add support for encoding compressed points (#4638)

* add support for encoding compressed points * review feedback
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-01-20 15:02:59 -0600
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-01-20 15:02:59 -0600
commit: a07b1f5463361570c3248c1096ffd8b3bff0bfa5 (patch)
tree: 66bc3e076557579ad062dea6a08a716519857b11 /tests/hazmat
parent: 5fe88ea0500c6e418492f4b166c0d4a24e9632cc (diff)
download: cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.tar.gz
cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.tar.bz2
cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.zip
4 files changed, 107 insertions, 22 deletions
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index c63e520f..c667cd16 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 import binascii
+import itertools
 import os
 
 import pytest
@@ -430,9 +431,10 @@ class TestDHPrivateKeySerialization(object):
             (serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
             (serialization.Encoding.DER, serialization.PrivateFormat.Raw),
             (serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
+            (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8),
         ]
     )
-    def test_private_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
         parameters = dh.generate_parameters(2, 512, backend)
         key = parameters.generate_private_key()
         with pytest.raises(ValueError):
@@ -823,15 +825,26 @@ class TestDHParameterSerialization(object):
     @pytest.mark.parametrize(
         ("encoding", "fmt"),
         [
-            (serialization.Encoding.Raw, serialization.PublicFormat.Raw),
-            (serialization.Encoding.PEM, serialization.PublicFormat.Raw),
             (
                 serialization.Encoding.Raw,
                 serialization.PublicFormat.SubjectPublicKeyInfo
             ),
-        ]
+            (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
+        ] + list(itertools.product(
+            [
+                serialization.Encoding.Raw,
+                serialization.Encoding.X962,
+                serialization.Encoding.PEM,
+                serialization.Encoding.DER
+            ],
+            [
+                serialization.PublicFormat.Raw,
+                serialization.PublicFormat.UncompressedPoint,
+                serialization.PublicFormat.CompressedPoint
+            ]
+        ))
     )
-    def test_public_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
         parameters = dh.generate_parameters(2, 512, backend)
         key = parameters.generate_private_key().public_key()
         with pytest.raises(ValueError):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 5d2f1bd8..efd2239c 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -719,9 +719,10 @@ class TestDSASerialization(object):
             (serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
             (serialization.Encoding.DER, serialization.PrivateFormat.Raw),
             (serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
+            (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8),
         ]
     )
-    def test_private_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
         key = DSA_KEY_1024.private_key(backend)
         with pytest.raises(ValueError):
             key.private_bytes(encoding, fmt, serialization.NoEncryption())
@@ -968,15 +969,26 @@ class TestDSAPEMPublicKeySerialization(object):
     @pytest.mark.parametrize(
         ("encoding", "fmt"),
         [
-            (serialization.Encoding.Raw, serialization.PublicFormat.Raw),
-            (serialization.Encoding.PEM, serialization.PublicFormat.Raw),
             (
                 serialization.Encoding.Raw,
                 serialization.PublicFormat.SubjectPublicKeyInfo
             ),
-        ]
+            (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
+        ] + list(itertools.product(
+            [
+                serialization.Encoding.Raw,
+                serialization.Encoding.X962,
+                serialization.Encoding.PEM,
+                serialization.Encoding.DER
+            ],
+            [
+                serialization.PublicFormat.Raw,
+                serialization.PublicFormat.UncompressedPoint,
+                serialization.PublicFormat.CompressedPoint
+            ]
+        ))
     )
-    def test_public_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
         key = DSA_KEY_2048.private_key(backend).public_key()
         with pytest.raises(ValueError):
             key.public_bytes(encoding, fmt)
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 830d89a0..471ef267 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -711,9 +711,10 @@ class TestECSerialization(object):
             (serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
             (serialization.Encoding.DER, serialization.PrivateFormat.Raw),
             (serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
+            (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8),
         ]
     )
-    def test_private_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
         _skip_curve_unsupported(backend, ec.SECP256R1())
         key = ec.generate_private_key(ec.SECP256R1(), backend)
         with pytest.raises(ValueError):
@@ -1001,13 +1002,27 @@ class TestEllipticCurvePEMPublicKeySerialization(object):
 
     @pytest.mark.parametrize(
         ("encoding", "fmt"),
-        [
-            (serialization.Encoding.Raw, serialization.PublicFormat.Raw),
-            (serialization.Encoding.PEM, serialization.PublicFormat.Raw),
-            (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
-        ]
+        list(itertools.product(
+            [
+                serialization.Encoding.Raw,
+                serialization.Encoding.X962,
+                serialization.Encoding.PEM,
+                serialization.Encoding.DER
+            ],
+            [
+                serialization.PublicFormat.Raw,
+            ]
+        )) + list(itertools.product(
+            [serialization.Encoding.Raw],
+            [
+                serialization.PublicFormat.SubjectPublicKeyInfo,
+                serialization.PublicFormat.PKCS1,
+                serialization.PublicFormat.UncompressedPoint,
+                serialization.PublicFormat.CompressedPoint,
+            ]
+        ))
     )
-    def test_public_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
         _skip_curve_unsupported(backend, ec.SECP256R1())
         key = ec.generate_private_key(ec.SECP256R1(), backend).public_key()
         with pytest.raises(ValueError):
@@ -1121,6 +1136,36 @@ class TestEllipticCurvePEMPublicKeySerialization(object):
                 ec.SECP256R1(), unsupported_type
             )
 
+    @pytest.mark.parametrize(
+        "vector",
+        load_vectors_from_file(
+            os.path.join("asymmetric", "EC", "compressed_points.txt"),
+            load_nist_vectors
+        )
+    )
+    def test_serialize_point(self, vector, backend):
+        curve = {
+            b"SECP256R1": ec.SECP256R1(),
+            b"SECP256K1": ec.SECP256K1(),
+        }[vector["curve"]]
+        point = binascii.unhexlify(vector["point"])
+        key = ec.EllipticCurvePublicKey.from_encoded_point(curve, point)
+        key2 = ec.EllipticCurvePublicKey.from_encoded_point(
+            curve,
+            key.public_bytes(
+                serialization.Encoding.X962,
+                serialization.PublicFormat.UncompressedPoint
+            )
+        )
+        assert key.public_bytes(
+            serialization.Encoding.X962,
+            serialization.PublicFormat.CompressedPoint
+        ) == point
+        assert key2.public_bytes(
+            serialization.Encoding.X962,
+            serialization.PublicFormat.CompressedPoint
+        ) == point
+
 
 @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
 class TestECDSAVerification(object):
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 0c25bdbb..65d88f54 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -2067,9 +2067,10 @@ class TestRSAPrivateKeySerialization(object):
             (serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
             (serialization.Encoding.DER, serialization.PrivateFormat.Raw),
             (serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
+            (serialization.Encoding.X962, serialization.PrivateFormat.PKCS8),
         ]
     )
-    def test_private_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
         key = RSA_KEY_2048.private_key(backend)
         with pytest.raises(ValueError):
             key.private_bytes(encoding, fmt, serialization.NoEncryption())
@@ -2303,12 +2304,26 @@ class TestRSAPEMPublicKeySerialization(object):
     @pytest.mark.parametrize(
         ("encoding", "fmt"),
         [
-            (serialization.Encoding.Raw, serialization.PublicFormat.Raw),
-            (serialization.Encoding.PEM, serialization.PublicFormat.Raw),
+            (
+                serialization.Encoding.Raw,
+                serialization.PublicFormat.SubjectPublicKeyInfo
+            ),
             (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
-        ]
+        ] + list(itertools.product(
+            [
+                serialization.Encoding.Raw,
+                serialization.Encoding.X962,
+                serialization.Encoding.PEM,
+                serialization.Encoding.DER
+            ],
+            [
+                serialization.PublicFormat.Raw,
+                serialization.PublicFormat.UncompressedPoint,
+                serialization.PublicFormat.CompressedPoint
+            ]
+        ))
     )
-    def test_public_bytes_rejects_raw(self, encoding, fmt, backend):
+    def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
         key = RSA_KEY_2048.private_key(backend).public_key()
         with pytest.raises(ValueError):
             key.public_bytes(encoding, fmt)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-01-20 15:02:59 -0600
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-01-20 15:02:59 -0600
commit	a07b1f5463361570c3248c1096ffd8b3bff0bfa5 (patch)
tree	66bc3e076557579ad062dea6a08a716519857b11 /tests/hazmat
parent	5fe88ea0500c6e418492f4b166c0d4a24e9632cc (diff)
download	cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.tar.gz cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.tar.bz2 cryptography-a07b1f5463361570c3248c1096ffd8b3bff0bfa5.zip