enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)

* enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-02-09 05:55:34 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-02-08 16:55:34 -0500
commit: 7a13085afce1415c0524a5dc5b94c98e3d6d7b7d (patch)
tree: b13d9298a91fa673e54d18315351d431a78c86dd /tests/hazmat/primitives/test_serialization.py
parent: 0e6a129724b707ebf79149376251e85fad550414 (diff)
download: cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.gz
cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.bz2
cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.zip
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 1ba8a3b6..dad056c6 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -78,6 +78,26 @@ class TestDERSerialization(object):
         _check_dsa_private_numbers(key.private_numbers())
 
     @pytest.mark.parametrize(
+        "key_path",
+        [
+            ["DER_Serialization", "enc-rsa-pkcs8.der"],
+        ]
+    )
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    def test_password_not_bytes(self, key_path, backend):
+        key_file = os.path.join("asymmetric", *key_path)
+        password = u"this password is not bytes"
+
+        with pytest.raises(TypeError):
+            load_vectors_from_file(
+                key_file,
+                lambda derfile: load_der_private_key(
+                    derfile.read(), password, backend
+                ),
+                mode="rb"
+            )
+
+    @pytest.mark.parametrize(
         ("key_path", "password"),
         [
             (["DER_Serialization", "ec_private_key.der"], None),
@@ -499,6 +519,25 @@ class TestPEMSerialization(object):
             ["PKCS8", "enc-rsa-pkcs8.pem"]
         ]
     )
+    def test_password_not_bytes(self, key_path, backend):
+        key_file = os.path.join("asymmetric", *key_path)
+        password = u"this password is not bytes"
+
+        with pytest.raises(TypeError):
+            load_vectors_from_file(
+                key_file,
+                lambda pemfile: load_pem_private_key(
+                    pemfile.read().encode(), password, backend
+                )
+            )
+
+    @pytest.mark.parametrize(
+        "key_path",
+        [
+            ["Traditional_OpenSSL_Serialization", "testrsa-encrypted.pem"],
+            ["PKCS8", "enc-rsa-pkcs8.pem"]
+        ]
+    )
     def test_wrong_password(self, key_path, backend):
         key_file = os.path.join("asymmetric", *key_path)
         password = b"this password is wrong"
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-02-09 05:55:34 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-02-08 16:55:34 -0500
commit	7a13085afce1415c0524a5dc5b94c98e3d6d7b7d (patch)
tree	b13d9298a91fa673e54d18315351d431a78c86dd /tests/hazmat/primitives/test_serialization.py
parent	0e6a129724b707ebf79149376251e85fad550414 (diff)
download	cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.gz cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.bz2 cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.zip