| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
supported) (#5231)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
have RC2 (#5072)
* Refs #5065 -- have a CI job with OpenSSL built with no-rc2
* Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Deal with the 2.5 deprecations
* pep8 + test fixes
* docs typo
* Why did I do this?
* typo
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove non-test dependencies on asn1crypto.
cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.
Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:
from __future__ import absolute_import, division, print_function
import timeit
print(timeit.timeit(
"decode_dss_signature(sig)",
setup=r"""
from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
""",
number=10000))
Python 2.7:
asn1crypto: 0.25
_der.py: 0.098
Python 3.5:
asn1crypto: 0.17
_der.py: 0.10
* Remove test dependencies on asn1crypto.
The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.
* Add a read_single_element helper function.
The outermost read is a little tedious.
* Address flake8 warnings
* Fix test for long-form vs short-form lengths.
Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.
* Remove support for negative integers.
These never come up in valid signatures. Note, however, this does
change public API.
* Update src/cryptography/hazmat/primitives/asymmetric/utils.py
Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Review comments
* Avoid hardcoding the serialization of NULL in decode_asn1.py too.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove irrelevant DHBackend test conditions
DHBackend provides functions for plain finite-field Diffie-Hellman.
X25519 and X448 are their own algorithms, and Ed25519 and Ed448 aren't
even Diffie-Hellman primitives.
* Add missing backend support checks.
Some new AES and EC tests did not check for whether the corresponding
mode or curve was supported by the backend.
* Add a DummyMode for coverage
|
| |
|
|
|
|
| |
Using an all 0 key causes failures in OpenSSL master (and Fedora has
cherry-picked the commit that causes it). The change requires that the
key/tweak for XTS mode not be the same value, so let's just use a random
key.
|
| |
|
|
|
| |
we don't support ed448 openssh keys so we'll use that to test this
branch. if we ever do support ed448 keys we can always just call this
private method directly to keep coverage.
|
| |
|
|
|
|
| |
* add OpenSSH serialization for ed25519 keys (#4808)
* address review comments
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* poly1305 support
* some more tests
* have I mentioned how bad the spellchecker is?
* doc improvements
* EVP_PKEY_new_raw_private_key copies the key but that's not documented
Let's assume that might change and be very defensive
* review feedback
* add a test that fails on a tag of the correct length but wrong value
* docs improvements
|
| |
|
|
|
|
| |
* support ed25519 openssh public keys
* don't need this check
|
| |
|
|
|
|
|
|
| |
* ed448 support
* move the changelog entry
* flake8
|
| |
|
|
|
|
| |
* ed25519 support
* review feedback
|
| |
|
|
|
|
|
|
|
|
| |
* add an EC OID to curve dictionary mapping
* oid_to_curve function
* changelog and docs fix
* rename to get_curve_for_oid
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Fixes #4734 -- Deal with deprecated things
- Make year based aliases of PersistentlyDeprecated so we can easily assess age
- Removed encode/decode rfc6979 signature
- Removed Certificate.serial
* Unused import
|
| | |
|
| |
|
|
|
|
| |
* add support for encoding compressed points
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* shake128/256 support
* remove block_size
* doc an exception
* change how we detect XOF by adding _xof attribute
* interface!
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
| |
* byteslike concatkdf
* byteslike scrypt
* byteslike x963kdf
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* support byteslike in HKDF
* support byteslike in PBKDF2HMAC
* add missing docs
|
| |
|
| |
yuck.
|
| |
|
|
|
|
|
|
|
|
|
| |
* x448 and x25519 should enforce key lengths in from_private_bytes
they should also check if the algorithm is supported like the public
bytes class methods do
* oops
* move the checks
|
| |
|
| |
needed for some KDF keying material
|
| |
|
| |
This is needed to handle keying material in some of the KDFs
|
| | |
|
| |
|
|
|
|
| |
* add support for byteslike password/data to load_{pem,der}_private_key
* pypy 5.4 can't do memoryview from_buffer
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add support for byteslike on password and data for pkcs12 loading
* use a contextmanager to yield a null terminated buffer we can zero
* review feedback
* updated text
* one last change
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
|
| |
|
|
|
|
| |
* handle empty byte string in from_encoded_point
* move the error
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* compressed point support
* refactor to use oct2point directly
* small docs change
* remove deprecation for the moment and a bit of review feedback
* no backend arg, implicitly import it
* missed a spot
* double oops
* remove superfluous call
* use refactored method
* use vector file
* one last item
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PKCS12 parsing support
* running all the tests is so gauche
* rename func
* various significant fixes
* dangerous idiot here
* move pkcs12
* docs updates
* a bit more prose
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* x448 support
This work was originally authored by derwolfe
* update docs to have a more useful derived key length
* error if key is not a valid length in from_public_bytes
* one more
* switch to using evp_pkey_keygen_gc for x448 keygen
* review feedback
* switch to using evp_pkey_derive
* nit fix
|
| |
|
|
|
|
|
|
| |
* add sha3 support
* missed versionadded
* add prose, remove block_size
|
| |
|
|
|
|
| |
* error if the key length for x25519 isn't 32 bytes
* also test 33
|
| |
|
|
|
|
| |
* add SHA512/224 and SHA512/256 support
* add missing docs
|
| | |
|
