saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
12296 commits 40 branches 135 tags 60 MiB
Commit graph

419 commits

Author SHA1 Message Date
Alex Gaynor
42788a0353
Fix exchange with keys that had Q automatically computed (#11309) 
fixes #10790
closes #10864
closes #11218
 2024-07-20 08:05:18 -07:00
Facundo Tuesca
783223f5f6
docs: Add instructions to build the docs (#11290) 
* docs: Add instructions to build the docs

* docs: Fix single backticks

* docs: remove troubleshooting section

* Update docs/development/getting-started.rst

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2024-07-17 21:07:37 +00:00
William Woodruff
f370b09810
policy/extension: improve extension policy errors (#11162) 
* policy/extension: improve extension policy errors

* verification: ValidationError::ExtensionError variant

Begin cleaning things up.

* policy/extension: remove redundant clone

* ensure that we render the ext OID

* lib: coverage for other display arms

* relocate custom vector

* test-vectors: typo
 2024-06-25 21:51:24 -04:00
Alex Gaynor
61a5e672e6
fixed rst syntax in test-vectors.rst (#11153) 2024-06-25 08:00:12 +03:00
Julien Castiaux
031d407e4d
Add public_key_algorithm_oid to certificate and CSR (#10517) 2024-03-27 14:32:35 -04:00
Alex Gaynor
8436316862
Wycheproof lives under C2SP now (#10628) 2024-03-22 19:34:41 -04:00
Alex Gaynor
dcf6ac240d
Updates for ruff 0.3.1 (#10548) 2024-03-07 10:57:37 -08:00
Facundo Tuesca
c97808ca77
Add test vectors for deterministic ECDSA (RFC6979) (#10438) 2024-02-20 06:57:07 -08:00
Paul Kehrer
608ce9520f
add RC2-128-CBC vector (#10402) 
vector created using golang's x/crypto internal impl and verified
against openssl
 2024-02-16 22:20:14 -05:00
Paul Kehrer
075925fd55
allow SPKI RSA keys to be parsed even if they have an incorrect delimiter (#10248) 
* allow SPKI RSA keys to be parsed even if they have an incorrect delimiter

This allows RSA SPKI keys (typically delimited with PUBLIC KEY) to be parsed
even if they are using the RSA PUBLIC KEY delimiter.

* formatting

* use original error if nothing parses, don't let it parse non-RSA
 2024-01-25 01:54:23 +00:00
Alex Gaynor
ad4ba0af95
Develop a local nox target (#10173) 
This formats code, runs linters, and tests.

And it does these in an order that's optimized for fast local feedback
 2024-01-14 20:43:55 -02:00
Paul Kehrer
30e5ee2493
add some more EC vectors (#10134) 2024-01-05 18:03:57 +00:00
Alex Gaynor
e31a34398e
Another test case for explicit parameter private key (#10132) 2024-01-05 12:57:12 -03:00
Alex Gaynor
bbf2544c79
Added two test cases for unsupported EC private keys (#10126) 2024-01-05 07:19:16 -03:00
Alex Gaynor
6e106f5584
Update various links in the docs for permanent redirects (#10109) 2024-01-02 21:00:20 -03:00
Alex Gaynor
9e866cc50d
Update various links in the docs for permanent redirects (#10098) 2023-12-31 17:56:51 -03:00
Johnny Hsieh
91541cf726
Add support for GCM mode of SM4 cipher (#10072) 
* Add support for SM4-GCM cipher

ref: #7503
ref: https://github.com/openssl/openssl/issues/13667

* Update SM4 GCM tests to use external test vector

* Cite SM4 test vectors sources in document

* Add tests for SM4ModeGCM finalize_with_tag

* Update CHANGELOG.rst
 2023-12-29 10:56:29 -03:00
Alex Gaynor
c9578f28a1
Fixed a typo in test-vectors documentation (#10041) 2023-12-23 12:45:31 -03:00
Alex Gaynor
fb4c72c8bf
Added wycheproof vectors for pbkdf2 (#10024) 2023-12-21 08:30:36 -06:00
Alex Gaynor
cd9cb8b488
Remind people about rust in the dev docs (#9985) 2023-12-10 17:39:06 +00:00
Alex Gaynor
0a1f26b48f
Document tests-nocoverage in our dev docs (#9984) 
There's limited value in running coverage locally, since no single build produces 100% coverage
 2023-12-10 11:29:29 -06:00
Alex Gaynor
61676b5b05
Update development docs (#9977) 
- No special configuration is required for brew or macports OpenSSL anymore
- There's no point in documenting building local docs, it's basically never necessary
 2023-12-09 08:36:46 -06:00
Paul Kehrer
d06a6a17cb
regenerate x509/custom/ca/ca.pem to expire in 2100 (#9964) 
The existing cert doesn't expire until late 2038 but this simplifies
2038 checks for some downstream consumers. We shift the original
cert/key into a new pkcs12/ca directory so that we don't need to
regenerate all the PKCS12 vectors (which don't care about expiry anyway)
 2023-12-05 09:21:37 -05:00
Alex Gaynor
f1817f8077
Slightly alter AEAD benchmark code to solve problem AES-GCM-SIV hit (#9948) 2023-12-01 18:42:42 -06:00
Facundo Tuesca
6359dc0e04
Add test vectors for AES-GCM-SIV (#9930) 2023-12-01 10:46:29 -06:00
Alex Gaynor
420ad4e245
Fix some warnings from ruff --preview (#9842) 2023-11-09 17:37:56 -06:00
Alex Gaynor
1cb847a597
Updates to dev docs (#9780) 
- Stop talking about black
- Use type annotations in examples
 2023-10-26 00:49:20 +00:00
Alex Gaynor
a8dd927f04
Fix ruff on main (#9443) 2023-08-17 14:11:09 +00:00
Facundo Tuesca
b660044dce
Add test vectors for ChaCha20 counter overflow (#9221) 
* Adapt ChaCha20 test vectors to 64-bit counter

* Add ChaCha20 test vectors for counter overflow

These vectors test the behavior during counter overflow. Since
different implementations use different counter sizes (e.g. OpenSSL
uses a 64-bit counter, whereas BoringSSL uses a 32-bit counter),
it's important to ensure that the behavior during counter overflow
is consistent between implementations.

These vectors take into account both 32-bit and 64-bit overflows.
 2023-08-17 08:54:35 -05:00
William Woodruff
41d89f1ae6
noxfile, docs: fix posargs handling (#9354) 
* noxfile, docs: fix posargs handling

Signed-off-by: William Woodruff <william@trailofbits.com>

* Update docs/development/getting-started.rst

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Signed-off-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2023-08-04 16:48:15 +00:00
Jean Paul Galea
caeafe6c4a
docs: fix broken link to https://ed25519.cr.yp.to/software.html (#9338) 2023-08-02 19:02:56 +12:00
Paul Kehrer
1b4bbea008
tolerate (with warning) invalid DSA params encoding in X.509 (#9271) 
fixes #9253
 2023-07-20 17:10:15 -04:00
Alex Gaynor
e949b2e15c
Prepare for new ruff release (#9227) 2023-07-12 19:40:26 -07:00
jeanluc
1ca7adc97b
Fix encoding of SSH certs with critical options (#9208) 
* Add tests for issue #9207

* Fix encoding of SSH certs with critical options

* Test unexpected additional values for crit opts/exts
 2023-07-10 11:50:49 -05:00
Paul Kehrer
1355c2e460
tolerate NULL params in ECDSA SHA2 AlgorithmIdentifier (#9002) 
* tolerate NULL params in ECDSA SHA2 AlgorithmIdentifier

Java 11 does this incorrectly. It was fixed in Java16+ and they are
planning to do a backport, but we'll need to tolerate this invalid
encoding for a while.

* test both inner and outer
 2023-05-31 23:21:28 -04:00
Paul Kehrer
93c96b777a
allow null params in AlgorithmIdentifiers with SHA hash function OIDs (#8974) 
RFC 4055 section 2.1 states "All implementations MUST accept both
NULL and absent parameters as legal and equivalent encodings".

It also makes some somewhat conflicting statements after that, but
LibreSSL omits the null params for PSS, and OpenSSL parses this
without issue so tolerance it is.
 2023-05-27 10:07:20 -04:00
Alex Gaynor
5b7dd82561
Fix gitlab URLs for linkcheck (#8938) 2023-05-17 00:39:18 +00:00
Paul Kehrer
cfee3c85a7
add RSA PSS SHA1 hash algorithm + SHA1 MGF1 test vector (#8906) 2023-05-11 00:29:39 +00:00
Paul Kehrer
0f2b72bb12
invalid visible string support (#8884) 
* invalid visible string support

this allows utf8 in visiblestring, which is not valid DER. we raise a
warning when this happens, but allow it since belgian eIDs, among
others, have encoding errors. Belgium fixed this by 2021 (and possibly
earlier), but their eID certificates have 10 year validity.

* review comments

* clippy
 2023-05-07 16:01:33 +00:00
Paul Kehrer
9425d2376b
add one more RSA PSS invalid test vector (#8798) 2023-04-23 20:22:50 +00:00
Paul Kehrer
5f3871e4df
add two RSA PSS certificate vectors that have invalid encodings (#8797) 
* add two RSA PSS certificate vectors that have invalid encodings

The signatures on these vectors are not valid.

* spelling
 2023-04-23 19:51:35 +00:00
Paul Kehrer
45bddbfb19
add support for aes256-gcm@openssh.com decryption for SSH keys (#8738) 
* add support for aes256-gcm@openssh.com decryption for SSH keys

* review feedback

* skip when bcrypt isn't present
 2023-04-15 04:05:11 +00:00
Paul Kehrer
f724c9b2fd
Support msCertificateTemplate extension (#8695) 
* support ms certificate template

* contortions for rust coverage

* review feedback
 2023-04-10 03:10:41 +00:00
Paul Kehrer
5fef27733c
update docs for macOS dev with rust openssl (#8653) 2023-04-02 09:01:31 -04:00
Alex Gaynor
1e49cb9c13
Switch from tox to nox (#8651) 2023-04-02 16:28:22 +09:00
Alex Gaynor
89228a9deb
Added support for OCSP AcceptableResponses extension (#8617) 
fixes #8589
 2023-03-27 00:51:04 +00:00
Alex Gaynor
d05a8ac6cd
Update to the new wycheproof (#8403) 2023-02-28 05:07:54 +00:00
Paul Kehrer
957524e02e
add CRL vector with an inner/outer signature OID mismatch (#8163) 2023-01-29 22:00:59 +00:00
Alex Gaynor
5d3db676cf
Use the ruff 'pyupgrade' checks (#8104) 2023-01-20 05:36:01 +08:00
Alex Gaynor
796ebf6702
fixes #8035 -- added a test for loading a cert with another PEM block containing headers (#8045) 2023-01-12 04:07:33 +00:00