From 2b21b12d337e65c59b5d18e42f1927c64565945d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 09:39:25 -0700 Subject: Added test cases, fixed a bug --- tests/test_fernet.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 tests/test_fernet.py (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py new file mode 100644 index 00000000..e9d07f81 --- /dev/null +++ b/tests/test_fernet.py @@ -0,0 +1,23 @@ +import base64 + +from cryptography.fernet import Fernet + + +class TestFernet(object): + def test_generate(self): + f = Fernet(base64.urlsafe_b64decode( + b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + )) + token = f._encrypt_from_parts( + b"hello", + 499162800, + b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + ) + assert token == b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==" + + def test_verify(self): + f = Fernet(base64.urlsafe_b64decode( + b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + )) + payload = f.decrypt(b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", 60) + assert payload == b"hello" -- cgit v1.2.3 From 5e87dfdd7f9853d4072efa6dd0e0515141ab7eb2 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 09:46:03 -0700 Subject: Fixed test and implementation --- tests/test_fernet.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index e9d07f81..f7c06b95 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -13,11 +13,17 @@ class TestFernet(object): 499162800, b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", ) - assert token == b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==" + assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" )) - payload = f.decrypt(b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", 60) + payload = f.decrypt( + (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + ttl=60, + current_time=499162801 + ) assert payload == b"hello" -- cgit v1.2.3 From de36e90815f31ec39fe160bf69a81f1bb42b92d2 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 10:10:44 -0700 Subject: Address pep8 concerns --- tests/test_fernet.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index f7c06b95..27d24182 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,5 +1,7 @@ import base64 +import six + from cryptography.fernet import Fernet @@ -11,10 +13,10 @@ class TestFernet(object): token = f._encrypt_from_parts( b"hello", 499162800, - b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + b"".join(map(six.int2byte, range(16))), ) assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( @@ -22,7 +24,7 @@ class TestFernet(object): )) payload = f.decrypt( (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), ttl=60, current_time=499162801 ) -- cgit v1.2.3 From 413bd8b45a51dc9c9afe3262534abba2d8528457 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 11:22:11 -0700 Subject: py3k syntax fix --- tests/test_fernet.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 27d24182..7bdfa3fa 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -16,7 +16,7 @@ class TestFernet(object): b"".join(map(six.int2byte, range(16))), ) assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + b"4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( @@ -24,7 +24,7 @@ class TestFernet(object): )) payload = f.decrypt( (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + b"PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), ttl=60, current_time=499162801 ) -- cgit v1.2.3 From fb8adfcb2f0a67519ee81cad0c50d2e359ff3a20 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 14:16:24 -0700 Subject: Use raw vector files --- tests/test_fernet.py | 56 +++++++++++++++++++++++++------------- tests/vectors/fernet/generate.json | 9 ++++++ tests/vectors/fernet/verify.json | 9 ++++++ 3 files changed, 55 insertions(+), 19 deletions(-) create mode 100644 tests/vectors/fernet/generate.json create mode 100644 tests/vectors/fernet/verify.json (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 7bdfa3fa..382a232c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,31 +1,49 @@ import base64 +import calendar +import json +import os + +import iso8601 + +import pytest import six from cryptography.fernet import Fernet +def json_parametrize(keys, path): + with open(path) as f: + data = json.load(f) + return pytest.mark.parametrize(keys, [ + tuple([entry[k] for k in keys]) + for entry in data + ]) + + class TestFernet(object): - def test_generate(self): - f = Fernet(base64.urlsafe_b64decode( - b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" - )) - token = f._encrypt_from_parts( - b"hello", - 499162800, - b"".join(map(six.int2byte, range(16))), + @json_parametrize( + ("secret", "now", "iv", "src", "token"), + os.path.join(os.path.dirname(__file__), "vectors", "fernet", "generate.json") + ) + def test_generate(self, secret, now, iv, src, token): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + actual_token = f._encrypt_from_parts( + src.encode("ascii"), + calendar.timegm(iso8601.parse_date(now).utctimetuple()), + b"".join(map(six.int2byte, iv)) ) - assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - b"4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + assert actual_token == token - def test_verify(self): - f = Fernet(base64.urlsafe_b64decode( - b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" - )) + @json_parametrize( + ("secret", "now", "src", "ttl_sec", "token"), + os.path.join(os.path.dirname(__file__), "vectors", "fernet", "verify.json") + ) + def test_verify(self, secret, now, src, ttl_sec, token): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) payload = f.decrypt( - (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - b"PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), - ttl=60, - current_time=499162801 + token.encode("ascii"), + ttl=ttl_sec, + current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) ) - assert payload == b"hello" + assert payload == src diff --git a/tests/vectors/fernet/generate.json b/tests/vectors/fernet/generate.json new file mode 100644 index 00000000..d1f3e083 --- /dev/null +++ b/tests/vectors/fernet/generate.json @@ -0,0 +1,9 @@ +[ + { + "token": "gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", + "now": "1985-10-26T01:20:00-07:00", + "iv": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], + "src": "hello", + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] diff --git a/tests/vectors/fernet/verify.json b/tests/vectors/fernet/verify.json new file mode 100644 index 00000000..08c480f5 --- /dev/null +++ b/tests/vectors/fernet/verify.json @@ -0,0 +1,9 @@ +[ + { + "token": "gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "src": "hello", + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] -- cgit v1.2.3 From 38f34557e432f98cc8a023e621b5efe525ef886c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 14:50:00 -0700 Subject: Started working on the invalid cases --- tests/test_fernet.py | 28 +++++++++++++++---- tests/vectors/fernet/invalid.json | 58 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 6 deletions(-) create mode 100644 tests/vectors/fernet/invalid.json (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 382a232c..15071718 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -9,10 +9,11 @@ import pytest import six -from cryptography.fernet import Fernet +from cryptography.fernet import Fernet, InvalidToken -def json_parametrize(keys, path): +def json_parametrize(keys, fname): + path = os.path.join(os.path.dirname(__file__), "vectors", "fernet", fname) with open(path) as f: data = json.load(f) return pytest.mark.parametrize(keys, [ @@ -23,8 +24,7 @@ def json_parametrize(keys, path): class TestFernet(object): @json_parametrize( - ("secret", "now", "iv", "src", "token"), - os.path.join(os.path.dirname(__file__), "vectors", "fernet", "generate.json") + ("secret", "now", "iv", "src", "token"), "generate.json", ) def test_generate(self, secret, now, iv, src, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) @@ -36,8 +36,7 @@ class TestFernet(object): assert actual_token == token @json_parametrize( - ("secret", "now", "src", "ttl_sec", "token"), - os.path.join(os.path.dirname(__file__), "vectors", "fernet", "verify.json") + ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) def test_verify(self, secret, now, src, ttl_sec, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) @@ -47,3 +46,20 @@ class TestFernet(object): current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) ) assert payload == src + + @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") + def test_invalid(self, secret, token, now, ttl_sec): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + with pytest.raises(InvalidToken): + f.decrypt( + token.encode("ascii"), + ttl=ttl_sec, + current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + ) + + def test_unicode(self): + f = Fernet(b"\x00" * 32) + with pytest.raises(TypeError): + f.encrypt(six.u("")) + with pytest.raises(TypeError): + f.decrypt(six.u("")) diff --git a/tests/vectors/fernet/invalid.json b/tests/vectors/fernet/invalid.json new file mode 100644 index 00000000..d80e7b4a --- /dev/null +++ b/tests/vectors/fernet/invalid.json @@ -0,0 +1,58 @@ +[ + { + "desc": "incorrect mac", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykQUFBQUFBQUFBQQ==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "too short", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPA==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "invalid base64", + "token": "%%%%%%%%%%%%%AECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykRtfsH-p1YsUD2Q==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "payload size not multiple of block size", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPOm73QeoCk9uGib28Xe5vz6oxq5nmxbx_v7mrfyudzUm", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "payload padding error", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0ODz4LEpdELGQAad7aNEHbf-JkLPIpuiYRLQ3RtXatOYREu2FWke6CnJNYIbkuKNqOhw==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "far-future TS (unacceptable clock skew)", + "token": "gAAAAAAdwStRAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAnja1xKYyhd-Y6mSkTOyTGJmw2Xc2a6kBd-iX9b_qXQcw==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "expired TTL", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykRtfsH-p1YsUD2Q==", + "now": "1985-10-26T01:21:31-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "incorrect IV (causes padding error)", + "token": "gAAAAAAdwJ6xBQECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAkLhFLHpGtDBRLRTZeUfWgHSv49TF2AUEZ1TIvcZjK1zQ==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] -- cgit v1.2.3 From c1ea0a0d23115bb0586230a139bcb2b60adb6262 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 15:03:53 -0700 Subject: Fixed pep8 issues --- tests/test_fernet.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 15071718..b0f22f0c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -40,21 +40,19 @@ class TestFernet(object): ) def test_verify(self, secret, now, src, ttl_sec, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) payload = f.decrypt( - token.encode("ascii"), - ttl=ttl_sec, - current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) assert payload == src @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) with pytest.raises(InvalidToken): f.decrypt( - token.encode("ascii"), - ttl=ttl_sec, - current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) def test_unicode(self): -- cgit v1.2.3 From ce8f9a4e2a5d159356a06147f65e221dbdf43171 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 15:23:15 -0700 Subject: A test for roundtripping --- tests/test_fernet.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index b0f22f0c..a42011a6 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -61,3 +61,10 @@ class TestFernet(object): f.encrypt(six.u("")) with pytest.raises(TypeError): f.decrypt(six.u("")) + + @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) + def test_roundtrips(self, message): + f = Fernet(b"\x00" * 32) + ciphertext = f.encrypt(message) + plaintext = f.decrypt(ciphertext) + assert plaintext == message -- cgit v1.2.3 From 6b9770b159b920cccddc8e3c3d1b0fb0287a0c15 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 16:07:35 -0700 Subject: write more readably --- tests/test_fernet.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index a42011a6..baae36d2 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -65,6 +65,4 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): f = Fernet(b"\x00" * 32) - ciphertext = f.encrypt(message) - plaintext = f.decrypt(ciphertext) - assert plaintext == message + assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From 7ecd3148acc35668bf679be5a603ed4bd7313148 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 16:29:18 -0700 Subject: py3k fixes --- tests/test_fernet.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index baae36d2..ca8e4ccd 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -33,7 +33,7 @@ class TestFernet(object): calendar.timegm(iso8601.parse_date(now).utctimetuple()), b"".join(map(six.int2byte, iv)) ) - assert actual_token == token + assert actual_token == token.encode("ascii") @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", @@ -44,7 +44,7 @@ class TestFernet(object): payload = f.decrypt( token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) - assert payload == src + assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): -- cgit v1.2.3 From 8912d3afde05ff6f91a508f0a54b5c24960eb09a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 2 Nov 2013 14:04:19 -0700 Subject: Include the license --- tests/test_fernet.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index ca8e4ccd..922f7223 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,3 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + import base64 import calendar import json -- cgit v1.2.3 From 9626b5a50460d2f90baa1f1b8c6a09ccc900c178 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 19 Nov 2013 16:49:26 -0800 Subject: Validate the IV/nonce length for a given algorithm. Fixes #159 --- tests/hazmat/bindings/test_openssl.py | 3 ++- tests/hazmat/primitives/test_block.py | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 9f27aab7..1cadc75c 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -23,7 +23,8 @@ from cryptography.hazmat.primitives.ciphers.modes import CBC class DummyMode(object): - pass + def validate_for_algorithm(self, algorithm): + pass @utils.register_interface(interfaces.CipherAlgorithm) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 9460c53d..b41f8922 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -30,6 +30,11 @@ class DummyCipher(object): pass +class DummyMode(object): + def validate_for_algorithm(self, algorithm): + pass + + class TestCipher(object): def test_instantiate_without_backend(self): Cipher( @@ -101,10 +106,20 @@ class TestCipherContext(object): def test_nonexistent_cipher(self, backend): cipher = Cipher( - DummyCipher(), object(), backend + DummyCipher(), DummyMode(), backend ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() + + +class TestModeValidation(object): + def test_cbc(self, backend): + with pytest.raises(ValueError): + Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(b"abc"), + backend, + ) -- cgit v1.2.3 From 26ebea2c5bde18aaecee5f03291606cc5799d0cc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 19 Nov 2013 16:53:36 -0800 Subject: Tests for OFB and CFB --- tests/hazmat/primitives/test_block.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index b41f8922..ad56f77e 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -123,3 +123,19 @@ class TestModeValidation(object): modes.CBC(b"abc"), backend, ) + + def test_ofb(self, backend): + with pytest.raises(ValueError): + Cipher( + algorithms.AES(b"\x00" * 16), + modes.OFB(b"abc"), + backend, + ) + + def test_cfb(self, backend): + with pytest.raises(ValueError): + Cipher( + algorithms.AES(b"\x00" * 16), + modes.CFB(b"abc"), + backend, + ) -- cgit v1.2.3 From 18f2c8f5da97e430387a78d6e7fe20de1c1e6ada Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 19 Nov 2013 16:57:08 -0800 Subject: test for ctr --- tests/hazmat/primitives/test_block.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index ad56f77e..52221cb6 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -139,3 +139,11 @@ class TestModeValidation(object): modes.CFB(b"abc"), backend, ) + + def test_ctr(self, backend): + with pytest.raises(ValueError): + Cipher( + algorithms.AES(b"\x00" * 16), + modes.CFB(b"abc"), + backend, + ) -- cgit v1.2.3 From 3c25f61c18c6f8f9a2210fb2124654023bcec775 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 19 Nov 2013 17:10:14 -0800 Subject: fixed typo --- tests/hazmat/primitives/test_block.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 52221cb6..e0deb36b 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -144,6 +144,6 @@ class TestModeValidation(object): with pytest.raises(ValueError): Cipher( algorithms.AES(b"\x00" * 16), - modes.CFB(b"abc"), + modes.CTR(b"abc"), backend, ) -- cgit v1.2.3 From 898fe0f899eb3ec744acaaa0a8641644fc6cf219 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 20 Nov 2013 16:38:32 -0800 Subject: Key in the right place --- tests/test_fernet.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 922f7223..4080bd2d 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -40,7 +40,7 @@ class TestFernet(object): ("secret", "now", "iv", "src", "token"), "generate.json", ) def test_generate(self, secret, now, iv, src, token): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) actual_token = f._encrypt_from_parts( src.encode("ascii"), calendar.timegm(iso8601.parse_date(now).utctimetuple()), @@ -52,7 +52,7 @@ class TestFernet(object): ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) def test_verify(self, secret, now, src, ttl_sec, token): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) payload = f.decrypt( token.encode("ascii"), ttl=ttl_sec, current_time=current_time @@ -61,7 +61,7 @@ class TestFernet(object): @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) with pytest.raises(InvalidToken): f.decrypt( @@ -69,7 +69,7 @@ class TestFernet(object): ) def test_unicode(self): - f = Fernet(b"\x00" * 32) + f = Fernet(base64.b64encode(b"\x00" * 32)) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): @@ -77,5 +77,5 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): - f = Fernet(b"\x00" * 32) + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From 1d2901cae193cb965480835aaf96696f8eecfaab Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:12:05 -0800 Subject: Hide the dangerous bits --- tests/test_fernet.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 4080bd2d..c1caaa05 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -15,6 +15,7 @@ import base64 import calendar import json import os +import time import iso8601 @@ -51,22 +52,20 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) - def test_verify(self, secret, now, src, ttl_sec, token): + def test_verify(self, secret, now, src, ttl_sec, token, monkeypatch): f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) - payload = f.decrypt( - token.encode("ascii"), ttl=ttl_sec, current_time=current_time - ) + monkeypatch.setattr(time, "time", lambda: current_time) + payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") - def test_invalid(self, secret, token, now, ttl_sec): + def test_invalid(self, secret, token, now, ttl_sec, monkeypatch): f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) + monkeypatch.setattr(time, "time", lambda: current_time) with pytest.raises(InvalidToken): - f.decrypt( - token.encode("ascii"), ttl=ttl_sec, current_time=current_time - ) + f.decrypt(token.encode("ascii"), ttl=ttl_sec) def test_unicode(self): f = Fernet(base64.b64encode(b"\x00" * 32)) -- cgit v1.2.3 From 56bcade581e68ad0dd82dbabe97c75a9f0701fed Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:15:14 -0800 Subject: fix, technically --- tests/test_fernet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index c1caaa05..8759229a 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -68,7 +68,7 @@ class TestFernet(object): f.decrypt(token.encode("ascii"), ttl=ttl_sec) def test_unicode(self): - f = Fernet(base64.b64encode(b"\x00" * 32)) + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): -- cgit v1.2.3 From 36597b4379bd62e520b9076072a030c73b85f471 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:25:13 -0800 Subject: An API for generating keys --- tests/test_fernet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 8759229a..af64175e 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -76,5 +76,5 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) + f = Fernet(Fernet.generate_key()) assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From fae20715b85e84297f01b60fc153cde93a7549c7 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 15:29:30 -0800 Subject: Address dreid's comments --- tests/test_fernet.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index af64175e..48df867c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -24,6 +24,7 @@ import pytest import six from cryptography.fernet import Fernet, InvalidToken +from cryptography.hazmat.backends import default_backend def json_parametrize(keys, fname): @@ -40,8 +41,8 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "iv", "src", "token"), "generate.json", ) - def test_generate(self, secret, now, iv, src, token): - f = Fernet(secret.encode("ascii")) + def test_generate(self, secret, now, iv, src, token, backend): + f = Fernet(secret.encode("ascii"), backend=backend) actual_token = f._encrypt_from_parts( src.encode("ascii"), calendar.timegm(iso8601.parse_date(now).utctimetuple()), @@ -52,29 +53,34 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) - def test_verify(self, secret, now, src, ttl_sec, token, monkeypatch): - f = Fernet(secret.encode("ascii")) + def test_verify(self, secret, now, src, ttl_sec, token, backend, + monkeypatch): + f = Fernet(secret.encode("ascii"), backend=backend) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) monkeypatch.setattr(time, "time", lambda: current_time) payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") - def test_invalid(self, secret, token, now, ttl_sec, monkeypatch): - f = Fernet(secret.encode("ascii")) + def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): + f = Fernet(secret.encode("ascii"), backend=backend) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) monkeypatch.setattr(time, "time", lambda: current_time) with pytest.raises(InvalidToken): f.decrypt(token.encode("ascii"), ttl=ttl_sec) - def test_unicode(self): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) + def test_unicode(self, backend): + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): f.decrypt(six.u("")) @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) - def test_roundtrips(self, message): - f = Fernet(Fernet.generate_key()) + def test_roundtrips(self, message, backend): + f = Fernet(Fernet.generate_key(), backend=backend) assert f.decrypt(f.encrypt(message)) == message + + def test_default_backend(self): + f = Fernet(Fernet.generate_key()) + assert f._backend is default_backend() -- cgit v1.2.3 From a8f0b63dddc6a22a1a982c6217d4cef2f598b781 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 15:44:06 -0800 Subject: Replace assertions with real error checks --- tests/test_fernet.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 48df867c..77661180 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -69,6 +69,11 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(token.encode("ascii"), ttl=ttl_sec) + def test_invalid_start_byte(self, backend): + f = Fernet(Fernet.generate_key(), backend=backend) + with pytest.raises(InvalidToken): + f.decrypt(base64.urlsafe_b64encode(b"\x81")) + def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): @@ -84,3 +89,7 @@ class TestFernet(object): def test_default_backend(self): f = Fernet(Fernet.generate_key()) assert f._backend is default_backend() + + def test_bad_key(self, backend): + with pytest.raises(ValueError): + Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend) -- cgit v1.2.3 From e78960fa8c2a210484695bf2e20c4847313cf5a0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 20 Dec 2013 11:02:33 -0800 Subject: Handle invalid timestamp length --- tests/test_fernet.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 77661180..45188c47 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -74,6 +74,11 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(base64.urlsafe_b64encode(b"\x81")) + def test_timestamp_too_short(self, backend): + f = Fernet(Fernet.generate_key(), backend=backend) + with pytest.raises(InvalidToken): + f.decrypt(base64.urlsafe_b64encode(b"\x80abc")) + def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): -- cgit v1.2.3 From f03334e25c3c31094015d1421feef7bcec9a9c1f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 2 Jan 2014 23:16:14 -0600 Subject: backend support check now lists which backend caused the skip --- tests/test_utils.py | 2 +- tests/utils.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_utils.py b/tests/test_utils.py index c640367e..e3e53d63 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -50,7 +50,7 @@ def test_check_backend_support_skip(): funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: check_backend_support(item) - assert exc_info.value.args[0] == "Nope" + assert exc_info.value.args[0] == "Nope (True)" def test_check_backend_support_no_skip(): diff --git a/tests/utils.py b/tests/utils.py index beb2ca5d..693a0c8f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -28,7 +28,9 @@ def check_backend_support(item): supported = item.keywords.get("supported") if supported and "backend" in item.funcargs: if not supported.kwargs["only_if"](item.funcargs["backend"]): - pytest.skip(supported.kwargs["skip_message"]) + pytest.skip("{0} ({1})".format( + supported.kwargs["skip_message"], item.funcargs["backend"] + )) elif supported: raise ValueError("This mark is only available on methods that take a " "backend") -- cgit v1.2.3 From 8d3857221ba0055e625e78783a98c27fcb192199 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 11:45:18 -0600 Subject: Instantiate our hash objects used for supported checks --- tests/hazmat/primitives/test_hash_vectors.py | 16 ++++++++-------- tests/hazmat/primitives/test_hashes.py | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index 13ffc3fd..ca97fc11 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -24,7 +24,7 @@ from ...utils import load_hash_vectors @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA1), + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), skip_message="Does not support SHA1", ) @pytest.mark.hash @@ -41,7 +41,7 @@ class TestSHA1(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA224), + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), skip_message="Does not support SHA224", ) @pytest.mark.hash @@ -58,7 +58,7 @@ class TestSHA224(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA256), + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), skip_message="Does not support SHA256", ) @pytest.mark.hash @@ -75,7 +75,7 @@ class TestSHA256(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA384), + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), skip_message="Does not support SHA384", ) @pytest.mark.hash @@ -92,7 +92,7 @@ class TestSHA384(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA512), + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), skip_message="Does not support SHA512", ) @pytest.mark.hash @@ -109,7 +109,7 @@ class TestSHA512(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160()), skip_message="Does not support RIPEMD160", ) @pytest.mark.hash @@ -130,7 +130,7 @@ class TestRIPEMD160(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool()), skip_message="Does not support Whirlpool", ) @pytest.mark.hash @@ -153,7 +153,7 @@ class TestWhirlpool(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5()), skip_message="Does not support MD5", ) @pytest.mark.hash diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index c907ef61..9ca2feee 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -70,7 +70,7 @@ class TestHashContext(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA1), + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), skip_message="Does not support SHA1", ) @pytest.mark.hash @@ -83,7 +83,7 @@ class TestSHA1(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA224), + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), skip_message="Does not support SHA224", ) @pytest.mark.hash @@ -96,7 +96,7 @@ class TestSHA224(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA256), + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), skip_message="Does not support SHA256", ) @pytest.mark.hash @@ -109,7 +109,7 @@ class TestSHA256(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA384), + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), skip_message="Does not support SHA384", ) @pytest.mark.hash @@ -122,7 +122,7 @@ class TestSHA384(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA512), + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), skip_message="Does not support SHA512", ) @pytest.mark.hash @@ -135,7 +135,7 @@ class TestSHA512(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160()), skip_message="Does not support RIPEMD160", ) @pytest.mark.hash @@ -148,7 +148,7 @@ class TestRIPEMD160(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool()), skip_message="Does not support Whirlpool", ) @pytest.mark.hash @@ -161,7 +161,7 @@ class TestWhirlpool(object): @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5()), skip_message="Does not support MD5", ) @pytest.mark.hash -- cgit v1.2.3 From 24684cababdd46dbc715087ff6a6fdb7f1cec8ec Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 11:51:40 -0600 Subject: instantiate hash objects for hmac checks too --- tests/hazmat/primitives/test_hmac.py | 2 +- tests/hazmat/primitives/test_hmac_vectors.py | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 04913af6..dd9cdaab 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -34,7 +34,7 @@ class UnsupportedDummyHash(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5()), skip_message="Does not support MD5", ) @pytest.mark.hmac diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index c5644459..0792080b 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -22,7 +22,7 @@ from ...utils import load_hash_vectors @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5()), skip_message="Does not support MD5", ) @pytest.mark.hmac @@ -38,7 +38,7 @@ class TestHMAC_MD5(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.SHA1), + only_if=lambda backend: backend.hmac_supported(hashes.SHA1()), skip_message="Does not support SHA1", ) @pytest.mark.hmac @@ -54,7 +54,7 @@ class TestHMAC_SHA1(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.SHA224), + only_if=lambda backend: backend.hmac_supported(hashes.SHA224()), skip_message="Does not support SHA224", ) @pytest.mark.hmac @@ -70,7 +70,7 @@ class TestHMAC_SHA224(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.SHA256), + only_if=lambda backend: backend.hmac_supported(hashes.SHA256()), skip_message="Does not support SHA256", ) @pytest.mark.hmac @@ -86,7 +86,7 @@ class TestHMAC_SHA256(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.SHA384), + only_if=lambda backend: backend.hmac_supported(hashes.SHA384()), skip_message="Does not support SHA384", ) @pytest.mark.hmac @@ -102,7 +102,7 @@ class TestHMAC_SHA384(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.SHA512), + only_if=lambda backend: backend.hmac_supported(hashes.SHA512()), skip_message="Does not support SHA512", ) @pytest.mark.hmac @@ -118,7 +118,7 @@ class TestHMAC_SHA512(object): @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160()), skip_message="Does not support RIPEMD160", ) @pytest.mark.hmac -- cgit v1.2.3 From 108605b01873c4176275cc6bf2ea0d0b7c447a0e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 13:37:00 -0600 Subject: add commoncrypto mark to skip on non-OS X platforms --- tests/conftest.py | 5 ++++- tests/hazmat/bindings/test_bindings.py | 31 +++++++++++++++++++++++++++++++ tests/hazmat/bindings/test_openssl.py | 3 +++ tests/test_utils.py | 31 ++++++++++++++++++++++++++++++- tests/utils.py | 6 ++++++ 5 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 tests/hazmat/bindings/test_bindings.py (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 0ddc3338..3ba2425d 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,9 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface, check_backend_support +from .utils import ( + check_for_iface, check_backend_support, check_binding_available +) def pytest_generate_tests(metafunc): @@ -20,3 +22,4 @@ def pytest_runtest_setup(item): check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) check_backend_support(item) + check_binding_available(item) diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py new file mode 100644 index 00000000..927bc8a1 --- /dev/null +++ b/tests/hazmat/bindings/test_bindings.py @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import cffi + +from cryptography.hazmat.bindings.utils import binding_available +from cryptography.hazmat.bindings.openssl.binding import Binding + + +def dummy_initializer(): + raise cffi.VerificationError + + +def test_binding_available(): + assert binding_available(Binding._ensure_ffi_initialized) is True + + +def test_binding_unavailable(): + assert binding_available(dummy_initializer) is False diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 31f736ab..d1e85058 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -20,3 +20,6 @@ class TestOpenSSL(object): assert binding assert binding.lib assert binding.ffi + + def test_is_available(self): + assert Binding.is_available() is True diff --git a/tests/test_utils.py b/tests/test_utils.py index e3e53d63..917e87f0 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,14 +14,18 @@ import os import textwrap +import cffi + import pretend import pytest +from cryptography.hazmat.bindings.utils import binding_available + from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - check_backend_support + check_backend_support, check_binding_available ) @@ -72,6 +76,31 @@ def test_check_backend_support_no_backend(): check_backend_support(item) +def test_check_binding_available(): + from cryptography.hazmat.bindings.openssl.binding import Binding + kwargs = pretend.stub(kwargs={"binding": Binding}) + item = pretend.stub(keywords={"binding_available": kwargs}) + assert check_binding_available(item) is None + + +def test_check_binding_unavailable(): + class FakeBinding(object): + @classmethod + def _ensure_ffi_initialized(cls): + raise cffi.VerificationError + + @classmethod + def is_available(cls): + return binding_available(cls._ensure_ffi_initialized) + + kwargs = pretend.stub(kwargs={"binding": FakeBinding}) + item = pretend.stub(keywords={"binding_available": kwargs}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_binding_available(item) + assert exc_info.value.args[0] == ("" + " is not available") + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 693a0c8f..6d47a398 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -36,6 +36,12 @@ def check_backend_support(item): "backend") +def check_binding_available(item): + ba = item.keywords.get("binding_available") + if ba and not ba.kwargs["binding"].is_available(): + pytest.skip("{0} is not available".format(ba.kwargs["binding"])) + + def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", -- cgit v1.2.3 From 3ae13fc662435d69c7d93e937a675059164a495c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 17:43:35 -0600 Subject: fix py3 --- tests/test_utils.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/test_utils.py b/tests/test_utils.py index 917e87f0..6f938f58 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -33,6 +33,16 @@ class FakeInterface(object): pass +class FakeBinding(object): + @classmethod + def _ensure_ffi_initialized(cls): + raise cffi.VerificationError + + @classmethod + def is_available(cls): + return binding_available(cls._ensure_ffi_initialized) + + def test_check_for_iface(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: @@ -84,15 +94,6 @@ def test_check_binding_available(): def test_check_binding_unavailable(): - class FakeBinding(object): - @classmethod - def _ensure_ffi_initialized(cls): - raise cffi.VerificationError - - @classmethod - def is_available(cls): - return binding_available(cls._ensure_ffi_initialized) - kwargs = pretend.stub(kwargs={"binding": FakeBinding}) item = pretend.stub(keywords={"binding_available": kwargs}) with pytest.raises(pytest.skip.Exception) as exc_info: -- cgit v1.2.3 From 2dd21fec484c85647d73145bd9957fd5326495c3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 18:13:40 -0600 Subject: remove unneeded mark now that is_available is there --- tests/conftest.py | 5 +---- tests/test_utils.py | 32 +------------------------------- tests/utils.py | 6 ------ 3 files changed, 2 insertions(+), 41 deletions(-) (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 3ba2425d..0ddc3338 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,9 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import ( - check_for_iface, check_backend_support, check_binding_available -) +from .utils import check_for_iface, check_backend_support def pytest_generate_tests(metafunc): @@ -22,4 +20,3 @@ def pytest_runtest_setup(item): check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) check_backend_support(item) - check_binding_available(item) diff --git a/tests/test_utils.py b/tests/test_utils.py index 6f938f58..e3e53d63 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,18 +14,14 @@ import os import textwrap -import cffi - import pretend import pytest -from cryptography.hazmat.bindings.utils import binding_available - from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - check_backend_support, check_binding_available + check_backend_support ) @@ -33,16 +29,6 @@ class FakeInterface(object): pass -class FakeBinding(object): - @classmethod - def _ensure_ffi_initialized(cls): - raise cffi.VerificationError - - @classmethod - def is_available(cls): - return binding_available(cls._ensure_ffi_initialized) - - def test_check_for_iface(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: @@ -86,22 +72,6 @@ def test_check_backend_support_no_backend(): check_backend_support(item) -def test_check_binding_available(): - from cryptography.hazmat.bindings.openssl.binding import Binding - kwargs = pretend.stub(kwargs={"binding": Binding}) - item = pretend.stub(keywords={"binding_available": kwargs}) - assert check_binding_available(item) is None - - -def test_check_binding_unavailable(): - kwargs = pretend.stub(kwargs={"binding": FakeBinding}) - item = pretend.stub(keywords={"binding_available": kwargs}) - with pytest.raises(pytest.skip.Exception) as exc_info: - check_binding_available(item) - assert exc_info.value.args[0] == ("" - " is not available") - - def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 6d47a398..693a0c8f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -36,12 +36,6 @@ def check_backend_support(item): "backend") -def check_binding_available(item): - ba = item.keywords.get("binding_available") - if ba and not ba.kwargs["binding"].is_available(): - pytest.skip("{0} is not available".format(ba.kwargs["binding"])) - - def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", -- cgit v1.2.3 From fefe3c224353e4e37b02f1df0fc9558f68f8c464 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 18:43:19 -0600 Subject: make the dummy_initializer fail with an actual verify call --- tests/hazmat/bindings/test_bindings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py index 927bc8a1..5b13d543 100644 --- a/tests/hazmat/bindings/test_bindings.py +++ b/tests/hazmat/bindings/test_bindings.py @@ -20,7 +20,8 @@ from cryptography.hazmat.bindings.openssl.binding import Binding def dummy_initializer(): - raise cffi.VerificationError + ffi = cffi.FFI() + ffi.verify(source="include ") def test_binding_available(): -- cgit v1.2.3 From 02ed961c963f0d27fe23e9608223ccc8dd3be7f6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 19:36:39 -0600 Subject: missing # --- tests/hazmat/bindings/test_bindings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py index 5b13d543..7af1d581 100644 --- a/tests/hazmat/bindings/test_bindings.py +++ b/tests/hazmat/bindings/test_bindings.py @@ -21,7 +21,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding def dummy_initializer(): ffi = cffi.FFI() - ffi.verify(source="include ") + ffi.verify(source="#include ") def test_binding_available(): -- cgit v1.2.3 From e222010029298bb3d9d88c35b77fb56efc582ea0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 7 Jan 2014 15:16:35 -0800 Subject: Fixed #408 -- cleanup how is_available works --- tests/hazmat/bindings/test_bindings.py | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 tests/hazmat/bindings/test_bindings.py (limited to 'tests') diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py deleted file mode 100644 index 7af1d581..00000000 --- a/tests/hazmat/bindings/test_bindings.py +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import cffi - -from cryptography.hazmat.bindings.utils import binding_available -from cryptography.hazmat.bindings.openssl.binding import Binding - - -def dummy_initializer(): - ffi = cffi.FFI() - ffi.verify(source="#include ") - - -def test_binding_available(): - assert binding_available(Binding._ensure_ffi_initialized) is True - - -def test_binding_unavailable(): - assert binding_available(dummy_initializer) is False -- cgit v1.2.3 From 0f72bdadc4de8b764967ea66d376da65e5bf3281 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 7 Jan 2014 17:24:58 -0600 Subject: remove CAST5 for first release --- tests/hazmat/primitives/test_cast5.py | 41 --------------------------------- tests/hazmat/primitives/test_ciphers.py | 15 +----------- 2 files changed, 1 insertion(+), 55 deletions(-) delete mode 100644 tests/hazmat/primitives/test_cast5.py (limited to 'tests') diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py deleted file mode 100644 index d65a86b2..00000000 --- a/tests/hazmat/primitives/test_cast5.py +++ /dev/null @@ -1,41 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import binascii -import os - -import pytest - -from cryptography.hazmat.primitives.ciphers import algorithms, modes - -from .utils import generate_encrypt_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - algorithms.CAST5("\x00" * 16), modes.ECB() - ), - skip_message="Does not support CAST5 ECB", -) -@pytest.mark.cipher -class TestCAST5(object): - test_ECB = generate_encrypt_test( - load_nist_vectors, - os.path.join("ciphers", "CAST5"), - ["cast5-ecb.txt"], - lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), - lambda **kwargs: modes.ECB(), - ) diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 653f7ce6..6a7b2f93 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Camellia, TripleDES, Blowfish, CAST5, ARC4 + AES, Camellia, TripleDES, Blowfish, ARC4 ) @@ -80,19 +80,6 @@ class TestBlowfish(object): Blowfish(binascii.unhexlify(b"0" * 6)) -class TestCAST5(object): - @pytest.mark.parametrize(("key", "keysize"), [ - (b"0" * (keysize // 4), keysize) for keysize in range(40, 129, 8) - ]) - def test_key_size(self, key, keysize): - cipher = CAST5(binascii.unhexlify(key)) - assert cipher.key_size == keysize - - def test_invalid_key_size(self): - with pytest.raises(ValueError): - CAST5(binascii.unhexlify(b"0" * 34)) - - class TestARC4(object): @pytest.mark.parametrize(("key", "keysize"), [ (b"0" * 10, 40), -- cgit v1.2.3 From cc4a42dbc56974c10bf8dc0aca67ab29cccd2f77 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 13:32:56 -0600 Subject: Add initial CommonCrypto bindings (no backend yet) --- tests/hazmat/bindings/test_commoncrypto.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 tests/hazmat/bindings/test_commoncrypto.py (limited to 'tests') diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py new file mode 100644 index 00000000..385eeeb6 --- /dev/null +++ b/tests/hazmat/bindings/test_commoncrypto.py @@ -0,0 +1,25 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import pytest + +from cryptography.hazmat.bindings.commoncrypto.binding import Binding + + +@pytest.mark.commoncrypto +class TestCommonCrypto(object): + def test_binding_loads(self): + binding = Binding() + assert binding + assert binding.lib + assert binding.ffi -- cgit v1.2.3 From 5001c3f7479ff28457948a582e5e7446ac838ca6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 13:56:19 -0600 Subject: cover a missing branch in the commoncrypto bindings --- tests/hazmat/bindings/test_commoncrypto.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py index 385eeeb6..1eb71151 100644 --- a/tests/hazmat/bindings/test_commoncrypto.py +++ b/tests/hazmat/bindings/test_commoncrypto.py @@ -13,13 +13,19 @@ import pytest -from cryptography.hazmat.bindings.commoncrypto.binding import Binding - @pytest.mark.commoncrypto class TestCommonCrypto(object): def test_binding_loads(self): + from cryptography.hazmat.bindings.commoncrypto.binding import Binding binding = Binding() assert binding assert binding.lib assert binding.ffi + + def test_binding_returns_same_lib(self): + from cryptography.hazmat.bindings.commoncrypto.binding import Binding + binding = Binding() + binding2 = Binding() + assert binding.lib == binding2.lib + assert binding.ffi == binding2.ffi -- cgit v1.2.3 From 5e612d0ac078bae569dece5f718166a834fa9f7e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 19:42:36 -0600 Subject: add is_available() to CommonCrypto binding, use it for skipif --- tests/hazmat/bindings/test_commoncrypto.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py index 1eb71151..db3d1b74 100644 --- a/tests/hazmat/bindings/test_commoncrypto.py +++ b/tests/hazmat/bindings/test_commoncrypto.py @@ -13,18 +13,19 @@ import pytest +from cryptography.hazmat.bindings.commoncrypto.binding import Binding -@pytest.mark.commoncrypto + +@pytest.mark.skipif(not Binding.is_available(), + reason="CommonCrypto not available") class TestCommonCrypto(object): def test_binding_loads(self): - from cryptography.hazmat.bindings.commoncrypto.binding import Binding binding = Binding() assert binding assert binding.lib assert binding.ffi def test_binding_returns_same_lib(self): - from cryptography.hazmat.bindings.commoncrypto.binding import Binding binding = Binding() binding2 = Binding() assert binding.lib == binding2.lib -- cgit v1.2.3 From 0abdf870fa213684198b0e8965e6b71b289b0348 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 9 Jan 2014 22:21:14 -0600 Subject: add test marks to fernet so backends without cipher (or AES/CBC) will skip --- tests/test_fernet.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 45188c47..bd4d90a5 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -25,6 +25,7 @@ import six from cryptography.fernet import Fernet, InvalidToken from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import algorithms, modes def json_parametrize(keys, fname): @@ -37,7 +38,14 @@ def json_parametrize(keys, fname): ]) +@pytest.mark.cipher class TestFernet(object): + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) @json_parametrize( ("secret", "now", "iv", "src", "token"), "generate.json", ) @@ -50,6 +58,12 @@ class TestFernet(object): ) assert actual_token == token.encode("ascii") + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) @@ -61,6 +75,12 @@ class TestFernet(object): payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) assert payload == src.encode("ascii") + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): f = Fernet(secret.encode("ascii"), backend=backend) @@ -69,16 +89,34 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(token.encode("ascii"), ttl=ttl_sec) + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) def test_invalid_start_byte(self, backend): f = Fernet(Fernet.generate_key(), backend=backend) with pytest.raises(InvalidToken): f.decrypt(base64.urlsafe_b64encode(b"\x81")) + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) def test_timestamp_too_short(self, backend): f = Fernet(Fernet.generate_key(), backend=backend) with pytest.raises(InvalidToken): f.decrypt(base64.urlsafe_b64encode(b"\x80abc")) + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): @@ -86,6 +124,12 @@ class TestFernet(object): with pytest.raises(TypeError): f.decrypt(six.u("")) + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message, backend): f = Fernet(Fernet.generate_key(), backend=backend) @@ -95,6 +139,12 @@ class TestFernet(object): f = Fernet(Fernet.generate_key()) assert f._backend is default_backend() + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", + ) def test_bad_key(self, backend): with pytest.raises(ValueError): Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend) -- cgit v1.2.3 From cf77d3ad5390e6e00bbb38f379effe8df401fabb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jan 2014 12:13:05 -0600 Subject: add tests to the openssl backend to verify that we've registered evp ciphers and ssl ciphers --- tests/hazmat/backends/test_openssl.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index ad399594..71250592 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -95,3 +95,11 @@ class TestOpenSSL(object): backend._lib.EVP_F_EVP_DECRYPTFINAL_EX, 0 ) + + def test_ssl_ciphers_registered(self): + meth = backend._lib.TLSv1_method() + assert backend._lib.SSL_CTX_new(meth) != backend._ffi.NULL + + def test_evp_ciphers_registered(self): + cipher = backend._lib.EVP_get_cipherbyname("aes-256-cbc") + assert cipher != backend._ffi.NULL -- cgit v1.2.3 From 82128826bb0a92779a9029645525a7dc280671be Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jan 2014 12:27:14 -0600 Subject: don't leak a context in the test --- tests/hazmat/backends/test_openssl.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 71250592..a212df4a 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -98,7 +98,9 @@ class TestOpenSSL(object): def test_ssl_ciphers_registered(self): meth = backend._lib.TLSv1_method() - assert backend._lib.SSL_CTX_new(meth) != backend._ffi.NULL + ctx = backend._lib.SSL_CTX_new(meth) + assert ctx != backend._ffi.NULL + backend._lib.SSL_CTX_free(ctx) def test_evp_ciphers_registered(self): cipher = backend._lib.EVP_get_cipherbyname("aes-256-cbc") -- cgit v1.2.3 From 44957cde537a85ad8dba524cb352f784b07fc307 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jan 2014 12:36:14 -0600 Subject: oops, bytes plz --- tests/hazmat/backends/test_openssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index a212df4a..c70446b0 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -103,5 +103,5 @@ class TestOpenSSL(object): backend._lib.SSL_CTX_free(ctx) def test_evp_ciphers_registered(self): - cipher = backend._lib.EVP_get_cipherbyname("aes-256-cbc") + cipher = backend._lib.EVP_get_cipherbyname(b"aes-256-cbc") assert cipher != backend._ffi.NULL -- cgit v1.2.3 From ab2cfc70a63e49ed385f9bb9c4e44bc86025c3a5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jan 2014 21:44:05 -0600 Subject: add check to confirm we've loaded error strings --- tests/hazmat/backends/test_openssl.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index c70446b0..421bb530 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -105,3 +105,10 @@ class TestOpenSSL(object): def test_evp_ciphers_registered(self): cipher = backend._lib.EVP_get_cipherbyname(b"aes-256-cbc") assert cipher != backend._ffi.NULL + + def test_error_strings_loaded(self): + err = backend._lib.ERR_error_string(101183626, backend._ffi.NULL) + assert backend._ffi.string(err) == ( + "error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:" + "data not multiple of block length" + ) -- cgit v1.2.3 From 985d99d2934befe8bcf6257cbd9036dee1934ed9 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jan 2014 22:01:04 -0600 Subject: bytes byte back --- tests/hazmat/backends/test_openssl.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 421bb530..2a329920 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -107,8 +107,9 @@ class TestOpenSSL(object): assert cipher != backend._ffi.NULL def test_error_strings_loaded(self): + # returns a value in a static buffer err = backend._lib.ERR_error_string(101183626, backend._ffi.NULL) assert backend._ffi.string(err) == ( - "error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:" - "data not multiple of block length" + b"error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:" + b"data not multiple of block length" ) -- cgit v1.2.3 From 0d58373aac5bdbd8f4b72a9bed02fc6a1e58b0b3 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 10 Jan 2014 22:39:12 +0000 Subject: Use pytest.fixture for backends This lets you chain in additional fixtures that vary by backend easily. --- tests/conftest.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 0ddc3338..1d9f96ed 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,5 +1,6 @@ import pytest +from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) @@ -7,11 +8,9 @@ from cryptography.hazmat.backends.interfaces import ( from .utils import check_for_iface, check_backend_support -def pytest_generate_tests(metafunc): - from cryptography.hazmat.backends import _ALL_BACKENDS - - if "backend" in metafunc.fixturenames: - metafunc.parametrize("backend", _ALL_BACKENDS) +@pytest.fixture(params=_ALL_BACKENDS) +def backend(request): + return request.param @pytest.mark.trylast -- cgit v1.2.3