https://git.schokokeks.org/derivepassphrase.git/tree/6a7423c92f8bda8e46e632f282bce18d4be673d7 Recent commits feed provided by GitList. Reformat the "vault" tests. This includes retiring the `Vault` type alias and using the proper Google-style `vault.Vault` instead, because the API documentation does not correctly resolve this type alias otherwise. https://git.schokokeks.org/derivepassphrase.git/commit/6a7423c92f8bda8e46e632f282bce18d4be673d7 software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 19:46:57 +0100 6a7423c92f8bda8e46e632f282bce18d4be673d7 https://git.schokokeks.org/derivepassphrase.git/commit/431cc9945c8a8fc58a2042ceeb20f253028b383c software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 19:39:03 +0100 431cc9945c8a8fc58a2042ceeb20f253028b383c The "vault" derivation scheme internally uses PBKDF2-HMAC-SHA1 to generate a pool of random bits from which the derived passphrase is constructed. Here, the master passphrase is passed directly to HMAC-SHA1 as the key; see [RFC 2898][]. By construction, HMAC-SHA1 requires keys to be exactly 64 bytes long (the internal block size of SHA1), so keys larger or smaller than 64 bytes are mapped to equivalent 64-byte keys. This keyspace reduction means that master passphrases under vault are not unique, and since the mapping is simple enough, "master passphrase collisions" have actually been observed during hypothesis testing. Therefore, we implement a new interface to query whether two master passphrases are interchangable under vault. We also test expected interchangability and non-interchangability of master passphrases explicitly with hypothesis-based tests, both for mixed passphrase categories (larger than, smaller than, or exactly 64 bytes) and for each category separately. [RFC 2898]: https://datatracker.ietf.org/doc/html/rfc2898 "See Section 5.2 and Appendix B.1.1." https://git.schokokeks.org/derivepassphrase.git/commit/470f33abffac488a3c54aeda7c0ca2761404e51e software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 15:36:38 +0100 470f33abffac488a3c54aeda7c0ca2761404e51e As part of a larger quality assurance effort, explicitly test that derived passphrases depend on the service name. The obvious counterpart, that derived passphrases depend on the master passphrase, it not quite so straightforward, and will be tackled in a later commit. https://git.schokokeks.org/derivepassphrase.git/commit/171674c46f598ae2509663d92029d4cb4a1cf51e software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 15:23:35 +0100 171674c46f598ae2509663d92029d4cb4a1cf51e Check that equivalent service name strings, byte strings and byte arrays all derive the same passphrases. https://git.schokokeks.org/derivepassphrase.git/commit/b0038660e3efed0577ad5c08523d69a70a13bfeb software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 00:35:36 +0100 b0038660e3efed0577ad5c08523d69a70a13bfeb One hypothesis-enabled test function of the "vault" module tests that the constructor accepts a given set of settings. While the generator attempts to yield only satisfiable settings, there are certain settings that cannot derive a passphrase for one service name, but can derive one for other names. In these cases, the specific generated characters and occurrence limitations together disallow all otherwise eligible candidates for the next character. Tests with such configurations should actually be skipped, but hypothesis-based tests need different skip handling than normal pytest-based tests. Previously we would "fake" skipping by silently returning early, which suggests that the test actually *passed*. Now, we use `hypothesis.assume` to signal to hypothesis to generate a different datum instead. https://git.schokokeks.org/derivepassphrase.git/commit/3450dc6b4e2ca1c160fb5341e24ba49f6a3de18c software@the13thletter.info (Marco Ricci) Sun, 26 Jan 2025 23:42:36 +0100 3450dc6b4e2ca1c160fb5341e24ba49f6a3de18c Use `hypothesis.example(...).via(...)` instead of source code comments. https://git.schokokeks.org/derivepassphrase.git/commit/fe0c9ed2905b4cecf92062921c3035b0a29ddf29 software@the13thletter.info (Marco Ricci) Sun, 26 Jan 2025 23:40:15 +0100 fe0c9ed2905b4cecf92062921c3035b0a29ddf29 Just like in 9db6c6591de054433ae98d59f7930364e7d03286 for the `ssh_agent` tests, arrange the `vault` hypothesis tests so that they lie next to the respective non-hypothesis test, if any. Also rename and/or renumber them as necessary. https://git.schokokeks.org/derivepassphrase.git/commit/e3b9a55dcbd793977d8e3373bd24892f04199b2c software@the13thletter.info (Marco Ricci) Sun, 26 Jan 2025 20:10:35 +0100 e3b9a55dcbd793977d8e3373bd24892f04199b2c Arrange the hypothesis tests so that they lie next to the respective non-hypothesis test, if any, instead of bundling them all in the same testing class. By doing this, related tests are closer to each other, if possible. Use the hypothesis mark instead of the testing class if filtering is required. Additionally, since the helper functions `as_ssh_string`, `canonicalize1` and `canonicalize2` now are visible in and assigned to a broader context, give them proper docstrings. https://git.schokokeks.org/derivepassphrase.git/commit/1291fcbc59d4a4ea9e8c60fb5502f51854b09861 software@the13thletter.info (Marco Ricci) Sun, 26 Jan 2025 16:34:47 +0100 1291fcbc59d4a4ea9e8c60fb5502f51854b09861 Add more hypothesis tests for SSH string encoding and decoding, based on David R. MacIver's articles. Also document the explicit examples in the proper way. https://git.schokokeks.org/derivepassphrase.git/commit/7c5ca4b3edb7babde9c8dd1a5e6eebd5cbe52638 software@the13thletter.info (Marco Ricci) Sun, 26 Jan 2025 16:21:45 +0100 7c5ca4b3edb7babde9c8dd1a5e6eebd5cbe52638