| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* move MACContext to mac.py and eliminate interfaces.py finally
* improve title
* re-add and deprecate interfaces.MACContext
* use pytest.warns instead of deprecated_call
The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then
|
| | |
|
| |
|
|
|
|
|
|
| |
* Modify DH/ECDH examples to be explicit for DHE/ECDHE
Also add note to DH docs that you should probably use ECDH
* give a reason
|
| |
|
|
|
|
| |
* Put the exchange method on the correct interface
* fixed links in docs
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* remove multibackend
* oops
* goodbye pointless tests
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#3539)
* Document our real API for EC verification, not an accident
* formatting consistency
* fix the code itself
* fixed class name
* fixed a test too
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* postpone GCM authentication tag requirement until finalization
Add a .finalize_with_tag() variant of the .finalize() function of
the GCM context. At the same time, do not enforce the requirement
of supplying the tag with the mode ctor. This facilitates
streamed decryption when the MAC is appended to the ciphertext
and cannot be efficiently retrieved ahead of decryption.
According to the GCM spec (section 7.2: “Algorithm for the
Authenticated Decryption Function”), the tag itself is not needed
until the ciphertext has been decrypted.
Addresses #3380
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
* disallow delayed GCM tag passing for legacy OpenSSL
Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of
OpenSSL which is no longer supported by upstream. This library
seems to cause erratic test failures with the delayed GCM tag
functionality which are not reproducible outside the CI.
Unfortunately OpenSSL v1.0.1 does not even document the required
API (``EVP_EncryptInit(3)``) so there is no by-the-book fix.
For backends of version 1.0.1 and earlier, verify the GCM tag
at the same stage as before.
Also, indicate to the user that late passing of GCM tags is
unsupported by throwing ``NotImplementedError`` for these backend
versions if
- the method ``finalize_with_tag()`` is invoked, or
- the mode ctor is called without passing a tag.
Unit tests have been adapted to account for different backend
versions.
|
| |
|
|
|
|
|
|
|
|
| |
* Update symmetric-encryption.rst
Import default_backend so the example works out-of-the-box.
* Update symmetric-encryption.rst
* newline nit
|
| |
|
|
|
|
| |
* Be on brand: it's macOS
* line wrap
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for update_into on CipherContext
This allows you to provide your own buffer (like recv_into) to improve
performance when repeatedly calling encrypt/decrypt on large payloads.
* another skip_if
* more skip_if complexity
* maybe do this right
* correct number of args
* coverage for the coverage gods
* add a cffi minimum test tox target and travis builder
This tests against macOS so we capture some commoncrypto branches
* extra arg
* need to actually install py35
* fix
* coverage for GCM decrypt in CC
* no longer relevant
* 1.8 now
* pep8
* dramatically simplify
* update docs
* remove unneeded test
* changelog entry
* test improvements
* coverage fix
* add some comments to example
* move the comments to their own line
* fix and move comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* DH keys support serialization
* Add DH serialization documentation
* Add tests for DH keys serialization in DER encoding
* update version to 1.8
* Allow only SubjectPublicKeyInfo serialization
* Remove support in TraditionalOpenSSL format
* Fix pep8
* Refactor dh serialization tests
|
| |
|
|
|
|
|
|
|
|
| |
* add openssl_version_number & doc openssl_version_text
fixes #3315
* more docs + actually assert on the test...
* text
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Scrypt docs code example contradict RFC 7914 (#3302)
* More secure example difficulty of parameter n in scrypt docs (#3302)
* Change link text to scrypt paper (#3302)
* Change link text to scrypt paper, part deux (#3302)
* Add "logins" to spelling wordlist
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Start of OpenSSL DH backend implementation
* Supporting DH in MultiBackend
* DHBackend has dh_parameters_supported method
* Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation
* Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization
* PEP8 fixes
* Fixed TestDH.test_bad_tls_exchange
* Fixed generate_private_key reference in dh documentation
* test DH multibackend support
* testing DH coversion to serialized
* Validating that we receive serialized class in test_generate_dh
* Testing DH exchange symmetric key padding
* struct DH is now opaqued
* PEP8 fixes
* Testing load_dh_private_numbers throws ValueError when DH_check fails
* Using openssl_assert
* Passing keywords arguments in DH key exchange example
* test_dh::test_bad_tls_exchange now uses pre calculated parameters
* TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python
* Add missing generator parameter to DHBackend interface docs.
* Include parameter type in DHBackend abc docs.
* Add docs for dh.generate_parameters function
* Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used.
* Add note of big endian byte packing to DH exchange method.
* DH documentation updates.
Add single sentence overview with wikipedia link.
Add paragraph on assembling using Numbers objects.
Add link to backend interface docs.
First section was all indented, I think by mistake.
* Add exchange method to DHPrivateKey abstract base class.
* Small tweaks to DH documentation - remove Provider.
* Add endian to dictionary
* Use utils.int_from_bytes in test_tls_exchange_algorithm
* Removed duplicate line
* Change dh.rst exchange algorithm from doctest to code-block
The example in the Diffie-Hellman exhange algorithm is using
2048 bits key. Generating the parameters of 2048 takes long
time. This caused the automated tests to fail. In order to
pass the tests we change the example to code-block so it
will not run in the doc tests.
* Fix dh docs
* Document the generator in DHBackend relevant methods
* Fix dh tests
* use DHparams_dup
* Fix key type to unsigned char as expected by DH_compute_key
* Validate that DH generator is 2 or 5
* test dh exchange using botan vectors
* group all numbers classes
* Simplify _DHPrivateKey
* Rename test with serialized to numbers
* Move bad exchange params to external vector file
* update exchange versionadded to 1.7
* Make key_size bit accurate
* Change botan link
* Added CHANGELOG entry
|
| | |
|
| |
|
|
|
|
| |
* add support for prehashing in ECDSA sign/verify
* move signature_algorithm check to its own function
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* support RSA verify with prehashing
* review feedback
* more dedupe
* refactor and move to a separate module
|
| |
|
|
|
|
|
|
| |
* support prehashing in RSA sign
* check to make sure digest size matches prehashed data provided
* move doctest for prehashed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* change derive_elliptic_curve_public_point to return EllipticCurvePublicKey
* also rename the backend interface method
* review feedback
* Rename to derive_elliptic_curve_private_key
* Returns EllipticCurvePrivateKey
* Reuses the EC_POINT in the openssl impl
* Rename "secret" arg to "private_value" which is consistent with our
naming for the value in ECPrivateNumbers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment.
|
| |
|
|
|
|
|
|
|
|
| |
* Add a bytes method to get the DER ASN.1 encoding of an X509 name.
This is useful for creating an OpenSSL style subject_name_hash (#3011)
* add to backend interface and update multibackend
* bytes -> public_bytes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* finish https://github.com/pyca/cryptography/pull/1973
* change API & add test
Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.
* fix test
* improve coverage
* complete coverage
* final fix
* centos fix
* retry
* cleanup asserts
* use openssl_assert
* skip unsupported platforms
* change API name to derive_private_key
* change version added
* improve description of `secret` param
* separate successful and failure test cases
* simplify successful case
* add docs for derive_elliptic_curve_public_point
* add period
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* first draft of verification and serialization
* tweaks in the RST syntax
* added example of deserialization
* taking into account the returned value, so that doctests pass
* adjusted rst syntax and indentation for code samples
* removed print call
* forgot to actually call splitlines
* added missing argument when loading private key
* added Deserialization to dictionary
* made lines shorter to meet style requirements
* applied requested changes in style
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Add bounds checking for Scrypt parameters.
* Pep8.
* More PEP8.
* Change wording.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Scrypt implementation.
* Docs stuff.
* Make example just an example and not a doctest.
* Add changelog entry.
* Docs cleanup.
* Add more tests.
* Add multibackend tests.
* PEP8.
* Add docs about Scrypt parameters.
* Docs cleanup.
* Add AlreadyFinalized.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Mention that blake2 is not vulnerable to length-extension attacks
* SHA is sort of like a word, in the sense that I want the spellcheck to shut up about it
* rephrase
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size
|
| |
|
|
|
|
| |
* Fix docs to clarify the less than 256 limit.
* Add "inclusive".
|
