diff --git a/wrapper/python/README.rst b/wrapper/python/README.rst new file mode 100644 index 000000000..e2ebe1fad --- /dev/null +++ b/wrapper/python/README.rst @@ -0,0 +1,38 @@ +wolfcrypt: the wolfSSL Crypto Engine +==================================== + + +A Python wrapper which encapsulates the wolfCrypt API inside wolfSSL library + + +**REQUIRES** [wolfSSL](https://github.com/wolfSSL/wolfssl) + + +1. Clone the repository:: + + + $ git clone git@github.com:wolfssl/wolfcrypt-py.git + + +2. Make sure that ``cffi``, ``py.test``, and ``tox`` are installed:: + + + $ pip install -r requirements-testing.txt + + +3. Run ``python setup.py install`` to build and install wolfcrypt-py:: + + + $ python setup.py install + ... + Finished processing dependencies for wolfcrypt==0.1 + + +4. Test locally with ``tox``:: + + + $ tox + ... + _________________________________ summary _________________________________ + py27: commands succeeded + congratulations :) \ No newline at end of file diff --git a/wrapper/python/requirements-testing.txt b/wrapper/python/requirements-testing.txt new file mode 100644 index 000000000..e8f289c1f --- /dev/null +++ b/wrapper/python/requirements-testing.txt @@ -0,0 +1,3 @@ +pytest>=2.9.1 +cffi>=1.5.2 +tox>=2.3.1 diff --git a/wrapper/python/setup.py b/wrapper/python/setup.py new file mode 100755 index 000000000..0dd138fff --- /dev/null +++ b/wrapper/python/setup.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import os +import sys + +from setuptools import setup, find_packages + +os.chdir(os.path.dirname(sys.argv[0]) or ".") + +setup( + name="wolfcrypt", + version="0.1", + description="A python wrapper for the wolfCrypt API", + long_description=open("README.rst", "rt").read(), + url="https://github.com/wolfssl/wolfcrypt-py", + author="Moisés Guimarães", + author_email="moises@wolfssl.com", + classifiers=[ + "Development Status :: 0 - Alpha", + "Programming Language :: Python :: 2", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: Implementation :: PyPy", + "License :: GPLv2 License :: Commercial License", + ], + packages=find_packages(), + setup_requires=["cffi>=1.5.2"], + install_requires=["cffi>=1.5.2"], + cffi_modules=["./wolfcrypt/build_ffi.py:ffi"] +) diff --git a/wrapper/python/test/test_ciphers.py b/wrapper/python/test/test_ciphers.py new file mode 100644 index 000000000..57dd2c6f2 --- /dev/null +++ b/wrapper/python/test/test_ciphers.py @@ -0,0 +1,251 @@ +# test_ciphers.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +from wolfcrypt.ciphers import * + +class TestDes3(unittest.TestCase): + key = "0123456789abcdeffedeba987654321089abcdef01234567".decode("hex") + IV = "1234567890abcdef".decode("hex") + plain = "Now is the time for all " + cipher = "43a0297ed184f80e8964843212d508981894157487127db0".decode("hex") + + + def setUp(self): + self.des3 = Des3.new(self.key, MODE_CBC, self.IV) + + + def test_raises(self): + # invalid construction + self.assertRaises(ValueError, Des3) + + # invalid key length + self.assertRaises(ValueError, Des3.new, "key", MODE_CBC, self.IV) + + # invalid mode + self.assertRaises(ValueError, Des3.new, self.key, MODE_ECB, self.IV) + + # invalid iv length + self.assertRaises(ValueError, Des3.new, self.key, MODE_CBC, "IV") + + # invalid data length + self.assertRaises(ValueError, self.des3.encrypt, "foo") + self.assertRaises(ValueError, self.des3.decrypt, "bar") + + + def test_single_encryption(self): + assert self.des3.encrypt(self.plain) == self.cipher + + + def test_multi_encryption(self): + result = "" + segments = tuple(self.plain[i:i + Des3.block_size] \ + for i in range(0, len(self.plain), Des3.block_size)) + + for segment in segments: + result += self.des3.encrypt(segment) + + assert result == self.cipher + + + def test_single_decryption(self): + assert self.des3.decrypt(self.cipher) == self.plain + + + def test_multi_decryption(self): + result = "" + segments = tuple(self.cipher[i:i + Des3.block_size] \ + for i in range(0, len(self.cipher), Des3.block_size)) + + for segment in segments: + result += self.des3.decrypt(segment) + + assert result == self.plain + + +class TestAes(unittest.TestCase): + key = "0123456789abcdef" + IV = "1234567890abcdef" + plain = "now is the time " + cipher = "959492575f4281532ccc9d4677a233cb".decode("hex") + + + def setUp(self): + self.aes = Aes.new(self.key, MODE_CBC, self.IV) + + + def test_raises(self): + # invalid construction + self.assertRaises(ValueError, Aes) + + # invalid key length + self.assertRaises(ValueError, Aes.new, "key", MODE_CBC, self.IV) + + # invalid mode + self.assertRaises(ValueError, Aes.new, self.key, MODE_ECB, self.IV) + + # invalid iv length + self.assertRaises(ValueError, Aes.new, self.key, MODE_CBC, "IV") + + # invalid data length + self.assertRaises(ValueError, self.aes.encrypt, "foo") + self.assertRaises(ValueError, self.aes.decrypt, "bar") + + + def test_single_encryption(self): + assert self.aes.encrypt(self.plain) == self.cipher + + + def test_multi_encryption(self): + result = "" + segments = tuple(self.plain[i:i + self.aes.block_size] \ + for i in range(0, len(self.plain), self.aes.block_size)) + + for segment in segments: + result += self.aes.encrypt(segment) + + assert result == self.cipher + + + def test_single_decryption(self): + assert self.aes.decrypt(self.cipher) == self.plain + + + def test_multi_decryption(self): + result = "" + segments = tuple(self.cipher[i:i + self.aes.block_size] \ + for i in range(0, len(self.cipher), self.aes.block_size)) + + for segment in segments: + result += self.aes.decrypt(segment) + + assert result == self.plain + + +class TestRsaPrivate(unittest.TestCase): + key = "3082025C02010002818100BC730EA849F374A2A9EF18A5DA559921F9C8ECB36D" \ + + "48E53535757737ECD161905F3ED9E4D5DF94CAC1A9D719DA86C9E84DC4613682" \ + + "FEABAD7E7725BB8D11A5BC623AA838CC39A20466B4F7F7F3AADA4D020EBB5E8D" \ + + "6948DC77C9280E22E96BA426BA4CE8C1FD4A6F2B1FEF8AAEF69062E5641EEB2B" \ + + "3C67C8DC2700F6916865A902030100010281801397EAE8387825A25C04CE0D40" \ + + "7C31E5C470CD9B823B5809863B665FDC3190F14FD5DB15DDDED73B9593311831" \ + + "0E5EA3D6A21A716E81481C4BCFDB8E7A866132DCFB55C1166D279224458BF1B8" \ + + "48B14B1DACDEDADD8E2FC291FBA5A96EF83A6AF1FD5018EF9FE7C3CA78EA56D3" \ + + "D3725B96DD4E064E3AC3D9BE72B66507074C01024100FA47D47A7C923C55EF81" \ + + "F041302DA3CF8F1CE6872705700DDF9835D6F18B382F24B5D084B6794F712994" \ + + "5AF0646AACE772C6ED4D59983E673AF3742CF9611769024100C0C1820D0CEBC6" \ + + "2FDC92F99D821A31E9E9F74BF282871CEE166AD11D188270F3C0B62FF6F3F71D" \ + + "F18623C84EEB8F568E8FF5BFF1F72BB5CC3DC657390C1B54410241009D7E05DE" \ + + "EDF4B7B2FBFC304B551DE32F0147966905CD0E2E2CBD8363B6AB7CB76DCA5B64" \ + + "A7CEBE86DF3B53DE61D21EEBA5F637EDACAB78D94CE755FBD71199C102401898" \ + + "1829E61E2739702168AC0A2FA172C121869538C65890A0579CBAE3A7B115C8DE" \ + + "F61BC2612376EFB09D1C44BE1343396717C89DCAFBF545648B38822CF2810240" \ + + "3989E59C195530BAB7488C48140EF49F7E779743E1B419353123759C3B44AD69" \ + + "1256EE0061641666D37C742B15B4A2FEBF086B1A5D3F9012B105863129DBD9E2" + + plain = "Everyone gets Friday off." + + + def setUp(self): + self.rsa = RsaPrivate(self.key.decode("hex")) + + + def test_raises(self): + # invalid key + self.assertRaises(KeyError, RsaPrivate, 'key') + + + def test_output_size(self): + assert self.rsa.output_size == 1024 / 8 + + + def test_encrypt_decrypt(self): + cipher = self.rsa.encrypt(self.plain) + result = self.rsa.decrypt(cipher) + + assert len(cipher) == self.rsa.output_size == 1024 / 8 + assert self.plain == result + + + def test_sign_verify(self): + signature = self.rsa.sign(self.plain) + result = self.rsa.verify(signature) + + assert len(signature) == self.rsa.output_size == 1024 / 8 + assert self.plain == result + + +class TestRsaPublic(unittest.TestCase): + prv = "3082025C02010002818100BC730EA849F374A2A9EF18A5DA559921F9C8ECB36D" \ + + "48E53535757737ECD161905F3ED9E4D5DF94CAC1A9D719DA86C9E84DC4613682" \ + + "FEABAD7E7725BB8D11A5BC623AA838CC39A20466B4F7F7F3AADA4D020EBB5E8D" \ + + "6948DC77C9280E22E96BA426BA4CE8C1FD4A6F2B1FEF8AAEF69062E5641EEB2B" \ + + "3C67C8DC2700F6916865A902030100010281801397EAE8387825A25C04CE0D40" \ + + "7C31E5C470CD9B823B5809863B665FDC3190F14FD5DB15DDDED73B9593311831" \ + + "0E5EA3D6A21A716E81481C4BCFDB8E7A866132DCFB55C1166D279224458BF1B8" \ + + "48B14B1DACDEDADD8E2FC291FBA5A96EF83A6AF1FD5018EF9FE7C3CA78EA56D3" \ + + "D3725B96DD4E064E3AC3D9BE72B66507074C01024100FA47D47A7C923C55EF81" \ + + "F041302DA3CF8F1CE6872705700DDF9835D6F18B382F24B5D084B6794F712994" \ + + "5AF0646AACE772C6ED4D59983E673AF3742CF9611769024100C0C1820D0CEBC6" \ + + "2FDC92F99D821A31E9E9F74BF282871CEE166AD11D188270F3C0B62FF6F3F71D" \ + + "F18623C84EEB8F568E8FF5BFF1F72BB5CC3DC657390C1B54410241009D7E05DE" \ + + "EDF4B7B2FBFC304B551DE32F0147966905CD0E2E2CBD8363B6AB7CB76DCA5B64" \ + + "A7CEBE86DF3B53DE61D21EEBA5F637EDACAB78D94CE755FBD71199C102401898" \ + + "1829E61E2739702168AC0A2FA172C121869538C65890A0579CBAE3A7B115C8DE" \ + + "F61BC2612376EFB09D1C44BE1343396717C89DCAFBF545648B38822CF2810240" \ + + "3989E59C195530BAB7488C48140EF49F7E779743E1B419353123759C3B44AD69" \ + + "1256EE0061641666D37C742B15B4A2FEBF086B1A5D3F9012B105863129DBD9E2" + + pub = "30819F300D06092A864886F70D010101050003818D0030818902818100BC730E" \ + + "A849F374A2A9EF18A5DA559921F9C8ECB36D48E53535757737ECD161905F3ED9" \ + + "E4D5DF94CAC1A9D719DA86C9E84DC4613682FEABAD7E7725BB8D11A5BC623AA8" \ + + "38CC39A20466B4F7F7F3AADA4D020EBB5E8D6948DC77C9280E22E96BA426BA4C" \ + + "E8C1FD4A6F2B1FEF8AAEF69062E5641EEB2B3C67C8DC2700F6916865A90203010001" + + plain = "Everyone gets Friday off." + + + def setUp(self): + self.private = RsaPrivate(self.prv.decode("hex")) + self.public = RsaPublic(self.pub.decode("hex")) + + + def test_raises(self): + # invalid key + self.assertRaises(KeyError, RsaPublic, 'key') + + + def test_output_size(self): + assert self.public.output_size == 1024 / 8 + + + def test_encrypt_decrypt(self): + cipher = self.public.encrypt(self.plain) + result = self.private.decrypt(cipher) + + assert len(cipher) == self.public.output_size == 1024 / 8 + assert self.plain == result + + + def test_sign_verify(self): + signature = self.private.sign(self.plain) + result = self.public.verify(signature) + + assert len(signature) == self.public.output_size == 1024 / 8 + assert self.plain == result diff --git a/wrapper/python/test/test_hashes.py b/wrapper/python/test/test_hashes.py new file mode 100644 index 000000000..5ed245462 --- /dev/null +++ b/wrapper/python/test/test_hashes.py @@ -0,0 +1,388 @@ +# test_hashes.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +from wolfcrypt.hashes import * + + +class TestSha(unittest.TestCase): + digest = "1b6182d68ae91ce0853bd9c6b6edfedd4b6a510d" + + + def setUp(self): + self.hash = Sha.new() + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, Sha) + + # update inside constructor + assert Sha.new("wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestSha256(unittest.TestCase): + digest = "96e02e7b1cbcd6f104fe1fdb4652027a5505b68652b70095c6318f9dce0d1844" + + + def setUp(self): + self.hash = Sha256.new() + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, Sha256) + + # update inside constructor + assert Sha256.new("wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestSha384(unittest.TestCase): + digest = "4c79d80531203a16f91bee325f18c6aada47f9382fe44fc1" \ + + "1f92917837e9b7902f5dccb7d3656f667a1dce3460bc884b" + + + def setUp(self): + self.hash = Sha384.new() + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, Sha384) + + # update inside constructor + assert Sha384.new("wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestSha512(unittest.TestCase): + digest = "88fcf67ffd8558d713f9cedcd852db479e6573f0bd9955610a993f609637553c"\ + + "e8fff55e644ee8a106aae19c07f91b3f2a2a6d40dfa7302c0fa6a1a9a5bfa03f" + + + def setUp(self): + self.hash = Sha512.new() + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, Sha512) + + # update inside constructor + assert Sha512.new("wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +_HMAC_KEY = "python" + + +class TestHmacSha(unittest.TestCase): + digest = "5dfabcfb3a25540824867cd21f065f52f73491e0" + + + def setUp(self): + self.hash = HmacSha.new(_HMAC_KEY) + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, HmacSha) + + # update inside constructor + assert HmacSha.new(_HMAC_KEY, "wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestHmacSha256(unittest.TestCase): + digest = "4b641d721493d80f019d9447830ebfee89234a7d594378b89f8bb73873576bf6" + + + def setUp(self): + self.hash = HmacSha256.new(_HMAC_KEY) + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, HmacSha256) + + # update inside constructor + assert HmacSha256.new(_HMAC_KEY, "wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestHmacSha384(unittest.TestCase): + digest = "e72c72070c9c5c78e3286593068a510c1740cdf9dc34b512" \ + + "ccec97320295db1fe673216b46fe72e81f399a9ec04780ab" + + + def setUp(self): + self.hash = HmacSha384.new(_HMAC_KEY) + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, HmacSha384) + + # update inside constructor + assert HmacSha384.new(_HMAC_KEY, "wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest + + +class TestHmacSha512(unittest.TestCase): + digest = "c7f48db79314fc2b5be9a93fd58601a1bf42f397ec7f66dba034d44503890e6b"\ + + "5708242dcd71a248a78162d815c685f6038a4ac8cb34b8bf18986dbd300c9b41" + + + def setUp(self): + self.hash = HmacSha512.new(_HMAC_KEY) + + + def test_new(self): + # invalid construction + self.assertRaises(ValueError, HmacSha512) + + # update inside constructor + assert HmacSha512.new(_HMAC_KEY, "wolfcrypt").hexdigest() == self.digest + + + def test_hash_update_001(self): + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_update_002(self): + self.hash.update("wolf") + self.hash.update("crypt") + + assert self.hash.hexdigest() == self.digest + assert self.hash.digest() == self.digest.decode("hex") + + + def test_hash_copy(self): + copy = self.hash.copy() + + assert self.hash.hexdigest() == copy.hexdigest() + + self.hash.update("wolfcrypt") + + assert self.hash.hexdigest() != copy.hexdigest() + + copy.update("wolfcrypt") + + assert self.hash.hexdigest() == copy.hexdigest() == self.digest diff --git a/wrapper/python/test/test_random.py b/wrapper/python/test/test_random.py new file mode 100644 index 000000000..7c5456480 --- /dev/null +++ b/wrapper/python/test/test_random.py @@ -0,0 +1,38 @@ +# test_random.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import unittest +from wolfcrypt.random import * + + +class TestRandom(unittest.TestCase): + + + def setUp(self): + self.random = Random() + + + def test_byte(self): + assert len(self.random.byte()) == 1 + + + def test_bytes(self): + assert len(self.random.bytes(1)) == 1 + assert len(self.random.bytes(10)) == 10 + assert len(self.random.bytes(100)) == 100 diff --git a/wrapper/python/tox.ini b/wrapper/python/tox.ini new file mode 100644 index 000000000..c8778e414 --- /dev/null +++ b/wrapper/python/tox.ini @@ -0,0 +1,6 @@ +[tox] +envlist=py27 + +[testenv] +deps=-rrequirements-testing.txt +commands=py.test test/ diff --git a/wrapper/python/wolfcrypt/__init__.py b/wrapper/python/wolfcrypt/__init__.py new file mode 100644 index 000000000..498cd8902 --- /dev/null +++ b/wrapper/python/wolfcrypt/__init__.py @@ -0,0 +1,21 @@ +# WolfCrypt +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +# dummy file diff --git a/wrapper/python/wolfcrypt/build_ffi.py b/wrapper/python/wolfcrypt/build_ffi.py new file mode 100644 index 000000000..7d876751d --- /dev/null +++ b/wrapper/python/wolfcrypt/build_ffi.py @@ -0,0 +1,133 @@ +# build_random.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +import os + +from cffi import FFI + +ffi = FFI() + +ffi.set_source("wolfcrypt._ffi", + """ + #include + + #include + #include + #include + + #include + + #include + #include + #include + + #include + + #include + """, + include_dirs=["/usr/local/include"], + library_dirs=["/usr/local/lib"], + libraries=["wolfssl"], +) + +ffi.cdef( +""" + + typedef unsigned char byte; + typedef unsigned int word32; + + typedef struct { ...; } Sha; + + int wc_InitSha(Sha*); + int wc_ShaUpdate(Sha*, const byte*, word32); + int wc_ShaFinal(Sha*, byte*); + + + typedef struct { ...; } Sha256; + + int wc_InitSha256(Sha256*); + int wc_Sha256Update(Sha256*, const byte*, word32); + int wc_Sha256Final(Sha256*, byte*); + + + typedef struct { ...; } Sha384; + + int wc_InitSha384(Sha384*); + int wc_Sha384Update(Sha384*, const byte*, word32); + int wc_Sha384Final(Sha384*, byte*); + + + typedef struct { ...; } Sha512; + + int wc_InitSha512(Sha512*); + int wc_Sha512Update(Sha512*, const byte*, word32); + int wc_Sha512Final(Sha512*, byte*); + + + typedef struct { ...; } Hmac; + + int wc_HmacSetKey(Hmac*, int, const byte*, word32); + int wc_HmacUpdate(Hmac*, const byte*, word32); + int wc_HmacFinal(Hmac*, byte*); + + + typedef struct { ...; } Aes; + + int wc_AesSetKey(Aes*, const byte*, word32, const byte*, int); + int wc_AesCbcEncrypt(Aes*, byte*, const byte*, word32); + int wc_AesCbcDecrypt(Aes*, byte*, const byte*, word32); + + + typedef struct { ...; } Des3; + + int wc_Des3_SetKey(Des3*, const byte*, const byte*, int); + int wc_Des3_CbcEncrypt(Des3*, byte*, const byte*, word32); + int wc_Des3_CbcDecrypt(Des3*, byte*, const byte*, word32); + + + typedef struct { ...; } WC_RNG; + + int wc_InitRng(WC_RNG*); + int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32); + int wc_RNG_GenerateByte(WC_RNG*, byte*); + int wc_FreeRng(WC_RNG*); + + + typedef struct {...; } RsaKey; + + int wc_InitRsaKey(RsaKey* key, void*); + int wc_FreeRsaKey(RsaKey* key); + + int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32); + int wc_RsaPublicKeyDecode(const byte*, word32*, RsaKey*, word32); + int wc_RsaEncryptSize(RsaKey*); + + int wc_RsaPrivateDecrypt(const byte*, word32, byte*, word32, + RsaKey* key); + int wc_RsaPublicEncrypt(const byte*, word32, byte*, word32, + RsaKey*, WC_RNG*); + + int wc_RsaSSL_Sign(const byte*, word32, byte*, word32, RsaKey*, WC_RNG*); + int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*); + +""" +) + +if __name__ == "__main__": + ffi.compile(verbose=1) diff --git a/wrapper/python/wolfcrypt/ciphers.py b/wrapper/python/wolfcrypt/ciphers.py new file mode 100644 index 000000000..2aa69728c --- /dev/null +++ b/wrapper/python/wolfcrypt/ciphers.py @@ -0,0 +1,252 @@ +# ciphers.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +from wolfcrypt._ffi import ffi as _ffi +from wolfcrypt._ffi import lib as _lib +from wolfcrypt.random import Random + + +# key direction flags +_ENCRYPTION = 0 +_DECRYPTION = 1 + + +# feedback modes +MODE_ECB = 1 # Electronic Code Book +MODE_CBC = 2 # Cipher Block Chaining +MODE_CFB = 3 # Cipher Feedback +MODE_OFB = 5 # Output Feedback +MODE_CTR = 6 # Counter + +_FEEDBACK_MODES = [MODE_ECB, MODE_CBC, MODE_CFB, MODE_OFB, MODE_CTR] + + +class _Cipher(object): + # Magic object that protects against constructors. + _JAPANESE_CYBER_SWORD = object() + + + def __init__(self, token=""): + if token is not self._JAPANESE_CYBER_SWORD: + # PEP 272 -- API for Block Encryption Algorithms v1.0 + raise ValueError("don't construct directly, use new([string])") + + + @classmethod + def new(cls, key, mode, IV=None, **kwargs): + if mode not in _FEEDBACK_MODES: + raise ValueError("this mode is not supported") + if mode != MODE_CBC: + raise ValueError("this mode is not supported by this cipher") + + self = cls(_Cipher._JAPANESE_CYBER_SWORD) + + if self.key_size: + if self.key_size != len(key): + raise ValueError("key must be %d in length" % self.key_size) + elif self._key_sizes: + if len(key) not in self._key_sizes: + raise ValueError("key must be %s in length" % self._key_sizes) + else: + if not len(key): + raise ValueError("key must not be 0 in length") + + if IV is not None and len(IV) != self.block_size: + raise ValueError("IV must be %d in length" % self.block_size) + + self._native_object = _ffi.new(self._native_type) + + self._enc = None + self._dec = None + self._key = key + self._IV = IV if IV else "\0" * self.block_size + + return self + + + def encrypt(self, string): + if not string or len(string) % self.block_size: + raise ValueError( + "string must be a multiple of %d in length" % self.block_size) + + if self._enc is None: + self._enc = _ffi.new(self._native_type) + self._set_key(_ENCRYPTION) + + result = "\0" * len(string) + self._encrypt(result, string) + + return result + + + def decrypt(self, string): + if not string or len(string) % self.block_size: + raise ValueError( + "string must be a multiple of %d in length" % self.block_size) + + if self._dec is None: + self._dec = _ffi.new(self._native_type) + self._set_key(_DECRYPTION) + + result = "\0" * len(string) + self._decrypt(result, string) + + return result + + +class Aes(_Cipher): + block_size = 16 + key_size = None # 16, 24, 32 + _key_sizes = [16, 24, 32] + _native_type = "Aes *" + + + def _set_key(self, direction): + if direction == _ENCRYPTION: + _lib.wc_AesSetKey( + self._enc, self._key, len(self._key), self._IV, _ENCRYPTION) + else: + _lib.wc_AesSetKey( + self._dec, self._key, len(self._key), self._IV, _DECRYPTION) + + + def _encrypt(self, destination, source): + _lib.wc_AesCbcEncrypt(self._enc, destination, source, len(source)) + + + def _decrypt(self, destination, source): + _lib.wc_AesCbcDecrypt(self._dec, destination, source, len(source)) + + +class Des3(_Cipher): + block_size = 8 + key_size = 24 + _native_type = "Des3 *" + + + def _set_key(self, direction): + if direction == _ENCRYPTION: + _lib.wc_Des3_SetKey(self._enc, self._key, self._IV, _ENCRYPTION) + else: + _lib.wc_Des3_SetKey(self._dec, self._key, self._IV, _DECRYPTION) + + + def _encrypt(self, destination, source): + _lib.wc_Des3_CbcEncrypt(self._enc, destination, source, len(source)) + + + def _decrypt(self, destination, source): + _lib.wc_Des3_CbcDecrypt(self._dec, destination, source, len(source)) + + +class _Rsa(object): + def __init__(self): + self.native_object = _ffi.new("RsaKey *") + if _lib.wc_InitRsaKey(self.native_object, _ffi.NULL) != 0: + raise KeyError + + self._random = Random() + + + def __del__(self): + if self.native_object: + _lib.wc_FreeRsaKey(self.native_object) + + +class RsaPublic(_Rsa): + def __init__(self, key): + _Rsa.__init__(self) + + idx = _ffi.new("word32*") + idx[0] = 0 + + if _lib.wc_RsaPublicKeyDecode(key, idx, self.native_object, len(key)): + raise KeyError + + self.output_size = _lib.wc_RsaEncryptSize(self.native_object) + + if self.output_size <= 0: + raise KeyError + + + def encrypt(self, plaintext): + ciphertext = "\0" * self.output_size + + ret = _lib.wc_RsaPublicEncrypt(plaintext, len(plaintext), + ciphertext, len(ciphertext), + self.native_object, + self._random.native_object) + + if ret != self.output_size: + raise KeyError + + return ciphertext + + + def verify(self, signature): + plaintext = "\0" * self.output_size + + ret = _lib.wc_RsaSSL_Verify(signature, len(signature), + plaintext, len(plaintext), + self.native_object) + + if ret < 0: + raise KeyError + + return plaintext[:ret] + + +class RsaPrivate(RsaPublic): + def __init__(self, key): + _Rsa.__init__(self) + + idx = _ffi.new("word32*") + idx[0] = 0 + + if _lib.wc_RsaPrivateKeyDecode(key, idx, self.native_object, len(key)): + raise KeyError + + self.output_size = _lib.wc_RsaEncryptSize(self.native_object) + + + def decrypt(self, ciphertext): + plaintext = "\0" * self.output_size + + ret = _lib.wc_RsaPrivateDecrypt(ciphertext, len(ciphertext), + plaintext, len(plaintext), + self.native_object) + + if ret < 0: + raise KeyError + + return plaintext[:ret] + + + def sign(self, plaintext): + signature = "\0" * self.output_size + + ret = _lib.wc_RsaSSL_Sign(plaintext, len(plaintext), + signature, len(signature), + self.native_object, + self._random.native_object) + + if ret != self.output_size: + raise KeyError + + return signature diff --git a/wrapper/python/wolfcrypt/hashes.py b/wrapper/python/wolfcrypt/hashes.py new file mode 100644 index 000000000..18c0b54b3 --- /dev/null +++ b/wrapper/python/wolfcrypt/hashes.py @@ -0,0 +1,210 @@ +# hashes.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +from wolfcrypt._ffi import ffi as _ffi +from wolfcrypt._ffi import lib as _lib + + +class _Hash(object): + # Magic object that protects against constructors. + _JAPANESE_CYBER_SWORD = object() + + + def __init__(self, token=""): + if token is not self._JAPANESE_CYBER_SWORD: + # PEP 247 -- API for Cryptographic Hash Functions + raise ValueError("don't construct directly, use new([string])") + + + @classmethod + def new(cls, string=None): + self = cls(cls._JAPANESE_CYBER_SWORD) + + self._native_object = _ffi.new(self._native_type) + + self._init() + + if (string): + self._update(string) + + return self + + + def copy(self): + copy = self.new("") + + _ffi.memmove(copy._native_object, + self._native_object, + self._native_size) + + return copy + + + def update(self, string): + self._update(string) + + + def digest(self): + ret = "\0" * self.digest_size + + if self._native_object: + obj = _ffi.new(self._native_type) + + _ffi.memmove(obj, self._native_object, self._native_size) + + self._final(obj, ret) + + return ret + + + def hexdigest(self): + return self.digest().encode("hex") + + +class Sha(_Hash): + digest_size = 20 + _native_type = "Sha *" + _native_size = _ffi.sizeof("Sha") + + + def _init(self): + _lib.wc_InitSha(self._native_object) + + + def _update(self, data): + _lib.wc_ShaUpdate(self._native_object, data, len(data)) + + + def _final(self, obj, ret): + _lib.wc_ShaFinal(obj, ret) + + +class Sha256(_Hash): + digest_size = 32 + _native_type = "Sha256 *" + _native_size = _ffi.sizeof("Sha256") + + + def _init(self): + _lib.wc_InitSha256(self._native_object) + + + def _update(self, data): + _lib.wc_Sha256Update(self._native_object, data, len(data)) + + + def _final(self, obj, ret): + _lib.wc_Sha256Final(obj, ret) + + +class Sha384(_Hash): + digest_size = 48 + _native_type = "Sha384 *" + _native_size = _ffi.sizeof("Sha384") + + + def _init(self): + _lib.wc_InitSha384(self._native_object) + + + def _update(self, data): + _lib.wc_Sha384Update(self._native_object, data, len(data)) + + + def _final(self, obj, ret): + _lib.wc_Sha384Final(obj, ret) + + +class Sha512(_Hash): + digest_size = 64 + _native_type = "Sha512 *" + _native_size = _ffi.sizeof("Sha512") + + + def _init(self): + _lib.wc_InitSha512(self._native_object) + + + def _update(self, data): + _lib.wc_Sha512Update(self._native_object, data, len(data)) + + + def _final(self, obj, ret): + _lib.wc_Sha512Final(obj, ret) + + +# Hmac types + +_TYPE_SHA = 1 +_TYPE_SHA256 = 2 +_TYPE_SHA384 = 5 +_TYPE_SHA512 = 4 +_HMAC_TYPES = [_TYPE_SHA, _TYPE_SHA256, _TYPE_SHA384, _TYPE_SHA512] + + +class _Hmac(_Hash): + digest_size = None + _native_type = "Hmac *" + _native_size = _ffi.sizeof("Hmac") + + + @classmethod + def new(cls, key, string=None): + self = cls(cls._JAPANESE_CYBER_SWORD) + + self._native_object = _ffi.new(self._native_type) + + self._init(self._type, key) + + if (string): + self._update(string) + + return self + + + def _init(self, type, key): + _lib.wc_HmacSetKey(self._native_object, type, key, len(key)) + + + def _update(self, data): + _lib.wc_HmacUpdate(self._native_object, data, len(data)) + + + def _final(self, obj, ret): + _lib.wc_HmacFinal(obj, ret) + + +class HmacSha(_Hmac): + _type = _TYPE_SHA + digest_size = Sha.digest_size + + +class HmacSha256(_Hmac): + _type = _TYPE_SHA256 + digest_size = Sha256.digest_size + + +class HmacSha384(_Hmac): + _type = _TYPE_SHA384 + digest_size = Sha384.digest_size + + +class HmacSha512(_Hmac): + _type = _TYPE_SHA512 + digest_size = Sha512.digest_size diff --git a/wrapper/python/wolfcrypt/random.py b/wrapper/python/wolfcrypt/random.py new file mode 100644 index 000000000..047b75856 --- /dev/null +++ b/wrapper/python/wolfcrypt/random.py @@ -0,0 +1,49 @@ +# random.py +# +# Copyright (C) 2006-2016 wolfSSL Inc. +# +# This file is part of wolfSSL. (formerly known as CyaSSL) +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +from wolfcrypt._ffi import ffi as _ffi +from wolfcrypt._ffi import lib as _lib + + +class Random(object): + def __init__(self): + self.native_object = _ffi.new("WC_RNG *") + if _lib.wc_InitRng(self.native_object) != 0: + self.native_object = None + + + def __del__(self): + if self.native_object: + _lib.wc_FreeRng(self.native_object) + + + def byte(self): + ret = "\0" + + _lib.wc_RNG_GenerateByte(self.native_object, ret) + + return ret + + + def bytes(self, length): + ret = "\0" * length + + _lib.wc_RNG_GenerateBlock(self.native_object, ret, length) + + return ret