diff options
| -rw-r--r-- | cryptography/bindings/openssl/api.py | 33 | ||||
| -rw-r--r-- | cryptography/bindings/openssl/pkcs7.py | 34 | ||||
| -rw-r--r-- | cryptography/bindings/openssl/x509.py | 187 | ||||
| -rw-r--r-- | cryptography/bindings/openssl/x509name.py | 48 | ||||
| -rw-r--r-- | cryptography/primitives/hashes.py | 78 | ||||
| -rw-r--r-- | tests/primitives/test_hash_vectors.py | 111 | ||||
| -rw-r--r-- | tests/primitives/test_hashes.py | 78 | ||||
| -rw-r--r-- | tests/primitives/test_utils.py | 36 | ||||
| -rw-r--r-- | tests/primitives/utils.py | 78 | ||||
| -rw-r--r-- | tests/test_utils.py | 58 | ||||
| -rw-r--r-- | tests/utils.py | 35 |
11 files changed, 774 insertions, 2 deletions
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py index d04ca0c0..3502dd5a 100644 --- a/cryptography/bindings/openssl/api.py +++ b/cryptography/bindings/openssl/api.py @@ -36,10 +36,13 @@ class API(object): "err", "evp", "opensslv", + "pkcs7", "pkcs12", "rand", "rsa", "ssl", + "x509name", + "x509" ] def __init__(self): @@ -141,5 +144,35 @@ class API(object): assert res != 0 return self.ffi.buffer(buf)[:outlen[0]] + def supports_hash(self, hash_cls): + return (self.ffi.NULL != + self.lib.EVP_get_digestbyname(hash_cls.name.encode("ascii"))) + + def create_hash_context(self, hashobject): + ctx = self.lib.EVP_MD_CTX_create() + ctx = self.ffi.gc(ctx, self.lib.EVP_MD_CTX_destroy) + evp_md = self.lib.EVP_get_digestbyname(hashobject.name.encode("ascii")) + assert evp_md != self.ffi.NULL + res = self.lib.EVP_DigestInit_ex(ctx, evp_md, self.ffi.NULL) + assert res != 0 + return ctx + + def update_hash_context(self, ctx, data): + res = self.lib.EVP_DigestUpdate(ctx, data, len(data)) + assert res != 0 + + def finalize_hash_context(self, ctx, digest_size): + buf = self.ffi.new("unsigned char[]", digest_size) + res = self.lib.EVP_DigestFinal_ex(ctx, buf, self.ffi.NULL) + assert res != 0 + return self.ffi.buffer(buf)[:digest_size] + + def copy_hash_context(self, ctx): + copied_ctx = self.lib.EVP_MD_CTX_create() + copied_ctx = self.ffi.gc(copied_ctx, self.lib.EVP_MD_CTX_destroy) + res = self.lib.EVP_MD_CTX_copy_ex(copied_ctx, ctx) + assert res != 0 + return copied_ctx + api = API() diff --git a/cryptography/bindings/openssl/pkcs7.py b/cryptography/bindings/openssl/pkcs7.py new file mode 100644 index 00000000..752bfa00 --- /dev/null +++ b/cryptography/bindings/openssl/pkcs7.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/pkcs7.h> +""" + +TYPES = """ +typedef struct { + ASN1_OBJECT *type; + ...; +} PKCS7; +""" + +FUNCTIONS = """ +void PKCS7_free(PKCS7 *); +""" + +MACROS = """ +int PKCS7_type_is_signed(PKCS7 *); +int PKCS7_type_is_enveloped(PKCS7 *); +int PKCS7_type_is_signedAndEnveloped(PKCS7 *); +int PKCS7_type_is_data(PKCS7 *); +""" diff --git a/cryptography/bindings/openssl/x509.py b/cryptography/bindings/openssl/x509.py new file mode 100644 index 00000000..9a51a6d0 --- /dev/null +++ b/cryptography/bindings/openssl/x509.py @@ -0,0 +1,187 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/ssl.h> +""" + +TYPES = """ +typedef struct { + ASN1_OBJECT *algorithm; + ...; +} X509_ALGOR; + +typedef struct { + X509_ALGOR *signature; + ...; +} X509_CINF; + +typedef struct { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +} X509_EXTENSION; + +typedef ... X509_EXTENSIONS; + +typedef ... X509_REQ; + +typedef ... x509_revoked_st; + +typedef struct { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + X509_EXTENSIONS *extensions; + int sequence; + ...; +} X509_REVOKED; + +typedef struct { + struct x509_revoked_st *revoked; + ...; +} X509_CRL_INFO; + +typedef struct { + X509_CRL_INFO *crl; + ...; +} X509_CRL; + +typedef struct { + X509_CINF *cert_info; + ...; +} X509; + +typedef ... X509_STORE; +typedef ... NETSCAPE_SPKI; +""" + +FUNCTIONS = """ +X509 *X509_new(); +void X509_free(X509 *); +X509 *X509_dup(X509 *); + +int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); + +int X509_set_version(X509 *, long); + +EVP_PKEY *X509_get_pubkey(X509 *); +int X509_set_pubkey(X509 *, EVP_PKEY *); + +unsigned char *X509_alias_get0(X509 *, int *); +int X509_sign(X509 *, EVP_PKEY *, const EVP_MD *); + +int X509_digest(const X509 *, const EVP_MD *, unsigned char *, unsigned int *); + +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *, long); + +unsigned long X509_subject_name_hash(X509 *); + +X509_NAME *X509_get_subject_name(X509 *); +int X509_set_subject_name(X509 *, X509_NAME *); + +X509_NAME *X509_get_issuer_name(X509 *); +int X509_set_issuer_name(X509 *, X509_NAME *); + +int X509_get_ext_count(X509 *); +int X509_add_ext(X509 *, X509_EXTENSION *, int); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *); +X509_EXTENSION *X509_get_ext(X509 *, int); +int X509_EXTENSION_get_critical(X509_EXTENSION *); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); +void X509_EXTENSION_free(X509_EXTENSION *); + +int X509_REQ_set_version(X509_REQ *, long); +X509_REQ *X509_REQ_new(); +void X509_REQ_free(X509_REQ *); +int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); +int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); +int X509_REQ_verify(X509_REQ *, EVP_PKEY *); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *); +int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); +int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); + +int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); + +X509_REVOKED *X509_REVOKED_new(); +void X509_REVOKED_free(X509_REVOKED *); + +int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); + +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); + +X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); +X509_CRL *X509_CRL_new(); +void X509_CRL_free(X509_CRL *); +int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); +int i2d_X509_CRL_bio(BIO *, X509_CRL *); +int X509_CRL_print(BIO *, X509_CRL *); +int X509_CRL_set_issuer_name(X509_CRL *, X509_NAME *); +int X509_CRL_sign(X509_CRL *, EVP_PKEY *, const EVP_MD *); + +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *, EVP_PKEY *); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); +NETSCAPE_SPKI *NETSCAPE_SPKI_new(); +void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); + +/* ASN1 serialization */ +int i2d_X509_bio(BIO *, X509 *); +X509 *d2i_X509_bio(BIO *, X509 **); + +int i2d_X509_REQ_bio(BIO *, X509_REQ *); +X509_REQ *d2i_X509_REQ_bio(BIO *, X509_REQ **); + +int i2d_PrivateKey_bio(BIO *, EVP_PKEY *); +EVP_PKEY *d2i_PrivateKey_bio(BIO *, EVP_PKEY **); + +ASN1_INTEGER *X509_get_serialNumber(X509 *); +int X509_set_serialNumber(X509 *, ASN1_INTEGER *); + +/* X509_STORE */ +X509_STORE *X509_STORE_new(); +void X509_STORE_free(X509_STORE *); +int X509_STORE_add_cert(X509_STORE *, X509 *); +""" + +MACROS = """ +long X509_get_version(X509 *); + +ASN1_TIME *X509_get_notBefore(X509 *); +ASN1_TIME *X509_get_notAfter(X509 *); + +long X509_REQ_get_version(X509_REQ *); +X509_NAME *X509_REQ_get_subject_name(X509_REQ *); + +struct stack_st_X509 *sk_X509_new_null(); +void sk_X509_free(struct stack_st_X509 *); +int sk_X509_num(struct stack_st_X509 *); +int sk_X509_push(struct stack_st_X509 *, X509 *); +X509 *sk_X509_value(struct stack_st_X509 *, int); + +X509_EXTENSIONS *sk_X509_EXTENSION_new_null(); +int sk_X509_EXTENSION_num(X509_EXTENSIONS *); +X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); +int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); +void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); +void sk_X509_EXTENSION_free(X509_EXTENSIONS *); + +int sk_X509_REVOKED_num(struct x509_revoked_st *); +X509_REVOKED *sk_X509_REVOKED_value(struct x509_revoked_st *, int); + +/* These aren't macros these arguments are all const X on openssl > 1.0.x */ +int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); +int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *); +""" diff --git a/cryptography/bindings/openssl/x509name.py b/cryptography/bindings/openssl/x509name.py new file mode 100644 index 00000000..bd7abe2d --- /dev/null +++ b/cryptography/bindings/openssl/x509name.py @@ -0,0 +1,48 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include <openssl/x509.h> +""" + +TYPES = """ +typedef ... X509_NAME; +typedef ... X509_NAME_ENTRY; +""" + +FUNCTIONS = """ +int X509_NAME_entry_count(X509_NAME *); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *, int); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *); +ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *); +unsigned long X509_NAME_hash(X509_NAME *); + +int i2d_X509_NAME(X509_NAME *, unsigned char **); +int X509_NAME_add_entry_by_NID(X509_NAME *, int, int, unsigned char *, + int, int, int); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *, int); +void X509_NAME_ENTRY_free(X509_NAME_ENTRY *); +int X509_NAME_get_index_by_NID(X509_NAME *, int, int); +int X509_NAME_cmp(const X509_NAME *, const X509_NAME *); +char *X509_NAME_oneline(X509_NAME *, char *, int); +X509_NAME *X509_NAME_dup(X509_NAME *); +void X509_NAME_free(X509_NAME *); +""" + +MACROS = """ +struct stack_st_X509_NAME *sk_X509_NAME_new_null(); +int sk_X509_NAME_num(struct stack_st_X509_NAME *); +int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); +X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); +void sk_X509_NAME_free(struct stack_st_X509_NAME *); +""" diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py new file mode 100644 index 00000000..affca564 --- /dev/null +++ b/cryptography/primitives/hashes.py @@ -0,0 +1,78 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import binascii + +from cryptography.bindings import _default_api + + +class BaseHash(object): + def __init__(self, api=None, ctx=None): + if api is None: + api = _default_api + self._api = api + self._ctx = self._api.create_hash_context(self) if ctx is None else ctx + + def update(self, string): + self._api.update_hash_context(self._ctx, string) + + def copy(self): + return self.__class__(ctx=self._copy_ctx()) + + def digest(self): + return self._api.finalize_hash_context(self._copy_ctx(), + self.digest_size) + + def hexdigest(self): + return binascii.hexlify(self.digest()).decode("ascii") + + def _copy_ctx(self): + return self._api.copy_hash_context(self._ctx) + + +class SHA1(BaseHash): + name = "sha1" + digest_size = 20 + block_size = 64 + + +class SHA224(BaseHash): + name = "sha224" + digest_size = 28 + block_size = 64 + + +class SHA256(BaseHash): + name = "sha256" + digest_size = 32 + block_size = 64 + + +class SHA384(BaseHash): + name = "sha384" + digest_size = 48 + block_size = 128 + + +class SHA512(BaseHash): + name = "sha512" + digest_size = 64 + block_size = 128 + + +class RIPEMD160(BaseHash): + name = "ripemd160" + digest_size = 20 + block_size = 64 diff --git a/tests/primitives/test_hash_vectors.py b/tests/primitives/test_hash_vectors.py new file mode 100644 index 00000000..51c4b85d --- /dev/null +++ b/tests/primitives/test_hash_vectors.py @@ -0,0 +1,111 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import os + +from cryptography.primitives import hashes + +from .utils import generate_hash_test, generate_long_string_hash_test +from ..utils import load_hash_vectors_from_file + + +class TestSHA1(object): + test_SHA1 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("NIST", "SHABYTE"), + [ + "SHA1LongMsg.rsp", + "SHA1ShortMsg.rsp", + ], + hashes.SHA1, + only_if=lambda api: api.supports_hash(hashes.SHA1), + skip_message="Does not support SHA1", + ) + + +class TestSHA224(object): + test_SHA224 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("NIST", "SHABYTE"), + [ + "SHA224LongMsg.rsp", + "SHA224ShortMsg.rsp", + ], + hashes.SHA224, + only_if=lambda api: api.supports_hash(hashes.SHA224), + skip_message="Does not support SHA224", + ) + + +class TestSHA256(object): + test_SHA256 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("NIST", "SHABYTE"), + [ + "SHA256LongMsg.rsp", + "SHA256ShortMsg.rsp", + ], + hashes.SHA256, + only_if=lambda api: api.supports_hash(hashes.SHA256), + skip_message="Does not support SHA256", + ) + + +class TestSHA384(object): + test_SHA384 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("NIST", "SHABYTE"), + [ + "SHA384LongMsg.rsp", + "SHA384ShortMsg.rsp", + ], + hashes.SHA384, + only_if=lambda api: api.supports_hash(hashes.SHA384), + skip_message="Does not support SHA384", + ) + + +class TestSHA512(object): + test_SHA512 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("NIST", "SHABYTE"), + [ + "SHA512LongMsg.rsp", + "SHA512ShortMsg.rsp", + ], + hashes.SHA512, + only_if=lambda api: api.supports_hash(hashes.SHA512), + skip_message="Does not support SHA512", + ) + + +class TestRIPEMD160(object): + test_RIPEMD160 = generate_hash_test( + load_hash_vectors_from_file, + os.path.join("ISO", "ripemd160"), + [ + "ripevectors.txt", + ], + hashes.RIPEMD160, + only_if=lambda api: api.supports_hash(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", + ) + + test_RIPEMD160_long_string = generate_long_string_hash_test( + hashes.RIPEMD160, + "52783243c1697bdbe16d37f97f68f08325dc1528", + only_if=lambda api: api.supports_hash(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", + ) diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py new file mode 100644 index 00000000..bfb45037 --- /dev/null +++ b/tests/primitives/test_hashes.py @@ -0,0 +1,78 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +from cryptography.primitives import hashes + +from .utils import generate_base_hash_test + + +class TestSHA1(object): + test_SHA1 = generate_base_hash_test( + hashes.SHA1, + digest_size=20, + block_size=64, + only_if=lambda api: api.supports_hash(hashes.SHA1), + skip_message="Does not support SHA1", + ) + + +class TestSHA224(object): + test_SHA224 = generate_base_hash_test( + hashes.SHA224, + digest_size=28, + block_size=64, + only_if=lambda api: api.supports_hash(hashes.SHA224), + skip_message="Does not support SHA224", + ) + + +class TestSHA256(object): + test_SHA256 = generate_base_hash_test( + hashes.SHA256, + digest_size=32, + block_size=64, + only_if=lambda api: api.supports_hash(hashes.SHA256), + skip_message="Does not support SHA256", + ) + + +class TestSHA384(object): + test_SHA384 = generate_base_hash_test( + hashes.SHA384, + digest_size=48, + block_size=128, + only_if=lambda api: api.supports_hash(hashes.SHA384), + skip_message="Does not support SHA384", + ) + + +class TestSHA512(object): + test_SHA512 = generate_base_hash_test( + hashes.SHA512, + digest_size=64, + block_size=128, + only_if=lambda api: api.supports_hash(hashes.SHA512), + skip_message="Does not support SHA512", + ) + + +class TestRIPEMD160(object): + test_RIPEMD160 = generate_base_hash_test( + hashes.RIPEMD160, + digest_size=20, + block_size=64, + only_if=lambda api: api.supports_hash(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", + ) diff --git a/tests/primitives/test_utils.py b/tests/primitives/test_utils.py index 4666ece7..9888309e 100644 --- a/tests/primitives/test_utils.py +++ b/tests/primitives/test_utils.py @@ -1,6 +1,7 @@ import pytest -from .utils import encrypt_test +from .utils import (base_hash_test, encrypt_test, hash_test, + long_string_hash_test) class TestEncryptTest(object): @@ -12,3 +13,36 @@ class TestEncryptTest(object): skip_message="message!" ) assert exc_info.value.args[0] == "message!" + + +class TestHashTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + hash_test( + None, None, None, + only_if=lambda api: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" + + +class TestBaseHashTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + base_hash_test( + None, None, None, None, + only_if=lambda api: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" + + +class TestLongHashTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + long_string_hash_test( + None, None, None, + only_if=lambda api: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" diff --git a/tests/primitives/utils.py b/tests/primitives/utils.py index 3cf08c28..8b32700b 100644 --- a/tests/primitives/utils.py +++ b/tests/primitives/utils.py @@ -40,3 +40,81 @@ def encrypt_test(api, cipher_factory, mode_factory, params, only_if, actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext)) actual_ciphertext += cipher.finalize() assert actual_ciphertext == binascii.unhexlify(ciphertext) + + +def generate_hash_test(param_loader, path, file_names, hash_cls, + only_if=lambda api: True, skip_message=None): + def test_hash(self): + for api in _ALL_APIS: + for file_name in file_names: + for params in param_loader(os.path.join(path, file_name)): + yield ( + hash_test, + api, + hash_cls, + params, + only_if, + skip_message + ) + return test_hash + + +def hash_test(api, hash_cls, params, only_if, skip_message): + if not only_if(api): + pytest.skip(skip_message) + msg = params[0] + md = params[1] + m = hash_cls(api=api) + m.update(binascii.unhexlify(msg)) + assert m.hexdigest() == md.replace(" ", "").lower() + + +def generate_base_hash_test(hash_cls, digest_size, block_size, + only_if=lambda api: True, skip_message=None): + def test_base_hash(self): + for api in _ALL_APIS: + yield ( + base_hash_test, + api, + hash_cls, + digest_size, + block_size, + only_if, + skip_message, + ) + return test_base_hash + + +def base_hash_test(api, hash_cls, digest_size, block_size, only_if, + skip_message): + if not only_if(api): + pytest.skip(skip_message) + m = hash_cls(api=api) + assert m.digest_size == digest_size + assert m.block_size == block_size + m_copy = m.copy() + assert m != m_copy + assert m._ctx != m_copy._ctx + + +def generate_long_string_hash_test(hash_factory, md, only_if=lambda api: True, + skip_message=None): + def test_long_string_hash(self): + for api in _ALL_APIS: + yield( + long_string_hash_test, + api, + hash_factory, + md, + only_if, + skip_message + ) + return test_long_string_hash + + +def long_string_hash_test(api, hash_factory, md, only_if, skip_message): + if not only_if(api): + pytest.skip(skip_message) + m = hash_factory(api) + m.update(b"a" * 1000000) + assert m.hexdigest() == md.lower() diff --git a/tests/test_utils.py b/tests/test_utils.py index 28e7407b..a9bb6a87 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -13,9 +13,12 @@ import textwrap +import pytest + from .utils import (load_nist_vectors, load_nist_vectors_from_file, load_cryptrec_vectors, load_cryptrec_vectors_from_file, - load_openssl_vectors, load_openssl_vectors_from_file) + load_openssl_vectors, load_openssl_vectors_from_file, load_hash_vectors, + load_hash_vectors_from_file) def test_load_nist_vectors_encrypt(): @@ -360,3 +363,56 @@ def test_load_openssl_vectors_from_file(): "ciphertext": b"D776379BE0E50825E681DA1A4C980E8E", }, ] + + +def test_load_hash_vectors(): + vector_data = textwrap.dedent(""" + + # http://tools.ietf.org/html/rfc1321 + [irrelevant] + + Len = 0 + Msg = 00 + MD = d41d8cd98f00b204e9800998ecf8427e + + Len = 8 + Msg = 61 + MD = 0cc175b9c0f1b6a831c399e269772661 + + Len = 24 + Msg = 616263 + MD = 900150983cd24fb0d6963f7d28e17f72 + + Len = 112 + Msg = 6d65737361676520646967657374 + MD = f96b697d7cb7938d525a2f31aaf161d0 + """).splitlines() + assert load_hash_vectors(vector_data) == [ + (b"", "d41d8cd98f00b204e9800998ecf8427e"), + (b"61", "0cc175b9c0f1b6a831c399e269772661"), + (b"616263", "900150983cd24fb0d6963f7d28e17f72"), + (b"6d65737361676520646967657374", "f96b697d7cb7938d525a2f31aaf161d0"), + ] + + +def test_load_hash_vectors_bad_data(): + vector_data = textwrap.dedent(""" + # http://tools.ietf.org/html/rfc1321 + + Len = 0 + Msg = 00 + UNKNOWN=Hello World + """).splitlines() + with pytest.raises(ValueError): + load_hash_vectors(vector_data) + + +def test_load_hash_vectors_from_file(): + test_list = load_hash_vectors_from_file("RFC/MD5/rfc-1321.txt") + assert len(test_list) == 7 + assert test_list[:4] == [ + (b"", "d41d8cd98f00b204e9800998ecf8427e"), + (b"61", "0cc175b9c0f1b6a831c399e269772661"), + (b"616263", "900150983cd24fb0d6963f7d28e17f72"), + (b"6d65737361676520646967657374", "f96b697d7cb7938d525a2f31aaf161d0"), + ] diff --git a/tests/utils.py b/tests/utils.py index 6b1cfd79..03b780f8 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -119,3 +119,38 @@ def load_openssl_vectors(vector_data): "ciphertext": vector[4].encode("ascii"), }) return vectors + + +def load_hash_vectors(vector_data): + vectors = [] + + for line in vector_data: + line = line.strip() + + if not line or line.startswith("#") or line.startswith("["): + continue + + if line.startswith("Len"): + length = int(line.split(" = ")[1]) + elif line.startswith("Msg"): + """ + In the NIST vectors they have chosen to represent an empty + string as hex 00, which is of course not actually an empty + string. So we parse the provided length and catch this edge case. + """ + msg = line.split(" = ")[1].encode("ascii") if length > 0 else b"" + elif line.startswith("MD"): + md = line.split(" = ")[1] + # after MD is found the Msg+MD tuple is complete + vectors.append((msg, md)) + else: + raise ValueError("Unknown line in hash vector") + return vectors + + +def load_hash_vectors_from_file(filename): + base = os.path.join( + os.path.dirname(__file__), "primitives", "vectors" + ) + with open(os.path.join(base, filename), "r") as vector_file: + return load_hash_vectors(vector_file) |