* Added a test for RC2-CBC with an effectiveKeyLength
* Update docs/development/test-vectors.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---------
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* add a bunch of pkcs8 test vectors
these are encrypted PKCS8 keys for various parameters we haven't
explicitly tested in the past
* I hate the spellchecker so much
* Two more testscases for key loading
* Update tests/hazmat/primitives/test_serialization.py
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---------
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Update reference.rst:load_der_x509_certificate to note error raised
It raises the error and therefore should be noted in the documentation.
```
>>> x509.load_der_x509_certificate(b64.b64decode("foobar".encode()))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: error parsing asn1 value: ParseError { kind: InvalidLength }
```
* Update docs/x509/reference.rst
Thanks!
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Add BUNDLE_SECURITY EKU
* Adding Other Name Form OIDs
* Adding public access to OtherNameFormOID
* Sorting names for lint
* Sort imports
* Fix format
* Adding OID docs
* Add specific next version
* first python API proposition
first round-trip tests
feat: made asn1 structures readable
refacto: adapted existing functions accordingly
feat/pkcs12: added symmetric_decrypt
feat: deserialize 3 possible encodings
feat: handling AES-128
feat: raise error when no recipient is found
feat/pkcs7: added decanonicalize function
feat/asn1: added decode_der_data
feat/pkcs7: added smime_enveloped_decode
tests are the round-trip (encrypt & decrypt)
more tests for 100% python coverage
test support pkcs7_encrypt with openssl
added algorithm to pkcs7_encrypt signature
refacto: decrypt function is clearer
flow is more natural
refacto: added all rust error tests
refacto: added another CA chain for checking
fix: const handling
Refactor PKCS7Decryptor to pkcs7_decrypt
refacto: removed SMIME_ENVELOPED_DECODE from rust code
refacto: removed decode_der_data
adapted tests accordingly
removed the PEM tag check
added tests for smime_decnonicalize
one more test case
Update src/rust/src/pkcs7.rs
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
took comments into account
pem to der is now outside of decrypt
fix: removed test_support pkcs7_encrypt
added vector for aes_256_cbc encrypted pkcs7
feat: not using test_support decrypt anymore
added new vectors for PKCS7 tests
feat: using pkcs7 vectors
removed previous ones
fix: changed wrong function
feat: added certificate issuer check
test: generating the RSA chain
removed the vectors accordingly
moved symmetric_decrypt to pkcs7.rs
* Update src/cryptography/hazmat/primitives/serialization/pkcs7.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fix: removed use of deprecated new_bound for PyBytes
* corrected some error types
* updated tests accordingly
* fix: handling other key encryption algorithms
added vectors & tests accordingly
* first attempts raising error when no header to remove
* one more test to handle text data without header
* fix: went back to the previous implementation
* refacto: removed the return part
* feat: Binary option does not seem useful for decryption
removed decanonicalization function
adapted tests accordingly
* moved logic into rust
only left some checks (for now?)
* removed pyfunction for the inner decrypt one
* added checks in rust now :)
changed name for clarity
* removed unused function
* some checks not needed anymore
* removed a parameter
* took comments into account
* removed unused import
removed excess get_type
* added first unwrap corrections
cleaned tests, added some others
added more vectors
* no more unwrap for parameter checks
* removing headers is Python now
added tests accordingly
will compare with OpenSSL
* final corrections?
* first version of documentation
some minor refactoring
* corrected doctests
* better indentation
* doctest: added RSA private key
* oops
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* argon2id support
* make it all rust now
* set a threadpool number
* address comments
* set threadpool to max(available, current)
* review comments
* a few more improvements
* Update docs/hazmat/primitives/key-derivation-functions.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* feat: implement parsing of admissions extension
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: add tests for admissions extension parsing
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: use cryptography result return type
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: apply fixes done by cargo fmt and clippy
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* add gematik company name and the gmbh abbreviations to known words
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* fix: regenerate the synthetic certificate with additional admission covering the case of naming authority with no data
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* fix: parse none for profession_oids if profession_oids is none
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: apply formatting to changes in rust codebase
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_profession_infos from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_naming_authority from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_admissions from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: remove gematik certs from repo
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: remove gematik certs from this pr
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: extend parser tests with an additional synthetic certificate to complete rust coverage
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: add description for the additional certificate without authority
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* use into_bound(py) as shortcut, refrain from using to_object() in all added functions
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* add better description for the admissions synthetic cert
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* adjust description to avoid using misspelled words
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
---------
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* Add CustomPolicyBuilder foundation.
* Add EKU getters to ClientVerifier and ServerVerifier.
* Document the implemented part of custom verification.
* Remove `subject` field from VerifiedClient, rename `sans` back to `subjects`.
* Remove EKU-related setters, getters and documentation from this PR.
* Use double backticks in reStructuredText.
* Remove CustomPolicyBuilder in favor of extending PolicyBuilder.
* Code style improvements.
* Resolve coverage issues.
* Bump RSA-512 test keys to RSA-2048
RSA-512 was broken in 1999. cryptography.io should not be requesting
its backend library support it in 2024.
* Update test-vectors.rst
The replacement keys were generated fresh, and this document seems to
just cite the external ones.
* Document custom test vectors
* extensions: EKU must contain at least one member
Signed-off-by: William Woodruff <william@trailofbits.com>
* record changes
Signed-off-by: William Woodruff <william@trailofbits.com>
* empty EKU test vector
Signed-off-by: William Woodruff <william@trailofbits.com>
* typo
Signed-off-by: William Woodruff <william@trailofbits.com>
---------
Signed-off-by: William Woodruff <william@trailofbits.com>
