Hello community, here is the log from the commit of package python-libnacl for openSUSE:Factory checked in at 2016-01-12 16:12:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-libnacl (Old) and /work/SRC/openSUSE:Factory/.python-libnacl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-libnacl" Changes: -------- --- /work/SRC/openSUSE:Factory/python-libnacl/python-libnacl.changes 2015-11-26 17:02:00.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-libnacl.new/python-libnacl.changes 2016-01-12 16:12:14.000000000 +0100 @@ -1,0 +2,23 @@ +Mon Jan 4 20:13:15 UTC 2016 - [email protected] + +- Updated to 1.4.4 + - Add pack_nonce options to secretbox + libnacl secretbox has been packing the nonce in each message, + the new pack_nonce option allows for the nonce to be omitted + which allows for more flexible options + - Add soversion 17 detection + Added explicit soversion support for libsodium 17 + - Fix crypto_onetimeauth tests + The crypto onetimeauth test issues have been resolved + - Remove tweetnacl Support + The tweetnacl support was never really tested, and since the + tweetnacl api is not complete we have removed support for it + - Add sodium_init calls + Added calls to sodium_init when the lib is loaded + - packaging: + - New BuildRequirement python-setuptools + - Updated the description + - Removed the patch for soname: libnacl-1.4.3_bump_libsodium_soversion.patch + not needed anymore + +------------------------------------------------------------------- Old: ---- libnacl-1.4.3.tar.gz libnacl-1.4.3_bump_libsodium_soversion.patch New: ---- libnacl-1.4.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-libnacl.spec ++++++ --- /var/tmp/diff_new_pack.uhz2Q5/_old 2016-01-12 16:12:15.000000000 +0100 +++ /var/tmp/diff_new_pack.uhz2Q5/_new 2016-01-12 16:12:15.000000000 +0100 @@ -16,17 +16,17 @@ # Name: python-libnacl -Version: 1.4.3 +Version: 1.4.4 Release: 0 License: Apache-2.0 -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Summary: Python bindings for libsodium based on ctypes Url: https://github.com/saltstack/libnacl Group: Development/Languages/Python Source0: https://pypi.python.org/packages/source/l/libnacl/libnacl-%{version}.tar.gz -Patch: libnacl-1.4.3_bump_libsodium_soversion.patch BuildRoot: %{_tmppath}/libnacl-%{version}-build BuildRequires: python +BuildRequires: python-setuptools BuildRequires: python-devel BuildRequires: libsodium-devel @@ -37,13 +37,12 @@ %(LC_ALL=C rpm -q -a --qf "Requires: %%{name}(%{__isa}) = %%{epoch}:%%{version}\n" 'libsodium*' | grep -v libsodium-devel | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") %description -This library is used to gain direct access to the functions exposed by Daniel J. Bernstein's nacl library via libsodium or tweetnacl. +This library is used to gain direct access to the functions exposed by Daniel J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file binding to all of nacl. %prep %setup -q -n libnacl-%{version} -%patch -p1 %build python setup.py build ++++++ libnacl-1.4.3.tar.gz -> libnacl-1.4.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/MANIFEST.in new/libnacl-1.4.4/MANIFEST.in --- old/libnacl-1.4.3/MANIFEST.in 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/MANIFEST.in 2015-12-05 00:21:03.000000000 +0100 @@ -0,0 +1,6 @@ +include LICENSE +include AUTHORS +include README.rst +recursive-include tests * +recursive-include doc * +recursive-include pkg * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/PKG-INFO new/libnacl-1.4.4/PKG-INFO --- old/libnacl-1.4.3/PKG-INFO 2015-06-11 21:43:55.000000000 +0200 +++ new/libnacl-1.4.4/PKG-INFO 2016-01-04 18:03:51.000000000 +0100 @@ -1,7 +1,7 @@ Metadata-Version: 1.1 Name: libnacl -Version: 1.4.3 -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Version: 1.4.4 +Summary: Python bindings for libsodium based on ctypes Home-page: https://libnacl.readthedocs.org/ Author: Thomas S Hatch Author-email: [email protected] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/README.rst new/libnacl-1.4.4/README.rst --- old/libnacl-1.4.3/README.rst 2015-02-18 17:34:19.000000000 +0100 +++ new/libnacl-1.4.4/README.rst 2016-01-04 17:57:18.000000000 +0100 @@ -3,7 +3,7 @@ ============== This library is used to gain direct access to the functions exposed by -Daniel J. Bernstein's nacl library via libsodium or tweetnacl. It has +Daniel J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file @@ -31,3 +31,31 @@ to dep libnacl This makes libnacl very portable, very easy to use and easy to distribute. + +Install +======= + +The libnacl code is easiy installed via a setup.py from the source or via pip. + +From Source: + +.. code-block:: bash + + tar xvf libnacl-1.4.4.tar.gz + cd libnacl-1.4.4 + python setup.py install + +Via Pip: + +.. code-block:: bash + + pip install libnacl + +Remember that libnacl can be installed for python 2 and 3. + +Linux distributions +------------------- + +Libnacl is shiped with many linux distributions, check your distribution +package manager for the package ``python-libnacl``, ``python2-libnacl`` +and/or ``python3-libnacl``. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/conf.py new/libnacl-1.4.4/doc/conf.py --- old/libnacl-1.4.3/doc/conf.py 2015-06-11 20:50:56.000000000 +0200 +++ new/libnacl-1.4.4/doc/conf.py 2016-01-04 17:47:15.000000000 +0100 @@ -15,6 +15,8 @@ import sys import os sys.path.insert(0, os.path.abspath('..')) +from libnacl import __version__ as version + # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. @@ -53,7 +55,6 @@ # built documents. # # The short X.Y version. -version = '1.4.3' # The full version, including alpha/beta/rc tags. release = version @@ -100,7 +101,7 @@ # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'default' +#html_theme = 'default' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -129,7 +130,7 @@ # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] +#html_static_path = ['_static'] # Add any extra paths that contain custom files (such as robots.txt or # .htaccess) here, relative to this directory. These files are copied @@ -178,7 +179,7 @@ #html_file_suffix = None # Output file base name for HTML help builder. -htmlhelp_basename = 'libnacldoc' +#htmlhelp_basename = 'libnacl' # -- Options for LaTeX output --------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/dual.rst new/libnacl-1.4.4/doc/topics/dual.rst --- old/libnacl-1.4.3/doc/topics/dual.rst 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/doc/topics/dual.rst 2015-12-09 18:16:39.000000000 +0100 @@ -76,7 +76,7 @@ All libnacl key objects can be safely saved to disk via the save method. This method changes the umask before saving the key file to ensure that the saved file can only be read by the user creating it and cannot be written to. -When using dual keys the encrypting and signing keys will be safed togather in +When using dual keys the encrypting and signing keys will be saved togather in a single file. .. code-block:: python diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/public.rst new/libnacl-1.4.4/doc/topics/public.rst --- old/libnacl-1.4.3/doc/topics/public.rst 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/doc/topics/public.rst 2015-12-09 18:16:39.000000000 +0100 @@ -32,7 +32,7 @@ bclear = alice_box.decrypt(bob_ctxt) # Alice can send encrypted messages which only Bob can decrypt alice_ctxt = alice_box.encrypt(msg) - aclear = alice_box.decrypt(alice_ctxt) + aclear = bob_box.decrypt(alice_ctxt) .. note:: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/raw_generichash.rst new/libnacl-1.4.4/doc/topics/raw_generichash.rst --- old/libnacl-1.4.3/doc/topics/raw_generichash.rst 2014-11-03 06:02:40.000000000 +0100 +++ new/libnacl-1.4.4/doc/topics/raw_generichash.rst 2015-12-09 18:16:39.000000000 +0100 @@ -28,4 +28,4 @@ import libnacl msg = 'Is there someone else up there we could talk to?' - h_msg = libnacl.crypto_genrichash(msg) + h_msg = libnacl.crypto_generichash(msg) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/releases/1.0.0.rst new/libnacl-1.4.4/doc/topics/releases/1.0.0.rst --- old/libnacl-1.4.3/doc/topics/releases/1.0.0.rst 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/doc/topics/releases/1.0.0.rst 2016-01-04 17:47:15.000000000 +0100 @@ -3,7 +3,7 @@ =========================== This is the first stable release of libnacl, the python bindings for Daniel J. -Bernstein's nacl library via libsodium or tweetnacl. +Bernstein's nacl library via libsodium. NaCl Base Functions =================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/releases/1.4.4.rst new/libnacl-1.4.4/doc/topics/releases/1.4.4.rst --- old/libnacl-1.4.3/doc/topics/releases/1.4.4.rst 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/doc/topics/releases/1.4.4.rst 2016-01-04 17:55:45.000000000 +0100 @@ -0,0 +1,30 @@ +=========================== +libnacl 1.4.4 Release Notes +=========================== + +Add pack_nonce options to secretbox +=================================== + +* libnacl secretbox has been packing the nonce in each message, the new pack_nonce + option allows for the nonce to be omitted which allows for more flexible options + +Add soversion 17 detection +========================== + +* Added explicit soversion support for libsodium 17 + +Fix crypto_onetimeauth tests +============================ + +* The crypto onetimeauth test issues have been resolved + +Remove tweetnacl Support +======================== + +* The tweetnacl support was never really tested, and since the tweetnacl api + is not complete we have removed support for it + +Add sodium_init calls +===================== + +* Added calls to sodium_init when the lib is loaded diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/doc/topics/secret.rst new/libnacl-1.4.4/doc/topics/secret.rst --- old/libnacl-1.4.3/doc/topics/secret.rst 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/doc/topics/secret.rst 2015-12-09 18:16:39.000000000 +0100 @@ -4,7 +4,7 @@ Secret key encryption is the method of using a single key for both encryption and decryption of messages. One of the classic examples from history of secret -key, or symetric, encryption is the Enigma machine. +key, or symmetric, encryption is the Enigma machine. The SecretBox class in libnacl.secret makes this type of encryption very easy to execute: @@ -17,7 +17,7 @@ box = libnacl.secret.SecretBox() # Messages can now be safely encrypted ctxt = box.encrypt(msg) - # An addition box can be created from the original box secret key + # An additional box can be created from the original box secret key box2 = libnacl.secret.SecretBox(box.sk) # Messages can now be easily encrypted and decrypted clear1 = box.decrypt(ctxt) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl/__init__.py new/libnacl-1.4.4/libnacl/__init__.py --- old/libnacl-1.4.3/libnacl/__init__.py 2015-06-11 18:36:09.000000000 +0200 +++ new/libnacl-1.4.4/libnacl/__init__.py 2016-01-04 17:47:15.000000000 +0100 @@ -9,7 +9,7 @@ import ctypes import sys -__SONAMES = (13, 10, 5, 4) +__SONAMES = (17, 13, 10, 5, 4) def _get_nacl(): @@ -29,12 +29,8 @@ ) except OSError: pass - try: - return ctypes.cdll.LoadLibrary('tweetnacl') - except OSError: - msg = ('Could not locate nacl lib, searched for libsodium, ' - 'tweetnacl') - raise OSError(msg) + msg = 'Could not locate nacl lib, searched for libsodium' + raise OSError(msg) elif sys.platform.startswith('darwin'): try: return ctypes.cdll.LoadLibrary('libsodium.dylib') @@ -46,12 +42,7 @@ libpath = __file__[0:libidx+3] + '/libsodium.dylib' return ctypes.cdll.LoadLibrary(libpath) except OSError: - pass - try: - return ctypes.cdll.LoadLibrary('tweetnacl.dylib') - except OSError: - msg = ('Could not locate nacl lib, searched for libsodium, ' - 'tweetnacl') + msg = 'Could not locate nacl lib, searched for libsodium' raise OSError(msg) else: try: @@ -77,17 +68,25 @@ ) except OSError: pass - try: - return ctypes.cdll.LoadLibrary('tweetnacl.so') - except OSError: - msg = 'Could not locate nacl lib, searched for libsodium.so, ' - for soname_ver in __SONAMES: - msg += 'libsodium.so.{0}, '.format(soname_ver) - msg += ' and tweetnacl.so' - raise OSError(msg) + msg = 'Could not locate nacl lib, searched for libsodium.so, ' + for soname_ver in __SONAMES: + msg += 'libsodium.so.{0}, '.format(soname_ver) + raise OSError(msg) nacl = _get_nacl() + +# Define exceptions +class CryptError(Exception): + """ + Base Exception for cryptographic errors + """ + +sodium_init = nacl.sodium_init +sodium_init.res_type = ctypes.c_int +if sodium_init() < 0: + raise RuntimeError('sodium_init() call failed!') + # Define constants crypto_box_SECRETKEYBYTES = nacl.crypto_box_secretkeybytes() crypto_box_PUBLICKEYBYTES = nacl.crypto_box_publickeybytes() @@ -123,15 +122,12 @@ crypto_hash_BYTES = nacl.crypto_hash_sha512_bytes() crypto_hash_sha256_BYTES = nacl.crypto_hash_sha256_bytes() crypto_hash_sha512_BYTES = nacl.crypto_hash_sha512_bytes() +crypto_verify_16_BYTES = nacl.crypto_verify_16_bytes() +crypto_verify_32_BYTES = nacl.crypto_verify_32_bytes() +crypto_verify_64_BYTES = nacl.crypto_verify_64_bytes() # pylint: enable=C0103 -# Define exceptions -class CryptError(Exception): - ''' - Base Exception for cryptographic errors - ''' - # Pubkey defs @@ -310,23 +306,48 @@ # Authenticated Symmetric Encryption -def crypto_secretbox(msg, nonce, key): - ''' - Encrypts and authenticates a message using the given secret key, and nonce - ''' - pad = b'\x00' * crypto_secretbox_ZEROBYTES + msg +def crypto_secretbox(message, nonce, key): + """Encrypts and authenticates a message using the given secret key, and nonce + + Args: + message (bytes): a message to encrypt + nonce (bytes): nonce, does not have to be confidential must be + `crypto_secretbox_NONCEBYTES` in length + key (bytes): secret key, must be `crypto_secretbox_KEYBYTES` in + length + + Returns: + bytes: the ciphertext + + Raises: + ValueError: if arguments' length is wrong or the operation has failed. + """ + if len(key) != crypto_secretbox_KEYBYTES: + raise ValueError('Invalid key') + + if len(nonce) != crypto_secretbox_NONCEBYTES: + raise ValueError('Invalid nonce') + + pad = b'\x00' * crypto_secretbox_ZEROBYTES + message ctxt = ctypes.create_string_buffer(len(pad)) - ret = nacl.crypto_secretbox(ctxt, pad, ctypes.c_ulonglong(len(pad)), nonce, key) + ret = nacl.crypto_secretbox( + ctxt, pad, ctypes.c_ulonglong(len(pad)), nonce, key) if ret: raise ValueError('Failed to encrypt message') return ctxt.raw[crypto_secretbox_BOXZEROBYTES:] def crypto_secretbox_open(ctxt, nonce, key): - ''' + """ Decrypts a ciphertext ctxt given the receivers private key, and senders public key - ''' + """ + if len(key) != crypto_secretbox_KEYBYTES: + raise ValueError('Invalid key') + + if len(nonce) != crypto_secretbox_NONCEBYTES: + raise ValueError('Invalid nonce') + pad = b'\x00' * crypto_secretbox_BOXZEROBYTES + ctxt msg = ctypes.create_string_buffer(len(pad)) ret = nacl.crypto_secretbox_open( @@ -401,27 +422,71 @@ # One time authentication -def crypto_onetimeauth(msg, key): - ''' - Constructs a one time authentication token for the given message msg using +def crypto_onetimeauth_primitive(): + """ + Return the onetimeauth underlying primitive + + Returns: + str: always ``poly1305`` + """ + func = nacl.crypto_onetimeauth_primitive + func.restype = ctypes.c_char_p + return func().decode() + + +def crypto_onetimeauth(message, key): + """ + Constructs a one time authentication token for the given message using a given secret key - ''' + + Args: + message (bytes): message to authenticate. + key (bytes): secret key - must be of crypto_onetimeauth_KEYBYTES length. + + Returns: + bytes: an authenticator, of crypto_onetimeauth_BYTES length. + + Raises: + ValueError: if arguments' length is wrong. + """ + if len(key) != crypto_onetimeauth_KEYBYTES: + raise ValueError('Invalid secret key') + tok = ctypes.create_string_buffer(crypto_onetimeauth_BYTES) - ret = nacl.crypto_onetimeauth(tok, msg, ctypes.c_ulonglong(len(msg)), key) - if ret: - raise ValueError('Failed to auth msg') + # cannot fail + _ = nacl.crypto_onetimeauth( + tok, message, ctypes.c_ulonglong(len(message)), key) + return tok.raw[:crypto_onetimeauth_BYTES] -def crypto_onetimeauth_verify(tok, msg, key): - ''' - Verifies that the given authentication token is correct for the given - message and key - ''' - ret = nacl.crypto_onetimeauth_verify(tok, msg, ctypes.c_ulonglong(len(msg)), key) +def crypto_onetimeauth_verify(token, message, key): + """ + Verifies, in constant time, that ``token`` is a correct authenticator for + the message using the secret key. + + Args: + token (bytes): an authenticator of crypto_onetimeauth_BYTES length. + message (bytes): The message to authenticate. + key: key (bytes): secret key - must be of crypto_onetimeauth_KEYBYTES + length. + + Returns: + bytes: secret key - must be of crypto_onetimeauth_KEYBYTES length. + + Raises: + ValueError: if arguments' length is wrong or verification has failed. + """ + if len(key) != crypto_onetimeauth_KEYBYTES: + raise ValueError('Invalid secret key') + if len(token) != crypto_onetimeauth_BYTES: + raise ValueError('Invalid authenticator') + + ret = nacl.crypto_onetimeauth_verify( + token, message, ctypes.c_ulonglong(len(message)), key) if ret: - raise ValueError('Failed to auth msg') - return msg + raise ValueError('Failed to auth message') + return message # Hashing @@ -516,8 +581,21 @@ return not nacl.crypto_verify_32(string1, string2) +def crypto_verify_64(string1, string2): + ''' + Compares the first crypto_verify_64_BYTES of the given strings + + The time taken by the function is independent of the contents of string1 + and string2. In contrast, the standard C comparison function + memcmp(string1,string2,64) takes time that is dependent on the longest + matching prefix of string1 and string2. This often allows for easy + timing attacks. + ''' + return not nacl.crypto_verify_64(string1, string2) + # Random byte generation + def randombytes(size): ''' Return a string of random bytes of the given size diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl/base.py new/libnacl-1.4.4/libnacl/base.py --- old/libnacl-1.4.3/libnacl/base.py 2015-06-11 18:30:10.000000000 +0200 +++ new/libnacl-1.4.4/libnacl/base.py 2015-12-09 18:16:39.000000000 +0100 @@ -64,8 +64,8 @@ import json packaged = json.dumps(pre) - perm_other = stat.S_IWOTH | stat.S_IXOTH | stat.S_IWOTH - perm_group = stat.S_IXGRP | stat.S_IWGRP | stat.S_IRWXG + perm_other = stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH + perm_group = stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP cumask = os.umask(perm_other | perm_group) with open(path, 'w+') as fp_: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl/secret.py new/libnacl-1.4.4/libnacl/secret.py --- old/libnacl-1.4.3/libnacl/secret.py 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/libnacl/secret.py 2015-12-09 18:16:39.000000000 +0100 @@ -19,7 +19,7 @@ raise ValueError('Invalid key') self.sk = key - def encrypt(self, msg, nonce=None): + def encrypt(self, msg, nonce=None, pack_nonce=True): ''' Encrypt the given message. If a nonce is not given it will be generated via the rand_nonce function @@ -27,9 +27,12 @@ if nonce is None: nonce = libnacl.utils.rand_nonce() if len(nonce) != libnacl.crypto_secretbox_NONCEBYTES: - raise ValueError('Invalid Nonce') + raise ValueError('Invalid nonce size') ctxt = libnacl.crypto_secretbox(msg, nonce, self.sk) - return nonce + ctxt + if pack_nonce: + return nonce + ctxt + else: + return nonce, ctxt def decrypt(self, ctxt, nonce=None): ''' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl/version.py new/libnacl-1.4.4/libnacl/version.py --- old/libnacl-1.4.3/libnacl/version.py 2015-06-11 20:51:08.000000000 +0200 +++ new/libnacl-1.4.4/libnacl/version.py 2016-01-04 17:57:35.000000000 +0100 @@ -1 +1 @@ -__version__ = '1.4.3' +__version__ = '1.4.4' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl.egg-info/PKG-INFO new/libnacl-1.4.4/libnacl.egg-info/PKG-INFO --- old/libnacl-1.4.3/libnacl.egg-info/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/libnacl.egg-info/PKG-INFO 2016-01-04 18:03:51.000000000 +0100 @@ -0,0 +1,19 @@ +Metadata-Version: 1.1 +Name: libnacl +Version: 1.4.4 +Summary: Python bindings for libsodium based on ctypes +Home-page: https://libnacl.readthedocs.org/ +Author: Thomas S Hatch +Author-email: [email protected] +License: UNKNOWN +Description: UNKNOWN +Platform: UNKNOWN +Classifier: Operating System :: OS Independent +Classifier: License :: OSI Approved :: Apache Software License +Classifier: Programming Language :: Python +Classifier: Programming Language :: Python :: 2.6 +Classifier: Programming Language :: Python :: 2.7 +Classifier: Programming Language :: Python :: 3.4 +Classifier: Development Status :: 5 - Production/Stable +Classifier: Intended Audience :: Developers +Classifier: Topic :: Security :: Cryptography diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl.egg-info/SOURCES.txt new/libnacl-1.4.4/libnacl.egg-info/SOURCES.txt --- old/libnacl-1.4.3/libnacl.egg-info/SOURCES.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/libnacl.egg-info/SOURCES.txt 2016-01-04 18:03:51.000000000 +0100 @@ -0,0 +1,67 @@ +AUTHORS +LICENSE +MANIFEST.in +README.rst +setup.py +doc/Makefile +doc/conf.py +doc/index.rst +doc/topics/dual.rst +doc/topics/public.rst +doc/topics/raw_generichash.rst +doc/topics/raw_hash.rst +doc/topics/raw_public.rst +doc/topics/raw_secret.rst +doc/topics/raw_sign.rst +doc/topics/secret.rst +doc/topics/sign.rst +doc/topics/utils.rst +doc/topics/releases/1.0.0.rst +doc/topics/releases/1.1.0.rst +doc/topics/releases/1.2.0.rst +doc/topics/releases/1.3.0.rst +doc/topics/releases/1.3.1.rst +doc/topics/releases/1.3.2.rst +doc/topics/releases/1.3.3.rst +doc/topics/releases/1.3.4.rst +doc/topics/releases/1.4.0.rst +doc/topics/releases/1.4.1.rst +doc/topics/releases/1.4.2.rst +doc/topics/releases/1.4.3.rst +doc/topics/releases/1.4.4.rst +doc/topics/releases/index.rst +libnacl/__init__.py +libnacl/base.py +libnacl/blake.py +libnacl/dual.py +libnacl/encode.py +libnacl/public.py +libnacl/secret.py +libnacl/sign.py +libnacl/utils.py +libnacl/version.py +libnacl.egg-info/PKG-INFO +libnacl.egg-info/SOURCES.txt +libnacl.egg-info/dependency_links.txt +libnacl.egg-info/top_level.txt +pkg/rpm/python-libnacl.spec +pkg/suse/python-libnacl.changes +pkg/suse/python-libnacl.spec +tests/runtests.py +tests/unit/__init__.py +tests/unit/test_auth_verify.py +tests/unit/test_blake.py +tests/unit/test_dual.py +tests/unit/test_public.py +tests/unit/test_raw_auth_sym.py +tests/unit/test_raw_generichash.py +tests/unit/test_raw_hash.py +tests/unit/test_raw_public.py +tests/unit/test_raw_random.py +tests/unit/test_raw_secret.py +tests/unit/test_raw_sign.py +tests/unit/test_save.py +tests/unit/test_secret.py +tests/unit/test_sign.py +tests/unit/test_verify.py +tests/unit/test_version.py \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl.egg-info/dependency_links.txt new/libnacl-1.4.4/libnacl.egg-info/dependency_links.txt --- old/libnacl-1.4.3/libnacl.egg-info/dependency_links.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/libnacl.egg-info/dependency_links.txt 2016-01-04 18:03:51.000000000 +0100 @@ -0,0 +1 @@ + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/libnacl.egg-info/top_level.txt new/libnacl-1.4.4/libnacl.egg-info/top_level.txt --- old/libnacl-1.4.3/libnacl.egg-info/top_level.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/libnacl.egg-info/top_level.txt 2016-01-04 18:03:51.000000000 +0100 @@ -0,0 +1 @@ +libnacl diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/pkg/rpm/python-libnacl.spec new/libnacl-1.4.4/pkg/rpm/python-libnacl.spec --- old/libnacl-1.4.3/pkg/rpm/python-libnacl.spec 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/pkg/rpm/python-libnacl.spec 2016-01-04 17:47:15.000000000 +0100 @@ -13,9 +13,9 @@ %global srcname libnacl Name: python-%{srcname} -Version: 1.3.5 +Version: 1.4.3 Release: 1%{?dist} -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Summary: Python bindings for libsodium based on ctypes Group: Development/Libraries License: ASL 2.0 @@ -41,7 +41,7 @@ %description This library is used to gain direct access to the functions exposed by Daniel -J. Bernstein's nacl library via libsodium or tweetnacl. It has been constructed +J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file binding to all of nacl. @@ -50,13 +50,13 @@ %if 0%{?with_python3} %package -n python3-%{srcname} -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Summary: Python bindings for libsodium based on ctypes Group: Development/Libraries Requires: libsodium %description -n python3-%{srcname} This library is used to gain direct access to the functions exposed by Daniel -J. Bernstein's nacl library via libsodium or tweetnacl. It has been constructed +J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file binding to all of nacl. @@ -66,7 +66,7 @@ %if 0%{?rhel} == 5 %package -n python26-%{srcname} -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Summary: Python bindings for libsodium based on ctypes Group: Development/Libraries BuildRequires: python26 BuildRequires: libsodium @@ -76,7 +76,7 @@ %description -n python26-%{srcname} This library is used to gain direct access to the functions exposed by Daniel -J. Bernstein's nacl library via libsodium or tweetnacl. It has been constructed +J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file binding to all of nacl. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/pkg/suse/python-libnacl.spec new/libnacl-1.4.4/pkg/suse/python-libnacl.spec --- old/libnacl-1.4.3/pkg/suse/python-libnacl.spec 2014-10-03 22:21:33.000000000 +0200 +++ new/libnacl-1.4.4/pkg/suse/python-libnacl.spec 2016-01-04 17:47:15.000000000 +0100 @@ -16,10 +16,10 @@ # Name: python-libnacl -Version: 1.1.0 +Version: 1.4.3 Release: 0 License: Apache-2.0 -Summary: Python bindings for libsodium/tweetnacl based on ctypes +Summary: Python bindings for libsodium based on ctypes Url: https://github.com/saltstack/libnacl Group: Development/Languages/Python Source0: https://pypi.python.org/packages/source/l/libnacl/libnacl-%{version}.tar.gz @@ -38,7 +38,7 @@ %endif %description -This library is used to gain direct access to the functions exposed by Daniel J. Bernstein's nacl library via libsodium or tweetnacl. +This library is used to gain direct access to the functions exposed by Daniel J. Bernstein's nacl library via libsodium. It has been constructed to maintain extensive documentation on how to use nacl as well as being completely portable. The file in libnacl/__init__.py can be pulled out and placed directly in any project to give a single file binding to all of nacl. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/setup.cfg new/libnacl-1.4.4/setup.cfg --- old/libnacl-1.4.3/setup.cfg 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/setup.cfg 2016-01-04 18:03:51.000000000 +0100 @@ -0,0 +1,5 @@ +[egg_info] +tag_build = +tag_date = 0 +tag_svn_revision = 0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/setup.py new/libnacl-1.4.4/setup.py --- old/libnacl-1.4.3/setup.py 2015-03-17 17:11:06.000000000 +0100 +++ new/libnacl-1.4.4/setup.py 2016-01-04 17:47:15.000000000 +0100 @@ -1,17 +1,10 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -# Import python libs -import os -import sys - -if 'USE_SETUPTOOLS' in os.environ or 'setuptools' in sys.modules: - from setuptools import setup -else: - from distutils.core import setup +from setuptools import setup NAME = 'libnacl' -DESC = ('Python bindings for libsodium/tweetnacl based on ctypes') +DESC = 'Python bindings for libsodium based on ctypes' # Version info -- read without importing _locals = {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/tests/unit/test_auth_verify.py new/libnacl-1.4.4/tests/unit/test_auth_verify.py --- old/libnacl-1.4.3/tests/unit/test_auth_verify.py 2015-06-11 20:22:06.000000000 +0200 +++ new/libnacl-1.4.4/tests/unit/test_auth_verify.py 2016-01-04 17:47:15.000000000 +0100 @@ -29,20 +29,31 @@ self.assertTrue('Failed to auth msg' in context.exception.args) def test_onetimeauth_verify(self): + self.assertEqual("poly1305", libnacl.crypto_onetimeauth_primitive()) + msg = b'Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.' - key1 = libnacl.utils.rand_nonce() - key2 = libnacl.utils.rand_nonce() + key1 = libnacl.randombytes(libnacl.crypto_onetimeauth_KEYBYTES) + key2 = libnacl.randombytes(libnacl.crypto_onetimeauth_KEYBYTES) sig1 = libnacl.crypto_onetimeauth(msg, key1) sig2 = libnacl.crypto_onetimeauth(msg, key2) + with self.assertRaises(ValueError): + libnacl.crypto_onetimeauth(msg, b'too_short') + + with self.assertRaises(ValueError): + libnacl.crypto_onetimeauth_verify(sig1, msg, b'too_short') + + with self.assertRaises(ValueError): + libnacl.crypto_onetimeauth_verify(b'too_short', msg, key1) + self.assertTrue(libnacl.crypto_onetimeauth_verify(sig1, msg, key1)) self.assertTrue(libnacl.crypto_onetimeauth_verify(sig2, msg, key2)) with self.assertRaises(ValueError) as context: libnacl.crypto_onetimeauth_verify(sig1, msg, key2) - self.assertTrue('Failed to auth msg' in context.exception.args) + self.assertTrue('Failed to auth message' in context.exception.args) with self.assertRaises(ValueError) as context: libnacl.crypto_onetimeauth_verify(sig2, msg, key1) - self.assertTrue('Failed to auth msg' in context.exception.args) + self.assertTrue('Failed to auth message' in context.exception.args) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/tests/unit/test_raw_hash.py new/libnacl-1.4.4/tests/unit/test_raw_hash.py --- old/libnacl-1.4.3/tests/unit/test_raw_hash.py 2014-11-03 05:13:14.000000000 +0100 +++ new/libnacl-1.4.4/tests/unit/test_raw_hash.py 2016-01-04 17:47:15.000000000 +0100 @@ -1,14 +1,15 @@ # Import nacl libs import libnacl +from hashlib import sha256, sha512 # Import python libs import unittest class TestHash(unittest.TestCase): - ''' + """ Test sign functions - ''' + """ def test_hash(self): msg1 = b'Are you suggesting coconuts migrate?' msg2 = b'Not at all, they could be carried.' @@ -18,3 +19,11 @@ self.assertNotEqual(msg2, chash2) self.assertNotEqual(chash2, chash1) + ref256 = sha256(msg1) + self.assertEqual(ref256.digest_size, libnacl.crypto_hash_sha256_BYTES) + self.assertEqual(ref256.digest(), libnacl.crypto_hash_sha256(msg1)) + + ref512 = sha512(msg1) + self.assertEqual(ref512.digest_size, libnacl.crypto_hash_sha512_BYTES) + self.assertEqual(ref512.digest(), libnacl.crypto_hash_sha512(msg1)) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/tests/unit/test_raw_secret.py new/libnacl-1.4.4/tests/unit/test_raw_secret.py --- old/libnacl-1.4.3/tests/unit/test_raw_secret.py 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/tests/unit/test_raw_secret.py 2016-01-04 17:47:15.000000000 +0100 @@ -0,0 +1,33 @@ +# Import libnacl libs +import libnacl +import libnacl.utils + +# Import python libs +import unittest + + +class TestSecret(unittest.TestCase): + """ + Test secret functions + """ + def test_secretbox(self): + msg = b'Are you suggesting coconuts migrate?' + + nonce = libnacl.utils.rand_nonce() + key = libnacl.utils.salsa_key() + + c = libnacl.crypto_secretbox(msg, nonce, key) + m = libnacl.crypto_secretbox_open(c, nonce, key) + self.assertEqual(msg, m) + + with self.assertRaises(ValueError): + libnacl.crypto_secretbox(msg, b'too_short', key) + + with self.assertRaises(ValueError): + libnacl.crypto_secretbox(msg, nonce, b'too_short') + + with self.assertRaises(ValueError): + libnacl.crypto_secretbox_open(c, b'too_short', key) + + with self.assertRaises(ValueError): + libnacl.crypto_secretbox_open(c, nonce, b'too_short') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libnacl-1.4.3/tests/unit/test_verify.py new/libnacl-1.4.4/tests/unit/test_verify.py --- old/libnacl-1.4.3/tests/unit/test_verify.py 1970-01-01 01:00:00.000000000 +0100 +++ new/libnacl-1.4.4/tests/unit/test_verify.py 2016-01-04 17:47:15.000000000 +0100 @@ -0,0 +1,39 @@ +""" +Basic tests for verify functions +""" + +import libnacl +import unittest + + +# These are copied from libsodium test suite +class TestVerify(unittest.TestCase): + def test_verify16(self): + v16 = libnacl.randombytes_buf(16) + v16x = v16[:] + self.assertTrue(libnacl.crypto_verify_16(v16, v16x)) + v16x = bytearray(v16x) + v16x[libnacl.randombytes_random() & 15] += 1 + self.assertFalse(libnacl.crypto_verify_16(v16, bytes(v16x))) + + self.assertEqual(libnacl.crypto_verify_16_BYTES, 16) + + def test_verify32(self): + v32 = libnacl.randombytes_buf(32) + v32x = v32[:] + self.assertTrue(libnacl.crypto_verify_32(v32, v32x)) + v32x = bytearray(v32x) + v32x[libnacl.randombytes_random() & 31] += 1 + self.assertFalse(libnacl.crypto_verify_32(v32, bytes(v32x))) + + self.assertEqual(libnacl.crypto_verify_32_BYTES, 32) + + def test_verify64(self): + v64 = libnacl.randombytes_buf(64) + v64x = v64[:] + self.assertTrue(libnacl.crypto_verify_64(v64, v64x)) + v64x = bytearray(v64x) + v64x[libnacl.randombytes_random() & 63] += 1 + self.assertFalse(libnacl.crypto_verify_64(v64, bytes(v64x))) + + self.assertEqual(libnacl.crypto_verify_64_BYTES, 64)
