diff options
Diffstat (limited to 'tests/hazmat/backends')
| -rw-r--r-- | tests/hazmat/backends/__init__.py | 14 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_commoncrypto.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_multibackend.py | 42 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 60 |
4 files changed, 101 insertions, 23 deletions
diff --git a/tests/hazmat/backends/__init__.py b/tests/hazmat/backends/__init__.py index e69de29b..2f420574 100644 --- a/tests/hazmat/backends/__init__.py +++ b/tests/hazmat/backends/__init__.py @@ -0,0 +1,14 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 7cc0f72f..7c703f67 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -11,16 +11,20 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, InternalError +from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.base import Cipher from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM +from ...utils import raises_unsupported_algorithm + @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): @@ -61,5 +65,5 @@ class TestCommonCrypto(object): cipher = Cipher( DummyCipher(), GCM(b"fake_iv_here"), backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 63168180..f0be72b2 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -11,18 +11,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -import pytest +from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import ( + UnsupportedAlgorithm, _Reasons +) from cryptography.hazmat.backends.interfaces import ( - CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend + CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from ...utils import raises_unsupported_algorithm + @utils.register_interface(CipherBackend) class DummyCipherBackend(object): @@ -34,11 +38,11 @@ class DummyCipherBackend(object): def create_symmetric_encryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) def create_symmetric_decryption_ctx(self, algorithm, mode): if not self.cipher_supported(algorithm, mode): - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) @utils.register_interface(HashBackend) @@ -51,7 +55,7 @@ class DummyHashBackend(object): def create_hash_ctx(self, algorithm): if not self.hash_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(HMACBackend) @@ -64,7 +68,7 @@ class DummyHMACBackend(object): def create_hmac_ctx(self, key, algorithm): if not self.hmac_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(PBKDF2HMACBackend) @@ -78,7 +82,7 @@ class DummyPBKDF2HMACBackend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): if not self.pbkdf2_hmac_supported(algorithm): - raise UnsupportedAlgorithm + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) @utils.register_interface(RSABackend) @@ -119,9 +123,9 @@ class TestMultiBackend(object): modes.CBC(b"\x00" * 16), backend=backend ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.decryptor() def test_hashes(self): @@ -132,7 +136,7 @@ class TestMultiBackend(object): hashes.Hash(hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hashes.Hash(hashes.SHA1(), backend=backend) def test_hmac(self): @@ -143,7 +147,7 @@ class TestMultiBackend(object): hmac.HMAC(b"", hashes.MD5(), backend=backend) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hmac.HMAC(b"", hashes.SHA1(), backend=backend) def test_pbkdf2(self): @@ -154,7 +158,7 @@ class TestMultiBackend(object): backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") def test_rsa(self): @@ -173,13 +177,19 @@ class TestMultiBackend(object): padding.PKCS1v15(), hashes.MD5()) backend = MultiBackend([]) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): backend.generate_rsa_private_key(key_size=1024, public_exponent=3) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(), hashes.MD5()) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): backend.create_rsa_verification_ctx( "public_key", "sig", padding.PKCS1v15(), hashes.MD5()) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 42c1b395..016da0fc 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -11,16 +11,23 @@ # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import, division, print_function + import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, InternalError -from cryptography.hazmat.backends.openssl.backend import backend, Backend -from cryptography.hazmat.primitives import interfaces, hashes +from cryptography.exceptions import ( + InternalError, _Reasons +) +from cryptography.hazmat.backends.openssl.backend import Backend, backend +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC +from ...utils import raises_unsupported_algorithm + @utils.register_interface(interfaces.Mode) class DummyMode(object): @@ -35,6 +42,11 @@ class DummyCipher(object): name = "dummy-cipher" +@utils.register_interface(interfaces.HashAlgorithm) +class DummyHash(object): + name = "dummy-hash" + + class TestOpenSSL(object): def test_backend_exists(self): assert backend @@ -68,7 +80,7 @@ class TestOpenSSL(object): cipher = Cipher( DummyCipher(), mode, backend=b, ) - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): cipher.encryptor() def test_consume_errors(self): @@ -130,9 +142,47 @@ class TestOpenSSL(object): def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): if backend.pbkdf2_hmac_supported(hashes.SHA256()): pytest.skip("Requires an older OpenSSL") - with pytest.raises(UnsupportedAlgorithm): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") + @pytest.mark.skipif( + backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000100f, + reason="Requires an older OpenSSL. Must be < 1.0.1" + ) + def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.signer( + padding.PSS( + mgf=padding.MGF1( + algorithm=hashes.SHA256(), + salt_length=padding.MGF1.MAX_LENGTH + ) + ), + hashes.SHA1(), + backend + ) + public_key = private_key.public_key() + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + public_key.verifier( + b"sig", + padding.PSS( + mgf=padding.MGF1( + algorithm=hashes.SHA256(), + salt_length=padding.MGF1.MAX_LENGTH + ) + ), + hashes.SHA1(), + backend + ) + + def test_unsupported_mgf1_hash_algorithm(self): + assert backend.mgf1_hash_supported(DummyHash()) is False + # This test is not in the next class because to check if it's really # default we don't want to run the setup_method before it def test_osrandom_engine_is_default(self): |