Hash Saga Part 3 - API changes + SHA1 support + tests
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index 79ec5ee..548a9e6 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -139,5 +139,35 @@
assert res != 0
return self.ffi.buffer(buf)[:outlen[0]]
+ def supports_hash(self, hashname):
+ return (self.ffi.NULL !=
+ self.lib.EVP_get_digestbyname(hashname.encode("ascii")))
+
+ def create_hash_context(self, hashobject):
+ ctx = self.lib.EVP_MD_CTX_create()
+ ctx = self.ffi.gc(ctx, self.lib.EVP_MD_CTX_destroy)
+ evp_md = self.lib.EVP_get_digestbyname(hashobject.name.encode("ascii"))
+ assert evp_md != self.ffi.NULL
+ res = self.lib.EVP_DigestInit_ex(ctx, evp_md, self.ffi.NULL)
+ assert res != 0
+ return ctx
+
+ def update_hash_context(self, ctx, data):
+ res = self.lib.EVP_DigestUpdate(ctx, data, len(data))
+ assert res != 0
+
+ def finalize_hash_context(self, ctx, digest_size):
+ buf = self.ffi.new("unsigned char[]", digest_size)
+ res = self.lib.EVP_DigestFinal_ex(ctx, buf, self.ffi.NULL)
+ assert res != 0
+ return self.ffi.buffer(buf)[:digest_size]
+
+ def copy_hash_context(self, ctx):
+ copied_ctx = self.lib.EVP_MD_CTX_create()
+ copied_ctx = self.ffi.gc(copied_ctx, self.lib.EVP_MD_CTX_destroy)
+ res = self.lib.EVP_MD_CTX_copy_ex(copied_ctx, ctx)
+ assert res != 0
+ return copied_ctx
+
api = API()
diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py
new file mode 100644
index 0000000..d74287f
--- /dev/null
+++ b/cryptography/primitives/hashes.py
@@ -0,0 +1,48 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+from cryptography.bindings import _default_api
+
+
+class BaseHash(object):
+ def __init__(self, api=None, ctx=None):
+ if api is None:
+ api = _default_api
+ self._api = api
+ self._ctx = self._api.create_hash_context(self) if ctx is None else ctx
+
+ def update(self, string):
+ self._api.update_hash_context(self._ctx, string)
+
+ def copy(self):
+ return self.__class__(ctx=self._copy_ctx())
+
+ def digest(self):
+ return self._api.finalize_hash_context(self._copy_ctx(),
+ self.digest_size)
+
+ def hexdigest(self):
+ return binascii.hexlify(self.digest()).decode("ascii")
+
+ def _copy_ctx(self):
+ return self._api.copy_hash_context(self._ctx)
+
+
+class SHA1(BaseHash):
+ name = "sha1"
+ digest_size = 20
+ block_size = 64
diff --git a/tests/primitives/test_hash_vectors.py b/tests/primitives/test_hash_vectors.py
new file mode 100644
index 0000000..4b71ad7
--- /dev/null
+++ b/tests/primitives/test_hash_vectors.py
@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from cryptography.primitives import hashes
+
+from .utils import generate_hash_test
+from ..utils import load_hash_vectors_from_file
+
+
+class TestSHA1(object):
+ test_SHA1 = generate_hash_test(
+ load_hash_vectors_from_file,
+ os.path.join("NIST", "SHABYTE"),
+ [
+ "SHA1LongMsg.rsp",
+ "SHA1ShortMsg.rsp",
+ ],
+ lambda api: hashes.SHA1(api=api),
+ only_if=lambda api: api.supports_hash("sha1"),
+ skip_message="Does not support SHA1",
+ )
diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py
new file mode 100644
index 0000000..3419b14
--- /dev/null
+++ b/tests/primitives/test_hashes.py
@@ -0,0 +1,28 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.primitives import hashes
+
+from .utils import generate_base_hash_test
+
+
+class TestSHA1(object):
+ test_SHA1 = generate_base_hash_test(
+ lambda api: hashes.SHA1(api=api),
+ digest_size=20,
+ block_size=64,
+ only_if=lambda api: api.supports_hash("sha1"),
+ skip_message="Does not support SHA1",
+ )
diff --git a/tests/primitives/test_utils.py b/tests/primitives/test_utils.py
index 4666ece..43ec8a7 100644
--- a/tests/primitives/test_utils.py
+++ b/tests/primitives/test_utils.py
@@ -1,6 +1,6 @@
import pytest
-from .utils import encrypt_test
+from .utils import encrypt_test, hash_test, base_hash_test
class TestEncryptTest(object):
@@ -12,3 +12,25 @@
skip_message="message!"
)
assert exc_info.value.args[0] == "message!"
+
+
+class TestHashTest(object):
+ def test_skips_if_only_if_returns_false(self):
+ with pytest.raises(pytest.skip.Exception) as exc_info:
+ hash_test(
+ None, None, None,
+ only_if=lambda api: False,
+ skip_message="message!"
+ )
+ assert exc_info.value.args[0] == "message!"
+
+
+class TestBaseHashTest(object):
+ def test_skips_if_only_if_returns_false(self):
+ with pytest.raises(pytest.skip.Exception) as exc_info:
+ base_hash_test(
+ None, None, None, None,
+ only_if=lambda api: False,
+ skip_message="message!"
+ )
+ assert exc_info.value.args[0] == "message!"
diff --git a/tests/primitives/utils.py b/tests/primitives/utils.py
index 3cf08c2..f301199 100644
--- a/tests/primitives/utils.py
+++ b/tests/primitives/utils.py
@@ -40,3 +40,58 @@
actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
actual_ciphertext += cipher.finalize()
assert actual_ciphertext == binascii.unhexlify(ciphertext)
+
+
+def generate_hash_test(param_loader, path, file_names, hash_factory,
+ only_if=lambda api: True, skip_message=None):
+ def test_hash(self):
+ for api in _ALL_APIS:
+ for file_name in file_names:
+ for params in param_loader(os.path.join(path, file_name)):
+ yield (
+ hash_test,
+ api,
+ hash_factory,
+ params,
+ only_if,
+ skip_message
+ )
+ return test_hash
+
+
+def hash_test(api, hash_factory, params, only_if, skip_message):
+ if not only_if(api):
+ pytest.skip(skip_message)
+ msg = params[0]
+ md = params[1]
+ m = hash_factory(api)
+ m.update(binascii.unhexlify(msg))
+ assert m.hexdigest() == md.replace(" ", "").lower()
+
+
+def generate_base_hash_test(hash_factory, digest_size, block_size,
+ only_if=lambda api: True, skip_message=None):
+ def test_base_hash(self):
+ for api in _ALL_APIS:
+ yield (
+ base_hash_test,
+ api,
+ hash_factory,
+ digest_size,
+ block_size,
+ only_if,
+ skip_message,
+ )
+ return test_base_hash
+
+
+def base_hash_test(api, hash_factory, digest_size, block_size, only_if,
+ skip_message):
+ if not only_if(api):
+ pytest.skip(skip_message)
+ m = hash_factory(api=api)
+ assert m.digest_size == digest_size
+ assert m.block_size == block_size
+ m_copy = m.copy()
+ assert m != m_copy
+ assert m._ctx != m_copy._ctx