aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives/utils.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat/primitives/utils.py')
-rw-r--r--tests/hazmat/primitives/utils.py226
1 files changed, 218 insertions, 8 deletions
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index e6e97d1d..705983a0 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -4,9 +4,13 @@ import os
import pytest
from cryptography.hazmat.bindings import _ALL_BACKENDS
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives import hmac
+from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.exceptions import (
+ AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag,
+)
+
+from ...utils import load_vectors_from_file
def generate_encrypt_test(param_loader, path, file_names, cipher_factory,
@@ -15,7 +19,10 @@ def generate_encrypt_test(param_loader, path, file_names, cipher_factory,
def test_encryption(self):
for backend in _ALL_BACKENDS:
for file_name in file_names:
- for params in param_loader(os.path.join(path, file_name)):
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
yield (
encrypt_test,
backend,
@@ -37,7 +44,7 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if,
cipher = Cipher(
cipher_factory(**params),
mode_factory(**params),
- backend
+ backend=backend
)
encryptor = cipher.encryptor()
actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
@@ -49,12 +56,123 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if,
assert actual_plaintext == binascii.unhexlify(plaintext)
+def generate_aead_test(param_loader, path, file_names, cipher_factory,
+ mode_factory, only_if, skip_message):
+ def test_aead(self):
+ for backend in _ALL_BACKENDS:
+ for file_name in file_names:
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
+ yield (
+ aead_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ params,
+ only_if,
+ skip_message
+ )
+ return test_aead
+
+
+def aead_test(backend, cipher_factory, mode_factory, params, only_if,
+ skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ if params.get("pt") is not None:
+ plaintext = params.pop("pt")
+ ciphertext = params.pop("ct")
+ aad = params.pop("aad")
+ if params.get("fail") is True:
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]),
+ binascii.unhexlify(params["tag"])),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+ with pytest.raises(InvalidTag):
+ decryptor.finalize()
+ else:
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]), None),
+ backend
+ )
+ encryptor = cipher.encryptor()
+ encryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
+ actual_ciphertext += encryptor.finalize()
+ tag_len = len(params["tag"])
+ assert binascii.hexlify(encryptor.tag)[:tag_len] == params["tag"]
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]),
+ binascii.unhexlify(params["tag"])),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+ actual_plaintext += decryptor.finalize()
+ assert actual_plaintext == binascii.unhexlify(plaintext)
+
+
+def generate_stream_encryption_test(param_loader, path, file_names,
+ cipher_factory, only_if=None,
+ skip_message=None):
+ def test_stream_encryption(self):
+ for backend in _ALL_BACKENDS:
+ for file_name in file_names:
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
+ yield (
+ stream_encryption_test,
+ backend,
+ cipher_factory,
+ params,
+ only_if,
+ skip_message
+ )
+ return test_stream_encryption
+
+
+def stream_encryption_test(backend, cipher_factory, params, only_if,
+ skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ plaintext = params.pop("plaintext")
+ ciphertext = params.pop("ciphertext")
+ offset = params.pop("offset")
+ cipher = Cipher(cipher_factory(**params), None, backend=backend)
+ encryptor = cipher.encryptor()
+ # throw away offset bytes
+ encryptor.update(b"\x00" * int(offset))
+ actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
+ actual_ciphertext += encryptor.finalize()
+ assert actual_ciphertext == binascii.unhexlify(ciphertext)
+ decryptor = cipher.decryptor()
+ decryptor.update(b"\x00" * int(offset))
+ actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+ actual_plaintext += decryptor.finalize()
+ assert actual_plaintext == binascii.unhexlify(plaintext)
+
+
def generate_hash_test(param_loader, path, file_names, hash_cls,
only_if=None, skip_message=None):
def test_hash(self):
for backend in _ALL_BACKENDS:
for file_name in file_names:
- for params in param_loader(os.path.join(path, file_name)):
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
yield (
hash_test,
backend,
@@ -105,6 +223,12 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if,
assert m != m_copy
assert m._ctx != m_copy._ctx
+ m.update(b"abc")
+ copy = m.copy()
+ copy.update(b"123")
+ m.update(b"123")
+ assert copy.finalize() == m.finalize()
+
def generate_long_string_hash_test(hash_factory, md, only_if=None,
skip_message=None):
@@ -134,7 +258,10 @@ def generate_hmac_test(param_loader, path, file_names, algorithm,
def test_hmac(self):
for backend in _ALL_BACKENDS:
for file_name in file_names:
- for params in param_loader(os.path.join(path, file_name)):
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
yield (
hmac_test,
backend,
@@ -152,7 +279,7 @@ def hmac_test(backend, algorithm, params, only_if, skip_message):
msg = params[0]
md = params[1]
key = params[2]
- h = hmac.HMAC(binascii.unhexlify(key), algorithm)
+ h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend)
h.update(binascii.unhexlify(msg))
assert h.finalize() == binascii.unhexlify(md.encode("ascii"))
@@ -174,7 +301,90 @@ def base_hmac_test(backend, algorithm, only_if, skip_message):
if only_if is not None and not only_if(backend):
pytest.skip(skip_message)
key = b"ab"
- h = hmac.HMAC(binascii.unhexlify(key), algorithm)
+ h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend)
h_copy = h.copy()
assert h != h_copy
assert h._ctx != h_copy._ctx
+
+
+def generate_aead_exception_test(cipher_factory, mode_factory,
+ only_if, skip_message):
+ def test_aead_exception(self):
+ for backend in _ALL_BACKENDS:
+ yield (
+ aead_exception_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ only_if,
+ skip_message
+ )
+ return test_aead_exception
+
+
+def aead_exception_test(backend, cipher_factory, mode_factory,
+ only_if, skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24)),
+ backend
+ )
+ encryptor = cipher.encryptor()
+ encryptor.update(b"a" * 16)
+ with pytest.raises(NotYetFinalized):
+ encryptor.tag
+ with pytest.raises(AlreadyUpdated):
+ encryptor.authenticate_additional_data(b"b" * 16)
+ encryptor.finalize()
+ with pytest.raises(AlreadyFinalized):
+ encryptor.authenticate_additional_data(b"b" * 16)
+ with pytest.raises(AlreadyFinalized):
+ encryptor.update(b"b" * 16)
+ with pytest.raises(AlreadyFinalized):
+ encryptor.finalize()
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.update(b"a" * 16)
+ with pytest.raises(AttributeError):
+ decryptor.tag
+
+
+def generate_aead_tag_exception_test(cipher_factory, mode_factory,
+ only_if, skip_message):
+ def test_aead_tag_exception(self):
+ for backend in _ALL_BACKENDS:
+ yield (
+ aead_tag_exception_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ only_if,
+ skip_message
+ )
+ return test_aead_tag_exception
+
+
+def aead_tag_exception_test(backend, cipher_factory, mode_factory,
+ only_if, skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24)),
+ backend
+ )
+ with pytest.raises(ValueError):
+ cipher.decryptor()
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),
+ backend
+ )
+ with pytest.raises(ValueError):
+ cipher.encryptor()
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 00:56:20 +0000