[Pkg-freeipa-devel] python-jwcrypto: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Sat Dec 23 08:00:27 UTC 2017
.travis.yml | 10
MANIFEST.in | 1
Makefile | 6
debian/changelog | 8
debian/compat | 2
debian/control | 4
docs/source/conf.py | 6
docs/source/jwe.rst | 20
docs/source/jwk.rst | 3
docs/source/jws.rst | 20
jwcrypto/common.py | 62 ++
jwcrypto/jwa.py | 1104 ++++++++++++++++++++++++++++++++++++++++++++++++++++
jwcrypto/jwe.py | 884 ++---------------------------------------
jwcrypto/jwk.py | 184 +++++++-
jwcrypto/jws.py | 175 --------
jwcrypto/jwt.py | 8
jwcrypto/tests.py | 269 ++++++++++++
requirements.txt | 1
setup.cfg | 6
setup.py | 7
tox.ini | 8
21 files changed, 1744 insertions(+), 1044 deletions(-)
New commits:
commit 81b70aff6904b85842f8b7eb8d2e7e970979c297
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Dec 23 10:00:15 2017 +0200
releasing package python-jwcrypto version 0.4.2-1
diff --git a/debian/changelog b/debian/changelog
index c95482f..b5e0c20 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-python-jwcrypto (0.4.2-1) UNRELEASED; urgency=medium
+python-jwcrypto (0.4.2-1) unstable; urgency=medium
* New upstream release.
* control: Bump policy to 4.1.2, no changes.
* Bump debhelper to 10.
- -- Timo Aaltonen <tjaalton at debian.org> Sat, 23 Dec 2017 09:51:06 +0200
+ -- Timo Aaltonen <tjaalton at debian.org> Sat, 23 Dec 2017 10:00:03 +0200
python-jwcrypto (0.3.2-1) unstable; urgency=medium
commit 7e7e4ff18669632383c5f3843ea88ea3e7ced6b3
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Dec 23 09:52:38 2017 +0200
Bump debhelper to 10.
diff --git a/debian/changelog b/debian/changelog
index 6d838ed..c95482f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ python-jwcrypto (0.4.2-1) UNRELEASED; urgency=medium
* New upstream release.
* control: Bump policy to 4.1.2, no changes.
+ * Bump debhelper to 10.
-- Timo Aaltonen <tjaalton at debian.org> Sat, 23 Dec 2017 09:51:06 +0200
diff --git a/debian/compat b/debian/compat
index ec63514..f599e28 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-9
+10
diff --git a/debian/control b/debian/control
index be148a2..b9a794e 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Uploaders: Timo Aaltonen <tjaalton at debian.org>
Section: python
Priority: optional
Build-Depends:
- debhelper (>= 9),
+ debhelper (>= 10),
dh-python,
python-all (>= 2.6.6-3),
python-cryptography,
commit 4bbb3c6441a69b65024ed20ef1c95044dea79352
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Dec 23 09:51:58 2017 +0200
control: Bump policy to 4.1.2, no changes.
diff --git a/debian/changelog b/debian/changelog
index 31f4f72..6d838ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
python-jwcrypto (0.4.2-1) UNRELEASED; urgency=medium
* New upstream release.
+ * control: Bump policy to 4.1.2, no changes.
-- Timo Aaltonen <tjaalton at debian.org> Sat, 23 Dec 2017 09:51:06 +0200
diff --git a/debian/control b/debian/control
index 4ee5fef..be148a2 100644
--- a/debian/control
+++ b/debian/control
@@ -16,7 +16,7 @@ Build-Depends:
python3-setuptools,
X-Python-Version: >= 2.7
X-Python3-Version: >= 3.3
-Standards-Version: 3.9.8
+Standards-Version: 4.1.2
Homepage: https://github.com/latchset/jwcrypto
Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/python-jwcrypto.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/python-jwcrypto.git
commit 2ad05f7fbe898ca29697d5218d0c7fb8a73ca9d0
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Dec 23 09:51:27 2017 +0200
update changelog
diff --git a/debian/changelog b/debian/changelog
index 62840f5..31f4f72 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-jwcrypto (0.4.2-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Sat, 23 Dec 2017 09:51:06 +0200
+
python-jwcrypto (0.3.2-1) unstable; urgency=medium
* New upstream release.
commit c4637c14ce129bc09dfdf04e2f794f65ff7340b2
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Aug 1 17:56:23 2017 +0200
Preparing release 0.4.2
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 860c262..c06c1b6 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -53,9 +53,9 @@ copyright = u'2016-2017, JWCrypto Contributors'
# built documents.
#
# The short X.Y version.
-version = '0.5'
+version = '0.4'
# The full version, including alpha/beta/rc tags.
-release = '0.5.dev1'
+release = '0.4.2'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/setup.py b/setup.py
index 615f3ad..5888c1e 100755
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import setup
setup(
name = 'jwcrypto',
- version = '0.5.dev1',
+ version = '0.4.2',
license = 'LGPLv3+',
maintainer = 'JWCrypto Project Contributors',
maintainer_email = 'simo at redhat.com',
commit 8b41d34e4122db97b49c35560315d23dc265d2f9
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Aug 1 16:38:15 2017 +0200
Support and test with Python 3.6
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/.travis.yml b/.travis.yml
index f17d9f3..1eccbef 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,15 +12,17 @@ matrix:
env: TOXENV=py34
- python: 3.5
env: TOXENV=py35
- - python: 3.5
+ - python: 3.6
+ env: TOXENV=py36
+ - python: 3.6
env: TOXENV=doc
- - python: 3.5
+ - python: 3.6
env: TOXENV=sphinx
- - python: 3.5
+ - python: 3.6
env: TOXENV=lint
- python: 2.7
env: TOXENV=pep8py2
- - python: 3.5
+ - python: 3.6
env: TOXENV=pep8py3
install:
diff --git a/setup.py b/setup.py
index 4687279..615f3ad 100755
--- a/setup.py
+++ b/setup.py
@@ -17,6 +17,7 @@ setup(
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
'Intended Audience :: Developers',
'Topic :: Security',
'Topic :: Software Development :: Libraries :: Python Modules'
@@ -26,4 +27,3 @@ setup(
'cryptography >= 1.5',
],
)
-
diff --git a/tox.ini b/tox.ini
index 71db7ad..488678d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
[tox]
-envlist = lint,py27,py34,py35,pep8py2,pep8py3,doc,sphinx
+envlist = lint,py27,py34,py35,py36,pep8py2,pep8py3,doc,sphinx
skip_missing_interpreters = true
[testenv]
commit 68bac873b4febfe44cb79d396eb3d2554f744c16
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Aug 1 10:39:40 2017 +0200
Remove unnecessary calls to str()
json_decode() returns str instances for str values anyway. In case the
JSON payload contains invalid types, base64 codec will fail with an
appropriate error message.
'some.string'.split('.') returns a list of str.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py
index fbfe024..353820a 100644
--- a/jwcrypto/jwe.py
+++ b/jwcrypto/jwe.py
@@ -423,30 +423,30 @@ class JWE(object):
try:
try:
djwe = json_decode(raw_jwe)
- o['iv'] = base64url_decode(str(djwe['iv']))
- o['ciphertext'] = base64url_decode(str(djwe['ciphertext']))
- o['tag'] = base64url_decode(str(djwe['tag']))
+ o['iv'] = base64url_decode(djwe['iv'])
+ o['ciphertext'] = base64url_decode(djwe['ciphertext'])
+ o['tag'] = base64url_decode(djwe['tag'])
if 'protected' in djwe:
- p = base64url_decode(str(djwe['protected']))
+ p = base64url_decode(djwe['protected'])
o['protected'] = p.decode('utf-8')
if 'unprotected' in djwe:
o['unprotected'] = json_encode(djwe['unprotected'])
if 'aad' in djwe:
- o['aad'] = base64url_decode(str(djwe['aad']))
+ o['aad'] = base64url_decode(djwe['aad'])
if 'recipients' in djwe:
o['recipients'] = list()
for rec in djwe['recipients']:
e = dict()
if 'encrypted_key' in rec:
e['encrypted_key'] = \
- base64url_decode(str(rec['encrypted_key']))
+ base64url_decode(rec['encrypted_key'])
if 'header' in rec:
e['header'] = json_encode(rec['header'])
o['recipients'].append(e)
else:
if 'encrypted_key' in djwe:
o['encrypted_key'] = \
- base64url_decode(str(djwe['encrypted_key']))
+ base64url_decode(djwe['encrypted_key'])
if 'header' in djwe:
o['header'] = json_encode(djwe['header'])
@@ -454,14 +454,14 @@ class JWE(object):
c = raw_jwe.split('.')
if len(c) != 5:
raise InvalidJWEData()
- p = base64url_decode(str(c[0]))
+ p = base64url_decode(c[0])
o['protected'] = p.decode('utf-8')
- ekey = base64url_decode(str(c[1]))
+ ekey = base64url_decode(c[1])
if ekey != b'':
- o['encrypted_key'] = base64url_decode(str(c[1]))
- o['iv'] = base64url_decode(str(c[2]))
- o['ciphertext'] = base64url_decode(str(c[3]))
- o['tag'] = base64url_decode(str(c[4]))
+ o['encrypted_key'] = base64url_decode(c[1])
+ o['iv'] = base64url_decode(c[2])
+ o['ciphertext'] = base64url_decode(c[3])
+ o['tag'] = base64url_decode(c[4])
self.objects = o
commit 323327b688e4d1c969a3eb8d3e571454071c9e2e
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Aug 1 10:36:04 2017 +0200
Fix bytes/str comparison in JWE
In Python 3, '' != b''. With bytes warning enabled, comparison of bytes
and str raise an exception, too.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py
index 0e1abbd..fbfe024 100644
--- a/jwcrypto/jwe.py
+++ b/jwcrypto/jwe.py
@@ -457,7 +457,7 @@ class JWE(object):
p = base64url_decode(str(c[0]))
o['protected'] = p.decode('utf-8')
ekey = base64url_decode(str(c[1]))
- if ekey != '':
+ if ekey != b'':
o['encrypted_key'] = base64url_decode(str(c[1]))
o['iv'] = base64url_decode(str(c[2]))
o['ciphertext'] = base64url_decode(str(c[3]))
diff --git a/tox.ini b/tox.ini
index e4a3aa4..71db7ad 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,7 +10,7 @@ deps =
coverage
sitepackages = True
commands =
- {envpython} -m coverage run -m pytest --capture=no --strict {posargs}
+ {envpython} -bb -m coverage run -m pytest --capture=no --strict {posargs}
{envpython} -m coverage report -m
[testenv:lint]
commit a55d16c7e51ed3a083827906b0a733eb111bab8c
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Aug 1 10:32:50 2017 +0200
Include tox.ini and setup.cfg in sdist
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/MANIFEST.in b/MANIFEST.in
index 72ca36c..46e1f5d 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1 +1,2 @@
include LICENSE README.md
+include tox.ini setup.cfg
commit dfd400d8a451a8e1183bd6957045adb0588987f4
Author: Christian Heimes <cheimes at redhat.com>
Date: Mon Jul 24 11:17:10 2017 +0200
Post release bump
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 0c20fe8..860c262 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -53,9 +53,9 @@ copyright = u'2016-2017, JWCrypto Contributors'
# built documents.
#
# The short X.Y version.
-version = '0.4'
+version = '0.5'
# The full version, including alpha/beta/rc tags.
-release = '0.4.1'
+release = '0.5.dev1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/setup.py b/setup.py
index da6f7f8..4687279 100755
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import setup
setup(
name = 'jwcrypto',
- version = '0.4.1',
+ version = '0.5.dev1',
license = 'LGPLv3+',
maintainer = 'JWCrypto Project Contributors',
maintainer_email = 'simo at redhat.com',
commit 9203242ca4a7c560db99a0f0323ab26e80d69d83
Author: Christian Heimes <cheimes at redhat.com>
Date: Mon Jul 24 11:13:03 2017 +0200
Preparing release 0.4.1
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/docs/source/conf.py b/docs/source/conf.py
index aaaaacd..0c20fe8 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -46,7 +46,7 @@ master_doc = 'index'
# General information about the project.
project = u'JWCrypto'
-copyright = u'2016, JWCrypto Contributors'
+copyright = u'2016-2017, JWCrypto Contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -55,7 +55,7 @@ copyright = u'2016, JWCrypto Contributors'
# The short X.Y version.
version = '0.4'
# The full version, including alpha/beta/rc tags.
-release = '0.4.0'
+release = '0.4.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/setup.py b/setup.py
index d08daba..da6f7f8 100755
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import setup
setup(
name = 'jwcrypto',
- version = '0.4.0.dev1',
+ version = '0.4.1',
license = 'LGPLv3+',
maintainer = 'JWCrypto Project Contributors',
maintainer_email = 'simo at redhat.com',
commit ffa4ddae9a264948ec2e964e995d5a540e0e04f9
Author: Simo Sorce <simo at redhat.com>
Date: Fri Jul 21 08:53:29 2017 -0400
Cyrptography deprecated signer and verifier
Use sign() and verify() directly instead.
Signed-off-by: Simo Sorce <simo at redhat.com>
diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py
index d70e92d..45064ee 100644
--- a/jwcrypto/jwa.py
+++ b/jwcrypto/jwa.py
@@ -122,15 +122,11 @@ class _RawRSA(_RawJWS):
def sign(self, key, payload):
skey = key.get_op_key('sign')
- signer = skey.signer(self.padfn, self.hashfn)
- signer.update(payload)
- return signer.finalize()
+ return skey.sign(payload, self.padfn, self.hashfn)
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify')
- verifier = pkey.verifier(signature, self.padfn, self.hashfn)
- verifier.update(payload)
- verifier.verify()
+ pkey.verify(signature, payload, self.padfn, self.hashfn)
class _RawEC(_RawJWS):
@@ -144,9 +140,7 @@ class _RawEC(_RawJWS):
def sign(self, key, payload):
skey = key.get_op_key('sign', self._curve)
- signer = skey.signer(ec.ECDSA(self.hashfn))
- signer.update(payload)
- signature = signer.finalize()
+ signature = skey.sign(payload, ec.ECDSA(self.hashfn))
r, s = ec_utils.decode_rfc6979_signature(signature)
l = key.get_curve(self._curve).key_size
return _encode_int(r, l) + _encode_int(s, l)
@@ -157,9 +151,7 @@ class _RawEC(_RawJWS):
s = signature[len(signature) // 2:]
enc_signature = ec_utils.encode_rfc6979_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
- verifier = pkey.verifier(enc_signature, ec.ECDSA(self.hashfn))
- verifier.update(payload)
- verifier.verify()
+ pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))
class _RawNone(_RawJWS):
diff --git a/setup.py b/setup.py
index 64192d0..d08daba 100755
--- a/setup.py
+++ b/setup.py
@@ -23,7 +23,7 @@ setup(
],
data_files = [('share/doc/jwcrypto', ['LICENSE', 'README.md'])],
install_requires = [
- 'cryptography >= 0.7.2',
+ 'cryptography >= 1.5',
],
)
commit f38ff2c3fda3722d8b845c8912dffe5eeab56031
Author: James Gardiner <james at jgardiner.co.uk>
Date: Wed Jul 12 16:12:14 2017 +0100
Fix typo in jwk chapter of docs
diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py
index d113eb0..b64a0b5 100644
--- a/jwcrypto/jwk.py
+++ b/jwcrypto/jwk.py
@@ -166,7 +166,7 @@ class JWK(object):
This object represent a Key.
It must be instantiated by using the standard defined key/value pairs
- as arguents of the initialization function.
+ as arguments of the initialization function.
"""
def __init__(self, **kwargs):
commit 19c4d97a6218a8ee663f93560ea7fe2611595876
Author: Yann Cézard <ycezard at viareport.com>
Date: Mon Jul 10 16:32:38 2017 +0200
Set claims after reg_claims (or _add_default_claims will never be called).
diff --git a/jwcrypto/jwt.py b/jwcrypto/jwt.py
index b79a1dc..3df7da6 100644
--- a/jwcrypto/jwt.py
+++ b/jwcrypto/jwt.py
@@ -191,15 +191,15 @@ class JWT(object):
if header:
self.header = header
- if claims:
- self.claims = claims
-
if default_claims is not None:
self._reg_claims = default_claims
if check_claims is not None:
self._check_claims = check_claims
+ if claims:
+ self.claims = claims
+
if jwt is not None:
self.deserialize(jwt, key)
commit bb42eca55e29046c66b5b9215032182b9ff9255c
Author: Simo Sorce <simo at redhat.com>
Date: Thu Jul 13 04:43:32 2017 -0400
Remove useless tox command that breaks travis
Signed-off-by: Simo Sorce <simo at redhat.com>
Close #81
diff --git a/tox.ini b/tox.ini
index 598f17c..e4a3aa4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -47,7 +47,6 @@ deps =
basepython = python2.7
commands =
doc8 --allow-long-titles README.md
- python setup.py check --restructuredtext --metadata --strict
markdown_py README.md -f {toxworkdir}/README.md.html
[testenv:sphinx]
commit b9949a7987f5df983ba361e67fd6be0813cdecde
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Nov 29 20:50:28 2016 +0100
Post release bump
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/setup.py b/setup.py
index c8d299a..64192d0 100755
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import setup
setup(
name = 'jwcrypto',
- version = '0.4.0',
+ version = '0.4.0.dev1',
license = 'LGPLv3+',
maintainer = 'JWCrypto Project Contributors',
maintainer_email = 'simo at redhat.com',
commit c85a52becda8540be6396bb97853ae771cf4ee07
Author: Christian Heimes <cheimes at redhat.com>
Date: Tue Nov 29 20:10:09 2016 +0100
Preparing release 0.4.0
Signed-off-by: Christian Heimes <cheimes at redhat.com>
diff --git a/docs/source/conf.py b/docs/source/conf.py
index a27982e..aaaaacd 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -53,9 +53,9 @@ copyright = u'2016, JWCrypto Contributors'
# built documents.
#
# The short X.Y version.
-version = '0.3'
+version = '0.4'
# The full version, including alpha/beta/rc tags.
-release = '0.3.1'
+release = '0.4.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/setup.py b/setup.py
index 61d3db2..c8d299a 100755
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import setup
setup(
name = 'jwcrypto',
- version = '0.3.1',
+ version = '0.4.0',
license = 'LGPLv3+',
maintainer = 'JWCrypto Project Contributors',
maintainer_email = 'simo at redhat.com',
commit 53cc27206dec24f6c06d5b9c14e30b80f893d383
Author: Carlos Jenkins <carlos.jenkins at gorillalogic.com>
Date: Mon Nov 28 11:36:40 2016 -0600
Fixed nbf incorrect validation.
Reviewed-by: Simo Sorce <simo at redhat.com>
Fixes #71
Closes #72
diff --git a/jwcrypto/jwt.py b/jwcrypto/jwt.py
index 52c6b73..b79a1dc 100644
--- a/jwcrypto/jwt.py
+++ b/jwcrypto/jwt.py
@@ -340,7 +340,7 @@ class JWT(object):
if 'exp' in claims:
self._check_exp(claims['exp'], time.time(), self._leeway)
if 'nbf' in claims:
- self._check_exp(claims['nbf'], time.time(), self._leeway)
+ self._check_nbf(claims['nbf'], time.time(), self._leeway)
def _check_provided_claims(self):
# check_claims can be set to False to skip any check
commit 09d05131f2e868c39681deaa7e9374f671257ca7
Author: Ash Berlin <ash_github at firemirror.com>
Date: Sun Nov 27 11:31:58 2016 +0000
Add 'cryptography' to requirements in setup.py
This is so that you can add just jwcrypto to the requirements of a
downstream project and have it install everything needed -- previously
you would also have to add cryptography yourself.
Since this was the only thing in requirements.txt I have removed the
file
Reviewed-by: Simo Sorce <simo at redhat.com>
Fixes #69
Closes #70
diff --git a/requirements.txt b/requirements.txt
deleted file mode 100644
index 778c982..0000000
--- a/requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-cryptography >= 0.7.2
diff --git a/setup.py b/setup.py
index be4197a..61d3db2 100755
--- a/setup.py
+++ b/setup.py
@@ -22,5 +22,8 @@ setup(
'Topic :: Software Development :: Libraries :: Python Modules'
],
data_files = [('share/doc/jwcrypto', ['LICENSE', 'README.md'])],
+ install_requires = [
+ 'cryptography >= 0.7.2',
+ ],
)
diff --git a/tox.ini b/tox.ini
index b1689b7..598f17c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,7 +8,6 @@ setenv =
deps =
pytest
coverage
- -r{toxinidir}/requirements.txt
sitepackages = True
commands =
{envpython} -m coverage run -m pytest --capture=no --strict {posargs}
@@ -18,7 +17,6 @@ commands =
basepython = python2.7
deps =
pylint
- -r{toxinidir}/requirements.txt
sitepackages = True
commands =
{envpython} -m pylint -d c,r,i,W0613 -r n -f colorized --notes= --disable=star-args ./jwcrypto
@@ -57,7 +55,6 @@ basepython = python2.7
changedir = docs/source
deps =
sphinx < 1.3.0
- -r{toxinidir}/requirements.txt
commands =
sphinx-build -v -W -b html -d {envtmpdir}/doctrees . {envtmpdir}/html
commit 1ac6f4795d4a0059a67a06c55918d6497ea90172
Author: Simo Sorce <simo at redhat.com>
Date: Mon Nov 28 06:25:32 2016 -0500
Fix trvis's flake8 complaints
Signed-off-by: Simo Sorce <simo at redhat.com>
diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
index a3ab760..fc592b0 100644
--- a/jwcrypto/tests.py
+++ b/jwcrypto/tests.py
@@ -843,6 +843,7 @@ class TestJWE(unittest.TestCase):
e = jwe.JWE(algs=['A256KW'])
e.deserialize(E_A5_ex, E_A4_ex['key2'])
+
MMA_vector_key = jwk.JWK(**E_A2_key)
MMA_vector_ok_cek = \
'{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",' \
commit 2869305df3b3c39fc501277615033730511ecd67
Author: Christian Heimes <cheimes at redhat.com>
Date: Thu Sep 8 14:49:48 2016 +0200
Fix 'ECDH-ES' base classes and add tests
ECDH-ES is an actual JWA algorithm and not a base class. Therefore it
must be a subclass of JWAAlgorithm. New tests will catch these errors in
the future.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
Closes #67
diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py
index 521890b..d70e92d 100644
--- a/jwcrypto/jwa.py
+++ b/jwcrypto/jwa.py
@@ -720,7 +720,7 @@ class _Direct(_RawKeyMgmt, JWAAlgorithm):
return cek
-class _EcdhEs(_RawKeyMgmt):
+class _EcdhEs(_RawKeyMgmt, JWAAlgorithm):
name = 'ECDH-ES'
description = "ECDH-ES using Concat KDF"
@@ -815,7 +815,7 @@ class _EcdhEs(_RawKeyMgmt):
return cek
-class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm):
+class _EcdhEsAes128Kw(_EcdhEs):
name = 'ECDH-ES+A128KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
@@ -824,7 +824,7 @@ class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex'
-class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm):
+class _EcdhEsAes192Kw(_EcdhEs):
name = 'ECDH-ES+A192KW'
description = 'ECDH-ES using Concat KDF and "A192KW" wrapping'
@@ -833,7 +833,7 @@ class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex'
-class _EcdhEsAes256Kw(_EcdhEs, JWAAlgorithm):
+class _EcdhEsAes256Kw(_EcdhEs):
name = 'ECDH-ES+A256KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
index 927c1fb..a3ab760 100644
--- a/jwcrypto/tests.py
+++ b/jwcrypto/tests.py
@@ -10,6 +10,7 @@ from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
+from jwcrypto import jwa
from jwcrypto import jwe
from jwcrypto import jwk
from jwcrypto import jws
@@ -1107,3 +1108,42 @@ class ConformanceTests(unittest.TestCase):
check = jwe.JWE()
check.deserialize(enc, key)
self.assertEqual(b'plain', check.payload)
+
+
+class JWATests(unittest.TestCase):
+ def test_jwa_create(self):
+ for name, cls in jwa.JWA.algorithms_registry.items():
+ self.assertEqual(cls.name, name)
+ self.assertIn(cls.algorithm_usage_location, {'alg', 'enc'})
+ if name == 'ECDH-ES':
+ self.assertIs(cls.keysize, None)
+ else:
+ self.assertIsInstance(cls.keysize, int)
+ self.assertGreaterEqual(cls.keysize, 0)
+
+ if cls.algorithm_use == 'sig':
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.encryption_alg(name)
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.keymgmt_alg(name)
+ inst = jwa.JWA.signing_alg(name)
+ self.assertIsInstance(inst, jwa.JWAAlgorithm)
+ self.assertEqual(inst.name, name)
+ elif cls.algorithm_use == 'kex':
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.encryption_alg(name)
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.signing_alg(name)
+ inst = jwa.JWA.keymgmt_alg(name)
+ self.assertIsInstance(inst, jwa.JWAAlgorithm)
+ self.assertEqual(inst.name, name)
+ elif cls.algorithm_use == 'enc':
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.signing_alg(name)
+ with self.assertRaises(jwa.InvalidJWAAlgorithm):
+ jwa.JWA.keymgmt_alg(name)
+ inst = jwa.JWA.encryption_alg(name)
+ self.assertIsInstance(inst, jwa.JWAAlgorithm)
+ self.assertEqual(inst.name, name)
+ else:
+ self.fail((name, cls))
commit 19490b847c226f1dd08d2b32d5c36c7cada4fd68
Author: Simo Sorce <simo at redhat.com>
Date: Mon Aug 29 15:16:37 2016 -0400
Add Timing tests for MMA
This test is not very reliable and takes a long time so it is provided but
diasabled by default.
It is only useful to verify if any regression regarding MMA occurs, so it can
be just run occasionally.
Signed-off-by: Simo Sorce <simo at redhat.com>
diff --git a/Makefile b/Makefile
index 5163d78..c52c43a 100644
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,12 @@ clean:
cscope:
git ls-files | xargs pycscope
+testlong: export JWCRYPTO_TESTS_ENABLE_MMA=True
+testlong: export TOX_TESTENV_PASSENV=JWCRYPTO_TESTS_ENABLE_MMA
+testlong:
+ rm -f .coverage
+ tox -e py35
+
test:
rm -f .coverage
tox -e py27
diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
index f9b441f..927c1fb 100644
--- a/jwcrypto/tests.py
+++ b/jwcrypto/tests.py
@@ -842,6 +842,86 @@ class TestJWE(unittest.TestCase):
e = jwe.JWE(algs=['A256KW'])
e.deserialize(E_A5_ex, E_A4_ex['key2'])
+MMA_vector_key = jwk.JWK(**E_A2_key)
+MMA_vector_ok_cek = \
+ '{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",' \
+ '"unprotected":{"jku":"https://server.example.com/keys.jwks"},' \
+ '"recipients":[' \
+ '{"header":{"alg":"RSA1_5","kid":"2011-04-29"},' \
+ '"encrypted_key":'\
+ '"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-' \
+ 'kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx' \
+ 'GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3' \
+ 'YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh' \
+ 'cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg' \
+ 'wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"}],' \
+ '"iv":"AxY8DCtDaGlsbGljb3RoZQ",' \
+ '"ciphertext":"PURPOSEFULLYBROKENYGS4HffxPSUrfmqCHXaI9wOGY",' \
+ '"tag":"Mz-VPPyU4RlcuYv1IwIvzw"}'
+MMA_vector_ko_cek = \
+ '{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",' \
+ '"unprotected":{"jku":"https://server.example.com/keys.jwks"},' \
+ '"recipients":[' \
+ '{"header":{"alg":"RSA1_5","kid":"2011-04-29"},' \
+ '"encrypted_key":'\
+ '"UGhIOguC7IuEvf_NPVaYsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-' \
+ 'kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx' \
+ 'GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3' \
+ 'YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh' \
+ 'cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg' \
+ 'wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"}],' \
+ '"iv":"AxY8DCtDaGlsbGljb3RoZQ",' \
+ '"ciphertext":"PURPOSEFULLYBROKENYGS4HffxPSUrfmqCHXaI9wOGY",' \
+ '"tag":"Mz-VPPyU4RlcuYv1IwIvzw"}'
+
+
+class TestMMA(unittest.TestCase):
+ @classmethod
+ def setUpClass(cls):
+ import os
+ cls.enableMMA = os.environ.get('JWCRYPTO_TESTS_ENABLE_MMA', False)
+ cls.iterations = 500
+ cls.sub_iterations = 100
+
+ def test_MMA(self):
+ if self.enableMMA:
+
+ print('Testing MMA timing attacks')
+
+ ok_cek = 0
+ ok_e = jwe.JWE()
+ ok_e.deserialize(MMA_vector_ok_cek)
+ ko_cek = 0
+ ko_e = jwe.JWE()
+ ko_e.deserialize(MMA_vector_ko_cek)
+
+ import time
+ counter = getattr(time, 'perf_counter', time.time)
+
+ for _ in range(self.iterations):
+ start = counter()
+ for _ in range(self.sub_iterations):
+ with self.assertRaises(jwe.InvalidJWEData):
+ ok_e.decrypt(MMA_vector_key)
+ stop = counter()
+ ok_cek += (stop - start) / self.sub_iterations
+
+ start = counter()
+ for _ in range(self.sub_iterations):
+ with self.assertRaises(jwe.InvalidJWEData):
+ ko_e.decrypt(MMA_vector_key)
+ stop = counter()
+ ko_cek += (stop - start) / self.sub_iterations
+
+ ok_cek /= self.iterations
+ ko_cek /= self.iterations
+
+ deviation = ((ok_cek - ko_cek) / ok_cek) * 100
+ print('MMA ok cek: {}'.format(ok_cek))
+ print('MMA ko cek: {}'.format(ko_cek))
+ print('MMA deviation: {}% ({})'.format(int(deviation), deviation))
+ self.assertLess(deviation, 2)
+
# RFC 7519
A1_header = {
commit eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba
More information about the Pkg-freeipa-devel
mailing list