From 9470f67a3086e4c003ab27ca6a2209dae9b1a9e6 Mon Sep 17 00:00:00 2001 From: Marko Kreen Date: Mon, 25 May 2020 21:17:25 +0300 Subject: Cleanup serialize (#5149) * Additional tests for public/private_bytes They expose few places that raise TypeError and AssertionError! before, and ValueError later. * Cleanup of private_bytes() backend Also pass key itself down to backend. * Cleanup of public_bytes() backend * Test handling of unsupported key type --- tests/hazmat/primitives/test_serialization.py | 123 +++++++++++++++++++++++++- 1 file changed, 119 insertions(+), 4 deletions(-) (limited to 'tests/hazmat/primitives/test_serialization.py') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 6c86927a..8e8e15af 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -17,7 +17,7 @@ from cryptography.hazmat.backends.interfaces import ( PEMSerializationBackend, RSABackend ) from cryptography.hazmat.primitives.asymmetric import ( - dsa, ec, ed25519, ed448, rsa + dsa, ec, ed25519, ed448, rsa, x25519, x448 ) from cryptography.hazmat.primitives.serialization import ( BestAvailableEncryption, Encoding, NoEncryption, @@ -574,6 +574,24 @@ class TestPEMSerialization(object): ) ) + def test_invalid_encoding_with_traditional(self, backend): + key_file = os.path.join( + "asymmetric", "Traditional_OpenSSL_Serialization", "testrsa.pem" + ) + key = load_vectors_from_file( + key_file, + lambda pemfile: load_pem_private_key( + pemfile.read(), None, backend + ), + mode="rb" + ) + + for enc in (Encoding.OpenSSH, Encoding.Raw, Encoding.X962): + with pytest.raises(ValueError): + key.private_bytes( + enc, PrivateFormat.TraditionalOpenSSL, NoEncryption() + ) + @pytest.mark.parametrize( "key_path", [ @@ -1396,6 +1414,17 @@ class TestEd25519Serialization(object): encoding, PublicFormat.SubjectPublicKeyInfo ) == data + def test_openssl_serialization_unsupported(self, backend): + key = ed25519.Ed25519PrivateKey.generate() + with pytest.raises(ValueError): + key.private_bytes( + Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + with pytest.raises(ValueError): + key.private_bytes( + Encoding.DER, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + @pytest.mark.supported( only_if=lambda backend: backend.x448_supported(), @@ -1460,6 +1489,17 @@ class TestX448Serialization(object): encoding, PublicFormat.SubjectPublicKeyInfo ) == data + def test_openssl_serialization_unsupported(self, backend): + key = x448.X448PrivateKey.generate() + with pytest.raises(ValueError): + key.private_bytes( + Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + with pytest.raises(ValueError): + key.private_bytes( + Encoding.DER, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + @pytest.mark.supported( only_if=lambda backend: backend.x25519_supported(), @@ -1524,6 +1564,17 @@ class TestX25519Serialization(object): encoding, PublicFormat.SubjectPublicKeyInfo ) == data + def test_openssl_serialization_unsupported(self, backend): + key = x25519.X25519PrivateKey.generate() + with pytest.raises(ValueError): + key.private_bytes( + Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + with pytest.raises(ValueError): + key.private_bytes( + Encoding.DER, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + @pytest.mark.supported( only_if=lambda backend: backend.ed448_supported(), @@ -1588,9 +1639,73 @@ class TestEd448Serialization(object): encoding, PublicFormat.SubjectPublicKeyInfo ) == data + def test_openssl_serialization_unsupported(self, backend): + key = ed448.Ed448PrivateKey.generate() + with pytest.raises(ValueError): + key.private_bytes( + Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + with pytest.raises(ValueError): + key.private_bytes( + Encoding.DER, PrivateFormat.TraditionalOpenSSL, NoEncryption(), + ) + def test_openssh_serialization_unsupported(self, backend): - key = ed448.Ed448PrivateKey.generate().public_key() + key = ed448.Ed448PrivateKey.generate() with pytest.raises(ValueError): - key.public_bytes( - Encoding.OpenSSH, PublicFormat.OpenSSH + key.public_key().public_bytes( + Encoding.OpenSSH, PublicFormat.OpenSSH, ) + + +class TestDHSerialization(object): + """Test all options with least-supported key type. + """ + def test_dh_public_key(self, backend): + data = load_vectors_from_file( + os.path.join("asymmetric", "DH", "dhkey.pem"), + lambda pemfile: pemfile.read(), + mode="rb" + ) + public_key = load_pem_private_key(data, None, backend).public_key() + for enc in ( + Encoding.PEM, Encoding.DER, Encoding.OpenSSH, + Encoding.Raw, Encoding.X962 + ): + for fmt in ( + PublicFormat.SubjectPublicKeyInfo, PublicFormat.PKCS1, + PublicFormat.OpenSSH, PublicFormat.Raw, + PublicFormat.CompressedPoint, PublicFormat.UncompressedPoint, + ): + if ( + enc in (Encoding.PEM, Encoding.DER) and + fmt == PublicFormat.SubjectPublicKeyInfo + ): + # tested elsewhere + continue + with pytest.raises(ValueError): + public_key.public_bytes(enc, fmt) + + def test_dh_private_key(self, backend): + data = load_vectors_from_file( + os.path.join("asymmetric", "DH", "dhkey.pem"), + lambda pemfile: pemfile.read(), + mode="rb" + ) + private_key = load_pem_private_key(data, None, backend) + for enc in ( + Encoding.PEM, Encoding.DER, Encoding.OpenSSH, + Encoding.Raw, Encoding.X962 + ): + for fmt in ( + PrivateFormat.PKCS8, PrivateFormat.TraditionalOpenSSL, + PrivateFormat.Raw + ): + if ( + enc in (Encoding.PEM, Encoding.DER) and + fmt is PrivateFormat.PKCS8 + ): + # tested elsewhere + continue + with pytest.raises(ValueError): + private_key.private_bytes(enc, fmt, NoEncryption()) -- cgit v1.2.3