aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives/utils.py
Commit message (Collapse)AuthorAgeFilesLines
* time to remove commoncrypto, fare thee well (#3551)Paul Kehrer2017-05-201-3/+2
| | | | | | | | | | | | | | | | * time to remove commoncrypto, fare thee well * remove even more * update the changelog * remove more things * don't need this function * remove CAST5 CTR tests since that was only supported in commoncrypto * assert a thing
* postpone GCM authentication tag requirement until finalization (#3421)Philipp Gesang2017-05-021-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * postpone GCM authentication tag requirement until finalization Add a .finalize_with_tag() variant of the .finalize() function of the GCM context. At the same time, do not enforce the requirement of supplying the tag with the mode ctor. This facilitates streamed decryption when the MAC is appended to the ciphertext and cannot be efficiently retrieved ahead of decryption. According to the GCM spec (section 7.2: “Algorithm for the Authenticated Decryption Function”), the tag itself is not needed until the ciphertext has been decrypted. Addresses #3380 Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> * disallow delayed GCM tag passing for legacy OpenSSL Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of OpenSSL which is no longer supported by upstream. This library seems to cause erratic test failures with the delayed GCM tag functionality which are not reproducible outside the CI. Unfortunately OpenSSL v1.0.1 does not even document the required API (``EVP_EncryptInit(3)``) so there is no by-the-book fix. For backends of version 1.0.1 and earlier, verify the GCM tag at the same stage as before. Also, indicate to the user that late passing of GCM tags is unsupported by throwing ``NotImplementedError`` for these backend versions if - the method ``finalize_with_tag()`` is invoked, or - the mode ctor is called without passing a tag. Unit tests have been adapted to account for different backend versions.
* disable blowfish in commoncrypto backend for key lengths under 64-bit (#3040)Paul Kehrer2016-07-101-0/+5
| | | | This is due to a bug in CommonCrypto present in 10.11.x. Filed as radar://26636600
* KBKDF cleanup (#2929)Paul Kehrer2016-05-291-5/+7
| | | | | | | | * unicode characters make everything angry * changelog entry and make skip msgs more informative * typo fix
* NIST SP 800-108 Counter Mode KDF (#2748)Jared2016-05-291-0/+52
| | | | | | | | | | | | | | | | | | * NIST SP 800-108 Counter Mode and Feedback Mode KDF * CounterKDF unit tests * Refactor to support multiple key based KDF modes. * Extracting supported algorithms for KBKDF Counter Mode test vectors * Adding support for different rlen and counter location in KBKDF * support for multiple L lengths and 24 bit counter length. * Adding KBKDF Documentation. * Refactoring KBKDF to KBKDFHMAC to describe hash algorithm used.
* consolidate dsa serialization loading tests and improve verifierPaul Kehrer2014-12-221-0/+7
|
* Update the license header for every source file, as well as the documentation.Alex Gaynor2014-11-161-12/+3
| | | | Fixes #1209
* Simplify code and add testAlex Gaynor2014-06-301-0/+3
|
* Fixes #1200 -- disallow GCM truncation by defaultAlex Gaynor2014-06-291-4/+6
|
* modify RSA numbers loading to match elliptic curvePaul Kehrer2014-06-201-4/+1
| | | | fixes #1111
* backend specific RSA*Key implementation for OpenSSLPaul Kehrer2014-06-121-17/+15
|
* Minor fixesAyrx2014-05-091-1/+1
|
* Modified HKDF to use HKDFExpandAyrx2014-05-071-3/+2
|
* Rename OpenSSLSerializationBackendAlex Stapleton2014-04-251-0/+18
|
* switch to a lambdaPaul Kehrer2014-03-191-13/+5
|
* rename some thingsPaul Kehrer2014-03-191-6/+6
|
* add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSSPaul Kehrer2014-03-191-11/+21
|
* import order fixes for future automated checkingPaul Kehrer2014-03-191-8/+6
|
* pass the hash class rather than using getattrPaul Kehrer2014-03-161-7/+7
|
* fix indentationPaul Kehrer2014-03-161-18/+18
|
* add RSA PSS verification supportPaul Kehrer2014-03-161-0/+33
|
* Added future imports and licenses that are missingAlex Gaynor2014-03-081-0/+15
|
* Don't expose extract and expand on this class yet because we don't know how ↵David Reid2014-02-031-2/+2
| | | | best to expose verify functionality, continue testing the stages using the private methods.
* Closer to proposed interface in #513.David Reid2014-02-031-14/+18
|
* Use the nist vector loader.David Reid2014-02-031-18/+12
|
* Break up hkdf_derive into hkdf_extract and hkdf_expand.David Reid2014-02-031-9/+41
| | | | | | | | Testing each individually against all the vectors and actually asserting about the intermediate state. hkdf_derive is now just a helper function which copes with the default arguments.
* Refactor HKDF support and provide vectors for tests.David Reid2014-02-031-0/+31
|
* okay this time really finish the rename. Up example iterations to 100kPaul Kehrer2014-01-281-2/+2
|
* PBKDF2 support for OpenSSL backendPaul Kehrer2014-01-281-0/+25
|
* Represent the hash vectors more cleanlyAlex Gaynor2014-01-271-5/+2
|
* Fixed test for earlier exceptinoAlex Gaynor2014-01-011-6/+3
|
* re-add some removed generators to simplify patchPaul Kehrer2013-12-271-0/+20
|
* refactor all tests to use mark instead of generator skipsPaul Kehrer2013-12-261-141/+25
|
* Cover a missed branchAlex Gaynor2013-12-241-2/+1
|
* restrict gcm tags to a minimum of 4 bytes in lengthPaul Kehrer2013-12-211-0/+7
|
* don't modify params on parametrized testsPaul Kehrer2013-12-201-8/+8
| | | | | multiple backends receive the same params dicts, but we were modifying them using pop.
* pep8Alex Gaynor2013-12-131-1/+1
|
* Make this less invasiveAlex Gaynor2013-12-131-177/+280
|
* Clean up test generation to not use generators anymore and use parametrizationAlex Gaynor2013-12-131-332/+209
|
* raise ValueErrors when supplying/not supplying tags for GCMPaul Kehrer2013-12-041-0/+35
|
* create AEADEncryptionContext and DecryptionContextPaul Kehrer2013-11-291-1/+1
|
* raise TypeError if you attempt to get the tag attribute on a decryptPaul Kehrer2013-11-291-0/+9
| | | | | * To support this the _AEADCipherContext in base.py now needs to be aware of whether it is encrypting/decrypting
* rename add_data to authenticate_additional_data for clarity (hopefully)Paul Kehrer2013-11-291-5/+5
|
* invalidtag exception for gcmPaul Kehrer2013-11-291-2/+2
| | | | | This exception is probably not safe. It depends on the assumption that if ERR_get_error returns a 0 then it is an AEAD tag error.
* enforce AEAD add_data before updatePaul Kehrer2013-11-291-8/+10
|
* _AEADCipherContext refactorPaul Kehrer2013-11-291-0/+4
| | | | | | * No longer extends _CipherContext * Remove _tag from _CipherContext * This change duplicates a small amount of code from _CipherContext
* rename NotFinalized exception to NotYetFinalized because alex is rightPaul Kehrer2013-11-291-2/+2
| | | | ...it does read better that way
* GCM supportPaul Kehrer2013-11-291-2/+103
|
* Use keyword argument forms everywhere.David Reid2013-11-251-7/+7
|
* Explicit backendDavid Reid2013-11-201-5/+5
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 19:25:36 +0000