diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-01 08:11:13 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-01 08:11:13 -0800 |
| commit | 2a160d6a159817dd9d08a84e77d102e328f9af4f (patch) | |
| tree | 461b7c607367f243bb46996ec16ad7424e48d440 /tests | |
| parent | 62aefffb1396190930074bf04c91459d1536bd0e (diff) | |
| parent | 522487e5a7dd3004747da85c9f6c53fc5dc4de06 (diff) | |
| download | cryptography-2a160d6a159817dd9d08a84e77d102e328f9af4f.tar.gz cryptography-2a160d6a159817dd9d08a84e77d102e328f9af4f.tar.bz2 cryptography-2a160d6a159817dd9d08a84e77d102e328f9af4f.zip | |
Merge branch 'master' into validate-iv
Conflicts:
tests/hazmat/backends/test_openssl.py
tests/hazmat/primitives/test_block.py
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/conftest.py | 17 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 12 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_3des.py | 53 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 84 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_arc4.py | 15 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 35 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_blowfish.py | 70 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_camellia.py | 70 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_cast5.py | 17 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hash_vectors.py | 62 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 71 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 51 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac_vectors.py | 51 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_utils.py | 117 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 292 | ||||
| -rw-r--r-- | tests/test_utils.py | 52 | ||||
| -rw-r--r-- | tests/utils.py | 22 |
17 files changed, 600 insertions, 491 deletions
diff --git a/tests/conftest.py b/tests/conftest.py index 71662802..0ddc3338 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,5 +1,22 @@ +import pytest + +from cryptography.hazmat.backends.interfaces import ( + HMACBackend, CipherBackend, HashBackend +) + +from .utils import check_for_iface, check_backend_support + + def pytest_generate_tests(metafunc): from cryptography.hazmat.backends import _ALL_BACKENDS if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", _ALL_BACKENDS) + + +@pytest.mark.trylast +def pytest_runtest_setup(item): + check_for_iface("hmac", HMACBackend, item) + check_for_iface("cipher", CipherBackend, item) + check_for_iface("hash", HashBackend, item) + check_backend_support(item) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 9c8fea2a..23f9bff1 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -23,14 +23,17 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC +@utils.register_interface(interfaces.Mode) class DummyMode(object): + name = "dummy-mode" + def validate_for_algorithm(self, algorithm): pass @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): - pass + name = "dummy-cipher" class TestOpenSSL(object): @@ -63,15 +66,16 @@ class TestOpenSSL(object): assert b.ffi is backend.ffi assert b.lib is backend.lib - def test_nonexistent_cipher(self): + @pytest.mark.parametrize("mode", [DummyMode(), None]) + def test_nonexistent_cipher(self, mode): b = Backend() b.register_cipher_adapter( DummyCipher, - DummyMode, + type(mode), lambda backend, cipher, mode: backend.ffi.NULL ) cipher = Cipher( - DummyCipher(), DummyMode(), backend=b, + DummyCipher(), mode, backend=b, ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 69ec9c9a..581c47eb 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -20,12 +20,21 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", +) +@pytest.mark.cipher class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -37,8 +46,8 @@ class TestTripleDES_CBC(object): "TCBCvarkey.rsp", "TCBCvartext.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.CBC(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), ) test_MMT = generate_encrypt_test( @@ -49,13 +58,20 @@ class TestTripleDES_CBC(object): "TCBCMMT2.rsp", "TCBCMMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) ), - lambda key1, key2, key3, iv: modes.CBC(binascii.unhexlify(iv)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", +) +@pytest.mark.cipher class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -67,8 +83,8 @@ class TestTripleDES_OFB(object): "TOFBvartext.rsp", "TOFBinvperm.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.OFB(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), ) test_MMT = generate_encrypt_test( @@ -79,13 +95,20 @@ class TestTripleDES_OFB(object): "TOFBMMT2.rsp", "TOFBMMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) ), - lambda key1, key2, key3, iv: modes.OFB(binascii.unhexlify(iv)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", +) +@pytest.mark.cipher class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -97,8 +120,8 @@ class TestTripleDES_CFB(object): "TCFB64varkey.rsp", "TCFB64vartext.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.CFB(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), ) test_MMT = generate_encrypt_test( @@ -109,8 +132,8 @@ class TestTripleDES_CFB(object): "TCFB64MMT2.rsp", "TCFB64MMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) ), - lambda key1, key2, key3, iv: modes.CFB(binascii.unhexlify(iv)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), ) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index f7b0b9a0..8cba8c66 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test, generate_aead_test @@ -24,7 +26,14 @@ from ...utils import ( ) -class TestAES(object): +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", +) +@pytest.mark.cipher +class TestAES_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CBC"), @@ -45,10 +54,19 @@ class TestAES(object): "CBCMMT192.rsp", "CBCMMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.ECB() + ), + skip_message="Does not support AES ECB", +) +@pytest.mark.cipher +class TestAES_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "ECB"), @@ -69,10 +87,19 @@ class TestAES(object): "ECBMMT192.rsp", "ECBMMT256.rsp", ], - lambda key: algorithms.AES(binascii.unhexlify(key)), - lambda key: modes.ECB(), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support AES OFB", +) +@pytest.mark.cipher +class TestAES_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "OFB"), @@ -93,10 +120,19 @@ class TestAES(object): "OFBMMT192.rsp", "OFBMMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support AES CFB", +) +@pytest.mark.cipher +class TestAES_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CFB"), @@ -117,22 +153,36 @@ class TestAES(object): "CFB128MMT192.rsp", "CFB128MMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) + ), + skip_message="Does not support AES CTR", +) +@pytest.mark.cipher +class TestAES_CTR(object): test_CTR = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "AES", "CTR"), ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CTR(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) - ), - skip_message="Does not support AES CTR", + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) +@pytest.mark.cipher +class TestAES_GCM(object): test_GCM = generate_aead_test( load_nist_vectors, os.path.join("ciphers", "AES", "GCM"), @@ -146,8 +196,4 @@ class TestAES(object): ], lambda key: algorithms.AES(key), lambda iv, tag: modes.GCM(iv, tag), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index d233bec2..33f7ff09 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -16,12 +16,21 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms from .utils import generate_stream_encryption_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.ARC4("\x00" * 16), None + ), + skip_message="Does not support ARC4", +) +@pytest.mark.cipher class TestARC4(object): test_rfc = generate_stream_encryption_test( load_nist_vectors, @@ -35,9 +44,5 @@ class TestARC4(object): "rfc-6229-192.txt", "rfc-6229-256.txt", ], - lambda key: algorithms.ARC4(binascii.unhexlify((key))), - only_if=lambda backend: backend.cipher_supported( - algorithms.ARC4("\x00" * 16), None - ), - skip_message="Does not support ARC4", + lambda key, **kwargs: algorithms.ARC4(binascii.unhexlify(key)), ) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 7c4331e0..f758ffaa 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -31,16 +31,20 @@ from .utils import ( ) -@utils.register_interface(interfaces.CipherAlgorithm) -class DummyCipher(object): - pass - - +@utils.register_interface(interfaces.Mode) class DummyMode(object): + name = "dummy-mode" + def validate_for_algorithm(self, algorithm): pass +@utils.register_interface(interfaces.CipherAlgorithm) +class DummyCipher(object): + name = "dummy-cipher" + + +@pytest.mark.cipher class TestCipher(object): def test_creates_encryptor(self, backend): cipher = Cipher( @@ -64,6 +68,7 @@ class TestCipher(object): Cipher(algorithm, mode=None, backend=backend) +@pytest.mark.cipher class TestCipherContext(object): def test_use_after_finalize(self, backend): cipher = Cipher( @@ -106,9 +111,10 @@ class TestCipherContext(object): assert pt == b"a" * 80 decryptor.finalize() - def test_nonexistent_cipher(self, backend): + @pytest.mark.parametrize("mode", [DummyMode(), None]) + def test_nonexistent_cipher(self, backend, mode): cipher = Cipher( - DummyCipher(), DummyMode(), backend + DummyCipher(), mode, backend ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() @@ -133,22 +139,21 @@ class TestCipherContext(object): decryptor.finalize() +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) +@pytest.mark.cipher class TestAEADCipherContext(object): test_aead_exceptions = generate_aead_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) test_aead_tag_exceptions = generate_aead_tag_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index d5fbed6f..18512a6e 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -16,57 +16,77 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors -class TestBlowfish(object): +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.ECB() + ), + skip_message="Does not support Blowfish ECB", +) +@pytest.mark.cipher +class TestBlowfish_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ecb.txt"], - lambda key: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.ECB() - ), - skip_message="Does not support Blowfish ECB", + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) + ), + skip_message="Does not support Blowfish CBC", +) +@pytest.mark.cipher +class TestBlowfish_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cbc.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) - ), - skip_message="Does not support Blowfish CBC", + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) + ), + skip_message="Does not support Blowfish OFB", +) +@pytest.mark.cipher +class TestBlowfish_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ofb.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) - ), - skip_message="Does not support Blowfish OFB", + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) + ), + skip_message="Does not support Blowfish CFB", +) +@pytest.mark.cipher +class TestBlowfish_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cfb.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) - ), - skip_message="Does not support Blowfish CFB", + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), ) diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index a2c935d9..7c56f6f9 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test @@ -24,7 +26,14 @@ from ...utils import ( ) -class TestCamellia(object): +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.ECB() + ), + skip_message="Does not support Camellia ECB", +) +@pytest.mark.cipher +class TestCamellia_ECB(object): test_ECB = generate_encrypt_test( load_cryptrec_vectors, os.path.join("ciphers", "Camellia"), @@ -33,46 +42,57 @@ class TestCamellia(object): "camellia-192-ecb.txt", "camellia-256-ecb.txt" ], - lambda key: algorithms.Camellia(binascii.unhexlify((key))), - lambda key: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.ECB() - ), - skip_message="Does not support Camellia ECB", + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support Camellia CBC", +) +@pytest.mark.cipher +class TestCamellia_CBC(object): test_CBC = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cbc.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) - ), - skip_message="Does not support Camellia CBC", + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support Camellia OFB", +) +@pytest.mark.cipher +class TestCamellia_OFB(object): test_OFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-ofb.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) - ), - skip_message="Does not support Camellia OFB", + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support Camellia CFB", +) +@pytest.mark.cipher +class TestCamellia_CFB(object): test_CFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cfb.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) - ), - skip_message="Does not support Camellia CFB", + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), ) diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index a283dafc..d65a86b2 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -16,21 +16,26 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.CAST5("\x00" * 16), modes.ECB() + ), + skip_message="Does not support CAST5 ECB", +) +@pytest.mark.cipher class TestCAST5(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "CAST5"), ["cast5-ecb.txt"], - lambda key: algorithms.CAST5(binascii.unhexlify((key))), - lambda key: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.CAST5("\x00" * 16), modes.ECB() - ), - skip_message="Does not support CAST5 ECB", + lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), + lambda **kwargs: modes.ECB(), ) diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index a8655812..13ffc3fd 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -15,12 +15,19 @@ from __future__ import absolute_import, division, print_function import os +import pytest + from cryptography.hazmat.primitives import hashes from .utils import generate_hash_test, generate_long_string_hash_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_hash_test( load_hash_vectors, @@ -30,11 +37,14 @@ class TestSHA1(object): "SHA1ShortMsg.rsp", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_hash_test( load_hash_vectors, @@ -44,11 +54,14 @@ class TestSHA224(object): "SHA224ShortMsg.rsp", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_hash_test( load_hash_vectors, @@ -58,11 +71,14 @@ class TestSHA256(object): "SHA256ShortMsg.rsp", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_hash_test( load_hash_vectors, @@ -72,11 +88,14 @@ class TestSHA384(object): "SHA384ShortMsg.rsp", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_hash_test( load_hash_vectors, @@ -86,11 +105,14 @@ class TestSHA512(object): "SHA512ShortMsg.rsp", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( load_hash_vectors, @@ -99,18 +121,19 @@ class TestRIPEMD160(object): "ripevectors.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) test_RIPEMD160_long_string = generate_long_string_hash_test( hashes.RIPEMD160(), "52783243c1697bdbe16d37f97f68f08325dc1528", - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) +@pytest.mark.hash class TestWhirlpool(object): test_whirlpool = generate_hash_test( load_hash_vectors, @@ -119,8 +142,6 @@ class TestWhirlpool(object): "iso-test-vectors.txt", ], hashes.Whirlpool(), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) test_whirlpool_long_string = generate_long_string_hash_test( @@ -128,11 +149,14 @@ class TestWhirlpool(object): ("0c99005beb57eff50a7cf005560ddf5d29057fd86b2" "0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b" "66c34ff9ad8c6008ad677f77126953b226e4ed8b01"), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) +@pytest.mark.hash class TestMD5(object): test_md5 = generate_hash_test( load_hash_vectors, @@ -141,6 +165,4 @@ class TestMD5(object): "rfc-1321.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index ff42e8f4..c907ef61 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -19,12 +19,19 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes +from cryptography import utils +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + +@pytest.mark.hash class TestHashContext(object): def test_hash_reject_unicode(self, backend): m = hashes.Hash(hashes.SHA1(), backend=backend) @@ -57,82 +64,110 @@ class TestHashContext(object): with pytest.raises(AlreadyFinalized): h.finalize() + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hashes.Hash(UnsupportedDummyHash(), backend) + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_base_hash_test( hashes.SHA224(), digest_size=28, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_base_hash_test( hashes.SHA256(), digest_size=32, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_base_hash_test( hashes.SHA384(), digest_size=48, block_size=128, - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_base_hash_test( hashes.SHA512(), digest_size=64, block_size=128, - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_base_hash_test( hashes.RIPEMD160(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) +@pytest.mark.hash class TestWhirlpool(object): test_Whirlpool = generate_base_hash_test( hashes.Whirlpool(), digest_size=64, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) +@pytest.mark.hash class TestMD5(object): test_MD5 = generate_base_hash_test( hashes.MD5(), digest_size=16, block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 992bcb1a..04913af6 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -19,19 +19,33 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes, hmac +from cryptography import utils +from cryptography.exceptions import ( + AlreadyFinalized, UnsupportedAlgorithm, InvalidSignature +) +from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test -class TestHMAC(object): +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) +@pytest.mark.hmac +class TestHMACCopy(object): test_copy = generate_base_hmac_test( hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) + +@pytest.mark.hmac +class TestHMAC(object): def test_hmac_reject_unicode(self, backend): h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) with pytest.raises(TypeError): @@ -63,3 +77,30 @@ class TestHMAC(object): with pytest.raises(AlreadyFinalized): h.finalize() + + def test_verify(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + digest = h.finalize() + + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + h.verify(digest) + + with pytest.raises(AlreadyFinalized): + h.verify(b'') + + def test_invalid_verify(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + with pytest.raises(InvalidSignature): + h.verify(b'') + + with pytest.raises(AlreadyFinalized): + h.verify(b'') + + def test_verify_reject_unicode(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + with pytest.raises(TypeError): + h.verify(six.u('')) + + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"key", UnsupportedDummyHash(), backend) diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 7d0f156a..c5644459 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -13,12 +13,19 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography.hazmat.primitives import hashes from .utils import generate_hmac_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) +@pytest.mark.hmac class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( load_hash_vectors, @@ -27,11 +34,14 @@ class TestHMAC_MD5(object): "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) +@pytest.mark.hmac class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( load_hash_vectors, @@ -40,11 +50,14 @@ class TestHMAC_SHA1(object): "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) +@pytest.mark.hmac class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( load_hash_vectors, @@ -53,11 +66,14 @@ class TestHMAC_SHA224(object): "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) +@pytest.mark.hmac class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( load_hash_vectors, @@ -66,11 +82,14 @@ class TestHMAC_SHA256(object): "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) +@pytest.mark.hmac class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( load_hash_vectors, @@ -79,11 +98,14 @@ class TestHMAC_SHA384(object): "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) +@pytest.mark.hmac class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( load_hash_vectors, @@ -92,11 +114,14 @@ class TestHMAC_SHA512(object): "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) +@pytest.mark.hmac class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( load_hash_vectors, @@ -105,6 +130,4 @@ class TestHMAC_RIPEMD160(object): "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py deleted file mode 100644 index c39364c7..00000000 --- a/tests/hazmat/primitives/test_utils.py +++ /dev/null @@ -1,117 +0,0 @@ -import pytest - -from .utils import ( - base_hash_test, encrypt_test, hash_test, long_string_hash_test, - base_hmac_test, hmac_test, stream_encryption_test, aead_test, - aead_exception_test, aead_tag_exception_test, -) - - -class TestEncryptTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - encrypt_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTagExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_tag_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hash_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestLongHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - long_string_hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hmac_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hmac_test( - None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestStreamEncryptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - stream_encryption_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index b06f9b29..cdcf84cb 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -3,7 +3,6 @@ import os import pytest -from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.exceptions import ( @@ -13,34 +12,29 @@ from cryptography.exceptions import ( from ...utils import load_vectors_from_file +def _load_all_params(path, file_names, param_loader): + all_params = [] + for file_name in file_names: + all_params.extend( + load_vectors_from_file(os.path.join(path, file_name), param_loader) + ) + return all_params + + def generate_encrypt_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if=lambda backend: True, - skip_message=None): - def test_encryption(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - encrypt_test, - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + mode_factory): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_encryption(self, backend, params): + encrypt_test(backend, cipher_factory, mode_factory, params) + return test_encryption -def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) - plaintext = params.pop("plaintext") - ciphertext = params.pop("ciphertext") +def encrypt_test(backend, cipher_factory, mode_factory, params): + plaintext = params["plaintext"] + ciphertext = params["ciphertext"] cipher = Cipher( cipher_factory(**params), mode_factory(**params), @@ -57,34 +51,21 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, def generate_aead_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if, skip_message): - def test_aead(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - aead_test, - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + mode_factory): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_aead(self, backend, params): + aead_test(backend, cipher_factory, mode_factory, params) + return test_aead -def aead_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_test(backend, cipher_factory, mode_factory, params): if params.get("pt") is not None: - plaintext = params.pop("pt") - ciphertext = params.pop("ct") - aad = params.pop("aad") + plaintext = params["pt"] + ciphertext = params["ct"] + aad = params["aad"] if params.get("fail") is True: cipher = Cipher( cipher_factory(binascii.unhexlify(params["key"])), @@ -123,33 +104,19 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, def generate_stream_encryption_test(param_loader, path, file_names, - cipher_factory, only_if=None, - skip_message=None): - def test_stream_encryption(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - stream_encryption_test, - backend, - cipher_factory, - params, - only_if, - skip_message - ) + cipher_factory): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_stream_encryption(self, backend, params): + stream_encryption_test(backend, cipher_factory, params) return test_stream_encryption -def stream_encryption_test(backend, cipher_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) - plaintext = params.pop("plaintext") - ciphertext = params.pop("ciphertext") - offset = params.pop("offset") +def stream_encryption_test(backend, cipher_factory, params): + plaintext = params["plaintext"] + ciphertext = params["ciphertext"] + offset = params["offset"] cipher = Cipher(cipher_factory(**params), None, backend=backend) encryptor = cipher.encryptor() # throw away offset bytes @@ -164,29 +131,16 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, assert actual_plaintext == binascii.unhexlify(plaintext) -def generate_hash_test(param_loader, path, file_names, hash_cls, - only_if=None, skip_message=None): - def test_hash(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - hash_test, - backend, - hash_cls, - params, - only_if, - skip_message - ) +def generate_hash_test(param_loader, path, file_names, hash_cls): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_hash(self, backend, params): + hash_test(backend, hash_cls, params) return test_hash -def hash_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hash_test(backend, algorithm, params): msg = params[0] md = params[1] m = hashes.Hash(algorithm, backend=backend) @@ -195,27 +149,13 @@ def hash_test(backend, algorithm, params, only_if, skip_message): assert m.finalize() == binascii.unhexlify(expected_md) -def generate_base_hash_test(algorithm, digest_size, block_size, - only_if=None, skip_message=None): - def test_base_hash(self): - for backend in _ALL_BACKENDS: - yield ( - base_hash_test, - backend, - algorithm, - digest_size, - block_size, - only_if, - skip_message, - ) +def generate_base_hash_test(algorithm, digest_size, block_size): + def test_base_hash(self, backend): + base_hash_test(backend, algorithm, digest_size, block_size) return test_base_hash -def base_hash_test(backend, algorithm, digest_size, block_size, only_if, - skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - +def base_hash_test(backend, algorithm, digest_size, block_size): m = hashes.Hash(algorithm, backend=backend) assert m.algorithm.digest_size == digest_size assert m.algorithm.block_size == block_size @@ -230,52 +170,42 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, assert copy.finalize() == m.finalize() -def generate_long_string_hash_test(hash_factory, md, only_if=None, - skip_message=None): - def test_long_string_hash(self): - for backend in _ALL_BACKENDS: - yield( - long_string_hash_test, - backend, - hash_factory, - md, - only_if, - skip_message - ) +def generate_long_string_hash_test(hash_factory, md): + def test_long_string_hash(self, backend): + long_string_hash_test(backend, hash_factory, md) return test_long_string_hash -def long_string_hash_test(backend, algorithm, md, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def long_string_hash_test(backend, algorithm, md): m = hashes.Hash(algorithm, backend=backend) m.update(b"a" * 1000000) assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) -def generate_hmac_test(param_loader, path, file_names, algorithm, - only_if=None, skip_message=None): - def test_hmac(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - hmac_test, - backend, - algorithm, - params, - only_if, - skip_message - ) +def generate_base_hmac_test(hash_cls): + def test_base_hmac(self, backend): + base_hmac_test(backend, hash_cls) + return test_base_hmac + + +def base_hmac_test(backend, algorithm): + key = b"ab" + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) + h_copy = h.copy() + assert h != h_copy + assert h._ctx != h_copy._ctx + + +def generate_hmac_test(param_loader, path, file_names, algorithm): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_hmac(self, backend, params): + hmac_test(backend, algorithm, params) return test_hmac -def hmac_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hmac_test(backend, algorithm, params): msg = params[0] md = params[1] key = params[2] @@ -284,48 +214,13 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): assert h.finalize() == binascii.unhexlify(md.encode("ascii")) -def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None): - def test_base_hmac(self): - for backend in _ALL_BACKENDS: - yield ( - base_hmac_test, - backend, - hash_cls, - only_if, - skip_message, - ) - return test_base_hmac - - -def base_hmac_test(backend, algorithm, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) - h_copy = h.copy() - assert h != h_copy - assert h._ctx != h_copy._ctx - - -def generate_aead_exception_test(cipher_factory, mode_factory, - only_if, skip_message): - def test_aead_exception(self): - for backend in _ALL_BACKENDS: - yield ( - aead_exception_test, - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) +def generate_aead_exception_test(cipher_factory, mode_factory): + def test_aead_exception(self, backend): + aead_exception_test(backend, cipher_factory, mode_factory) return test_aead_exception -def aead_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), @@ -355,25 +250,13 @@ def aead_exception_test(backend, cipher_factory, mode_factory, decryptor.tag -def generate_aead_tag_exception_test(cipher_factory, mode_factory, - only_if, skip_message): - def test_aead_tag_exception(self): - for backend in _ALL_BACKENDS: - yield ( - aead_tag_exception_test, - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) +def generate_aead_tag_exception_test(cipher_factory, mode_factory): + def test_aead_tag_exception(self, backend): + aead_tag_exception_test(backend, cipher_factory, mode_factory) return test_aead_tag_exception -def aead_tag_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_tag_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), @@ -383,6 +266,13 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory, cipher.decryptor() cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24), b"000"), + backend + ) + with pytest.raises(ValueError): + cipher.decryptor() + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16), backend ) diff --git a/tests/test_utils.py b/tests/test_utils.py index 5c58fd76..c640367e 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,14 +14,64 @@ import os import textwrap +import pretend + import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_openssl_vectors, load_hash_vectors, + load_openssl_vectors, load_hash_vectors, check_for_iface, + check_backend_support ) +class FakeInterface(object): + pass + + +def test_check_for_iface(): + item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_for_iface("fake_name", FakeInterface, item) + assert exc_info.value.args[0] == "True backend does not support fake_name" + + item = pretend.stub( + keywords=["fake_name"], + funcargs={"backend": FakeInterface()} + ) + check_for_iface("fake_name", FakeInterface, item) + + +def test_check_backend_support_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_backend_support(item) + assert exc_info.value.args[0] == "Nope" + + +def test_check_backend_support_no_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + assert check_backend_support(item) is None + + +def test_check_backend_support_no_backend(): + supported = pretend.stub( + kwargs={"only_if": "notalambda", "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={}) + with pytest.raises(ValueError): + check_backend_support(item) + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 94f97d59..beb2ca5d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -11,7 +11,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os.path +import os + +import pytest + + +def check_for_iface(name, iface, item): + if name in item.keywords and "backend" in item.funcargs: + if not isinstance(item.funcargs["backend"], iface): + pytest.skip("{0} backend does not support {1}".format( + item.funcargs["backend"], name + )) + + +def check_backend_support(item): + supported = item.keywords.get("supported") + if supported and "backend" in item.funcargs: + if not supported.kwargs["only_if"](item.funcargs["backend"]): + pytest.skip(supported.kwargs["skip_message"]) + elif supported: + raise ValueError("This mark is only available on methods that take a " + "backend") def load_vectors_from_file(filename, loader): |