Merge pull request #1331 from michael-hart/public_key_pem

Add support for .PEM public keys, with tests and docs

3 files changed, 75 insertions, 1 deletions

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 655acc44..45c12b34 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -217,6 +217,9 @@ class DummyPEMSerializationBackend(object):
     def load_pem_private_key(self, data, password):
         pass
 
+    def load_pem_public_key(self, data):
+        pass
+
 
 class TestMultiBackend(object):
     def test_ciphers(self):
@@ -532,7 +535,10 @@ class TestMultiBackend(object):
         backend = MultiBackend([DummyPEMSerializationBackend()])
 
         backend.load_pem_private_key(b"keydata", None)
+        backend.load_pem_public_key(b"keydata")
 
         backend = MultiBackend([])
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
             backend.load_pem_private_key(b"keydata", None)
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
+            backend.load_pem_public_key(b"keydata")
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index cf70f109..d4c5e2e7 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -473,6 +473,8 @@ class TestOpenSSLSerialisationWithOpenSSL(object):
         key = pretend.stub(type="unsupported")
         with raises_unsupported_algorithm(None):
             backend._evp_pkey_to_private_key(key)
+        with raises_unsupported_algorithm(None):
+            backend._evp_pkey_to_public_key(key)
 
     def test_very_long_pem_serialization_password(self):
         password = "x" * 1024
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index d369e8f4..8405f4b2 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -24,6 +24,7 @@ from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.serialization import (
     load_pem_pkcs8_private_key, load_pem_private_key,
+    load_pem_public_key,
     load_pem_traditional_openssl_private_key
 )
 
@@ -38,7 +39,7 @@ class TestPEMSerialization(object):
     def test_load_pem_rsa_private_key(self, backend):
         key = load_vectors_from_file(
             os.path.join(
-                "asymmetric", "Traditional_OpenSSL_Serialization", "key1.pem"),
+                "asymmetric", "PEM_Serialization", "rsa_private_key.pem"),
             lambda pemfile: load_pem_private_key(
                 pemfile.read().encode(), b"123456", backend
             )
@@ -49,6 +50,17 @@ class TestPEMSerialization(object):
         if isinstance(key, interfaces.RSAPrivateKeyWithNumbers):
             _check_rsa_private_numbers(key.private_numbers())
 
+    def test_load_dsa_private_key(self, backend):
+        key = load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "PEM_Serialization", "dsa_private_key.pem"),
+            lambda pemfile: load_pem_private_key(
+                pemfile.read().encode(), b"123456", backend
+            )
+        )
+        assert key
+        assert isinstance(key, interfaces.DSAPrivateKey)
+
     @pytest.mark.parametrize(
         ("key_file", "password"),
         [
@@ -70,6 +82,60 @@ class TestPEMSerialization(object):
         assert key
         assert isinstance(key, interfaces.EllipticCurvePrivateKey)
 
+    @pytest.mark.parametrize(
+        ("key_file"),
+        [
+            os.path.join("asymmetric", "PKCS8", "unenc-rsa-pkcs8.pub.pem"),
+            os.path.join(
+                "asymmetric", "PEM_Serialization", "rsa_public_key.pem"),
+        ]
+    )
+    def test_load_pem_rsa_public_key(self, key_file, backend):
+        key = load_vectors_from_file(
+            key_file,
+            lambda pemfile: load_pem_public_key(
+                pemfile.read().encode(), backend
+            )
+        )
+        assert key
+        assert isinstance(key, interfaces.RSAPublicKey)
+        if isinstance(key, interfaces.RSAPublicKeyWithNumbers):
+            numbers = key.public_numbers()
+            assert numbers.e == 65537
+
+    @pytest.mark.parametrize(
+        ("key_file"),
+        [
+            os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pub.pem"),
+            os.path.join(
+                "asymmetric", "PEM_Serialization",
+                "dsa_public_key.pem"),
+        ]
+    )
+    def test_load_pem_dsa_public_key(self, key_file, backend):
+        key = load_vectors_from_file(
+            key_file,
+            lambda pemfile: load_pem_public_key(
+                pemfile.read().encode(), backend
+            )
+        )
+        assert key
+        assert isinstance(key, interfaces.DSAPublicKey)
+
+    @pytest.mark.elliptic
+    def test_load_ec_public_key(self, backend):
+        _skip_curve_unsupported(backend, ec.SECP256R1())
+        key = load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "PEM_Serialization",
+                "ec_public_key.pem"),
+            lambda pemfile: load_pem_public_key(
+                pemfile.read().encode(), backend
+            )
+        )
+        assert key
+        assert isinstance(key, interfaces.EllipticCurvePublicKey)
+
 
 @pytest.mark.traditional_openssl_serialization
 class TestTraditionalOpenSSLSerialization(object):