Merge pull request #913 from public/ecdsa-signature-vector-loader
ECDSA SigGen.{txt,rsp} vector loaderdiff --git a/.travis.yml b/.travis.yml
index 7d5663d..6a23514 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,11 +6,6 @@
- clang
- gcc
env:
- # this global section can be removed when
- # https://github.com/travis-ci/travis-ci/issues/1844 is fixed
- global:
- - CI=true
- - TRAVIS=true
matrix:
- TOX_ENV=py26
- TOX_ENV=py27
@@ -50,49 +45,6 @@
matrix:
exclude:
- os: osx
- env: TOX_ENV=py26
- compiler: gcc
- - os: osx
- env: TOX_ENV=py27
- compiler: gcc
- - os: osx
- env: TOX_ENV=py32
- compiler: gcc
- - os: osx
- env: TOX_ENV=py33
- compiler: gcc
- - os: osx
- env: TOX_ENV=py34
- compiler: gcc
- - os: osx
- env: TOX_ENV=pypy
- compiler: gcc
- - os: osx
- env: TOX_ENV=py26 OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=py27 OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=py32 OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=py33 OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=py34 OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=pypy OPENSSL=0.9.8
- compiler: gcc
- - os: osx
- env: TOX_ENV=docs
- compiler: gcc
- - os: osx
- env: TOX_ENV=pep8
- compiler: gcc
- - os: osx
- env: TOX_ENV=py3pep8
compiler: gcc
- os: osx
env: TOX_ENV=pep8
diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py
index 927406c..acf9d42 100644
--- a/cryptography/hazmat/bindings/openssl/binding.py
+++ b/cryptography/hazmat/bindings/openssl/binding.py
@@ -48,6 +48,7 @@
"asn1",
"bignum",
"bio",
+ "cmac",
"conf",
"crypto",
"dh",
diff --git a/cryptography/hazmat/bindings/openssl/cmac.py b/cryptography/hazmat/bindings/openssl/cmac.py
new file mode 100644
index 0000000..c8bcc82
--- /dev/null
+++ b/cryptography/hazmat/bindings/openssl/cmac.py
@@ -0,0 +1,65 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+#include <openssl/cmac.h>
+#endif
+"""
+
+TYPES = """
+static const int Cryptography_HAS_CMAC;
+typedef ... CMAC_CTX;
+"""
+
+FUNCTIONS = """
+"""
+
+MACROS = """
+CMAC_CTX *CMAC_CTX_new(void);
+int CMAC_Init(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *, ENGINE *);
+int CMAC_Update(CMAC_CTX *, const void *, size_t);
+int CMAC_Final(CMAC_CTX *, unsigned char *, size_t *);
+int CMAC_CTX_copy(CMAC_CTX *, const CMAC_CTX *);
+void CMAC_CTX_free(CMAC_CTX *);
+"""
+
+CUSTOMIZATIONS = """
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+
+static const long Cryptography_HAS_CMAC = 0;
+typedef void CMAC_CTX;
+CMAC_CTX *(*CMAC_CTX_new)(void) = NULL;
+int (*CMAC_Init)(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *,
+ ENGINE *) = NULL;
+int (*CMAC_Update)(CMAC_CTX *, const void *, size_t) = NULL;
+int (*CMAC_Final)(CMAC_CTX *, unsigned char *, size_t *) = NULL;
+int (*CMAC_CTX_copy)(CMAC_CTX *, const CMAC_CTX *) = NULL;
+void (*CMAC_CTX_free)(CMAC_CTX *) = NULL;
+#else
+static const long Cryptography_HAS_CMAC = 1;
+#endif
+"""
+
+CONDITIONAL_NAMES = {
+ "Cryptography_HAS_CMAC": [
+ "CMAC_CTX_new",
+ "CMAC_Init",
+ "CMAC_Update",
+ "CMAC_Final",
+ "CMAC_CTX_copy",
+ "CMAC_CTX_free",
+ ],
+}
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index e70338b..4d92ef2 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -185,6 +185,12 @@
@six.add_metaclass(abc.ABCMeta)
class RSAPrivateKey(object):
+ @abc.abstractmethod
+ def signer(self, padding, algorithm, backend):
+ """
+ Returns an AsymmetricSignatureContext used for signing data.
+ """
+
@abc.abstractproperty
def modulus(self):
"""
@@ -270,6 +276,12 @@
@six.add_metaclass(abc.ABCMeta)
class RSAPublicKey(object):
+ @abc.abstractmethod
+ def verifier(self, signature, padding, algorithm, backend):
+ """
+ Returns an AsymmetricVerificationContext used for verifying signatures.
+ """
+
@abc.abstractproperty
def modulus(self):
"""
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index a1692c1..5f31e30 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -89,6 +89,11 @@
* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC
6238 exists)
+CMAC
+~~~~
+
+* AES-128, AES-192, AES-256, 3DES from `NIST SP-800-38B`_
+
Creating test vectors
---------------------
@@ -138,3 +143,4 @@
.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
.. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE
.. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html
+.. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 9a1f330..f4fb8de 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -112,6 +112,27 @@
An `RSA`_ private key.
+ .. method:: signer(padding, algorithm, backend)
+
+ .. versionadded:: 0.3
+
+ Sign data which can be verified later by others using the public key.
+
+ :param padding: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
+ provider.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :param backend: A
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
+
.. method:: public_key()
:return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
@@ -200,6 +221,31 @@
An `RSA`_ public key.
+ .. method:: verifier(signature, padding, algorithm, backend)
+
+ .. versionadded:: 0.3
+
+ Verify data was signed by the private key associated with this public
+ key.
+
+ :param bytes signature: The signature to verify.
+
+ :param padding: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
+ provider.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :param backend: A
+ :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+ provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
+
+
.. attribute:: modulus
:type: int
@@ -402,6 +448,27 @@
The internal block size of the hash algorithm in bytes.
+.. class:: HashContext
+
+ .. attribute:: algorithm
+
+ A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
+ will be used by this context.
+
+ .. method:: update(data)
+
+ :param data bytes: The data you want to hash.
+
+ .. method:: finalize()
+
+ :return: The final digest as bytes.
+
+ .. method:: copy()
+
+ :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
+ that is a copy of the current context.
+
+
Key derivation functions
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/installation.rst b/docs/installation.rst
index ac4c13c..a0dd5f2 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -15,9 +15,10 @@
* x86-64 CentOS 6.4 and CentOS 5
* x86-64 FreeBSD 9.2 and FreeBSD 10
-* OS X 10.9 and OS X 10.8
+* OS X 10.9 Mavericks, 10.8 Mountain Lion, and 10.7 Lion
* x86-64 Ubuntu 12.04 LTS
* 32-bit Python on 64-bit Windows Server 2008
+* 64-bit Python on 64-bit Windows Server 2012
On Windows
----------
@@ -30,8 +31,8 @@
.. code-block:: console
C:\> \path\to\vcvarsall.bat x86_amd64
- C:\> set LIB=C:\OpenSSL-1.0.1f-64bit\lib;%LIB%
- C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE%
+ C:\> set LIB=C:\OpenSSL-1.0.1g-64bit\lib;%LIB%
+ C:\> set INCLUDE=C:\OpenSSL-1.0.1g-64bit\include;%INCLUDE%
C:\> pip install cryptography
Building cryptography on Linux
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index cc87d98..236a3bb 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1065,6 +1065,8 @@
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
+ "SigGen15_186-2.rsp",
+ "SigGen15_186-3.rsp",
"SigVer15_186-3.rsp",
],
hashes.SHA1(),
@@ -1078,6 +1080,8 @@
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
+ "SigGen15_186-2.rsp",
+ "SigGen15_186-3.rsp",
"SigVer15_186-3.rsp",
],
hashes.SHA224(),
@@ -1091,6 +1095,8 @@
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
+ "SigGen15_186-2.rsp",
+ "SigGen15_186-3.rsp",
"SigVer15_186-3.rsp",
],
hashes.SHA256(),
@@ -1104,6 +1110,8 @@
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
+ "SigGen15_186-2.rsp",
+ "SigGen15_186-3.rsp",
"SigVer15_186-3.rsp",
],
hashes.SHA384(),
@@ -1117,6 +1125,8 @@
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
+ "SigGen15_186-2.rsp",
+ "SigGen15_186-3.rsp",
"SigVer15_186-3.rsp",
],
hashes.SHA512(),
diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt
new file mode 100644
index 0000000..60561e0
--- /dev/null
+++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-3des.txt
@@ -0,0 +1,60 @@
+# 3DES-CMAC Test Vectors
+# NIST SP_800-38B
+
+# Three Key
+COUNT = 0
+KEY1 = 8aa83bf8cbda1062
+KEY2 = 0bc1bf19fbb6cd58
+KEY3 = bc313d4a371ca8b5
+MESSAGE =
+OUTPUT = b7a688e122ffaf95
+
+COUNT = 1
+KEY1 = 8aa83bf8cbda1062
+KEY2 = 0bc1bf19fbb6cd58
+KEY3 = bc313d4a371ca8b5
+MESSAGE = 6bc1bee22e409f96
+OUTPUT = 8e8f293136283797
+
+COUNT = 2
+KEY1 = 8aa83bf8cbda1062
+KEY2 = 0bc1bf19fbb6cd58
+KEY3 = bc313d4a371ca8b5
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a57
+OUTPUT = 743ddbe0ce2dc2ed
+
+COUNT = 3
+KEY1 = 8aa83bf8cbda1062
+KEY2 = 0bc1bf19fbb6cd58
+KEY3 = bc313d4a371ca8b5
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
+OUTPUT = 33e6b1092400eae5
+
+# Two Key
+COUNT = 4
+KEY1 = 4cf15134a2850dd5
+KEY2 = 8a3d10ba80570d38
+KEY3 = 4cf15134a2850dd5
+MESSAGE =
+OUTPUT = bd2ebf9a3ba00361
+
+COUNT = 5
+KEY1 = 4cf15134a2850dd5
+KEY2 = 8a3d10ba80570d38
+KEY3 = 4cf15134a2850dd5
+MESSAGE = 6bc1bee22e409f96
+OUTPUT = 4ff2ab813c53ce83
+
+COUNT = 6
+KEY1 = 4cf15134a2850dd5
+KEY2 = 8a3d10ba80570d38
+KEY3 = 4cf15134a2850dd5
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a57
+OUTPUT = 62dd1b471902bd4e
+
+COUNT = 7
+KEY1 = 4cf15134a2850dd5
+KEY2 = 8a3d10ba80570d38
+KEY3 = 4cf15134a2850dd5
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
+OUTPUT = 31b1e431dabc4eb8
diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt
new file mode 100644
index 0000000..7219d39
--- /dev/null
+++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes128.txt
@@ -0,0 +1,22 @@
+# AES-128-CMAC Test Vectors
+# NIST SP_800-38B
+
+COUNT = 0
+KEY = 2b7e151628aed2a6abf7158809cf4f3c
+MESSAGE =
+OUTPUT = bb1d6929e95937287fa37d129b756746
+
+COUNT = 1
+KEY = 2b7e151628aed2a6abf7158809cf4f3c
+MESSAGE = 6bc1bee22e409f96e93d7e117393172a
+OUTPUT = 070a16b46b4d4144f79bdd9dd04a287c
+
+COUNT = 2
+KEY = 2b7e151628aed2a6abf7158809cf4f3c
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411
+OUTPUT = dfa66747de9ae63030ca32611497c827
+
+COUNT = 3
+KEY = 2b7e151628aed2a6abf7158809cf4f3c
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710
+OUTPUT = 51f0bebf7e3b9d92fc49741779363cfe
diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt
new file mode 100644
index 0000000..7c819ea
--- /dev/null
+++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes192.txt
@@ -0,0 +1,23 @@
+# AES-192-CMAC Test Vectors
+# NIST SP_800-38B
+
+COUNT = 0
+KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+MESSAGE =
+OUTPUT = d17ddf46adaacde531cac483de7a9367
+
+COUNT = 1
+KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+MESSAGE = 6bc1bee22e409f96e93d7e117393172a
+OUTPUT = 9e99a7bf31e710900662f65e617c5184
+
+
+COUNT = 2
+KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411
+OUTPUT = 8a1de5be2eb31aad089a82e6ee908b0e
+
+COUNT = 3
+KEY = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710
+OUTPUT = a1d5df0eed790f794d77589659f39a11
diff --git a/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt
new file mode 100644
index 0000000..477151b
--- /dev/null
+++ b/vectors/cryptography_vectors/CMAC/nist-800-38b-aes256.txt
@@ -0,0 +1,22 @@
+# AES-256-CMAC Test Vectors
+# NIST SP_800-38B
+
+COUNT = 0
+KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+MESSAGE =
+OUTPUT = 028962f61b7bf89efc6b551f4667d983
+
+COUNT = 1
+KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+MESSAGE = 6bc1bee22e409f96e93d7e117393172a
+OUTPUT = 28a7023f452e8f82bd4bf28d8c37c35c
+
+COUNT = 2
+KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411
+OUTPUT = aaf3d8f1de5640c232f5b169b9c911e6
+
+COUNT = 3
+KEY = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+MESSAGE = 6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710
+OUTPUT = e1992190549f6ed5696a2c056c315410