diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-03-15 13:35:10 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-03-15 13:35:10 -0400 |
commit | 17c8f126c7c7d5ce886112a6e924277a7b203f25 (patch) | |
tree | f6c136e76f4fe11243b2f43ef632c5893e0c8634 /tests | |
parent | 2250aafd6f475a503219da75554200165005ee34 (diff) | |
download | cryptography-17c8f126c7c7d5ce886112a6e924277a7b203f25.tar.gz cryptography-17c8f126c7c7d5ce886112a6e924277a7b203f25.tar.bz2 cryptography-17c8f126c7c7d5ce886112a6e924277a7b203f25.zip |
Brainpool curves (#4129)
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
Diffstat (limited to 'tests')
-rw-r--r-- | tests/hazmat/primitives/test_ec.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 02b1cdc6..1b491a10 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -26,7 +26,7 @@ from .fixtures_ec import EC_KEY_SECP384R1 from ...doubles import DummyKeySerializationEncryption from ...utils import ( load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors, - load_kasvs_ecdh_vectors, load_vectors_from_file, + load_kasvs_ecdh_vectors, load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm ) @@ -1101,6 +1101,33 @@ class TestECDH(object): else: assert z == vector['Z'] + @pytest.mark.parametrize( + "vector", + load_vectors_from_file( + os.path.join("asymmetric", "ECDH", "brainpool.txt"), + load_nist_vectors + ) + ) + def test_brainpool_kex(self, backend, vector): + curve = ec._CURVE_TYPES[vector['curve'].decode('ascii')] + _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) + key = ec.EllipticCurvePrivateNumbers( + int(vector['da'], 16), + ec.EllipticCurvePublicNumbers( + int(vector['x_qa'], 16), int(vector['y_qa'], 16), curve() + ) + ).private_key(backend) + peer = ec.EllipticCurvePrivateNumbers( + int(vector['db'], 16), + ec.EllipticCurvePublicNumbers( + int(vector['x_qb'], 16), int(vector['y_qb'], 16), curve() + ) + ).private_key(backend) + shared_secret = key.exchange(ec.ECDH(), peer.public_key()) + assert shared_secret == binascii.unhexlify(vector["x_z"]) + shared_secret_2 = peer.exchange(ec.ECDH(), key.public_key()) + assert shared_secret_2 == binascii.unhexlify(vector["x_z"]) + def test_exchange_unsupported_algorithm(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) |