Merge pull request #23 from rohe/2and3

2and3

Author: Roland Hedberg

.idea/libraries/sass_stdlib.xml

@@ -1,16 +1,12 @@
 language: python
-python: "2.7"
 
 env:
   - TOX_ENV=py27
-
-python:
-  - "2.7"
+  - TOX_ENV=py34
 
 install:
  - pip install -U tox
  - sudo apt-get -qq install libgmp-dev
- - pip install -e .
-
+ 
 script:
  - tox -e $TOX_ENV

.travis.yml

@@ -10,8 +10,7 @@ Implementation of JWT, JWS, JWE and JWK as defined in:
 Installation
 ============
 
-Pyjwkest is written and tested using Python version 2.7. A Python 3.4 version
-is in the works.
+Pyjwkest is written and tested using Python version 2.7 and 3.4.
 
 You should be able to simply run 'python setup.py install' to install it.
 

README.rst

@@ -39,18 +39,18 @@ def run_tests(self):
 
 setup(
     name="pyjwkest",
-    version="0.6.2",
+    version="1.0.0",
     description="Python implementation of JWT, JWE, JWS and JWK",
     author="Roland Hedberg",
     author_email="[email protected]",
     license="Apache 2.0",
-    packages=["jwkest", "cryptlib"],
+    packages=["jwkest"],
     package_dir={"": "src"},
     classifiers=["Development Status :: 4 - Beta",
                  "License :: OSI Approved :: Apache Software License",
                  "Topic :: Software Development :: Libraries :: Python "
                  "Modules"],
-    install_requires=["pycrypto >= 2.6.1", "requests"],
+    install_requires=["pycrypto >= 2.6.1", "requests", "six", "future"],
     tests_require=['pytest'],
     zip_safe=False,
     cmdclass={'test': PyTest},

setup.py

@@ -70,10 +70,15 @@
 
 __version__ = "1.2"
 
+from builtins import chr
+from builtins import zip
+from builtins import range
+from builtins import object
+
+import string
 from struct import pack
 from binascii import b2a_hex
 from random import randint
-import string
 
 try:
     # Use PyCrypto (if available)
@@ -149,7 +154,7 @@ def __f(self, i):
         assert 1 <= i <= 0xffffffff
         U = self.__prf(self.__passphrase, self.__salt + pack("!L", i))
         result = U
-        for j in xrange(2, 1+self.__iterations):
+        for j in range(2, 1+self.__iterations):
             U = self.__prf(self.__passphrase, U)
             result = strxor(result, U)
         return result
@@ -166,17 +171,17 @@ def _setup(self, passphrase, salt, iterations, prf):
 
         # passphrase and salt must be str or unicode (in the latter
         # case, we convert to UTF-8)
-        if isinstance(passphrase, unicode):
+        if isinstance(passphrase, str):
             passphrase = passphrase.encode("UTF-8")
         if not isinstance(passphrase, str):
             raise TypeError("passphrase must be str or unicode")
-        if isinstance(salt, unicode):
+        if isinstance(salt, str):
             salt = salt.encode("UTF-8")
         if not isinstance(salt, str):
             raise TypeError("salt must be str or unicode")
 
         # iterations must be an integer >= 1
-        if not isinstance(iterations, (int, long)):
+        if not isinstance(iterations, (int, int)):
             raise TypeError("iterations must be an integer")
         if iterations < 1:
             raise ValueError("iterations must be at least 1")
@@ -218,13 +223,13 @@ def crypt(word, salt=None, iterations=None):
         salt = _makesalt()
 
     # salt must be a string or the us-ascii subset of unicode
-    if isinstance(salt, unicode):
+    if isinstance(salt, str):
         salt = salt.encode("us-ascii")
     if not isinstance(salt, str):
         raise TypeError("salt must be a string")
 
     # word must be a string or unicode (in the latter case, we convert to UTF-8)
-    if isinstance(word, unicode):
+    if isinstance(word, str):
         word = word.encode("UTF-8")
     if not isinstance(word, str):
         raise TypeError("word must be a string or unicode")

src/cryptlib/__init__.py

@@ -1,14 +1,14 @@
 """JSON Web Token"""
-
-# Most of the code herein I have borrowed/stolen from other people
-# Most notably Jeff Lindsay, Ryan Kelly
-
 import base64
-from binascii import unhexlify
-from binascii import hexlify
-import json
 import logging
 import re
+import struct
+
+from builtins import zip
+from builtins import hex
+from builtins import str
+
+from binascii import unhexlify
 
 logger = logging.getLogger(__name__)
 
@@ -61,6 +61,68 @@ class MissingKey(JWKESTException):
     """ No usable key """
 
 
+# ---------------------------------------------------------------------------
+# Helper functions
+
+
+def intarr2bin(arr):
+    return unhexlify(''.join(["%02x" % byte for byte in arr]))
+
+
+def long2hexseq(l):
+    try:
+        return unhexlify(hex(l)[2:])
+    except TypeError:
+        return unhexlify(hex(l)[2:-1])
+
+
+def intarr2long(arr):
+    return int(''.join(["%02x" % byte for byte in arr]), 16)
+
+
+def long2intarr(long_int):
+    _bytes = []
+    while long_int:
+        long_int, r = divmod(long_int, 256)
+        _bytes.insert(0, r)
+    return _bytes
+
+
+def long_to_base64(n):
+    bys = long2intarr(n)
+    data = struct.pack('%sB' % len(bys), *bys)
+    if not len(data):
+        data = '\x00'
+    s = base64.urlsafe_b64encode(data).rstrip(b'=')
+    return s
+
+
+def base64_to_long(data):
+    # if isinstance(data, str):
+    #     data = bytes(data)
+    # urlsafe_b64decode will happily convert b64encoded data
+    _d = base64.urlsafe_b64decode(bytes(data) + b'==')
+    return intarr2long(struct.unpack('%sB' % len(_d), _d))
+
+
+def base64url_to_long(data):
+    """
+    Stricter then base64_to_long since it really checks that it's
+    base64url encoded
+
+    :param data: The base64 string
+    :return:
+    """
+    _d = base64.urlsafe_b64decode(bytes(data) + b'==')
+    # verify that it's base64url encoded and not just base64
+    # that is no '+' and '/' characters and not trailing "="s.
+    if [e for e in [b'+', b'/', b'='] if e in data]:
+        raise ValueError("Not base64url encoded")
+    return intarr2long(struct.unpack('%sB' % len(_d), _d))
+
+
+# =============================================================================
+
 def b64e(b):
     """Base64 encode some bytes.
 
@@ -88,10 +150,13 @@ def add_padding(b):
 def b64d(b):
     """Decode some base64-encoded bytes.
 
-    Raises BadSyntax if the string contains invalid characters or padding."""
+    Raises BadSyntax if the string contains invalid characters or padding.
 
-    if b.endswith("="):  # shouldn't but there you are
-        cb = b.split("=")[0]
+    :param b: bytes
+    """
+
+    if b.endswith(b'='):  # shouldn't but there you are
+        cb = b.split(b'=')[0]
     else:
         cb = b
 
@@ -106,13 +171,6 @@ def b64d(b):
     return base64.urlsafe_b64decode(b)
 
 
-def split_token(token):
-    if not token.count(b"."):
-        raise BadSyntax(token,
-                        "expected token to contain at least one dot")
-    return tuple(token.split(b"."))
-
-
 # 'Stolen' from Werkzeug
 def safe_str_cmp(a, b):
     """Compare two strings in constant time."""
@@ -124,64 +182,11 @@ def safe_str_cmp(a, b):
     return r == 0
 
 
-def unpack(token):
-    """
-    Unpacks a JWT into its parts and base64 decodes the parts individually
-
-    :param token: The JWT
-    :return: A tuple of the header, claim, crypto parts plus the header
-        and claims part before base64 decoding
-    """
-    if isinstance(token, unicode):
-        token = str(token)
-
-    part = split_token(token)
-
-    res = [b64d(p) for p in part]
-
-    res[0] = json.loads(res[0])
-    res.append(part[0])
-    res.append(part[1])
-    return res
-
-
-def pack(payload):
-    """
-    Unsigned JWT
-    """
-    header = {'alg': 'none'}
-
-    header_b64 = b64e(json.dumps(header, separators=(",", ":")))
-    if isinstance(payload, basestring):
-        payload_b64 = b64e(payload)
-    else:
-        payload_b64 = b64e(json.dumps(payload, separators=(",", ":")))
-
-    token = header_b64 + b"." + payload_b64 + b"."
-
-    return token
-
-# ---------------------------------------------------------------------------
-# Helper functions
-
-
-def intarr2bin(arr):
-    return unhexlify(''.join(["%02x" % byte for byte in arr]))
-
-
-def intarr2long(arr):
-    return long(''.join(["%02x" % byte for byte in arr]), 16)
-
-
-def hd2ia(s):
-    #half = len(s)/2
-    return [int(s[i] + s[i + 1], 16) for i in range(0, len(s), 2)]
-
-
-def dehexlify(bi):
-    s = hexlify(bi)
-    return [int(s[i] + s[i + 1], 16) for i in range(0, len(s), 2)]
-
-
-def long2hexseq(l):
-    return unhexlify(hex(l)[2:-1])
+def constant_time_compare(a, b):
+    """Compare two strings in constant time."""
+    if len(a) != len(b):
+        return False
+    r = 0
+    for c, d in zip(a, b):
+        r |= c ^ d
+    return r == 0

src/cryptlib/PBKDF2.py renamed to src/jwkest/PBKDF2.py

@@ -22,6 +22,12 @@
     DEALINGS IN THE SOFTWARE.
 """
 from __future__ import print_function
+from __future__ import division
+from builtins import str
+from builtins import hex
+from builtins import range
+from builtins import object
+#from past.utils import old_div
 
 from Crypto.Cipher import AES
 from Crypto.Util import Counter
@@ -55,7 +61,7 @@ def __str__(self):
 
 
 # Galois/Counter Mode with AES-128 and 96-bit IV
-class AES_GCM:
+class AES_GCM(object):
     def __init__(self, master_key):
         self.prev_init_value = None
         self._master_key = ""
@@ -107,7 +113,7 @@ def __ghash(self, aad, txt):
 
         tag = 0
         assert len(data) % 16 == 0
-        for i in range(len(data) / 16):
+        for i in range(int(len(data) / 16)):
             tag ^= bytes_to_long(data[i * 16: (i + 1) * 16])
             tag = self.__times_auth_key(tag)
             # print 'X\t', hex(tag)

src/jwkest/__init__.py

@@ -15,15 +15,17 @@
 Performance should be reasonable, since the heavy lifting is all done in
 PyCrypto's AES.
 """
-
+from __future__ import division
+from builtins import hex
+from builtins import range
 import struct
 from Crypto.Cipher import AES
 
 QUAD = struct.Struct('>Q')
 
 
 def aes_unwrap_key_and_iv(kek, wrapped):
-    n = len(wrapped) / 8 - 1
+    n = (len(wrapped) // 8) - 1
     #NOTE: R[0] is never accessed, left in for consistency with RFC indices
     r = [None] + [wrapped[i * 8:i * 8 + 8] for i in range(1, n + 1)]
     a = QUAD.unpack(wrapped[:8])[0]
@@ -57,19 +59,16 @@ def aes_unwrap_key_withpad(kek, wrapped):
 
 
 def aes_wrap_key(kek, plaintext, iv=0xa6a6a6a6a6a6a6a6):
-    n = len(plaintext) / 8
+    n = len(plaintext) // 8
     r = [None] + [plaintext[i * 8:i * 8 + 8] for i in range(0, n)]
     a = iv
     encrypt = AES.new(kek).encrypt
     for j in range(6):
-        #import binascii
-        #print hex(a), binascii.hexlify(r[1]), binascii.hexlify(r[2])
-
         for i in range(1, n + 1):
             b = encrypt(QUAD.pack(a) + r[i])
             a = QUAD.unpack(b[:8])[0] ^ (n * j + i)
             r[i] = b[8:]
-    return QUAD.pack(a) + "".join(r[1:])
+    return QUAD.pack(a) + b''.join(r[1:])
 
 
 def aes_wrap_key_withpad(kek, plaintext):