diff options
Diffstat (limited to 'tests/hazmat/backends')
| -rw-r--r-- | tests/hazmat/backends/test_multibackend.py | 144 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 67 |
2 files changed, 194 insertions, 17 deletions
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py new file mode 100644 index 00000000..ca21c9fc --- /dev/null +++ b/tests/hazmat/backends/test_multibackend.py @@ -0,0 +1,144 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import pytest + +from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import ( + CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend +) +from cryptography.hazmat.backends.multibackend import MultiBackend +from cryptography.hazmat.primitives import hashes, hmac +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + + +@utils.register_interface(CipherBackend) +class DummyCipherBackend(object): + def __init__(self, supported_ciphers): + self._ciphers = supported_ciphers + + def cipher_supported(self, algorithm, mode): + return (type(algorithm), type(mode)) in self._ciphers + + def create_symmetric_encryption_ctx(self, algorithm, mode): + if not self.cipher_supported(algorithm, mode): + raise UnsupportedAlgorithm + + def create_symmetric_decryption_ctx(self, algorithm, mode): + if not self.cipher_supported(algorithm, mode): + raise UnsupportedAlgorithm + + +@utils.register_interface(HashBackend) +class DummyHashBackend(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def hash_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def create_hash_ctx(self, algorithm): + if not self.hash_supported(algorithm): + raise UnsupportedAlgorithm + + +@utils.register_interface(HMACBackend) +class DummyHMACBackend(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def hmac_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def create_hmac_ctx(self, key, algorithm): + if not self.hmac_supported(algorithm): + raise UnsupportedAlgorithm + + +@utils.register_interface(PBKDF2HMACBackend) +class DummyPBKDF2HMAC(object): + def __init__(self, supported_algorithms): + self._algorithms = supported_algorithms + + def pbkdf2_hmac_supported(self, algorithm): + return type(algorithm) in self._algorithms + + def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, + key_material): + if not self.pbkdf2_hmac_supported(algorithm): + raise UnsupportedAlgorithm + + +class TestMultiBackend(object): + def test_ciphers(self): + backend = MultiBackend([ + DummyHashBackend([]), + DummyCipherBackend([ + (algorithms.AES, modes.CBC), + ]) + ]) + assert backend.cipher_supported( + algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16) + ) + + cipher = Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend=backend + ) + cipher.encryptor() + cipher.decryptor() + + cipher = Cipher( + algorithms.Camellia(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend=backend + ) + with pytest.raises(UnsupportedAlgorithm): + cipher.encryptor() + with pytest.raises(UnsupportedAlgorithm): + cipher.decryptor() + + def test_hashes(self): + backend = MultiBackend([ + DummyHashBackend([hashes.MD5]) + ]) + assert backend.hash_supported(hashes.MD5()) + + hashes.Hash(hashes.MD5(), backend=backend) + + with pytest.raises(UnsupportedAlgorithm): + hashes.Hash(hashes.SHA1(), backend=backend) + + def test_hmac(self): + backend = MultiBackend([ + DummyHMACBackend([hashes.MD5]) + ]) + assert backend.hmac_supported(hashes.MD5()) + + hmac.HMAC(b"", hashes.MD5(), backend=backend) + + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"", hashes.SHA1(), backend=backend) + + def test_pbkdf2(self): + backend = MultiBackend([ + DummyPBKDF2HMAC([hashes.MD5]) + ]) + assert backend.pbkdf2_hmac_supported(hashes.MD5()) + + backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"") + + with pytest.raises(UnsupportedAlgorithm): + backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"") diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index cef28af0..046ff3e1 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -19,7 +19,6 @@ import pytest from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, InternalError -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.openssl.backend import backend, Backend from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import Cipher @@ -139,9 +138,6 @@ class TestOpenSSL(object): def test_backend_exists(self): assert backend - def test_is_default(self): - assert backend == default_backend() - def test_openssl_version_text(self): """ This test checks the value of OPENSSL_VERSION_TEXT. @@ -176,24 +172,61 @@ class TestOpenSSL(object): def test_handle_unknown_error(self): with pytest.raises(InternalError): - backend._handle_error_code(0, 0, 0) + backend._handle_error_code(0) + backend._lib.ERR_put_error(backend._lib.ERR_LIB_EVP, 0, 0, + b"test_openssl.py", -1) with pytest.raises(InternalError): - backend._handle_error_code(backend._lib.ERR_LIB_EVP, 0, 0) - + backend._handle_error(None) + + backend._lib.ERR_put_error( + backend._lib.ERR_LIB_EVP, + backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX, + 0, + b"test_openssl.py", + -1 + ) with pytest.raises(InternalError): - backend._handle_error_code( - backend._lib.ERR_LIB_EVP, - backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX, - 0 - ) + backend._handle_error(None) + + backend._lib.ERR_put_error( + backend._lib.ERR_LIB_EVP, + backend._lib.EVP_F_EVP_DECRYPTFINAL_EX, + 0, + b"test_openssl.py", + -1 + ) + with pytest.raises(InternalError): + backend._handle_error(None) + + def test_handle_multiple_errors(self): + for i in range(10): + backend._lib.ERR_put_error(backend._lib.ERR_LIB_EVP, 0, 0, + b"test_openssl.py", -1) + + assert backend._lib.ERR_peek_error() != 0 with pytest.raises(InternalError): - backend._handle_error_code( - backend._lib.ERR_LIB_EVP, - backend._lib.EVP_F_EVP_DECRYPTFINAL_EX, - 0 - ) + backend._handle_error(None) + + assert backend._lib.ERR_peek_error() == 0 + + def test_openssl_error_string(self): + backend._lib.ERR_put_error( + backend._lib.ERR_LIB_EVP, + backend._lib.EVP_F_EVP_DECRYPTFINAL_EX, + 0, + b"test_openssl.py", + -1 + ) + + with pytest.raises(InternalError) as exc: + backend._handle_error(None) + + assert ( + "digital envelope routines:" + "EVP_DecryptFinal_ex:digital envelope routines" in str(exc) + ) def test_ssl_ciphers_registered(self): meth = backend._lib.TLSv1_method() |