aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* OCSP request parsing (#4393)Paul Kehrer2018-08-151-0/+115
| | | | | | | | | | | | * add public_bytes to OCSPRequest * review feedback * OCSP request parsing * change some prose * add __len__ as a required method
* sigh, missed one TLSv1 (#4392)Alex Gaynor2018-08-121-1/+2
|
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL (#4389)Alex Gaynor2018-08-122-3/+5
| | | | | | | | * Fixed #4380 -- do not assume TLSv1 is available in OpenSSL Hallelujah! It's starting to become the case that some OpenSSLs are disabling it. * cover this file as well
* Refs #4375 -- added ECDH EC point wycheproof tests (#4384)Alex Gaynor2018-08-061-0/+41
|
* Refs #4375 -- added RSA PSS wycheproof tests (#4381)Alex Gaynor2018-08-031-1/+41
|
* Refs #4375 -- integrate wycheproof AES CCM tests (#4379)Alex Gaynor2018-08-021-1/+39
| | | | | | * Refs #4375 -- integrate wycheproof AES CCM tests * Skip these tests if we don't have CCM support
* Updated wycheproof tests for new upstream vectors (#4378)Alex Gaynor2018-08-012-8/+18
| | | | | | | | * updated tests for upstream wycheproof changes * Updated AES tests * oops, flake8
* Use A-label strings in tests (#4374)Tim Burke2018-07-301-2/+2
| | | | | We already have coverage of the U-label deprecation warnings in test_x509_ext.py; see TestRFC822Name.test_idna and TestUniformResourceIdentifier.test_idna_no_port
* Test for expected CryptographyDeprecationWarnings (#4372)Tim Burke2018-07-283-56/+48
| | | | | | | The remaining calls to `signer()` and `verifier()` are exercising the deprecated API intentionally. Let's test that the deprecation warnings are being raised as expected. Closes #4311; see also #4314.
* Update comment (#4371)Alex Gaynor2018-07-261-2/+2
|
* block_size isn't part of our interface and future hashes won't have it (#4366)Paul Kehrer2018-07-232-12/+3
|
* Refs #3331 -- integrated wycheproof ECDH tests (#4354)Alex Gaynor2018-07-182-0/+87
| | | | | | | | | | | | * Refs #3331 -- integrated wycheproof ECDH tests * flake8 + missing assert * Handle this error case * skip on unsupported * shouldn't need to try here any more
* improve skip msg when skipping an ECDH test in test_ec (#4355)Paul Kehrer2018-07-181-2/+2
|
* add wycheproof gcm tests (#4349)Paul Kehrer2018-07-171-0/+54
| | | | | | * add wycheproof gcm tests * add AEAD test
* also check iv length for GCM nonce in AEAD (#4350)Paul Kehrer2018-07-171-0/+6
| | | | | | * also check iv length for GCM nonce in AEAD * ugh
* raise ValueError on zero length GCM IV (#4348)Paul Kehrer2018-07-171-0/+4
|
* add chacha20poly1305 wycheproof tests (#4345)Paul Kehrer2018-07-171-0/+47
| | | | | | | | * add chacha20poly1305 wycheproof tests * flake8 * review
* add wycheproof tests for AES CMAC (#4344)Paul Kehrer2018-07-171-0/+36
| | | | | | * add wycheproof tests for AES CMAC * review feedback
* disallow implicit tag truncation with finalize_with_tag (#4342)Paul Kehrer2018-07-171-0/+16
|
* Refs #3331 -- integrated wycheproof ECDSA tests (#4341)Alex Gaynor2018-07-171-0/+76
| | | | | | | | | | * Refs #3331 -- integrated wycheproof ECDSA tests * Also handle these key loading errors * review * empty commit to trigger jenkins
* add aes cbc pkcs5 wycheproof tests (#4347)Paul Kehrer2018-07-171-0/+42
|
* add DSA wycheproof tests (#4346)Paul Kehrer2018-07-171-0/+49
|
* add crl.get_revoked_certificate method (#4331)Paul Kehrer2018-07-161-0/+12
| | | | | | | | * add crl.get_revoked_certificate method * lexicographic is the best ographic * rename
* Refs #3331 -- added initial wycheproof integration, starting with x25519, ↵Alex Gaynor2018-07-167-1/+268
| | | | | rsa, and keywrap (#4310) * Refs #3331 -- added initial wycheproof integration, starting with x25519 tests
* Change the exception we raise in keywrap unwrapping on invalid length (#4337)Alex Gaynor2018-07-161-3/+5
| | | I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
* document one shot AEAD length restrictions (#4322)Paul Kehrer2018-07-141-0/+38
| | | | | | | | | | | | | | * document one shot AEAD length restrictions * write a test that won't consume infinity ram continue to raise OverflowError since that's what cffi did. * this applies to associated_data too * remove unneeded arg * review feedback on docs
* raise valueerror for null x25519 derived keys (#4332)Paul Kehrer2018-07-121-0/+17
| | | | | | | | | * raise valueerror for null x25519 derived keys OpenSSL errors when it hits this edge case and a null shared key is bad anyway so let's raise an error * empty commit
* we don't actually care about the errstack here, it's an invalid signature ↵Paul Kehrer2018-07-101-0/+35
| | | | | | | | | | | | | | (#4325) * we don't actually care about the errstack here, it's an invalid signature We previously had no cases where we could error without getting errors on the error stack, but wycheproof contains test cases that can error without adding anything to the stack. Accordingly, we should clear the stack but raise InvalidSignature no matter what (rather than InternalError if we have no error msgs) * add a test
* fix a memory leak when calling X25519PrivateKey.public_key() (#4326)Paul Kehrer2018-07-101-0/+8
|
* fix encoding BMPString in x509 name entries (#4321)Paul Kehrer2018-07-091-0/+18
| | | | | | | | | | Previously we encoded them as UTF-8, but as best I can tell in reality a BMPString is fixed-width basic multilingual plane big endian encoding. This is basically UCS-2 (aka original Unicode). However, Python doesn't support UCS-2 encoding so we need to use utf_16_be. This means you can encode surrogate code points that are invalid in the context of what a BMPString is supposed to be, but in reality I strongly suspect the sane encoding ship has sailed and dozens if not hundreds of implementations both do this and expect other systems to handle their nonsense.
* Make RelativeDistinguishedName preserve attribtue order (#4306)Marti Raudsepp2018-07-091-6/+9
| | | | Duplicate attributes now raise an error instead of silently discarding duplicates.
* reduce number of deprecated signer/verifier calls in test_rsa (#4314)Paul Kehrer2018-07-061-113/+95
|
* Fixes #4242 -- added an additional assert to make this test more resillient ↵Alex Gaynor2018-07-041-0/+2
| | | | (#4308)
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests (#4293)Alex Gaynor2018-06-201-0/+3
| | | | | | | | | | * Perform an OPENSSL_cleanup before checking the heap in our memleak tests * Make this binding conditional * typo * need to put this call before we reset the function ptrs
* Add clearer message when key type is not bytes (#4289)Vladyslav Moisieienkov2018-06-202-0/+36
| | | | | | | | | | | | * Add clearer message in Cipher when key is not bytes * Change location of key type check to verify_key_size function * Replace formated error message with static * Add key type check tests to all ciphers constructors * Change key type error message to lowercase
* Correctly pass bytes; refs #4289 (#4290)Alex Gaynor2018-06-191-1/+1
|
* Correct pass bytes; refs #4289 (#4291)Alex Gaynor2018-06-191-1/+1
|
* simplify and parametrize DSA tests (#4267)Paul Kehrer2018-05-301-431/+239
|
* parametrize a few things in test_ec (#4268)Paul Kehrer2018-05-301-30/+13
|
* Future proofing use of the six python version constants (#4238)Eric Brown2018-05-142-25/+25
| | | | | | | | | | | | | | | * Future proofing use of the six python version constants After reading [1], noticed that cryptography uses a lot of if six.PY3 blocks. The issue with this is that whenever Python 4 is released, this code in the else block will be executed even though it was only intended for Python 2. [1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/ Signed-off-by: Eric Brown <browne@vmware.com> * Use not PY2 instead
* Validate the public/private halves of EC keys on import. (#4241)David Benjamin2018-05-141-3/+3
| | | | | | | | | | | | | | | | | | * Validate the public/private halves of EC keys on import. OpenSSL's API is a little finicky. If one sets the public key before the private key, it does not validate that they match. If set in the other order, it does validate this. In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax describes error code 7 as: Result = F (7 - IUT's Static private key d changed-prikey validity) Reordering the two operations makes those tests to fail on key import, which is what CAVP appears to have intended. * Wrap to 79 rather than 80 columns
* Add support for extracting timestamp from a Fernet token (#4229)Paul Kehrer2018-05-121-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add API for retrieving the seconds-to-expiry for the token, given a TTL. * Process PR feedback: * Do compute the TTL, but just the age of the token. The caller can decided what to do next. * Factored out the HMAC signature verification to a separate function. * Fixed a copy&paste mistake in the test cases * Tests cleanup. * `struct` no longer needed * Document `def age()` * typo in `age()` documentation * token, not data * remove test for TTL expiry that is already covered by the parameterized `test_invalid()`. * let's call this extract_timestamp and just return timestamp * review comments * it's UNIX I know this
* Raise ve on bad gt (#4180)Joshua Crowgey2018-04-031-0/+12
| | | | | | | | | | | | | | | * Raise a ValueError when conversion to generalizedtime fails * added test for badasn1time value error * pep8 compliance * Addressing code review + VE now raises with ```{!r}``` formatting + Test now checks that the bad string made it into the VE message * using ValueError.match
* fix bug with n % 8 length wrapping on AESKWP (#4160)Paul Kehrer2018-03-201-0/+24
| | | | | | * fix bug with n % 8 length wrapping on AESKWP * review feedback
* Revert "don't allow GeneralNames to be an empty list (#4128)" (#4161)Alex Gaynor2018-03-201-4/+0
| | | | | This breaks the urllib3 tests, as well as several in-the-wild certs This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
* implement AES KW with padding (RFC 5649) (#3880)Paul Kehrer2018-03-181-0/+65
| | | | | | | | | | | | | | | | | | * implement AES KW with padding (RFC 5649) fixes #3791 * oops, 2.2 * make sure this is the right valueerror * more match * make key padding easier to read * review feedback * review feedback
* Allow DSA q=224 (#4147)Paul Kehrer2018-03-182-91/+18
| | | | | | | | * load Q=224 vectors * DSA parameters should support 224 for q length * oxford comma
* Brainpool curves (#4129)Paul Kehrer2018-03-151-1/+28
| | | | | | | | | | | | | | | | | | * added brainpool ec-curves key_length >= 256bit * limit brainpool curves to the set that appear required + docs * oops * typos all around me * add brainpool ECDH kex tests * switch to using rfc 7027 vectors * review feedback * empty commits are the best
* don't allow GeneralNames to be an empty list (#4128)Paul Kehrer2018-03-051-0/+4
| | | | | | * don't allow GeneralNames to be an empty list * flake8
* fix a memory leak in ec derive_private_key (#4096)Paul Kehrer2018-02-041-0/+8
| | | | | | | | * fix a memory leak in ec derive_private_key fixes #4095 * pep8!