Beispiel #1
0
 def test_aes_ctr_always_available(self):
     # AES CTR should always be available in both 0.9.8 and 1.0.0+
     assert backend.cipher_supported(AES(b"\x00" * 16), CTR(
         b"\x00" * 16)) is True
Beispiel #2
0
 def test_aes_ctr_always_available(self):
     # AES CTR should always be available, even in 1.0.0.
     assert backend.cipher_supported(AES(b"\x00" * 16),
                                     CTR(b"\x00" * 16)) is True
Beispiel #3
0
 def test_supports_cipher(self):
     assert backend.cipher_supported(None, None) is False
Beispiel #4
0
 def test_supports_cipher(self):
     assert backend.cipher_supported(None, None) is False
Beispiel #5
0
 def test_aes_ctr_always_available(self):
     # AES CTR should always be available, even in 1.0.0.
     assert backend.cipher_supported(AES(b"\x00" * 16), CTR(
         b"\x00" * 16)) is True
 def test_aes_ctr_always_available(self):
     # AES CTR should always be available in both 0.9.8 and 1.0.0+
     assert backend.cipher_supported(AES(b"\x00" * 16),
                                     CTR(b"\x00" * 16)) is True
Beispiel #7
0
SUBID_RANGE_START = 2**31
# theoretical max limit is UINT32_MAX-1 ((2 ** 32) - 2)
# We use a smaller value to keep the topmost subid interval unused.
SUBID_RANGE_MAX = (2**32) - (2 * SUBID_COUNT)
SUBID_RANGE_SIZE = SUBID_RANGE_MAX - SUBID_RANGE_START
# threshold before DNA plugin requests a new range
SUBID_DNA_THRESHOLD = 500

# moved from ipaserver/install/krainstance.py::KRAInstance to avoid duplication
# as per https://pagure.io/freeipa/issue/8795
KRA_TRACKING_REQS = {
    'auditSigningCert cert-pki-kra': 'caAuditSigningCert',
    'transportCert cert-pki-kra': 'caTransportCert',
    'storageCert cert-pki-kra': 'caStorageCert',
}

ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits + '-'

# vault data wrapping algorithms
VAULT_WRAPPING_3DES = 'des-ede3-cbc'
VAULT_WRAPPING_AES128_CBC = 'aes-128-cbc'
VAULT_WRAPPING_SUPPORTED_ALGOS = (
    # new default and supported since pki-kra >= 10.4
    VAULT_WRAPPING_AES128_CBC, )
VAULT_WRAPPING_DEFAULT_ALGO = VAULT_WRAPPING_AES128_CBC

# Add 3DES for backwards compatibility if supported
if backend.cipher_supported(algorithms.TripleDES(b"\x00" * 8),
                            modes.CBC(b"\x00" * 8)):
    VAULT_WRAPPING_SUPPORTED_ALGOS += (VAULT_WRAPPING_3DES, )
Beispiel #8
0
 def test_supports_cipher(self):
     assert (backend.cipher_supported(DummyCipherAlgorithm(), DummyMode())
             is False)