Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
5from __future__ import annotations
7from cryptography.hazmat.bindings._rust import openssl as rust_openssl
8from cryptography.hazmat.bindings.openssl import binding
9from cryptography.hazmat.primitives import hashes
10from cryptography.hazmat.primitives._asymmetric import AsymmetricPadding
11from cryptography.hazmat.primitives.asymmetric import ec
12from cryptography.hazmat.primitives.asymmetric import utils as asym_utils
13from cryptography.hazmat.primitives.asymmetric.padding import (
14 MGF1,
15 OAEP,
16 PSS,
17 PKCS1v15,
18)
19from cryptography.hazmat.primitives.ciphers import (
20 CipherAlgorithm,
21)
22from cryptography.hazmat.primitives.ciphers.algorithms import (
23 AES,
24)
25from cryptography.hazmat.primitives.ciphers.modes import (
26 CBC,
27 Mode,
28)
31class Backend:
32 """
33 OpenSSL API binding interfaces.
34 """
36 name = "openssl"
38 # TripleDES encryption is disallowed/deprecated throughout 2023 in
39 # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA).
40 _fips_ciphers = (AES,)
41 # Sometimes SHA1 is still permissible. That logic is contained
42 # within the various *_supported methods.
43 _fips_hashes = (
44 hashes.SHA224,
45 hashes.SHA256,
46 hashes.SHA384,
47 hashes.SHA512,
48 hashes.SHA512_224,
49 hashes.SHA512_256,
50 hashes.SHA3_224,
51 hashes.SHA3_256,
52 hashes.SHA3_384,
53 hashes.SHA3_512,
54 hashes.SHAKE128,
55 hashes.SHAKE256,
56 )
57 _fips_ecdh_curves = (
58 ec.SECP224R1,
59 ec.SECP256R1,
60 ec.SECP384R1,
61 ec.SECP521R1,
62 )
63 _fips_rsa_min_key_size = 2048
64 _fips_rsa_min_public_exponent = 65537
65 _fips_dsa_min_modulus = 1 << 2048
66 _fips_dh_min_key_size = 2048
67 _fips_dh_min_modulus = 1 << _fips_dh_min_key_size
69 def __init__(self) -> None:
70 self._binding = binding.Binding()
71 self._ffi = self._binding.ffi
72 self._lib = self._binding.lib
73 self._fips_enabled = rust_openssl.is_fips_enabled()
75 def __repr__(self) -> str:
76 return (
77 f"<OpenSSLBackend(version: {self.openssl_version_text()}, "
78 f"FIPS: {self._fips_enabled}, "
79 f"Legacy: {rust_openssl._legacy_provider_loaded})>"
80 )
82 def openssl_assert(self, ok: bool) -> None:
83 return binding._openssl_assert(ok)
85 def _enable_fips(self) -> None:
86 # This function enables FIPS mode for OpenSSL 3.0.0 on installs that
87 # have the FIPS provider installed properly.
88 rust_openssl.enable_fips(rust_openssl._providers)
89 assert rust_openssl.is_fips_enabled()
90 self._fips_enabled = rust_openssl.is_fips_enabled()
92 def openssl_version_text(self) -> str:
93 """
94 Friendly string name of the loaded OpenSSL library. This is not
95 necessarily the same version as it was compiled against.
97 Example: OpenSSL 3.2.1 30 Jan 2024
98 """
99 return rust_openssl.openssl_version_text()
101 def openssl_version_number(self) -> int:
102 return rust_openssl.openssl_version()
104 def hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
105 if self._fips_enabled and not isinstance(algorithm, self._fips_hashes):
106 return False
108 return rust_openssl.hashes.hash_supported(algorithm)
110 def signature_hash_supported(
111 self, algorithm: hashes.HashAlgorithm
112 ) -> bool:
113 # Dedicated check for hashing algorithm use in message digest for
114 # signatures, e.g. RSA PKCS#1 v1.5 SHA1 (sha1WithRSAEncryption).
115 if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
116 return False
117 return self.hash_supported(algorithm)
119 def scrypt_supported(self) -> bool:
120 if self._fips_enabled:
121 return False
122 else:
123 return hasattr(rust_openssl.kdf.Scrypt, "derive")
125 def argon2_supported(self) -> bool:
126 if self._fips_enabled:
127 return False
128 else:
129 return hasattr(rust_openssl.kdf.Argon2id, "derive")
131 def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
132 # FIPS mode still allows SHA1 for HMAC
133 if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
134 return True
135 if rust_openssl.CRYPTOGRAPHY_IS_AWSLC:
136 return isinstance(
137 algorithm,
138 (
139 hashes.MD5,
140 hashes.SHA1,
141 hashes.SHA224,
142 hashes.SHA256,
143 hashes.SHA384,
144 hashes.SHA512,
145 hashes.SHA512_224,
146 hashes.SHA512_256,
147 ),
148 )
149 return self.hash_supported(algorithm)
151 def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool:
152 if self._fips_enabled:
153 # FIPS mode requires AES. TripleDES is disallowed/deprecated in
154 # FIPS 140-3.
155 if not isinstance(cipher, self._fips_ciphers):
156 return False
158 return rust_openssl.ciphers.cipher_supported(cipher, mode)
160 def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
161 return self.hmac_supported(algorithm)
163 def _consume_errors(self) -> list[rust_openssl.OpenSSLError]:
164 return rust_openssl.capture_error_stack()
166 def _oaep_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
167 if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
168 return False
170 return isinstance(
171 algorithm,
172 (
173 hashes.SHA1,
174 hashes.SHA224,
175 hashes.SHA256,
176 hashes.SHA384,
177 hashes.SHA512,
178 ),
179 )
181 def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool:
182 if isinstance(padding, PKCS1v15):
183 return True
184 elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
185 # FIPS 186-4 only allows salt length == digest length for PSS
186 # It is technically acceptable to set an explicit salt length
187 # equal to the digest length and this will incorrectly fail, but
188 # since we don't do that in the tests and this method is
189 # private, we'll ignore that until we need to do otherwise.
190 if (
191 self._fips_enabled
192 and padding._salt_length != PSS.DIGEST_LENGTH
193 ):
194 return False
195 return self.hash_supported(padding._mgf._algorithm)
196 elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
197 return self._oaep_hash_supported(
198 padding._mgf._algorithm
199 ) and self._oaep_hash_supported(padding._algorithm)
200 else:
201 return False
203 def rsa_encryption_supported(self, padding: AsymmetricPadding) -> bool:
204 if self._fips_enabled and isinstance(padding, PKCS1v15):
205 return False
206 else:
207 return self.rsa_padding_supported(padding)
209 def dsa_supported(self) -> bool:
210 return (
211 not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
212 and not self._fips_enabled
213 )
215 def dsa_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
216 if not self.dsa_supported():
217 return False
218 return self.signature_hash_supported(algorithm)
220 def cmac_algorithm_supported(self, algorithm) -> bool:
221 return self.cipher_supported(
222 algorithm, CBC(b"\x00" * algorithm.block_size)
223 )
225 def elliptic_curve_supported(self, curve: ec.EllipticCurve) -> bool:
226 if self._fips_enabled and not isinstance(
227 curve, self._fips_ecdh_curves
228 ):
229 return False
231 return rust_openssl.ec.curve_supported(curve)
233 def elliptic_curve_signature_algorithm_supported(
234 self,
235 signature_algorithm: ec.EllipticCurveSignatureAlgorithm,
236 curve: ec.EllipticCurve,
237 ) -> bool:
238 # We only support ECDSA right now.
239 if not isinstance(signature_algorithm, ec.ECDSA):
240 return False
242 return self.elliptic_curve_supported(curve) and (
243 isinstance(signature_algorithm.algorithm, asym_utils.Prehashed)
244 or self.hash_supported(signature_algorithm.algorithm)
245 )
247 def elliptic_curve_exchange_algorithm_supported(
248 self, algorithm: ec.ECDH, curve: ec.EllipticCurve
249 ) -> bool:
250 return self.elliptic_curve_supported(curve) and isinstance(
251 algorithm, ec.ECDH
252 )
254 def dh_supported(self) -> bool:
255 return (
256 not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
257 and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
258 )
260 def dh_x942_serialization_supported(self) -> bool:
261 return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1
263 def x25519_supported(self) -> bool:
264 return not self._fips_enabled
266 def x448_supported(self) -> bool:
267 if self._fips_enabled:
268 return False
269 return (
270 not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
271 and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
272 and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
273 )
275 def mlkem_supported(self) -> bool:
276 return (
277 rust_openssl.CRYPTOGRAPHY_IS_AWSLC
278 or rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
279 )
281 def mldsa_supported(self) -> bool:
282 return (
283 rust_openssl.CRYPTOGRAPHY_IS_AWSLC
284 or rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
285 )
287 def ed25519_supported(self) -> bool:
288 return True
290 def ed448_supported(self) -> bool:
291 return (
292 not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
293 and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
294 and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
295 )
297 def ecdsa_deterministic_supported(self) -> bool:
298 return (
299 rust_openssl.CRYPTOGRAPHY_OPENSSL_320_OR_GREATER
300 and not self._fips_enabled
301 )
303 def poly1305_supported(self) -> bool:
304 return not self._fips_enabled
306 def pkcs7_supported(self) -> bool:
307 return True
310backend = Backend()