1. 16 May, 2018 2 commits
  2. 11 Apr, 2018 2 commits
  3. 19 Mar, 2018 1 commit
  4. 30 Jan, 2018 1 commit
  5. 03 Jan, 2018 1 commit
  6. 14 Dec, 2017 3 commits
  7. 13 Dec, 2017 1 commit
  8. 05 Dec, 2017 2 commits
  9. 30 Nov, 2017 2 commits
  10. 14 Nov, 2017 2 commits
  11. 09 Oct, 2017 1 commit
  12. 22 Aug, 2017 1 commit
  13. 01 Aug, 2017 6 commits
  14. 24 Jul, 2017 3 commits
  15. 13 Jul, 2017 3 commits
  16. 29 Nov, 2016 2 commits
  17. 28 Nov, 2016 3 commits
  18. 08 Sep, 2016 1 commit
  19. 31 Aug, 2016 2 commits
    • Simo Sorce's avatar
      Add Timing tests for MMA · 19490b84
      Simo Sorce authored
      This test is not very reliable and takes a long time so it is provided but
      diasabled by default.
      It is only useful to verify if any regression regarding MMA occurs, so it can
      be just run occasionally.
      Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>
      19490b84
    • Simo Sorce's avatar
      CVE-2016-6298: Million Messages Attack mitigation · eb5be5bd
      Simo Sorce authored
      RFC 3218 describes an oracle attack called Million Messages Attack
      against RSA with PKCS1 v1.5 padding.
      
      Depending on how JWEs are used a server may become an Oracle, and the
      mitigation presecribed in RFC 3218 2.3.2 need to be implemented.
      
      Many thanks to Dennis Detering for his responsible disclosure and help
      verifying the mitigation approach.
      
      Resolves #65
      Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>
      Closes #66
      eb5be5bd
  20. 26 Aug, 2016 1 commit
    • Simo Sorce's avatar
      Add helpers to test and export specific key forms · 9282e1e9
      Simo Sorce authored
      New test properties are:
      - is_symmetric
          True if key is symmetric (kty=oct) otherwise False
      - has_private
          True if the key is not symmetric and the key has values
          marked 'Private' according to the JWKValuesRegistry
      - has_public
          True if the key is not symmetric and the key has values
          marked 'Public' according to the JWKValuesRegistry
      
      New export helpers are:
      - export_private()
          Succeeds only if the key 'has_private'
      
      - export_symmetric()
          Succeeds only if the key 'is_symmetric'
      
      Un-deprecates export_public() but adds checks to make it fail if
      'has_public' returns False
      
      Adds tests.
      Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>
      Closes #45
      9282e1e9