aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Unify X.509 signature algorithm validation (#5276)HEADmasterMarko Kreen2020-06-141-0/+55
| | | | | - Use common implementation - OCSP signing was using different validation - Check if private key is usable for signing
* Add a way to pass current time to Fernet (#5256)Jakub Stasiak2020-06-141-10/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a way to pass current time to Fernet The motivation behind this is to be able to unit test code using Fernet easily without having to monkey patch global state. * Reformat to satisfy flake8 * Trigger a Fernet.encrypt() branch missing from coverage * Revert specifying explicit current time in MultiFernet.rotate() Message's timestamp is not verified anyway since ttl is None. * Change the Fernet's explicit current time API slightly This's been suggested in code review. * Fix a typo * Fix a typo * Restore full MultiFernet test coverage and fix a typo * Restore more coverage time.time() is not called by MultiFernet.rotate() anymore so the monkey patching and lambda need to go, because the patched function is not used and coverage calculation will rightfully notice it. * Remove an unused import * Document when the *_at_time Fernet methods were added
* Cleanup serialize (#5149)Marko Kreen2020-05-251-4/+119
| | | | | | | | | | | | | | * Additional tests for public/private_bytes They expose few places that raise TypeError and AssertionError! before, and ValueError later. * Cleanup of private_bytes() backend Also pass key itself down to backend. * Cleanup of public_bytes() backend * Test handling of unsupported key type
* Added wycheproof hmac vectors (#5238)Alex Gaynor2020-04-261-0/+66
|
* Refs #5075 -- added the remainder of the wycheproof rsa tests (#5237)Alex Gaynor2020-04-261-0/+28
|
* Added wycheproof RSA PKCSv1 encryption tests (#5234)Alex Gaynor2020-04-261-2/+34
|
* Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still ↵Alex Gaynor2020-04-252-25/+1
| | | | supported) (#5231)
* Refs #5075 -- use ed448_test.json from wycheproof (#5191)Alex Gaynor2020-04-121-3/+27
|
* Refs #5075 -- use hkdf_*.json from wycheproof (#5190)Alex Gaynor2020-04-123-7/+61
|
* Refs #5075 -- use rsa_oaep_*.json from wycheproof (#5100)Alex Gaynor2020-04-111-0/+63
|
* Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182)Alex Gaynor2020-04-051-7/+0
|
* Replace floating point arithmetic with integer arithmetic (#5181)Torin Carey2020-04-042-10/+8
|
* Drop support for OpenSSL 1.0.1 (#5178)Alex Gaynor2020-04-044-74/+20
|
* Allow NameAttribute.value to be an empty string (#5109)Andrea De Pasquale2020-03-191-4/+18
| | | | | | | | | | | | * Allow NameAttribute.value to be an empty string RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that "AttributeValue" can not be an empty (zero-length) string. Fixes #5106 * reverse order to match fix from another PR Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120)Thomas Erbesdobler2020-03-021-3/+3
| | | | RFC4514 requires in section 2.1 that RDNs are converted to string representation in reversed order.
* Refs #5075 -- use ecdsa_*.json from wycheproof (#5099)Alex Gaynor2020-01-121-0/+17
|
* Refs #5075 -- use dsa_*.json from wycheproof (#5098)Alex Gaynor2020-01-121-0/+4
|
* Refs #5075 -- use rsa_signature_*.json from wycheproof (#5078)Alex Gaynor2020-01-121-0/+22
| | | | | | * Refs #5075 -- use rsa_signature_*.json from wycheproof * for azure
* Refs #5075 -- use x448_test.json from wycheproof (#5077)Alex Gaynor2020-01-121-0/+48
| | | | | | | | | | * Refs #5075 -- use x448_test.json from wycheproof * Fixed test * crypto libraries from people who can't math, it's fine * Skip teh weirdo 57 byte public keys
* Use dict literals. (#5080)Mads Jensen2019-12-021-1/+1
|
* Get tests passing with latest wycheproof clone (#5076)Alex Gaynor2019-11-262-1/+4
| | | | | | | | * Get tests passing with latest wycheproof clone * Fix x25519 wycheproof tests * Fix for acme repo changes
* Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't ↵Alex Gaynor2019-11-251-10/+26
| | | | | | | | have RC2 (#5072) * Refs #5065 -- have a CI job with OpenSSL built with no-rc2 * Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2
* Parse single_extensions in OCSP responses (#5059)Paul Kehrer2019-11-111-0/+10
| | | | | | | | | | | | * add single_extensions to OCSPResponse (#4753) * new vector, updateed docs, more stringent parser, changelog, etc * simplify PR (no SCT for now) * add a comment * finish pulling out the sct stuff so tests might actually run
* Let Oid enforce positive decimal integers (#5053)Noel Remy2019-11-101-0/+39
| | | | | | Failing that would lead to an OpenSSL error when calling OBJ_txt2obj at serialization. Adds basic tests for oids.
* Deal with the 2.5 deprecations (#5048)Alex Gaynor2019-11-032-8/+2
| | | | | | | | | | | | * Deal with the 2.5 deprecations * pep8 + test fixes * docs typo * Why did I do this? * typo
* Fixes #5018 -- break users on OpenSSL 1.0.1 (#5022)Alex Gaynor2019-10-181-1/+13
| | | | | | | | | | | | * Fixes #5018 -- break users on OpenSSL 1.0.1 * Grammar * Syntax error * Missing import * Missing import
* UniversalString needs to be encoded as UCS-4 (#5000)Marko Kreen2019-10-171-0/+17
|
* update our test to be more robust wrt some changes from upstream (#4993)Paul Kehrer2019-09-111-2/+9
|
* one more missing branch (#4992)Paul Kehrer2019-09-091-0/+23
|
* fix coverage, small cleanups in tests (#4990)Paul Kehrer2019-09-093-30/+40
|
* Finish ed25519 and ed448 support in x509 module (#4972)Marko Kreen2019-09-094-7/+488
| | | | | | | | | | | | | | | | | | * Support ed25519 in csr/crl creation * Tests for ed25519/x509 * Support ed448 in crt/csr/crl creation * Tests for ed448/x509 * Support ed25519/ed448 in OCSPResponseBuilder * Tests for eddsa in OCSPResponseBuilder * Builder check missing in create_x509_csr * Documentation update for ed25519+ed448 in x509
* Allow FreshestCRL extension in CRL (#4975)Marko Kreen2019-09-071-0/+33
| | | Per RFC5280 it is allowed in both certificates and CRL-s.
* fix coverage by adding two artificial DSA public keys (#4984)Paul Kehrer2019-09-061-0/+32
| | | | | | | | | | * fix coverage by adding two artificial DSA public keys One key removes the optional parameters from the structure to cover a branch conditional, and the other key has its BITSTRING padding value set to a non-zero value. * lexicographic? never heard of it
* Make DER reader into a context manager (#4957)Alex Gaynor2019-07-282-37/+43
| | | | | | | | * Make DER reader into a context manager * Added another test case * flake8
* Remove asn1crypto dependency (#4941)David Benjamin2019-07-283-26/+298
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove non-test dependencies on asn1crypto. cryptography.io actually contains two OpenSSL bindings right now, the expected cffi one, and an optional one hidden in asn1crypto. asn1crypto contains a lot of things that cryptography.io doesn't use, including a BER parser and a hand-rolled and not constant-time EC implementation. Instead, check in a much small DER-only parser in cryptography/hazmat. A quick benchmark suggests this parser is also faster than asn1crypto: from __future__ import absolute_import, division, print_function import timeit print(timeit.timeit( "decode_dss_signature(sig)", setup=r""" from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08" """, number=10000)) Python 2.7: asn1crypto: 0.25 _der.py: 0.098 Python 3.5: asn1crypto: 0.17 _der.py: 0.10 * Remove test dependencies on asn1crypto. The remaining use of asn1crypto was some sanity-checking of Certificates. Add a minimal X.509 parser to extract the relevant fields. * Add a read_single_element helper function. The outermost read is a little tedious. * Address flake8 warnings * Fix test for long-form vs short-form lengths. Testing a zero length trips both this check and the non-minimal long form check. Use a one-byte length to cover the missing branch. * Remove support for negative integers. These never come up in valid signatures. Note, however, this does change public API. * Update src/cryptography/hazmat/primitives/asymmetric/utils.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Review comments * Avoid hardcoding the serialization of NULL in decode_asn1.py too.
* some test improvements (#4954)Paul Kehrer2019-07-271-1/+25
| | | | detect md5 and don't generate short RSA keys these changes will help if we actually try to run FIPS enabled
* add class methods for poly1305 sign verify operations (#4932)Jeff Yang2019-07-081-0/+27
|
* Fix some backend feature checks in tests (#4931)David Benjamin2019-07-088-20/+10
| | | | | | | | | | | | | | | * Remove irrelevant DHBackend test conditions DHBackend provides functions for plain finite-field Diffie-Hellman. X25519 and X448 are their own algorithms, and Ed25519 and Ed448 aren't even Diffie-Hellman primitives. * Add missing backend support checks. Some new AES and EC tests did not check for whether the corresponding mode or curve was supported by the backend. * Add a DummyMode for coverage
* Write a test for an uncovered line (#4940)Alex Gaynor2019-07-061-0/+24
|
* ed25519 support in x509 certificate builder (#4937)Paul Kehrer2019-07-061-3/+122
| | | | | | | | | | * ed25519 support in x509 certificate builder This adds minimal ed25519 support. More to come. * Apply suggestions from code review Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* we don't have these mac builders any more (#4892)Paul Kehrer2019-05-251-7/+1
| | | | | | | | | | * we don't have these mac builders any more let's see if we get coverage from azure like we should! * remove a branch we can't cover in tests * remove unused import
* Small style cleanup (#4891)Alex Gaynor2019-05-191-1/+1
|
* add name for ExtensionOID.PRECERT_POISON (#4853)redshiftzero2019-05-191-1/+8
| | | | | | | | * test: ensure all public members of ExtensionOID have names defined * add name for ExtensionOID.PRECERT_POISON ref: https://github.com/google/certificate-transparency/blob/5fce65cb60cfe7808afc98de23c7dd5ddbfa1509/python/ct/crypto/asn1/oid.py#L338
* fix aia encoding memory leak (#4889)Paul Kehrer2019-05-181-0/+60
| | | | | | * fix aia encoding memory leak * don't return anything from the prealloc func
* use a random key for these tests (#4887)Paul Kehrer2019-05-181-1/+1
| | | | | | Using an all 0 key causes failures in OpenSSL master (and Fedora has cherry-picked the commit that causes it). The change requires that the key/tweak for XTS mode not be the same value, so let's just use a random key.
* fix from_issuer_subject_key_identifier to take the right type (#4864)Paul Kehrer2019-05-041-2/+9
| | | | | | | | | | * fix from_issuer_subject_key_identifier to take the right type deprecate passing the old Extension wrapper object * don't use a try:except: * hilarious contortions to satisfy doc8
* 4810 bugfix: avoid UnicodeEncodeError on python 2 (#4846)redshiftzero2019-04-161-4/+19
| | | | | | | | * test: regression test for UnicodeEncodeError in x509 name in #4810 added utf8 encoding at the top of the file due to PEP 263 * bugfix: #4810 resolve UnicodeEncodeError in x509 name
* Fixes #4830 -- handle negative serial numbers (#4843)Alex Gaynor2019-04-131-0/+8
|
* fix a memory leak in AIA parsing (#4836)Paul Kehrer2019-04-111-1/+20
| | | | | | * fix a memory leak in AIA parsing * oops can't remove that
* fix != comparison in py2 (fixes #4821) (#4822)Mathias Ertl2019-03-251-4/+10
| | | | | | | | * fix != comparison in py2 (fixes #4821) * remove blank line b/c pep8 * move __ne__ next to __eq__ as per review request
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-01 07:58:24 +0000