mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 07:30:55 +02:00
moves wolfcrypt-py implementation to wrapper/python/wolfcrypt
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
# __about__.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
|
||||
metadata = dict(
|
||||
__name__ = "wolfcrypt",
|
||||
__version__ = "0.1.9",
|
||||
__license__ = "GPLv2 or Commercial License",
|
||||
__author__ = "wolfSSL Inc.",
|
||||
__author_email__ = "info@wolfssl.com",
|
||||
__url__ = "https://wolfssl.github.io/wolfcrypt-py",
|
||||
__description__ = \
|
||||
u"A Python library that encapsulates wolfSSL's wolfCrypt API.",
|
||||
__keywords__ = "security, cryptography, ssl, embedded, embedded ssl",
|
||||
__classifiers__ = [
|
||||
u"License :: OSI Approved :: GNU General Public License v2 (GPLv2)",
|
||||
u"License :: Other/Proprietary License",
|
||||
u"Operating System :: OS Independent",
|
||||
u"Programming Language :: Python :: 2.7",
|
||||
u"Programming Language :: Python :: 3.5",
|
||||
u"Topic :: Security",
|
||||
u"Topic :: Security :: Cryptography",
|
||||
u"Topic :: Software Development"
|
||||
]
|
||||
)
|
||||
|
||||
globals().update(metadata)
|
||||
|
||||
__all__ = list(metadata.keys())
|
||||
@@ -0,0 +1,21 @@
|
||||
# __init__.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
|
||||
from .__about__ import *
|
||||
@@ -0,0 +1,133 @@
|
||||
# build_ffi.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
import os
|
||||
|
||||
from cffi import FFI
|
||||
|
||||
ffi = FFI()
|
||||
|
||||
ffi.set_source("wolfcrypt._ffi",
|
||||
"""
|
||||
#include <wolfssl/options.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha.h>
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#include <wolfssl/wolfcrypt/sha512.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#include <wolfssl/wolfcrypt/des3.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
""",
|
||||
include_dirs=["/usr/local/include"],
|
||||
library_dirs=["/usr/local/lib"],
|
||||
libraries=["wolfssl"],
|
||||
)
|
||||
|
||||
ffi.cdef(
|
||||
"""
|
||||
|
||||
typedef unsigned char byte;
|
||||
typedef unsigned int word32;
|
||||
|
||||
typedef struct { ...; } Sha;
|
||||
|
||||
int wc_InitSha(Sha*);
|
||||
int wc_ShaUpdate(Sha*, const byte*, word32);
|
||||
int wc_ShaFinal(Sha*, byte*);
|
||||
|
||||
|
||||
typedef struct { ...; } Sha256;
|
||||
|
||||
int wc_InitSha256(Sha256*);
|
||||
int wc_Sha256Update(Sha256*, const byte*, word32);
|
||||
int wc_Sha256Final(Sha256*, byte*);
|
||||
|
||||
|
||||
typedef struct { ...; } Sha384;
|
||||
|
||||
int wc_InitSha384(Sha384*);
|
||||
int wc_Sha384Update(Sha384*, const byte*, word32);
|
||||
int wc_Sha384Final(Sha384*, byte*);
|
||||
|
||||
|
||||
typedef struct { ...; } Sha512;
|
||||
|
||||
int wc_InitSha512(Sha512*);
|
||||
int wc_Sha512Update(Sha512*, const byte*, word32);
|
||||
int wc_Sha512Final(Sha512*, byte*);
|
||||
|
||||
|
||||
typedef struct { ...; } Hmac;
|
||||
|
||||
int wc_HmacSetKey(Hmac*, int, const byte*, word32);
|
||||
int wc_HmacUpdate(Hmac*, const byte*, word32);
|
||||
int wc_HmacFinal(Hmac*, byte*);
|
||||
|
||||
|
||||
typedef struct { ...; } Aes;
|
||||
|
||||
int wc_AesSetKey(Aes*, const byte*, word32, const byte*, int);
|
||||
int wc_AesCbcEncrypt(Aes*, byte*, const byte*, word32);
|
||||
int wc_AesCbcDecrypt(Aes*, byte*, const byte*, word32);
|
||||
|
||||
|
||||
typedef struct { ...; } Des3;
|
||||
|
||||
int wc_Des3_SetKey(Des3*, const byte*, const byte*, int);
|
||||
int wc_Des3_CbcEncrypt(Des3*, byte*, const byte*, word32);
|
||||
int wc_Des3_CbcDecrypt(Des3*, byte*, const byte*, word32);
|
||||
|
||||
|
||||
typedef struct { ...; } WC_RNG;
|
||||
|
||||
int wc_InitRng(WC_RNG*);
|
||||
int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32);
|
||||
int wc_RNG_GenerateByte(WC_RNG*, byte*);
|
||||
int wc_FreeRng(WC_RNG*);
|
||||
|
||||
|
||||
typedef struct {...; } RsaKey;
|
||||
|
||||
int wc_InitRsaKey(RsaKey* key, void*);
|
||||
int wc_FreeRsaKey(RsaKey* key);
|
||||
|
||||
int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32);
|
||||
int wc_RsaPublicKeyDecode(const byte*, word32*, RsaKey*, word32);
|
||||
int wc_RsaEncryptSize(RsaKey*);
|
||||
|
||||
int wc_RsaPrivateDecrypt(const byte*, word32, byte*, word32,
|
||||
RsaKey* key);
|
||||
int wc_RsaPublicEncrypt(const byte*, word32, byte*, word32,
|
||||
RsaKey*, WC_RNG*);
|
||||
|
||||
int wc_RsaSSL_Sign(const byte*, word32, byte*, word32, RsaKey*, WC_RNG*);
|
||||
int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*);
|
||||
|
||||
"""
|
||||
)
|
||||
|
||||
if __name__ == "__main__":
|
||||
ffi.compile(verbose=1)
|
||||
@@ -0,0 +1,349 @@
|
||||
# ciphers.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
from wolfcrypt._ffi import ffi as _ffi
|
||||
from wolfcrypt._ffi import lib as _lib
|
||||
from wolfcrypt.utils import t2b
|
||||
from wolfcrypt.random import Random
|
||||
|
||||
from wolfcrypt.exceptions import *
|
||||
|
||||
|
||||
# key direction flags
|
||||
_ENCRYPTION = 0
|
||||
_DECRYPTION = 1
|
||||
|
||||
|
||||
# feedback modes
|
||||
MODE_ECB = 1 # Electronic Code Book
|
||||
MODE_CBC = 2 # Cipher Block Chaining
|
||||
MODE_CFB = 3 # Cipher Feedback
|
||||
MODE_OFB = 5 # Output Feedback
|
||||
MODE_CTR = 6 # Counter
|
||||
|
||||
_FEEDBACK_MODES = [MODE_ECB, MODE_CBC, MODE_CFB, MODE_OFB, MODE_CTR]
|
||||
|
||||
|
||||
class _Cipher(object):
|
||||
"""
|
||||
A **PEP 272: Block Encryption Algorithms** compliant
|
||||
**Symmetric Key Cipher**.
|
||||
"""
|
||||
def __init__(self, key, mode, IV=None):
|
||||
if mode not in _FEEDBACK_MODES:
|
||||
raise ValueError("this mode is not supported")
|
||||
|
||||
if mode == MODE_CBC:
|
||||
if IV is None:
|
||||
raise ValueError("this mode requires an 'IV' string")
|
||||
else:
|
||||
raise ValueError("this mode is not supported by this cipher")
|
||||
|
||||
if self.key_size:
|
||||
if self.key_size != len(key):
|
||||
raise ValueError("key must be %d in length" % self.key_size)
|
||||
elif self._key_sizes:
|
||||
if len(key) not in self._key_sizes:
|
||||
raise ValueError("key must be %s in length" % self._key_sizes)
|
||||
else:
|
||||
if not len(key):
|
||||
raise ValueError("key must not be 0 in length")
|
||||
|
||||
if IV is not None and len(IV) != self.block_size:
|
||||
raise ValueError("IV must be %d in length" % self.block_size)
|
||||
|
||||
self._native_object = _ffi.new(self._native_type)
|
||||
self._enc = None
|
||||
self._dec = None
|
||||
self._key = t2b(key)
|
||||
|
||||
if IV:
|
||||
self._IV = t2b(IV)
|
||||
else:
|
||||
self._IV = t2b("\0" * self.block_size)
|
||||
|
||||
|
||||
@classmethod
|
||||
def new(cls, key, mode, IV=None, **kwargs):
|
||||
"""
|
||||
Returns a ciphering object, using the secret key contained in
|
||||
the string **key**, and using the feedback mode **mode**, which
|
||||
must be one of MODE_* defined in this module.
|
||||
|
||||
If **mode** is MODE_CBC or MODE_CFB, **IV** must be provided and
|
||||
must be a string of the same length as the block size. Not
|
||||
providing a value of **IV** will result in a ValueError exception
|
||||
being raised.
|
||||
"""
|
||||
return cls(key, mode, IV)
|
||||
|
||||
|
||||
def encrypt(self, string):
|
||||
"""
|
||||
Encrypts a non-empty string, using the key-dependent data in
|
||||
the object, and with the appropriate feedback mode. The
|
||||
string's length must be an exact multiple of the algorithm's
|
||||
block size or, in CFB mode, of the segment size. Returns a
|
||||
string containing the ciphertext.
|
||||
"""
|
||||
string = t2b(string)
|
||||
|
||||
if not string or len(string) % self.block_size:
|
||||
raise ValueError(
|
||||
"string must be a multiple of %d in length" % self.block_size)
|
||||
|
||||
if self._enc is None:
|
||||
self._enc = _ffi.new(self._native_type)
|
||||
ret = self._set_key(_ENCRYPTION)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % ret)
|
||||
|
||||
result = t2b("\0" * len(string))
|
||||
ret = self._encrypt(result, string)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Encryption error (%d)" % ret)
|
||||
|
||||
return result
|
||||
|
||||
|
||||
def decrypt(self, string):
|
||||
"""
|
||||
Decrypts **string**, using the key-dependent data in the
|
||||
object and with the appropriate feedback mode. The string's
|
||||
length must be an exact multiple of the algorithm's block
|
||||
size or, in CFB mode, of the segment size. Returns a string
|
||||
containing the plaintext.
|
||||
"""
|
||||
string = t2b(string)
|
||||
|
||||
if not string or len(string) % self.block_size:
|
||||
raise ValueError(
|
||||
"string must be a multiple of %d in length" % self.block_size)
|
||||
|
||||
if self._dec is None:
|
||||
self._dec = _ffi.new(self._native_type)
|
||||
ret = self._set_key(_DECRYPTION)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % ret)
|
||||
|
||||
result = t2b("\0" * len(string))
|
||||
ret = self._decrypt(result, string)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Decryption error (%d)" % ret)
|
||||
|
||||
return result
|
||||
|
||||
|
||||
class Aes(_Cipher):
|
||||
"""
|
||||
The **Advanced Encryption Standard** (AES), a.k.a. Rijndael, is
|
||||
a symmetric-key cipher standardized by **NIST**.
|
||||
"""
|
||||
block_size = 16
|
||||
key_size = None # 16, 24, 32
|
||||
_key_sizes = [16, 24, 32]
|
||||
_native_type = "Aes *"
|
||||
|
||||
|
||||
def _set_key(self, direction):
|
||||
if direction == _ENCRYPTION:
|
||||
return _lib.wc_AesSetKey(
|
||||
self._enc, self._key, len(self._key), self._IV, _ENCRYPTION)
|
||||
else:
|
||||
return _lib.wc_AesSetKey(
|
||||
self._dec, self._key, len(self._key), self._IV, _DECRYPTION)
|
||||
|
||||
|
||||
def _encrypt(self, destination, source):
|
||||
return _lib.wc_AesCbcEncrypt(self._enc, destination, source,len(source))
|
||||
|
||||
|
||||
def _decrypt(self, destination, source):
|
||||
return _lib.wc_AesCbcDecrypt(self._dec, destination, source,len(source))
|
||||
|
||||
|
||||
class Des3(_Cipher):
|
||||
"""
|
||||
**Triple DES** (3DES) is the common name for the **Triple Data
|
||||
Encryption Algorithm** (TDEA or Triple DEA) symmetric-key block
|
||||
cipher, which applies the **Data Encryption Standard** (DES)
|
||||
cipher algorithm three times to each data block.
|
||||
"""
|
||||
block_size = 8
|
||||
key_size = 24
|
||||
_native_type = "Des3 *"
|
||||
|
||||
|
||||
def _set_key(self, direction):
|
||||
if direction == _ENCRYPTION:
|
||||
return _lib.wc_Des3_SetKey(self._enc,self._key,self._IV,_ENCRYPTION)
|
||||
else:
|
||||
return _lib.wc_Des3_SetKey(self._dec,self._key,self._IV,_DECRYPTION)
|
||||
|
||||
|
||||
def _encrypt(self, destination, source):
|
||||
return _lib.wc_Des3_CbcEncrypt(self._enc,destination,source,len(source))
|
||||
|
||||
|
||||
def _decrypt(self, destination, source):
|
||||
return _lib.wc_Des3_CbcDecrypt(self._dec,destination,source,len(source))
|
||||
|
||||
|
||||
class _Rsa(object):
|
||||
RSA_MIN_PAD_SIZE = 11
|
||||
|
||||
def __init__(self):
|
||||
self.native_object = _ffi.new("RsaKey *")
|
||||
ret = _lib.wc_InitRsaKey(self.native_object, _ffi.NULL)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % ret)
|
||||
|
||||
self._random = Random()
|
||||
|
||||
|
||||
def __del__(self):
|
||||
if self.native_object:
|
||||
_lib.wc_FreeRsaKey(self.native_object)
|
||||
|
||||
|
||||
class RsaPublic(_Rsa):
|
||||
def __init__(self, key):
|
||||
key = t2b(key)
|
||||
|
||||
_Rsa.__init__(self)
|
||||
|
||||
idx = _ffi.new("word32*")
|
||||
idx[0] = 0
|
||||
|
||||
ret = _lib.wc_RsaPublicKeyDecode(key, idx, self.native_object, len(key))
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % ret)
|
||||
|
||||
self.output_size = _lib.wc_RsaEncryptSize(self.native_object)
|
||||
if self.output_size <= 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % self.output_size)
|
||||
|
||||
|
||||
def encrypt(self, plaintext):
|
||||
"""
|
||||
Encrypts **plaintext**, using the public key data in the
|
||||
object. The plaintext's length must not be greater than:
|
||||
|
||||
**self.output_size - self.RSA_MIN_PAD_SIZE**
|
||||
|
||||
Returns a string containing the ciphertext.
|
||||
"""
|
||||
|
||||
plaintext = t2b(plaintext)
|
||||
ciphertext = t2b("\0" * self.output_size)
|
||||
|
||||
ret = _lib.wc_RsaPublicEncrypt(plaintext, len(plaintext),
|
||||
ciphertext, len(ciphertext),
|
||||
self.native_object,
|
||||
self._random.native_object)
|
||||
|
||||
if ret != self.output_size:
|
||||
raise WolfCryptError("Encryption error (%d)" % ret)
|
||||
|
||||
return ciphertext
|
||||
|
||||
|
||||
def verify(self, signature):
|
||||
"""
|
||||
Verifies **signature**, using the public key data in the
|
||||
object. The signature's length must be equal to:
|
||||
|
||||
**self.output_size**
|
||||
|
||||
Returns a string containing the plaintext.
|
||||
"""
|
||||
signature = t2b(signature)
|
||||
plaintext = t2b("\0" * self.output_size)
|
||||
|
||||
ret = _lib.wc_RsaSSL_Verify(signature, len(signature),
|
||||
plaintext, len(plaintext),
|
||||
self.native_object)
|
||||
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Verify error (%d)" % ret)
|
||||
|
||||
return plaintext[:ret]
|
||||
|
||||
|
||||
class RsaPrivate(RsaPublic):
|
||||
def __init__(self, key):
|
||||
key = t2b(key)
|
||||
|
||||
_Rsa.__init__(self)
|
||||
|
||||
idx = _ffi.new("word32*")
|
||||
idx[0] = 0
|
||||
|
||||
ret = _lib.wc_RsaPrivateKeyDecode(key, idx, self.native_object,len(key))
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % ret)
|
||||
|
||||
self.output_size = _lib.wc_RsaEncryptSize(self.native_object)
|
||||
if self.output_size <= 0:
|
||||
raise WolfCryptError("Invalid key error (%d)" % self.output_size)
|
||||
|
||||
|
||||
def decrypt(self, ciphertext):
|
||||
"""
|
||||
Decrypts **ciphertext**, using the private key data in the
|
||||
object. The ciphertext's length must be equal to:
|
||||
|
||||
**self.output_size**
|
||||
|
||||
Returns a string containing the plaintext.
|
||||
"""
|
||||
ciphertext = t2b(ciphertext)
|
||||
plaintext = t2b("\0" * self.output_size)
|
||||
|
||||
ret = _lib.wc_RsaPrivateDecrypt(ciphertext, len(ciphertext),
|
||||
plaintext, len(plaintext),
|
||||
self.native_object)
|
||||
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Decryption error (%d)" % ret)
|
||||
|
||||
return plaintext[:ret]
|
||||
|
||||
|
||||
def sign(self, plaintext):
|
||||
"""
|
||||
Signs **plaintext**, using the private key data in the object.
|
||||
The plaintext's length must not be greater than:
|
||||
|
||||
**self.output_size - self.RSA_MIN_PAD_SIZE**
|
||||
|
||||
Returns a string containing the signature.
|
||||
"""
|
||||
plaintext = t2b(plaintext)
|
||||
signature = t2b("\0" * self.output_size)
|
||||
|
||||
ret = _lib.wc_RsaSSL_Sign(plaintext, len(plaintext),
|
||||
signature, len(signature),
|
||||
self.native_object,
|
||||
self._random.native_object)
|
||||
|
||||
if ret != self.output_size:
|
||||
raise WolfCryptError("Signature error (%d)" % ret)
|
||||
|
||||
return signature
|
||||
@@ -0,0 +1,23 @@
|
||||
# exceptions.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
|
||||
|
||||
class WolfCryptError(Exception):
|
||||
pass
|
||||
@@ -0,0 +1,302 @@
|
||||
# hashes.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
from wolfcrypt._ffi import ffi as _ffi
|
||||
from wolfcrypt._ffi import lib as _lib
|
||||
from wolfcrypt.utils import t2b, b2h
|
||||
|
||||
from wolfcrypt.exceptions import *
|
||||
|
||||
class _Hash(object):
|
||||
"""
|
||||
A **PEP 247: Cryptographic Hash Functions** compliant
|
||||
**Hash Function Interface**.
|
||||
"""
|
||||
def __init__(self, string=None):
|
||||
self._native_object = _ffi.new(self._native_type)
|
||||
ret = self._init()
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Hash init error (%d)" % ret)
|
||||
|
||||
if (string):
|
||||
self.update(string)
|
||||
|
||||
|
||||
@classmethod
|
||||
def new(cls, string=None):
|
||||
"""
|
||||
Creates a new hashing object and returns it. The optional
|
||||
**string** parameter, if supplied, will be immediately
|
||||
hashed into the object's starting state, as if
|
||||
obj.update(string) was called.
|
||||
"""
|
||||
return cls(string)
|
||||
|
||||
|
||||
def copy(self):
|
||||
"""
|
||||
Returns a separate copy of this hashing object. An update
|
||||
to this copy won't affect the original object.
|
||||
"""
|
||||
copy = self.new("")
|
||||
|
||||
_ffi.memmove(copy._native_object,
|
||||
self._native_object,
|
||||
self._native_size)
|
||||
|
||||
return copy
|
||||
|
||||
|
||||
def update(self, string):
|
||||
"""
|
||||
Hashes **string** into the current state of the hashing
|
||||
object. update() can be called any number of times during
|
||||
a hashing object's lifetime.
|
||||
"""
|
||||
string = t2b(string)
|
||||
|
||||
ret = self._update(string)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Hash update error (%d)" % ret)
|
||||
|
||||
|
||||
def digest(self):
|
||||
"""
|
||||
Returns the hash value of this hashing object as a string
|
||||
containing 8-bit data. The object is not altered in any
|
||||
way by this function; you can continue updating the object
|
||||
after calling this function.
|
||||
"""
|
||||
result = t2b("\0" * self.digest_size)
|
||||
|
||||
if self._native_object:
|
||||
obj = _ffi.new(self._native_type)
|
||||
|
||||
_ffi.memmove(obj, self._native_object, self._native_size)
|
||||
|
||||
ret = self._final(obj, result)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Hash finalize error (%d)" % ret)
|
||||
|
||||
return result
|
||||
|
||||
|
||||
def hexdigest(self):
|
||||
"""
|
||||
Returns the hash value of this hashing object as a string
|
||||
containing hexadecimal digits. Lowercase letters are used
|
||||
for the digits 'a' through 'f'. Like the .digest() method,
|
||||
this method doesn't alter the object.
|
||||
"""
|
||||
return b2h(self.digest())
|
||||
|
||||
|
||||
class Sha(_Hash):
|
||||
"""
|
||||
**SHA-1** is a cryptographic hash function standardized by **NIST**.
|
||||
|
||||
It produces an [ **160-bit | 20 bytes** ] message digest.
|
||||
"""
|
||||
digest_size = 20
|
||||
_native_type = "Sha *"
|
||||
_native_size = _ffi.sizeof("Sha")
|
||||
|
||||
|
||||
def _init(self):
|
||||
return _lib.wc_InitSha(self._native_object)
|
||||
|
||||
|
||||
def _update(self, data):
|
||||
return _lib.wc_ShaUpdate(self._native_object, data, len(data))
|
||||
|
||||
|
||||
def _final(self, obj, ret):
|
||||
return _lib.wc_ShaFinal(obj, ret)
|
||||
|
||||
|
||||
class Sha256(_Hash):
|
||||
"""
|
||||
**SHA-256** is a cryptographic hash function from the
|
||||
**SHA-2 family** and is standardized by **NIST**.
|
||||
|
||||
It produces a [ **256-bit | 32 bytes** ] message digest.
|
||||
"""
|
||||
digest_size = 32
|
||||
_native_type = "Sha256 *"
|
||||
_native_size = _ffi.sizeof("Sha256")
|
||||
|
||||
|
||||
def _init(self):
|
||||
return _lib.wc_InitSha256(self._native_object)
|
||||
|
||||
|
||||
def _update(self, data):
|
||||
return _lib.wc_Sha256Update(self._native_object, data, len(data))
|
||||
|
||||
|
||||
def _final(self, obj, ret):
|
||||
return _lib.wc_Sha256Final(obj, ret)
|
||||
|
||||
|
||||
class Sha384(_Hash):
|
||||
"""
|
||||
**SHA-384** is a cryptographic hash function from the
|
||||
**SHA-2 family** and is standardized by **NIST**.
|
||||
|
||||
It produces a [ **384-bit | 48 bytes** ] message digest.
|
||||
"""
|
||||
digest_size = 48
|
||||
_native_type = "Sha384 *"
|
||||
_native_size = _ffi.sizeof("Sha384")
|
||||
|
||||
|
||||
def _init(self):
|
||||
return _lib.wc_InitSha384(self._native_object)
|
||||
|
||||
|
||||
def _update(self, data):
|
||||
return _lib.wc_Sha384Update(self._native_object, data, len(data))
|
||||
|
||||
|
||||
def _final(self, obj, ret):
|
||||
return _lib.wc_Sha384Final(obj, ret)
|
||||
|
||||
|
||||
class Sha512(_Hash):
|
||||
"""
|
||||
**SHA-512** is a cryptographic hash function from the
|
||||
**SHA-2 family** and is standardized by **NIST**.
|
||||
|
||||
It produces a [ **512-bit | 64 bytes** ] message digest.
|
||||
"""
|
||||
digest_size = 64
|
||||
_native_type = "Sha512 *"
|
||||
_native_size = _ffi.sizeof("Sha512")
|
||||
|
||||
|
||||
def _init(self):
|
||||
return _lib.wc_InitSha512(self._native_object)
|
||||
|
||||
|
||||
def _update(self, data):
|
||||
return _lib.wc_Sha512Update(self._native_object, data, len(data))
|
||||
|
||||
|
||||
def _final(self, obj, ret):
|
||||
return _lib.wc_Sha512Final(obj, ret)
|
||||
|
||||
|
||||
# Hmac types
|
||||
|
||||
_TYPE_SHA = 1
|
||||
_TYPE_SHA256 = 2
|
||||
_TYPE_SHA384 = 5
|
||||
_TYPE_SHA512 = 4
|
||||
_HMAC_TYPES = [_TYPE_SHA, _TYPE_SHA256, _TYPE_SHA384, _TYPE_SHA512]
|
||||
|
||||
|
||||
class _Hmac(_Hash):
|
||||
"""
|
||||
A **PEP 247: Cryptographic Hash Functions** compliant
|
||||
**Keyed Hash Function Interface**.
|
||||
"""
|
||||
digest_size = None
|
||||
_native_type = "Hmac *"
|
||||
_native_size = _ffi.sizeof("Hmac")
|
||||
|
||||
|
||||
def __init__(self, key, string=None):
|
||||
key = t2b(key)
|
||||
|
||||
self._native_object = _ffi.new(self._native_type)
|
||||
ret = self._init(self._type, key)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("Hmac init error (%d)" % ret)
|
||||
|
||||
if (string):
|
||||
self.update(string)
|
||||
|
||||
|
||||
|
||||
@classmethod
|
||||
def new(cls, key, string=None):
|
||||
"""
|
||||
Creates a new hashing object and returns it. **key** is
|
||||
a required parameter containing a string giving the key
|
||||
to use. The optional **string** parameter, if supplied,
|
||||
will be immediately hashed into the object's starting
|
||||
state, as if obj.update(string) was called.
|
||||
"""
|
||||
return cls(key, string)
|
||||
|
||||
|
||||
def _init(self, type, key):
|
||||
return _lib.wc_HmacSetKey(self._native_object, type, key, len(key))
|
||||
|
||||
|
||||
def _update(self, data):
|
||||
return _lib.wc_HmacUpdate(self._native_object, data, len(data))
|
||||
|
||||
|
||||
def _final(self, obj, ret):
|
||||
return _lib.wc_HmacFinal(obj, ret)
|
||||
|
||||
|
||||
class HmacSha(_Hmac):
|
||||
"""
|
||||
A HMAC function using **SHA-1** as it's cryptographic
|
||||
hash function.
|
||||
|
||||
It produces a [ **512-bit | 64 bytes** ] message digest.
|
||||
"""
|
||||
_type = _TYPE_SHA
|
||||
digest_size = Sha.digest_size
|
||||
|
||||
|
||||
class HmacSha256(_Hmac):
|
||||
"""
|
||||
A HMAC function using **SHA-256** as it's cryptographic
|
||||
hash function.
|
||||
|
||||
It produces a [ **512-bit | 64 bytes** ] message digest.
|
||||
"""
|
||||
_type = _TYPE_SHA256
|
||||
digest_size = Sha256.digest_size
|
||||
|
||||
|
||||
class HmacSha384(_Hmac):
|
||||
"""
|
||||
A HMAC function using **SHA-384** as it's cryptographic
|
||||
hash function.
|
||||
|
||||
It produces a [ **512-bit | 64 bytes** ] message digest.
|
||||
"""
|
||||
_type = _TYPE_SHA384
|
||||
digest_size = Sha384.digest_size
|
||||
|
||||
|
||||
class HmacSha512(_Hmac):
|
||||
"""
|
||||
A HMAC function using **SHA-512** as it's cryptographic
|
||||
hash function.
|
||||
|
||||
It produces a [ **512-bit | 64 bytes** ] message digest.
|
||||
"""
|
||||
_type = _TYPE_SHA512
|
||||
digest_size = Sha512.digest_size
|
||||
@@ -0,0 +1,68 @@
|
||||
# random.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
from wolfcrypt._ffi import ffi as _ffi
|
||||
from wolfcrypt._ffi import lib as _lib
|
||||
from wolfcrypt.utils import t2b
|
||||
|
||||
from wolfcrypt.exceptions import *
|
||||
|
||||
|
||||
class Random(object):
|
||||
"""
|
||||
A Cryptographically Secure Pseudo Random Number Generator - CSPRNG
|
||||
"""
|
||||
def __init__(self):
|
||||
self.native_object = _ffi.new("WC_RNG *")
|
||||
|
||||
ret = _lib.wc_InitRng(self.native_object)
|
||||
if ret < 0:
|
||||
self.native_object = None
|
||||
raise WolfCryptError("RNG init error (%d)" % ret)
|
||||
|
||||
|
||||
def __del__(self):
|
||||
if self.native_object:
|
||||
_lib.wc_FreeRng(self.native_object)
|
||||
|
||||
|
||||
def byte(self):
|
||||
"""
|
||||
Generate and return a random byte.
|
||||
"""
|
||||
result = t2b("\0")
|
||||
|
||||
ret = _lib.wc_RNG_GenerateByte(self.native_object, result)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("RNG generate byte error (%d)" % ret)
|
||||
|
||||
return result
|
||||
|
||||
|
||||
def bytes(self, length):
|
||||
"""
|
||||
Generate and return a random sequence of length bytes.
|
||||
"""
|
||||
result = t2b("\0" * length)
|
||||
|
||||
ret = _lib.wc_RNG_GenerateBlock(self.native_object, result, length)
|
||||
if ret < 0:
|
||||
raise WolfCryptError("RNG generate block error (%d)" % ret)
|
||||
|
||||
return result
|
||||
@@ -0,0 +1,38 @@
|
||||
# utils.py
|
||||
#
|
||||
# Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
import sys
|
||||
from binascii import hexlify as b2h, unhexlify as h2b
|
||||
|
||||
|
||||
if sys.version_info[0] == 3:
|
||||
_text_type = str
|
||||
_binary_type = bytes
|
||||
else:
|
||||
_text_type = unicode
|
||||
_binary_type = str
|
||||
|
||||
|
||||
def t2b(s):
|
||||
"""
|
||||
Converts text to bynary.
|
||||
"""
|
||||
if isinstance(s, _binary_type):
|
||||
return s
|
||||
return _text_type(s).encode("utf-8")
|
||||
Reference in New Issue
Block a user