aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* add support for prehashing in ECDSA sign/verify (#3267)Paul Kehrer2016-11-201-1/+67
| | | | | | * add support for prehashing in ECDSA sign/verify * move signature_algorithm check to its own function
* support prehashed sign/verify in DSA (#3266)Paul Kehrer2016-11-201-1/+46
|
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-201-0/+23
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* support prehashing in RSA sign (#3238)Paul Kehrer2016-11-202-3/+47
| | | | | | | | * support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-181-3/+3
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* Raise padding block_size limit to what is allowed by the specs. (#3108)Terry Chia2016-11-152-2/+18
| | | | | | | | | | | | | | | | | | | | * Raize padding block_size limit to what is allowed by the specs. * Add tests for raising padding limits. * Amend C code for padding check to use uint16_t instead of uint8_t. * Fix test to work in Python 3. * Fix typo. * Fix another typo. * Fix return type of the padding checks. * Change hypothesis test on padding. * Update comment.
* workaround for application bundling tools (#3235)Paul Kehrer2016-11-141-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | * cx_freeze support for default_backend * updated tabing to spaces * corrected spacing * moved finding backend to backends __init__ * update to check to see if sys is frozen * corrected pep8 issues * update based on comments * changes to simplify, support testing, and improve comments * add changelog entry * right, coverage. I remember now. Time for some contortions. * updated with review feedback
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-132-0/+17
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* C locking callback (#3226)Alex Gaynor2016-11-131-65/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove Python OpenSSL locking callback and replace it with one in C The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding. * fixes for some issues * unused * revert these changes * these two for good measure * missing param * sigh, syntax * delete tests that assumed an ability to mess with locks * style fixes * licensing stuff * utf8 * Unicode. Huh. What it isn't good for, absolutely nothing.
* add alternate signature OID for RSA with SHA1 + test and vector (#3227)Paul Kehrer2016-11-111-0/+12
| | | | | | * add alternate signature OID for RSA with SHA1 + test and vector * mozilla is a proper noun leave me alone spellchecker
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-112-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-111-25/+59
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-072-15/+99
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* Fixes #3211 -- fixed hkdf's output with short length (#3215)Alex Gaynor2016-11-061-0/+11
|
* support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)Paul Kehrer2016-10-011-6/+32
| | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage
* reduce a bit of duplication in x509 tests (#3183)Paul Kehrer2016-09-291-55/+29
|
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set (#3162)Paul Kehrer2016-09-221-1/+1
| | | | | | | | | | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set * add a comment explaining why we changed this * 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i * needs to be visible
* fix warnings in cffi 1.8.3 due to wrong buffer types (#3155)Paul Kehrer2016-09-211-2/+2
|
* make this test assert the right thing. (#3133)Alex Gaynor2016-09-031-1/+2
| | | right now it just always skips
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-031-0/+17
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
* Add bounds checking for Scrypt parameters. (#3130)Terry Chia2016-09-021-0/+17
| | | | | | | | | | * Add bounds checking for Scrypt parameters. * Pep8. * More PEP8. * Change wording.
* Scrypt Implementation (#3117)Terry Chia2016-09-012-1/+134
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* add support for signature_algorithm_oid to cert, CSR, and CRL (#3124)Paul Kehrer2016-08-311-1/+13
| | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
* fix an overindented line. not sure why our linters didn't catch this (#3123)Paul Kehrer2016-08-301-1/+1
|
* Add a register_interface_if decorator. (#3120)Terry Chia2016-08-291-1/+27
| | | | | | | | * Add a register_interface_if decorator. * Add tests. * PEP 8.
* blake2b/blake2s support (#3116)Paul Kehrer2016-08-282-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | * blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-262-7/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* Allow passing iterators where collections are expected (#3078)Marti2016-08-262-11/+109
| | | | | | | | | | | | | | Iterators can only be enumerated once, breaking code like this in Python 3 for example: san = SubjectAlternativeName(map(DNSName, lst)) This is also a slight behavior change if the caller modifies the list after passing it to the constructor, because input lists are now copied. Which seems like a good thing. Also: * Name now checks that attributes elements are of type NameAttribute * NoticeReference now allows notice_numbers to be any iterable
* CertificateBuilder accepts aware datetimes for not_valid_after and ↵InvalidInterrupt2016-08-163-0/+106
| | | | | | | | | | | | | | | | | | | not_valid_before (#2920) * CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before These functions now accept aware datetimes and convert them to UTC * Added pytz to test requirements * Correct pep8 error and improve Changelog wording * Improve tests and clarify changelog message * Trim Changelog line length * Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes * Fix accidental changelog entry
* Disallow X509 certificate serial numbers bigger than 159 bits (#3064) (#3067)Коренберг Марк2016-08-022-5/+75
|
* Add code style settings, new excludes, run 'test_x509_ext (Py3)' (#3041)Marti2016-08-021-0/+44
| | | | | | Fix DNSName wildcard encoding for NameConstraints Previously '.example.com' would get normalised to 'example.com', making it impossible to add wildcard NameConstraints.
* Enforce that p > q to improve OpenSSL compatibility (fixes #2990) (#3010)Dirkjan Ochtman2016-07-191-1/+2
|
* Add flag to toggle key length check for HOTP and TOTP. (#3012)Terry Chia2016-07-161-0/+4
| | | | | | | | | | * Add an enforce_key_length parameter to HOTP and TOTP. * Document changes in docs. * Add some words to the wordlist. * Add versionadded to docs.
* Use a series of constants for OpenSSL version checks (#3037)Alex Gaynor2016-07-114-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | * Use a series of constants for OpenSSL version checks. N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely! * Convert some python as well, also add the file * flake8 * Simplify code, remove functionality that can be expressed more simply * clean up the tests as well * more constants * wrap long lines * reflect feedback * unused * add this back?
* disable blowfish in commoncrypto backend for key lengths under 64-bit (#3040)Paul Kehrer2016-07-101-0/+5
| | | | This is due to a bug in CommonCrypto present in 10.11.x. Filed as radar://26636600
* One shot sign/verification ECDSA (#3029)Aviv Palivoda2016-07-021-0/+22
| | | | | | | | | | | | | | * Add sign and verify methods to ECDSA * Documented ECDSA sign/verify methods * Added CHANGELOG entry * Skipping test verify and sign if curve is not supported * Fixed typo in documentation return type * Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey
* One shot sign/verify DSA (#3003)Aviv Palivoda2016-06-301-0/+20
| | | | | | | | * Add sign and verify methods to DSA * Documented DSA sign/verify methods * Added CHANGELOG entry
* Fixed #3008 -- expose calculate max pss salt length (#3014)Alex Gaynor2016-06-271-0/+4
| | | | | | | | | | | | | | * Fixed #3008 -- expose calculate max pss salt length * Fixed a few mistakes in the docs * move all the code around * oops * write a unit test * versionadded + changelog
* Complete the removal of the string '0.9.8' (#3005)Alex Gaynor2016-06-201-1/+1
| | | We have always been at war with OpenSSL 0.9.8
* Remove a binding and comments that reference 0.9.8 (#2984)Alex Gaynor2016-06-181-1/+1
|
* Drop OpenSSL 0.9.8 (#2978)Alex Gaynor2016-06-182-41/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop OpenSSL 0.9.8 * Drop this test, it's not relevant any longer * unused import * Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox * removed unused code for Cryptography_HAS_PKEY_CTX * return unused code for _AESCTRCipherContext * syntax :-( * remove some unused tests and skips * remove unused code for Cryptography_HAS_PBKDF2_HMAC * Revert "return unused code for _AESCTRCipherContext" This reverts commit 7d149729205aa4c9735eb322414b167a75b302df. * Remove unused RSA code * Remove unused test code for conditional bindings * Remove unused dsa code * unused import * Remove unused x509 extension code * Remove unused EC code * Attempt to remove unused DER key loading code * document this * grammar * Added back this paragraph * Update docs
* Add convenience methods to sign and verify w/ RSA (#2945)Colleen Murphy2016-06-041-0/+22
| | | | | | | | | This patch adds wrapper methods to allow the user to sign and verify a single message block without having to go through the multi-step process of creating a signer or verifier, updating it with the one message, and finalizing the result. This will make signing and verifying data more user-friendly when only using small messages. Partial bug #1529
* RSA OAEP SHA2 Support (#2956)Paul Kehrer2016-06-042-2/+189
| | | | | | | | | | | | | | | | | | | | * some rsa oaep sha2 support * various improvements * fix a thing * simplify * update the test * styyyyyle * more styyyyle * fix libre, remove a skip that should never be hit * OAEP version check fixes
* added a repr to the dsa numbers classes (#2961)Alex Gaynor2016-06-031-0/+15
| | | | | | | | * added a repr to the dsa numbers classes * fix * another test
* SSH serialization for public keys (#2957)Alex Gaynor2016-06-033-0/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SSH serialization for public keys * name errors ahoy! * id, ego, superego * dsa support * EC support * Don't keyerror * Documentation OpenSSH * flake8 * fix * bytes bytes bytes * skip curve unsupported * bytes! * Move a function * reorganize code for coverage
* Random grammar stuff (#2955)Alex Gaynor2016-06-021-1/+1
|
* Add alias for Certificate serial as serial number (#2950)Chelsea Winfree2016-06-021-5/+30
| | | | | | | | * Add alias for Certificate serial as serial number * Adding deprecation to utils * Now with catch warnings and proper vers
* Use teardown since we ignore the method arg anyways (#2928)Alex Gaynor2016-05-301-2/+1
|
* KBKDF cleanup (#2929)Paul Kehrer2016-05-291-5/+7
| | | | | | | | * unicode characters make everything angry * changelog entry and make skip msgs more informative * typo fix
* NIST SP 800-108 Counter Mode KDF (#2748)Jared2016-05-293-0/+226
| | | | | | | | | | | | | | | | | | * NIST SP 800-108 Counter Mode and Feedback Mode KDF * CounterKDF unit tests * Refactor to support multiple key based KDF modes. * Extracting supported algorithms for KBKDF Counter Mode test vectors * Adding support for different rlen and counter location in KBKDF * support for multiple L lengths and 24 bit counter length. * Adding KBKDF Documentation. * Refactoring KBKDF to KBKDFHMAC to describe hash algorithm used.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 16:33:32 +0000