From fdd80ec89aa8f58b2d3bc6aaa51d74f4ea17d541 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 12 Jan 2020 18:35:16 -0600
Subject: Refs #5075 -- use x448_test.json from wycheproof (#5077)

* Refs #5075 -- use x448_test.json from wycheproof

* Fixed test

* crypto libraries from people who can't math, it's fine

* Skip teh weirdo 57 byte public keys
---
 tests/wycheproof/test_x448.py | 48 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 tests/wycheproof/test_x448.py

diff --git a/tests/wycheproof/test_x448.py b/tests/wycheproof/test_x448.py
new file mode 100644
index 00000000..094bf57c
--- /dev/null
+++ b/tests/wycheproof/test_x448.py
@@ -0,0 +1,48 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import pytest
+
+from cryptography.hazmat.primitives.asymmetric.x448 import (
+    X448PrivateKey, X448PublicKey
+)
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.x448_supported(),
+    skip_message="Requires OpenSSL with X448 support"
+)
+@pytest.mark.wycheproof_tests("x448_test.json")
+def test_x448(backend, wycheproof):
+    assert set(wycheproof.testgroup.items()) == {
+        ("curve", "curve448"), ("type", "XdhComp")
+    }
+
+    private_key = X448PrivateKey.from_private_bytes(
+        binascii.unhexlify(wycheproof.testcase["private"])
+    )
+    public_key_bytes = binascii.unhexlify(wycheproof.testcase["public"])
+    if len(public_key_bytes) == 57:
+        assert wycheproof.acceptable
+        assert wycheproof.has_flag("NonCanonicalPublic")
+        with pytest.raises(ValueError):
+            X448PublicKey.from_public_bytes(public_key_bytes)
+        return
+
+    public_key = X448PublicKey.from_public_bytes(public_key_bytes)
+
+    assert wycheproof.valid or wycheproof.acceptable
+
+    expected = binascii.unhexlify(wycheproof.testcase["shared"])
+    if expected == b"\x00" * 56:
+        assert wycheproof.acceptable
+        # OpenSSL returns an error on all zeros shared key
+        with pytest.raises(ValueError):
+            private_key.exchange(public_key)
+    else:
+        assert private_key.exchange(public_key) == expected
-- 
cgit v1.2.3