0 "laeJu@plJbѿ y"# This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. from __future__ import absolute_import, division, print_function from collections import namedtuple from cryptography import utils from cryptography.exceptions import InternalError from cryptography.hazmat.backends.commoncrypto.ciphers import ( _CipherContext, _GCMCipherContext ) from cryptography.hazmat.backends.commoncrypto.hashes import _HashContext from cryptography.hazmat.backends.commoncrypto.hmac import _HMACContext from cryptography.hazmat.backends.interfaces import ( CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend ) from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, Blowfish, CAST5, TripleDES ) from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CFB, CFB8, CTR, ECB, GCM, OFB ) HashMethods = namedtuple( "HashMethods", ["ctx", "hash_init", "hash_update", "hash_final"] ) @utils.register_interface(CipherBackend) @utils.register_interface(HashBackend) @utils.register_interface(HMACBackend) @utils.register_interface(PBKDF2HMACBackend) class Backend(object): """ CommonCrypto API wrapper. """ name = "commoncrypto" def __init__(self): self._binding = Binding() self._ffi = self._binding.ffi self._lib = self._binding.lib self._cipher_registry = {} self._register_default_ciphers() self._hash_mapping = { "md5": HashMethods( "CC_MD5_CTX *", self._lib.CC_MD5_Init, self._lib.CC_MD5_Update, self._lib.CC_MD5_Final ), "sha1": HashMethods( "CC_SHA1_CTX *", self._lib.CC_SHA1_Init, self._lib.CC_SHA1_Update, self._lib.CC_SHA1_Final ), "sha224": HashMethods( "CC_SHA256_CTX *", self._lib.CC_SHA224_Init, self._lib.CC_SHA224_Update, self._lib.CC_SHA224_Final ), "sha256": HashMethods( "CC_SHA256_CTX *", self._lib.CC_SHA256_Init, self._lib.CC_SHA256_Update, self._lib.CC_SHA256_Final ), "sha384": HashMethods( "CC_SHA512_CTX *", self._lib.CC_SHA384_Init, self._lib.CC_SHA384_Update, self._lib.CC_SHA384_Final ), "sha512": HashMethods( "CC_SHA512_CTX *", self._lib.CC_SHA512_Init, self._lib.CC_SHA512_Update, self._lib.CC_SHA512_Final ), } self._supported_hmac_algorithms = { "md5": self._lib.kCCHmacAlgMD5, "sha1": self._lib.kCCHmacAlgSHA1, "sha224": self._lib.kCCHmacAlgSHA224, "sha256": self._lib.kCCHmacAlgSHA256, "sha384": self._lib.kCCHmacAlgSHA384, "sha512": self._lib.kCCHmacAlgSHA512, } self._supported_pbkdf2_hmac_algorithms = { "sha1": self._lib.kCCPRFHmacAlgSHA1, "sha224": self._lib.kCCPRFHmacAlgSHA224, "sha256": self._lib.kCCPRFHmacAlgSHA256, "sha384": self._lib.kCCPRFHmacAlgSHA384, "sha512": self._lib.kCCPRFHmacAlgSHA512, } def hash_supported(self, algorithm): return algorithm.name in self._hash_mapping def hmac_supported(self, algorithm): return algorithm.name in self._supported_hmac_algorithms def create_hash_ctx(self, algorithm): return _HashContext(self, algorithm) def create_hmac_ctx(self, key, algorithm): return _HMACContext(self, key, algorithm) def cipher_supported(self, cipher, mode): # In OS X 10.11.2-5 (as of this writing) CommonCrypto has a bug with # Blowfish key lengths less than 64-bit. Filed as radar://26636600 if isinstance(cipher, Blowfish) and len(cipher.key) < 8: return False else: