Commit 91c769d0 authored by Tristan Seligmann's avatar Tristan Seligmann

Merge branch 'master' into jessie-backports

parents 207be729 f23a0e20
......@@ -27,3 +27,12 @@ PGP key fingerprints are enclosed in parentheses.
* Jiangge Zhang <tonyseek@gmail.com> (BBEC 782B 015F 71B1 5FF7 EACA 1A8C AA98 255F 5000)
* Major Hayden <major@mhtx.net> (1BF9 9264 9596 0033 698C 252B 7370 51E0 C101 1FB1)
* Phoebe Queen <foibey@gmail.com> (10D4 7741 AB65 50F4 B264 3888 DA40 201A 072B C1FA)
* Google Inc.
* Amaury Forgeot d'Arc <amauryfa@google.com>
* Dirkjan Ochtman <dirkjan@ochtman.nl> (25BB BAC1 13C1 BFD5 AA59 4A4C 9F96 B929 3038 0381)
* Maximilian Hils <max@maximilianhils.com>
* Simo Sorce <simo@redhat.com>
* Thomas Sileo <t@a4.io>
* Fraser Tweedale <ftweedal@redhat.com>
* Ofek Lev <ofekmeister@gmail.com> (FFB6 B92B 30B1 7848 546E 9912 972F E913 DAD5 A46E)
* Erik Daguerre <fallenwolf@wolfthefallen.com>
Changelog
=========
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.
1.7 - 2016-12-12
~~~~~~~~~~~~~~~~
* Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added support for Diffie-Hellman key exchange using
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange`
* The OS random engine for OpenSSL has been rewritten to improve compatibility
with embedded Python and other edge cases. More information about this change
can be found in the
`pull request <https://github.com/pyca/cryptography/pull/3229>`_.
1.6 - 2016-11-22
~~~~~~~~~~~~~~~~
* Deprecated support for OpenSSL 1.0.0. Support will be removed in
``cryptography`` 1.7.
* Replaced the Python-based OpenSSL locking callbacks with a C version to fix
a potential deadlock that could occur if a garbage collection cycle occurred
while inside the lock.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` when using OpenSSL
1.1.0.
* Added
:attr:`~cryptography.x509.Certificate.signature_algorithm_oid` support to
:class:`~cryptography.x509.Certificate`.
* Added
:attr:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateSigningRequest`.
* Added
:attr:`~cryptography.x509.CertificateRevocationList.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateRevocationList`.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`
when using OpenSSL 1.1.0.
* Added a workaround to improve compatibility with Python application bundling
tools like ``PyInstaller`` and ``cx_freeze``.
* Added support for generating a
:meth:`~cryptography.x509.random_serial_number`.
* Added support for encoding ``IPv4Network`` and ``IPv6Network`` in X.509
certificates for use with :class:`~cryptography.x509.NameConstraints`.
* Added :meth:`~cryptography.x509.Name.public_bytes` to
:class:`~cryptography.x509.Name`.
* Added :class:`~cryptography.x509.RelativeDistinguishedName`
* :class:`~cryptography.x509.DistributionPoint` now accepts
:class:`~cryptography.x509.RelativeDistinguishedName` for
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
Deprecated use of :class:`~cryptography.x509.Name` as
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
* :class:`~cryptography.x509.Name` now accepts an iterable of
:class:`~cryptography.x509.RelativeDistinguishedName`. RDNs can
be accessed via the :attr:`~cryptography.x509.Name.rdns`
attribute. When constructed with an iterable of
:class:`~cryptography.x509.NameAttribute`, each attribute becomes
a single-valued RDN.
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for signing and verifying RSA, DSA, and ECDSA signatures with
:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
digests.
1.5.3 - 2016-11-05
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Fixed a bug where ``HKDF`` would return an empty
byte-string if used with a ``length`` less than ``algorithm.digest_size``.
Credit to **Markus Döring** for reporting the issue. *CVE-2016-9243*
1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.
1.5.1 - 2016-09-22
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i.
* Resolved a ``UserWarning`` when used with cffi 1.8.3.
* Fixed a memory leak in name creation with X.509.
* Added a workaround for old versions of setuptools.
* Fixed an issue preventing ``cryptography`` from compiling against
OpenSSL 1.0.2i.
1.5 - 2016-08-26
~~~~~~~~~~~~~~~~
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.padding.calculate_max_pss_salt_length`.
* Added "one shot"
:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey.verify`
methods to DSA keys.
* Added "one shot"
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
methods to ECDSA keys.
* Switched back to the older callback model on Python 3.5 in order to mitigate
the locking callback problem with OpenSSL <1.1.0.
* :class:`~cryptography.x509.CertificateBuilder`,
:class:`~cryptography.x509.CertificateRevocationListBuilder`, and
:class:`~cryptography.x509.RevokedCertificateBuilder` now accept timezone
aware ``datetime`` objects as method arguments
* ``cryptography`` now supports OpenSSL 1.1.0 as a compilation target.
1.4 - 2016-06-04
~~~~~~~~~~~~~~~~
* Support for OpenSSL 0.9.8 has been removed. Users on older versions of
OpenSSL will need to upgrade.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC`.
* Added support for ``OpenSSH`` public key serialization.
* Added support for SHA-2 in RSA
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using
OpenSSL 1.0.2 or greater.
* Added "one shot"
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.verify`
methods to RSA keys.
1.3.4 - 2016-06-03
~~~~~~~~~~~~~~~~~~
* Added another OpenSSL function to the bindings to support an upcoming
``pyOpenSSL`` release.
1.3.3 - 2016-06-02
~~~~~~~~~~~~~~~~~~
......@@ -658,4 +789,4 @@ Changelog
* Initial release.
.. _`master`: https://github.com/pyca/cryptography/
.. _`cffi`: https://cffi.readthedocs.org/en/latest/
.. _`cffi`: https://cffi.readthedocs.io/
This software is made available under the terms of *either* of the licenses
found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
under the terms of *both* these licenses.
The code used in the OpenSSL locking callback and OS random engine is derived
from the same in CPython itself, and is licensed under the terms of the PSF
License Agreement.
Metadata-Version: 1.1
Name: cryptography
Version: 1.3.4
Version: 1.7.1
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......@@ -47,6 +47,14 @@ Description: Cryptography
You can find more information in the `documentation`_.
You can install ``cryptography`` with:
.. code-block:: console
$ pip install cryptography
For full details see `the installation documentation`_.
Discussion
~~~~~~~~~~
......@@ -59,6 +67,7 @@ Description: Cryptography
.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
......
......@@ -39,6 +39,14 @@ key derivation functions. For example, to encrypt something with
You can find more information in the `documentation`_.
You can install ``cryptography`` with:
.. code-block:: console
$ pip install cryptography
For full details see `the installation documentation`_.
Discussion
~~~~~~~~~~
......@@ -51,5 +59,6 @@ involved.
.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
# see git-dpm(1) from git-dpm package
6583b7f463b92cd610549c5eb1c5f6792a4e6e8e
6583b7f463b92cd610549c5eb1c5f6792a4e6e8e
6583b7f463b92cd610549c5eb1c5f6792a4e6e8e
6583b7f463b92cd610549c5eb1c5f6792a4e6e8e
python-cryptography_1.3.4.orig.tar.gz
313ce4eb61624333a0bfee8f930520010c21ac93
384109
6fee9abaaa16550faaacf10e51053f36614a804b
6fee9abaaa16550faaacf10e51053f36614a804b
55816224b8c57c07982677ad261a11520141b97e
55816224b8c57c07982677ad261a11520141b97e
python-cryptography_1.7.1.orig.tar.gz
6ef868de80378546a42b3b49995d7017d33f03e5
420673
debianTag="debian/%e%v"
patchedTag="patched/%e%v"
upstreamTag="upstream/%e%u"
python-cryptography (1.7.1-3) unstable; urgency=medium
* Apply patch 6e7ea2e7 from upstream to fix compilation against OpenSSL
1.1.0f (closes: #863474).
-- Tristan Seligmann <mithrandi@debian.org> Sun, 28 May 2017 04:20:33 +0200
python-cryptography (1.7.1-2) unstable; urgency=medium
* Apply upstream patch from #3328 to fix test suite on 32-bit arches.
-- Tristan Seligmann <mithrandi@debian.org> Mon, 19 Dec 2016 19:49:14 +0200
python-cryptography (1.7.1-1) unstable; urgency=medium
* New upstream release.
-- Tristan Seligmann <mithrandi@debian.org> Wed, 14 Dec 2016 07:59:21 +0200
python-cryptography (1.5.3-1) unstable; urgency=medium
* New upstream release.
- Fixes a security issue where HKDF would generate a 0-length key when
asked for a short length key. Urgency medium, because no software in
Debian appears to be affected.
-- Tristan Seligmann <mithrandi@debian.org> Tue, 08 Nov 2016 05:36:00 +0200
python-cryptography (1.5.2-1) unstable; urgency=medium
* New upstream release.
- Fixes failure on OpenSSL 1.0.2j (closes: #839369)
-- Tristan Seligmann <mithrandi@debian.org> Sat, 01 Oct 2016 17:26:32 +0200
python-cryptography (1.5-2) unstable; urgency=medium
* Add missing test dependency on python{,3}-tz.
-- Tristan Seligmann <mithrandi@debian.org> Sat, 10 Sep 2016 15:40:13 +0200
python-cryptography (1.5-1) unstable; urgency=medium
* New upstream release.
- Compatible with OpenSSL 1.1.0 (closes: #828518).
* Version setuptools dependency.
-- Tristan Seligmann <mithrandi@debian.org> Fri, 26 Aug 2016 18:25:12 +0200
python-cryptography (1.4-2) unstable; urgency=medium
* Fix typo in overrides file.
* Add Breaks: on python{,3}-openssl because of incompatibilities between
older PyOpenSSL and Cryptography (see
https://github.com/pyca/pyopenssl/pull/406 for details).
-- Tristan Seligmann <mithrandi@debian.org> Sat, 16 Jul 2016 07:12:08 +0200
python-cryptography (1.4-1) unstable; urgency=medium
* New upstream release.
* Depend on a new enough dh-python (necessary to handle the python-cffi
mapping correctly) (closes: #827925; technically not present in
testing/unstable anyway).
-- Tristan Seligmann <mithrandi@debian.org> Thu, 23 Jun 2016 00:26:35 +0200
python-cryptography (1.3.4-1~bpo8+2) jessie-backports; urgency=medium
* Restore cffi workaround that is still necessary.
......
......@@ -4,13 +4,13 @@ Section: python
Priority: optional
Build-Depends:
debhelper (>= 9.20141010),
dh-python (>= 2.20151103),
dpkg-dev (>= 1.17.14),
dh-python,
libssl-dev,
python-all-dev,
python-cffi (>= 1.4.1~),
python-cryptography-vectors (<< 1.3.5~) <!nocheck>,
python-cryptography-vectors (>= 1.3.4~) <!nocheck>,
python-cryptography-vectors (<< 1.7.2~) <!nocheck>,
python-cryptography-vectors (>= 1.7.1~) <!nocheck>,
python-enum34,
python-hypothesis <!nocheck>,
python-idna (>= 2.0~),
......@@ -19,24 +19,26 @@ Build-Depends:
python-pretend <!nocheck>,
python-pyasn1 (>= 0.1.8~),
python-pyasn1-modules <!nocheck>,
python-pytest <!nocheck>,
python-pytest (>= 2.9.0) <!nocheck>,
python-setuptools (>= 11.3~),
python-six (>= 1.4.1~),
python-sphinx-rtd-theme <!nodoc>,
python-tz <!nocheck>,
python3-all-dev,
python3-cffi (>= 1.4.1~),
python3-cryptography-vectors (<< 1.3.5~) <!nocheck>,
python3-cryptography-vectors (>= 1.3.4~) <!nocheck>,
python3-cryptography-vectors (<< 1.7.2~) <!nocheck>,
python3-cryptography-vectors (>= 1.7.1~) <!nocheck>,
python3-hypothesis <!nocheck>,
python3-idna (>= 2.0~),
python-sphinx-rtd-theme <!nodoc>,
python3-sphinx <!nodoc>,
python3-iso8601 <!nocheck>,
python3-pretend <!nocheck>,
python3-pyasn1 (>= 0.1.8~),
python3-pyasn1-modules <!nocheck>,
python3-pytest <!nocheck>,
python3-pytest (>= 2.9.0) <!nocheck>,
python3-setuptools (>= 11.3~),
python3-six (>= 1.4.1~),
python3-sphinx <!nodoc>,
python3-tz <!nocheck>,
Standards-Version: 3.9.8
Homepage: https://cryptography.io/
Vcs-Git: https://anonscm.debian.org/git/python-modules/packages/python-cryptography.git
......@@ -48,6 +50,7 @@ Testsuite: autopkgtest
Package: python-cryptography
Architecture: any
Depends: ${misc:Depends}, ${python:Depends}, ${shlibs:Depends}
Breaks: python-openssl (<< 16.0.0)
Suggests: python-cryptography-doc, python-cryptography-vectors
Description: Python library exposing cryptographic recipes and primitives (Python 2)
The cryptography library is designed to be a "one-stop-shop" for
......@@ -69,6 +72,7 @@ Description: Python library exposing cryptographic recipes and primitives (Pytho
Package: python3-cryptography
Architecture: any
Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}
Breaks: python3-openssl (<< 16.0.0)
Suggests: python-cryptography-doc, python3-cryptography-vectors
Description: Python library exposing cryptographic recipes and primitives (Python 3)
The cryptography library is designed to be a "one-stop-shop" for
......
From ced38e7dcb84cd11039fe6b7c078593c2a4968ff Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 18 Dec 2016 18:36:05 -0600
Subject: add memory limit check for scrypt
fixes #3323
---
src/cryptography/hazmat/backends/openssl/backend.py | 8 +++++---
tests/hazmat/primitives/test_scrypt.py | 19 +++++++++++++++++++
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 71063c1..9e101a3 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -143,6 +143,7 @@ class Backend(object):
self._cipher_registry = {}
self._register_default_ciphers()
self.activate_osrandom_engine()
+ self._scrypt_mem_limit = sys.maxsize // 2
def openssl_assert(self, ok):
return binding._openssl_assert(self._lib, ok)
@@ -1894,9 +1895,10 @@ class Backend(object):
def derive_scrypt(self, key_material, salt, length, n, r, p):
buf = self._ffi.new("unsigned char[]", length)
- res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt,
- len(salt), n, r, p, sys.maxsize // 2,
- buf, length)
+ res = self._lib.EVP_PBE_scrypt(
+ key_material, len(key_material), salt, len(salt), n, r, p,
+ self._scrypt_mem_limit, buf, length
+ )
self.openssl_assert(res == 1)
return self._ffi.buffer(buf)[:]
diff --git a/tests/hazmat/primitives/test_scrypt.py b/tests/hazmat/primitives/test_scrypt.py
index 49b304e..450eb82 100644
--- a/tests/hazmat/primitives/test_scrypt.py
+++ b/tests/hazmat/primitives/test_scrypt.py
@@ -22,10 +22,28 @@ vectors = load_vectors_from_file(
os.path.join("KDF", "scrypt.txt"), load_nist_vectors)
+def _skip_if_memory_limited(memory_limit, params):
+ # Memory calc adapted from OpenSSL (URL split over 2 lines, thanks PEP8)
+ # https://github.com/openssl/openssl/blob/6286757141a8c6e14d647ec733634a
+ # e0c83d9887/crypto/evp/scrypt.c#L189-L221
+ blen = int(params["p"]) * 128 * int(params["r"])
+ vlen = 32 * int(params["r"]) * (int(params["n"]) + 2) * 4
+ memory_required = blen + vlen
+ if memory_limit < memory_required:
+ pytest.skip("Test exceeds Scrypt memory limit. "
+ "This is likely a 32-bit platform.")
+
+
+def test_memory_limit_skip():
+ with pytest.raises(pytest.skip.Exception):
+ _skip_if_memory_limited(1000, {"p": 16, "r": 64, "n": 1024})
+
+
@pytest.mark.requires_backend_interface(interface=ScryptBackend)
class TestScrypt(object):
@pytest.mark.parametrize("params", vectors)
def test_derive(self, backend, params):
+ _skip_if_memory_limited(backend._scrypt_mem_limit, params)
password = params["password"]
work_factor = int(params["n"])
block_size = int(params["r"])
@@ -77,6 +95,7 @@ class TestScrypt(object):
@pytest.mark.parametrize("params", vectors)
def test_verify(self, backend, params):
+ _skip_if_memory_limited(backend._scrypt_mem_limit, params)
password = params["password"]
work_factor = int(params["n"])
block_size = int(params["r"])
From 6fee9abaaa16550faaacf10e51053f36614a804b Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 25 May 2017 12:26:08 -0500
Subject: fix compilation on 1.1.0f (#3603)
---
src/_cffi_src/openssl/asn1.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index 4afca3d..5074248 100644
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -77,8 +77,6 @@ int ASN1_INTEGER_set(ASN1_INTEGER *, long);
/* ASN1 TIME */
ASN1_TIME *ASN1_TIME_new(void);
void ASN1_TIME_free(ASN1_TIME *);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
- ASN1_GENERALIZEDTIME **);
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *, time_t);
/* ASN1 UTCTIME */
@@ -112,6 +110,10 @@ int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *);
long ASN1_ENUMERATED_get(ASN1_ENUMERATED *);
int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *);
+/* This became const ASN1_TIME in 1.1.0f */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
+ ASN1_GENERALIZEDTIME **);
+
ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
void ASN1_UTF8STRING_free(ASN1_UTF8STRING *);
0001-add-memory-limit-check-for-scrypt.patch
0002-fix-compilation-on-1.1.0f-3603.patch
......@@ -3,4 +3,4 @@ pyasn1 python-pyasn1; PEP386
six python-six; PEP386
setuptools python-setuptools; PEP386
enum34 python-enum34; PEP386
ipaddress python-ipaddress; PEP384
ipaddress python-ipaddress; PEP386
......@@ -8,6 +8,7 @@ Depends:
python-pretend,
python-pyasn1-modules,
python-pytest,
python-tz,
python3-all,
python3-cryptography,
python3-cryptography-vectors,
......@@ -16,3 +17,4 @@ Depends:
python3-pretend,
python3-pyasn1-modules,
python3-pytest,
python3-tz,
#!/bin/bash
set -e
SRC="${PWD}"
cd "${ADTTMP}"
for py in $(pyversions -vi) ; do
python$py -m pytest ${SRC}/tests
done
#!/bin/bash
set -e
SRC="${PWD}"
cd "${ADTTMP}"
for py in $(py3versions -vi) ; do
python$py -m pytest ${SRC}/tests
done
......@@ -3,7 +3,7 @@ C bindings
C bindings are bindings to C libraries, using cffi_ whenever possible.
.. _cffi: https://cffi.readthedocs.org
.. _cffi: https://cffi.readthedocs.io
Bindings live in :py:mod:`cryptography.hazmat.bindings`.
......
......@@ -57,6 +57,7 @@ def write_file(data, filename):
with open(filename, "w") as f:
f.write(data)
cbc_path = "tests/hazmat/primitives/vectors/ciphers/AES/CBC/CBCMMT128.rsp"
write_file(build_vectors(modes.CBC, cbc_path), "cast5-cbc.txt")
ofb_path = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp"
......
......@@ -29,4 +29,4 @@ project's Python bindings.
Download link: :download:`verify_idea.py
</development/custom-vectors/idea/verify_idea.py>`
.. _`Botan`: http://botan.randombit.net
.. _`Botan`: https://botan.randombit.net
......@@ -52,6 +52,7 @@ def write_file(data, filename):
with open(filename, "w") as f:
f.write(data)
CBC_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/CBC/CBCMMT128.rsp"
write_file(build_vectors(modes.CBC, CBC_PATH), "idea-cbc.txt")
OFB_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp"
......
RSA OAEP SHA2 vector creation
=============================
This page documents the code that was used to generate the RSA OAEP SHA2
test vectors as well as code used to verify them against another
implementation.
Creation
--------
``cryptography`` was modified to allow the use of SHA2 in OAEP encryption. Then
the following python script was run to generate the vector files.
.. literalinclude:: /development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
Download link: :download:`generate_rsa_oaep_sha2.py
</development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py>`
Verification
------------
A Java 8 program was written using `Bouncy Castle`_ to load and verify the test
vectors.
.. literalinclude:: /development/custom-vectors/rsa-oaep-sha2/VerifyRSAOAEPSHA2.java
Download link: :download:`VerifyRSAOAEPSHA2.java
</development/custom-vectors/rsa-oaep-sha2/VerifyRSAOAEPSHA2.java>`
Using the Verifier
------------------
Download and install the `Java 8 SDK`_. Initial verification was performed
using ``jdk-8u77-macosx-x64.dmg``.
Download the latest `Bouncy Castle`_ JAR. Initial verification was performed
using ``bcprov-jdk15on-154.jar``.
Set the ``-classpath`` to include the Bouncy Castle jar and the path to
``VerifyRSAOAEPSHA2.java`` and compile the program.
.. code-block:: console
$ javac -classpath ~/Downloads/bcprov-jdk15on-154.jar:./ VerifyRSAOAEPSHA2.java
Finally, run the program with the path to the SHA-2 vectors:
.. code-block:: console
$ java -classpath ~/Downloads/bcprov-jdk15on-154.jar:./ VerifyRSAOAEPSHA2
.. _`Bouncy Castle`: https://www.bouncycastle.org/
.. _`Java 8 SDK`: https://www.oracle.com/technetwork/java/javase/downloads/index.html
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import binascii
import itertools
import os
from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from tests.utils import load_pkcs1_vectors, load_vectors_from_file
def build_vectors(mgf1alg, hashalg, filename):
vectors = load_vectors_from_file(filename, load_pkcs1_vectors)
output = []
for vector in vectors:
# RSA keys for this must be long enough to accommodate the length of
# the underlying hash function. This means we can't use the keys from
# the sha1 test vectors for sha512 tests because 1024-bit keys are too
# small. Instead we parse the vectors for the test cases, then
# generate our own 2048-bit keys for each.
private, _ = vector
skey = rsa.generate_private_key(65537, 2048, backend)
pn = skey.private_numbers()
examples = private["examples"]
output.append(b"# =============================================")
output.append(b"# Example")
output.append(b"# Public key")
output.append(b"# Modulus:")
output.append(format(pn.public_numbers.n, "x"))
output.append(b"# Exponent:")
output.append(format(pn.public_numbers.e, "x"))
output.append(b"# Private key")
output.append(b"# Modulus:")
output.append(format(pn.public_numbers.n, "x"))
output.append(b"# Public exponent:")
output.append(format(pn.public_numbers.e, "x"))
output.append(b"# Exponent:")
output.append(format(pn.d, "x"))
output.append(b"# Prime 1:")
output.append(format(pn.p, "x"))
output.append(b"# Prime 2:")
output.append(format(pn.q, "x"))
output.append(b"# Prime exponent 1:")
output.append(format(pn.dmp1, "x"))
output.append(b"# Prime exponent 2:")
output.append(format(pn.dmq1, "x"))
output.append(b"# Coefficient:")
output.append(format(pn.iqmp, "x"))
pkey = skey.public_key()
vectorkey = rsa.RSAPrivateNumbers(
p=private["p"],
q=private["q"],
d=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],