); + assert!(matches!( + e, + CryptographyError::Asn1Write(asn1::WriteError::AllocationError) + )); + let py_e: pyo3::PyErr = e.into(); + assert!(py_e.is_instance_of::(py)); + + let e: CryptographyError = pyo3::DowncastError::new(py.None().bind(py), "abc").into(); + assert!(matches!(e, CryptographyError::Py(_))); + + let e = cryptography_key_parsing::KeyParsingError::OpenSSL( + openssl::error::ErrorStack::get(), + ) + .into(); + assert!(matches!(e, CryptographyError::OpenSSL(_))); + }) + } + + #[test] + fn test_cryptographyerror_add_location() { + let py_err = pyo3::PyErr::new::("Error!"); + CryptographyError::Py(py_err).add_location(asn1::ParseLocation::Field("meh")); + + let asn1_write_err = asn1::WriteError::AllocationError; + CryptographyError::Asn1Write(asn1_write_err) + .add_location(asn1::ParseLocation::Field("meh")); + + let openssl_error = openssl::error::ErrorStack::get(); + CryptographyError::from(openssl_error).add_location(asn1::ParseLocation::Field("meh")); + + let asn1_parse_error = asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue); + CryptographyError::KeyParsing(asn1_parse_error) + .add_location(asn1::ParseLocation::Field("meh")); + } +} diff --git a/src/rust/src/exceptions.rs b/src/rust/src/exceptions.rs new file mode 100644 index 0000000..91824ef --- /dev/null +++ b/src/rust/src/exceptions.rs @@ -0,0 +1,44 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#[pyo3::pyclass( + frozen, + eq, + module = "cryptography.hazmat.bindings._rust.exceptions", + name = "_Reasons" +)] +#[allow(non_camel_case_types)] +#[derive(PartialEq)] +pub(crate) enum Reasons { + BACKEND_MISSING_INTERFACE, + UNSUPPORTED_HASH, + UNSUPPORTED_CIPHER, + UNSUPPORTED_PADDING, + UNSUPPORTED_MGF, + UNSUPPORTED_PUBLIC_KEY_ALGORITHM, + UNSUPPORTED_ELLIPTIC_CURVE, + UNSUPPORTED_SERIALIZATION, + UNSUPPORTED_X509, + UNSUPPORTED_EXCHANGE_ALGORITHM, + UNSUPPORTED_DIFFIE_HELLMAN, + UNSUPPORTED_MAC, +} + +pyo3::import_exception_bound!(cryptography.exceptions, AlreadyUpdated); +pyo3::import_exception_bound!(cryptography.exceptions, AlreadyFinalized); +pyo3::import_exception_bound!(cryptography.exceptions, InternalError); +pyo3::import_exception_bound!(cryptography.exceptions, InvalidSignature); +pyo3::import_exception_bound!(cryptography.exceptions, InvalidTag); +pyo3::import_exception_bound!(cryptography.exceptions, NotYetFinalized); +pyo3::import_exception_bound!(cryptography.exceptions, UnsupportedAlgorithm); +pyo3::import_exception_bound!(cryptography.x509, AttributeNotFound); +pyo3::import_exception_bound!(cryptography.x509, DuplicateExtension); +pyo3::import_exception_bound!(cryptography.x509, UnsupportedGeneralNameType); +pyo3::import_exception_bound!(cryptography.x509, InvalidVersion); + +#[pyo3::pymodule] +pub(crate) mod exceptions { + #[pymodule_export] + use super::Reasons; +} diff --git a/src/rust/src/intern.rs b/src/rust/src/intern.rs deleted file mode 100644 index 94f2118..0000000 --- a/src/rust/src/intern.rs +++ /dev/null @@ -1,44 +0,0 @@ -// This file is dual licensed under the terms of the Apache License, Version -// 2.0, and the BSD License. See the LICENSE file in the root of this repository -// for complete details. - -// This file is a backport of `pyo3::intern!` from pyo3 0.16. - -#[macro_export] -macro_rules! intern { - ($py: expr, $text: expr) => {{ - static INTERNED: $crate::intern::Interned = $crate::intern::Interned::new($text); - INTERNED.get($py) - }}; -} - -#[doc(hidden)] -pub struct Interned( - &'static str, - pyo3::once_cell::GILOnceCell>, -); - -impl Interned { - pub const fn new(value: &'static str) -> Self { - Interned(value, pyo3::once_cell::GILOnceCell::new()) - } - - #[inline] - pub fn get<'py>(&'py self, py: pyo3::Python<'py>) -> &'py pyo3::types::PyString { - self.1 - .get_or_init(py, || pyo3::types::PyString::new(py, self.0).into()) - .as_ref(py) - } -} - -#[cfg(test)] -mod tests { - use super::Interned; - - #[test] - fn test_interned_new() { - for s in ["abc", "123"] { - Interned::new(s); - } - } -} diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs index 067af4c..cd7b99f 100644 --- a/src/rust/src/lib.rs +++ b/src/rust/src/lib.rs @@ -2,117 +2,245 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -#![deny(rust_2018_idioms)] -// Temporarily allow `clippy::borrow_deref_ref` until we can upgrade to the -// latest pyo3: https://github.com/PyO3/pyo3/pull/2503 -// `unknown_lints` is required until GHA upgrades their rustc. -#![allow(unknown_lints, clippy::borrow_deref_ref)] +#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)] +#![allow(unknown_lints, non_local_definitions, clippy::result_large_err)] + +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +use crate::error::CryptographyResult; +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +use openssl::provider; +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +use std::env; mod asn1; -mod intern; +mod backend; +mod buf; +mod error; +mod exceptions; pub(crate) mod oid; -mod pool; +mod padding; +mod pkcs12; +mod pkcs7; +mod test_support; +pub(crate) mod types; mod x509; -use std::convert::TryInto; +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +#[pyo3::pyclass(module = "cryptography.hazmat.bindings._rust")] +struct LoadedProviders { + legacy: Option, + _default: provider::Provider, -/// Returns the value of the input with the most-significant-bit copied to all -/// of the bits. -fn duplicate_msb_to_all(a: u8) -> u8 { - 0u8.wrapping_sub(a >> 7) + fips: Option, } -/// This returns 0xFF if a < b else 0x00, but does so in a constant time -/// fashion. -fn constant_time_lt(a: u8, b: u8) -> u8 { - // Derived from: - // https://github.com/openssl/openssl/blob/OpenSSL_1_1_1i/include/internal/constant_time.h#L120 - duplicate_msb_to_all(a ^ ((a ^ b) | (a.wrapping_sub(b) ^ b))) +#[pyo3::pyfunction] +fn openssl_version() -> i64 { + openssl::version::number() } -#[pyo3::prelude::pyfunction] -fn check_pkcs7_padding(data: &[u8]) -> bool { - let mut mismatch = 0; - let pad_size = *data.last().unwrap(); - let len: u8 = data.len().try_into().expect("data too long"); - for (i, b) in (0..len).zip(data.iter().rev()) { - let mask = constant_time_lt(i, pad_size); - mismatch |= mask & (pad_size ^ b); - } - - // Check to make sure the pad_size was within the valid range. - mismatch |= !constant_time_lt(0, pad_size); - mismatch |= constant_time_lt(len, pad_size); +#[pyo3::pyfunction] +fn openssl_version_text() -> &'static str { + openssl::version::version() +} - // Make sure any bits set are copied to the lowest bit - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; +#[pyo3::pyfunction] +fn is_fips_enabled() -> bool { + cryptography_openssl::fips::is_enabled() +} - // Now check the low bit to see if it's set - (mismatch & 1) == 0 +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +fn _initialize_providers() -> CryptographyResult { + // As of OpenSSL 3.0.0 we must register a legacy cipher provider + // to get RC2 (needed for junk asymmetric private key + // serialization), RC4, Blowfish, IDEA, SEED, etc. These things + // are ugly legacy, but we aren't going to get rid of them + // any time soon. + let load_legacy = env::var("CRYPTOGRAPHY_OPENSSL_NO_LEGACY") + .map(|v| v.is_empty() || v == "0") + .unwrap_or(true); + let legacy = if load_legacy { + let legacy_result = provider::Provider::load(None, "legacy"); + _legacy_provider_error(legacy_result.is_ok())?; + Some(legacy_result?) + } else { + None + }; + let _default = provider::Provider::load(None, "default")?; + Ok(LoadedProviders { + legacy, + _default, + fips: None, + }) } -#[pyo3::prelude::pyfunction] -fn check_ansix923_padding(data: &[u8]) -> bool { - let mut mismatch = 0; - let pad_size = *data.last().unwrap(); - let len: u8 = data.len().try_into().expect("data too long"); - // Skip the first one with the pad size - for (i, b) in (1..len).zip(data[..data.len() - 1].iter().rev()) { - let mask = constant_time_lt(i, pad_size); - mismatch |= mask & b; +fn _legacy_provider_error(success: bool) -> pyo3::PyResult<()> { + if !success { + return Err(pyo3::exceptions::PyRuntimeError::new_err( + "OpenSSL 3.0's legacy provider failed to load. This is a fatal error by default, but cryptography supports running without legacy algorithms by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have likely made a mistake with your OpenSSL configuration." + )); } + Ok(()) +} - // Check to make sure the pad_size was within the valid range. - mismatch |= !constant_time_lt(0, pad_size); - mismatch |= constant_time_lt(len, pad_size); - - // Make sure any bits set are copied to the lowest bit - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - - // Now check the low bit to see if it's set - (mismatch & 1) == 0 +#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] +#[pyo3::pyfunction] +fn enable_fips(providers: &mut LoadedProviders) -> CryptographyResult<()> { + providers.fips = Some(provider::Provider::load(None, "fips")?); + cryptography_openssl::fips::enable()?; + Ok(()) } -#[pyo3::prelude::pymodule] -fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> { - m.add_function(pyo3::wrap_pyfunction!(check_pkcs7_padding, m)?)?; - m.add_function(pyo3::wrap_pyfunction!(check_ansix923_padding, m)?)?; - m.add_class::()?; - m.add_class::()?; +#[pyo3::pymodule] +mod _rust { + use pyo3::types::PyModuleMethods; + + #[pymodule_export] + use crate::asn1::asn1_mod; + #[pymodule_export] + use crate::exceptions::exceptions; + #[pymodule_export] + use crate::oid::ObjectIdentifier; + #[pymodule_export] + use crate::padding::{check_ansix923_padding, check_pkcs7_padding, PKCS7PaddingContext}; + #[pymodule_export] + use crate::pkcs12::pkcs12; + #[pymodule_export] + use crate::pkcs7::pkcs7_mod; + #[pymodule_export] + use crate::test_support::test_support; + + #[pyo3::pymodule] + mod x509 { + #[pymodule_export] + use crate::x509::certificate::{ + create_x509_certificate, load_der_x509_certificate, load_pem_x509_certificate, + load_pem_x509_certificates, Certificate, + }; + #[pymodule_export] + use crate::x509::common::{encode_extension_value, encode_name_bytes}; + #[pymodule_export] + use crate::x509::crl::{ + create_x509_crl, load_der_x509_crl, load_pem_x509_crl, CertificateRevocationList, + RevokedCertificate, + }; + #[pymodule_export] + use crate::x509::csr::{ + create_x509_csr, load_der_x509_csr, load_pem_x509_csr, CertificateSigningRequest, + }; + #[pymodule_export] + use crate::x509::sct::Sct; + #[pymodule_export] + use crate::x509::verify::{ + PolicyBuilder, PyClientVerifier, PyServerVerifier, PyStore, PyVerifiedClient, + VerificationError, + }; + } - m.add_submodule(asn1::create_submodule(py)?)?; + #[pyo3::pymodule] + mod ocsp { + #[pymodule_export] + use crate::x509::ocsp_req::{create_ocsp_request, load_der_ocsp_request, OCSPRequest}; + #[pymodule_export] + use crate::x509::ocsp_resp::{ + create_ocsp_response, load_der_ocsp_response, OCSPResponse, OCSPSingleResponse, + }; + } - let x509_mod = pyo3::prelude::PyModule::new(py, "x509")?; - crate::x509::certificate::add_to_module(x509_mod)?; - crate::x509::common::add_to_module(x509_mod)?; - crate::x509::crl::add_to_module(x509_mod)?; - crate::x509::csr::add_to_module(x509_mod)?; - crate::x509::sct::add_to_module(x509_mod)?; - m.add_submodule(x509_mod)?; + #[pyo3::pymodule] + mod openssl { + use pyo3::prelude::PyModuleMethods; + + #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] + #[pymodule_export] + use super::super::enable_fips; + #[pymodule_export] + use super::super::{is_fips_enabled, openssl_version, openssl_version_text}; + #[pymodule_export] + use crate::backend::aead::aead; + #[pymodule_export] + use crate::backend::ciphers::ciphers; + #[pymodule_export] + use crate::backend::cmac::cmac; + #[pymodule_export] + use crate::backend::dh::dh; + #[pymodule_export] + use crate::backend::dsa::dsa; + #[pymodule_export] + use crate::backend::ec::ec; + #[pymodule_export] + use crate::backend::ed25519::ed25519; + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + #[pymodule_export] + use crate::backend::ed448::ed448; + #[pymodule_export] + use crate::backend::hashes::hashes; + #[pymodule_export] + use crate::backend::hmac::hmac; + #[pymodule_export] + use crate::backend::kdf::kdf; + #[pymodule_export] + use crate::backend::keys::keys; + #[pymodule_export] + use crate::backend::poly1305::poly1305; + #[pymodule_export] + use crate::backend::rsa::rsa; + #[pymodule_export] + use crate::backend::x25519::x25519; + #[cfg(all(not(CRYPTOGRAPHY_IS_LIBRESSL), not(CRYPTOGRAPHY_IS_BORINGSSL)))] + #[pymodule_export] + use crate::backend::x448::x448; + #[pymodule_export] + use crate::error::{capture_error_stack, raise_openssl_error, OpenSSLError}; + + #[pymodule_init] + fn init(openssl_mod: &pyo3::Bound<'_, pyo3::types::PyModule>) -> pyo3::PyResult<()> { + openssl_mod.add( + "CRYPTOGRAPHY_OPENSSL_300_OR_GREATER", + cfg!(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER), + )?; + openssl_mod.add( + "CRYPTOGRAPHY_OPENSSL_320_OR_GREATER", + cfg!(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER), + )?; + + openssl_mod.add("CRYPTOGRAPHY_IS_LIBRESSL", cfg!(CRYPTOGRAPHY_IS_LIBRESSL))?; + openssl_mod.add("CRYPTOGRAPHY_IS_BORINGSSL", cfg!(CRYPTOGRAPHY_IS_BORINGSSL))?; + + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] { + let providers = super::super::_initialize_providers()?; + if providers.legacy.is_some() { + openssl_mod.add("_legacy_provider_loaded", true)?; + } else { + openssl_mod.add("_legacy_provider_loaded", false)?; + } + openssl_mod.add("_providers", providers)?; + } else { + // default value for non-openssl 3+ + openssl_mod.add("_legacy_provider_loaded", false)?; + } + } + + Ok(()) + } + } - let ocsp_mod = pyo3::prelude::PyModule::new(py, "ocsp")?; - crate::x509::ocsp_req::add_to_module(ocsp_mod)?; - crate::x509::ocsp_resp::add_to_module(ocsp_mod)?; - m.add_submodule(ocsp_mod)?; + #[pymodule_init] + fn init(m: &pyo3::Bound<'_, pyo3::types::PyModule>) -> pyo3::PyResult<()> { + m.add_submodule(&cryptography_cffi::create_module(m.py())?)?; - Ok(()) + Ok(()) + } } #[cfg(test)] mod tests { - use super::constant_time_lt; + use super::_legacy_provider_error; #[test] - fn test_constant_time_lt() { - for a in 0..=255 { - for b in 0..=255 { - let expected = if a < b { 0xff } else { 0 }; - assert_eq!(constant_time_lt(a, b), expected); - } - } + fn test_legacy_provider_error() { + assert!(_legacy_provider_error(true).is_ok()); + assert!(_legacy_provider_error(false).is_err()); } } diff --git a/src/rust/src/oid.rs b/src/rust/src/oid.rs index bc65daf..fb64837 100644 --- a/src/rust/src/oid.rs +++ b/src/rust/src/oid.rs @@ -2,11 +2,13 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::PyAsn1Result; +use crate::error::CryptographyResult; +use crate::types; +use pyo3::types::PyAnyMethods; use std::collections::hash_map::DefaultHasher; use std::hash::{Hash, Hasher}; -#[pyo3::prelude::pyclass] +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust")] pub(crate) struct ObjectIdentifier { pub(crate) oid: asn1::ObjectIdentifier, } @@ -14,60 +16,42 @@ pub(crate) struct ObjectIdentifier { #[pyo3::pymethods] impl ObjectIdentifier { #[new] - fn new(value: &str) -> PyAsn1Result { + fn new(value: &str) -> CryptographyResult { let oid = asn1::ObjectIdentifier::from_string(value) .ok_or_else(|| asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue))?; Ok(ObjectIdentifier { oid }) } #[getter] - fn dotted_string<'p>(&self, py: pyo3::Python<'p>) -> &'p pyo3::types::PyString { - pyo3::types::PyString::new(py, &self.oid.to_string()) + fn dotted_string(&self) -> String { + self.oid.to_string() } #[getter] fn _name<'p>( slf: pyo3::PyRef<'_, Self>, py: pyo3::Python<'p>, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let oid_names = py - .import("cryptography.hazmat._oid")? - .getattr(crate::intern!(py, "_OID_NAMES"))?; - oid_names.call_method1("get", (slf, "Unknown OID")) + ) -> pyo3::PyResult> { + types::OID_NAMES + .get(py)? + .call_method1(pyo3::intern!(py, "get"), (slf, "Unknown OID")) } -} -#[pyo3::prelude::pyproto] -impl pyo3::PyObjectProtocol for ObjectIdentifier { - fn __repr__(&self) -> pyo3::PyResult { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); + fn __deepcopy__(slf: pyo3::PyRef<'_, Self>, _memo: pyo3::PyObject) -> pyo3::PyRef<'_, Self> { + slf + } - let self_clone = pyo3::PyCell::new( - py, - ObjectIdentifier { - oid: self.oid.clone(), - }, - )?; - let name = ObjectIdentifier::_name(self_clone.borrow(), py)?.extract::<&str>()?; + fn __repr__(slf: &pyo3::Bound<'_, Self>, py: pyo3::Python<'_>) -> pyo3::PyResult { + let name = Self::_name(slf.borrow(), py)?; Ok(format!( "", - self.oid, name + slf.get().oid, + name.extract::()? )) } - fn __richcmp__( - &self, - other: pyo3::PyRef, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { - pyo3::basic::CompareOp::Eq => Ok(self.oid == other.oid), - pyo3::basic::CompareOp::Ne => Ok(self.oid != other.oid), - _ => Err(pyo3::exceptions::PyTypeError::new_err( - "ObjectIdentifiers cannot be ordered", - )), - } + fn __eq__(&self, other: pyo3::PyRef<'_, ObjectIdentifier>) -> bool { + self.oid == other.oid } fn __hash__(&self) -> u64 { diff --git a/src/rust/src/padding.rs b/src/rust/src/padding.rs new file mode 100644 index 0000000..92da0a6 --- /dev/null +++ b/src/rust/src/padding.rs @@ -0,0 +1,131 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::exceptions; + +/// Returns the value of the input with the most-significant-bit copied to all +/// of the bits. +fn duplicate_msb_to_all(a: u8) -> u8 { + 0u8.wrapping_sub(a >> 7) +} + +/// This returns 0xFF if a < b else 0x00, but does so in a constant time +/// fashion. +fn constant_time_lt(a: u8, b: u8) -> u8 { + // Derived from: + // https://github.com/openssl/openssl/blob/OpenSSL_1_1_1i/include/internal/constant_time.h#L120 + duplicate_msb_to_all(a ^ ((a ^ b) | (a.wrapping_sub(b) ^ b))) +} + +#[pyo3::pyfunction] +pub(crate) fn check_pkcs7_padding(data: &[u8]) -> bool { + let mut mismatch = 0; + let pad_size = *data.last().unwrap(); + let len: u8 = data.len().try_into().expect("data too long"); + for (i, b) in (0..len).zip(data.iter().rev()) { + let mask = constant_time_lt(i, pad_size); + mismatch |= mask & (pad_size ^ b); + } + + // Check to make sure the pad_size was within the valid range. + mismatch |= !constant_time_lt(0, pad_size); + mismatch |= constant_time_lt(len, pad_size); + + // Make sure any bits set are copied to the lowest bit + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + + // Now check the low bit to see if it's set + (mismatch & 1) == 0 +} + +#[pyo3::pyfunction] +pub(crate) fn check_ansix923_padding(data: &[u8]) -> bool { + let mut mismatch = 0; + let pad_size = *data.last().unwrap(); + let len: u8 = data.len().try_into().expect("data too long"); + // Skip the first one with the pad size + for (i, b) in (1..len).zip(data[..data.len() - 1].iter().rev()) { + let mask = constant_time_lt(i, pad_size); + mismatch |= mask & b; + } + + // Check to make sure the pad_size was within the valid range. + mismatch |= !constant_time_lt(0, pad_size); + mismatch |= constant_time_lt(len, pad_size); + + // Make sure any bits set are copied to the lowest bit + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + + // Now check the low bit to see if it's set + (mismatch & 1) == 0 +} + +#[pyo3::pyclass] +pub(crate) struct PKCS7PaddingContext { + block_size: usize, + length_seen: Option, +} + +#[pyo3::pymethods] +impl PKCS7PaddingContext { + #[new] + pub(crate) fn new(block_size: usize) -> PKCS7PaddingContext { + PKCS7PaddingContext { + block_size: block_size / 8, + length_seen: Some(0), + } + } + + pub(crate) fn update<'a>( + &mut self, + buf: CffiBuf<'a>, + ) -> CryptographyResult> { + match self.length_seen.as_mut() { + Some(v) => { + *v += buf.as_bytes().len(); + Ok(buf.into_pyobj()) + } + None => Err(CryptographyError::from( + exceptions::AlreadyFinalized::new_err("Context was already finalized."), + )), + } + } + + pub(crate) fn finalize<'p>( + &mut self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + match self.length_seen.take() { + Some(v) => { + let pad_size = self.block_size - (v % self.block_size); + let pad = vec![pad_size as u8; pad_size]; + Ok(pyo3::types::PyBytes::new_bound(py, &pad)) + } + None => Err(CryptographyError::from( + exceptions::AlreadyFinalized::new_err("Context was already finalized."), + )), + } + } +} + +#[cfg(test)] +mod tests { + use super::constant_time_lt; + + #[test] + fn test_constant_time_lt() { + for a in 0..=255 { + for b in 0..=255 { + let expected = if a < b { 0xff } else { 0 }; + assert_eq!(constant_time_lt(a, b), expected); + } + } + } +} diff --git a/src/rust/src/pkcs12.rs b/src/rust/src/pkcs12.rs new file mode 100644 index 0000000..45f8855 --- /dev/null +++ b/src/rust/src/pkcs12.rs @@ -0,0 +1,888 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::backend::{ciphers, hashes, hmac, kdf, keys}; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::padding::PKCS7PaddingContext; +use crate::x509::certificate::Certificate; +use crate::{types, x509}; +use cryptography_x509::common::Utf8StoredBMPString; +use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods}; +use pyo3::IntoPy; +use std::collections::hash_map::DefaultHasher; +use std::hash::{Hash, Hasher}; + +#[pyo3::pyclass(frozen)] +struct PKCS12Certificate { + #[pyo3(get)] + certificate: pyo3::Py, + #[pyo3(get)] + friendly_name: Option>, +} + +#[pyo3::pymethods] +impl PKCS12Certificate { + #[new] + #[pyo3(signature = (cert, friendly_name=None))] + fn new( + cert: pyo3::Py, + friendly_name: Option>, + ) -> PKCS12Certificate { + PKCS12Certificate { + certificate: cert, + friendly_name, + } + } + + fn __eq__( + &self, + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, Self>, + ) -> CryptographyResult { + let friendly_name_eq = match (&self.friendly_name, &other.friendly_name) { + (Some(a), Some(b)) => a.bind(py).as_bytes() == b.bind(py).as_bytes(), + (None, None) => true, + _ => false, + }; + Ok(friendly_name_eq && self.certificate.bind(py).eq(other.certificate.bind(py))?) + } + + fn __hash__(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let mut hasher = DefaultHasher::new(); + self.certificate.bind(py).hash()?.hash(&mut hasher); + match &self.friendly_name { + Some(v) => v.bind(py).hash()?.hash(&mut hasher), + None => None::.hash(&mut hasher), + }; + Ok(hasher.finish()) + } + + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let py_friendly_name_repr; + let friendly_name_repr = match &self.friendly_name { + Some(v) => { + py_friendly_name_repr = v + .bind(py) + .repr()? + .extract::()?; + &*py_friendly_name_repr + } + None => "None", + }; + Ok(format!( + "", + self.certificate.bind(py).str()?, + friendly_name_repr + )) + } +} + +pub(crate) fn symmetric_encrypt( + py: pyo3::Python<'_>, + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + mode: pyo3::Bound<'_, pyo3::PyAny>, + data: &[u8], +) -> CryptographyResult> { + let block_size = algorithm + .getattr(pyo3::intern!(py, "block_size"))? + .extract()?; + + let mut cipher = + ciphers::CipherContext::new(py, algorithm, mode, openssl::symm::Mode::Encrypt)?; + + let mut ciphertext = vec![0; data.len() + (block_size / 8 * 2)]; + let n = cipher.update_into(py, data, &mut ciphertext)?; + + let mut padder = PKCS7PaddingContext::new(block_size); + assert!(padder.update(CffiBuf::from_bytes(py, data))?.is_none()); + let padding = padder.finalize(py)?; + + let pad_n = cipher.update_into(py, padding.as_bytes(), &mut ciphertext[n..])?; + let final_block = cipher.finalize(py)?; + assert!(final_block.as_bytes().is_empty()); + ciphertext.truncate(n + pad_n); + + Ok(ciphertext) +} + +enum EncryptionAlgorithm { + PBESv1SHA1And3KeyTripleDESCBC, + PBESv2SHA256AndAES256CBC, +} + +impl EncryptionAlgorithm { + fn salt_length(&self) -> usize { + match self { + EncryptionAlgorithm::PBESv1SHA1And3KeyTripleDESCBC => 8, + EncryptionAlgorithm::PBESv2SHA256AndAES256CBC => 16, + } + } + + fn algorithm_identifier<'a>( + &self, + cipher_kdf_iter: u64, + salt: &'a [u8], + iv: &'a [u8], + ) -> cryptography_x509::common::AlgorithmIdentifier<'a> { + match self { + EncryptionAlgorithm::PBESv1SHA1And3KeyTripleDESCBC => { + cryptography_x509::common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: cryptography_x509::common::AlgorithmParameters::Pbes1WithShaAnd3KeyTripleDesCbc(cryptography_x509::common::PBES1Params{ + salt: salt[..8].try_into().unwrap(), + iterations: cipher_kdf_iter, + }), + } + } + EncryptionAlgorithm::PBESv2SHA256AndAES256CBC => { + let kdf_algorithm_identifier = cryptography_x509::common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: cryptography_x509::common::AlgorithmParameters::Pbkdf2( + cryptography_x509::common::PBKDF2Params { + salt, + iteration_count: cipher_kdf_iter, + key_length: None, + prf: Box::new(cryptography_x509::common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: + cryptography_x509::common::AlgorithmParameters::HmacWithSha256( + (), + ), + }), + }, + ), + }; + let encryption_algorithm_identifier = + cryptography_x509::common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: cryptography_x509::common::AlgorithmParameters::Aes256Cbc( + iv[..16].try_into().unwrap(), + ), + }; + + cryptography_x509::common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: cryptography_x509::common::AlgorithmParameters::Pbes2( + cryptography_x509::common::PBES2Params { + key_derivation_func: Box::new(kdf_algorithm_identifier), + encryption_scheme: Box::new(encryption_algorithm_identifier), + }, + ), + } + } + } + } + + fn encrypt( + &self, + py: pyo3::Python<'_>, + password: &[u8], + cipher_kdf_iter: u64, + salt: &[u8], + iv: &[u8], + data: &[u8], + ) -> CryptographyResult> { + match self { + EncryptionAlgorithm::PBESv1SHA1And3KeyTripleDESCBC => { + let key = pkcs12_kdf( + password, + salt, + KDF_ENCRYPTION_KEY_ID, + cipher_kdf_iter, + 24, + openssl::hash::MessageDigest::sha1(), + )?; + let iv = pkcs12_kdf( + password, + salt, + KDF_IV_ID, + cipher_kdf_iter, + 8, + openssl::hash::MessageDigest::sha1(), + )?; + + let triple_des = types::TRIPLE_DES + .get(py)? + .call1((pyo3::types::PyBytes::new_bound(py, &key),))?; + let cbc = types::CBC + .get(py)? + .call1((pyo3::types::PyBytes::new_bound(py, &iv),))?; + + symmetric_encrypt(py, triple_des, cbc, data) + } + EncryptionAlgorithm::PBESv2SHA256AndAES256CBC => { + let pass_buf = CffiBuf::from_bytes(py, password); + let sha256 = types::SHA256.get(py)?.call0()?; + + let key = kdf::derive_pbkdf2_hmac( + py, + pass_buf, + &sha256, + salt, + cipher_kdf_iter.try_into().unwrap(), + 32, + )?; + + let aes256 = types::AES256.get(py)?.call1((key,))?; + let cbc = types::CBC.get(py)?.call1((iv,))?; + + symmetric_encrypt(py, aes256, cbc, data) + } + } + } +} + +const KDF_ENCRYPTION_KEY_ID: u8 = 1; +const KDF_IV_ID: u8 = 2; +const KDF_MAC_KEY_ID: u8 = 3; + +fn pkcs12_kdf( + pass: &[u8], + salt: &[u8], + id: u8, + rounds: u64, + key_len: usize, + hash_alg: openssl::hash::MessageDigest, +) -> CryptographyResult> { + // Encode the password as big-endian UTF-16 with NUL trailer + let pass = std::str::from_utf8(pass) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("key must be valid UTF-8"))? + .encode_utf16() + .chain([0]) + .flat_map(|v| v.to_be_bytes()) + .collect::>(); + + // Comments are borrowed from BoringSSL. + // In the spec, |block_size| is called "v", but measured in bits. + let block_size = hash_alg.block_size(); + + // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies + // of ID. + let d = vec![id; block_size]; + + // 2. Concatenate copies of the salt together to create a string S of length + // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to + // create S). Note that if the salt is the empty string, then so is S. + // + // 3. Concatenate copies of the password together to create a string P of + // length v(ceiling(p/v)) bits (the final copy of the password may be + // truncated to create P). Note that if the password is the empty string, + // then so is P. + // + // 4. Set I=S||P to be the concatenation of S and P. + let s_len = block_size * ((salt.len() + block_size - 1) / block_size); + let p_len = block_size * ((pass.len() + block_size - 1) / block_size); + + let mut init_key = vec![0; s_len + p_len]; + for i in 0..s_len { + init_key[i] = salt[i % salt.len()]; + } + for i in 0..p_len { + init_key[i + s_len] = pass[i % pass.len()]; + } + + let mut result = vec![0; key_len]; + let mut pos = 0; + loop { + // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I, + // H(H(H(... H(D||I)))) + + let mut h = openssl::hash::Hasher::new(hash_alg)?; + h.update(&d)?; + h.update(&init_key)?; + let mut a = h.finish()?; + + for _ in 1..rounds { + let mut h = openssl::hash::Hasher::new(hash_alg)?; + h.update(&a)?; + a = h.finish()?; + } + + let to_add = a.len().min(result.len() - pos); + result[pos..pos + to_add].copy_from_slice(&a[..to_add]); + pos += to_add; + if pos == result.len() { + break; + } + + // B. Concatenate copies of A_i to create a string B of length v bits (the + // final copy of A_i may be truncated to create B). + let mut b = vec![0; block_size]; + for i in 0..block_size { + b[i] = a[i % a.len()]; + } + + // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit blocks, + // where k=ceiling(s/v)+ceiling(p/v), modify I by setting I_j=(I_j+B+1) mod + // 2^v for each j. + assert!(init_key.len() % block_size == 0); + let mut j = 0; + while j < init_key.len() { + let mut carry = 1u16; + let mut k = block_size - 1; + loop { + carry += init_key[k + j] as u16 + b[k] as u16; + init_key[j + k] = carry as u8; + carry >>= 8; + if k == 0 { + break; + } + k -= 1; + } + j += block_size; + } + } + + Ok(result) +} + +fn friendly_name_attributes( + friendly_name: Option<&[u8]>, +) -> CryptographyResult< + Option< + asn1::SetOfWriter< + '_, + cryptography_x509::pkcs12::Attribute<'_>, + Vec>, + >, + >, +> { + if let Some(name) = friendly_name { + let name_str = std::str::from_utf8(name).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("friendly_name must be valid UTF-8") + })?; + + Ok(Some(asn1::SetOfWriter::new(vec![ + cryptography_x509::pkcs12::Attribute { + _attr_id: asn1::DefinedByMarker::marker(), + attr_values: cryptography_x509::pkcs12::AttributeSet::FriendlyName( + asn1::SetOfWriter::new([Utf8StoredBMPString::new(name_str)]), + ), + }, + ]))) + } else { + Ok(None) + } +} + +fn cert_to_bag<'a>( + cert: &'a Certificate, + friendly_name: Option<&'a [u8]>, +) -> CryptographyResult> { + Ok(cryptography_x509::pkcs12::SafeBag { + _bag_id: asn1::DefinedByMarker::marker(), + bag_value: asn1::Explicit::new(cryptography_x509::pkcs12::BagValue::CertBag( + cryptography_x509::pkcs12::CertBag { + _cert_id: asn1::DefinedByMarker::marker(), + cert_value: asn1::Explicit::new(cryptography_x509::pkcs12::CertType::X509( + asn1::OctetStringEncoded::new(cert.raw.borrow_dependent().clone()), + )), + }, + )), + attributes: friendly_name_attributes(friendly_name)?, + }) +} + +#[allow(clippy::type_complexity)] +fn decode_encryption_algorithm<'a>( + py: pyo3::Python<'a>, + encryption_algorithm: pyo3::Bound<'a, pyo3::PyAny>, +) -> CryptographyResult<( + pyo3::pybacked::PyBackedBytes, + pyo3::Bound<'a, pyo3::PyAny>, + u64, + u64, + Option, +)> { + let default_hmac_alg = types::SHA256.get(py)?.call0()?; + let default_hmac_kdf_iter = 2048; + let default_cipher_kdf_iter = 20000; + + if encryption_algorithm.is_instance(&types::NO_ENCRYPTION.get(py)?)? { + Ok(( + pyo3::types::PyBytes::new_bound(py, b"").extract()?, + default_hmac_alg, + default_hmac_kdf_iter, + default_cipher_kdf_iter, + None, + )) + } else if encryption_algorithm.is_instance(&types::ENCRYPTION_BUILDER.get(py)?)? + && encryption_algorithm + .getattr(pyo3::intern!(py, "_format"))? + .is(&types::PRIVATE_FORMAT_PKCS12.get(py)?) + { + let key_cert_alg = + encryption_algorithm.getattr(pyo3::intern!(py, "_key_cert_algorithm"))?; + let cipher = if key_cert_alg.is(&types::PBES_PBESV1SHA1AND3KEYTRIPLEDESCBC.get(py)?) { + EncryptionAlgorithm::PBESv1SHA1And3KeyTripleDESCBC + } else if key_cert_alg.is(&types::PBES_PBESV2SHA256ANDAES256CBC.get(py)?) { + EncryptionAlgorithm::PBESv2SHA256AndAES256CBC + } else { + assert!(key_cert_alg.is_none()); + EncryptionAlgorithm::PBESv2SHA256AndAES256CBC + }; + + let hmac_alg = if let Some(v) = encryption_algorithm + .getattr(pyo3::intern!(py, "_hmac_hash"))? + .extract()? + { + v + } else { + default_hmac_alg + }; + + let cipher_kdf_iter = if let Some(v) = encryption_algorithm + .getattr(pyo3::intern!(py, "_kdf_rounds"))? + .extract()? + { + v + } else { + default_cipher_kdf_iter + }; + + Ok(( + encryption_algorithm + .getattr(pyo3::intern!(py, "password"))? + .extract()?, + hmac_alg, + default_hmac_kdf_iter, + cipher_kdf_iter, + Some(cipher), + )) + } else if encryption_algorithm.is_instance(&types::BEST_AVAILABLE_ENCRYPTION.get(py)?)? { + Ok(( + encryption_algorithm + .getattr(pyo3::intern!(py, "password"))? + .extract()?, + default_hmac_alg, + default_hmac_kdf_iter, + default_cipher_kdf_iter, + Some(EncryptionAlgorithm::PBESv2SHA256AndAES256CBC), + )) + } else { + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Unsupported key encryption type"), + )) + } +} + +#[derive(pyo3::FromPyObject)] +enum CertificateOrPKCS12Certificate { + Certificate(pyo3::Py), + PKCS12Certificate(pyo3::Py), +} + +#[pyo3::pyfunction] +#[pyo3(signature = (name, key, cert, cas, encryption_algorithm))] +fn serialize_key_and_certificates<'p>( + py: pyo3::Python<'p>, + name: Option<&[u8]>, + key: Option>, + cert: Option<&Certificate>, + cas: Option>, + encryption_algorithm: pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let (password, mac_algorithm, mac_kdf_iter, cipher_kdf_iter, encryption_algorithm) = + decode_encryption_algorithm(py, encryption_algorithm)?; + + let mut auth_safe_contents = vec![]; + let ( + cert_bag_contents, + cert_salt, + cert_iv, + cert_ciphertext, + key_bag_contents, + key_salt, + key_iv, + key_ciphertext, + ); + let mut ca_certs = vec![]; + if cert.is_some() || cas.is_some() { + let mut cert_bags = vec![]; + + if let Some(cert) = cert { + if let Some(ref key) = key { + if !cert + .public_key(py)? + .into_bound(py) + .eq(key.call_method0(pyo3::intern!(py, "public_key"))?)? + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Certificate public key and provided private key do not match", + ), + )); + } + } + + cert_bags.push(cert_to_bag(cert, name)?); + } + + if let Some(cas) = cas { + for cert in cas.iter()? { + ca_certs.push(cert?.extract::()?); + } + + for cert in &ca_certs { + let bag = match cert { + CertificateOrPKCS12Certificate::Certificate(c) => cert_to_bag(c.get(), None)?, + CertificateOrPKCS12Certificate::PKCS12Certificate(c) => cert_to_bag( + c.get().certificate.get(), + c.get().friendly_name.as_ref().map(|v| v.as_bytes(py)), + )?, + }; + cert_bags.push(bag); + } + } + + cert_bag_contents = asn1::write_single(&asn1::SequenceOfWriter::new(cert_bags))?; + if let Some(e) = &encryption_algorithm { + cert_salt = types::OS_URANDOM + .get(py)? + .call1((e.salt_length(),))? + .extract::()?; + cert_iv = types::OS_URANDOM + .get(py)? + .call1((16,))? + .extract::()?; + cert_ciphertext = e.encrypt( + py, + &password, + cipher_kdf_iter, + &cert_salt, + &cert_iv, + &cert_bag_contents, + )?; + + auth_safe_contents.push(cryptography_x509::pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: cryptography_x509::pkcs7::Content::EncryptedData(asn1::Explicit::new( + cryptography_x509::pkcs7::EncryptedData { + version: 0, + encrypted_content_info: cryptography_x509::pkcs7::EncryptedContentInfo { + content_type: cryptography_x509::pkcs7::PKCS7_DATA_OID, + content_encryption_algorithm: e.algorithm_identifier( + cipher_kdf_iter, + &cert_salt, + &cert_iv, + ), + encrypted_content: Some(&cert_ciphertext), + }, + }, + )), + }) + } else { + auth_safe_contents.push(cryptography_x509::pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: cryptography_x509::pkcs7::Content::Data(Some(asn1::Explicit::new( + &cert_bag_contents, + ))), + }); + } + } + + if let Some(key) = key { + let der = types::ENCODING_DER.get(py)?; + let pkcs8 = types::PRIVATE_FORMAT_PKCS8.get(py)?; + let no_encryption = types::NO_ENCRYPTION.get(py)?.call0()?; + + let pkcs8_bytes = key + .call_method1( + pyo3::intern!(py, "private_bytes"), + (der, pkcs8, no_encryption), + )? + .extract::()?; + + let key_bag = if let Some(e) = encryption_algorithm { + key_salt = types::OS_URANDOM + .get(py)? + .call1((e.salt_length(),))? + .extract::()?; + key_iv = types::OS_URANDOM + .get(py)? + .call1((16,))? + .extract::()?; + key_ciphertext = e.encrypt( + py, + &password, + cipher_kdf_iter, + &key_salt, + &key_iv, + &pkcs8_bytes, + )?; + + cryptography_x509::pkcs12::SafeBag { + _bag_id: asn1::DefinedByMarker::marker(), + bag_value: asn1::Explicit::new( + cryptography_x509::pkcs12::BagValue::ShroudedKeyBag( + cryptography_x509::pkcs12::EncryptedPrivateKeyInfo { + encryption_algorithm: e.algorithm_identifier( + cipher_kdf_iter, + &key_salt, + &key_iv, + ), + encrypted_data: &key_ciphertext, + }, + ), + ), + attributes: friendly_name_attributes(name)?, + } + } else { + let pkcs8_tlv = asn1::parse_single(&pkcs8_bytes)?; + + cryptography_x509::pkcs12::SafeBag { + _bag_id: asn1::DefinedByMarker::marker(), + bag_value: asn1::Explicit::new(cryptography_x509::pkcs12::BagValue::KeyBag( + pkcs8_tlv, + )), + attributes: friendly_name_attributes(name)?, + } + }; + + key_bag_contents = asn1::write_single(&asn1::SequenceOfWriter::new([key_bag]))?; + auth_safe_contents.push(cryptography_x509::pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: cryptography_x509::pkcs7::Content::Data(Some(asn1::Explicit::new( + &key_bag_contents, + ))), + }); + } + + let auth_safe_content = asn1::write_single(&asn1::SequenceOfWriter::new(auth_safe_contents))?; + + let salt = types::OS_URANDOM + .get(py)? + .call1((8,))? + .extract::()?; + let mac_algorithm_md = hashes::message_digest_from_algorithm(py, &mac_algorithm)?; + let mac_key = pkcs12_kdf( + &password, + &salt, + KDF_MAC_KEY_ID, + mac_kdf_iter, + mac_algorithm_md.size(), + mac_algorithm_md, + )?; + let mac_digest = { + let mut h = hmac::Hmac::new_bytes(py, &mac_key, &mac_algorithm)?; + h.update_bytes(&auth_safe_content)?; + h.finalize(py)? + }; + let mac_algorithm_identifier = crate::x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS + [&*mac_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::()?] + .clone(); + + let p12 = cryptography_x509::pkcs12::Pfx { + version: 3, + auth_safe: cryptography_x509::pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: cryptography_x509::pkcs7::Content::Data(Some(asn1::Explicit::new( + &auth_safe_content, + ))), + }, + mac_data: Some(cryptography_x509::pkcs12::MacData { + mac: cryptography_x509::pkcs7::DigestInfo { + algorithm: mac_algorithm_identifier, + digest: mac_digest.as_bytes(), + }, + salt: &salt, + iterations: mac_kdf_iter, + }), + }; + Ok(pyo3::types::PyBytes::new_bound( + py, + &asn1::write_single(&p12)?, + )) +} + +fn decode_p12( + data: CffiBuf<'_>, + password: Option>, +) -> CryptographyResult { + let p12 = openssl::pkcs12::Pkcs12::from_der(data.as_bytes()).map_err(|_| { + pyo3::exceptions::PyValueError::new_err("Could not deserialize PKCS12 data") + })?; + + let password = if let Some(p) = password.as_ref() { + std::str::from_utf8(p.as_bytes()) + .map_err(|_| pyo3::exceptions::PyUnicodeDecodeError::new_err(()))? + } else { + // Treat `password=None` the same as empty string. They're actually + // not the same in PKCS#12, but OpenSSL transparently handles them the + // same. + "" + }; + let parsed = p12 + .parse2(password) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid password or PKCS12 data"))?; + + Ok(parsed) +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, password, backend=None))] +fn load_key_and_certificates<'p>( + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + password: Option>, + backend: Option>, +) -> CryptographyResult<( + pyo3::PyObject, + Option, + pyo3::Bound<'p, pyo3::types::PyList>, +)> { + let _ = backend; + + let p12 = decode_p12(data, password)?; + + let private_key = if let Some(pkey) = p12.pkey { + keys::private_key_from_pkey(py, &pkey, false)? + } else { + py.None() + }; + let cert = if let Some(ossl_cert) = p12.cert { + let cert_der = pyo3::types::PyBytes::new_bound(py, &ossl_cert.to_der()?).unbind(); + Some(x509::certificate::load_der_x509_certificate( + py, cert_der, None, + )?) + } else { + None + }; + let additional_certs = pyo3::types::PyList::empty_bound(py); + if let Some(ossl_certs) = p12.ca { + cfg_if::cfg_if! { + if #[cfg(any( + CRYPTOGRAPHY_OPENSSL_300_OR_GREATER, CRYPTOGRAPHY_IS_BORINGSSL + ))] { + let it = ossl_certs.iter(); + } else { + let it = ossl_certs.iter().rev(); + } + }; + + for ossl_cert in it { + let cert_der = pyo3::types::PyBytes::new_bound(py, &ossl_cert.to_der()?).unbind(); + let cert = x509::certificate::load_der_x509_certificate(py, cert_der, None)?; + additional_certs.append(cert.into_py(py))?; + } + } + + Ok((private_key, cert, additional_certs)) +} + +#[pyo3::pyfunction] +#[pyo3(signature = (data, password, backend=None))] +fn load_pkcs12<'p>( + py: pyo3::Python<'p>, + data: CffiBuf<'_>, + password: Option>, + backend: Option>, +) -> CryptographyResult> { + let _ = backend; + + let p12 = decode_p12(data, password)?; + + let private_key = if let Some(pkey) = p12.pkey { + keys::private_key_from_pkey(py, &pkey, false)? + } else { + py.None() + }; + let cert = if let Some(ossl_cert) = p12.cert { + let cert_der = pyo3::types::PyBytes::new_bound(py, &ossl_cert.to_der()?).unbind(); + let cert = x509::certificate::load_der_x509_certificate(py, cert_der, None)?; + let alias = ossl_cert + .alias() + .map(|a| pyo3::types::PyBytes::new_bound(py, a).unbind()); + + PKCS12Certificate::new(pyo3::Py::new(py, cert)?, alias).into_py(py) + } else { + py.None() + }; + let additional_certs = pyo3::types::PyList::empty_bound(py); + if let Some(ossl_certs) = p12.ca { + cfg_if::cfg_if! { + if #[cfg(any( + CRYPTOGRAPHY_OPENSSL_300_OR_GREATER, CRYPTOGRAPHY_IS_BORINGSSL + ))] { + let it = ossl_certs.iter(); + } else { + let it = ossl_certs.iter().rev(); + } + }; + + for ossl_cert in it { + let cert_der = pyo3::types::PyBytes::new_bound(py, &ossl_cert.to_der()?).unbind(); + let cert = x509::certificate::load_der_x509_certificate(py, cert_der, None)?; + let alias = ossl_cert + .alias() + .map(|a| pyo3::types::PyBytes::new_bound(py, a).unbind()); + + let p12_cert = PKCS12Certificate::new(pyo3::Py::new(py, cert)?, alias).into_py(py); + additional_certs.append(p12_cert)?; + } + } + + Ok(types::PKCS12KEYANDCERTIFICATES + .get(py)? + .call1((private_key, cert, additional_certs))?) +} + +#[pyo3::pymodule] +pub(crate) mod pkcs12 { + #[pymodule_export] + use super::{ + load_key_and_certificates, load_pkcs12, serialize_key_and_certificates, PKCS12Certificate, + }; +} + +#[cfg(test)] +mod tests { + use super::{pkcs12_kdf, KDF_ENCRYPTION_KEY_ID, KDF_IV_ID, KDF_MAC_KEY_ID}; + + #[test] + fn test_pkcs12_kdf() { + for (password, salt, id, rounds, key_len, hash, expected_key) in [ + // From https://github.com/RustCrypto/formats/blob/master/pkcs12/tests/kdf.rs + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 100, 32, openssl::hash::MessageDigest::sha256(), b"\xfa\xe4\xd4\x95z<\xc7\x81\xe1\x18\x0b\x9dO\xb7\x9c\x1e\x0c\x85y\xb7F\xa3\x17~[\x07h\xa3\x11\x8b\xf8c" as &[u8]), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_IV_ID, 100, 32, openssl::hash::MessageDigest::sha256(), b"\xe5\xff\x81;\xc6T}\xe5\x15[\x14\xd2\xfa\xda\x85\xb3 \x1a\x97sI\xdbn&\xcc\xc9\x98\xd9\xe8\xf8=l"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_MAC_KEY_ID, 100, 32, openssl::hash::MessageDigest::sha256(), b"\x13cU\xed\x944Qf\x82SOF\xd69V\xdb_\xf0k\x84G\x02\xc2\xc1\xf3\xb4c!\xe2RJM"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 100, 20, openssl::hash::MessageDigest::sha256(), b"\xfa\xe4\xd4\x95z<\xc7\x81\xe1\x18\x0b\x9dO\xb7\x9c\x1e\x0c\x85y\xb7"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_IV_ID, 100, 20, openssl::hash::MessageDigest::sha256(), b"\xe5\xff\x81;\xc6T}\xe5\x15[\x14\xd2\xfa\xda\x85\xb3 \x1a\x97s"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_MAC_KEY_ID, 100, 20, openssl::hash::MessageDigest::sha256(), b"\x13cU\xed\x944Qf\x82SOF\xd69V\xdb_\xf0k\x84"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 100, 12, openssl::hash::MessageDigest::sha256(), b"\xfa\xe4\xd4\x95z<\xc7\x81\xe1\x18\x0b\x9d"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_IV_ID, 100, 12, openssl::hash::MessageDigest::sha256(), b"\xe5\xff\x81;\xc6T}\xe5\x15[\x14\xd2"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_MAC_KEY_ID, 100, 12, openssl::hash::MessageDigest::sha256(), b"\x13cU\xed\x944Qf\x82SOF"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 1000, 32, openssl::hash::MessageDigest::sha256(), b"+\x95\xa0V\x9bc\xf6A\xfa\xe1\xef\xca2\xe8M\xb3i\x9a\xb7E@b\x8b\xa6b\x83\xb5\x8c\xf5@\x05'"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_IV_ID, 1000, 32, openssl::hash::MessageDigest::sha256(), b"dr\xc0\xeb\xad?\xabA#\xe8\xb5\xedx4\xde!\xee\xb2\x01\x87\xb3\xef\xf7\x8a}\x1c\xdf\xfa@4\x85\x1d"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_MAC_KEY_ID, 1000, 32, openssl::hash::MessageDigest::sha256(), b"?\x91\x13\xf0\\0\xa9\x96\xc4\xa5\x16@\x9b\xda\xc9\xd0e\xf4B\x96\xcc\xd5+\xb7]\xe3\xfc\xfd\xbe+\xf10"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 1000, 100, openssl::hash::MessageDigest::sha256(), b"+\x95\xa0V\x9bc\xf6A\xfa\xe1\xef\xca2\xe8M\xb3i\x9a\xb7E@b\x8b\xa6b\x83\xb5\x8c\xf5@\x05\'\xd8\xd0\xeb\xe2\xcc\xbfv\x8cQ\xc4\xd8\xfb\xd1\xbb\x15k\xe0l\x1cY\xcb\xb6\x9eD\x05/\xfc77o\xdbG\xb2\xde\x7f\x9eT=\xe9\xd0\x96\xd8\xe5GK\"\x04\x10\xff\x1c]\x8b\xb7\xe5\xbc\x0fa\xba\xea\xa1/\xd0\xda\x1dz\x97\x01r"), + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 1000, 200, openssl::hash::MessageDigest::sha256(), b"+\x95\xa0V\x9bc\xf6A\xfa\xe1\xef\xca2\xe8M\xb3i\x9a\xb7E@b\x8b\xa6b\x83\xb5\x8c\xf5@\x05\'\xd8\xd0\xeb\xe2\xcc\xbfv\x8cQ\xc4\xd8\xfb\xd1\xbb\x15k\xe0l\x1cY\xcb\xb6\x9eD\x05/\xfc77o\xdbG\xb2\xde\x7f\x9eT=\xe9\xd0\x96\xd8\xe5GK\"\x04\x10\xff\x1c]\x8b\xb7\xe5\xbc\x0fa\xba\xea\xa1/\xd0\xda\x1dz\x97\x01r\x9c\xea`\x14\xd7\xfeb\xa2\xed\x92m\xc3ka0\x7f\x11\x9dd\xed\xbc\xebZ\x9cX\x13;\xbfu\xba\x0b\xef\x00\n\x1aQ\x80\xe4\xb1\xde}\x89\xc8\x95(\xbc\xb7\x89\x9a\x1eF\xfdM\xa0\xd9\xde\x8f\x8ee\xe8\xd0\xd7u\xe3=\x12G\xe7mYj401a\xb2\x19\xf3\x9a\xfd\xa4H\xbfQ\x8a(5\xfc^(\xf0\xb5Z\x1ba7\xa2\xc7\x0c\xf7"), + + ("ge@äheim".as_bytes(), b"\x01\x02\x03\x04\x05\x06\x07\x08", KDF_ENCRYPTION_KEY_ID, 100, 32, openssl::hash::MessageDigest::sha512(), b"\xb1J\x9f\x01\xbf\xd9\xdc\xe4\xc9\xd6m/\xe9\x93~_\xd9\xf1\xaf\xa5\x9e7\no\xa4\xfc\x81\xc1\xcc\x8e\xc8\xee"), + + // From https://cs.opensource.google/go/x/crypto/+/master:pkcs12/pbkdf_test.go + (b"sesame", b"\xff\xff\xff\xff\xff\xff\xff\xff", KDF_ENCRYPTION_KEY_ID, 2048, 24, openssl::hash::MessageDigest::sha1(), b"\x7c\xd9\xfd\x3e\x2b\x3b\xe7\x69\x1a\x44\xe3\xbe\xf0\xf9\xea\x0f\xb9\xb8\x97\xd4\xe3\x25\xd9\xd1"), + ] { + let result = pkcs12_kdf(password, salt, id, rounds, key_len, hash).map_err(|_| ()).unwrap(); + assert_eq!(result, expected_key); + } + } + + #[test] + fn test_pkcs12_kdf_error() { + // Key is not valid UTF-8 + let result = pkcs12_kdf( + b"\x91\x82%\xa1", + b"\x01\x02\x03\x04", + KDF_ENCRYPTION_KEY_ID, + 100, + 8, + openssl::hash::MessageDigest::sha256(), + ); + assert!(matches!(result, Err(_))); + } +} diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs new file mode 100644 index 0000000..40fbd9b --- /dev/null +++ b/src/rust/src/pkcs7.rs @@ -0,0 +1,572 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use std::borrow::Cow; +use std::collections::HashMap; +use std::ops::Deref; + +use cryptography_x509::common::{AlgorithmIdentifier, AlgorithmParameters}; +use cryptography_x509::csr::Attribute; +use cryptography_x509::pkcs7::PKCS7_DATA_OID; +use cryptography_x509::{common, oid, pkcs7}; +use once_cell::sync::Lazy; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use openssl::pkcs7::Pkcs7; +use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods}; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use pyo3::IntoPy; + +use crate::asn1::encode_der_data; +use crate::buf::CffiBuf; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::pkcs12::symmetric_encrypt; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use crate::x509::certificate::load_der_x509_certificate; +use crate::{exceptions, types, x509}; + +const PKCS7_CONTENT_TYPE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 3); +const PKCS7_MESSAGE_DIGEST_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 4); +const PKCS7_SIGNING_TIME_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 5); +const PKCS7_SMIME_CAP_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 9, 15); + +static OIDS_TO_MIC_NAME: Lazy> = Lazy::new(|| { + let mut h = HashMap::new(); + h.insert(&oid::SHA224_OID, "sha-224"); + h.insert(&oid::SHA256_OID, "sha-256"); + h.insert(&oid::SHA384_OID, "sha-384"); + h.insert(&oid::SHA512_OID, "sha-512"); + h +}); + +#[pyo3::pyfunction] +fn serialize_certificates<'p>( + py: pyo3::Python<'p>, + py_certs: Vec>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + if py_certs.is_empty() { + return Err(pyo3::exceptions::PyTypeError::new_err( + "certs must be a list of certs with length >= 1", + ) + .into()); + } + + let raw_certs = py_certs + .iter() + .map(|c| c.raw.borrow_dependent()) + .collect::>(); + + let signed_data = pkcs7::SignedData { + version: 1, + digest_algorithms: asn1::SetOfWriter::new(&[]), + content_info: pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: pkcs7::Content::Data(None), + }, + certificates: Some(asn1::SetOfWriter::new(&raw_certs)), + crls: None, + signer_infos: asn1::SetOfWriter::new(&[]), + }; + + let content_info = pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: pkcs7::Content::SignedData(asn1::Explicit::new(Box::new(signed_data))), + }; + let content_info_bytes = asn1::write_single(&content_info)?; + + encode_der_data(py, "PKCS7".to_string(), content_info_bytes, encoding) +} + +#[pyo3::pyfunction] +fn encrypt_and_serialize<'p>( + py: pyo3::Python<'p>, + builder: &pyo3::Bound<'p, pyo3::PyAny>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + options: &pyo3::Bound<'p, pyo3::types::PyList>, +) -> CryptographyResult> { + let raw_data: CffiBuf<'p> = builder.getattr(pyo3::intern!(py, "_data"))?.extract()?; + let text_mode = options.contains(types::PKCS7_TEXT.get(py)?)?; + let data_with_header = if options.contains(types::PKCS7_BINARY.get(py)?)? { + Cow::Borrowed(raw_data.as_bytes()) + } else { + smime_canonicalize(raw_data.as_bytes(), text_mode).0 + }; + + // The message is encrypted with AES-128-CBC, which the S/MIME v3.2 RFC + // specifies as MUST support (https://datatracker.ietf.org/doc/html/rfc5751#section-2.7) + let key = types::OS_URANDOM.get(py)?.call1((16,))?; + let aes128_algorithm = types::AES128.get(py)?.call1((&key,))?; + let iv = types::OS_URANDOM.get(py)?.call1((16,))?; + let cbc_mode = types::CBC.get(py)?.call1((&iv,))?; + + let encrypted_content = symmetric_encrypt(py, aes128_algorithm, cbc_mode, &data_with_header)?; + + let py_recipients: Vec> = builder + .getattr(pyo3::intern!(py, "_recipients"))? + .extract()?; + + let mut recipient_infos = vec![]; + let padding = types::PKCS1V15.get(py)?.call0()?; + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + for cert in py_recipients.iter() { + // Currently, keys are encrypted with RSA (PKCS #1 v1.5), which the S/MIME v3.2 RFC + // specifies as MUST support (https://datatracker.ietf.org/doc/html/rfc5751#section-2.3) + let encrypted_key = cert + .call_method0(pyo3::intern!(py, "public_key"))? + .call_method1(pyo3::intern!(py, "encrypt"), (&key, &padding))? + .extract::()?; + + recipient_infos.push(pkcs7::RecipientInfo { + version: 0, + issuer_and_serial_number: pkcs7::IssuerAndSerialNumber { + issuer: cert.get().raw.borrow_dependent().tbs_cert.issuer.clone(), + serial_number: cert.get().raw.borrow_dependent().tbs_cert.serial, + }, + key_encryption_algorithm: AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Rsa(Some(())), + }, + encrypted_key: ka_bytes.add(encrypted_key), + }); + } + + let enveloped_data = pkcs7::EnvelopedData { + version: 0, + recipient_infos: asn1::SetOfWriter::new(&recipient_infos), + + encrypted_content_info: pkcs7::EncryptedContentInfo { + content_type: PKCS7_DATA_OID, + content_encryption_algorithm: AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: AlgorithmParameters::Aes128Cbc(iv.extract()?), + }, + encrypted_content: Some(&encrypted_content), + }, + }; + + let content_info = pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: pkcs7::Content::EnvelopedData(asn1::Explicit::new(Box::new(enveloped_data))), + }; + let ci_bytes = asn1::write_single(&content_info)?; + + if encoding.is(&types::ENCODING_SMIME.get(py)?) { + Ok(types::SMIME_ENVELOPED_ENCODE + .get(py)? + .call1((&*ci_bytes,))? + .extract()?) + } else { + // Handles the DER, PEM, and error cases + encode_der_data(py, "PKCS7".to_string(), ci_bytes, encoding) + } +} + +#[pyo3::pyfunction] +fn sign_and_serialize<'p>( + py: pyo3::Python<'p>, + builder: &pyo3::Bound<'p, pyo3::PyAny>, + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + options: &pyo3::Bound<'p, pyo3::types::PyList>, +) -> CryptographyResult> { + let raw_data: CffiBuf<'p> = builder.getattr(pyo3::intern!(py, "_data"))?.extract()?; + let text_mode = options.contains(types::PKCS7_TEXT.get(py)?)?; + let (data_with_header, data_without_header) = + if options.contains(types::PKCS7_BINARY.get(py)?)? { + ( + Cow::Borrowed(raw_data.as_bytes()), + Cow::Borrowed(raw_data.as_bytes()), + ) + } else { + smime_canonicalize(raw_data.as_bytes(), text_mode) + }; + + let content_type_bytes = asn1::write_single(&pkcs7::PKCS7_DATA_OID)?; + let now = x509::common::datetime_now(py)?; + let signing_time_bytes = asn1::write_single(&x509::certificate::time_from_datetime(now)?)?; + let smime_cap_bytes = asn1::write_single(&asn1::SequenceOfWriter::new([ + // Subset of values OpenSSL provides: + // https://github.com/openssl/openssl/blob/667a8501f0b6e5705fd611d5bb3ca24848b07154/crypto/pkcs7/pk7_smime.c#L150 + // removing all the ones that are bad cryptography + &asn1::SequenceOfWriter::new([oid::AES_256_CBC_OID]), + &asn1::SequenceOfWriter::new([oid::AES_192_CBC_OID]), + &asn1::SequenceOfWriter::new([oid::AES_128_CBC_OID]), + ]))?; + + #[allow(clippy::type_complexity)] + let py_signers: Vec<( + pyo3::PyRef<'p, x509::certificate::Certificate>, + pyo3::Bound<'_, pyo3::PyAny>, + pyo3::Bound<'_, pyo3::PyAny>, + pyo3::Bound<'_, pyo3::PyAny>, + )> = builder.getattr(pyo3::intern!(py, "_signers"))?.extract()?; + + let py_certs: Vec> = builder + .getattr(pyo3::intern!(py, "_additional_certs"))? + .extract()?; + + let mut signer_infos = vec![]; + let mut digest_algs = vec![]; + let mut certs = py_certs + .iter() + .map(|p| p.raw.borrow_dependent()) + .collect::>(); + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + for (cert, py_private_key, py_hash_alg, rsa_padding) in py_signers.iter() { + let (authenticated_attrs, signature) = + if options.contains(&types::PKCS7_NO_ATTRIBUTES.get(py)?)? { + ( + None, + x509::sign::sign_data( + py, + py_private_key.clone(), + py_hash_alg.clone(), + rsa_padding.clone(), + &data_with_header, + )?, + ) + } else { + let mut authenticated_attrs = vec![ + Attribute { + type_id: PKCS7_CONTENT_TYPE_OID, + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new( + [asn1::parse_single(&content_type_bytes).unwrap()], + )), + }, + Attribute { + type_id: PKCS7_SIGNING_TIME_OID, + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new( + [asn1::parse_single(&signing_time_bytes).unwrap()], + )), + }, + ]; + + let digest = x509::ocsp::hash_data(py, py_hash_alg, &data_with_header)?; + let digest_wrapped = ka_vec.add(asn1::write_single(&digest.as_bytes())?); + authenticated_attrs.push(Attribute { + type_id: PKCS7_MESSAGE_DIGEST_OID, + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new([ + asn1::parse_single(digest_wrapped).unwrap(), + ])), + }); + + if !options.contains(types::PKCS7_NO_CAPABILITIES.get(py)?)? { + authenticated_attrs.push(Attribute { + type_id: PKCS7_SMIME_CAP_OID, + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new( + [asn1::parse_single(&smime_cap_bytes).unwrap()], + )), + }); + } + + let signed_data = + asn1::write_single(&asn1::SetOfWriter::new(authenticated_attrs.as_slice()))?; + + ( + Some(common::Asn1ReadableOrWritable::new_write( + asn1::SetOfWriter::new(authenticated_attrs), + )), + x509::sign::sign_data( + py, + py_private_key.clone(), + py_hash_alg.clone(), + rsa_padding.clone(), + &signed_data, + )?, + ) + }; + + let digest_alg = x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[&*py_hash_alg + .getattr(pyo3::intern!(py, "name"))? + .extract::()?] + .clone(); + // Technically O(n^2), but no one will have that many signers. + if !digest_algs.contains(&digest_alg) { + digest_algs.push(digest_alg.clone()); + } + certs.push(cert.raw.borrow_dependent()); + + signer_infos.push(pkcs7::SignerInfo { + version: 1, + issuer_and_serial_number: pkcs7::IssuerAndSerialNumber { + issuer: cert.raw.borrow_dependent().tbs_cert.issuer.clone(), + serial_number: cert.raw.borrow_dependent().tbs_cert.serial, + }, + digest_algorithm: digest_alg, + authenticated_attributes: authenticated_attrs, + digest_encryption_algorithm: compute_pkcs7_signature_algorithm( + py, + py_private_key.clone(), + py_hash_alg.clone(), + rsa_padding.clone(), + )?, + encrypted_digest: ka_bytes.add(signature), + unauthenticated_attributes: None, + }); + } + + let data_tlv_bytes; + let content = if options.contains(types::PKCS7_DETACHED_SIGNATURE.get(py)?)? { + None + } else { + data_tlv_bytes = asn1::write_single(&data_with_header.deref())?; + Some(asn1::parse_single(&data_tlv_bytes).unwrap()) + }; + + let signed_data = pkcs7::SignedData { + version: 1, + digest_algorithms: asn1::SetOfWriter::new(&digest_algs), + content_info: pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: pkcs7::Content::Data(content.map(asn1::Explicit::new)), + }, + certificates: if options.contains(types::PKCS7_NO_CERTS.get(py)?)? { + None + } else { + Some(asn1::SetOfWriter::new(&certs)) + }, + crls: None, + signer_infos: asn1::SetOfWriter::new(&signer_infos), + }; + + let content_info = pkcs7::ContentInfo { + _content_type: asn1::DefinedByMarker::marker(), + content: pkcs7::Content::SignedData(asn1::Explicit::new(Box::new(signed_data))), + }; + let ci_bytes = asn1::write_single(&content_info)?; + + if encoding.is(&types::ENCODING_SMIME.get(py)?) { + let mic_algs = digest_algs + .iter() + .map(|d| OIDS_TO_MIC_NAME[&d.oid()]) + .collect::>() + .join(","); + Ok(types::SMIME_SIGNED_ENCODE + .get(py)? + .call1((&*data_without_header, &*ci_bytes, mic_algs, text_mode))? + .extract()?) + } else { + // Handles the DER, PEM, and error cases + encode_der_data(py, "PKCS7".to_string(), ci_bytes, encoding) + } +} + +fn compute_pkcs7_signature_algorithm<'p>( + py: pyo3::Python<'p>, + private_key: pyo3::Bound<'p, pyo3::PyAny>, + hash_algorithm: pyo3::Bound<'p, pyo3::PyAny>, + rsa_padding: pyo3::Bound<'p, pyo3::PyAny>, +) -> pyo3::PyResult> { + let key_type = x509::sign::identify_key_type(py, private_key.clone())?; + let has_pss_padding = rsa_padding.is_instance(&types::PSS.get(py)?)?; + // For RSA signatures (with no PSS padding), the OID is always the same no matter the + // digest algorithm. See RFC 3370 (section 3.2). + if key_type == x509::sign::KeyType::Rsa && !has_pss_padding { + Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Rsa(Some(())), + }) + } else { + x509::sign::compute_signature_algorithm(py, private_key, hash_algorithm, rsa_padding) + } +} + +fn smime_canonicalize(data: &[u8], text_mode: bool) -> (Cow<'_, [u8]>, Cow<'_, [u8]>) { + let mut new_data_with_header = vec![]; + let mut new_data_without_header = vec![]; + if text_mode { + new_data_with_header.extend_from_slice(b"Content-Type: text/plain\r\n\r\n"); + } + + let mut last_idx = 0; + for (i, c) in data.iter().copied().enumerate() { + if c == b'\n' && (i == 0 || data[i - 1] != b'\r') { + new_data_with_header.extend_from_slice(&data[last_idx..i]); + new_data_with_header.push(b'\r'); + new_data_with_header.push(b'\n'); + + new_data_without_header.extend_from_slice(&data[last_idx..i]); + new_data_without_header.push(b'\r'); + new_data_without_header.push(b'\n'); + last_idx = i + 1; + } + } + // If there's stuff in new_data, that means we need to copy the rest of + // data over. + if !new_data_with_header.is_empty() { + new_data_with_header.extend_from_slice(&data[last_idx..]); + new_data_without_header.extend_from_slice(&data[last_idx..]); + ( + Cow::Owned(new_data_with_header), + Cow::Owned(new_data_without_header), + ) + } else { + (Cow::Borrowed(data), Cow::Borrowed(data)) + } +} + +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +fn load_pkcs7_certificates( + py: pyo3::Python<'_>, + pkcs7: Pkcs7, +) -> CryptographyResult> { + let nid = pkcs7.type_().map(|t| t.nid()); + if nid != Some(openssl::nid::Nid::PKCS7_SIGNED) { + let nid_string = nid.map_or("empty".to_string(), |n| n.as_raw().to_string()); + return Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + format!("Only basic signed structures are currently supported. NID for this data was {}", nid_string), + exceptions::Reasons::UNSUPPORTED_SERIALIZATION, + )), + )); + } + + let signed_certificates = pkcs7.signed().and_then(|x| x.certificates()); + match signed_certificates { + None => Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "The provided PKCS7 has no certificate data, but a cert loading method was called.", + ), + )), + Some(certificates) => { + let result = pyo3::types::PyList::empty_bound(py); + for c in certificates { + let cert_der = pyo3::types::PyBytes::new_bound(py, c.to_der()?.as_slice()).unbind(); + let cert = load_der_x509_certificate(py, cert_der, None)?; + result.append(cert.into_py(py))?; + } + Ok(result) + } + } +} + +#[pyo3::pyfunction] +fn load_pem_pkcs7_certificates<'p>( + py: pyo3::Python<'p>, + data: &[u8], +) -> CryptographyResult> { + cfg_if::cfg_if! { + if #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] { + let pkcs7_decoded = openssl::pkcs7::Pkcs7::from_pem(data).map_err(|_| { + CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "Unable to parse PKCS7 data", + )) + })?; + load_pkcs7_certificates(py, pkcs7_decoded) + } else { + let _ = py; + let _ = data; + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "PKCS#7 is not supported by this backend.", + exceptions::Reasons::UNSUPPORTED_SERIALIZATION, + )), + )) + } + } +} + +#[pyo3::pyfunction] +fn load_der_pkcs7_certificates<'p>( + py: pyo3::Python<'p>, + data: &[u8], +) -> CryptographyResult> { + cfg_if::cfg_if! { + if #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] { + let pkcs7_decoded = openssl::pkcs7::Pkcs7::from_der(data).map_err(|_| { + CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "Unable to parse PKCS7 data", + )) + })?; + load_pkcs7_certificates(py, pkcs7_decoded) + } else { + let _ = py; + let _ = data; + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(( + "PKCS#7 is not supported by this backend.", + exceptions::Reasons::UNSUPPORTED_SERIALIZATION, + )), + )) + } + } +} + +#[pyo3::pymodule] +#[pyo3(name = "pkcs7")] +pub(crate) mod pkcs7_mod { + #[pymodule_export] + use super::{ + encrypt_and_serialize, load_der_pkcs7_certificates, load_pem_pkcs7_certificates, + serialize_certificates, sign_and_serialize, + }; +} + +#[cfg(test)] +mod tests { + use std::borrow::Cow; + use std::ops::Deref; + + use super::smime_canonicalize; + + #[test] + fn test_smime_canonicalize() { + for ( + input, + text_mode, + expected_with_header, + expected_without_header, + expected_is_borrowed, + ) in [ + // Values with text_mode=false + (b"" as &[u8], false, b"" as &[u8], b"" as &[u8], true), + (b"\n", false, b"\r\n", b"\r\n", false), + (b"abc", false, b"abc", b"abc", true), + ( + b"abc\r\ndef\n", + false, + b"abc\r\ndef\r\n", + b"abc\r\ndef\r\n", + false, + ), + (b"abc\r\n", false, b"abc\r\n", b"abc\r\n", true), + ( + b"abc\ndef\n", + false, + b"abc\r\ndef\r\n", + b"abc\r\ndef\r\n", + false, + ), + // Values with text_mode=true + (b"", true, b"Content-Type: text/plain\r\n\r\n", b"", false), + ( + b"abc", + true, + b"Content-Type: text/plain\r\n\r\nabc", + b"abc", + false, + ), + ( + b"abc\n", + true, + b"Content-Type: text/plain\r\n\r\nabc\r\n", + b"abc\r\n", + false, + ), + ] { + let (result_with_header, result_without_header) = smime_canonicalize(input, text_mode); + assert_eq!(result_with_header.deref(), expected_with_header); + assert_eq!(result_without_header.deref(), expected_without_header); + assert_eq!( + matches!(result_with_header, Cow::Borrowed(_)), + expected_is_borrowed + ); + assert_eq!( + matches!(result_without_header, Cow::Borrowed(_)), + expected_is_borrowed + ); + } + } +} diff --git a/src/rust/src/pool.rs b/src/rust/src/pool.rs deleted file mode 100644 index 9dacd7f..0000000 --- a/src/rust/src/pool.rs +++ /dev/null @@ -1,96 +0,0 @@ -// This file is dual licensed under the terms of the Apache License, Version -// 2.0, and the BSD License. See the LICENSE file in the root of this repository -// for complete details. - -use std::cell::Cell; - -// An object pool that can contain a single object and will dynamically -// allocate new objects to fulfill requests if the pool'd object is already in -// use. -#[pyo3::prelude::pyclass] -pub(crate) struct FixedPool { - create_fn: pyo3::PyObject, - destroy_fn: pyo3::PyObject, - - value: Cell>, -} - -#[pyo3::prelude::pyclass] -struct PoolAcquisition { - pool: pyo3::Py, - - value: pyo3::PyObject, - fresh: bool, -} - -#[pyo3::pymethods] -impl FixedPool { - #[new] - fn new( - py: pyo3::Python<'_>, - create: pyo3::PyObject, - destroy: pyo3::PyObject, - ) -> pyo3::PyResult { - let value = create.call0(py)?; - - Ok(FixedPool { - create_fn: create, - destroy_fn: destroy, - - value: Cell::new(Some(value)), - }) - } - - fn acquire(slf: pyo3::Py, py: pyo3::Python<'_>) -> pyo3::PyResult { - let v = slf.as_ref(py).borrow().value.replace(None); - if let Some(value) = v { - Ok(PoolAcquisition { - pool: slf, - value, - fresh: false, - }) - } else { - let value = slf.as_ref(py).borrow().create_fn.call0(py)?; - Ok(PoolAcquisition { - pool: slf, - value, - fresh: true, - }) - } - } -} - -impl Drop for FixedPool { - fn drop(&mut self) { - if let Some(value) = self.value.replace(None) { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); - self.destroy_fn - .call1(py, (value,)) - .expect("FixedPool destroy function failed in destructor"); - } - } -} - -#[pyo3::pymethods] -impl PoolAcquisition { - fn __enter__(&self, py: pyo3::Python<'_>) -> pyo3::PyObject { - self.value.clone_ref(py) - } - - fn __exit__( - &self, - py: pyo3::Python<'_>, - _exc_type: &pyo3::PyAny, - _exc_value: &pyo3::PyAny, - _exc_tb: &pyo3::PyAny, - ) -> pyo3::PyResult<()> { - let pool = self.pool.as_ref(py).borrow(); - if self.fresh { - pool.destroy_fn.call1(py, (self.value.clone_ref(py),))?; - } else { - pool.value.replace(Some(self.value.clone_ref(py))); - } - Ok(()) - } -} diff --git a/src/rust/src/test_support.rs b/src/rust/src/test_support.rs new file mode 100644 index 0000000..9b37b6c --- /dev/null +++ b/src/rust/src/test_support.rs @@ -0,0 +1,160 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use crate::buf::CffiBuf; +use crate::error::CryptographyResult; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use crate::types; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use crate::x509::certificate::Certificate as PyCertificate; +use asn1::SimpleAsn1Readable; +use cryptography_x509::certificate::Certificate; +use cryptography_x509::common::Time; +use cryptography_x509::name::Name; +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +use pyo3::prelude::PyAnyMethods; + +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.test_support")] +struct TestCertificate { + #[pyo3(get)] + not_before_tag: u8, + #[pyo3(get)] + not_after_tag: u8, + #[pyo3(get)] + issuer_value_tags: Vec, + #[pyo3(get)] + subject_value_tags: Vec, +} + +fn parse_name_value_tags(rdns: &Name<'_>) -> Vec { + let mut tags = vec![]; + for rdn in rdns.unwrap_read().clone() { + let mut attributes = rdn.collect::>(); + assert_eq!(attributes.len(), 1); + + tags.push(attributes.pop().unwrap().value.tag().as_u8().unwrap()); + } + tags +} + +fn time_tag(t: &Time) -> u8 { + match t { + Time::UtcTime(_) => asn1::UtcTime::TAG.as_u8().unwrap(), + Time::GeneralizedTime(_) => asn1::GeneralizedTime::TAG.as_u8().unwrap(), + } +} + +#[pyo3::pyfunction] +fn test_parse_certificate(data: &[u8]) -> CryptographyResult { + let cert = asn1::parse_single::>(data)?; + + Ok(TestCertificate { + not_before_tag: time_tag(&cert.tbs_cert.validity.not_before), + not_after_tag: time_tag(&cert.tbs_cert.validity.not_after), + issuer_value_tags: parse_name_value_tags(&cert.tbs_cert.issuer), + subject_value_tags: parse_name_value_tags(&cert.tbs_cert.subject), + }) +} + +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +#[pyo3::pyfunction] +#[pyo3(signature = (encoding, sig, msg, certs, options))] +fn pkcs7_verify( + py: pyo3::Python<'_>, + encoding: pyo3::Bound<'_, pyo3::PyAny>, + sig: &[u8], + msg: Option>, + certs: Vec>, + options: pyo3::Bound<'_, pyo3::types::PyList>, +) -> CryptographyResult<()> { + let p7 = if encoding.is(&types::ENCODING_DER.get(py)?) { + openssl::pkcs7::Pkcs7::from_der(sig)? + } else if encoding.is(&types::ENCODING_PEM.get(py)?) { + openssl::pkcs7::Pkcs7::from_pem(sig)? + } else { + openssl::pkcs7::Pkcs7::from_smime(sig)?.0 + }; + + let mut flags = openssl::pkcs7::Pkcs7Flags::empty(); + if options.contains(types::PKCS7_TEXT.get(py)?)? { + flags |= openssl::pkcs7::Pkcs7Flags::TEXT; + } + + let store = { + let mut b = openssl::x509::store::X509StoreBuilder::new()?; + for cert in &certs { + let der = asn1::write_single(cert.get().raw.borrow_dependent())?; + b.add_cert(openssl::x509::X509::from_der(&der)?)?; + } + b.build() + }; + let certs = openssl::stack::Stack::new()?; + + p7.verify( + &certs, + &store, + msg.as_ref().map(|m| m.as_bytes()), + None, + flags, + )?; + + Ok(()) +} + +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +#[pyo3::pyfunction] +#[pyo3(signature = (encoding, msg, pkey, cert_recipient, options))] +fn pkcs7_decrypt<'p>( + py: pyo3::Python<'p>, + encoding: pyo3::Bound<'p, pyo3::PyAny>, + msg: CffiBuf<'p>, + pkey: pyo3::Bound<'p, pyo3::PyAny>, + cert_recipient: pyo3::Bound<'p, PyCertificate>, + options: pyo3::Bound<'p, pyo3::types::PyList>, +) -> CryptographyResult> { + let p7 = if encoding.is(&types::ENCODING_DER.get(py)?) { + openssl::pkcs7::Pkcs7::from_der(msg.as_bytes())? + } else if encoding.is(&types::ENCODING_PEM.get(py)?) { + openssl::pkcs7::Pkcs7::from_pem(msg.as_bytes())? + } else { + openssl::pkcs7::Pkcs7::from_smime(msg.as_bytes())?.0 + }; + + let mut flags = openssl::pkcs7::Pkcs7Flags::empty(); + if options.contains(types::PKCS7_TEXT.get(py)?)? { + flags |= openssl::pkcs7::Pkcs7Flags::TEXT; + } + + let cert_der = asn1::write_single(cert_recipient.get().raw.borrow_dependent())?; + let cert_ossl = openssl::x509::X509::from_der(&cert_der)?; + + let der = types::ENCODING_DER.get(py)?; + let pkcs8 = types::PRIVATE_FORMAT_PKCS8.get(py)?; + let no_encryption = types::NO_ENCRYPTION.get(py)?.call0()?; + let pkey_bytes = pkey + .call_method1( + pyo3::intern!(py, "private_bytes"), + (der, pkcs8, no_encryption), + )? + .extract::()?; + + let pkey_ossl = openssl::pkey::PKey::private_key_from_der(&pkey_bytes)?; + + let result = p7.decrypt(&pkey_ossl, &cert_ossl, flags)?; + + Ok(pyo3::types::PyBytes::new_bound(py, &result)) +} + +#[pyo3::pymodule] +pub(crate) mod test_support { + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + #[pymodule_export] + use super::pkcs7_decrypt; + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + #[pymodule_export] + use super::pkcs7_verify; + #[pymodule_export] + use super::test_parse_certificate; +} diff --git a/src/rust/src/types.rs b/src/rust/src/types.rs new file mode 100644 index 0000000..5a32fa5 --- /dev/null +++ b/src/rust/src/types.rs @@ -0,0 +1,588 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use pyo3::types::PyAnyMethods; + +pub struct LazyPyImport { + module: &'static str, + names: &'static [&'static str], + value: pyo3::sync::GILOnceCell, +} + +impl LazyPyImport { + pub const fn new(module: &'static str, names: &'static [&'static str]) -> LazyPyImport { + LazyPyImport { + module, + names, + value: pyo3::sync::GILOnceCell::new(), + } + } + + pub fn get<'p>(&'p self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + let p = self.value.get_or_try_init(py, || { + let mut obj = py.import_bound(self.module)?.into_any(); + for name in self.names { + obj = obj.getattr(*name)?; + } + Ok::<_, pyo3::PyErr>(obj.unbind()) + })?; + + Ok(p.clone_ref(py).into_bound(py)) + } +} + +pub static DATETIME_DATETIME: LazyPyImport = LazyPyImport::new("datetime", &["datetime"]); +pub static DATETIME_TIMEZONE_UTC: LazyPyImport = + LazyPyImport::new("datetime", &["timezone", "utc"]); +pub static IPADDRESS_IPADDRESS: LazyPyImport = LazyPyImport::new("ipaddress", &["ip_address"]); +pub static IPADDRESS_IPNETWORK: LazyPyImport = LazyPyImport::new("ipaddress", &["ip_network"]); +pub static OS_URANDOM: LazyPyImport = LazyPyImport::new("os", &["urandom"]); + +pub static DEPRECATED_IN_36: LazyPyImport = + LazyPyImport::new("cryptography.utils", &["DeprecatedIn36"]); +pub static DEPRECATED_IN_41: LazyPyImport = + LazyPyImport::new("cryptography.utils", &["DeprecatedIn41"]); +pub static DEPRECATED_IN_42: LazyPyImport = + LazyPyImport::new("cryptography.utils", &["DeprecatedIn42"]); +pub static DEPRECATED_IN_43: LazyPyImport = + LazyPyImport::new("cryptography.utils", &["DeprecatedIn43"]); + +pub static ENCODING: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding"], +); +pub static ENCODING_DER: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "DER"], +); +pub static ENCODING_OPENSSH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "OpenSSH"], +); +pub static ENCODING_PEM: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "PEM"], +); +pub static ENCODING_RAW: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "Raw"], +); +pub static ENCODING_SMIME: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "SMIME"], +); +pub static ENCODING_X962: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["Encoding", "X962"], +); + +pub static PRIVATE_FORMAT: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat"], +); +pub static PRIVATE_FORMAT_OPENSSH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat", "OpenSSH"], +); +pub static PRIVATE_FORMAT_PKCS8: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat", "PKCS8"], +); +pub static PRIVATE_FORMAT_PKCS12: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat", "PKCS12"], +); +pub static PRIVATE_FORMAT_RAW: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat", "Raw"], +); +pub static PRIVATE_FORMAT_TRADITIONAL_OPENSSL: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PrivateFormat", "TraditionalOpenSSL"], +); + +pub static PUBLIC_FORMAT: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat"], +); +pub static PUBLIC_FORMAT_COMPRESSED_POINT: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "CompressedPoint"], +); +pub static PUBLIC_FORMAT_OPENSSH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "OpenSSH"], +); +pub static PUBLIC_FORMAT_PKCS1: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "PKCS1"], +); +pub static PUBLIC_FORMAT_RAW: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "Raw"], +); +pub static PUBLIC_FORMAT_SUBJECT_PUBLIC_KEY_INFO: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "SubjectPublicKeyInfo"], +); +pub static PUBLIC_FORMAT_UNCOMPRESSED_POINT: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["PublicFormat", "UncompressedPoint"], +); + +pub static PARAMETER_FORMAT_PKCS3: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["ParameterFormat", "PKCS3"], +); + +pub static KEY_SERIALIZATION_ENCRYPTION: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["KeySerializationEncryption"], +); +pub static NO_ENCRYPTION: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["NoEncryption"], +); +pub static BEST_AVAILABLE_ENCRYPTION: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["BestAvailableEncryption"], +); +pub static ENCRYPTION_BUILDER: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization", + &["_KeySerializationEncryption"], +); + +pub static PBES_PBESV1SHA1AND3KEYTRIPLEDESCBC: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs12", + &["PBES", "PBESv1SHA1And3KeyTripleDESCBC"], +); +pub static PBES_PBESV2SHA256ANDAES256CBC: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs12", + &["PBES", "PBESv2SHA256AndAES256CBC"], +); + +pub static SERIALIZE_SSH_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.ssh", + &["_serialize_ssh_private_key"], +); +pub static SERIALIZE_SSH_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.ssh", + &["serialize_ssh_public_key"], +); + +pub static SIG_OIDS_TO_HASH: LazyPyImport = + LazyPyImport::new("cryptography.hazmat._oid", &["_SIG_OIDS_TO_HASH"]); +pub static OID_NAMES: LazyPyImport = LazyPyImport::new("cryptography.hazmat._oid", &["_OID_NAMES"]); + +pub static REASON_FLAGS: LazyPyImport = LazyPyImport::new("cryptography.x509", &["ReasonFlags"]); +pub static ATTRIBUTE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["Attribute"]); +pub static ATTRIBUTES: LazyPyImport = LazyPyImport::new("cryptography.x509", &["Attributes"]); + +pub static CRL_NUMBER: LazyPyImport = LazyPyImport::new("cryptography.x509", &["CRLNumber"]); +pub static DELTA_CRL_INDICATOR: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["DeltaCRLIndicator"]); +pub static ISSUER_ALTERNATIVE_NAME: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["IssuerAlternativeName"]); +pub static AUTHORITY_INFORMATION_ACCESS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["AuthorityInformationAccess"]); +pub static ISSUING_DISTRIBUTION_POINT: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["IssuingDistributionPoint"]); +pub static FRESHEST_CRL: LazyPyImport = LazyPyImport::new("cryptography.x509", &["FreshestCRL"]); +pub static CRL_REASON: LazyPyImport = LazyPyImport::new("cryptography.x509", &["CRLReason"]); +pub static CERTIFICATE_ISSUER: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["CertificateIssuer"]); +pub static INVALIDITY_DATE: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["InvalidityDate"]); +pub static OCSP_NONCE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["OCSPNonce"]); +pub static OCSP_ACCEPTABLE_RESPONSES: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["OCSPAcceptableResponses"]); +pub static SIGNED_CERTIFICATE_TIMESTAMPS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["SignedCertificateTimestamps"]); +pub static PRECERT_POISON: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["PrecertPoison"]); +pub static PRECERTIFICATE_SIGNED_CERTIFICATE_TIMESTAMPS: LazyPyImport = LazyPyImport::new( + "cryptography.x509", + &["PrecertificateSignedCertificateTimestamps"], +); +pub static DISTRIBUTION_POINT: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["DistributionPoint"]); +pub static ACCESS_DESCRIPTION: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["AccessDescription"]); +pub static AUTHORITY_KEY_IDENTIFIER: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["AuthorityKeyIdentifier"]); +pub static UNRECOGNIZED_EXTENSION: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["UnrecognizedExtension"]); +pub static EXTENSION: LazyPyImport = LazyPyImport::new("cryptography.x509", &["Extension"]); +pub static EXTENSIONS: LazyPyImport = LazyPyImport::new("cryptography.x509", &["Extensions"]); +pub static NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["Name"]); +pub static RELATIVE_DISTINGUISHED_NAME: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["RelativeDistinguishedName"]); +pub static NAME_ATTRIBUTE: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["NameAttribute"]); +pub static NAME_CONSTRAINTS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["NameConstraints"]); +pub static MS_CERTIFICATE_TEMPLATE: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["MSCertificateTemplate"]); +pub static CRL_DISTRIBUTION_POINTS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["CRLDistributionPoints"]); +pub static BASIC_CONSTRAINTS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["BasicConstraints"]); +pub static INHIBIT_ANY_POLICY: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["InhibitAnyPolicy"]); +pub static OCSP_NO_CHECK: LazyPyImport = LazyPyImport::new("cryptography.x509", &["OCSPNoCheck"]); +pub static POLICY_CONSTRAINTS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["PolicyConstraints"]); +pub static CERTIFICATE_POLICIES: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["CertificatePolicies"]); +pub static SUBJECT_INFORMATION_ACCESS: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["SubjectInformationAccess"]); +pub static KEY_USAGE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["KeyUsage"]); +pub static EXTENDED_KEY_USAGE: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["ExtendedKeyUsage"]); +pub static SUBJECT_KEY_IDENTIFIER: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["SubjectKeyIdentifier"]); +pub static TLS_FEATURE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["TLSFeature"]); +pub static SUBJECT_ALTERNATIVE_NAME: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["SubjectAlternativeName"]); +pub static POLICY_INFORMATION: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["PolicyInformation"]); +pub static USER_NOTICE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["UserNotice"]); +pub static NOTICE_REFERENCE: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["NoticeReference"]); +pub static REGISTERED_ID: LazyPyImport = LazyPyImport::new("cryptography.x509", &["RegisteredID"]); +pub static DIRECTORY_NAME: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["DirectoryName"]); +pub static UNIFORM_RESOURCE_IDENTIFIER: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["UniformResourceIdentifier"]); +pub static DNS_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["DNSName"]); +pub static IP_ADDRESS: LazyPyImport = LazyPyImport::new("cryptography.x509", &["IPAddress"]); +pub static RFC822_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["RFC822Name"]); +pub static OTHER_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["OtherName"]); +pub static CERTIFICATE_VERSION_V1: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["Version", "v1"]); +pub static CERTIFICATE_VERSION_V3: LazyPyImport = + LazyPyImport::new("cryptography.x509", &["Version", "v3"]); + +pub static CRL_REASON_FLAGS: LazyPyImport = + LazyPyImport::new("cryptography.x509.extensions", &["_CRLREASONFLAGS"]); +pub static REASON_BIT_MAPPING: LazyPyImport = + LazyPyImport::new("cryptography.x509.extensions", &["_REASON_BIT_MAPPING"]); +pub static CRL_ENTRY_REASON_ENUM_TO_CODE: LazyPyImport = LazyPyImport::new( + "cryptography.x509.extensions", + &["_CRL_ENTRY_REASON_ENUM_TO_CODE"], +); +pub static TLS_FEATURE_TYPE_TO_ENUM: LazyPyImport = LazyPyImport::new( + "cryptography.x509.extensions", + &["_TLS_FEATURE_TYPE_TO_ENUM"], +); + +pub static OCSP_RESPONSE_STATUS: LazyPyImport = + LazyPyImport::new("cryptography.x509.ocsp", &["OCSPResponseStatus"]); +pub static OCSP_CERT_STATUS: LazyPyImport = + LazyPyImport::new("cryptography.x509.ocsp", &["OCSPCertStatus"]); +pub static OCSP_CERT_STATUS_GOOD: LazyPyImport = + LazyPyImport::new("cryptography.x509.ocsp", &["OCSPCertStatus", "GOOD"]); +pub static OCSP_CERT_STATUS_UNKNOWN: LazyPyImport = + LazyPyImport::new("cryptography.x509.ocsp", &["OCSPCertStatus", "UNKNOWN"]); +pub static OCSP_RESPONDER_ENCODING_HASH: LazyPyImport = + LazyPyImport::new("cryptography.x509.ocsp", &["OCSPResponderEncoding", "HASH"]); + +pub static CERTIFICATE_TRANSPARENCY_VERSION_V1: LazyPyImport = LazyPyImport::new( + "cryptography.x509.certificate_transparency", + &["Version", "v1"], +); +pub static SIGNATURE_ALGORITHM: LazyPyImport = LazyPyImport::new( + "cryptography.x509.certificate_transparency", + &["SignatureAlgorithm"], +); +pub static LOG_ENTRY_TYPE_X509_CERTIFICATE: LazyPyImport = LazyPyImport::new( + "cryptography.x509.certificate_transparency", + &["LogEntryType", "X509_CERTIFICATE"], +); +pub static LOG_ENTRY_TYPE_PRE_CERTIFICATE: LazyPyImport = LazyPyImport::new( + "cryptography.x509.certificate_transparency", + &["LogEntryType", "PRE_CERTIFICATE"], +); + +pub static ASN1_TYPE_TO_ENUM: LazyPyImport = + LazyPyImport::new("cryptography.x509.name", &["_ASN1_TYPE_TO_ENUM"]); +pub static ASN1_TYPE_BIT_STRING: LazyPyImport = + LazyPyImport::new("cryptography.x509.name", &["_ASN1Type", "BitString"]); +pub static ASN1_TYPE_BMP_STRING: LazyPyImport = + LazyPyImport::new("cryptography.x509.name", &["_ASN1Type", "BMPString"]); +pub static ASN1_TYPE_UNIVERSAL_STRING: LazyPyImport = + LazyPyImport::new("cryptography.x509.name", &["_ASN1Type", "UniversalString"]); + +pub static PKCS7_BINARY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "Binary"], +); +pub static PKCS7_TEXT: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "Text"], +); +pub static PKCS7_NO_ATTRIBUTES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "NoAttributes"], +); +pub static PKCS7_NO_CAPABILITIES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "NoCapabilities"], +); +pub static PKCS7_NO_CERTS: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "NoCerts"], +); +pub static PKCS7_DETACHED_SIGNATURE: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["PKCS7Options", "DetachedSignature"], +); + +pub static SMIME_ENVELOPED_ENCODE: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["_smime_enveloped_encode"], +); + +pub static SMIME_SIGNED_ENCODE: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs7", + &["_smime_signed_encode"], +); + +pub static PKCS12KEYANDCERTIFICATES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.serialization.pkcs12", + &["PKCS12KeyAndCertificates"], +); + +pub static HASHES_MODULE: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.hashes", &[]); +pub static HASH_ALGORITHM: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["HashAlgorithm"]); +#[cfg(not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL)))] +pub static EXTENDABLE_OUTPUT_FUNCTION: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.hashes", + &["ExtendableOutputFunction"], +); +pub static SHA1: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA1"]); +pub static SHA256: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA256"]); + +pub static PREHASHED: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.utils", + &["Prehashed"], +); +pub static ASYMMETRIC_PADDING: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["AsymmetricPadding"], +); +pub static PADDING_AUTO: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["_Auto"], +); +pub static PADDING_MAX_LENGTH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["_MaxLength"], +); +pub static PADDING_DIGEST_LENGTH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["_DigestLength"], +); +pub static PKCS1V15: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["PKCS1v15"], +); +pub static PSS: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["PSS"], +); +pub static OAEP: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["OAEP"], +); +pub static MGF1: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["MGF1"], +); +pub static CALCULATE_MAX_PSS_SALT_LENGTH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.padding", + &["calculate_max_pss_salt_length"], +); + +pub static RSA_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.rsa", + &["RSAPrivateKey"], +); +pub static RSA_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.rsa", + &["RSAPublicKey"], +); + +pub static ELLIPTIC_CURVE: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ec", + &["EllipticCurve"], +); +pub static ELLIPTIC_CURVE_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ec", + &["EllipticCurvePrivateKey"], +); +pub static ELLIPTIC_CURVE_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ec", + &["EllipticCurvePublicKey"], +); +pub static CURVE_TYPES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ec", + &["_CURVE_TYPES"], +); +pub static ECDSA: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.asymmetric.ec", &["ECDSA"]); +pub static ECDH: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.asymmetric.ec", &["ECDH"]); + +pub static ED25519_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ed25519", + &["Ed25519PrivateKey"], +); +pub static ED25519_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ed25519", + &["Ed25519PublicKey"], +); + +pub static ED448_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ed448", + &["Ed448PrivateKey"], +); +pub static ED448_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.ed448", + &["Ed448PublicKey"], +); + +pub static DSA_PRIVATE_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.dsa", + &["DSAPrivateKey"], +); +pub static DSA_PUBLIC_KEY: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.asymmetric.dsa", + &["DSAPublicKey"], +); + +pub static FFI_FROM_BUFFER: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.bindings._rust", + &["_openssl", "ffi", "from_buffer"], +); + +pub static FFI_CAST: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.bindings._rust", + &["_openssl", "ffi", "cast"], +); + +pub static BLOCK_CIPHER_ALGORITHM: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers", + &["BlockCipherAlgorithm"], +); + +pub static TRIPLE_DES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.decrepit.ciphers.algorithms", + &["TripleDES"], +); +pub static AES: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["AES"], +); +pub static AES128: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["AES128"], +); +pub static AES256: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["AES256"], +); +pub static CHACHA20: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["ChaCha20"], +); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SM4"))] +pub static SM4: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["SM4"], +); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_SEED"))] +pub static SEED: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.decrepit.ciphers.algorithms", &["SEED"]); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAMELLIA"))] +pub static CAMELLIA: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.algorithms", + &["Camellia"], +); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_BF"))] +pub static BLOWFISH: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.decrepit.ciphers.algorithms", + &["Blowfish"], +); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_CAST"))] +pub static CAST5: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.decrepit.ciphers.algorithms", + &["CAST5"], +); +#[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_IDEA"))] +pub static IDEA: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.decrepit.ciphers.algorithms", &["IDEA"]); +pub static ARC4: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.decrepit.ciphers.algorithms", &["ARC4"]); +pub static RC2: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.decrepit.ciphers.algorithms", &["RC2"]); + +pub static MODE_WITH_INITIALIZATION_VECTOR: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.modes", + &["ModeWithInitializationVector"], +); +pub static MODE_WITH_TWEAK: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.modes", + &["ModeWithTweak"], +); +pub static MODE_WITH_NONCE: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.modes", + &["ModeWithNonce"], +); +pub static MODE_WITH_AUTHENTICATION_TAG: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.primitives.ciphers.modes", + &["ModeWithAuthenticationTag"], +); +pub static CBC: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["CBC"]); +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +pub static CFB: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["CFB"]); +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +pub static CFB8: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["CFB8"]); +pub static OFB: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["OFB"]); +pub static ECB: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["ECB"]); +pub static CTR: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["CTR"]); +pub static GCM: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["GCM"]); +pub static XTS: LazyPyImport = + LazyPyImport::new("cryptography.hazmat.primitives.ciphers.modes", &["XTS"]); + +pub static LEGACY_PROVIDER_LOADED: LazyPyImport = LazyPyImport::new( + "cryptography.hazmat.bindings._rust", + &["openssl", "_legacy_provider_loaded"], +); + +#[cfg(test)] +mod tests { + use super::LazyPyImport; + + #[test] + fn test_basic() { + pyo3::prepare_freethreaded_python(); + + let v = LazyPyImport::new("foo", &["bar"]); + pyo3::Python::with_gil(|py| { + assert!(v.get(py).is_err()); + }); + } +} diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index 59841d7..810d7aa 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -2,475 +2,482 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{ - big_byte_slice_to_py_int, oid_to_py_oid, py_uint_to_big_endian_bytes, PyAsn1Error, PyAsn1Result, -}; -use crate::x509; -use crate::x509::{crl, extensions, oid, sct, Asn1ReadableOrWritable}; -use chrono::Datelike; -use pyo3::ToPyObject; use std::collections::hash_map::DefaultHasher; use std::hash::{Hash, Hasher}; -use std::sync::Arc; - -#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Clone)] -pub(crate) struct RawCertificate<'a> { - pub(crate) tbs_cert: TbsCertificate<'a>, - signature_alg: x509::AlgorithmIdentifier<'a>, - signature: asn1::BitString<'a>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Clone)] -pub(crate) struct TbsCertificate<'a> { - #[explicit(0)] - #[default(0)] - version: u8, - pub(crate) serial: asn1::BigInt<'a>, - signature_alg: x509::AlgorithmIdentifier<'a>, - - pub(crate) issuer: x509::Name<'a>, - validity: Validity, - pub(crate) subject: x509::Name<'a>, - - pub(crate) spki: SubjectPublicKeyInfo<'a>, - #[implicit(1)] - issuer_unique_id: Option>, - #[implicit(2)] - subject_unique_id: Option>, - #[explicit(3)] - extensions: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Clone)] -pub(crate) struct Validity { - not_before: x509::Time, - not_after: x509::Time, -} -#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Clone)] -pub(crate) struct SubjectPublicKeyInfo<'a> { - _algorithm: x509::AlgorithmIdentifier<'a>, - pub(crate) subject_public_key: asn1::BitString<'a>, -} - -#[ouroboros::self_referencing] -pub(crate) struct OwnedRawCertificate { - data: Arc<[u8]>, +use cryptography_x509::certificate::Certificate as RawCertificate; +use cryptography_x509::common::{AlgorithmParameters, Asn1ReadableOrWritable}; +use cryptography_x509::extensions::{ + AuthorityKeyIdentifier, BasicConstraints, DisplayText, DistributionPoint, + DistributionPointName, DuplicateExtensionsError, IssuerAlternativeName, KeyUsage, + MSCertificateTemplate, NameConstraints, PolicyConstraints, PolicyInformation, + PolicyQualifierInfo, Qualifier, RawExtensions, SequenceOfAccessDescriptions, + SequenceOfSubtrees, UserNotice, +}; +use cryptography_x509::extensions::{Extension, SubjectAlternativeName}; +use cryptography_x509::{common, oid}; +use cryptography_x509_verification::ops::CryptoOps; +use pyo3::types::{PyAnyMethods, PyListMethods}; +use pyo3::{IntoPy, ToPyObject}; - #[borrows(data)] - #[covariant] - value: RawCertificate<'this>, -} +use crate::asn1::{ + big_byte_slice_to_py_int, encode_der_data, oid_to_py_oid, py_uint_to_big_endian_bytes, +}; +use crate::backend::{hashes, keys}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::verify::PyCryptoOps; +use crate::x509::{extensions, sct, sign}; +use crate::{exceptions, types, x509}; -impl OwnedRawCertificate { - // Re-expose ::new with `pub(crate)` visibility. - pub(crate) fn new_public( - data: Arc<[u8]>, - value_ref_builder: impl for<'this> FnOnce(&'this Arc<[u8]>) -> RawCertificate<'this>, - ) -> OwnedRawCertificate { - OwnedRawCertificate::new(data, value_ref_builder) - } +self_cell::self_cell!( + pub(crate) struct OwnedCertificate { + owner: pyo3::Py, - pub(crate) fn borrow_value_public(&self) -> &RawCertificate<'_> { - self.borrow_value() + #[covariant] + dependent: RawCertificate, } -} +); -#[pyo3::prelude::pyclass] +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.x509")] pub(crate) struct Certificate { - pub(crate) raw: OwnedRawCertificate, - pub(crate) cached_extensions: Option, + pub(crate) raw: OwnedCertificate, + pub(crate) cached_extensions: pyo3::sync::GILOnceCell, } -#[pyo3::prelude::pyproto] -impl pyo3::PyObjectProtocol for Certificate { +#[pyo3::pymethods] +impl Certificate { fn __hash__(&self) -> u64 { let mut hasher = DefaultHasher::new(); - self.raw.borrow_value().hash(&mut hasher); + self.raw.borrow_dependent().hash(&mut hasher); hasher.finish() } - fn __richcmp__( - &self, - other: pyo3::PyRef, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { - pyo3::basic::CompareOp::Eq => Ok(self.raw.borrow_value() == other.raw.borrow_value()), - pyo3::basic::CompareOp::Ne => Ok(self.raw.borrow_value() != other.raw.borrow_value()), - _ => Err(pyo3::exceptions::PyTypeError::new_err( - "Certificates cannot be ordered", - )), - } + fn __eq__(&self, other: pyo3::PyRef<'_, Certificate>) -> bool { + self.raw.borrow_dependent() == other.raw.borrow_dependent() } - fn __repr__(&self) -> pyo3::PyResult { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); - + fn __repr__(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { let subject = self.subject(py)?; - let subject_repr = subject.repr()?.extract::<&str>()?; - Ok(format!("", subject_repr)) + let subject_repr = subject.repr()?.extract::()?; + Ok(format!("")) } -} -#[pyo3::prelude::pymethods] -impl Certificate { fn __deepcopy__(slf: pyo3::PyRef<'_, Self>, _memo: pyo3::PyObject) -> pyo3::PyRef<'_, Self> { slf } - fn public_key<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { - // This makes an unnecessary copy. It'd be nice to get rid of it. - let serialized = pyo3::types::PyBytes::new( + pub(crate) fn public_key(&self, py: pyo3::Python<'_>) -> CryptographyResult { + keys::load_der_public_key_bytes( py, - &asn1::write_single(&self.raw.borrow_value().tbs_cert.spki)?, - ); - Ok(py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "load_der_public_key"))? - .call1((serialized,))?) + self.raw.borrow_dependent().tbs_cert.spki.tlv().full_data(), + ) + } + + #[getter] + fn public_key_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + oid_to_py_oid( + py, + self.raw.borrow_dependent().tbs_cert.spki.algorithm.oid(), + ) } fn fingerprint<'p>( &self, py: pyo3::Python<'p>, - algorithm: pyo3::PyObject, - ) -> PyAsn1Result<&'p pyo3::PyAny> { - let hasher = py - .import("cryptography.hazmat.primitives.hashes")? - .getattr(crate::intern!(py, "Hash"))? - .call1((algorithm,))?; - // This makes an unnecessary copy. It'd be nice to get rid of it. - let serialized = - pyo3::types::PyBytes::new(py, &asn1::write_single(&self.raw.borrow_value())?); - hasher.call_method1("update", (serialized,))?; - Ok(hasher.call_method0("finalize")?) + algorithm: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let serialized = asn1::write_single(&self.raw.borrow_dependent())?; + + let mut h = hashes::Hash::new(py, algorithm, None)?; + h.update_bytes(&serialized)?; + Ok(h.finalize(py)?.into_any()) } fn public_bytes<'p>( &self, py: pyo3::Python<'p>, - encoding: &pyo3::PyAny, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let encoding_class = py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; - if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { - Ok(pyo3::types::PyBytes::new(py, &result)) - } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { - let pem = pem::encode_config( - &pem::Pem { - tag: "CERTIFICATE".to_string(), - contents: result, - }, - pem::EncodeConfig { - line_ending: pem::LineEnding::LF, - }, - ) - .into_bytes(); - Ok(pyo3::types::PyBytes::new(py, &pem)) - } else { - Err(pyo3::exceptions::PyTypeError::new_err( - "encoding must be Encoding.DER or Encoding.PEM", - ) - .into()) - } + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let result = asn1::write_single(self.raw.borrow_dependent())?; + + encode_der_data(py, "CERTIFICATE".to_string(), result, encoding) } #[getter] - fn serial_number<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let bytes = self.raw.borrow_value().tbs_cert.serial.as_bytes(); + fn serial_number<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { + let bytes = self.raw.borrow_dependent().tbs_cert.serial.as_bytes(); warn_if_negative_serial(py, bytes)?; Ok(big_byte_slice_to_py_int(py, bytes)?) } #[getter] - fn version<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let version = &self.raw.borrow_value().tbs_cert.version; + fn version<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { + let version = &self.raw.borrow_dependent().tbs_cert.version; cert_version(py, *version) } #[getter] - fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok( - x509::parse_name(py, &self.raw.borrow_value().tbs_cert.issuer) - .map_err(|e| e.add_location(asn1::ParseLocation::Field("issuer")))?, - ) + fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + Ok(x509::parse_name(py, self.raw.borrow_dependent().issuer()) + .map_err(|e| e.add_location(asn1::ParseLocation::Field("issuer")))?) } #[getter] - fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok( - x509::parse_name(py, &self.raw.borrow_value().tbs_cert.subject) - .map_err(|e| e.add_location(asn1::ParseLocation::Field("subject")))?, - ) + fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + Ok(x509::parse_name(py, self.raw.borrow_dependent().subject()) + .map_err(|e| e.add_location(asn1::ParseLocation::Field("subject")))?) } #[getter] fn tbs_certificate_bytes<'p>( &self, py: pyo3::Python<'p>, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let result = asn1::write_single(&self.raw.borrow_value().tbs_cert)?; - Ok(pyo3::types::PyBytes::new(py, &result)) + ) -> CryptographyResult> { + let result = asn1::write_single(&self.raw.borrow_dependent().tbs_cert)?; + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } #[getter] fn tbs_precertificate_bytes<'p>( &self, py: pyo3::Python<'p>, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let val = self.raw.borrow_value(); + ) -> CryptographyResult> { + let val = self.raw.borrow_dependent(); let mut tbs_precert = val.tbs_cert.clone(); // Remove the SCT list extension - match tbs_precert.extensions { - Some(extensions) => { - let readable_extensions = extensions.unwrap_read().clone(); - let ext_count = readable_extensions.len(); - let filtered_extensions: Vec> = readable_extensions + match val.extensions() { + Ok(extensions) => { + let ext_count = extensions + .as_raw() + .as_ref() + .map_or(0, |raw| raw.unwrap_read().len()); + let filtered_extensions: Vec> = extensions + .iter() .filter(|x| x.extn_id != oid::PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID) .collect(); if filtered_extensions.len() == ext_count { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Could not find pre-certificate SCT list extension", - ))); + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Could not find pre-certificate SCT list extension", + ), + )); } - let filtered_extensions: x509::Extensions<'_> = Asn1ReadableOrWritable::new_write( + let filtered_extensions: RawExtensions<'_> = Asn1ReadableOrWritable::new_write( asn1::SequenceOfWriter::new(filtered_extensions), ); - tbs_precert.extensions = Some(filtered_extensions); + + tbs_precert.raw_extensions = Some(filtered_extensions); let result = asn1::write_single(&tbs_precert)?; - Ok(pyo3::types::PyBytes::new(py, &result)) + Ok(pyo3::types::PyBytes::new_bound(py, &result)) + } + Err(DuplicateExtensionsError(oid)) => { + let oid_obj = oid_to_py_oid(py, &oid)?; + Err(exceptions::DuplicateExtension::new_err(( + format!("Duplicate {} extension found", &oid), + oid_obj.into_py(py), + )) + .into()) } - None => Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Could not find any extensions in TBS certificate", - ))), } } #[getter] - fn signature<'p>(&self, py: pyo3::Python<'p>) -> &'p pyo3::types::PyBytes { - pyo3::types::PyBytes::new(py, self.raw.borrow_value().signature.as_bytes()) + fn signature<'p>(&self, py: pyo3::Python<'p>) -> pyo3::Bound<'p, pyo3::types::PyBytes> { + pyo3::types::PyBytes::new_bound(py, self.raw.borrow_dependent().signature.as_bytes()) + } + + #[getter] + fn not_valid_before<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc.", + 1, + )?; + let dt = &self + .raw + .borrow_dependent() + .tbs_cert + .validity + .not_before + .as_datetime(); + x509::datetime_to_py(py, dt) } #[getter] - fn not_valid_before<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let chrono = &self + fn not_valid_before_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let dt = &self .raw - .borrow_value() + .borrow_dependent() .tbs_cert .validity .not_before - .as_chrono(); - x509::chrono_to_py(py, chrono) + .as_datetime(); + x509::datetime_to_py_utc(py, dt) } #[getter] - fn not_valid_after<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let chrono = &self + fn not_valid_after<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.", + 1, + )?; + let dt = &self + .raw + .borrow_dependent() + .tbs_cert + .validity + .not_after + .as_datetime(); + x509::datetime_to_py(py, dt) + } + + #[getter] + fn not_valid_after_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let dt = &self .raw - .borrow_value() + .borrow_dependent() .tbs_cert .validity .not_after - .as_chrono(); - x509::chrono_to_py(py, chrono) + .as_datetime(); + x509::datetime_to_py_utc(py, dt) } #[getter] fn signature_hash_algorithm<'p>( &self, py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let sig_oids_to_hash = py - .import("cryptography.hazmat._oid")? - .getattr(crate::intern!(py, "_SIG_OIDS_TO_HASH"))?; - let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?); - match hash_alg { - Ok(data) => Ok(data), - Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - py.import("cryptography.exceptions")?.call_method1( - "UnsupportedAlgorithm", - (format!( - "Signature algorithm OID: {} not recognized", - self.raw.borrow_value().signature_alg.oid - ),), - )?, - ))), - } + ) -> Result, CryptographyError> { + sign::identify_signature_hash_algorithm(py, &self.raw.borrow_dependent().signature_alg) } #[getter] - fn signature_algorithm_oid<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - oid_to_py_oid(py, &self.raw.borrow_value().signature_alg.oid) + fn signature_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + oid_to_py_oid(py, self.raw.borrow_dependent().signature_alg.oid()) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let x509_module = py.import("cryptography.x509")?; + fn signature_algorithm_parameters<'p>( + &'p self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + sign::identify_signature_algorithm_parameters( + py, + &self.raw.borrow_dependent().signature_alg, + ) + } + + #[getter] + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { x509::parse_and_cache_extensions( py, - &mut self.cached_extensions, - &self.raw.borrow_value().tbs_cert.extensions, - |oid, ext_data| match *oid { + &self.cached_extensions, + &self.raw.borrow_dependent().tbs_cert.raw_extensions, + |ext| match ext.extn_id { oid::PRECERT_POISON_OID => { - asn1::parse_single::<()>(ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "PrecertPoison"))? - .call0()?, - )) + ext.value::<()>()?; + Ok(Some(types::PRECERT_POISON.get(py)?.call0()?)) } oid::PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID => { - let contents = asn1::parse_single::<&[u8]>(ext_data)?; + let contents = ext.value::<&[u8]>()?; let scts = sct::parse_scts(py, contents, sct::LogEntryType::PreCertificate)?; Ok(Some( - x509_module - .getattr(crate::intern!( - py, - "PrecertificateSignedCertificateTimestamps" - ))? + types::PRECERTIFICATE_SIGNED_CERTIFICATE_TIMESTAMPS + .get(py)? .call1((scts,))?, )) } - _ => parse_cert_ext(py, oid.clone(), ext_data), + _ => parse_cert_ext(py, ext), }, ) } - // This getter exists for compatibility with pyOpenSSL and will be removed. - // DO NOT RELY ON IT. WE WILL BREAK YOU WHEN WE FEEL LIKE IT. - #[getter] - fn _x509<'p>( - slf: pyo3::PyRef<'_, Self>, - py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn35"))?; - pyo3::PyErr::warn( - py, - cryptography_warning, - "This version of cryptography contains a temporary pyOpenSSL fallback path. Upgrade pyOpenSSL now.", - 1 - )?; - let backend = py - .import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))?; - Ok(backend.call_method1("_cert2ossl", (slf,))?) + + fn verify_directly_issued_by( + &self, + issuer: pyo3::PyRef<'_, Certificate>, + ) -> CryptographyResult<()> { + if self.raw.borrow_dependent().tbs_cert.signature_alg + != self.raw.borrow_dependent().signature_alg + { + return Err(CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "Inner and outer signature algorithms do not match. This is an invalid certificate." + ))); + }; + if self.raw.borrow_dependent().tbs_cert.issuer + != issuer.raw.borrow_dependent().tbs_cert.subject + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Issuer certificate subject does not match certificate issuer.", + ), + )); + }; + + let ops = PyCryptoOps {}; + let issuer_key = ops.public_key(issuer.raw.borrow_dependent())?; + ops.verify_signed_by(self.raw.borrow_dependent(), &issuer_key) } } -fn cert_version(py: pyo3::Python<'_>, version: u8) -> Result<&pyo3::PyAny, PyAsn1Error> { - let x509_module = py.import("cryptography.x509")?; +fn cert_version( + py: pyo3::Python<'_>, + version: u8, +) -> Result, CryptographyError> { match version { - 0 => Ok(x509_module - .getattr(crate::intern!(py, "Version"))? - .get_item("v1")?), - 2 => Ok(x509_module - .getattr(crate::intern!(py, "Version"))? - .get_item("v3")?), - _ => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - x509_module - .getattr(crate::intern!(py, "InvalidVersion"))? - .call1((format!("{} is not a valid X509 version", version), version))?, - ))), + 0 => Ok(types::CERTIFICATE_VERSION_V1.get(py)?), + 2 => Ok(types::CERTIFICATE_VERSION_V3.get(py)?), + _ => Err(CryptographyError::from( + exceptions::InvalidVersion::new_err(( + format!("{version} is not a valid X509 version"), + version, + )), + )), } } -#[pyo3::prelude::pyfunction] -fn load_pem_x509_certificate(py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result { +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_pem_x509_certificate( + py: pyo3::Python<'_>, + data: &[u8], + backend: Option>, +) -> CryptographyResult { + let _ = backend; + // We support both PEM header strings that OpenSSL does // https://github.com/openssl/openssl/blob/5e2d22d53ed322a7124e26a4fbd116a8210eb77a/include/openssl/pem.h#L32-L33 let parsed = x509::find_in_pem( data, - |p| p.tag == "CERTIFICATE" || p.tag == "X509 CERTIFICATE", + |p| p.tag() == "CERTIFICATE" || p.tag() == "X509 CERTIFICATE", "Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. Are you sure this is a certificate?", )?; - load_der_x509_certificate(py, &parsed.contents) + load_der_x509_certificate( + py, + pyo3::types::PyBytes::new_bound(py, parsed.contents()).unbind(), + None, + ) +} + +#[pyo3::pyfunction] +pub(crate) fn load_pem_x509_certificates( + py: pyo3::Python<'_>, + data: &[u8], +) -> CryptographyResult> { + let certs = pem::parse_many(data)? + .iter() + .filter(|p| p.tag() == "CERTIFICATE" || p.tag() == "X509 CERTIFICATE") + .map(|p| { + load_der_x509_certificate( + py, + pyo3::types::PyBytes::new_bound(py, p.contents()).unbind(), + None, + ) + }) + .collect::, _>>()?; + + if certs.is_empty() { + return Err(CryptographyError::from(pem::PemError::MalformedFraming)); + } + + Ok(certs) } -#[pyo3::prelude::pyfunction] -fn load_der_x509_certificate(py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result { - let raw = OwnedRawCertificate::try_new(Arc::from(data), |data| asn1::parse_single(data))?; +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_der_x509_certificate( + py: pyo3::Python<'_>, + data: pyo3::Py, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + + let raw = OwnedCertificate::try_new(data, |data| asn1::parse_single(data.as_bytes(py)))?; // Parse cert version immediately so we can raise error on parse if it is invalid. - cert_version(py, raw.borrow_value().tbs_cert.version)?; + cert_version(py, raw.borrow_dependent().tbs_cert.version)?; // determine if the serial is negative and raise a warning if it is. We want to drop support // for this sort of invalid encoding eventually. - warn_if_negative_serial(py, raw.borrow_value().tbs_cert.serial.as_bytes())?; + warn_if_negative_serial(py, raw.borrow_dependent().tbs_cert.serial.as_bytes())?; + // determine if the signature algorithm has incorrect parameters and raise a warning if it + // does. this is a bug in the JDK and we want to drop support for it eventually. + // ECDSA was fixed in Java 16, DSA in Java 21. + warn_if_invalid_params(py, raw.borrow_dependent().signature_alg.params.clone())?; + warn_if_invalid_params( + py, + raw.borrow_dependent().tbs_cert.signature_alg.params.clone(), + )?; Ok(Certificate { raw, - cached_extensions: None, + cached_extensions: pyo3::sync::GILOnceCell::new(), }) } fn warn_if_negative_serial(py: pyo3::Python<'_>, bytes: &'_ [u8]) -> pyo3::PyResult<()> { if bytes[0] & 0x80 != 0 { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn36"))?; - pyo3::PyErr::warn( + let warning_cls = types::DEPRECATED_IN_36.get(py)?; + pyo3::PyErr::warn_bound( py, - cryptography_warning, - "Parsed a negative serial number, which is disallowed by RFC 5280.", + &warning_cls, + "Parsed a negative serial number, which is disallowed by RFC 5280. Loading this certificate will cause an exception in the next release of cryptography.", 1, )?; } Ok(()) } -// Needed due to clippy type complexity warning. -type SequenceOfPolicyQualifiers<'a> = x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, PolicyQualifierInfo<'a>>, - asn1::SequenceOfWriter<'a, PolicyQualifierInfo<'a>, Vec>>, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct PolicyInformation<'a> { - pub policy_identifier: asn1::ObjectIdentifier, - pub policy_qualifiers: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct PolicyQualifierInfo<'a> { - pub policy_qualifier_id: asn1::ObjectIdentifier, - pub qualifier: Qualifier<'a>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) enum Qualifier<'a> { - CpsUri(asn1::IA5String<'a>), - UserNotice(UserNotice<'a>), -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct UserNotice<'a> { - pub notice_ref: Option>, - pub explicit_text: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct NoticeReference<'a> { - pub organization: DisplayText<'a>, - pub notice_numbers: x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, asn1::BigUint<'a>>, - asn1::SequenceOfWriter<'a, asn1::BigUint<'a>, Vec>>, - >, -} - -// DisplayText also allows BMPString, which we currently do not support. -#[allow(clippy::enum_variant_names)] -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) enum DisplayText<'a> { - IA5String(asn1::IA5String<'a>), - Utf8String(asn1::Utf8String<'a>), - VisibleString(asn1::VisibleString<'a>), - BmpString(asn1::BMPString<'a>), +fn warn_if_invalid_params( + py: pyo3::Python<'_>, + params: AlgorithmParameters<'_>, +) -> pyo3::PyResult<()> { + match params { + AlgorithmParameters::EcDsaWithSha224(Some(..)) + | AlgorithmParameters::EcDsaWithSha256(Some(..)) + | AlgorithmParameters::EcDsaWithSha384(Some(..)) + | AlgorithmParameters::EcDsaWithSha512(Some(..)) + | AlgorithmParameters::DsaWithSha224(Some(..)) + | AlgorithmParameters::DsaWithSha256(Some(..)) + | AlgorithmParameters::DsaWithSha384(Some(..)) + | AlgorithmParameters::DsaWithSha512(Some(..)) => { + let warning_cls = types::DEPRECATED_IN_41.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "The parsed certificate contains a NULL parameter value in its signature algorithm parameters. This is invalid and will be rejected in a future version of cryptography. If this certificate was created via Java, please upgrade to JDK21+ or the latest JDK11/17 once a fix is issued. If this certificate was created in some other fashion please report the issue to the cryptography issue tracker. See https://github.com/pyca/cryptography/issues/8996 and https://github.com/pyca/cryptography/issues/9253 for more details.", + 2, + )?; + } + _ => {} + } + Ok(()) } fn parse_display_text( @@ -478,16 +485,32 @@ fn parse_display_text( text: DisplayText<'_>, ) -> pyo3::PyResult { match text { - DisplayText::IA5String(o) => Ok(pyo3::types::PyString::new(py, o.as_str()).to_object(py)), - DisplayText::Utf8String(o) => Ok(pyo3::types::PyString::new(py, o.as_str()).to_object(py)), + DisplayText::IA5String(o) => { + Ok(pyo3::types::PyString::new_bound(py, o.as_str()).to_object(py)) + } + DisplayText::Utf8String(o) => { + Ok(pyo3::types::PyString::new_bound(py, o.as_str()).to_object(py)) + } DisplayText::VisibleString(o) => { - Ok(pyo3::types::PyString::new(py, o.as_str()).to_object(py)) + if asn1::VisibleString::new(o.as_str()).is_none() { + let warning_cls = types::DEPRECATED_IN_41.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Invalid ASN.1 (UTF-8 characters in a VisibleString) in the explicit text and/or notice reference of the certificate policies extension. In a future version of cryptography, an exception will be raised.", + 1, + )?; + } + Ok(pyo3::types::PyString::new_bound(py, o.as_str()).to_object(py)) } DisplayText::BmpString(o) => { - let py_bytes = pyo3::types::PyBytes::new(py, o.as_utf16_be_bytes()); + let py_bytes = pyo3::types::PyBytes::new_bound(py, o.as_utf16_be_bytes()); // TODO: do the string conversion in rust perhaps Ok(py_bytes - .call_method1("decode", ("utf_16_be",))? + .call_method1( + pyo3::intern!(py, "decode"), + (pyo3::intern!(py, "utf_16_be"),), + )? .to_object(py)) } } @@ -496,8 +519,7 @@ fn parse_display_text( fn parse_user_notice( py: pyo3::Python<'_>, un: UserNotice<'_>, -) -> Result { - let x509_module = py.import("cryptography.x509")?; +) -> Result { let et = match un.explicit_text { Some(data) => parse_display_text(py, data)?, None => py.None(), @@ -505,42 +527,45 @@ fn parse_user_notice( let nr = match un.notice_ref { Some(data) => { let org = parse_display_text(py, data.organization)?; - let numbers = pyo3::types::PyList::empty(py); + let numbers = pyo3::types::PyList::empty_bound(py); for num in data.notice_numbers.unwrap_read().clone() { - numbers.append(big_byte_slice_to_py_int(py, num.as_bytes())?.to_object(py))?; + numbers.append(big_byte_slice_to_py_int(py, num.as_bytes())?)?; } - x509_module - .call_method1("NoticeReference", (org, numbers))? + types::NOTICE_REFERENCE + .get(py)? + .call1((org, numbers))? .to_object(py) } None => py.None(), }; - Ok(x509_module - .call_method1("UserNotice", (nr, et))? - .to_object(py)) + Ok(types::USER_NOTICE.get(py)?.call1((nr, et))?.to_object(py)) } fn parse_policy_qualifiers<'a>( py: pyo3::Python<'_>, policy_qualifiers: &asn1::SequenceOf<'a, PolicyQualifierInfo<'a>>, -) -> Result { - let py_pq = pyo3::types::PyList::empty(py); +) -> Result { + let py_pq = pyo3::types::PyList::empty_bound(py); for pqi in policy_qualifiers.clone() { let qualifier = match pqi.qualifier { Qualifier::CpsUri(data) => { if pqi.policy_qualifier_id == oid::CP_CPS_URI_OID { - pyo3::types::PyString::new(py, data.as_str()).to_object(py) + pyo3::types::PyString::new_bound(py, data.as_str()).to_object(py) } else { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "CpsUri ASN.1 structure found but OID did not match", - ))); + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "CpsUri ASN.1 structure found but OID did not match", + ), + )); } } Qualifier::UserNotice(un) => { if pqi.policy_qualifier_id != oid::CP_USER_NOTICE_OID { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "UserNotice ASN.1 structure found but OID did not match", - ))); + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "UserNotice ASN.1 structure found but OID did not match", + ), + )); } parse_user_notice(py, un)? } @@ -550,106 +575,43 @@ fn parse_policy_qualifiers<'a>( Ok(py_pq.to_object(py)) } -fn parse_cp(py: pyo3::Python<'_>, ext_data: &[u8]) -> Result { - let cp = asn1::parse_single::>>(ext_data)?; - let x509_module = py.import("cryptography.x509")?; - let certificate_policies = pyo3::types::PyList::empty(py); +fn parse_cp( + py: pyo3::Python<'_>, + ext: &Extension<'_>, +) -> Result { + let cp = ext.value::>>()?; + let certificate_policies = pyo3::types::PyList::empty_bound(py); for policyinfo in cp { - let pi_oid = oid_to_py_oid(py, &policyinfo.policy_identifier)?.to_object(py); + let pi_oid = oid_to_py_oid(py, &policyinfo.policy_identifier)?; let py_pqis = match policyinfo.policy_qualifiers { Some(policy_qualifiers) => { parse_policy_qualifiers(py, policy_qualifiers.unwrap_read())? } None => py.None(), }; - let pi = x509_module - .call_method1("PolicyInformation", (pi_oid, py_pqis))? - .to_object(py); + let pi = types::POLICY_INFORMATION + .get(py)? + .call1((pi_oid, py_pqis))?; certificate_policies.append(pi)?; } Ok(certificate_policies.to_object(py)) } -// Needed due to clippy type complexity warning. -pub(crate) type SequenceOfSubtrees<'a> = x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, GeneralSubtree<'a>>, - asn1::SequenceOfWriter<'a, GeneralSubtree<'a>, Vec>>, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct NameConstraints<'a> { - #[implicit(0)] - pub permitted_subtrees: Option>, - - #[implicit(1)] - pub excluded_subtrees: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct GeneralSubtree<'a> { - pub base: x509::GeneralName<'a>, - - #[implicit(0)] - #[default(0u64)] - pub minimum: u64, - - #[implicit(1)] - pub maximum: Option, -} - fn parse_general_subtrees( py: pyo3::Python<'_>, subtrees: SequenceOfSubtrees<'_>, -) -> Result { - let gns = pyo3::types::PyList::empty(py); +) -> Result { + let gns = pyo3::types::PyList::empty_bound(py); for gs in subtrees.unwrap_read().clone() { gns.append(x509::parse_general_name(py, gs.base)?)?; } Ok(gns.to_object(py)) } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct DistributionPoint<'a> { - #[explicit(0)] - pub distribution_point: Option>, - - #[implicit(1)] - pub reasons: crl::ReasonFlags<'a>, - - #[implicit(2)] - pub crl_issuer: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) enum DistributionPointName<'a> { - #[implicit(0)] - FullName(x509::common::SequenceOfGeneralName<'a>), - - #[implicit(1)] - NameRelativeToCRLIssuer( - x509::Asn1ReadableOrWritable< - 'a, - asn1::SetOf<'a, x509::AttributeTypeValue<'a>>, - asn1::SetOfWriter<'a, x509::AttributeTypeValue<'a>, Vec>>, - >, - ), -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct AuthorityKeyIdentifier<'a> { - #[implicit(0)] - pub key_identifier: Option<&'a [u8]>, - #[implicit(1)] - pub authority_cert_issuer: Option>, - #[implicit(2)] - pub authority_cert_serial_number: Option>, -} - pub(crate) fn parse_distribution_point_name( py: pyo3::Python<'_>, dp: DistributionPointName<'_>, -) -> Result<(pyo3::PyObject, pyo3::PyObject), PyAsn1Error> { +) -> Result<(pyo3::PyObject, pyo3::PyObject), CryptographyError> { Ok(match dp { DistributionPointName::FullName(data) => ( x509::parse_general_names(py, data.unwrap_read())?, @@ -664,7 +626,7 @@ pub(crate) fn parse_distribution_point_name( fn parse_distribution_point( py: pyo3::Python<'_>, dp: DistributionPoint<'_>, -) -> Result { +) -> Result { let (full_name, relative_name) = match dp.distribution_point { Some(data) => parse_distribution_point_name(py, data)?, None => (py.None(), py.None()), @@ -675,19 +637,18 @@ fn parse_distribution_point( Some(aci) => x509::parse_general_names(py, aci.unwrap_read())?, None => py.None(), }; - let x509_module = py.import("cryptography.x509")?; - Ok(x509_module - .getattr(crate::intern!(py, "DistributionPoint"))? + Ok(types::DISTRIBUTION_POINT + .get(py)? .call1((full_name, relative_name, reasons, crl_issuer))? .to_object(py)) } pub(crate) fn parse_distribution_points( py: pyo3::Python<'_>, - data: &[u8], -) -> Result { - let dps = asn1::parse_single::>>(data)?; - let py_dps = pyo3::types::PyList::empty(py); + ext: &Extension<'_>, +) -> Result { + let dps = ext.value::>>()?; + let py_dps = pyo3::types::PyList::empty_bound(py); for dp in dps { let py_dp = parse_distribution_point(py, dp)?; py_dps.append(py_dp)?; @@ -698,10 +659,9 @@ pub(crate) fn parse_distribution_points( pub(crate) fn parse_distribution_point_reasons( py: pyo3::Python<'_>, reasons: Option<&asn1::BitString<'_>>, -) -> Result { - let reason_bit_mapping = py - .import("cryptography.x509.extensions")? - .getattr(crate::intern!(py, "_REASON_BIT_MAPPING"))?; +) -> Result { + let reason_bit_mapping = types::REASON_BIT_MAPPING.get(py)?; + Ok(match reasons { Some(bs) => { let mut vec = Vec::new(); @@ -710,7 +670,7 @@ pub(crate) fn parse_distribution_point_reasons( vec.push(reason_bit_mapping.get_item(i)?); } } - pyo3::types::PyFrozenSet::new(py, &vec)?.to_object(py) + pyo3::types::PyFrozenSet::new_bound(py, &vec)?.to_object(py) } None => py.None(), }) @@ -718,18 +678,16 @@ pub(crate) fn parse_distribution_point_reasons( pub(crate) fn encode_distribution_point_reasons( py: pyo3::Python<'_>, - py_reasons: &pyo3::PyAny, + py_reasons: &pyo3::Bound<'_, pyo3::PyAny>, ) -> pyo3::PyResult { - let reason_flag_mapping = py - .import("cryptography.x509.extensions")? - .getattr(crate::intern!(py, "_CRLREASONFLAGS"))?; + let reason_flag_mapping = types::CRL_REASON_FLAGS.get(py)?; let mut bits = vec![0, 0]; for py_reason in py_reasons.iter()? { let bit = reason_flag_mapping .get_item(py_reason?)? .extract::()?; - set_bit(&mut bits, bit, true) + set_bit(&mut bits, bit, true); } if bits[1] == 0 { bits.truncate(1); @@ -738,27 +696,11 @@ pub(crate) fn encode_distribution_point_reasons( Ok(asn1::OwnedBitString::new(bits, unused_bits).unwrap()) } -#[derive(asn1::Asn1Read, asn1::Asn1Write, pyo3::prelude::FromPyObject)] -pub(crate) struct BasicConstraints { - #[default(false)] - pub ca: bool, - pub path_length: Option, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct PolicyConstraints { - #[implicit(0)] - pub require_explicit_policy: Option, - #[implicit(1)] - pub inhibit_policy_mapping: Option, -} - pub(crate) fn parse_authority_key_identifier<'p>( py: pyo3::Python<'p>, - ext_data: &[u8], -) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let x509_module = py.import("cryptography.x509")?; - let aki = asn1::parse_single::>(ext_data)?; + ext: &Extension<'_>, +) -> Result, CryptographyError> { + let aki = ext.value::>()?; let serial = match aki.authority_cert_serial_number { Some(biguint) => big_byte_slice_to_py_int(py, biguint.as_bytes())?.to_object(py), None => py.None(), @@ -767,25 +709,21 @@ pub(crate) fn parse_authority_key_identifier<'p>( Some(aci) => x509::parse_general_names(py, aci.unwrap_read())?, None => py.None(), }; - Ok(x509_module - .getattr(crate::intern!(py, "AuthorityKeyIdentifier"))? + Ok(types::AUTHORITY_KEY_IDENTIFIER + .get(py)? .call1((aki.key_identifier, issuer, serial))?) } pub(crate) fn parse_access_descriptions( py: pyo3::Python<'_>, - ext_data: &[u8], -) -> Result { - let x509_module = py.import("cryptography.x509")?; - let ads = pyo3::types::PyList::empty(py); - let parsed = asn1::parse_single::>(ext_data)?; + ext: &Extension<'_>, +) -> Result { + let ads = pyo3::types::PyList::empty_bound(py); + let parsed = ext.value::>()?; for access in parsed.unwrap_read().clone() { let py_oid = oid_to_py_oid(py, &access.access_method)?.to_object(py); let gn = x509::parse_general_name(py, access.access_location)?; - let ad = x509_module - .getattr(crate::intern!(py, "AccessDescription"))? - .call1((py_oid, gn))? - .to_object(py); + let ad = types::ACCESS_DESCRIPTION.get(py)?.call1((py_oid, gn))?; ads.append(ad)?; } Ok(ads.to_object(py)) @@ -793,171 +731,115 @@ pub(crate) fn parse_access_descriptions( pub fn parse_cert_ext<'p>( py: pyo3::Python<'p>, - oid: asn1::ObjectIdentifier, - ext_data: &[u8], -) -> PyAsn1Result> { - let x509_module = py.import("cryptography.x509")?; - match oid { + ext: &Extension<'_>, +) -> CryptographyResult>> { + match ext.extn_id { oid::SUBJECT_ALTERNATIVE_NAME_OID => { - let gn_seq = - asn1::parse_single::>>(ext_data)?; + let gn_seq = ext.value::>()?; let sans = x509::parse_general_names(py, &gn_seq)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "SubjectAlternativeName"))? - .call1((sans,))?, + types::SUBJECT_ALTERNATIVE_NAME.get(py)?.call1((sans,))?, )) } oid::ISSUER_ALTERNATIVE_NAME_OID => { - let gn_seq = - asn1::parse_single::>>(ext_data)?; + let gn_seq = ext.value::>()?; let ians = x509::parse_general_names(py, &gn_seq)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "IssuerAlternativeName"))? - .call1((ians,))?, + types::ISSUER_ALTERNATIVE_NAME.get(py)?.call1((ians,))?, )) } oid::TLS_FEATURE_OID => { - let tls_feature_type_to_enum = py - .import("cryptography.x509.extensions")? - .getattr(crate::intern!(py, "_TLS_FEATURE_TYPE_TO_ENUM"))?; + let tls_feature_type_to_enum = types::TLS_FEATURE_TYPE_TO_ENUM.get(py)?; - let features = pyo3::types::PyList::empty(py); - for feature in asn1::parse_single::>(ext_data)? { - let py_feature = tls_feature_type_to_enum.get_item(feature.to_object(py))?; + let features = pyo3::types::PyList::empty_bound(py); + for feature in ext.value::>()? { + let py_feature = tls_feature_type_to_enum.get_item(feature)?; features.append(py_feature)?; } - Ok(Some( - x509_module - .getattr(crate::intern!(py, "TLSFeature"))? - .call1((features,))?, - )) + Ok(Some(types::TLS_FEATURE.get(py)?.call1((features,))?)) } oid::SUBJECT_KEY_IDENTIFIER_OID => { - let identifier = asn1::parse_single::<&[u8]>(ext_data)?; + let identifier = ext.value::<&[u8]>()?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "SubjectKeyIdentifier"))? + types::SUBJECT_KEY_IDENTIFIER + .get(py)? .call1((identifier,))?, )) } oid::EXTENDED_KEY_USAGE_OID => { - let ekus = pyo3::types::PyList::empty(py); - for oid in asn1::parse_single::>(ext_data)? - { + let ekus = pyo3::types::PyList::empty_bound(py); + for oid in ext.value::>()? { let oid_obj = oid_to_py_oid(py, &oid)?; ekus.append(oid_obj)?; } - Ok(Some( - x509_module - .getattr(crate::intern!(py, "ExtendedKeyUsage"))? - .call1((ekus,))?, - )) + Ok(Some(types::EXTENDED_KEY_USAGE.get(py)?.call1((ekus,))?)) } oid::KEY_USAGE_OID => { - let kus = asn1::parse_single::>(ext_data)?; - let digital_signature = kus.has_bit_set(0); - let content_comitment = kus.has_bit_set(1); - let key_encipherment = kus.has_bit_set(2); - let data_encipherment = kus.has_bit_set(3); - let key_agreement = kus.has_bit_set(4); - let key_cert_sign = kus.has_bit_set(5); - let crl_sign = kus.has_bit_set(6); - let encipher_only = kus.has_bit_set(7); - let decipher_only = kus.has_bit_set(8); - Ok(Some( - x509_module - .getattr(crate::intern!(py, "KeyUsage"))? - .call1(( - digital_signature, - content_comitment, - key_encipherment, - data_encipherment, - key_agreement, - key_cert_sign, - crl_sign, - encipher_only, - decipher_only, - ))?, - )) + let kus = ext.value::>()?; + + Ok(Some(types::KEY_USAGE.get(py)?.call1(( + kus.digital_signature(), + kus.content_commitment(), + kus.key_encipherment(), + kus.data_encipherment(), + kus.key_agreement(), + kus.key_cert_sign(), + kus.crl_sign(), + kus.encipher_only(), + kus.decipher_only(), + ))?)) } oid::AUTHORITY_INFORMATION_ACCESS_OID => { - let ads = parse_access_descriptions(py, ext_data)?; + let ads = parse_access_descriptions(py, ext)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "AuthorityInformationAccess"))? - .call1((ads,))?, + types::AUTHORITY_INFORMATION_ACCESS.get(py)?.call1((ads,))?, )) } oid::SUBJECT_INFORMATION_ACCESS_OID => { - let ads = parse_access_descriptions(py, ext_data)?; + let ads = parse_access_descriptions(py, ext)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "SubjectInformationAccess"))? - .call1((ads,))?, + types::SUBJECT_INFORMATION_ACCESS.get(py)?.call1((ads,))?, )) } oid::CERTIFICATE_POLICIES_OID => { - let cp = parse_cp(py, ext_data)?; - Ok(Some( - x509_module.call_method1("CertificatePolicies", (cp,))?, - )) + let cp = parse_cp(py, ext)?; + Ok(Some(types::CERTIFICATE_POLICIES.get(py)?.call1((cp,))?)) } oid::POLICY_CONSTRAINTS_OID => { - let pc = asn1::parse_single::(ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "PolicyConstraints"))? - .call1((pc.require_explicit_policy, pc.inhibit_policy_mapping))?, - )) + let pc = ext.value::()?; + Ok(Some(types::POLICY_CONSTRAINTS.get(py)?.call1(( + pc.require_explicit_policy, + pc.inhibit_policy_mapping, + ))?)) } oid::OCSP_NO_CHECK_OID => { - asn1::parse_single::<()>(ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "OCSPNoCheck"))? - .call0()?, - )) + ext.value::<()>()?; + Ok(Some(types::OCSP_NO_CHECK.get(py)?.call0()?)) } oid::INHIBIT_ANY_POLICY_OID => { - let bignum = asn1::parse_single::>(ext_data)?; + let bignum = ext.value::>()?; let pynum = big_byte_slice_to_py_int(py, bignum.as_bytes())?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "InhibitAnyPolicy"))? - .call1((pynum,))?, - )) + Ok(Some(types::INHIBIT_ANY_POLICY.get(py)?.call1((pynum,))?)) } oid::BASIC_CONSTRAINTS_OID => { - let bc = asn1::parse_single::(ext_data)?; + let bc = ext.value::()?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "BasicConstraints"))? + types::BASIC_CONSTRAINTS + .get(py)? .call1((bc.ca, bc.path_length))?, )) } - oid::AUTHORITY_KEY_IDENTIFIER_OID => { - Ok(Some(parse_authority_key_identifier(py, ext_data)?)) - } + oid::AUTHORITY_KEY_IDENTIFIER_OID => Ok(Some(parse_authority_key_identifier(py, ext)?)), oid::CRL_DISTRIBUTION_POINTS_OID => { - let dp = parse_distribution_points(py, ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "CRLDistributionPoints"))? - .call1((dp,))?, - )) + let dp = parse_distribution_points(py, ext)?; + Ok(Some(types::CRL_DISTRIBUTION_POINTS.get(py)?.call1((dp,))?)) } oid::FRESHEST_CRL_OID => { - let dp = parse_distribution_points(py, ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "FreshestCRL"))? - .call1((dp,))?, - )) + let dp = parse_distribution_points(py, ext)?; + Ok(Some(types::FRESHEST_CRL.get(py)?.call1((dp,))?)) } oid::NAME_CONSTRAINTS_OID => { - let nc = asn1::parse_single::>(ext_data)?; + let nc = ext.value::>()?; let permitted_subtrees = match nc.permitted_subtrees { Some(data) => parse_general_subtrees(py, data)?, None => py.None(), @@ -967,86 +849,123 @@ pub fn parse_cert_ext<'p>( None => py.None(), }; Ok(Some( - x509_module - .getattr(crate::intern!(py, "NameConstraints"))? + types::NAME_CONSTRAINTS + .get(py)? .call1((permitted_subtrees, excluded_subtrees))?, )) } + oid::MS_CERTIFICATE_TEMPLATE => { + let ms_cert_tpl = ext.value::()?; + let py_oid = oid_to_py_oid(py, &ms_cert_tpl.template_id)?; + Ok(Some(types::MS_CERTIFICATE_TEMPLATE.get(py)?.call1(( + py_oid, + ms_cert_tpl.major_version, + ms_cert_tpl.minor_version, + ))?)) + } _ => Ok(None), } } -pub(crate) fn time_from_py(py: pyo3::Python<'_>, val: &pyo3::PyAny) -> PyAsn1Result { - let dt = x509::py_to_chrono(py, val)?; +pub(crate) fn time_from_py( + py: pyo3::Python<'_>, + val: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let dt = x509::py_to_datetime(py, val.clone())?; + time_from_datetime(dt) +} + +pub(crate) fn time_from_datetime(dt: asn1::DateTime) -> CryptographyResult { if dt.year() >= 2050 { - Ok(x509::Time::GeneralizedTime(asn1::GeneralizedTime::new(dt)?)) + Ok(common::Time::GeneralizedTime(asn1::GeneralizedTime::new( + dt, + )?)) } else { - Ok(x509::Time::UtcTime(asn1::UtcTime::new(dt).unwrap())) + Ok(common::Time::UtcTime(asn1::UtcTime::new(dt).unwrap())) } } -#[pyo3::prelude::pyfunction] -fn create_x509_certificate( +#[pyo3::pyfunction] +pub(crate) fn create_x509_certificate( py: pyo3::Python<'_>, - builder: &pyo3::PyAny, - private_key: &pyo3::PyAny, - hash_algorithm: &pyo3::PyAny, -) -> PyAsn1Result { - let sigalg = x509::sign::compute_signature_algorithm(py, private_key, hash_algorithm)?; - let serialization_mod = py.import("cryptography.hazmat.primitives.serialization")?; - let der_encoding = serialization_mod - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; - let spki_format = serialization_mod - .getattr(crate::intern!(py, "PublicFormat"))? - .getattr(crate::intern!(py, "SubjectPublicKeyInfo"))?; + builder: &pyo3::Bound<'_, pyo3::PyAny>, + private_key: &pyo3::Bound<'_, pyo3::PyAny>, + hash_algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + rsa_padding: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let sigalg = x509::sign::compute_signature_algorithm( + py, + private_key.clone(), + hash_algorithm.clone(), + rsa_padding.clone(), + )?; + let der = types::ENCODING_DER.get(py)?; + let spki = types::PUBLIC_FORMAT_SUBJECT_PUBLIC_KEY_INFO.get(py)?; let spki_bytes = builder - .getattr(crate::intern!(py, "_public_key"))? - .call_method1("public_bytes", (der_encoding, spki_format))? - .extract::<&[u8]>()?; + .getattr(pyo3::intern!(py, "_public_key"))? + .call_method1(pyo3::intern!(py, "public_bytes"), (der, spki))? + .extract::()?; let py_serial = builder - .getattr(crate::intern!(py, "_serial_number"))? + .getattr(pyo3::intern!(py, "_serial_number"))? .extract()?; - let py_issuer_name = builder.getattr(crate::intern!(py, "_issuer_name"))?; - let py_subject_name = builder.getattr(crate::intern!(py, "_subject_name"))?; - let py_not_before = builder.getattr(crate::intern!(py, "_not_valid_before"))?; - let py_not_after = builder.getattr(crate::intern!(py, "_not_valid_after"))?; + let py_issuer_name = builder.getattr(pyo3::intern!(py, "_issuer_name"))?; + let py_subject_name = builder.getattr(pyo3::intern!(py, "_subject_name"))?; + let py_not_before = builder.getattr(pyo3::intern!(py, "_not_valid_before"))?; + let py_not_after = builder.getattr(pyo3::intern!(py, "_not_valid_after"))?; + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); - let tbs_cert = TbsCertificate { + let serial_bytes = py_uint_to_big_endian_bytes(py, py_serial)?; + + let ka = cryptography_keepalive::KeepAlive::new(); + + let tbs_cert = cryptography_x509::certificate::TbsCertificate { version: builder - .getattr(crate::intern!(py, "_version"))? - .getattr(crate::intern!(py, "value"))? + .getattr(pyo3::intern!(py, "_version"))? + .getattr(pyo3::intern!(py, "value"))? .extract()?, - serial: asn1::BigInt::new(py_uint_to_big_endian_bytes(py, py_serial)?).unwrap(), + serial: asn1::BigInt::new(&serial_bytes).unwrap(), signature_alg: sigalg.clone(), - issuer: x509::common::encode_name(py, py_issuer_name)?, - validity: Validity { - not_before: time_from_py(py, py_not_before)?, - not_after: time_from_py(py, py_not_after)?, + issuer: x509::common::encode_name(py, &ka, &py_issuer_name)?, + validity: cryptography_x509::certificate::Validity { + not_before: time_from_py(py, &py_not_before)?, + not_after: time_from_py(py, &py_not_after)?, }, - subject: x509::common::encode_name(py, py_subject_name)?, - spki: asn1::parse_single(spki_bytes)?, + subject: x509::common::encode_name(py, &ka, &py_subject_name)?, + spki: asn1::parse_single(&spki_bytes)?, issuer_unique_id: None, subject_unique_id: None, - extensions: x509::common::encode_extensions( + raw_extensions: x509::common::encode_extensions( py, - builder.getattr(crate::intern!(py, "_extensions"))?, + &ka_vec, + &ka_bytes, + &builder.getattr(pyo3::intern!(py, "_extensions"))?, extensions::encode_extension, )?, }; let tbs_bytes = asn1::write_single(&tbs_cert)?; - let signature = x509::sign::sign_data(py, private_key, hash_algorithm, &tbs_bytes)?; - let data = asn1::write_single(&RawCertificate { + let signature = x509::sign::sign_data( + py, + private_key.clone(), + hash_algorithm.clone(), + rsa_padding.clone(), + &tbs_bytes, + )?; + let data = asn1::write_single(&cryptography_x509::certificate::Certificate { tbs_cert, signature_alg: sigalg, - signature: asn1::BitString::new(signature, 0).unwrap(), + signature: asn1::BitString::new(&signature, 0).unwrap(), })?; - // TODO: extra copy as we round-trip through a slice - load_der_x509_certificate(py, &data) + load_der_x509_certificate( + py, + pyo3::types::PyBytes::new_bound(py, &data).unbind(), + None, + ) } pub(crate) fn set_bit(vals: &mut [u8], n: usize, set: bool) { @@ -1056,13 +975,3 @@ pub(crate) fn set_bit(vals: &mut [u8], n: usize, set: bool) { vals[idx] |= v; } } - -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(load_der_x509_certificate))?; - module.add_wrapped(pyo3::wrap_pyfunction!(load_pem_x509_certificate))?; - module.add_wrapped(pyo3::wrap_pyfunction!(create_x509_certificate))?; - - module.add_class::()?; - - Ok(()) -} diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs index 5cc8338..cdb53a7 100644 --- a/src/rust/src/x509/common.rs +++ b/src/rust/src/x509/common.rs @@ -2,14 +2,18 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{oid_to_py_oid, py_oid_to_oid, PyAsn1Error, PyAsn1Result}; -use crate::x509; -use chrono::{Datelike, TimeZone, Timelike}; +use cryptography_x509::common::{Asn1ReadableOrWritable, AttributeTypeValue, RawTlv}; +use cryptography_x509::extensions::{ + AccessDescription, DuplicateExtensionsError, Extension, Extensions, RawExtensions, +}; +use cryptography_x509::name::{GeneralName, Name, NameReadable, OtherName, UnvalidatedIA5String}; use pyo3::types::IntoPyDict; -use pyo3::ToPyObject; -use std::collections::HashSet; -use std::convert::TryInto; -use std::marker::PhantomData; +use pyo3::types::{PyAnyMethods, PyListMethods}; +use pyo3::{IntoPy, ToPyObject}; + +use crate::asn1::{oid_to_py_oid, py_oid_to_oid}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types, x509}; /// Parse all sections in a PEM file and return the first matching section. /// If no matching sections are found, return an error. @@ -17,81 +21,29 @@ pub(crate) fn find_in_pem( data: &[u8], filter_fn: fn(&pem::Pem) -> bool, no_match_err: &'static str, -) -> Result { +) -> Result { let all_sections = pem::parse_many(data)?; if all_sections.is_empty() { - return Err(PyAsn1Error::from(pem::PemError::MalformedFraming)); - } - all_sections - .into_iter() - .find(filter_fn) - .ok_or_else(|| PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err(no_match_err))) -} - -pub(crate) type Name<'a> = Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, asn1::SetOf<'a, AttributeTypeValue<'a>>>, - asn1::SequenceOfWriter< - 'a, - asn1::SetOfWriter<'a, AttributeTypeValue<'a>, Vec>>, - Vec, Vec>>>, - >, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] -pub(crate) struct AttributeTypeValue<'a> { - pub(crate) type_id: asn1::ObjectIdentifier, - pub(crate) value: RawTlv<'a>, -} - -// Like `asn1::Tlv` but doesn't store `full_data` so it can be constucted from -// an un-encoded tag and value. -#[derive(Hash, PartialEq, Eq, Clone)] -pub(crate) struct RawTlv<'a> { - tag: asn1::Tag, - value: &'a [u8], -} - -impl<'a> RawTlv<'a> { - pub(crate) fn new(tag: asn1::Tag, value: &'a [u8]) -> Self { - RawTlv { tag, value } - } - - pub(crate) fn tag(&self) -> asn1::Tag { - self.tag - } - pub(crate) fn data(&self) -> &'a [u8] { - self.value - } -} -impl<'a> asn1::Asn1Readable<'a> for RawTlv<'a> { - fn parse(parser: &mut asn1::Parser<'a>) -> asn1::ParseResult { - let tlv = parser.read_element::>()?; - Ok(RawTlv::new(tlv.tag(), tlv.data())) - } - - fn can_parse(_tag: asn1::Tag) -> bool { - true - } -} -impl<'a> asn1::Asn1Writable for RawTlv<'a> { - fn write(&self, w: &mut asn1::Writer<'_>) -> asn1::WriteResult { - w.write_tlv(self.tag, move |dest| dest.push_slice(self.value)) + return Err(CryptographyError::from(pem::PemError::MalformedFraming)); } + all_sections.into_iter().find(filter_fn).ok_or_else(|| { + CryptographyError::from(pyo3::exceptions::PyValueError::new_err(no_match_err)) + }) } pub(crate) fn encode_name<'p>( - py: pyo3::Python<'p>, - py_name: &'p pyo3::PyAny, + py: pyo3::Python<'_>, + ka: &'p cryptography_keepalive::KeepAlive, + py_name: &pyo3::Bound<'_, pyo3::PyAny>, ) -> pyo3::PyResult> { let mut rdns = vec![]; - for py_rdn in py_name.getattr(crate::intern!(py, "rdns"))?.iter()? { + for py_rdn in py_name.getattr(pyo3::intern!(py, "rdns"))?.iter()? { let py_rdn = py_rdn?; let mut attrs = vec![]; for py_attr in py_rdn.iter()? { - attrs.push(encode_name_entry(py, py_attr?)?); + attrs.push(encode_name_entry(py, ka, &py_attr?)?); } rdns.push(asn1::SetOfWriter::new(attrs)); } @@ -101,354 +53,234 @@ pub(crate) fn encode_name<'p>( } pub(crate) fn encode_name_entry<'p>( - py: pyo3::Python<'p>, - py_name_entry: &'p pyo3::PyAny, -) -> PyAsn1Result> { - let asn1_type = py - .import("cryptography.x509.name")? - .getattr(crate::intern!(py, "_ASN1Type"))?; - - let attr_type = py_name_entry.getattr(crate::intern!(py, "_type"))?; + py: pyo3::Python<'_>, + ka: &'p cryptography_keepalive::KeepAlive, + py_name_entry: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let attr_type = py_name_entry.getattr(pyo3::intern!(py, "_type"))?; let tag = attr_type - .getattr(crate::intern!(py, "value"))? + .getattr(pyo3::intern!(py, "value"))? .extract::()?; - let value: &[u8] = if attr_type != asn1_type.getattr(crate::intern!(py, "BitString"))? { - let encoding = if attr_type == asn1_type.getattr(crate::intern!(py, "BMPString"))? { - "utf_16_be" - } else if attr_type == asn1_type.getattr(crate::intern!(py, "UniversalString"))? { - "utf_32_be" + let value: pyo3::pybacked::PyBackedBytes = + if !attr_type.is(&types::ASN1_TYPE_BIT_STRING.get(py)?) { + let encoding = if attr_type.is(&types::ASN1_TYPE_BMP_STRING.get(py)?) { + "utf_16_be" + } else if attr_type.is(&types::ASN1_TYPE_UNIVERSAL_STRING.get(py)?) { + "utf_32_be" + } else { + "utf8" + }; + py_name_entry + .getattr(pyo3::intern!(py, "value"))? + .call_method1(pyo3::intern!(py, "encode"), (encoding,))? + .extract()? } else { - "utf8" + py_name_entry + .getattr(pyo3::intern!(py, "value"))? + .extract()? }; - py_name_entry - .getattr(crate::intern!(py, "value"))? - .call_method1("encode", (encoding,))? - .extract()? - } else { - py_name_entry - .getattr(crate::intern!(py, "value"))? - .extract()? - }; - let oid = py_oid_to_oid(py_name_entry.getattr(crate::intern!(py, "oid"))?)?; + let py_oid = py_name_entry.getattr(pyo3::intern!(py, "oid"))?; + let oid = py_oid_to_oid(py_oid)?; Ok(AttributeTypeValue { type_id: oid, - value: RawTlv::new(asn1::Tag::from_bytes(&[tag])?.0, value), + value: RawTlv::new(asn1::Tag::from_bytes(&[tag])?.0, ka.add(value)), }) } -#[pyo3::prelude::pyfunction] -fn encode_name_bytes<'p>( +#[pyo3::pyfunction] +pub(crate) fn encode_name_bytes<'p>( py: pyo3::Python<'p>, - py_name: &'p pyo3::PyAny, -) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let name = encode_name(py, py_name)?; + py_name: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + let ka = cryptography_keepalive::KeepAlive::new(); + let name = encode_name(py, &ka, py_name)?; let result = asn1::write_single(&name)?; - Ok(pyo3::types::PyBytes::new(py, &result)) -} - -/// An IA5String ASN.1 element whose contents is not validated as meeting the -/// requirements (ASCII characters only), and instead is only known to be -/// valid UTF-8. -pub(crate) struct UnvalidatedIA5String<'a>(pub(crate) &'a str); - -impl<'a> asn1::SimpleAsn1Readable<'a> for UnvalidatedIA5String<'a> { - const TAG: asn1::Tag = asn1::IA5String::TAG; - fn parse_data(data: &'a [u8]) -> asn1::ParseResult { - Ok(UnvalidatedIA5String(std::str::from_utf8(data).map_err( - |_| asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue), - )?)) - } + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } -impl<'a> asn1::SimpleAsn1Writable for UnvalidatedIA5String<'a> { - const TAG: asn1::Tag = asn1::IA5String::TAG; - fn write_data(&self, dest: &mut asn1::WriteBuf) -> asn1::WriteResult { - dest.push_slice(self.0.as_bytes()) - } -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash)] -pub(crate) struct OtherName<'a> { - pub(crate) type_id: asn1::ObjectIdentifier, - #[explicit(0, required)] - pub(crate) value: asn1::Tlv<'a>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) enum GeneralName<'a> { - #[implicit(0)] - OtherName(OtherName<'a>), - - #[implicit(1)] - RFC822Name(UnvalidatedIA5String<'a>), - - #[implicit(2)] - DNSName(UnvalidatedIA5String<'a>), - - #[implicit(3)] - // unsupported - X400Address(asn1::Sequence<'a>), - - // Name is explicit per RFC 5280 Appendix A.1. - #[explicit(4)] - DirectoryName(Name<'a>), - - #[implicit(5)] - // unsupported - EDIPartyName(asn1::Sequence<'a>), - - #[implicit(6)] - UniformResourceIdentifier(UnvalidatedIA5String<'a>), - - #[implicit(7)] - IPAddress(&'a [u8]), - - #[implicit(8)] - RegisteredID(asn1::ObjectIdentifier), -} - -pub(crate) type SequenceOfGeneralName<'a> = Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, GeneralName<'a>>, - asn1::SequenceOfWriter<'a, GeneralName<'a>, Vec>>, ->; - pub(crate) fn encode_general_names<'a>( - py: pyo3::Python<'a>, - py_gns: &'a pyo3::PyAny, -) -> Result>, PyAsn1Error> { + py: pyo3::Python<'_>, + ka_bytes: &'a cryptography_keepalive::KeepAlive, + ka_str: &'a cryptography_keepalive::KeepAlive, + py_gns: &pyo3::Bound<'a, pyo3::PyAny>, +) -> Result>, CryptographyError> { let mut gns = vec![]; for el in py_gns.iter()? { - let gn = encode_general_name(py, el?)?; - gns.push(gn) + let gn = encode_general_name(py, ka_bytes, ka_str, &el?)?; + gns.push(gn); } Ok(gns) } pub(crate) fn encode_general_name<'a>( - py: pyo3::Python<'a>, - gn: &'a pyo3::PyAny, -) -> Result, PyAsn1Error> { - let gn_module = py.import("cryptography.x509.general_name")?; - let gn_type = gn.get_type().as_ref(); - let gn_value = gn.getattr(crate::intern!(py, "value"))?; - if gn_type == gn_module.getattr(crate::intern!(py, "DNSName"))? { + py: pyo3::Python<'_>, + ka_bytes: &'a cryptography_keepalive::KeepAlive, + ka_str: &'a cryptography_keepalive::KeepAlive, + gn: &pyo3::Bound<'a, pyo3::PyAny>, +) -> Result, CryptographyError> { + let gn_type = gn.get_type(); + let gn_value = gn.getattr(pyo3::intern!(py, "value"))?; + + if gn_type.is(&types::DNS_NAME.get(py)?) { Ok(GeneralName::DNSName(UnvalidatedIA5String( - gn_value.extract::<&str>()?, + ka_str.add(gn_value.extract()?), ))) - } else if gn_type == gn_module.getattr(crate::intern!(py, "RFC822Name"))? { + } else if gn_type.is(&types::RFC822_NAME.get(py)?) { Ok(GeneralName::RFC822Name(UnvalidatedIA5String( - gn_value.extract::<&str>()?, + ka_str.add(gn_value.extract()?), ))) - } else if gn_type == gn_module.getattr(crate::intern!(py, "DirectoryName"))? { - let name = encode_name(py, gn_value)?; + } else if gn_type.is(&types::DIRECTORY_NAME.get(py)?) { + let name = encode_name(py, ka_bytes, &gn_value)?; Ok(GeneralName::DirectoryName(name)) - } else if gn_type == gn_module.getattr(crate::intern!(py, "OtherName"))? { + } else if gn_type.is(&types::OTHER_NAME.get(py)?) { + let py_oid = gn.getattr(pyo3::intern!(py, "type_id"))?; Ok(GeneralName::OtherName(OtherName { - type_id: py_oid_to_oid(gn.getattr(crate::intern!(py, "type_id"))?)?, - value: asn1::parse_single(gn_value.extract::<&[u8]>()?).map_err(|e| { + type_id: py_oid_to_oid(py_oid)?, + value: asn1::parse_single(ka_bytes.add(gn_value.extract()?)).map_err(|e| { pyo3::exceptions::PyValueError::new_err(format!( - "OtherName value must be valid DER: {:?}", - e + "OtherName value must be valid DER: {e:?}" )) })?, })) - } else if gn_type == gn_module.getattr(crate::intern!(py, "UniformResourceIdentifier"))? { + } else if gn_type.is(&types::UNIFORM_RESOURCE_IDENTIFIER.get(py)?) { Ok(GeneralName::UniformResourceIdentifier( - UnvalidatedIA5String(gn_value.extract::<&str>()?), - )) - } else if gn_type == gn_module.getattr(crate::intern!(py, "IPAddress"))? { - Ok(GeneralName::IPAddress( - gn.call_method0("_packed")?.extract::<&[u8]>()?, + UnvalidatedIA5String(ka_str.add(gn_value.extract()?)), )) - } else if gn_type == gn_module.getattr(crate::intern!(py, "RegisteredID"))? { + } else if gn_type.is(&types::IP_ADDRESS.get(py)?) { + Ok(GeneralName::IPAddress(ka_bytes.add( + gn.call_method0(pyo3::intern!(py, "_packed"))?.extract()?, + ))) + } else if gn_type.is(&types::REGISTERED_ID.get(py)?) { let oid = py_oid_to_oid(gn_value)?; Ok(GeneralName::RegisteredID(oid)) } else { - Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Unsupported GeneralName type", - ))) + Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Unsupported GeneralName type"), + )) } } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct AccessDescription<'a> { - pub(crate) access_method: asn1::ObjectIdentifier, - pub(crate) access_location: GeneralName<'a>, -} - -pub(crate) type SequenceOfAccessDescriptions<'a> = Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, AccessDescription<'a>>, - asn1::SequenceOfWriter<'a, AccessDescription<'a>, Vec>>, ->; - pub(crate) fn encode_access_descriptions<'a>( py: pyo3::Python<'a>, - py_ads: &'a pyo3::PyAny, -) -> Result, PyAsn1Error> { + py_ads: &pyo3::Bound<'a, pyo3::PyAny>, +) -> CryptographyResult> { let mut ads = vec![]; + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); for py_ad in py_ads.iter()? { let py_ad = py_ad?; - let access_method = py_oid_to_oid(py_ad.getattr(crate::intern!(py, "access_method"))?)?; - let access_location = - encode_general_name(py, py_ad.getattr(crate::intern!(py, "access_location"))?)?; + let py_oid = py_ad.getattr(pyo3::intern!(py, "access_method"))?; + let access_method = py_oid_to_oid(py_oid)?; + let py_access_location = py_ad.getattr(pyo3::intern!(py, "access_location"))?; + let access_location = encode_general_name(py, &ka_bytes, &ka_str, &py_access_location)?; ads.push(AccessDescription { access_method, access_location, }); } - Ok(Asn1ReadableOrWritable::new_write( - asn1::SequenceOfWriter::new(ads), - )) -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash, Clone)] -pub(crate) enum Time { - UtcTime(asn1::UtcTime), - GeneralizedTime(asn1::GeneralizedTime), -} - -impl Time { - pub(crate) fn as_chrono(&self) -> &chrono::DateTime { - match self { - Time::UtcTime(data) => data.as_chrono(), - Time::GeneralizedTime(data) => data.as_chrono(), - } - } -} - -pub(crate) type Extensions<'a> = Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, Extension<'a>>, - asn1::SequenceOfWriter<'a, Extension<'a>, Vec>>, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash, Clone)] -pub(crate) struct AlgorithmIdentifier<'a> { - pub(crate) oid: asn1::ObjectIdentifier, - pub(crate) params: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)] -pub(crate) struct Extension<'a> { - pub(crate) extn_id: asn1::ObjectIdentifier, - #[default(false)] - pub(crate) critical: bool, - pub(crate) extn_value: &'a [u8], + Ok(asn1::write_single(&asn1::SequenceOfWriter::new(ads))?) } pub(crate) fn parse_name<'p>( py: pyo3::Python<'p>, - name: &Name<'_>, -) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let x509_module = py.import("cryptography.x509")?; - let py_rdns = pyo3::types::PyList::empty(py); - for rdn in name.unwrap_read().clone() { + name: &NameReadable<'_>, +) -> Result, CryptographyError> { + let py_rdns = pyo3::types::PyList::empty_bound(py); + for rdn in name.clone() { let py_rdn = parse_rdn(py, &rdn)?; py_rdns.append(py_rdn)?; } - Ok(x509_module.call_method1("Name", (py_rdns,))?) + Ok(types::NAME.get(py)?.call1((py_rdns,))?) } fn parse_name_attribute( py: pyo3::Python<'_>, attribute: AttributeTypeValue<'_>, -) -> Result { - let x509_module = py.import("cryptography.x509")?; - let oid = oid_to_py_oid(py, &attribute.type_id)?.to_object(py); - let tag_enum = py - .import("cryptography.x509.name")? - .getattr(crate::intern!(py, "_ASN1_TYPE_TO_ENUM"))?; - let tag_val = attribute - .value - .tag() - .as_u8() - .ok_or_else(|| { - PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Long-form tags are not supported in NameAttribute values", - )) - })? - .to_object(py); - let py_tag = tag_enum.get_item(tag_val)?; +) -> Result { + let oid = oid_to_py_oid(py, &attribute.type_id)?; + let tag_val = attribute.value.tag().as_u8().ok_or_else(|| { + CryptographyError::from(pyo3::exceptions::PyValueError::new_err( + "Long-form tags are not supported in NameAttribute values", + )) + })?; + let py_tag = types::ASN1_TYPE_TO_ENUM.get(py)?.get_item(tag_val)?; let py_data = match attribute.value.tag().as_u8() { // BitString tag value - Some(3) => pyo3::types::PyBytes::new(py, attribute.value.data()), + Some(3) => pyo3::types::PyBytes::new_bound(py, attribute.value.data()).into_any(), // BMPString tag value Some(30) => { - let py_bytes = pyo3::types::PyBytes::new(py, attribute.value.data()); - py_bytes.call_method1("decode", ("utf_16_be",))? + let py_bytes = pyo3::types::PyBytes::new_bound(py, attribute.value.data()); + py_bytes.call_method1(pyo3::intern!(py, "decode"), ("utf_16_be",))? } // UniversalString Some(28) => { - let py_bytes = pyo3::types::PyBytes::new(py, attribute.value.data()); - py_bytes.call_method1("decode", ("utf_32_be",))? + let py_bytes = pyo3::types::PyBytes::new_bound(py, attribute.value.data()); + py_bytes.call_method1(pyo3::intern!(py, "decode"), ("utf_32_be",))? } _ => { let parsed = std::str::from_utf8(attribute.value.data()) .map_err(|_| asn1::ParseError::new(asn1::ParseErrorKind::InvalidValue))?; - pyo3::types::PyString::new(py, parsed) + pyo3::types::PyString::new_bound(py, parsed).into_any() } }; - let kwargs = [("_validate", false)].into_py_dict(py); - Ok(x509_module - .call_method("NameAttribute", (oid, py_data, py_tag), Some(kwargs))? + let kwargs = [(pyo3::intern!(py, "_validate"), false)].into_py_dict_bound(py); + Ok(types::NAME_ATTRIBUTE + .get(py)? + .call((oid, py_data, py_tag), Some(&kwargs))? .to_object(py)) } pub(crate) fn parse_rdn<'a>( py: pyo3::Python<'_>, rdn: &asn1::SetOf<'a, AttributeTypeValue<'a>>, -) -> Result { - let x509_module = py.import("cryptography.x509")?; - let py_attrs = pyo3::types::PySet::empty(py)?; +) -> Result { + let py_attrs = pyo3::types::PyList::empty_bound(py); for attribute in rdn.clone() { let na = parse_name_attribute(py, attribute)?; - py_attrs.add(na)?; + py_attrs.append(na)?; } - Ok(x509_module - .call_method1("RelativeDistinguishedName", (py_attrs,))? + Ok(types::RELATIVE_DISTINGUISHED_NAME + .get(py)? + .call1((py_attrs,))? .to_object(py)) } pub(crate) fn parse_general_name( py: pyo3::Python<'_>, gn: GeneralName<'_>, -) -> Result { - let x509_module = py.import("cryptography.x509")?; +) -> Result { let py_gn = match gn { GeneralName::OtherName(data) => { - let oid = oid_to_py_oid(py, &data.type_id)?.to_object(py); - x509_module - .call_method1("OtherName", (oid, data.value.full_data()))? + let oid = oid_to_py_oid(py, &data.type_id)?; + types::OTHER_NAME + .get(py)? + .call1((oid, data.value.full_data()))? .to_object(py) } - GeneralName::RFC822Name(data) => x509_module - .getattr(crate::intern!(py, "RFC822Name"))? - .call_method1("_init_without_validation", (data.0,))? + GeneralName::RFC822Name(data) => types::RFC822_NAME + .get(py)? + .call_method1(pyo3::intern!(py, "_init_without_validation"), (data.0,))? .to_object(py), - GeneralName::DNSName(data) => x509_module - .getattr(crate::intern!(py, "DNSName"))? - .call_method1("_init_without_validation", (data.0,))? + GeneralName::DNSName(data) => types::DNS_NAME + .get(py)? + .call_method1(pyo3::intern!(py, "_init_without_validation"), (data.0,))? .to_object(py), GeneralName::DirectoryName(data) => { - let py_name = parse_name(py, &data)?; - x509_module - .call_method1("DirectoryName", (py_name,))? + let py_name = parse_name(py, data.unwrap_read())?; + types::DIRECTORY_NAME + .get(py)? + .call1((py_name,))? .to_object(py) } - GeneralName::UniformResourceIdentifier(data) => x509_module - .getattr(crate::intern!(py, "UniformResourceIdentifier"))? - .call_method1("_init_without_validation", (data.0,))? + GeneralName::UniformResourceIdentifier(data) => types::UNIFORM_RESOURCE_IDENTIFIER + .get(py)? + .call_method1(pyo3::intern!(py, "_init_without_validation"), (data.0,))? .to_object(py), GeneralName::IPAddress(data) => { - let ip_module = py.import("ipaddress")?; if data.len() == 4 || data.len() == 16 { - let addr = ip_module.call_method1("ip_address", (data,))?.to_object(py); - x509_module - .call_method1("IPAddress", (addr,))? - .to_object(py) + let addr = types::IPADDRESS_IPADDRESS.get(py)?.call1((data,))?; + types::IP_ADDRESS.get(py)?.call1((addr,))?.to_object(py) } else { // if it's not an IPv4 or IPv6 we assume it's an IPNetwork and // verify length in this function. @@ -456,18 +288,15 @@ pub(crate) fn parse_general_name( } } GeneralName::RegisteredID(data) => { - let oid = oid_to_py_oid(py, &data)?.to_object(py); - x509_module - .call_method1("RegisteredID", (oid,))? - .to_object(py) + let oid = oid_to_py_oid(py, &data)?; + types::REGISTERED_ID.get(py)?.call1((oid,))?.to_object(py) } _ => { - return Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - x509_module.call_method1( - "UnsupportedGeneralNameType", - ("x400Address/EDIPartyName are not supported types",), - )?, - ))) + return Err(CryptographyError::from( + exceptions::UnsupportedGeneralNameType::new_err( + "x400Address/EDIPartyName are not supported types", + ), + )) } }; Ok(py_gn) @@ -476,8 +305,8 @@ pub(crate) fn parse_general_name( pub(crate) fn parse_general_names<'a>( py: pyo3::Python<'_>, gn_seq: &asn1::SequenceOf<'a, GeneralName<'a>>, -) -> Result { - let gns = pyo3::types::PyList::empty(py); +) -> Result { + let gns = pyo3::types::PyList::empty_bound(py); for gn in gn_seq.clone() { let py_gn = parse_general_name(py, gn)?; gns.append(py_gn)?; @@ -485,9 +314,10 @@ pub(crate) fn parse_general_names<'a>( Ok(gns.to_object(py)) } -fn create_ip_network(py: pyo3::Python<'_>, data: &[u8]) -> Result { - let ip_module = py.import("ipaddress")?; - let x509_module = py.import("cryptography.x509")?; +fn create_ip_network( + py: pyo3::Python<'_>, + data: &[u8], +) -> Result { let prefix = match data.len() { 8 => { let num = u32::from_be_bytes(data[4..].try_into().unwrap()); @@ -497,139 +327,124 @@ fn create_ip_network(py: pyo3::Python<'_>, data: &[u8]) -> Result Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( + _ => Err(CryptographyError::from(pyo3::exceptions::PyValueError::new_err( format!("Invalid IPNetwork, must be 8 bytes for IPv4 and 32 bytes for IPv6. Found length: {}", data.len()), ))), }; - let base = ip_module.call_method1( - "ip_address", - (pyo3::types::PyBytes::new(py, &data[..data.len() / 2]),), - )?; + let base = types::IPADDRESS_IPADDRESS + .get(py)? + .call1((pyo3::types::PyBytes::new_bound(py, &data[..data.len() / 2]),))?; let net = format!( "{}/{}", - base.getattr(crate::intern!(py, "exploded"))? - .extract::<&str>()?, + base.getattr(pyo3::intern!(py, "exploded"))? + .extract::()?, prefix? ); - let addr = ip_module.call_method1("ip_network", (net,))?.to_object(py); - Ok(x509_module - .call_method1("IPAddress", (addr,))? - .to_object(py)) + let addr = types::IPADDRESS_IPNETWORK.get(py)?.call1((net,))?; + Ok(types::IP_ADDRESS.get(py)?.call1((addr,))?.to_object(py)) } -fn ipv4_netmask(num: u32) -> Result { - // we invert and check leading zeros because leading_ones wasn't stabilized - // until 1.46.0. When we raise our MSRV we should change this - if (!num).leading_zeros() + num.trailing_zeros() != 32 { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Invalid netmask", - ))); +fn ipv4_netmask(num: u32) -> Result { + if num.leading_ones() + num.trailing_zeros() != 32 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid netmask"), + )); } Ok((!num).leading_zeros()) } -fn ipv6_netmask(num: u128) -> Result { - // we invert and check leading zeros because leading_ones wasn't stabilized - // until 1.46.0. When we raise our MSRV we should change this - if (!num).leading_zeros() + num.trailing_zeros() != 128 { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Invalid netmask", - ))); +fn ipv6_netmask(num: u128) -> Result { + if num.leading_ones() + num.trailing_zeros() != 128 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid netmask"), + )); } Ok((!num).leading_zeros()) } pub(crate) fn parse_and_cache_extensions< 'p, - F: Fn(&asn1::ObjectIdentifier, &[u8]) -> Result, PyAsn1Error>, + F: Fn(&Extension<'_>) -> Result>, CryptographyError>, >( py: pyo3::Python<'p>, - cached_extensions: &mut Option, - raw_exts: &Option>, + cached_extensions: &pyo3::sync::GILOnceCell, + raw_extensions: &Option>, parse_ext: F, ) -> pyo3::PyResult { - if let Some(cached) = cached_extensions { - return Ok(cached.clone_ref(py)); - } + cached_extensions + .get_or_try_init(py, || { + let extensions = match Extensions::from_raw_extensions(raw_extensions.as_ref()) { + Ok(extensions) => extensions, + Err(DuplicateExtensionsError(oid)) => { + let oid_obj = oid_to_py_oid(py, &oid)?; + return Err(exceptions::DuplicateExtension::new_err(( + format!("Duplicate {} extension found", &oid), + oid_obj.into_py(py), + ))); + } + }; - let x509_module = py.import("cryptography.x509")?; - let exts = pyo3::types::PyList::empty(py); - let mut seen_oids = HashSet::new(); - if let Some(raw_exts) = raw_exts { - for raw_ext in raw_exts.unwrap_read().clone() { - let oid_obj = oid_to_py_oid(py, &raw_ext.extn_id)?; - - if seen_oids.contains(&raw_ext.extn_id) { - return Err(pyo3::PyErr::from_instance(x509_module.call_method1( - "DuplicateExtension", - ( - format!("Duplicate {} extension found", raw_ext.extn_id), - oid_obj, - ), - )?)); + let exts = pyo3::types::PyList::empty_bound(py); + for raw_ext in extensions.iter() { + let oid_obj = oid_to_py_oid(py, &raw_ext.extn_id)?; + + let extn_value = match parse_ext(&raw_ext)? { + Some(e) => e, + None => types::UNRECOGNIZED_EXTENSION + .get(py)? + .call1((oid_obj.clone(), raw_ext.extn_value))?, + }; + let ext_obj = + types::EXTENSION + .get(py)? + .call1((oid_obj, raw_ext.critical, extn_value))?; + exts.append(ext_obj)?; } - - let extn_value = match parse_ext(&raw_ext.extn_id, raw_ext.extn_value)? { - Some(e) => e, - None => x509_module - .call_method1("UnrecognizedExtension", (oid_obj, raw_ext.extn_value))?, - }; - let ext_obj = - x509_module.call_method1("Extension", (oid_obj, raw_ext.critical, extn_value))?; - exts.append(ext_obj)?; - seen_oids.insert(raw_ext.extn_id); - } - } - let extensions = x509_module - .call_method1("Extensions", (exts,))? - .to_object(py); - *cached_extensions = Some(extensions.clone_ref(py)); - Ok(extensions) + Ok(types::EXTENSIONS.get(py)?.call1((exts,))?.to_object(py)) + }) + .map(|p| p.clone_ref(py)) } pub(crate) fn encode_extensions< 'p, - F: Fn(pyo3::Python<'_>, &asn1::ObjectIdentifier, &pyo3::PyAny) -> PyAsn1Result>>, + F: Fn( + pyo3::Python<'_>, + &asn1::ObjectIdentifier, + &pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult>>, >( py: pyo3::Python<'p>, - py_exts: &'p pyo3::PyAny, + ka_vec: &'p cryptography_keepalive::KeepAlive>, + ka_bytes: &'p cryptography_keepalive::KeepAlive, + py_exts: &pyo3::Bound<'p, pyo3::PyAny>, encode_ext: F, -) -> pyo3::PyResult>> { - let unrecognized_extension_type: &pyo3::types::PyType = py - .import("cryptography.x509")? - .getattr(crate::intern!(py, "UnrecognizedExtension"))? - .extract()?; - +) -> pyo3::PyResult>> { let mut exts = vec![]; for py_ext in py_exts.iter()? { let py_ext = py_ext?; - let oid = py_oid_to_oid(py_ext.getattr(crate::intern!(py, "oid"))?)?; + let py_oid = py_ext.getattr(pyo3::intern!(py, "oid"))?; + let oid = py_oid_to_oid(py_oid)?; - let ext_val = py_ext.getattr(crate::intern!(py, "value"))?; - if unrecognized_extension_type.is_instance(ext_val)? { + let ext_val = py_ext.getattr(pyo3::intern!(py, "value"))?; + if ext_val.is_instance(&types::UNRECOGNIZED_EXTENSION.get(py)?)? { exts.push(Extension { extn_id: oid, - critical: py_ext.getattr(crate::intern!(py, "critical"))?.extract()?, - extn_value: ext_val - .getattr(crate::intern!(py, "value"))? - .extract::<&[u8]>()?, + critical: py_ext.getattr(pyo3::intern!(py, "critical"))?.extract()?, + extn_value: ka_bytes.add(ext_val.getattr(pyo3::intern!(py, "value"))?.extract()?), }); continue; } - match encode_ext(py, &oid, ext_val)? { + match encode_ext(py, &oid, &ext_val)? { Some(data) => { - // TODO: extra copy - let py_data = pyo3::types::PyBytes::new(py, &data); exts.push(Extension { extn_id: oid, - critical: py_ext.getattr(crate::intern!(py, "critical"))?.extract()?, - extn_value: py_data.as_bytes(), - }) + critical: py_ext.getattr(pyo3::intern!(py, "critical"))?.extract()?, + extn_value: ka_vec.add(data), + }); } None => { return Err(pyo3::exceptions::PyNotImplementedError::new_err(format!( - "Extension not supported: {}", - oid + "Extension not supported: {oid}" ))) } } @@ -642,130 +457,86 @@ pub(crate) fn encode_extensions< ))) } -#[pyo3::prelude::pyfunction] -fn encode_extension_value<'p>( +#[pyo3::pyfunction] +pub(crate) fn encode_extension_value<'p>( py: pyo3::Python<'p>, - py_ext: &'p pyo3::PyAny, -) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { - let oid = py_oid_to_oid(py_ext.getattr(crate::intern!(py, "oid"))?)?; + py_ext: pyo3::Bound<'p, pyo3::PyAny>, +) -> pyo3::PyResult> { + let oid = py_oid_to_oid(py_ext.getattr(pyo3::intern!(py, "oid"))?)?; - if let Some(data) = x509::extensions::encode_extension(py, &oid, py_ext)? { + if let Some(data) = x509::extensions::encode_extension(py, &oid, &py_ext)? { // TODO: extra copy - let py_data = pyo3::types::PyBytes::new(py, &data); + let py_data = pyo3::types::PyBytes::new_bound(py, &data); return Ok(py_data); } Err(pyo3::exceptions::PyNotImplementedError::new_err(format!( - "Extension not supported: {}", - oid + "Extension not supported: {oid}" ))) } -pub(crate) fn chrono_to_py<'p>( +pub(crate) fn datetime_to_py<'p>( py: pyo3::Python<'p>, - dt: &chrono::DateTime, -) -> pyo3::PyResult<&'p pyo3::PyAny> { - let datetime_module = py.import("datetime")?; - datetime_module - .getattr(crate::intern!(py, "datetime"))? - .call1(( - dt.year(), - dt.month(), - dt.day(), - dt.hour(), - dt.minute(), - dt.second(), - )) -} - -pub(crate) fn py_to_chrono( - py: pyo3::Python<'_>, - val: &pyo3::PyAny, -) -> pyo3::PyResult> { - Ok(chrono::Utc - .ymd( - val.getattr(crate::intern!(py, "year"))?.extract()?, - val.getattr(crate::intern!(py, "month"))?.extract()?, - val.getattr(crate::intern!(py, "day"))?.extract()?, - ) - .and_hms( - val.getattr(crate::intern!(py, "hour"))?.extract()?, - val.getattr(crate::intern!(py, "minute"))?.extract()?, - val.getattr(crate::intern!(py, "second"))?.extract()?, - )) -} - -#[derive(Hash, PartialEq, Clone)] -pub(crate) enum Asn1ReadableOrWritable<'a, T, U> { - Read(T, PhantomData<&'a ()>), - Write(U, PhantomData<&'a ()>), -} - -impl<'a, T, U> Asn1ReadableOrWritable<'a, T, U> { - pub(crate) fn new_read(v: T) -> Self { - Asn1ReadableOrWritable::Read(v, PhantomData) - } - - pub(crate) fn new_write(v: U) -> Self { - Asn1ReadableOrWritable::Write(v, PhantomData) - } - - pub(crate) fn unwrap_read(&self) -> &T { - match self { - Asn1ReadableOrWritable::Read(v, _) => v, - Asn1ReadableOrWritable::Write(_, _) => panic!("unwrap_read called on a Write value"), - } - } -} - -impl<'a, T: asn1::SimpleAsn1Readable<'a>, U> asn1::SimpleAsn1Readable<'a> - for Asn1ReadableOrWritable<'a, T, U> -{ - const TAG: asn1::Tag = T::TAG; - fn parse_data(data: &'a [u8]) -> asn1::ParseResult { - Ok(Self::new_read(T::parse_data(data)?)) - } -} - -impl<'a, T: asn1::SimpleAsn1Writable, U: asn1::SimpleAsn1Writable> asn1::SimpleAsn1Writable - for Asn1ReadableOrWritable<'a, T, U> -{ - const TAG: asn1::Tag = U::TAG; - fn write_data(&self, w: &mut asn1::WriteBuf) -> asn1::WriteResult { - match self { - Asn1ReadableOrWritable::Read(v, _) => T::write_data(v, w), - Asn1ReadableOrWritable::Write(v, _) => U::write_data(v, w), - } - } + dt: &asn1::DateTime, +) -> pyo3::PyResult> { + types::DATETIME_DATETIME.get(py)?.call1(( + dt.year(), + dt.month(), + dt.day(), + dt.hour(), + dt.minute(), + dt.second(), + )) } -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(encode_extension_value))?; - module.add_wrapped(pyo3::wrap_pyfunction!(encode_name_bytes))?; - - Ok(()) +pub(crate) fn datetime_to_py_utc<'p>( + py: pyo3::Python<'p>, + dt: &asn1::DateTime, +) -> pyo3::PyResult> { + let timezone = types::DATETIME_TIMEZONE_UTC.get(py)?; + types::DATETIME_DATETIME.get(py)?.call1(( + dt.year(), + dt.month(), + dt.day(), + dt.hour(), + dt.minute(), + dt.second(), + 0, + timezone, + )) } -#[cfg(test)] -mod tests { - use super::{Asn1ReadableOrWritable, RawTlv}; - use asn1::Asn1Readable; - - #[test] - #[should_panic] - fn test_asn1_readable_or_writable_unwrap_read() { - Asn1ReadableOrWritable::::new_write(17).unwrap_read(); - } - - #[test] - fn test_asn1_readable_or_writable_write_read_data() { - let v = Asn1ReadableOrWritable::::new_read(17); - assert_eq!(&asn1::write_single(&v).unwrap(), b"\x02\x01\x11"); - } +pub(crate) fn py_to_datetime( + py: pyo3::Python<'_>, + val: pyo3::Bound<'_, pyo3::PyAny>, +) -> pyo3::PyResult { + // We treat naive datetimes as UTC times, while aware datetimes get + // normalized to UTC before conversion. + let val_utc = if val.getattr(pyo3::intern!(py, "tzinfo"))?.is_none() { + val + } else { + let utc = types::DATETIME_TIMEZONE_UTC.get(py)?; + val.call_method1(pyo3::intern!(py, "astimezone"), (utc,))? + }; - #[test] - fn test_raw_tlv_can_parse() { - let t = asn1::Tag::from_bytes(&[0]).unwrap().0; - assert!(RawTlv::can_parse(t)); - } + Ok(asn1::DateTime::new( + val_utc.getattr(pyo3::intern!(py, "year"))?.extract()?, + val_utc.getattr(pyo3::intern!(py, "month"))?.extract()?, + val_utc.getattr(pyo3::intern!(py, "day"))?.extract()?, + val_utc.getattr(pyo3::intern!(py, "hour"))?.extract()?, + val_utc.getattr(pyo3::intern!(py, "minute"))?.extract()?, + val_utc.getattr(pyo3::intern!(py, "second"))?.extract()?, + ) + .unwrap()) +} + +pub(crate) fn datetime_now(py: pyo3::Python<'_>) -> pyo3::PyResult { + let utc = types::DATETIME_TIMEZONE_UTC.get(py)?; + + py_to_datetime( + py, + types::DATETIME_DATETIME + .get(py)? + .call_method1(pyo3::intern!(py, "now"), (utc,))?, + ) } diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs index b34de10..58c2240 100644 --- a/src/rust/src/x509/crl.rs +++ b/src/rust/src/x509/crl.rs @@ -2,93 +2,110 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{ - big_byte_slice_to_py_int, oid_to_py_oid, py_uint_to_big_endian_bytes, PyAsn1Error, PyAsn1Result, +use std::sync::Arc; + +use cryptography_x509::extensions::{Extension, IssuerAlternativeName}; +use cryptography_x509::{ + common, + crl::{ + self, CertificateRevocationList as RawCertificateRevocationList, + RevokedCertificate as RawRevokedCertificate, + }, + name, oid, }; -use crate::x509; -use crate::x509::{certificate, extensions, oid}; +use pyo3::types::{PyAnyMethods, PyListMethods, PySliceMethods}; use pyo3::ToPyObject; -use std::convert::TryInto; -use std::sync::Arc; -#[pyo3::prelude::pyfunction] -fn load_der_x509_crl( +use crate::asn1::{ + big_byte_slice_to_py_int, encode_der_data, oid_to_py_oid, py_uint_to_big_endian_bytes, +}; +use crate::backend::hashes::Hash; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::{certificate, extensions, sign}; +use crate::{exceptions, types, x509}; + +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_der_x509_crl( py: pyo3::Python<'_>, - data: &[u8], -) -> Result { - let raw = OwnedRawCertificateRevocationList::try_new( - Arc::from(data), - |data| asn1::parse_single(data), - |_| Ok(pyo3::once_cell::GILOnceCell::new()), - )?; + data: pyo3::Py, + backend: Option>, +) -> Result { + let _ = backend; - let version = raw.borrow_value().tbs_cert_list.version.unwrap_or(1); + let owned = OwnedCertificateRevocationList::try_new(data, |data| { + asn1::parse_single(data.as_bytes(py)) + })?; + + let version = owned.borrow_dependent().tbs_cert_list.version.unwrap_or(1); if version != 1 { - let x509_module = py.import("cryptography.x509")?; - return Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - x509_module - .getattr(crate::intern!(py, "InvalidVersion"))? - .call1((format!("{} is not a valid CRL version", version), version))?, - ))); + return Err(CryptographyError::from( + exceptions::InvalidVersion::new_err(( + format!("{version} is not a valid CRL version"), + version, + )), + )); } Ok(CertificateRevocationList { - raw: Arc::new(raw), - cached_extensions: None, + owned: Arc::new(owned), + revoked_certs: pyo3::sync::GILOnceCell::new(), + cached_extensions: pyo3::sync::GILOnceCell::new(), }) } -#[pyo3::prelude::pyfunction] -fn load_pem_x509_crl( +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_pem_x509_crl( py: pyo3::Python<'_>, data: &[u8], -) -> Result { + backend: Option>, +) -> Result { + let _ = backend; + let block = x509::find_in_pem( data, - |p| p.tag == "X509 CRL", + |p| p.tag() == "X509 CRL", "Valid PEM but no BEGIN X509 CRL/END X509 delimiters. Are you sure this is a CRL?", )?; - // TODO: Produces an extra copy - load_der_x509_crl(py, &block.contents) + load_der_x509_crl( + py, + pyo3::types::PyBytes::new_bound(py, block.contents()).unbind(), + None, + ) } -#[ouroboros::self_referencing] -struct OwnedRawCertificateRevocationList { - data: Arc<[u8]>, - #[borrows(data)] - #[covariant] - value: RawCertificateRevocationList<'this>, - #[borrows(data)] - #[not_covariant] - revoked_certs: pyo3::once_cell::GILOnceCell>>, -} +self_cell::self_cell!( + struct OwnedCertificateRevocationList { + owner: pyo3::Py, + #[covariant] + dependent: RawCertificateRevocationList, + } +); -#[pyo3::prelude::pyclass] -struct CertificateRevocationList { - raw: Arc, +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.x509")] +pub(crate) struct CertificateRevocationList { + owned: Arc, - cached_extensions: Option, + revoked_certs: pyo3::sync::GILOnceCell>, + cached_extensions: pyo3::sync::GILOnceCell, } impl CertificateRevocationList { - fn public_bytes_der(&self) -> PyAsn1Result> { - Ok(asn1::write_single(self.raw.borrow_value())?) - } - - fn revoked_cert(&self, py: pyo3::Python<'_>, idx: usize) -> pyo3::PyResult { - let raw = try_map_arc_data_crl(&self.raw, |_crl, revoked_certs| { - let revoked_certs = revoked_certs.get(py).unwrap(); - Ok::<_, pyo3::PyErr>(revoked_certs[idx].clone()) - })?; - Ok(RevokedCertificate { - raw, - cached_extensions: None, - }) + fn public_bytes_der(&self) -> CryptographyResult> { + Ok(asn1::write_single(&self.owned.borrow_dependent())?) + } + + fn revoked_cert(&self, py: pyo3::Python<'_>, idx: usize) -> RevokedCertificate { + RevokedCertificate { + owned: self.revoked_certs.get(py).unwrap()[idx].clone(), + cached_extensions: pyo3::sync::GILOnceCell::new(), + } } fn len(&self) -> usize { - self.raw - .borrow_value() + self.owned + .borrow_dependent() .tbs_cert_list .revoked_certificates .as_ref() @@ -96,49 +113,52 @@ impl CertificateRevocationList { } } -#[pyo3::prelude::pyproto] -impl pyo3::PyObjectProtocol for CertificateRevocationList { - fn __richcmp__( - &self, - other: pyo3::PyRef, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { - pyo3::basic::CompareOp::Eq => Ok(self.raw.borrow_value() == other.raw.borrow_value()), - pyo3::basic::CompareOp::Ne => Ok(self.raw.borrow_value() != other.raw.borrow_value()), - _ => Err(pyo3::exceptions::PyTypeError::new_err( - "CRLs cannot be ordered", - )), - } +#[pyo3::pymethods] +impl CertificateRevocationList { + fn __eq__(&self, other: pyo3::PyRef<'_, CertificateRevocationList>) -> bool { + self.owned.borrow_dependent() == other.owned.borrow_dependent() } -} -#[pyo3::prelude::pyproto] -impl pyo3::PyMappingProtocol for CertificateRevocationList { fn __len__(&self) -> usize { self.len() } - fn __getitem__(&self, idx: &pyo3::PyAny) -> pyo3::PyResult { - let gil = pyo3::Python::acquire_gil(); - let py = gil.python(); + fn __iter__(&self) -> CRLIterator { + CRLIterator { + contents: OwnedCRLIteratorData::try_new(Arc::clone(&self.owned), |v| { + Ok::<_, ()>( + v.borrow_dependent() + .tbs_cert_list + .revoked_certificates + .as_ref() + .map(|v| v.unwrap_read().clone()), + ) + }) + .unwrap(), + } + } - self.raw.with(|val| { - val.revoked_certs.get_or_init(py, || { - match &val.value.tbs_cert_list.revoked_certificates { - Some(c) => c.unwrap_read().clone().collect(), - None => vec![], - } - }); + fn __getitem__( + &self, + py: pyo3::Python<'_>, + idx: pyo3::Bound<'_, pyo3::PyAny>, + ) -> pyo3::PyResult { + self.revoked_certs.get_or_init(py, || { + let mut revoked_certs = vec![]; + let mut it = self.__iter__(); + while let Some(c) = it.__next__() { + revoked_certs.push(c.owned); + } + revoked_certs }); - if idx.is_instance::()? { + if idx.is_instance_of::() { let indices = idx .downcast::()? .indices(self.len().try_into().unwrap())?; - let result = pyo3::types::PyList::empty(py); + let result = pyo3::types::PyList::empty_bound(py); for i in (indices.start..indices.stop).step_by(indices.step.try_into().unwrap()) { - let revoked_cert = pyo3::PyCell::new(py, self.revoked_cert(py, i as usize)?)?; + let revoked_cert = pyo3::Bound::new(py, self.revoked_cert(py, i as usize))?; result.append(revoked_cert)?; } Ok(result.to_object(py)) @@ -150,178 +170,195 @@ impl pyo3::PyMappingProtocol for CertificateRevocationList { if idx >= (self.len() as isize) || idx < 0 { return Err(pyo3::exceptions::PyIndexError::new_err(())); } - Ok(pyo3::PyCell::new(py, self.revoked_cert(py, idx as usize)?)?.to_object(py)) + Ok(pyo3::Bound::new(py, self.revoked_cert(py, idx as usize))?.to_object(py)) } } -} -#[pyo3::prelude::pymethods] -impl CertificateRevocationList { fn fingerprint<'p>( &self, py: pyo3::Python<'p>, - algorithm: pyo3::PyObject, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let hashes_mod = py.import("cryptography.hazmat.primitives.hashes")?; - let h = hashes_mod - .getattr(crate::intern!(py, "Hash"))? - .call1((algorithm,))?; - h.call_method1("update", (self.public_bytes_der()?.as_slice(),))?; - h.call_method0("finalize") + algorithm: pyo3::Bound<'_, pyo3::PyAny>, + ) -> pyo3::PyResult> { + let data = self.public_bytes_der()?; + + let mut h = Hash::new(py, &algorithm, None)?; + h.update_bytes(&data)?; + Ok(h.finalize(py)?) } #[getter] - fn signature_algorithm_oid<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - oid_to_py_oid(py, &self.raw.borrow_value().signature_algorithm.oid) + fn signature_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + oid_to_py_oid(py, self.owned.borrow_dependent().signature_algorithm.oid()) } #[getter] fn signature_hash_algorithm<'p>( &self, py: pyo3::Python<'p>, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { + ) -> pyo3::PyResult> { let oid = self.signature_algorithm_oid(py)?; - let oid_module = py.import("cryptography.hazmat._oid")?; - let exceptions_module = py.import("cryptography.exceptions")?; - match oid_module - .getattr(crate::intern!(py, "_SIG_OIDS_TO_HASH"))? - .get_item(oid) - { + match types::SIG_OIDS_TO_HASH.get(py)?.get_item(oid) { Ok(v) => Ok(v), - Err(_) => Err(pyo3::PyErr::from_instance(exceptions_module.call_method1( - "UnsupportedAlgorithm", - (format!( - "Signature algorithm OID:{} not recognized", - self.raw.borrow_value().signature_algorithm.oid - ),), - )?)), + Err(_) => Err(exceptions::UnsupportedAlgorithm::new_err(format!( + "Signature algorithm OID: {} not recognized", + self.owned.borrow_dependent().signature_algorithm.oid() + ))), } } + #[getter] + fn signature_algorithm_parameters<'p>( + &'p self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + sign::identify_signature_algorithm_parameters( + py, + &self.owned.borrow_dependent().signature_algorithm, + ) + } + #[getter] fn signature(&self) -> &[u8] { - self.raw.borrow_value().signature_value.as_bytes() + self.owned.borrow_dependent().signature_value.as_bytes() } #[getter] fn tbs_certlist_bytes<'p>( &self, py: pyo3::Python<'p>, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let b = asn1::write_single(&self.raw.borrow_value().tbs_cert_list)?; - Ok(pyo3::types::PyBytes::new(py, &b)) + ) -> CryptographyResult> { + let b = asn1::write_single(&self.owned.borrow_dependent().tbs_cert_list)?; + Ok(pyo3::types::PyBytes::new_bound(py, &b)) } fn public_bytes<'p>( &self, py: pyo3::Python<'p>, - encoding: &pyo3::PyAny, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let encoding_class = py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; - if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { - Ok(pyo3::types::PyBytes::new(py, &result)) - } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { - let pem = pem::encode_config( - &pem::Pem { - tag: "X509 CRL".to_string(), - contents: result, - }, - pem::EncodeConfig { - line_ending: pem::LineEnding::LF, - }, - ) - .into_bytes(); - Ok(pyo3::types::PyBytes::new(py, &pem)) - } else { - Err(pyo3::exceptions::PyTypeError::new_err( - "encoding must be Encoding.DER or Encoding.PEM", - ) - .into()) - } + encoding: pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let result = asn1::write_single(&self.owned.borrow_dependent())?; + + encode_der_data(py, "X509 CRL".to_string(), result, &encoding) } #[getter] - fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { Ok(x509::parse_name( py, - &self.raw.borrow_value().tbs_cert_list.issuer, + self.owned + .borrow_dependent() + .tbs_cert_list + .issuer + .unwrap_read(), )?) } #[getter] - fn next_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - match &self.raw.borrow_value().tbs_cert_list.next_update { - Some(t) => x509::chrono_to_py(py, t.as_chrono()), - None => Ok(py.None().into_ref(py)), + fn next_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.", + 1, + )?; + match &self.owned.borrow_dependent().tbs_cert_list.next_update { + Some(t) => x509::datetime_to_py(py, t.as_datetime()), + None => Ok(py.None().into_bound(py)), + } + } + + #[getter] + fn next_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + match &self.owned.borrow_dependent().tbs_cert_list.next_update { + Some(t) => x509::datetime_to_py_utc(py, t.as_datetime()), + None => Ok(py.None().into_bound(py)), } } #[getter] - fn last_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - x509::chrono_to_py( + fn last_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to last_update_utc.", + 1, + )?; + x509::datetime_to_py( py, - self.raw - .borrow_value() + self.owned + .borrow_dependent() .tbs_cert_list .this_update - .as_chrono(), + .as_datetime(), ) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let x509_module = py.import("cryptography.x509")?; + fn last_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + x509::datetime_to_py_utc( + py, + self.owned + .borrow_dependent() + .tbs_cert_list + .this_update + .as_datetime(), + ) + } + + #[getter] + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let tbs_cert_list = &self.owned.borrow_dependent().tbs_cert_list; + x509::parse_and_cache_extensions( py, - &mut self.cached_extensions, - &self.raw.borrow_value().tbs_cert_list.crl_extensions, - |oid, ext_data| match *oid { + &self.cached_extensions, + &tbs_cert_list.raw_crl_extensions, + |ext| match ext.extn_id { oid::CRL_NUMBER_OID => { - let bignum = asn1::parse_single::>(ext_data)?; + let bignum = ext.value::>()?; let pynum = big_byte_slice_to_py_int(py, bignum.as_bytes())?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "CRLNumber"))? - .call1((pynum,))?, - )) + Ok(Some(types::CRL_NUMBER.get(py)?.call1((pynum,))?)) } oid::DELTA_CRL_INDICATOR_OID => { - let bignum = asn1::parse_single::>(ext_data)?; + let bignum = ext.value::>()?; let pynum = big_byte_slice_to_py_int(py, bignum.as_bytes())?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "DeltaCRLIndicator"))? - .call1((pynum,))?, - )) + Ok(Some(types::DELTA_CRL_INDICATOR.get(py)?.call1((pynum,))?)) } oid::ISSUER_ALTERNATIVE_NAME_OID => { - let gn_seq = asn1::parse_single::>>( - ext_data, - )?; + let gn_seq = ext.value::>()?; let ians = x509::parse_general_names(py, &gn_seq)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "IssuerAlternativeName"))? - .call1((ians,))?, + types::ISSUER_ALTERNATIVE_NAME.get(py)?.call1((ians,))?, )) } oid::AUTHORITY_INFORMATION_ACCESS_OID => { - let ads = certificate::parse_access_descriptions(py, ext_data)?; + let ads = certificate::parse_access_descriptions(py, ext)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "AuthorityInformationAccess"))? - .call1((ads,))?, + types::AUTHORITY_INFORMATION_ACCESS.get(py)?.call1((ads,))?, )) } - oid::AUTHORITY_KEY_IDENTIFIER_OID => Ok(Some( - certificate::parse_authority_key_identifier(py, ext_data)?, - )), + oid::AUTHORITY_KEY_IDENTIFIER_OID => { + Ok(Some(certificate::parse_authority_key_identifier(py, ext)?)) + } oid::ISSUING_DISTRIBUTION_POINT_OID => { - let idp = asn1::parse_single::>(ext_data)?; + let idp = ext.value::>()?; let (full_name, relative_name) = match idp.distribution_point { Some(data) => certificate::parse_distribution_point_name(py, data)?, None => (py.None(), py.None()), @@ -334,27 +371,19 @@ impl CertificateRevocationList { } else { py.None() }; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "IssuingDistributionPoint"))? - .call1(( - full_name, - relative_name, - idp.only_contains_user_certs, - idp.only_contains_ca_certs, - py_reasons, - idp.indirect_crl, - idp.only_contains_attribute_certs, - ))?, - )) + Ok(Some(types::ISSUING_DISTRIBUTION_POINT.get(py)?.call1(( + full_name, + relative_name, + idp.only_contains_user_certs, + idp.only_contains_ca_certs, + py_reasons, + idp.indirect_crl, + idp.only_contains_attribute_certs, + ))?)) } oid::FRESHEST_CRL_OID => { - let dp = certificate::parse_distribution_points(py, ext_data)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "FreshestCRL"))? - .call1((dp,))?, - )) + let dp = certificate::parse_distribution_points(py, ext)?; + Ok(Some(types::FRESHEST_CRL.get(py)?.call1((dp,))?)) } _ => Ok(None), }, @@ -362,13 +391,13 @@ impl CertificateRevocationList { } fn get_revoked_certificate_by_serial_number( - &mut self, + &self, py: pyo3::Python<'_>, - serial: &pyo3::types::PyLong, + serial: pyo3::Bound<'_, pyo3::types::PyLong>, ) -> pyo3::PyResult> { let serial_bytes = py_uint_to_big_endian_bytes(py, serial)?; - let owned = OwnedRawRevokedCertificate::try_new(Arc::clone(&self.raw), |v| { - let certs = match &v.borrow_value().tbs_cert_list.revoked_certificates { + let owned = OwnedRevokedCertificate::try_new(Arc::clone(&self.owned), |v| { + let certs = match &v.borrow_dependent().tbs_cert_list.revoked_certificates { Some(certs) => certs.unwrap_read().clone(), None => return Err(()), }; @@ -383,8 +412,8 @@ impl CertificateRevocationList { }); match owned { Ok(o) => Ok(Some(RevokedCertificate { - raw: o, - cached_extensions: None, + owned: o, + cached_extensions: pyo3::sync::GILOnceCell::new(), })), Err(()) => Ok(None), } @@ -393,105 +422,84 @@ impl CertificateRevocationList { fn is_signature_valid<'p>( slf: pyo3::PyRef<'_, Self>, py: pyo3::Python<'p>, - public_key: &'p pyo3::PyAny, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let backend = py - .import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))?; - backend.call_method1("_crl_is_signature_valid", (slf, public_key)) - } + public_key: pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult { + if slf.owned.borrow_dependent().tbs_cert_list.signature + != slf.owned.borrow_dependent().signature_algorithm + { + return Ok(false); + }; - // This getter exists for compatibility with pyOpenSSL and will be removed. - // DO NOT RELY ON IT. WE WILL BREAK YOU WHEN WE FEEL LIKE IT. - #[getter] - fn _x509_crl<'p>( - slf: pyo3::PyRef<'_, Self>, - py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn35"))?; - pyo3::PyErr::warn( + // Error on invalid public key -- below we treat any error as just + // being an invalid signature. + sign::identify_public_key_type(py, public_key.clone())?; + + Ok(sign::verify_signature_with_signature_algorithm( py, - cryptography_warning, - "This version of cryptography contains a temporary pyOpenSSL fallback path. Upgrade pyOpenSSL now.", - 1 - )?; - let backend = py - .import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))?; - Ok(backend.call_method1("_crl2ossl", (slf,))?) + public_key, + &slf.owned.borrow_dependent().signature_algorithm, + slf.owned.borrow_dependent().signature_value.as_bytes(), + &asn1::write_single(&slf.owned.borrow_dependent().tbs_cert_list)?, + ) + .is_ok()) } } -#[pyo3::prelude::pyproto] -impl pyo3::PyIterProtocol<'_> for CertificateRevocationList { - fn __iter__(slf: pyo3::PyRef<'p, Self>) -> CRLIterator { - CRLIterator { - contents: OwnedCRLIteratorData::try_new(Arc::clone(&slf.raw), |v| { - Ok::<_, ()>( - v.borrow_value() - .tbs_cert_list - .revoked_certificates - .as_ref() - .map(|v| v.unwrap_read().clone()), - ) - }) - .unwrap(), - } - } -} +type RawCRLIterator<'a> = Option>>; +self_cell::self_cell!( + struct OwnedCRLIteratorData { + owner: Arc, -#[ouroboros::self_referencing] -struct OwnedCRLIteratorData { - data: Arc, - #[borrows(data)] - #[covariant] - value: Option>>, -} + #[covariant] + dependent: RawCRLIterator, + } +); -#[pyo3::prelude::pyclass] +#[pyo3::pyclass(module = "cryptography.hazmat.bindings._rust.x509")] struct CRLIterator { contents: OwnedCRLIteratorData, } // Open-coded implementation of the API discussed in // https://github.com/joshua-maros/ouroboros/issues/38 -fn try_map_arc_data_crl( - crl: &Arc, - f: impl for<'this> FnOnce( - &'this OwnedRawCertificateRevocationList, - &pyo3::once_cell::GILOnceCell>>, - ) -> Result, E>, -) -> Result { - OwnedRawRevokedCertificate::try_new(Arc::clone(crl), |inner_crl| { - crl.with(|value| { - f(inner_crl, unsafe { - std::mem::transmute(value.revoked_certs) - }) - }) - }) -} fn try_map_arc_data_mut_crl_iterator( it: &mut OwnedCRLIteratorData, f: impl for<'this> FnOnce( - &'this OwnedRawCertificateRevocationList, - &mut Option>>, - ) -> Result, E>, -) -> Result { - OwnedRawRevokedCertificate::try_new(Arc::clone(it.borrow_data()), |inner_it| { - it.with_value_mut(|value| f(inner_it, unsafe { std::mem::transmute(value) })) + &'this OwnedCertificateRevocationList, + &mut Option>>, + ) -> Result, E>, +) -> Result { + OwnedRevokedCertificate::try_new(Arc::clone(it.borrow_owner()), |inner_it| { + it.with_dependent_mut(|_, value| { + // SAFETY: This is safe because `Arc::clone` ensures the data is + // alive, but Rust doesn't understand the lifetime relationship it + // produces. Open-coded implementation of the API discussed in + // https://github.com/joshua-maros/ouroboros/issues/38 + f(inner_it, unsafe { + std::mem::transmute::< + &mut Option>>, + &mut Option>>, + >(value) + }) + }) }) } -#[pyo3::prelude::pyproto] -impl pyo3::PyIterProtocol<'_> for CRLIterator { - fn __iter__(slf: pyo3::PyRef<'p, Self>) -> pyo3::PyRef<'p, Self> { +#[pyo3::pymethods] +impl CRLIterator { + fn __len__(&self) -> usize { + self.contents + .borrow_dependent() + .clone() + .map_or(0, |v| v.len()) + } + + fn __iter__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { slf } - fn __next__(mut slf: pyo3::PyRefMut<'p, Self>) -> Option { - let revoked = try_map_arc_data_mut_crl_iterator(&mut slf.contents, |_data, v| match v { + fn __next__(&mut self) -> Option { + let revoked = try_map_arc_data_mut_crl_iterator(&mut self.contents, |_data, v| match v { Some(v) => match v.next() { Some(revoked) => Ok(revoked), None => Err(()), @@ -500,125 +508,95 @@ impl pyo3::PyIterProtocol<'_> for CRLIterator { }) .ok()?; Some(RevokedCertificate { - raw: revoked, - cached_extensions: None, + owned: revoked, + cached_extensions: pyo3::sync::GILOnceCell::new(), }) } } -#[pyo3::prelude::pyproto] -impl pyo3::PySequenceProtocol<'_> for CRLIterator { - fn __len__(&self) -> usize { - self.contents.borrow_value().clone().map_or(0, |v| v.len()) +self_cell::self_cell!( + struct OwnedRevokedCertificate { + owner: Arc, + #[covariant] + dependent: RawRevokedCertificate, + } +); + +impl Clone for OwnedRevokedCertificate { + fn clone(&self) -> OwnedRevokedCertificate { + // SAFETY: This is safe because `Arc::clone` ensures the data is + // alive, but Rust doesn't understand the lifetime relationship it + // produces. Open-coded implementation of the API discussed in + // https://github.com/joshua-maros/ouroboros/issues/38 + OwnedRevokedCertificate::new(Arc::clone(self.borrow_owner()), |_| unsafe { + std::mem::transmute(self.borrow_dependent().clone()) + }) } } -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash)] -struct RawCertificateRevocationList<'a> { - tbs_cert_list: TBSCertList<'a>, - signature_algorithm: x509::AlgorithmIdentifier<'a>, - signature_value: asn1::BitString<'a>, -} - -type RevokedCertificates<'a> = Option< - x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, RawRevokedCertificate<'a>>, - asn1::SequenceOfWriter<'a, RawRevokedCertificate<'a>, Vec>>, - >, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash)] -struct TBSCertList<'a> { - version: Option, - signature: x509::AlgorithmIdentifier<'a>, - issuer: x509::Name<'a>, - this_update: x509::Time, - next_update: Option, - revoked_certificates: RevokedCertificates<'a>, - #[explicit(0)] - crl_extensions: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Hash, Clone)] -struct RawRevokedCertificate<'a> { - user_certificate: asn1::BigUint<'a>, - revocation_date: x509::Time, - crl_entry_extensions: Option>, -} - -#[ouroboros::self_referencing] -struct OwnedRawRevokedCertificate { - data: Arc, - #[borrows(data)] - #[covariant] - value: RawRevokedCertificate<'this>, -} - -#[pyo3::prelude::pyclass] -struct RevokedCertificate { - raw: OwnedRawRevokedCertificate, - cached_extensions: Option, +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.x509")] +pub(crate) struct RevokedCertificate { + owned: OwnedRevokedCertificate, + cached_extensions: pyo3::sync::GILOnceCell, } -#[pyo3::prelude::pymethods] +#[pyo3::pymethods] impl RevokedCertificate { #[getter] - fn serial_number<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - big_byte_slice_to_py_int(py, self.raw.borrow_value().user_certificate.as_bytes()) + fn serial_number<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + big_byte_slice_to_py_int( + py, + self.owned.borrow_dependent().user_certificate.as_bytes(), + ) } #[getter] - fn revocation_date<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - x509::chrono_to_py(py, self.raw.borrow_value().revocation_date.as_chrono()) + fn revocation_date<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_42.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.", + 1, + )?; + x509::datetime_to_py( + py, + self.owned.borrow_dependent().revocation_date.as_datetime(), + ) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { - x509::parse_and_cache_extensions( + fn revocation_date_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + x509::datetime_to_py_utc( py, - &mut self.cached_extensions, - &self.raw.borrow_value().crl_entry_extensions, - |oid, ext_data| parse_crl_entry_ext(py, oid.clone(), ext_data), + self.owned.borrow_dependent().revocation_date.as_datetime(), ) } -} - -pub(crate) type ReasonFlags<'a> = - Option, asn1::OwnedBitString>>; - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct IssuingDistributionPoint<'a> { - #[explicit(0)] - pub distribution_point: Option>, - - #[implicit(1)] - #[default(false)] - pub only_contains_user_certs: bool, - - #[implicit(2)] - #[default(false)] - pub only_contains_ca_certs: bool, - - #[implicit(3)] - pub only_some_reasons: ReasonFlags<'a>, - #[implicit(4)] - #[default(false)] - pub indirect_crl: bool, - - #[implicit(5)] - #[default(false)] - pub only_contains_attribute_certs: bool, + #[getter] + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + x509::parse_and_cache_extensions( + py, + &self.cached_extensions, + &self.owned.borrow_dependent().raw_crl_entry_extensions, + |ext| parse_crl_entry_ext(py, ext), + ) + } } -pub(crate) type CRLReason = asn1::Enumerated; - pub(crate) fn parse_crl_reason_flags<'p>( py: pyo3::Python<'p>, - reason: &CRLReason, -) -> PyAsn1Result<&'p pyo3::PyAny> { - let x509_module = py.import("cryptography.x509")?; + reason: &crl::CRLReason, +) -> CryptographyResult> { let flag_name = match reason.value() { 0 => "unspecified", 1 => "key_compromise", @@ -631,125 +609,123 @@ pub(crate) fn parse_crl_reason_flags<'p>( 9 => "privilege_withdrawn", 10 => "aa_compromise", value => { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - format!("Unsupported reason code: {}", value), - ))) + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Unsupported reason code: {value}" + )), + )) } }; - Ok(x509_module - .getattr(crate::intern!(py, "ReasonFlags"))? - .getattr(flag_name)?) + Ok(types::REASON_FLAGS.get(py)?.getattr(flag_name)?) } pub fn parse_crl_entry_ext<'p>( py: pyo3::Python<'p>, - oid: asn1::ObjectIdentifier, - data: &[u8], -) -> PyAsn1Result> { - let x509_module = py.import("cryptography.x509")?; - match oid { + ext: &Extension<'_>, +) -> CryptographyResult>> { + match ext.extn_id { oid::CRL_REASON_OID => { - let flags = parse_crl_reason_flags(py, &asn1::parse_single::(data)?)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "CRLReason"))? - .call1((flags,))?, - )) + let flags = parse_crl_reason_flags(py, &ext.value::()?)?; + Ok(Some(types::CRL_REASON.get(py)?.call1((flags,))?)) } oid::CERTIFICATE_ISSUER_OID => { - let gn_seq = asn1::parse_single::>>(data)?; + let gn_seq = ext.value::>>()?; let gns = x509::parse_general_names(py, &gn_seq)?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "CertificateIssuer"))? - .call1((gns,))?, - )) + Ok(Some(types::CERTIFICATE_ISSUER.get(py)?.call1((gns,))?)) } oid::INVALIDITY_DATE_OID => { - let time = asn1::parse_single::(data)?; - let py_dt = x509::chrono_to_py(py, time.as_chrono())?; - Ok(Some( - x509_module - .getattr(crate::intern!(py, "InvalidityDate"))? - .call1((py_dt,))?, - )) + let time = ext.value::()?; + let py_dt = x509::datetime_to_py(py, time.as_datetime())?; + Ok(Some(types::INVALIDITY_DATE.get(py)?.call1((py_dt,))?)) } _ => Ok(None), } } -#[pyo3::prelude::pyfunction] -fn create_x509_crl( +#[pyo3::pyfunction] +pub(crate) fn create_x509_crl( py: pyo3::Python<'_>, - builder: &pyo3::PyAny, - private_key: &pyo3::PyAny, - hash_algorithm: &pyo3::PyAny, -) -> PyAsn1Result { - let sigalg = x509::sign::compute_signature_algorithm(py, private_key, hash_algorithm)?; - + builder: &pyo3::Bound<'_, pyo3::PyAny>, + private_key: &pyo3::Bound<'_, pyo3::PyAny>, + hash_algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + rsa_padding: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let sigalg = x509::sign::compute_signature_algorithm( + py, + private_key.to_owned(), + hash_algorithm.to_owned(), + rsa_padding.to_owned(), + )?; let mut revoked_certs = vec![]; + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); for py_revoked_cert in builder - .getattr(crate::intern!(py, "_revoked_certificates"))? + .getattr(pyo3::intern!(py, "_revoked_certificates"))? .iter()? { let py_revoked_cert = py_revoked_cert?; let serial_number = py_revoked_cert - .getattr(crate::intern!(py, "serial_number"))? + .getattr(pyo3::intern!(py, "serial_number"))? .extract()?; - let py_revocation_date = py_revoked_cert.getattr(crate::intern!(py, "revocation_date"))?; - revoked_certs.push(RawRevokedCertificate { - user_certificate: asn1::BigUint::new(py_uint_to_big_endian_bytes(py, serial_number)?) - .unwrap(), - revocation_date: x509::certificate::time_from_py(py, py_revocation_date)?, - crl_entry_extensions: x509::common::encode_extensions( + let py_revocation_date = + py_revoked_cert.getattr(pyo3::intern!(py, "revocation_date_utc"))?; + let serial_bytes = ka_bytes.add(py_uint_to_big_endian_bytes(py, serial_number)?); + revoked_certs.push(crl::RevokedCertificate { + user_certificate: asn1::BigUint::new(serial_bytes).unwrap(), + revocation_date: x509::certificate::time_from_py(py, &py_revocation_date)?, + raw_crl_entry_extensions: x509::common::encode_extensions( py, - py_revoked_cert.getattr(crate::intern!(py, "extensions"))?, + &ka_vec, + &ka_bytes, + &py_revoked_cert.getattr(pyo3::intern!(py, "extensions"))?, extensions::encode_extension, )?, }); } - let py_issuer_name = builder.getattr(crate::intern!(py, "_issuer_name"))?; - let py_this_update = builder.getattr(crate::intern!(py, "_last_update"))?; - let py_next_update = builder.getattr(crate::intern!(py, "_next_update"))?; - let tbs_cert_list = TBSCertList { + let ka = cryptography_keepalive::KeepAlive::new(); + + let py_issuer_name = builder.getattr(pyo3::intern!(py, "_issuer_name"))?; + let py_this_update = builder.getattr(pyo3::intern!(py, "_last_update"))?; + let py_next_update = builder.getattr(pyo3::intern!(py, "_next_update"))?; + let tbs_cert_list = crl::TBSCertList { version: Some(1), signature: sigalg.clone(), - issuer: x509::common::encode_name(py, py_issuer_name)?, - this_update: x509::certificate::time_from_py(py, py_this_update)?, - next_update: Some(x509::certificate::time_from_py(py, py_next_update)?), + issuer: x509::common::encode_name(py, &ka, &py_issuer_name)?, + this_update: x509::certificate::time_from_py(py, &py_this_update)?, + next_update: Some(x509::certificate::time_from_py(py, &py_next_update)?), revoked_certificates: if revoked_certs.is_empty() { None } else { - Some(x509::Asn1ReadableOrWritable::new_write( + Some(common::Asn1ReadableOrWritable::new_write( asn1::SequenceOfWriter::new(revoked_certs), )) }, - crl_extensions: x509::common::encode_extensions( + raw_crl_extensions: x509::common::encode_extensions( py, - builder.getattr(crate::intern!(py, "_extensions"))?, + &ka_vec, + &ka_bytes, + &builder.getattr(pyo3::intern!(py, "_extensions"))?, extensions::encode_extension, )?, }; let tbs_bytes = asn1::write_single(&tbs_cert_list)?; - let signature = x509::sign::sign_data(py, private_key, hash_algorithm, &tbs_bytes)?; - let data = asn1::write_single(&RawCertificateRevocationList { + let signature = x509::sign::sign_data( + py, + private_key.clone(), + hash_algorithm.clone(), + rsa_padding.clone(), + &tbs_bytes, + )?; + let data = asn1::write_single(&crl::CertificateRevocationList { tbs_cert_list, signature_algorithm: sigalg, - signature_value: asn1::BitString::new(signature, 0).unwrap(), + signature_value: asn1::BitString::new(&signature, 0).unwrap(), })?; - // TODO: extra copy as we round-trip through a slice - load_der_x509_crl(py, &data) -} - -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(load_der_x509_crl))?; - module.add_wrapped(pyo3::wrap_pyfunction!(load_pem_x509_crl))?; - module.add_wrapped(pyo3::wrap_pyfunction!(create_x509_crl))?; - - module.add_class::()?; - module.add_class::()?; - - Ok(()) + load_der_x509_crl( + py, + pyo3::types::PyBytes::new_bound(py, &data).unbind(), + None, + ) } diff --git a/src/rust/src/x509/csr.rs b/src/rust/src/x509/csr.rs index 7579bcc..9d4f819 100644 --- a/src/rust/src/x509/csr.rs +++ b/src/rust/src/x509/csr.rs @@ -2,125 +2,75 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{oid_to_py_oid, py_oid_to_oid, PyAsn1Error, PyAsn1Result}; -use crate::x509; -use crate::x509::{certificate, oid}; -use asn1::SimpleAsn1Readable; use std::collections::hash_map::DefaultHasher; use std::hash::{Hash, Hasher}; -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct RawCsr<'a> { - csr_info: CertificationRequestInfo<'a>, - signature_alg: x509::AlgorithmIdentifier<'a>, - signature: asn1::BitString<'a>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct CertificationRequestInfo<'a> { - version: u8, - subject: x509::Name<'a>, - spki: certificate::SubjectPublicKeyInfo<'a>, - #[implicit(0, required)] - attributes: x509::Asn1ReadableOrWritable< - 'a, - asn1::SetOf<'a, Attribute<'a>>, - asn1::SetOfWriter<'a, Attribute<'a>, Vec>>, - >, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct Attribute<'a> { - type_id: asn1::ObjectIdentifier, - values: x509::Asn1ReadableOrWritable< - 'a, - asn1::SetOf<'a, asn1::Tlv<'a>>, - asn1::SetOfWriter<'a, x509::common::RawTlv<'a>, [x509::common::RawTlv<'a>; 1]>, - >, -} - -fn check_attribute_length<'a>(values: asn1::SetOf<'a, asn1::Tlv<'a>>) -> Result<(), PyAsn1Error> { - if values.count() > 1 { - Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Only single-valued attributes are supported", - ))) - } else { - Ok(()) - } -} - -impl CertificationRequestInfo<'_> { - fn get_extension_attribute(&self) -> Result>, PyAsn1Error> { - for attribute in self.attributes.unwrap_read().clone() { - if attribute.type_id == oid::EXTENSION_REQUEST - || attribute.type_id == oid::MS_EXTENSION_REQUEST - { - check_attribute_length(attribute.values.unwrap_read().clone())?; - let val = attribute.values.unwrap_read().clone().next().unwrap(); - let exts = asn1::parse_single(val.full_data())?; - return Ok(Some(exts)); - } - } - Ok(None) +use asn1::SimpleAsn1Readable; +use cryptography_x509::csr::{check_attribute_length, Attribute, CertificationRequestInfo, Csr}; +use cryptography_x509::{common, oid}; +use pyo3::types::{PyAnyMethods, PyListMethods}; +use pyo3::IntoPy; + +use crate::asn1::{encode_der_data, oid_to_py_oid, py_oid_to_oid}; +use crate::backend::keys; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::{certificate, sign}; +use crate::{exceptions, types, x509}; + +self_cell::self_cell!( + struct OwnedCsr { + owner: pyo3::Py, + + #[covariant] + dependent: Csr, } -} - -#[ouroboros::self_referencing] -struct OwnedRawCsr { - data: Vec, - #[borrows(data)] - #[covariant] - value: RawCsr<'this>, -} +); -#[pyo3::prelude::pyclass] -struct CertificateSigningRequest { - raw: OwnedRawCsr, - cached_extensions: Option, +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.x509")] +pub(crate) struct CertificateSigningRequest { + raw: OwnedCsr, + cached_extensions: pyo3::sync::GILOnceCell, } -#[pyo3::prelude::pyproto] -impl pyo3::basic::PyObjectProtocol for CertificateSigningRequest { - fn __hash__(&self) -> u64 { +#[pyo3::pymethods] +impl CertificateSigningRequest { + fn __hash__(&self, py: pyo3::Python<'_>) -> u64 { let mut hasher = DefaultHasher::new(); - self.raw.borrow_data().hash(&mut hasher); + self.raw.borrow_owner().as_bytes(py).hash(&mut hasher); hasher.finish() } - fn __richcmp__( + fn __eq__( &self, - other: pyo3::PyRef, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { - pyo3::basic::CompareOp::Eq => Ok(self.raw.borrow_data() == other.raw.borrow_data()), - pyo3::basic::CompareOp::Ne => Ok(self.raw.borrow_data() != other.raw.borrow_data()), - _ => Err(pyo3::exceptions::PyTypeError::new_err( - "CSRs cannot be ordered", - )), - } + py: pyo3::Python<'_>, + other: pyo3::PyRef<'_, CertificateSigningRequest>, + ) -> bool { + self.raw.borrow_owner().as_bytes(py) == other.raw.borrow_owner().as_bytes(py) } -} -#[pyo3::prelude::pymethods] -impl CertificateSigningRequest { - fn public_key<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { - // This makes an unnecessary copy. It'd be nice to get rid of it. - let serialized = pyo3::types::PyBytes::new( + fn public_key(&self, py: pyo3::Python<'_>) -> CryptographyResult { + keys::load_der_public_key_bytes( + py, + self.raw.borrow_dependent().csr_info.spki.tlv().full_data(), + ) + } + + #[getter] + fn public_key_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + oid_to_py_oid( py, - &asn1::write_single(&self.raw.borrow_value().csr_info.spki)?, - ); - Ok(py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "load_der_public_key"))? - .call1((serialized,))?) + self.raw.borrow_dependent().csr_info.spki.algorithm.oid(), + ) } #[getter] - fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { Ok(x509::parse_name( py, - &self.raw.borrow_value().csr_info.subject, + self.raw.borrow_dependent().csr_info.subject.unwrap_read(), )?) } @@ -128,314 +78,316 @@ impl CertificateSigningRequest { fn tbs_certrequest_bytes<'p>( &self, py: pyo3::Python<'p>, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let result = asn1::write_single(&self.raw.borrow_value().csr_info)?; - Ok(pyo3::types::PyBytes::new(py, &result)) + ) -> CryptographyResult> { + let result = asn1::write_single(&self.raw.borrow_dependent().csr_info)?; + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } #[getter] - fn signature<'p>(&self, py: pyo3::Python<'p>) -> &'p pyo3::types::PyBytes { - pyo3::types::PyBytes::new(py, self.raw.borrow_value().signature.as_bytes()) + fn signature<'p>(&self, py: pyo3::Python<'p>) -> pyo3::Bound<'p, pyo3::types::PyBytes> { + pyo3::types::PyBytes::new_bound(py, self.raw.borrow_dependent().signature.as_bytes()) } #[getter] fn signature_hash_algorithm<'p>( &self, py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let sig_oids_to_hash = py - .import("cryptography.hazmat._oid")? - .getattr(crate::intern!(py, "_SIG_OIDS_TO_HASH"))?; - let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?); - match hash_alg { - Ok(data) => Ok(data), - Err(_) => Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - py.import("cryptography.exceptions")?.call_method1( - "UnsupportedAlgorithm", - (format!( - "Signature algorithm OID: {} not recognized", - self.raw.borrow_value().signature_alg.oid - ),), - )?, - ))), - } + ) -> Result, CryptographyError> { + sign::identify_signature_hash_algorithm(py, &self.raw.borrow_dependent().signature_alg) } #[getter] - fn signature_algorithm_oid<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - oid_to_py_oid(py, &self.raw.borrow_value().signature_alg.oid) + fn signature_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + oid_to_py_oid(py, self.raw.borrow_dependent().signature_alg.oid()) + } + + #[getter] + fn signature_algorithm_parameters<'p>( + &'p self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + sign::identify_signature_algorithm_parameters( + py, + &self.raw.borrow_dependent().signature_alg, + ) } fn public_bytes<'p>( &self, py: pyo3::Python<'p>, - encoding: &pyo3::PyAny, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let encoding_class = py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))?; - - let result = asn1::write_single(self.raw.borrow_value())?; - if encoding == encoding_class.getattr(crate::intern!(py, "DER"))? { - Ok(pyo3::types::PyBytes::new(py, &result)) - } else if encoding == encoding_class.getattr(crate::intern!(py, "PEM"))? { - let pem = pem::encode_config( - &pem::Pem { - tag: "CERTIFICATE REQUEST".to_string(), - contents: result, - }, - pem::EncodeConfig { - line_ending: pem::LineEnding::LF, - }, - ) - .into_bytes(); - Ok(pyo3::types::PyBytes::new(py, &pem)) - } else { - Err(pyo3::exceptions::PyTypeError::new_err( - "encoding must be Encoding.DER or Encoding.PEM", - ) - .into()) - } + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + let result = asn1::write_single(self.raw.borrow_dependent())?; + + encode_der_data(py, "CERTIFICATE REQUEST".to_string(), result, encoding) } fn get_attribute_for_oid<'p>( &self, py: pyo3::Python<'p>, - oid: &pyo3::PyAny, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn36"))?; - pyo3::PyErr::warn( - py, - cryptography_warning, - "CertificateSigningRequest.get_attribute_for_oid has been deprecated. Please switch to request.attributes.get_attribute_for_oid.", - 1, - )?; - let rust_oid = py_oid_to_oid(oid)?; + oid: pyo3::Bound<'p, pyo3::PyAny>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_36.get(py)?; + let warning_msg = "CertificateSigningRequest.get_attribute_for_oid has been deprecated. Please switch to request.attributes.get_attribute_for_oid."; + pyo3::PyErr::warn_bound(py, &warning_cls, warning_msg, 1)?; + + let rust_oid = py_oid_to_oid(oid.clone())?; for attribute in self .raw - .borrow_value() + .borrow_dependent() .csr_info .attributes .unwrap_read() .clone() { if rust_oid == attribute.type_id { - check_attribute_length(attribute.values.unwrap_read().clone())?; + check_attribute_length(attribute.values.unwrap_read().clone()).map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "Only single-valued attributes are supported", + ) + })?; let val = attribute.values.unwrap_read().clone().next().unwrap(); // We allow utf8string, printablestring, and ia5string at this time if val.tag() == asn1::Utf8String::TAG || val.tag() == asn1::PrintableString::TAG || val.tag() == asn1::IA5String::TAG { - return Ok(pyo3::types::PyBytes::new(py, val.data())); - } else { - return Err(pyo3::exceptions::PyValueError::new_err(format!( - "OID {} has a disallowed ASN.1 type: {:?}", - oid, - val.tag() - ))); + return Ok(pyo3::types::PyBytes::new_bound(py, val.data()).into_any()); } + return Err(pyo3::exceptions::PyValueError::new_err(format!( + "OID {} has a disallowed ASN.1 type: {:?}", + oid, + val.tag() + ))); } } - Err(pyo3::PyErr::from_instance( - py.import("cryptography.x509")?.call_method1( - "AttributeNotFound", - (format!("No {} attribute was found", oid), oid), - )?, - )) + Err(exceptions::AttributeNotFound::new_err(( + format!("No {oid} attribute was found"), + oid.into_py(py), + ))) } #[getter] - fn attributes<'p>(&mut self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let pyattrs = pyo3::types::PyList::empty(py); + fn attributes<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + let pyattrs = pyo3::types::PyList::empty_bound(py); for attribute in self .raw - .borrow_value() + .borrow_dependent() .csr_info .attributes .unwrap_read() .clone() { - check_attribute_length(attribute.values.unwrap_read().clone())?; + check_attribute_length(attribute.values.unwrap_read().clone()).map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "Only single-valued attributes are supported", + ) + })?; let oid = oid_to_py_oid(py, &attribute.type_id)?; let val = attribute.values.unwrap_read().clone().next().unwrap(); - let serialized = pyo3::types::PyBytes::new(py, val.data()); + let serialized = pyo3::types::PyBytes::new_bound(py, val.data()); let tag = val.tag().as_u8().ok_or_else(|| { - PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( + CryptographyError::from(pyo3::exceptions::PyValueError::new_err( "Long-form tags are not supported in CSR attribute values", )) })?; - let pyattr = py - .import("cryptography.x509")? - .call_method1("Attribute", (oid, serialized, tag))?; + let pyattr = types::ATTRIBUTE.get(py)?.call1((oid, serialized, tag))?; pyattrs.append(pyattr)?; } - py.import("cryptography.x509")? - .call_method1("Attributes", (pyattrs,)) + types::ATTRIBUTES.get(py)?.call1((pyattrs,)) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let exts = self.raw.borrow_value().csr_info.get_extension_attribute()?; + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let raw_exts = self + .raw + .borrow_dependent() + .csr_info + .get_extension_attribute() + .map_err(|_| { + pyo3::exceptions::PyValueError::new_err( + "Only single-valued attributes are supported", + ) + })?; - x509::parse_and_cache_extensions(py, &mut self.cached_extensions, &exts, |oid, ext_data| { - certificate::parse_cert_ext(py, oid.clone(), ext_data) + x509::parse_and_cache_extensions(py, &self.cached_extensions, &raw_exts, |ext| { + certificate::parse_cert_ext(py, ext) }) } #[getter] - fn is_signature_valid<'p>( + fn is_signature_valid( slf: pyo3::PyRef<'_, Self>, - py: pyo3::Python<'p>, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let backend = py - .import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))?; - backend.call_method1("_csr_is_signature_valid", (slf,)) - } - - // This getter exists for compatibility with pyOpenSSL and will be removed. - // DO NOT RELY ON IT. WE WILL BREAK YOU WHEN WE FEEL LIKE IT. - #[getter] - fn _x509_req<'p>( - slf: pyo3::PyRef<'_, Self>, - py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn35"))?; - pyo3::PyErr::warn( + py: pyo3::Python<'_>, + ) -> CryptographyResult { + let public_key = slf.public_key(py)?; + Ok(sign::verify_signature_with_signature_algorithm( py, - cryptography_warning, - "This version of cryptography contains a temporary pyOpenSSL fallback path. Upgrade pyOpenSSL now.", - 1, - )?; - let backend = py - .import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))?; - Ok(backend.call_method1("_csr2ossl", (slf,))?) + public_key.bind(py).clone(), + &slf.raw.borrow_dependent().signature_alg, + slf.raw.borrow_dependent().signature.as_bytes(), + &asn1::write_single(&slf.raw.borrow_dependent().csr_info)?, + ) + .is_ok()) } } -#[pyo3::prelude::pyfunction] -fn load_pem_x509_csr(py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result { +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_pem_x509_csr( + py: pyo3::Python<'_>, + data: &[u8], + backend: Option>, +) -> CryptographyResult { + let _ = backend; + // We support both PEM header strings that OpenSSL does // https://github.com/openssl/openssl/blob/5e2d22d53ed322a7124e26a4fbd116a8210eb77a/include/openssl/pem.h#L35-L36 let parsed = x509::find_in_pem( data, - |p| p.tag == "CERTIFICATE REQUEST" || p.tag == "NEW CERTIFICATE REQUEST", + |p| p.tag() == "CERTIFICATE REQUEST" || p.tag() == "NEW CERTIFICATE REQUEST", "Valid PEM but no BEGIN CERTIFICATE REQUEST/END CERTIFICATE REQUEST delimiters. Are you sure this is a CSR?", )?; - load_der_x509_csr(py, &parsed.contents) + load_der_x509_csr( + py, + pyo3::types::PyBytes::new_bound(py, parsed.contents()).unbind(), + None, + ) } -#[pyo3::prelude::pyfunction] -fn load_der_x509_csr(py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result { - let raw = OwnedRawCsr::try_new(data.to_vec(), |data| asn1::parse_single(data))?; +#[pyo3::pyfunction] +#[pyo3(signature = (data, backend=None))] +pub(crate) fn load_der_x509_csr( + py: pyo3::Python<'_>, + data: pyo3::Py, + backend: Option>, +) -> CryptographyResult { + let _ = backend; + + let raw = OwnedCsr::try_new(data, |data| asn1::parse_single(data.as_bytes(py)))?; - let version = raw.borrow_value().csr_info.version; + let version = raw.borrow_dependent().csr_info.version; if version != 0 { - let x509_module = py.import("cryptography.x509")?; - return Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - x509_module - .getattr(crate::intern!(py, "InvalidVersion"))? - .call1((format!("{} is not a valid CSR version", version), version))?, - ))); + return Err(CryptographyError::from( + exceptions::InvalidVersion::new_err(( + format!("{version} is not a valid CSR version"), + version, + )), + )); } Ok(CertificateSigningRequest { raw, - cached_extensions: None, + cached_extensions: pyo3::sync::GILOnceCell::new(), }) } -#[pyo3::prelude::pyfunction] -fn create_x509_csr( +#[pyo3::pyfunction] +pub(crate) fn create_x509_csr( py: pyo3::Python<'_>, - builder: &pyo3::PyAny, - private_key: &pyo3::PyAny, - hash_algorithm: &pyo3::PyAny, -) -> PyAsn1Result { - let sigalg = x509::sign::compute_signature_algorithm(py, private_key, hash_algorithm)?; - let serialization_mod = py.import("cryptography.hazmat.primitives.serialization")?; - let der_encoding = serialization_mod - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; - let spki_format = serialization_mod - .getattr(crate::intern!(py, "PublicFormat"))? - .getattr(crate::intern!(py, "SubjectPublicKeyInfo"))?; + builder: &pyo3::Bound<'_, pyo3::PyAny>, + private_key: &pyo3::Bound<'_, pyo3::PyAny>, + hash_algorithm: &pyo3::Bound<'_, pyo3::PyAny>, + rsa_padding: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let sigalg = x509::sign::compute_signature_algorithm( + py, + private_key.clone(), + hash_algorithm.clone(), + rsa_padding.clone(), + )?; + let der = types::ENCODING_DER.get(py)?; + let spki = types::PUBLIC_FORMAT_SUBJECT_PUBLIC_KEY_INFO.get(py)?; let spki_bytes = private_key - .call_method0("public_key")? - .call_method1("public_bytes", (der_encoding, spki_format))? - .extract::<&[u8]>()?; + .call_method0(pyo3::intern!(py, "public_key"))? + .call_method1(pyo3::intern!(py, "public_bytes"), (der, spki))? + .extract::()?; + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); let mut attrs = vec![]; let ext_bytes; if let Some(exts) = x509::common::encode_extensions( py, - builder.getattr(crate::intern!(py, "_extensions"))?, + &ka_vec, + &ka_bytes, + &builder.getattr(pyo3::intern!(py, "_extensions"))?, x509::extensions::encode_extension, )? { ext_bytes = asn1::write_single(&exts)?; attrs.push(Attribute { type_id: (oid::EXTENSION_REQUEST).clone(), - values: x509::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new([ + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new([ asn1::parse_single(&ext_bytes)?, ])), - }) + }); } - for py_attr in builder.getattr(crate::intern!(py, "_attributes"))?.iter()? { - let (py_oid, value, tag): (&pyo3::PyAny, &[u8], Option) = py_attr?.extract()?; + let mut attr_values = vec![]; + for py_attr in builder.getattr(pyo3::intern!(py, "_attributes"))?.iter()? { + let (py_oid, value, tag): ( + pyo3::Bound<'_, pyo3::PyAny>, + pyo3::pybacked::PyBackedBytes, + Option, + ) = py_attr?.extract()?; let oid = py_oid_to_oid(py_oid)?; let tag = if let Some(tag) = tag { asn1::Tag::from_bytes(&[tag])?.0 } else { - if std::str::from_utf8(value).is_err() { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Attribute values must be valid utf-8.", - ))); + if std::str::from_utf8(&value).is_err() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Attribute values must be valid utf-8.", + ), + )); } asn1::Utf8String::TAG }; + attr_values.push((oid, tag, value)); + } + + for (oid, tag, value) in &attr_values { attrs.push(Attribute { - type_id: oid, - values: x509::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new([ - x509::common::RawTlv::new(tag, value), + type_id: oid.clone(), + values: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new([ + common::RawTlv::new(*tag, value), ])), - }) + }); } - let py_subject_name = builder.getattr(crate::intern!(py, "_subject_name"))?; + let py_subject_name = builder.getattr(pyo3::intern!(py, "_subject_name"))?; + + let ka = cryptography_keepalive::KeepAlive::new(); let csr_info = CertificationRequestInfo { version: 0, - subject: x509::common::encode_name(py, py_subject_name)?, - spki: asn1::parse_single(spki_bytes)?, - attributes: x509::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(attrs)), + subject: x509::common::encode_name(py, &ka, &py_subject_name)?, + spki: asn1::parse_single(&spki_bytes)?, + attributes: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(attrs)), }; let tbs_bytes = asn1::write_single(&csr_info)?; - let signature = x509::sign::sign_data(py, private_key, hash_algorithm, &tbs_bytes)?; - let data = asn1::write_single(&RawCsr { + let signature = x509::sign::sign_data( + py, + private_key.clone(), + hash_algorithm.clone(), + rsa_padding.clone(), + &tbs_bytes, + )?; + let data = asn1::write_single(&Csr { csr_info, signature_alg: sigalg, - signature: asn1::BitString::new(signature, 0).unwrap(), + signature: asn1::BitString::new(&signature, 0).unwrap(), })?; - // TODO: extra copy as we round-trip through a slice - load_der_x509_csr(py, &data) -} - -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(load_der_x509_csr))?; - module.add_wrapped(pyo3::wrap_pyfunction!(load_pem_x509_csr))?; - module.add_wrapped(pyo3::wrap_pyfunction!(create_x509_csr))?; - - module.add_class::()?; - - Ok(()) + load_der_x509_csr( + py, + pyo3::types::PyBytes::new_bound(py, &data).clone().unbind(), + None, + ) } diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs index 537106a..9bd9425 100644 --- a/src/rust/src/x509/extensions.rs +++ b/src/rust/src/x509/extensions.rs @@ -2,27 +2,34 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{py_oid_to_oid, py_uint_to_big_endian_bytes, PyAsn1Error, PyAsn1Result}; -use crate::x509; -use crate::x509::{certificate, crl, oid, sct}; +use cryptography_x509::{common, crl, extensions, oid}; + +use crate::asn1::{py_oid_to_oid, py_uint_to_big_endian_bytes}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::{certificate, sct}; +use crate::{types, x509}; +use pyo3::pybacked::PyBackedStr; +use pyo3::types::PyAnyMethods; fn encode_general_subtrees<'a>( - py: pyo3::Python<'a>, - subtrees: &'a pyo3::PyAny, -) -> Result>, PyAsn1Error> { + py: pyo3::Python<'_>, + ka_bytes: &'a cryptography_keepalive::KeepAlive, + ka_str: &'a cryptography_keepalive::KeepAlive, + subtrees: &pyo3::Bound<'a, pyo3::PyAny>, +) -> Result>, CryptographyError> { if subtrees.is_none() { Ok(None) } else { let mut subtree_seq = vec![]; for name in subtrees.iter()? { - let gn = x509::common::encode_general_name(py, name?)?; - subtree_seq.push(certificate::GeneralSubtree { + let gn = x509::common::encode_general_name(py, ka_bytes, ka_str, &name?)?; + subtree_seq.push(extensions::GeneralSubtree { base: gn, minimum: 0, maximum: None, }); } - Ok(Some(x509::Asn1ReadableOrWritable::new_write( + Ok(Some(common::Asn1ReadableOrWritable::new_write( asn1::SequenceOfWriter::new(subtree_seq), ))) } @@ -30,440 +37,531 @@ fn encode_general_subtrees<'a>( pub(crate) fn encode_authority_key_identifier<'a>( py: pyo3::Python<'a>, - py_aki: &'a pyo3::PyAny, -) -> pyo3::PyResult> { - #[derive(pyo3::prelude::FromPyObject)] + py_aki: &pyo3::Bound<'a, pyo3::PyAny>, +) -> CryptographyResult> { + #[derive(pyo3::FromPyObject)] struct PyAuthorityKeyIdentifier<'a> { - key_identifier: Option<&'a [u8]>, - authority_cert_issuer: Option<&'a pyo3::PyAny>, - authority_cert_serial_number: Option<&'a pyo3::types::PyLong>, + key_identifier: Option, + authority_cert_issuer: Option>, + authority_cert_serial_number: Option>, } let aki = py_aki.extract::>()?; + + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); let authority_cert_issuer = if let Some(authority_cert_issuer) = aki.authority_cert_issuer { - let gns = x509::common::encode_general_names(py, authority_cert_issuer)?; - Some(x509::Asn1ReadableOrWritable::new_write( + let gns = + x509::common::encode_general_names(py, &ka_bytes, &ka_str, &authority_cert_issuer)?; + Some(common::Asn1ReadableOrWritable::new_write( asn1::SequenceOfWriter::new(gns), )) } else { None }; + let serial_bytes; let authority_cert_serial_number = if let Some(authority_cert_serial_number) = aki.authority_cert_serial_number { - let serial_bytes = py_uint_to_big_endian_bytes(py, authority_cert_serial_number)?; - Some(asn1::BigUint::new(serial_bytes).unwrap()) + serial_bytes = py_uint_to_big_endian_bytes(py, authority_cert_serial_number)?; + Some(asn1::BigUint::new(&serial_bytes).unwrap()) } else { None }; - Ok(certificate::AuthorityKeyIdentifier { + Ok(asn1::write_single(&extensions::AuthorityKeyIdentifier { authority_cert_issuer, authority_cert_serial_number, - key_identifier: aki.key_identifier, - }) + key_identifier: aki.key_identifier.as_deref(), + })?) } pub(crate) fn encode_distribution_points<'p>( py: pyo3::Python<'p>, - py_dps: &'p pyo3::PyAny, -) -> pyo3::PyResult>> { - #[derive(pyo3::prelude::FromPyObject)] + py_dps: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + #[derive(pyo3::FromPyObject)] struct PyDistributionPoint<'a> { - crl_issuer: Option<&'a pyo3::PyAny>, - full_name: Option<&'a pyo3::PyAny>, - relative_name: Option<&'a pyo3::PyAny>, - reasons: Option<&'a pyo3::PyAny>, + crl_issuer: Option>, + full_name: Option>, + relative_name: Option>, + reasons: Option>, } + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); let mut dps = vec![]; for py_dp in py_dps.iter()? { let py_dp = py_dp?.extract::>()?; let crl_issuer = if let Some(py_crl_issuer) = py_dp.crl_issuer { - let gns = x509::common::encode_general_names(py, py_crl_issuer)?; - Some(x509::Asn1ReadableOrWritable::new_write( + let gns = x509::common::encode_general_names(py, &ka_bytes, &ka_str, &py_crl_issuer)?; + Some(common::Asn1ReadableOrWritable::new_write( asn1::SequenceOfWriter::new(gns), )) } else { None }; let distribution_point = if let Some(py_full_name) = py_dp.full_name { - let gns = x509::common::encode_general_names(py, py_full_name)?; - Some(certificate::DistributionPointName::FullName( - x509::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)), + let gns = x509::common::encode_general_names(py, &ka_bytes, &ka_str, &py_full_name)?; + Some(extensions::DistributionPointName::FullName( + common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)), )) } else if let Some(py_relative_name) = py_dp.relative_name { let mut name_entries = vec![]; for py_name_entry in py_relative_name.iter()? { - name_entries.push(x509::common::encode_name_entry(py, py_name_entry?)?); + let ne = x509::common::encode_name_entry(py, &ka_bytes, &py_name_entry?)?; + name_entries.push(ne); } - Some(certificate::DistributionPointName::NameRelativeToCRLIssuer( - x509::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)), + Some(extensions::DistributionPointName::NameRelativeToCRLIssuer( + common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)), )) } else { None }; let reasons = if let Some(py_reasons) = py_dp.reasons { - let reasons = certificate::encode_distribution_point_reasons(py, py_reasons)?; - Some(x509::Asn1ReadableOrWritable::new_write(reasons)) + let reasons = certificate::encode_distribution_point_reasons(py, &py_reasons)?; + Some(common::Asn1ReadableOrWritable::new_write(reasons)) } else { None }; - dps.push(certificate::DistributionPoint { + dps.push(extensions::DistributionPoint { crl_issuer, distribution_point, reasons, }); } - Ok(dps) + Ok(asn1::write_single(&asn1::SequenceOfWriter::new(dps))?) +} + +fn encode_basic_constraints(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult> { + #[derive(pyo3::FromPyObject)] + struct PyBasicConstraints { + ca: bool, + path_length: Option, + } + let pybc = ext.extract::()?; + let bc = extensions::BasicConstraints { + ca: pybc.ca, + path_length: pybc.path_length, + }; + Ok(asn1::write_single(&bc)?) +} + +fn encode_key_usage( + py: pyo3::Python<'_>, + ext: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let mut bs = [0, 0]; + certificate::set_bit( + &mut bs, + 0, + ext.getattr(pyo3::intern!(py, "digital_signature"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 1, + ext.getattr(pyo3::intern!(py, "content_commitment"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 2, + ext.getattr(pyo3::intern!(py, "key_encipherment"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 3, + ext.getattr(pyo3::intern!(py, "data_encipherment"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 4, + ext.getattr(pyo3::intern!(py, "key_agreement"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 5, + ext.getattr(pyo3::intern!(py, "key_cert_sign"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 6, + ext.getattr(pyo3::intern!(py, "crl_sign"))?.is_truthy()?, + ); + if ext + .getattr(pyo3::intern!(py, "key_agreement"))? + .is_truthy()? + { + certificate::set_bit( + &mut bs, + 7, + ext.getattr(pyo3::intern!(py, "encipher_only"))? + .is_truthy()?, + ); + certificate::set_bit( + &mut bs, + 8, + ext.getattr(pyo3::intern!(py, "decipher_only"))? + .is_truthy()?, + ); + } + let (bits, unused_bits) = if bs[1] == 0 { + if bs[0] == 0 { + (&[][..], 0) + } else { + (&bs[..1], bs[0].trailing_zeros() as u8) + } + } else { + (&bs[..], bs[1].trailing_zeros() as u8) + }; + let v = asn1::BitString::new(bits, unused_bits).unwrap(); + Ok(asn1::write_single(&v)?) +} + +fn encode_certificate_policies( + py: pyo3::Python<'_>, + ext: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let mut policy_informations = vec![]; + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); + for py_policy_info in ext.iter()? { + let py_policy_info = py_policy_info?; + let py_policy_qualifiers = + py_policy_info.getattr(pyo3::intern!(py, "policy_qualifiers"))?; + let qualifiers = if py_policy_qualifiers.is_truthy()? { + let mut qualifiers = vec![]; + for py_qualifier in py_policy_qualifiers.iter()? { + let py_qualifier = py_qualifier?; + let qualifier = if py_qualifier.is_instance_of::() { + let py_qualifier_str = ka_str.add(py_qualifier.extract::()?); + let cps_uri = match asn1::IA5String::new(py_qualifier_str) { + Some(s) => s, + None => { + return Err(pyo3::exceptions::PyValueError::new_err( + "Qualifier must be an ASCII-string.", + ) + .into()) + } + }; + extensions::PolicyQualifierInfo { + policy_qualifier_id: (oid::CP_CPS_URI_OID).clone(), + qualifier: extensions::Qualifier::CpsUri(cps_uri), + } + } else { + let py_notice = py_qualifier.getattr(pyo3::intern!(py, "notice_reference"))?; + let notice_ref = if py_notice.is_truthy()? { + let mut notice_numbers = vec![]; + for py_num in py_notice + .getattr(pyo3::intern!(py, "notice_numbers"))? + .iter()? + { + let bytes = ka_bytes + .add(py_uint_to_big_endian_bytes(ext.py(), py_num?.extract()?)?); + notice_numbers.push(asn1::BigUint::new(bytes).unwrap()); + } + let py_notice_str = ka_str.add( + py_notice + .getattr(pyo3::intern!(py, "organization"))? + .extract::()?, + ); + Some(extensions::NoticeReference { + organization: extensions::DisplayText::Utf8String( + asn1::Utf8String::new(py_notice_str), + ), + notice_numbers: common::Asn1ReadableOrWritable::new_write( + asn1::SequenceOfWriter::new(notice_numbers), + ), + }) + } else { + None + }; + let py_explicit_text = + py_qualifier.getattr(pyo3::intern!(py, "explicit_text"))?; + let explicit_text = if py_explicit_text.is_truthy()? { + let py_explicit_text_str = + ka_str.add(py_explicit_text.extract::()?); + Some(extensions::DisplayText::Utf8String(asn1::Utf8String::new( + py_explicit_text_str, + ))) + } else { + None + }; + + extensions::PolicyQualifierInfo { + policy_qualifier_id: (oid::CP_USER_NOTICE_OID).clone(), + qualifier: extensions::Qualifier::UserNotice(extensions::UserNotice { + notice_ref, + explicit_text, + }), + } + }; + qualifiers.push(qualifier); + } + Some(common::Asn1ReadableOrWritable::new_write( + asn1::SequenceOfWriter::new(qualifiers), + )) + } else { + None + }; + let py_policy_id = py_policy_info.getattr(pyo3::intern!(py, "policy_identifier"))?; + policy_informations.push(extensions::PolicyInformation { + policy_identifier: py_oid_to_oid(py_policy_id)?, + policy_qualifiers: qualifiers, + }); + } + Ok(asn1::write_single(&asn1::SequenceOfWriter::new( + policy_informations, + ))?) +} + +fn encode_issuing_distribution_point( + py: pyo3::Python<'_>, + ext: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); + + let only_some_reasons = if ext + .getattr(pyo3::intern!(py, "only_some_reasons"))? + .is_truthy()? + { + let py_reasons = ext.getattr(pyo3::intern!(py, "only_some_reasons"))?; + let reasons = certificate::encode_distribution_point_reasons(ext.py(), &py_reasons)?; + Some(common::Asn1ReadableOrWritable::new_write(reasons)) + } else { + None + }; + let distribution_point = if ext.getattr(pyo3::intern!(py, "full_name"))?.is_truthy()? { + let py_full_name = ext.getattr(pyo3::intern!(py, "full_name"))?; + let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, &py_full_name)?; + Some(extensions::DistributionPointName::FullName( + common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)), + )) + } else if ext + .getattr(pyo3::intern!(py, "relative_name"))? + .is_truthy()? + { + let mut name_entries = vec![]; + for py_name_entry in ext.getattr(pyo3::intern!(py, "relative_name"))?.iter()? { + let name_entry = x509::common::encode_name_entry(ext.py(), &ka_bytes, &py_name_entry?)?; + name_entries.push(name_entry); + } + Some(extensions::DistributionPointName::NameRelativeToCRLIssuer( + common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)), + )) + } else { + None + }; + + let idp = crl::IssuingDistributionPoint { + distribution_point, + indirect_crl: ext.getattr(pyo3::intern!(py, "indirect_crl"))?.extract()?, + only_contains_attribute_certs: ext + .getattr(pyo3::intern!(py, "only_contains_attribute_certs"))? + .extract()?, + only_contains_ca_certs: ext + .getattr(pyo3::intern!(py, "only_contains_ca_certs"))? + .extract()?, + only_contains_user_certs: ext + .getattr(pyo3::intern!(py, "only_contains_user_certs"))? + .extract()?, + only_some_reasons, + }; + Ok(asn1::write_single(&idp)?) +} + +fn encode_oid_sequence(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult> { + let mut oids = vec![]; + for el in ext.iter()? { + let oid = py_oid_to_oid(el?)?; + oids.push(oid); + } + Ok(asn1::write_single(&asn1::SequenceOfWriter::new(oids))?) +} + +fn encode_tls_features( + py: pyo3::Python<'_>, + ext: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult> { + // Ideally we'd skip building up a vec and just write directly into the + // writer. This isn't possible at the moment because the callback to write + // an asn1::Sequence can't return an error, and we need to handle errors + // from Python. + let mut els = vec![]; + for el in ext.iter()? { + els.push(el?.getattr(pyo3::intern!(py, "value"))?.extract::()?); + } + + Ok(asn1::write_single(&asn1::SequenceOfWriter::new(els))?) +} + +fn encode_scts(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult> { + let mut length = 0; + for sct in ext.iter()? { + let sct = sct?.downcast::()?.clone(); + length += sct.get().sct_data.len() + 2; + } + + let mut result = vec![]; + result.extend_from_slice(&(length as u16).to_be_bytes()); + for sct in ext.iter()? { + let sct = sct?.downcast::()?.clone(); + result.extend_from_slice(&(sct.get().sct_data.len() as u16).to_be_bytes()); + result.extend_from_slice(&sct.get().sct_data); + } + Ok(asn1::write_single(&result.as_slice())?) } pub(crate) fn encode_extension( py: pyo3::Python<'_>, oid: &asn1::ObjectIdentifier, - ext: &pyo3::PyAny, -) -> PyAsn1Result>> { + ext: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult>> { match oid { &oid::BASIC_CONSTRAINTS_OID => { - let bc = ext.extract::()?; - Ok(Some(asn1::write_single(&bc)?)) + let der = encode_basic_constraints(ext)?; + Ok(Some(der)) } &oid::SUBJECT_KEY_IDENTIFIER_OID => { let digest = ext - .getattr(crate::intern!(py, "digest"))? - .extract::<&[u8]>()?; - Ok(Some(asn1::write_single(&digest)?)) + .getattr(pyo3::intern!(py, "digest"))? + .extract::()?; + Ok(Some(asn1::write_single(&digest.as_ref())?)) } &oid::KEY_USAGE_OID => { - let mut bs = [0, 0]; - certificate::set_bit( - &mut bs, - 0, - ext.getattr(crate::intern!(py, "digital_signature"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 1, - ext.getattr(crate::intern!(py, "content_commitment"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 2, - ext.getattr(crate::intern!(py, "key_encipherment"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 3, - ext.getattr(crate::intern!(py, "data_encipherment"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 4, - ext.getattr(crate::intern!(py, "key_agreement"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 5, - ext.getattr(crate::intern!(py, "key_cert_sign"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 6, - ext.getattr(crate::intern!(py, "crl_sign"))?.is_true()?, - ); - if ext - .getattr(crate::intern!(py, "key_agreement"))? - .is_true()? - { - certificate::set_bit( - &mut bs, - 7, - ext.getattr(crate::intern!(py, "encipher_only"))? - .is_true()?, - ); - certificate::set_bit( - &mut bs, - 8, - ext.getattr(crate::intern!(py, "decipher_only"))? - .is_true()?, - ); - } - let (bits, unused_bits) = if bs[1] == 0 { - if bs[0] == 0 { - (&[][..], 0) - } else { - (&bs[..1], bs[0].trailing_zeros() as u8) - } - } else { - (&bs[..], bs[1].trailing_zeros() as u8) - }; - let v = asn1::BitString::new(bits, unused_bits).unwrap(); - Ok(Some(asn1::write_single(&v)?)) + let der = encode_key_usage(py, ext)?; + Ok(Some(der)) } &oid::AUTHORITY_INFORMATION_ACCESS_OID | &oid::SUBJECT_INFORMATION_ACCESS_OID => { - let ads = x509::common::encode_access_descriptions(ext.py(), ext)?; - Ok(Some(asn1::write_single(&ads)?)) + let der = x509::common::encode_access_descriptions(ext.py(), ext)?; + Ok(Some(der)) } - &oid::EXTENDED_KEY_USAGE_OID => { - let mut oids = vec![]; - for el in ext.iter()? { - let oid = py_oid_to_oid(el?)?; - oids.push(oid); - } - Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new( - oids, - ))?)) + &oid::EXTENDED_KEY_USAGE_OID | &oid::ACCEPTABLE_RESPONSES_OID => { + let der = encode_oid_sequence(ext)?; + Ok(Some(der)) } &oid::CERTIFICATE_POLICIES_OID => { - let mut policy_informations = vec![]; - for py_policy_info in ext.iter()? { - let py_policy_info = py_policy_info?; - let py_policy_qualifiers = - py_policy_info.getattr(crate::intern!(py, "policy_qualifiers"))?; - let qualifiers = if py_policy_qualifiers.is_true()? { - let mut qualifiers = vec![]; - for py_qualifier in py_policy_qualifiers.iter()? { - let py_qualifier = py_qualifier?; - let qualifier = if py_qualifier.is_instance::()? { - let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) { - Some(s) => s, - None => { - return Err(pyo3::exceptions::PyValueError::new_err( - "Qualifier must be an ASCII-string.", - ) - .into()) - } - }; - certificate::PolicyQualifierInfo { - policy_qualifier_id: (oid::CP_CPS_URI_OID).clone(), - qualifier: certificate::Qualifier::CpsUri(cps_uri), - } - } else { - let py_notice = - py_qualifier.getattr(crate::intern!(py, "notice_reference"))?; - let notice_ref = if py_notice.is_true()? { - let mut notice_numbers = vec![]; - for py_num in py_notice - .getattr(crate::intern!(py, "notice_numbers"))? - .iter()? - { - let bytes = - py_uint_to_big_endian_bytes(ext.py(), py_num?.downcast()?)?; - notice_numbers.push(asn1::BigUint::new(bytes).unwrap()); - } - - Some(certificate::NoticeReference { - organization: certificate::DisplayText::Utf8String( - asn1::Utf8String::new( - py_notice - .getattr(crate::intern!(py, "organization"))? - .extract()?, - ), - ), - notice_numbers: x509::Asn1ReadableOrWritable::new_write( - asn1::SequenceOfWriter::new(notice_numbers), - ), - }) - } else { - None - }; - let py_explicit_text = - py_qualifier.getattr(crate::intern!(py, "explicit_text"))?; - let explicit_text = if py_explicit_text.is_true()? { - Some(certificate::DisplayText::Utf8String(asn1::Utf8String::new( - py_explicit_text.extract()?, - ))) - } else { - None - }; - - certificate::PolicyQualifierInfo { - policy_qualifier_id: (oid::CP_USER_NOTICE_OID).clone(), - qualifier: certificate::Qualifier::UserNotice( - certificate::UserNotice { - notice_ref, - explicit_text, - }, - ), - } - }; - qualifiers.push(qualifier); - } - Some(x509::Asn1ReadableOrWritable::new_write( - asn1::SequenceOfWriter::new(qualifiers), - )) - } else { - None - }; - let py_policy_id = - py_policy_info.getattr(crate::intern!(py, "policy_identifier"))?; - policy_informations.push(certificate::PolicyInformation { - policy_identifier: py_oid_to_oid(py_policy_id)?, - policy_qualifiers: qualifiers, - }); - } - Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new( - policy_informations, - ))?)) + let der = encode_certificate_policies(py, ext)?; + Ok(Some(der)) } &oid::POLICY_CONSTRAINTS_OID => { - let pc = certificate::PolicyConstraints { + let pc = extensions::PolicyConstraints { require_explicit_policy: ext - .getattr(crate::intern!(py, "require_explicit_policy"))? + .getattr(pyo3::intern!(py, "require_explicit_policy"))? .extract()?, inhibit_policy_mapping: ext - .getattr(crate::intern!(py, "inhibit_policy_mapping"))? + .getattr(pyo3::intern!(py, "inhibit_policy_mapping"))? .extract()?, }; Ok(Some(asn1::write_single(&pc)?)) } &oid::NAME_CONSTRAINTS_OID => { - let permitted = ext.getattr(crate::intern!(py, "permitted_subtrees"))?; - let excluded = ext.getattr(crate::intern!(py, "excluded_subtrees"))?; - let nc = certificate::NameConstraints { - permitted_subtrees: encode_general_subtrees(ext.py(), permitted)?, - excluded_subtrees: encode_general_subtrees(ext.py(), excluded)?, + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); + + let permitted = ext.getattr(pyo3::intern!(py, "permitted_subtrees"))?; + let excluded = ext.getattr(pyo3::intern!(py, "excluded_subtrees"))?; + let nc = extensions::NameConstraints { + permitted_subtrees: encode_general_subtrees( + ext.py(), + &ka_bytes, + &ka_str, + &permitted, + )?, + excluded_subtrees: encode_general_subtrees( + ext.py(), + &ka_bytes, + &ka_str, + &excluded, + )?, }; Ok(Some(asn1::write_single(&nc)?)) } &oid::INHIBIT_ANY_POLICY_OID => { let intval = ext - .getattr(crate::intern!(py, "skip_certs"))? - .downcast::()?; + .getattr(pyo3::intern!(py, "skip_certs"))? + .downcast::()? + .clone(); let bytes = py_uint_to_big_endian_bytes(ext.py(), intval)?; Ok(Some(asn1::write_single( - &asn1::BigUint::new(bytes).unwrap(), + &asn1::BigUint::new(&bytes).unwrap(), )?)) } &oid::ISSUER_ALTERNATIVE_NAME_OID | &oid::SUBJECT_ALTERNATIVE_NAME_OID => { - let gns = x509::common::encode_general_names(ext.py(), ext)?; + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); + let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, ext)?; Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(gns))?)) } &oid::AUTHORITY_KEY_IDENTIFIER_OID => { - let aki = encode_authority_key_identifier(ext.py(), ext)?; - Ok(Some(asn1::write_single(&aki)?)) + let der = encode_authority_key_identifier(ext.py(), ext)?; + Ok(Some(der)) } &oid::FRESHEST_CRL_OID | &oid::CRL_DISTRIBUTION_POINTS_OID => { - let dps = encode_distribution_points(ext.py(), ext)?; - Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(dps))?)) + let der = encode_distribution_points(ext.py(), ext)?; + Ok(Some(der)) } &oid::OCSP_NO_CHECK_OID => Ok(Some(asn1::write_single(&())?)), &oid::TLS_FEATURE_OID => { - // Ideally we'd skip building up a vec and just write directly into the - // writer. This isn't possible at the moment because the callback to write - // an asn1::Sequence can't return an error, and we need to handle errors - // from Python. - let mut els = vec![]; - for el in ext.iter()? { - els.push(el?.getattr(crate::intern!(py, "value"))?.extract::()?); - } - - Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(els))?)) + let der = encode_tls_features(py, ext)?; + Ok(Some(der)) } &oid::PRECERT_POISON_OID => Ok(Some(asn1::write_single(&())?)), &oid::PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID | &oid::SIGNED_CERTIFICATE_TIMESTAMPS_OID => { - let mut length = 0; - for sct in ext.iter()? { - let sct = sct?.downcast::>()?; - length += sct.borrow().sct_data.len() + 2; - } - - let mut result = vec![]; - result.extend_from_slice(&(length as u16).to_be_bytes()); - for sct in ext.iter()? { - let sct = sct?.downcast::>()?; - result.extend_from_slice(&(sct.borrow().sct_data.len() as u16).to_be_bytes()); - result.extend_from_slice(&sct.borrow().sct_data); - } - Ok(Some(asn1::write_single(&result.as_slice())?)) + let der = encode_scts(ext)?; + Ok(Some(der)) } &oid::CRL_REASON_OID => { - let value = ext - .py() - .import("cryptography.hazmat.backends.openssl.decode_asn1")? - .getattr(crate::intern!(py, "_CRL_ENTRY_REASON_ENUM_TO_CODE"))? - .get_item(ext.getattr(crate::intern!(py, "reason"))?)? + let value = types::CRL_ENTRY_REASON_ENUM_TO_CODE + .get(ext.py())? + .get_item(ext.getattr(pyo3::intern!(py, "reason"))?)? .extract::()?; Ok(Some(asn1::write_single(&asn1::Enumerated::new(value))?)) } &oid::CERTIFICATE_ISSUER_OID => { - let gns = x509::common::encode_general_names(ext.py(), ext)?; + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + let ka_str = cryptography_keepalive::KeepAlive::new(); + let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, ext)?; Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(gns))?)) } &oid::INVALIDITY_DATE_OID => { - let chrono_dt = - x509::py_to_chrono(py, ext.getattr(crate::intern!(py, "invalidity_date"))?)?; - Ok(Some(asn1::write_single(&asn1::GeneralizedTime::new( - chrono_dt, - )?)?)) + let py_dt = ext.getattr(pyo3::intern!(py, "invalidity_date_utc"))?; + let dt = x509::py_to_datetime(py, py_dt)?; + Ok(Some(asn1::write_single(&asn1::GeneralizedTime::new(dt)?)?)) } &oid::CRL_NUMBER_OID | &oid::DELTA_CRL_INDICATOR_OID => { let intval = ext - .getattr(crate::intern!(py, "crl_number"))? - .downcast::()?; + .getattr(pyo3::intern!(py, "crl_number"))? + .downcast::()? + .clone(); let bytes = py_uint_to_big_endian_bytes(ext.py(), intval)?; Ok(Some(asn1::write_single( - &asn1::BigUint::new(bytes).unwrap(), + &asn1::BigUint::new(&bytes).unwrap(), )?)) } &oid::ISSUING_DISTRIBUTION_POINT_OID => { - let only_some_reasons = if ext - .getattr(crate::intern!(py, "only_some_reasons"))? - .is_true()? - { - let py_reasons = ext.getattr(crate::intern!(py, "only_some_reasons"))?; - let reasons = certificate::encode_distribution_point_reasons(ext.py(), py_reasons)?; - Some(x509::Asn1ReadableOrWritable::new_write(reasons)) - } else { - None - }; - let distribution_point = if ext.getattr(crate::intern!(py, "full_name"))?.is_true()? { - let py_full_name = ext.getattr(crate::intern!(py, "full_name"))?; - let gns = x509::common::encode_general_names(ext.py(), py_full_name)?; - Some(certificate::DistributionPointName::FullName( - x509::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)), - )) - } else if ext - .getattr(crate::intern!(py, "relative_name"))? - .is_true()? - { - let mut name_entries = vec![]; - for py_name_entry in ext.getattr(crate::intern!(py, "relative_name"))?.iter()? { - name_entries.push(x509::common::encode_name_entry(ext.py(), py_name_entry?)?); - } - Some(certificate::DistributionPointName::NameRelativeToCRLIssuer( - x509::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)), - )) - } else { - None - }; - - let idp = crl::IssuingDistributionPoint { - distribution_point, - indirect_crl: ext.getattr(crate::intern!(py, "indirect_crl"))?.extract()?, - only_contains_attribute_certs: ext - .getattr(crate::intern!(py, "only_contains_attribute_certs"))? - .extract()?, - only_contains_ca_certs: ext - .getattr(crate::intern!(py, "only_contains_ca_certs"))? - .extract()?, - only_contains_user_certs: ext - .getattr(crate::intern!(py, "only_contains_user_certs"))? - .extract()?, - only_some_reasons, - }; - Ok(Some(asn1::write_single(&idp)?)) + let der = encode_issuing_distribution_point(py, ext)?; + Ok(Some(der)) } &oid::NONCE_OID => { let nonce = ext - .getattr(crate::intern!(py, "nonce"))? - .extract::<&[u8]>()?; - Ok(Some(asn1::write_single(&nonce)?)) + .getattr(pyo3::intern!(py, "nonce"))? + .extract::()?; + Ok(Some(asn1::write_single(&nonce.as_ref())?)) + } + &oid::MS_CERTIFICATE_TEMPLATE => { + let py_template_id = ext.getattr(pyo3::intern!(py, "template_id"))?; + let mstpl = extensions::MSCertificateTemplate { + template_id: py_oid_to_oid(py_template_id)?, + major_version: ext.getattr(pyo3::intern!(py, "major_version"))?.extract()?, + minor_version: ext.getattr(pyo3::intern!(py, "minor_version"))?.extract()?, + }; + Ok(Some(asn1::write_single(&mstpl)?)) } _ => Ok(None), } diff --git a/src/rust/src/x509/mod.rs b/src/rust/src/x509/mod.rs index ee6c8d7..a1503ea 100644 --- a/src/rust/src/x509/mod.rs +++ b/src/rust/src/x509/mod.rs @@ -7,16 +7,14 @@ pub(crate) mod common; pub(crate) mod crl; pub(crate) mod csr; pub(crate) mod extensions; -mod ocsp; +pub(crate) mod ocsp; pub(crate) mod ocsp_req; pub(crate) mod ocsp_resp; -mod oid; pub(crate) mod sct; pub(crate) mod sign; +pub(crate) mod verify; -pub(crate) use certificate::Certificate; pub(crate) use common::{ - chrono_to_py, find_in_pem, parse_and_cache_extensions, parse_general_name, parse_general_names, - parse_name, parse_rdn, py_to_chrono, AlgorithmIdentifier, Asn1ReadableOrWritable, - AttributeTypeValue, Extensions, GeneralName, Name, Time, + datetime_to_py, datetime_to_py_utc, find_in_pem, parse_and_cache_extensions, + parse_general_name, parse_general_names, parse_name, parse_rdn, py_to_datetime, }; diff --git a/src/rust/src/x509/ocsp.rs b/src/rust/src/x509/ocsp.rs index 67bdca0..b632532 100644 --- a/src/rust/src/x509/ocsp.rs +++ b/src/rust/src/x509/ocsp.rs @@ -2,85 +2,133 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::PyAsn1Result; -use crate::x509; -use crate::x509::oid; -use once_cell::sync::Lazy; use std::collections::HashMap; -pub(crate) static OIDS_TO_HASH: Lazy> = Lazy::new(|| { +use cryptography_x509::common; +use cryptography_x509::ocsp_req::CertID; +use once_cell::sync::Lazy; +use pyo3::types::PyAnyMethods; + +use crate::backend::hashes::Hash; +use crate::error::CryptographyResult; +use crate::x509::certificate::Certificate; + +pub(crate) static ALGORITHM_PARAMETERS_TO_HASH: Lazy< + HashMap, &str>, +> = Lazy::new(|| { let mut h = HashMap::new(); - h.insert(&oid::SHA1_OID, "SHA1"); - h.insert(&oid::SHA224_OID, "SHA224"); - h.insert(&oid::SHA256_OID, "SHA256"); - h.insert(&oid::SHA384_OID, "SHA384"); - h.insert(&oid::SHA512_OID, "SHA512"); + h.insert(common::AlgorithmParameters::Sha1(None), "SHA1"); + h.insert(common::AlgorithmParameters::Sha1(Some(())), "SHA1"); + h.insert(common::AlgorithmParameters::Sha224(None), "SHA224"); + h.insert(common::AlgorithmParameters::Sha224(Some(())), "SHA224"); + h.insert(common::AlgorithmParameters::Sha256(None), "SHA256"); + h.insert(common::AlgorithmParameters::Sha256(Some(())), "SHA256"); + h.insert(common::AlgorithmParameters::Sha384(None), "SHA384"); + h.insert(common::AlgorithmParameters::Sha384(Some(())), "SHA384"); + h.insert(common::AlgorithmParameters::Sha512(None), "SHA512"); + h.insert(common::AlgorithmParameters::Sha512(Some(())), "SHA512"); h }); -pub(crate) static HASH_NAME_TO_OIDS: Lazy> = - Lazy::new(|| { - let mut h = HashMap::new(); - h.insert("sha1", &oid::SHA1_OID); - h.insert("sha224", &oid::SHA224_OID); - h.insert("sha256", &oid::SHA256_OID); - h.insert("sha384", &oid::SHA384_OID); - h.insert("sha512", &oid::SHA512_OID); - h - }); -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -pub(crate) struct CertID<'a> { - pub(crate) hash_algorithm: x509::AlgorithmIdentifier<'a>, - pub(crate) issuer_name_hash: &'a [u8], - pub(crate) issuer_key_hash: &'a [u8], - pub(crate) serial_number: asn1::BigInt<'a>, -} +pub(crate) static HASH_NAME_TO_ALGORITHM_IDENTIFIERS: Lazy< + HashMap<&str, common::AlgorithmIdentifier<'_>>, +> = Lazy::new(|| { + let mut h = HashMap::new(); + h.insert( + "sha1", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha1(Some(())), + }, + ); + h.insert( + "sha224", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha224(Some(())), + }, + ); + h.insert( + "sha256", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha256(Some(())), + }, + ); + h.insert( + "sha384", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha384(Some(())), + }, + ); + h.insert( + "sha512", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha512(Some(())), + }, + ); + h +}); + +pub(crate) fn certid_new<'p>( + py: pyo3::Python<'p>, + ka: &'p cryptography_keepalive::KeepAlive, + cert: &'p Certificate, + issuer: &'p Certificate, + hash_algorithm: &pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + let issuer_der = asn1::write_single(&cert.raw.borrow_dependent().tbs_cert.issuer)?; + let issuer_name_hash = + pyo3::pybacked::PyBackedBytes::from(hash_data(py, hash_algorithm, &issuer_der)?); + let issuer_key_hash = pyo3::pybacked::PyBackedBytes::from(hash_data( + py, + hash_algorithm, + issuer + .raw + .borrow_dependent() + .tbs_cert + .spki + .subject_public_key + .as_bytes(), + )?); -impl CertID<'_> { - pub(crate) fn new<'p>( - py: pyo3::Python<'p>, - cert: &'p x509::Certificate, - issuer: &'p x509::Certificate, - hash_algorithm: &'p pyo3::PyAny, - ) -> PyAsn1Result> { - let issuer_der = asn1::write_single(&cert.raw.borrow_value_public().tbs_cert.issuer)?; - let issuer_name_hash = hash_data(py, hash_algorithm, &issuer_der)?; - let issuer_key_hash = hash_data( - py, - hash_algorithm, - issuer - .raw - .borrow_value_public() - .tbs_cert - .spki - .subject_public_key - .as_bytes(), - )?; + Ok(CertID { + hash_algorithm: HASH_NAME_TO_ALGORITHM_IDENTIFIERS[&*hash_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::()?] + .clone(), + issuer_name_hash: ka.add(issuer_name_hash), + issuer_key_hash: ka.add(issuer_key_hash), + serial_number: cert.raw.borrow_dependent().tbs_cert.serial, + }) +} - Ok(CertID { - hash_algorithm: x509::AlgorithmIdentifier { - oid: HASH_NAME_TO_OIDS[hash_algorithm - .getattr(crate::intern!(py, "name"))? - .extract::<&str>()?] - .clone(), - params: Some(*x509::sign::NULL_TLV), - }, - issuer_name_hash, - issuer_key_hash, - serial_number: cert.raw.borrow_value_public().tbs_cert.serial, - }) - } +pub(crate) fn certid_new_from_hash<'p>( + py: pyo3::Python<'p>, + issuer_name_hash: &'p [u8], + issuer_key_hash: &'p [u8], + serial_number: asn1::BigInt<'p>, + hash_algorithm: pyo3::Bound<'p, pyo3::PyAny>, +) -> CryptographyResult> { + let hash_name = hash_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::()?; + Ok(CertID { + hash_algorithm: HASH_NAME_TO_ALGORITHM_IDENTIFIERS[&*hash_name].clone(), + issuer_name_hash, + issuer_key_hash, + serial_number, + }) } pub(crate) fn hash_data<'p>( py: pyo3::Python<'p>, - py_hash_alg: &'p pyo3::PyAny, + py_hash_alg: &pyo3::Bound<'p, pyo3::PyAny>, data: &[u8], -) -> pyo3::PyResult<&'p [u8]> { - let hash = py - .import("cryptography.hazmat.primitives.hashes")? - .getattr(crate::intern!(py, "Hash"))? - .call1((py_hash_alg,))?; - hash.call_method1("update", (data,))?; - hash.call_method0("finalize")?.extract() +) -> pyo3::PyResult> { + let mut h = Hash::new(py, py_hash_alg, None)?; + h.update_bytes(data)?; + Ok(h.finalize(py)?) } diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs index 92fe96f..7770fb9 100644 --- a/src/rust/src/x509/ocsp_req.rs +++ b/src/rust/src/x509/ocsp_req.rs @@ -2,32 +2,42 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{big_byte_slice_to_py_int, PyAsn1Error, PyAsn1Result}; -use crate::x509; -use crate::x509::{extensions, ocsp, oid}; -use std::sync::Arc; - -#[ouroboros::self_referencing] -struct OwnedRawOCSPRequest { - data: Arc<[u8]>, - #[borrows(data)] - #[covariant] - value: RawOCSPRequest<'this>, -} +use cryptography_x509::{ + common, + ocsp_req::{self, OCSPRequest as RawOCSPRequest}, + oid, +}; +use pyo3::types::{PyAnyMethods, PyListMethods}; + +use crate::asn1::{big_byte_slice_to_py_int, oid_to_py_oid, py_uint_to_big_endian_bytes}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::{extensions, ocsp}; +use crate::{exceptions, types, x509}; + +self_cell::self_cell!( + struct OwnedOCSPRequest { + owner: pyo3::Py, + #[covariant] + dependent: RawOCSPRequest, + } +); -#[pyo3::prelude::pyfunction] -fn load_der_ocsp_request(_py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result { - let raw = OwnedRawOCSPRequest::try_new(Arc::from(data), |data| asn1::parse_single(data))?; +#[pyo3::pyfunction] +pub(crate) fn load_der_ocsp_request( + py: pyo3::Python<'_>, + data: pyo3::Py, +) -> CryptographyResult { + let raw = OwnedOCSPRequest::try_new(data, |data| asn1::parse_single(data.as_bytes(py)))?; if raw - .borrow_value() + .borrow_dependent() .tbs_request .request_list .unwrap_read() .len() != 1 { - return Err(PyAsn1Error::from( + return Err(CryptographyError::from( pyo3::exceptions::PyNotImplementedError::new_err( "OCSP request contains more than one request", ), @@ -36,21 +46,21 @@ fn load_der_ocsp_request(_py: pyo3::Python<'_>, data: &[u8]) -> PyAsn1Result, + cached_extensions: pyo3::sync::GILOnceCell, } impl OCSPRequest { - fn cert_id(&self) -> ocsp::CertID<'_> { + fn cert_id(&self) -> ocsp_req::CertID<'_> { self.raw - .borrow_value() + .borrow_dependent() .tbs_request .request_list .unwrap_read() @@ -61,7 +71,7 @@ impl OCSPRequest { } } -#[pyo3::prelude::pymethods] +#[pyo3::pymethods] impl OCSPRequest { #[getter] fn issuer_name_hash(&self) -> &[u8] { @@ -74,50 +84,64 @@ impl OCSPRequest { } #[getter] - fn hash_algorithm<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { + fn hash_algorithm<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { let cert_id = self.cert_id(); - let hashes = py.import("cryptography.hazmat.primitives.hashes")?; - match ocsp::OIDS_TO_HASH.get(&cert_id.hash_algorithm.oid) { - Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; - Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - exceptions - .getattr(crate::intern!(py, "UnsupportedAlgorithm"))? - .call1((format!( - "Signature algorithm OID: {} not recognized", - cert_id.hash_algorithm.oid - ),))?, - ))) - } + match ocsp::ALGORITHM_PARAMETERS_TO_HASH.get(&cert_id.hash_algorithm.params) { + Some(alg_name) => Ok(types::HASHES_MODULE.get(py)?.getattr(*alg_name)?.call0()?), + None => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(format!( + "Signature algorithm OID: {} not recognized", + cert_id.hash_algorithm.oid() + )), + )), } } #[getter] - fn serial_number<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { + fn serial_number<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { let bytes = self.cert_id().serial_number.as_bytes(); Ok(big_byte_slice_to_py_int(py, bytes)?) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { - let x509_module = py.import("cryptography.x509")?; + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { + let tbs_request = &self.raw.borrow_dependent().tbs_request; + x509::parse_and_cache_extensions( py, - &mut self.cached_extensions, - &self.raw.borrow_value().tbs_request.request_extensions, - |oid, value| { - match oid { - &oid::NONCE_OID => { + &self.cached_extensions, + &tbs_request.raw_request_extensions, + |ext| { + match ext.extn_id { + oid::NONCE_OID => { // This is a disaster. RFC 2560 says that the contents of the nonce is // just the raw extension value. This is nonsense, since they're always // supposed to be ASN.1 TLVs. RFC 6960 correctly specifies that the // nonce is an OCTET STRING, and so you should unwrap the TLV to get // the nonce. So we try parsing as a TLV and fall back to just using // the raw value. - let nonce = asn1::parse_single::<&[u8]>(value).unwrap_or(value); - Ok(Some(x509_module.call_method1("OCSPNonce", (nonce,))?)) + let nonce = ext.value::<&[u8]>().unwrap_or(ext.extn_value); + Ok(Some(types::OCSP_NONCE.get(py)?.call1((nonce,))?)) + } + oid::ACCEPTABLE_RESPONSES_OID => { + let oids = ext.value::>()?; + let py_oids = pyo3::types::PyList::empty_bound(py); + for oid in oids { + py_oids.append(oid_to_py_oid(py, &oid)?)?; + } + + Ok(Some( + types::OCSP_ACCEPTABLE_RESPONSES + .get(py)? + .call1((py_oids,))?, + )) } _ => Ok(None), } @@ -128,92 +152,79 @@ impl OCSPRequest { fn public_bytes<'p>( &self, py: pyo3::Python<'p>, - encoding: &pyo3::PyAny, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let der = py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; - if encoding != der { + encoding: &pyo3::Bound<'p, pyo3::PyAny>, + ) -> CryptographyResult> { + if !encoding.is(&types::ENCODING_DER.get(py)?) { return Err(pyo3::exceptions::PyValueError::new_err( "The only allowed encoding value is Encoding.DER", ) .into()); } - let result = asn1::write_single(self.raw.borrow_value())?; - Ok(pyo3::types::PyBytes::new(py, &result)) + let result = asn1::write_single(self.raw.borrow_dependent())?; + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct RawOCSPRequest<'a> { - tbs_request: TBSRequest<'a>, - // Parsing out the full structure, which includes the entirety of a - // certificate is more trouble than it's worth, since it's not in the - // Python API. - #[explicit(0)] - optional_signature: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct TBSRequest<'a> { - #[explicit(0)] - #[default(0)] - version: u8, - #[explicit(1)] - requestor_name: Option>, - request_list: x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, Request<'a>>, - asn1::SequenceOfWriter<'a, Request<'a>>, - >, - #[explicit(2)] - request_extensions: Option>, -} - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct Request<'a> { - req_cert: ocsp::CertID<'a>, - #[explicit(0)] - single_request_extensions: Option>, -} - -#[pyo3::prelude::pyfunction] -fn create_ocsp_request(py: pyo3::Python<'_>, builder: &pyo3::PyAny) -> PyAsn1Result { - let (py_cert, py_issuer, py_hash): ( - pyo3::PyRef<'_, x509::Certificate>, - pyo3::PyRef<'_, x509::Certificate>, - &pyo3::PyAny, - ) = builder.getattr(crate::intern!(py, "_request"))?.extract()?; +#[pyo3::pyfunction] +pub(crate) fn create_ocsp_request( + py: pyo3::Python<'_>, + builder: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let builder_request = builder.getattr(pyo3::intern!(py, "_request"))?; + let serial_number_bytes; + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); + + // Declare outside the if-block so the lifetimes are right. + let (py_cert, py_issuer, py_hash, issuer_name_hash, issuer_key_hash): ( + pyo3::PyRef<'_, x509::certificate::Certificate>, + pyo3::PyRef<'_, x509::certificate::Certificate>, + pyo3::Bound<'_, pyo3::PyAny>, + pyo3::pybacked::PyBackedBytes, + pyo3::pybacked::PyBackedBytes, + ); + let req_cert = if !builder_request.is_none() { + (py_cert, py_issuer, py_hash) = builder_request.extract()?; + ocsp::certid_new(py, &ka_bytes, &py_cert, &py_issuer, &py_hash)? + } else { + let py_serial: pyo3::Bound<'_, pyo3::types::PyLong>; + (issuer_name_hash, issuer_key_hash, py_serial, py_hash) = builder + .getattr(pyo3::intern!(py, "_request_hash"))? + .extract()?; + serial_number_bytes = py_uint_to_big_endian_bytes(py, py_serial)?; + let serial_number = asn1::BigInt::new(&serial_number_bytes).unwrap(); + ocsp::certid_new_from_hash( + py, + &issuer_name_hash, + &issuer_key_hash, + serial_number, + py_hash, + )? + }; let extensions = x509::common::encode_extensions( py, - builder.getattr(crate::intern!(py, "_extensions"))?, + &ka_vec, + &ka_bytes, + &builder.getattr(pyo3::intern!(py, "_extensions"))?, extensions::encode_extension, )?; - let reqs = [Request { - req_cert: ocsp::CertID::new(py, &py_cert, &py_issuer, py_hash)?, + let reqs = [ocsp_req::Request { + req_cert, single_request_extensions: None, }]; - let ocsp_req = RawOCSPRequest { - tbs_request: TBSRequest { + let ocsp_req = ocsp_req::OCSPRequest { + tbs_request: ocsp_req::TBSRequest { version: 0, requestor_name: None, - request_list: x509::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( + request_list: common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( &reqs, )), - request_extensions: extensions, + raw_request_extensions: extensions, }, optional_signature: None, }; let data = asn1::write_single(&ocsp_req)?; - // TODO: extra copy as we round-trip through a slice - load_der_ocsp_request(py, &data) -} - -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(load_der_ocsp_request))?; - module.add_wrapped(pyo3::wrap_pyfunction!(create_ocsp_request))?; - - Ok(()) + load_der_ocsp_request(py, pyo3::types::PyBytes::new_bound(py, &data).unbind()) } diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs index 22d2940..955bf35 100644 --- a/src/rust/src/x509/ocsp_resp.rs +++ b/src/rust/src/x509/ocsp_resp.rs @@ -2,76 +2,88 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::{big_byte_slice_to_py_int, oid_to_py_oid, PyAsn1Error, PyAsn1Result}; -use crate::x509; -use crate::x509::{certificate, crl, extensions, ocsp, oid, py_to_chrono, sct}; -use chrono::Timelike; use std::sync::Arc; +use cryptography_x509::ocsp_resp::SingleResponse; +use cryptography_x509::{ + common, + ocsp_resp::{self, OCSPResponse as RawOCSPResponse, SingleResponse as RawSingleResponse}, + oid, +}; +use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods}; + +use crate::asn1::{big_byte_slice_to_py_int, oid_to_py_oid}; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::x509::{certificate, crl, extensions, ocsp, py_to_datetime, sct}; +use crate::{exceptions, types, x509}; + const BASIC_RESPONSE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 1); -#[pyo3::prelude::pyfunction] -fn load_der_ocsp_response(_py: pyo3::Python<'_>, data: &[u8]) -> Result { - let raw = OwnedRawOCSPResponse::try_new( - Arc::from(data), - |data| Ok(asn1::parse_single(data)?), - |_data, response| match response.response_status.value() { - SUCCESSFUL_RESPONSE => match response.response_bytes { - Some(ref bytes) => { - if bytes.response_type == BASIC_RESPONSE_OID { - Ok(asn1::parse_single(bytes.response)?) - } else { - Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( +#[pyo3::pyfunction] +pub(crate) fn load_der_ocsp_response( + py: pyo3::Python<'_>, + data: pyo3::Py, +) -> Result { + let raw = OwnedOCSPResponse::try_new(data, |data| asn1::parse_single(data.as_bytes(py)))?; + + let response = raw.borrow_dependent(); + match response.response_status.value() { + SUCCESSFUL_RESPONSE => match response.response_bytes { + Some(ref bytes) => { + if bytes.response_type != BASIC_RESPONSE_OID { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( "Successful OCSP response does not contain a BasicResponse", - ))) - } + ), + )); } - None => Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Successful OCSP response does not contain a BasicResponse", - ))), - }, - MALFORMED_REQUEST_RESPOSNE - | INTERNAL_ERROR_RESPONSE - | TRY_LATER_RESPONSE - | SIG_REQUIRED_RESPONSE - | UNAUTHORIZED_RESPONSE => Ok(None), - _ => Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "OCSP response has an unknown status code", - ))), + } + None => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Successful OCSP response does not contain a BasicResponse", + ), + )) + } }, - )?; - + MALFORMED_REQUEST_RESPONSE + | INTERNAL_ERROR_RESPONSE + | TRY_LATER_RESPONSE + | SIG_REQUIRED_RESPONSE + | UNAUTHORIZED_RESPONSE => {} + _ => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("OCSP response has an unknown status code"), + )) + } + }; Ok(OCSPResponse { raw: Arc::new(raw), - cached_extensions: None, - cached_single_extensions: None, + cached_extensions: pyo3::sync::GILOnceCell::new(), + cached_single_extensions: pyo3::sync::GILOnceCell::new(), }) } -#[ouroboros::self_referencing] -struct OwnedRawOCSPResponse { - data: Arc<[u8]>, - #[borrows(data)] - #[covariant] - value: RawOCSPResponse<'this>, - - #[borrows(data, value)] - #[covariant] - basic_response: Option>, -} +self_cell::self_cell!( + struct OwnedOCSPResponse { + owner: pyo3::Py, + #[covariant] + dependent: RawOCSPResponse, + } +); -#[pyo3::prelude::pyclass] -struct OCSPResponse { - raw: Arc, +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.ocsp")] +pub(crate) struct OCSPResponse { + raw: Arc, - cached_extensions: Option, - cached_single_extensions: Option, + cached_extensions: pyo3::sync::GILOnceCell, + cached_single_extensions: pyo3::sync::GILOnceCell, } impl OCSPResponse { - fn requires_successful_response(&self) -> pyo3::PyResult<&BasicOCSPResponse<'_>> { - match self.raw.borrow_basic_response() { - Some(b) => Ok(b), + fn requires_successful_response(&self) -> pyo3::PyResult<&ocsp_resp::BasicOCSPResponse<'_>> { + match self.raw.borrow_dependent().response_bytes.as_ref() { + Some(b) => Ok(b.response.get()), None => Err(pyo3::exceptions::PyValueError::new_err( "OCSP response status is not successful so the property has no value", )), @@ -80,24 +92,27 @@ impl OCSPResponse { } const SUCCESSFUL_RESPONSE: u32 = 0; -const MALFORMED_REQUEST_RESPOSNE: u32 = 1; +const MALFORMED_REQUEST_RESPONSE: u32 = 1; const INTERNAL_ERROR_RESPONSE: u32 = 2; const TRY_LATER_RESPONSE: u32 = 3; // 4 is unused const SIG_REQUIRED_RESPONSE: u32 = 5; const UNAUTHORIZED_RESPONSE: u32 = 6; -#[pyo3::prelude::pymethods] +#[pyo3::pymethods] impl OCSPResponse { #[getter] - fn responses(&self) -> Result { + fn responses(&self) -> Result { self.requires_successful_response()?; Ok(OCSPResponseIterator { contents: OwnedOCSPResponseIteratorData::try_new(Arc::clone(&self.raw), |v| { Ok::<_, ()>( - v.borrow_basic_response() + v.borrow_dependent() + .response_bytes .as_ref() .unwrap() + .response + .get() .tbs_response_data .responses .unwrap_read() @@ -109,11 +124,14 @@ impl OCSPResponse { } #[getter] - fn response_status<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let status = self.raw.borrow_value().response_status.value(); + fn response_status<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let status = self.raw.borrow_dependent().response_status.value(); let attr = if status == SUCCESSFUL_RESPONSE { "SUCCESSFUL" - } else if status == MALFORMED_REQUEST_RESPOSNE { + } else if status == MALFORMED_REQUEST_RESPONSE { "MALFORMED_REQUEST" } else if status == INTERNAL_ERROR_RESPONSE { "INTERNAL_ERROR" @@ -125,95 +143,136 @@ impl OCSPResponse { assert_eq!(status, UNAUTHORIZED_RESPONSE); "UNAUTHORIZED" }; - py.import("cryptography.x509.ocsp")? - .getattr(crate::intern!(py, "OCSPResponseStatus"))? - .getattr(attr) + types::OCSP_RESPONSE_STATUS.get(py)?.getattr(attr) } #[getter] - fn responder_name<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn responder_name<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; match resp.tbs_response_data.responder_id { - ResponderId::ByName(ref name) => Ok(x509::parse_name(py, name)?), - ResponderId::ByKey(_) => Ok(py.None().into_ref(py)), + ocsp_resp::ResponderId::ByName(ref name) => { + Ok(x509::parse_name(py, name.unwrap_read())?) + } + ocsp_resp::ResponderId::ByKey(_) => Ok(py.None().into_bound(py)), } } #[getter] - fn responder_key_hash<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn responder_key_hash<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; match resp.tbs_response_data.responder_id { - ResponderId::ByKey(key_hash) => Ok(pyo3::types::PyBytes::new(py, key_hash).as_ref()), - ResponderId::ByName(_) => Ok(py.None().into_ref(py)), + ocsp_resp::ResponderId::ByKey(key_hash) => { + Ok(pyo3::types::PyBytes::new_bound(py, key_hash).into_any()) + } + ocsp_resp::ResponderId::ByName(_) => Ok(py.None().into_bound(py)), } } #[getter] - fn produced_at<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn produced_at<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to produced_at_utc.", + 1, + )?; let resp = self.requires_successful_response()?; - x509::chrono_to_py(py, resp.tbs_response_data.produced_at.as_chrono()) + x509::datetime_to_py(py, resp.tbs_response_data.produced_at.as_datetime()) } #[getter] - fn signature_algorithm_oid<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn produced_at_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; - oid_to_py_oid(py, &resp.signature_algorithm.oid) + x509::datetime_to_py_utc(py, resp.tbs_response_data.produced_at.as_datetime()) + } + + #[getter] + fn signature_algorithm_oid<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let resp = self.requires_successful_response()?; + oid_to_py_oid(py, resp.signature_algorithm.oid()) } #[getter] fn signature_hash_algorithm<'p>( &self, py: pyo3::Python<'p>, - ) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let sig_oids_to_hash = py - .import("cryptography.hazmat._oid")? - .getattr(crate::intern!(py, "_SIG_OIDS_TO_HASH"))?; - let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?); + ) -> Result, CryptographyError> { + let hash_alg = types::SIG_OIDS_TO_HASH + .get(py)? + .get_item(self.signature_algorithm_oid(py)?); match hash_alg { Ok(data) => Ok(data), Err(_) => { - let exc_messsage = format!( + let exc_message = format!( "Signature algorithm OID: {} not recognized", - self.requires_successful_response()?.signature_algorithm.oid + self.requires_successful_response()? + .signature_algorithm + .oid() ); - Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - py.import("cryptography.exceptions")? - .call_method1("UnsupportedAlgorithm", (exc_messsage,))?, - ))) + Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(exc_message), + )) } } } #[getter] - fn signature<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { + fn signature<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; - Ok(pyo3::types::PyBytes::new(py, resp.signature.as_bytes())) + Ok(pyo3::types::PyBytes::new_bound( + py, + resp.signature.as_bytes(), + )) } #[getter] fn tbs_response_bytes<'p>( &self, py: pyo3::Python<'p>, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { + ) -> CryptographyResult> { let resp = self.requires_successful_response()?; let result = asn1::write_single(&resp.tbs_response_data)?; - Ok(pyo3::types::PyBytes::new(py, &result)) + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } #[getter] - fn certificates<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { + fn certificates<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { let resp = self.requires_successful_response()?; - let py_certs = pyo3::types::PyList::empty(py); + let py_certs = pyo3::types::PyList::empty_bound(py); let certs = match &resp.certs { Some(certs) => certs.unwrap_read(), None => return Ok(py_certs), }; for i in 0..certs.len() { // TODO: O(n^2), don't have too many certificates! - let raw_cert = map_arc_data_ocsp_response(&self.raw, |_data, _resp, basic_response| { - basic_response + let raw_cert = map_arc_data_ocsp_response(py, &self.raw, |_data, resp| { + resp.response_bytes .as_ref() .unwrap() + .response + .get() .certs .as_ref() .unwrap() @@ -222,11 +281,11 @@ impl OCSPResponse { .nth(i) .unwrap() }); - py_certs.append(pyo3::PyCell::new( + py_certs.append(pyo3::Bound::new( py, - x509::Certificate { + x509::certificate::Certificate { raw: raw_cert, - cached_extensions: None, + cached_extensions: pyo3::sync::GILOnceCell::new(), }, )?)?; } @@ -234,83 +293,160 @@ impl OCSPResponse { } #[getter] - fn serial_number<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn serial_number<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_serial_number(py) + let single_resp = single_response(resp)?; + singleresp_py_serial_number(&single_resp, py) } #[getter] - fn issuer_key_hash(&self) -> Result<&[u8], PyAsn1Error> { + fn issuer_key_hash(&self) -> Result<&[u8], CryptographyError> { let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; + let single_resp = single_response(resp)?; Ok(single_resp.cert_id.issuer_key_hash) } #[getter] - fn issuer_name_hash(&self) -> Result<&[u8], PyAsn1Error> { + fn issuer_name_hash(&self) -> Result<&[u8], CryptographyError> { let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; + let single_resp = single_response(resp)?; Ok(single_resp.cert_id.issuer_name_hash) } #[getter] - fn hash_algorithm<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { + fn hash_algorithm<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { + let resp = self.requires_successful_response()?; + let single_resp = single_response(resp)?; + singleresp_py_hash_algorithm(&single_resp, py) + } + + #[getter] + fn certificate_status<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let resp = self.requires_successful_response()?; + let single_resp = single_response(resp)?; + singleresp_py_certificate_status(&single_resp, py) + } + + #[getter] + fn revocation_time<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to revocation_time_utc.", + 1, + )?; let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_hash_algorithm(py) + let single_resp = single_response(resp)?; + singleresp_py_revocation_time(&single_resp, py) } #[getter] - fn certificate_status<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn revocation_time_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; - resp.single_response()?.py_certificate_status(py) + let single_resp = single_response(resp)?; + singleresp_py_revocation_time_utc(&single_resp, py) } #[getter] - fn revocation_time<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn revocation_reason<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_revocation_time(py) + let single_resp = single_response(resp)?; + singleresp_py_revocation_reason(&single_resp, py) } #[getter] - fn revocation_reason<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { + fn this_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.", + 1, + )?; let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_revocation_reason(py) + let single_resp = single_response(resp)?; + singleresp_py_this_update(&single_resp, py) } #[getter] - fn this_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn this_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_this_update(py) + let single_resp = single_response(resp)?; + singleresp_py_this_update_utc(&single_resp, py) } #[getter] - fn next_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { + fn next_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.", + 1, + )?; let resp = self.requires_successful_response()?; - let single_resp = resp.single_response()?; - single_resp.py_next_update(py) + let single_resp = single_response(resp)?; + singleresp_py_next_update(&single_resp, py) } #[getter] - fn extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { + fn next_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let resp = self.requires_successful_response()?; + let single_resp = single_response(resp)?; + singleresp_py_next_update_utc(&single_resp, py) + } + + #[getter] + fn extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { self.requires_successful_response()?; - let x509_module = py.import("cryptography.x509")?; + + let response_data = &self + .raw + .borrow_dependent() + .response_bytes + .as_ref() + .unwrap() + .response + .get() + .tbs_response_data; + x509::parse_and_cache_extensions( py, - &mut self.cached_extensions, - &self - .raw - .borrow_basic_response() - .as_ref() - .unwrap() - .tbs_response_data - .response_extensions, - |oid, ext_data| { - match oid { + &self.cached_extensions, + &response_data.raw_response_extensions, + |ext| { + match &ext.extn_id { &oid::NONCE_OID => { // This is a disaster. RFC 2560 says that the contents of the nonce is // just the raw extension value. This is nonsense, since they're always @@ -318,8 +454,8 @@ impl OCSPResponse { // nonce is an OCTET STRING, and so you should unwrap the TLV to get // the nonce. So we try parsing as a TLV and fall back to just using // the raw value. - let nonce = asn1::parse_single::<&[u8]>(ext_data).unwrap_or(ext_data); - Ok(Some(x509_module.call_method1("OCSPNonce", (nonce,))?)) + let nonce = ext.value::<&[u8]>().unwrap_or(ext.extn_value); + Ok(Some(types::OCSP_NONCE.get(py)?.call1((nonce,))?)) } _ => Ok(None), } @@ -328,30 +464,33 @@ impl OCSPResponse { } #[getter] - fn single_extensions(&mut self, py: pyo3::Python<'_>) -> pyo3::PyResult { + fn single_extensions(&self, py: pyo3::Python<'_>) -> pyo3::PyResult { self.requires_successful_response()?; - let single_resp = self - .raw - .borrow_basic_response() - .as_ref() - .unwrap() - .single_response()?; - let x509_module = py.import("cryptography.x509")?; + let single_resp = single_response( + self.raw + .borrow_dependent() + .response_bytes + .as_ref() + .unwrap() + .response + .get(), + )?; + x509::parse_and_cache_extensions( py, - &mut self.cached_single_extensions, - &single_resp.single_extensions, - |oid, ext_data| match oid { + &self.cached_single_extensions, + &single_resp.raw_single_extensions, + |ext| match &ext.extn_id { &oid::SIGNED_CERTIFICATE_TIMESTAMPS_OID => { - let contents = asn1::parse_single::<&[u8]>(ext_data)?; + let contents = ext.value::<&[u8]>()?; let scts = sct::parse_scts(py, contents, sct::LogEntryType::Certificate)?; Ok(Some( - x509_module - .getattr(crate::intern!(py, "SignedCertificateTimestamps"))? + types::SIGNED_CERTIFICATE_TIMESTAMPS + .get(py)? .call1((scts,))?, )) } - _ => crl::parse_crl_entry_ext(py, oid.clone(), ext_data), + _ => crl::parse_crl_entry_ext(py, ext), }, ) } @@ -359,441 +498,408 @@ impl OCSPResponse { fn public_bytes<'p>( &self, py: pyo3::Python<'p>, - encoding: &pyo3::PyAny, - ) -> PyAsn1Result<&'p pyo3::types::PyBytes> { - let der = py - .import("cryptography.hazmat.primitives.serialization")? - .getattr(crate::intern!(py, "Encoding"))? - .getattr(crate::intern!(py, "DER"))?; - if encoding != der { + encoding: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult> { + if !encoding.is(&types::ENCODING_DER.get(py)?) { return Err(pyo3::exceptions::PyValueError::new_err( "The only allowed encoding value is Encoding.DER", ) .into()); } - let result = asn1::write_single(self.raw.borrow_value())?; - Ok(pyo3::types::PyBytes::new(py, &result)) + let result = asn1::write_single(self.raw.borrow_dependent())?; + Ok(pyo3::types::PyBytes::new_bound(py, &result)) } } // Open-coded implementation of the API discussed in // https://github.com/joshua-maros/ouroboros/issues/38 fn map_arc_data_ocsp_response( - it: &OwnedRawOCSPResponse, + py: pyo3::Python<'_>, + it: &OwnedOCSPResponse, f: impl for<'this> FnOnce( &'this [u8], - &RawOCSPResponse<'this>, - &Option>, - ) -> certificate::RawCertificate<'this>, -) -> certificate::OwnedRawCertificate { - certificate::OwnedRawCertificate::new_public(Arc::clone(it.borrow_data()), |inner_it| { - it.with(|value| { - f( - inner_it, - unsafe { std::mem::transmute(value.value) }, - unsafe { std::mem::transmute(value.basic_response) }, - ) + &ocsp_resp::OCSPResponse<'this>, + ) -> cryptography_x509::certificate::Certificate<'this>, +) -> certificate::OwnedCertificate { + certificate::OwnedCertificate::new(it.borrow_owner().clone_ref(py), |inner_it| { + it.with_dependent(|_, value| { + // SAFETY: This is safe because `Arc::clone` ensures the data is + // alive, but Rust doesn't understand the lifetime relationship it + // produces. Open-coded implementation of the API discussed in + // https://github.com/joshua-maros/ouroboros/issues/38 + f(inner_it.as_bytes(py), unsafe { + std::mem::transmute::<&ocsp_resp::OCSPResponse<'_>, &ocsp_resp::OCSPResponse<'_>>( + value, + ) + }) }) }) } fn try_map_arc_data_mut_ocsp_response_iterator( it: &mut OwnedOCSPResponseIteratorData, f: impl for<'this> FnOnce( - &'this OwnedRawOCSPResponse, - &mut asn1::SequenceOf<'this, SingleResponse<'this>>, - ) -> Result, E>, + &'this OwnedOCSPResponse, + &mut asn1::SequenceOf<'this, ocsp_resp::SingleResponse<'this>>, + ) -> Result, E>, ) -> Result { - OwnedSingleResponse::try_new(Arc::clone(it.borrow_data()), |inner_it| { - it.with_value_mut(|value| f(inner_it, unsafe { std::mem::transmute(value) })) + OwnedSingleResponse::try_new(Arc::clone(it.borrow_owner()), |inner_it| { + it.with_dependent_mut(|_, value| { + // SAFETY: This is safe because `Arc::clone` ensures the data is + // alive, but Rust doesn't understand the lifetime relationship it + // produces. Open-coded implementation of the API discussed in + // https://github.com/joshua-maros/ouroboros/issues/38 + f(inner_it, unsafe { + std::mem::transmute::< + &mut asn1::SequenceOf<'_, ocsp_resp::SingleResponse<'_>>, + &mut asn1::SequenceOf<'_, ocsp_resp::SingleResponse<'_>>, + >(value) + }) + }) }) } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct RawOCSPResponse<'a> { - response_status: asn1::Enumerated, - #[explicit(0)] - response_bytes: Option>, -} +fn single_response<'a>( + resp: &ocsp_resp::BasicOCSPResponse<'a>, +) -> Result, CryptographyError> { + let responses = resp.tbs_response_data.responses.unwrap_read(); + let num_responses = responses.len(); + + if num_responses != 1 { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "OCSP response contains {num_responses} SINGLERESP structures. Use .response_iter to iterate through them" + )) + )); + } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct ResponseBytes<'a> { - response_type: asn1::ObjectIdentifier, - response: &'a [u8], + Ok(responses.clone().next().unwrap()) } -type OCSPCerts<'a> = Option< - x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, certificate::RawCertificate<'a>>, - asn1::SequenceOfWriter< - 'a, - certificate::RawCertificate<'a>, - Vec>, - >, - >, ->; - -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct BasicOCSPResponse<'a> { - tbs_response_data: ResponseData<'a>, - signature_algorithm: x509::AlgorithmIdentifier<'a>, - signature: asn1::BitString<'a>, - #[explicit(0)] - certs: OCSPCerts<'a>, +fn singleresp_py_serial_number<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + big_byte_slice_to_py_int(py, resp.cert_id.serial_number.as_bytes()) } -impl BasicOCSPResponse<'_> { - fn single_response(&self) -> Result, PyAsn1Error> { - let responses = self.tbs_response_data.responses.unwrap_read(); - let num_responses = responses.len(); - - if num_responses != 1 { - return Err(PyAsn1Error::from( - pyo3::exceptions::PyValueError::new_err(format!( - "OCSP response contains {} SINGLERESP structures. Use .response_iter to iterate through them", - num_responses - )) - )); - } - - Ok(responses.clone().next().unwrap()) - } +fn singleresp_py_certificate_status<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + let attr = match resp.cert_status { + ocsp_resp::CertStatus::Good(_) => pyo3::intern!(py, "GOOD"), + ocsp_resp::CertStatus::Revoked(_) => pyo3::intern!(py, "REVOKED"), + ocsp_resp::CertStatus::Unknown(_) => pyo3::intern!(py, "UNKNOWN"), + }; + types::OCSP_CERT_STATUS.get(py)?.getattr(attr) } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct ResponseData<'a> { - #[explicit(0)] - #[default(0)] - version: u8, - responder_id: ResponderId<'a>, - produced_at: asn1::GeneralizedTime, - responses: x509::Asn1ReadableOrWritable< - 'a, - asn1::SequenceOf<'a, SingleResponse<'a>>, - asn1::SequenceOfWriter<'a, SingleResponse<'a>, Vec>>, - >, - #[explicit(1)] - response_extensions: Option>, +fn singleresp_py_hash_algorithm<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> Result, CryptographyError> { + match ocsp::ALGORITHM_PARAMETERS_TO_HASH.get(&resp.cert_id.hash_algorithm.params) { + Some(alg_name) => Ok(types::HASHES_MODULE.get(py)?.getattr(*alg_name)?.call0()?), + None => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(format!( + "Signature algorithm OID: {} not recognized", + resp.cert_id.hash_algorithm.oid() + )), + )), + } } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -enum ResponderId<'a> { - #[explicit(1)] - ByName(x509::Name<'a>), - #[explicit(2)] - ByKey(&'a [u8]), +fn singleresp_py_this_update<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + x509::datetime_to_py(py, resp.this_update.as_datetime()) } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct SingleResponse<'a> { - cert_id: ocsp::CertID<'a>, - cert_status: CertStatus, - this_update: asn1::GeneralizedTime, - #[explicit(0)] - next_update: Option, - #[explicit(1)] - single_extensions: Option>, +fn singleresp_py_this_update_utc<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + x509::datetime_to_py_utc(py, resp.this_update.as_datetime()) } -impl SingleResponse<'_> { - fn py_serial_number<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - big_byte_slice_to_py_int(py, self.cert_id.serial_number.as_bytes()) +fn singleresp_py_next_update<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + match &resp.next_update { + Some(v) => x509::datetime_to_py(py, v.as_datetime()), + None => Ok(py.None().into_bound(py)), } +} - fn py_certificate_status<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let attr = match self.cert_status { - CertStatus::Good(_) => "GOOD", - CertStatus::Revoked(_) => "REVOKED", - CertStatus::Unknown(_) => "UNKNOWN", - }; - py.import("cryptography.x509.ocsp")? - .getattr(crate::intern!(py, "OCSPCertStatus"))? - .getattr(attr) +fn singleresp_py_next_update_utc<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + match &resp.next_update { + Some(v) => x509::datetime_to_py_utc(py, v.as_datetime()), + None => Ok(py.None().into_bound(py)), } +} - fn py_hash_algorithm<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - let hashes = py.import("cryptography.hazmat.primitives.hashes")?; - match ocsp::OIDS_TO_HASH.get(&self.cert_id.hash_algorithm.oid) { - Some(alg_name) => Ok(hashes.getattr(alg_name)?.call0()?), - None => { - let exceptions = py.import("cryptography.exceptions")?; - Err(PyAsn1Error::from(pyo3::PyErr::from_instance( - exceptions - .getattr(crate::intern!(py, "UnsupportedAlgorithm"))? - .call1((format!( - "Signature algorithm OID: {} not recognized", - self.cert_id.hash_algorithm.oid - ),))?, - ))) - } +fn singleresp_py_revocation_reason<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> CryptographyResult> { + match &resp.cert_status { + ocsp_resp::CertStatus::Revoked(revoked_info) => match revoked_info.revocation_reason { + Some(ref v) => Ok(crl::parse_crl_reason_flags(py, v)?), + None => Ok(py.None().into_bound(py)), + }, + ocsp_resp::CertStatus::Good(_) | ocsp_resp::CertStatus::Unknown(_) => { + Ok(py.None().into_bound(py)) } } +} - fn py_this_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - x509::chrono_to_py(py, self.this_update.as_chrono()) - } - - fn py_next_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - match &self.next_update { - Some(v) => x509::chrono_to_py(py, v.as_chrono()), - None => Ok(py.None().into_ref(py)), +fn singleresp_py_revocation_time<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + match &resp.cert_status { + ocsp_resp::CertStatus::Revoked(revoked_info) => { + x509::datetime_to_py(py, revoked_info.revocation_time.as_datetime()) } - } - - fn py_revocation_reason<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { - match &self.cert_status { - CertStatus::Revoked(revoked_info) => match revoked_info.revocation_reason { - Some(ref v) => crl::parse_crl_reason_flags(py, v), - None => Ok(py.None().into_ref(py)), - }, - CertStatus::Good(_) | CertStatus::Unknown(_) => Ok(py.None().into_ref(py)), + ocsp_resp::CertStatus::Good(_) | ocsp_resp::CertStatus::Unknown(_) => { + Ok(py.None().into_bound(py)) } } +} - fn py_revocation_time<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - match &self.cert_status { - CertStatus::Revoked(revoked_info) => { - x509::chrono_to_py(py, revoked_info.revocation_time.as_chrono()) - } - CertStatus::Good(_) | CertStatus::Unknown(_) => Ok(py.None().into_ref(py)), +fn singleresp_py_revocation_time_utc<'p>( + resp: &ocsp_resp::SingleResponse<'_>, + py: pyo3::Python<'p>, +) -> pyo3::PyResult> { + match &resp.cert_status { + ocsp_resp::CertStatus::Revoked(revoked_info) => { + x509::datetime_to_py_utc(py, revoked_info.revocation_time.as_datetime()) + } + ocsp_resp::CertStatus::Good(_) | ocsp_resp::CertStatus::Unknown(_) => { + Ok(py.None().into_bound(py)) } } } -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -enum CertStatus { - #[implicit(0)] - Good(()), - #[implicit(1)] - Revoked(RevokedInfo), - #[implicit(2)] - Unknown(()), -} +#[pyo3::pyfunction] +pub(crate) fn create_ocsp_response( + py: pyo3::Python<'_>, + status: &pyo3::Bound<'_, pyo3::PyAny>, + builder: &pyo3::Bound<'_, pyo3::PyAny>, + private_key: &pyo3::Bound<'_, pyo3::PyAny>, + hash_algorithm: &pyo3::Bound<'_, pyo3::PyAny>, +) -> CryptographyResult { + let response_status = status + .getattr(pyo3::intern!(py, "value"))? + .extract::()?; -#[derive(asn1::Asn1Read, asn1::Asn1Write)] -struct RevokedInfo { - revocation_time: asn1::GeneralizedTime, - #[explicit(0)] - revocation_reason: Option, -} + let py_cert: pyo3::PyRef<'_, x509::certificate::Certificate>; + let py_issuer: pyo3::PyRef<'_, x509::certificate::Certificate>; + let borrowed_cert; + let py_certs: Option>>; + if response_status != SUCCESSFUL_RESPONSE { + let resp = ocsp_resp::OCSPResponse { + response_status: asn1::Enumerated::new(response_status), + response_bytes: None, + }; + let data = asn1::write_single(&resp)?; + return load_der_ocsp_response(py, pyo3::types::PyBytes::new_bound(py, &data).unbind()); + } -fn create_ocsp_basic_response<'p>( - py: pyo3::Python<'p>, - builder: &'p pyo3::PyAny, - private_key: &'p pyo3::PyAny, - hash_algorithm: &'p pyo3::PyAny, -) -> PyAsn1Result> { - let ocsp_mod = py.import("cryptography.x509.ocsp")?; - - let py_single_resp = builder.getattr(crate::intern!(py, "_response"))?; - let py_cert: pyo3::PyRef<'_, x509::Certificate> = py_single_resp - .getattr(crate::intern!(py, "_cert"))? + let py_single_resp = builder.getattr(pyo3::intern!(py, "_response"))?; + py_cert = py_single_resp + .getattr(pyo3::intern!(py, "_cert"))? .extract()?; - let py_issuer: pyo3::PyRef<'_, x509::Certificate> = py_single_resp - .getattr(crate::intern!(py, "_issuer"))? + py_issuer = py_single_resp + .getattr(pyo3::intern!(py, "_issuer"))? .extract()?; - let py_cert_hash_algorithm = py_single_resp.getattr(crate::intern!(py, "_algorithm"))?; - let (responder_cert, responder_encoding): (&pyo3::PyCell, &pyo3::PyAny) = - builder - .getattr(crate::intern!(py, "_responder_id"))? - .extract()?; - - let py_cert_status = py_single_resp.getattr(crate::intern!(py, "_cert_status"))?; - let cert_status = if py_cert_status - == ocsp_mod - .getattr(crate::intern!(py, "OCSPCertStatus"))? - .getattr(crate::intern!(py, "GOOD"))? - { - CertStatus::Good(()) - } else if py_cert_status - == ocsp_mod - .getattr(crate::intern!(py, "OCSPCertStatus"))? - .getattr(crate::intern!(py, "UNKNOWN"))? - { - CertStatus::Unknown(()) + let py_cert_hash_algorithm = py_single_resp.getattr(pyo3::intern!(py, "_algorithm"))?; + let (responder_cert, responder_encoding): ( + pyo3::Bound<'_, x509::certificate::Certificate>, + pyo3::Bound<'_, pyo3::PyAny>, + ) = builder + .getattr(pyo3::intern!(py, "_responder_id"))? + .extract()?; + + let py_cert_status = py_single_resp.getattr(pyo3::intern!(py, "_cert_status"))?; + let cert_status = if py_cert_status.is(&types::OCSP_CERT_STATUS_GOOD.get(py)?) { + ocsp_resp::CertStatus::Good(()) + } else if py_cert_status.is(&types::OCSP_CERT_STATUS_UNKNOWN.get(py)?) { + ocsp_resp::CertStatus::Unknown(()) } else { let revocation_reason = if !py_single_resp - .getattr(crate::intern!(py, "_revocation_reason"))? + .getattr(pyo3::intern!(py, "_revocation_reason"))? .is_none() { - let value = py - .import("cryptography.hazmat.backends.openssl.decode_asn1")? - .getattr(crate::intern!(py, "_CRL_ENTRY_REASON_ENUM_TO_CODE"))? - .get_item(py_single_resp.getattr(crate::intern!(py, "_revocation_reason"))?)? + let value = types::CRL_ENTRY_REASON_ENUM_TO_CODE + .get(py)? + .get_item(py_single_resp.getattr(pyo3::intern!(py, "_revocation_reason"))?)? .extract::()?; Some(asn1::Enumerated::new(value)) } else { None }; // REVOKED - let py_revocation_time = py_single_resp.getattr(crate::intern!(py, "_revocation_time"))?; - let revocation_time = asn1::GeneralizedTime::new(py_to_chrono(py, py_revocation_time)?)?; - CertStatus::Revoked(RevokedInfo { + let py_revocation_time = py_single_resp.getattr(pyo3::intern!(py, "_revocation_time"))?; + let revocation_time = asn1::GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?; + ocsp_resp::CertStatus::Revoked(ocsp_resp::RevokedInfo { revocation_time, revocation_reason, }) }; let next_update = if !py_single_resp - .getattr(crate::intern!(py, "_next_update"))? + .getattr(pyo3::intern!(py, "_next_update"))? .is_none() { - let py_next_update = py_single_resp.getattr(crate::intern!(py, "_next_update"))?; - Some(asn1::GeneralizedTime::new(py_to_chrono( + let py_next_update = py_single_resp.getattr(pyo3::intern!(py, "_next_update"))?; + Some(asn1::GeneralizedTime::new(py_to_datetime( py, py_next_update, )?)?) } else { None }; - let py_this_update = py_single_resp.getattr(crate::intern!(py, "_this_update"))?; - let this_update = asn1::GeneralizedTime::new(py_to_chrono(py, py_this_update)?)?; + let py_this_update = py_single_resp.getattr(pyo3::intern!(py, "_this_update"))?; + let this_update = asn1::GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?; + + let ka_vec = cryptography_keepalive::KeepAlive::new(); + let ka_bytes = cryptography_keepalive::KeepAlive::new(); let responses = vec![SingleResponse { - cert_id: ocsp::CertID::new(py, &py_cert, &py_issuer, py_cert_hash_algorithm)?, + cert_id: ocsp::certid_new(py, &ka_bytes, &py_cert, &py_issuer, &py_cert_hash_algorithm)?, cert_status, next_update, this_update, - single_extensions: None, + raw_single_extensions: None, }]; - let borrowed_cert = responder_cert.borrow(); - let responder_id = if responder_encoding - == ocsp_mod - .getattr(crate::intern!(py, "OCSPResponderEncoding"))? - .getattr(crate::intern!(py, "HASH"))? - { - let sha1 = py - .import("cryptography.hazmat.primitives.hashes")? - .getattr(crate::intern!(py, "SHA1"))? - .call0()?; - ResponderId::ByKey(ocsp::hash_data( + borrowed_cert = responder_cert.borrow(); + let by_key_hash; + let responder_id = if responder_encoding.is(&types::OCSP_RESPONDER_ENCODING_HASH.get(py)?) { + let sha1 = types::SHA1.get(py)?.call0()?; + by_key_hash = ocsp::hash_data( py, - sha1, + &sha1, borrowed_cert .raw - .borrow_value_public() + .borrow_dependent() .tbs_cert .spki .subject_public_key .as_bytes(), - )?) + )?; + ocsp_resp::ResponderId::ByKey(by_key_hash.as_bytes()) } else { - ResponderId::ByName( + ocsp_resp::ResponderId::ByName( borrowed_cert .raw - .borrow_value_public() + .borrow_dependent() .tbs_cert .subject .clone(), ) }; - let tbs_response_data = ResponseData { + let tbs_response_data = ocsp_resp::ResponseData { version: 0, - produced_at: asn1::GeneralizedTime::new(chrono::Utc::now().with_nanosecond(0).unwrap())?, + produced_at: asn1::GeneralizedTime::new(x509::common::datetime_now(py)?)?, responder_id, - responses: x509::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(responses)), - response_extensions: x509::common::encode_extensions( + responses: common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( + responses, + )), + raw_response_extensions: x509::common::encode_extensions( py, - builder.getattr(crate::intern!(py, "_extensions"))?, + &ka_vec, + &ka_bytes, + &builder.getattr(pyo3::intern!(py, "_extensions"))?, extensions::encode_extension, )?, }; - let sigalg = x509::sign::compute_signature_algorithm(py, private_key, hash_algorithm)?; + let sigalg = x509::sign::compute_signature_algorithm( + py, + private_key.clone(), + hash_algorithm.clone(), + py.None().into_bound(py), + )?; let tbs_bytes = asn1::write_single(&tbs_response_data)?; - let signature = x509::sign::sign_data(py, private_key, hash_algorithm, &tbs_bytes)?; - - py.import("cryptography.hazmat.backends.openssl.backend")? - .getattr(crate::intern!(py, "backend"))? - .call_method1( - "_check_keys_correspond", - ( - responder_cert.call_method0("public_key")?, - private_key.call_method0("public_key")?, + let signature = x509::sign::sign_data( + py, + private_key.clone(), + hash_algorithm.clone(), + py.None().into_bound(py), + &tbs_bytes, + )?; + + if !responder_cert + .call_method0(pyo3::intern!(py, "public_key"))? + .eq(private_key.call_method0(pyo3::intern!(py, "public_key"))?)? + { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Certificate public key and provided private key do not match", ), - )?; + )); + } - let py_certs: Option>> = - builder.getattr(crate::intern!(py, "_certs"))?.extract()?; + py_certs = builder.getattr(pyo3::intern!(py, "_certs"))?.extract()?; let certs = py_certs.as_ref().map(|py_certs| { - x509::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( + common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new( py_certs .iter() - .map(|c| c.raw.borrow_value_public().clone()) + .map(|c| c.raw.borrow_dependent().clone()) .collect(), )) }); - let basic_resp = BasicOCSPResponse { + let basic_resp = ocsp_resp::BasicOCSPResponse { tbs_response_data, - signature: asn1::BitString::new(signature, 0).unwrap(), + signature: asn1::BitString::new(&signature, 0).unwrap(), signature_algorithm: sigalg, certs, }; - Ok(asn1::write_single(&basic_resp)?) -} - -#[pyo3::prelude::pyfunction] -fn create_ocsp_response( - py: pyo3::Python<'_>, - status: &pyo3::PyAny, - builder: &pyo3::PyAny, - private_key: &pyo3::PyAny, - hash_algorithm: &pyo3::PyAny, -) -> PyAsn1Result { - let response_status = status - .getattr(crate::intern!(py, "value"))? - .extract::()?; - let basic_resp_bytes; - let response_bytes = if response_status == SUCCESSFUL_RESPONSE { - basic_resp_bytes = create_ocsp_basic_response(py, builder, private_key, hash_algorithm)?; - Some(ResponseBytes { - response_type: (BASIC_RESPONSE_OID).clone(), - response: &basic_resp_bytes, - }) - } else { - None - }; + let response_bytes = Some(ocsp_resp::ResponseBytes { + response_type: (BASIC_RESPONSE_OID).clone(), + response: asn1::OctetStringEncoded::new(basic_resp), + }); - let resp = RawOCSPResponse { - response_status: asn1::Enumerated::new(response_status), + let resp = ocsp_resp::OCSPResponse { + response_status: asn1::Enumerated::new(SUCCESSFUL_RESPONSE), response_bytes, }; let data = asn1::write_single(&resp)?; - // TODO: extra copy as we round-trip through a slice - load_der_ocsp_response(py, &data) + load_der_ocsp_response(py, pyo3::types::PyBytes::new_bound(py, &data).unbind()) } -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_wrapped(pyo3::wrap_pyfunction!(load_der_ocsp_response))?; - module.add_wrapped(pyo3::wrap_pyfunction!(create_ocsp_response))?; - - Ok(()) -} +type RawOCSPResponseIterator<'a> = asn1::SequenceOf<'a, SingleResponse<'a>>; -#[ouroboros::self_referencing] -struct OwnedOCSPResponseIteratorData { - data: Arc, - #[borrows(data)] - #[covariant] - value: asn1::SequenceOf<'this, SingleResponse<'this>>, -} +self_cell::self_cell!( + struct OwnedOCSPResponseIteratorData { + owner: Arc, + #[covariant] + dependent: RawOCSPResponseIterator, + } +); -#[pyo3::prelude::pyclass] +#[pyo3::pyclass(module = "cryptography.hazmat.bindings._rust.ocsp")] struct OCSPResponseIterator { contents: OwnedOCSPResponseIteratorData, } -#[pyo3::prelude::pyproto] -impl pyo3::PyIterProtocol<'_> for OCSPResponseIterator { - fn __iter__(slf: pyo3::PyRef<'p, Self>) -> pyo3::PyRef<'p, Self> { +#[pyo3::pymethods] +impl OCSPResponseIterator { + fn __iter__(slf: pyo3::PyRef<'_, Self>) -> pyo3::PyRef<'_, Self> { slf } - fn __next__(mut slf: pyo3::PyRefMut<'p, Self>) -> Option { + fn __next__(&mut self) -> Option { let single_resp = - try_map_arc_data_mut_ocsp_response_iterator(&mut slf.contents, |_data, v| { + try_map_arc_data_mut_ocsp_response_iterator(&mut self.contents, |_data, v| { match v.next() { Some(single_resp) => Ok(single_resp), None => Err(()), @@ -804,30 +910,33 @@ impl pyo3::PyIterProtocol<'_> for OCSPResponseIterator { } } -#[ouroboros::self_referencing] -struct OwnedSingleResponse { - data: Arc, - #[borrows(data)] - #[covariant] - value: SingleResponse<'this>, -} +self_cell::self_cell!( + struct OwnedSingleResponse { + owner: Arc, + #[covariant] + dependent: RawSingleResponse, + } +); -#[pyo3::prelude::pyclass] -struct OCSPSingleResponse { +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.ocsp")] +pub(crate) struct OCSPSingleResponse { raw: OwnedSingleResponse, } impl OCSPSingleResponse { fn single_response(&self) -> &SingleResponse<'_> { - self.raw.borrow_value() + self.raw.borrow_dependent() } } -#[pyo3::prelude::pymethods] +#[pyo3::pymethods] impl OCSPSingleResponse { #[getter] - fn serial_number<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - self.single_response().py_serial_number(py) + fn serial_number<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + singleresp_py_serial_number(self.single_response(), py) } #[getter] @@ -843,32 +952,104 @@ impl OCSPSingleResponse { } #[getter] - fn hash_algorithm<'p>(&self, py: pyo3::Python<'p>) -> Result<&'p pyo3::PyAny, PyAsn1Error> { - self.single_response().py_hash_algorithm(py) + fn hash_algorithm<'p>( + &self, + py: pyo3::Python<'p>, + ) -> Result, CryptographyError> { + let single_resp = self.single_response(); + singleresp_py_hash_algorithm(single_resp, py) + } + + #[getter] + fn certificate_status<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let single_resp = self.single_response(); + singleresp_py_certificate_status(single_resp, py) + } + + #[getter] + fn revocation_time<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to revocation_time_utc.", + 1, + )?; + let single_resp = self.single_response(); + singleresp_py_revocation_time(single_resp, py) + } + + #[getter] + fn revocation_time_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let single_resp = self.single_response(); + singleresp_py_revocation_time_utc(single_resp, py) } #[getter] - fn certificate_status<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - self.single_response().py_certificate_status(py) + fn revocation_reason<'p>( + &self, + py: pyo3::Python<'p>, + ) -> CryptographyResult> { + let single_resp = self.single_response(); + singleresp_py_revocation_reason(single_resp, py) } #[getter] - fn revocation_time<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - self.single_response().py_revocation_time(py) + fn this_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.", + 1, + )?; + let single_resp = self.single_response(); + singleresp_py_this_update(single_resp, py) } #[getter] - fn revocation_reason<'p>(&self, py: pyo3::Python<'p>) -> PyAsn1Result<&'p pyo3::PyAny> { - self.single_response().py_revocation_reason(py) + fn this_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let single_resp = self.single_response(); + singleresp_py_this_update_utc(single_resp, py) } #[getter] - fn this_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - self.single_response().py_this_update(py) + fn next_update<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let warning_cls = types::DEPRECATED_IN_43.get(py)?; + pyo3::PyErr::warn_bound( + py, + &warning_cls, + "Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.", + 1, + )?; + let single_resp = self.single_response(); + singleresp_py_next_update(single_resp, py) } #[getter] - fn next_update<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - self.single_response().py_next_update(py) + fn next_update_utc<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + let single_resp = self.single_response(); + singleresp_py_next_update_utc(single_resp, py) } } diff --git a/src/rust/src/x509/oid.rs b/src/rust/src/x509/oid.rs deleted file mode 100644 index 45cfc15..0000000 --- a/src/rust/src/x509/oid.rs +++ /dev/null @@ -1,101 +0,0 @@ -// This file is dual licensed under the terms of the Apache License, Version -// 2.0, and the BSD License. See the LICENSE file in the root of this repository -// for complete details. - -pub(crate) const EXTENSION_REQUEST: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 113549, 1, 9, 14); -pub(crate) const MS_EXTENSION_REQUEST: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 4, 1, 311, 2, 1, 14); -pub(crate) const PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 2); -pub(crate) const PRECERT_POISON_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 3); -pub(crate) const SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 4, 1, 11129, 2, 4, 5); -pub(crate) const AUTHORITY_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 1); -pub(crate) const SUBJECT_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 11); -pub(crate) const TLS_FEATURE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 1, 24); -pub(crate) const CP_CPS_URI_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 2, 1); -pub(crate) const CP_USER_NOTICE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 2, 2); -pub(crate) const NONCE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 2); -pub(crate) const OCSP_NO_CHECK_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 3, 6, 1, 5, 5, 7, 48, 1, 5); -pub(crate) const SUBJECT_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 14); -pub(crate) const KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 15); -pub(crate) const SUBJECT_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 17); -pub(crate) const ISSUER_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 18); -pub(crate) const BASIC_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 19); -pub(crate) const CRL_NUMBER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 20); -pub(crate) const CRL_REASON_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 21); -pub(crate) const INVALIDITY_DATE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 24); -pub(crate) const DELTA_CRL_INDICATOR_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 27); -pub(crate) const ISSUING_DISTRIBUTION_POINT_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 28); -pub(crate) const CERTIFICATE_ISSUER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 29); -pub(crate) const NAME_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 30); -pub(crate) const CRL_DISTRIBUTION_POINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 31); -pub(crate) const CERTIFICATE_POLICIES_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 32); -pub(crate) const AUTHORITY_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 35); -pub(crate) const POLICY_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 36); -pub(crate) const EXTENDED_KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 37); -pub(crate) const FRESHEST_CRL_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 46); -pub(crate) const INHIBIT_ANY_POLICY_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 54); - -// Signing methods -pub(crate) const ECDSA_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, 4, 1); -pub(crate) const ECDSA_WITH_SHA224_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 10045, 4, 3, 1); -pub(crate) const ECDSA_WITH_SHA256_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 10045, 4, 3, 2); -pub(crate) const ECDSA_WITH_SHA384_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 10045, 4, 3, 3); -pub(crate) const ECDSA_WITH_SHA512_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 10045, 4, 3, 4); -pub(crate) const ECDSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 9); -pub(crate) const ECDSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 10); -pub(crate) const ECDSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 11); -pub(crate) const ECDSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 12); - -pub(crate) const RSA_WITH_MD5_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 4); -pub(crate) const RSA_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 1, 5); -pub(crate) const RSA_WITH_SHA224_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 113549, 1, 1, 14); -pub(crate) const RSA_WITH_SHA256_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 113549, 1, 1, 11); -pub(crate) const RSA_WITH_SHA384_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 113549, 1, 1, 12); -pub(crate) const RSA_WITH_SHA512_OID: asn1::ObjectIdentifier = - asn1::oid!(1, 2, 840, 113549, 1, 1, 13); -pub(crate) const RSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 13); -pub(crate) const RSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 14); -pub(crate) const RSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 15); -pub(crate) const RSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 16); - -pub(crate) const DSA_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10040, 4, 3); -pub(crate) const DSA_WITH_SHA224_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 1); -pub(crate) const DSA_WITH_SHA256_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 2); -pub(crate) const DSA_WITH_SHA384_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 3); -pub(crate) const DSA_WITH_SHA512_OID: asn1::ObjectIdentifier = - asn1::oid!(2, 16, 840, 1, 101, 3, 4, 3, 4); - -pub(crate) const ED25519_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 112); -pub(crate) const ED448_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 113); - -// Hashes -pub(crate) const SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 14, 3, 2, 26); -pub(crate) const SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 4); -pub(crate) const SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 1); -pub(crate) const SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 2); -pub(crate) const SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 3); diff --git a/src/rust/src/x509/sct.rs b/src/rust/src/x509/sct.rs index aaa374b..78985af 100644 --- a/src/rust/src/x509/sct.rs +++ b/src/rust/src/x509/sct.rs @@ -2,13 +2,15 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::asn1::PyAsn1Error; -use pyo3::types::IntoPyDict; -use pyo3::ToPyObject; use std::collections::hash_map::DefaultHasher; -use std::convert::{TryFrom, TryInto}; use std::hash::{Hash, Hasher}; +use pyo3::types::{PyAnyMethods, PyDictMethods, PyListMethods}; +use pyo3::ToPyObject; + +use crate::error::CryptographyError; +use crate::types; + struct TLSReader<'a> { data: &'a [u8], } @@ -22,22 +24,22 @@ impl<'a> TLSReader<'a> { self.data.is_empty() } - fn read_byte(&mut self) -> Result { + fn read_byte(&mut self) -> Result { Ok(self.read_exact(1)?[0]) } - fn read_exact(&mut self, length: usize) -> Result<&'a [u8], PyAsn1Error> { + fn read_exact(&mut self, length: usize) -> Result<&'a [u8], CryptographyError> { if length > self.data.len() { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Invalid SCT length", - ))); + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid SCT length"), + )); } let (result, data) = self.data.split_at(length); self.data = data; Ok(result) } - fn read_length_prefixed(&mut self) -> Result, PyAsn1Error> { + fn read_length_prefixed(&mut self) -> Result, CryptographyError> { let length = u16::from_be_bytes(self.read_exact(2)?.try_into().unwrap()); Ok(TLSReader::new(self.read_exact(length.into())?)) } @@ -72,8 +74,7 @@ impl TryFrom for HashAlgorithm { 6 => HashAlgorithm::Sha512, _ => { return Err(pyo3::exceptions::PyValueError::new_err(format!( - "Invalid/unsupported hash algorithm for SCT: {}", - value + "Invalid/unsupported hash algorithm for SCT: {value}" ))) } }) @@ -120,15 +121,14 @@ impl TryFrom for SignatureAlgorithm { 3 => SignatureAlgorithm::Ecdsa, _ => { return Err(pyo3::exceptions::PyValueError::new_err(format!( - "Invalid/unsupported signature algorithm for SCT: {}", - value + "Invalid/unsupported signature algorithm for SCT: {value}" ))) } }) } } -#[pyo3::prelude::pyclass] +#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.x509")] pub(crate) struct Sct { log_id: [u8; 32], timestamp: u64, @@ -141,13 +141,21 @@ pub(crate) struct Sct { pub(crate) sct_data: Vec, } -#[pyo3::prelude::pymethods] +#[pyo3::pymethods] impl Sct { + fn __eq__(&self, other: pyo3::PyRef<'_, Sct>) -> bool { + self.sct_data == other.sct_data + } + + fn __hash__(&self) -> u64 { + let mut hasher = DefaultHasher::new(); + self.sct_data.hash(&mut hasher); + hasher.finish() + } + #[getter] - fn version<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - py.import("cryptography.x509.certificate_transparency")? - .getattr(crate::intern!(py, "Version"))? - .getattr(crate::intern!(py, "v1")) + fn version<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + types::CERTIFICATE_TRANSPARENCY_VERSION_V1.get(py) } #[getter] @@ -156,46 +164,48 @@ impl Sct { } #[getter] - fn timestamp<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let datetime_class = py - .import("datetime")? - .getattr(crate::intern!(py, "datetime"))?; - datetime_class - .call_method1("utcfromtimestamp", (self.timestamp / 1000,))? - .call_method( - "replace", - (), - Some(vec![("microsecond", self.timestamp % 1000 * 1000)].into_py_dict(py)), - ) + fn timestamp<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + let utc = types::DATETIME_TIMEZONE_UTC.get(py)?; + + let kwargs = pyo3::types::PyDict::new_bound(py); + kwargs.set_item("microsecond", self.timestamp % 1000 * 1000)?; + kwargs.set_item("tzinfo", None::>)?; + + types::DATETIME_DATETIME + .get(py)? + .call_method1( + pyo3::intern!(py, "fromtimestamp"), + (self.timestamp / 1000, utc), + )? + .call_method("replace", (), Some(&kwargs)) } #[getter] - fn entry_type<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let et_class = py - .import("cryptography.x509.certificate_transparency")? - .getattr(crate::intern!(py, "LogEntryType"))?; - let attr_name = match self.entry_type { - LogEntryType::Certificate => "X509_CERTIFICATE", - LogEntryType::PreCertificate => "PRE_CERTIFICATE", - }; - et_class.getattr(attr_name) + fn entry_type<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult> { + Ok(match self.entry_type { + LogEntryType::Certificate => types::LOG_ENTRY_TYPE_X509_CERTIFICATE.get(py)?, + LogEntryType::PreCertificate => types::LOG_ENTRY_TYPE_PRE_CERTIFICATE.get(py)?, + }) } #[getter] fn signature_hash_algorithm<'p>( &self, py: pyo3::Python<'p>, - ) -> pyo3::PyResult<&'p pyo3::PyAny> { - let hashes_mod = py.import("cryptography.hazmat.primitives.hashes")?; - hashes_mod.call_method0(self.hash_algorithm.to_attr()) + ) -> pyo3::PyResult> { + types::HASHES_MODULE + .get(py)? + .call_method0(self.hash_algorithm.to_attr()) } #[getter] - fn signature_algorithm<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - let sa_class = py - .import("cryptography.x509.certificate_transparency")? - .getattr(crate::intern!(py, "SignatureAlgorithm"))?; - sa_class.getattr(self.signature_algorithm.to_attr()) + fn signature_algorithm<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + types::SIGNATURE_ALGORITHM + .get(py)? + .getattr(self.signature_algorithm.to_attr()) } #[getter] @@ -209,45 +219,22 @@ impl Sct { } } -#[pyo3::prelude::pyproto] -impl pyo3::PyObjectProtocol for Sct { - fn __richcmp__( - &self, - other: pyo3::PyRef, - op: pyo3::basic::CompareOp, - ) -> pyo3::PyResult { - match op { - pyo3::basic::CompareOp::Eq => Ok(self.sct_data == other.sct_data), - pyo3::basic::CompareOp::Ne => Ok(self.sct_data != other.sct_data), - _ => Err(pyo3::exceptions::PyTypeError::new_err( - "SCTs cannot be ordered", - )), - } - } - - fn __hash__(&self) -> u64 { - let mut hasher = DefaultHasher::new(); - self.sct_data.hash(&mut hasher); - hasher.finish() - } -} - pub(crate) fn parse_scts( py: pyo3::Python<'_>, data: &[u8], entry_type: LogEntryType, -) -> Result { +) -> Result { let mut reader = TLSReader::new(data).read_length_prefixed()?; - let py_scts = pyo3::types::PyList::empty(py); + let py_scts = pyo3::types::PyList::empty_bound(py); while !reader.is_empty() { let mut sct_data = reader.read_length_prefixed()?; let raw_sct_data = sct_data.data.to_vec(); let version = sct_data.read_byte()?; if version != 0 { - return Err(PyAsn1Error::from(pyo3::exceptions::PyValueError::new_err( - "Invalid SCT version", - ))); + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("Invalid SCT version"), + )); } let log_id = sct_data.read_exact(32)?.try_into().unwrap(); let timestamp = u64::from_be_bytes(sct_data.read_exact(8)?.try_into().unwrap()); @@ -267,17 +254,11 @@ pub(crate) fn parse_scts( extension_bytes, sct_data: raw_sct_data, }; - py_scts.append(pyo3::PyCell::new(py, sct)?)?; + py_scts.append(pyo3::Bound::new(py, sct)?)?; } Ok(py_scts.to_object(py)) } -pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> { - module.add_class::()?; - - Ok(()) -} - #[cfg(test)] mod tests { use super::*; diff --git a/src/rust/src/x509/sign.rs b/src/rust/src/x509/sign.rs index 4d91575..4e96b8a 100644 --- a/src/rust/src/x509/sign.rs +++ b/src/rust/src/x509/sign.rs @@ -2,19 +2,35 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::x509; -use crate::x509::oid; +use std::collections::HashMap; +use cryptography_x509::{common, oid}; use once_cell::sync::Lazy; +use pyo3::pybacked::PyBackedBytes; +use pyo3::types::PyAnyMethods; -static NULL_DER: Lazy> = Lazy::new(|| { - // TODO: kind of verbose way to say "\x05\x00". - asn1::write_single(&()).unwrap() +use crate::asn1::oid_to_py_oid; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::{exceptions, types}; + +// This is similar to a hashmap in ocsp.rs but contains more hash algorithms +// that aren't allowable in OCSP +static HASH_OIDS_TO_HASH: Lazy> = Lazy::new(|| { + let mut h = HashMap::new(); + h.insert(&oid::SHA1_OID, "SHA1"); + h.insert(&oid::SHA224_OID, "SHA224"); + h.insert(&oid::SHA256_OID, "SHA256"); + h.insert(&oid::SHA384_OID, "SHA384"); + h.insert(&oid::SHA512_OID, "SHA512"); + h.insert(&oid::SHA3_224_OID, "SHA3_224"); + h.insert(&oid::SHA3_256_OID, "SHA3_256"); + h.insert(&oid::SHA3_384_OID, "SHA3_384"); + h.insert(&oid::SHA3_512_OID, "SHA3_512"); + h }); -pub(crate) static NULL_TLV: Lazy> = - Lazy::new(|| asn1::parse_single(&NULL_DER).unwrap()); -enum KeyType { +#[derive(Debug, PartialEq)] +pub(crate) enum KeyType { Rsa, Dsa, Ec, @@ -24,8 +40,6 @@ enum KeyType { enum HashType { None, - Md5, - Sha1, Sha224, Sha256, Sha384, @@ -36,37 +50,19 @@ enum HashType { Sha3_512, } -fn identify_key_type(py: pyo3::Python<'_>, private_key: &pyo3::PyAny) -> pyo3::PyResult { - let rsa_private_key: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.asymmetric.rsa")? - .getattr(crate::intern!(py, "RSAPrivateKey"))? - .extract()?; - let dsa_key_type: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.asymmetric.dsa")? - .getattr(crate::intern!(py, "DSAPrivateKey"))? - .extract()?; - let ec_key_type: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.asymmetric.ec")? - .getattr(crate::intern!(py, "EllipticCurvePrivateKey"))? - .extract()?; - let ed25519_key_type: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.asymmetric.ed25519")? - .getattr(crate::intern!(py, "Ed25519PrivateKey"))? - .extract()?; - let ed448_key_type: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.asymmetric.ed448")? - .getattr(crate::intern!(py, "Ed448PrivateKey"))? - .extract()?; - - if rsa_private_key.is_instance(private_key)? { +pub(crate) fn identify_key_type( + py: pyo3::Python<'_>, + private_key: pyo3::Bound<'_, pyo3::PyAny>, +) -> pyo3::PyResult { + if private_key.is_instance(&types::RSA_PRIVATE_KEY.get(py)?)? { Ok(KeyType::Rsa) - } else if dsa_key_type.is_instance(private_key)? { + } else if private_key.is_instance(&types::DSA_PRIVATE_KEY.get(py)?)? { Ok(KeyType::Dsa) - } else if ec_key_type.is_instance(private_key)? { + } else if private_key.is_instance(&types::ELLIPTIC_CURVE_PRIVATE_KEY.get(py)?)? { Ok(KeyType::Ec) - } else if ed25519_key_type.is_instance(private_key)? { + } else if private_key.is_instance(&types::ED25519_PRIVATE_KEY.get(py)?)? { Ok(KeyType::Ed25519) - } else if ed448_key_type.is_instance(private_key)? { + } else if private_key.is_instance(&types::ED448_PRIVATE_KEY.get(py)?)? { Ok(KeyType::Ed448) } else { Err(pyo3::exceptions::PyTypeError::new_err( @@ -77,52 +73,22 @@ fn identify_key_type(py: pyo3::Python<'_>, private_key: &pyo3::PyAny) -> pyo3::P fn identify_hash_type( py: pyo3::Python<'_>, - hash_algorithm: &pyo3::PyAny, + hash_algorithm: pyo3::Bound<'_, pyo3::PyAny>, ) -> pyo3::PyResult { if hash_algorithm.is_none() { return Ok(HashType::None); } - let hash_algorithm_type: &pyo3::types::PyType = py - .import("cryptography.hazmat.primitives.hashes")? - .getattr(crate::intern!(py, "HashAlgorithm"))? - .extract()?; - if !hash_algorithm_type.is_instance(hash_algorithm)? { + if !hash_algorithm.is_instance(&types::HASH_ALGORITHM.get(py)?)? { return Err(pyo3::exceptions::PyTypeError::new_err( "Algorithm must be a registered hash algorithm.", )); } - match hash_algorithm - .getattr(crate::intern!(py, "name"))? - .extract()? + match &*hash_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::()? { - "md5" => { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn38"))?; - pyo3::PyErr::warn( - py, - cryptography_warning, - "MD5 signatures are deprecated and support for them will be removed in the next version.", - 1 - )?; - - Ok(HashType::Md5) - } - "sha1" => { - let cryptography_warning = py - .import("cryptography.utils")? - .getattr(crate::intern!(py, "DeprecatedIn38"))?; - pyo3::PyErr::warn( - py, - cryptography_warning, - "SHA1 signatures are deprecated and support for them will be removed in the next version.", - 1 - )?; - - Ok(HashType::Sha1) - } "sha224" => Ok(HashType::Sha224), "sha256" => Ok(HashType::Sha256), "sha384" => Ok(HashType::Sha384), @@ -131,175 +97,564 @@ fn identify_hash_type( "sha3-256" => Ok(HashType::Sha3_256), "sha3-384" => Ok(HashType::Sha3_384), "sha3-512" => Ok(HashType::Sha3_512), - name => Err(pyo3::exceptions::PyValueError::new_err(format!( - "Hash algorithm {:?} not supported for signatures", - name + name => Err(exceptions::UnsupportedAlgorithm::new_err(format!( + "Hash algorithm {name:?} not supported for signatures" ))), } } +fn compute_pss_salt_length<'p>( + py: pyo3::Python<'p>, + private_key: pyo3::Bound<'p, pyo3::PyAny>, + hash_algorithm: pyo3::Bound<'p, pyo3::PyAny>, + rsa_padding: pyo3::Bound<'p, pyo3::PyAny>, +) -> pyo3::PyResult { + let py_saltlen = rsa_padding.getattr(pyo3::intern!(py, "_salt_length"))?; + if py_saltlen.is_instance(&types::PADDING_MAX_LENGTH.get(py)?)? { + types::CALCULATE_MAX_PSS_SALT_LENGTH + .get(py)? + .call1((private_key, hash_algorithm))? + .extract::() + } else if py_saltlen.is_instance(&types::PADDING_DIGEST_LENGTH.get(py)?)? { + hash_algorithm + .getattr(pyo3::intern!(py, "digest_size"))? + .extract::() + } else if py_saltlen.is_instance_of::() { + py_saltlen.extract::() + } else { + Err(pyo3::exceptions::PyTypeError::new_err( + "salt_length must be an int, MaxLength, or DigestLength.", + )) + } +} + pub(crate) fn compute_signature_algorithm<'p>( py: pyo3::Python<'p>, - private_key: &'p pyo3::PyAny, - hash_algorithm: &'p pyo3::PyAny, -) -> pyo3::PyResult> { - let key_type = identify_key_type(py, private_key)?; - let hash_type = identify_hash_type(py, hash_algorithm)?; + private_key: pyo3::Bound<'p, pyo3::PyAny>, + hash_algorithm: pyo3::Bound<'p, pyo3::PyAny>, + rsa_padding: pyo3::Bound<'p, pyo3::PyAny>, +) -> pyo3::PyResult> { + let key_type = identify_key_type(py, private_key.clone())?; + let hash_type = identify_hash_type(py, hash_algorithm.clone())?; + // If this is RSA-PSS we need to compute the signature algorithm from the + // parameters provided in rsa_padding. + if rsa_padding.is_instance(&types::PSS.get(py)?)? { + let hash_alg_params = identify_alg_params_for_hash_type(hash_type)?; + let hash_algorithm_id = common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: hash_alg_params, + }; + let salt_length = + compute_pss_salt_length(py, private_key, hash_algorithm, rsa_padding.clone())?; + let py_mgf_alg = rsa_padding + .getattr(pyo3::intern!(py, "_mgf"))? + .getattr(pyo3::intern!(py, "_algorithm"))?; + let mgf_hash_type = identify_hash_type(py, py_mgf_alg)?; + let mgf_alg = common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: identify_alg_params_for_hash_type(mgf_hash_type)?, + }; + let params = + common::AlgorithmParameters::RsaPss(Some(Box::new(common::RsaPssParameters { + hash_algorithm: hash_algorithm_id, + mask_gen_algorithm: common::MaskGenAlgorithm { + oid: oid::MGF1_OID, + params: mgf_alg, + }, + salt_length, + _trailer_field: None, + }))); + + return Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params, + }); + } + // It's not an RSA PSS signature, so we compute the signature algorithm from + // the union of key type and hash type. match (key_type, hash_type) { - (KeyType::Ed25519, HashType::None) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ED25519_OID).clone(), - params: None, + (KeyType::Ed25519, HashType::None) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Ed25519, }), - (KeyType::Ed448, HashType::None) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ED448_OID).clone(), - params: None, + (KeyType::Ed448, HashType::None) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Ed448, }), - (KeyType::Ed25519, _) | (KeyType::Ed448, _) => { - Err(pyo3::exceptions::PyValueError::new_err( - "Algorithm must be None when signing via ed25519 or ed448", - )) - } + (KeyType::Ed25519 | KeyType::Ed448, _) => Err(pyo3::exceptions::PyValueError::new_err( + "Algorithm must be None when signing via ed25519 or ed448", + )), - (KeyType::Ec, HashType::Sha1) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA1_OID).clone(), - params: None, - }), - (KeyType::Ec, HashType::Sha224) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA224_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha224) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha224(None), }), - (KeyType::Ec, HashType::Sha256) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA256_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha256) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha256(None), }), - (KeyType::Ec, HashType::Sha384) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA384_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha384) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha384(None), }), - (KeyType::Ec, HashType::Sha512) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA512_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha512) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha512(None), }), - (KeyType::Ec, HashType::Sha3_224) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA3_224_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha3_224) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha3_224, }), - (KeyType::Ec, HashType::Sha3_256) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA3_256_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha3_256) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha3_256, }), - (KeyType::Ec, HashType::Sha3_384) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA3_384_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha3_384) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha3_384, }), - (KeyType::Ec, HashType::Sha3_512) => Ok(x509::AlgorithmIdentifier { - oid: (oid::ECDSA_WITH_SHA3_512_OID).clone(), - params: None, + (KeyType::Ec, HashType::Sha3_512) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::EcDsaWithSha3_512, }), - (KeyType::Rsa, HashType::Md5) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_MD5_OID).clone(), - params: Some(*NULL_TLV), - }), - (KeyType::Rsa, HashType::Sha1) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA1_OID).clone(), - params: Some(*NULL_TLV), - }), - (KeyType::Rsa, HashType::Sha224) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA224_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha224) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha224(Some(())), }), - (KeyType::Rsa, HashType::Sha256) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA256_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha256) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha256(Some(())), }), - (KeyType::Rsa, HashType::Sha384) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA384_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha384) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha384(Some(())), }), - (KeyType::Rsa, HashType::Sha512) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA512_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha512) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha512(Some(())), }), - (KeyType::Rsa, HashType::Sha3_224) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA3_224_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha3_224) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha3_224(Some(())), }), - (KeyType::Rsa, HashType::Sha3_256) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA3_256_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha3_256) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha3_256(Some(())), }), - (KeyType::Rsa, HashType::Sha3_384) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA3_384_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha3_384) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha3_384(Some(())), }), - (KeyType::Rsa, HashType::Sha3_512) => Ok(x509::AlgorithmIdentifier { - oid: (oid::RSA_WITH_SHA3_512_OID).clone(), - params: Some(*NULL_TLV), + (KeyType::Rsa, HashType::Sha3_512) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::RsaWithSha3_512(Some(())), }), - (KeyType::Dsa, HashType::Sha1) => Ok(x509::AlgorithmIdentifier { - oid: (oid::DSA_WITH_SHA1_OID).clone(), - params: None, + (KeyType::Dsa, HashType::Sha224) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::DsaWithSha224(None), }), - (KeyType::Dsa, HashType::Sha224) => Ok(x509::AlgorithmIdentifier { - oid: (oid::DSA_WITH_SHA224_OID).clone(), - params: None, + (KeyType::Dsa, HashType::Sha256) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::DsaWithSha256(None), }), - (KeyType::Dsa, HashType::Sha256) => Ok(x509::AlgorithmIdentifier { - oid: (oid::DSA_WITH_SHA256_OID).clone(), - params: None, + (KeyType::Dsa, HashType::Sha384) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::DsaWithSha384(None), }), - (KeyType::Dsa, HashType::Sha384) => Ok(x509::AlgorithmIdentifier { - oid: (oid::DSA_WITH_SHA384_OID).clone(), - params: None, + (KeyType::Dsa, HashType::Sha512) => Ok(common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::DsaWithSha512(None), }), - (KeyType::Dsa, HashType::Sha512) => Ok(x509::AlgorithmIdentifier { - oid: (oid::DSA_WITH_SHA512_OID).clone(), - params: None, - }), - (KeyType::Dsa, HashType::Sha3_224) - | (KeyType::Dsa, HashType::Sha3_256) - | (KeyType::Dsa, HashType::Sha3_384) - | (KeyType::Dsa, HashType::Sha3_512) => Err(pyo3::exceptions::PyValueError::new_err( + ( + KeyType::Dsa, + HashType::Sha3_224 | HashType::Sha3_256 | HashType::Sha3_384 | HashType::Sha3_512, + ) => Err(exceptions::UnsupportedAlgorithm::new_err( "SHA3 hashes are not supported with DSA keys", )), - (_, HashType::None) => Err(pyo3::exceptions::PyTypeError::new_err( "Algorithm must be a registered hash algorithm, not None.", )), - (_, HashType::Md5) => Err(pyo3::exceptions::PyValueError::new_err( - "MD5 hash algorithm is only supported with RSA keys", - )), } } pub(crate) fn sign_data<'p>( py: pyo3::Python<'p>, - private_key: &'p pyo3::PyAny, - hash_algorithm: &'p pyo3::PyAny, + private_key: pyo3::Bound<'p, pyo3::PyAny>, + hash_algorithm: pyo3::Bound<'p, pyo3::PyAny>, + rsa_padding: pyo3::Bound<'p, pyo3::PyAny>, data: &[u8], -) -> pyo3::PyResult<&'p [u8]> { - let key_type = identify_key_type(py, private_key)?; +) -> pyo3::PyResult { + let key_type = identify_key_type(py, private_key.clone())?; let signature = match key_type { - KeyType::Ed25519 | KeyType::Ed448 => private_key.call_method1("sign", (data,))?, + KeyType::Ed25519 | KeyType::Ed448 => { + private_key.call_method1(pyo3::intern!(py, "sign"), (data,))? + } KeyType::Ec => { - let ec_mod = py.import("cryptography.hazmat.primitives.asymmetric.ec")?; - let ecdsa = ec_mod - .getattr(crate::intern!(py, "ECDSA"))? - .call1((hash_algorithm,))?; - private_key.call_method1("sign", (data, ecdsa))? + let ecdsa = types::ECDSA.get(py)?.call1((hash_algorithm,))?; + private_key.call_method1(pyo3::intern!(py, "sign"), (data, ecdsa))? } KeyType::Rsa => { - let padding_mod = py.import("cryptography.hazmat.primitives.asymmetric.padding")?; - let pkcs1v15 = padding_mod - .getattr(crate::intern!(py, "PKCS1v15"))? - .call0()?; - private_key.call_method1("sign", (data, pkcs1v15, hash_algorithm))? + let mut padding = rsa_padding; + if padding.is_none() { + padding = types::PKCS1V15.get(py)?.call0()?; + } + private_key.call_method1(pyo3::intern!(py, "sign"), (data, padding, hash_algorithm))? + } + KeyType::Dsa => { + private_key.call_method1(pyo3::intern!(py, "sign"), (data, hash_algorithm))? } - KeyType::Dsa => private_key.call_method1("sign", (data, hash_algorithm))?, }; signature.extract() } + +pub(crate) fn verify_signature_with_signature_algorithm<'p>( + py: pyo3::Python<'p>, + issuer_public_key: pyo3::Bound<'p, pyo3::PyAny>, + signature_algorithm: &common::AlgorithmIdentifier<'_>, + signature: &[u8], + data: &[u8], +) -> CryptographyResult<()> { + let key_type = identify_public_key_type(py, issuer_public_key.clone())?; + let sig_key_type = identify_key_type_for_algorithm_params(&signature_algorithm.params)?; + if key_type != sig_key_type { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "Signature algorithm does not match issuer key type", + ), + )); + } + let py_signature_algorithm_parameters = + identify_signature_algorithm_parameters(py, signature_algorithm)?; + let py_signature_hash_algorithm = identify_signature_hash_algorithm(py, signature_algorithm)?; + match key_type { + KeyType::Ed25519 | KeyType::Ed448 => { + issuer_public_key.call_method1(pyo3::intern!(py, "verify"), (signature, data))? + } + KeyType::Ec => issuer_public_key.call_method1( + pyo3::intern!(py, "verify"), + (signature, data, py_signature_algorithm_parameters), + )?, + KeyType::Rsa => issuer_public_key.call_method1( + pyo3::intern!(py, "verify"), + ( + signature, + data, + py_signature_algorithm_parameters, + py_signature_hash_algorithm, + ), + )?, + KeyType::Dsa => issuer_public_key.call_method1( + pyo3::intern!(py, "verify"), + (signature, data, py_signature_hash_algorithm), + )?, + }; + Ok(()) +} + +pub(crate) fn identify_public_key_type( + py: pyo3::Python<'_>, + public_key: pyo3::Bound<'_, pyo3::PyAny>, +) -> pyo3::PyResult { + if public_key.is_instance(&types::RSA_PUBLIC_KEY.get(py)?)? { + Ok(KeyType::Rsa) + } else if public_key.is_instance(&types::DSA_PUBLIC_KEY.get(py)?)? { + Ok(KeyType::Dsa) + } else if public_key.is_instance(&types::ELLIPTIC_CURVE_PUBLIC_KEY.get(py)?)? { + Ok(KeyType::Ec) + } else if public_key.is_instance(&types::ED25519_PUBLIC_KEY.get(py)?)? { + Ok(KeyType::Ed25519) + } else if public_key.is_instance(&types::ED448_PUBLIC_KEY.get(py)?)? { + Ok(KeyType::Ed448) + } else { + Err(pyo3::exceptions::PyTypeError::new_err( + "Key must be an rsa, dsa, ec, ed25519, or ed448 public key.", + )) + } +} + +fn identify_key_type_for_algorithm_params( + params: &common::AlgorithmParameters<'_>, +) -> pyo3::PyResult { + match params { + common::AlgorithmParameters::RsaWithSha224(..) + | common::AlgorithmParameters::RsaWithSha256(..) + | common::AlgorithmParameters::RsaWithSha384(..) + | common::AlgorithmParameters::RsaWithSha512(..) + | common::AlgorithmParameters::RsaWithSha3_224(..) + | common::AlgorithmParameters::RsaWithSha3_256(..) + | common::AlgorithmParameters::RsaWithSha3_384(..) + | common::AlgorithmParameters::RsaWithSha3_512(..) + | common::AlgorithmParameters::RsaPss(..) => Ok(KeyType::Rsa), + common::AlgorithmParameters::EcDsaWithSha224(..) + | common::AlgorithmParameters::EcDsaWithSha256(..) + | common::AlgorithmParameters::EcDsaWithSha384(..) + | common::AlgorithmParameters::EcDsaWithSha512(..) + | common::AlgorithmParameters::EcDsaWithSha3_224 + | common::AlgorithmParameters::EcDsaWithSha3_256 + | common::AlgorithmParameters::EcDsaWithSha3_384 + | common::AlgorithmParameters::EcDsaWithSha3_512 => Ok(KeyType::Ec), + common::AlgorithmParameters::Ed25519 => Ok(KeyType::Ed25519), + common::AlgorithmParameters::Ed448 => Ok(KeyType::Ed448), + common::AlgorithmParameters::DsaWithSha224(..) + | common::AlgorithmParameters::DsaWithSha256(..) + | common::AlgorithmParameters::DsaWithSha384(..) + | common::AlgorithmParameters::DsaWithSha512(..) => Ok(KeyType::Dsa), + _ => Err(pyo3::exceptions::PyValueError::new_err( + "Unsupported signature algorithm", + )), + } +} + +fn identify_alg_params_for_hash_type( + hash_type: HashType, +) -> pyo3::PyResult> { + match hash_type { + HashType::Sha224 => Ok(common::AlgorithmParameters::Sha224(Some(()))), + HashType::Sha256 => Ok(common::AlgorithmParameters::Sha256(Some(()))), + HashType::Sha384 => Ok(common::AlgorithmParameters::Sha384(Some(()))), + HashType::Sha512 => Ok(common::AlgorithmParameters::Sha512(Some(()))), + HashType::Sha3_224 => Ok(common::AlgorithmParameters::Sha3_224(Some(()))), + HashType::Sha3_256 => Ok(common::AlgorithmParameters::Sha3_256(Some(()))), + HashType::Sha3_384 => Ok(common::AlgorithmParameters::Sha3_384(Some(()))), + HashType::Sha3_512 => Ok(common::AlgorithmParameters::Sha3_512(Some(()))), + HashType::None => Err(pyo3::exceptions::PyTypeError::new_err( + "Algorithm must be a registered hash algorithm, not None.", + )), + } +} + +fn hash_oid_py_hash( + py: pyo3::Python<'_>, + oid: asn1::ObjectIdentifier, +) -> CryptographyResult> { + match HASH_OIDS_TO_HASH.get(&oid) { + Some(alg_name) => Ok(types::HASHES_MODULE.get(py)?.getattr(*alg_name)?.call0()?), + None => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(format!( + "Signature algorithm OID: {} not recognized", + &oid + )), + )), + } +} + +pub(crate) fn identify_signature_hash_algorithm<'p>( + py: pyo3::Python<'p>, + signature_algorithm: &common::AlgorithmIdentifier<'_>, +) -> CryptographyResult> { + let sig_oids_to_hash = types::SIG_OIDS_TO_HASH.get(py)?; + match &signature_algorithm.params { + common::AlgorithmParameters::RsaPss(opt_pss) => { + let pss = opt_pss.as_ref().ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters") + })?; + hash_oid_py_hash(py, pss.hash_algorithm.oid().clone()) + } + _ => { + let py_sig_alg_oid = oid_to_py_oid(py, signature_algorithm.oid())?; + let hash_alg = sig_oids_to_hash.get_item(py_sig_alg_oid); + match hash_alg { + Ok(data) => Ok(data), + Err(_) => Err(CryptographyError::from( + exceptions::UnsupportedAlgorithm::new_err(format!( + "Signature algorithm OID: {} not recognized", + signature_algorithm.oid() + )), + )), + } + } + } +} + +pub(crate) fn identify_signature_algorithm_parameters<'p>( + py: pyo3::Python<'p>, + signature_algorithm: &common::AlgorithmIdentifier<'_>, +) -> CryptographyResult> { + match &signature_algorithm.params { + common::AlgorithmParameters::RsaPss(opt_pss) => { + let pss = opt_pss.as_ref().ok_or_else(|| { + pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters") + })?; + if pss.mask_gen_algorithm.oid != oid::MGF1_OID { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err(format!( + "Unsupported mask generation OID: {}", + pss.mask_gen_algorithm.oid + )), + )); + } + let py_mask_gen_hash_alg = + hash_oid_py_hash(py, pss.mask_gen_algorithm.params.oid().clone())?; + let py_mgf = types::MGF1.get(py)?.call1((py_mask_gen_hash_alg,))?; + Ok(types::PSS.get(py)?.call1((py_mgf, pss.salt_length))?) + } + common::AlgorithmParameters::RsaWithSha1(_) + | common::AlgorithmParameters::RsaWithSha1Alt(_) + | common::AlgorithmParameters::RsaWithSha224(_) + | common::AlgorithmParameters::RsaWithSha256(_) + | common::AlgorithmParameters::RsaWithSha384(_) + | common::AlgorithmParameters::RsaWithSha512(_) + | common::AlgorithmParameters::RsaWithSha3_224(_) + | common::AlgorithmParameters::RsaWithSha3_256(_) + | common::AlgorithmParameters::RsaWithSha3_384(_) + | common::AlgorithmParameters::RsaWithSha3_512(_) => { + Ok(types::PKCS1V15.get(py)?.call0()?) + } + common::AlgorithmParameters::EcDsaWithSha224(_) + | common::AlgorithmParameters::EcDsaWithSha256(_) + | common::AlgorithmParameters::EcDsaWithSha384(_) + | common::AlgorithmParameters::EcDsaWithSha512(_) + | common::AlgorithmParameters::EcDsaWithSha3_224 + | common::AlgorithmParameters::EcDsaWithSha3_256 + | common::AlgorithmParameters::EcDsaWithSha3_384 + | common::AlgorithmParameters::EcDsaWithSha3_512 => { + let signature_hash_algorithm = + identify_signature_hash_algorithm(py, signature_algorithm)?; + + Ok(types::ECDSA.get(py)?.call1((signature_hash_algorithm,))?) + } + _ => Ok(py.None().into_bound(py)), + } +} + +#[cfg(test)] +mod tests { + use cryptography_x509::{common, oid}; + + use super::{ + identify_alg_params_for_hash_type, identify_key_type_for_algorithm_params, HashType, + KeyType, + }; + + #[test] + fn test_identify_key_type_for_algorithm_params() { + for (params, keytype) in [ + ( + &common::AlgorithmParameters::RsaWithSha224(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha256(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha384(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha512(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha3_224(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha3_256(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha3_384(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::RsaWithSha3_512(Some(())), + KeyType::Rsa, + ), + ( + &common::AlgorithmParameters::EcDsaWithSha224(None), + KeyType::Ec, + ), + ( + &common::AlgorithmParameters::EcDsaWithSha256(None), + KeyType::Ec, + ), + ( + &common::AlgorithmParameters::EcDsaWithSha384(None), + KeyType::Ec, + ), + ( + &common::AlgorithmParameters::EcDsaWithSha512(None), + KeyType::Ec, + ), + (&common::AlgorithmParameters::EcDsaWithSha3_224, KeyType::Ec), + (&common::AlgorithmParameters::EcDsaWithSha3_256, KeyType::Ec), + (&common::AlgorithmParameters::EcDsaWithSha3_384, KeyType::Ec), + (&common::AlgorithmParameters::EcDsaWithSha3_512, KeyType::Ec), + (&common::AlgorithmParameters::Ed25519, KeyType::Ed25519), + (&common::AlgorithmParameters::Ed448, KeyType::Ed448), + ( + &common::AlgorithmParameters::DsaWithSha224(None), + KeyType::Dsa, + ), + ( + &common::AlgorithmParameters::DsaWithSha256(None), + KeyType::Dsa, + ), + ( + &common::AlgorithmParameters::DsaWithSha384(None), + KeyType::Dsa, + ), + ( + &common::AlgorithmParameters::DsaWithSha512(None), + KeyType::Dsa, + ), + ] { + assert_eq!( + identify_key_type_for_algorithm_params(params).unwrap(), + keytype + ); + } + assert!( + identify_key_type_for_algorithm_params(&common::AlgorithmParameters::Other( + oid::TLS_FEATURE_OID, + None + )) + .is_err() + ); + } + + #[test] + fn test_identify_alg_params_for_hash_type() { + for (hash, params) in [ + ( + HashType::Sha224, + common::AlgorithmParameters::Sha224(Some(())), + ), + ( + HashType::Sha256, + common::AlgorithmParameters::Sha256(Some(())), + ), + ( + HashType::Sha384, + common::AlgorithmParameters::Sha384(Some(())), + ), + ( + HashType::Sha512, + common::AlgorithmParameters::Sha512(Some(())), + ), + ( + HashType::Sha3_224, + common::AlgorithmParameters::Sha3_224(Some(())), + ), + ( + HashType::Sha3_256, + common::AlgorithmParameters::Sha3_256(Some(())), + ), + ( + HashType::Sha3_384, + common::AlgorithmParameters::Sha3_384(Some(())), + ), + ( + HashType::Sha3_512, + common::AlgorithmParameters::Sha3_512(Some(())), + ), + ] { + assert_eq!(identify_alg_params_for_hash_type(hash).unwrap(), params); + } + } +} diff --git a/src/rust/src/x509/verify.rs b/src/rust/src/x509/verify.rs new file mode 100644 index 0000000..dbc9f18 --- /dev/null +++ b/src/rust/src/x509/verify.rs @@ -0,0 +1,475 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use cryptography_x509::{ + certificate::Certificate, extensions::SubjectAlternativeName, oid::SUBJECT_ALTERNATIVE_NAME_OID, +}; +use cryptography_x509_verification::{ + ops::{CryptoOps, VerificationCertificate}, + policy::{Policy, Subject}, + trust_store::Store, + types::{DNSName, IPAddress}, +}; +use pyo3::types::{PyAnyMethods, PyListMethods}; + +use crate::backend::keys; +use crate::error::{CryptographyError, CryptographyResult}; +use crate::types; +use crate::x509::certificate::Certificate as PyCertificate; +use crate::x509::common::{datetime_now, datetime_to_py, py_to_datetime}; +use crate::x509::sign; + +use super::parse_general_names; + +pub(crate) struct PyCryptoOps {} + +impl CryptoOps for PyCryptoOps { + type Key = pyo3::Py; + type Err = CryptographyError; + type CertificateExtra = pyo3::Py; + + fn public_key(&self, cert: &Certificate<'_>) -> Result { + pyo3::Python::with_gil(|py| -> Result { + keys::load_der_public_key_bytes(py, cert.tbs_cert.spki.tlv().full_data()) + }) + } + + fn verify_signed_by(&self, cert: &Certificate<'_>, key: &Self::Key) -> Result<(), Self::Err> { + pyo3::Python::with_gil(|py| -> CryptographyResult<()> { + sign::verify_signature_with_signature_algorithm( + py, + key.bind(py).clone(), + &cert.signature_alg, + cert.signature.as_bytes(), + &asn1::write_single(&cert.tbs_cert)?, + ) + }) + } +} + +pyo3::create_exception!( + cryptography.hazmat.bindings._rust.x509, + VerificationError, + pyo3::exceptions::PyException +); + +#[pyo3::pyclass(frozen, module = "cryptography.x509.verification")] +pub(crate) struct PolicyBuilder { + time: Option, + store: Option>, + max_chain_depth: Option, +} + +#[pyo3::pymethods] +impl PolicyBuilder { + #[new] + fn new() -> PolicyBuilder { + PolicyBuilder { + time: None, + store: None, + max_chain_depth: None, + } + } + + fn time( + &self, + py: pyo3::Python<'_>, + new_time: pyo3::Bound<'_, pyo3::PyAny>, + ) -> CryptographyResult { + if self.time.is_some() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "The validation time may only be set once.", + ), + )); + } + Ok(PolicyBuilder { + time: Some(py_to_datetime(py, new_time)?), + store: self.store.as_ref().map(|s| s.clone_ref(py)), + max_chain_depth: self.max_chain_depth, + }) + } + + fn store(&self, new_store: pyo3::Py) -> CryptographyResult { + if self.store.is_some() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err("The trust store may only be set once."), + )); + } + Ok(PolicyBuilder { + time: self.time.clone(), + store: Some(new_store), + max_chain_depth: self.max_chain_depth, + }) + } + + fn max_chain_depth( + &self, + py: pyo3::Python<'_>, + new_max_chain_depth: u8, + ) -> CryptographyResult { + if self.max_chain_depth.is_some() { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "The maximum chain depth may only be set once.", + ), + )); + } + Ok(PolicyBuilder { + time: self.time.clone(), + store: self.store.as_ref().map(|s| s.clone_ref(py)), + max_chain_depth: Some(new_max_chain_depth), + }) + } + + fn build_client_verifier(&self, py: pyo3::Python<'_>) -> CryptographyResult { + let store = match self.store.as_ref() { + Some(s) => s.clone_ref(py), + None => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "A client verifier must have a trust store.", + ), + )); + } + }; + + let time = match self.time.as_ref() { + Some(t) => t.clone(), + None => datetime_now(py)?, + }; + + let policy = PyCryptoPolicy(Policy::client(PyCryptoOps {}, time, self.max_chain_depth)); + + Ok(PyClientVerifier { policy, store }) + } + + fn build_server_verifier( + &self, + py: pyo3::Python<'_>, + subject: pyo3::PyObject, + ) -> CryptographyResult { + let store = match self.store.as_ref() { + Some(s) => s.clone_ref(py), + None => { + return Err(CryptographyError::from( + pyo3::exceptions::PyValueError::new_err( + "A server verifier must have a trust store.", + ), + )); + } + }; + + let time = match self.time.as_ref() { + Some(t) => t.clone(), + None => datetime_now(py)?, + }; + let subject_owner = build_subject_owner(py, &subject)?; + + let policy = OwnedPolicy::try_new(subject_owner, |subject_owner| { + let subject = build_subject(py, subject_owner)?; + Ok::, pyo3::PyErr>(PyCryptoPolicy(Policy::server( + PyCryptoOps {}, + subject, + time, + self.max_chain_depth, + ))) + })?; + + Ok(PyServerVerifier { + py_subject: subject, + policy, + store, + }) + } +} + +struct PyCryptoPolicy<'a>(Policy<'a, PyCryptoOps>); + +/// This enum exists solely to provide heterogeneously typed ownership for `OwnedPolicy`. +enum SubjectOwner { + // TODO: Switch this to `Py` once Pyo3's `to_str()` preserves a + // lifetime relationship between an a `PyString` and its borrowed `&str` + // reference in all limited API builds. PyO3 can't currently do that in + // older limited API builds because it needs `PyUnicode_AsUTF8AndSize` to do + // so, which was only stabilized with 3.10. + DNSName(String), + IPAddress(pyo3::Py), +} + +self_cell::self_cell!( + struct OwnedPolicy { + owner: SubjectOwner, + + #[covariant] + dependent: PyCryptoPolicy, + } +); + +#[pyo3::pyclass( + frozen, + name = "VerifiedClient", + module = "cryptography.hazmat.bindings._rust.x509" +)] +pub(crate) struct PyVerifiedClient { + #[pyo3(get)] + subjects: pyo3::Py, + #[pyo3(get)] + chain: pyo3::Py, +} + +#[pyo3::pyclass( + frozen, + name = "ClientVerifier", + module = "cryptography.hazmat.bindings._rust.x509" +)] +pub(crate) struct PyClientVerifier { + policy: PyCryptoPolicy<'static>, + #[pyo3(get)] + store: pyo3::Py, +} + +impl PyClientVerifier { + fn as_policy(&self) -> &Policy<'_, PyCryptoOps> { + &self.policy.0 + } +} + +#[pyo3::pymethods] +impl PyClientVerifier { + #[getter] + fn validation_time<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + datetime_to_py(py, &self.as_policy().validation_time) + } + + #[getter] + fn max_chain_depth(&self) -> u8 { + self.as_policy().max_chain_depth + } + + fn verify( + &self, + py: pyo3::Python<'_>, + leaf: pyo3::Py, + intermediates: Vec>, + ) -> CryptographyResult { + let policy = self.as_policy(); + let store = self.store.get(); + + let intermediates = intermediates + .iter() + .map(|i| { + VerificationCertificate::new( + i.get().raw.borrow_dependent().clone(), + i.clone_ref(py), + ) + }) + .collect::>(); + let intermediate_refs = intermediates.iter().collect::>(); + + let v = VerificationCertificate::new( + leaf.get().raw.borrow_dependent().clone(), + leaf.clone_ref(py), + ); + + let chain = cryptography_x509_verification::verify( + &v, + &intermediate_refs, + policy, + store.raw.borrow_dependent(), + ) + .map_err(|e| VerificationError::new_err(format!("validation failed: {e}")))?; + + let py_chain = pyo3::types::PyList::empty_bound(py); + for c in &chain { + py_chain.append(c.extra())?; + } + + // NOTE: These `unwrap()`s cannot fail, since the underlying policy + // enforces the presence of a SAN and the well-formedness of the + // extension set. + let leaf_san = &chain[0] + .certificate() + .extensions() + .ok() + .unwrap() + .get_extension(&SUBJECT_ALTERNATIVE_NAME_OID) + .unwrap(); + + let leaf_gns = leaf_san.value::>()?; + let py_gns = parse_general_names(py, &leaf_gns)?; + + Ok(PyVerifiedClient { + subjects: py_gns, + chain: py_chain.unbind(), + }) + } +} + +#[pyo3::pyclass( + frozen, + name = "ServerVerifier", + module = "cryptography.hazmat.bindings._rust.x509" +)] +pub(crate) struct PyServerVerifier { + #[pyo3(get, name = "subject")] + py_subject: pyo3::Py, + policy: OwnedPolicy, + #[pyo3(get)] + store: pyo3::Py, +} + +impl PyServerVerifier { + fn as_policy(&self) -> &Policy<'_, PyCryptoOps> { + &self.policy.borrow_dependent().0 + } +} + +#[pyo3::pymethods] +impl PyServerVerifier { + #[getter] + fn validation_time<'p>( + &self, + py: pyo3::Python<'p>, + ) -> pyo3::PyResult> { + datetime_to_py(py, &self.as_policy().validation_time) + } + + #[getter] + fn max_chain_depth(&self) -> u8 { + self.as_policy().max_chain_depth + } + + fn verify<'p>( + &self, + py: pyo3::Python<'p>, + leaf: pyo3::Py, + intermediates: Vec>, + ) -> CryptographyResult> { + let policy = self.as_policy(); + let store = self.store.get(); + + let intermediates = intermediates + .iter() + .map(|i| { + VerificationCertificate::new( + i.get().raw.borrow_dependent().clone(), + i.clone_ref(py), + ) + }) + .collect::>(); + let intermediate_refs = intermediates.iter().collect::>(); + + let v = VerificationCertificate::new( + leaf.get().raw.borrow_dependent().clone(), + leaf.clone_ref(py), + ); + + let chain = cryptography_x509_verification::verify( + &v, + &intermediate_refs, + policy, + store.raw.borrow_dependent(), + ) + .map_err(|e| VerificationError::new_err(format!("validation failed: {e:?}")))?; + + let result = pyo3::types::PyList::empty_bound(py); + for c in chain { + result.append(c.extra())?; + } + Ok(result) + } +} + +fn build_subject_owner( + py: pyo3::Python<'_>, + subject: &pyo3::Py, +) -> pyo3::PyResult { + let subject = subject.bind(py); + + if subject.is_instance(&types::DNS_NAME.get(py)?)? { + let value = subject + .getattr(pyo3::intern!(py, "value"))? + // TODO: switch this to borrowing the string (using Bound::to_str) once our + // minimum Python version is 3.10 + .extract::()?; + Ok(SubjectOwner::DNSName(value)) + } else if subject.is_instance(&types::IP_ADDRESS.get(py)?)? { + let value = subject + .getattr(pyo3::intern!(py, "_packed"))? + .call0()? + .downcast::()? + .clone(); + Ok(SubjectOwner::IPAddress(value.unbind())) + } else { + Err(pyo3::exceptions::PyTypeError::new_err( + "unsupported subject type", + )) + } +} + +fn build_subject<'a>( + py: pyo3::Python<'_>, + subject: &'a SubjectOwner, +) -> pyo3::PyResult> { + match subject { + SubjectOwner::DNSName(dns_name) => { + let dns_name = DNSName::new(dns_name) + .ok_or_else(|| pyo3::exceptions::PyValueError::new_err("invalid domain name"))?; + + Ok(Subject::DNS(dns_name)) + } + SubjectOwner::IPAddress(ip_addr) => { + let ip_addr = IPAddress::from_bytes(ip_addr.as_bytes(py)) + .ok_or_else(|| pyo3::exceptions::PyValueError::new_err("invalid IP address"))?; + + Ok(Subject::IP(ip_addr)) + } + } +} + +type PyCryptoOpsStore<'a> = Store<'a, PyCryptoOps>; + +self_cell::self_cell!( + struct RawPyStore { + owner: Vec>, + + #[covariant] + dependent: PyCryptoOpsStore, + } +); + +#[pyo3::pyclass( + frozen, + name = "Store", + module = "cryptography.hazmat.bindings._rust.x509" +)] +pub(crate) struct PyStore { + raw: RawPyStore, +} + +#[pyo3::pymethods] +impl PyStore { + #[new] + fn new(py: pyo3::Python<'_>, certs: Vec>) -> pyo3::PyResult { + if certs.is_empty() { + return Err(pyo3::exceptions::PyValueError::new_err( + "can't create an empty store", + )); + } + Ok(Self { + raw: RawPyStore::new(certs, |v| { + Store::new(v.iter().map(|t| { + VerificationCertificate::new( + t.get().raw.borrow_dependent().clone(), + t.clone_ref(py), + ) + })) + }), + }) + } +} diff --git a/tests/bench/test_aead.py b/tests/bench/test_aead.py index 9eb3fc1..7a30968 100644 --- a/tests/bench/test_aead.py +++ b/tests/bench/test_aead.py @@ -4,15 +4,106 @@ import pytest -from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305 +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.primitives.ciphers.aead import ( + AESCCM, + AESGCM, + AESOCB3, + AESSIV, + ChaCha20Poly1305, +) + -from ..hazmat.primitives.test_aead import _aead_supported +def _aead_supported(cls): + try: + cls(b"0" * 32) + return True + except UnsupportedAlgorithm: + return False @pytest.mark.skipif( not _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL with ChaCha20Poly1305 support", ) -def test_chacha20poly1305(benchmark): +def test_chacha20poly1305_encrypt(benchmark): chacha = ChaCha20Poly1305(b"\x00" * 32) benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"") + + +@pytest.mark.skipif( + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support", +) +def test_chacha20poly1305_decrypt(benchmark): + chacha = ChaCha20Poly1305(b"\x00" * 32) + ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") + benchmark(chacha.decrypt, b"\x00" * 12, ct, b"") + + +def test_aesgcm_encrypt(benchmark): + aes = AESGCM(b"\x00" * 32) + benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + + +def test_aesgcm_decrypt(benchmark): + aes = AESGCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + benchmark(aes.decrypt, b"\x00" * 12, ct, None) + + +@pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", +) +def test_aessiv_encrypt(benchmark): + aes = AESSIV(b"\x00" * 32) + benchmark(aes.encrypt, b"hello world plaintext", None) + + +@pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", +) +def test_aessiv_decrypt(benchmark): + aes = AESSIV(b"\x00" * 32) + ct = aes.encrypt(b"hello world plaintext", None) + benchmark(aes.decrypt, ct, None) + + +@pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", +) +def test_aesocb3_encrypt(benchmark): + aes = AESOCB3(b"\x00" * 32) + benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + + +@pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", +) +def test_aesocb3_decrypt(benchmark): + aes = AESOCB3(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + benchmark(aes.decrypt, b"\x00" * 12, ct, None) + + +@pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", +) +def test_aesccm_encrypt(benchmark): + aes = AESCCM(b"\x00" * 32) + benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + + +@pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", +) +def test_aesccm_decrypt(benchmark): + aes = AESCCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + benchmark(aes.decrypt, b"\x00" * 12, ct, None) diff --git a/tests/bench/test_ec_load.py b/tests/bench/test_ec_load.py new file mode 100644 index 0000000..568dbd9 --- /dev/null +++ b/tests/bench/test_ec_load.py @@ -0,0 +1,13 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 + + +def test_load_ec_public_numbers(benchmark): + benchmark(EC_KEY_SECP256R1.public_numbers.public_key) + + +def test_load_ec_private_numbers(benchmark): + benchmark(EC_KEY_SECP256R1.private_key) diff --git a/tests/bench/test_fernet.py b/tests/bench/test_fernet.py new file mode 100644 index 0000000..c550aa7 --- /dev/null +++ b/tests/bench/test_fernet.py @@ -0,0 +1,10 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography import fernet + + +def test_fernet_encrypt(benchmark): + f = fernet.Fernet(fernet.Fernet.generate_key()) + benchmark(f.encrypt, b"\x00" * 256) diff --git a/tests/bench/test_hashes.py b/tests/bench/test_hashes.py new file mode 100644 index 0000000..49ca5be --- /dev/null +++ b/tests/bench/test_hashes.py @@ -0,0 +1,14 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives import hashes + + +def test_sha256(benchmark): + def bench(): + h = hashes.Hash(hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + + benchmark(bench) diff --git a/tests/bench/test_hmac.py b/tests/bench/test_hmac.py new file mode 100644 index 0000000..b5b1e33 --- /dev/null +++ b/tests/bench/test_hmac.py @@ -0,0 +1,14 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from cryptography.hazmat.primitives import hashes, hmac + + +def test_hmac_sha256(benchmark): + def bench(): + h = hmac.HMAC(b"my extremely secure key", hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + + benchmark(bench) diff --git a/tests/bench/test_x509.py b/tests/bench/test_x509.py index d689a00..abfbbf9 100644 --- a/tests/bench/test_x509.py +++ b/tests/bench/test_x509.py @@ -1,16 +1,19 @@ -# -*- coding: utf-8 -*- # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +import datetime +import json import os +import certifi + from cryptography import x509 from ..utils import load_vectors_from_file -def test_object_identier_constructor(benchmark): +def test_object_identifier_constructor(benchmark): benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5") @@ -23,6 +26,16 @@ def test_aki_public_bytes(benchmark): benchmark(aki.public_bytes) +def test_load_der_certificate(benchmark): + cert_bytes = load_vectors_from_file( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + loader=lambda pemfile: pemfile.read(), + mode="rb", + ) + + benchmark(x509.load_der_x509_certificate, cert_bytes) + + def test_load_pem_certificate(benchmark): cert_bytes = load_vectors_from_file( os.path.join("x509", "cryptography.io.pem"), @@ -31,3 +44,38 @@ def test_load_pem_certificate(benchmark): ) benchmark(x509.load_pem_x509_certificate, cert_bytes) + + +def test_verify_docs_python_org(benchmark, pytestconfig): + limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True) + with open(os.path.join(limbo_root, "limbo.json"), "rb") as f: + [testcase] = [ + tc + for tc in json.load(f)["testcases"] + if tc["id"] == "online::docs.python.org" + ] + + with open(certifi.where(), "rb") as f: + store = x509.verification.Store( + x509.load_pem_x509_certificates(f.read()) + ) + + leaf = x509.load_pem_x509_certificate( + testcase["peer_certificate"].encode() + ) + intermediates = [ + x509.load_pem_x509_certificate(c.encode()) + for c in testcase["untrusted_intermediates"] + ] + time = datetime.datetime.fromisoformat(testcase["validation_time"]) + + def bench(): + verifier = ( + x509.verification.PolicyBuilder() + .store(store) + .time(time) + .build_server_verifier(x509.DNSName("docs.python.org")) + ) + verifier.verify(leaf, intermediates) + + benchmark(bench) diff --git a/tests/conftest.py b/tests/conftest.py index 9049922..d1f11ab 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +import contextlib import pytest @@ -18,14 +19,15 @@ def pytest_configure(config): def pytest_report_header(config): return "\n".join( [ - "OpenSSL: {}".format(openssl_backend.openssl_version_text()), - "FIPS Enabled: {}".format(openssl_backend._fips_enabled), + f"OpenSSL: {openssl_backend.openssl_version_text()}", + f"FIPS Enabled: {openssl_backend._fips_enabled}", ] ) def pytest_addoption(parser): parser.addoption("--wycheproof-root", default=None) + parser.addoption("--x509-limbo-root", default=None) parser.addoption("--enable-fips", default=False) @@ -35,23 +37,32 @@ def pytest_runtest_setup(item): pytest.skip(marker.kwargs["reason"]) -@pytest.fixture() +@pytest.fixture(autouse=True) def backend(request): check_backend_support(openssl_backend, request) # Ensure the error stack is clear before the test - errors = openssl_backend._consume_errors_with_text() + errors = openssl_backend._consume_errors() assert not errors yield openssl_backend # Ensure the error stack is clear after the test - errors = openssl_backend._consume_errors_with_text() + errors = openssl_backend._consume_errors() assert not errors -@pytest.fixture -def disable_rsa_checks(backend): - # Use this fixture to skip RSA key checks in tests that need the - # performance. - backend._rsa_skip_check_key = True - yield - backend._rsa_skip_check_key = False +@pytest.fixture() +def subtests(): + # This is a miniature version of the pytest-subtests package, but + # optimized for lower overhead. + # + # When tests are skipped, these are not logged in the final pytest output. + yield SubTests() + + +class SubTests: + @contextlib.contextmanager + def test(self): + try: + yield + except pytest.skip.Exception: + pass diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 6cc4499..901eec5 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -5,51 +5,31 @@ import itertools import os -import subprocess -import sys -import textwrap import pytest -from cryptography import utils, x509 from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.openssl.backend import backend -from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import dh, padding -from cryptography.hazmat.primitives.ciphers import Cipher -from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC +from cryptography.hazmat.primitives.asymmetric import padding -from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 from ...doubles import ( DummyAsymmetricPadding, - DummyBlockCipherAlgorithm, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode, ) +from ...hazmat.primitives.test_rsa import rsa_key_2048 from ...utils import ( - load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm, ) -from ...x509.test_x509 import _load_cert - -def skip_if_libre_ssl(openssl_version): - if "LibreSSL" in openssl_version: - pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.") - - -class TestLibreSkip: - def test_skip_no(self): - assert skip_if_libre_ssl("OpenSSL 1.0.2h 3 May 2016") is None - - def test_skip_yes(self): - with pytest.raises(pytest.skip.Exception): - skip_if_libre_ssl("LibreSSL 2.1.6") +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_2048"] class DummyMGF(padding.MGF): @@ -79,13 +59,13 @@ def test_openssl_version_text(self): # Verify the correspondence between these two. And do it in a way that # ensures coverage. if version.startswith("LibreSSL"): - assert backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - if backend._lib.CRYPTOGRAPHY_IS_LIBRESSL: + assert rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL + if rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL: assert version.startswith("LibreSSL") if version.startswith("BoringSSL"): - assert backend._lib.CRYPTOGRAPHY_IS_BORINGSSL - if backend._lib.CRYPTOGRAPHY_IS_BORINGSSL: + assert rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL + if rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL: assert version.startswith("BoringSSL") def test_openssl_version_number(self): @@ -97,26 +77,6 @@ def test_supports_cipher(self): is False ) - def test_register_duplicate_cipher_adapter(self): - with pytest.raises(ValueError): - backend.register_cipher_adapter(AES, CBC, None) - - @pytest.mark.parametrize("mode", [DummyMode(), None]) - def test_nonexistent_cipher(self, mode, backend, monkeypatch): - # We can't use register_cipher_adapter because backend is a - # global singleton and we want to revert the change after the test - monkeypatch.setitem( - backend._cipher_registry, - (DummyCipherAlgorithm, type(mode)), - lambda backend, cipher, mode: backend._ffi.NULL, - ) - cipher = Cipher( - DummyCipherAlgorithm(), - mode, - ) - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - cipher.encryptor() - def test_openssl_assert(self): backend.openssl_assert(True) with pytest.raises(InternalError): @@ -136,7 +96,7 @@ def test_consume_errors(self): assert len(errors) == 10 def test_ssl_ciphers_registered(self): - meth = backend._lib.SSLv23_method() + meth = backend._lib.TLS_method() ctx = backend._lib.SSL_CTX_new(meth) assert ctx != backend._ffi.NULL backend._lib.SSL_CTX_free(ctx) @@ -145,215 +105,8 @@ def test_evp_ciphers_registered(self): cipher = backend._lib.EVP_get_cipherbyname(b"aes-256-cbc") assert cipher != backend._ffi.NULL - def test_unknown_error_in_cipher_finalize(self): - cipher = Cipher(AES(b"\0" * 16), CBC(b"\0" * 16), backend=backend) - enc = cipher.encryptor() - enc.update(b"\0") - backend._lib.ERR_put_error(0, 0, 1, b"test_openssl.py", -1) - with pytest.raises(InternalError): - enc.finalize() - - def test_int_to_bn(self): - value = (2**4242) - 4242 - bn = backend._int_to_bn(value) - assert bn != backend._ffi.NULL - bn = backend._ffi.gc(bn, backend._lib.BN_clear_free) - - assert bn - assert backend._bn_to_int(bn) == value - - def test_int_to_bn_inplace(self): - value = (2**4242) - 4242 - bn_ptr = backend._lib.BN_new() - assert bn_ptr != backend._ffi.NULL - bn_ptr = backend._ffi.gc(bn_ptr, backend._lib.BN_free) - bn = backend._int_to_bn(value, bn_ptr) - - assert bn == bn_ptr - assert backend._bn_to_int(bn_ptr) == value - - def test_bn_to_int(self): - bn = backend._int_to_bn(0) - assert backend._bn_to_int(bn) == 0 - - -@pytest.mark.skipif( - not backend._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE, - reason="Requires OpenSSL with ENGINE support and OpenSSL < 1.1.1d", -) -@pytest.mark.skip_fips(reason="osrandom engine disabled for FIPS") -class TestOpenSSLRandomEngine: - def setup(self): - # The default RAND engine is global and shared between - # tests. We make sure that the default engine is osrandom - # before we start each test and restore the global state to - # that engine in teardown. - current_default = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(current_default) - assert name == backend._lib.Cryptography_osrandom_engine_name - - def teardown(self): - # we need to reset state to being default. backend is a shared global - # for all these tests. - backend.activate_osrandom_engine() - current_default = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(current_default) - assert name == backend._lib.Cryptography_osrandom_engine_name - - @pytest.mark.skipif( - sys.executable is None, reason="No Python interpreter available." - ) - def test_osrandom_engine_is_default(self, tmpdir): - engine_printer = textwrap.dedent( - """ - import sys - from cryptography.hazmat.backends.openssl.backend import backend - - e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - sys.stdout.write(backend._ffi.string(name).decode('ascii')) - res = backend._lib.ENGINE_free(e) - assert res == 1 - """ - ) - engine_name = tmpdir.join("engine_name") - - # If we're running tests via ``python setup.py test`` in a clean - # environment then all of our dependencies are going to be installed - # into either the current directory or the .eggs directory. However the - # subprocess won't know to activate these dependencies, so we'll get it - # to do so by passing our entire sys.path into the subprocess via the - # PYTHONPATH environment variable. - env = os.environ.copy() - env["PYTHONPATH"] = os.pathsep.join(sys.path) - - with engine_name.open("w") as out: - subprocess.check_call( - [sys.executable, "-c", engine_printer], - env=env, - stdout=out, - stderr=subprocess.PIPE, - ) - - osrandom_engine_name = backend._ffi.string( - backend._lib.Cryptography_osrandom_engine_name - ) - - assert engine_name.read().encode("ascii") == osrandom_engine_name - - def test_osrandom_sanity_check(self): - # This test serves as a check against catastrophic failure. - buf = backend._ffi.new("unsigned char[]", 500) - res = backend._lib.RAND_bytes(buf, 500) - assert res == 1 - assert backend._ffi.buffer(buf)[:] != "\x00" * 500 - - def test_activate_osrandom_no_default(self): - backend.activate_builtin_random() - e = backend._lib.ENGINE_get_default_RAND() - assert e == backend._ffi.NULL - backend.activate_osrandom_engine() - e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name - res = backend._lib.ENGINE_free(e) - assert res == 1 - - def test_activate_builtin_random(self): - e = backend._lib.ENGINE_get_default_RAND() - assert e != backend._ffi.NULL - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name - res = backend._lib.ENGINE_free(e) - assert res == 1 - backend.activate_builtin_random() - e = backend._lib.ENGINE_get_default_RAND() - assert e == backend._ffi.NULL - - def test_activate_builtin_random_already_active(self): - backend.activate_builtin_random() - e = backend._lib.ENGINE_get_default_RAND() - assert e == backend._ffi.NULL - backend.activate_builtin_random() - e = backend._lib.ENGINE_get_default_RAND() - assert e == backend._ffi.NULL - - def test_osrandom_engine_implementation(self): - name = backend.osrandom_engine_implementation() - assert name in [ - "/dev/urandom", - "CryptGenRandom", - "getentropy", - "getrandom", - ] - if sys.platform.startswith("linux"): - assert name in ["getrandom", "/dev/urandom"] - if sys.platform == "darwin": - assert name in ["getentropy", "/dev/urandom"] - if sys.platform == "win32": - assert name == "CryptGenRandom" - - def test_activate_osrandom_already_default(self): - e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name - res = backend._lib.ENGINE_free(e) - assert res == 1 - backend.activate_osrandom_engine() - e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name - res = backend._lib.ENGINE_free(e) - assert res == 1 - - -@pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE, - reason="Requires OpenSSL without ENGINE support or OpenSSL >=1.1.1d", -) -class TestOpenSSLNoEngine: - def test_no_engine_support(self): - assert ( - backend._ffi.string(backend._lib.Cryptography_osrandom_engine_id) - == b"no-engine-support" - ) - assert ( - backend._ffi.string(backend._lib.Cryptography_osrandom_engine_name) - == b"osrandom_engine disabled" - ) - - def test_activate_builtin_random_does_nothing(self): - backend.activate_builtin_random() - - def test_activate_osrandom_does_nothing(self): - backend.activate_osrandom_engine() - class TestOpenSSLRSA: - def test_generate_rsa_parameters_supported(self): - assert backend.generate_rsa_parameters_supported(1, 1024) is False - assert backend.generate_rsa_parameters_supported(4, 1024) is False - assert backend.generate_rsa_parameters_supported(3, 1024) is True - assert backend.generate_rsa_parameters_supported(3, 511) is False - - def test_generate_bad_public_exponent(self): - with pytest.raises(ValueError): - backend.generate_rsa_private_key(public_exponent=1, key_size=2048) - - with pytest.raises(ValueError): - backend.generate_rsa_private_key(public_exponent=4, key_size=2048) - - def test_cant_generate_insecure_tiny_key(self): - with pytest.raises(ValueError): - backend.generate_rsa_private_key( - public_exponent=65537, key_size=511 - ) - - with pytest.raises(ValueError): - backend.generate_rsa_private_key( - public_exponent=65537, key_size=256 - ) - def test_rsa_padding_unsupported_pss_mgf1_hash(self): assert ( backend.rsa_padding_supported( @@ -382,8 +135,8 @@ def test_rsa_padding_supported_oaep(self): assert ( backend.rsa_padding_supported( padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ), ) @@ -399,6 +152,12 @@ def test_rsa_padding_supported_oaep_sha2_combinations(self): hashes.SHA512(), ] for mgf1alg, oaepalg in itertools.product(hashalgs, hashalgs): + if backend._fips_enabled and ( + isinstance(mgf1alg, hashes.SHA1) + or isinstance(oaepalg, hashes.SHA1) + ): + continue + assert ( backend.rsa_padding_supported( padding.OAEP( @@ -429,11 +188,10 @@ def test_rsa_padding_unsupported_mgf(self): is False ) - def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self): - private_key = RSA_KEY_512.private_key(backend) + def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self, rsa_key_2048): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt( - b"0" * 64, + rsa_key_2048.decrypt( + b"0" * 256, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.MD5()), algorithm=hashes.MD5(), @@ -442,51 +200,11 @@ def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self): ) -class TestOpenSSLCMAC: - def test_unsupported_cipher(self): - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - backend.create_cmac_ctx(DummyBlockCipherAlgorithm(b"bad")) - - class TestOpenSSLSerializationWithOpenSSL: - def test_pem_password_cb(self): - userdata = backend._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") - pw = b"abcdefg" - password = backend._ffi.new("char []", pw) - userdata.password = password - userdata.length = len(pw) - buflen = 10 - buf = backend._ffi.new("char []", buflen) - res = backend._lib.Cryptography_pem_password_cb( - buf, buflen, 0, userdata - ) - assert res == len(pw) - assert userdata.called == 1 - assert backend._ffi.buffer(buf, len(pw))[:] == pw - assert userdata.maxsize == buflen - assert userdata.error == 0 - - def test_pem_password_cb_no_password(self): - userdata = backend._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") - buflen = 10 - buf = backend._ffi.new("char []", buflen) - res = backend._lib.Cryptography_pem_password_cb( - buf, buflen, 0, userdata - ) - assert res == 0 - assert userdata.error == -1 - - def test_unsupported_evp_pkey_type(self): - key = backend._create_evp_pkey_gc() - with raises_unsupported_algorithm(None): - backend._evp_pkey_to_private_key(key) - with raises_unsupported_algorithm(None): - backend._evp_pkey_to_public_key(key) - def test_very_long_pem_serialization_password(self): - password = b"x" * 1024 + password = b"x" * 1025 - with pytest.raises(ValueError): + with pytest.raises(ValueError, match="Passwords longer than"): load_vectors_from_file( os.path.join( "asymmetric", @@ -494,25 +212,20 @@ def test_very_long_pem_serialization_password(self): "key1.pem", ), lambda pemfile: ( - backend.load_pem_private_key( - pemfile.read().encode(), password + serialization.load_pem_private_key( + pemfile.read().encode(), + password, + unsafe_skip_rsa_key_validation=False, ) ), ) -class TestOpenSSLEllipticCurve: - def test_sn_to_elliptic_curve_not_supported(self): - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - _sn_to_elliptic_curve(backend, "fake") - - class TestRSAPEMSerialization: - def test_password_length_limit(self): + def test_password_length_limit(self, rsa_key_2048): password = b"x" * 1024 - key = RSA_KEY_2048.private_key(backend) with pytest.raises(ValueError): - key.private_bytes( + rsa_key_2048.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.PKCS8, serialization.BestAvailableEncryption(password), @@ -528,36 +241,6 @@ def test_password_length_limit(self): skip_message="Requires DH support", ) class TestOpenSSLDHSerialization: - @pytest.mark.parametrize( - "vector", - load_vectors_from_file( - os.path.join("asymmetric", "DH", "RFC5114.txt"), load_nist_vectors - ), - ) - def test_dh_serialization_with_q_unsupported(self, backend, vector): - parameters = dh.DHParameterNumbers( - int(vector["p"], 16), int(vector["g"], 16), int(vector["q"], 16) - ) - public = dh.DHPublicNumbers(int(vector["ystatcavs"], 16), parameters) - private = dh.DHPrivateNumbers(int(vector["xstatcavs"], 16), public) - private_key = private.private_key(backend) - public_key = private_key.public_key() - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): - private_key.private_bytes( - serialization.Encoding.PEM, - serialization.PrivateFormat.PKCS8, - serialization.NoEncryption(), - ) - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): - public_key.public_bytes( - serialization.Encoding.PEM, - serialization.PublicFormat.SubjectPublicKeyInfo, - ) - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): - parameters.parameters(backend).parameter_bytes( - serialization.Encoding.PEM, serialization.ParameterFormat.PKCS3 - ) - @pytest.mark.parametrize( ("key_path", "loader_func"), [ @@ -579,75 +262,3 @@ def test_private_load_dhx_unsupported( ) with pytest.raises(ValueError): loader_func(key_bytes, None, backend) - - @pytest.mark.parametrize( - ("key_path", "loader_func"), - [ - ( - os.path.join("asymmetric", "DH", "dhpub_rfc5114_2.pem"), - serialization.load_pem_public_key, - ), - ( - os.path.join("asymmetric", "DH", "dhpub_rfc5114_2.der"), - serialization.load_der_public_key, - ), - ], - ) - def test_public_load_dhx_unsupported(self, key_path, loader_func, backend): - key_bytes = load_vectors_from_file( - key_path, lambda pemfile: pemfile.read(), mode="rb" - ) - with pytest.raises(ValueError): - loader_func(key_bytes, backend) - - -def test_pyopenssl_cert_fallback(): - cert = _load_cert( - os.path.join("x509", "cryptography.io.pem"), - x509.load_pem_x509_certificate, - ) - x509_ossl = None - with pytest.warns(utils.CryptographyDeprecationWarning): - x509_ossl = cert._x509 # type:ignore[attr-defined] - assert x509_ossl is not None - - from cryptography.hazmat.backends.openssl.x509 import _Certificate - - with pytest.warns(utils.CryptographyDeprecationWarning): - _Certificate(backend, x509_ossl) - - -def test_pyopenssl_csr_fallback(): - cert = _load_cert( - os.path.join("x509", "requests", "rsa_sha256.pem"), - x509.load_pem_x509_csr, - ) - req_ossl = None - with pytest.warns(utils.CryptographyDeprecationWarning): - req_ossl = cert._x509_req # type:ignore[attr-defined] - assert req_ossl is not None - - from cryptography.hazmat.backends.openssl.x509 import ( - _CertificateSigningRequest, - ) - - with pytest.warns(utils.CryptographyDeprecationWarning): - _CertificateSigningRequest(backend, req_ossl) - - -def test_pyopenssl_crl_fallback(): - cert = _load_cert( - os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), - x509.load_der_x509_crl, - ) - req_crl = None - with pytest.warns(utils.CryptographyDeprecationWarning): - req_crl = cert._x509_crl # type:ignore[attr-defined] - assert req_crl is not None - - from cryptography.hazmat.backends.openssl.x509 import ( - _CertificateRevocationList, - ) - - with pytest.warns(utils.CryptographyDeprecationWarning): - _CertificateRevocationList(backend, req_crl) diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py deleted file mode 100644 index 2605566..0000000 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ /dev/null @@ -1,573 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import json -import os -import subprocess -import sys -import textwrap - -import pytest - -from cryptography.hazmat.bindings.openssl.binding import Binding - - -MEMORY_LEAK_SCRIPT = """ -import sys - - -def main(argv): - import gc - import json - - import cffi - - from cryptography.hazmat.bindings._openssl import ffi, lib - - heap = {} - - BACKTRACE_ENABLED = False - if BACKTRACE_ENABLED: - backtrace_ffi = cffi.FFI() - backtrace_ffi.cdef(''' - int backtrace(void **, int); - char **backtrace_symbols(void *const *, int); - ''') - backtrace_lib = backtrace_ffi.dlopen(None) - - def backtrace(): - buf = backtrace_ffi.new("void*[]", 24) - length = backtrace_lib.backtrace(buf, len(buf)) - return (buf, length) - - def symbolize_backtrace(trace): - (buf, length) = trace - symbols = backtrace_lib.backtrace_symbols(buf, length) - stack = [ - backtrace_ffi.string(symbols[i]).decode() - for i in range(length) - ] - lib.Cryptography_free_wrapper(symbols, backtrace_ffi.NULL, 0) - return stack - else: - def backtrace(): - return None - - def symbolize_backtrace(trace): - return None - - @ffi.callback("void *(size_t, const char *, int)") - def malloc(size, path, line): - ptr = lib.Cryptography_malloc_wrapper(size, path, line) - heap[ptr] = (size, path, line, backtrace()) - return ptr - - @ffi.callback("void *(void *, size_t, const char *, int)") - def realloc(ptr, size, path, line): - if ptr != ffi.NULL: - del heap[ptr] - new_ptr = lib.Cryptography_realloc_wrapper(ptr, size, path, line) - heap[new_ptr] = (size, path, line, backtrace()) - return new_ptr - - @ffi.callback("void(void *, const char *, int)") - def free(ptr, path, line): - if ptr != ffi.NULL: - del heap[ptr] - lib.Cryptography_free_wrapper(ptr, path, line) - - result = lib.Cryptography_CRYPTO_set_mem_functions(malloc, realloc, free) - assert result == 1 - - # Trigger a bunch of initialization stuff. - import hashlib - from cryptography.hazmat.backends.openssl.backend import backend - - hashlib.sha256() - - start_heap = set(heap) - - try: - func(*argv[1:]) - finally: - gc.collect() - gc.collect() - gc.collect() - - if lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider) - lib.OSSL_PROVIDER_unload(backend._binding._default_provider) - - if lib.Cryptography_HAS_OPENSSL_CLEANUP: - lib.OPENSSL_cleanup() - - # Swap back to the original functions so that if OpenSSL tries to free - # something from its atexit handle it won't be going through a Python - # function, which will be deallocated when this function returns - result = lib.Cryptography_CRYPTO_set_mem_functions( - ffi.addressof(lib, "Cryptography_malloc_wrapper"), - ffi.addressof(lib, "Cryptography_realloc_wrapper"), - ffi.addressof(lib, "Cryptography_free_wrapper"), - ) - assert result == 1 - - remaining = set(heap) - start_heap - - if remaining: - sys.stdout.write(json.dumps(dict( - (int(ffi.cast("size_t", ptr)), { - "size": heap[ptr][0], - "path": ffi.string(heap[ptr][1]).decode(), - "line": heap[ptr][2], - "backtrace": symbolize_backtrace(heap[ptr][3]), - }) - for ptr in remaining - ))) - sys.stdout.flush() - sys.exit(255) - -main(sys.argv) -""" - - -def assert_no_memory_leaks(s, argv=[]): - env = os.environ.copy() - env["PYTHONPATH"] = os.pathsep.join(sys.path) - - # When using pytest-cov it attempts to instrument subprocesses. This - # causes the memleak tests to raise exceptions. - # we don't need coverage so we remove the env vars. - env.pop("COV_CORE_CONFIG", None) - env.pop("COV_CORE_DATAFILE", None) - env.pop("COV_CORE_SOURCE", None) - - argv = [ - sys.executable, - "-c", - "{}\n\n{}".format(s, MEMORY_LEAK_SCRIPT), - ] + argv - # Shell out to a fresh Python process because OpenSSL does not allow you to - # install new memory hooks after the first malloc/free occurs. - proc = subprocess.Popen( - argv, - env=env, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - assert proc.stdout is not None - assert proc.stderr is not None - try: - proc.wait() - if proc.returncode == 255: - # 255 means there was a leak, load the info about what mallocs - # weren't freed. - out = json.loads(proc.stdout.read().decode()) - raise AssertionError(out) - elif proc.returncode != 0: - # Any exception type will do to be honest - raise ValueError(proc.stdout.read(), proc.stderr.read()) - finally: - proc.stdout.close() - proc.stderr.close() - - -def skip_if_memtesting_not_supported(): - return pytest.mark.skipif( - not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS, - reason="Requires OpenSSL memory functions (>=1.1.0)", - ) - - -@pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") -@skip_if_memtesting_not_supported() -class TestAssertNoMemoryLeaks: - def test_no_leak_no_malloc(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - pass - """ - ) - ) - - def test_no_leak_free(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.bindings.openssl.binding import Binding - b = Binding() - name = b.lib.X509_NAME_new() - b.lib.X509_NAME_free(name) - """ - ) - ) - - def test_no_leak_gc(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.bindings.openssl.binding import Binding - b = Binding() - name = b.lib.X509_NAME_new() - b.ffi.gc(name, b.lib.X509_NAME_free) - """ - ) - ) - - def test_leak(self): - with pytest.raises(AssertionError): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.bindings.openssl.binding import ( - Binding - ) - b = Binding() - b.lib.X509_NAME_new() - """ - ) - ) - - def test_errors(self): - with pytest.raises(ValueError, match="ZeroDivisionError"): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - raise ZeroDivisionError - """ - ) - ) - - -@pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") -@skip_if_memtesting_not_supported() -class TestOpenSSLMemoryLeaks: - @pytest.mark.parametrize( - "path", ["x509/PKITS_data/certs/ValidcRLIssuerTest28EE.crt"] - ) - def test_der_x509_certificate_extensions(self, path): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(path): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - - import cryptography_vectors - - with cryptography_vectors.open_vector_file(path, "rb") as f: - cert = x509.load_der_x509_certificate( - f.read(), backend - ) - - cert.extensions - """ - ), - [path], - ) - - @pytest.mark.parametrize("path", ["x509/cryptography.io.pem"]) - def test_pem_x509_certificate_extensions(self, path): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(path): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - - import cryptography_vectors - - with cryptography_vectors.open_vector_file(path, "rb") as f: - cert = x509.load_pem_x509_certificate( - f.read(), backend - ) - - cert.extensions - """ - ), - [path], - ) - - def test_x509_csr_extensions(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import rsa - - private_key = rsa.generate_private_key( - key_size=2048, public_exponent=65537, backend=backend - ) - cert = x509.CertificateSigningRequestBuilder().subject_name( - x509.Name([]) - ).add_extension( - x509.OCSPNoCheck(), critical=False - ).sign(private_key, hashes.SHA256(), backend) - - cert.extensions - """ - ) - ) - - def test_ec_private_numbers_private_key(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives.asymmetric import ec - - ec.EllipticCurvePrivateNumbers( - private_value=int( - '280814107134858470598753916394807521398239633534281633982576099083' - '35787109896602102090002196616273211495718603965098' - ), - public_numbers=ec.EllipticCurvePublicNumbers( - curve=ec.SECP384R1(), - x=int( - '10036914308591746758780165503819213553101287571902957054148542' - '504671046744460374996612408381962208627004841444205030' - ), - y=int( - '17337335659928075994560513699823544906448896792102247714689323' - '575406618073069185107088229463828921069465902299522926' - ) - ) - ).private_key(backend) - """ - ) - ) - - def test_ec_derive_private_key(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives.asymmetric import ec - ec.derive_private_key(1, ec.SECP256R1(), backend) - """ - ) - ) - - def test_x25519_pubkey_from_private_key(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography.hazmat.primitives.asymmetric import x25519 - private_key = x25519.X25519PrivateKey.generate() - private_key.public_key() - """ - ) - ) - - def test_create_ocsp_request(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.x509 import ocsp - import cryptography_vectors - - path = "x509/PKITS_data/certs/ValidcRLIssuerTest28EE.crt" - with cryptography_vectors.open_vector_file(path, "rb") as f: - cert = x509.load_der_x509_certificate( - f.read(), backend - ) - builder = ocsp.OCSPRequestBuilder() - builder = builder.add_certificate( - cert, cert, hashes.SHA1() - ).add_extension(x509.OCSPNonce(b"0000"), False) - req = builder.build() - """ - ) - ) - - @pytest.mark.parametrize( - "path", - ["pkcs12/cert-aes256cbc-no-key.p12", "pkcs12/cert-key-aes256cbc.p12"], - ) - def test_load_pkcs12_key_and_certificates(self, path): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(path): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives.serialization import pkcs12 - import cryptography_vectors - - with cryptography_vectors.open_vector_file(path, "rb") as f: - pkcs12.load_key_and_certificates( - f.read(), b"cryptography", backend - ) - """ - ), - [path], - ) - - def test_create_crl_with_idp(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - import datetime - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import ec - from cryptography.x509.oid import NameOID - - key = ec.generate_private_key(ec.SECP256R1(), backend) - last_update = datetime.datetime(2002, 1, 1, 12, 1) - next_update = datetime.datetime(2030, 1, 1, 12, 1) - idp = x509.IssuingDistributionPoint( - full_name=None, - relative_name=x509.RelativeDistinguishedName([ - x509.NameAttribute( - oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA") - ]), - only_contains_user_certs=False, - only_contains_ca_certs=True, - only_some_reasons=None, - indirect_crl=False, - only_contains_attribute_certs=False, - ) - builder = x509.CertificateRevocationListBuilder().issuer_name( - x509.Name([ - x509.NameAttribute( - NameOID.COMMON_NAME, u"cryptography.io CA" - ) - ]) - ).last_update( - last_update - ).next_update( - next_update - ).add_extension( - idp, True - ) - - crl = builder.sign(key, hashes.SHA256(), backend) - crl.extensions.get_extension_for_class( - x509.IssuingDistributionPoint - ) - """ - ) - ) - - def test_create_certificate_with_extensions(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - import datetime - - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import ec - from cryptography.x509.oid import ( - AuthorityInformationAccessOID, ExtendedKeyUsageOID, NameOID - ) - - private_key = ec.generate_private_key(ec.SECP256R1(), backend) - - not_valid_before = datetime.datetime.now() - not_valid_after = not_valid_before + datetime.timedelta(days=365) - - aia = x509.AuthorityInformationAccess([ - x509.AccessDescription( - AuthorityInformationAccessOID.OCSP, - x509.UniformResourceIdentifier(u"http://ocsp.domain.com") - ), - x509.AccessDescription( - AuthorityInformationAccessOID.CA_ISSUERS, - x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") - ) - ]) - sans = [u'*.example.org', u'foobar.example.net'] - san = x509.SubjectAlternativeName(list(map(x509.DNSName, sans))) - - ski = x509.SubjectKeyIdentifier.from_public_key( - private_key.public_key() - ) - eku = x509.ExtendedKeyUsage([ - ExtendedKeyUsageOID.CLIENT_AUTH, - ExtendedKeyUsageOID.SERVER_AUTH, - ExtendedKeyUsageOID.CODE_SIGNING, - ]) - - builder = x509.CertificateBuilder().serial_number( - 777 - ).issuer_name(x509.Name([ - x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), - ])).subject_name(x509.Name([ - x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), - ])).public_key( - private_key.public_key() - ).add_extension( - aia, critical=False - ).not_valid_before( - not_valid_before - ).not_valid_after( - not_valid_after - ) - - cert = builder.sign(private_key, hashes.SHA256(), backend) - cert.extensions - """ - ) - ) - - def test_write_pkcs12_key_and_certificates(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - import os - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import serialization - from cryptography.hazmat.primitives.serialization import pkcs12 - import cryptography_vectors - - path = os.path.join('x509', 'custom', 'ca', 'ca.pem') - with cryptography_vectors.open_vector_file(path, "rb") as f: - cert = x509.load_pem_x509_certificate( - f.read(), backend - ) - path2 = os.path.join('x509', 'custom', 'dsa_selfsigned_ca.pem') - with cryptography_vectors.open_vector_file(path2, "rb") as f: - cert2 = x509.load_pem_x509_certificate( - f.read(), backend - ) - path3 = os.path.join('x509', 'letsencryptx3.pem') - with cryptography_vectors.open_vector_file(path3, "rb") as f: - cert3 = x509.load_pem_x509_certificate( - f.read(), backend - ) - key_path = os.path.join("x509", "custom", "ca", "ca_key.pem") - with cryptography_vectors.open_vector_file(key_path, "rb") as f: - key = serialization.load_pem_private_key( - f.read(), None, backend - ) - encryption = serialization.NoEncryption() - pkcs12.serialize_key_and_certificates( - b"name", key, cert, [cert2, cert3], encryption) - """ - ) - ) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index abc0e15..db6410d 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -2,13 +2,12 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import pytest from cryptography.exceptions import InternalError +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.bindings.openssl.binding import ( Binding, - _consume_errors, _openssl_assert, _verify_package_version, ) @@ -21,18 +20,13 @@ def test_binding_loads(self): assert binding.lib assert binding.ffi - def test_add_engine_more_than_once(self): - b = Binding() - b._register_osrandom_engine() - assert b.lib.ERR_get_error() == 0 - def test_ssl_ctx_options(self): # Test that we're properly handling 32-bit unsigned on all platforms. b = Binding() # SSL_OP_ALL is 0 on BoringSSL - if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL: + if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL: assert b.lib.SSL_OP_ALL > 0 - ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) + ctx = b.lib.SSL_CTX_new(b.lib.TLS_method()) assert ctx != b.ffi.NULL ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) current_options = b.lib.SSL_CTX_get_options(ctx) @@ -45,9 +39,9 @@ def test_ssl_options(self): # Test that we're properly handling 32-bit unsigned on all platforms. b = Binding() # SSL_OP_ALL is 0 on BoringSSL - if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL: + if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL: assert b.lib.SSL_OP_ALL > 0 - ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) + ctx = b.lib.SSL_CTX_new(b.lib.TLS_method()) assert ctx != b.ffi.NULL ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) ssl = b.lib.SSL_new(ctx) @@ -58,27 +52,10 @@ def test_ssl_options(self): assert resp == expected_options assert b.lib.SSL_get_options(ssl) == expected_options - def test_ssl_mode(self): - # Test that we're properly handling 32-bit unsigned on all platforms. - b = Binding() - # SSL_OP_ALL is 0 on BoringSSL - if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL: - assert b.lib.SSL_OP_ALL > 0 - ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) - assert ctx != b.ffi.NULL - ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) - ssl = b.lib.SSL_new(ctx) - ssl = b.ffi.gc(ssl, b.lib.SSL_free) - current_options = b.lib.SSL_get_mode(ssl) - resp = b.lib.SSL_set_mode(ssl, b.lib.SSL_OP_ALL) - expected_options = current_options | b.lib.SSL_OP_ALL - assert resp == expected_options - assert b.lib.SSL_get_mode(ssl) == expected_options - def test_conditional_removal(self): b = Binding() - if not b.lib.CRYPTOGRAPHY_IS_LIBRESSL: + if not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL: assert b.lib.TLS_ST_OK else: with pytest.raises(AttributeError): @@ -94,15 +71,24 @@ def test_openssl_assert_error_on_stack(self): -1, ) with pytest.raises(InternalError) as exc_info: - _openssl_assert(b.lib, False) + _openssl_assert(False) error = exc_info.value.err_code[0] assert error.lib == b.lib.ERR_LIB_EVP assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH - if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL: + if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL: assert b"data not multiple of block length" in error.reason_text - def test_check_startup_errors_are_allowed(self): + def test_version_mismatch(self): + with pytest.raises(ImportError): + _verify_package_version("nottherightversion") + + def test_rust_internal_error(self): + with pytest.raises(InternalError) as exc_info: + rust_openssl.raise_openssl_error() + + assert len(exc_info.value.err_code) == 0 + b = Binding() b.lib.ERR_put_error( b.lib.ERR_LIB_EVP, @@ -111,9 +97,11 @@ def test_check_startup_errors_are_allowed(self): b"", -1, ) - b._register_osrandom_engine() - assert _consume_errors(b.lib) == [] + with pytest.raises(InternalError) as exc_info: + rust_openssl.raise_openssl_error() - def test_version_mismatch(self): - with pytest.raises(ImportError): - _verify_package_version("nottherightversion") + error = exc_info.value.err_code[0] + assert error.lib == b.lib.ERR_LIB_EVP + assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH + if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL: + assert b"data not multiple of block length" in error.reason_text diff --git a/tests/hypothesis/__init__.py b/tests/hazmat/primitives/decrepit/__init__.py similarity index 100% rename from tests/hypothesis/__init__.py rename to tests/hazmat/primitives/decrepit/__init__.py diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/decrepit/test_3des.py similarity index 96% rename from tests/hazmat/primitives/test_3des.py rename to tests/hazmat/primitives/decrepit/test_3des.py index ea39a21..2b7a104 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/decrepit/test_3des.py @@ -6,16 +6,16 @@ Test using the NIST Test Vectors """ - import binascii import os import pytest -from cryptography.hazmat.primitives.ciphers import algorithms, modes +from cryptography.hazmat.decrepit.ciphers import algorithms +from cryptography.hazmat.primitives.ciphers import modes -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors +from ....utils import load_nist_vectors +from ..utils import generate_encrypt_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/decrepit/test_algorithms.py b/tests/hazmat/primitives/decrepit/test_algorithms.py new file mode 100644 index 0000000..0dbdac7 --- /dev/null +++ b/tests/hazmat/primitives/decrepit/test_algorithms.py @@ -0,0 +1,405 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + + +import binascii +import os + +import pytest + +from cryptography.exceptions import _Reasons +from cryptography.hazmat.decrepit.ciphers.algorithms import ( + ARC4, + CAST5, + IDEA, + SEED, + Blowfish, + TripleDES, +) +from cryptography.hazmat.primitives import ciphers +from cryptography.hazmat.primitives.ciphers import modes + +from ....utils import load_nist_vectors, raises_unsupported_algorithm +from ..utils import generate_encrypt_test + + +class TestARC4: + @pytest.mark.parametrize( + ("key", "keysize"), + [ + (b"0" * 10, 40), + (b"0" * 14, 56), + (b"0" * 16, 64), + (b"0" * 20, 80), + (b"0" * 32, 128), + (b"0" * 48, 192), + (b"0" * 64, 256), + ], + ) + def test_key_size(self, key, keysize): + cipher = ARC4(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + ARC4(binascii.unhexlify(b"0" * 34)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + ARC4("0" * 10) # type: ignore[arg-type] + + +def test_invalid_mode_algorithm(): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.GCM(b"\x00" * 12), + ) + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.CBC(b"\x00" * 12), + ) + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.CTR(b"\x00" * 12), + ) + + +class TestTripleDES: + @pytest.mark.parametrize("key", [b"0" * 16, b"0" * 32, b"0" * 48]) + def test_key_size(self, key): + cipher = TripleDES(binascii.unhexlify(key)) + assert cipher.key_size == 192 + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + TripleDES(binascii.unhexlify(b"0" * 12)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + TripleDES("0" * 16) # type: ignore[arg-type] + + +class TestBlowfish: + @pytest.mark.parametrize( + ("key", "keysize"), + [(b"0" * (keysize // 4), keysize) for keysize in range(32, 449, 8)], + ) + def test_key_size(self, key, keysize): + cipher = Blowfish(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + Blowfish(binascii.unhexlify(b"0" * 6)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + Blowfish("0" * 8) # type: ignore[arg-type] + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + Blowfish(b"\x00" * 56), modes.ECB() + ), + skip_message="Does not support Blowfish ECB", +) +class TestBlowfishModeECB: + test_ecb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "Blowfish"), + ["bf-ecb.txt"], + lambda key, **kwargs: Blowfish(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + Blowfish(b"\x00" * 56), modes.CBC(b"\x00" * 8) + ), + skip_message="Does not support Blowfish CBC", +) +class TestBlowfishModeCBC: + test_cbc = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "Blowfish"), + ["bf-cbc.txt"], + lambda key, **kwargs: Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + Blowfish(b"\x00" * 56), modes.OFB(b"\x00" * 8) + ), + skip_message="Does not support Blowfish OFB", +) +class TestBlowfishModeOFB: + test_ofb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "Blowfish"), + ["bf-ofb.txt"], + lambda key, **kwargs: Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + Blowfish(b"\x00" * 56), modes.CFB(b"\x00" * 8) + ), + skip_message="Does not support Blowfish CFB", +) +class TestBlowfishModeCFB: + test_cfb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "Blowfish"), + ["bf-cfb.txt"], + lambda key, **kwargs: Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + ) + + +class TestCAST5: + @pytest.mark.parametrize( + ("key", "keysize"), + [(b"0" * (keysize // 4), keysize) for keysize in range(40, 129, 8)], + ) + def test_key_size(self, key, keysize): + cipher = CAST5(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + CAST5(binascii.unhexlify(b"0" * 34)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + CAST5("0" * 10) # type: ignore[arg-type] + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + CAST5(b"\x00" * 16), modes.ECB() + ), + skip_message="Does not support CAST5 ECB", +) +class TestCAST5ModeECB: + test_ecb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "CAST5"), + ["cast5-ecb.txt"], + lambda key, **kwargs: CAST5(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + CAST5(b"\x00" * 16), modes.CBC(b"\x00" * 8) + ), + skip_message="Does not support CAST5 CBC", +) +class TestCAST5ModeCBC: + test_cbc = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "CAST5"), + ["cast5-cbc.txt"], + lambda key, **kwargs: CAST5(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + CAST5(b"\x00" * 16), modes.OFB(b"\x00" * 8) + ), + skip_message="Does not support CAST5 OFB", +) +class TestCAST5ModeOFB: + test_ofb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "CAST5"), + ["cast5-ofb.txt"], + lambda key, **kwargs: CAST5(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + CAST5(b"\x00" * 16), modes.CFB(b"\x00" * 8) + ), + skip_message="Does not support CAST5 CFB", +) +class TestCAST5ModeCFB: + test_cfb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "CAST5"), + ["cast5-cfb.txt"], + lambda key, **kwargs: CAST5(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + ) + + +class TestIDEA: + def test_key_size(self): + cipher = IDEA(b"\x00" * 16) + assert cipher.key_size == 128 + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + IDEA(b"\x00" * 17) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + IDEA("0" * 16) # type: ignore[arg-type] + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + IDEA(b"\x00" * 16), modes.ECB() + ), + skip_message="Does not support IDEA ECB", +) +class TestIDEAModeECB: + test_ecb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-ecb.txt"], + lambda key, **kwargs: IDEA(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + IDEA(b"\x00" * 16), modes.CBC(b"\x00" * 8) + ), + skip_message="Does not support IDEA CBC", +) +class TestIDEAModeCBC: + test_cbc = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-cbc.txt"], + lambda key, **kwargs: IDEA(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + IDEA(b"\x00" * 16), modes.OFB(b"\x00" * 8) + ), + skip_message="Does not support IDEA OFB", +) +class TestIDEAModeOFB: + test_ofb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-ofb.txt"], + lambda key, **kwargs: IDEA(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + IDEA(b"\x00" * 16), modes.CFB(b"\x00" * 8) + ), + skip_message="Does not support IDEA CFB", +) +class TestIDEAModeCFB: + test_cfb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "IDEA"), + ["idea-cfb.txt"], + lambda key, **kwargs: IDEA(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + ) + + +class TestSEED: + def test_key_size(self): + cipher = SEED(b"\x00" * 16) + assert cipher.key_size == 128 + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + SEED(b"\x00" * 17) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + SEED("0" * 16) # type: ignore[arg-type] + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + SEED(b"\x00" * 16), modes.ECB() + ), + skip_message="Does not support SEED ECB", +) +class TestSEEDModeECB: + test_ecb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "SEED"), + ["rfc-4269.txt"], + lambda key, **kwargs: SEED(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + SEED(b"\x00" * 16), modes.CBC(b"\x00" * 16) + ), + skip_message="Does not support SEED CBC", +) +class TestSEEDModeCBC: + test_cbc = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "SEED"), + ["rfc-4196.txt"], + lambda key, **kwargs: SEED(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + SEED(b"\x00" * 16), modes.OFB(b"\x00" * 16) + ), + skip_message="Does not support SEED OFB", +) +class TestSEEDModeOFB: + test_ofb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "SEED"), + ["seed-ofb.txt"], + lambda key, **kwargs: SEED(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + SEED(b"\x00" * 16), modes.CFB(b"\x00" * 16) + ), + skip_message="Does not support SEED CFB", +) +class TestSEEDModeCFB: + test_cfb = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "SEED"), + ["seed-cfb.txt"], + lambda key, **kwargs: SEED(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + ) diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/decrepit/test_arc4.py similarity index 85% rename from tests/hazmat/primitives/test_arc4.py rename to tests/hazmat/primitives/decrepit/test_arc4.py index 5bc23f9..116f4b1 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/decrepit/test_arc4.py @@ -8,10 +8,10 @@ import pytest -from cryptography.hazmat.primitives.ciphers import algorithms +from cryptography.hazmat.decrepit.ciphers import algorithms -from .utils import generate_stream_encryption_test -from ...utils import load_nist_vectors +from ....utils import load_nist_vectors +from ..utils import generate_stream_encryption_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/decrepit/test_rc2.py b/tests/hazmat/primitives/decrepit/test_rc2.py new file mode 100644 index 0000000..dd2ce5d --- /dev/null +++ b/tests/hazmat/primitives/decrepit/test_rc2.py @@ -0,0 +1,36 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +""" +Test using the NIST Test Vectors +""" + +import binascii +import os + +import pytest + +from cryptography.hazmat.decrepit.ciphers.algorithms import RC2 +from cryptography.hazmat.primitives.ciphers import modes + +from ....utils import load_nist_vectors +from ..utils import generate_encrypt_test + + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + RC2(b"\x00" * 16), modes.CBC(b"\x00" * 8) + ), + skip_message="Does not support RC2 CBC", +) +class TestRC2ModeCBC: + test_kat = generate_encrypt_test( + load_nist_vectors, + os.path.join("ciphers", "RC2"), + [ + "rc2-cbc.txt", + ], + lambda key, **kwargs: RC2(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + ) diff --git a/tests/hazmat/primitives/fixtures_dsa.py b/tests/hazmat/primitives/fixtures_dsa.py index eca0ec4..6675a2c 100644 --- a/tests/hazmat/primitives/fixtures_dsa.py +++ b/tests/hazmat/primitives/fixtures_dsa.py @@ -9,7 +9,6 @@ DSAPublicNumbers, ) - DSA_KEY_1024 = DSAPrivateNumbers( public_numbers=DSAPublicNumbers( parameter_numbers=DSAParameterNumbers( diff --git a/tests/hazmat/primitives/fixtures_ec.py b/tests/hazmat/primitives/fixtures_ec.py index 317c2ab..fa671ac 100644 --- a/tests/hazmat/primitives/fixtures_ec.py +++ b/tests/hazmat/primitives/fixtures_ec.py @@ -5,7 +5,6 @@ from cryptography.hazmat.primitives.asymmetric import ec - EC_KEY_SECT571R1 = ec.EllipticCurvePrivateNumbers( private_value=int( "213997069697108634621868251335076179190383272087548888968788698953" diff --git a/tests/hazmat/primitives/fixtures_rsa.py b/tests/hazmat/primitives/fixtures_rsa.py index f6b5c3b..09b32ab 100644 --- a/tests/hazmat/primitives/fixtures_rsa.py +++ b/tests/hazmat/primitives/fixtures_rsa.py @@ -8,7 +8,6 @@ RSAPublicNumbers, ) - RSA_KEY_512 = RSAPrivateNumbers( p=int( "d57846898d5c0de249c08467586cb458fa9bc417cdf297f73cfc52281b787cd9", 16 diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py index dcbf76b..2f0d52d 100644 --- a/tests/hazmat/primitives/test_aead.py +++ b/tests/hazmat/primitives/test_aead.py @@ -4,7 +4,9 @@ import binascii +import mmap import os +import sys import pytest @@ -12,23 +14,19 @@ from cryptography.hazmat.primitives.ciphers.aead import ( AESCCM, AESGCM, + AESGCMSIV, AESOCB3, AESSIV, ChaCha20Poly1305, ) -from .utils import _load_all_params from ...utils import ( load_nist_ccm_vectors, load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm, ) - - -class FakeData(bytes): - def __len__(self): - return 2**31 +from .utils import _load_all_params def _aead_supported(cls): @@ -39,6 +37,10 @@ def _aead_supported(cls): return False +def large_mmap(): + return mmap.mmap(-1, 2**32, prot=mmap.PROT_READ) + + @pytest.mark.skipif( _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL without ChaCha20Poly1305 support", @@ -53,16 +55,22 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend): reason="Does not support ChaCha20Poly1305", ) class TestChaCha20Poly1305: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) def test_data_too_large(self): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = b"0" * 12 + large_data = large_mmap() + with pytest.raises(OverflowError): - chacha.encrypt(nonce, FakeData(), b"") + chacha.encrypt(nonce, large_data, b"") with pytest.raises(OverflowError): - chacha.encrypt(nonce, b"", FakeData()) + chacha.encrypt(nonce, b"", large_data) def test_generate_key(self): key = ChaCha20Poly1305.generate_key() @@ -189,16 +197,22 @@ def test_buffer_protocol(self, backend): reason="Does not support AESCCM", ) class TestAESCCM: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) def test_data_too_large(self): key = AESCCM.generate_key(128) aesccm = AESCCM(key) nonce = b"0" * 12 + large_data = large_mmap() + with pytest.raises(OverflowError): - aesccm.encrypt(nonce, FakeData(), b"") + aesccm.encrypt(nonce, large_data, b"") with pytest.raises(OverflowError): - aesccm.encrypt(nonce, b"", FakeData()) + aesccm.encrypt(nonce, b"", large_data) def test_default_tag_length(self, backend): key = AESCCM.generate_key(128) @@ -284,6 +298,9 @@ def test_nonce_too_long(self, backend): with pytest.raises(ValueError): aesccm.encrypt(nonce, pt, None) + with pytest.raises(ValueError): + aesccm.decrypt(nonce, pt, None) + @pytest.mark.parametrize( ("nonce", "data", "associated_data"), [ @@ -362,16 +379,28 @@ def _load_gcm_vectors(): class TestAESGCM: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) def test_data_too_large(self): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) nonce = b"0" * 12 + large_data = large_mmap() + with pytest.raises(OverflowError): - aesgcm.encrypt(nonce, FakeData(), b"") + aesgcm.encrypt(nonce, large_data, b"") with pytest.raises(OverflowError): - aesgcm.encrypt(nonce, b"", FakeData()) + aesgcm.encrypt(nonce, b"", large_data) + + def test_decrypt_data_too_short(self): + key = AESGCM.generate_key(128) + aesgcm = AESGCM(key) + with pytest.raises(InvalidTag): + aesgcm.decrypt(b"0" * 12, b"0", None) def test_vectors(self, backend, subtests): vectors = _load_gcm_vectors() @@ -428,6 +457,8 @@ def test_invalid_nonce_length(self, length, backend): aesgcm = AESGCM(key) with pytest.raises(ValueError): aesgcm.encrypt(b"\x00" * length, b"hi", None) + with pytest.raises(ValueError): + aesgcm.decrypt(b"\x00" * length, b"hi", None) def test_bad_key(self, backend): with pytest.raises(TypeError): @@ -464,10 +495,22 @@ def test_buffer_protocol(self, backend): computed_pt = aesgcm.decrypt(nonce, ct, ad) assert computed_pt == pt aesgcm2 = AESGCM(bytearray(key)) - ct2 = aesgcm2.encrypt(bytearray(nonce), pt, ad) + ct2 = aesgcm2.encrypt(bytearray(nonce), bytearray(pt), bytearray(ad)) assert ct2 == ct - computed_pt2 = aesgcm2.decrypt(bytearray(nonce), ct2, ad) + b_nonce = bytearray(nonce) + b_ct2 = bytearray(ct2) + b_ad = bytearray(ad) + computed_pt2 = aesgcm2.decrypt(b_nonce, b_ct2, b_ad) assert computed_pt2 == pt + aesgcm3 = AESGCM(memoryview(key)) + m_nonce = memoryview(nonce) + m_pt = memoryview(pt) + m_ad = memoryview(ad) + ct3 = aesgcm3.encrypt(m_nonce, m_pt, m_ad) + assert ct3 == ct + m_ct3 = memoryview(ct3) + computed_pt3 = aesgcm3.decrypt(m_nonce, m_ct3, m_ad) + assert computed_pt3 == pt @pytest.mark.skipif( @@ -484,16 +527,22 @@ def test_aesocb3_unsupported_on_older_openssl(backend): reason="Does not support AESOCB3", ) class TestAESOCB3: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) def test_data_too_large(self): key = AESOCB3.generate_key(128) aesocb3 = AESOCB3(key) nonce = b"0" * 12 + large_data = large_mmap() + with pytest.raises(OverflowError): - aesocb3.encrypt(nonce, FakeData(), b"") + aesocb3.encrypt(nonce, large_data, b"") with pytest.raises(OverflowError): - aesocb3.encrypt(nonce, b"", FakeData()) + aesocb3.encrypt(nonce, b"", large_data) def test_vectors(self, backend, subtests): vectors = [] @@ -546,6 +595,38 @@ def test_vectors_invalid(self, backend, subtests): with pytest.raises(InvalidTag): aesocb3.decrypt(nonce, ct, b"nonsense") + @pytest.mark.parametrize( + ("key_len", "expected"), + [ + (128, b"g\xe9D\xd22V\xc5\xe0\xb6\xc6\x1f\xa2/\xdf\x1e\xa2"), + (192, b"\xf6s\xf2\xc3\xe7\x17J\xae{\xae\x98l\xa9\xf2\x9e\x17"), + (256, b"\xd9\x0e\xb8\xe9\xc9w\xc8\x8by\xddy=\x7f\xfa\x16\x1c"), + ], + ) + def test_rfc7253(self, backend, key_len, expected): + # This is derived from page 18 of RFC 7253, with a tag length of + # 128 bits. + + k = AESOCB3(b"\x00" * ((key_len - 8) // 8) + b"\x80") + + c = b"" + + for i in range(0, 128): + s = b"\x00" * i + n = (3 * i + 1).to_bytes(12, "big") + c += k.encrypt(n, s, s) + n = (3 * i + 2).to_bytes(12, "big") + c += k.encrypt(n, s, b"") + n = (3 * i + 3).to_bytes(12, "big") + c += k.encrypt(n, b"", s) + + assert len(c) == 22400 + + n = (385).to_bytes(12, "big") + output = k.encrypt(n, b"", c) + + assert output == expected + @pytest.mark.parametrize( ("nonce", "data", "associated_data"), [ @@ -571,6 +652,11 @@ def test_invalid_nonce_length(self, backend): with pytest.raises(ValueError): aesocb3.encrypt(b"\x00" * 16, b"hi", None) + with pytest.raises(ValueError): + aesocb3.decrypt(b"\x00" * 11, b"hi", None) + with pytest.raises(ValueError): + aesocb3.decrypt(b"\x00" * 16, b"hi", None) + def test_bad_key(self, backend): with pytest.raises(TypeError): AESOCB3(object()) # type:ignore[arg-type] @@ -616,16 +702,35 @@ def test_buffer_protocol(self, backend): not _aead_supported(AESSIV), reason="Does not support AESSIV", ) -class TestAESSIV(object): +class TestAESSIV: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) def test_data_too_large(self): key = AESSIV.generate_key(256) aessiv = AESSIV(key) + large_data = large_mmap() + with pytest.raises(OverflowError): - aessiv.encrypt(FakeData(), None) + aessiv.encrypt(large_data, None) with pytest.raises(OverflowError): - aessiv.encrypt(b"", [FakeData()]) + aessiv.encrypt(b"irrelevant", [large_data]) + + with pytest.raises(OverflowError): + aessiv.decrypt(b"very very irrelevant", [large_data]) + + def test_no_empty_encryption(self): + key = AESSIV.generate_key(256) + aessiv = AESSIV(key) + + with pytest.raises(ValueError): + aessiv.encrypt(b"", None) + + with pytest.raises(InvalidTag): + aessiv.decrypt(b"", None) def test_vectors(self, backend, subtests): vectors = load_vectors_from_file( @@ -638,10 +743,11 @@ def test_vectors(self, backend, subtests): aad1 = vector.get("aad", None) aad2 = vector.get("aad2", None) aad3 = vector.get("aad3", None) - aad = [] - for a in [aad1, aad2, aad3]: - if a is not None: - aad.append(binascii.unhexlify(a)) + aad = [ + binascii.unhexlify(a) + for a in (aad1, aad2, aad3) + if a is not None + ] ct = binascii.unhexlify(vector["ciphertext"]) tag = binascii.unhexlify(vector["tag"]) pt = binascii.unhexlify(vector.get("plaintext", b"")) @@ -663,10 +769,11 @@ def test_vectors_invalid(self, backend, subtests): aad1 = vector.get("aad", None) aad2 = vector.get("aad2", None) aad3 = vector.get("aad3", None) - aad = [] - for a in [aad1, aad2, aad3]: - if a is not None: - aad.append(binascii.unhexlify(a)) + aad = [ + binascii.unhexlify(a) + for a in (aad1, aad2, aad3) + if a is not None + ] ct = binascii.unhexlify(vector["ciphertext"]) aessiv = AESSIV(key) @@ -674,7 +781,7 @@ def test_vectors_invalid(self, backend, subtests): badkey = AESSIV(AESSIV.generate_key(256)) badkey.decrypt(ct, aad) with pytest.raises(InvalidTag): - aessiv.decrypt(ct, aad + [b""]) + aessiv.decrypt(ct, [*aad, b""]) with pytest.raises(InvalidTag): aessiv.decrypt(ct, [b"nonsense"]) with pytest.raises(InvalidTag): @@ -734,3 +841,156 @@ def test_buffer_protocol(self, backend): assert ct2 == ct computed_pt2 = aessiv.decrypt(ct2, ad) assert computed_pt2 == pt + + +@pytest.mark.skipif( + not _aead_supported(AESGCMSIV), + reason="Does not support AESGCMSIV", +) +class TestAESGCMSIV: + @pytest.mark.skipif( + sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, + reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESGCMSIV.generate_key(256) + nonce = os.urandom(12) + aesgcmsiv = AESGCMSIV(key) + + large_data = large_mmap() + + with pytest.raises(OverflowError): + aesgcmsiv.encrypt(nonce, large_data, None) + + with pytest.raises(OverflowError): + aesgcmsiv.encrypt(nonce, b"irrelevant", large_data) + + with pytest.raises(OverflowError): + aesgcmsiv.decrypt(nonce, b"very very irrelevant", large_data) + + def test_invalid_nonce_length(self, backend): + key = AESGCMSIV.generate_key(128) + aesgcmsiv = AESGCMSIV(key) + pt = b"hello" + nonce = os.urandom(14) + with pytest.raises(ValueError): + aesgcmsiv.encrypt(nonce, pt, None) + + with pytest.raises(ValueError): + aesgcmsiv.decrypt(nonce, pt, None) + + def test_no_empty_encryption(self): + key = AESGCMSIV.generate_key(256) + aesgcmsiv = AESGCMSIV(key) + nonce = os.urandom(12) + + with pytest.raises(ValueError): + aesgcmsiv.encrypt(nonce, b"", None) + + with pytest.raises(InvalidTag): + aesgcmsiv.decrypt(nonce, b"", None) + + def test_vectors(self, backend, subtests): + vectors = _load_all_params( + os.path.join("ciphers", "AES", "GCM-SIV"), + [ + "openssl.txt", + "aes-192-gcm-siv.txt", + ], + load_nist_vectors, + ) + for vector in vectors: + with subtests.test(): + key = binascii.unhexlify(vector["key"]) + nonce = binascii.unhexlify(vector["iv"]) + aad = binascii.unhexlify(vector.get("aad", b"")) + ct = binascii.unhexlify(vector["ciphertext"]) + tag = binascii.unhexlify(vector["tag"]) + pt = binascii.unhexlify(vector.get("plaintext", b"")) + aesgcmsiv = AESGCMSIV(key) + computed_ct = aesgcmsiv.encrypt(nonce, pt, aad) + assert computed_ct[:-16] == ct + assert computed_ct[-16:] == tag + computed_pt = aesgcmsiv.decrypt(nonce, computed_ct, aad) + assert computed_pt == pt + + def test_vectors_invalid(self, backend, subtests): + vectors = _load_all_params( + os.path.join("ciphers", "AES", "GCM-SIV"), + [ + "openssl.txt", + "aes-192-gcm-siv.txt", + ], + load_nist_vectors, + ) + for vector in vectors: + with subtests.test(): + key = binascii.unhexlify(vector["key"]) + nonce = binascii.unhexlify(vector["iv"]) + aad = binascii.unhexlify(vector.get("aad", b"")) + ct = binascii.unhexlify(vector["ciphertext"]) + aesgcmsiv = AESGCMSIV(key) + with pytest.raises(InvalidTag): + badkey = AESGCMSIV(AESGCMSIV.generate_key(256)) + badkey.decrypt(nonce, ct, aad) + with pytest.raises(InvalidTag): + aesgcmsiv.decrypt(nonce, ct, b"nonsense") + with pytest.raises(InvalidTag): + aesgcmsiv.decrypt(nonce, b"nonsense", aad) + + @pytest.mark.parametrize( + ("nonce", "data", "associated_data"), + [ + [object(), b"data", b""], + [b"0" * 12, object(), b""], + [b"0" * 12, b"data", object()], + ], + ) + def test_params_not_bytes(self, nonce, data, associated_data, backend): + key = AESGCMSIV.generate_key(256) + aesgcmsiv = AESGCMSIV(key) + with pytest.raises(TypeError): + aesgcmsiv.encrypt(nonce, data, associated_data) + + with pytest.raises(TypeError): + aesgcmsiv.decrypt(nonce, data, associated_data) + + def test_bad_key(self, backend): + with pytest.raises(TypeError): + AESGCMSIV(object()) # type:ignore[arg-type] + + with pytest.raises(ValueError): + AESGCMSIV(b"0" * 31) + + def test_bad_generate_key(self, backend): + with pytest.raises(TypeError): + AESGCMSIV.generate_key(object()) # type:ignore[arg-type] + + with pytest.raises(ValueError): + AESGCMSIV.generate_key(129) + + def test_associated_data_none_equal_to_empty_bytestring(self, backend): + key = AESGCMSIV.generate_key(256) + aesgcmsiv = AESGCMSIV(key) + nonce = os.urandom(12) + ct1 = aesgcmsiv.encrypt(nonce, b"some_data", None) + ct2 = aesgcmsiv.encrypt(nonce, b"some_data", b"") + assert ct1 == ct2 + pt1 = aesgcmsiv.decrypt(nonce, ct1, None) + pt2 = aesgcmsiv.decrypt(nonce, ct2, b"") + assert pt1 == pt2 + + def test_buffer_protocol(self, backend): + key = AESGCMSIV.generate_key(256) + aesgcmsiv = AESGCMSIV(key) + nonce = os.urandom(12) + pt = b"encrypt me" + ad = b"additional" + ct = aesgcmsiv.encrypt(nonce, pt, ad) + computed_pt = aesgcmsiv.decrypt(nonce, ct, ad) + assert computed_pt == pt + aesgcmsiv = AESGCMSIV(bytearray(key)) + ct2 = aesgcmsiv.encrypt(nonce, pt, ad) + assert ct2 == ct + computed_pt2 = aesgcmsiv.decrypt(nonce, ct2, ad) + assert computed_pt2 == pt diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 9d68ef2..64ec266 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -8,11 +8,13 @@ import pytest +from cryptography.exceptions import AlreadyFinalized, _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives.ciphers import algorithms, base, modes -from .utils import _load_all_params, generate_encrypt_test from ...doubles import DummyMode -from ...utils import load_nist_vectors +from ...utils import load_nist_vectors, raises_unsupported_algorithm +from .utils import _load_all_params, generate_encrypt_test @pytest.mark.supported( @@ -61,9 +63,7 @@ def test_xts_too_short(self, backend): enc.update(b"0" * 15) @pytest.mark.supported( - only_if=lambda backend: ( - backend._lib.CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER - ), + only_if=lambda backend: not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL, skip_message="duplicate key encryption error added in OpenSSL 1.1.1d", ) def test_xts_no_duplicate_keys_encryption(self, backend): @@ -274,7 +274,7 @@ def test_buffer_protocol_alternate_modes(mode, backend): data = bytearray(b"sixteen_byte_msg") key = algorithms.AES(bytearray(os.urandom(32))) if not backend.cipher_supported(key, mode): - pytest.skip("AES in {} mode not supported".format(mode.name)) + pytest.skip(f"AES in {mode.name} mode not supported") cipher = base.Cipher(key, mode, backend) enc = cipher.encryptor() ct = enc.update(data) + enc.finalize() @@ -298,7 +298,7 @@ def test_buffer_protocol_alternate_modes(mode, backend): def test_alternate_aes_classes(mode, alg_cls, backend): alg = alg_cls(b"0" * (alg_cls.key_size // 8)) if not backend.cipher_supported(alg, mode): - pytest.skip("AES in {} mode not supported".format(mode.name)) + pytest.skip(f"AES in {mode.name} mode not supported") data = bytearray(b"sixteen_byte_msg") cipher = base.Cipher(alg, mode, backend) enc = cipher.encryptor() @@ -306,3 +306,61 @@ def test_alternate_aes_classes(mode, alg_cls, backend): dec = cipher.decryptor() pt = dec.update(ct) + dec.finalize() assert pt == data + + +def test_reset_nonce(backend): + data = b"helloworld" * 10 + nonce = b"\x00" * 16 + nonce_alt = b"\xee" * 16 + cipher = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.CTR(nonce), + ) + cipher_alt = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.CTR(nonce_alt), + ) + enc = cipher.encryptor() + ct1 = enc.update(data) + assert len(ct1) == len(data) + for _ in range(2): + enc.reset_nonce(nonce) + assert enc.update(data) == ct1 + # Reset the nonce to a different value + # and check it matches with a different context + enc_alt = cipher_alt.encryptor() + ct2 = enc_alt.update(data) + enc.reset_nonce(nonce_alt) + assert enc.update(data) == ct2 + enc_alt.finalize() + enc.finalize() + with pytest.raises(AlreadyFinalized): + enc.reset_nonce(nonce) + dec = cipher.decryptor() + assert dec.update(ct1) == data + for _ in range(2): + dec.reset_nonce(nonce) + assert dec.update(ct1) == data + # Reset the nonce to a different value + # and check it matches with a different context + dec_alt = cipher_alt.decryptor() + dec.reset_nonce(nonce_alt) + assert dec.update(ct2) == dec_alt.update(ct2) + dec_alt.finalize() + dec.finalize() + with pytest.raises(AlreadyFinalized): + dec.reset_nonce(nonce) + + +def test_reset_nonce_invalid_mode(backend): + iv = b"\x00" * 16 + c = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(iv), + ) + enc = c.encryptor() + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + enc.reset_nonce(iv) + dec = c.decryptor() + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + dec.reset_nonce(iv) diff --git a/tests/hazmat/primitives/test_aes_gcm.py b/tests/hazmat/primitives/test_aes_gcm.py index 9220e9e..30cf9ca 100644 --- a/tests/hazmat/primitives/test_aes_gcm.py +++ b/tests/hazmat/primitives/test_aes_gcm.py @@ -8,10 +8,12 @@ import pytest +from cryptography.exceptions import _Reasons +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives.ciphers import algorithms, base, modes +from ...utils import load_nist_vectors, raises_unsupported_algorithm from .utils import generate_aead_test -from ...utils import load_nist_vectors @pytest.mark.supported( @@ -66,62 +68,52 @@ def test_gcm_ciphertext_with_no_aad(self, backend): assert encryptor.tag == tag def test_gcm_ciphertext_limit(self, backend): - encryptor = base.Cipher( + cipher = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, - ).encryptor() - new_max = modes.GCM._MAX_ENCRYPTED_BYTES - 16 - encryptor._bytes_processed = new_max # type: ignore[attr-defined] + ) + encryptor = cipher.encryptor() + rust_openssl.ciphers._advance( + encryptor, modes.GCM._MAX_ENCRYPTED_BYTES - 16 + ) encryptor.update(b"0" * 16) - max = modes.GCM._MAX_ENCRYPTED_BYTES - assert encryptor._bytes_processed == max # type: ignore[attr-defined] with pytest.raises(ValueError): encryptor.update(b"0") + with pytest.raises(ValueError): + encryptor.update_into(b"0", bytearray(1)) + + decryptor = cipher.decryptor() + rust_openssl.ciphers._advance( + decryptor, modes.GCM._MAX_ENCRYPTED_BYTES - 16 + ) + decryptor.update(b"0" * 16) + with pytest.raises(ValueError): + decryptor.update(b"0") + with pytest.raises(ValueError): + decryptor.update_into(b"0", bytearray(1)) def test_gcm_aad_limit(self, backend): - encryptor = base.Cipher( + cipher = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, - ).encryptor() - new_max = modes.GCM._MAX_AAD_BYTES - 16 - encryptor._aad_bytes_processed = new_max # type: ignore[attr-defined] - encryptor.authenticate_additional_data(b"0" * 16) - max = modes.GCM._MAX_AAD_BYTES - assert ( - encryptor._aad_bytes_processed == max # type: ignore[attr-defined] ) + encryptor = cipher.encryptor() + rust_openssl.ciphers._advance_aad( + encryptor, modes.GCM._MAX_AAD_BYTES - 16 + ) + encryptor.authenticate_additional_data(b"0" * 16) with pytest.raises(ValueError): encryptor.authenticate_additional_data(b"0") - def test_gcm_ciphertext_increments(self, backend): - encryptor = base.Cipher( - algorithms.AES(b"\x00" * 16), - modes.GCM(b"\x01" * 16), - backend=backend, - ).encryptor() - encryptor.update(b"0" * 8) - assert encryptor._bytes_processed == 8 # type: ignore[attr-defined] - encryptor.update(b"0" * 7) - assert encryptor._bytes_processed == 15 # type: ignore[attr-defined] - encryptor.update(b"0" * 18) - assert encryptor._bytes_processed == 33 # type: ignore[attr-defined] - - def test_gcm_aad_increments(self, backend): - encryptor = base.Cipher( - algorithms.AES(b"\x00" * 16), - modes.GCM(b"\x01" * 16), - backend=backend, - ).encryptor() - encryptor.authenticate_additional_data(b"0" * 8) - assert ( - encryptor._aad_bytes_processed == 8 # type: ignore[attr-defined] - ) - encryptor.authenticate_additional_data(b"0" * 18) - assert ( - encryptor._aad_bytes_processed == 26 # type: ignore[attr-defined] + decryptor = cipher.decryptor() + rust_openssl.ciphers._advance_aad( + decryptor, modes.GCM._MAX_AAD_BYTES - 16 ) + decryptor.authenticate_additional_data(b"0" * 16) + with pytest.raises(ValueError): + decryptor.authenticate_additional_data(b"0") def test_gcm_tag_decrypt_none(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") @@ -188,22 +180,24 @@ def test_gcm_tag_decrypt_finalize_tag_length(self, tag, backend): def test_buffer_protocol(self, backend): data = bytearray(b"helloworld") - enc = base.Cipher( + c = base.Cipher( algorithms.AES(bytearray(b"\x00" * 16)), modes.GCM(bytearray(b"\x00" * 12)), backend, - ).encryptor() + ) + enc = c.encryptor() enc.authenticate_additional_data(bytearray(b"foo")) ct = enc.update(data) + enc.finalize() - dec = base.Cipher( - algorithms.AES(bytearray(b"\x00" * 16)), - modes.GCM(bytearray(b"\x00" * 12), enc.tag), - backend, - ).decryptor() + + dec = c.decryptor() dec.authenticate_additional_data(bytearray(b"foo")) - pt = dec.update(ct) + dec.finalize() + pt = dec.update(ct) + dec.finalize_with_tag(enc.tag) assert pt == data + enc = c.encryptor() + with pytest.raises(ValueError): + enc.update_into(b"abc123", bytearray(0)) + @pytest.mark.parametrize("size", [8, 128]) def test_gcm_min_max_iv(self, size, backend): if backend._fips_enabled: @@ -237,3 +231,16 @@ def test_alternate_aes_classes(self, alg, backend): dec = cipher.decryptor() pt = dec.update(ct) + dec.finalize_with_tag(enc.tag) assert pt == data + + def test_reset_nonce_invalid_mode(self, backend): + nonce = b"\x00" * 12 + c = base.Cipher( + algorithms.AES(b"\x00" * 16), + modes.GCM(nonce), + ) + enc = c.encryptor() + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + enc.reset_nonce(nonce) + dec = c.decryptor() + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + dec.reset_nonce(nonce) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index fa2c4f5..6233e19 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -15,12 +15,12 @@ modes, ) +from ...doubles import DummyCipherAlgorithm, DummyMode +from ...utils import raises_unsupported_algorithm from .utils import ( generate_aead_exception_test, generate_aead_tag_exception_test, ) -from ...doubles import DummyCipherAlgorithm, DummyMode -from ...utils import raises_unsupported_algorithm class TestCipher: @@ -44,7 +44,9 @@ def test_instantiate_with_non_algorithm(self, backend): algorithm = object() with pytest.raises(TypeError): Cipher( - algorithm, mode=None, backend=backend # type: ignore[arg-type] + algorithm, # type: ignore[arg-type] + mode=None, + backend=backend, ) diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py deleted file mode 100644 index 4ff8c1f..0000000 --- a/tests/hazmat/primitives/test_blowfish.py +++ /dev/null @@ -1,86 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import binascii -import os - -import pytest - -from cryptography.hazmat.primitives.ciphers import algorithms, modes - -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._BlowfishInternal(b"\x00" * 56), modes.ECB() - ), - skip_message="Does not support Blowfish ECB", -) -class TestBlowfishModeECB: - test_ecb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "Blowfish"), - ["bf-ecb.txt"], - lambda key, **kwargs: algorithms._BlowfishInternal( - binascii.unhexlify(key) - ), - lambda **kwargs: modes.ECB(), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._BlowfishInternal(b"\x00" * 56), modes.CBC(b"\x00" * 8) - ), - skip_message="Does not support Blowfish CBC", -) -class TestBlowfishModeCBC: - test_cbc = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "Blowfish"), - ["bf-cbc.txt"], - lambda key, **kwargs: algorithms._BlowfishInternal( - binascii.unhexlify(key) - ), - lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._BlowfishInternal(b"\x00" * 56), modes.OFB(b"\x00" * 8) - ), - skip_message="Does not support Blowfish OFB", -) -class TestBlowfishModeOFB: - test_ofb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "Blowfish"), - ["bf-ofb.txt"], - lambda key, **kwargs: algorithms._BlowfishInternal( - binascii.unhexlify(key) - ), - lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._BlowfishInternal(b"\x00" * 56), modes.CFB(b"\x00" * 8) - ), - skip_message="Does not support Blowfish CFB", -) -class TestBlowfishModeCFB: - test_cfb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "Blowfish"), - ["bf-cfb.txt"], - lambda key, **kwargs: algorithms._BlowfishInternal( - binascii.unhexlify(key) - ), - lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - ) diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index 8ec7551..d6f1fca 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -10,8 +10,8 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes -from .utils import generate_encrypt_test from ...utils import load_cryptrec_vectors, load_nist_vectors +from .utils import generate_encrypt_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py deleted file mode 100644 index 6c6f0c8..0000000 --- a/tests/hazmat/primitives/test_cast5.py +++ /dev/null @@ -1,86 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import binascii -import os - -import pytest - -from cryptography.hazmat.primitives.ciphers import algorithms, modes - -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._CAST5Internal(b"\x00" * 16), modes.ECB() - ), - skip_message="Does not support CAST5 ECB", -) -class TestCAST5ModeECB: - test_ecb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-ecb.txt"], - lambda key, **kwargs: algorithms._CAST5Internal( - binascii.unhexlify((key)) - ), - lambda **kwargs: modes.ECB(), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._CAST5Internal(b"\x00" * 16), modes.CBC(b"\x00" * 8) - ), - skip_message="Does not support CAST5 CBC", -) -class TestCAST5ModeCBC: - test_cbc = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-cbc.txt"], - lambda key, **kwargs: algorithms._CAST5Internal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._CAST5Internal(b"\x00" * 16), modes.OFB(b"\x00" * 8) - ), - skip_message="Does not support CAST5 OFB", -) -class TestCAST5ModeOFB: - test_ofb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-ofb.txt"], - lambda key, **kwargs: algorithms._CAST5Internal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._CAST5Internal(b"\x00" * 16), modes.CFB(b"\x00" * 8) - ), - skip_message="Does not support CAST5 CFB", -) -class TestCAST5ModeCFB: - test_cfb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-cfb.txt"], - lambda key, **kwargs: algorithms._CAST5Internal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - ) diff --git a/tests/hazmat/primitives/test_chacha20.py b/tests/hazmat/primitives/test_chacha20.py index 4dd1b08..3ade8b9 100644 --- a/tests/hazmat/primitives/test_chacha20.py +++ b/tests/hazmat/primitives/test_chacha20.py @@ -9,10 +9,11 @@ import pytest +from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.primitives.ciphers import Cipher, algorithms -from .utils import _load_all_params from ...utils import load_nist_vectors +from .utils import _load_all_params @pytest.mark.supported( @@ -26,14 +27,14 @@ class TestChaCha20: "vector", _load_all_params( os.path.join("ciphers", "ChaCha20"), - ["rfc7539.txt"], + ["counter-overflow.txt", "rfc7539.txt"], load_nist_vectors, ), ) def test_vectors(self, vector, backend): key = binascii.unhexlify(vector["key"]) nonce = binascii.unhexlify(vector["nonce"]) - ibc = struct.pack(" None: if not backend.dsa_hash_supported(algorithm): pytest.skip( - "{} does not support the provided args. p: {}, hash: {}".format( - backend, p.bit_length(), algorithm.name - ) + f"{backend} does not support the provided args. " + f"p: {p.bit_length()}, hash: {algorithm.name}" ) @@ -383,6 +384,30 @@ def test_large_p(self, backend): x=pn.x, ).private_key(backend) + def test_public_key_equality(self, backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"), + lambda pemfile: pemfile.read().encode(), + ) + key1 = serialization.load_pem_private_key(key_bytes, None).public_key() + key2 = serialization.load_pem_private_key(key_bytes, None).public_key() + key3 = DSA_KEY_2048.private_key().public_key() + assert key1 == key2 + assert key1 != key3 + assert key1 != object() + with pytest.raises(TypeError): + key1 < key2 # type: ignore[operator] + + def test_public_key_copy(self): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"), + lambda pemfile: pemfile.read().encode(), + ) + key1 = serialization.load_pem_private_key(key_bytes, None).public_key() + key2 = copy.copy(key1) + + assert key1 == key2 + @pytest.mark.supported( only_if=lambda backend: backend.dsa_supported(), @@ -496,6 +521,14 @@ def test_sign(self, backend): public_key = private_key.public_key() public_key.verify(signature, message, algorithm) + def test_sign_verify_buffer(self, backend): + private_key = DSA_KEY_1024.private_key(backend) + message = bytearray(b"one little message") + algorithm = hashes.SHA1() + signature = private_key.sign(message, algorithm) + public_key = private_key.public_key() + public_key.verify(bytearray(signature), message, algorithm) + def test_prehashed_sign(self, backend): private_key = DSA_KEY_1024.private_key(backend) message = b"one little message" @@ -546,7 +579,8 @@ def test_dsa_public_numbers(self): def test_dsa_public_numbers_invalid_types(self): with pytest.raises(TypeError): dsa.DSAPublicNumbers( - y=4, parameter_numbers=None # type: ignore[arg-type] + y=4, + parameter_numbers=None, # type: ignore[arg-type] ) with pytest.raises(TypeError): @@ -580,7 +614,8 @@ def test_dsa_private_numbers_invalid_types(self): with pytest.raises(TypeError): dsa.DSAPrivateNumbers( - x=None, public_numbers=public_numbers # type: ignore[arg-type] + x=None, # type: ignore[arg-type] + public_numbers=public_numbers, ) def test_repr(self): @@ -698,6 +733,10 @@ def test_private_bytes_encrypted_pem(self, backend, fmt, password): (serialization.Encoding.DER, serialization.PrivateFormat.Raw), (serialization.Encoding.Raw, serialization.PrivateFormat.Raw), (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8), + ( + serialization.Encoding.SMIME, + serialization.PrivateFormat.TraditionalOpenSSL, + ), ], ) def test_private_bytes_rejects_invalid(self, encoding, fmt, backend): @@ -920,9 +959,11 @@ def test_public_bytes_openssh(self, backend): ) key = serialization.load_pem_public_key(key_bytes, backend) - ssh_bytes = key.public_bytes( - serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH - ) + with pytest.warns(utils.DeprecatedIn40): + ssh_bytes = key.public_bytes( + serialization.Encoding.OpenSSH, + serialization.PublicFormat.OpenSSH, + ) assert ssh_bytes == ( b"ssh-dss AAAAB3NzaC1kc3MAAACBAKoJMMwUWCUiHK/6KKwolBlqJ4M95ewhJweR" b"aJQgd3Si57I4sNNvGySZosJYUIPrAUMpJEGNhn+qIS3RBx1NzrJ4J5StOTzAik1K" @@ -967,9 +1008,7 @@ def test_public_bytes_pkcs1_unsupported(self, backend): serialization.PublicFormat.SubjectPublicKeyInfo, ), (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1), - ] - + list( - itertools.product( + *itertools.product( [ serialization.Encoding.Raw, serialization.Encoding.X962, @@ -981,8 +1020,8 @@ def test_public_bytes_pkcs1_unsupported(self, backend): serialization.PublicFormat.UncompressedPoint, serialization.PublicFormat.CompressedPoint, ], - ) - ), + ), + ], ) def test_public_bytes_rejects_invalid(self, encoding, fmt, backend): key = DSA_KEY_2048.private_key(backend).public_key() diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index e484486..d33fd10 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -2,8 +2,8 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii +import copy import itertools import os import textwrap @@ -13,25 +13,30 @@ import pytest from cryptography import exceptions, utils, x509 +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.asymmetric.ec import ( + EllipticCurvePrivateKey, + EllipticCurvePublicKey, +) from cryptography.hazmat.primitives.asymmetric.utils import ( Prehashed, encode_dss_signature, ) -from cryptography.utils import CryptographyDeprecationWarning -from .fixtures_ec import EC_KEY_SECP384R1 -from .utils import skip_fips_traditional_openssl from ...doubles import DummyKeySerializationEncryption from ...utils import ( load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors, load_kasvs_ecdh_vectors, load_nist_vectors, + load_rfc6979_vectors, load_vectors_from_file, raises_unsupported_algorithm, ) +from .fixtures_ec import EC_KEY_SECP384R1 +from .utils import skip_fips_traditional_openssl _HASH_TYPES: typing.Dict[str, typing.Type[hashes.HashAlgorithm]] = { "SHA-1": hashes.SHA1, @@ -42,23 +47,20 @@ } -def _skip_ecdsa_vector(backend, curve_type, hash_type): +def _skip_ecdsa_vector(backend, curve: ec.EllipticCurve, hash_type): if not backend.elliptic_curve_signature_algorithm_supported( - ec.ECDSA(hash_type()), curve_type() + ec.ECDSA(hash_type()), curve ): pytest.skip( - "ECDSA not supported with this hash {} and curve {}.".format( - hash_type().name, curve_type().name - ) + f"ECDSA not supported with this hash {hash_type().name} and " + f"curve {curve.name}." ) -def _skip_curve_unsupported(backend, curve): +def _skip_curve_unsupported(backend, curve: ec.EllipticCurve): if not backend.elliptic_curve_supported(curve): pytest.skip( - "Curve {} is not supported by this backend {}".format( - curve.name, backend - ) + f"Curve {curve.name} is not supported by this backend {backend}" ) @@ -67,9 +69,7 @@ def _skip_exchange_algorithm_unsupported(backend, algorithm, curve): algorithm, curve ): pytest.skip( - "Exchange with {} curve is not supported by {}".format( - curve.name, backend - ) + f"Exchange with {curve.name} curve is not supported by {backend}" ) @@ -100,7 +100,7 @@ def test_skip_exchange_algorithm_unsupported(backend): def test_skip_ecdsa_vector(backend): with pytest.raises(pytest.skip.Exception): - _skip_ecdsa_vector(backend, DummyCurve, hashes.SHA256) + _skip_ecdsa_vector(backend, DummyCurve(), hashes.SHA256) def test_derive_private_key_success(backend): @@ -135,7 +135,12 @@ def test_derive_point_at_infinity(backend): _skip_curve_unsupported(backend, curve) # order of the curve q = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 - with pytest.raises(ValueError, match="Unable to derive"): + # BoringSSL rejects infinity points before it ever gets to us, so it + # uses a more generic error message. + match = ( + "infinity" if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL else "Invalid" + ) + with pytest.raises(ValueError, match=match): ec.derive_private_key(q, ec.SECP256R1()) @@ -171,76 +176,11 @@ def test_invalid_private_numbers_public_numbers(): ec.EllipticCurvePrivateNumbers(1, None) # type: ignore[arg-type] -def test_encode_point(): - # secp256r1 point - x = int( - "233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22aec", 16 - ) - y = int( - "3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e", 16 - ) - pn = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256R1()) - with pytest.warns(utils.PersistentlyDeprecated2019): - data = pn.encode_point() - assert data == binascii.unhexlify( - "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae" - "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e" - ) - - -def test_from_encoded_point(): - # secp256r1 point - data = binascii.unhexlify( - "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae" - "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e" - ) - with pytest.warns(CryptographyDeprecationWarning): - pn = ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP256R1(), data - ) - assert pn.x == int( - "233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22aec", 16 - ) - assert pn.y == int( - "3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e", 16 - ) - - -def test_from_encoded_point_invalid_length(): - bad_data = binascii.unhexlify( - "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae" - "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460" - ) - with pytest.raises(ValueError): - with pytest.warns(CryptographyDeprecationWarning): - ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP384R1(), bad_data - ) - - -def test_from_encoded_point_unsupported_point_no_backend(): - # set to point type 2. - unsupported_type = binascii.unhexlify( - "02233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22a" - ) - with pytest.raises(ValueError): - with pytest.warns(CryptographyDeprecationWarning): - ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP256R1(), unsupported_type - ) - - -def test_from_encoded_point_not_a_curve(): - with pytest.raises(TypeError): - with pytest.warns(CryptographyDeprecationWarning): - ec.EllipticCurvePublicNumbers.from_encoded_point( - "notacurve", b"\x04data" # type: ignore[arg-type] - ) - - def test_ec_public_numbers_repr(): pn = ec.EllipticCurvePublicNumbers(2, 3, ec.SECP256R1()) - assert repr(pn) == "" + assert ( + repr(pn) == "" + ) def test_ec_public_numbers_hash(): @@ -275,6 +215,16 @@ def test_ec_key_key_size(backend): assert key.public_key().key_size == 256 +def test_deprecated_generate_private_key_with_curve_class(backend): + # This test verifies that if you pass a curve _class_ instead of instance, + # you get a warning and then `key.curve` is still an instance. + _skip_curve_unsupported(backend, ec.SECP256R1()) + + with pytest.warns(utils.DeprecatedIn42): + key = ec.generate_private_key(ec.SECP256R1) # type: ignore[arg-type] + assert isinstance(key.curve, ec.SECP256R1) + + class TestECWithNumbers: def test_with_numbers(self, backend, subtests): vectors = itertools.product( @@ -288,16 +238,14 @@ def test_with_numbers(self, backend, subtests): ) for vector, hash_type in vectors: with subtests.test(): - curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[ - vector["curve"] - ] + curve = ec._CURVE_TYPES[vector["curve"]] - _skip_ecdsa_vector(backend, curve_type, hash_type) + _skip_ecdsa_vector(backend, curve, hash_type) key = ec.EllipticCurvePrivateNumbers( vector["d"], ec.EllipticCurvePublicNumbers( - vector["x"], vector["y"], curve_type() + vector["x"], vector["y"], curve ), ).private_key(backend) assert key @@ -306,7 +254,7 @@ def test_with_numbers(self, backend, subtests): assert priv_num.private_value == vector["d"] assert priv_num.public_numbers.x == vector["x"] assert priv_num.public_numbers.y == vector["y"] - assert curve_type().name == priv_num.public_numbers.curve.name + assert curve.name == priv_num.public_numbers.curve.name class TestECDSAVectors: @@ -322,14 +270,14 @@ def test_signing_with_example_keys(self, backend, subtests): ) for vector, hash_type in vectors: with subtests.test(): - curve_type = ec._CURVE_TYPES[vector["curve"]] + curve = ec._CURVE_TYPES[vector["curve"]] - _skip_ecdsa_vector(backend, curve_type, hash_type) + _skip_ecdsa_vector(backend, curve, hash_type) key = ec.EllipticCurvePrivateNumbers( vector["d"], ec.EllipticCurvePublicNumbers( - vector["x"], vector["y"], curve_type() + vector["x"], vector["y"], curve ), ).private_key(backend) assert key @@ -347,16 +295,16 @@ def test_signing_with_example_keys(self, backend, subtests): @pytest.mark.parametrize("curve", ec._CURVE_TYPES.values()) def test_generate_vector_curves(self, backend, curve): - _skip_curve_unsupported(backend, curve()) + _skip_curve_unsupported(backend, curve) - key = ec.generate_private_key(curve(), backend) + key = ec.generate_private_key(curve, backend) assert key - assert isinstance(key.curve, curve) + assert type(key.curve) is type(curve) assert key.curve.key_size pkey = key.public_key() assert pkey - assert isinstance(pkey.curve, curve) + assert type(pkey.curve) is type(curve) assert key.curve.key_size == pkey.curve.key_size def test_generate_unknown_curve(self, backend): @@ -480,7 +428,7 @@ def test_load_invalid_ec_key_from_pem(self, backend): # uses a more generic error message. match = ( r"infinity|invalid form" - if not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL + if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL else None ) with pytest.raises(ValueError, match=match): @@ -524,14 +472,12 @@ def test_signatures(self, backend, subtests): for vector in vectors: with subtests.test(): hash_type = _HASH_TYPES[vector["digest_algorithm"]] - curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[ - vector["curve"] - ] + curve = ec._CURVE_TYPES[vector["curve"]] - _skip_ecdsa_vector(backend, curve_type, hash_type) + _skip_ecdsa_vector(backend, curve, hash_type) key = ec.EllipticCurvePublicNumbers( - vector["x"], vector["y"], curve_type() + vector["x"], vector["y"], curve ).public_key(backend) signature = encode_dss_signature(vector["r"], vector["s"]) @@ -546,12 +492,12 @@ def test_signature_failures(self, backend, subtests): for vector in vectors: with subtests.test(): hash_type = _HASH_TYPES[vector["digest_algorithm"]] - curve_type = ec._CURVE_TYPES[vector["curve"]] + curve = ec._CURVE_TYPES[vector["curve"]] - _skip_ecdsa_vector(backend, curve_type, hash_type) + _skip_ecdsa_vector(backend, curve, hash_type) key = ec.EllipticCurvePublicNumbers( - vector["x"], vector["y"], curve_type() + vector["x"], vector["y"], curve ).public_key(backend) signature = encode_dss_signature(vector["r"], vector["s"]) @@ -566,31 +512,122 @@ def test_signature_failures(self, backend, subtests): signature, vector["message"], ec.ECDSA(hash_type()) ) + def test_unsupported_deterministic_nonce(self, backend): + if backend.ecdsa_deterministic_supported(): + pytest.skip( + f"ECDSA deterministic signing is supported by this" + f" backend {backend}" + ) + with pytest.raises(exceptions.UnsupportedAlgorithm): + ec.ECDSA(hashes.SHA256(), deterministic_signing=True) + + def test_deterministic_nonce(self, backend, subtests): + if not backend.ecdsa_deterministic_supported(): + pytest.skip( + f"ECDSA deterministic signing is not supported by this" + f" backend {backend}" + ) + + supported_hash_algorithms = { + "SHA1": hashes.SHA1(), + "SHA224": hashes.SHA224(), + "SHA256": hashes.SHA256(), + "SHA384": hashes.SHA384(), + "SHA512": hashes.SHA512(), + } + curves = { + "B-163": ec.SECT163R2(), + "B-233": ec.SECT233R1(), + "B-283": ec.SECT283R1(), + "B-409": ec.SECT409R1(), + "B-571": ec.SECT571R1(), + "K-163": ec.SECT163K1(), + "K-233": ec.SECT233K1(), + "K-283": ec.SECT283K1(), + "K-409": ec.SECT409K1(), + "K-571": ec.SECT571K1(), + "P-192": ec.SECP192R1(), + "P-224": ec.SECP224R1(), + "P-256": ec.SECP256R1(), + "P-384": ec.SECP384R1(), + "P-521": ec.SECP521R1(), + } + vectors = load_vectors_from_file( + os.path.join( + "asymmetric", "ECDSA", "RFC6979", "evppkey_ecdsa_rfc6979.txt" + ), + load_rfc6979_vectors, + ) + + for vector in vectors: + with subtests.test(): + input = bytes(vector["input"], "utf-8") + output = bytes.fromhex(vector["output"]) + key = bytes("\n".join(vector["key"]), "utf-8") + curve = curves[vector["key_name"].split("_")[0]] + _skip_curve_unsupported(backend, curve) + + if "digest_sign" in vector: + algorithm = vector["digest_sign"] + hash_algorithm = supported_hash_algorithms[algorithm] + algorithm = ec.ECDSA( + hash_algorithm, + deterministic_signing=vector["deterministic_nonce"], + ) + private_key = serialization.load_pem_private_key( + key, password=None + ) + assert isinstance(private_key, EllipticCurvePrivateKey) + signature = private_key.sign(input, algorithm) + assert signature == output + else: + assert "digest_verify" in vector + algorithm = vector["digest_verify"] + assert algorithm in supported_hash_algorithms + hash_algorithm = supported_hash_algorithms[algorithm] + algorithm = ec.ECDSA(hash_algorithm) + public_key = serialization.load_pem_public_key(key) + assert isinstance(public_key, EllipticCurvePublicKey) + if vector["verify_error"]: + with pytest.raises(exceptions.InvalidSignature): + public_key.verify(output, input, algorithm) + else: + public_key.verify(output, input, algorithm) + def test_sign(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" - algorithm = ec.ECDSA(hashes.SHA1()) + algorithm = ec.ECDSA(hashes.SHA256()) private_key = ec.generate_private_key(ec.SECP256R1(), backend) signature = private_key.sign(message, algorithm) public_key = private_key.public_key() public_key.verify(signature, message, algorithm) + def test_sign_verify_buffers(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + message = bytearray(b"one little message") + algorithm = ec.ECDSA(hashes.SHA256()) + private_key = ec.generate_private_key(ec.SECP256R1(), backend) + signature = private_key.sign(message, algorithm) + public_key = private_key.public_key() + public_key.verify(bytearray(signature), message, algorithm) + def test_sign_prehashed(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" - h = hashes.Hash(hashes.SHA1(), backend) + h = hashes.Hash(hashes.SHA256(), backend) h.update(message) data = h.finalize() - algorithm = ec.ECDSA(Prehashed(hashes.SHA1())) + algorithm = ec.ECDSA(Prehashed(hashes.SHA256())) private_key = ec.generate_private_key(ec.SECP256R1(), backend) signature = private_key.sign(data, algorithm) public_key = private_key.public_key() - public_key.verify(signature, message, ec.ECDSA(hashes.SHA1())) + public_key.verify(signature, message, ec.ECDSA(hashes.SHA256())) def test_sign_prehashed_digest_mismatch(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" - h = hashes.Hash(hashes.SHA1(), backend) + h = hashes.Hash(hashes.SHA224(), backend) h.update(message) data = h.finalize() algorithm = ec.ECDSA(Prehashed(hashes.SHA256())) @@ -601,7 +638,7 @@ def test_sign_prehashed_digest_mismatch(self, backend): def test_verify(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" - algorithm = ec.ECDSA(hashes.SHA1()) + algorithm = ec.ECDSA(hashes.SHA256()) private_key = ec.generate_private_key(ec.SECP256R1(), backend) signature = private_key.sign(message, algorithm) public_key = private_key.public_key() @@ -610,20 +647,22 @@ def test_verify(self, backend): def test_verify_prehashed(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" - algorithm = ec.ECDSA(hashes.SHA1()) + algorithm = ec.ECDSA(hashes.SHA256()) private_key = ec.generate_private_key(ec.SECP256R1(), backend) signature = private_key.sign(message, algorithm) - h = hashes.Hash(hashes.SHA1(), backend) + h = hashes.Hash(hashes.SHA256(), backend) h.update(message) data = h.finalize() public_key = private_key.public_key() - public_key.verify(signature, data, ec.ECDSA(Prehashed(hashes.SHA1()))) + public_key.verify( + signature, data, ec.ECDSA(Prehashed(hashes.SHA256())) + ) def test_verify_prehashed_digest_mismatch(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) message = b"one little message" private_key = ec.generate_private_key(ec.SECP256R1(), backend) - h = hashes.Hash(hashes.SHA1(), backend) + h = hashes.Hash(hashes.SHA224(), backend) h.update(message) data = h.finalize() public_key = private_key.public_key() @@ -633,7 +672,7 @@ def test_verify_prehashed_digest_mismatch(self, backend): ) -class TestECNumbersEquality: +class TestECEquality: def test_public_numbers_eq(self): pub = ec.EllipticCurvePublicNumbers(1, 2, ec.SECP192R1()) assert pub == ec.EllipticCurvePublicNumbers(1, 2, ec.SECP192R1()) @@ -669,6 +708,32 @@ def test_private_numbers_ne(self): ) assert priv != object() + def test_public_key_equality(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "ec_private_key.pem"), + lambda pemfile: pemfile.read().encode(), + ) + key1 = serialization.load_pem_private_key(key_bytes, None).public_key() + key2 = serialization.load_pem_private_key(key_bytes, None).public_key() + key3 = ec.generate_private_key(ec.SECP256R1()).public_key() + assert key1 == key2 + assert key1 != key3 + assert key1 != object() + with pytest.raises(TypeError): + key1 < key2 # type: ignore[operator] + + def test_public_key_copy(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "ec_private_key.pem"), + lambda pemfile: pemfile.read().encode(), + ) + key1 = serialization.load_pem_private_key(key_bytes, None).public_key() + key2 = copy.copy(key1) + + assert key1 == key2 + class TestECSerialization: @pytest.mark.parametrize( @@ -708,6 +773,24 @@ def test_private_bytes_encrypted_pem(self, backend, fmt, password): priv_num = key.private_numbers() assert loaded_priv_num == priv_num + @pytest.mark.supported( + only_if=lambda backend: backend._fips_enabled, + skip_message="Requires FIPS", + ) + def test_traditional_serialization_fips(self, backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "ec_private_key.pem"), + lambda pemfile: pemfile.read().encode(), + ) + key = serialization.load_pem_private_key(key_bytes, None, backend) + assert isinstance(key, ec.EllipticCurvePrivateKey) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.PEM, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.BestAvailableEncryption(b"password"), + ) + @pytest.mark.parametrize( ("encoding", "fmt"), [ @@ -849,6 +932,13 @@ def test_private_bytes_traditional_der_encrypted_invalid(self, backend): serialization.BestAvailableEncryption(b"password"), ) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.SMIME, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.NoEncryption(), + ) + def test_private_bytes_invalid_encoding(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) key = load_vectors_from_file( @@ -925,6 +1015,62 @@ def test_public_bytes_from_derived_public_key(self, backend): parsed_public = serialization.load_pem_public_key(pem, backend) assert parsed_public + def test_load_private_key_explicit_parameters(self): + with pytest.raises(ValueError, match="explicit parameters"): + load_vectors_from_file( + os.path.join( + "asymmetric", "EC", "explicit_parameters_private_key.pem" + ), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), password=None + ), + mode="rb", + ) + + with pytest.raises(ValueError, match="explicit parameters"): + load_vectors_from_file( + os.path.join( + "asymmetric", + "EC", + "explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem", + ), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), password=None + ), + mode="rb", + ) + + def test_load_private_key_unsupported_curve(self): + with pytest.raises((ValueError, exceptions.UnsupportedAlgorithm)): + load_vectors_from_file( + os.path.join("asymmetric", "EC", "secp128r1_private_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), password=None + ), + mode="rb", + ) + + @pytest.mark.parametrize( + ("key_file", "curve"), + [ + ("sect163k1-spki.pem", ec.SECT163K1), + ("sect163r2-spki.pem", ec.SECT163R2), + ("sect233k1-spki.pem", ec.SECT233K1), + ("sect233r1-spki.pem", ec.SECT233R1), + ], + ) + def test_load_public_keys(self, key_file, curve, backend): + _skip_curve_unsupported(backend, curve()) + key = load_vectors_from_file( + os.path.join("asymmetric", "EC", key_file), + lambda pemfile: serialization.load_pem_public_key( + pemfile.read(), + ), + mode="rb", + ) + assert isinstance(key, ec.EllipticCurvePublicKey) + assert isinstance(key.curve, curve) + class TestEllipticCurvePEMPublicKeySerialization: @pytest.mark.parametrize( @@ -1132,7 +1278,8 @@ def test_from_encoded_point_empty_byte_string(self): def test_from_encoded_point_not_a_curve(self): with pytest.raises(TypeError): ec.EllipticCurvePublicKey.from_encoded_point( - "notacurve", b"\x04data" # type: ignore[arg-type] + "notacurve", # type: ignore[arg-type] + b"\x04data", ) def test_from_encoded_point_unsupported_encoding(self): @@ -1195,7 +1342,7 @@ def test_key_exchange_with_vectors(self, backend, subtests): for vector in vectors: with subtests.test(): _skip_exchange_algorithm_unsupported( - backend, ec.ECDH(), ec._CURVE_TYPES[vector["curve"]]() + backend, ec.ECDH(), ec._CURVE_TYPES[vector["curve"]] ) key_numbers = vector["IUT"] @@ -1204,7 +1351,7 @@ def test_key_exchange_with_vectors(self, backend, subtests): ec.EllipticCurvePublicNumbers( key_numbers["x"], key_numbers["y"], - ec._CURVE_TYPES[vector["curve"]](), + ec._CURVE_TYPES[vector["curve"]], ), ) # Errno 5-7 indicates a bad public or private key, this @@ -1220,7 +1367,7 @@ def test_key_exchange_with_vectors(self, backend, subtests): public_numbers = ec.EllipticCurvePublicNumbers( peer_numbers["x"], peer_numbers["y"], - ec._CURVE_TYPES[vector["curve"]](), + ec._CURVE_TYPES[vector["curve"]], ) # Errno 1 and 2 indicates a bad public key, this doesn't test # the ECDH code at all @@ -1250,7 +1397,7 @@ def test_key_exchange_with_vectors(self, backend, subtests): ), ) def test_brainpool_kex(self, backend, vector): - curve = ec._CURVE_TYPES[vector["curve"].decode("ascii")]() + curve = ec._CURVE_TYPES[vector["curve"].decode("ascii")] _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) key = ec.EllipticCurvePrivateNumbers( int(vector["da"], 16), diff --git a/tests/hazmat/primitives/test_ed25519.py b/tests/hazmat/primitives/test_ed25519.py index f3b6ed8..26f7d0c 100644 --- a/tests/hazmat/primitives/test_ed25519.py +++ b/tests/hazmat/primitives/test_ed25519.py @@ -4,6 +4,7 @@ import binascii +import copy import os import pytest @@ -15,6 +16,7 @@ Ed25519PublicKey, ) +from ...doubles import DummyKeySerializationEncryption from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -92,6 +94,20 @@ def test_sign_verify_input(self, backend, subtests): ) public_key.verify(signature, message) + def test_pub_priv_bytes_raw(self, backend, subtests): + vectors = load_vectors_from_file( + os.path.join("asymmetric", "Ed25519", "sign.input"), + load_ed25519_vectors, + ) + for vector in vectors: + with subtests.test(): + sk = binascii.unhexlify(vector["secret_key"]) + pk = binascii.unhexlify(vector["public_key"]) + private_key = Ed25519PrivateKey.from_private_bytes(sk) + assert private_key.private_bytes_raw() == sk + public_key = Ed25519PublicKey.from_public_bytes(pk) + assert public_key.public_bytes_raw() == pk + def test_invalid_signature(self, backend): key = Ed25519PrivateKey.generate() signature = key.sign(b"test data") @@ -101,6 +117,12 @@ def test_invalid_signature(self, backend): with pytest.raises(InvalidSignature): key.public_key().verify(b"0" * 64, b"test data") + def test_sign_verify_buffer(self, backend): + key = Ed25519PrivateKey.generate() + data = bytearray(b"test data") + signature = key.sign(data) + key.public_key().verify(bytearray(signature), data) + def test_generate(self, backend): key = Ed25519PrivateKey.generate() assert key @@ -142,18 +164,24 @@ def test_invalid_length_from_private_bytes(self, backend): def test_invalid_private_bytes(self, backend): key = Ed25519PrivateKey.generate() - with pytest.raises(ValueError): + with pytest.raises(TypeError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, None, # type: ignore[arg-type] ) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.Raw, + serialization.PrivateFormat.Raw, + DummyKeySerializationEncryption(), + ) with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8, - None, # type: ignore[arg-type] + DummyKeySerializationEncryption(), ) with pytest.raises(ValueError): @@ -163,6 +191,13 @@ def test_invalid_private_bytes(self, backend): serialization.NoEncryption(), ) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.DER, + serialization.PrivateFormat.OpenSSH, + serialization.NoEncryption(), + ) + def test_invalid_public_bytes(self, backend): key = Ed25519PrivateKey.generate().public_key() with pytest.raises(ValueError): @@ -181,6 +216,11 @@ def test_invalid_public_bytes(self, backend): serialization.Encoding.PEM, serialization.PublicFormat.Raw ) + with pytest.raises(ValueError): + key.public_bytes( + serialization.Encoding.DER, serialization.PublicFormat.OpenSSH + ) + @pytest.mark.parametrize( ("encoding", "fmt", "encryption", "passwd", "load_func"), [ @@ -212,6 +252,13 @@ def test_invalid_public_bytes(self, backend): None, serialization.load_der_private_key, ), + ( + serialization.Encoding.DER, + serialization.PrivateFormat.PKCS8, + serialization.BestAvailableEncryption(b"\x00"), + b"\x00", + serialization.load_der_private_key, + ), ], ) def test_round_trip_private_serialization( @@ -233,3 +280,40 @@ def test_buffer_protocol(self, backend): ) == private_bytes ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.ed25519_supported(), + skip_message="Requires OpenSSL with Ed25519 support", +) +def test_public_key_equality(backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"), + lambda derfile: derfile.read(), + mode="rb", + ) + key1 = serialization.load_der_private_key(key_bytes, None).public_key() + key2 = serialization.load_der_private_key(key_bytes, None).public_key() + key3 = Ed25519PrivateKey.generate().public_key() + assert key1 == key2 + assert key1 != key3 + assert key1 != object() + + with pytest.raises(TypeError): + key1 < key2 # type: ignore[operator] + + +@pytest.mark.supported( + only_if=lambda backend: backend.ed25519_supported(), + skip_message="Requires OpenSSL with Ed25519 support", +) +def test_public_key_copy(backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"), + lambda derfile: derfile.read(), + mode="rb", + ) + key1 = serialization.load_der_private_key(key_bytes, None).public_key() + key2 = copy.copy(key1) + + assert key1 == key2 diff --git a/tests/hazmat/primitives/test_ed448.py b/tests/hazmat/primitives/test_ed448.py index cf96880..6c7bded 100644 --- a/tests/hazmat/primitives/test_ed448.py +++ b/tests/hazmat/primitives/test_ed448.py @@ -4,6 +4,7 @@ import binascii +import copy import os import pytest @@ -15,6 +16,7 @@ Ed448PublicKey, ) +from ...doubles import DummyKeySerializationEncryption from ...utils import ( load_nist_vectors, load_vectors_from_file, @@ -84,6 +86,12 @@ def test_invalid_signature(self, backend): with pytest.raises(InvalidSignature): key.public_key().verify(b"0" * 64, b"test data") + def test_sign_verify_buffer(self, backend): + key = Ed448PrivateKey.generate() + data = bytearray(b"test data") + signature = key.sign(data) + key.public_key().verify(bytearray(signature), data) + def test_generate(self, backend): key = Ed448PrivateKey.generate() assert key @@ -108,12 +116,14 @@ def test_pub_priv_bytes_raw(self, vector, backend): ) == sk ) + assert private_key.private_bytes_raw() == sk assert ( private_key.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) == pk ) + assert private_key.public_key().public_bytes_raw() == pk public_key = Ed448PublicKey.from_public_bytes(pk) assert ( public_key.public_bytes( @@ -121,6 +131,7 @@ def test_pub_priv_bytes_raw(self, vector, backend): ) == pk ) + assert public_key.public_bytes_raw() == pk @pytest.mark.parametrize( ("encoding", "fmt", "encryption", "passwd", "load_func"), @@ -189,18 +200,24 @@ def test_invalid_length_from_private_bytes(self, backend): def test_invalid_private_bytes(self, backend): key = Ed448PrivateKey.generate() - with pytest.raises(ValueError): + with pytest.raises(TypeError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, None, # type: ignore[arg-type] ) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.Raw, + serialization.PrivateFormat.Raw, + DummyKeySerializationEncryption(), + ) with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8, - None, # type: ignore[arg-type] + DummyKeySerializationEncryption(), ) with pytest.raises(ValueError): @@ -257,3 +274,40 @@ def test_malleability(self, backend): key = Ed448PublicKey.from_public_bytes(public_bytes) with pytest.raises(InvalidSignature): key.verify(signature, b"8") + + +@pytest.mark.supported( + only_if=lambda backend: backend.ed448_supported(), + skip_message="Requires OpenSSL with Ed448 support", +) +def test_public_key_equality(backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "Ed448", "ed448-pkcs8.der"), + lambda derfile: derfile.read(), + mode="rb", + ) + key1 = serialization.load_der_private_key(key_bytes, None).public_key() + key2 = serialization.load_der_private_key(key_bytes, None).public_key() + key3 = Ed448PrivateKey.generate().public_key() + assert key1 == key2 + assert key1 != key3 + assert key1 != object() + + with pytest.raises(TypeError): + key1 < key2 # type: ignore[operator] + + +@pytest.mark.supported( + only_if=lambda backend: backend.ed448_supported(), + skip_message="Requires OpenSSL with Ed448 support", +) +def test_public_key_copy(backend): + key_bytes = load_vectors_from_file( + os.path.join("asymmetric", "Ed448", "ed448-pkcs8.der"), + lambda derfile: derfile.read(), + mode="rb", + ) + key1 = serialization.load_der_private_key(key_bytes, None).public_key() + key2 = copy.copy(key1) + + assert key1 == key2 diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index d5916f0..bde8111 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -10,8 +10,8 @@ from cryptography.hazmat.primitives import hashes -from .utils import _load_all_params, generate_hash_test from ...utils import load_hash_vectors, load_nist_vectors +from .utils import _load_all_params, generate_hash_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 37744e7..092ba9a 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -10,16 +10,16 @@ from cryptography.exceptions import AlreadyFinalized, _Reasons from cryptography.hazmat.primitives import hashes -from .utils import generate_base_hash_test from ...doubles import DummyHashAlgorithm from ...utils import raises_unsupported_algorithm +from .utils import generate_base_hash_test class TestHashContext: def test_hash_reject_unicode(self, backend): m = hashes.Hash(hashes.SHA1(), backend=backend) with pytest.raises(TypeError): - m.update("\u00FC") # type: ignore[arg-type] + m.update("\u00fc") # type: ignore[arg-type] def test_hash_algorithm_instance(self, backend): with pytest.raises(TypeError): diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index cc001ba..0bd5c97 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -12,10 +12,7 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand -from ...utils import ( - load_nist_vectors, - load_vectors_from_file, -) +from ...utils import load_nist_vectors, load_vectors_from_file class TestHKDF: diff --git a/tests/hazmat/primitives/test_hkdf_vectors.py b/tests/hazmat/primitives/test_hkdf_vectors.py index 711d1b5..080aa1b 100644 --- a/tests/hazmat/primitives/test_hkdf_vectors.py +++ b/tests/hazmat/primitives/test_hkdf_vectors.py @@ -9,8 +9,8 @@ from cryptography.hazmat.primitives import hashes -from .utils import generate_hkdf_test from ...utils import load_nist_vectors +from .utils import generate_hkdf_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 414385c..52d3e8e 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -14,9 +14,9 @@ ) from cryptography.hazmat.primitives import hashes, hmac -from .utils import generate_base_hmac_test from ...doubles import DummyHashAlgorithm from ...utils import raises_unsupported_algorithm +from .utils import generate_base_hmac_test @pytest.mark.supported( @@ -33,12 +33,14 @@ class TestHMAC: def test_hmac_reject_unicode(self, backend): h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) with pytest.raises(TypeError): - h.update("\u00FC") # type: ignore[arg-type] + h.update("\u00fc") # type: ignore[arg-type] def test_hmac_algorithm_instance(self, backend): with pytest.raises(TypeError): hmac.HMAC( - b"key", hashes.SHA1, backend=backend # type: ignore[arg-type] + b"key", + hashes.SHA1, # type: ignore[arg-type] + backend=backend, ) def test_raises_after_finalize(self, backend): @@ -81,6 +83,9 @@ def test_unsupported_hash(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hmac.HMAC(b"key", DummyHashAlgorithm(), backend) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + hmac.HMAC(b"key", hashes.SHAKE256(digest_size=256), backend) + def test_buffer_protocol(self, backend): key = bytearray(b"2b7e151628aed2a6abf7158809cf4f3c") h = hmac.HMAC(key, hashes.SHA256(), backend) @@ -88,3 +93,8 @@ def test_buffer_protocol(self, backend): assert h.finalize() == binascii.unhexlify( b"a1bf7169c56a501c6585190ff4f07cad6e492a3ee187c0372614fb444b9fc3f0" ) + + def test_algorithm(self): + alg = hashes.SHA256() + h = hmac.HMAC(b"123456", alg) + assert h.algorithm is alg diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 703065a..790993a 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -9,8 +9,8 @@ from cryptography.hazmat.primitives import hashes, hmac -from .utils import generate_hmac_test from ...utils import load_hash_vectors +from .utils import generate_hmac_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_idea.py b/tests/hazmat/primitives/test_idea.py deleted file mode 100644 index d591fe4..0000000 --- a/tests/hazmat/primitives/test_idea.py +++ /dev/null @@ -1,86 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import binascii -import os - -import pytest - -from cryptography.hazmat.primitives.ciphers import algorithms, modes - -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._IDEAInternal(b"\x00" * 16), modes.ECB() - ), - skip_message="Does not support IDEA ECB", -) -class TestIDEAModeECB: - test_ecb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "IDEA"), - ["idea-ecb.txt"], - lambda key, **kwargs: algorithms._IDEAInternal( - binascii.unhexlify((key)) - ), - lambda **kwargs: modes.ECB(), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._IDEAInternal(b"\x00" * 16), modes.CBC(b"\x00" * 8) - ), - skip_message="Does not support IDEA CBC", -) -class TestIDEAModeCBC: - test_cbc = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "IDEA"), - ["idea-cbc.txt"], - lambda key, **kwargs: algorithms._IDEAInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._IDEAInternal(b"\x00" * 16), modes.OFB(b"\x00" * 8) - ), - skip_message="Does not support IDEA OFB", -) -class TestIDEAModeOFB: - test_ofb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "IDEA"), - ["idea-ofb.txt"], - lambda key, **kwargs: algorithms._IDEAInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._IDEAInternal(b"\x00" * 16), modes.CFB(b"\x00" * 8) - ), - skip_message="Does not support IDEA CFB", -) -class TestIDEAModeCFB: - test_cfb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "IDEA"), - ["idea-cfb.txt"], - lambda key, **kwargs: algorithms._IDEAInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - ) diff --git a/tests/hazmat/primitives/test_kbkdf.py b/tests/hazmat/primitives/test_kbkdf.py index bb8ebea..e812b46 100644 --- a/tests/hazmat/primitives/test_kbkdf.py +++ b/tests/hazmat/primitives/test_kbkdf.py @@ -11,9 +11,9 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.ciphers import algorithms from cryptography.hazmat.primitives.kdf.kbkdf import ( - CounterLocation, KBKDFCMAC, KBKDFHMAC, + CounterLocation, Mode, ) @@ -159,6 +159,21 @@ def test_r_type(self, backend): backend=backend, ) + def test_zero_llen(self, backend): + with pytest.raises(ValueError): + KBKDFHMAC( + hashes.SHA256(), + Mode.CounterMode, + 32, + 4, + 0, + CounterLocation.BeforeFixed, + b"label", + b"context", + None, + backend=backend, + ) + def test_l_type(self, backend): with pytest.raises(TypeError): KBKDFHMAC( @@ -615,6 +630,21 @@ def test_r_type(self, backend): backend=backend, ) + def test_zero_llen(self, backend): + with pytest.raises(ValueError): + KBKDFCMAC( + algorithms.AES, + Mode.CounterMode, + 32, + 4, + 0, + CounterLocation.BeforeFixed, + b"label", + b"context", + None, + backend=backend, + ) + def test_l_type(self, backend): with pytest.raises(TypeError): KBKDFCMAC( @@ -871,7 +901,7 @@ def test_unsupported_algorithm(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): KBKDFCMAC( - algorithms.ARC4, + algorithms.ChaCha20, Mode.CounterMode, 32, 4, diff --git a/tests/hazmat/primitives/test_kbkdf_vectors.py b/tests/hazmat/primitives/test_kbkdf_vectors.py index fef75fe..cab817b 100644 --- a/tests/hazmat/primitives/test_kbkdf_vectors.py +++ b/tests/hazmat/primitives/test_kbkdf_vectors.py @@ -5,8 +5,8 @@ import os -from .utils import generate_kbkdf_counter_mode_test from ...utils import load_nist_kbkdf_vectors +from .utils import generate_kbkdf_counter_mode_test class TestCounterKDFCounterMode: diff --git a/tests/hazmat/primitives/test_keywrap.py b/tests/hazmat/primitives/test_keywrap.py index b2fa05d..7dfb809 100644 --- a/tests/hazmat/primitives/test_keywrap.py +++ b/tests/hazmat/primitives/test_keywrap.py @@ -11,8 +11,8 @@ from cryptography.hazmat.primitives import keywrap from cryptography.hazmat.primitives.ciphers import algorithms, modes -from .utils import _load_all_params from ...utils import load_nist_vectors +from .utils import _load_all_params class TestAESKeyWrap: diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py index 1a9a01f..0ab1125 100644 --- a/tests/hazmat/primitives/test_padding.py +++ b/tests/hazmat/primitives/test_padding.py @@ -47,9 +47,9 @@ def __str__(self): str(mybytes()) padder = padding.PKCS7(128).padder() - padder.update(mybytes(b"abc")) + data = padder.update(mybytes(b"abc")) + padder.finalize() unpadder = padding.PKCS7(128).unpadder() - unpadder.update(mybytes(padder.finalize())) + unpadder.update(mybytes(data)) assert unpadder.finalize() == b"abc" @pytest.mark.parametrize( @@ -62,7 +62,7 @@ def __str__(self): b"111111111111111122222222222222\x02\x02", ), (128, b"1" * 16, b"1" * 16 + b"\x10" * 16), - (128, b"1" * 17, b"1" * 17 + b"\x0F" * 15), + (128, b"1" * 17, b"1" * 17 + b"\x0f" * 15), ], ) def test_pad(self, size, unpadded, padded): @@ -185,7 +185,7 @@ def __str__(self): b"111111111111111122222222222222\x00\x02", ), (128, b"1" * 16, b"1" * 16 + b"\x00" * 15 + b"\x10"), - (128, b"1" * 17, b"1" * 17 + b"\x00" * 14 + b"\x0F"), + (128, b"1" * 17, b"1" * 17 + b"\x00" * 14 + b"\x0f"), ], ) def test_pad(self, size, unpadded, padded): diff --git a/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py b/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py index f092894..db44114 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py @@ -2,23 +2,36 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +import binascii +import os import pytest from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC -from .utils import generate_pbkdf2_test -from ...utils import load_nist_vectors +from ...utils import load_nist_vectors, load_vectors_from_file @pytest.mark.supported( only_if=lambda backend: backend.pbkdf2_hmac_supported(hashes.SHA1()), skip_message="Does not support SHA1 for PBKDF2HMAC", ) -class TestPBKDF2HMACSHA1: - test_pbkdf2_sha1 = generate_pbkdf2_test( +def test_pbkdf2_hmacsha1_vectors(subtests, backend): + params = load_vectors_from_file( + os.path.join("KDF", "rfc-6070-PBKDF2-SHA1.txt"), load_nist_vectors, - "KDF", - ["rfc-6070-PBKDF2-SHA1.txt"], - hashes.SHA1(), ) + for param in params: + with subtests.test(): + iterations = int(param["iterations"]) + if iterations > 1_000_000: + pytest.skip("Skipping test due to iteration count") + kdf = PBKDF2HMAC( + hashes.SHA1(), + int(param["length"]), + param["salt"], + iterations, + ) + derived_key = kdf.derive(param["password"]) + assert binascii.hexlify(derived_key) == param["derived_key"] diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py index c9ef57e..d0645d9 100644 --- a/tests/hazmat/primitives/test_pkcs12.py +++ b/tests/hazmat/primitives/test_pkcs12.py @@ -4,21 +4,22 @@ import os -from datetime import datetime +from datetime import datetime, timezone import pytest from cryptography import x509 -from cryptography.exceptions import UnsupportedAlgorithm -from cryptography.hazmat.backends.openssl.backend import _RC2 +from cryptography.hazmat.bindings._rust import openssl as rust_openssl +from cryptography.hazmat.decrepit.ciphers.algorithms import RC2 from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, - ed25519, ed448, + ed25519, rsa, ) +from cryptography.hazmat.primitives.ciphers.modes import CBC from cryptography.hazmat.primitives.serialization import ( Encoding, PublicFormat, @@ -40,9 +41,7 @@ def _skip_curve_unsupported(backend, curve): if not backend.elliptic_curve_supported(curve): pytest.skip( - "Curve {} is not supported by this backend {}".format( - curve.name, backend - ) + f"Curve {curve.name} is not supported by this backend {backend}" ) @@ -51,20 +50,7 @@ def _skip_curve_unsupported(backend, curve): ) class TestPKCS12Loading: def _test_load_pkcs12_ec_keys(self, filename, password, backend): - cert = load_vectors_from_file( - os.path.join("x509", "custom", "ca", "ca.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ), - mode="rb", - ) - key = load_vectors_from_file( - os.path.join("x509", "custom", "ca", "ca_key.pem"), - lambda pemfile: load_pem_private_key( - pemfile.read(), None, backend - ), - mode="rb", - ) + cert, key = _load_ca(backend) assert isinstance(key, ec.EllipticCurvePrivateKey) parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( os.path.join("pkcs12", filename), @@ -96,20 +82,16 @@ def test_load_pkcs12_ec_keys(self, filename, password, backend): ], ) @pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported(_RC2(), None), + only_if=lambda backend: backend.cipher_supported( + RC2(b"0" * 16), CBC(b"0" * 8) + ), skip_message="Does not support RC2", ) def test_load_pkcs12_ec_keys_rc2(self, filename, password, backend): self._test_load_pkcs12_ec_keys(filename, password, backend) - def test_load_pkcs12_cert_only(self, backend): - cert = load_vectors_from_file( - os.path.join("x509", "custom", "ca", "ca.pem"), - lambda pemfile: x509.load_pem_x509_certificate( - pemfile.read(), backend - ), - mode="rb", - ) + def test_load_key_and_cert_cert_only(self, backend): + cert, _ = _load_ca(backend) parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( os.path.join("pkcs12", "cert-aes256cbc-no-key.p12"), lambda data: load_key_and_certificates( @@ -121,14 +103,8 @@ def test_load_pkcs12_cert_only(self, backend): assert parsed_key is None assert parsed_more_certs == [cert] - def test_load_pkcs12_key_only(self, backend): - key = load_vectors_from_file( - os.path.join("x509", "custom", "ca", "ca_key.pem"), - lambda pemfile: load_pem_private_key( - pemfile.read(), None, backend - ), - mode="rb", - ) + def test_load_key_and_certificates_key_only(self, backend): + _, key = _load_ca(backend) assert isinstance(key, ec.EllipticCurvePrivateKey) parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file( os.path.join("pkcs12", "no-cert-key-aes256cbc.p12"), @@ -142,10 +118,25 @@ def test_load_pkcs12_key_only(self, backend): assert parsed_cert is None assert parsed_more_certs == [] + def test_load_pkcs12_key_only(self, backend): + _, key = _load_ca(backend) + assert isinstance(key, ec.EllipticCurvePrivateKey) + p12 = load_vectors_from_file( + os.path.join("pkcs12", "no-cert-key-aes256cbc.p12"), + lambda data: load_pkcs12(data.read(), b"cryptography", backend), + mode="rb", + ) + assert isinstance(p12.key, ec.EllipticCurvePrivateKey) + assert p12.key.private_numbers() == key.private_numbers() + assert p12.cert is None + assert p12.additional_certs == [] + def test_non_bytes(self, backend): with pytest.raises(TypeError): load_key_and_certificates( - b"irrelevant", object(), backend # type: ignore[arg-type] + b"irrelevant", + object(), # type: ignore[arg-type] + backend, ) def test_not_a_pkcs12(self, backend): @@ -186,9 +177,9 @@ def test_buffer_protocol(self, backend): (None, b"name2", None, "name-2-no-pwd.p12", None), (None, None, b"name3", "name-3-no-pwd.p12", None), ( - "☺".encode("utf-8"), - "ä".encode("utf-8"), - "ç".encode("utf-8"), + "☺".encode(), + "ä".encode(), + "ç".encode(), "name-unicode-no-pwd.p12", None, ), @@ -199,9 +190,9 @@ def test_buffer_protocol(self, backend): (None, b"name2", None, "name-2-pwd.p12", b"password"), (None, None, b"name3", "name-3-pwd.p12", b"password"), ( - "☺".encode("utf-8"), - "ä".encode("utf-8"), - "ç".encode("utf-8"), + "☺".encode(), + "ä".encode(), + "ç".encode(), "name-unicode-pwd.p12", b"password", ), @@ -240,8 +231,8 @@ def test_load_object( (b"name2", None, "no-cert-name-2-no-pwd.p12", None), (None, b"name3", "no-cert-name-3-no-pwd.p12", None), ( - "☹".encode("utf-8"), - "ï".encode("utf-8"), + "☹".encode(), + "ï".encode(), "no-cert-name-unicode-no-pwd.p12", None, ), @@ -250,8 +241,8 @@ def test_load_object( (b"name2", None, "no-cert-name-2-pwd.p12", b"password"), (None, b"name3", "no-cert-name-3-pwd.p12", b"password"), ( - "☹".encode("utf-8"), - "ï".encode("utf-8"), + "☹".encode(), + "ï".encode(), "no-cert-name-unicode-pwd.p12", b"password", ), @@ -290,9 +281,9 @@ def _load_cert(backend, path): def _load_ca(backend): - cert = _load_cert(backend, os.path.join("x509", "custom", "ca", "ca.pem")) + cert = _load_cert(backend, os.path.join("pkcs12", "ca", "ca.pem")) key = load_vectors_from_file( - os.path.join("x509", "custom", "ca", "ca_key.pem"), + os.path.join("pkcs12", "ca", "ca_key.pem"), lambda pemfile: load_pem_private_key(pemfile.read(), None, backend), mode="rb", ) @@ -356,7 +347,7 @@ def test_generate_each_supported_keytype( assert isinstance(key, ktype) cacert, cakey = _load_ca(backend) - now = datetime.utcnow() + now = datetime.now(timezone.utc).replace(tzinfo=None) cert = ( x509.CertificateBuilder() .subject_name(cacert.subject) @@ -422,7 +413,47 @@ def test_generate_cas_friendly_names(self, backend): p12_cert = load_pkcs12(p12, None, backend) cas = p12_cert.additional_certs + assert cas[0].certificate == cert2 assert cas[0].friendly_name == b"cert2" + assert cas[1].certificate == cert3 + assert cas[1].friendly_name is None + + @pytest.mark.parametrize( + ("encryption_algorithm", "password"), + [ + (serialization.BestAvailableEncryption(b"password"), b"password"), + ( + serialization.PrivateFormat.PKCS12.encryption_builder().build( + b"not a password" + ), + b"not a password", + ), + (serialization.NoEncryption(), None), + ], + ) + def test_generate_cas_friendly_names_no_key( + self, backend, encryption_algorithm, password + ): + cert2 = _load_cert( + backend, os.path.join("x509", "custom", "dsa_selfsigned_ca.pem") + ) + cert3 = _load_cert(backend, os.path.join("x509", "letsencryptx3.pem")) + p12 = serialize_key_and_certificates( + None, + None, + None, + [ + PKCS12Certificate(cert2, b"cert2"), + PKCS12Certificate(cert3, None), + ], + encryption_algorithm, + ) + + p12_cert = load_pkcs12(p12, password, backend) + cas = p12_cert.additional_certs + assert cas[0].certificate == cert2 + assert cas[0].friendly_name == b"cert2" + assert cas[1].certificate == cert3 assert cas[1].friendly_name is None def test_generate_wrong_types(self, backend): @@ -439,7 +470,7 @@ def test_generate_wrong_types(self, backend): ) with pytest.raises(TypeError) as exc: serialize_key_and_certificates(b"name", key, key, None, encryption) - assert str(exc.value) == "cert must be a certificate or None" + assert "object cannot be converted to 'Certificate'" in str(exc.value) with pytest.raises(TypeError) as exc: serialize_key_and_certificates(b"name", key, cert, None, key) @@ -453,7 +484,9 @@ def test_generate_wrong_types(self, backend): with pytest.raises(TypeError) as exc: serialize_key_and_certificates(None, key, cert, [key], encryption) - assert str(exc.value) == "all values in cas must be certificates" + assert "failed to extract enum CertificateOrPKCS12Certificate" in str( + exc.value + ) def test_generate_no_cert(self, backend): _, key = _load_ca(backend) @@ -511,6 +544,27 @@ def test_generate_cert_only(self, encryption_algorithm, password, backend): assert parsed_key is None assert parsed_more_certs == [cert] + def test_generate_cert_only_none_cas(self, backend): + # Same as test_generate_cert_only, but passing None instead of an + # empty list for cas. + cert, _ = _load_ca(backend) + p12 = serialize_key_and_certificates( + None, None, cert, None, serialization.NoEncryption() + ) + parsed_key, parsed_cert, parsed_more_certs = load_key_and_certificates( + p12, None + ) + assert parsed_cert is None + assert parsed_key is None + assert parsed_more_certs == [cert] + + def test_invalid_utf8_friendly_name(self, backend): + cert, _ = _load_ca(backend) + with pytest.raises(ValueError): + serialize_key_and_certificates( + b"\xc9", None, cert, None, serialization.NoEncryption() + ) + def test_must_supply_something(self): with pytest.raises(ValueError) as exc: serialize_key_and_certificates( @@ -580,15 +634,9 @@ def test_key_serialization_encryption( ): if ( enc_alg is PBES.PBESv2SHA256AndAES256CBC - ) and not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: + ) and not rust_openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: pytest.skip("PBESv2 is not supported on OpenSSL < 3.0") - if ( - mac_alg is not None - and not backend._lib.Cryptography_HAS_PKCS12_SET_MAC - ): - pytest.skip("PKCS12_set_mac is not supported (boring)") - builder = serialization.PrivateFormat.PKCS12.encryption_builder() if enc_alg is not None: builder = builder.key_cert_algorithm(enc_alg) @@ -600,7 +648,7 @@ def test_key_serialization_encryption( encryption = builder.build(b"password") key = ec.generate_private_key(ec.SECP256R1()) cacert, cakey = _load_ca(backend) - now = datetime.utcnow() + now = datetime.now(timezone.utc).replace(tzinfo=None) cert = ( x509.CertificateBuilder() .subject_name(cacert.subject) @@ -635,51 +683,18 @@ def test_key_serialization_encryption( ) assert parsed_more_certs == [cacert] - @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER - ), - skip_message="Requires OpenSSL < 3.0.0 (or Libre/Boring)", - ) - @pytest.mark.parametrize( - ("algorithm"), - [ - serialization.PrivateFormat.PKCS12.encryption_builder() - .key_cert_algorithm(PBES.PBESv2SHA256AndAES256CBC) - .build(b"password"), - ], - ) - def test_key_serialization_encryption_unsupported( - self, algorithm, backend - ): - cacert, cakey = _load_ca(backend) - with pytest.raises(UnsupportedAlgorithm): - serialize_key_and_certificates( - b"name", cakey, cacert, [], algorithm - ) - - @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.Cryptography_HAS_PKCS12_SET_MAC - ), - skip_message="Requires OpenSSL without PKCS12_set_mac (boring only)", - ) - @pytest.mark.parametrize( - "algorithm", - [ + def test_set_mac_key_certificate_mismatch(self, backend): + cacert, _ = _load_ca(backend) + key = ec.generate_private_key(ec.SECP256R1()) + encryption = ( serialization.PrivateFormat.PKCS12.encryption_builder() - .key_cert_algorithm(PBES.PBESv1SHA1And3KeyTripleDESCBC) .hmac_hash(hashes.SHA256()) - .build(b"password"), - ], - ) - def test_key_serialization_encryption_set_mac_unsupported( - self, algorithm, backend - ): - cacert, cakey = _load_ca(backend) - with pytest.raises(UnsupportedAlgorithm): + .build(b"password") + ) + + with pytest.raises(ValueError): serialize_key_and_certificates( - b"name", cakey, cacert, [], algorithm + b"name", key, cacert, [], encryption ) @@ -701,7 +716,7 @@ def make_cert(name): x509.NameAttribute(x509.NameOID.COMMON_NAME, name), ] ) - now = datetime.utcnow() + now = datetime.now(timezone.utc).replace(tzinfo=None) cert = ( x509.CertificateBuilder() .subject_name(subject) @@ -728,7 +743,7 @@ def make_cert(name): ) # Parse them out. The API should report them in the same order. - (key, cert, certs) = load_key_and_certificates(p12, None) + (_, cert, certs) = load_key_and_certificates(p12, None) assert cert == a_cert assert certs == [b_cert, c_cert] @@ -771,7 +786,7 @@ def test_certificate_equality(self, backend): assert c2a != c2b assert c2a != c3a - assert c2n != "test" + assert c2n != "test" # type: ignore[comparison-overlap] def test_certificate_hash(self, backend): cert2 = _load_cert( @@ -794,25 +809,33 @@ def test_certificate_hash(self, backend): def test_certificate_repr(self, backend): cert = _load_cert(backend, os.path.join("x509", "cryptography.io.pem")) - assert repr( - PKCS12Certificate(cert, None) - ) == "".format(repr(cert)) - assert repr( - PKCS12Certificate(cert, b"a") - ) == "".format(repr(cert)) + assert ( + repr(PKCS12Certificate(cert, None)) + == f"" + ) + assert ( + repr(PKCS12Certificate(cert, b"a")) + == f"" + ) def test_key_and_certificates_constructor(self, backend): with pytest.raises(TypeError): PKCS12KeyAndCertificates( - "hello", None, [] # type:ignore[arg-type] + "hello", # type:ignore[arg-type] + None, + [], ) with pytest.raises(TypeError): PKCS12KeyAndCertificates( - None, "hello", [] # type:ignore[arg-type] + None, + "hello", # type:ignore[arg-type] + [], ) with pytest.raises(TypeError): PKCS12KeyAndCertificates( - None, None, ["hello"] # type:ignore[list-item] + None, + None, + ["hello"], # type:ignore[list-item] ) def test_key_and_certificates_equality(self, backend): @@ -936,19 +959,15 @@ def test_key_and_certificates_repr(self, backend): cert2 = _load_cert( backend, os.path.join("x509", "cryptography.io.pem") ) - assert ( - repr( - PKCS12KeyAndCertificates( - key, - PKCS12Certificate(cert, None), - [PKCS12Certificate(cert2, b"name2")], - ) - ) - == ", additional_certs=[])>".format( + assert repr( + PKCS12KeyAndCertificates( key, - cert, - cert2, + PKCS12Certificate(cert, None), + [PKCS12Certificate(cert2, b"name2")], ) + ) == ( + f", " + f"additional_certs=[" + f"])>" ) diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py index 138bc0f..63641d6 100644 --- a/tests/hazmat/primitives/test_pkcs7.py +++ b/tests/hazmat/primitives/test_pkcs7.py @@ -3,6 +3,7 @@ # for complete details. +import email.parser import os import typing @@ -10,11 +11,11 @@ from cryptography import x509 from cryptography.exceptions import _Reasons +from cryptography.hazmat.bindings._rust import test_support from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ed25519, rsa +from cryptography.hazmat.primitives.asymmetric import ed25519, padding, rsa from cryptography.hazmat.primitives.serialization import pkcs7 -from .utils import skip_signature_hash from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -89,65 +90,18 @@ def test_load_pkcs7_unsupported_type(self, backend): mode="rb", ) + def test_load_pkcs7_empty_certificates(self): + der = b"\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02" -# We have no public verification API and won't be adding one until we get -# some requirements from users so this function exists to give us basic -# verification for the signing tests. -def _pkcs7_verify(encoding, sig, msg, certs, options, backend): - sig_bio = backend._bytes_to_bio(sig) - if encoding is serialization.Encoding.DER: - p7 = backend._lib.d2i_PKCS7_bio(sig_bio.bio, backend._ffi.NULL) - elif encoding is serialization.Encoding.PEM: - p7 = backend._lib.PEM_read_bio_PKCS7( - sig_bio.bio, - backend._ffi.NULL, - backend._ffi.NULL, - backend._ffi.NULL, - ) - else: - p7 = backend._lib.SMIME_read_PKCS7(sig_bio.bio, backend._ffi.NULL) - backend.openssl_assert(p7 != backend._ffi.NULL) - p7 = backend._ffi.gc(p7, backend._lib.PKCS7_free) - flags = 0 - for option in options: - if option is pkcs7.PKCS7Options.Text: - flags |= backend._lib.PKCS7_TEXT - store = backend._lib.X509_STORE_new() - backend.openssl_assert(store != backend._ffi.NULL) - store = backend._ffi.gc(store, backend._lib.X509_STORE_free) - # This list is to keep the x509 values alive until end of function - ossl_certs = [] - for cert in certs: - ossl_cert = backend._cert2ossl(cert) - ossl_certs.append(ossl_cert) - res = backend._lib.X509_STORE_add_cert(store, ossl_cert) - backend.openssl_assert(res == 1) - if msg is None: - res = backend._lib.PKCS7_verify( - p7, - backend._ffi.NULL, - store, - backend._ffi.NULL, - backend._ffi.NULL, - flags, - ) - else: - msg_bio = backend._bytes_to_bio(msg) - res = backend._lib.PKCS7_verify( - p7, backend._ffi.NULL, store, msg_bio.bio, backend._ffi.NULL, flags - ) - backend.openssl_assert(res == 1) - # OpenSSL 3.0 leaves a random bio error on the stack: - # https://github.com/openssl/openssl/issues/16681 - if backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: - backend._consume_errors() + with pytest.raises(ValueError): + pkcs7.load_der_pkcs7_certificates(der) def _load_cert_key(): key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "ca_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -163,7 +117,7 @@ def _load_cert_key(): only_if=lambda backend: backend.pkcs7_supported(), skip_message="Requires OpenSSL with PKCS7 support", ) -class TestPKCS7Builder: +class TestPKCS7SignatureBuilder: def test_invalid_data(self, backend): builder = pkcs7.PKCS7SignatureBuilder() with pytest.raises(TypeError): @@ -191,14 +145,18 @@ def test_unsupported_hash_alg(self, backend): cert, key = _load_cert_key() with pytest.raises(TypeError): pkcs7.PKCS7SignatureBuilder().add_signer( - cert, key, hashes.SHA512_256() # type: ignore[arg-type] + cert, + key, + hashes.SHA512_256(), # type: ignore[arg-type] ) def test_not_a_cert(self, backend): - cert, key = _load_cert_key() + _, key = _load_cert_key() with pytest.raises(TypeError): pkcs7.PKCS7SignatureBuilder().add_signer( - b"notacert", key, hashes.SHA256() # type: ignore[arg-type] + b"notacert", # type: ignore[arg-type] + key, + hashes.SHA256(), ) @pytest.mark.supported( @@ -210,7 +168,9 @@ def test_unsupported_key_type(self, backend): key = ed25519.Ed25519PrivateKey.generate() with pytest.raises(TypeError): pkcs7.PKCS7SignatureBuilder().add_signer( - cert, key, hashes.SHA256() # type: ignore[arg-type] + cert, + key, # type: ignore[arg-type] + hashes.SHA256(), ) def test_sign_invalid_options(self, backend): @@ -287,6 +247,7 @@ def test_smime_sign_detached(self, backend): sig = builder.sign(serialization.Encoding.SMIME, options) sig_binary = builder.sign(serialization.Encoding.DER, options) + assert b"text/plain" not in sig # We don't have a generic ASN.1 parser available to us so we instead # will assert on specific byte sequences being present based on the # parameters chosen above. @@ -296,17 +257,28 @@ def test_smime_sign_detached(self, backend): # as a separate section before the PKCS7 data. So we should expect to # have data in sig but not in sig_binary assert data in sig - _pkcs7_verify( - serialization.Encoding.SMIME, sig, data, [cert], options, backend + # Parse the message to get the signed data, which is the + # first payload in the message + message = email.parser.BytesParser().parsebytes(sig) + payload = message.get_payload() + assert isinstance(payload, list) + assert isinstance(payload[0], email.message.Message) + signed_data = payload[0].get_payload() + assert isinstance(signed_data, str) + test_support.pkcs7_verify( + serialization.Encoding.SMIME, + sig, + signed_data.encode(), + [cert], + options, ) assert data not in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, data, [cert], options, - backend, ) def test_sign_byteslike(self, backend): @@ -321,6 +293,29 @@ def test_sign_byteslike(self, backend): sig = builder.sign(serialization.Encoding.SMIME, options) assert bytes(data) in sig + test_support.pkcs7_verify( + serialization.Encoding.SMIME, + sig, + data, + [cert], + options, + ) + + data = bytearray(b"") + builder = ( + pkcs7.PKCS7SignatureBuilder() + .set_data(data) + .add_signer(cert, key, hashes.SHA256()) + ) + + sig = builder.sign(serialization.Encoding.SMIME, options) + test_support.pkcs7_verify( + serialization.Encoding.SMIME, + sig, + data, + [cert], + options, + ) def test_sign_pem(self, backend): data = b"hello world" @@ -333,19 +328,17 @@ def test_sign_pem(self, backend): ) sig = builder.sign(serialization.Encoding.PEM, options) - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.PEM, sig, None, [cert], options, - backend, ) @pytest.mark.parametrize( ("hash_alg", "expected_value"), [ - (hashes.SHA1(), b"\x06\x05+\x0e\x03\x02\x1a"), (hashes.SHA256(), b"\x06\t`\x86H\x01e\x03\x04\x02\x01"), (hashes.SHA384(), b"\x06\t`\x86H\x01e\x03\x04\x02\x02"), (hashes.SHA512(), b"\x06\t`\x86H\x01e\x03\x04\x02\x03"), @@ -354,8 +347,6 @@ def test_sign_pem(self, backend): def test_sign_alternate_digests_der( self, hash_alg, expected_value, backend ): - skip_signature_hash(backend, hash_alg) - data = b"hello world" cert, key = _load_cert_key() builder = ( @@ -366,14 +357,13 @@ def test_sign_alternate_digests_der( options: typing.List[pkcs7.PKCS7Options] = [] sig = builder.sign(serialization.Encoding.DER, options) assert expected_value in sig - _pkcs7_verify( - serialization.Encoding.DER, sig, None, [cert], options, backend + test_support.pkcs7_verify( + serialization.Encoding.DER, sig, None, [cert], options ) @pytest.mark.parametrize( ("hash_alg", "expected_value"), [ - (hashes.SHA1(), b"sha1"), (hashes.SHA256(), b"sha-256"), (hashes.SHA384(), b"sha-384"), (hashes.SHA512(), b"sha-512"), @@ -382,8 +372,6 @@ def test_sign_alternate_digests_der( def test_sign_alternate_digests_detached( self, hash_alg, expected_value, backend ): - skip_signature_hash(backend, hash_alg) - data = b"hello world" cert, key = _load_cert_key() builder = ( @@ -411,13 +399,12 @@ def test_sign_attached(self, backend): # When not passing detached signature the signed data is embedded into # the PKCS7 structure itself assert data in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, None, [cert], options, - backend, ) def test_sign_binary(self, backend): @@ -437,22 +424,20 @@ def test_sign_binary(self, backend): # so data should not be present in sig_no_binary, but should be present # in sig_binary assert data not in sig_no_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_no_binary, None, [cert], options, - backend, ) assert data in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, None, [cert], options, - backend, ) def test_sign_smime_canonicalization(self, backend): @@ -470,13 +455,12 @@ def test_sign_smime_canonicalization(self, backend): # so data should not be present in the sig assert data not in sig_binary assert b"hello\r\nworld" in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, None, [cert], options, - backend, ) def test_sign_text(self, backend): @@ -496,17 +480,66 @@ def test_sign_text(self, backend): # The text option adds text/plain headers to the S/MIME message # These headers are only relevant in SMIME mode, not binary, which is # just the PKCS7 structure itself. - assert b"text/plain" in sig_pem - # When passing the Text option the header is prepended so the actual - # signed data is this. - signed_data = b"Content-Type: text/plain\r\n\r\nhello world" - _pkcs7_verify( + assert sig_pem.count(b"text/plain") == 1 + assert b"Content-Type: text/plain\r\n\r\nhello world\r\n" in sig_pem + # Parse the message to get the signed data, which is the + # first payload in the message + message = email.parser.BytesParser().parsebytes(sig_pem) + payload = message.get_payload() + assert isinstance(payload, list) + assert isinstance(payload[0], email.message.Message) + signed_data = payload[0].as_bytes( + policy=message.policy.clone(linesep="\r\n") + ) + test_support.pkcs7_verify( serialization.Encoding.SMIME, sig_pem, signed_data, [cert], options, - backend, + ) + + def test_smime_capabilities(self, backend): + data = b"hello world" + cert, key = _load_cert_key() + builder = ( + pkcs7.PKCS7SignatureBuilder() + .set_data(data) + .add_signer(cert, key, hashes.SHA256()) + ) + + sig_binary = builder.sign(serialization.Encoding.DER, []) + + # 1.2.840.113549.1.9.15 (SMIMECapabilities) as an ASN.1 DER encoded OID + assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x0f" in sig_binary + + # 2.16.840.1.101.3.4.1.42 (aes256-CBC-PAD) as an ASN.1 DER encoded OID + aes256_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x2a" + # 2.16.840.1.101.3.4.1.22 (aes192-CBC-PAD) as an ASN.1 DER encoded OID + aes192_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x16" + # 2.16.840.1.101.3.4.1.2 (aes128-CBC-PAD) as an ASN.1 DER encoded OID + aes128_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02" + + # Each algorithm in SMIMECapabilities should be inside its own + # SEQUENCE. + # This is encoded as SEQUENCE_IDENTIFIER + LENGTH + ALGORITHM_OID. + # This tests that each algorithm is indeed encoded inside its own + # sequence. See RFC 2633, Appendix A for more details. + sequence_identifier = b"\x30" + for oid in [ + aes256_cbc_pad_oid, + aes192_cbc_pad_oid, + aes128_cbc_pad_oid, + ]: + len_oid = len(oid).to_bytes(length=1, byteorder="big") + assert sequence_identifier + len_oid + oid in sig_binary + + test_support.pkcs7_verify( + serialization.Encoding.DER, + sig_binary, + None, + [cert], + [], ) def test_sign_no_capabilities(self, backend): @@ -529,13 +562,12 @@ def test_sign_no_capabilities(self, backend): assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x0f" not in sig_binary # 1.2.840.113549.1.9.5 signingTime as an ASN.1 DER encoded OID assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x05" in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, None, [cert], options, - backend, ) def test_sign_no_attributes(self, backend): @@ -556,13 +588,12 @@ def test_sign_no_attributes(self, backend): assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x0f" not in sig_binary # 1.2.840.113549.1.9.5 signingTime as an ASN.1 DER encoded OID assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x05" not in sig_binary - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig_binary, None, [cert], options, - backend, ) def test_sign_no_certs(self, backend): @@ -582,13 +613,109 @@ def test_sign_no_certs(self, backend): sig_no = builder.sign(serialization.Encoding.DER, options) assert sig_no.count(cert.public_bytes(serialization.Encoding.DER)) == 0 + @pytest.mark.parametrize( + "pad", + [ + padding.PKCS1v15(), + None, + padding.PSS( + mgf=padding.MGF1(hashes.SHA512()), + salt_length=padding.PSS.DIGEST_LENGTH, + ), + ], + ) + def test_rsa_pkcs_padding_options(self, pad, backend): + data = b"hello world" + rsa_key = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), None, unsafe_skip_rsa_key_validation=True + ), + mode="rb", + ) + assert isinstance(rsa_key, rsa.RSAPrivateKey) + rsa_cert = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_ca.pem"), + loader=lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read() + ), + mode="rb", + ) + builder = ( + pkcs7.PKCS7SignatureBuilder() + .set_data(data) + .add_signer(rsa_cert, rsa_key, hashes.SHA512(), rsa_padding=pad) + ) + options: typing.List[pkcs7.PKCS7Options] = [] + sig = builder.sign(serialization.Encoding.DER, options) + # This should be a pkcs1 sha512 signature + if isinstance(pad, padding.PSS): + # PKCS7_verify can't verify a PSS sig and we don't bind CMS so + # we instead just check that a few things are present in the + # output. + # There should be four SHA512 OIDs in this structure + assert sig.count(b"\x06\t`\x86H\x01e\x03\x04\x02\x03") == 4 + # There should be one MGF1 OID in this structure + assert ( + sig.count(b"\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08") == 1 + ) + else: + # This should be a pkcs1 RSA signature, which uses the + # `rsaEncryption` OID (1.2.840.113549.1.1.1) no matter which + # digest algorithm is used. + # See RFC 3370 section 3.2 for more details. + # This OID appears twice, once in the certificate itself and + # another in the SignerInfo data structure in the + # `digest_encryption_algorithm` field. + assert ( + sig.count(b"\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01") == 2 + ) + test_support.pkcs7_verify( + serialization.Encoding.DER, + sig, + None, + [rsa_cert], + options, + ) + + def test_not_rsa_key_with_padding(self, backend): + cert, key = _load_cert_key() + with pytest.raises(TypeError): + pkcs7.PKCS7SignatureBuilder().add_signer( + cert, key, hashes.SHA512(), rsa_padding=padding.PKCS1v15() + ) + + def test_rsa_invalid_padding(self, backend): + rsa_key = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), None, unsafe_skip_rsa_key_validation=True + ), + mode="rb", + ) + assert isinstance(rsa_key, rsa.RSAPrivateKey) + rsa_cert = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_ca.pem"), + loader=lambda pemfile: x509.load_pem_x509_certificate( + pemfile.read() + ), + mode="rb", + ) + with pytest.raises(TypeError): + pkcs7.PKCS7SignatureBuilder().add_signer( + rsa_cert, + rsa_key, + hashes.SHA512(), + rsa_padding=object(), # type: ignore[arg-type] + ) + def test_multiple_signers(self, backend): data = b"hello world" cert, key = _load_cert_key() rsa_key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "rsa_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -610,13 +737,12 @@ def test_multiple_signers(self, backend): sig = builder.sign(serialization.Encoding.DER, options) # There should be three SHA512 OIDs in this structure assert sig.count(b"\x06\t`\x86H\x01e\x03\x04\x02\x03") == 3 - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig, None, [cert, rsa_cert], options, - backend, ) def test_multiple_signers_different_hash_algs(self, backend): @@ -625,7 +751,7 @@ def test_multiple_signers_different_hash_algs(self, backend): rsa_key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "rsa_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -648,13 +774,12 @@ def test_multiple_signers_different_hash_algs(self, backend): # There should be two SHA384 and two SHA512 OIDs in this structure assert sig.count(b"\x06\t`\x86H\x01e\x03\x04\x02\x02") == 2 assert sig.count(b"\x06\t`\x86H\x01e\x03\x04\x02\x03") == 2 - _pkcs7_verify( + test_support.pkcs7_verify( serialization.Encoding.DER, sig, None, [cert, rsa_cert], options, - backend, ) def test_add_additional_cert_not_a_cert(self, backend): @@ -709,6 +834,242 @@ def test_add_multiple_additional_certs(self, backend): ) +def _load_rsa_cert_key(): + key = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), None, unsafe_skip_rsa_key_validation=True + ), + mode="rb", + ) + cert = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_ca.pem"), + loader=lambda pemfile: x509.load_pem_x509_certificate(pemfile.read()), + mode="rb", + ) + return cert, key + + +@pytest.mark.supported( + only_if=lambda backend: backend.pkcs7_supported() + and backend.rsa_encryption_supported(padding.PKCS1v15()), + skip_message="Requires OpenSSL with PKCS7 support and PKCS1 v1.5 padding " + "support", +) +class TestPKCS7EnvelopeBuilder: + def test_invalid_data(self, backend): + builder = pkcs7.PKCS7EnvelopeBuilder() + with pytest.raises(TypeError): + builder.set_data("not bytes") # type: ignore[arg-type] + + def test_set_data_twice(self, backend): + builder = pkcs7.PKCS7EnvelopeBuilder().set_data(b"test") + with pytest.raises(ValueError): + builder.set_data(b"test") + + def test_encrypt_no_recipient(self, backend): + builder = pkcs7.PKCS7EnvelopeBuilder().set_data(b"test") + with pytest.raises(ValueError): + builder.encrypt(serialization.Encoding.SMIME, []) + + def test_encrypt_no_data(self, backend): + cert, _ = _load_rsa_cert_key() + builder = pkcs7.PKCS7EnvelopeBuilder().add_recipient(cert) + with pytest.raises(ValueError): + builder.encrypt(serialization.Encoding.SMIME, []) + + def test_unsupported_encryption(self, backend): + cert_non_rsa, _ = _load_cert_key() + with pytest.raises(TypeError): + pkcs7.PKCS7EnvelopeBuilder().add_recipient(cert_non_rsa) + + def test_not_a_cert(self, backend): + with pytest.raises(TypeError): + pkcs7.PKCS7EnvelopeBuilder().add_recipient( + b"notacert", # type: ignore[arg-type] + ) + + def test_encrypt_invalid_options(self, backend): + cert, _ = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(b"test").add_recipient(cert) + ) + with pytest.raises(ValueError): + builder.encrypt( + serialization.Encoding.SMIME, + [b"invalid"], # type: ignore[list-item] + ) + + def test_encrypt_invalid_encoding(self, backend): + cert, _ = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(b"test").add_recipient(cert) + ) + with pytest.raises(ValueError): + builder.encrypt(serialization.Encoding.Raw, []) + + @pytest.mark.parametrize( + "invalid_options", + [ + [pkcs7.PKCS7Options.NoAttributes], + [pkcs7.PKCS7Options.NoCapabilities], + [pkcs7.PKCS7Options.NoCerts], + [pkcs7.PKCS7Options.DetachedSignature], + [pkcs7.PKCS7Options.Binary, pkcs7.PKCS7Options.Text], + ], + ) + def test_encrypt_invalid_encryption_options( + self, backend, invalid_options + ): + cert, _ = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(b"test").add_recipient(cert) + ) + with pytest.raises(ValueError): + builder.encrypt(serialization.Encoding.DER, invalid_options) + + @pytest.mark.parametrize( + "options", + [ + [pkcs7.PKCS7Options.Text], + [pkcs7.PKCS7Options.Binary], + ], + ) + def test_smime_encrypt_smime_encoding(self, backend, options): + data = b"hello world\n" + cert, private_key = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(data).add_recipient(cert) + ) + enveloped = builder.encrypt(serialization.Encoding.SMIME, options) + assert b"MIME-Version: 1.0\n" in enveloped + assert b"Content-Transfer-Encoding: base64\n" in enveloped + message = email.parser.BytesParser().parsebytes(enveloped) + assert message.get_content_disposition() == "attachment" + assert message.get_filename() == "smime.p7m" + assert message.get_content_type() == "application/pkcs7-mime" + assert message.get_param("smime-type") == "enveloped-data" + assert message.get_param("name") == "smime.p7m" + + payload = message.get_payload(decode=True) + assert isinstance(payload, bytes) + + # We want to know if we've serialized something that has the parameters + # we expect, so we match on specific byte strings of OIDs & DER values. + # OID 2.16.840.1.101.3.4.1.2 (aes128-CBC) + assert b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02" in payload + # OID 1.2.840.113549.1.1.1 (rsaEncryption (PKCS #1)) + assert b"\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" in payload + # cryptography CA (the recipient's Common Name) + assert ( + b"\x0c\x0f\x63\x72\x79\x70\x74\x6f\x67\x72\x61\x70\x68\x79" + b"\x20\x43\x41" + ) in payload + + decrypted_bytes = test_support.pkcs7_decrypt( + serialization.Encoding.SMIME, + enveloped, + private_key, + cert, + options, + ) + # New lines are canonicalized to '\r\n' when not using Binary + expected_data = ( + data + if pkcs7.PKCS7Options.Binary in options + else data.replace(b"\n", b"\r\n") + ) + assert decrypted_bytes == expected_data + + @pytest.mark.parametrize( + "options", + [ + [pkcs7.PKCS7Options.Text], + [pkcs7.PKCS7Options.Binary], + ], + ) + def test_smime_encrypt_der_encoding(self, backend, options): + data = b"hello world\n" + cert, private_key = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(data).add_recipient(cert) + ) + enveloped = builder.encrypt(serialization.Encoding.DER, options) + + # We want to know if we've serialized something that has the parameters + # we expect, so we match on specific byte strings of OIDs & DER values. + # OID 2.16.840.1.101.3.4.1.2 (aes128-CBC) + assert b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02" in enveloped + # OID 1.2.840.113549.1.1.1 (rsaEncryption (PKCS #1)) + assert b"\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" in enveloped + # cryptography CA (the recipient's Common Name) + assert ( + b"\x0c\x0f\x63\x72\x79\x70\x74\x6f\x67\x72\x61\x70\x68\x79" + b"\x20\x43\x41" + ) in enveloped + + decrypted_bytes = test_support.pkcs7_decrypt( + serialization.Encoding.DER, + enveloped, + private_key, + cert, + options, + ) + # New lines are canonicalized to '\r\n' when not using Binary + expected_data = ( + data + if pkcs7.PKCS7Options.Binary in options + else data.replace(b"\n", b"\r\n") + ) + assert decrypted_bytes == expected_data + + @pytest.mark.parametrize( + "options", + [ + [pkcs7.PKCS7Options.Text], + [pkcs7.PKCS7Options.Binary], + ], + ) + def test_smime_encrypt_pem_encoding(self, backend, options): + data = b"hello world\n" + cert, private_key = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder().set_data(data).add_recipient(cert) + ) + enveloped = builder.encrypt(serialization.Encoding.PEM, options) + decrypted_bytes = test_support.pkcs7_decrypt( + serialization.Encoding.PEM, + enveloped, + private_key, + cert, + options, + ) + # New lines are canonicalized to '\r\n' when not using Binary + expected_data = ( + data + if pkcs7.PKCS7Options.Binary in options + else data.replace(b"\n", b"\r\n") + ) + assert decrypted_bytes == expected_data + + def test_smime_encrypt_multiple_recipients(self, backend): + data = b"hello world\n" + cert, _ = _load_rsa_cert_key() + builder = ( + pkcs7.PKCS7EnvelopeBuilder() + .set_data(data) + .add_recipient(cert) + .add_recipient(cert) + ) + enveloped = builder.encrypt(serialization.Encoding.DER, []) + # cryptography CA (the recipient's Common Name) + common_name_bytes = ( + b"\x0c\x0f\x63\x72\x79\x70\x74\x6f\x67\x72\x61" + b"\x70\x68\x79\x20\x43\x41" + ) + assert enveloped.count(common_name_bytes) == 2 + + @pytest.mark.supported( only_if=lambda backend: backend.pkcs7_supported(), skip_message="Requires OpenSSL with PKCS7 support", @@ -741,7 +1102,7 @@ def test_ordering(self, backend): list(reversed(certs)), serialization.Encoding.DER ) certs2 = pkcs7.load_der_pkcs7_certificates(p7) - assert certs != certs2 + assert certs == certs2 def test_pem_matches_vector(self, backend): p7_pem = load_vectors_from_file( @@ -771,7 +1132,7 @@ def test_invalid_types(self): ) with pytest.raises(TypeError): pkcs7.serialize_certificates( - "not a list of certs", # type: ignore[arg-type] + object(), # type: ignore[arg-type] serialization.Encoding.PEM, ) @@ -780,5 +1141,30 @@ def test_invalid_types(self): with pytest.raises(TypeError): pkcs7.serialize_certificates( - certs, "not an encoding" # type: ignore[arg-type] + certs, + "not an encoding", # type: ignore[arg-type] ) + + +@pytest.mark.supported( + only_if=lambda backend: not backend.pkcs7_supported(), + skip_message="Requires OpenSSL without PKCS7 support (BoringSSL)", +) +class TestPKCS7Unsupported: + def test_pkcs7_functions_unsupported(self): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): + pkcs7.load_der_pkcs7_certificates(b"nonsense") + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION): + pkcs7.load_pem_pkcs7_certificates(b"nonsense") + + +@pytest.mark.supported( + only_if=lambda backend: backend.pkcs7_supported() + and not backend.rsa_encryption_supported(padding.PKCS1v15()), + skip_message="Requires OpenSSL with no PKCS1 v1.5 padding support", +) +class TestPKCS7EnvelopeBuilderUnsupported: + def test_envelope_builder_unsupported(self, backend): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): + pkcs7.PKCS7EnvelopeBuilder() diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 6f083cb..ddd1dad 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -4,6 +4,7 @@ import binascii +import copy import itertools import os @@ -14,18 +15,32 @@ UnsupportedAlgorithm, _Reasons, ) +from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ( - padding, - rsa, - utils as asym_utils, -) +from cryptography.hazmat.primitives.asymmetric import padding, rsa +from cryptography.hazmat.primitives.asymmetric import utils as asym_utils from cryptography.hazmat.primitives.asymmetric.rsa import ( RSAPrivateNumbers, RSAPublicNumbers, ) +from ...doubles import ( + DummyAsymmetricPadding, + DummyHashAlgorithm, + DummyKeySerializationEncryption, +) +from ...utils import ( + load_nist_vectors, + load_pkcs1_vectors, + load_rsa_nist_vectors, + load_vectors_from_file, + raises_unsupported_algorithm, +) from .fixtures_rsa import ( + RSA_KEY_512, + RSA_KEY_522, + RSA_KEY_599, + RSA_KEY_745, RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, @@ -37,10 +52,6 @@ RSA_KEY_1536, RSA_KEY_2048, RSA_KEY_2048_ALT, - RSA_KEY_512, - RSA_KEY_522, - RSA_KEY_599, - RSA_KEY_745, RSA_KEY_CORRUPTED, ) from .utils import ( @@ -48,23 +59,21 @@ generate_rsa_verification_test, skip_fips_traditional_openssl, ) -from ...doubles import ( - DummyAsymmetricPadding, - DummyHashAlgorithm, - DummyKeySerializationEncryption, -) -from ...utils import ( - load_nist_vectors, - load_pkcs1_vectors, - load_rsa_nist_vectors, - load_vectors_from_file, - raises_unsupported_algorithm, -) + + +@pytest.fixture(scope="session") +def rsa_key_512() -> rsa.RSAPrivateKey: + return RSA_KEY_512.private_key(unsafe_skip_rsa_key_validation=True) + + +@pytest.fixture(scope="session") +def rsa_key_2048() -> rsa.RSAPrivateKey: + return RSA_KEY_2048.private_key(unsafe_skip_rsa_key_validation=True) class DummyMGF(padding.MGF): _salt_length = 0 - _algorithm = hashes.SHA1() + _algorithm = hashes.SHA256() def _check_fips_key_length(backend, private_key): @@ -72,18 +81,7 @@ def _check_fips_key_length(backend, private_key): backend._fips_enabled and private_key.key_size < backend._fips_rsa_min_key_size ): - pytest.skip( - "Key size not FIPS compliant: {}".format(private_key.key_size) - ) - - -def _check_rsa_private_numbers_if_serializable(key): - if isinstance(key, rsa.RSAPrivateKey): - _check_rsa_private_numbers(key.private_numbers()) - - -def test_check_rsa_private_numbers_if_serializable(): - _check_rsa_private_numbers_if_serializable("notserializable") + pytest.skip(f"Key size not FIPS compliant: {private_key.key_size}") def _flatten_pkcs1_examples(vectors): @@ -118,7 +116,7 @@ def _build_oaep_sha2_vectors(): load_vectors_from_file( os.path.join( base_path, - "oaep-{}-{}.txt".format(mgf1alg.name, oaepalg.name), + f"oaep-{mgf1alg.name}-{oaepalg.name}.txt", ), load_pkcs1_vectors, ) @@ -137,9 +135,7 @@ def _skip_pss_hash_algorithm_unsupported(backend, hash_alg): mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH ) ): - pytest.skip( - "Does not support {} in MGF1 using PSS.".format(hash_alg.name) - ) + pytest.skip(f"Does not support {hash_alg.name} in MGF1 using PSS.") def test_skip_pss_hash_algorithm_unsupported(backend): @@ -182,15 +178,13 @@ class TestRSA: def test_generate_rsa_keys(self, backend, public_exponent, key_size): if backend._fips_enabled: if key_size < backend._fips_rsa_min_key_size: - pytest.skip("Key size not FIPS compliant: {}".format(key_size)) + pytest.skip(f"Key size not FIPS compliant: {key_size}") if public_exponent < backend._fips_rsa_min_public_exponent: - pytest.skip( - "Exponent not FIPS compliant: {}".format(public_exponent) - ) + pytest.skip(f"Exponent not FIPS compliant: {public_exponent}") skey = rsa.generate_private_key(public_exponent, key_size, backend) assert skey.key_size == key_size - _check_rsa_private_numbers_if_serializable(skey) + _check_rsa_private_numbers(skey.private_numbers()) pkey = skey.public_key() assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers) @@ -258,11 +252,7 @@ def test_load_pss_vect_example_keys(self, pkcs1_example): assert public_num.e == public_num2.e @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - and not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL - and not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ), + only_if=lambda backend: not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL, skip_message="Does not support RSA PSS loading", ) @pytest.mark.parametrize( @@ -283,7 +273,7 @@ def test_load_pss_keys_strips_constraints(self, path, backend): key = load_vectors_from_file( filename=path, loader=lambda p: serialization.load_pem_private_key( - p.read(), password=None + p.read(), password=None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -296,14 +286,6 @@ def test_load_pss_keys_strips_constraints(self, path, backend): signature, b"whatever", padding.PKCS1v15(), hashes.SHA224() ) - @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - and not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL - and not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ), - skip_message="Does not support RSA PSS loading", - ) def test_load_pss_pub_keys_strips_constraints(self, backend): key = load_vectors_from_file( filename=os.path.join( @@ -321,11 +303,7 @@ def test_load_pss_pub_keys_strips_constraints(self, backend): ) @pytest.mark.supported( - only_if=lambda backend: ( - backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - or backend._lib.CRYPTOGRAPHY_IS_BORINGSSL - or backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ), + only_if=lambda backend: rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL, skip_message="Test requires a backend without RSA-PSS key support", ) def test_load_pss_unsupported(self, backend): @@ -361,7 +339,10 @@ def test_load_pss_unsupported(self, backend): ) def test_oaep_label_decrypt(self, vector, backend): private_key = serialization.load_der_private_key( - binascii.unhexlify(vector["key"]), None, backend + binascii.unhexlify(vector["key"]), + None, + backend, + unsafe_skip_rsa_key_validation=True, ) assert isinstance(private_key, rsa.RSAPrivateKey) assert vector["oaepdigest"] == b"SHA512" @@ -392,8 +373,8 @@ def test_oaep_label_decrypt(self, vector, backend): ), skip_message="Does not support RSA OAEP labels", ) - def test_oaep_label_roundtrip(self, msg, label, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_oaep_label_roundtrip(self, rsa_key_2048, msg, label, backend): + private_key = rsa_key_2048 ct = private_key.public_key().encrypt( msg, padding.OAEP( @@ -426,8 +407,8 @@ def test_oaep_label_roundtrip(self, msg, label, backend): ), skip_message="Does not support RSA OAEP labels", ) - def test_oaep_wrong_label(self, enclabel, declabel, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_oaep_wrong_label(self, rsa_key_2048, enclabel, declabel, backend): + private_key = rsa_key_2048 msg = b"test" ct = private_key.public_key().encrypt( msg, @@ -447,32 +428,6 @@ def test_oaep_wrong_label(self, enclabel, declabel, backend): ), ) - def test_lazy_blinding(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - public_key = private_key.public_key() - msg = b"encrypt me!" - ct = public_key.encrypt( - msg, - padding.PKCS1v15(), - ) - assert private_key._blinded is False # type: ignore[attr-defined] - pt = private_key.decrypt( - ct, - padding.PKCS1v15(), - ) - assert private_key._blinded is True # type: ignore[attr-defined] - # Call a second time to cover the branch where blinding - # has already occurred and we don't want to do it again. - pt2 = private_key.decrypt( - ct, - padding.PKCS1v15(), - ) - assert pt == pt2 - assert private_key._blinded is True - # Private method call to cover the racy branch within the lock - private_key._non_threadsafe_enable_blinding() - assert private_key._blinded is True - class TestRSASignature: @pytest.mark.supported( @@ -487,7 +442,7 @@ class TestRSASignature: ), skip_message="Does not support SHA1 signature.", ) - def test_pkcs1v15_signing(self, backend, disable_rsa_checks, subtests): + def test_pkcs1v15_signing(self, backend, subtests): vectors = _flatten_pkcs1_examples( load_vectors_from_file( os.path.join("asymmetric", "RSA", "pkcs1v15sign-vectors.txt"), @@ -506,7 +461,7 @@ def test_pkcs1v15_signing(self, backend, disable_rsa_checks, subtests): public_numbers=rsa.RSAPublicNumbers( e=private["public_exponent"], n=private["modulus"] ), - ).private_key(backend) + ).private_key(backend, unsafe_skip_rsa_key_validation=True) signature = private_key.sign( binascii.unhexlify(example["message"]), padding.PKCS1v15(), @@ -549,7 +504,7 @@ def test_pss_signing(self, subtests, backend): public_numbers=rsa.RSAPublicNumbers( e=private["public_exponent"], n=private["modulus"] ), - ).private_key(backend) + ).private_key(backend, unsafe_skip_rsa_key_validation=True) public_key = rsa.RSAPublicNumbers( e=public["public_exponent"], n=public["modulus"] ).public_key(backend) @@ -579,9 +534,9 @@ def test_pss_signing(self, subtests, backend): "hash_alg", [hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()], ) - def test_pss_signing_sha2(self, hash_alg, backend): + def test_pss_signing_sha2(self, rsa_key_2048, hash_alg, backend): _skip_pss_hash_algorithm_unsupported(backend, hash_alg) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 public_key = private_key.public_key() pss = padding.PSS( mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH @@ -599,8 +554,8 @@ def test_pss_signing_sha2(self, hash_alg, backend): ), skip_message="Does not support PSS.", ) - def test_pss_digest_length(self, backend): - private_key = RSA_KEY_2048.private_key() + def test_pss_digest_length(self, rsa_key_2048, backend): + private_key = rsa_key_2048 signature = private_key.sign( b"some data", padding.PSS( @@ -634,7 +589,7 @@ def test_pss_digest_length(self, backend): backend.hash_supported(hashes.SHA512()) and backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ) @@ -643,11 +598,13 @@ def test_pss_digest_length(self, backend): ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_pss_minimum_key_size_for_digest(self, backend): - private_key = RSA_KEY_522.private_key(backend) + private_key = RSA_KEY_522.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) private_key.sign( b"no failure", padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), hashes.SHA512(), @@ -656,7 +613,7 @@ def test_pss_minimum_key_size_for_digest(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), @@ -667,13 +624,15 @@ def test_pss_minimum_key_size_for_digest(self, backend): skip_message="Does not support SHA512.", ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") - def test_pss_signing_digest_too_large_for_key_size(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_pss_signing_digest_too_large_for_key_size( + self, rsa_key_512: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_512 with pytest.raises(ValueError): private_key.sign( b"msg", padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), hashes.SHA512(), @@ -682,30 +641,36 @@ def test_pss_signing_digest_too_large_for_key_size(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), skip_message="Does not support PSS.", ) - def test_pss_signing_salt_length_too_long(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_pss_signing_salt_length_too_long( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with pytest.raises(ValueError): private_key.sign( b"failure coming", padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), salt_length=1000000 + mgf=padding.MGF1(hashes.SHA256()), salt_length=1000000 ), hashes.SHA256(), ) - def test_unsupported_padding(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.sign(b"msg", DummyAsymmetricPadding(), hashes.SHA1()) + private_key.sign(b"msg", DummyAsymmetricPadding(), hashes.SHA256()) - def test_padding_incorrect_type(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_padding_incorrect_type( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with pytest.raises(TypeError): private_key.sign( b"msg", @@ -715,12 +680,14 @@ def test_padding_incorrect_type(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ), skip_message="Does not support PSS.", ) - def test_unsupported_pss_mgf(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_unsupported_pss_mgf( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.sign( b"msg", @@ -728,7 +695,7 @@ def test_unsupported_pss_mgf(self, backend): mgf=DummyMGF(), salt_length=padding.PSS.MAX_LENGTH, ), - hashes.SHA1(), + hashes.SHA256(), ) @pytest.mark.supported( @@ -740,8 +707,10 @@ def test_unsupported_pss_mgf(self, backend): ), skip_message="Does not support PSS.", ) - def test_pss_sign_unsupported_auto(self, backend): - private_key = RSA_KEY_2048.private_key() + def test_pss_sign_unsupported_auto( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with pytest.raises(ValueError): private_key.sign( b"some data", @@ -760,7 +729,9 @@ def test_pss_sign_unsupported_auto(self, backend): ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_pkcs1_digest_too_large_for_key_size(self, backend): - private_key = RSA_KEY_599.private_key(backend) + private_key = RSA_KEY_599.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) with pytest.raises(ValueError): private_key.sign( b"failure coming", padding.PKCS1v15(), hashes.SHA512() @@ -774,12 +745,20 @@ def test_pkcs1_digest_too_large_for_key_size(self, backend): ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_pkcs1_minimum_key_size(self, backend): - private_key = RSA_KEY_745.private_key(backend) + private_key = RSA_KEY_745.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) private_key.sign(b"no failure", padding.PKCS1v15(), hashes.SHA512()) - def test_sign(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - message = b"one little message" + @pytest.mark.parametrize( + "message", + [ + b"one little message", + bytearray(b"one little message"), + ], + ) + def test_sign(self, rsa_key_2048: rsa.RSAPrivateKey, message, backend): + private_key = rsa_key_2048 pkcs = padding.PKCS1v15() algorithm = hashes.SHA256() signature = private_key.sign(message, pkcs, algorithm) @@ -788,17 +767,17 @@ def test_sign(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ), skip_message="Does not support PSS.", ) - def test_prehashed_sign(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_prehashed_sign(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 message = b"one little message" h = hashes.Hash(hashes.SHA256(), backend) h.update(message) digest = h.finalize() - pss = padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) prehashed_alg = asym_utils.Prehashed(hashes.SHA256()) signature = private_key.sign(digest, pss, prehashed_alg) public_key = private_key.public_key() @@ -813,8 +792,10 @@ def test_prehashed_sign(self, backend): ), skip_message="Does not support PSS.", ) - def test_prehashed_digest_length(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_prehashed_digest_length( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 message = b"one little message" h = hashes.Hash(hashes.SHA256(), backend) h.update(message) @@ -836,12 +817,12 @@ def test_prehashed_digest_length(self, backend): ) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ), skip_message="Does not support PSS.", ) - def test_unsupported_hash(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_unsupported_hash(self, rsa_key_512: rsa.RSAPrivateKey, backend): + private_key = rsa_key_512 message = b"one little message" pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): @@ -849,23 +830,42 @@ def test_unsupported_hash(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) + ), + skip_message="Does not support PSS.", + ) + def test_unsupported_hash_pss_mgf1(self, rsa_key_2048: rsa.RSAPrivateKey): + private_key = rsa_key_2048 + message = b"my message" + pss = padding.PSS( + mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0 + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.sign(message, pss, hashes.SHA256()) + + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ), skip_message="Does not support PSS.", ) - def test_prehashed_digest_mismatch(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_prehashed_digest_mismatch( + self, rsa_key_512: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_512 message = b"one little message" h = hashes.Hash(hashes.SHA512(), backend) h.update(message) digest = h.finalize() - pss = padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) - prehashed_alg = asym_utils.Prehashed(hashes.SHA1()) + pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) + prehashed_alg = asym_utils.Prehashed(hashes.SHA256()) with pytest.raises(ValueError): private_key.sign(digest, pss, prehashed_alg) - def test_prehashed_unsupported_in_signature_recover(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_prehashed_unsupported_in_signature_recover( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() signature = private_key.sign( b"sign me", padding.PKCS1v15(), hashes.SHA256() @@ -939,8 +939,10 @@ def test_pkcs1v15_verification(self, backend, subtests): ), skip_message="Does not support PKCS1v1.5.", ) - def test_invalid_pkcs1v15_signature_wrong_data(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_invalid_pkcs1v15_signature_wrong_data( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() signature = private_key.sign( b"sign me", padding.PKCS1v15(), hashes.SHA256() @@ -953,8 +955,10 @@ def test_invalid_pkcs1v15_signature_wrong_data(self, backend): hashes.SHA256(), ) - def test_invalid_pkcs1v15_signature_recover_wrong_hash_alg(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_invalid_pkcs1v15_signature_recover_wrong_hash_alg( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() signature = private_key.sign( b"sign me", padding.PKCS1v15(), hashes.SHA256() @@ -1006,9 +1010,13 @@ def test_invalid_signature_sequence_removed(self, backend): ), skip_message="Does not support PKCS1v1.5.", ) - def test_invalid_pkcs1v15_signature_wrong_key(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - private_key2 = RSA_KEY_2048_ALT.private_key(backend) + def test_invalid_pkcs1v15_signature_wrong_key( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 + private_key2 = RSA_KEY_2048_ALT.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) public_key = private_key2.public_key() msg = b"sign me" signature = private_key.sign(msg, padding.PKCS1v15(), hashes.SHA256()) @@ -1061,8 +1069,10 @@ def test_pss_verification(self, subtests, backend): ), skip_message="Does not support PSS.", ) - def test_pss_verify_auto_salt_length(self, backend): - private_key = RSA_KEY_2048.private_key() + def test_pss_verify_auto_salt_length( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 signature = private_key.sign( b"some data", padding.PSS( @@ -1084,18 +1094,12 @@ def test_pss_verify_auto_salt_length(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), skip_message="Does not support PSS.", ) - @pytest.mark.supported( - only_if=lambda backend: backend.signature_hash_supported( - hashes.SHA1() - ), - skip_message="Does not support SHA1 signature.", - ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_invalid_pss_signature_wrong_data(self, backend): public_key = rsa.RSAPublicNumbers( @@ -1116,27 +1120,21 @@ def test_invalid_pss_signature_wrong_data(self, backend): signature, b"incorrect data", padding.PSS( - mgf=padding.MGF1(algorithm=hashes.SHA1()), + mgf=padding.MGF1(algorithm=hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), - hashes.SHA1(), + hashes.SHA256(), ) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), skip_message="Does not support PSS.", ) - @pytest.mark.supported( - only_if=lambda backend: backend.signature_hash_supported( - hashes.SHA1() - ), - skip_message="Does not support SHA1 signature.", - ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_invalid_pss_signature_wrong_key(self, backend): signature = binascii.unhexlify( @@ -1159,27 +1157,21 @@ def test_invalid_pss_signature_wrong_key(self, backend): signature, b"sign me", padding.PSS( - mgf=padding.MGF1(algorithm=hashes.SHA1()), + mgf=padding.MGF1(algorithm=hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), - hashes.SHA1(), + hashes.SHA256(), ) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), skip_message="Does not support PSS.", ) - @pytest.mark.supported( - only_if=lambda backend: backend.signature_hash_supported( - hashes.SHA1() - ), - skip_message="Does not support SHA1 signature.", - ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_invalid_pss_signature_data_too_large_for_modulus(self, backend): # 2048 bit PSS signature @@ -1194,29 +1186,27 @@ def test_invalid_pss_signature_data_too_large_for_modulus(self, backend): b"ac462c50a488dca486031a3dc8c4cdbbc53e9f71d64732e1533a5d1249b833ce" ) # 1024 bit key - public_key = RSA_KEY_1024.private_key(backend).public_key() + public_key = RSA_KEY_1024.private_key( + unsafe_skip_rsa_key_validation=True + ).public_key() with pytest.raises(InvalidSignature): public_key.verify( signature, b"sign me", padding.PSS( - mgf=padding.MGF1(algorithm=hashes.SHA1()), + mgf=padding.MGF1(algorithm=hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ), - hashes.SHA1(), + hashes.SHA256(), ) - @pytest.mark.supported( - only_if=lambda backend: backend.signature_hash_supported( - hashes.SHA1() - ), - skip_message="Does not support SHA1 signature.", - ) - def test_invalid_pss_signature_recover(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_invalid_pss_signature_recover( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() pss_padding = padding.PSS( - mgf=padding.MGF1(algorithm=hashes.SHA1()), + mgf=padding.MGF1(algorithm=hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) signature = private_key.sign(b"sign me", pss_padding, hashes.SHA256()) @@ -1233,16 +1223,20 @@ def test_invalid_pss_signature_recover(self, backend): signature, pss_padding, hashes.SHA256() ) - def test_unsupported_padding(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.verify( b"sig", b"msg", DummyAsymmetricPadding(), hashes.SHA256() ) - def test_padding_incorrect_type(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_padding_incorrect_type( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() with pytest.raises(TypeError): public_key.verify( @@ -1254,12 +1248,14 @@ def test_padding_incorrect_type(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ), skip_message="Does not support PSS.", ) - def test_unsupported_pss_mgf(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_pss_mgf( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): public_key.verify( @@ -1274,7 +1270,7 @@ def test_unsupported_pss_mgf(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA512()), salt_length=padding.PSS.MAX_LENGTH, ) ), @@ -1285,8 +1281,10 @@ def test_unsupported_pss_mgf(self, backend): skip_message="Does not support SHA512.", ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") - def test_pss_verify_digest_too_large_for_key_size(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_pss_verify_digest_too_large_for_key_size( + self, rsa_key_512: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_512 signature = binascii.unhexlify( b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8" b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd" @@ -1297,7 +1295,7 @@ def test_pss_verify_digest_too_large_for_key_size(self, backend): signature, b"msg doesn't matter", padding.PSS( - mgf=padding.MGF1(algorithm=hashes.SHA1()), + mgf=padding.MGF1(algorithm=hashes.SHA512()), salt_length=padding.PSS.MAX_LENGTH, ), hashes.SHA512(), @@ -1306,18 +1304,12 @@ def test_pss_verify_digest_too_large_for_key_size(self, backend): @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH, ) ), skip_message="Does not support PSS.", ) - @pytest.mark.supported( - only_if=lambda backend: backend.signature_hash_supported( - hashes.SHA1() - ), - skip_message="Does not support SHA1 signature.", - ) @pytest.mark.skip_fips(reason="Unsupported key size in FIPS mode.") def test_pss_verify_salt_length_too_long(self, backend): signature = binascii.unhexlify( @@ -1339,24 +1331,30 @@ def test_pss_verify_salt_length_too_long(self, backend): b"sign me", padding.PSS( mgf=padding.MGF1( - algorithm=hashes.SHA1(), + algorithm=hashes.SHA256(), ), salt_length=1000000, ), - hashes.SHA1(), + hashes.SHA256(), ) - def test_verify(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - message = b"one little message" + @pytest.mark.parametrize( + "message", + [ + b"one little message", + bytearray(b"one little message"), + ], + ) + def test_verify(self, rsa_key_2048: rsa.RSAPrivateKey, message, backend): + private_key = rsa_key_2048 pkcs = padding.PKCS1v15() algorithm = hashes.SHA256() signature = private_key.sign(message, pkcs, algorithm) public_key = private_key.public_key() public_key.verify(signature, message, pkcs, algorithm) - def test_prehashed_verify(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_prehashed_verify(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 message = b"one little message" h = hashes.Hash(hashes.SHA256(), backend) h.update(message) @@ -1367,8 +1365,10 @@ def test_prehashed_verify(self, backend): public_key = private_key.public_key() public_key.verify(signature, digest, pkcs, prehashed_alg) - def test_prehashed_digest_mismatch(self, backend): - public_key = RSA_KEY_2048.private_key(backend).public_key() + def test_prehashed_digest_mismatch( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + public_key = rsa_key_2048.public_key() message = b"one little message" h = hashes.Hash(hashes.SHA256(), backend) h.update(message) @@ -1625,22 +1625,23 @@ class TestPSS: def test_calculate_max_pss_salt_length(self): with pytest.raises(TypeError): padding.calculate_max_pss_salt_length( - object(), hashes.SHA256() # type:ignore[arg-type] + object(), # type:ignore[arg-type] + hashes.SHA256(), ) def test_invalid_salt_length_not_integer(self): with pytest.raises(TypeError): padding.PSS( - mgf=padding.MGF1(hashes.SHA1()), + mgf=padding.MGF1(hashes.SHA256()), salt_length=b"not_a_length", # type:ignore[arg-type] ) def test_invalid_salt_length_negative_integer(self): with pytest.raises(ValueError): - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=-1) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=-1) def test_valid_pss_parameters(self): - algorithm = hashes.SHA1() + algorithm = hashes.SHA256() salt_length = algorithm.digest_size mgf = padding.MGF1(algorithm) pss = padding.PSS(mgf=mgf, salt_length=salt_length) @@ -1648,12 +1649,19 @@ def test_valid_pss_parameters(self): assert pss._salt_length == salt_length def test_valid_pss_parameters_maximum(self): - algorithm = hashes.SHA1() + algorithm = hashes.SHA256() mgf = padding.MGF1(algorithm) pss = padding.PSS(mgf=mgf, salt_length=padding.PSS.MAX_LENGTH) assert pss._mgf == mgf assert pss._salt_length == padding.PSS.MAX_LENGTH + def test_mgf_property(self): + algorithm = hashes.SHA256() + mgf = padding.MGF1(algorithm) + pss = padding.PSS(mgf=mgf, salt_length=padding.PSS.MAX_LENGTH) + assert pss.mgf == mgf + assert pss.mgf == pss._mgf + class TestMGF1: def test_invalid_hash_algorithm(self): @@ -1661,30 +1669,44 @@ def test_invalid_hash_algorithm(self): padding.MGF1(b"not_a_hash") # type:ignore[arg-type] def test_valid_mgf1_parameters(self): - algorithm = hashes.SHA1() + algorithm = hashes.SHA256() mgf = padding.MGF1(algorithm) assert mgf._algorithm == algorithm class TestOAEP: def test_invalid_algorithm(self): - mgf = padding.MGF1(hashes.SHA1()) + mgf = padding.MGF1(hashes.SHA256()) with pytest.raises(TypeError): padding.OAEP( - mgf=mgf, algorithm=b"", label=None # type:ignore[arg-type] + mgf=mgf, + algorithm=b"", # type:ignore[arg-type] + label=None, ) + def test_algorithm_property(self): + algorithm = hashes.SHA256() + mgf = padding.MGF1(algorithm) + oaep = padding.OAEP(mgf=mgf, algorithm=algorithm, label=None) + assert oaep.algorithm == algorithm + assert oaep.algorithm == oaep._algorithm + + def test_mgf_property(self): + algorithm = hashes.SHA256() + mgf = padding.MGF1(algorithm) + oaep = padding.OAEP(mgf=mgf, algorithm=algorithm, label=None) + assert oaep.mgf == mgf + assert oaep.mgf == oaep._mgf + class TestRSADecryption: @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.PKCS1v15() ), skip_message="Does not support PKCS1v1.5.", ) - def test_decrypt_pkcs1v15_vectors( - self, backend, disable_rsa_checks, subtests - ): + def test_decrypt_pkcs1v15_vectors(self, backend, subtests): vectors = _flatten_pkcs1_examples( load_vectors_from_file( os.path.join("asymmetric", "RSA", "pkcs1v15crypt-vectors.txt"), @@ -1703,47 +1725,56 @@ def test_decrypt_pkcs1v15_vectors( public_numbers=rsa.RSAPublicNumbers( e=private["public_exponent"], n=private["modulus"] ), - ).private_key(backend) + ).private_key(backend, unsafe_skip_rsa_key_validation=True) ciphertext = binascii.unhexlify(example["encryption"]) assert len(ciphertext) == (skey.key_size + 7) // 8 message = skey.decrypt(ciphertext, padding.PKCS1v15()) assert message == binascii.unhexlify(example["message"]) - def test_unsupported_padding(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): private_key.decrypt(b"0" * 256, DummyAsymmetricPadding()) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( - padding.PKCS1v15() + only_if=lambda backend: ( + backend.rsa_encryption_supported(padding.PKCS1v15()) + and not backend._lib.Cryptography_HAS_IMPLICIT_RSA_REJECTION ), skip_message="Does not support PKCS1v1.5.", ) - def test_decrypt_invalid_decrypt(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_decrypt_invalid_decrypt( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with pytest.raises(ValueError): private_key.decrypt(b"\x00" * 256, padding.PKCS1v15()) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.PKCS1v15() ), skip_message="Does not support PKCS1v1.5.", ) - def test_decrypt_ciphertext_too_large(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_decrypt_ciphertext_too_large( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with pytest.raises(ValueError): private_key.decrypt(b"\x00" * 257, padding.PKCS1v15()) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.PKCS1v15() ), skip_message="Does not support PKCS1v1.5.", ) - def test_decrypt_ciphertext_too_small(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_decrypt_ciphertext_too_small( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 ct = binascii.unhexlify( b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1" b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0" @@ -1752,7 +1783,7 @@ def test_decrypt_ciphertext_too_small(self, backend): private_key.decrypt(ct, padding.PKCS1v15()) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), @@ -1761,7 +1792,7 @@ def test_decrypt_ciphertext_too_small(self, backend): ), skip_message="Does not support OAEP.", ) - def test_decrypt_oaep_vectors(self, subtests, backend): + def test_decrypt_oaep_sha1_vectors(self, subtests, backend): for private, public, example in _flatten_pkcs1_examples( load_vectors_from_file( os.path.join( @@ -1781,7 +1812,7 @@ def test_decrypt_oaep_vectors(self, subtests, backend): public_numbers=rsa.RSAPublicNumbers( e=private["public_exponent"], n=private["modulus"] ), - ).private_key(backend) + ).private_key(backend, unsafe_skip_rsa_key_validation=True) message = skey.decrypt( binascii.unhexlify(example["encryption"]), padding.OAEP( @@ -1792,24 +1823,20 @@ def test_decrypt_oaep_vectors(self, subtests, backend): ) assert message == binascii.unhexlify(example["message"]) - @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( - padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA224()), - algorithm=hashes.SHA224(), - label=None, - ) - ), - skip_message=( - "Does not support OAEP using SHA224 MGF1 and SHA224 hash." - ), - ) - def test_decrypt_oaep_sha2_vectors( - self, backend, disable_rsa_checks, subtests - ): + def test_decrypt_oaep_sha2_vectors(self, backend, subtests): vectors = _build_oaep_sha2_vectors() for private, public, example, mgf1_alg, hash_alg in vectors: with subtests.test(): + pad = padding.OAEP( + mgf=padding.MGF1(algorithm=mgf1_alg), + algorithm=hash_alg, + label=None, + ) + if not backend.rsa_encryption_supported(pad): + pytest.skip( + f"Does not support OAEP using {mgf1_alg.name} MGF1 " + f"or {hash_alg.name} hash." + ) skey = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], @@ -1820,56 +1847,56 @@ def test_decrypt_oaep_sha2_vectors( public_numbers=rsa.RSAPublicNumbers( e=private["public_exponent"], n=private["modulus"] ), - ).private_key(backend) + ).private_key(backend, unsafe_skip_rsa_key_validation=True) message = skey.decrypt( binascii.unhexlify(example["encryption"]), - padding.OAEP( - mgf=padding.MGF1(algorithm=mgf1_alg), - algorithm=hash_alg, - label=None, - ), + pad, ) assert message == binascii.unhexlify(example["message"]) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ) ), skip_message="Does not support OAEP.", ) - def test_invalid_oaep_decryption(self, backend): + def test_invalid_oaep_decryption( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): # More recent versions of OpenSSL may raise different errors. # This test triggers a failure and confirms that we properly handle # it. - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 ciphertext = private_key.public_key().encrypt( b"secure data", padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ), ) - private_key_alt = RSA_KEY_2048_ALT.private_key(backend) + private_key_alt = RSA_KEY_2048_ALT.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) with pytest.raises(ValueError): private_key_alt.decrypt( ciphertext, padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ), ) @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), @@ -1879,7 +1906,9 @@ def test_invalid_oaep_decryption(self, backend): skip_message="Does not support OAEP.", ) def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend): - key = RSA_KEY_2048_ALT.private_key(backend) + key = RSA_KEY_2048_ALT.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) ciphertext = ( b"\xb1ph\xc0\x0b\x1a|\xe6\xda\xea\xb5\xd7%\x94\x07\xf96\xfb\x96" @@ -1906,14 +1935,37 @@ def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend): ), ) - def test_unsupported_oaep_mgf(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_oaep_hash(self, rsa_key_2048: rsa.RSAPrivateKey): + private_key = rsa_key_2048 + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"0" * 256, + padding.OAEP( + mgf=padding.MGF1(DummyHashAlgorithm()), + algorithm=hashes.SHA256(), + label=None, + ), + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"0" * 256, + padding.OAEP( + mgf=padding.MGF1(hashes.SHA256()), + algorithm=DummyHashAlgorithm(), + label=None, + ), + ) + + def test_unsupported_oaep_mgf( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.decrypt( b"0" * 256, padding.OAEP( mgf=DummyMGF(), - algorithm=hashes.SHA1(), + algorithm=hashes.SHA256(), label=None, ), ) @@ -1921,10 +1973,10 @@ def test_unsupported_oaep_mgf(self, backend): class TestRSAEncryption: @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ) ), @@ -1947,15 +1999,15 @@ class TestRSAEncryption: ), [ padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ) ], ), ) def test_rsa_encrypt_oaep(self, key_data, pad, backend): - private_key = key_data.private_key(backend) + private_key = key_data.private_key(unsafe_skip_rsa_key_validation=True) _check_fips_key_length(backend, private_key) pt = b"encrypt me!" public_key = private_key.public_key() @@ -1965,18 +2017,6 @@ def test_rsa_encrypt_oaep(self, key_data, pad, backend): recovered_pt = private_key.decrypt(ct, pad) assert recovered_pt == pt - @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( - padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA256()), - algorithm=hashes.SHA512(), - label=None, - ) - ), - skip_message=( - "Does not support OAEP using SHA256 MGF1 and SHA512 hash." - ), - ) @pytest.mark.parametrize( ("mgf1hash", "oaephash"), itertools.product( @@ -1996,13 +2036,20 @@ def test_rsa_encrypt_oaep(self, key_data, pad, backend): ], ), ) - def test_rsa_encrypt_oaep_sha2(self, mgf1hash, oaephash, backend): + def test_rsa_encrypt_oaep_sha2( + self, rsa_key_2048: rsa.RSAPrivateKey, mgf1hash, oaephash, backend + ): pad = padding.OAEP( mgf=padding.MGF1(algorithm=mgf1hash), algorithm=oaephash, label=None, ) - private_key = RSA_KEY_2048.private_key(backend) + if not backend.rsa_encryption_supported(pad): + pytest.skip( + f"Does not support OAEP using {mgf1hash.name} MGF1 " + f"or {oaephash.name} hash." + ) + private_key = rsa_key_2048 pt = b"encrypt me using sha2 hashes!" public_key = private_key.public_key() ct = public_key.encrypt(pt, pad) @@ -2012,7 +2059,7 @@ def test_rsa_encrypt_oaep_sha2(self, mgf1hash, oaephash, backend): assert recovered_pt == pt @pytest.mark.supported( - only_if=lambda backend: backend.rsa_padding_supported( + only_if=lambda backend: backend.rsa_encryption_supported( padding.PKCS1v15() ), skip_message="Does not support PKCS1v1.5.", @@ -2036,7 +2083,7 @@ def test_rsa_encrypt_oaep_sha2(self, mgf1hash, oaephash, backend): ), ) def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend): - private_key = key_data.private_key(backend) + private_key = key_data.private_key(unsafe_skip_rsa_key_validation=True) _check_fips_key_length(backend, private_key) pt = b"encrypt me!" public_key = private_key.public_key() @@ -2063,8 +2110,8 @@ def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend): ), ( padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), label=None, ), padding.PKCS1v15(), @@ -2072,7 +2119,9 @@ def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend): ), ) def test_rsa_encrypt_key_too_small(self, key_data, pad, backend): - private_key = key_data.private_key(backend) + private_key = key_data.private_key(unsafe_skip_rsa_key_validation=True) + if not backend.rsa_encryption_supported(pad): + pytest.skip("PKCS1v15 padding not allowed in FIPS") _check_fips_key_length(backend, private_key) public_key = private_key.public_key() # Slightly smaller than the key size but not enough for padding. @@ -2087,24 +2136,28 @@ def test_rsa_encrypt_key_too_small(self, key_data, pad, backend): only_if=lambda backend: backend._fips_enabled, skip_message="Requires FIPS", ) - def test_rsa_fips_small_key(self, backend): - key = RSA_KEY_512.private_key(backend) + def test_rsa_fips_small_key(self, rsa_key_512: rsa.RSAPrivateKey, backend): with pytest.raises(ValueError): - key.sign(b"somedata", padding.PKCS1v15(), hashes.SHA512()) + rsa_key_512.sign(b"somedata", padding.PKCS1v15(), hashes.SHA512()) - def test_unsupported_padding(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.encrypt(b"somedata", DummyAsymmetricPadding()) with pytest.raises(TypeError): public_key.encrypt( - b"somedata", padding=object() # type: ignore[arg-type] + b"somedata", + padding=object(), # type: ignore[arg-type] ) - def test_unsupported_oaep_mgf(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_unsupported_oaep_mgf( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): @@ -2112,7 +2165,7 @@ def test_unsupported_oaep_mgf(self, backend): b"ciphertext", padding.OAEP( mgf=DummyMGF(), - algorithm=hashes.SHA1(), + algorithm=hashes.SHA256(), label=None, ), ) @@ -2145,7 +2198,9 @@ def test_rsa_private_numbers(self): assert private_numbers.public_numbers == public_numbers def test_rsa_private_numbers_create_key(self, backend): - private_key = RSA_KEY_1024.private_key(backend) + private_key = RSA_KEY_1024.private_key( + backend, unsafe_skip_rsa_key_validation=True + ) assert private_key def test_rsa_public_numbers_create_key(self, backend): @@ -2359,22 +2414,39 @@ class TestRSAPrivateKeySerialization: ], ), ) - def test_private_bytes_encrypted_pem(self, backend, fmt, password): + def test_private_bytes_encrypted_pem( + self, rsa_key_2048: rsa.RSAPrivateKey, backend, fmt, password + ): skip_fips_traditional_openssl(backend, fmt) - key = RSA_KEY_2048.private_key(backend) + key = rsa_key_2048 serialized = key.private_bytes( serialization.Encoding.PEM, fmt, serialization.BestAvailableEncryption(password), ) loaded_key = serialization.load_pem_private_key( - serialized, password, backend + serialized, password, backend, unsafe_skip_rsa_key_validation=True ) assert isinstance(loaded_key, rsa.RSAPrivateKey) loaded_priv_num = loaded_key.private_numbers() priv_num = key.private_numbers() assert loaded_priv_num == priv_num + @pytest.mark.supported( + only_if=lambda backend: backend._fips_enabled, + skip_message="Requires FIPS", + ) + def test_traditional_serialization_fips( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.PEM, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.BestAvailableEncryption(b"password"), + ) + @pytest.mark.parametrize( ("encoding", "fmt"), [ @@ -2384,8 +2456,10 @@ def test_private_bytes_encrypted_pem(self, backend, fmt, password): (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8), ], ) - def test_private_bytes_rejects_invalid(self, encoding, fmt, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_rejects_invalid( + self, rsa_key_2048: rsa.RSAPrivateKey, encoding, fmt, backend + ): + key = rsa_key_2048 with pytest.raises(ValueError): key.private_bytes(encoding, fmt, serialization.NoEncryption()) @@ -2398,15 +2472,17 @@ def test_private_bytes_rejects_invalid(self, encoding, fmt, backend): [serialization.PrivateFormat.PKCS8, b"\x01" * 1000], ], ) - def test_private_bytes_encrypted_der(self, backend, fmt, password): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_encrypted_der( + self, rsa_key_2048: rsa.RSAPrivateKey, backend, fmt, password + ): + key = rsa_key_2048 serialized = key.private_bytes( serialization.Encoding.DER, fmt, serialization.BestAvailableEncryption(password), ) loaded_key = serialization.load_der_private_key( - serialized, password, backend + serialized, password, backend, unsafe_skip_rsa_key_validation=True ) assert isinstance(loaded_key, rsa.RSAPrivateKey) loaded_priv_num = loaded_key.private_numbers() @@ -2439,13 +2515,20 @@ def test_private_bytes_encrypted_der(self, backend, fmt, password): ], ) def test_private_bytes_unencrypted( - self, backend, encoding, fmt, loader_func + self, + rsa_key_2048: rsa.RSAPrivateKey, + backend, + encoding, + fmt, + loader_func, ): - key = RSA_KEY_2048.private_key(backend) + key = rsa_key_2048 serialized = key.private_bytes( encoding, fmt, serialization.NoEncryption() ) - loaded_key = loader_func(serialized, None, backend) + loaded_key = loader_func( + serialized, None, backend, unsafe_skip_rsa_key_validation=True + ) loaded_priv_num = loaded_key.private_numbers() priv_num = key.private_numbers() assert loaded_priv_num == priv_num @@ -2478,7 +2561,9 @@ def test_private_bytes_traditional_openssl_unencrypted( key_bytes = load_vectors_from_file( key_path, lambda pemfile: pemfile.read(), mode="rb" ) - key = loader_func(key_bytes, None, backend) + key = loader_func( + key_bytes, None, backend, unsafe_skip_rsa_key_validation=True + ) serialized = key.private_bytes( encoding, serialization.PrivateFormat.TraditionalOpenSSL, @@ -2486,8 +2571,10 @@ def test_private_bytes_traditional_openssl_unencrypted( ) assert serialized == key_bytes - def test_private_bytes_traditional_der_encrypted_invalid(self, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_traditional_der_encrypted_invalid( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.DER, @@ -2495,8 +2582,10 @@ def test_private_bytes_traditional_der_encrypted_invalid(self, backend): serialization.BestAvailableEncryption(b"password"), ) - def test_private_bytes_invalid_encoding(self, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_invalid_encoding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 with pytest.raises(TypeError): key.private_bytes( "notencoding", # type: ignore[arg-type] @@ -2504,8 +2593,10 @@ def test_private_bytes_invalid_encoding(self, backend): serialization.NoEncryption(), ) - def test_private_bytes_invalid_format(self, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_invalid_format( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 with pytest.raises(TypeError): key.private_bytes( serialization.Encoding.PEM, @@ -2513,8 +2604,10 @@ def test_private_bytes_invalid_format(self, backend): serialization.NoEncryption(), ) - def test_private_bytes_invalid_encryption_algorithm(self, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_invalid_encryption_algorithm( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 with pytest.raises(TypeError): key.private_bytes( serialization.Encoding.PEM, @@ -2522,8 +2615,10 @@ def test_private_bytes_invalid_encryption_algorithm(self, backend): "notanencalg", # type: ignore[arg-type] ) - def test_private_bytes_unsupported_encryption_type(self, backend): - key = RSA_KEY_2048.private_key(backend) + def test_private_bytes_unsupported_encryption_type( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048 with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.PEM, @@ -2613,16 +2708,20 @@ def test_public_bytes_openssh(self, backend): serialization.PublicFormat.SubjectPublicKeyInfo, ) - def test_public_bytes_invalid_encoding(self, backend): - key = RSA_KEY_2048.private_key(backend).public_key() + def test_public_bytes_invalid_encoding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048.public_key() with pytest.raises(TypeError): key.public_bytes( "notencoding", # type: ignore[arg-type] serialization.PublicFormat.PKCS1, ) - def test_public_bytes_invalid_format(self, backend): - key = RSA_KEY_2048.private_key(backend).public_key() + def test_public_bytes_invalid_format( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + key = rsa_key_2048.public_key() with pytest.raises(TypeError): key.public_bytes( serialization.Encoding.PEM, @@ -2637,9 +2736,7 @@ def test_public_bytes_invalid_format(self, backend): serialization.PublicFormat.SubjectPublicKeyInfo, ), (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1), - ] - + list( - itertools.product( + *itertools.product( [ serialization.Encoding.Raw, serialization.Encoding.X962, @@ -2651,10 +2748,32 @@ def test_public_bytes_invalid_format(self, backend): serialization.PublicFormat.UncompressedPoint, serialization.PublicFormat.CompressedPoint, ], - ) - ), + ), + ], ) - def test_public_bytes_rejects_invalid(self, encoding, fmt, backend): - key = RSA_KEY_2048.private_key(backend).public_key() + def test_public_bytes_rejects_invalid( + self, rsa_key_2048: rsa.RSAPrivateKey, encoding, fmt, backend + ): + key = rsa_key_2048.public_key() with pytest.raises(ValueError): key.public_bytes(encoding, fmt) + + def test_public_key_equality(self, rsa_key_2048: rsa.RSAPrivateKey): + key1 = rsa_key_2048.public_key() + key2 = RSA_KEY_2048.private_key( + unsafe_skip_rsa_key_validation=True + ).public_key() + key3 = RSA_KEY_2048_ALT.private_key( + unsafe_skip_rsa_key_validation=True + ).public_key() + assert key1 == key2 + assert key1 != key3 + assert key1 != object() + with pytest.raises(TypeError): + key1 < key2 # type: ignore[operator] + + def test_public_key_copy(self, rsa_key_2048: rsa.RSAPrivateKey): + key1 = rsa_key_2048.public_key() + key2 = copy.copy(key1) + + assert key1 == key2 diff --git a/tests/hazmat/primitives/test_scrypt.py b/tests/hazmat/primitives/test_scrypt.py index 6e95a1f..4b46418 100644 --- a/tests/hazmat/primitives/test_scrypt.py +++ b/tests/hazmat/primitives/test_scrypt.py @@ -8,12 +8,8 @@ import pytest -from cryptography.exceptions import ( - AlreadyFinalized, - InvalidKey, -) -from cryptography.hazmat.primitives.kdf.scrypt import Scrypt, _MEM_LIMIT - +from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.hazmat.primitives.kdf.scrypt import _MEM_LIMIT, Scrypt from tests.utils import ( load_nist_vectors, load_vectors_from_file, diff --git a/tests/hazmat/primitives/test_seed.py b/tests/hazmat/primitives/test_seed.py deleted file mode 100644 index eb0b88c..0000000 --- a/tests/hazmat/primitives/test_seed.py +++ /dev/null @@ -1,86 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - - -import binascii -import os - -import pytest - -from cryptography.hazmat.primitives.ciphers import algorithms, modes - -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._SEEDInternal(b"\x00" * 16), modes.ECB() - ), - skip_message="Does not support SEED ECB", -) -class TestSEEDModeECB: - test_ecb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "SEED"), - ["rfc-4269.txt"], - lambda key, **kwargs: algorithms._SEEDInternal( - binascii.unhexlify((key)) - ), - lambda **kwargs: modes.ECB(), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._SEEDInternal(b"\x00" * 16), modes.CBC(b"\x00" * 16) - ), - skip_message="Does not support SEED CBC", -) -class TestSEEDModeCBC: - test_cbc = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "SEED"), - ["rfc-4196.txt"], - lambda key, **kwargs: algorithms._SEEDInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._SEEDInternal(b"\x00" * 16), modes.OFB(b"\x00" * 16) - ), - skip_message="Does not support SEED OFB", -) -class TestSEEDModeOFB: - test_ofb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "SEED"), - ["seed-ofb.txt"], - lambda key, **kwargs: algorithms._SEEDInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - ) - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms._SEEDInternal(b"\x00" * 16), modes.CFB(b"\x00" * 16) - ), - skip_message="Does not support SEED CFB", -) -class TestSEEDModeCFB: - test_cfb = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "SEED"), - ["seed-cfb.txt"], - lambda key, **kwargs: algorithms._SEEDInternal( - binascii.unhexlify((key)) - ), - lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - ) diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 3a08d55..51fcc35 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -13,17 +13,16 @@ from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, - ed25519, ed448, + ed25519, rsa, - x25519, x448, + x25519, ) from cryptography.hazmat.primitives.hashes import SHA1 from cryptography.hazmat.primitives.serialization import ( BestAvailableEncryption, Encoding, - KeySerializationEncryption, NoEncryption, PrivateFormat, PublicFormat, @@ -33,21 +32,17 @@ load_pem_parameters, load_pem_private_key, load_pem_public_key, - load_ssh_private_key, - load_ssh_public_key, - ssh, ) from cryptography.hazmat.primitives.serialization.pkcs12 import PBES - -from .fixtures_rsa import RSA_KEY_2048 +from ...utils import load_vectors_from_file from .test_ec import _skip_curve_unsupported -from .utils import ( - _check_dsa_private_numbers, - _check_rsa_private_numbers, -) -from ...doubles import DummyKeySerializationEncryption -from ...utils import load_vectors_from_file, raises_unsupported_algorithm +from .test_rsa import rsa_key_2048 +from .utils import _check_dsa_private_numbers, _check_rsa_private_numbers + +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_2048"] def _skip_fips_format(key_path, password, backend): @@ -86,7 +81,9 @@ def test_load_der_rsa_private_key(self, key_path, password, backend): lambda derfile: derfile.read(), mode="rb", ) - key = load_der_private_key(bytearray(data), password, backend) + key = load_der_private_key( + bytearray(data), password, unsafe_skip_rsa_key_validation=True + ) assert key assert isinstance(key, rsa.RSAPrivateKey) _check_rsa_private_numbers(key.private_numbers()) @@ -114,7 +111,9 @@ def test_load_pem_rsa_private_key(self, key_path, password, backend): lambda pemfile: pemfile.read(), mode="rb", ) - key = load_pem_private_key(bytearray(data), password, backend) + key = load_pem_private_key( + bytearray(data), password, unsafe_skip_rsa_key_validation=True + ) assert key assert isinstance(key, rsa.RSAPrivateKey) _check_rsa_private_numbers(key.private_numbers()) @@ -135,7 +134,7 @@ def test_load_der_rsa_private_key(self, key_path, password, backend): key = load_vectors_from_file( os.path.join("asymmetric", *key_path), lambda derfile: load_der_private_key( - derfile.read(), password, backend + derfile.read(), password, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -396,6 +395,10 @@ def test_load_ec_public_key(self, backend): assert key.curve.name == "secp256r1" assert key.curve.key_size == 256 + @pytest.mark.supported( + only_if=lambda backend: backend.dh_supported(), + skip_message="DH not supported", + ) def test_wrong_parameters_format(self, backend): param_data = b"---- NOT A KEY ----\n" @@ -435,7 +438,9 @@ def test_load_pem_rsa_private_key(self, key_file, password, backend): key = load_vectors_from_file( os.path.join("asymmetric", *key_file), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), password, backend + pemfile.read().encode(), + password, + unsafe_skip_rsa_key_validation=True, ), ) @@ -501,6 +506,11 @@ def test_load_pem_ec_private_key(self, key_path, password, backend): "asymmetric", "PEM_Serialization", "rsa_public_key.pem" ), os.path.join("asymmetric", "public", "PKCS1", "rsa.pub.pem"), + os.path.join( + "asymmetric", + "PEM_Serialization", + "rsa_wrong_delimiter_public_key.pem", + ), ], ) def test_load_pem_rsa_public_key(self, key_file, backend): @@ -515,13 +525,26 @@ def test_load_pem_rsa_public_key(self, key_file, backend): numbers = key.public_numbers() assert numbers.e == 65537 - def test_load_priv_key_with_public_key_api_fails(self, backend): + def test_load_pem_public_fails_with_ec_key_with_rsa_delimiter(self): + with pytest.raises(ValueError): + load_vectors_from_file( + os.path.join( + "asymmetric", + "PEM_Serialization", + "ec_public_key_rsa_delimiter.pem", + ), + lambda pemfile: load_pem_public_key(pemfile.read().encode()), + ) + + def test_load_priv_key_with_public_key_api_fails( + self, rsa_key_2048, backend + ): # In OpenSSL 3.0.x the PEM_read_bio_PUBKEY function will invoke # the default password callback if you pass an encrypted private # key. This is very, very, very bad as the default callback can # trigger an interactive console prompt, which will hang the # Python process. This test makes sure we don't do that. - priv_key_serialized = RSA_KEY_2048.private_key().private_bytes( + priv_key_serialized = rsa_key_2048.private_bytes( Encoding.PEM, PrivateFormat.PKCS8, BestAvailableEncryption(b"password"), @@ -576,7 +599,9 @@ def test_rsa_traditional_encrypted_values(self, backend): "asymmetric", "Traditional_OpenSSL_Serialization", "key1.pem" ), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), b"123456", backend + pemfile.read().encode(), + b"123456", + unsafe_skip_rsa_key_validation=True, ), ) assert isinstance(pkey, rsa.RSAPrivateKey) @@ -640,7 +665,7 @@ def test_invalid_encoding_with_traditional(self, backend): key = load_vectors_from_file( key_file, lambda pemfile: load_pem_private_key( - pemfile.read(), None, backend + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -729,6 +754,10 @@ def test_wrong_public_format(self, backend): with pytest.raises(ValueError): load_pem_public_key(key_data, backend) + @pytest.mark.supported( + only_if=lambda backend: backend.dh_supported(), + skip_message="DH not supported", + ) def test_wrong_parameters_format(self, backend): param_data = b"---- NOT A KEY ----\n" @@ -875,7 +904,9 @@ def test_rsa_pkcs8_encrypted_values(self, backend): pkey = load_vectors_from_file( os.path.join("asymmetric", "PKCS8", "enc-rsa-pkcs8.pem"), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), b"foobar", backend + pemfile.read().encode(), + b"foobar", + unsafe_skip_rsa_key_validation=True, ), ) assert isinstance(pkey, rsa.RSAPrivateKey) @@ -1014,410 +1045,6 @@ def test_load_bad_encryption_oid_key(self, key_file, password, backend): ) -class TestRSASSHSerialization: - def test_load_ssh_public_key_unsupported(self, backend): - ssh_key = b"ecdsa-sha2-junk AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY=" - - with raises_unsupported_algorithm(None): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_bad_format(self, backend): - ssh_key = b"ssh-rsa not-a-real-key" - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_rsa_too_short(self, backend): - ssh_key = b"ssh-rsa" - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_truncated_int(self, backend): - ssh_key = b"ssh-rsa AAAAB3NzaC1yc2EAAAA=" - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - ssh_key = b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAACKr+IHXo" - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_rsa_comment_with_spaces(self, backend): - ssh_key = ( - b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDu/XRP1kyK6Cgt36gts9XAk" - b"FiiuJLW6RU0j3KKVZSs1I7Z3UmU9/9aVh/rZV43WQG8jaR6kkcP4stOR0DEtll" - b"PDA7ZRBnrfiHpSQYQ874AZaAoIjgkv7DBfsE6gcDQLub0PFjWyrYQUJhtOLQEK" - b"vY/G0vt2iRL3juawWmCFdTK3W3XvwAdgGk71i6lHt+deOPNEPN2H58E4odrZ2f" - b"sxn/adpDqfb2sM0kPwQs0aWvrrKGvUaustkivQE4XWiSFnB0oJB/lKK/CKVKuy" - b"///ImSCGHQRvhwariN2tvZ6CBNSLh3iQgeB0AkyJlng7MXB2qYq/Ci2FUOryCX" - # Extra section appended - b"2MzHvnbv testkey@localhost extra" - ) - - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_rsa_extra_data_after_modulo(self, backend): - ssh_key = ( - b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDu/XRP1kyK6Cgt36gts9XAk" - b"FiiuJLW6RU0j3KKVZSs1I7Z3UmU9/9aVh/rZV43WQG8jaR6kkcP4stOR0DEtll" - b"PDA7ZRBnrfiHpSQYQ874AZaAoIjgkv7DBfsE6gcDQLub0PFjWyrYQUJhtOLQEK" - b"vY/G0vt2iRL3juawWmCFdTK3W3XvwAdgGk71i6lHt+deOPNEPN2H58E4odrZ2f" - b"sxn/adpDqfb2sM0kPwQs0aWvrrKGvUaustkivQE4XWiSFnB0oJB/lKK/CKVKuy" - b"///ImSCGHQRvhwariN2tvZ6CBNSLh3iQgeB0AkyJlng7MXB2qYq/Ci2FUOryCX" - b"2MzHvnbvAQ== testkey@localhost" - ) - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_rsa_different_string(self, backend): - ssh_key = ( - # "AAAAB3NzA" the final A is capitalized here to cause the string - # ssh-rsa inside the base64 encoded blob to be incorrect. It should - # be a lower case 'a'. - b"ssh-rsa AAAAB3NzAC1yc2EAAAADAQABAAABAQDDu/XRP1kyK6Cgt36gts9XAk" - b"FiiuJLW6RU0j3KKVZSs1I7Z3UmU9/9aVh/rZV43WQG8jaR6kkcP4stOR0DEtll" - b"PDA7ZRBnrfiHpSQYQ874AZaAoIjgkv7DBfsE6gcDQLub0PFjWyrYQUJhtOLQEK" - b"vY/G0vt2iRL3juawWmCFdTK3W3XvwAdgGk71i6lHt+deOPNEPN2H58E4odrZ2f" - b"sxn/adpDqfb2sM0kPwQs0aWvrrKGvUaustkivQE4XWiSFnB0oJB/lKK/CKVKuy" - b"///ImSCGHQRvhwariN2tvZ6CBNSLh3iQgeB0AkyJlng7MXB2qYq/Ci2FUOryCX" - b"2MzHvnbvAQ== testkey@localhost" - ) - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_rsa(self, backend): - ssh_key = ( - b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDu/XRP1kyK6Cgt36gts9XAk" - b"FiiuJLW6RU0j3KKVZSs1I7Z3UmU9/9aVh/rZV43WQG8jaR6kkcP4stOR0DEtll" - b"PDA7ZRBnrfiHpSQYQ874AZaAoIjgkv7DBfsE6gcDQLub0PFjWyrYQUJhtOLQEK" - b"vY/G0vt2iRL3juawWmCFdTK3W3XvwAdgGk71i6lHt+deOPNEPN2H58E4odrZ2f" - b"sxn/adpDqfb2sM0kPwQs0aWvrrKGvUaustkivQE4XWiSFnB0oJB/lKK/CKVKuy" - b"///ImSCGHQRvhwariN2tvZ6CBNSLh3iQgeB0AkyJlng7MXB2qYq/Ci2FUOryCX" - b"2MzHvnbv testkey@localhost" - ) - - key = load_ssh_public_key(ssh_key, backend) - - assert key is not None - assert isinstance(key, rsa.RSAPublicKey) - - numbers = key.public_numbers() - - expected_e = 0x10001 - expected_n = int( - "00C3BBF5D13F59322BA0A0B77EA0B6CF570241628AE24B5BA454D" - "23DCA295652B3523B67752653DFFD69587FAD9578DD6406F23691" - "EA491C3F8B2D391D0312D9653C303B651067ADF887A5241843CEF" - "8019680A088E092FEC305FB04EA070340BB9BD0F1635B2AD84142" - "61B4E2D010ABD8FC6D2FB768912F78EE6B05A60857532B75B75EF" - "C007601A4EF58BA947B7E75E38F3443CDD87E7C138A1DAD9D9FB3" - "19FF69DA43A9F6F6B0CD243F042CD1A5AFAEB286BD46AEB2D922B" - "D01385D6892167074A0907F94A2BF08A54ABB2FFFFC89920861D0" - "46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31" - "7076A98ABF0A2D8550EAF2097D8CCC7BE76EF", - 16, - ) - - expected = rsa.RSAPublicNumbers(expected_e, expected_n) - - assert numbers == expected - - -class TestDSSSSHSerialization: - def test_load_ssh_public_key_dss_too_short(self, backend): - ssh_key = b"ssh-dss" - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_dss_comment_with_spaces(self, backend): - ssh_key = ( - b"ssh-dss AAAAB3NzaC1kc3MAAACBALmwUtfwdjAUjU2Dixd5DvT0NDcjjr69UD" - b"LqSD/Xt5Al7D3GXr1WOrWGpjO0NE9qzRCvMTU7zykRH6XjuNXB6Hvv48Zfm4vm" - b"nHQHFmmMg2bI75JbnOwdzWnnPZJrVU4rS23dFFPqs5ug+EbhVVrcwzxahjcSjJ" - b"7WEQSkVQWnSPbbAAAAFQDXmpD3DIkGvLSBf1GdUF4PHKtUrQAAAIB/bJFwss+2" - b"fngmfG/Li5OyL7A9iVoGdkUaFaxEUROTp7wkm2z49fXFAir+/U31v50Tu98YLf" - b"WvKlxdHcdgQYV9Ww5LIrhWwwD4UKOwC6w5S3KHVbi3pWUi7vxJFXOWfeu1mC/J" - b"TWqMKR91j+rmOtdppWIZRyIVIqLcMdGO3m+2VgAAAIANFDz5KQH5NvoljpoRQi" - b"RgyPjxWXiE7vjLElKj4v8KrpanAywBzdhIW1y/tzpGuwRwj5ihi8iNTHgSsoTa" - b"j5AG5HPomJf5vJElxpu/2O9pHA52wcNObIQ7j+JA5uWusxNIbl+pF6sSiP8abr" - b"z53N7tPF/IhHTjBHb1Ol7IFu9p9A== testkey@localhost extra" - ) - - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_dss_extra_data_after_modulo(self, backend): - ssh_key = ( - b"ssh-dss AAAAB3NzaC1kc3MAAACBALmwUtfwdjAUjU2Dixd5DvT0NDcjjr69UD" - b"LqSD/Xt5Al7D3GXr1WOrWGpjO0NE9qzRCvMTU7zykRH6XjuNXB6Hvv48Zfm4vm" - b"nHQHFmmMg2bI75JbnOwdzWnnPZJrVU4rS23dFFPqs5ug+EbhVVrcwzxahjcSjJ" - b"7WEQSkVQWnSPbbAAAAFQDXmpD3DIkGvLSBf1GdUF4PHKtUrQAAAIB/bJFwss+2" - b"fngmfG/Li5OyL7A9iVoGdkUaFaxEUROTp7wkm2z49fXFAir+/U31v50Tu98YLf" - b"WvKlxdHcdgQYV9Ww5LIrhWwwD4UKOwC6w5S3KHVbi3pWUi7vxJFXOWfeu1mC/J" - b"TWqMKR91j+rmOtdppWIZRyIVIqLcMdGO3m+2VgAAAIANFDz5KQH5NvoljpoRQi" - b"RgyPjxWXiE7vjLElKj4v8KrpanAywBzdhIW1y/tzpGuwRwj5ihi8iNTHgSsoTa" - b"j5AG5HPomJf5vJElxpu/2O9pHA52wcNObIQ7j+JA5uWusxNIbl+pF6sSiP8abr" - b"z53N7tPF/IhHTjBHb1Ol7IFu9p9AAwMD== testkey@localhost" - ) - - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_dss_different_string(self, backend): - ssh_key = ( - # "AAAAB3NzA" the final A is capitalized here to cause the string - # ssh-dss inside the base64 encoded blob to be incorrect. It should - # be a lower case 'a'. - b"ssh-dss AAAAB3NzAC1kc3MAAACBALmwUtfwdjAUjU2Dixd5DvT0NDcjjr69UD" - b"LqSD/Xt5Al7D3GXr1WOrWGpjO0NE9qzRCvMTU7zykRH6XjuNXB6Hvv48Zfm4vm" - b"nHQHFmmMg2bI75JbnOwdzWnnPZJrVU4rS23dFFPqs5ug+EbhVVrcwzxahjcSjJ" - b"7WEQSkVQWnSPbbAAAAFQDXmpD3DIkGvLSBf1GdUF4PHKtUrQAAAIB/bJFwss+2" - b"fngmfG/Li5OyL7A9iVoGdkUaFaxEUROTp7wkm2z49fXFAir+/U31v50Tu98YLf" - b"WvKlxdHcdgQYV9Ww5LIrhWwwD4UKOwC6w5S3KHVbi3pWUi7vxJFXOWfeu1mC/J" - b"TWqMKR91j+rmOtdppWIZRyIVIqLcMdGO3m+2VgAAAIANFDz5KQH5NvoljpoRQi" - b"RgyPjxWXiE7vjLElKj4v8KrpanAywBzdhIW1y/tzpGuwRwj5ihi8iNTHgSsoTa" - b"j5AG5HPomJf5vJElxpu/2O9pHA52wcNObIQ7j+JA5uWusxNIbl+pF6sSiP8abr" - b"z53N7tPF/IhHTjBHb1Ol7IFu9p9A== testkey@localhost" - ) - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_dss(self, backend): - ssh_key = ( - b"ssh-dss AAAAB3NzaC1kc3MAAACBALmwUtfwdjAUjU2Dixd5DvT0NDcjjr69UD" - b"LqSD/Xt5Al7D3GXr1WOrWGpjO0NE9qzRCvMTU7zykRH6XjuNXB6Hvv48Zfm4vm" - b"nHQHFmmMg2bI75JbnOwdzWnnPZJrVU4rS23dFFPqs5ug+EbhVVrcwzxahjcSjJ" - b"7WEQSkVQWnSPbbAAAAFQDXmpD3DIkGvLSBf1GdUF4PHKtUrQAAAIB/bJFwss+2" - b"fngmfG/Li5OyL7A9iVoGdkUaFaxEUROTp7wkm2z49fXFAir+/U31v50Tu98YLf" - b"WvKlxdHcdgQYV9Ww5LIrhWwwD4UKOwC6w5S3KHVbi3pWUi7vxJFXOWfeu1mC/J" - b"TWqMKR91j+rmOtdppWIZRyIVIqLcMdGO3m+2VgAAAIANFDz5KQH5NvoljpoRQi" - b"RgyPjxWXiE7vjLElKj4v8KrpanAywBzdhIW1y/tzpGuwRwj5ihi8iNTHgSsoTa" - b"j5AG5HPomJf5vJElxpu/2O9pHA52wcNObIQ7j+JA5uWusxNIbl+pF6sSiP8abr" - b"z53N7tPF/IhHTjBHb1Ol7IFu9p9A== testkey@localhost" - ) - - key = load_ssh_public_key(ssh_key, backend) - - assert key is not None - assert isinstance(key, dsa.DSAPublicKey) - - numbers = key.public_numbers() - - expected_y = int( - "d143cf92901f936fa258e9a11422460c8f8f1597884eef8cb1252a3e2ff0aae" - "96a7032c01cdd8485b5cbfb73a46bb04708f98a18bc88d4c7812b284da8f900" - "6e473e89897f9bc9125c69bbfd8ef691c0e76c1c34e6c843b8fe240e6e5aeb3" - "13486e5fa917ab1288ff1a6ebcf9dcdeed3c5fc88474e30476f53a5ec816ef6" - "9f4", - 16, - ) - expected_p = int( - "b9b052d7f07630148d4d838b17790ef4f43437238ebebd5032ea483fd7b7902" - "5ec3dc65ebd563ab586a633b4344f6acd10af31353bcf29111fa5e3b8d5c1e8" - "7befe3c65f9b8be69c740716698c8366c8ef925b9cec1dcd69e73d926b554e2" - "b4b6ddd1453eab39ba0f846e1555adcc33c5a8637128c9ed61104a45505a748" - "f6db", - 16, - ) - expected_q = 1230879958723280233885494314531920096931919647917 - expected_g = int( - "7f6c9170b2cfb67e78267c6fcb8b93b22fb03d895a0676451a15ac44511393a" - "7bc249b6cf8f5f5c5022afefd4df5bf9d13bbdf182df5af2a5c5d1dc7604185" - "7d5b0e4b22b856c300f850a3b00bac394b728755b8b7a56522eefc491573967" - "debb5982fc94d6a8c291f758feae63ad769a5621947221522a2dc31d18ede6f" - "b656", - 16, - ) - expected = dsa.DSAPublicNumbers( - expected_y, - dsa.DSAParameterNumbers(expected_p, expected_q, expected_g), - ) - - assert numbers == expected - - -class TestECDSASSHSerialization: - def test_load_ssh_public_key_ecdsa_nist_p256(self, backend): - _skip_curve_unsupported(backend, ec.SECP256R1()) - - ssh_key = ( - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTYAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01" - ) - key = load_ssh_public_key(ssh_key, backend) - assert isinstance(key, ec.EllipticCurvePublicKey) - - expected_x = int( - "44196257377740326295529888716212621920056478823906609851236662550" - "785814128027", - 10, - ) - expected_y = int( - "12257763433170736656417248739355923610241609728032203358057767672" - "925775019611", - 10, - ) - - assert key.public_numbers() == ec.EllipticCurvePublicNumbers( - expected_x, expected_y, ec.SECP256R1() - ) - - def test_load_ssh_public_key_byteslike(self, backend): - _skip_curve_unsupported(backend, ec.SECP256R1()) - - ssh_key = ( - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTYAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01" - ) - assert load_ssh_public_key(bytearray(ssh_key), backend) - assert load_ssh_public_key(memoryview(ssh_key), backend) - assert load_ssh_public_key(memoryview(bytearray(ssh_key)), backend) - - def test_load_ssh_public_key_ecdsa_nist_p384(self, backend): - _skip_curve_unsupported(backend, ec.SECP384R1()) - ssh_key = ( - b"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAz" - b"ODQAAABhBMzucOm9wbwg4iMr5QL0ya0XNQGXpw4wM5f12E3tWhdcrzyGHyel71t1" - b"4bvF9JZ2/WIuSxUr33XDl8jYo+lMQ5N7Vanc7f7i3AR1YydatL3wQfZStQ1I3rBa" - b"qQtRSEU8Tg== root@cloud-server-01" - ) - key = load_ssh_public_key(ssh_key, backend) - assert isinstance(key, ec.EllipticCurvePublicKey) - - expected_x = int( - "31541830871345183397582554827482786756220448716666815789487537666" - "592636882822352575507883817901562613492450642523901", - 10, - ) - expected_y = int( - "15111413269431823234030344298767984698884955023183354737123929430" - "995703524272335782455051101616329050844273733614670", - 10, - ) - - assert key.public_numbers() == ec.EllipticCurvePublicNumbers( - expected_x, expected_y, ec.SECP384R1() - ) - - def test_load_ssh_public_key_ecdsa_nist_p521(self, backend): - _skip_curve_unsupported(backend, ec.SECP521R1()) - ssh_key = ( - b"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1" - b"MjEAAACFBAGTrRhMSEgF6Ni+PXNz+5fjS4lw3ypUILVVQ0Av+0hQxOx+MyozELon" - b"I8NKbrbBjijEs1GuImsmkTmWsMXS1j2A7wB4Kseh7W9KA9IZJ1+TMrzWUEwvOOXi" - b"wT23pbaWWXG4NaM7vssWfZBnvz3S174TCXnJ+DSccvWBFnKP0KchzLKxbg== " - b"root@cloud-server-01" - ) - key = load_ssh_public_key(ssh_key, backend) - assert isinstance(key, ec.EllipticCurvePublicKey) - - expected_x = int( - "54124123120178189598842622575230904027376313369742467279346415219" - "77809037378785192537810367028427387173980786968395921877911964629" - "142163122798974160187785455", - 10, - ) - expected_y = int( - "16111775122845033200938694062381820957441843014849125660011303579" - "15284560361402515564433711416776946492019498546572162801954089916" - "006665939539407104638103918", - 10, - ) - - assert key.public_numbers() == ec.EllipticCurvePublicNumbers( - expected_x, expected_y, ec.SECP521R1() - ) - - def test_load_ssh_public_key_ecdsa_nist_p256_trailing_data(self, backend): - ssh_key = ( - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTYAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCFPltB= root@cloud-server-01" - ) - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_ecdsa_nist_p256_missing_data(self, backend): - ssh_key = ( - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTYAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCF= root@cloud-server-01" - ) - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_ecdsa_nist_p256_compressed(self, backend): - # If we ever implement compressed points, note that this is not a valid - # one, it just has the compressed marker in the right place. - ssh_key = ( - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTYAAABBAWG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01" - ) - with pytest.raises(NotImplementedError): - load_ssh_public_key(ssh_key, backend) - - def test_load_ssh_public_key_ecdsa_nist_p256_bad_curve_name(self, backend): - ssh_key = ( - # The curve name in here is changed to be "nistp255". - b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy" - b"NTUAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5" - b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01" - ) - with pytest.raises(ValueError): - load_ssh_public_key(ssh_key, backend) - - -@pytest.mark.supported( - only_if=lambda backend: backend.ed25519_supported(), - skip_message="Requires OpenSSL with Ed25519 support", -) -class TestEd25519SSHSerialization: - def test_load_ssh_public_key(self, backend): - ssh_key = ( - b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG2fgpmpYO61qeAxGd0wgRaN/E4" - b"GR+xWvBmvxjxrB1vG user@chiron.local" - ) - key = load_ssh_public_key(ssh_key, backend) - assert isinstance(key, ed25519.Ed25519PublicKey) - assert key.public_bytes(Encoding.Raw, PublicFormat.Raw) == ( - b"m\x9f\x82\x99\xa9`\xee\xb5\xa9\xe01\x19\xdd0\x81\x16\x8d\xfc" - b"N\x06G\xecV\xbc\x19\xaf\xc6 int: + """ + Compute the RSA private_exponent (d) given the public exponent (e) + and the RSA primes p and q, following the usage of the original + RSA paper. + + As in the original RSA paper, this uses the Euler totient function + instead of the Carmichael totient function, and thus may generate a + larger value of the private exponent than necessary. + + See cryptography.hazmat.primitives.asymmetric.rsa_recover_private_exponent + for the public-facing version of this function, which uses the + preferred Carmichael totient function. + """ + phi_n = (p - 1) * (q - 1) + return rsa._modinv(e, phi_n) + + def _check_rsa_private_numbers(skey): assert skey pkey = skey.public_numbers assert pkey assert pkey.e assert pkey.n - assert skey.d + + # Historically there have been two ways to calculate valid values of the + # private_exponent (d) given the public exponent (e): + # - using the Carmichael totient function (gives smaller and more + # computationally-efficient values, and is required by some standards) + # - using the Euler totient function (matching the original RSA paper) + # Allow for either here. + assert skey.d in ( + rsa.rsa_recover_private_exponent(pkey.e, skey.p, skey.q), + _rsa_recover_euler_private_exponent(pkey.e, skey.p, skey.q), + ) + assert skey.p * skey.q == pkey.n assert skey.dmp1 == rsa.rsa_crt_dmp1(skey.d, skey.p) assert skey.dmq1 == rsa.rsa_crt_dmq1(skey.d, skey.q) @@ -572,8 +579,3 @@ def skip_fips_traditional_openssl(backend, fmt): pytest.skip( "Traditional OpenSSL key format is not supported in FIPS mode." ) - - -def skip_signature_hash(backend, hash_alg: hashes.HashAlgorithm): - if not backend.signature_hash_supported(hash_alg): - pytest.skip(f"{hash_alg} is not a supported signature hash algorithm.") diff --git a/tests/hazmat/test_oid.py b/tests/hazmat/test_oid.py index 8fa7d2b..f537abc 100644 --- a/tests/hazmat/test_oid.py +++ b/tests/hazmat/test_oid.py @@ -2,6 +2,7 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. +import copy import pytest @@ -12,6 +13,15 @@ def test_basic_oid(): assert ObjectIdentifier("1.2.3.4").dotted_string == "1.2.3.4" +def test_oid_equal(): + assert ObjectIdentifier("1.2.3.4") == ObjectIdentifier("1.2.3.4") + + +def test_oid_deepcopy(): + oid = ObjectIdentifier("1.2.3.4") + assert oid == copy.deepcopy(oid) + + def test_oid_constraint(): # Too short with pytest.raises(ValueError): diff --git a/tests/hypothesis/test_fernet.py b/tests/hypothesis/test_fernet.py deleted file mode 100644 index 75195f5..0000000 --- a/tests/hypothesis/test_fernet.py +++ /dev/null @@ -1,16 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from hypothesis import HealthCheck, given, settings -from hypothesis.strategies import binary - -from cryptography.fernet import Fernet - - -@settings(suppress_health_check=[HealthCheck.too_slow], deadline=None) -@given(binary()) -def test_fernet(data): - f = Fernet(Fernet.generate_key()) - ct = f.encrypt(data) - assert f.decrypt(ct) == data diff --git a/tests/hypothesis/test_padding.py b/tests/hypothesis/test_padding.py deleted file mode 100644 index 74a58eb..0000000 --- a/tests/hypothesis/test_padding.py +++ /dev/null @@ -1,34 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from hypothesis import HealthCheck, given, settings -from hypothesis.strategies import binary, integers - -from cryptography.hazmat.primitives.padding import ANSIX923, PKCS7 - - -@settings(suppress_health_check=[HealthCheck.too_slow], deadline=None) -@given(integers(min_value=1, max_value=255), binary()) -def test_pkcs7(block_size, data): - # Generate in [1, 31] so we can easily get block_size in bits by - # multiplying by 8. - p = PKCS7(block_size=block_size * 8) - padder = p.padder() - unpadder = p.unpadder() - - padded = padder.update(data) + padder.finalize() - - assert unpadder.update(padded) + unpadder.finalize() == data - - -@settings(suppress_health_check=[HealthCheck.too_slow]) -@given(integers(min_value=1, max_value=255), binary()) -def test_ansix923(block_size, data): - a = ANSIX923(block_size=block_size * 8) - padder = a.padder() - unpadder = a.unpadder() - - padded = padder.update(data) + padder.finalize() - - assert unpadder.update(padded) + unpadder.finalize() == data diff --git a/tests/hypothesis/test_x509.py b/tests/hypothesis/test_x509.py deleted file mode 100644 index 02d6725..0000000 --- a/tests/hypothesis/test_x509.py +++ /dev/null @@ -1,22 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from hypothesis import HealthCheck, example, given, settings -from hypothesis.strategies import text - -from cryptography import x509 - - -@settings(suppress_health_check=[HealthCheck.too_slow], deadline=None) -@given(text()) -@example("CN=cryptography.io") -def test_name_from_rfc4514(data): - try: - x509.Name.from_rfc4514_string(data) - except ValueError: - return - - # Can't assert that it round-trips because of things like "OID=value" - # where OID is one of the known OIDs that serializes to a known value - # (e.g. CN) diff --git a/tests/test_cryptography_utils.py b/tests/test_cryptography_utils.py index 065da7b..98fd616 100644 --- a/tests/test_cryptography_utils.py +++ b/tests/test_cryptography_utils.py @@ -56,9 +56,9 @@ def t(self): def test_enum(): class TestEnum(utils.Enum): - value = "something" + something = "something" assert issubclass(TestEnum, enum.Enum) - assert isinstance(TestEnum.value, enum.Enum) - assert repr(TestEnum.value) == "" - assert str(TestEnum.value) == "TestEnum.value" + assert isinstance(TestEnum.something, enum.Enum) + assert repr(TestEnum.something) == "" + assert str(TestEnum.something) == "TestEnum.something" diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 58dd772..7ebab3e 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -4,22 +4,18 @@ import base64 -import calendar +import datetime import json import os import time -import iso8601 - import pretend - import pytest +import cryptography_vectors from cryptography.fernet import Fernet, InvalidToken, MultiFernet from cryptography.hazmat.primitives.ciphers import algorithms, modes -import cryptography_vectors - def json_parametrize(keys, filename): vector_file = cryptography_vectors.open_vector_file( @@ -49,7 +45,7 @@ def test_generate(self, secret, now, iv, src, token, backend): f = Fernet(secret.encode("ascii"), backend=backend) actual_token = f._encrypt_from_parts( src.encode("ascii"), - calendar.timegm(iso8601.parse_date(now).utctimetuple()), + int(datetime.datetime.fromisoformat(now).timestamp()), bytes(iv), ) assert actual_token == token.encode("ascii") @@ -63,7 +59,7 @@ def test_verify( ): # secret & token are both str f = Fernet(secret.encode("ascii"), backend=backend) - current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) + current_time = int(datetime.datetime.fromisoformat(now).timestamp()) payload = f.decrypt_at_time( token, # str ttl=ttl_sec, @@ -89,7 +85,7 @@ def test_verify( @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): f = Fernet(secret.encode("ascii"), backend=backend) - current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) + current_time = int(datetime.datetime.fromisoformat(now).timestamp()) with pytest.raises(InvalidToken): f.decrypt_at_time( token.encode("ascii"), @@ -131,7 +127,7 @@ def test_timestamp_ignored_no_ttl(self, monkeypatch, backend): monkeypatch.setattr(time, "time", pretend.raiser(ValueError)) assert f.decrypt(token, ttl=None) == pt - def test_ttl_required_in_decrypt_at_time(self, monkeypatch, backend): + def test_ttl_required_in_decrypt_at_time(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) pt = b"encrypt me" token = f.encrypt(pt) @@ -142,7 +138,7 @@ def test_ttl_required_in_decrypt_at_time(self, monkeypatch, backend): current_time=int(time.time()), ) - @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) + @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xff\x00\x80"]) def test_roundtrips(self, message, backend): f = Fernet(Fernet.generate_key(), backend=backend) assert f.decrypt(f.encrypt(message)) == message @@ -152,7 +148,7 @@ def test_bad_key(self, backend, key): with pytest.raises(ValueError): Fernet(key, backend=backend) - def test_extract_timestamp(self, monkeypatch, backend): + def test_extract_timestamp(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) current_time = 1526138327 token = f.encrypt_at_time(b"encrypt me", current_time) @@ -202,7 +198,9 @@ def test_decrypt_at_time(self, backend): f.decrypt_at_time(token, ttl=1, current_time=102) with pytest.raises(ValueError): f.decrypt_at_time( - token, ttl=None, current_time=100 # type: ignore[arg-type] + token, + ttl=None, # type: ignore[arg-type] + current_time=100, ) def test_no_fernets(self, backend): @@ -252,7 +250,7 @@ def test_rotate_str(self, backend): with pytest.raises(InvalidToken): mf1.decrypt(rotated) - def test_rotate_preserves_timestamp(self, backend, monkeypatch): + def test_rotate_preserves_timestamp(self, backend): f1 = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) f2 = Fernet(base64.urlsafe_b64encode(b"\x01" * 32), backend=backend) diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py deleted file mode 100644 index 3e09334..0000000 --- a/tests/test_interfaces.py +++ /dev/null @@ -1,80 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import abc - -import pytest - -from cryptography.utils import ( - InterfaceNotImplemented, - verify_interface, -) - - -class TestVerifyInterface: - def test_verify_missing_method(self): - class SimpleInterface(metaclass=abc.ABCMeta): - @abc.abstractmethod - def method(self): - """A simple method""" - - class NonImplementer: - pass - - with pytest.raises(InterfaceNotImplemented): - verify_interface(SimpleInterface, NonImplementer) - - def test_different_arguments(self): - class SimpleInterface(metaclass=abc.ABCMeta): - @abc.abstractmethod - def method(self, a): - """Method with one argument""" - - class NonImplementer: - def method(self): - """Method with no arguments""" - - # Invoke this to ensure the line is covered - NonImplementer().method() - with pytest.raises(InterfaceNotImplemented): - verify_interface(SimpleInterface, NonImplementer) - - def test_handles_abstract_property(self): - class SimpleInterface(metaclass=abc.ABCMeta): - @abc.abstractproperty - def property(self): - """An abstract property""" - - class NonImplementer: - @property - def property(self): - """A concrete property""" - - # Invoke this to ensure the line is covered - NonImplementer().property - verify_interface(SimpleInterface, NonImplementer) - - def test_signature_mismatch(self): - class SimpleInterface(metaclass=abc.ABCMeta): - @abc.abstractmethod - def method(self, other: object): - """Method with signature""" - - class ClassWithoutSignature: - def method(self, other): - """Method without signature""" - - class ClassWithSignature: - def method(self, other: object): - """Method with signature""" - - verify_interface(SimpleInterface, ClassWithoutSignature) - verify_interface(SimpleInterface, ClassWithSignature) - with pytest.raises(InterfaceNotImplemented): - verify_interface( - SimpleInterface, ClassWithoutSignature, check_annotations=True - ) - verify_interface( - SimpleInterface, ClassWithSignature, check_annotations=True - ) diff --git a/tests/test_rust_utils.py b/tests/test_rust_utils.py deleted file mode 100644 index 99ddfb0..0000000 --- a/tests/test_rust_utils.py +++ /dev/null @@ -1,71 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import gc -import threading - -from cryptography.hazmat.bindings._rust import FixedPool - - -class TestFixedPool: - def test_basic(self): - c = 0 - events = [] - - def create(): - nonlocal c - c += 1 - events.append(("create", c)) - return c - - def destroy(c): - events.append(("destroy", c)) - - pool = FixedPool(create, destroy) - assert events == [("create", 1)] - with pool.acquire() as c: - assert c == 1 - assert events == [("create", 1)] - - with pool.acquire() as c: - assert c == 2 - assert events == [("create", 1), ("create", 2)] - - assert events == [("create", 1), ("create", 2), ("destroy", 2)] - - assert events == [("create", 1), ("create", 2), ("destroy", 2)] - - del pool - gc.collect() - gc.collect() - gc.collect() - - assert events == [ - ("create", 1), - ("create", 2), - ("destroy", 2), - ("destroy", 1), - ] - - def test_thread_stress(self): - def create(): - return None - - def destroy(c): - pass - - pool = FixedPool(create, destroy) - - def thread_fn(): - with pool.acquire(): - pass - - threads = [] - for i in range(1024): - t = threading.Thread(target=thread_fn) - t.start() - threads.append(t) - - for t in threads: - t.join() diff --git a/tests/test_utils.py b/tests/test_utils.py index 8b07c91..5e5f506 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -9,14 +9,12 @@ import textwrap import pretend - import pytest import cryptography import cryptography.utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons - import cryptography_vectors +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from . import deprecated_module from .utils import ( @@ -41,6 +39,13 @@ ) +def test_int_to_bytes_rejects_zero_length(): + with pytest.raises(ValueError): + cryptography.utils.int_to_bytes(123, 0) + with pytest.raises(ValueError): + cryptography.utils.int_to_bytes(0, 0) + + def test_check_backend_support_skip(): supported = pretend.stub( kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} @@ -2723,7 +2728,7 @@ def test_load_fips_ecdsa_key_pair_vectors(): { "curve": "sect233k1", "d": int( - "1da7422b50e3ff051f2aaaed10acea6cbf6110c517da2f4e" "aca8b5b87", + "1da7422b50e3ff051f2aaaed10acea6cbf6110c517da2f4eaca8b5b87", 16, ), "x": int( @@ -2740,7 +2745,7 @@ def test_load_fips_ecdsa_key_pair_vectors(): { "curve": "sect233k1", "d": int( - "530951158f7b1586978c196603c12d25607d2cb0557efadb" "23cd0ce8", + "530951158f7b1586978c196603c12d25607d2cb0557efadb23cd0ce8", 16, ), "x": int( @@ -3778,7 +3783,7 @@ def test_load_kasvs_ecdh_vectors(): ), }, "Z": int( - "b1259ceedfb663d9515089cf727e7024fb3d86cbcec611b4" "ba0b4ab6", + "b1259ceedfb663d9515089cf727e7024fb3d86cbcec611b4ba0b4ab6", 16, ), "curve": "secp224r1", @@ -4017,7 +4022,7 @@ def test_load_kasvs_ecdh_kdf_vectors(): 16, ), "Z": int( - "43f23b2c760d686fc99cc008b63aea92f866e224265af60d" "2d8ae540", + "43f23b2c760d686fc99cc008b63aea92f866e224265af60d2d8ae540", 16, ), "DKM": int("ad65fa2d12541c3a21f3cd223efb", 16), diff --git a/tests/utils.py b/tests/utils.py index 6119d3f..b9734a6 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -13,10 +13,8 @@ import pytest -from cryptography.exceptions import UnsupportedAlgorithm - import cryptography_vectors - +from cryptography.exceptions import UnsupportedAlgorithm HashVector = collections.namedtuple("HashVector", ["message", "digest"]) KeyedHashVector = collections.namedtuple( @@ -35,7 +33,7 @@ def raises_unsupported_algorithm(reason): with pytest.raises(UnsupportedAlgorithm) as exc_info: yield exc_info - assert exc_info.value._reason is reason + assert exc_info.value._reason == reason T = typing.TypeVar("T") @@ -68,7 +66,7 @@ def load_nist_vectors(vector_data): continue # Build our data using a simple Key = Value format - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) # Some tests (PBKDF2) contain \0, which should be interpreted as a # null character rather than literal. @@ -109,7 +107,7 @@ def load_cryptrec_vectors(vector_data): {"key": key, "plaintext": pt, "ciphertext": ct} ) else: - raise ValueError("Invalid line in file '{}'".format(line)) + raise ValueError(f"Invalid line in file '{line}'") return cryptrec_list @@ -245,9 +243,6 @@ def load_pkcs1_vectors(vector_data): attr = None if private_key_vector is None or public_key_vector is None: - # Random garbage to defeat CPython's peephole optimizer so that - # coverage records correctly: https://bugs.python.org/issue2506 - 1 + 1 continue if line.startswith("# Private key"): @@ -302,7 +297,7 @@ def load_rsa_nist_vectors(vector_data): continue # Build our data using a simple Key = Value format - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) if name == "n": n = int(value, 16) @@ -398,7 +393,7 @@ def load_fips_dsa_sig_vectors(vector_data): if line.startswith("[mod"): continue - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) if name == "P": vectors.append( @@ -625,7 +620,7 @@ def load_kasvs_ecdh_vectors(vector_data): if len(parm) == 2: names = parm[1].strip().split() for n in names: - tags.append("[%s]" % n) + tags.append(f"[{n}]") break # Sets Metadata @@ -706,6 +701,58 @@ def load_kasvs_ecdh_vectors(vector_data): return vectors +def load_rfc6979_vectors(vector_data): + """ + Loads data out of the ECDSA and DSA RFC6979 vector files. + """ + vectors = [] + keys: typing.Dict[str, typing.List[str]] = dict() + reading_key = False + current_key_name = None + + data: typing.Dict[str, object] = dict() + for line in vector_data: + line = line.strip() + + if reading_key and current_key_name: + keys[current_key_name].append(line) + if line.startswith("-----END"): + reading_key = False + current_key_name = None + + if line.startswith("PrivateKey=") or line.startswith("PublicKey="): + reading_key = True + current_key_name = line.split("=")[1].strip() + keys[current_key_name] = [] + elif line.startswith("DigestSign = "): + data["digest_sign"] = line.split("=")[1].strip() + data["deterministic_nonce"] = False + elif line.startswith("DigestVerify = "): + data["digest_verify"] = line.split("=")[1].strip() + data["verify_error"] = False + elif line.startswith("Key = "): + key_name = line.split("=")[1].strip() + assert key_name in keys + data["key"] = keys[key_name] + data["key_name"] = key_name + elif line.startswith("NonceType = "): + nonce_type = line.split("=")[1].strip() + data["deterministic_nonce"] = nonce_type == "deterministic" + elif line.startswith("Input = "): + data["input"] = line.split("=")[1].strip(' "') + elif line.startswith("Output = "): + data["output"] = line.split("=")[1].strip() + elif line.startswith("Result = "): + data["verify_error"] = line.split("=")[1].strip() == "VERIFY_ERROR" + + elif not line: + if data: + vectors.append(data) + data = {} + + return vectors + + def load_x963_vectors(vector_data): """ Loads data out of the X9.63 vector data @@ -773,7 +820,7 @@ def load_nist_kbkdf_vectors(vector_data): if line.startswith("[") and line.endswith("]"): tag_data = line[1:-1] - name, value = [c.strip() for c in tag_data.split("=")] + name, value = (c.strip() for c in tag_data.split("=")) if value.endswith("_BITS"): value = int(value.split("_")[0]) tag.update({name.lower(): value}) @@ -785,10 +832,10 @@ def load_nist_kbkdf_vectors(vector_data): test_data.update(tag) vectors.append(test_data) elif line.startswith(("L", "DataBeforeCtrLen", "DataAfterCtrLen")): - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) test_data[name.lower()] = int(value) else: - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) test_data[name.lower()] = value.encode("ascii") return vectors @@ -830,7 +877,7 @@ def load_nist_ccm_vectors(vector_data): # Some of the CCM vectors have global values for this. They are always # at the top before the first section header (see: VADT, VNT, VPT) if line.startswith(("Alen", "Plen", "Nlen", "Tlen")): - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) global_data[name.lower()] = int(value) continue @@ -841,11 +888,11 @@ def load_nist_ccm_vectors(vector_data): section = line[1:-1] items = [c.strip() for c in section.split(",")] for item in items: - name, value = [c.strip() for c in item.split("=")] + name, value = (c.strip() for c in item.split("=")) section_data[name.lower()] = int(value) continue - name, value = [c.strip() for c in line.split("=")] + name, value = (c.strip() for c in line.split("=")) if name.lower() in ("key", "nonce") and new_section: section_data[name.lower()] = value.encode("ascii") @@ -901,23 +948,30 @@ def __repr__(self): ) @property - def valid(self): + def valid(self) -> bool: return self.testcase["result"] == "valid" @property - def acceptable(self): + def acceptable(self) -> bool: return self.testcase["result"] == "acceptable" @property - def invalid(self): + def invalid(self) -> bool: return self.testcase["result"] == "invalid" - def has_flag(self, flag): + def has_flag(self, flag: str) -> bool: return flag in self.testcase["flags"] + def cache_value_to_group(self, cache_key: str, func): + cache_val = self.testgroup.get(cache_key) + if cache_val is not None: + return cache_val + self.testgroup[cache_key] = cache_val = func() + return cache_val + -def load_wycheproof_tests(wycheproof, test_file): - path = os.path.join(wycheproof, "testvectors", test_file) +def load_wycheproof_tests(wycheproof, test_file, subdir): + path = os.path.join(wycheproof, subdir, test_file) with open(path) as f: data = json.load(f) for group in data.pop("testGroups"): diff --git a/tests/wycheproof/test_aes.py b/tests/wycheproof/test_aes.py index 891d8df..0d2c2d4 100644 --- a/tests/wycheproof/test_aes.py +++ b/tests/wycheproof/test_aes.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -12,8 +11,8 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESGCM -from .utils import wycheproof_tests from ..hazmat.primitives.test_aead import _aead_supported +from .utils import wycheproof_tests @wycheproof_tests("aes_cbc_pkcs5_test.json") diff --git a/tests/wycheproof/test_chacha20poly1305.py b/tests/wycheproof/test_chacha20poly1305.py index 7cb8ff5..3b6aeb6 100644 --- a/tests/wycheproof/test_chacha20poly1305.py +++ b/tests/wycheproof/test_chacha20poly1305.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -10,8 +9,8 @@ from cryptography.exceptions import InvalidTag from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305 -from .utils import wycheproof_tests from ..hazmat.primitives.test_aead import _aead_supported +from .utils import wycheproof_tests @pytest.mark.skipif( diff --git a/tests/wycheproof/test_cmac.py b/tests/wycheproof/test_cmac.py index bca8480..f1508c0 100644 --- a/tests/wycheproof/test_cmac.py +++ b/tests/wycheproof/test_cmac.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest diff --git a/tests/wycheproof/test_dsa.py b/tests/wycheproof/test_dsa.py index 3d31ee1..c15a198 100644 --- a/tests/wycheproof/test_dsa.py +++ b/tests/wycheproof/test_dsa.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -13,7 +12,6 @@ from .utils import wycheproof_tests - _DIGESTS = { "SHA-1": hashes.SHA1(), "SHA-224": hashes.SHA224(), @@ -21,6 +19,10 @@ } +@pytest.mark.supported( + only_if=lambda backend: backend.dsa_supported(), + skip_message="Requires OpenSSL with DSA support", +) @wycheproof_tests( "dsa_test.json", "dsa_2048_224_sha224_test.json", diff --git a/tests/wycheproof/test_ecdh.py b/tests/wycheproof/test_ecdh.py index 672863f..851cd7d 100644 --- a/tests/wycheproof/test_ecdh.py +++ b/tests/wycheproof/test_ecdh.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -11,9 +10,8 @@ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import ec -from .utils import wycheproof_tests from ..hazmat.primitives.test_ec import _skip_exchange_algorithm_unsupported - +from .utils import wycheproof_tests _CURVES = { "secp224r1": ec.SECP224R1(), @@ -22,6 +20,12 @@ "secp521r1": ec.SECP521R1(), "secp224k1": None, "secp256k1": ec.SECP256K1(), + "sect283r1": ec.SECT283R1(), + "sect409r1": ec.SECT409R1(), + "sect571r1": ec.SECT571R1(), + "sect283k1": ec.SECT283K1(), + "sect409k1": ec.SECT409K1(), + "sect571k1": ec.SECT571K1(), "brainpoolP224r1": None, "brainpoolP256r1": ec.BrainpoolP256R1(), "brainpoolP320r1": None, @@ -32,6 +36,7 @@ "brainpoolP320t1": None, "brainpoolP384t1": None, "brainpoolP512t1": None, + "FRP256v1": None, } @@ -47,6 +52,12 @@ "ecdh_secp256r1_test.json", "ecdh_secp384r1_test.json", "ecdh_secp521r1_test.json", + "ecdh_sect283k1_test.json", + "ecdh_sect283r1_test.json", + "ecdh_sect409k1_test.json", + "ecdh_sect409r1_test.json", + "ecdh_sect571k1_test.json", + "ecdh_sect571r1_test.json", ) def test_ecdh(backend, wycheproof): curve = _CURVES[wycheproof.testgroup["curve"]] @@ -55,12 +66,15 @@ def test_ecdh(backend, wycheproof): "Unsupported curve ({})".format(wycheproof.testgroup["curve"]) ) _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) - - private_key = ec.derive_private_key( - int(wycheproof.testcase["private"], 16), curve, backend + private_key = wycheproof.cache_value_to_group( + f"private_key_{wycheproof.testcase['private']}", + lambda: ec.derive_private_key( + int(wycheproof.testcase["private"], 16), curve + ), ) try: + # caching these values shows no performance improvement public_key = serialization.load_der_public_key( binascii.unhexlify(wycheproof.testcase["public"]), backend ) @@ -91,8 +105,11 @@ def test_ecdh_ecpoint(backend, wycheproof): assert isinstance(curve, ec.EllipticCurve) _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) - private_key = ec.derive_private_key( - int(wycheproof.testcase["private"], 16), curve, backend + private_key = wycheproof.cache_value_to_group( + f"private_key_{wycheproof.testcase['private']}", + lambda: ec.derive_private_key( + int(wycheproof.testcase["private"], 16), curve + ), ) if wycheproof.invalid: @@ -103,6 +120,7 @@ def test_ecdh_ecpoint(backend, wycheproof): return assert wycheproof.valid or wycheproof.acceptable + # caching these values shows no performance improvement public_key = ec.EllipticCurvePublicKey.from_encoded_point( curve, binascii.unhexlify(wycheproof.testcase["public"]) ) diff --git a/tests/wycheproof/test_ecdsa.py b/tests/wycheproof/test_ecdsa.py index b2ec9df..c0e9b6a 100644 --- a/tests/wycheproof/test_ecdsa.py +++ b/tests/wycheproof/test_ecdsa.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -13,7 +12,6 @@ from .utils import wycheproof_tests - _DIGESTS = { "SHA-1": hashes.SHA1(), "SHA-224": hashes.SHA224(), @@ -54,11 +52,19 @@ "ecdsa_secp384r1_sha3_512_test.json", "ecdsa_secp521r1_sha512_test.json", "ecdsa_secp521r1_sha3_512_test.json", + "ecdsa_secp160k1_sha256_test.json", + "ecdsa_secp160r1_sha256_test.json", + "ecdsa_secp160r2_sha256_test.json", + "ecdsa_secp192k1_sha256_test.json", + "ecdsa_secp192r1_sha256_test.json", ) def test_ecdsa_signature(backend, wycheproof): try: - key = serialization.load_der_public_key( - binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + key = wycheproof.cache_value_to_group( + "cache_key", + lambda: serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]) + ), ) assert isinstance(key, ec.EllipticCurvePublicKey) except (UnsupportedAlgorithm, ValueError): @@ -72,8 +78,11 @@ def test_ecdsa_signature(backend, wycheproof): ) digest = _DIGESTS[wycheproof.testgroup["sha"]] - if not backend.hash_supported(digest): - pytest.skip("Hash {} not supported".format(digest)) + alg = ec.ECDSA(digest) + if not backend.elliptic_curve_signature_algorithm_supported( + alg, key.curve + ): + pytest.skip(f"Signature with {digest} and {key.curve} not supported") if wycheproof.valid or ( wycheproof.acceptable and not wycheproof.has_flag("MissingZero") @@ -81,12 +90,12 @@ def test_ecdsa_signature(backend, wycheproof): key.verify( binascii.unhexlify(wycheproof.testcase["sig"]), binascii.unhexlify(wycheproof.testcase["msg"]), - ec.ECDSA(digest), + alg, ) else: with pytest.raises(InvalidSignature): key.verify( binascii.unhexlify(wycheproof.testcase["sig"]), binascii.unhexlify(wycheproof.testcase["msg"]), - ec.ECDSA(digest), + alg, ) diff --git a/tests/wycheproof/test_eddsa.py b/tests/wycheproof/test_eddsa.py index 2de695f..624f99f 100644 --- a/tests/wycheproof/test_eddsa.py +++ b/tests/wycheproof/test_eddsa.py @@ -2,14 +2,13 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest from cryptography.exceptions import InvalidSignature -from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey +from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey from .utils import wycheproof_tests diff --git a/tests/wycheproof/test_hkdf.py b/tests/wycheproof/test_hkdf.py index 4886be0..ccfe8e4 100644 --- a/tests/wycheproof/test_hkdf.py +++ b/tests/wycheproof/test_hkdf.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -12,7 +11,6 @@ from .utils import wycheproof_tests - _HASH_ALGORITHMS = { "HKDF-SHA-1": hashes.SHA1(), "HKDF-SHA-256": hashes.SHA256(), diff --git a/tests/wycheproof/test_hmac.py b/tests/wycheproof/test_hmac.py index 84b0c19..a99d34f 100644 --- a/tests/wycheproof/test_hmac.py +++ b/tests/wycheproof/test_hmac.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -12,7 +11,6 @@ from .utils import wycheproof_tests - _HMAC_ALGORITHMS = { "HMACSHA1": hashes.SHA1(), "HMACSHA224": hashes.SHA224(), @@ -42,7 +40,7 @@ def test_hmac(backend, wycheproof): if wycheproof.testgroup["tagSize"] // 8 != hash_algo.digest_size: pytest.skip("Truncated HMAC not supported") if not backend.hmac_supported(hash_algo): - pytest.skip("Hash {} not supported".format(hash_algo.name)) + pytest.skip(f"Hash {hash_algo.name} not supported") h = hmac.HMAC( key=binascii.unhexlify(wycheproof.testcase["key"]), diff --git a/tests/wycheproof/test_keywrap.py b/tests/wycheproof/test_keywrap.py index 7aec269..da3744b 100644 --- a/tests/wycheproof/test_keywrap.py +++ b/tests/wycheproof/test_keywrap.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest diff --git a/tests/wycheproof/test_pbkdf2.py b/tests/wycheproof/test_pbkdf2.py new file mode 100644 index 0000000..f5f0da1 --- /dev/null +++ b/tests/wycheproof/test_pbkdf2.py @@ -0,0 +1,42 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import binascii + +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC + +from .utils import wycheproof_tests + +_HASH_ALGORITHMS = { + "PBKDF2-HMACSHA1": hashes.SHA1(), + "PBKDF2-HMACSHA224": hashes.SHA224(), + "PBKDF2-HMACSHA256": hashes.SHA256(), + "PBKDF2-HMACSHA384": hashes.SHA384(), + "PBKDF2-HMACSHA512": hashes.SHA512(), +} + + +@wycheproof_tests( + "pbkdf2_hmacsha1_test.json", + "pbkdf2_hmacsha224_test.json", + "pbkdf2_hmacsha256_test.json", + "pbkdf2_hmacsha384_test.json", + "pbkdf2_hmacsha512_test.json", + subdir="testvectors_v1", +) +def test_pbkdf2(backend, wycheproof): + assert wycheproof.valid + + algorithm = _HASH_ALGORITHMS[wycheproof.testfiledata["algorithm"]] + + p = PBKDF2HMAC( + algorithm=algorithm, + length=wycheproof.testcase["dkLen"], + salt=binascii.unhexlify(wycheproof.testcase["salt"]), + iterations=wycheproof.testcase["iterationCount"], + ) + assert p.derive( + binascii.unhexlify(wycheproof.testcase["password"]) + ) == binascii.unhexlify(wycheproof.testcase["dk"]) diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 7925a5b..d3b26a2 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest @@ -13,14 +12,14 @@ from .utils import wycheproof_tests - _DIGESTS = { "SHA-1": hashes.SHA1(), "SHA-224": hashes.SHA224(), "SHA-256": hashes.SHA256(), "SHA-384": hashes.SHA384(), "SHA-512": hashes.SHA512(), - # Not supported by OpenSSL for RSA signing + # Not supported by OpenSSL<3 for RSA signing. + # Enable these when we require CRYPTOGRAPHY_OPENSSL_300_OR_GREATER "SHA-512/224": None, "SHA-512/256": None, "SHA3-224": hashes.SHA3_224(), @@ -64,8 +63,11 @@ def should_verify(backend, wycheproof): "rsa_signature_4096_sha512_256_test.json", ) def test_rsa_pkcs1v15_signature(backend, wycheproof): - key = serialization.load_der_public_key( - binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + key = wycheproof.cache_value_to_group( + "cached_key", + lambda: serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), + ), ) assert isinstance(key, rsa.RSAPublicKey) digest = _DIGESTS[wycheproof.testgroup["sha"]] @@ -94,20 +96,25 @@ def test_rsa_pkcs1v15_signature(backend, wycheproof): @wycheproof_tests("rsa_sig_gen_misc_test.json") def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): - key = serialization.load_pem_private_key( - wycheproof.testgroup["privateKeyPem"].encode(), - password=None, - backend=backend, + key = wycheproof.cache_value_to_group( + "cached_key", + lambda: serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode("ascii"), + password=None, + unsafe_skip_rsa_key_validation=True, + ), ) assert isinstance(key, rsa.RSAPrivateKey) + digest = _DIGESTS[wycheproof.testgroup["sha"]] assert digest is not None if backend._fips_enabled: - if key.key_size < 2048 or isinstance(digest, hashes.SHA1): + if key.key_size < backend._fips_rsa_min_key_size or isinstance( + digest, hashes.SHA1 + ): pytest.skip( - "Invalid params for FIPS. key: {} bits, digest: {}".format( - key.key_size, digest.name - ) + f"Invalid params for FIPS. key: {key.key_size} bits, " + f"digest: {digest.name}" ) sig = key.sign( @@ -130,11 +137,17 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): "rsa_pss_misc_test.json", ) def test_rsa_pss_signature(backend, wycheproof): - key = serialization.load_der_public_key( - binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + digest = _DIGESTS[wycheproof.testgroup["sha"]] + if backend._fips_enabled and isinstance(digest, hashes.SHA1): + pytest.skip("Invalid params for FIPS. SHA1 is disallowed") + + key = wycheproof.cache_value_to_group( + "cached_key", + lambda: serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), + ), ) assert isinstance(key, rsa.RSAPublicKey) - digest = _DIGESTS[wycheproof.testgroup["sha"]] mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] if digest is None or mgf_digest is None: @@ -189,22 +202,32 @@ def test_rsa_pss_signature(backend, wycheproof): "rsa_oaep_misc_test.json", ) def test_rsa_oaep_encryption(backend, wycheproof): - key = serialization.load_pem_private_key( - wycheproof.testgroup["privateKeyPem"].encode("ascii"), - password=None, - backend=backend, - ) - assert isinstance(key, rsa.RSAPrivateKey) digest = _DIGESTS[wycheproof.testgroup["sha"]] mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] assert digest is not None assert mgf_digest is not None - padding_algo = padding.OAEP( mgf=padding.MGF1(algorithm=mgf_digest), algorithm=digest, label=binascii.unhexlify(wycheproof.testcase["label"]), ) + if not backend.rsa_encryption_supported(padding_algo): + pytest.skip( + f"Does not support OAEP using {mgf_digest.name} MGF1 " + f"or {digest.name} hash." + ) + + key = wycheproof.cache_value_to_group( + "cached_key", + lambda: serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode("ascii"), + password=None, + unsafe_skip_rsa_key_validation=True, + ), + ) + assert isinstance(key, rsa.RSAPrivateKey) + if backend._fips_enabled and key.key_size < backend._fips_rsa_min_key_size: + pytest.skip("Invalid params for FIPS. <2048 bit keys are disallowed") if wycheproof.valid or wycheproof.acceptable: pt = key.decrypt( @@ -218,16 +241,25 @@ def test_rsa_oaep_encryption(backend, wycheproof): ) +@pytest.mark.supported( + only_if=lambda backend: backend.rsa_encryption_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5 for encryption.", +) @wycheproof_tests( "rsa_pkcs1_2048_test.json", "rsa_pkcs1_3072_test.json", "rsa_pkcs1_4096_test.json", ) def test_rsa_pkcs1_encryption(backend, wycheproof): - key = serialization.load_pem_private_key( - wycheproof.testgroup["privateKeyPem"].encode("ascii"), - password=None, - backend=backend, + key = wycheproof.cache_value_to_group( + "cached_key", + lambda: serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode("ascii"), + password=None, + unsafe_skip_rsa_key_validation=True, + ), ) assert isinstance(key, rsa.RSAPrivateKey) @@ -237,8 +269,18 @@ def test_rsa_pkcs1_encryption(backend, wycheproof): ) assert pt == binascii.unhexlify(wycheproof.testcase["msg"]) else: - with pytest.raises(ValueError): - key.decrypt( - binascii.unhexlify(wycheproof.testcase["ct"]), - padding.PKCS1v15(), - ) + if backend._lib.Cryptography_HAS_IMPLICIT_RSA_REJECTION: + try: + assert key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding.PKCS1v15(), + ) != binascii.unhexlify(wycheproof.testcase["ct"]) + except ValueError: + # Some raise ValueError due to length mismatch. + pass + else: + with pytest.raises(ValueError): + key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding.PKCS1v15(), + ) diff --git a/tests/wycheproof/test_utils.py b/tests/wycheproof/test_utils.py index b0c36d4..f186fb3 100644 --- a/tests/wycheproof/test_utils.py +++ b/tests/wycheproof/test_utils.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - from ..utils import WycheproofTest diff --git a/tests/wycheproof/test_x25519.py b/tests/wycheproof/test_x25519.py index 17aef36..571c1d1 100644 --- a/tests/wycheproof/test_x25519.py +++ b/tests/wycheproof/test_x25519.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest diff --git a/tests/wycheproof/test_x448.py b/tests/wycheproof/test_x448.py index 8e7b321..bdad0cb 100644 --- a/tests/wycheproof/test_x448.py +++ b/tests/wycheproof/test_x448.py @@ -2,7 +2,6 @@ # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. - import binascii import pytest diff --git a/tests/wycheproof/utils.py b/tests/wycheproof/utils.py index 3c18e62..7644b52 100644 --- a/tests/wycheproof/utils.py +++ b/tests/wycheproof/utils.py @@ -1,18 +1,22 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import pytest + from ..utils import load_wycheproof_tests -def wycheproof_tests(*paths): +def wycheproof_tests(*paths, subdir="testvectors"): def wrapper(func): - def run_wycheproof( - backend, disable_rsa_checks, subtests, pytestconfig - ): + @pytest.mark.parametrize("path", paths) + def run_wycheproof(backend, subtests, pytestconfig, path): wycheproof_root = pytestconfig.getoption( "--wycheproof-root", skip=True ) - for path in paths: - for test in load_wycheproof_tests(wycheproof_root, path): - with subtests.test(): - func(backend, test) + for test in load_wycheproof_tests(wycheproof_root, path, subdir): + with subtests.test(): + func(backend, test) return run_wycheproof diff --git a/tests/x509/test_name.py b/tests/x509/test_name.py index de47a7a..a1ceffc 100644 --- a/tests/x509/test_name.py +++ b/tests/x509/test_name.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. @@ -160,6 +159,7 @@ def test_valid(self, subtests): "2.5.4.10=abc", Name([NameAttribute(NameOID.ORGANIZATION_NAME, "abc")]), ), + ("", Name([])), ]: with subtests.test(): result = Name.from_rfc4514_string(value) diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py index 9b27678..d7723b2 100644 --- a/tests/x509/test_ocsp.py +++ b/tests/x509/test_ocsp.py @@ -6,18 +6,20 @@ import base64 import datetime import os +from typing import Optional import pytest -from cryptography import x509 +from cryptography import utils, x509 +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import ec, ed25519, ed448, rsa +from cryptography.hazmat.primitives.asymmetric import ec, ed448, ed25519, rsa from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15 from cryptography.x509 import ocsp -from .test_x509 import DummyExtension, _load_cert from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 from ..utils import load_vectors_from_file, raises_unsupported_algorithm +from .test_x509 import DummyExtension, _load_cert def _load_data(filename, loader): @@ -27,17 +29,13 @@ def _load_data(filename, loader): def _cert_and_issuer(): - from cryptography.hazmat.backends.openssl.backend import backend - cert = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) issuer = _load_cert( os.path.join("x509", "rapidssl_sha256_ca_g3.pem"), x509.load_pem_x509_certificate, - backend, ) return cert, issuer @@ -71,6 +69,35 @@ def _generate_root(private_key=None, algorithm=hashes.SHA256()): return cert, private_key +def _check_ocsp_response_times( + ocsp_resp: ocsp.OCSPResponse, + this_update: datetime.datetime, + next_update: Optional[datetime.datetime], + revocation_time: Optional[datetime.datetime], +) -> None: + with pytest.warns(utils.DeprecatedIn43): + assert ocsp_resp.this_update == this_update + assert ocsp_resp.this_update_utc == this_update.replace( + tzinfo=datetime.timezone.utc + ) + + with pytest.warns(utils.DeprecatedIn43): + assert ocsp_resp.next_update == next_update + assert ocsp_resp.next_update_utc == ( + next_update.replace(tzinfo=datetime.timezone.utc) + if next_update is not None + else None + ) + + with pytest.warns(utils.DeprecatedIn43): + assert ocsp_resp.revocation_time == revocation_time + assert ocsp_resp.revocation_time_utc == ( + revocation_time.replace(tzinfo=datetime.timezone.utc) + if revocation_time is not None + else None + ) + + class TestOCSPRequest: def test_bad_request(self): with pytest.raises(ValueError): @@ -81,11 +108,12 @@ def test_load_request(self): os.path.join("x509", "ocsp", "req-sha1.der"), ocsp.load_der_ocsp_request, ) + assert isinstance(req, ocsp.OCSPRequest) assert req.issuer_name_hash == ( - b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96" b"\xc7mmLpQ\x9e`\xa7\xbd" + b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96\xc7mmLpQ\x9e`\xa7\xbd" ) assert req.issuer_key_hash == ( - b"yu\xbb\x84:\xcb,\xdez\t\xbe1" b"\x1bC\xbc\x1c*MSX" + b"yu\xbb\x84:\xcb,\xdez\t\xbe1\x1bC\xbc\x1c*MSX" ) assert isinstance(req.hash_algorithm, hashes.SHA1) assert req.serial_number == int( @@ -105,6 +133,18 @@ def test_load_request_with_extensions(self): b"{\x80Z\x1d7&\xb8\xb8OH\xd2\xf8\xbf\xd7-\xfd" ) + def test_load_request_with_acceptable_responses(self): + req = _load_data( + os.path.join("x509", "ocsp", "req-acceptable-responses.der"), + ocsp.load_der_ocsp_request, + ) + assert len(req.extensions) == 1 + ext = req.extensions[0] + assert ext.critical is False + assert ext.value == x509.OCSPAcceptableResponses( + [x509.ObjectIdentifier("1.3.6.1.5.5.7.48.1.1")] + ) + def test_load_request_with_unknown_extension(self): req = _load_data( os.path.join("x509", "ocsp", "req-ext-unknown-oid.der"), @@ -162,12 +202,58 @@ def test_invalid_serialize_encoding(self): class TestOCSPRequestBuilder: - def test_add_two_certs(self): + def test_add_cert_twice(self): cert, issuer = _cert_and_issuer() builder = ocsp.OCSPRequestBuilder() builder = builder.add_certificate(cert, issuer, hashes.SHA1()) + # Fails calling a second time with pytest.raises(ValueError): builder.add_certificate(cert, issuer, hashes.SHA1()) + # Fails calling a second time with add_certificate_by_hash + with pytest.raises(ValueError): + builder.add_certificate_by_hash( + b"0" * 20, b"0" * 20, 1, hashes.SHA1() + ) + + def test_add_cert_by_hash_twice(self): + cert, issuer = _cert_and_issuer() + builder = ocsp.OCSPRequestBuilder() + builder = builder.add_certificate_by_hash( + b"0" * 20, b"0" * 20, 1, hashes.SHA1() + ) + # Fails calling a second time + with pytest.raises(ValueError): + builder.add_certificate_by_hash( + b"0" * 20, b"0" * 20, 1, hashes.SHA1() + ) + # Fails calling a second time with add_certificate + with pytest.raises(ValueError): + builder.add_certificate(cert, issuer, hashes.SHA1()) + + def test_add_cert_by_hash_bad_hash(self): + builder = ocsp.OCSPRequestBuilder() + with pytest.raises(ValueError): + builder.add_certificate_by_hash( + b"0" * 20, + b"0" * 20, + 1, + "notahash", # type:ignore[arg-type] + ) + with pytest.raises(ValueError): + builder.add_certificate_by_hash( + b"0" * 19, b"0" * 20, 1, hashes.SHA1() + ) + with pytest.raises(ValueError): + builder.add_certificate_by_hash( + b"0" * 20, b"0" * 21, 1, hashes.SHA1() + ) + with pytest.raises(TypeError): + builder.add_certificate_by_hash( + b"0" * 20, + b"0" * 20, + "notanint", # type:ignore[arg-type] + hashes.SHA1(), + ) def test_create_ocsp_request_no_req(self): builder = ocsp.OCSPRequestBuilder() @@ -251,6 +337,28 @@ def test_create_ocsp_request_with_extension(self, ext, critical): assert req.extensions[0].oid == ext.oid assert req.extensions[0].critical is critical + def test_add_cert_by_hash(self): + cert, _ = _cert_and_issuer() + builder = ocsp.OCSPRequestBuilder() + h = hashes.Hash(hashes.SHA1()) + h.update(cert.issuer.public_bytes()) + issuer_name_hash = h.finalize() + # issuer_key_hash is a hash of the public key BitString DER, + # not the subjectPublicKeyInfo + issuer_key_hash = base64.b64decode(b"w5zz/NNGCDS7zkZ/oHxb8+IIy1k=") + builder = builder.add_certificate_by_hash( + issuer_name_hash, + issuer_key_hash, + cert.serial_number, + hashes.SHA1(), + ) + req = builder.build() + serialized = req.public_bytes(serialization.Encoding.DER) + assert serialized == base64.b64decode( + b"MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz" + b"/NNGCDS7zkZ/oHxb8+IIy1kCAj8g" + ) + class TestOCSPResponseBuilder: def test_add_response_twice(self): @@ -281,7 +389,9 @@ def test_add_response_twice(self): def test_invalid_add_response(self): cert, issuer = _cert_and_issuer() - time = datetime.datetime.utcnow() + time = datetime.datetime.now(datetime.timezone.utc).replace( + tzinfo=None + ) reason = x509.ReasonFlags.cessation_of_operation builder = ocsp.OCSPResponseBuilder() with pytest.raises(TypeError): @@ -440,13 +550,18 @@ def test_invalid_extension(self): builder = ocsp.OCSPResponseBuilder() with pytest.raises(TypeError): builder.add_extension( - "notanextension", True # type: ignore[arg-type] + "notanextension", # type: ignore[arg-type] + True, ) def test_unsupported_extension(self): root_cert, private_key = _generate_root() cert, issuer = _cert_and_issuer() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) @@ -481,7 +596,9 @@ def test_sign_no_responder_id(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() _, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now().replace(tzinfo=None).replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.add_response( @@ -501,7 +618,9 @@ def test_sign_invalid_hash_algorithm(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now().replace(tzinfo=None).replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -523,7 +642,11 @@ def test_sign_good_cert(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -541,16 +664,26 @@ def test_sign_good_cert(self): resp = builder.sign(private_key, hashes.SHA256()) assert resp.responder_name == root_cert.subject assert resp.responder_key_hash is None - assert (current_time - resp.produced_at).total_seconds() < 10 + with pytest.warns(utils.DeprecatedIn43): + assert (current_time - resp.produced_at).total_seconds() < 10 + assert ( + current_time.replace(tzinfo=datetime.timezone.utc) + - resp.produced_at_utc + ).total_seconds() < 10 assert ( resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.ECDSA_WITH_SHA256 ) assert resp.certificate_status == ocsp.OCSPCertStatus.GOOD - assert resp.revocation_time is None assert resp.revocation_reason is None - assert resp.this_update == this_update - assert resp.next_update == next_update + + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=None, + ) + private_key.public_key().verify( resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) ) @@ -559,7 +692,11 @@ def test_sign_revoked_cert(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) revoked_date = this_update - datetime.timedelta(days=300) @@ -577,10 +714,13 @@ def test_sign_revoked_cert(self): ) resp = builder.sign(private_key, hashes.SHA256()) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == revoked_date assert resp.revocation_reason is None - assert resp.this_update == this_update - assert resp.next_update == next_update + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=revoked_date, + ) private_key.public_key().verify( resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) ) @@ -589,7 +729,11 @@ def test_sign_unknown_cert(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -606,8 +750,12 @@ def test_sign_unknown_cert(self): ) resp = builder.sign(private_key, hashes.SHA384()) assert resp.certificate_status == ocsp.OCSPCertStatus.UNKNOWN - assert resp.this_update == this_update - assert resp.next_update == next_update + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=None, + ) private_key.public_key().verify( resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA384()) ) @@ -616,7 +764,11 @@ def test_sign_with_appended_certs(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = ( @@ -640,7 +792,11 @@ def test_sign_revoked_no_next_update(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) revoked_date = this_update - datetime.timedelta(days=300) builder = builder.responder_id( @@ -657,10 +813,13 @@ def test_sign_revoked_no_next_update(self): ) resp = builder.sign(private_key, hashes.SHA256()) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == revoked_date assert resp.revocation_reason is None - assert resp.this_update == this_update - assert resp.next_update is None + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=None, + revocation_time=revoked_date, + ) private_key.public_key().verify( resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) ) @@ -669,7 +828,11 @@ def test_sign_revoked_with_reason(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) revoked_date = this_update - datetime.timedelta(days=300) @@ -687,10 +850,13 @@ def test_sign_revoked_with_reason(self): ) resp = builder.sign(private_key, hashes.SHA256()) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == revoked_date assert resp.revocation_reason is x509.ReasonFlags.key_compromise - assert resp.this_update == this_update - assert resp.next_update == next_update + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=revoked_date, + ) private_key.public_key().verify( resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) ) @@ -699,7 +865,11 @@ def test_sign_responder_id_key_hash(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -726,8 +896,12 @@ def test_sign_responder_id_key_hash(self): def test_invalid_sign_responder_cert_does_not_match_private_key(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() - root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + root_cert, _ = _generate_root() + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -752,7 +926,11 @@ def test_sign_with_extension(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = ( @@ -808,7 +986,11 @@ def test_sign_unknown_private_key(self, backend): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, _ = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -836,7 +1018,11 @@ def test_sign_unrecognized_hash_algorithm(self, backend): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -852,14 +1038,18 @@ def test_sign_unrecognized_hash_algorithm(self, backend): None, ) - with pytest.raises(ValueError): + with pytest.raises(UnsupportedAlgorithm): builder.sign(private_key, hashes.BLAKE2b(digest_size=64)) def test_sign_none_hash_not_eddsa(self): builder = ocsp.OCSPResponseBuilder() cert, issuer = _cert_and_issuer() root_cert, private_key = _generate_root() - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) builder = builder.responder_id( @@ -980,13 +1170,11 @@ def test_load_response(self): os.path.join("x509", "ocsp", "resp-sha256.der"), ocsp.load_der_ocsp_response, ) - from cryptography.hazmat.backends.openssl.backend import backend - issuer = _load_cert( os.path.join("x509", "letsencryptx3.pem"), x509.load_pem_x509_certificate, - backend, ) + assert isinstance(resp, ocsp.OCSPResponse) assert resp.response_status == ocsp.OCSPResponseStatus.SUCCESSFUL assert ( resp.signature_algorithm_oid @@ -1019,12 +1207,19 @@ def test_load_response(self): assert resp.certificates == [] assert resp.responder_key_hash is None assert resp.responder_name == issuer.subject - assert resp.produced_at == datetime.datetime(2018, 8, 30, 11, 15) + with pytest.warns(utils.DeprecatedIn43): + assert resp.produced_at == datetime.datetime(2018, 8, 30, 11, 15) + assert resp.produced_at_utc == datetime.datetime( + 2018, 8, 30, 11, 15, tzinfo=datetime.timezone.utc + ) assert resp.certificate_status == ocsp.OCSPCertStatus.GOOD - assert resp.revocation_time is None assert resp.revocation_reason is None - assert resp.this_update == datetime.datetime(2018, 8, 30, 11, 0) - assert resp.next_update == datetime.datetime(2018, 9, 6, 11, 0) + _check_ocsp_response_times( + resp, + this_update=datetime.datetime(2018, 8, 30, 11, 0), + next_update=datetime.datetime(2018, 9, 6, 11, 0), + revocation_time=None, + ) assert resp.issuer_key_hash == ( b"\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa1" ) @@ -1044,6 +1239,7 @@ def test_load_multi_valued_response(self): with pytest.raises(ValueError): resp.serial_number + assert isinstance(next(resp.responses), ocsp.OCSPSingleResponse) assert len(list(resp.responses)) == 20 def test_multi_valued_responses(self): @@ -1079,9 +1275,20 @@ def test_multi_valued_responses(self): ) assert elem.certificate_status == ocsp.OCSPCertStatus.GOOD - - assert elem.this_update == datetime.datetime(2020, 2, 22, 0, 0) - assert elem.next_update == datetime.datetime(2020, 2, 29, 1, 0) + with pytest.warns(utils.DeprecatedIn43): + assert elem.this_update == datetime.datetime( + 2020, 2, 22, 0, 0 + ) + assert elem.this_update_utc == datetime.datetime( + 2020, 2, 22, 0, 0, tzinfo=datetime.timezone.utc + ) + with pytest.warns(utils.DeprecatedIn43): + assert elem.next_update == datetime.datetime( + 2020, 2, 29, 1, 0 + ) + assert elem.next_update_utc == datetime.datetime( + 2020, 2, 29, 1, 0, tzinfo=datetime.timezone.utc + ) elif req_revoked.serial_number == serial: assert elem.certificate_status == ocsp.OCSPCertStatus.REVOKED @@ -1089,8 +1296,12 @@ def test_multi_valued_responses(self): elem.revocation_reason == x509.ReasonFlags.cessation_of_operation ) - assert elem.revocation_time == datetime.datetime( - 2018, 5, 30, 14, 1, 39 + with pytest.warns(utils.DeprecatedIn43): + assert elem.revocation_time == datetime.datetime( + 2018, 5, 30, 14, 1, 39 + ) + assert elem.revocation_time_utc == datetime.datetime( + 2018, 5, 30, 14, 1, 39, tzinfo=datetime.timezone.utc ) def test_load_unauthorized(self): @@ -1113,18 +1324,26 @@ def test_load_unauthorized(self): resp.responder_key_hash with pytest.raises(ValueError): resp.responder_name - with pytest.raises(ValueError): + with pytest.raises(ValueError), pytest.warns(utils.DeprecatedIn43): resp.produced_at with pytest.raises(ValueError): - resp.certificate_status + resp.produced_at_utc with pytest.raises(ValueError): + resp.certificate_status + with pytest.raises(ValueError), pytest.warns(utils.DeprecatedIn43): resp.revocation_time with pytest.raises(ValueError): - resp.revocation_reason + resp.revocation_time_utc with pytest.raises(ValueError): + resp.revocation_reason + with pytest.raises(ValueError), pytest.warns(utils.DeprecatedIn43): resp.this_update with pytest.raises(ValueError): + resp.this_update_utc + with pytest.raises(ValueError), pytest.warns(utils.DeprecatedIn43): resp.next_update + with pytest.raises(ValueError): + resp.next_update_utc with pytest.raises(ValueError): resp.issuer_key_hash with pytest.raises(ValueError): @@ -1142,8 +1361,12 @@ def test_load_revoked(self): ocsp.load_der_ocsp_response, ) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == datetime.datetime( - 2016, 9, 2, 21, 28, 48 + with pytest.warns(utils.DeprecatedIn43): + assert resp.revocation_time == datetime.datetime( + 2016, 9, 2, 21, 28, 48 + ) + assert resp.revocation_time_utc == datetime.datetime( + 2016, 9, 2, 21, 28, 48, tzinfo=datetime.timezone.utc ) assert resp.revocation_reason is None @@ -1198,7 +1421,9 @@ def test_load_revoked_no_next_update(self): ocsp.load_der_ocsp_response, ) assert resp.serial_number == 16160 - assert resp.next_update is None + with pytest.warns(utils.DeprecatedIn43): + assert resp.next_update is None + assert resp.next_update_utc is None def test_response_extensions(self): resp = _load_data( @@ -1309,7 +1534,11 @@ def test_invalid_algorithm(self, backend): cert, issuer = _cert_and_issuer() private_key = ed25519.Ed25519PrivateKey.generate() root_cert, _ = _generate_root(private_key, None) - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) revoked_date = this_update - datetime.timedelta(days=300) @@ -1337,7 +1566,11 @@ def test_sign_ed25519(self, backend): cert, issuer = _cert_and_issuer() private_key = ed25519.Ed25519PrivateKey.generate() root_cert, _ = _generate_root(private_key, None) - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) revoked_date = this_update - datetime.timedelta(days=300) @@ -1355,10 +1588,13 @@ def test_sign_ed25519(self, backend): ) resp = builder.sign(private_key, None) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == revoked_date assert resp.revocation_reason is x509.ReasonFlags.key_compromise - assert resp.this_update == this_update - assert resp.next_update == next_update + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=revoked_date, + ) assert resp.signature_hash_algorithm is None assert ( resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.ED25519 @@ -1376,7 +1612,11 @@ def test_sign_ed448(self, backend): cert, issuer = _cert_and_issuer() private_key = ed448.Ed448PrivateKey.generate() root_cert, _ = _generate_root(private_key, None) - current_time = datetime.datetime.utcnow().replace(microsecond=0) + current_time = ( + datetime.datetime.now(datetime.timezone.utc) + .replace(tzinfo=None) + .replace(microsecond=0) + ) this_update = current_time - datetime.timedelta(days=1) next_update = this_update + datetime.timedelta(days=7) revoked_date = this_update - datetime.timedelta(days=300) @@ -1394,10 +1634,13 @@ def test_sign_ed448(self, backend): ) resp = builder.sign(private_key, None) assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED - assert resp.revocation_time == revoked_date assert resp.revocation_reason is x509.ReasonFlags.key_compromise - assert resp.this_update == this_update - assert resp.next_update == next_update + _check_ocsp_response_times( + resp, + this_update=this_update, + next_update=next_update, + revocation_time=revoked_date, + ) assert resp.signature_hash_algorithm is None assert resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.ED448 private_key.public_key().verify( diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index aecf6f8..91251d5 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- # This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. @@ -13,21 +12,21 @@ import pytest -import pytz - from cryptography import utils, x509 -from cryptography.hazmat.bindings._rust import asn1 +from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm +from cryptography.hazmat.bindings._rust import test_support from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( dh, dsa, ec, - ed25519, ed448, + ed25519, padding, rsa, - x25519, + types, x448, + x25519, ) from cryptography.hazmat.primitives.asymmetric.utils import ( decode_dss_signature, @@ -38,20 +37,28 @@ ExtendedKeyUsageOID, ExtensionOID, NameOID, + PublicKeyAlgorithmOID, SignatureAlgorithmOID, SubjectInformationAccessOID, ) -from ..hazmat.primitives.fixtures_dsa import DSA_KEY_2048 +from ..hazmat.primitives.fixtures_dsa import DSA_KEY_2048, DSA_KEY_3072 from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 -from ..hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 +from ..hazmat.primitives.fixtures_rsa import ( + RSA_KEY_2048_ALT, +) from ..hazmat.primitives.test_ec import _skip_curve_unsupported +from ..hazmat.primitives.test_rsa import rsa_key_512, rsa_key_2048 from ..utils import ( load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm, ) +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_512", "rsa_key_2048"] + class DummyExtension(x509.ExtensionType): oid = x509.ObjectIdentifier("1.2.3.4") @@ -69,13 +76,100 @@ def value(self): T = typing.TypeVar("T") -def _load_cert(filename, loader: typing.Callable[..., T], backend=None) -> T: - cert = load_vectors_from_file( +def _load_cert(filename, loader: typing.Callable[..., T]) -> T: + return load_vectors_from_file( filename=filename, - loader=lambda pemfile: loader(pemfile.read(), backend), + loader=lambda pemfile: loader(pemfile.read()), mode="rb", ) - return cert + + +def _generate_ca_and_leaf( + issuer_private_key: types.CertificateIssuerPrivateKeyTypes, + subject_private_key: types.CertificateIssuerPrivateKeyTypes, +): + if isinstance( + issuer_private_key, + (ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey), + ): + hash_alg = None + else: + hash_alg = hashes.SHA256() + + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) + ) + .public_key(issuer_private_key.public_key()) + .serial_number(1) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2030, 1, 1)) + ) + ca = builder.sign(issuer_private_key, hash_alg) + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "leaf")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) + ) + .public_key(subject_private_key.public_key()) + .serial_number(100) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2025, 1, 1)) + ) + cert = builder.sign(issuer_private_key, hash_alg) + return ca, cert + + +def _break_cert_sig(cert: x509.Certificate) -> x509.Certificate: + cert_bad_sig = bytearray(cert.public_bytes(serialization.Encoding.PEM)) + # Break the sig by mutating 5 bytes. That's the base64 representation + # though so there's somewhere closer to 2**-32 probability of + # not breaking the sig. Spin that roulette wheel. + cert_bad_sig[-40:-35] = 90, 90, 90, 90, 90 + return x509.load_pem_x509_certificate(bytes(cert_bad_sig)) + + +def _check_cert_times( + cert: x509.Certificate, + not_valid_before: typing.Optional[datetime.datetime], + not_valid_after: typing.Optional[datetime.datetime], +) -> None: + if not_valid_before: + with pytest.warns(utils.DeprecatedIn42): + assert cert.not_valid_before == not_valid_before + assert cert.not_valid_before_utc == not_valid_before.replace( + tzinfo=datetime.timezone.utc + ) + if not_valid_after: + with pytest.warns(utils.DeprecatedIn42): + assert cert.not_valid_after == not_valid_after + assert cert.not_valid_after_utc == not_valid_after.replace( + tzinfo=datetime.timezone.utc + ) + + +def _check_crl_times( + crl: x509.CertificateRevocationList, + last_update: datetime.datetime, + next_update: datetime.datetime, +) -> None: + with pytest.warns(utils.DeprecatedIn42): + assert crl.last_update == last_update + assert crl.next_update == next_update + + assert crl.last_update_utc == last_update.replace( + tzinfo=datetime.timezone.utc + ) + assert crl.next_update_utc == next_update.replace( + tzinfo=datetime.timezone.utc + ) class TestCertificateRevocationList: @@ -83,7 +177,6 @@ def test_load_pem_crl(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) assert isinstance(crl, x509.CertificateRevocationList) @@ -99,7 +192,6 @@ def test_load_der_crl(self, backend): crl = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) assert isinstance(crl, x509.CertificateRevocationList) @@ -111,7 +203,6 @@ def test_load_large_crl(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_almost_10k.pem"), x509.load_pem_x509_crl, - backend, ) assert len(crl) == 9999 @@ -121,7 +212,6 @@ def test_empty_crl_no_sequence(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_empty_no_sequence.der"), x509.load_der_x509_crl, - backend, ) assert len(crl) == 0 @@ -136,8 +226,7 @@ def test_invalid_pem(self, backend): pem_bytes = _load_cert( os.path.join("x509", "custom", "valid_signature_cert.pem"), - lambda data, backend: data, - backend, + lambda data: data, ) with pytest.raises(ValueError): x509.load_pem_x509_crl(pem_bytes, backend) @@ -151,7 +240,6 @@ def test_invalid_time(self, backend): _load_cert( os.path.join("x509", "custom", "crl_invalid_time.der"), x509.load_der_x509_crl, - backend, ) def test_unknown_signature_algorithm(self, backend): @@ -160,7 +248,6 @@ def test_unknown_signature_algorithm(self, backend): "x509", "custom", "crl_md2_unknown_crit_entry_ext.pem" ), x509.load_pem_x509_crl, - backend, ) with raises_unsupported_algorithm(None): @@ -171,14 +258,12 @@ def test_invalid_version(self, backend): _load_cert( os.path.join("x509", "custom", "crl_bad_version.pem"), x509.load_pem_x509_crl, - backend, ) def test_issuer(self, backend): crl = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) assert isinstance(crl.issuer, x509.Name) @@ -197,19 +282,16 @@ def test_equality(self, backend): crl1 = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) crl2 = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) crl3 = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) assert crl1 == crl2 @@ -220,7 +302,6 @@ def test_comparison(self, backend): crl1 = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) with pytest.raises(TypeError): crl1 < crl1 # type: ignore[operator] @@ -229,28 +310,33 @@ def test_update_dates(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) - assert isinstance(crl.next_update, datetime.datetime) - assert isinstance(crl.last_update, datetime.datetime) + with pytest.warns(utils.DeprecatedIn42): + assert isinstance(crl.next_update, datetime.datetime) + assert isinstance(crl.last_update, datetime.datetime) + assert crl.next_update.isoformat() == "2016-01-01T00:00:00" + assert crl.last_update.isoformat() == "2015-01-01T00:00:00" - assert crl.next_update.isoformat() == "2016-01-01T00:00:00" - assert crl.last_update.isoformat() == "2015-01-01T00:00:00" + assert isinstance(crl.next_update_utc, datetime.datetime) + assert isinstance(crl.last_update_utc, datetime.datetime) + assert crl.next_update_utc.isoformat() == "2016-01-01T00:00:00+00:00" + assert crl.last_update_utc.isoformat() == "2015-01-01T00:00:00+00:00" def test_no_next_update(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_no_next_update.pem"), x509.load_pem_x509_crl, - backend, ) - assert crl.next_update is None + + with pytest.warns(utils.DeprecatedIn42): + assert crl.next_update is None + assert crl.next_update_utc is None def test_unrecognized_extension(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_unrecognized_extension.der"), x509.load_der_x509_crl, - backend, ) unrecognized = x509.UnrecognizedExtension( x509.ObjectIdentifier("1.2.3.4.5"), @@ -263,7 +349,6 @@ def test_revoked_cert_retrieval(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) for r in crl: @@ -282,7 +367,6 @@ def test_get_revoked_certificate_by_serial_number(self, backend): "x509", "PKITS_data", "crls", "LongSerialNumberCACRL.crl" ), x509.load_der_x509_crl, - backend, ) serial_number = 725064303890588110203033396814564464046290047507 revoked = crl.get_revoked_certificate_by_serial_number(serial_number) @@ -299,16 +383,20 @@ def test_revoked_cert_retrieval_retain_only_revoked(self, backend): revoked = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, )[11] - assert revoked.revocation_date == datetime.datetime(2015, 1, 1, 0, 0) + with pytest.warns(utils.DeprecatedIn42): + assert revoked.revocation_date == datetime.datetime( + 2015, 1, 1, 0, 0 + ) + assert revoked.revocation_date_utc == datetime.datetime( + 2015, 1, 1, 0, 0, tzinfo=datetime.timezone.utc + ) assert revoked.serial_number == 11 def test_extensions(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_ian_aia_aki.pem"), x509.load_pem_x509_crl, - backend, ) crl_number = crl.extensions.get_extension_for_oid( @@ -346,7 +434,6 @@ def test_delta_crl_indicator(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_delta_crl_indicator.pem"), x509.load_pem_x509_crl, - backend, ) dci = crl.extensions.get_extension_for_oid( @@ -359,7 +446,6 @@ def test_signature(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) assert crl.signature == binascii.unhexlify( @@ -378,13 +464,11 @@ def test_tbs_certlist_bytes(self, backend): crl = _load_cert( os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"), x509.load_der_x509_crl, - backend, ) ca_cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) public_key = ca_cert.public_key() @@ -401,7 +485,6 @@ def test_public_bytes_pem(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_empty.pem"), x509.load_pem_x509_crl, - backend, ) # Encode it to PEM and load it back. @@ -409,18 +492,19 @@ def test_public_bytes_pem(self, backend): crl.public_bytes( encoding=serialization.Encoding.PEM, ), - backend, ) assert len(crl) == 0 - assert crl.last_update == datetime.datetime(2015, 12, 20, 23, 44, 47) - assert crl.next_update == datetime.datetime(2015, 12, 28, 0, 44, 47) + _check_crl_times( + crl, + last_update=datetime.datetime(2015, 12, 20, 23, 44, 47), + next_update=datetime.datetime(2015, 12, 28, 0, 44, 47), + ) def test_public_bytes_der(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) # Encode it to DER and load it back. @@ -428,12 +512,14 @@ def test_public_bytes_der(self, backend): crl.public_bytes( encoding=serialization.Encoding.DER, ), - backend, ) assert len(crl) == 12 - assert crl.last_update == datetime.datetime(2015, 1, 1, 0, 0, 0) - assert crl.next_update == datetime.datetime(2016, 1, 1, 0, 0, 0) + _check_crl_times( + crl, + last_update=datetime.datetime(2015, 1, 1, 0, 0, 0), + next_update=datetime.datetime(2016, 1, 1, 0, 0, 0), + ) @pytest.mark.parametrize( ("cert_path", "loader_func", "encoding"), @@ -464,7 +550,6 @@ def test_public_bytes_invalid_encoding(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_empty.pem"), x509.load_pem_x509_crl, - backend, ) with pytest.raises(TypeError): @@ -474,28 +559,30 @@ def test_verify_bad(self, backend): crl = _load_cert( os.path.join("x509", "custom", "invalid_signature_crl.pem"), x509.load_pem_x509_crl, - backend, ) crt = _load_cert( os.path.join("x509", "custom", "invalid_signature_cert.pem"), x509.load_pem_x509_certificate, - backend, ) public_key = crt.public_key() assert isinstance(public_key, rsa.RSAPublicKey) assert not crl.is_signature_valid(public_key) + crl = _load_cert( + os.path.join("x509", "custom", "crl_inner_outer_mismatch.der"), + x509.load_der_x509_crl, + ) + assert not crl.is_signature_valid(public_key) + def test_verify_good(self, backend): crl = _load_cert( os.path.join("x509", "custom", "valid_signature_crl.pem"), x509.load_pem_x509_crl, - backend, ) crt = _load_cert( os.path.join("x509", "custom", "valid_signature_cert.pem"), x509.load_pem_x509_certificate, - backend, ) public_key = crt.public_key() @@ -506,7 +593,6 @@ def test_verify_argument_must_be_a_public_key(self, backend): crl = _load_cert( os.path.join("x509", "custom", "valid_signature_crl.pem"), x509.load_pem_x509_crl, - backend, ) with pytest.raises(TypeError): @@ -523,23 +609,28 @@ def test_revoked_basics(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) for i, rev in enumerate(crl): assert isinstance(rev, x509.RevokedCertificate) assert isinstance(rev.serial_number, int) - assert isinstance(rev.revocation_date, datetime.datetime) + with pytest.warns(utils.DeprecatedIn42): + assert isinstance(rev.revocation_date, datetime.datetime) + assert isinstance(rev.revocation_date_utc, datetime.datetime) assert isinstance(rev.extensions, x509.Extensions) assert rev.serial_number == i - assert rev.revocation_date.isoformat() == "2015-01-01T00:00:00" + with pytest.warns(utils.DeprecatedIn42): + assert rev.revocation_date.isoformat() == "2015-01-01T00:00:00" + assert ( + rev.revocation_date_utc.isoformat() + == "2015-01-01T00:00:00+00:00" + ) def test_revoked_extensions(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) exp_issuer = [ @@ -602,7 +693,6 @@ def test_no_revoked_certs(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_empty.pem"), x509.load_pem_x509_crl, - backend, ) assert len(crl) == 0 @@ -610,7 +700,6 @@ def test_duplicate_entry_ext(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_dup_entry_ext.pem"), x509.load_pem_x509_crl, - backend, ) with pytest.raises(x509.DuplicateExtension): @@ -622,7 +711,6 @@ def test_unsupported_crit_entry_ext(self, backend): "x509", "custom", "crl_md2_unknown_crit_entry_ext.pem" ), x509.load_pem_x509_crl, - backend, ) ext = crl[0].extensions.get_extension_for_oid( @@ -635,7 +723,6 @@ def test_unsupported_reason(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_unsupported_reason.pem"), x509.load_pem_x509_crl, - backend, ) with pytest.raises(ValueError): @@ -647,7 +734,6 @@ def test_invalid_cert_issuer_ext(self, backend): "x509", "custom", "crl_inval_cert_issuer_entry_ext.pem" ), x509.load_pem_x509_crl, - backend, ) with pytest.raises(ValueError): @@ -657,7 +743,6 @@ def test_indexing(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_all_reasons.pem"), x509.load_pem_x509_crl, - backend, ) with pytest.raises(IndexError): @@ -670,8 +755,10 @@ def test_indexing(self, backend): assert crl[2:4][0].serial_number == crl[2].serial_number assert crl[2:4][1].serial_number == crl[3].serial_number - def test_get_revoked_certificate_doesnt_reorder(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_get_revoked_certificate_doesnt_reorder( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -706,31 +793,132 @@ def test_get_revoked_certificate_doesnt_reorder(self, backend): assert crl[2].serial_number == 3 +class TestRSAECertificate: + def test_load_cert_pub_key(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "ca", "rsae_ca.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert, x509.Certificate) + expected_pub_key = load_vectors_from_file( + os.path.join("x509", "custom", "ca", "rsa_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read(), None, unsafe_skip_rsa_key_validation=True + ), + mode="rb", + ).public_key() + assert isinstance(expected_pub_key, rsa.RSAPublicKey) + pub_key = cert.public_key() + assert isinstance(pub_key, rsa.RSAPublicKey) + assert ( + cert.public_key_algorithm_oid + == PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5 + ) + assert pub_key == expected_pub_key + pss = cert.signature_algorithm_parameters + assert isinstance(pss, padding.PSS) + assert isinstance(pss._mgf, padding.MGF1) + assert isinstance(pss._mgf._algorithm, hashes.SHA256) + assert pss._salt_length == 0x14 + assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) + pub_key.verify( + cert.signature, + cert.tbs_certificate_bytes, + pss, + cert.signature_hash_algorithm, + ) + + class TestRSAPSSCertificate: - @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - and not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL - and not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E - ), - skip_message="Does not support RSA PSS loading", - ) def test_load_cert_pub_key(self, backend): cert = _load_cert( os.path.join("x509", "custom", "rsa_pss_cert.pem"), x509.load_pem_x509_certificate, - backend, ) assert isinstance(cert, x509.Certificate) expected_pub_key = _load_cert( os.path.join("asymmetric", "PKCS8", "rsa_pss_2048_pub.der"), serialization.load_der_public_key, - backend, ) assert isinstance(expected_pub_key, rsa.RSAPublicKey) pub_key = cert.public_key() assert isinstance(pub_key, rsa.RSAPublicKey) - assert pub_key.public_numbers() == expected_pub_key.public_numbers() + assert ( + cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.RSASSA_PSS + ) + assert pub_key == expected_pub_key + pss = cert.signature_algorithm_parameters + assert isinstance(pss, padding.PSS) + assert isinstance(pss._mgf, padding.MGF1) + assert isinstance(pss._mgf._algorithm, hashes.SHA256) + assert pss._salt_length == 222 + assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) + pub_key.verify( + cert.signature, + cert.tbs_certificate_bytes, + pss, + cert.signature_hash_algorithm, + ) + + def test_load_pss_cert_no_null(self, backend): + """ + This test verifies that PSS certs where the hash algorithm + identifiers have no trailing null still load properly. LibreSSL + generates certs like this. + """ + cert = _load_cert( + os.path.join("x509", "custom", "rsa_pss_sha256_no_null.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert, x509.Certificate) + pss = cert.signature_algorithm_parameters + assert isinstance(pss, padding.PSS) + assert isinstance(pss._mgf, padding.MGF1) + assert isinstance(pss._mgf._algorithm, hashes.SHA256) + assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) + + def test_load_pss_sha1_mgf1_sha1(self, backend): + cert = _load_cert( + os.path.join("x509", "ee-pss-sha1-cert.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert, x509.Certificate) + pub_key = cert.public_key() + assert isinstance(pub_key, rsa.RSAPublicKey) + pss = cert.signature_algorithm_parameters + assert isinstance(pss, padding.PSS) + assert isinstance(pss._mgf, padding.MGF1) + assert isinstance(pss._mgf._algorithm, hashes.SHA1) + assert pss._salt_length == 20 + assert isinstance(cert.signature_hash_algorithm, hashes.SHA1) + + def test_invalid_mgf(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "rsa_pss_cert_invalid_mgf.der"), + x509.load_der_x509_certificate, + ) + with pytest.raises(ValueError): + cert.signature_algorithm_parameters + + def test_unsupported_mgf_hash(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "rsa_pss_cert_unsupported_mgf_hash.der" + ), + x509.load_der_x509_certificate, + ) + with pytest.raises(UnsupportedAlgorithm): + cert.signature_algorithm_parameters + + def test_no_sig_params(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "rsa_pss_cert_no_sig_params.der"), + x509.load_der_x509_certificate, + ) + with pytest.raises(ValueError): + cert.signature_algorithm_parameters + with pytest.raises(ValueError): + cert.signature_hash_algorithm class TestRSACertificate: @@ -738,7 +926,6 @@ def test_load_pem_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) assert isinstance(cert, x509.Certificate) assert cert.serial_number == 11559813051657483483 @@ -748,12 +935,38 @@ def test_load_pem_cert(self, backend): assert ( cert.signature_algorithm_oid == SignatureAlgorithmOID.RSA_WITH_SHA1 ) + assert isinstance( + cert.signature_algorithm_parameters, padding.PKCS1v15 + ) + assert isinstance(cert.public_key(), rsa.RSAPublicKey) + assert ( + cert.public_key_algorithm_oid + == PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5 + ) + + def test_check_pkcs1_signature_algorithm_parameters(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "ca", "rsa_ca.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert, x509.Certificate) + assert isinstance( + cert.signature_algorithm_parameters, padding.PKCS1v15 + ) + pk = cert.public_key() + assert isinstance(pk, rsa.RSAPublicKey) + assert cert.signature_hash_algorithm is not None + pk.verify( + cert.signature, + cert.tbs_certificate_bytes, + cert.signature_algorithm_parameters, + cert.signature_hash_algorithm, + ) def test_load_legacy_pem_header(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.old_header.pem"), x509.load_pem_x509_certificate, - backend, ) assert isinstance(cert, x509.Certificate) @@ -761,7 +974,12 @@ def test_load_with_other_sections(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.with_garbage.pem"), x509.load_pem_x509_certificate, - backend, + ) + assert isinstance(cert, x509.Certificate) + + cert = _load_cert( + os.path.join("x509", "cryptography.io.with_headers.pem"), + x509.load_pem_x509_certificate, ) assert isinstance(cert, x509.Certificate) @@ -772,12 +990,10 @@ def test_load_multiple_sections(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.chain.pem"), x509.load_pem_x509_certificate, - backend, ) cert2 = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert == cert2 @@ -788,7 +1004,6 @@ def test_negative_serial_number(self, backend): cert = _load_cert( os.path.join("x509", "custom", "negative_serial.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.warns(utils.DeprecatedIn36): @@ -798,7 +1013,6 @@ def test_country_jurisdiction_country_too_long(self, backend): cert = _load_cert( os.path.join("x509", "custom", "bad_country.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.warns(UserWarning): assert ( @@ -820,19 +1034,22 @@ def test_alternate_rsa_with_sha1_oid(self, backend): cert = _load_cert( os.path.join("x509", "custom", "alternate-rsa-sha1-oid.der"), x509.load_der_x509_certificate, - backend, ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA1) assert ( cert.signature_algorithm_oid == SignatureAlgorithmOID._RSA_WITH_SHA1 ) + assert isinstance(cert.public_key(), rsa.RSAPublicKey) + assert ( + cert.public_key_algorithm_oid + == PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5 + ) def test_load_bmpstring_explicittext(self, backend): cert = _load_cert( os.path.join("x509", "accvraiz1.pem"), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions.get_extension_for_class(x509.CertificatePolicies) et = ext.value[0].policy_qualifiers[0].explicit_text @@ -846,7 +1063,6 @@ def test_load_der_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) assert isinstance(cert, x509.Certificate) assert cert.serial_number == 2 @@ -858,7 +1074,6 @@ def test_signature(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.signature == binascii.unhexlify( b"8e0f72fcbebe4755abcaf76c8ce0bae17cde4db16291638e1b1ce04a93cdb4c" @@ -885,7 +1100,6 @@ def test_tbs_certificate_bytes(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.tbs_certificate_bytes == binascii.unhexlify( b"308202d8a003020102020900a06cb4b955f7f4db300d06092a864886f70d010" @@ -923,16 +1137,29 @@ def test_tbs_certificate_bytes(self, backend): cert.signature_hash_algorithm, ) + def test_tbs_precertificate_bytes_duplicate_extensions_raises( + self, backend + ): + cert = _load_cert( + os.path.join("x509", "custom", "two_basic_constraints.pem"), + x509.load_pem_x509_certificate, + ) + + with pytest.raises( + x509.DuplicateExtension, + match="Duplicate 2.5.29.19 extension found", + ): + cert.tbs_precertificate_bytes + def test_tbs_precertificate_bytes_no_extensions_raises(self, backend): cert = _load_cert( os.path.join("x509", "v1_cert.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.raises( ValueError, - match="Could not find any extensions in TBS certificate", + match="Could not find pre-certificate SCT list extension", ): cert.tbs_precertificate_bytes @@ -940,7 +1167,6 @@ def test_tbs_precertificate_bytes_missing_extension_raises(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) # This cert doesn't have an SCT list extension, so it will throw a @@ -955,7 +1181,6 @@ def test_tbs_precertificate_bytes_strips_scts(self, backend): cert = _load_cert( os.path.join("x509", "cryptography-scts.pem"), x509.load_pem_x509_certificate, - backend, ) expected_tbs_precertificate_bytes = load_vectors_from_file( @@ -977,7 +1202,6 @@ def test_issuer(self, backend): "Validpre2000UTCnotBeforeDateTest3EE.crt", ), x509.load_der_x509_certificate, - backend, ) issuer = cert.issuer assert isinstance(issuer, x509.Name) @@ -996,7 +1220,6 @@ def test_all_issuer_name_types(self, backend): cert = _load_cert( os.path.join("x509", "custom", "all_supported_names.pem"), x509.load_pem_x509_certificate, - backend, ) issuer = cert.issuer @@ -1043,7 +1266,6 @@ def test_subject(self, backend): "Validpre2000UTCnotBeforeDateTest3EE.crt", ), x509.load_der_x509_certificate, - backend, ) subject = cert.subject assert isinstance(subject, x509.Name) @@ -1068,7 +1290,6 @@ def test_unicode_name(self, backend): cert = _load_cert( os.path.join("x509", "custom", "utf8_common_name.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) == [ x509.NameAttribute(NameOID.COMMON_NAME, "We heart UTF8!\u2122") @@ -1081,7 +1302,6 @@ def test_invalid_unicode_name(self, backend): cert = _load_cert( os.path.join("x509", "custom", "invalid_utf8_common_name.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.raises(ValueError, match="subject"): cert.subject @@ -1092,7 +1312,6 @@ def test_non_ascii_dns_name(self, backend): cert = _load_cert( os.path.join("x509", "utf8-dnsname.pem"), x509.load_pem_x509_certificate, - backend, ) san = cert.extensions.get_extension_for_class( x509.SubjectAlternativeName @@ -1114,7 +1333,6 @@ def test_all_subject_name_types(self, backend): cert = _load_cert( os.path.join("x509", "custom", "all_supported_names.pem"), x509.load_pem_x509_certificate, - backend, ) subject = cert.subject assert isinstance(subject, x509.Name) @@ -1159,11 +1377,13 @@ def test_load_good_ca_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) - assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2010, 1, 1, 8, 30), + not_valid_after=datetime.datetime(2030, 12, 31, 8, 30), + ) assert cert.serial_number == 2 public_key = cert.public_key() assert isinstance(public_key, rsa.RSAPublicKey) @@ -1180,10 +1400,13 @@ def test_utc_pre_2000_not_before_cert(self, backend): "Validpre2000UTCnotBeforeDateTest3EE.crt", ), x509.load_der_x509_certificate, - backend, ) - assert cert.not_valid_before == datetime.datetime(1950, 1, 1, 12, 1) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(1950, 1, 1, 12, 1), + not_valid_after=None, + ) def test_pre_2000_utc_not_after_cert(self, backend): cert = _load_cert( @@ -1194,22 +1417,23 @@ def test_pre_2000_utc_not_after_cert(self, backend): "Invalidpre2000UTCEEnotAfterDateTest7EE.crt", ), x509.load_der_x509_certificate, - backend, ) - assert cert.not_valid_after == datetime.datetime(1999, 1, 1, 12, 1) + _check_cert_times( + cert, + not_valid_before=None, + not_valid_after=datetime.datetime(1999, 1, 1, 12, 1), + ) def test_post_2000_utc_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, - ) - assert cert.not_valid_before == datetime.datetime( - 2014, 11, 26, 21, 41, 20 ) - assert cert.not_valid_after == datetime.datetime( - 2014, 12, 26, 21, 41, 20 + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2014, 11, 26, 21, 41, 20), + not_valid_after=datetime.datetime(2014, 12, 26, 21, 41, 20), ) def test_generalized_time_not_before_cert(self, backend): @@ -1221,10 +1445,12 @@ def test_generalized_time_not_before_cert(self, backend): "ValidGeneralizedTimenotBeforeDateTest4EE.crt", ), x509.load_der_x509_certificate, - backend, ) - assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1) - assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2002, 1, 1, 12, 1), + not_valid_after=datetime.datetime(2030, 12, 31, 8, 30), + ) assert cert.version is x509.Version.v3 def test_generalized_time_not_after_cert(self, backend): @@ -1236,10 +1462,12 @@ def test_generalized_time_not_after_cert(self, backend): "ValidGeneralizedTimenotAfterDateTest8EE.crt", ), x509.load_der_x509_certificate, - backend, ) - assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2010, 1, 1, 8, 30), + not_valid_after=datetime.datetime(2050, 1, 1, 12, 1), + ) assert cert.version is x509.Version.v3 def test_invalid_version_cert(self, backend): @@ -1247,21 +1475,37 @@ def test_invalid_version_cert(self, backend): _load_cert( os.path.join("x509", "custom", "invalid_version.pem"), x509.load_pem_x509_certificate, - backend, ) assert exc.value.parsed_version == 7 + def test_invalid_visiblestring_in_explicit_text(self, backend): + cert = _load_cert( + os.path.join( + "x509", + "belgian-eid-invalid-visiblestring.pem", + ), + x509.load_pem_x509_certificate, + ) + with pytest.warns(utils.DeprecatedIn41): + cp = cert.extensions.get_extension_for_class( + x509.CertificatePolicies + ).value + assert isinstance(cp, x509.CertificatePolicies) + assert cp[0].policy_qualifiers[1].explicit_text == ( + "Gebruik onderworpen aan aansprakelijkheidsbeperkingen, zie CPS " + "- Usage soumis à des limitations de responsabilité, voir CPS - " + "Verwendung unterliegt Haftungsbeschränkungen, gemäss CPS" + ) + def test_eq(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) cert2 = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert == cert2 @@ -1269,7 +1513,6 @@ def test_ne(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) cert2 = _load_cert( os.path.join( @@ -1279,7 +1522,6 @@ def test_ne(self, backend): "ValidGeneralizedTimenotAfterDateTest8EE.crt", ), x509.load_der_x509_certificate, - backend, ) assert cert != cert2 assert cert != object() @@ -1288,26 +1530,22 @@ def test_ordering_unsupported(self, backend): cert = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) cert2 = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) - with pytest.raises(TypeError, match="cannot be ordered"): + with pytest.raises(TypeError, match="'>' not supported"): cert > cert2 # type: ignore[operator] def test_hash(self, backend): cert1 = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) cert2 = _load_cert( os.path.join("x509", "custom", "post2000utctime.pem"), x509.load_pem_x509_certificate, - backend, ) cert3 = _load_cert( os.path.join( @@ -1317,7 +1555,6 @@ def test_hash(self, backend): "ValidGeneralizedTimenotAfterDateTest8EE.crt", ), x509.load_der_x509_certificate, - backend, ) assert hash(cert1) == hash(cert2) @@ -1327,7 +1564,6 @@ def test_version_1_cert(self, backend): cert = _load_cert( os.path.join("x509", "v1_cert.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.version is x509.Version.v1 @@ -1351,7 +1587,6 @@ def test_unsupported_signature_hash_algorithm_cert(self, backend): cert = _load_cert( os.path.join("x509", "verisign_md2_root.pem"), x509.load_pem_x509_certificate, - backend, ) with raises_unsupported_algorithm(None): cert.signature_hash_algorithm @@ -1361,7 +1596,6 @@ def test_public_bytes_pem(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) # Encode it to PEM and load it back. @@ -1373,8 +1607,11 @@ def test_public_bytes_pem(self, backend): ) # We should recover what we had to start with. - assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2010, 1, 1, 8, 30), + not_valid_after=datetime.datetime(2030, 12, 31, 8, 30), + ) assert cert.serial_number == 2 public_key = cert.public_key() assert isinstance(public_key, rsa.RSAPublicKey) @@ -1387,7 +1624,6 @@ def test_public_bytes_der(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) # Encode it to DER and load it back. @@ -1395,12 +1631,14 @@ def test_public_bytes_der(self, backend): cert.public_bytes( encoding=serialization.Encoding.DER, ), - backend, ) # We should recover what we had to start with. - assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30) - assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30) + _check_cert_times( + cert, + not_valid_before=datetime.datetime(2010, 1, 1, 8, 30), + not_valid_after=datetime.datetime(2030, 12, 31, 8, 30), + ) assert cert.serial_number == 2 public_key = cert.public_key() assert isinstance(public_key, rsa.RSAPublicKey) @@ -1412,7 +1650,6 @@ def test_public_bytes_invalid_encoding(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), x509.load_der_x509_certificate, - backend, ) with pytest.raises(TypeError): @@ -1439,7 +1676,7 @@ def test_public_bytes_match( cert_bytes = load_vectors_from_file( cert_path, lambda pemfile: pemfile.read(), mode="rb" ) - cert = loader_func(cert_bytes, backend) + cert = loader_func(cert_bytes) serialized = cert.public_bytes(encoding) assert serialized == cert_bytes @@ -1447,7 +1684,6 @@ def test_certificate_repr(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) assert repr(cert) == ( " csr2 # type: ignore[operator] def test_hash(self, backend): request1 = _load_cert( os.path.join("x509", "requests", "rsa_sha1.pem"), x509.load_pem_x509_csr, - backend, ) request2 = _load_cert( os.path.join("x509", "requests", "rsa_sha1.pem"), x509.load_pem_x509_csr, - backend, ) request3 = _load_cert( os.path.join("x509", "requests", "san_rsa_sha1.pem"), x509.load_pem_x509_csr, - backend, ) assert hash(request1) == hash(request2) @@ -1864,7 +2233,6 @@ def test_hash(self, backend): @pytest.mark.parametrize( ("hashalg", "hashalg_oid"), [ - (hashes.SHA1, x509.SignatureAlgorithmOID.RSA_WITH_SHA1), (hashes.SHA224, x509.SignatureAlgorithmOID.RSA_WITH_SHA224), (hashes.SHA256, x509.SignatureAlgorithmOID.RSA_WITH_SHA256), (hashes.SHA384, x509.SignatureAlgorithmOID.RSA_WITH_SHA384), @@ -1875,12 +2243,14 @@ def test_hash(self, backend): (hashes.SHA3_512, x509.SignatureAlgorithmOID.RSA_WITH_SHA3_512), ], ) - def test_build_cert(self, hashalg, hashalg_oid, backend): + def test_build_cert( + self, rsa_key_2048: rsa.RSAPrivateKey, hashalg, hashalg_oid, backend + ): if not backend.signature_hash_supported(hashalg()): pytest.skip(f"{hashalg} signature not supported") - issuer_private_key = RSA_KEY_2048.private_key(backend) - subject_private_key = RSA_KEY_2048.private_key(backend) + issuer_private_key = rsa_key_2048 + subject_private_key = rsa_key_2048 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) @@ -1934,9 +2304,19 @@ def test_build_cert(self, hashalg, hashalg_oid, backend): cert = builder.sign(issuer_private_key, hashalg(), backend) assert cert.version is x509.Version.v3 + public_key = cert.public_key() + assert isinstance(public_key, rsa.RSAPublicKey) + assert ( + cert.public_key_algorithm_oid + == PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5 + ) assert cert.signature_algorithm_oid == hashalg_oid - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after + assert type(cert.signature_hash_algorithm) is hashalg + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) basic_constraints = cert.extensions.get_extension_for_oid( ExtensionOID.BASIC_CONSTRAINTS ) @@ -1953,9 +2333,11 @@ def test_build_cert(self, hashalg, hashalg_oid, backend): x509.DNSName("cryptography.io"), ] - def test_build_cert_private_type_encoding(self, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_build_cert_private_type_encoding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_2048 + subject_private_key = rsa_key_2048 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) name = x509.Name( @@ -2002,9 +2384,11 @@ def test_build_cert_private_type_encoding(self, backend): == _ASN1Type.UTF8String ) - def test_build_cert_printable_string_country_name(self, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_build_cert_printable_string_country_name( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_2048 + subject_private_key = rsa_key_2048 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) @@ -2045,7 +2429,7 @@ def test_build_cert_printable_string_country_name(self, backend): cert = builder.sign(issuer_private_key, hashes.SHA256(), backend) - parsed = asn1.test_parse_certificate( + parsed = test_support.test_parse_certificate( cert.public_bytes(serialization.Encoding.DER) ) @@ -2057,8 +2441,10 @@ def test_build_cert_printable_string_country_name(self, backend): class TestCertificateBuilder: - def test_checks_for_unsupported_extensions(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_checks_for_unsupported_extensions( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .subject_name( @@ -2075,10 +2461,12 @@ def test_checks_for_unsupported_extensions(self, backend): ) with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA1(), backend) + builder.sign(private_key, hashes.SHA256(), backend) - def test_encode_nonstandard_aia(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_encode_nonstandard_aia( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 aia = x509.AuthorityInformationAccess( [ @@ -2106,8 +2494,10 @@ def test_encode_nonstandard_aia(self, backend): builder.sign(private_key, hashes.SHA256(), backend) - def test_encode_nonstandard_sia(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_encode_nonstandard_sia( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 sia = x509.SubjectInformationAccess( [ @@ -2139,8 +2529,10 @@ def test_encode_nonstandard_sia(self, backend): ) assert ext.value == sia - def test_subject_dn_asn1_types(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_subject_dn_asn1_types( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 name = x509.Name( [ @@ -2189,15 +2581,220 @@ def test_subject_dn_asn1_types(self, backend): for oid, asn1_type in TestNameAttribute.EXPECTED_TYPES: assert dn.get_attributes_for_oid(oid)[0]._type == asn1_type - @pytest.mark.parametrize( - ("not_valid_before", "not_valid_after"), - [ - [datetime.datetime(1970, 2, 1), datetime.datetime(9999, 1, 1)], - [datetime.datetime(1970, 2, 1), datetime.datetime(9999, 12, 31)], - ], - ) - def test_extreme_times(self, not_valid_before, not_valid_after, backend): - private_key = RSA_KEY_2048.private_key(backend) + @pytest.mark.parametrize( + ("not_valid_before", "not_valid_after"), + [ + [datetime.datetime(1970, 2, 1), datetime.datetime(9999, 1, 1)], + [datetime.datetime(1970, 2, 1), datetime.datetime(9999, 12, 31)], + ], + ) + def test_extreme_times( + self, + rsa_key_2048: rsa.RSAPrivateKey, + not_valid_before, + not_valid_after, + backend, + ): + private_key = rsa_key_2048 + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .public_key(private_key.public_key()) + .serial_number(777) + .not_valid_before(not_valid_before) + .not_valid_after(not_valid_after) + ) + cert = builder.sign(private_key, hashes.SHA256(), backend) + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) + parsed = test_support.test_parse_certificate( + cert.public_bytes(serialization.Encoding.DER) + ) + # UTC TIME + assert parsed.not_before_tag == 0x17 + # GENERALIZED TIME + assert parsed.not_after_tag == 0x18 + + def test_rdns_preserve_iteration_order( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + """ + This test checks that RDN ordering is consistent when loading + data from a certificate. Since the underlying RDN is an ASN.1 + set these values get lexicographically ordered on encode and + the parsed value won't necessarily be in the same order as + the originally provided list. However, we want to make sure + that the order is always consistent since it confuses people + when it isn't. + """ + name = x509.Name( + [ + x509.RelativeDistinguishedName( + [ + x509.NameAttribute(NameOID.TITLE, "Test"), + x509.NameAttribute(NameOID.COMMON_NAME, "Multivalue"), + x509.NameAttribute(NameOID.SURNAME, "RDNs"), + ] + ), + ] + ) + + cert = ( + x509.CertificateBuilder() + .serial_number(1) + .issuer_name(name) + .subject_name(name) + .public_key(rsa_key_2048.public_key()) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) + .sign(rsa_key_2048, hashes.SHA256(), backend) + ) + loaded_cert = x509.load_pem_x509_certificate( + cert.public_bytes(encoding=serialization.Encoding.PEM) + ) + assert next(iter(loaded_cert.subject.rdns[0])) == x509.NameAttribute( + NameOID.SURNAME, "RDNs" + ) + + @pytest.mark.parametrize( + ("alg", "mgf_alg"), + [ + (hashes.SHA512(), hashes.SHA256()), + (hashes.SHA3_512(), hashes.SHA3_256()), + ], + ) + def test_sign_pss( + self, rsa_key_2048: rsa.RSAPrivateKey, alg, mgf_alg, backend + ): + if not backend.signature_hash_supported(alg): + pytest.skip(f"{alg} signature not supported") + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .public_key(rsa_key_2048.public_key()) + .serial_number(777) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) + ) + pss = padding.PSS( + mgf=padding.MGF1(mgf_alg), salt_length=alg.digest_size + ) + cert = builder.sign(rsa_key_2048, alg, rsa_padding=pss) + pk = cert.public_key() + assert isinstance(pk, rsa.RSAPublicKey) + assert isinstance(cert.signature_hash_algorithm, type(alg)) + cert_params = cert.signature_algorithm_parameters + assert isinstance(cert_params, padding.PSS) + assert cert_params._salt_length == pss._salt_length + assert isinstance(cert_params._mgf, padding.MGF1) + assert isinstance(cert_params._mgf._algorithm, type(mgf_alg)) + pk.verify( + cert.signature, + cert.tbs_certificate_bytes, + cert_params, + alg, + ) + + @pytest.mark.parametrize( + ("padding_len", "computed_len"), + [ + (padding.PSS.MAX_LENGTH, 222), + (padding.PSS.DIGEST_LENGTH, 32), + ], + ) + def test_sign_pss_length_options( + self, + rsa_key_2048: rsa.RSAPrivateKey, + padding_len, + computed_len, + backend, + ): + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .public_key(rsa_key_2048.public_key()) + .serial_number(777) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) + ) + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len + ) + cert = builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss) + assert isinstance(cert.signature_algorithm_parameters, padding.PSS) + assert cert.signature_algorithm_parameters._salt_length == computed_len + + def test_sign_pss_auto_unsupported( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .public_key(rsa_key_2048.public_key()) + .serial_number(777) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) + ) + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.AUTO + ) + with pytest.raises(TypeError): + builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss) + + def test_sign_invalid_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + builder = ( + x509.CertificateBuilder() + .subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .issuer_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + .public_key(rsa_key_2048.public_key()) + .serial_number(777) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) + ) + with pytest.raises(TypeError): + builder.sign( + rsa_key_2048, + hashes.SHA256(), + rsa_padding=b"notapadding", # type: ignore[arg-type] + ) + eckey = ec.generate_private_key(ec.SECP256R1()) + with pytest.raises(TypeError): + builder.sign( + eckey, hashes.SHA256(), rsa_padding=padding.PKCS1v15() + ) + + def test_sign_pss_hash_none( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): builder = ( x509.CertificateBuilder() .subject_name( @@ -2206,24 +2803,17 @@ def test_extreme_times(self, not_valid_before, not_valid_after, backend): .issuer_name( x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) ) - .public_key(private_key.public_key()) + .public_key(rsa_key_2048.public_key()) .serial_number(777) - .not_valid_before(not_valid_before) - .not_valid_after(not_valid_after) - ) - cert = builder.sign(private_key, hashes.SHA256(), backend) - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after - parsed = asn1.test_parse_certificate( - cert.public_bytes(serialization.Encoding.DER) + .not_valid_before(datetime.datetime(2020, 1, 1)) + .not_valid_after(datetime.datetime(2038, 1, 1)) ) - # UTC TIME - assert parsed.not_before_tag == 0x17 - # GENERALIZED TIME - assert parsed.not_after_tag == 0x18 + pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=32) + with pytest.raises(TypeError): + builder.sign(rsa_key_2048, None, rsa_padding=pss) - def test_no_subject_name(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_subject_name(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(777) @@ -2237,8 +2827,8 @@ def test_no_subject_name(self, backend): with pytest.raises(ValueError): builder.sign(subject_private_key, hashes.SHA256(), backend) - def test_no_issuer_name(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_issuer_name(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(777) @@ -2252,8 +2842,8 @@ def test_no_issuer_name(self, backend): with pytest.raises(ValueError): builder.sign(subject_private_key, hashes.SHA256(), backend) - def test_no_public_key(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_public_key(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(777) @@ -2269,8 +2859,10 @@ def test_no_public_key(self, backend): with pytest.raises(ValueError): builder.sign(subject_private_key, hashes.SHA256(), backend) - def test_no_not_valid_before(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_not_valid_before( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(777) @@ -2286,8 +2878,10 @@ def test_no_not_valid_before(self, backend): with pytest.raises(ValueError): builder.sign(subject_private_key, hashes.SHA256(), backend) - def test_no_not_valid_after(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_not_valid_after( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(777) @@ -2303,8 +2897,8 @@ def test_no_not_valid_after(self, backend): with pytest.raises(ValueError): builder.sign(subject_private_key, hashes.SHA256(), backend) - def test_no_serial_number(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_no_serial_number(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .issuer_name( @@ -2368,15 +2962,19 @@ def test_not_valid_after_before_not_valid_before(self): with pytest.raises(ValueError): builder.not_valid_after(datetime.datetime(2001, 1, 1, 12, 1)) - def test_public_key_must_be_public_key(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_public_key_must_be_public_key( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = x509.CertificateBuilder() with pytest.raises(TypeError): builder.public_key(private_key) # type: ignore[arg-type] - def test_public_key_may_only_be_set_once(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_public_key_may_only_be_set_once( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 public_key = private_key.public_key() builder = x509.CertificateBuilder().public_key(public_key) @@ -2397,8 +2995,10 @@ def test_serial_number_must_be_positive(self): with pytest.raises(ValueError): x509.CertificateBuilder().serial_number(0) - def test_minimal_serial_number(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_minimal_serial_number( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number(1) @@ -2415,8 +3015,10 @@ def test_minimal_serial_number(self, backend): cert = builder.sign(subject_private_key, hashes.SHA256(), backend) assert cert.serial_number == 1 - def test_biggest_serial_number(self, backend): - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_biggest_serial_number( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + subject_private_key = rsa_key_2048 builder = ( x509.CertificateBuilder() .serial_number((1 << 159) - 1) @@ -2443,12 +3045,13 @@ def test_serial_number_may_only_be_set_once(self): with pytest.raises(ValueError): builder.serial_number(20) - def test_aware_not_valid_after(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) - tz = pytz.timezone("US/Pacific") - time = tz.localize(time) + def test_aware_not_valid_after( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + tz = datetime.timezone(datetime.timedelta(hours=-8)) + time = datetime.datetime(2012, 1, 16, 22, 43, tzinfo=tz) utc_time = datetime.datetime(2012, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 cert_builder = x509.CertificateBuilder().not_valid_after(time) cert_builder = ( cert_builder.subject_name( @@ -2463,11 +3066,13 @@ def test_aware_not_valid_after(self, backend): ) cert = cert_builder.sign(private_key, hashes.SHA256(), backend) - assert cert.not_valid_after == utc_time + _check_cert_times( + cert, not_valid_before=None, not_valid_after=utc_time + ) - def test_earliest_time(self, backend): + def test_earliest_time(self, rsa_key_2048: rsa.RSAPrivateKey, backend): time = datetime.datetime(1950, 1, 1) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 cert_builder = ( x509.CertificateBuilder() .subject_name( @@ -2482,9 +3087,8 @@ def test_earliest_time(self, backend): .not_valid_after(time) ) cert = cert_builder.sign(private_key, hashes.SHA256(), backend) - assert cert.not_valid_before == time - assert cert.not_valid_after == time - parsed = asn1.test_parse_certificate( + _check_cert_times(cert, not_valid_before=time, not_valid_after=time) + parsed = test_support.test_parse_certificate( cert.public_bytes(serialization.Encoding.DER) ) # UTC TIME @@ -2515,12 +3119,13 @@ def test_not_valid_after_may_only_be_set_once(self): with pytest.raises(ValueError): builder.not_valid_after(datetime.datetime.now()) - def test_aware_not_valid_before(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) - tz = pytz.timezone("US/Pacific") - time = tz.localize(time) + def test_aware_not_valid_before( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + tz = datetime.timezone(datetime.timedelta(hours=-8)) + time = datetime.datetime(2012, 1, 16, 22, 43, tzinfo=tz) utc_time = datetime.datetime(2012, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 cert_builder = x509.CertificateBuilder().not_valid_before(time) cert_builder = ( cert_builder.subject_name( @@ -2535,7 +3140,9 @@ def test_aware_not_valid_before(self, backend): ) cert = cert_builder.sign(private_key, hashes.SHA256(), backend) - assert cert.not_valid_before == utc_time + _check_cert_times( + cert, not_valid_before=utc_time, not_valid_after=None + ) def test_invalid_not_valid_before(self): with pytest.raises(TypeError): @@ -2583,8 +3190,10 @@ def test_add_invalid_extension_type(self): ) @pytest.mark.parametrize("algorithm", [object(), None]) - def test_sign_with_unsupported_hash(self, algorithm, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_with_unsupported_hash( + self, rsa_key_2048: rsa.RSAPrivateKey, algorithm, backend + ): + private_key = rsa_key_2048 builder = x509.CertificateBuilder() builder = ( builder.subject_name( @@ -2648,28 +3257,6 @@ def test_sign_with_unsupported_hash_ed448(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5()), - skip_message="Requires OpenSSL with MD5 support", - ) - def test_sign_rsa_with_md5(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - builder = x509.CertificateBuilder() - builder = ( - builder.subject_name( - x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) - ) - .issuer_name( - x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) - ) - .serial_number(1) - .public_key(private_key.public_key()) - .not_valid_before(datetime.datetime(2002, 1, 1, 12, 1)) - .not_valid_after(datetime.datetime(2032, 1, 1, 12, 1)) - ) - cert = builder.sign(private_key, hashes.MD5(), backend) - assert isinstance(cert.signature_hash_algorithm, hashes.MD5) - @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.MD5()), skip_message="Requires OpenSSL with MD5 support", @@ -2703,7 +3290,7 @@ def test_sign_dsa_with_unsupported_hash(self, hash_algorithm, backend): .not_valid_before(datetime.datetime(2002, 1, 1, 12, 1)) .not_valid_after(datetime.datetime(2032, 1, 1, 12, 1)) ) - with pytest.raises(ValueError): + with pytest.raises(UnsupportedAlgorithm): builder.sign(private_key, hash_algorithm, backend) @pytest.mark.supported( @@ -2726,8 +3313,12 @@ def test_sign_ec_with_md5(self, backend): .not_valid_before(datetime.datetime(2002, 1, 1, 12, 1)) .not_valid_after(datetime.datetime(2032, 1, 1, 12, 1)) ) - with pytest.raises(ValueError): - builder.sign(private_key, hashes.MD5(), backend) + with pytest.raises(UnsupportedAlgorithm): + builder.sign( + private_key, + hashes.MD5(), # type: ignore[arg-type] + backend, + ) @pytest.mark.supported( only_if=lambda backend: backend.dsa_supported(), @@ -2736,7 +3327,6 @@ def test_sign_ec_with_md5(self, backend): @pytest.mark.parametrize( ("hashalg", "hashalg_oid"), [ - (hashes.SHA1, x509.SignatureAlgorithmOID.DSA_WITH_SHA1), (hashes.SHA224, x509.SignatureAlgorithmOID.DSA_WITH_SHA224), (hashes.SHA256, x509.SignatureAlgorithmOID.DSA_WITH_SHA256), (hashes.SHA384, x509.SignatureAlgorithmOID.DSA_WITH_SHA384), @@ -2778,8 +3368,14 @@ def test_build_cert_with_dsa_private_key( assert cert.version is x509.Version.v3 assert cert.signature_algorithm_oid == hashalg_oid - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after + public_key = cert.public_key() + assert isinstance(public_key, dsa.DSAPublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.DSA + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) basic_constraints = cert.extensions.get_extension_for_oid( ExtensionOID.BASIC_CONSTRAINTS ) @@ -2799,7 +3395,6 @@ def test_build_cert_with_dsa_private_key( @pytest.mark.parametrize( ("hashalg", "hashalg_oid"), [ - (hashes.SHA1, x509.SignatureAlgorithmOID.ECDSA_WITH_SHA1), (hashes.SHA224, x509.SignatureAlgorithmOID.ECDSA_WITH_SHA224), (hashes.SHA256, x509.SignatureAlgorithmOID.ECDSA_WITH_SHA256), (hashes.SHA384, x509.SignatureAlgorithmOID.ECDSA_WITH_SHA384), @@ -2848,9 +3443,19 @@ def test_build_cert_with_ec_private_key( cert = builder.sign(issuer_private_key, hashalg(), backend) assert cert.version is x509.Version.v3 + public_key = cert.public_key() + assert isinstance(public_key, ec.EllipticCurvePublicKey) + assert ( + cert.public_key_algorithm_oid + == PublicKeyAlgorithmOID.EC_PUBLIC_KEY + ) assert cert.signature_algorithm_oid == hashalg_oid - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after + assert type(cert.signature_hash_algorithm) is hashalg + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) basic_constraints = cert.extensions.get_extension_for_oid( ExtensionOID.BASIC_CONSTRAINTS ) @@ -2867,8 +3472,10 @@ def test_build_cert_with_ec_private_key( x509.DNSName("cryptography.io"), ] - def test_build_cert_with_bmpstring_universalstring_name(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_cert_with_bmpstring_universalstring_name( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 issuer = x509.Name( [ x509.NameAttribute( @@ -2942,9 +3549,13 @@ def test_build_cert_with_ed25519(self, backend): assert cert.signature_algorithm_oid == SignatureAlgorithmOID.ED25519 assert cert.signature_hash_algorithm is None assert isinstance(cert.public_key(), ed25519.Ed25519PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED25519 assert cert.version is x509.Version.v3 - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) basic_constraints = cert.extensions.get_extension_for_oid( ExtensionOID.BASIC_CONSTRAINTS ) @@ -2965,8 +3576,10 @@ def test_build_cert_with_ed25519(self, backend): only_if=lambda backend: backend.ed25519_supported(), skip_message="Requires OpenSSL with Ed25519 support", ) - def test_build_cert_with_public_ed25519_rsa_sig(self, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) + def test_build_cert_with_public_ed25519_rsa_sig( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_2048 subject_private_key = ed25519.Ed25519PrivateKey.generate() not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) @@ -2999,6 +3612,7 @@ def test_build_cert_with_public_ed25519_rsa_sig(self, backend): ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) assert isinstance(cert.public_key(), ed25519.Ed25519PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED25519 @pytest.mark.supported( only_if=lambda backend: backend.ed448_supported(), @@ -3040,9 +3654,13 @@ def test_build_cert_with_ed448(self, backend): assert cert.signature_algorithm_oid == SignatureAlgorithmOID.ED448 assert cert.signature_hash_algorithm is None assert isinstance(cert.public_key(), ed448.Ed448PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED448 assert cert.version is x509.Version.v3 - assert cert.not_valid_before == not_valid_before - assert cert.not_valid_after == not_valid_after + _check_cert_times( + cert, + not_valid_before=not_valid_before, + not_valid_after=not_valid_after, + ) basic_constraints = cert.extensions.get_extension_for_oid( ExtensionOID.BASIC_CONSTRAINTS ) @@ -3063,8 +3681,10 @@ def test_build_cert_with_ed448(self, backend): only_if=lambda backend: backend.ed448_supported(), skip_message="Requires OpenSSL with Ed448 support", ) - def test_build_cert_with_public_ed448_rsa_sig(self, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) + def test_build_cert_with_public_ed448_rsa_sig( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_2048 subject_private_key = ed448.Ed448PrivateKey.generate() not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) @@ -3097,6 +3717,7 @@ def test_build_cert_with_public_ed448_rsa_sig(self, backend): ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) assert isinstance(cert.public_key(), ed448.Ed448PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED448 @pytest.mark.supported( only_if=lambda backend: ( @@ -3105,16 +3726,29 @@ def test_build_cert_with_public_ed448_rsa_sig(self, backend): skip_message="Requires OpenSSL with x25519 & x448 support", ) @pytest.mark.parametrize( - ("priv_key_cls", "pub_key_cls"), + ("priv_key_cls", "pub_key_cls", "pub_key_oid"), [ - (x25519.X25519PrivateKey, x25519.X25519PublicKey), - (x448.X448PrivateKey, x448.X448PublicKey), + ( + x25519.X25519PrivateKey, + x25519.X25519PublicKey, + PublicKeyAlgorithmOID.X25519, + ), + ( + x448.X448PrivateKey, + x448.X448PublicKey, + PublicKeyAlgorithmOID.X448, + ), ], ) def test_build_cert_with_public_x25519_x448_rsa_sig( - self, priv_key_cls, pub_key_cls, backend + self, + rsa_key_2048: rsa.RSAPrivateKey, + priv_key_cls, + pub_key_cls, + pub_key_oid, + backend, ): - issuer_private_key = RSA_KEY_2048.private_key(backend) + issuer_private_key = rsa_key_2048 subject_private_key = priv_key_cls.generate() not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) @@ -3147,10 +3781,13 @@ def test_build_cert_with_public_x25519_x448_rsa_sig( ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) assert isinstance(cert.public_key(), pub_key_cls) + assert cert.public_key_algorithm_oid == pub_key_oid - def test_build_cert_with_rsa_key_too_small(self, backend): - issuer_private_key = RSA_KEY_512.private_key(backend) - subject_private_key = RSA_KEY_512.private_key(backend) + def test_build_cert_with_rsa_key_too_small( + self, rsa_key_512: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_512 + subject_private_key = rsa_key_512 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) @@ -3617,9 +4254,11 @@ def test_build_cert_with_rsa_key_too_small(self, backend): x509.SubjectKeyIdentifier, ], ) - def test_extensions(self, add_ext, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_extensions( + self, rsa_key_2048: rsa.RSAPrivateKey, add_ext, backend + ): + issuer_private_key = rsa_key_2048 + subject_private_key = rsa_key_2048 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) @@ -3663,8 +4302,10 @@ def test_extensions(self, add_ext, backend): assert ext.critical is False assert ext.value == add_ext - def test_build_ca_request_with_path_length_none(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_ca_request_with_path_length_none( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 request = ( x509.CertificateSigningRequestBuilder() @@ -3699,8 +4340,10 @@ def test_build_ca_request_with_path_length_none(self, backend): ) ], ) - def test_unrecognized_extension(self, backend, unrecognized): - private_key = RSA_KEY_2048.private_key(backend) + def test_unrecognized_extension( + self, rsa_key_2048: rsa.RSAPrivateKey, backend, unrecognized + ): + private_key = rsa_key_2048 cert = ( x509.CertificateBuilder() @@ -3724,15 +4367,19 @@ def test_unrecognized_extension(self, backend, unrecognized): class TestCertificateSigningRequestBuilder: - def test_sign_invalid_hash_algorithm(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_invalid_hash_algorithm( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([]) ) with pytest.raises(TypeError): builder.sign( - private_key, "NotAHash", backend # type: ignore[arg-type] + private_key, + "NotAHash", # type: ignore[arg-type] + backend, ) @pytest.mark.supported( @@ -3761,57 +4408,17 @@ def test_request_with_unsupported_hash_ed448(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5()), - skip_message="Requires OpenSSL with MD5 support", - ) - def test_sign_rsa_with_md5(self, backend): - private_key = RSA_KEY_2048.private_key(backend) - - builder = x509.CertificateSigningRequestBuilder().subject_name( - x509.Name([x509.NameAttribute(NameOID.ORGANIZATION_NAME, "PyCA")]) - ) - request = builder.sign(private_key, hashes.MD5(), backend) - assert isinstance(request.signature_hash_algorithm, hashes.MD5) - - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5()), - skip_message="Requires OpenSSL with MD5 support", - ) - @pytest.mark.supported( - only_if=lambda backend: backend.dsa_supported(), - skip_message="Does not support DSA.", - ) - def test_sign_dsa_with_md5(self, backend): - private_key = DSA_KEY_2048.private_key(backend) - builder = x509.CertificateSigningRequestBuilder().subject_name( - x509.Name([x509.NameAttribute(NameOID.ORGANIZATION_NAME, "PyCA")]) - ) - with pytest.raises(ValueError): - builder.sign(private_key, hashes.MD5(), backend) - - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5()), - skip_message="Requires OpenSSL with MD5 support", - ) - def test_sign_ec_with_md5(self, backend): - _skip_curve_unsupported(backend, ec.SECP256R1()) - private_key = EC_KEY_SECP256R1.private_key(backend) - builder = x509.CertificateSigningRequestBuilder().subject_name( - x509.Name([x509.NameAttribute(NameOID.ORGANIZATION_NAME, "PyCA")]) - ) - with pytest.raises(ValueError): - builder.sign(private_key, hashes.MD5(), backend) - - def test_no_subject_name(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_no_subject_name(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 builder = x509.CertificateSigningRequestBuilder() with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_build_ca_request_with_rsa(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_ca_request_with_rsa( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 request = ( x509.CertificateSigningRequestBuilder() @@ -3841,8 +4448,10 @@ def test_build_ca_request_with_rsa(self, backend): assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 - def test_build_ca_request_with_unicode(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_ca_request_with_unicode( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 request = ( x509.CertificateSigningRequestBuilder() @@ -3870,8 +4479,10 @@ def test_build_ca_request_with_unicode(self, backend): x509.NameAttribute(NameOID.ORGANIZATION_NAME, "PyCA\U0001f37a"), ] - def test_subject_dn_asn1_types(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_subject_dn_asn1_types( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 request = ( x509.CertificateSigningRequestBuilder() @@ -3928,8 +4539,10 @@ def test_subject_dn_asn1_types(self, backend): == asn1_type ) - def test_build_ca_request_with_multivalue_rdns(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_ca_request_with_multivalue_rdns( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 subject = x509.Name( [ x509.RelativeDistinguishedName( @@ -3957,8 +4570,10 @@ def test_build_ca_request_with_multivalue_rdns(self, backend): assert isinstance(loaded_request.subject, x509.Name) assert loaded_request.subject == subject - def test_build_nonca_request_with_rsa(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_build_nonca_request_with_rsa( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 request = ( x509.CertificateSigningRequestBuilder() @@ -4055,11 +4670,8 @@ def test_build_ca_request_with_ed25519(self, backend): assert list(subject) == [ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Texas"), ] - basic_constraints = typing.cast( - x509.Extension[x509.BasicConstraints], - request.extensions.get_extension_for_oid( - ExtensionOID.BASIC_CONSTRAINTS - ), + basic_constraints = request.extensions.get_extension_for_class( + x509.BasicConstraints ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -4096,11 +4708,8 @@ def test_build_ca_request_with_ed448(self, backend): assert list(subject) == [ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Texas"), ] - basic_constraints = typing.cast( - x509.Extension[x509.BasicConstraints], - request.extensions.get_extension_for_oid( - ExtensionOID.BASIC_CONSTRAINTS - ), + basic_constraints = request.extensions.get_extension_for_class( + x509.BasicConstraints ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -4163,8 +4772,10 @@ def test_add_invalid_extension_type(self): False, ) - def test_add_unsupported_extension(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_add_unsupported_extension( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = x509.CertificateSigningRequestBuilder() builder = ( builder.subject_name( @@ -4179,8 +4790,10 @@ def test_add_unsupported_extension(self, backend): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA256(), backend) - def test_add_two_extensions(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_add_two_extensions( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = x509.CertificateSigningRequestBuilder() request = ( builder.subject_name( @@ -4415,8 +5028,10 @@ def test_set_subject_twice(self): ), ], ) - def test_extensions(self, add_ext, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_extensions( + self, rsa_key_2048: rsa.RSAPrivateKey, add_ext, backend + ): + private_key = rsa_key_2048 csr = ( x509.CertificateSigningRequestBuilder() @@ -4435,8 +5050,10 @@ def test_extensions(self, add_ext, backend): assert not ext.critical assert ext.value == add_ext - def test_invalid_asn1_othername(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_invalid_asn1_othername( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = ( x509.CertificateSigningRequestBuilder() @@ -4459,8 +5076,10 @@ def test_invalid_asn1_othername(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_subject_alt_name_unsupported_general_name(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_subject_alt_name_unsupported_general_name( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 builder = ( x509.CertificateSigningRequestBuilder() @@ -4476,8 +5095,8 @@ def test_subject_alt_name_unsupported_general_name(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_rsa_key_too_small(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_rsa_key_too_small(self, rsa_key_512: rsa.RSAPrivateKey, backend): + private_key = rsa_key_512 builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) @@ -4486,6 +5105,104 @@ def test_rsa_key_too_small(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA512(), backend) + @pytest.mark.parametrize( + ("alg", "mgf_alg"), + [ + (hashes.SHA512(), hashes.SHA256()), + (hashes.SHA3_512(), hashes.SHA3_256()), + ], + ) + def test_sign_pss( + self, rsa_key_2048: rsa.RSAPrivateKey, alg, mgf_alg, backend + ): + if not backend.signature_hash_supported(alg): + pytest.skip(f"{alg} signature not supported") + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + pss = padding.PSS( + mgf=padding.MGF1(mgf_alg), salt_length=alg.digest_size + ) + csr = builder.sign(rsa_key_2048, alg, rsa_padding=pss) + pk = csr.public_key() + assert isinstance(pk, rsa.RSAPublicKey) + assert isinstance(csr.signature_hash_algorithm, type(alg)) + cert_params = csr.signature_algorithm_parameters + assert isinstance(cert_params, padding.PSS) + assert cert_params._salt_length == pss._salt_length + assert isinstance(cert_params._mgf, padding.MGF1) + assert isinstance(cert_params._mgf._algorithm, type(mgf_alg)) + pk.verify( + csr.signature, + csr.tbs_certrequest_bytes, + cert_params, + alg, + ) + + @pytest.mark.parametrize( + ("padding_len", "computed_len"), + [ + (padding.PSS.MAX_LENGTH, 222), + (padding.PSS.DIGEST_LENGTH, 32), + ], + ) + def test_sign_pss_length_options( + self, + rsa_key_2048: rsa.RSAPrivateKey, + padding_len, + computed_len, + backend, + ): + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len + ) + csr = builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss) + assert isinstance(csr.signature_algorithm_parameters, padding.PSS) + assert csr.signature_algorithm_parameters._salt_length == computed_len + + def test_sign_pss_auto_unsupported( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.AUTO + ) + with pytest.raises(TypeError): + builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss) + + def test_sign_invalid_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + with pytest.raises(TypeError): + builder.sign( + rsa_key_2048, + hashes.SHA256(), + rsa_padding=b"notapadding", # type: ignore[arg-type] + ) + eckey = ec.generate_private_key(ec.SECP256R1()) + with pytest.raises(TypeError): + builder.sign( + eckey, hashes.SHA256(), rsa_padding=padding.PKCS1v15() + ) + + def test_sign_pss_hash_none( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) + ) + pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=32) + with pytest.raises(TypeError): + builder.sign(rsa_key_2048, None, rsa_padding=pss) + @pytest.mark.supported( only_if=lambda backend: backend.dsa_supported(), @@ -4502,11 +5219,11 @@ def test_load_dsa_cert(self, backend): cert = _load_cert( os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), x509.load_pem_x509_certificate, - backend, ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA1) public_key = cert.public_key() assert isinstance(public_key, dsa.DSAPublicKey) + assert cert.signature_algorithm_parameters is None num = public_key.public_numbers() assert num.y == int( "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94" @@ -4548,11 +5265,25 @@ def test_load_dsa_cert(self, backend): "822ff5d234e073b901cf5941f58e1f538e71d40d", 16 ) + def test_load_dsa_cert_null_alg_params(self, backend): + """ + This test verifies that we successfully load certificates with encoded + null parameters in the signature AlgorithmIdentifier. This is invalid, + but all versions of Java less than 21 generate certificates with this + encoding so we need to tolerate it at the moment. + """ + with pytest.warns(utils.DeprecatedIn41): + cert = _load_cert( + os.path.join("x509", "custom", "dsa_null_alg_params.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) + assert isinstance(cert.public_key(), dsa.DSAPublicKey) + def test_signature(self, backend): cert = _load_cert( os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.signature == binascii.unhexlify( b"302c021425c4a84a936ab311ee017d3cbd9a3c650bb3ae4a02145d30c64b4326" @@ -4566,7 +5297,6 @@ def test_tbs_certificate_bytes(self, backend): cert = _load_cert( os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.tbs_certificate_bytes == binascii.unhexlify( b"3082051aa003020102020900a37352e0b2142f86300906072a8648ce3804033" @@ -4621,6 +5351,24 @@ def test_tbs_certificate_bytes(self, backend): cert.signature_hash_algorithm, ) + def test_verify_directly_issued_by_dsa(self, backend): + issuer_private_key = DSA_KEY_3072.private_key() + subject_private_key = DSA_KEY_2048.private_key() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert.verify_directly_issued_by(ca) + + def test_verify_directly_issued_by_dsa_bad_sig(self, backend): + issuer_private_key = DSA_KEY_3072.private_key() + subject_private_key = DSA_KEY_2048.private_key() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert_bad_sig = _break_cert_sig(cert) + with pytest.raises(InvalidSignature): + cert_bad_sig.verify_directly_issued_by(ca) + @pytest.mark.supported( only_if=lambda backend: backend.dsa_supported(), @@ -4645,7 +5393,7 @@ class TestDSACertificateRequest: ], ) def test_load_dsa_request(self, path, loader_func, backend): - request = _load_cert(path, loader_func, backend) + request = _load_cert(path, loader_func) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) public_key = request.public_key() assert isinstance(public_key, dsa.DSAPublicKey) @@ -4663,7 +5411,6 @@ def test_signature(self, backend): request = _load_cert( os.path.join("x509", "requests", "dsa_sha1.pem"), x509.load_pem_x509_csr, - backend, ) assert request.signature == binascii.unhexlify( b"302c021461d58dc028d0110818a7d817d74235727c4acfdf0214097b52e198e" @@ -4674,7 +5421,6 @@ def test_tbs_certrequest_bytes(self, backend): request = _load_cert( os.path.join("x509", "requests", "dsa_sha1.pem"), x509.load_pem_x509_csr, - backend, ) assert request.tbs_certrequest_bytes == binascii.unhexlify( b"3082021802010030573118301606035504030c0f63727970746f677261706879" @@ -4725,7 +5471,6 @@ def test_load_ecdsa_cert(self, backend): cert = _load_cert( os.path.join("x509", "ecdsa_root.pem"), x509.load_pem_x509_certificate, - backend, ) assert isinstance(cert.signature_hash_algorithm, hashes.SHA384) public_key = cert.public_key() @@ -4742,12 +5487,35 @@ def test_load_ecdsa_cert(self, backend): 16, ) assert isinstance(num.curve, ec.SECP384R1) + assert isinstance(cert.signature_algorithm_parameters, ec.ECDSA) + assert isinstance( + cert.signature_algorithm_parameters.algorithm, hashes.SHA384 + ) + public_key.verify( + cert.signature, + cert.tbs_certificate_bytes, + cert.signature_algorithm_parameters, + ) + + def test_load_ecdsa_cert_null_alg_params(self, backend): + """ + This test verifies that we successfully load certificates with encoded + null parameters in the signature AlgorithmIdentifier. This is invalid, + but Java 11 (up to at least 11.0.19) generates certificates with this + encoding so we need to tolerate it at the moment. + """ + with pytest.warns(utils.DeprecatedIn41): + cert = _load_cert( + os.path.join("x509", "custom", "ecdsa_null_alg.pem"), + x509.load_pem_x509_certificate, + ) + assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) + assert isinstance(cert.public_key(), ec.EllipticCurvePublicKey) def test_load_bitstring_dn(self, backend): cert = _load_cert( os.path.join("x509", "scottishpower-bitstring-dn.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.subject == x509.Name( [ @@ -4770,18 +5538,32 @@ def test_load_name_attribute_long_form_asn1_tag(self, backend): cert = _load_cert( os.path.join("x509", "custom", "long-form-name-attribute.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.raises(ValueError, match="Long-form"): cert.subject with pytest.raises(ValueError, match="Long-form"): cert.issuer + def test_ms_certificate_template(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "ms-certificate-template.pem"), + x509.load_pem_x509_certificate, + ) + ext = cert.extensions.get_extension_for_class( + x509.MSCertificateTemplate + ) + tpl = ext.value + assert isinstance(tpl, x509.MSCertificateTemplate) + assert tpl == x509.MSCertificateTemplate( + template_id=x509.ObjectIdentifier("1.2.3.4.5.6.7.8.9.0"), + major_version=1, + minor_version=None, + ) + def test_signature(self, backend): cert = _load_cert( os.path.join("x509", "ecdsa_root.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.signature == binascii.unhexlify( b"3065023100adbcf26c3f124ad12d39c30a099773f488368c8827bbe6888d5085" @@ -4806,7 +5588,6 @@ def test_tbs_certificate_bytes(self, backend): cert = _load_cert( os.path.join("x509", "ecdsa_root.pem"), x509.load_pem_x509_certificate, - backend, ) assert cert.tbs_certificate_bytes == binascii.unhexlify( b"308201c5a0030201020210055556bcf25ea43535c3a40fd5ab4572300a06082" @@ -4839,7 +5620,6 @@ def test_load_ecdsa_no_named_curve(self, backend): cert = _load_cert( os.path.join("x509", "custom", "ec_no_named_curve.pem"), x509.load_pem_x509_certificate, - backend, ) # This test can trigger three different value errors depending # on OpenSSL/BoringSSL and versions. Match on the text to ensure @@ -4847,6 +5627,24 @@ def test_load_ecdsa_no_named_curve(self, backend): with pytest.raises(ValueError, match="explicit parameters"): cert.public_key() + def test_verify_directly_issued_by_ec(self): + issuer_private_key = ec.generate_private_key(ec.SECP256R1()) + subject_private_key = ec.generate_private_key(ec.SECP256R1()) + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert.verify_directly_issued_by(ca) + + def test_verify_directly_issued_by_ec_bad_sig(self): + issuer_private_key = ec.generate_private_key(ec.SECP256R1()) + subject_private_key = ec.generate_private_key(ec.SECP256R1()) + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert_bad_sig = _break_cert_sig(cert) + with pytest.raises(InvalidSignature): + cert_bad_sig.verify_directly_issued_by(ca) + class TestECDSACertificateRequest: @pytest.mark.parametrize( @@ -4864,7 +5662,7 @@ class TestECDSACertificateRequest: ) def test_load_ecdsa_certificate_request(self, path, loader_func, backend): _skip_curve_unsupported(backend, ec.SECP384R1()) - request = _load_cert(path, loader_func, backend) + request = _load_cert(path, loader_func) assert isinstance(request.signature_hash_algorithm, hashes.SHA256) public_key = request.public_key() assert isinstance(public_key, ec.EllipticCurvePublicKey) @@ -4883,7 +5681,6 @@ def test_signature(self, backend): request = _load_cert( os.path.join("x509", "requests", "ec_sha256.pem"), x509.load_pem_x509_csr, - backend, ) assert request.signature == binascii.unhexlify( b"306502302c1a9f7de8c1787332d2307a886b476a59f172b9b0e250262f3238b1" @@ -4897,7 +5694,6 @@ def test_tbs_certrequest_bytes(self, backend): request = _load_cert( os.path.join("x509", "requests", "ec_sha256.pem"), x509.load_pem_x509_csr, - backend, ) assert request.tbs_certrequest_bytes == binascii.unhexlify( b"3081d602010030573118301606035504030c0f63727970746f6772617068792" @@ -4925,7 +5721,6 @@ def test_unsupported_subject_public_key_info(self, backend): "x509", "custom", "unsupported_subject_public_key_info.pem" ), x509.load_pem_x509_certificate, - backend, ) with pytest.raises(ValueError): @@ -4936,12 +5731,13 @@ def test_bad_time_in_validity(self, backend): _load_cert( os.path.join("x509", "badasn1time.pem"), x509.load_pem_x509_certificate, - backend, ) class TestNameAttribute: - EXPECTED_TYPES = [ + EXPECTED_TYPES: typing.ClassVar[ + typing.List[typing.Tuple[x509.ObjectIdentifier, _ASN1Type]] + ] = [ (NameOID.COMMON_NAME, _ASN1Type.UTF8String), (NameOID.COUNTRY_NAME, _ASN1Type.PrintableString), (NameOID.LOCALITY_NAME, _ASN1Type.UTF8String), @@ -5009,16 +5805,24 @@ def test_init_bitstring_not_allowed_random_oid(self): def test_init_none_value(self): with pytest.raises(TypeError): x509.NameAttribute( - NameOID.ORGANIZATION_NAME, None # type:ignore[arg-type] + NameOID.ORGANIZATION_NAME, + None, # type:ignore[arg-type] ) - def test_init_bad_country_code_value(self): + def test_init_bad_length(self): with pytest.raises(ValueError): x509.NameAttribute(NameOID.COUNTRY_NAME, "United States") # unicode string of length 2, but > 2 bytes with pytest.raises(ValueError): - x509.NameAttribute(NameOID.COUNTRY_NAME, "\U0001F37A\U0001F37A") + x509.NameAttribute(NameOID.COUNTRY_NAME, "\U0001f37a\U0001f37a") + + with pytest.raises(ValueError): + x509.NameAttribute(NameOID.JURISDICTION_COUNTRY_NAME, "Too Long") + with pytest.raises(ValueError): + x509.NameAttribute(NameOID.COMMON_NAME, "Too Long" * 10) + with pytest.raises(ValueError): + x509.NameAttribute(NameOID.COMMON_NAME, "") def test_invalid_type(self): with pytest.raises(TypeError): @@ -5088,6 +5892,9 @@ def test_distinguished_name_custom_attrs(self): {NameOID.COMMON_NAME: "CommonName", NameOID.EMAIL_ADDRESS: "E"} ) == ("CommonName=Santa Claus,E=santa@north.pole") + def test_empty_name(self): + assert x509.Name([]).rfc4514_string() == "" + def test_empty_value(self): na = x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "") assert na.rfc4514_string() == r"ST=" @@ -5451,25 +6258,43 @@ def test_load_pem_cert(self, backend): cert = _load_cert( os.path.join("x509", "ed25519", "root-ed25519.pem"), x509.load_pem_x509_certificate, - backend, ) # self-signed, so this will work public_key = cert.public_key() assert isinstance(public_key, ed25519.Ed25519PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED25519 public_key.verify(cert.signature, cert.tbs_certificate_bytes) assert isinstance(cert, x509.Certificate) assert cert.serial_number == 9579446940964433301 assert cert.signature_hash_algorithm is None assert cert.signature_algorithm_oid == SignatureAlgorithmOID.ED25519 + assert cert.signature_algorithm_parameters is None def test_deepcopy(self, backend): cert = _load_cert( os.path.join("x509", "ed25519", "root-ed25519.pem"), x509.load_pem_x509_certificate, - backend, ) assert copy.deepcopy(cert) is cert + def test_verify_directly_issued_by_ed25519(self, backend): + issuer_private_key = ed25519.Ed25519PrivateKey.generate() + subject_private_key = ed25519.Ed25519PrivateKey.generate() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert.verify_directly_issued_by(ca) + + def test_verify_directly_issued_by_ed25519_bad_sig(self, backend): + issuer_private_key = ed25519.Ed25519PrivateKey.generate() + subject_private_key = ed25519.Ed25519PrivateKey.generate() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert_bad_sig = _break_cert_sig(cert) + with pytest.raises(InvalidSignature): + cert_bad_sig.verify_directly_issued_by(ca) + @pytest.mark.supported( only_if=lambda backend: backend.ed448_supported(), @@ -5480,16 +6305,35 @@ def test_load_pem_cert(self, backend): cert = _load_cert( os.path.join("x509", "ed448", "root-ed448.pem"), x509.load_pem_x509_certificate, - backend, ) # self-signed, so this will work public_key = cert.public_key() assert isinstance(public_key, ed448.Ed448PublicKey) + assert cert.public_key_algorithm_oid == PublicKeyAlgorithmOID.ED448 public_key.verify(cert.signature, cert.tbs_certificate_bytes) assert isinstance(cert, x509.Certificate) assert cert.serial_number == 448 assert cert.signature_hash_algorithm is None assert cert.signature_algorithm_oid == SignatureAlgorithmOID.ED448 + assert cert.signature_algorithm_parameters is None + + def test_verify_directly_issued_by_ed448(self, backend): + issuer_private_key = ed448.Ed448PrivateKey.generate() + subject_private_key = ed448.Ed448PrivateKey.generate() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert.verify_directly_issued_by(ca) + + def test_verify_directly_issued_by_ed448_bad_sig(self, backend): + issuer_private_key = ed448.Ed448PrivateKey.generate() + subject_private_key = ed448.Ed448PrivateKey.generate() + ca, cert = _generate_ca_and_leaf( + issuer_private_key, subject_private_key + ) + cert_bad_sig = _break_cert_sig(cert) + with pytest.raises(InvalidSignature): + cert_bad_sig.verify_directly_issued_by(ca) @pytest.mark.supported( @@ -5509,9 +6353,9 @@ def load_key(self, backend): param = params.parameters(backend) return param.generate_private_key() - def test_crt_signing_check(self, backend): + def test_crt_signing_check(self, rsa_key_2048: rsa.RSAPrivateKey, backend): issuer_private_key = self.load_key(backend) - public_key = RSA_KEY_2048.private_key(backend).public_key() + public_key = rsa_key_2048.public_key() not_valid_before = datetime.datetime(2020, 1, 1, 1, 1) not_valid_after = datetime.datetime(2050, 12, 31, 8, 30) builder = ( @@ -5542,7 +6386,9 @@ def test_csr_signing_check(self, backend): def test_crl_signing_check(self, backend): private_key = self.load_key(backend) - last_time = datetime.datetime.utcnow().replace(microsecond=0) + last_time = ( + datetime.datetime.now().replace(tzinfo=None).replace(microsecond=0) + ) next_time = last_time builder = ( x509.CertificateRevocationListBuilder() @@ -5715,7 +6561,6 @@ def test_get_attribute_for_oid_challenge(self, backend): request = _load_cert( os.path.join("x509", "requests", "challenge.pem"), x509.load_pem_x509_csr, - backend, ) with pytest.warns(utils.DeprecatedIn36): assert ( @@ -5736,7 +6581,6 @@ def test_get_attribute_for_oid_multiple(self, backend): request = _load_cert( os.path.join("x509", "requests", "challenge-unstructured.pem"), x509.load_pem_x509_csr, - backend, ) with pytest.warns(utils.DeprecatedIn36): assert ( @@ -5772,7 +6616,6 @@ def test_unsupported_asn1_type_in_attribute(self, backend): request = _load_cert( os.path.join("x509", "requests", "challenge-invalid.der"), x509.load_der_x509_csr, - backend, ) # Unsupported in the legacy path @@ -5793,7 +6636,6 @@ def test_long_form_asn1_tag_in_attribute(self, backend): request = _load_cert( os.path.join("x509", "requests", "long-form-attribute.pem"), x509.load_pem_x509_csr, - backend, ) with pytest.raises(ValueError, match="Long-form"): request.attributes @@ -5805,7 +6647,6 @@ def test_challenge_multivalued(self, backend): request = _load_cert( os.path.join("x509", "requests", "challenge-multi-valued.der"), x509.load_der_x509_csr, - backend, ) with pytest.raises(ValueError, match="Only single-valued"): with pytest.warns(utils.DeprecatedIn36): @@ -5820,7 +6661,6 @@ def test_no_challenge_password(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_sha256.pem"), x509.load_pem_x509_csr, - backend, ) with pytest.raises(x509.AttributeNotFound) as exc: with pytest.warns(utils.DeprecatedIn36): @@ -5839,6 +6679,30 @@ def test_no_attributes(self, backend): request = _load_cert( os.path.join("x509", "requests", "rsa_sha256.pem"), x509.load_pem_x509_csr, - backend, ) assert len(request.attributes) == 0 + + +def test_load_pem_x509_certificates(): + with pytest.raises(ValueError): + x509.load_pem_x509_certificates(b"") + + certs = load_vectors_from_file( + filename=os.path.join("x509", "cryptography.io.chain.pem"), + loader=lambda pemfile: x509.load_pem_x509_certificates(pemfile.read()), + mode="rb", + ) + assert len(certs) == 2 + assert certs[0].serial_number == 16160 + assert certs[1].serial_number == 146039 + + certs = load_vectors_from_file( + filename=os.path.join( + "x509", "cryptography.io.chain_with_garbage.pem" + ), + loader=lambda pemfile: x509.load_pem_x509_certificates(pemfile.read()), + mode="rb", + ) + assert len(certs) == 2 + assert certs[0].serial_number == 16160 + assert certs[1].serial_number == 146039 diff --git a/tests/x509/test_x509_crlbuilder.py b/tests/x509/test_x509_crlbuilder.py index e3e3428..afa8380 100644 --- a/tests/x509/test_x509_crlbuilder.py +++ b/tests/x509/test_x509_crlbuilder.py @@ -7,22 +7,31 @@ import pytest -import pytz - -from cryptography import x509 +from cryptography import utils, x509 +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import ec, ed25519, ed448 +from cryptography.hazmat.primitives.asymmetric import ( + ec, + ed448, + ed25519, + padding, + rsa, +) from cryptography.x509.oid import ( AuthorityInformationAccessOID, NameOID, SignatureAlgorithmOID, ) -from .test_x509 import DummyExtension from ..hazmat.primitives.fixtures_dsa import DSA_KEY_2048 from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 -from ..hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 from ..hazmat.primitives.test_ec import _skip_curve_unsupported +from ..hazmat.primitives.test_rsa import rsa_key_512, rsa_key_2048 +from .test_x509 import DummyExtension + +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_512", "rsa_key_2048"] class TestCertificateRevocationListBuilder: @@ -40,13 +49,12 @@ def test_set_issuer_name_twice(self): x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) ) - def test_aware_last_update(self, backend): - last_time = datetime.datetime(2012, 1, 16, 22, 43) - tz = pytz.timezone("US/Pacific") - last_time = tz.localize(last_time) + def test_aware_last_update(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + tz = datetime.timezone(datetime.timedelta(hours=-8)) + last_time = datetime.datetime(2012, 1, 16, 22, 43, tzinfo=tz) utc_last = datetime.datetime(2012, 1, 17, 6, 43) next_time = datetime.datetime(2022, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 builder = ( x509.CertificateRevocationListBuilder() .issuer_name( @@ -63,7 +71,11 @@ def test_aware_last_update(self, backend): ) crl = builder.sign(private_key, hashes.SHA256(), backend) - assert crl.last_update == utc_last + with pytest.warns(utils.DeprecatedIn42): + assert crl.last_update == utc_last + assert crl.last_update_utc == utc_last.replace( + tzinfo=datetime.timezone.utc + ) def test_last_update_invalid(self): builder = x509.CertificateRevocationListBuilder() @@ -82,13 +94,12 @@ def test_set_last_update_twice(self): with pytest.raises(ValueError): builder.last_update(datetime.datetime(2002, 1, 1, 12, 1)) - def test_aware_next_update(self, backend): - next_time = datetime.datetime(2022, 1, 16, 22, 43) - tz = pytz.timezone("US/Pacific") - next_time = tz.localize(next_time) + def test_aware_next_update(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + tz = datetime.timezone(datetime.timedelta(hours=-8)) + next_time = datetime.datetime(2022, 1, 16, 22, 43, tzinfo=tz) utc_next = datetime.datetime(2022, 1, 17, 6, 43) last_time = datetime.datetime(2012, 1, 17, 6, 43) - private_key = RSA_KEY_2048.private_key(backend) + private_key = rsa_key_2048 builder = ( x509.CertificateRevocationListBuilder() .issuer_name( @@ -105,7 +116,11 @@ def test_aware_next_update(self, backend): ) crl = builder.sign(private_key, hashes.SHA256(), backend) - assert crl.next_update == utc_next + with pytest.warns(utils.DeprecatedIn42): + assert crl.next_update == utc_next + assert crl.next_update_utc == utc_next.replace( + tzinfo=datetime.timezone.utc + ) def test_next_update_invalid(self): builder = x509.CertificateRevocationListBuilder() @@ -158,8 +173,8 @@ def test_add_invalid_revoked_certificate(self): with pytest.raises(TypeError): builder.add_revoked_certificate(object()) # type:ignore[arg-type] - def test_no_issuer_name(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_no_issuer_name(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 builder = ( x509.CertificateRevocationListBuilder() .last_update(datetime.datetime(2002, 1, 1, 12, 1)) @@ -169,8 +184,8 @@ def test_no_issuer_name(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_no_last_update(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_no_last_update(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 builder = ( x509.CertificateRevocationListBuilder() .issuer_name( @@ -182,8 +197,8 @@ def test_no_last_update(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_no_next_update(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_no_next_update(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 builder = ( x509.CertificateRevocationListBuilder() .issuer_name( @@ -195,8 +210,40 @@ def test_no_next_update(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) - def test_sign_empty_list(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_invalid_padding( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + last_update = datetime.datetime(2002, 1, 1, 12, 1) + next_update = datetime.datetime(2030, 1, 1, 12, 1) + builder = ( + x509.CertificateRevocationListBuilder() + .issuer_name( + x509.Name( + [ + x509.NameAttribute( + NameOID.COMMON_NAME, "cryptography.io CA" + ) + ] + ) + ) + .last_update(last_update) + .next_update(next_update) + ) + + with pytest.raises(TypeError): + builder.sign( + rsa_key_2048, + hashes.SHA256(), + rsa_padding=b"notapadding", # type: ignore[arg-type] + ) + eckey = ec.generate_private_key(ec.SECP256R1()) + with pytest.raises(TypeError): + builder.sign( + eckey, hashes.SHA256(), rsa_padding=padding.PKCS1v15() + ) + + def test_sign_empty_list(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -216,8 +263,49 @@ def test_sign_empty_list(self, backend): crl = builder.sign(private_key, hashes.SHA256(), backend) assert len(crl) == 0 - assert crl.last_update == last_update - assert crl.next_update == next_update + with pytest.warns(utils.DeprecatedIn42): + assert crl.last_update == last_update + assert crl.next_update == next_update + assert crl.last_update_utc == last_update.replace( + tzinfo=datetime.timezone.utc + ) + assert crl.next_update_utc == next_update.replace( + tzinfo=datetime.timezone.utc + ) + + def test_sign_pss(self, rsa_key_2048: rsa.RSAPrivateKey, backend): + private_key = rsa_key_2048 + last_update = datetime.datetime(2002, 1, 1, 12, 1) + next_update = datetime.datetime(2030, 1, 1, 12, 1) + builder = ( + x509.CertificateRevocationListBuilder() + .issuer_name( + x509.Name( + [ + x509.NameAttribute( + NameOID.COMMON_NAME, "cryptography.io CA" + ) + ] + ) + ) + .last_update(last_update) + .next_update(next_update) + ) + + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), + salt_length=padding.PSS.DIGEST_LENGTH, + ) + crl = builder.sign(private_key, hashes.SHA256(), rsa_padding=pss) + assert len(crl) == 0 + assert isinstance(crl.signature_algorithm_parameters, padding.PSS) + assert crl.signature_algorithm_parameters._salt_length == 32 + private_key.public_key().verify( + crl.signature, + crl.tbs_certlist_bytes, + crl.signature_algorithm_parameters, + hashes.SHA256(), + ) @pytest.mark.parametrize( "extension", @@ -243,8 +331,10 @@ def test_sign_empty_list(self, backend): ), ], ) - def test_sign_extensions(self, backend, extension): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_extensions( + self, rsa_key_2048: rsa.RSAPrivateKey, backend, extension + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -270,8 +360,10 @@ def test_sign_extensions(self, backend, extension): assert ext.critical is False assert ext.value == extension - def test_sign_multiple_extensions_critical(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_multiple_extensions_critical( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) ian = x509.IssuerAlternativeName( @@ -307,8 +399,10 @@ def test_sign_multiple_extensions_critical(self, backend): assert ext2.critical is True assert ext2.value == ian - def test_freshestcrl_extension(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_freshestcrl_extension( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) freshest = x509.FreshestCRL( @@ -349,8 +443,10 @@ def test_freshestcrl_extension(self, backend): assert isinstance(uri, x509.UniformResourceIdentifier) assert uri.value == "http://d.om/delta" - def test_add_unsupported_extension(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_add_unsupported_extension( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -371,8 +467,10 @@ def test_add_unsupported_extension(self, backend): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA256(), backend) - def test_add_unsupported_entry_extension(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_add_unsupported_entry_extension( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -391,7 +489,11 @@ def test_add_unsupported_entry_extension(self, backend): .add_revoked_certificate( x509.RevokedCertificateBuilder() .serial_number(1234) - .revocation_date(datetime.datetime.utcnow()) + .revocation_date( + datetime.datetime.now(datetime.timezone.utc).replace( + tzinfo=None + ) + ) .add_extension(DummyExtension(), critical=False) .build() ) @@ -399,8 +501,10 @@ def test_add_unsupported_entry_extension(self, backend): with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA256(), backend) - def test_sign_rsa_key_too_small(self, backend): - private_key = RSA_KEY_512.private_key(backend) + def test_sign_rsa_key_too_small( + self, rsa_key_512: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_512 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -421,8 +525,10 @@ def test_sign_rsa_key_too_small(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA512(), backend) - def test_sign_with_invalid_hash(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_with_invalid_hash( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) builder = ( @@ -442,7 +548,9 @@ def test_sign_with_invalid_hash(self, backend): with pytest.raises(TypeError): builder.sign( - private_key, object(), backend # type: ignore[arg-type] + private_key, + object(), # type: ignore[arg-type] + backend, ) @pytest.mark.supported( @@ -509,6 +617,10 @@ def test_sign_with_invalid_hash_ed448(self, backend): with pytest.raises(ValueError): builder.sign(private_key, hashes.SHA256(), backend) + @pytest.mark.supported( + only_if=lambda backend: backend.dsa_supported(), + skip_message="Requires OpenSSL with DSA support", + ) def test_sign_dsa_key(self, backend): private_key = DSA_KEY_2048.private_key(backend) invalidity_date = x509.InvalidityDate( @@ -551,7 +663,9 @@ def test_sign_dsa_key(self, backend): == ian ) assert crl[0].serial_number == revoked_cert0.serial_number - assert crl[0].revocation_date == revoked_cert0.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[0].revocation_date == revoked_cert0.revocation_date + assert crl[0].revocation_date_utc == revoked_cert0.revocation_date_utc assert len(crl[0].extensions) == 1 ext = crl[0].extensions.get_extension_for_class(x509.InvalidityDate) assert ext.critical is False @@ -600,7 +714,9 @@ def test_sign_ec_key(self, backend): == ian ) assert crl[0].serial_number == revoked_cert0.serial_number - assert crl[0].revocation_date == revoked_cert0.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[0].revocation_date == revoked_cert0.revocation_date + assert crl[0].revocation_date_utc == revoked_cert0.revocation_date_utc assert len(crl[0].extensions) == 1 ext = crl[0].extensions.get_extension_for_class(x509.InvalidityDate) assert ext.critical is False @@ -654,7 +770,9 @@ def test_sign_ed25519_key(self, backend): == ian ) assert crl[0].serial_number == revoked_cert0.serial_number - assert crl[0].revocation_date == revoked_cert0.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[0].revocation_date == revoked_cert0.revocation_date + assert crl[0].revocation_date_utc == revoked_cert0.revocation_date_utc assert len(crl[0].extensions) == 1 ext = crl[0].extensions.get_extension_for_class(x509.InvalidityDate) assert ext.critical is False @@ -708,7 +826,9 @@ def test_sign_ed448_key(self, backend): == ian ) assert crl[0].serial_number == revoked_cert0.serial_number - assert crl[0].revocation_date == revoked_cert0.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[0].revocation_date == revoked_cert0.revocation_date + assert crl[0].revocation_date_utc == revoked_cert0.revocation_date_utc assert len(crl[0].extensions) == 1 ext = crl[0].extensions.get_extension_for_class(x509.InvalidityDate) assert ext.critical is False @@ -733,8 +853,12 @@ def test_dsa_key_sign_md5(self, backend): .next_update(next_time) ) - with pytest.raises(ValueError): - builder.sign(private_key, hashes.MD5(), backend) + with pytest.raises(UnsupportedAlgorithm): + builder.sign( + private_key, + hashes.MD5(), # type: ignore[arg-type] + backend, + ) def test_ec_key_sign_md5(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) @@ -756,11 +880,17 @@ def test_ec_key_sign_md5(self, backend): .next_update(next_time) ) - with pytest.raises(ValueError): - builder.sign(private_key, hashes.MD5(), backend) + with pytest.raises(UnsupportedAlgorithm): + builder.sign( + private_key, + hashes.MD5(), # type: ignore[arg-type] + backend, + ) - def test_sign_with_revoked_certificates(self, backend): - private_key = RSA_KEY_2048.private_key(backend) + def test_sign_with_revoked_certificates( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + private_key = rsa_key_2048 last_update = datetime.datetime(2002, 1, 1, 12, 1) next_update = datetime.datetime(2030, 1, 1, 12, 1) invalidity_date = x509.InvalidityDate( @@ -810,13 +940,24 @@ def test_sign_with_revoked_certificates(self, backend): crl = builder.sign(private_key, hashes.SHA256(), backend) assert len(crl) == 3 - assert crl.last_update == last_update - assert crl.next_update == next_update + with pytest.warns(utils.DeprecatedIn42): + assert crl.last_update == last_update + assert crl.next_update == next_update + assert crl.last_update_utc == last_update.replace( + tzinfo=datetime.timezone.utc + ) + assert crl.next_update_utc == next_update.replace( + tzinfo=datetime.timezone.utc + ) assert crl[0].serial_number == revoked_cert0.serial_number - assert crl[0].revocation_date == revoked_cert0.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[0].revocation_date == revoked_cert0.revocation_date + assert crl[0].revocation_date_utc == revoked_cert0.revocation_date_utc assert len(crl[0].extensions) == 0 assert crl[1].serial_number == revoked_cert1.serial_number - assert crl[1].revocation_date == revoked_cert1.revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert crl[1].revocation_date == revoked_cert1.revocation_date + assert crl[1].revocation_date_utc == revoked_cert1.revocation_date_utc assert len(crl[1].extensions) == 2 ext = crl[1].extensions.get_extension_for_class(x509.InvalidityDate) assert ext.critical is False diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index fd09b09..d11225f 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -10,7 +10,6 @@ import typing import pretend - import pytest from cryptography import x509 @@ -37,10 +36,14 @@ SubjectInformationAccessOID, ) -from .test_x509 import _load_cert -from ..hazmat.primitives.fixtures_rsa import RSA_KEY_2048 from ..hazmat.primitives.test_ec import _skip_curve_unsupported +from ..hazmat.primitives.test_rsa import rsa_key_2048 from ..utils import load_vectors_from_file +from .test_x509 import _load_cert + +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_2048"] def _make_certbuilder(private_key): @@ -218,7 +221,8 @@ class TestUnrecognizedExtension: def test_invalid_oid(self): with pytest.raises(TypeError): x509.UnrecognizedExtension( - "notanoid", b"somedata" # type:ignore[arg-type] + "notanoid", # type:ignore[arg-type] + b"somedata", ) def test_eq(self): @@ -440,12 +444,33 @@ def test_public_bytes(self): ext = x509.InvalidityDate(datetime.datetime(2015, 1, 1, 1, 1)) assert ext.public_bytes() == b"\x18\x0f20150101010100Z" + def test_timezone_aware_api(self): + naive_date = datetime.datetime(2015, 1, 1, 1, 1) + ext_naive = x509.InvalidityDate(invalidity_date=naive_date) + assert ext_naive.invalidity_date_utc == datetime.datetime( + 2015, 1, 1, 1, 1, tzinfo=datetime.timezone.utc + ) + + tz_aware_date = datetime.datetime( + 2015, + 1, + 1, + 1, + 1, + tzinfo=datetime.timezone(datetime.timedelta(hours=-8)), + ) + ext_aware = x509.InvalidityDate(invalidity_date=tz_aware_date) + assert ext_aware.invalidity_date_utc == datetime.datetime( + 2015, 1, 1, 9, 1, tzinfo=datetime.timezone.utc + ) + class TestNoticeReference: def test_notice_numbers_not_all_int(self): with pytest.raises(TypeError): x509.NoticeReference( - "org", [1, 2, "three"] # type:ignore[list-item] + "org", + [1, 2, "three"], # type:ignore[list-item] ) def test_notice_numbers_none(self): @@ -677,7 +702,6 @@ def test_long_oid(self, backend): cert = _load_cert( os.path.join("x509", "bigoid.pem"), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions.get_extension_for_class(x509.CertificatePolicies) @@ -708,7 +732,6 @@ def test_cps_uri_policy_qualifier(self, backend): cert = _load_cert( os.path.join("x509", "custom", "cp_cps_uri.pem"), x509.load_pem_x509_certificate, - backend, ) cp = cert.extensions.get_extension_for_oid( @@ -730,7 +753,6 @@ def test_user_notice_with_notice_reference(self, backend): "x509", "custom", "cp_user_notice_with_notice_reference.pem" ), x509.load_pem_x509_certificate, - backend, ) cp = cert.extensions.get_extension_for_oid( @@ -759,7 +781,6 @@ def test_user_notice_with_explicit_text(self, backend): "x509", "custom", "cp_user_notice_with_explicit_text.pem" ), x509.load_pem_x509_certificate, - backend, ) cp = cert.extensions.get_extension_for_oid( @@ -781,7 +802,6 @@ def test_user_notice_no_explicit_text(self, backend): "x509", "custom", "cp_user_notice_no_explicit_text.pem" ), x509.load_pem_x509_certificate, - backend, ) cp = cert.extensions.get_extension_for_oid( @@ -801,9 +821,11 @@ def test_user_notice_no_explicit_text(self, backend): ] ) - def test_non_ascii_qualifier(self, backend): - issuer_private_key = RSA_KEY_2048.private_key(backend) - subject_private_key = RSA_KEY_2048.private_key(backend) + def test_non_ascii_qualifier( + self, rsa_key_2048: rsa.RSAPrivateKey, backend + ): + issuer_private_key = rsa_key_2048 + subject_private_key = rsa_key_2048 not_valid_before = datetime.datetime(2002, 1, 1, 12, 1) not_valid_after = datetime.datetime(2030, 12, 31, 8, 30) @@ -1223,7 +1245,9 @@ class TestAuthorityKeyIdentifier: def test_authority_cert_issuer_not_generalname(self): with pytest.raises(TypeError): x509.AuthorityKeyIdentifier( - b"identifier", ["notname"], 3 # type:ignore[list-item] + b"identifier", + ["notname"], # type:ignore[list-item] + 3, ) def test_authority_cert_serial_number_not_integer(self): @@ -1241,7 +1265,9 @@ def test_authority_cert_serial_number_not_integer(self): ) with pytest.raises(TypeError): x509.AuthorityKeyIdentifier( - b"identifier", [dirname], "notanint" # type:ignore[arg-type] + b"identifier", + [dirname], + "notanint", # type:ignore[arg-type] ) def test_authority_issuer_none_serial_not_none(self): @@ -1354,7 +1380,8 @@ class TestBasicConstraints: def test_ca_not_boolean(self): with pytest.raises(TypeError): x509.BasicConstraints( - ca="notbool", path_length=None # type:ignore[arg-type] + ca="notbool", # type:ignore[arg-type] + path_length=None, ) def test_path_length_not_ca(self): @@ -1364,12 +1391,14 @@ def test_path_length_not_ca(self): def test_path_length_not_int(self): with pytest.raises(TypeError): x509.BasicConstraints( - ca=True, path_length=1.1 # type:ignore[arg-type] + ca=True, + path_length=1.1, # type:ignore[arg-type] ) with pytest.raises(TypeError): x509.BasicConstraints( - ca=True, path_length="notint" # type:ignore[arg-type] + ca=True, + path_length="notint", # type:ignore[arg-type] ) def test_path_length_negative(self): @@ -1482,7 +1511,6 @@ def test_no_extensions(self, backend): cert = _load_cert( os.path.join("x509", "verisign_md2_root.pem"), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions assert len(ext) == 0 @@ -1498,7 +1526,6 @@ def test_one_extension(self, backend): "x509", "custom", "basic_constraints_not_critical.pem" ), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions.get_extension_for_class(x509.BasicConstraints) assert ext is not None @@ -1508,7 +1535,6 @@ def test_duplicate_extension(self, backend): cert = _load_cert( os.path.join("x509", "custom", "two_basic_constraints.pem"), x509.load_pem_x509_certificate, - backend, ) with pytest.raises(x509.DuplicateExtension) as exc: cert.extensions @@ -1521,7 +1547,6 @@ def test_unsupported_critical_extension(self, backend): "x509", "custom", "unsupported_extension_critical.pem" ), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions.get_extension_for_oid( x509.ObjectIdentifier("1.2.3.4") @@ -1533,7 +1558,6 @@ def test_unsupported_extension(self, backend): cert = _load_cert( os.path.join("x509", "custom", "unsupported_extension_2.pem"), x509.load_pem_x509_certificate, - backend, ) extensions = cert.extensions assert len(extensions) == 2 @@ -1557,7 +1581,6 @@ def test_no_extensions_get_for_class(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) exts = cert.extensions with pytest.raises(x509.ExtensionNotFound) as exc: @@ -1573,7 +1596,6 @@ def test_indexing(self, backend): cert = _load_cert( os.path.join("x509", "cryptography.io.pem"), x509.load_pem_x509_certificate, - backend, ) exts = cert.extensions assert exts[-1] == exts[7] @@ -1585,7 +1607,6 @@ def test_one_extension_get_for_class(self, backend): "x509", "custom", "basic_constraints_not_critical.pem" ), x509.load_pem_x509_certificate, - backend, ) ext = cert.extensions.get_extension_for_class(x509.BasicConstraints) assert ext is not None @@ -1596,7 +1617,6 @@ def test_repr(self, backend): "x509", "custom", "basic_constraints_not_critical.pem" ), x509.load_pem_x509_certificate, - backend, ) assert repr(cert.extensions) == ( "" + ) + + def test_hash(self): + acceptable_responses1 = x509.OCSPAcceptableResponses( + [ObjectIdentifier("1.2.3")] + ) + acceptable_responses2 = x509.OCSPAcceptableResponses( + [ObjectIdentifier("1.2.3")] + ) + acceptable_responses3 = x509.OCSPAcceptableResponses( + [ObjectIdentifier("1.2.4")] + ) + + assert hash(acceptable_responses1) == hash(acceptable_responses2) + assert hash(acceptable_responses1) != hash(acceptable_responses3) + + def test_iter(self): + acceptable_responses1 = x509.OCSPAcceptableResponses( + [ObjectIdentifier("1.2.3")] + ) + + assert list(acceptable_responses1) == [ObjectIdentifier("1.2.3")] + + def test_public_bytes(self): + ext = x509.OCSPAcceptableResponses([]) + assert ext.public_bytes() == b"\x30\x00" + + ext = x509.OCSPAcceptableResponses( + [ObjectIdentifier("1.3.6.1.5.5.7.48.1.1")] + ) + assert ( + ext.public_bytes() + == b"\x30\x0b\x06\t+\x06\x01\x05\x05\x07\x30\x01\x01" + ) + + +class TestMSCertificateTemplate: + def test_invalid_type(self): + with pytest.raises(TypeError): + x509.MSCertificateTemplate( + "notanoid", # type:ignore[arg-type] + None, + None, + ) + oid = x509.ObjectIdentifier("1.2.3.4") + with pytest.raises(TypeError): + x509.MSCertificateTemplate( + oid, + "notanint", # type:ignore[arg-type] + None, + ) + with pytest.raises(TypeError): + x509.MSCertificateTemplate( + oid, + None, + "notanint", # type:ignore[arg-type] + ) + + def test_eq(self): + template1 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + template2 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + assert template1 == template2 + + def test_ne(self): + template1 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + template2 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), 1, None + ) + template3 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, 1 + ) + template4 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3"), None, None + ) + assert template1 != template2 + assert template1 != template3 + assert template1 != template4 + assert template1 != object() + + def test_repr(self): + template = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + assert repr(template) == ( + ", major_version=None, minor_version=None)>" + ) + + def test_hash(self): + template1 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + template2 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + template3 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, 1 + ) + template4 = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3"), None, None + ) + + assert hash(template1) == hash(template2) + assert hash(template1) != hash(template3) + assert hash(template1) != hash(template4) + + def test_public_bytes(self): + ext = x509.MSCertificateTemplate( + ObjectIdentifier("1.2.3.4"), None, None + ) + assert ext.public_bytes() == b"0\x05\x06\x03*\x03\x04" + + ext = x509.MSCertificateTemplate(ObjectIdentifier("1.2.3.4"), 1, 0) + assert ( + ext.public_bytes() + == b"0\x0b\x06\x03*\x03\x04\x02\x01\x01\x02\x01\x00" + ) + + def test_all_extension_oid_members_have_names_defined(): for oid in dir(ExtensionOID): if oid.startswith("__"): diff --git a/tests/x509/test_x509_revokedcertbuilder.py b/tests/x509/test_x509_revokedcertbuilder.py index b2facfa..c3c063b 100644 --- a/tests/x509/test_x509_revokedcertbuilder.py +++ b/tests/x509/test_x509_revokedcertbuilder.py @@ -7,9 +7,7 @@ import pytest -import pytz - -from cryptography import x509 +from cryptography import utils, x509 class TestRevokedCertificateBuilder: @@ -59,9 +57,8 @@ def test_set_serial_number_twice(self): builder.serial_number(4) def test_aware_revocation_date(self, backend): - time = datetime.datetime(2012, 1, 16, 22, 43) - tz = pytz.timezone("US/Pacific") - time = tz.localize(time) + tz = datetime.timezone(datetime.timedelta(hours=-8)) + time = datetime.datetime(2012, 1, 16, 22, 43, tzinfo=tz) utc_time = datetime.datetime(2012, 1, 17, 6, 43) serial_number = 333 builder = ( @@ -71,7 +68,11 @@ def test_aware_revocation_date(self, backend): ) revoked_certificate = builder.build(backend) - assert revoked_certificate.revocation_date == utc_time + with pytest.warns(utils.DeprecatedIn42): + assert revoked_certificate.revocation_date == utc_time + assert revoked_certificate.revocation_date_utc == utc_time.replace( + tzinfo=datetime.timezone.utc + ) def test_revocation_date_invalid(self): with pytest.raises(TypeError): @@ -105,7 +106,8 @@ def test_add_extension_checks_for_duplicates(self): def test_add_invalid_extension(self): with pytest.raises(TypeError): x509.RevokedCertificateBuilder().add_extension( - "notanextension", False # type: ignore[arg-type] + "notanextension", # type: ignore[arg-type] + False, ) def test_no_serial_number(self, backend): @@ -133,7 +135,12 @@ def test_create_revoked(self, backend): revoked_certificate = builder.build(backend) assert revoked_certificate.serial_number == serial_number - assert revoked_certificate.revocation_date == revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert revoked_certificate.revocation_date == revocation_date + assert ( + revoked_certificate.revocation_date_utc + == revocation_date.replace(tzinfo=datetime.timezone.utc) + ) assert len(revoked_certificate.extensions) == 0 @pytest.mark.parametrize( @@ -156,7 +163,12 @@ def test_add_extensions(self, backend, extension): revoked_certificate = builder.build(backend) assert revoked_certificate.serial_number == serial_number - assert revoked_certificate.revocation_date == revocation_date + with pytest.warns(utils.DeprecatedIn42): + assert revoked_certificate.revocation_date == revocation_date + assert ( + revoked_certificate.revocation_date_utc + == revocation_date.replace(tzinfo=datetime.timezone.utc) + ) assert len(revoked_certificate.extensions) == 1 ext = revoked_certificate.extensions.get_extension_for_class( type(extension) diff --git a/tests/x509/verification/__init__.py b/tests/x509/verification/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/x509/verification/test_limbo.py b/tests/x509/verification/test_limbo.py new file mode 100644 index 0000000..50881eb --- /dev/null +++ b/tests/x509/verification/test_limbo.py @@ -0,0 +1,184 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import datetime +import ipaddress +import json +import os + +import pytest + +from cryptography import x509 +from cryptography.x509 import load_pem_x509_certificate +from cryptography.x509.verification import ( + ClientVerifier, + PolicyBuilder, + ServerVerifier, + Store, + VerificationError, +) + +LIMBO_UNSUPPORTED_FEATURES = { + # NOTE: Path validation is required to reject wildcards on public suffixes, + # however this isn't practical and most implementations make no attempt to + # comply with this. + "pedantic-public-suffix-wildcard", + # TODO: We don't support Distinguished Name Constraints yet. + "name-constraint-dn", + # Our support for custom EKUs is limited, and we (like most impls.) don't + # handle all EKU conditions under CABF. + "pedantic-webpki-eku", + # Most CABF validators do not enforce the CABF key requirements on + # subscriber keys (i.e., in the leaf certificate). + "pedantic-webpki-subscriber-key", + # Tests that fail based on a strict reading of RFC 5280 + # but are widely ignored by validators. + "pedantic-rfc5280", + # In rare circumstances, CABF relaxes RFC 5280's prescriptions in + # incompatible ways. Our validator always tries (by default) to comply + # closer to CABF, so we skip these. + "rfc5280-incompatible-with-webpki", + # We do not support policy constraints. + "has-policy-constraints", +} + +LIMBO_SKIP_TESTCASES = { + # We unconditionally count intermediate certificates for pathlen and max + # depth constraint purposes, even when self-issued. + # This is a violation of RFC 5280, but is consistent with Go's crypto/x509 + # and Rust's webpki crate do. + "pathlen::self-issued-certs-pathlen", + "pathlen::max-chain-depth-1-self-issued", + # We allow certificates with serial numbers of zero. This is + # invalid under RFC 5280 but is widely violated by certs in common + # trust stores. + "rfc5280::serial::zero", + # We allow CAs that don't have AKIs, which is forbidden under + # RFC 5280. This is consistent with what Go's crypto/x509 and Rust's + # webpki crate do. + "rfc5280::ski::root-missing-ski", + "rfc5280::ski::intermediate-missing-ski", + # We currently allow intermediate CAs that don't have AKIs, which + # is technically forbidden under CABF. This is consistent with what + # Go's crypto/x509 and Rust's webpki crate do. + "rfc5280::aki::intermediate-missing-aki", + # We allow root CAs where the AKI and SKI mismatch, which is technically + # forbidden under CABF. This is consistent with what + # Go's crypto/x509 and Rust's webpki crate do. + "webpki::aki::root-with-aki-ski-mismatch", + # We allow RSA keys that aren't divisible by 8, which is technically + # forbidden under CABF. No other implementation checks this either. + "webpki::forbidden-rsa-not-divisable-by-8-in-root", + # We disallow CAs in the leaf position, which is explicitly forbidden + # by CABF (but implicitly permitted under RFC 5280). This is consistent + # with what webpki and rustls do, but inconsistent with Go and OpenSSL. + "rfc5280::ca-as-leaf", + "pathlen::validation-ignores-pathlen-in-leaf", +} + + +def _get_limbo_peer(expected_peer): + kind = expected_peer["kind"] + assert kind in ("DNS", "IP", "RFC822") + value = expected_peer["value"] + if kind == "DNS": + return x509.DNSName(value) + elif kind == "IP": + return x509.IPAddress(ipaddress.ip_address(value)) + else: + return x509.RFC822Name(value) + + +def _limbo_testcase(id_, testcase): + if id_ in LIMBO_SKIP_TESTCASES: + pytest.skip(f"explicitly skipped testcase: {id_}") + + features = testcase["features"] + unsupported = LIMBO_UNSUPPORTED_FEATURES.intersection(features) + if unsupported: + pytest.skip(f"explicitly skipped features: {unsupported}") + + assert testcase["signature_algorithms"] == [] + + trusted_certs = [ + load_pem_x509_certificate(cert.encode()) + for cert in testcase["trusted_certs"] + ] + untrusted_intermediates = [ + load_pem_x509_certificate(cert.encode()) + for cert in testcase["untrusted_intermediates"] + ] + peer_certificate = load_pem_x509_certificate( + testcase["peer_certificate"].encode() + ) + validation_time = testcase["validation_time"] + validation_time = ( + datetime.datetime.fromisoformat(validation_time) + if validation_time is not None + else None + ) + max_chain_depth = testcase["max_chain_depth"] + should_pass = testcase["expected_result"] == "SUCCESS" + + builder = PolicyBuilder().store(Store(trusted_certs)) + if validation_time is not None: + builder = builder.time(validation_time) + if max_chain_depth is not None: + builder = builder.max_chain_depth(max_chain_depth) + + verifier: ServerVerifier | ClientVerifier + if testcase["validation_kind"] == "SERVER": + assert testcase["extended_key_usage"] == [] or testcase[ + "extended_key_usage" + ] == ["serverAuth"] + peer_name = _get_limbo_peer(testcase["expected_peer_name"]) + # Some tests exercise invalid leaf SANs, which get caught before + # validation even begins. + try: + verifier = builder.build_server_verifier(peer_name) + except ValueError: + assert not should_pass + return + else: + assert testcase["extended_key_usage"] == ["clientAuth"] + verifier = builder.build_client_verifier() + + if should_pass: + if isinstance(verifier, ServerVerifier): + built_chain = verifier.verify( + peer_certificate, untrusted_intermediates + ) + else: + verified_client = verifier.verify( + peer_certificate, untrusted_intermediates + ) + + expected_subjects = [ + _get_limbo_peer(p) for p in testcase["expected_peer_names"] + ] + assert expected_subjects == verified_client.subjects + + built_chain = verified_client.chain + + # Assert that the verifier returns chains in [EE, ..., TA] order. + assert built_chain[0] == peer_certificate + for intermediate in built_chain[1:-1]: + assert intermediate in untrusted_intermediates + assert built_chain[-1] in trusted_certs + else: + with pytest.raises(VerificationError): + verifier.verify(peer_certificate, untrusted_intermediates) + + +def test_limbo(subtests, pytestconfig): + limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True) + limbo_path = os.path.join(limbo_root, "limbo.json") + with open(limbo_path, mode="rb") as limbo_file: + limbo = json.load(limbo_file) + testcases = limbo["testcases"] + for testcase in testcases: + with subtests.test(): + # NOTE: Pass in the id separately to make pytest + # error renderings slightly nicer. + _limbo_testcase(testcase["id"], testcase) diff --git a/tests/x509/verification/test_verification.py b/tests/x509/verification/test_verification.py new file mode 100644 index 0000000..f5e70ba --- /dev/null +++ b/tests/x509/verification/test_verification.py @@ -0,0 +1,205 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +import datetime +import os +from functools import lru_cache +from ipaddress import IPv4Address + +import pytest + +from cryptography import x509 +from cryptography.x509.general_name import DNSName, IPAddress +from cryptography.x509.verification import ( + PolicyBuilder, + Store, + VerificationError, +) +from tests.x509.test_x509 import _load_cert + + +@lru_cache(maxsize=1) +def dummy_store() -> Store: + cert = _load_cert( + os.path.join("x509", "cryptography.io.pem"), + x509.load_pem_x509_certificate, + ) + return Store([cert]) + + +class TestPolicyBuilder: + def test_time_already_set(self): + with pytest.raises(ValueError): + PolicyBuilder().time(datetime.datetime.now()).time( + datetime.datetime.now() + ) + + def test_store_already_set(self): + with pytest.raises(ValueError): + PolicyBuilder().store(dummy_store()).store(dummy_store()) + + def test_max_chain_depth_already_set(self): + with pytest.raises(ValueError): + PolicyBuilder().max_chain_depth(8).max_chain_depth(9) + + def test_ipaddress_subject(self): + policy = ( + PolicyBuilder() + .store(dummy_store()) + .build_server_verifier(IPAddress(IPv4Address("0.0.0.0"))) + ) + assert policy.subject == IPAddress(IPv4Address("0.0.0.0")) + + def test_dnsname_subject(self): + policy = ( + PolicyBuilder() + .store(dummy_store()) + .build_server_verifier(DNSName("cryptography.io")) + ) + assert policy.subject == DNSName("cryptography.io") + + def test_subject_bad_types(self): + # Subject must be a supported GeneralName type + with pytest.raises(TypeError): + PolicyBuilder().store(dummy_store()).build_server_verifier( + "cryptography.io" # type: ignore[arg-type] + ) + with pytest.raises(TypeError): + PolicyBuilder().store(dummy_store()).build_server_verifier( + "0.0.0.0" # type: ignore[arg-type] + ) + with pytest.raises(TypeError): + PolicyBuilder().store(dummy_store()).build_server_verifier( + IPv4Address("0.0.0.0") # type: ignore[arg-type] + ) + with pytest.raises(TypeError): + PolicyBuilder().store(dummy_store()).build_server_verifier(None) # type: ignore[arg-type] + + def test_builder_pattern(self): + now = datetime.datetime.now().replace(microsecond=0) + store = dummy_store() + max_chain_depth = 16 + + builder = PolicyBuilder() + builder = builder.time(now) + builder = builder.store(store) + builder = builder.max_chain_depth(max_chain_depth) + + verifier = builder.build_server_verifier(DNSName("cryptography.io")) + assert verifier.subject == DNSName("cryptography.io") + assert verifier.validation_time == now + assert verifier.store == store + assert verifier.max_chain_depth == max_chain_depth + + def test_build_server_verifier_missing_store(self): + with pytest.raises( + ValueError, match="A server verifier must have a trust store" + ): + PolicyBuilder().build_server_verifier(DNSName("cryptography.io")) + + +class TestStore: + def test_store_rejects_empty_list(self): + with pytest.raises(ValueError): + Store([]) + + def test_store_rejects_non_certificates(self): + with pytest.raises(TypeError): + Store(["not a cert"]) # type: ignore[list-item] + + +class TestClientVerifier: + def test_build_client_verifier_missing_store(self): + with pytest.raises( + ValueError, match="A client verifier must have a trust store" + ): + PolicyBuilder().build_client_verifier() + + def test_verify(self): + # expires 2018-11-16 01:15:03 UTC + leaf = _load_cert( + os.path.join("x509", "cryptography.io.pem"), + x509.load_pem_x509_certificate, + ) + + store = Store([leaf]) + + validation_time = datetime.datetime.fromisoformat( + "2018-11-16T00:00:00+00:00" + ) + builder = PolicyBuilder().store(store) + builder = builder.time(validation_time).max_chain_depth(16) + verifier = builder.build_client_verifier() + + assert verifier.validation_time == validation_time.replace(tzinfo=None) + assert verifier.max_chain_depth == 16 + assert verifier.store is store + + verified_client = verifier.verify(leaf, []) + assert verified_client.chain == [leaf] + + assert x509.DNSName("www.cryptography.io") in verified_client.subjects + assert x509.DNSName("cryptography.io") in verified_client.subjects + assert len(verified_client.subjects) == 2 + + def test_verify_fails_renders_oid(self): + leaf = _load_cert( + os.path.join("x509", "custom", "ekucrit-testuser-cert.pem"), + x509.load_pem_x509_certificate, + ) + + store = Store([leaf]) + + validation_time = datetime.datetime.fromisoformat( + "2024-06-26T00:00:00+00:00" + ) + + builder = PolicyBuilder().store(store) + builder = builder.time(validation_time) + verifier = builder.build_client_verifier() + + pattern = ( + r"invalid extension: 2\.5\.29\.37: " + r"Certificate extension has incorrect criticality" + ) + with pytest.raises( + VerificationError, + match=pattern, + ): + verifier.verify(leaf, []) + + +class TestServerVerifier: + @pytest.mark.parametrize( + ("validation_time", "valid"), + [ + # 03:15:02 UTC+2, or 1 second before expiry in UTC + ("2018-11-16T03:15:02+02:00", True), + # 00:15:04 UTC-1, or 1 second after expiry in UTC + ("2018-11-16T00:15:04-01:00", False), + ], + ) + def test_verify_tz_aware(self, validation_time, valid): + # expires 2018-11-16 01:15:03 UTC + leaf = _load_cert( + os.path.join("x509", "cryptography.io.pem"), + x509.load_pem_x509_certificate, + ) + + store = Store([leaf]) + + builder = PolicyBuilder().store(store) + builder = builder.time( + datetime.datetime.fromisoformat(validation_time) + ) + verifier = builder.build_server_verifier(DNSName("cryptography.io")) + + if valid: + assert verifier.verify(leaf, []) == [leaf] + else: + with pytest.raises( + x509.verification.VerificationError, + match="cert is not valid at validation time", + ): + verifier.verify(leaf, [])