diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-14 14:17:29 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-14 14:17:29 -0400 |
| commit | 939af10558eccce22e72fafceb7eb4f32d8cea2f (patch) | |
| tree | daa6dfa76c2b908ced2247bda7bc2e2c92ee0279 /tests/hazmat/primitives/test_ec.py | |
| parent | 7905fcec68fd633d0b28d371660123b7b22cca53 (diff) | |
| parent | 81d069d3100bbdf1a612e01dfb71687ec0d84110 (diff) | |
| download | cryptography-939af10558eccce22e72fafceb7eb4f32d8cea2f.tar.gz cryptography-939af10558eccce22e72fafceb7eb4f32d8cea2f.tar.bz2 cryptography-939af10558eccce22e72fafceb7eb4f32d8cea2f.zip | |
Merge pull request #1755 from reaperhulk/serialize-der-ec
support DER encoded EC private key serialization
Diffstat (limited to 'tests/hazmat/primitives/test_ec.py')
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 105 |
1 files changed, 93 insertions, 12 deletions
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 620a5d39..3273fe63 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -444,13 +444,15 @@ class TestECSerialization(object): assert loaded_priv_num == priv_num @pytest.mark.parametrize( - "fmt", + ("fmt", "password"), [ - serialization.PrivateFormat.TraditionalOpenSSL, - serialization.PrivateFormat.PKCS8 - ], + [serialization.PrivateFormat.PKCS8, b"s"], + [serialization.PrivateFormat.PKCS8, b"longerpassword"], + [serialization.PrivateFormat.PKCS8, b"!*$&(@#$*&($T@%_somesymbol"], + [serialization.PrivateFormat.PKCS8, b"\x01" * 1000] + ] ) - def test_private_bytes_unencrypted_pem(self, backend, fmt): + def test_private_bytes_encrypted_der(self, backend, fmt, password): _skip_curve_unsupported(backend, ec.SECP256R1()) key_bytes = load_vectors_from_file( os.path.join( @@ -460,32 +462,111 @@ class TestECSerialization(object): key = serialization.load_pem_private_key(key_bytes, None, backend) _skip_if_no_serialization(key, backend) serialized = key.private_bytes( - serialization.Encoding.PEM, + serialization.Encoding.DER, fmt, - serialization.NoEncryption() + serialization.BestAvailableEncryption(password) ) - loaded_key = serialization.load_pem_private_key( - serialized, None, backend + loaded_key = serialization.load_der_private_key( + serialized, password, backend ) loaded_priv_num = loaded_key.private_numbers() priv_num = key.private_numbers() assert loaded_priv_num == priv_num - def test_private_bytes_traditional_openssl_unencrypted_pem(self, backend): + @pytest.mark.parametrize( + ("encoding", "fmt", "loader_func"), + [ + [ + serialization.Encoding.PEM, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.load_pem_private_key + ], + [ + serialization.Encoding.DER, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.load_der_private_key + ], + [ + serialization.Encoding.PEM, + serialization.PrivateFormat.PKCS8, + serialization.load_pem_private_key + ], + [ + serialization.Encoding.DER, + serialization.PrivateFormat.PKCS8, + serialization.load_der_private_key + ], + ] + ) + def test_private_bytes_unencrypted(self, backend, encoding, fmt, + loader_func): _skip_curve_unsupported(backend, ec.SECP256R1()) key_bytes = load_vectors_from_file( os.path.join( - "asymmetric", "PEM_Serialization", "ec_private_key.pem"), + "asymmetric", "PKCS8", "ec_private_key.pem"), lambda pemfile: pemfile.read().encode() ) key = serialization.load_pem_private_key(key_bytes, None, backend) + _skip_if_no_serialization(key, backend) serialized = key.private_bytes( - serialization.Encoding.PEM, + encoding, fmt, serialization.NoEncryption() + ) + loaded_key = loader_func(serialized, None, backend) + loaded_priv_num = loaded_key.private_numbers() + priv_num = key.private_numbers() + assert loaded_priv_num == priv_num + + @pytest.mark.parametrize( + ("key_path", "encoding", "loader_func"), + [ + [ + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key.pem" + ), + serialization.Encoding.PEM, + serialization.load_pem_private_key + ], + [ + os.path.join( + "asymmetric", "DER_Serialization", "ec_private_key.der" + ), + serialization.Encoding.DER, + serialization.load_der_private_key + ], + ] + ) + def test_private_bytes_traditional_openssl_unencrypted( + self, backend, key_path, encoding, loader_func + ): + _skip_curve_unsupported(backend, ec.SECP256R1()) + key_bytes = load_vectors_from_file( + key_path, lambda pemfile: pemfile.read(), mode="rb" + ) + key = loader_func(key_bytes, None, backend) + serialized = key.private_bytes( + encoding, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption() ) assert serialized == key_bytes + def test_private_bytes_traditional_der_encrypted_invalid(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PKCS8", "ec_private_key.pem"), + lambda pemfile: serialization.load_pem_private_key( + pemfile.read().encode(), None, backend + ) + ) + _skip_if_no_serialization(key, backend) + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.DER, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.BestAvailableEncryption(b"password") + ) + def test_private_bytes_invalid_encoding(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) key = load_vectors_from_file( |