Commit e222faca authored by Simo Sorce's avatar Simo Sorce

Make pep8 test happy again

Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>
parent ac20f550
......@@ -14,9 +14,10 @@ script:
- tox
env:
- TOXENV=pep8
- TOXENV=py3pep8
- TOXENV=lint
- TOXENV=py27
- TOXENV=py34
- TOXENV=doc
- TOXENV=sphinx
# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file
from base64 import urlsafe_b64encode, urlsafe_b64decode
import json
from base64 import urlsafe_b64decode, urlsafe_b64encode
# Padding stripping versions as described in
......
# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file
import os
import zlib
from binascii import hexlify, unhexlify
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import constant_time, hashes, hmac
from cryptography.hazmat.primitives.padding import PKCS7
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from jwcrypto.common import base64url_encode, base64url_decode
from cryptography.hazmat.primitives.padding import PKCS7
from jwcrypto.common import InvalidJWAAlgorithm
from jwcrypto.common import base64url_decode, base64url_encode
from jwcrypto.common import json_decode, json_encode
from jwcrypto.jwk import JWK
import os
import zlib
# RFC 7516 - 4.1
......@@ -49,12 +52,12 @@ default_allowed_algs = [
# Note: l is the number of bits, which should be a multiple of 16
def _encode_int(n, l):
e = hex(n).rstrip("L").lstrip("0x")
el = len(e)
L = ((l + 7) // 8) * 2 # number of bytes rounded up times 2 chars/bytes
if el > L:
e = e[:L]
elen = len(e)
ilen = ((l + 7) // 8) * 2 # number of bytes rounded up times 2 chars/bytes
if elen > ilen:
e = e[:ilen]
else:
e = '0' * (L - el) + e # pad as necessary
e = '0' * (ilen - elen) + e # pad as necessary
return unhexlify(e)
......@@ -134,7 +137,7 @@ class InvalidJWEKeyLength(Exception):
super(InvalidJWEKeyLength, self).__init__(msg)
class _raw_key_mgmt(object):
class _RawKeyMgmt(object):
def wrap(self, key, keylen, cek):
raise NotImplementedError
......@@ -143,7 +146,7 @@ class _raw_key_mgmt(object):
raise NotImplementedError
class _rsa(_raw_key_mgmt):
class _RSA(_RawKeyMgmt):
def __init__(self, padfn):
self.padfn = padfn
......@@ -168,7 +171,7 @@ class _rsa(_raw_key_mgmt):
return cek
class _aes_kw(_raw_key_mgmt):
class _AesKw(_RawKeyMgmt):
def __init__(self, keysize):
self.backend = default_backend()
......@@ -190,19 +193,19 @@ class _aes_kw(_raw_key_mgmt):
# Implement RFC 3394 Key Unwrap - 2.2.2
# TODO: Use cryptography once issue #1733 is resolved
iv = 'a6a6a6a6a6a6a6a6'
A = unhexlify(iv)
R = [cek[i:i+8] for i in range(0, len(cek), 8)]
n = len(R)
a = unhexlify(iv)
r = [cek[i:i + 8] for i in range(0, len(cek), 8)]
n = len(r)
for j in range(0, 6):
for i in range(0, n):
e = Cipher(algorithms.AES(rk), modes.ECB(),
backend=self.backend).encryptor()
B = e.update(A + R[i]) + e.finalize()
A = _encode_int(_decode_int(B[:8]) ^ ((n*j)+i+1), 64)
R[i] = B[-8:]
ek = A
b = e.update(a + r[i]) + e.finalize()
a = _encode_int(_decode_int(b[:8]) ^ ((n * j) + i + 1), 64)
r[i] = b[-8:]
ek = a
for i in range(0, n):
ek += R[i]
ek += r[i]
return (cek, ek)
def unwrap(self, key, ek):
......@@ -211,28 +214,29 @@ class _aes_kw(_raw_key_mgmt):
# Implement RFC 3394 Key Unwrap - 2.2.3
# TODO: Use cryptography once issue #1733 is resolved
iv = 'a6a6a6a6a6a6a6a6'
Aiv = unhexlify(iv)
aiv = unhexlify(iv)
R = [ek[i:i+8] for i in range(0, len(ek), 8)]
A = R.pop(0)
n = len(R)
r = [ek[i:i + 8] for i in range(0, len(ek), 8)]
a = r.pop(0)
n = len(r)
for j in range(5, -1, -1):
for i in range(n - 1, -1, -1):
AtR = _encode_int((_decode_int(A) ^ ((n*j)+i+1)), 64) + R[i]
da = _decode_int(a)
atr = _encode_int((da ^ ((n * j) + i + 1)), 64) + r[i]
d = Cipher(algorithms.AES(rk), modes.ECB(),
backend=self.backend).decryptor()
B = d.update(AtR) + d.finalize()
A = B[:8]
R[i] = B[-8:]
b = d.update(atr) + d.finalize()
a = b[:8]
r[i] = b[-8:]
if A != Aiv:
if a != aiv:
raise InvalidJWEData('Decryption Failed')
cek = b''.join(R)
cek = b''.join(r)
return cek
class _direct(_raw_key_mgmt):
class _Direct(_RawKeyMgmt):
def check_key(self, key):
if key.key_type != 'oct':
......@@ -254,7 +258,7 @@ class _direct(_raw_key_mgmt):
return base64url_decode(key.get_op_key('decrypt'))
class _raw_jwe(object):
class _RawJWE(object):
def encrypt(self, k, a, m):
raise NotImplementedError
......@@ -263,7 +267,7 @@ class _raw_jwe(object):
raise NotImplementedError
class _aes_cbc_hmac_sha2(_raw_jwe):
class _AesCbcHmacSha2(_RawJWE):
def __init__(self, hashfn, keybits):
self.backend = default_backend()
......@@ -340,7 +344,7 @@ class _aes_cbc_hmac_sha2(_raw_jwe):
return unpadder.update(d) + unpadder.finalize()
class _aes_gcm(_raw_jwe):
class _AesGcm(_RawJWE):
def __init__(self, keybits):
self.backend = default_backend()
......@@ -417,58 +421,58 @@ class JWE(object):
if aad:
self.objects['aad'] = aad
if protected:
_ = json_decode(protected) # check header encoding
json_decode(protected) # check header encoding
self.objects['protected'] = protected
if unprotected:
_ = json_decode(unprotected) # check header encoding
json_decode(unprotected) # check header encoding
self.objects['unprotected'] = unprotected
if algs:
self.allowed_algs = algs
# key wrapping mechanisms
def _jwa_RSA1_5(self):
return _rsa(padding.PKCS1v15())
return _RSA(padding.PKCS1v15())
def _jwa_RSA_OAEP(self):
return _rsa(padding.OAEP(padding.MGF1(hashes.SHA1()),
return _RSA(padding.OAEP(padding.MGF1(hashes.SHA1()),
hashes.SHA1(),
None))
def _jwa_RSA_OAEP_256(self):
return _rsa(padding.OAEP(padding.MGF1(hashes.SHA256()),
return _RSA(padding.OAEP(padding.MGF1(hashes.SHA256()),
hashes.SHA256(),
None))
def _jwa_A128KW(self):
return _aes_kw(128)
return _AesKw(128)
def _jwa_A192KW(self):
return _aes_kw(192)
return _AesKw(192)
def _jwa_A256KW(self):
return _aes_kw(256)
return _AesKw(256)
def _jwa_dir(self):
return _direct()
return _Direct()
# content encryption mechanisms
def _jwa_A128CBC_HS256(self):
return _aes_cbc_hmac_sha2(hashes.SHA256(), 128)
return _AesCbcHmacSha2(hashes.SHA256(), 128)
def _jwa_A192CBC_HS384(self):
return _aes_cbc_hmac_sha2(hashes.SHA384(), 192)
return _AesCbcHmacSha2(hashes.SHA384(), 192)
def _jwa_A256CBC_HS512(self):
return _aes_cbc_hmac_sha2(hashes.SHA512(), 256)
return _AesCbcHmacSha2(hashes.SHA512(), 256)
def _jwa_A128GCM(self):
return _aes_gcm(128)
return _AesGcm(128)
def _jwa_A192GCM(self):
return _aes_gcm(192)
return _AesGcm(192)
def _jwa_A256GCM(self):
return _aes_gcm(256)
return _AesGcm(256)
def _jwa(self, name):
try:
......
# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file
import os
from binascii import hexlify, unhexlify
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import ec
from jwcrypto.common import base64url_decode, base64url_encode
from jwcrypto.common import json_decode, json_encode
from cryptography.hazmat.primitives.asymmetric import rsa
from six import iteritems
import os
from jwcrypto.common import base64url_decode, base64url_encode
from jwcrypto.common import json_decode, json_encode
# RFC 7518 - 7.4
......@@ -234,8 +236,8 @@ class JWK(object):
self.import_key(**params)
def _encode_int(self, i):
I = hex(i).rstrip("L").lstrip("0x")
return base64url_encode(unhexlify((len(I) % 2) * '0' + I))
intg = hex(i).rstrip("L").lstrip("0x")
return base64url_encode(unhexlify((len(intg) % 2) * '0' + intg))
def _generate_RSA(self, params):
pubexp = 65537
......@@ -540,7 +542,7 @@ class JWK(object):
return obj
class _jwkset(set):
class _JWKkeys(set):
def add(self, elem):
"""Adds a JWK object to the set
......@@ -563,7 +565,7 @@ class JWKSet(dict):
"""
def __init__(self, *args, **kwargs):
super(JWKSet, self).__init__()
super(JWKSet, self).__setitem__('keys', _jwkset())
super(JWKSet, self).__setitem__('keys', _JWKkeys())
self.update(*args, **kwargs)
def __setitem__(self, key, val):
......
# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file
from binascii import hexlify, unhexlify
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import utils as ec_utils
from cryptography.exceptions import InvalidSignature
from jwcrypto.common import base64url_encode, base64url_decode
from jwcrypto.common import InvalidJWAAlgorithm
from jwcrypto.common import base64url_decode, base64url_encode
from jwcrypto.common import json_decode, json_encode
from jwcrypto.jwk import JWK
......@@ -88,7 +90,7 @@ class InvalidJWSOperation(Exception):
super(InvalidJWSOperation, self).__init__(msg)
class _raw_jws(object):
class _RawJWS(object):
def sign(self, key, payload):
raise NotImplementedError
......@@ -97,7 +99,7 @@ class _raw_jws(object):
raise NotImplementedError
class _raw_hmac(_raw_jws):
class _RawHMAC(_RawJWS):
def __init__(self, hashfn):
self.backend = default_backend()
......@@ -122,7 +124,7 @@ class _raw_hmac(_raw_jws):
raise InvalidJWSSignature(exception=e)
class _raw_rsa(_raw_jws):
class _RawRSA(_RawJWS):
def __init__(self, padfn, hashfn):
self.padfn = padfn
self.hashfn = hashfn
......@@ -140,15 +142,15 @@ class _raw_rsa(_raw_jws):
verifier.verify()
class _raw_ec(_raw_jws):
class _RawEC(_RawJWS):
def __init__(self, curve, hashfn):
self.curve = curve
self.hashfn = hashfn
def encode_int(self, n, l):
e = hex(n).rstrip("L").lstrip("0x")
L = (l + 7) // 8 # number of bytes rounded up
e = '0' * (L * 2 - len(e)) + e # pad as necessary
ilen = (l + 7) // 8 # number of bytes rounded up
e = '0' * (ilen * 2 - len(e)) + e # pad as necessary
return unhexlify(e)
def sign(self, key, payload):
......@@ -162,8 +164,8 @@ class _raw_ec(_raw_jws):
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify', self.curve)
r = signature[:len(signature)//2]
s = signature[len(signature)//2:]
r = signature[:len(signature) // 2]
s = signature[len(signature) // 2:]
enc_signature = ec_utils.encode_rfc6979_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
verifier = pkey.verifier(enc_signature, ec.ECDSA(self.hashfn))
......@@ -171,7 +173,7 @@ class _raw_ec(_raw_jws):
verifier.verify()
class _raw_none(_raw_jws):
class _RawNone(_RawJWS):
def sign(self, key, payload):
return ''
......@@ -219,49 +221,49 @@ class JWSCore(object):
self.payload = base64url_encode(payload)
def _jwa_HS256(self):
return _raw_hmac(hashes.SHA256())
return _RawHMAC(hashes.SHA256())
def _jwa_HS384(self):
return _raw_hmac(hashes.SHA384())
return _RawHMAC(hashes.SHA384())
def _jwa_HS512(self):
return _raw_hmac(hashes.SHA512())
return _RawHMAC(hashes.SHA512())
def _jwa_RS256(self):
return _raw_rsa(padding.PKCS1v15(), hashes.SHA256())
return _RawRSA(padding.PKCS1v15(), hashes.SHA256())
def _jwa_RS384(self):
return _raw_rsa(padding.PKCS1v15(), hashes.SHA384())
return _RawRSA(padding.PKCS1v15(), hashes.SHA384())
def _jwa_RS512(self):
return _raw_rsa(padding.PKCS1v15(), hashes.SHA512())
return _RawRSA(padding.PKCS1v15(), hashes.SHA512())
def _jwa_ES256(self):
return _raw_ec('P-256', hashes.SHA256())
return _RawEC('P-256', hashes.SHA256())
def _jwa_ES384(self):
return _raw_ec('P-384', hashes.SHA384())
return _RawEC('P-384', hashes.SHA384())
def _jwa_ES512(self):
return _raw_ec('P-521', hashes.SHA512())
return _RawEC('P-521', hashes.SHA512())
def _jwa_PS256(self):
return _raw_rsa(padding.PSS(padding.MGF1(hashes.SHA256()),
hashes.SHA256.digest_size),
hashes.SHA256())
return _RawRSA(padding.PSS(padding.MGF1(hashes.SHA256()),
hashes.SHA256.digest_size),
hashes.SHA256())
def _jwa_PS384(self):
return _raw_rsa(padding.PSS(padding.MGF1(hashes.SHA384()),
hashes.SHA384.digest_size),
hashes.SHA384())
return _RawRSA(padding.PSS(padding.MGF1(hashes.SHA384()),
hashes.SHA384.digest_size),
hashes.SHA384())
def _jwa_PS512(self):
return _raw_rsa(padding.PSS(padding.MGF1(hashes.SHA512()),
hashes.SHA512.digest_size),
hashes.SHA512())
return _RawRSA(padding.PSS(padding.MGF1(hashes.SHA512()),
hashes.SHA512.digest_size),
hashes.SHA512())
def _jwa_none(self):
return _raw_none()
return _RawNone()
def _jwa(self, name, allowed):
if allowed is None:
......@@ -385,8 +387,8 @@ class JWS(object):
# the following will verify the "alg" is supported and the signature
# verifies
S = JWSCore(a, key, protected, payload, self._allowed_algs)
S.verify(signature)
c = JWSCore(a, key, protected, payload, self._allowed_algs)
c.verify(signature)
def verify(self, key, alg=None):
"""Verifies a JWS token.
......@@ -534,8 +536,8 @@ class JWS(object):
if alg is None:
raise ValueError('"alg" not specified')
S = JWSCore(alg, key, protected, self.objects['payload'])
sig = S.sign()
c = JWSCore(alg, key, protected, self.objects['payload'])
sig = c.sign()
o = dict()
o['signature'] = base64url_decode(sig['signature'])
......
......@@ -5,10 +5,10 @@ import uuid
from six import string_types
from jwcrypto.common import json_encode, json_decode
from jwcrypto.jws import JWS
from jwcrypto.common import json_decode, json_encode
from jwcrypto.jwe import JWE
from jwcrypto.jwk import JWK, JWKSet
from jwcrypto.jws import JWS
# RFC 7519 - 4.1
......
This diff is collapsed.
This diff is collapsed.
......@@ -29,7 +29,7 @@ deps =
flake8-import-order
pep8-naming
commands =
flake8 {posargs}
flake8 {posargs} jwcrypto
[testenv:py3pep8]
basepython = python3.4
......@@ -38,7 +38,7 @@ deps =
flake8-import-order
pep8-naming
commands =
flake8 {posargs}
flake8 {posargs} jwcrypto
[testenv:doc]
deps =
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment