b79527f876
- Detect ECC timing resistance and call wc_ecc_set_rng where appropriate. - Detect FIPS version and use that information to figure out how to map hash enum values (see _TYPE_SHA and friends). - Don't call wc_HmacSetKey in the _Hmac constructor if the key passed to _init is length 0. This can happen, for example, when the _Hmac object is being copied. The copy operation copies over the raw memory from the underlying C object, so it's not important that we call wc_HmacSetKey in this case. - Removed a unit test that expected importing an ECC public key from a private key to fail. This does fail in the default wolfSSL version for wolfcrypt-py, v4.1.0-stable, but we added the feature to be able to import public from private with wolfSSL PR #2916. As a result, this test fails with v4.8.1-stable. We should upgrade wolfcrypt-py's default wolfSSL version (and the wolfcrypt-py version itself) in the near future. - The array slicing in test_key_encoding was wrong in many places. This likely stemmed from the author thinking slices were inclusive, but that's only true for the first element of the slice (e.g. [0:31] is elements 0-30 inclusive, not elements 0-31 inclusive). This was uncovered by testing with FIPS ready, which adds -DWOLFSSL_VALIDATE_ECC_IMPORT, causing us to check ECC keys with wc_ecc_check_key. wc_ecc_check_key kept saying, "hey, that point's not on the curve." The array slicing problem was the culprit. - Fixed tests that were doing HMAC with a key less than HMAC_FIPS_MIN_KEY. |
||
|---|---|---|
| docs | ||
| make | ||
| requirements | ||
| src/wolfcrypt | ||
| tests | ||
| .buildinfo | ||
| .coveragerc | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSING.rst | ||
| MANIFEST.in | ||
| Makefile | ||
| README.rst | ||
| setup.py | ||
| tox.ini | ||
README.rst
wolfcrypt: the wolfSSL Crypto Engine
====================================
.. image:: https://travis-ci.org/wolfSSL/wolfcrypt-py.svg?branch=master
:target: https://travis-ci.org/wolfSSL/wolfcrypt-py
**wolfCrypt Python**, a.k.a. ``wolfcrypt`` is a Python module that encapsulates
**wolfSSL's wolfCrypt API**.
`wolfCrypt <https://wolfssl.com/wolfSSL/Products-wolfcrypt.html>`_ is a
lightweight, portable, C-language-based crypto library
targeted at IoT, embedded, and RTOS environments primarily because of its size,
speed, and feature set. It works seamlessly in desktop, enterprise, and cloud
environments as well. It is the crypto engine behind `wolfSSl's embedded ssl
library <https://wolfssl.com/wolfSSL/Products-wolfssl.html>`_.
Installation
------------
We provide Python wheels (prebuilt binaries) for OSX 64 bits and Linux 64 bits:
.. code-block:: bash
$ pip install wolfcrypt
To build wolfcrypt-py against a local installation of the native C wolfSSL
library, use the USE_LOCAL_WOLFSSL variable. This variable should be
wolfcrypt-py can be built against a local version of the native wolfSSL
library by using pip with the USE_LOCAL_WOLFSSL variable. USE_LOCAL_WOLFSSL
should be set equal to the installation path for the wolfSSL library:
.. code-block:: bash
$ USE_LOCAL_WOLFSSL=/path/to/wolfssl/install pip install .
If building wolfcrypt-py against a local wolfSSL library, wolfcrypt-py
will attempt to do native feature detection to enable/disable wolfcrypt-py
features based on how native wolfSSL has been compiled. It uses the
<wolfssl/options.h> header to do feature detection.
Testing
-------
.. code-block:: python
>>> from wolfcrypt.hashes import Sha256
>>> Sha256('wolfcrypt').hexdigest()
b'96e02e7b1cbcd6f104fe1fdb4652027a5505b68652b70095c6318f9dce0d1844'