* first python API proposition
first round-trip tests
feat: made asn1 structures readable
refacto: adapted existing functions accordingly
feat/pkcs12: added symmetric_decrypt
feat: deserialize 3 possible encodings
feat: handling AES-128
feat: raise error when no recipient is found
feat/pkcs7: added decanonicalize function
feat/asn1: added decode_der_data
feat/pkcs7: added smime_enveloped_decode
tests are the round-trip (encrypt & decrypt)
more tests for 100% python coverage
test support pkcs7_encrypt with openssl
added algorithm to pkcs7_encrypt signature
refacto: decrypt function is clearer
flow is more natural
refacto: added all rust error tests
refacto: added another CA chain for checking
fix: const handling
Refactor PKCS7Decryptor to pkcs7_decrypt
refacto: removed SMIME_ENVELOPED_DECODE from rust code
refacto: removed decode_der_data
adapted tests accordingly
removed the PEM tag check
added tests for smime_decnonicalize
one more test case
Update src/rust/src/pkcs7.rs
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
took comments into account
pem to der is now outside of decrypt
fix: removed test_support pkcs7_encrypt
added vector for aes_256_cbc encrypted pkcs7
feat: not using test_support decrypt anymore
added new vectors for PKCS7 tests
feat: using pkcs7 vectors
removed previous ones
fix: changed wrong function
feat: added certificate issuer check
test: generating the RSA chain
removed the vectors accordingly
moved symmetric_decrypt to pkcs7.rs
* Update src/cryptography/hazmat/primitives/serialization/pkcs7.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fix: removed use of deprecated new_bound for PyBytes
* corrected some error types
* updated tests accordingly
* fix: handling other key encryption algorithms
added vectors & tests accordingly
* first attempts raising error when no header to remove
* one more test to handle text data without header
* fix: went back to the previous implementation
* refacto: removed the return part
* feat: Binary option does not seem useful for decryption
removed decanonicalization function
adapted tests accordingly
* moved logic into rust
only left some checks (for now?)
* removed pyfunction for the inner decrypt one
* added checks in rust now :)
changed name for clarity
* removed unused function
* some checks not needed anymore
* removed a parameter
* took comments into account
* removed unused import
removed excess get_type
* added first unwrap corrections
cleaned tests, added some others
added more vectors
* no more unwrap for parameter checks
* removing headers is Python now
added tests accordingly
will compare with OpenSSL
* final corrections?
* first version of documentation
some minor refactoring
* corrected doctests
* better indentation
* doctest: added RSA private key
* oops
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* argon2id support
* make it all rust now
* set a threadpool number
* address comments
* set threadpool to max(available, current)
* review comments
* a few more improvements
* Update docs/hazmat/primitives/key-derivation-functions.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* feat: implement parsing of admissions extension
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: add tests for admissions extension parsing
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: use cryptography result return type
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: apply fixes done by cargo fmt and clippy
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* add gematik company name and the gmbh abbreviations to known words
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* fix: regenerate the synthetic certificate with additional admission covering the case of naming authority with no data
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* fix: parse none for profession_oids if profession_oids is none
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* chore: apply formatting to changes in rust codebase
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_profession_infos from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_naming_authority from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* refactor: switch return type of parse_admissions from PyObject to Bound<PyAny>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: remove gematik certs from repo
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: remove gematik certs from this pr
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: extend parser tests with an additional synthetic certificate to complete rust coverage
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* chore: add description for the additional certificate without authority
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* use into_bound(py) as shortcut, refrain from using to_object() in all added functions
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* add better description for the admissions synthetic cert
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* adjust description to avoid using misspelled words
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
---------
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
Signed-off-by: Oleg Hoefling <oleg.hoefling@gmail.com>
* Add CustomPolicyBuilder foundation.
* Add EKU getters to ClientVerifier and ServerVerifier.
* Document the implemented part of custom verification.
* Remove `subject` field from VerifiedClient, rename `sans` back to `subjects`.
* Remove EKU-related setters, getters and documentation from this PR.
* Use double backticks in reStructuredText.
* Remove CustomPolicyBuilder in favor of extending PolicyBuilder.
* Code style improvements.
* Resolve coverage issues.
* Bump RSA-512 test keys to RSA-2048
RSA-512 was broken in 1999. cryptography.io should not be requesting
its backend library support it in 2024.
* Update test-vectors.rst
The replacement keys were generated fresh, and this document seems to
just cite the external ones.
* Document custom test vectors
* extensions: EKU must contain at least one member
Signed-off-by: William Woodruff <william@trailofbits.com>
* record changes
Signed-off-by: William Woodruff <william@trailofbits.com>
* empty EKU test vector
Signed-off-by: William Woodruff <william@trailofbits.com>
* typo
Signed-off-by: William Woodruff <william@trailofbits.com>
---------
Signed-off-by: William Woodruff <william@trailofbits.com>
* Add support for encrypting S/MIME messages
* Move PKCS7 decrypt test function to Rust
* Use symmetric encryption function from PKCS12
* Remove debug file write from tests
* Remove unneeded backend parameter
* docs and changelog
Given the RSA public exponent (`e`), and the RSA primes (`p`, `q`), it is possible
to calculate the corresponding private exponent `d = e⁻¹ mod λ(n)` where
`λ(n) = lcm(p-1, q-1)`.
With this function added, it becomes possible to use the library to reconstruct an RSA
private key given *only* `p`, `q`, and `e`:
from cryptography.hazmat.primitives.asymmetric import rsa
n = p * q
d = rsa.rsa_recover_private_exponent(e, p, q) # newly-added piece
iqmp = rsa.rsa_crt_iqmp(p, q) # preexisting
dmp1 = rsa.rsa_crt_dmp1(d, p) # preexisting
dmq1 = rsa.rsa_crt_dmq1(d, q) # preexisting
assert rsa.rsa_recover_prime_factors(n, e, d) in ((p, q), (q, p)) # verify consistency
privk = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, rsa.RSAPublicNumbers(e, n)).private_key()
Older RSA implementations, including the original RSA paper, often used the
Euler totient function `ɸ(n) = (p-1) * (q-1)` instead of `λ(n)`. The
private exponents generated by that method work equally well, but may be
larger than strictly necessary (`λ(n)` always divides `ɸ(n)`). This commit
additionally implements `_rsa_recover_euler_private_exponent`, so that tests
of the internal structure of RSA private keys can allow for either the Euler
or the Carmichael versions of the private exponents.
It makes sense to expose only the more modern version (using the Carmichael
totient function) for public usage, given that it is slightly more
computationally efficient to use the keys in this form, and that some
standards like FIPS 186-4 require this form. (See
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=63)
* Update reference.rst
This code snippet works when importing the extension oid
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Fix more misspellings
* Apply codespell suggestion: implementor → implementer
This is not exactly a misspelling, but:
* From Garner's Modern English Usage (4 ed.)
Although the variant spelling ✳implementor predominated for much of
the late 20th century, today implementer is considered standard.
* The Google Ngram Viewer shows a ratio of almost 10:1 in 2019.
* verification: WIP client verification skeleton
Signed-off-by: William Woodruff <william@yossarian.net>
* verify: fill in build_client_verifier
Signed-off-by: William Woodruff <william@yossarian.net>
* implement ClientVerifier.verify
Signed-off-by: William Woodruff <william@yossarian.net>
* verification: make Python 3.8 happy
Signed-off-by: William Woodruff <william@yossarian.net>
* switch to a full VerifiedClient type
Signed-off-by: William Woodruff <william@yossarian.net>
* remove the SubjectOwner::None hack
Signed-off-by: William Woodruff <william@yossarian.net>
* docs: fix ClientVerifier
Signed-off-by: William Woodruff <william@yossarian.net>
* verification: replace match with if
Signed-off-by: William Woodruff <william@yossarian.net>
* return GNs directly, not whole extension
Signed-off-by: William Woodruff <william@yossarian.net>
* docs/verification: document UnsupportedGeneralNameType raise
Signed-off-by: William Woodruff <william@yossarian.net>
* lib: RFC822 checks on NCs
* test_limbo: enable client tests
* tests: flake
* test_verification: more Python API coverage
* verification: filter GNs by NC support
* verification: forbid unsupported NC GNs
This is what we should have been doing originally, per
RFC 5280 4.2.1.10:
> If a name constraints extension that is marked as critical
> imposes constraints on a particular name form, and an instance of
> that name form appears in the subject field or subjectAltName
> extension of a subsequent certificate, then the application MUST
> either process the constraint or reject the certificate.
* docs/verification: remove old sentence
Signed-off-by: William Woodruff <william@yossarian.net>
* verification: ensure the right EKU for client/server paths
Signed-off-by: William Woodruff <william@yossarian.net>
* test_limbo: fixup EKU assertion
* verification: feedback
---------
Signed-off-by: William Woodruff <william@yossarian.net>
