aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat')
-rw-r--r--tests/hazmat/backends/test_multibackend.py30
-rw-r--r--tests/hazmat/backends/test_openssl.py15
-rw-r--r--tests/hazmat/primitives/test_3des.py37
-rw-r--r--tests/hazmat/primitives/test_aes.py33
-rw-r--r--tests/hazmat/primitives/test_block.py8
-rw-r--r--tests/hazmat/primitives/test_hkdf.py63
-rw-r--r--tests/hazmat/primitives/test_rsa.py36
-rw-r--r--tests/hazmat/primitives/utils.py7
8 files changed, 203 insertions, 26 deletions
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index fd2a30cd..088465a1 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -98,6 +98,15 @@ class DummyRSABackend(object):
algorithm):
pass
+ def mgf1_hash_supported(self, algorithm):
+ pass
+
+ def decrypt_rsa(self, private_key, ciphertext, padding):
+ pass
+
+ def encrypt_rsa(self, public_key, plaintext, padding):
+ pass
+
@utils.register_interface(DSABackend)
class DummyDSABackend(object):
@@ -211,6 +220,12 @@ class TestMultiBackend(object):
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(), hashes.MD5())
+ backend.mgf1_hash_supported(hashes.MD5())
+
+ backend.encrypt_rsa("public_key", "encryptme", padding.PKCS1v15())
+
+ backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15())
+
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
@@ -229,6 +244,21 @@ class TestMultiBackend(object):
backend.create_rsa_verification_ctx(
"public_key", "sig", padding.PKCS1v15(), hashes.MD5())
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.mgf1_hash_supported(hashes.MD5())
+
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.encrypt_rsa("public_key", "encryptme", padding.PKCS1v15())
+
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15())
+
def test_dsa(self):
backend = MultiBackend([
DummyDSABackend()
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 37347bc8..19274bf8 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers.algorithms import AES
-from cryptography.hazmat.primitives.ciphers.modes import CBC
+from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR
from cryptography.hazmat.primitives.interfaces import BlockCipherAlgorithm
from ...utils import raises_unsupported_algorithm
@@ -66,6 +66,11 @@ class TestOpenSSL(object):
def test_supports_cipher(self):
assert backend.cipher_supported(None, None) is False
+ def test_aes_ctr_always_available(self):
+ # AES CTR should always be available in both 0.9.8 and 1.0.0+
+ assert backend.cipher_supported(AES(b"\x00" * 16),
+ CTR(b"\x00" * 16)) is True
+
def test_register_duplicate_cipher_adapter(self):
with pytest.raises(ValueError):
backend.register_cipher_adapter(AES, CBC, None)
@@ -272,8 +277,8 @@ class TestOpenSSLRSA(object):
padding.PSS(
mgf=padding.MGF1(
algorithm=hashes.SHA256(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ ),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
@@ -285,8 +290,8 @@ class TestOpenSSLRSA(object):
padding.PSS(
mgf=padding.MGF1(
algorithm=hashes.SHA256(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ ),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py
index a4d696c9..b9354f0e 100644
--- a/tests/hazmat/primitives/test_3des.py
+++ b/tests/hazmat/primitives/test_3des.py
@@ -137,3 +137,40 @@ class TestTripleDESModeCFB(object):
),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.TripleDES("\x00" * 8), modes.CFB8("\x00" * 8)
+ ),
+ skip_message="Does not support TripleDES CFB8",
+)
+@pytest.mark.cipher
+class TestTripleDESModeCFB8(object):
+ test_KAT = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "3DES", "CFB"),
+ [
+ "TCFB8invperm.rsp",
+ "TCFB8permop.rsp",
+ "TCFB8subtab.rsp",
+ "TCFB8varkey.rsp",
+ "TCFB8vartext.rsp",
+ ],
+ lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)),
+ lambda iv, **kwargs: modes.CFB8(binascii.unhexlify(iv)),
+ )
+
+ test_MMT = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "3DES", "CFB"),
+ [
+ "TCFB8MMT1.rsp",
+ "TCFB8MMT2.rsp",
+ "TCFB8MMT3.rsp",
+ ],
+ lambda key1, key2, key3, **kwargs: algorithms.TripleDES(
+ binascii.unhexlify(key1 + key2 + key3)
+ ),
+ lambda iv, **kwargs: modes.CFB8(binascii.unhexlify(iv)),
+ )
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 03be268d..173075d6 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -158,6 +158,39 @@ class TestAESModeCFB(object):
@pytest.mark.supported(
only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.CFB8("\x00" * 16)
+ ),
+ skip_message="Does not support AES CFB8",
+)
+@pytest.mark.cipher
+class TestAESModeCFB8(object):
+ test_CFB8 = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "AES", "CFB"),
+ [
+ "CFB8GFSbox128.rsp",
+ "CFB8GFSbox192.rsp",
+ "CFB8GFSbox256.rsp",
+ "CFB8KeySbox128.rsp",
+ "CFB8KeySbox192.rsp",
+ "CFB8KeySbox256.rsp",
+ "CFB8VarKey128.rsp",
+ "CFB8VarKey192.rsp",
+ "CFB8VarKey256.rsp",
+ "CFB8VarTxt128.rsp",
+ "CFB8VarTxt192.rsp",
+ "CFB8VarTxt256.rsp",
+ "CFB8MMT128.rsp",
+ "CFB8MMT192.rsp",
+ "CFB8MMT256.rsp",
+ ],
+ lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
+ lambda iv, **kwargs: modes.CFB8(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16)
),
skip_message="Does not support AES CTR",
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index acfd947c..022e3af7 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -184,6 +184,14 @@ class TestModeValidation(object):
backend,
)
+ def test_cfb8(self, backend):
+ with pytest.raises(ValueError):
+ Cipher(
+ algorithms.AES(b"\x00" * 16),
+ modes.CFB8(b"abc"),
+ backend,
+ )
+
def test_ctr(self, backend):
with pytest.raises(ValueError):
Cipher(
diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py
index 2e3c0c3d..598f09f0 100644
--- a/tests/hazmat/primitives/test_hkdf.py
+++ b/tests/hazmat/primitives/test_hkdf.py
@@ -13,6 +13,8 @@
from __future__ import absolute_import, division, print_function
+import binascii
+
import pytest
import six
@@ -21,7 +23,7 @@ from cryptography.exceptions import (
AlreadyFinalized, InvalidKey, _Reasons
)
from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand
from ...utils import raises_unsupported_algorithm
@@ -151,8 +153,67 @@ class TestHKDF(object):
hkdf.verify(b"foo", six.u("bar"))
+@pytest.mark.hmac
+class TestHKDFExpand(object):
+ def test_derive(self, backend):
+ prk = binascii.unhexlify(
+ b"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+ )
+
+ okm = (b"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c"
+ b"5bf34007208d5b887185865")
+
+ info = binascii.unhexlify(b"f0f1f2f3f4f5f6f7f8f9")
+ hkdf = HKDFExpand(hashes.SHA256(), 42, info, backend)
+
+ assert binascii.hexlify(hkdf.derive(prk)) == okm
+
+ def test_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+ )
+
+ okm = (b"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c"
+ b"5bf34007208d5b887185865")
+
+ info = binascii.unhexlify(b"f0f1f2f3f4f5f6f7f8f9")
+ hkdf = HKDFExpand(hashes.SHA256(), 42, info, backend)
+
+ assert hkdf.verify(prk, binascii.unhexlify(okm)) is None
+
+ def test_invalid_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+ )
+
+ info = binascii.unhexlify(b"f0f1f2f3f4f5f6f7f8f9")
+ hkdf = HKDFExpand(hashes.SHA256(), 42, info, backend)
+
+ with pytest.raises(InvalidKey):
+ hkdf.verify(prk, b"wrong key")
+
+ def test_already_finalized(self, backend):
+ info = binascii.unhexlify(b"f0f1f2f3f4f5f6f7f8f9")
+ hkdf = HKDFExpand(hashes.SHA256(), 42, info, backend)
+
+ hkdf.derive(b"first")
+
+ with pytest.raises(AlreadyFinalized):
+ hkdf.derive(b"second")
+
+ def test_unicode_error(self, backend):
+ info = binascii.unhexlify(b"f0f1f2f3f4f5f6f7f8f9")
+ hkdf = HKDFExpand(hashes.SHA256(), 42, info, backend)
+
+ with pytest.raises(TypeError):
+ hkdf.derive(six.u("first"))
+
+
def test_invalid_backend():
pretend_backend = object()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
HKDF(hashes.SHA256(), 16, None, None, pretend_backend)
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ HKDFExpand(hashes.SHA256(), 16, None, pretend_backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 63d62657..be5e8bfc 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -458,8 +458,10 @@ class TestRSASignature(object):
backend=backend
)
signer = private_key.signer(
- padding.PSS(
- mgf=padding.MGF1(
+ pytest.deprecated_call(
+ padding.PSS,
+ mgf=pytest.deprecated_call(
+ padding.MGF1,
algorithm=hashes.SHA1(),
salt_length=padding.MGF1.MAX_LENGTH
)
@@ -472,8 +474,10 @@ class TestRSASignature(object):
assert len(signature) == math.ceil(private_key.key_size / 8.0)
verifier = private_key.public_key().verifier(
signature,
- padding.PSS(
- mgf=padding.MGF1(
+ pytest.deprecated_call(
+ padding.PSS,
+ mgf=pytest.deprecated_call(
+ padding.MGF1,
algorithm=hashes.SHA1(),
salt_length=padding.MGF1.MAX_LENGTH
)
@@ -944,8 +948,8 @@ class TestRSAVerification(object):
padding.PSS(
mgf=padding.MGF1(
algorithm=hashes.SHA1(),
- salt_length=1000000
- )
+ ),
+ salt_length=1000000
),
hashes.SHA1(),
backend
@@ -972,8 +976,8 @@ class TestRSAPSSMGF1Verification(object):
lambda params, hash_alg: padding.PSS(
mgf=padding.MGF1(
algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
+ ),
+ salt_length=params["salt_length"]
)
))
@@ -992,8 +996,8 @@ class TestRSAPSSMGF1Verification(object):
lambda params, hash_alg: padding.PSS(
mgf=padding.MGF1(
algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
+ ),
+ salt_length=params["salt_length"]
)
))
@@ -1012,8 +1016,8 @@ class TestRSAPSSMGF1Verification(object):
lambda params, hash_alg: padding.PSS(
mgf=padding.MGF1(
algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
+ ),
+ salt_length=params["salt_length"]
)
))
@@ -1032,8 +1036,8 @@ class TestRSAPSSMGF1Verification(object):
lambda params, hash_alg: padding.PSS(
mgf=padding.MGF1(
algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
+ ),
+ salt_length=params["salt_length"]
)
))
@@ -1052,8 +1056,8 @@ class TestRSAPSSMGF1Verification(object):
lambda params, hash_alg: padding.PSS(
mgf=padding.MGF1(
algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
+ ),
+ salt_length=params["salt_length"]
)
))
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 6c3f4c95..a496459b 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -26,7 +26,7 @@ from cryptography.exceptions import (
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.ciphers import Cipher
-from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from ...utils import load_vectors_from_file
@@ -347,15 +347,14 @@ def hkdf_extract_test(backend, algorithm, params):
def hkdf_expand_test(backend, algorithm, params):
- hkdf = HKDF(
+ hkdf = HKDFExpand(
algorithm,
int(params["l"]),
- salt=binascii.unhexlify(params["salt"]) or None,
info=binascii.unhexlify(params["info"]) or None,
backend=backend
)
- okm = hkdf._expand(binascii.unhexlify(params["prk"]))
+ okm = hkdf.derive(binascii.unhexlify(params["prk"]))
assert okm == binascii.unhexlify(params["okm"])
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 10:58:46 +0000