Add saml2.cryptography module

This module provides cryptographic elements needed by saml2. There are separate
modules for symmetric and asymmetric cryptography, as well as pki related
operations.

The default symmetric cryptography method used is Fernet by the cryptography
library. Reference: https://cryptography.io/en/latest/fernet/

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

src/saml2/cryptography/__init__.py

@@ -0,0 +1 @@
+"""This module provides cryptographic elements needed by saml2."""

src/saml2/cryptography/asymmetric.py

@@ -0,0 +1,37 @@
+"""This module provides methods for asymmetric cryptography."""
+
+import cryptography.hazmat.backends as _backends
+import cryptography.hazmat.primitives.asymmetric as _asymmetric
+import cryptography.hazmat.primitives.hashes as _hashes
+import cryptography.hazmat.primitives.serialization as _serialization
+
+
+def load_pem_private_key(data, password):
+    """Load RSA PEM certificate."""
+    key = _serialization.load_pem_private_key(
+        data, password, _backends.default_backend())
+    return key
+
+
+def key_sign(rsakey, message, digest):
+    """Sign the given message with the RSA key."""
+    padding = _asymmetric.padding.PKCS1v15()
+    signature = rsakey.sign(message, padding, digest)
+    return signature
+
+
+def key_verify(rsakey, signature, message, digest):
+    """Verify the given signature with the RSA key."""
+    padding = _asymmetric.padding.PKCS1v15()
+    if isinstance(rsakey, _asymmetric.rsa.RSAPrivateKey):
+        rsakey = rsakey.public_key()
+
+    try:
+        rsakey.verify(signature, message, padding, digest)
+    except Exception as e:
+        return False
+    else:
+        return True
+
+
+hashes = _hashes

src/saml2/cryptography/pki.py

@@ -0,0 +1,9 @@
+"""This module provides methods for PKI operations."""
+
+import cryptography.hazmat.backends as _backends
+import cryptography.x509 as _x509
+
+
+def load_pem_x509_certificate(data):
+    """Load X.509 PEM certificate."""
+    return _x509.load_pem_x509_certificate(data, _backends.default_backend())

src/saml2/cryptography/symmetric.py

@@ -0,0 +1,45 @@
+"""This module provides methods for symmetric cryptography.
+
+The default symmetric cryptography method used is Fernet by the cryptography
+library. Reference: https://cryptography.io/en/latest/fernet/
+"""
+
+import cryptography.fernet as _fernet
+
+
+class Default(object):
+    """The default symmetric cryptography method."""
+
+    @staticmethod
+    def generate_key():
+        """Return a key suitable for use by this method.
+
+        :return: byte data representing the encyption/decryption key
+        """
+        key = _fernet.Fernet.generate_key()
+        return key
+
+    def __init__(self, key=None):
+        """Initialize this method by optionally providing a key.
+
+        :param key: byte data representing the encyption/decryption key
+        """
+        self._symmetric = _fernet.Fernet(key or self.__class__.generate_key())
+
+    def encrypt(self, plaintext):
+        """Encrypt the given plaintext.
+
+        :param plaintext: byte data representing the plaintext
+        :return: byte data representing the ciphertext
+        """
+        ciphertext = self._symmetric.encrypt(plaintext)
+        return ciphertext
+
+    def decrypt(self, ciphertext):
+        """Decrypt the given ciphertext.
+
+        :param ciphertext: byte data representing the ciphertext
+        :return: byte data representing the plaintext
+        """
+        plaintext = self._symmetric.decrypt(ciphertext)
+        return plaintext