summaryrefslogtreecommitdiff
path: root/tests/hazmat/primitives/test_dh.py
Commit message (Collapse)AuthorAgeFilesLines
* Migrate DH to Rust (#8768)Alex Gaynor2023-04-241-1/+4
|
* support equality checks on all public asymmetric key types (#8700)Paul Kehrer2023-04-101-0/+22
| | | | | * support equality checks on all public asymmetric key types * review feedback
* Switch from flake8 to ruff (#7920)Alex Gaynor2022-12-211-1/+1
| | | It's more than 60x faster.
* Handle error generating DH params with very very large key size (#7666)Alex Gaynor2022-10-011-0/+4
| | | Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52024
* Remove explicit subclassing of object now that all classes are new-style (#6830)Alex Gaynor2022-01-301-4/+4
| | | As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
* Run tests/primitives/test_{dh,serialization}.py on BoringSSL (#6589)Alex Gaynor2021-11-121-0/+16
| | | Refs #6576
* FIPS 3.0.0 support (#6012)Paul Kehrer2021-08-291-0/+2
| | | | | | | | | | | | | | | | | | | | | * FIPS 3.0.0 support * comments * remove unneeded error clear * review comments * small refactor * black * flake8 too * review feedback * oops * fix
* [WIP] 3.0.0 support (#5250)Paul Kehrer2021-04-221-1/+23
| | | | | | | * 3.0.0 support * almost...there... * make mypy happy
* switch to using EVP_PKEY_derive instead of DH_compute_key in DH (#5972)Paul Kehrer2021-04-141-9/+10
| | | | | | | | | | | | | * switch to using EVP_PKEY_derive instead of DH_compute_key in DH Where checks are occurring is changing in OpenSSL 3.0 and this makes it easier to be consistent (and is the API we should be using anyway). The tests change because EVP_PKEY_derive now verifies that we have shared parameters, which the test previously only verified by asserting that the derived keys didn't match * review feedback * type ignores required for typeerror tests. some day i will remember this
* more typing (#5887)Paul Kehrer2021-03-021-8/+13
| | | | | | | | | | | * backend typing for twofactor package and more otp work * even more typing * style fixes * no generic typing for _get_backend * remove unneeded typing
* Remove requires_backend_interface from tests because it was useless (#5884)Alex Gaynor2021-03-011-15/+0
|
* DH types (#5725)Paul Kehrer2021-01-311-6/+6
|
* enable mypy over tests (#5721)Paul Kehrer2021-01-311-1/+3
| | | | | | | | | * clean mypy with tests dir * remove most no_type_check annotations * le sigh * remove unneeded comments
* make PrivateKeyWithSerialization an alias of PrivateKey (#5722)Paul Kehrer2021-01-311-10/+6
| | | | | * make PrivateKeyWithSerialization an alias of PrivateKey * black
* we already do this check in other places (#5624)Paul Kehrer2020-12-091-5/+1
| | | | | | | | | | | | * we already do this check in other places This test is *incredibly* expensive and we already do roundtrips like this on other DH groups. To make this test less expensive and also more accurate to its name we now verify that the parameters on the generated key match * empty commit the most important CI feature
* Remove utils.int_from_bytes (#5609)Alex Gaynor2020-12-091-6/+5
|
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-091-1/+0
|
* Fixed DH tests for latest CentOS FIPS OpenSSL (#5604)Alex Gaynor2020-12-081-0/+12
| | | * Fixed DH tests for latest CentOS FIPS OpenSSL (1.1.1g)
* disallow p less than 512-bit on DH (#5592)Paul Kehrer2020-11-291-26/+58
| | | | | | | | | | | | | | | | * disallow p less than 512-bit on DH OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere that's practical for us. (Note that we do not enforce on deserializing PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the 3.0.0 support branch we can test an error path) * missing test * black * _MIN_MODULUS_SIZE is now a thing * skip on fips
* new black, actually slightly different than the old black (#5429)Paul Kehrer2020-08-261-2/+4
|
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-201-225/+215
|
* test FIPS mode on centos8 (#5323)Paul Kehrer2020-07-201-0/+13
| | | | | | | | | | | | | | | * test FIPS mode on centos8 * remove branch we don't take * simpler * better comment * rename * revert some things that don't matter * small cleanups
* refactor DH a bit to generate less parameters (#5326)Paul Kehrer2020-07-191-25/+22
| | | speeds things up a bit and makes it easier to do the FIPS PR
* update our test to be more robust wrt some changes from upstream (#4993)Paul Kehrer2019-09-111-2/+9
|
* add support for encoding compressed points (#4638)Paul Kehrer2019-01-201-5/+18
| | | | | | * add support for encoding compressed points * review feedback
* support x448 public/private serialization both raw and pkcs8 (#4653)Paul Kehrer2019-01-131-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * support x448 public/private serialization both raw and pkcs8 * add tests for all other asym key types to prevent Raw * more tests * better tests * fix a test * funny story, I'm actually illiterate. * pep8 * require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw * missing docs * parametrize * docs fixes * remove dupe line * assert something
* Inline calls to bit_length now that it's trivial (#3966)Alex Gaynor2017-10-121-2/+2
| | | | | | | | * Inline calls to bit_length now that it's trivial * unused imports * An comment
* Remove DH generator size constraint (#3364)mtury2017-07-171-1/+1
| | | | | | * Remove DH generator size constraint * Check that g > 1
* allow p % 24 == 23 when generator == 2 in DH_check (#3768)Paul Kehrer2017-07-091-1/+25
| | | | | | | | | | * allow p % 24 == 23 when generator == 2 in DH_check * short url * update and expand comments * even better language!
* Dh parameters serialization (#3504)Aviv Palivoda2017-06-241-0/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH parameter serizalization - no X9.42 * Support X9.42 serialization - DER not working * Fix dhp_rfc5114_2.der Changing the DER parameters serialization after the fix in openssl commit a292c9f1b835 * DH parameters X9.42 DER serialization fixed * fix _skip_dhx_unsupported * document DH parameter_bytes * PEP8 fixes * Document load_pem_parameters * Document load_der_parameters * document ParameterFormat * Increase test coverage * Increase test covrage * Remove unneeded check * Fix typo * Fix error in load_der_parameters * Add load_pem_parameters and load_der_parameters to interfaces * CR fixes * Removed unverified phrase * Update version to 2.0 * Fix pep8 * Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter * link pkcs3 * Add new line at end of file to serialization.rst * Rename DHparameters to PKCS3 * doc CR fix
* Add DERSerializationBackend to test_dh serialization tests (#3717)Aviv Palivoda2017-06-241-1/+3
|
* Don't skip DH tests when dhx unsupported and no dhx is required (#3484)Aviv Palivoda2017-05-191-17/+35
| | | | | | * Don't skip DH tests when dhx unsupported and no dhx is required * Add is_dhx parameter
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-051-22/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* DH serialization (#3297)Aviv Palivoda2017-02-071-1/+244
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-261-12/+195
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* Fix dual license in test_dh.pyJim Shaver2015-05-241-12/+3
|
* DH numbersAlex Stapleton2015-02-261-0/+113
View Lorry Controller Status