From dbcbffa06c9930a687010ca816596ca3f5cc78e9 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 12 Jan 2019 21:18:21 -0800
Subject: support x448 public/private serialization both raw and pkcs8 (#4653)

* support x448 public/private serialization both raw and pkcs8

* add tests for all other asym key types to prevent Raw

* more tests

* better tests

* fix a test

* funny story, I'm actually illiterate.

* pep8

* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw

* missing docs

* parametrize

* docs fixes

* remove dupe line

* assert something
---
 tests/hazmat/primitives/test_ec.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'tests/hazmat/primitives/test_ec.py')

diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index f883d065..830d89a0 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -705,6 +705,20 @@ class TestECSerialization(object):
         priv_num = key.private_numbers()
         assert loaded_priv_num == priv_num
 
+    @pytest.mark.parametrize(
+        ("encoding", "fmt"),
+        [
+            (serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
+            (serialization.Encoding.DER, serialization.PrivateFormat.Raw),
+            (serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
+        ]
+    )
+    def test_private_bytes_rejects_raw(self, encoding, fmt, backend):
+        _skip_curve_unsupported(backend, ec.SECP256R1())
+        key = ec.generate_private_key(ec.SECP256R1(), backend)
+        with pytest.raises(ValueError):
+            key.private_bytes(encoding, fmt, serialization.NoEncryption())
+
     @pytest.mark.parametrize(
         ("fmt", "password"),
         [
@@ -985,6 +999,20 @@ class TestEllipticCurvePEMPublicKeySerialization(object):
                 serialization.PublicFormat.SubjectPublicKeyInfo
             )
 
+    @pytest.mark.parametrize(
+        ("encoding", "fmt"),
+        [
+            (serialization.Encoding.Raw, serialization.PublicFormat.Raw),
+            (serialization.Encoding.PEM, serialization.PublicFormat.Raw),
+            (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
+        ]
+    )
+    def test_public_bytes_rejects_raw(self, encoding, fmt, backend):
+        _skip_curve_unsupported(backend, ec.SECP256R1())
+        key = ec.generate_private_key(ec.SECP256R1(), backend).public_key()
+        with pytest.raises(ValueError):
+            key.public_bytes(encoding, fmt)
+
     def test_public_bytes_invalid_format(self, backend):
         _skip_curve_unsupported(backend, ec.SECP256R1())
         key = load_vectors_from_file(
-- 
cgit v1.2.3