aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2015-03-02 13:23:15 -0500
committerAlex Gaynor <alex.gaynor@gmail.com>2015-03-02 13:23:15 -0500
commit7385d5d5eeb52b4559fc106c1dd4137976a64da9 (patch)
tree4e95746eca615662fbe9ac4d838295950c1de74d /tests/hazmat
parent741175ef2bf965c9439dc4525df7e48c8a4ff72c (diff)
parent59e5c86e7edfff79f8342c3cc6d7d7bf7ffbe19c (diff)
downloadcryptography-7385d5d5eeb52b4559fc106c1dd4137976a64da9.tar.gz
cryptography-7385d5d5eeb52b4559fc106c1dd4137976a64da9.tar.bz2
cryptography-7385d5d5eeb52b4559fc106c1dd4137976a64da9.zip
Merge pull request #1709 from reaperhulk/serialize-ec-private-key
Serialize EC private keys
Diffstat (limited to 'tests/hazmat')
-rw-r--r--tests/hazmat/primitives/test_ec.py174
1 files changed, 172 insertions, 2 deletions
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index ea621ad6..77ee38b4 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -10,8 +10,10 @@ import os
import pytest
from cryptography import exceptions, utils
-from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
-from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends.interfaces import (
+ EllipticCurveBackend, PEMSerializationBackend
+)
+from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import (
encode_rfc6979_signature
@@ -31,6 +33,13 @@ _HASH_TYPES = {
}
+def _skip_if_no_serialization(key, backend):
+ if not isinstance(key, ec.EllipticCurvePrivateKeyWithSerialization):
+ pytest.skip(
+ "{0} does not support EC key serialization".format(backend)
+ )
+
+
def _skip_ecdsa_vector(backend, curve_type, hash_type):
if not backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hash_type()),
@@ -63,12 +72,22 @@ class DummySignatureAlgorithm(object):
algorithm = None
+@utils.register_interface(serialization.KeySerializationEncryption)
+class DummyKeyEncryption(object):
+ pass
+
+
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
def test_skip_curve_unsupported(backend):
with pytest.raises(pytest.skip.Exception):
_skip_curve_unsupported(backend, DummyCurve())
+def test_skip_no_serialization():
+ with pytest.raises(pytest.skip.Exception):
+ _skip_if_no_serialization("fakebackend", "fakekey")
+
+
def test_ec_numbers():
numbers = ec.EllipticCurvePrivateNumbers(
1,
@@ -378,3 +397,154 @@ class TestECNumbersEquality(object):
1, ec.EllipticCurvePublicNumbers(1, 2, ec.SECP521R1())
)
assert priv != object()
+
+
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+@pytest.mark.requires_backend_interface(interface=PEMSerializationBackend)
+class TestECSerialization(object):
+ @pytest.mark.parametrize(
+ ("fmt", "password"),
+ itertools.product(
+ [
+ serialization.PrivateFormat.TraditionalOpenSSL,
+ serialization.PrivateFormat.PKCS8
+ ],
+ [
+ b"s",
+ b"longerpassword",
+ b"!*$&(@#$*&($T@%_somesymbols",
+ b"\x01" * 1000,
+ ]
+ )
+ )
+ def test_private_bytes_encrypted_pem(self, backend, fmt, password):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key_bytes = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: pemfile.read().encode()
+ )
+ key = serialization.load_pem_private_key(key_bytes, None, backend)
+ _skip_if_no_serialization(key, backend)
+ serialized = key.private_bytes(
+ serialization.Encoding.PEM,
+ fmt,
+ serialization.BestAvailableEncryption(password)
+ )
+ loaded_key = serialization.load_pem_private_key(
+ serialized, password, backend
+ )
+ loaded_priv_num = loaded_key.private_numbers()
+ priv_num = key.private_numbers()
+ assert loaded_priv_num == priv_num
+
+ @pytest.mark.parametrize(
+ "fmt",
+ [
+ serialization.PrivateFormat.TraditionalOpenSSL,
+ serialization.PrivateFormat.PKCS8
+ ],
+ )
+ def test_private_bytes_unencrypted_pem(self, backend, fmt):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key_bytes = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: pemfile.read().encode()
+ )
+ key = serialization.load_pem_private_key(key_bytes, None, backend)
+ _skip_if_no_serialization(key, backend)
+ serialized = key.private_bytes(
+ serialization.Encoding.PEM,
+ fmt,
+ serialization.NoEncryption()
+ )
+ loaded_key = serialization.load_pem_private_key(
+ serialized, None, backend
+ )
+ loaded_priv_num = loaded_key.private_numbers()
+ priv_num = key.private_numbers()
+ assert loaded_priv_num == priv_num
+
+ def test_private_bytes_traditional_openssl_unencrypted_pem(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key_bytes = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PEM_Serialization", "ec_private_key.pem"),
+ lambda pemfile: pemfile.read().encode()
+ )
+ key = serialization.load_pem_private_key(key_bytes, None, backend)
+ serialized = key.private_bytes(
+ serialization.Encoding.PEM,
+ serialization.PrivateFormat.TraditionalOpenSSL,
+ serialization.NoEncryption()
+ )
+ assert serialized == key_bytes
+
+ def test_private_bytes_invalid_encoding(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: serialization.load_pem_private_key(
+ pemfile.read().encode(), None, backend
+ )
+ )
+ _skip_if_no_serialization(key, backend)
+ with pytest.raises(TypeError):
+ key.private_bytes(
+ "notencoding",
+ serialization.PrivateFormat.PKCS8,
+ serialization.NoEncryption()
+ )
+
+ def test_private_bytes_invalid_format(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: serialization.load_pem_private_key(
+ pemfile.read().encode(), None, backend
+ )
+ )
+ _skip_if_no_serialization(key, backend)
+ with pytest.raises(TypeError):
+ key.private_bytes(
+ serialization.Encoding.PEM,
+ "invalidformat",
+ serialization.NoEncryption()
+ )
+
+ def test_private_bytes_invalid_encryption_algorithm(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: serialization.load_pem_private_key(
+ pemfile.read().encode(), None, backend
+ )
+ )
+ _skip_if_no_serialization(key, backend)
+ with pytest.raises(TypeError):
+ key.private_bytes(
+ serialization.Encoding.PEM,
+ serialization.PrivateFormat.TraditionalOpenSSL,
+ "notanencalg"
+ )
+
+ def test_private_bytes_unsupported_encryption_type(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", "ec_private_key.pem"),
+ lambda pemfile: serialization.load_pem_private_key(
+ pemfile.read().encode(), None, backend
+ )
+ )
+ _skip_if_no_serialization(key, backend)
+ with pytest.raises(ValueError):
+ key.private_bytes(
+ serialization.Encoding.PEM,
+ serialization.PrivateFormat.TraditionalOpenSSL,
+ DummyKeyEncryption()
+ )