From 77e95a016376dfdd08ef44549bd4ecc252fb3bf5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 25 Sep 2014 12:28:07 -0500 Subject: deprecate backend method names for elliptic curve number loading fixes #1270 --- tests/hazmat/backends/test_multibackend.py | 36 ++++++++++++++++++++++++---- tests/hazmat/backends/test_openssl.py | 38 +++++++++++++++++++++++++++++- 2 files changed, 68 insertions(+), 6 deletions(-) (limited to 'tests/hazmat/backends') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 45c12b34..f3893cd0 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography import utils from cryptography.exceptions import ( UnsupportedAlgorithm, _Reasons @@ -191,11 +193,17 @@ class DummyEllipticCurveBackend(object): if not self.elliptic_curve_supported(curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) - def elliptic_curve_private_key_from_numbers(self, numbers): + def load_elliptic_curve_private_numbers(self, numbers): if not self.elliptic_curve_supported(numbers.public_numbers.curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) + def elliptic_curve_private_key_from_numbers(self, numbers): + return None + def elliptic_curve_public_key_from_numbers(self, numbers): + return None + + def load_elliptic_curve_public_numbers(self, numbers): if not self.elliptic_curve_supported(numbers.curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) @@ -463,7 +471,7 @@ class TestMultiBackend(object): backend.generate_elliptic_curve_private_key(ec.SECT283K1()) - backend.elliptic_curve_private_key_from_numbers( + backend.load_elliptic_curve_private_numbers( ec.EllipticCurvePrivateNumbers( 1, ec.EllipticCurvePublicNumbers( @@ -474,7 +482,7 @@ class TestMultiBackend(object): ) ) - backend.elliptic_curve_public_key_from_numbers( + backend.load_elliptic_curve_public_numbers( ec.EllipticCurvePublicNumbers( 2, 3, @@ -493,7 +501,7 @@ class TestMultiBackend(object): backend.generate_elliptic_curve_private_key(ec.SECT163K1()) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend.elliptic_curve_private_key_from_numbers( + backend.load_elliptic_curve_private_numbers( ec.EllipticCurvePrivateNumbers( 1, ec.EllipticCurvePublicNumbers( @@ -505,7 +513,7 @@ class TestMultiBackend(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend.elliptic_curve_public_key_from_numbers( + backend.load_elliptic_curve_public_numbers( ec.EllipticCurvePublicNumbers( 2, 3, @@ -513,6 +521,24 @@ class TestMultiBackend(object): ) ) + def test_deprecated_elliptic_curve(self): + backend = MultiBackend([ + DummyEllipticCurveBackend([ + ec.SECT283K1 + ]) + ]) + pub_numbers = ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1()) + numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers) + + pytest.deprecated_call( + backend.elliptic_curve_private_key_from_numbers, + numbers + ) + pytest.deprecated_call( + backend.elliptic_curve_public_key_from_numbers, + pub_numbers + ) + def test_pkcs8_serialization_backend(self): backend = MultiBackend([DummyPKCS8SerializationBackend()]) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 110bbdba..5933b107 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -28,7 +28,7 @@ from cryptography.hazmat.backends.openssl.backend import ( Backend, backend ) from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa +from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR @@ -569,3 +569,39 @@ class TestDeprecatedDSABackendMethods(object): b"\x00" * 128, hashes.SHA1() ) + + +@pytest.mark.elliptic +class TestDeprecatedECBackendMethods(object): + def test_elliptic_curve_private_key_from_numbers(self): + d = 5634846038258869671139984276180670841223409490498798721258 + y = 4131560123026307384858369684985976479488628761329758810693 + x = 3402090428547195623222463880060959356423657484435591627791 + curve = ec.SECP192R1() + pub_numbers = ec.EllipticCurvePublicNumbers( + x=x, + y=y, + curve=curve + ) + numbers = ec.EllipticCurvePrivateNumbers( + private_value=d, + public_numbers=pub_numbers + ) + pytest.deprecated_call( + backend.elliptic_curve_private_key_from_numbers, + numbers + ) + + def test_elliptic_curve_public_key_from_numbers(self): + y = 4131560123026307384858369684985976479488628761329758810693 + x = 3402090428547195623222463880060959356423657484435591627791 + curve = ec.SECP192R1() + pub_numbers = ec.EllipticCurvePublicNumbers( + x=x, + y=y, + curve=curve + ) + pytest.deprecated_call( + backend.elliptic_curve_public_key_from_numbers, + pub_numbers + ) -- cgit v1.2.3 From 25228af9ce544108927cc769e5cfcf6f215cbc89 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 25 Sep 2014 13:02:00 -0500 Subject: skip deprecated tests on platforms that don't support ec (old rhel) --- tests/hazmat/backends/test_openssl.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'tests/hazmat/backends') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 5933b107..eecc7942 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -37,6 +37,15 @@ from cryptography.hazmat.primitives.interfaces import BlockCipherAlgorithm from ...utils import load_vectors_from_file, raises_unsupported_algorithm +def _skip_curve_unsupported(backend, curve): + if not backend.elliptic_curve_supported(curve): + pytest.skip( + "Curve {0} is not supported by this backend {1}".format( + curve.name, backend + ) + ) + + @utils.register_interface(interfaces.Mode) class DummyMode(object): name = "dummy-mode" @@ -578,6 +587,7 @@ class TestDeprecatedECBackendMethods(object): y = 4131560123026307384858369684985976479488628761329758810693 x = 3402090428547195623222463880060959356423657484435591627791 curve = ec.SECP192R1() + _skip_curve_unsupported(backend, curve) pub_numbers = ec.EllipticCurvePublicNumbers( x=x, y=y, @@ -596,6 +606,7 @@ class TestDeprecatedECBackendMethods(object): y = 4131560123026307384858369684985976479488628761329758810693 x = 3402090428547195623222463880060959356423657484435591627791 curve = ec.SECP192R1() + _skip_curve_unsupported(backend, curve) pub_numbers = ec.EllipticCurvePublicNumbers( x=x, y=y, -- cgit v1.2.3 From 07fa710a3e69329e999553244c04e98b85e1518c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 25 Sep 2014 16:56:11 -0500 Subject: fix test coverage on multibackend deprecated methods --- tests/hazmat/backends/test_multibackend.py | 33 ++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'tests/hazmat/backends') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index f3893cd0..61bda54c 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -198,10 +198,12 @@ class DummyEllipticCurveBackend(object): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) def elliptic_curve_private_key_from_numbers(self, numbers): - return None + if not self.elliptic_curve_supported(numbers.public_numbers.curve): + raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) def elliptic_curve_public_key_from_numbers(self, numbers): - return None + if not self.elliptic_curve_supported(numbers.curve): + raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) def load_elliptic_curve_public_numbers(self, numbers): if not self.elliptic_curve_supported(numbers.curve): @@ -527,6 +529,12 @@ class TestMultiBackend(object): ec.SECT283K1 ]) ]) + + assert backend.elliptic_curve_signature_algorithm_supported( + ec.ECDSA(hashes.SHA256()), + ec.SECT163K1() + ) is False + pub_numbers = ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1()) numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers) @@ -539,6 +547,27 @@ class TestMultiBackend(object): pub_numbers ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): + backend.elliptic_curve_private_key_from_numbers( + ec.EllipticCurvePrivateNumbers( + 1, + ec.EllipticCurvePublicNumbers( + 2, + 3, + ec.SECT163K1() + ) + ) + ) + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): + backend.elliptic_curve_public_key_from_numbers( + ec.EllipticCurvePublicNumbers( + 2, + 3, + ec.SECT163K1() + ) + ) + def test_pkcs8_serialization_backend(self): backend = MultiBackend([DummyPKCS8SerializationBackend()]) -- cgit v1.2.3 From e04f6fc6fcc5105ce66279eacd9df0683d538ee9 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 26 Sep 2014 12:16:14 -0500 Subject: remove duplicate _skip_curve_unsupported --- tests/hazmat/backends/test_openssl.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'tests/hazmat/backends') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index eecc7942..bfe6040e 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -34,18 +34,10 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR from cryptography.hazmat.primitives.interfaces import BlockCipherAlgorithm +from ..primitives.test_ec import _skip_curve_unsupported from ...utils import load_vectors_from_file, raises_unsupported_algorithm -def _skip_curve_unsupported(backend, curve): - if not backend.elliptic_curve_supported(curve): - pytest.skip( - "Curve {0} is not supported by this backend {1}".format( - curve.name, backend - ) - ) - - @utils.register_interface(interfaces.Mode) class DummyMode(object): name = "dummy-mode" -- cgit v1.2.3