diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-27 08:22:07 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-27 08:22:07 -0800 |
| commit | 4b31af7407ab6221712e8d83cd1bce53bd57aa95 (patch) | |
| tree | 7b6774bc8559f51b47cb3510c244146ce20d00fb /tests | |
| parent | 3ac297e4c9b655b3222da1830e9677c9d03a3926 (diff) | |
| parent | 37c88a0dea800b3028f95bf71a8cd6e344254d4e (diff) | |
| download | cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.tar.gz cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.tar.bz2 cryptography-4b31af7407ab6221712e8d83cd1bce53bd57aa95.zip | |
Merge branch 'master' into fernet
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/conftest.py | 16 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 12 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_3des.py | 59 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 39 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_arc4.py | 5 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 15 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_blowfish.py | 19 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_camellia.py | 19 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_cast5.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hash_vectors.py | 10 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 23 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 42 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac_vectors.py | 23 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 262 | ||||
| -rw-r--r-- | tests/test_utils.py | 21 | ||||
| -rw-r--r-- | tests/utils.py | 12 |
16 files changed, 380 insertions, 204 deletions
diff --git a/tests/conftest.py b/tests/conftest.py index 71662802..e059b630 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,5 +1,21 @@ +import pytest + +from cryptography.hazmat.backends.interfaces import ( + HMACBackend, CipherBackend, HashBackend +) + +from .utils import check_for_iface + + def pytest_generate_tests(metafunc): from cryptography.hazmat.backends import _ALL_BACKENDS if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", _ALL_BACKENDS) + + +@pytest.mark.trylast +def pytest_runtest_setup(item): + check_for_iface("hmac", HMACBackend, item) + check_for_iface("cipher", CipherBackend, item) + check_for_iface("hash", HashBackend, item) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 962959b9..543a05fe 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -23,13 +23,14 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC +@utils.register_interface(interfaces.Mode) class DummyMode(object): - pass + name = "dummy-mode" @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): - pass + name = "dummy-cipher" class TestOpenSSL(object): @@ -62,15 +63,16 @@ class TestOpenSSL(object): assert b.ffi is backend.ffi assert b.lib is backend.lib - def test_nonexistent_cipher(self): + @pytest.mark.parametrize("mode", [DummyMode(), None]) + def test_nonexistent_cipher(self, mode): b = Backend() b.register_cipher_adapter( DummyCipher, - DummyMode, + type(mode), lambda backend, cipher, mode: backend.ffi.NULL ) cipher = Cipher( - DummyCipher(), DummyMode(), backend=b, + DummyCipher(), mode, backend=b, ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 69ec9c9a..439ca258 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -20,12 +20,15 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -37,8 +40,12 @@ class TestTripleDES_CBC(object): "TCBCvarkey.rsp", "TCBCvartext.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.CBC(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", ) test_MMT = generate_encrypt_test( @@ -49,13 +56,18 @@ class TestTripleDES_CBC(object): "TCBCMMT2.rsp", "TCBCMMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) ), - lambda key1, key2, key3, iv: modes.CBC(binascii.unhexlify(iv)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", ) +@pytest.mark.cipher class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -67,8 +79,12 @@ class TestTripleDES_OFB(object): "TOFBvartext.rsp", "TOFBinvperm.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.OFB(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", ) test_MMT = generate_encrypt_test( @@ -79,13 +95,18 @@ class TestTripleDES_OFB(object): "TOFBMMT2.rsp", "TOFBMMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) ), - lambda key1, key2, key3, iv: modes.OFB(binascii.unhexlify(iv)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", ) +@pytest.mark.cipher class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -97,8 +118,12 @@ class TestTripleDES_CFB(object): "TCFB64varkey.rsp", "TCFB64vartext.rsp", ], - lambda keys, iv: algorithms.TripleDES(binascii.unhexlify(keys)), - lambda keys, iv: modes.CFB(binascii.unhexlify(iv)), + lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", ) test_MMT = generate_encrypt_test( @@ -109,8 +134,12 @@ class TestTripleDES_CFB(object): "TCFB64MMT2.rsp", "TCFB64MMT3.rsp", ], - lambda key1, key2, key3, iv: ( - algorithms.TripleDES(binascii.unhexlify(key1 + key2 + key3)) + lambda key1, key2, key3, **kwargs: algorithms.TripleDES( + binascii.unhexlify(key1 + key2 + key3) + ), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) ), - lambda key1, key2, key3, iv: modes.CFB(binascii.unhexlify(iv)), + skip_message="Does not support TripleDES CFB", ) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index f7b0b9a0..e9ef3853 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test, generate_aead_test @@ -24,6 +26,7 @@ from ...utils import ( ) +@pytest.mark.cipher class TestAES(object): test_CBC = generate_encrypt_test( load_nist_vectors, @@ -45,8 +48,12 @@ class TestAES(object): "CBCMMT192.rsp", "CBCMMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", ) test_ECB = generate_encrypt_test( @@ -69,8 +76,12 @@ class TestAES(object): "ECBMMT192.rsp", "ECBMMT256.rsp", ], - lambda key: algorithms.AES(binascii.unhexlify(key)), - lambda key: modes.ECB(), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.ECB() + ), + skip_message="Does not support AES ECB", ) test_OFB = generate_encrypt_test( @@ -93,8 +104,12 @@ class TestAES(object): "OFBMMT192.rsp", "OFBMMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support AES OFB", ) test_CFB = generate_encrypt_test( @@ -117,16 +132,20 @@ class TestAES(object): "CFB128MMT192.rsp", "CFB128MMT256.rsp", ], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support AES CFB", ) test_CTR = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "AES", "CTR"), ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], - lambda key, iv: algorithms.AES(binascii.unhexlify(key)), - lambda key, iv: modes.CTR(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) ), diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index d233bec2..f2e2452c 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -16,12 +16,15 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms from .utils import generate_stream_encryption_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestARC4(object): test_rfc = generate_stream_encryption_test( load_nist_vectors, @@ -35,7 +38,7 @@ class TestARC4(object): "rfc-6229-192.txt", "rfc-6229-256.txt", ], - lambda key: algorithms.ARC4(binascii.unhexlify((key))), + lambda key, **kwargs: algorithms.ARC4(binascii.unhexlify(key)), only_if=lambda backend: backend.cipher_supported( algorithms.ARC4("\x00" * 16), None ), diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 02de3861..22a7c02f 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -31,11 +31,17 @@ from .utils import ( ) +@utils.register_interface(interfaces.Mode) +class DummyMode(object): + name = "dummy-mode" + + @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): - pass + name = "dummy-cipher" +@pytest.mark.cipher class TestCipher(object): def test_creates_encryptor(self, backend): cipher = Cipher( @@ -59,6 +65,7 @@ class TestCipher(object): Cipher(algorithm, mode=None, backend=backend) +@pytest.mark.cipher class TestCipherContext(object): def test_use_after_finalize(self, backend): cipher = Cipher( @@ -101,9 +108,10 @@ class TestCipherContext(object): assert pt == b"a" * 80 decryptor.finalize() - def test_nonexistent_cipher(self, backend): + @pytest.mark.parametrize("mode", [DummyMode(), None]) + def test_nonexistent_cipher(self, backend, mode): cipher = Cipher( - DummyCipher(), object(), backend + DummyCipher(), mode, backend ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() @@ -128,6 +136,7 @@ class TestCipherContext(object): decryptor.finalize() +@pytest.mark.cipher class TestAEADCipherContext(object): test_aead_exceptions = generate_aead_exception_test( algorithms.AES, diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index d5fbed6f..79ceabe7 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -16,19 +16,22 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestBlowfish(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ecb.txt"], - lambda key: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key: modes.ECB(), + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.ECB() ), @@ -39,8 +42,8 @@ class TestBlowfish(object): load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cbc.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) ), @@ -51,8 +54,8 @@ class TestBlowfish(object): load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ofb.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) ), @@ -63,8 +66,8 @@ class TestBlowfish(object): load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cfb.txt"], - lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) ), diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index a2c935d9..c376220e 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test @@ -24,6 +26,7 @@ from ...utils import ( ) +@pytest.mark.cipher class TestCamellia(object): test_ECB = generate_encrypt_test( load_cryptrec_vectors, @@ -33,8 +36,8 @@ class TestCamellia(object): "camellia-192-ecb.txt", "camellia-256-ecb.txt" ], - lambda key: algorithms.Camellia(binascii.unhexlify((key))), - lambda key: modes.ECB(), + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda **kwargs: modes.ECB(), only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.ECB() ), @@ -45,8 +48,8 @@ class TestCamellia(object): load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cbc.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.CBC(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) ), @@ -57,8 +60,8 @@ class TestCamellia(object): load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-ofb.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.OFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) ), @@ -69,8 +72,8 @@ class TestCamellia(object): load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cfb.txt"], - lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), - lambda key, iv: modes.CFB(binascii.unhexlify(iv)), + lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), + lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) ), diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index a283dafc..a4789c65 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -16,19 +16,22 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest + from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestCAST5(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "CAST5"), ["cast5-ecb.txt"], - lambda key: algorithms.CAST5(binascii.unhexlify((key))), - lambda key: modes.ECB(), + lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), + lambda **kwargs: modes.ECB(), only_if=lambda backend: backend.cipher_supported( algorithms.CAST5("\x00" * 16), modes.ECB() ), diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index a8655812..d9febea9 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -15,12 +15,15 @@ from __future__ import absolute_import, division, print_function import os +import pytest + from cryptography.hazmat.primitives import hashes from .utils import generate_hash_test, generate_long_string_hash_test from ...utils import load_hash_vectors +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_hash_test( load_hash_vectors, @@ -35,6 +38,7 @@ class TestSHA1(object): ) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_hash_test( load_hash_vectors, @@ -49,6 +53,7 @@ class TestSHA224(object): ) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_hash_test( load_hash_vectors, @@ -63,6 +68,7 @@ class TestSHA256(object): ) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_hash_test( load_hash_vectors, @@ -77,6 +83,7 @@ class TestSHA384(object): ) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_hash_test( load_hash_vectors, @@ -91,6 +98,7 @@ class TestSHA512(object): ) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( load_hash_vectors, @@ -111,6 +119,7 @@ class TestRIPEMD160(object): ) +@pytest.mark.hash class TestWhirlpool(object): test_whirlpool = generate_hash_test( load_hash_vectors, @@ -133,6 +142,7 @@ class TestWhirlpool(object): ) +@pytest.mark.hash class TestMD5(object): test_md5 = generate_hash_test( load_hash_vectors, diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index ff42e8f4..45faaab2 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -19,12 +19,19 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes +from cryptography import utils +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + +@pytest.mark.hash class TestHashContext(object): def test_hash_reject_unicode(self, backend): m = hashes.Hash(hashes.SHA1(), backend=backend) @@ -57,7 +64,12 @@ class TestHashContext(object): with pytest.raises(AlreadyFinalized): h.finalize() + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hashes.Hash(UnsupportedDummyHash(), backend) + +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1(), @@ -68,6 +80,7 @@ class TestSHA1(object): ) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_base_hash_test( hashes.SHA224(), @@ -78,6 +91,7 @@ class TestSHA224(object): ) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_base_hash_test( hashes.SHA256(), @@ -88,6 +102,7 @@ class TestSHA256(object): ) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_base_hash_test( hashes.SHA384(), @@ -98,6 +113,7 @@ class TestSHA384(object): ) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_base_hash_test( hashes.SHA512(), @@ -108,6 +124,7 @@ class TestSHA512(object): ) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_base_hash_test( hashes.RIPEMD160(), @@ -118,6 +135,7 @@ class TestRIPEMD160(object): ) +@pytest.mark.hash class TestWhirlpool(object): test_Whirlpool = generate_base_hash_test( hashes.Whirlpool(), @@ -128,6 +146,7 @@ class TestWhirlpool(object): ) +@pytest.mark.hash class TestMD5(object): test_MD5 = generate_base_hash_test( hashes.MD5(), diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 992bcb1a..7acb78b7 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -19,16 +19,25 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes, hmac +from cryptography import utils +from cryptography.exceptions import ( + AlreadyFinalized, UnsupportedAlgorithm, InvalidSignature +) +from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + +@pytest.mark.hmac class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5), skip_message="Does not support MD5", ) @@ -63,3 +72,30 @@ class TestHMAC(object): with pytest.raises(AlreadyFinalized): h.finalize() + + def test_verify(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + digest = h.finalize() + + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + h.verify(digest) + + with pytest.raises(AlreadyFinalized): + h.verify(b'') + + def test_invalid_verify(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + with pytest.raises(InvalidSignature): + h.verify(b'') + + with pytest.raises(AlreadyFinalized): + h.verify(b'') + + def test_verify_reject_unicode(self, backend): + h = hmac.HMAC(b'', hashes.SHA1(), backend=backend) + with pytest.raises(TypeError): + h.verify(six.u('')) + + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"key", UnsupportedDummyHash(), backend) diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 7d0f156a..9bc06a2e 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -13,12 +13,15 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography.hazmat.primitives import hashes from .utils import generate_hmac_test from ...utils import load_hash_vectors +@pytest.mark.hmac class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( load_hash_vectors, @@ -27,11 +30,12 @@ class TestHMAC_MD5(object): "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5), skip_message="Does not support MD5", ) +@pytest.mark.hmac class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( load_hash_vectors, @@ -40,11 +44,12 @@ class TestHMAC_SHA1(object): "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), + only_if=lambda backend: backend.hmac_supported(hashes.SHA1), skip_message="Does not support SHA1", ) +@pytest.mark.hmac class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( load_hash_vectors, @@ -53,11 +58,12 @@ class TestHMAC_SHA224(object): "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), + only_if=lambda backend: backend.hmac_supported(hashes.SHA224), skip_message="Does not support SHA224", ) +@pytest.mark.hmac class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( load_hash_vectors, @@ -66,11 +72,12 @@ class TestHMAC_SHA256(object): "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), + only_if=lambda backend: backend.hmac_supported(hashes.SHA256), skip_message="Does not support SHA256", ) +@pytest.mark.hmac class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( load_hash_vectors, @@ -79,11 +86,12 @@ class TestHMAC_SHA384(object): "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), + only_if=lambda backend: backend.hmac_supported(hashes.SHA384), skip_message="Does not support SHA384", ) +@pytest.mark.hmac class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( load_hash_vectors, @@ -92,11 +100,12 @@ class TestHMAC_SHA512(object): "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), + only_if=lambda backend: backend.hmac_supported(hashes.SHA512), skip_message="Does not support SHA512", ) +@pytest.mark.hmac class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( load_hash_vectors, @@ -105,6 +114,6 @@ class TestHMAC_RIPEMD160(object): "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index b06f9b29..e0184777 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -3,7 +3,6 @@ import os import pytest -from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.exceptions import ( @@ -13,25 +12,30 @@ from cryptography.exceptions import ( from ...utils import load_vectors_from_file +def _load_all_params(path, file_names, param_loader): + all_params = [] + for file_name in file_names: + all_params.extend( + load_vectors_from_file(os.path.join(path, file_name), param_loader) + ) + return all_params + + def generate_encrypt_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if=lambda backend: True, - skip_message=None): - def test_encryption(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - encrypt_test, - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + mode_factory, only_if, skip_message=None): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_encryption(self, backend, params): + encrypt_test( + backend, + cipher_factory, + mode_factory, + params, + only_if, + skip_message + ) + return test_encryption @@ -39,8 +43,8 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, skip_message): if not only_if(backend): pytest.skip(skip_message) - plaintext = params.pop("plaintext") - ciphertext = params.pop("ciphertext") + plaintext = params["plaintext"] + ciphertext = params["ciphertext"] cipher = Cipher( cipher_factory(**params), mode_factory(**params), @@ -58,22 +62,19 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, def generate_aead_test(param_loader, path, file_names, cipher_factory, mode_factory, only_if, skip_message): - def test_aead(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - aead_test, - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_aead(self, backend, params): + aead_test( + backend, + cipher_factory, + mode_factory, + params, + only_if, + skip_message + ) + return test_aead @@ -82,9 +83,9 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, if not only_if(backend): pytest.skip(skip_message) if params.get("pt") is not None: - plaintext = params.pop("pt") - ciphertext = params.pop("ct") - aad = params.pop("aad") + plaintext = params["pt"] + ciphertext = params["ct"] + aad = params["aad"] if params.get("fail") is True: cipher = Cipher( cipher_factory(binascii.unhexlify(params["key"])), @@ -125,21 +126,17 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, def generate_stream_encryption_test(param_loader, path, file_names, cipher_factory, only_if=None, skip_message=None): - def test_stream_encryption(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - stream_encryption_test, - backend, - cipher_factory, - params, - only_if, - skip_message - ) + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_stream_encryption(self, backend, params): + stream_encryption_test( + backend, + cipher_factory, + params, + only_if, + skip_message + ) return test_stream_encryption @@ -147,9 +144,9 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, skip_message): if not only_if(backend): pytest.skip(skip_message) - plaintext = params.pop("plaintext") - ciphertext = params.pop("ciphertext") - offset = params.pop("offset") + plaintext = params["plaintext"] + ciphertext = params["ciphertext"] + offset = params["offset"] cipher = Cipher(cipher_factory(**params), None, backend=backend) encryptor = cipher.encryptor() # throw away offset bytes @@ -166,21 +163,17 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, def generate_hash_test(param_loader, path, file_names, hash_cls, only_if=None, skip_message=None): - def test_hash(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - hash_test, - backend, - hash_cls, - params, - only_if, - skip_message - ) + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_hash(self, backend, params): + hash_test( + backend, + hash_cls, + params, + only_if, + skip_message + ) return test_hash @@ -197,17 +190,15 @@ def hash_test(backend, algorithm, params, only_if, skip_message): def generate_base_hash_test(algorithm, digest_size, block_size, only_if=None, skip_message=None): - def test_base_hash(self): - for backend in _ALL_BACKENDS: - yield ( - base_hash_test, - backend, - algorithm, - digest_size, - block_size, - only_if, - skip_message, - ) + def test_base_hash(self, backend): + base_hash_test( + backend, + algorithm, + digest_size, + block_size, + only_if, + skip_message, + ) return test_base_hash @@ -232,16 +223,14 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, def generate_long_string_hash_test(hash_factory, md, only_if=None, skip_message=None): - def test_long_string_hash(self): - for backend in _ALL_BACKENDS: - yield( - long_string_hash_test, - backend, - hash_factory, - md, - only_if, - skip_message - ) + def test_long_string_hash(self, backend): + long_string_hash_test( + backend, + hash_factory, + md, + only_if, + skip_message + ) return test_long_string_hash @@ -255,21 +244,17 @@ def long_string_hash_test(backend, algorithm, md, only_if, skip_message): def generate_hmac_test(param_loader, path, file_names, algorithm, only_if=None, skip_message=None): - def test_hmac(self): - for backend in _ALL_BACKENDS: - for file_name in file_names: - for params in load_vectors_from_file( - os.path.join(path, file_name), - param_loader - ): - yield ( - hmac_test, - backend, - algorithm, - params, - only_if, - skip_message - ) + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_hmac(self, backend, params): + hmac_test( + backend, + algorithm, + params, + only_if, + skip_message + ) return test_hmac @@ -285,15 +270,13 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None): - def test_base_hmac(self): - for backend in _ALL_BACKENDS: - yield ( - base_hmac_test, - backend, - hash_cls, - only_if, - skip_message, - ) + def test_base_hmac(self, backend): + base_hmac_test( + backend, + hash_cls, + only_if, + skip_message, + ) return test_base_hmac @@ -309,16 +292,14 @@ def base_hmac_test(backend, algorithm, only_if, skip_message): def generate_aead_exception_test(cipher_factory, mode_factory, only_if, skip_message): - def test_aead_exception(self): - for backend in _ALL_BACKENDS: - yield ( - aead_exception_test, - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + def test_aead_exception(self, backend): + aead_exception_test( + backend, + cipher_factory, + mode_factory, + only_if, + skip_message + ) return test_aead_exception @@ -357,16 +338,14 @@ def aead_exception_test(backend, cipher_factory, mode_factory, def generate_aead_tag_exception_test(cipher_factory, mode_factory, only_if, skip_message): - def test_aead_tag_exception(self): - for backend in _ALL_BACKENDS: - yield ( - aead_tag_exception_test, - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + def test_aead_tag_exception(self, backend): + aead_tag_exception_test( + backend, + cipher_factory, + mode_factory, + only_if, + skip_message + ) return test_aead_tag_exception @@ -383,6 +362,13 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory, cipher.decryptor() cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24), b"000"), + backend + ) + with pytest.raises(ValueError): + cipher.decryptor() + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16), backend ) diff --git a/tests/test_utils.py b/tests/test_utils.py index 5c58fd76..a65091ff 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,14 +14,33 @@ import os import textwrap +import pretend + import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_openssl_vectors, load_hash_vectors, + load_openssl_vectors, load_hash_vectors, check_for_iface ) +class FakeInterface(object): + pass + + +def test_check_for_iface(): + item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_for_iface("fake_name", FakeInterface, item) + assert exc_info.value.args[0] == "True backend does not support fake_name" + + item = pretend.stub( + keywords=["fake_name"], + funcargs={"backend": FakeInterface()} + ) + check_for_iface("fake_name", FakeInterface, item) + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 94f97d59..82021a5f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -11,7 +11,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os.path +import os + +import pytest + + +def check_for_iface(name, iface, item): + if name in item.keywords and "backend" in item.funcargs: + if not isinstance(item.funcargs["backend"], iface): + pytest.skip("{0} backend does not support {1}".format( + item.funcargs["backend"], name + )) def load_vectors_from_file(filename, loader): |