diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/doubles.py | 43 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_commoncrypto.py | 13 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 61 | ||||
| -rw-r--r-- | tests/hazmat/primitives/fixtures_rsa.py | 72 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 18 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 16 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 11 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 11 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_pbkdf2hmac.py | 13 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 78 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_x963_vectors.py | 11 | ||||
| -rw-r--r-- | tests/hypothesis/__init__.py | 4 | ||||
| -rw-r--r-- | tests/hypothesis/test_padding.py | 21 | ||||
| -rw-r--r-- | tests/test_fernet.py | 9 | ||||
| -rw-r--r-- | tests/test_x509.py | 14 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 91 |
17 files changed, 347 insertions, 147 deletions
diff --git a/tests/doubles.py b/tests/doubles.py new file mode 100644 index 00000000..2ff1942f --- /dev/null +++ b/tests/doubles.py @@ -0,0 +1,43 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +from cryptography import utils +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives.ciphers import CipherAlgorithm +from cryptography.hazmat.primitives.ciphers.modes import Mode + + +@utils.register_interface(CipherAlgorithm) +class DummyCipherAlgorithm(object): + name = "dummy-cipher" + block_size = 128 + key_size = None + + +@utils.register_interface(Mode) +class DummyMode(object): + name = "dummy-mode" + + def validate_for_algorithm(self, algorithm): + pass + + +@utils.register_interface(hashes.HashAlgorithm) +class DummyHashAlgorithm(object): + name = "dummy-hash" + block_size = None + digest_size = None + + +@utils.register_interface(serialization.KeySerializationEncryption) +class DummyKeySerializationEncryption(object): + pass + + +@utils.register_interface(padding.AsymmetricPadding) +class DummyAsymmetricPadding(object): + name = "dummy-padding" diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index f7200016..2b730e93 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -6,23 +6,16 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography import utils from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.backends import _available_backends -from cryptography.hazmat.primitives.ciphers import Cipher, CipherAlgorithm +from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM +from ...doubles import DummyCipherAlgorithm from ...utils import raises_unsupported_algorithm -@utils.register_interface(CipherAlgorithm) -class DummyCipher(object): - name = "dummy-cipher" - block_size = None - key_size = None - - @pytest.mark.skipif("commoncrypto" not in [i.name for i in _available_backends()], reason="CommonCrypto not available") @@ -55,7 +48,7 @@ class TestCommonCrypto(object): from cryptography.hazmat.backends.commoncrypto.backend import Backend b = Backend() cipher = Cipher( - DummyCipher(), GCM(b"fake_iv_here"), backend=b, + DummyCipherAlgorithm(), GCM(b"fake_iv_here"), backend=b, ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index e0555686..072f8be3 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -21,15 +21,16 @@ from cryptography.hazmat.backends.openssl.backend import ( from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding -from cryptography.hazmat.primitives.ciphers import ( - BlockCipherAlgorithm, Cipher, CipherAlgorithm -) +from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR, Mode +from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR from ..primitives.fixtures_dsa import DSA_KEY_2048 from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 from ..primitives.test_ec import _skip_curve_unsupported +from ...doubles import ( + DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode +) from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -47,32 +48,6 @@ class TestLibreSkip(object): skip_if_libre_ssl(u"LibreSSL 2.1.6") -@utils.register_interface(Mode) -class DummyMode(object): - name = "dummy-mode" - - def validate_for_algorithm(self, algorithm): - pass - - -@utils.register_interface(CipherAlgorithm) -class DummyCipher(object): - name = "dummy-cipher" - key_size = None - - -@utils.register_interface(padding.AsymmetricPadding) -class DummyPadding(object): - name = "dummy-cipher" - - -@utils.register_interface(hashes.HashAlgorithm) -class DummyHash(object): - name = "dummy-hash" - block_size = None - digest_size = None - - class DummyMGF(object): _salt_length = 0 @@ -111,12 +86,12 @@ class TestOpenSSL(object): def test_nonexistent_cipher(self, mode): b = Backend() b.register_cipher_adapter( - DummyCipher, + DummyCipherAlgorithm, type(mode), lambda backend, cipher, mode: backend._ffi.NULL ) cipher = Cipher( - DummyCipher(), mode, backend=b, + DummyCipherAlgorithm(), mode, backend=b, ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() @@ -268,7 +243,8 @@ class TestOpenSSLRandomEngine(object): subprocess.check_call( [sys.executable, "-c", engine_printer], env=env, - stdout=out + stdout=out, + stderr=subprocess.PIPE, ) osrandom_engine_name = backend._ffi.string( @@ -382,11 +358,11 @@ class TestOpenSSLRSA(object): def test_rsa_padding_unsupported_pss_mgf1_hash(self): assert backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(DummyHash()), salt_length=0) + padding.PSS(mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0) ) is False def test_rsa_padding_unsupported(self): - assert backend.rsa_padding_supported(DummyPadding()) is False + assert backend.rsa_padding_supported(DummyAsymmetricPadding()) is False def test_rsa_padding_supported_pkcs1v15(self): assert backend.rsa_padding_supported(padding.PKCS1v15()) is True @@ -461,12 +437,8 @@ class TestOpenSSLRSA(object): ) class TestOpenSSLCMAC(object): def test_unsupported_cipher(self): - @utils.register_interface(BlockCipherAlgorithm) - class FakeAlgorithm(object): - block_size = 64 - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - backend.create_cmac_ctx(FakeAlgorithm()) + backend.create_cmac_ctx(DummyCipherAlgorithm()) class TestOpenSSLCreateX509CSR(object): @@ -497,7 +469,9 @@ class TestOpenSSLSignX509Certificate(object): private_key = RSA_KEY_2048.private_key(backend) with pytest.raises(TypeError): - backend.create_x509_certificate(object(), private_key, DummyHash()) + backend.create_x509_certificate( + object(), private_key, DummyHashAlgorithm() + ) @pytest.mark.skipif( backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000, @@ -611,10 +585,11 @@ class TestOpenSSLSerializationWithOpenSSL(object): def test_pem_password_cb(self): password = b'abcdefg' + buf_size = len(password) + 1 ffi_cb, userdata = backend._pem_password_cb(password) handle = backend._ffi.new_handle(userdata) - buf = backend._ffi.new('char *') - assert ffi_cb(buf, len(password) + 1, False, handle) == len(password) + buf = backend._ffi.new('char[]', buf_size) + assert ffi_cb(buf, buf_size, False, handle) == len(password) assert userdata.called == 1 assert backend._ffi.string(buf, len(password)) == password diff --git a/tests/hazmat/primitives/fixtures_rsa.py b/tests/hazmat/primitives/fixtures_rsa.py index f93361de..a531783e 100644 --- a/tests/hazmat/primitives/fixtures_rsa.py +++ b/tests/hazmat/primitives/fixtures_rsa.py @@ -529,3 +529,75 @@ RSA_KEY_2048 = RSAPrivateNumbers( "de04fd053846ca10a223b10cc841cc80fdebee44f3114c13e886af583", 16), ) ) + +RSA_KEY_2048_ALT = RSAPrivateNumbers( + d=int( + "7522768467449591813737881904131688860626637897199391200040629" + "8641018746450502628484395471408986929218353894683769457466923" + "3079369551423094451013669595729568593462009746342148367797495" + "5529909313614750246672441810743580455199636293179539903480635" + "3091286716112931976896334411287175213124504134181121011488550" + "5290054443979198998564749640800633368957384058700741073997703" + "8877364695937023906368630297588990131009278072614118207348356" + "4640244134189285070202534488517371577359510236833464698189075" + "5160693085297816063285814039518178249628112908466649245545732" + "5791532385553960363601827996980725025898649392004494256400884" + "092073" + ), + dmp1=int( + "5847872614112935747739644055317429405973942336206460017493394" + "9737607778799766591021036792892472774720417920838206576785118" + "8889624058962939702950175807073343659386156232294197300491647" + "1029508414050591959344812347424476498076532682798598325230069" + "0925827594762920534235575029199380552228825468180187156871965" + "973" + ), + dmq1=int( + "2949536259161239302081155875068405238857801001054083407704879" + "8210876832264504685327766351157044892283801611558399025326793" + "4131638001934454489864437565651739832511702151461257267169691" + "6611992398459006200708626815153304591390855807749769768978152" + "9854112656599931724820610358669306523835327459478374630794532" + "167" + ), + iqmp=int( + "7331180989818931535458916053540252830484856703208982675535284" + "4613815808798190559315018094080936347757336989616401164752221" + "8101156529898067044923499386460167055405998646366011838018441" + "3678947694258190172377716154009305082091341215866326061721180" + "3836418654472188816187630316821692982783286322262994892003058" + "782" + ), + p=int( + "1460007723851883695617573533155574746587863843382715314919865" + "2434108956187429726002840717317310431378483921058946835896252" + "7109559207437158778332364464259678946305487699031865937075508" + "8616612925453842458055546540240601585731206561647892336916583" + "0023641764106581040198845259766246869529221084602380669333021" + "0819" + ), + q=int( + "1433897765867889178402883410610177836503402597775250087462018" + "4617952933433119527945447840336616357136736935069377619782227" + "2822380830300262175671282877680573202309319960687756231128996" + "9764855320953993690199846269451095044922353809602378616938811" + "7513900906279873343591486841303392490561500301994171338761080" + "4439" + ), + public_numbers=RSAPublicNumbers( + e=65537, + n=int( + "209350181338107812610165420955871971489973659392253291327" + "839812910252466502190690572476688311285621239204212139711" + "207388949164851984253143698667018532039612470954223918242" + "145976986600705122576087630525229796950722166468064721258" + "490916138706756006902066136471049807637157890128560592039" + "941717275079733754782848729566190631725183735944031456237" + "089928120178187552521649483240599003240074352860189285952" + "078970127554801074176375499583703254849309993132931268013" + "715070507278514207864914944621214574162116786377990456375" + "964817771730371110612100247262908550409785456157505694419" + "00451152778245269283276012328748538414051025541" + ) + ) +) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 1b3fc1cb..4f7e63bf 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -8,7 +8,6 @@ import binascii import pytest -from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, _Reasons ) @@ -20,23 +19,10 @@ from cryptography.hazmat.primitives.ciphers import ( from .utils import ( generate_aead_exception_test, generate_aead_tag_exception_test ) +from ...doubles import DummyCipherAlgorithm, DummyMode from ...utils import raises_unsupported_algorithm -@utils.register_interface(modes.Mode) -class DummyMode(object): - name = "dummy-mode" - - def validate_for_algorithm(self, algorithm): - pass - - -@utils.register_interface(base.CipherAlgorithm) -class DummyCipher(object): - name = "dummy-cipher" - key_size = None - - @pytest.mark.requires_backend_interface(interface=CipherBackend) class TestCipher(object): def test_creates_encryptor(self, backend): @@ -107,7 +93,7 @@ class TestCipherContext(object): @pytest.mark.parametrize("mode", [DummyMode(), None]) def test_nonexistent_cipher(self, backend, mode): cipher = Cipher( - DummyCipher(), mode, backend + DummyCipherAlgorithm(), mode, backend ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index fcfda614..b02cadc8 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -9,7 +9,6 @@ import os import pytest -from cryptography import utils from cryptography.exceptions import AlreadyFinalized, InvalidSignature from cryptography.hazmat.backends.interfaces import ( DSABackend, PEMSerializationBackend @@ -24,24 +23,13 @@ from cryptography.utils import bit_length from .fixtures_dsa import ( DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072 ) +from ...doubles import DummyHashAlgorithm, DummyKeySerializationEncryption from ...utils import ( load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors, load_vectors_from_file, ) -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): - pass - - -@utils.register_interface(hashes.HashAlgorithm) -class DummyHashAlgorithm(object): - name = "dummy" - digest_size = 32 - block_size = 64 - - def _skip_if_dsa_not_supported(backend, algorithm, p, q, g): if ( not backend.dsa_parameters_supported(p, q, g) or @@ -994,7 +982,7 @@ class TestDSASerialization(object): key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, - DummyKeyEncryption() + DummyKeySerializationEncryption() ) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 600ea27f..08619b48 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -23,6 +23,7 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( ) from .fixtures_ec import EC_KEY_SECP384R1 +from ...doubles import DummyKeySerializationEncryption from ...utils import ( load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors, load_kasvs_ecdh_vectors, load_vectors_from_file, @@ -81,11 +82,6 @@ class DummySignatureAlgorithm(object): algorithm = None -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): - pass - - @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) def test_skip_curve_unsupported(backend): with pytest.raises(pytest.skip.Exception): @@ -741,7 +737,7 @@ class TestECSerialization(object): key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, - DummyKeyEncryption() + DummyKeySerializationEncryption() ) def test_public_bytes_from_derived_public_key(self, backend): diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 8f7fdb18..a109c219 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -8,23 +8,16 @@ import pretend import pytest -from cryptography import utils from cryptography.exceptions import AlreadyFinalized, _Reasons from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes from .utils import generate_base_hash_test from ..backends.test_multibackend import DummyHashBackend +from ...doubles import DummyHashAlgorithm from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): - name = "unsupported-dummy-hash" - block_size = None - digest_size = None - - @pytest.mark.requires_backend_interface(interface=HashBackend) class TestHashContext(object): def test_hash_reject_unicode(self, backend): @@ -59,7 +52,7 @@ class TestHashContext(object): def test_unsupported_hash(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): - hashes.Hash(UnsupportedDummyHash(), backend) + hashes.Hash(DummyHashAlgorithm(), backend) @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 83b18cbc..82082a2d 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -8,7 +8,6 @@ import pretend import pytest -from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons ) @@ -17,16 +16,10 @@ from cryptography.hazmat.primitives import hashes, hmac from .utils import generate_base_hmac_test from ..backends.test_multibackend import DummyHMACBackend +from ...doubles import DummyHashAlgorithm from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): - name = "unsupported-dummy-hash" - block_size = None - digest_size = None - - @pytest.mark.supported( only_if=lambda backend: backend.hmac_supported(hashes.MD5()), skip_message="Does not support MD5", @@ -95,7 +88,7 @@ class TestHMAC(object): def test_unsupported_hash(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): - hmac.HMAC(b"key", UnsupportedDummyHash(), backend) + hmac.HMAC(b"key", DummyHashAlgorithm(), backend) def test_invalid_backend(): diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index 7fb6bbd6..d971ebd0 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidKey, _Reasons ) @@ -14,16 +13,10 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from ...doubles import DummyHashAlgorithm from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class DummyHash(object): - name = "dummy-hash" - block_size = None - digest_size = None - - class TestPBKDF2HMAC(object): def test_already_finalized(self): kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) @@ -43,7 +36,9 @@ class TestPBKDF2HMAC(object): def test_unsupported_algorithm(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): - PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) + PBKDF2HMAC( + DummyHashAlgorithm(), 20, b"salt", 10, default_backend() + ) def test_invalid_key(self): kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index c432db82..2331a935 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -11,7 +11,6 @@ import os import pytest -from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons ) @@ -27,37 +26,32 @@ from cryptography.hazmat.primitives.asymmetric.rsa import ( from .fixtures_rsa import ( RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028, RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031, RSA_KEY_1536, RSA_KEY_2048, - RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, RSA_KEY_745, - RSA_KEY_768, + RSA_KEY_2048_ALT, RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, + RSA_KEY_745, RSA_KEY_768, ) from .utils import ( _check_rsa_private_numbers, generate_rsa_verification_test ) +from ...doubles import ( + DummyAsymmetricPadding, DummyHashAlgorithm, DummyKeySerializationEncryption +) from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm ) -@utils.register_interface(padding.AsymmetricPadding) -class DummyPadding(object): - name = "UNSUPPORTED-PADDING" - - class DummyMGF(object): _salt_length = 0 -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): - pass +def _check_rsa_private_numbers_if_serializable(key): + if isinstance(key, rsa.RSAPrivateKeyWithSerialization): + _check_rsa_private_numbers(key.private_numbers()) -@utils.register_interface(hashes.HashAlgorithm) -class DummyHashAlgorithm(object): - name = "dummy-hash" - digest_size = 32 - block_size = 64 +def test_check_rsa_private_numbers_if_serializable(): + _check_rsa_private_numbers_if_serializable("notserializable") def _flatten_pkcs1_examples(vectors): @@ -123,7 +117,7 @@ class TestRSA(object): skey = rsa.generate_private_key(public_exponent, key_size, backend) assert skey.key_size == key_size - _check_rsa_private_numbers(skey.private_numbers()) + _check_rsa_private_numbers_if_serializable(skey) pkey = skey.public_key() assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers) @@ -396,7 +390,7 @@ class TestRSASignature(object): def test_unsupported_padding(self, backend): private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.signer(DummyPadding(), hashes.SHA1()) + private_key.signer(DummyAsymmetricPadding(), hashes.SHA1()) def test_padding_incorrect_type(self, backend): private_key = RSA_KEY_512.private_key(backend) @@ -694,7 +688,9 @@ class TestRSAVerification(object): private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - public_key.verifier(b"sig", DummyPadding(), hashes.SHA1()) + public_key.verifier( + b"sig", DummyAsymmetricPadding(), hashes.SHA1() + ) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -1121,7 +1117,7 @@ class TestRSADecryption(object): def test_unsupported_padding(self, backend): private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt(b"0" * 64, DummyPadding()) + private_key.decrypt(b"0" * 64, DummyAsymmetricPadding()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -1248,6 +1244,44 @@ class TestRSADecryption(object): ) ) + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ) + ), + skip_message="Does not support OAEP." + ) + def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend): + key = RSA_KEY_2048_ALT.private_key(backend) + + ciphertext = ( + b'\xb1ph\xc0\x0b\x1a|\xe6\xda\xea\xb5\xd7%\x94\x07\xf96\xfb\x96' + b'\x11\x9b\xdc4\xea.-\x91\x80\x13S\x94\x04m\xe9\xc5/F\x1b\x9b:\\' + b'\x1d\x04\x16ML\xae\xb32J\x01yuA\xbb\x83\x1c\x8f\xf6\xa5\xdbp\xcd' + b'\nx\xc7\xf6\x15\xb2/\xdcH\xae\xe7\x13\x13by\r4t\x99\x0fc\x1f\xc1' + b'\x1c\xb1\xdd\xc5\x08\xd1\xee\xa1XQ\xb8H@L5v\xc3\xaf\xf2\r\x97' + b'\xed\xaa\xe7\xf1\xd4xai\xd3\x83\xd9\xaa9\xbfx\xe1\x87F \x01\xff' + b'L\xccv}ae\xb3\xfa\xf2B\xb8\xf9\x04H\x94\x85\xcb\x86\xbb\\ghx!W31' + b'\xc7;t\na_E\xc2\x16\xb0;\xa1\x18\t\x1b\xe1\xdb\x80>)\x15\xc6\x12' + b'\xcb\xeeg`\x8b\x9b\x1b\x05y4\xb0\x84M6\xcd\xa1\x827o\xfd\x96\xba' + b'Z#\x8d\xae\x01\xc9\xf2\xb6\xde\x89{8&eQ\x1e8\x03\x01#?\xb66\\' + b'\xad.\xe9\xfa!\x95 c{\xcaz\xe0*\tP\r\x91\x9a)B\xb5\xadN\xf4$\x83' + b'\t\xb5u\xab\x19\x99' + ) + + with pytest.raises(ValueError): + key.decrypt( + ciphertext, + padding.OAEP( + algorithm=hashes.SHA1(), + mgf=padding.MGF1(hashes.SHA1()), + label=None + ) + ) + def test_unsupported_oaep_mgf(self, backend): private_key = RSA_KEY_512.private_key(backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): @@ -1361,7 +1395,7 @@ class TestRSAEncryption(object): public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - public_key.encrypt(b"somedata", DummyPadding()) + public_key.encrypt(b"somedata", DummyAsymmetricPadding()) with pytest.raises(TypeError): public_key.encrypt(b"somedata", padding=object()) @@ -1986,7 +2020,7 @@ class TestRSAPrivateKeySerialization(object): key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, - DummyKeyEncryption() + DummyKeySerializationEncryption() ) diff --git a/tests/hazmat/primitives/test_x963_vectors.py b/tests/hazmat/primitives/test_x963_vectors.py index 0332e601..b09d1653 100644 --- a/tests/hazmat/primitives/test_x963_vectors.py +++ b/tests/hazmat/primitives/test_x963_vectors.py @@ -9,22 +9,15 @@ import os import pytest -from cryptography import utils from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF +from ...doubles import DummyHashAlgorithm from ...utils import load_vectors_from_file, load_x963_vectors -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): - name = "unsupported-dummy-hash" - block_size = None - digest_size = None - - def _skip_hashfn_unsupported(backend, hashfn): if not backend.hash_supported(hashfn): pytest.skip( @@ -69,4 +62,4 @@ class TestX963(object): xkdf.verify(key, key_data) def test_unsupported_hash(self, backend): - _skip_hashfn_unsupported(backend, UnsupportedDummyHash()) + _skip_hashfn_unsupported(backend, DummyHashAlgorithm()) diff --git a/tests/hypothesis/__init__.py b/tests/hypothesis/__init__.py index 4b540884..0b344066 100644 --- a/tests/hypothesis/__init__.py +++ b/tests/hypothesis/__init__.py @@ -3,3 +3,7 @@ # for complete details. from __future__ import absolute_import, division, print_function + +import pytest +# hypothesis no longer supports Python 2.6 so we simply skip it there +pytest.importorskip("hypothesis") diff --git a/tests/hypothesis/test_padding.py b/tests/hypothesis/test_padding.py new file mode 100644 index 00000000..21c9a234 --- /dev/null +++ b/tests/hypothesis/test_padding.py @@ -0,0 +1,21 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from hypothesis import given +from hypothesis.strategies import binary, integers + +from cryptography.hazmat.primitives.padding import PKCS7 + + +@given(integers(min_value=1, max_value=31), binary()) +def test_pkcs7(block_size, data): + # Generate in [1, 31] so we can easily get block_size in bits by + # multiplying by 8. + p = PKCS7(block_size=block_size * 8) + padder = p.padder() + unpadder = p.unpadder() + + padded = padder.update(data) + padder.finalize() + + assert unpadder.update(padded) + unpadder.finalize() == data diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 0b93f017..c272eec0 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -103,6 +103,15 @@ class TestFernet(object): with pytest.raises(TypeError): f.decrypt(u"") + def test_timestamp_ignored_no_ttl(self, monkeypatch, backend): + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) + pt = b"encrypt me" + token = f.encrypt(pt) + ts = "1985-10-26T01:20:01-07:00" + current_time = calendar.timegm(iso8601.parse_date(ts).utctimetuple()) + monkeypatch.setattr(time, "time", lambda: current_time) + assert f.decrypt(token, ttl=None) == pt + @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message, backend): f = Fernet(Fernet.generate_key(), backend=backend) diff --git a/tests/test_x509.py b/tests/test_x509.py index 0eef0bc3..c042169c 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -3343,6 +3343,20 @@ class TestNameAttribute(object): b'bytes' ) + def test_init_bad_country_code_value(self): + with pytest.raises(ValueError): + x509.NameAttribute( + NameOID.COUNTRY_NAME, + u'United States' + ) + + # unicode string of length 2, but > 2 bytes + with pytest.raises(ValueError): + x509.NameAttribute( + NameOID.COUNTRY_NAME, + u'\U0001F37A\U0001F37A' + ) + def test_eq(self): assert x509.NameAttribute( x509.ObjectIdentifier('2.999.1'), u'value' diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index ff826458..d85b4bbc 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2228,6 +2228,90 @@ class TestAccessDescription(object): assert ad != ad3 assert ad != object() + def test_hash(self): + ad = x509.AccessDescription( + AuthorityInformationAccessOID.OCSP, + x509.UniformResourceIdentifier(u"http://ocsp.domain.com") + ) + ad2 = x509.AccessDescription( + AuthorityInformationAccessOID.OCSP, + x509.UniformResourceIdentifier(u"http://ocsp.domain.com") + ) + ad3 = x509.AccessDescription( + AuthorityInformationAccessOID.CA_ISSUERS, + x509.UniformResourceIdentifier(u"http://ocsp.domain.com") + ) + assert hash(ad) == hash(ad2) + assert hash(ad) != hash(ad3) + + +class TestPolicyConstraints(object): + def test_invalid_explicit_policy(self): + with pytest.raises(TypeError): + x509.PolicyConstraints("invalid", None) + + def test_invalid_inhibit_policy(self): + with pytest.raises(TypeError): + x509.PolicyConstraints(None, "invalid") + + def test_both_none(self): + with pytest.raises(ValueError): + x509.PolicyConstraints(None, None) + + def test_repr(self): + pc = x509.PolicyConstraints(0, None) + + assert repr(pc) == ( + u"<PolicyConstraints(require_explicit_policy=0, inhibit_policy_ma" + u"pping=None)>" + ) + + def test_eq(self): + pc = x509.PolicyConstraints(2, 1) + pc2 = x509.PolicyConstraints(2, 1) + assert pc == pc2 + + def test_ne(self): + pc = x509.PolicyConstraints(2, 1) + pc2 = x509.PolicyConstraints(2, 2) + pc3 = x509.PolicyConstraints(3, 1) + assert pc != pc2 + assert pc != pc3 + assert pc != object() + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestPolicyConstraintsExtension(object): + def test_inhibit_policy_mapping(self, backend): + cert = _load_cert( + os.path.join("x509", "department-of-state-root.pem"), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + ExtensionOID.POLICY_CONSTRAINTS, + ) + assert ext.critical is True + + assert ext.value == x509.PolicyConstraints( + require_explicit_policy=None, inhibit_policy_mapping=0, + ) + + def test_require_explicit_policy(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "policy_constraints_explicit.pem"), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + ExtensionOID.POLICY_CONSTRAINTS + ) + assert ext.critical is True + assert ext.value == x509.PolicyConstraints( + require_explicit_policy=1, inhibit_policy_mapping=None, + ) + class TestAuthorityInformationAccess(object): def test_invalid_descriptions(self): @@ -3382,6 +3466,13 @@ class TestInhibitAnyPolicy(object): assert iap != iap2 assert iap != object() + def test_hash(self): + iap = x509.InhibitAnyPolicy(1) + iap2 = x509.InhibitAnyPolicy(1) + iap3 = x509.InhibitAnyPolicy(4) + assert hash(iap) == hash(iap2) + assert hash(iap) != hash(iap3) + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) |