aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/backends
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat/backends')
-rw-r--r--tests/hazmat/backends/test_multibackend.py34
-rw-r--r--tests/hazmat/backends/test_openssl.py90
2 files changed, 119 insertions, 5 deletions
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index f46009d4..d8c09bd7 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -18,11 +18,11 @@ from cryptography.exceptions import (
UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
- RSABackend
+ CMACBackend, CipherBackend, DSABackend, HMACBackend, HashBackend,
+ PBKDF2HMACBackend, RSABackend
)
from cryptography.hazmat.backends.multibackend import MultiBackend
-from cryptography.hazmat.primitives import hashes, hmac
+from cryptography.hazmat.primitives import cmac, hashes, hmac
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
@@ -108,6 +108,19 @@ class DummyDSABackend(object):
pass
+@utils.register_interface(CMACBackend)
+class DummyCMACBackend(object):
+ def __init__(self, supported_algorithms):
+ self._algorithms = supported_algorithms
+
+ def cmac_algorithm_supported(self, algorithm):
+ return type(algorithm) in self._algorithms
+
+ def create_cmac_ctx(self, algorithm):
+ if not self.cmac_algorithm_supported(algorithm):
+ raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER)
+
+
class TestMultiBackend(object):
def test_ciphers(self):
backend = MultiBackend([
@@ -224,3 +237,18 @@ class TestMultiBackend(object):
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_dsa_private_key(parameters)
+
+ def test_cmac(self):
+ backend = MultiBackend([
+ DummyCMACBackend([algorithms.AES])
+ ])
+
+ fake_key = b"\x00" * 16
+
+ assert backend.cmac_algorithm_supported(
+ algorithms.AES(fake_key)) is True
+
+ cmac.CMAC(algorithms.AES(fake_key), backend)
+
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
+ cmac.CMAC(algorithms.TripleDES(fake_key), backend)
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 4f682f66..58511666 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -23,6 +23,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers.algorithms import AES
from cryptography.hazmat.primitives.ciphers.modes import CBC
+from cryptography.hazmat.primitives.interfaces import BlockCipherAlgorithm
from ...utils import raises_unsupported_algorithm
@@ -143,8 +144,8 @@ class TestOpenSSL(object):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
- # This test is not in the next class because to check if it's really
- # default we don't want to run the setup_method before it
+ # This test is not in the TestOpenSSLRandomEngine class because to check
+ # if it's really default we don't want to run the setup_method before it
def test_osrandom_engine_is_default(self):
e = backend._lib.ENGINE_get_default_RAND()
name = backend._lib.ENGINE_get_name(e)
@@ -233,6 +234,25 @@ class TestOpenSSLRandomEngine(object):
e = backend._lib.ENGINE_get_default_RAND()
assert e == backend._ffi.NULL
+ def test_int_to_bn(self):
+ value = (2 ** 4242) - 4242
+ bn = backend._int_to_bn(value)
+ assert bn != backend._ffi.NULL
+ bn = backend._ffi.gc(bn, backend._lib.BN_free)
+
+ assert bn
+ assert backend._bn_to_int(bn) == value
+
+ def test_int_to_bn_inplace(self):
+ value = (2 ** 4242) - 4242
+ bn_ptr = backend._lib.BN_new()
+ assert bn_ptr != backend._ffi.NULL
+ bn_ptr = backend._ffi.gc(bn_ptr, backend._lib.BN_free)
+ bn = backend._int_to_bn(value, bn_ptr)
+
+ assert bn == bn_ptr
+ assert backend._bn_to_int(bn_ptr) == value
+
class TestOpenSSLRSA(object):
@pytest.mark.skipif(
@@ -272,3 +292,69 @@ class TestOpenSSLRSA(object):
def test_unsupported_mgf1_hash_algorithm(self):
assert backend.mgf1_hash_supported(DummyHash()) is False
+
+ def test_unsupported_mgf1_hash_algorithm_decrypt(self):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=512,
+ backend=backend
+ )
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
+ private_key.decrypt(
+ b"ciphertext",
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA256()),
+ algorithm=hashes.SHA1(),
+ label=None
+ ),
+ backend
+ )
+
+ def test_unsupported_oaep_hash_algorithm_decrypt(self):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=512,
+ backend=backend
+ )
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
+ private_key.decrypt(
+ b"ciphertext",
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA256(),
+ label=None
+ ),
+ backend
+ )
+
+ def test_unsupported_oaep_label_decrypt(self):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=512,
+ backend=backend
+ )
+ with pytest.raises(ValueError):
+ private_key.decrypt(
+ b"ciphertext",
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=b"label"
+ ),
+ backend
+ )
+
+
+@pytest.mark.skipif(
+ backend._lib.OPENSSL_VERSION_NUMBER <= 0x10001000,
+ reason="Requires an OpenSSL version >= 1.0.1"
+)
+class TestOpenSSLCMAC(object):
+ def test_unsupported_cipher(self):
+ @utils.register_interface(BlockCipherAlgorithm)
+ class FakeAlgorithm(object):
+ def __init__(self):
+ self.block_size = 64
+
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
+ backend.create_cmac_ctx(FakeAlgorithm())
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 05:15:02 +0000