update windows build to Python 3.7

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/dh.py

@@ -11,6 +11,10 @@ import six
 from cryptography import utils
 
 
+def generate_parameters(generator, key_size, backend):
+    return backend.generate_dh_parameters(generator, key_size)
+
+
 class DHPrivateNumbers(object):
     def __init__(self, x, public_numbers):
         if not isinstance(x, six.integer_types):
@@ -35,6 +39,9 @@ class DHPrivateNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def private_key(self, backend):
+        return backend.load_dh_private_numbers(self)
+
     public_numbers = utils.read_only_property("_public_numbers")
     x = utils.read_only_property("_x")
 
@@ -63,20 +70,29 @@ class DHPublicNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def public_key(self, backend):
+        return backend.load_dh_public_numbers(self)
+
     y = utils.read_only_property("_y")
     parameter_numbers = utils.read_only_property("_parameter_numbers")
 
 
 class DHParameterNumbers(object):
-    def __init__(self, p, g):
+    def __init__(self, p, g, q=None):
         if (
             not isinstance(p, six.integer_types) or
             not isinstance(g, six.integer_types)
         ):
             raise TypeError("p and g must be integers")
+        if q is not None and not isinstance(q, six.integer_types):
+            raise TypeError("q must be integer or None")
+
+        if g < 2:
+            raise ValueError("DH generator must be 2 or greater")
 
         self._p = p
         self._g = g
+        self._q = q
 
     def __eq__(self, other):
         if not isinstance(other, DHParameterNumbers):
@@ -84,14 +100,19 @@ class DHParameterNumbers(object):
 
         return (
             self._p == other._p and
-            self._g == other._g
+            self._g == other._g and
+            self._q == other._q
         )
 
     def __ne__(self, other):
         return not self == other
 
+    def parameters(self, backend):
+        return backend.load_dh_parameter_numbers(self)
+
     p = utils.read_only_property("_p")
     g = utils.read_only_property("_g")
+    q = utils.read_only_property("_q")
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -102,9 +123,12 @@ class DHParameters(object):
         Generates and returns a DHPrivateKey.
         """
 
+    @abc.abstractmethod
+    def parameter_bytes(self, encoding, format):
+        """
+        Returns the parameters serialized as bytes.
+        """
 
-@six.add_metaclass(abc.ABCMeta)
-class DHParametersWithSerialization(DHParameters):
     @abc.abstractmethod
     def parameter_numbers(self):
         """
@@ -112,6 +136,9 @@ class DHParametersWithSerialization(DHParameters):
         """
 
 
+DHParametersWithSerialization = DHParameters
+
+
 @six.add_metaclass(abc.ABCMeta)
 class DHPrivateKey(object):
     @abc.abstractproperty
@@ -132,6 +159,13 @@ class DHPrivateKey(object):
         The DHParameters object associated with this private key.
         """
 
+    @abc.abstractmethod
+    def exchange(self, peer_public_key):
+        """
+        Given peer's DHPublicKey, carry out the key exchange and
+        return shared key as bytes.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class DHPrivateKeyWithSerialization(DHPrivateKey):
@@ -141,6 +175,12 @@ class DHPrivateKeyWithSerialization(DHPrivateKey):
         Returns a DHPrivateNumbers.
         """
 
+    @abc.abstractmethod
+    def private_bytes(self, encoding, format, encryption_algorithm):
+        """
+        Returns the key serialized as bytes.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class DHPublicKey(object):
@@ -156,11 +196,17 @@ class DHPublicKey(object):
         The DHParameters object associated with this public key.
         """
 
-
-@six.add_metaclass(abc.ABCMeta)
-class DHPublicKeyWithSerialization(DHPublicKey):
     @abc.abstractmethod
     def public_numbers(self):
         """
         Returns a DHPublicNumbers.
         """
+
+    @abc.abstractmethod
+    def public_bytes(self, encoding, format):
+        """
+        Returns the key serialized as bytes.
+        """
+
+
+DHPublicKeyWithSerialization = DHPublicKey

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py

@@ -55,6 +55,12 @@ class DSAPrivateKey(object):
         Returns an AsymmetricSignatureContext used for signing data.
         """
 
+    @abc.abstractmethod
+    def sign(self, data, algorithm):
+        """
+        Signs the data
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class DSAPrivateKeyWithSerialization(DSAPrivateKey):
@@ -103,6 +109,12 @@ class DSAPublicKey(object):
         Returns the key serialized as bytes.
         """
 
+    @abc.abstractmethod
+    def verify(self, signature, data, algorithm):
+        """
+        Verifies the signature of the data.
+        """
+
 
 DSAPublicKeyWithSerialization = DSAPublicKey
 
@@ -116,10 +128,10 @@ def generate_private_key(key_size, backend):
 
 
 def _check_dsa_parameters(parameters):
-    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
+    if parameters.p.bit_length() not in [1024, 2048, 3072]:
         raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
-    if utils.bit_length(parameters.q) not in [160, 256]:
-        raise ValueError("q must be exactly 160 or 256 bits long")
+    if parameters.q.bit_length() not in [160, 224, 256]:
+        raise ValueError("q must be exactly 160, 224, or 256 bits long")
 
     if not (1 < parameters.g < parameters.p):
         raise ValueError("g, p don't satisfy 1 < g < p.")
@@ -166,6 +178,13 @@ class DSAParameterNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def __repr__(self):
+        return (
+            "<DSAParameterNumbers(p={self.p}, q={self.q}, g={self.g})>".format(
+                self=self
+            )
+        )
+
 
 class DSAPublicNumbers(object):
     def __init__(self, y, parameter_numbers):
@@ -198,6 +217,12 @@ class DSAPublicNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def __repr__(self):
+        return (
+            "<DSAPublicNumbers(y={self.y}, "
+            "parameter_numbers={self.parameter_numbers})>".format(self=self)
+        )
+
 
 class DSAPrivateNumbers(object):
     def __init__(self, x, public_numbers):

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py

@@ -9,6 +9,16 @@ import abc
 import six
 
 from cryptography import utils
+from cryptography.hazmat._oid import ObjectIdentifier
+
+
+class EllipticCurveOID(object):
+    SECP192R1 = ObjectIdentifier("1.2.840.10045.3.1.1")
+    SECP224R1 = ObjectIdentifier("1.3.132.0.33")
+    SECP256K1 = ObjectIdentifier("1.3.132.0.10")
+    SECP256R1 = ObjectIdentifier("1.2.840.10045.3.1.7")
+    SECP384R1 = ObjectIdentifier("1.3.132.0.34")
+    SECP521R1 = ObjectIdentifier("1.3.132.0.35")
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -22,7 +32,7 @@ class EllipticCurve(object):
     @abc.abstractproperty
     def key_size(self):
         """
-        The bit length of the base point of the curve.
+        Bit size of a secret scalar for the curve.
         """
 
 
@@ -62,6 +72,18 @@ class EllipticCurvePrivateKey(object):
         The EllipticCurve that this key is on.
         """
 
+    @abc.abstractproperty
+    def key_size(self):
+        """
+        Bit size of a secret scalar for the curve.
+        """
+
+    @abc.abstractmethod
+    def sign(self, data, signature_algorithm):
+        """
+        Signs the data
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class EllipticCurvePrivateKeyWithSerialization(EllipticCurvePrivateKey):
@@ -92,6 +114,12 @@ class EllipticCurvePublicKey(object):
         The EllipticCurve that this key is on.
         """
 
+    @abc.abstractproperty
+    def key_size(self):
+        """
+        Bit size of a secret scalar for the curve.
+        """
+
     @abc.abstractmethod
     def public_numbers(self):
         """
@@ -104,6 +132,12 @@ class EllipticCurvePublicKey(object):
         Returns the key serialized as bytes.
         """
 
+    @abc.abstractmethod
+    def verify(self, signature, data, signature_algorithm):
+        """
+        Verifies the signature of the data.
+        """
+
 
 EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey
 
@@ -111,7 +145,7 @@ EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey
 @utils.register_interface(EllipticCurve)
 class SECT571R1(object):
     name = "sect571r1"
-    key_size = 571
+    key_size = 570
 
 
 @utils.register_interface(EllipticCurve)
@@ -204,6 +238,24 @@ class SECP192R1(object):
     key_size = 192
 
 
+@utils.register_interface(EllipticCurve)
+class BrainpoolP256R1(object):
+    name = "brainpoolP256r1"
+    key_size = 256
+
+
+@utils.register_interface(EllipticCurve)
+class BrainpoolP384R1(object):
+    name = "brainpoolP384r1"
+    key_size = 384
+
+
+@utils.register_interface(EllipticCurve)
+class BrainpoolP512R1(object):
+    name = "brainpoolP512r1"
+    key_size = 512
+
+
 _CURVE_TYPES = {
     "prime192v1": SECP192R1,
     "prime256v1": SECP256R1,
@@ -226,6 +278,10 @@ _CURVE_TYPES = {
     "sect283r1": SECT283R1,
     "sect409r1": SECT409R1,
     "sect571r1": SECT571R1,
+
+    "brainpoolP256r1": BrainpoolP256R1,
+    "brainpoolP384r1": BrainpoolP384R1,
+    "brainpoolP512r1": BrainpoolP512R1,
 }
 
 
@@ -241,6 +297,19 @@ def generate_private_key(curve, backend):
     return backend.generate_elliptic_curve_private_key(curve)
 
 
+def derive_private_key(private_value, curve, backend):
+    if not isinstance(private_value, six.integer_types):
+        raise TypeError("private_value must be an integer type.")
+
+    if private_value <= 0:
+        raise ValueError("private_value must be a positive integer.")
+
+    if not isinstance(curve, EllipticCurve):
+        raise TypeError("curve must provide the EllipticCurve interface.")
+
+    return backend.derive_elliptic_curve_private_key(private_value, curve)
+
+
 class EllipticCurvePublicNumbers(object):
     def __init__(self, x, y, curve):
         if (
@@ -302,6 +371,9 @@ class EllipticCurvePublicNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        return hash((self.x, self.y, self.curve.name, self.curve.key_size))
+
     def __repr__(self):
         return (
             "<EllipticCurvePublicNumbers(curve={0.curve.name}, x={0.x}, "
@@ -341,6 +413,9 @@ class EllipticCurvePrivateNumbers(object):
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        return hash((self.private_value, self.public_numbers))
+
 
 class ECDH(object):
     pass

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py

@@ -5,11 +5,13 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
+import math
 
 import six
 
 from cryptography import utils
 from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import rsa
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -65,3 +67,13 @@ class MGF1(object):
             raise TypeError("Expected instance of hashes.HashAlgorithm.")
 
         self._algorithm = algorithm
+
+
+def calculate_max_pss_salt_length(key, hash_algorithm):
+    if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)):
+        raise TypeError("key must be an RSA public or private key")
+    # bit length - 1 per RFC 3447
+    emlen = int(math.ceil((key.key_size - 1) / 8.0))
+    salt_length = emlen - hash_algorithm.digest_size - 2
+    assert salt_length >= 0
+    return salt_length

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py

@@ -5,7 +5,11 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
-from fractions import gcd
+try:
+    # Only available in math in 3.5+
+    from math import gcd
+except ImportError:
+    from fractions import gcd
 
 import six
 
@@ -40,6 +44,12 @@ class RSAPrivateKey(object):
         The RSAPublicKey associated with this private key.
         """
 
+    @abc.abstractmethod
+    def sign(self, data, padding, algorithm):
+        """
+        Signs the data.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class RSAPrivateKeyWithSerialization(RSAPrivateKey):
@@ -88,6 +98,12 @@ class RSAPublicKey(object):
         Returns the key serialized as bytes.
         """
 
+    @abc.abstractmethod
+    def verify(self, signature, data, padding, algorithm):
+        """
+        Verifies the signature of the data.
+        """
+
 
 RSAPublicKeyWithSerialization = RSAPublicKey
 
@@ -187,7 +203,7 @@ def rsa_crt_iqmp(p, q):
 def rsa_crt_dmp1(private_exponent, p):
     """
     Compute the CRT private_exponent % (p - 1) value from the RSA
-    private_exponent and p.
+    private_exponent (d) and p.
     """
     return private_exponent % (p - 1)
 
@@ -195,7 +211,7 @@ def rsa_crt_dmp1(private_exponent, p):
 def rsa_crt_dmq1(private_exponent, q):
     """
     Compute the CRT private_exponent % (q - 1) value from the RSA
-    private_exponent and q.
+    private_exponent (d) and q.
     """
     return private_exponent % (q - 1)
 
@@ -245,7 +261,7 @@ def rsa_recover_prime_factors(n, e, d):
     # Found !
     q, r = divmod(n, p)
     assert r == 0
-
+    p, q = sorted((p, q), reverse=True)
     return (p, q)
 
 

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py

@@ -6,55 +6,34 @@ from __future__ import absolute_import, division, print_function
 
 import warnings
 
-from pyasn1.codec.der import decoder, encoder
-from pyasn1.error import PyAsn1Error
-from pyasn1.type import namedtype, univ
+from asn1crypto.algos import DSASignature
 
 import six
 
 from cryptography import utils
-
-
-class _DSSSigValue(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('r', univ.Integer()),
-        namedtype.NamedType('s', univ.Integer())
-    )
+from cryptography.hazmat.primitives import hashes
 
 
 def decode_rfc6979_signature(signature):
     warnings.warn(
         "decode_rfc6979_signature is deprecated and will "
-        "be removed in a future version, use decode_dss_signature instead "
-        "instead.",
-        utils.DeprecatedIn10,
+        "be removed in a future version, use decode_dss_signature instead.",
+        utils.PersistentlyDeprecated,
         stacklevel=2
     )
     return decode_dss_signature(signature)
 
 
 def decode_dss_signature(signature):
-    try:
-        data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue())
-    except PyAsn1Error:
-        raise ValueError("Invalid signature data. Unable to decode ASN.1")
-
-    if remaining:
-        raise ValueError(
-            "The signature contains bytes after the end of the ASN.1 sequence."
-        )
-
-    r = int(data.getComponentByName('r'))
-    s = int(data.getComponentByName('s'))
-    return (r, s)
+    data = DSASignature.load(signature, strict=True).native
+    return data['r'], data['s']
 
 
 def encode_rfc6979_signature(r, s):
     warnings.warn(
         "encode_rfc6979_signature is deprecated and will "
-        "be removed in a future version, use encode_dss_signature instead "
-        "instead.",
-        utils.DeprecatedIn10,
+        "be removed in a future version, use encode_dss_signature instead.",
+        utils.PersistentlyDeprecated,
         stacklevel=2
     )
     return encode_dss_signature(r, s)
@@ -67,7 +46,15 @@ def encode_dss_signature(r, s):
     ):
         raise ValueError("Both r and s must be integers")
 
-    sig = _DSSSigValue()
-    sig.setComponentByName('r', r)
-    sig.setComponentByName('s', s)
-    return encoder.encode(sig)
+    return DSASignature({'r': r, 's': s}).dump()
+
+
+class Prehashed(object):
+    def __init__(self, algorithm):
+        if not isinstance(algorithm, hashes.HashAlgorithm):
+            raise TypeError("Expected instance of HashAlgorithm.")
+
+        self._algorithm = algorithm
+        self._digest_size = algorithm.digest_size
+
+    digest_size = utils.read_only_property("_digest_size")

Lib/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py

@@ -0,0 +1,54 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import six
+
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X25519PublicKey(object):
+    @classmethod
+    def from_public_bytes(cls, data):
+        from cryptography.hazmat.backends.openssl.backend import backend
+        if not backend.x25519_supported():
+            raise UnsupportedAlgorithm(
+                "X25519 is not supported by this version of OpenSSL.",
+                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
+            )
+        return backend.x25519_load_public_bytes(data)
+
+    @abc.abstractmethod
+    def public_bytes(self):
+        pass
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X25519PrivateKey(object):
+    @classmethod
+    def generate(cls):
+        from cryptography.hazmat.backends.openssl.backend import backend
+        if not backend.x25519_supported():
+            raise UnsupportedAlgorithm(
+                "X25519 is not supported by this version of OpenSSL.",
+                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
+            )
+        return backend.x25519_generate_key()
+
+    @classmethod
+    def _from_private_bytes(cls, data):
+        from cryptography.hazmat.backends.openssl.backend import backend
+        return backend.x25519_load_private_bytes(data)
+
+    @abc.abstractmethod
+    def public_key(self):
+        pass
+
+    @abc.abstractmethod
+    def exchange(self, peer_public_key):
+        pass