Loading
Commits on Source 64
-
Christian Heimes authored
setup.cfg adds a flag for universal builds and two aliases to build and upload packages. A PyPY release becomes as simple as python setup.py release Signed-off-by:Christian Heimes <cheimes@redhat.com> Reviewed-by:
Simo Sorce <simo@redhat.com> Closes #52
-
Simo Sorce authored
Resolves #53 Signed-off-by:
Hanno Schlichting <hanno@hannosch.eu> Closes #54
-
Simo Sorce authored
Where it makes sense, allow to pass in a dictionary for the various headers and auto-encode them as needed. Resolves #53 Signed-off-by:
-
Simo Sorce authored
Resolves #53 Signed-off-by:
-
Simo Sorce authored
Create a new jwa module that hosts the actual JWA crypto defined in RFC 7518: JSON Web Algorithms (JWA) Also slightly changes the "none" algorithm to always raise an InvalidSignature error on verify(), as the None signature can never be verified after all. Signed-off-by:
-
Simo Sorce authored
This keeps all JWA defined algorithms in the same module and make all algorithms use a common way of instantiating and handling crypto Signed-off-by:
-
Simo Sorce authored
If an 'alg' argument is apssed in at key generation, then it can be used to determine the key size appropriate for the desired algorithm. An explicit 'size' argument always takes precendence. An 'alg' parameter is accpeted for 'oct' and 'RSA' keys only. Resolves #50 Signed-off-by:
-
Simo Sorce authored
Always use bits to mesure key material sizes through the code. Resolves #49 Signed-off-by:
-
Simo Sorce authored
Streamline some of the code by using better python conventions/style/syntax/constricts Resolves #61 Resolves #62 Resolves #63 Signed-off-by:
-
Simo Sorce authored
Keys can be load from PEM files, and Public Keys even from PEM files that have X509 certificates in it. Keys can be exported (either Private or Public) to PEM files. Signed-off-by: -
Simo Sorce authored
New test properties are: - is_symmetric True if key is symmetric (kty=oct) otherwise False - has_private True if the key is not symmetric and the key has values marked 'Private' according to the JWKValuesRegistry - has_public True if the key is not symmetric and the key has values marked 'Public' according to the JWKValuesRegistry New export helpers are: - export_private() Succeeds only if the key 'has_private' - export_symmetric() Succeeds only if the key 'is_symmetric' Un-deprecates export_public() but adds checks to make it fail if 'has_public' returns False Adds tests. Signed-off-by: -
Simo Sorce authored
RFC 3218 describes an oracle attack called Million Messages Attack against RSA with PKCS1 v1.5 padding. Depending on how JWEs are used a server may become an Oracle, and the mitigation presecribed in RFC 3218 2.3.2 need to be implemented. Many thanks to Dennis Detering for his responsible disclosure and help verifying the mitigation approach. Resolves #65 Signed-off-by: -
Simo Sorce authored
This test is not very reliable and takes a long time so it is provided but diasabled by default. It is only useful to verify if any regression regarding MMA occurs, so it can be just run occasionally. Signed-off-by: -
Christian Heimes authored
ECDH-ES is an actual JWA algorithm and not a base class. Therefore it must be a subclass of JWAAlgorithm. New tests will catch these errors in the future. Signed-off-by:
-
Simo Sorce authored
Signed-off-by: -
Ash Berlin authored
This is so that you can add just jwcrypto to the requirements of a downstream project and have it install everything needed -- previously you would also have to add cryptography yourself. Since this was the only thing in requirements.txt I have removed the file Reviewed-by: -
Carlos Jenkins authored
Reviewed-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Simo Sorce authored
Signed-off-by: -
Yann Cézard authored
-
James Gardiner authored
-
Simo Sorce authored
Use sign() and verify() directly instead. Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
In Python 3, '' != b''. With bytes warning enabled, comparison of bytes and str raise an exception, too. Signed-off-by: -
Christian Heimes authored
json_decode() returns str instances for str values anyway. In case the JSON payload contains invalid types, base64 codec will fail with an appropriate error message. 'some.string'.split('.') returns a list of str. Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Michael Boulton authored
-
Michael Boulton authored
If the claim passed was not one of sub, aud, iat, etc. then passing a string as a value to check_claims would raise an error if it was not an integer Add a working test as well
-
Simo Sorce authored
Fixes #93 Signed-off-by: -
Simo Sorce authored
-
Michael Boulton authored
-
Simo Sorce authored
-
Simo Sorce authored
Signed-off-by: -
Simo Sorce authored
This makes it simpler to get a JWK that contains excluively a pulic key from an existing JWK. It fails if no public key is available in the source JWK. Only known public elements are returned. "Unknown" attributes are not copied over. Signed-off-by: -
Simo Sorce authored
Fixes #92 Signed-off-by: -
Simo Sorce authored
Change one test to also test using strings instead of dicts as headers. This is supported in the code but was not tested. Signed-off-by: -
Simo Sorce authored
Modify test to check the header is emitted correctly Signed-off-by: -
Simo Sorce authored
Signed-off-by: -
Simo Sorce authored
Signed-off-by: -
Michael Boulton authored
-
Eamonn Nugent authored
There was a typo in the "_EcdhEsAes256Kw" class. I have changed "A128KW" in the description for the class to become "A256KW" in accordance with the algorithm.
-
Simo Sorce authored
Signed-off-by: -
Simo Sorce authored
Signed-off-by: -
Simo Sorce authored
JWK.from_json(<json_string>) will import a previously exported key. Signed-off-by: -
Simo Sorce authored
It has no value to return the 'keys' attribute itself, instead we now we return the inner 'keys' object iterator when the JWKSet is iterated over. This way iterating over the JWKSet object returns its JWK objects. Signed-off-by: -
Simo Sorce authored
Fixes #120 Signed-off-by: -
Simo Sorce authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
Christian Heimes authored
Signed-off-by: -
mbaldwin authored
-
Li lin authored
-
Simo Sorce authored
Stop using our own, pyca has has AES Key wrap support for long enough now. Resolves #137 Signed-off-by: -
Simo Sorce authored
When using ECDH-ES+A[128|192|256]WK key agreement and A128CBC-HS256 encryption the Content Encrypition Key (CEK) has a bigger size than the Key Encryption Key (KEK). Thess tests makes sure we properly handle this case. Signed-off-by: -
Simo Sorce authored
The code was incorrectly assigning key size for derivation and wrapping when they differ in size. Fixes #136 Signed-off-by: -
Simo Sorce authored
Together with non encoded payloads this commit also adds sull support for dealing with detached payloads on deserlization and serialization. The payload must still be provided for any computation, but can be removed before serialization and add after deserialization of a JWS with detached payload. Signed-off-by: -
Jonathan Huot authored
-
Jonathan Huot authored
import_keyset no longer returns self.
-
Christian Heimes authored
Signed-off-by: