https://git.schokokeks.org/derivepassphrase.git/tree/6a7423c92f8bda8e46e632f282bce18d4be673d7 2025-01-27T19:46:57+01:00 tag:gitlist.org,2012:commit/6a7423c92f8bda8e46e632f282bce18d4be673d7 2025-01-27T19:46:57+01:00 Marco Ricci software@the13thletter.info <pre>Reformat the "vault" tests. This includes retiring the `Vault` type alias and using the proper Google-style `vault.Vault` instead, because the API documentation does not correctly resolve this type alias otherwise. &lt;/pre&gt; tag:gitlist.org,2012:commit/431cc9945c8a8fc58a2042ceeb20f253028b383c 2025-01-27T19:39:03+01:00 Marco Ricci software@the13thletter.info <pre>&lt;/pre&gt; tag:gitlist.org,2012:commit/470f33abffac488a3c54aeda7c0ca2761404e51e 2025-01-27T15:36:38+01:00 Marco Ricci software@the13thletter.info <pre>The "vault" derivation scheme internally uses PBKDF2-HMAC-SHA1 to generate a pool of random bits from which the derived passphrase is constructed. Here, the master passphrase is passed directly to HMAC-SHA1 as the key; see [RFC 2898][]. By construction, HMAC-SHA1 requires keys to be exactly 64 bytes long (the internal block size of SHA1), so keys larger or smaller than 64 bytes are mapped to equivalent 64-byte keys. This keyspace reduction means that master passphrases under vault are not unique, and since the mapping is simple enough, "master passphrase collisions" have actually been observed during hypothesis testing. Therefore, we implement a new interface to query whether two master passphrases are interchangable under vault. We also test expected interchangability and non-interchangability of master passphrases explicitly with hypothesis-based tests, both for mixed passphrase categories (larger than, smaller than, or exactly 64 bytes) and for each category separately. [RFC 2898]: https://datatracker.ietf.org/doc/html/rfc2898 "See Section 5.2 and Appendix B.1.1." &lt;/pre&gt; tag:gitlist.org,2012:commit/171674c46f598ae2509663d92029d4cb4a1cf51e 2025-01-27T15:23:35+01:00 Marco Ricci software@the13thletter.info <pre>As part of a larger quality assurance effort, explicitly test that derived passphrases depend on the service name. The obvious counterpart, that derived passphrases depend on the master passphrase, it not quite so straightforward, and will be tackled in a later commit. &lt;/pre&gt; tag:gitlist.org,2012:commit/b0038660e3efed0577ad5c08523d69a70a13bfeb 2025-01-27T00:35:36+01:00 Marco Ricci software@the13thletter.info <pre>Check that equivalent service name strings, byte strings and byte arrays all derive the same passphrases. &lt;/pre&gt; tag:gitlist.org,2012:commit/3450dc6b4e2ca1c160fb5341e24ba49f6a3de18c 2025-01-26T23:42:36+01:00 Marco Ricci software@the13thletter.info <pre>One hypothesis-enabled test function of the "vault" module tests that the constructor accepts a given set of settings. While the generator attempts to yield only satisfiable settings, there are certain settings that cannot derive a passphrase for one service name, but can derive one for other names. In these cases, the specific generated characters and occurrence limitations together disallow all otherwise eligible candidates for the next character. Tests with such configurations should actually be skipped, but hypothesis-based tests need different skip handling than normal pytest-based tests. Previously we would "fake" skipping by silently returning early, which suggests that the test actually *passed*. Now, we use `hypothesis.assume` to signal to hypothesis to generate a different datum instead. &lt;/pre&gt; tag:gitlist.org,2012:commit/fe0c9ed2905b4cecf92062921c3035b0a29ddf29 2025-01-26T23:40:15+01:00 Marco Ricci software@the13thletter.info <pre>Use `hypothesis.example(...).via(...)` instead of source code comments. &lt;/pre&gt; tag:gitlist.org,2012:commit/e3b9a55dcbd793977d8e3373bd24892f04199b2c 2025-01-26T20:10:35+01:00 Marco Ricci software@the13thletter.info <pre>Just like in 9db6c6591de054433ae98d59f7930364e7d03286 for the `ssh_agent` tests, arrange the `vault` hypothesis tests so that they lie next to the respective non-hypothesis test, if any. Also rename and/or renumber them as necessary. &lt;/pre&gt; tag:gitlist.org,2012:commit/1291fcbc59d4a4ea9e8c60fb5502f51854b09861 2025-01-26T16:34:47+01:00 Marco Ricci software@the13thletter.info <pre>Arrange the hypothesis tests so that they lie next to the respective non-hypothesis test, if any, instead of bundling them all in the same testing class. By doing this, related tests are closer to each other, if possible. Use the hypothesis mark instead of the testing class if filtering is required. Additionally, since the helper functions `as_ssh_string`, `canonicalize1` and `canonicalize2` now are visible in and assigned to a broader context, give them proper docstrings. &lt;/pre&gt; tag:gitlist.org,2012:commit/7c5ca4b3edb7babde9c8dd1a5e6eebd5cbe52638 2025-01-26T16:21:45+01:00 Marco Ricci software@the13thletter.info <pre>Add more hypothesis tests for SSH string encoding and decoding, based on David R. MacIver's articles. Also document the explicit examples in the proper way. &lt;/pre&gt;