| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| |
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
|
|
|
| |
* Fixed 120 warnings from the RSA tests
* typo
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* In RSA test vectors, use verify() to avoid warnings
* whoops
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
| | |
|
| |
|
|
|
|
|
|
| |
* Inline calls to bit_length now that it's trivial
* unused imports
* An comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
| |
|
|
|
|
|
|
|
|
| |
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
|
| |
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
| |
|
|
|
|
|
|
|
|
| |
* add blake2b/blake2s support for hmac
This was a bug, but it turns out the noise protocol suggests using the
HMAC construction with BLAKE2 (rather than BLAKE2's own keyed
functionality) for a few reasons, so we should support it.
* actually test the thing
|
| |
|
|
|
|
|
|
|
|
| |
* remove deprecated items
whirlpool, ripemd160, unsupportedextension, and the old interfaces
* flake8 and remove a test generator we no longe use
* make it clear we warned you about these things
|
| |
|
|
|
|
| |
* Remove DH generator size constraint
* Check that g > 1
|
| |
|
|
|
|
|
|
| |
* add AESGCM AEAD support
* remove stray newline
* move AESGCM docs above CCM
|
| |
|
|
|
|
| |
* move tag_length to the AESCCM constructor
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* allow p % 24 == 23 when generator == 2 in DH_check
* short url
* update and expand comments
* even better language!
|
| |
|
|
|
|
|
|
| |
* use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH parameter serizalization - no X9.42
* Support X9.42 serialization - DER not working
* Fix dhp_rfc5114_2.der
Changing the DER parameters serialization after the
fix in openssl commit a292c9f1b835
* DH parameters X9.42 DER serialization fixed
* fix _skip_dhx_unsupported
* document DH parameter_bytes
* PEP8 fixes
* Document load_pem_parameters
* Document load_der_parameters
* document ParameterFormat
* Increase test coverage
* Increase test covrage
* Remove unneeded check
* Fix typo
* Fix error in load_der_parameters
* Add load_pem_parameters and load_der_parameters to interfaces
* CR fixes
* Removed unverified phrase
* Update version to 2.0
* Fix pep8
* Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter
* link pkcs3
* Add new line at end of file to serialization.rst
* Rename DHparameters to PKCS3
* doc CR fix
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* early days
* sort of working
* more things
* remove private_bytes
* public bytes, interface fix
* load public keys
* x25519 support basically done now
* private_bytes is gone
* some reminders
* doctest this too
* remove a thing that doesn't matter
* x25519 supported checks
* libressl has the NID, but a different API, so check for OpenSSL
* pep8
* add missing coverage
* update to use reasons
* expand test a little
* add changelog entry
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* chacha20poly1305 support
* add chacha20poly1305 backend and some fixes
* refactor
* forgot to remove this
* pep8
* review feedback and a lot of type/value checking
* review feedback
* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object
if it's not supported.
* switch to ciphertext||tag
* typo
* remove a branch we don't need
* review feedback
* decrypts is *also* a word
* use reasons
|
| |
|
|
|
|
| |
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
|
| |
|
|
|
|
| |
* make signature and verification contexts error better re: prehashed
* code review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* move MACContext to mac.py and eliminate interfaces.py finally
* improve title
* re-add and deprecate interfaces.MACContext
* use pytest.warns instead of deprecated_call
The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Bump the minimum PyPy/cffi version and simplify as a result
* unused imports
* grumble, fix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #3533 -- made GCM mode object immutable
* flake8
* Fix for older openssl
* fix
* fix
* sigh, fix
* fixed
* dropped negation
* computers are bad
* A test
* This implements an interface
|
| |
|
|
|
|
|
|
| |
* remove multibackend
* oops
* goodbye pointless tests
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
| |
* Don't skip DH tests when dhx unsupported and no dhx is required
* Add is_dhx parameter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#3539)
* Document our real API for EC verification, not an accident
* formatting consistency
* fix the code itself
* fixed class name
* fixed a test too
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* postpone GCM authentication tag requirement until finalization
Add a .finalize_with_tag() variant of the .finalize() function of
the GCM context. At the same time, do not enforce the requirement
of supplying the tag with the mode ctor. This facilitates
streamed decryption when the MAC is appended to the ciphertext
and cannot be efficiently retrieved ahead of decryption.
According to the GCM spec (section 7.2: “Algorithm for the
Authenticated Decryption Function”), the tag itself is not needed
until the ciphertext has been decrypted.
Addresses #3380
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
* disallow delayed GCM tag passing for legacy OpenSSL
Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of
OpenSSL which is no longer supported by upstream. This library
seems to cause erratic test failures with the delayed GCM tag
functionality which are not reproducible outside the CI.
Unfortunately OpenSSL v1.0.1 does not even document the required
API (``EVP_EncryptInit(3)``) so there is no by-the-book fix.
For backends of version 1.0.1 and earlier, verify the GCM tag
at the same stage as before.
Also, indicate to the user that late passing of GCM tags is
unsupported by throwing ``NotImplementedError`` for these backend
versions if
- the method ``finalize_with_tag()`` is invoked, or
- the mode ctor is called without passing a tag.
Unit tests have been adapted to account for different backend
versions.
|
| | |
|
| |
|
|
|
| |
Trying to be too specific about why key loading fails is very difficult
when you're using the same logic across DH, EC, RSA, and DSA. This makes
it less fancy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for update_into on CipherContext
This allows you to provide your own buffer (like recv_into) to improve
performance when repeatedly calling encrypt/decrypt on large payloads.
* another skip_if
* more skip_if complexity
* maybe do this right
* correct number of args
* coverage for the coverage gods
* add a cffi minimum test tox target and travis builder
This tests against macOS so we capture some commoncrypto branches
* extra arg
* need to actually install py35
* fix
* coverage for GCM decrypt in CC
* no longer relevant
* 1.8 now
* pep8
* dramatically simplify
* update docs
* remove unneeded test
* changelog entry
* test improvements
* coverage fix
* add some comments to example
* move the comments to their own line
* fix and move comment
|
| |
|
|
|
|
|
|
|
|
| |
* enforce password must be bytes when loading PEM/DER asymmetric keys
Previously we were using an ffi.buffer on the Python string, which was
allowing text implicitly, but our documentation explicitly requires
bytes.
* add changelog entry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* replace pyasn1 with asn1crypto
* allow trailing bytes
* fix x509 test
* update CHANGELOG.rst
* fix assert
* make asn1crypto code more idiomatic
* find tag
* final clean-up
* leave trailing byte logic unchanged
* document dependency change
* spelling
* fix spelling
|
