diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 63e72af9a..0942cba48 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,17 @@ Changelog ********* +1.3.8 -- 2018-xx-xx +=================== + +Minor +----- + +* Add support to remove clients from :ref:`KMSMasterKeyProvider` client cache if they fail to connect to endpoint. + `#86 `_ +* Add support for SHA384 and SHA512 for use with RSA OAEP wrapping algorithms. + `#56 `_ + 1.3.7 -- 2018-09-20 =================== diff --git a/src/aws_encryption_sdk/identifiers.py b/src/aws_encryption_sdk/identifiers.py index dbca67cb0..2095c0689 100644 --- a/src/aws_encryption_sdk/identifiers.py +++ b/src/aws_encryption_sdk/identifiers.py @@ -271,6 +271,8 @@ class WrappingAlgorithm(Enum): RSA_PKCS1 = (EncryptionType.ASYMMETRIC, rsa, padding.PKCS1v15, None, None) RSA_OAEP_SHA1_MGF1 = (EncryptionType.ASYMMETRIC, rsa, padding.OAEP, hashes.SHA1, padding.MGF1) RSA_OAEP_SHA256_MGF1 = (EncryptionType.ASYMMETRIC, rsa, padding.OAEP, hashes.SHA256, padding.MGF1) + RSA_OAEP_SHA384_MGF1 = (EncryptionType.ASYMMETRIC, rsa, padding.OAEP, hashes.SHA384, padding.MGF1) + RSA_OAEP_SHA512_MGF1 = (EncryptionType.ASYMMETRIC, rsa, padding.OAEP, hashes.SHA512, padding.MGF1) def __init__(self, encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf): """Prepares new WrappingAlgorithm.""" diff --git a/test/functional/test_f_aws_encryption_sdk_client.py b/test/functional/test_f_aws_encryption_sdk_client.py index a6e331a4f..c76f8d3f0 100644 --- a/test/functional/test_f_aws_encryption_sdk_client.py +++ b/test/functional/test_f_aws_encryption_sdk_client.py @@ -334,16 +334,19 @@ def test_encryption_cycle_raw_mkp(wrapping_algorithm, encryption_key_type, decry @pytest.mark.skipif( - not _mgf1_sha256_supported(), reason="MGF1-SHA256 not supported by this backend: OpenSSL required v1.0.2+" + not _mgf1_sha256_supported(), reason="MGF1-SHA2 not supported by this backend: OpenSSL required v1.0.2+" ) @pytest.mark.parametrize( - "wrapping_algorithm, encryption_key_type, decryption_key_type", + "wrapping_algorithm", ( - (WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, EncryptionKeyType.PRIVATE, EncryptionKeyType.PRIVATE), - (WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, EncryptionKeyType.PUBLIC, EncryptionKeyType.PRIVATE), + WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, + WrappingAlgorithm.RSA_OAEP_SHA384_MGF1, + WrappingAlgorithm.RSA_OAEP_SHA512_MGF1, ), ) -def test_encryption_cycle_raw_mkp_openssl_102_plus(wrapping_algorithm, encryption_key_type, decryption_key_type): +@pytest.mark.parametrize("encryption_key_type", (EncryptionKeyType.PUBLIC, EncryptionKeyType.PRIVATE)) +def test_encryption_cycle_raw_mkp_openssl_102_plus(wrapping_algorithm, encryption_key_type): + decryption_key_type = EncryptionKeyType.PRIVATE encrypting_key_provider = build_fake_raw_key_provider(wrapping_algorithm, encryption_key_type) decrypting_key_provider = build_fake_raw_key_provider(wrapping_algorithm, decryption_key_type) ciphertext, _ = aws_encryption_sdk.encrypt( diff --git a/test/functional/test_f_xcompat.py b/test/functional/test_f_xcompat.py index e4225f5fd..e87082503 100644 --- a/test/functional/test_f_xcompat.py +++ b/test/functional/test_f_xcompat.py @@ -57,6 +57,8 @@ def _file_root(): b"OAEP-MGF1": { b"SHA-1": WrappingAlgorithm.RSA_OAEP_SHA1_MGF1, b"SHA-256": WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, + b"SHA-384": WrappingAlgorithm.RSA_OAEP_SHA384_MGF1, + b"SHA-512": WrappingAlgorithm.RSA_OAEP_SHA512_MGF1, }, } ),