| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
|
| |
|
|
|
|
| |
* handle empty byte string in from_encoded_point
* move the error
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* compressed point support
* refactor to use oct2point directly
* small docs change
* remove deprecation for the moment and a bit of review feedback
* no backend arg, implicitly import it
* missed a spot
* double oops
* remove superfluous call
* use refactored method
* use vector file
* one last item
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PKCS12 parsing support
* running all the tests is so gauche
* rename func
* various significant fixes
* dangerous idiot here
* move pkcs12
* docs updates
* a bit more prose
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* x448 support
This work was originally authored by derwolfe
* update docs to have a more useful derived key length
* error if key is not a valid length in from_public_bytes
* one more
* switch to using evp_pkey_keygen_gc for x448 keygen
* review feedback
* switch to using evp_pkey_derive
* nit fix
|
| |
|
|
|
|
|
|
| |
* add sha3 support
* missed versionadded
* add prose, remove block_size
|
| |
|
|
|
|
| |
* error if the key length for x25519 isn't 32 bytes
* also test 33
|
| |
|
|
|
|
| |
* add SHA512/224 and SHA512/256 support
* add missing docs
|
| | |
|
| |
|
|
|
|
| |
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm
* remove unused import
|
| |
|
|
|
|
|
| |
The remaining calls to `signer()` and `verifier()` are exercising the
deprecated API intentionally. Let's test that the deprecation warnings
are being raised as expected.
Closes #4311; see also #4314.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* also check iv length for GCM nonce in AEAD
* ugh
|
| | |
|
| | |
|
| |
|
| |
I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* document one shot AEAD length restrictions
* write a test that won't consume infinity ram
continue to raise OverflowError since that's what cffi did.
* this applies to associated_data too
* remove unneeded arg
* review feedback on docs
|
| |
|
|
|
|
|
|
|
| |
* raise valueerror for null x25519 derived keys
OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error
* empty commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#4325)
* we don't actually care about the errstack here, it's an invalid signature
We previously had no cases where we could error without getting errors
on the error stack, but wycheproof contains test cases that can error
without adding anything to the stack. Accordingly, we should clear the
stack but raise InvalidSignature no matter what (rather than
InternalError if we have no error msgs)
* add a test
|
| | |
|
| |
|
|
| |
(#4308)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add clearer message in Cipher when key is not bytes
* Change location of key type check to verify_key_size function
* Replace formated error message with static
* Add key type check tests to all ciphers constructors
* Change key type error message to lowercase
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| |
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
|
|
|
| |
* Fixed 120 warnings from the RSA tests
* typo
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* In RSA test vectors, use verify() to avoid warnings
* whoops
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
| | |
|
| |
|
|
|
|
|
|
| |
* Inline calls to bit_length now that it's trivial
* unused imports
* An comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
| |
|
|
|
|
|
|
|
|
| |
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
|
| |
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
| |
|
|
|
|
|
|
|
|
| |
* add blake2b/blake2s support for hmac
This was a bug, but it turns out the noise protocol suggests using the
HMAC construction with BLAKE2 (rather than BLAKE2's own keyed
functionality) for a few reasons, so we should support it.
* actually test the thing
|
| |
|
|
|
|
|
|
|
|
| |
* remove deprecated items
whirlpool, ripemd160, unsupportedextension, and the old interfaces
* flake8 and remove a test generator we no longe use
* make it clear we warned you about these things
|
| |
|
|
|
|
| |
* Remove DH generator size constraint
* Check that g > 1
|
| |
|
|
|
|
|
|
| |
* add AESGCM AEAD support
* remove stray newline
* move AESGCM docs above CCM
|
| |
|
|
|
|
| |
* move tag_length to the AESCCM constructor
* review feedback
|
