diff options
Diffstat (limited to 'tests/hazmat/primitives/test_x25519.py')
| -rw-r--r-- | tests/hazmat/primitives/test_x25519.py | 122 |
1 files changed, 114 insertions, 8 deletions
diff --git a/tests/hazmat/primitives/test_x25519.py b/tests/hazmat/primitives/test_x25519.py index 0f83eb6e..682c3125 100644 --- a/tests/hazmat/primitives/test_x25519.py +++ b/tests/hazmat/primitives/test_x25519.py @@ -9,8 +9,10 @@ import os import pytest +from cryptography import utils from cryptography.exceptions import _Reasons from cryptography.hazmat.backends.interfaces import DHBackend +from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.x25519 import ( X25519PrivateKey, X25519PublicKey ) @@ -50,7 +52,7 @@ class TestX25519Exchange(object): private = binascii.unhexlify(vector["input_scalar"]) public = binascii.unhexlify(vector["input_u"]) shared_key = binascii.unhexlify(vector["output_u"]) - private_key = X25519PrivateKey._from_private_bytes(private) + private_key = X25519PrivateKey.from_private_bytes(private) public_key = X25519PublicKey.from_public_bytes(public) computed_shared_key = private_key.exchange(public_key) assert computed_shared_key == shared_key @@ -64,11 +66,11 @@ class TestX25519Exchange(object): b"684cf59ba83309552800ef566f2f4d3c1c3887c49360e3875f2eb94d9953" b"2c51" ) - private_key = X25519PrivateKey._from_private_bytes(private) + private_key = X25519PrivateKey.from_private_bytes(private) public_key = X25519PublicKey.from_public_bytes(public) for _ in range(1000): computed_shared_key = private_key.exchange(public_key) - private_key = X25519PrivateKey._from_private_bytes( + private_key = X25519PrivateKey.from_private_bytes( computed_shared_key ) public_key = X25519PublicKey.from_public_bytes(old_private) @@ -86,13 +88,25 @@ class TestX25519Exchange(object): private = binascii.unhexlify( "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296" ) - private_key = X25519PrivateKey._from_private_bytes( + private_key = X25519PrivateKey.from_private_bytes( private ) public_key = X25519PublicKey.from_public_bytes(public) with pytest.raises(ValueError): private_key.exchange(public_key) + def test_deprecated_public_bytes(self, backend): + key = X25519PrivateKey.generate().public_key() + with pytest.warns(utils.DeprecatedIn25): + key.public_bytes() + + def test_public_bytes_bad_args(self, backend): + key = X25519PrivateKey.generate().public_key() + with pytest.raises(ValueError): + key.public_bytes(None, serialization.PublicFormat.Raw) + with pytest.raises(ValueError): + key.public_bytes(serialization.Encoding.Raw) + # These vectors are also from RFC 7748 # https://tools.ietf.org/html/rfc7748#section-6.1 @pytest.mark.parametrize( @@ -120,11 +134,20 @@ class TestX25519Exchange(object): ) ] ) - def test_public_bytes(self, private_bytes, public_bytes, backend): - private_key = X25519PrivateKey._from_private_bytes(private_bytes) - assert private_key.public_key().public_bytes() == public_bytes + def test_pub_priv_bytes_raw(self, private_bytes, public_bytes, backend): + private_key = X25519PrivateKey.from_private_bytes(private_bytes) + assert private_key.private_bytes( + serialization.Encoding.Raw, + serialization.PrivateFormat.Raw, + serialization.NoEncryption() + ) == private_bytes + assert private_key.public_key().public_bytes( + serialization.Encoding.Raw, serialization.PublicFormat.Raw + ) == public_bytes public_key = X25519PublicKey.from_public_bytes(public_bytes) - assert public_key.public_bytes() == public_bytes + assert public_key.public_bytes( + serialization.Encoding.Raw, serialization.PublicFormat.Raw + ) == public_bytes def test_generate(self, backend): key = X25519PrivateKey.generate() @@ -142,3 +165,86 @@ class TestX25519Exchange(object): with pytest.raises(ValueError): X25519PublicKey.from_public_bytes(b"a" * 33) + + def test_invalid_private_bytes(self, backend): + key = X25519PrivateKey.generate() + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.Raw, + serialization.PrivateFormat.Raw, + None + ) + + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.Raw, + serialization.PrivateFormat.PKCS8, + None + ) + + with pytest.raises(ValueError): + key.private_bytes( + serialization.Encoding.PEM, + serialization.PrivateFormat.Raw, + serialization.NoEncryption() + ) + + def test_invalid_public_bytes(self, backend): + key = X25519PrivateKey.generate().public_key() + with pytest.raises(ValueError): + key.public_bytes( + serialization.Encoding.Raw, + serialization.PublicFormat.SubjectPublicKeyInfo + ) + + with pytest.raises(ValueError): + key.public_bytes( + serialization.Encoding.PEM, + serialization.PublicFormat.PKCS1 + ) + + with pytest.raises(ValueError): + key.public_bytes( + serialization.Encoding.PEM, + serialization.PublicFormat.Raw + ) + + @pytest.mark.parametrize( + ("encoding", "fmt", "encryption", "passwd", "load_func"), + [ + ( + serialization.Encoding.PEM, + serialization.PrivateFormat.PKCS8, + serialization.BestAvailableEncryption(b"password"), + b"password", + serialization.load_pem_private_key + ), + ( + serialization.Encoding.DER, + serialization.PrivateFormat.PKCS8, + serialization.BestAvailableEncryption(b"password"), + b"password", + serialization.load_der_private_key + ), + ( + serialization.Encoding.PEM, + serialization.PrivateFormat.PKCS8, + serialization.NoEncryption(), + None, + serialization.load_pem_private_key + ), + ( + serialization.Encoding.DER, + serialization.PrivateFormat.PKCS8, + serialization.NoEncryption(), + None, + serialization.load_der_private_key + ), + ] + ) + def test_round_trip_private_serialization(self, encoding, fmt, encryption, + passwd, load_func, backend): + key = X25519PrivateKey.generate() + serialized = key.private_bytes(encoding, fmt, encryption) + loaded_key = load_func(serialized, passwd, backend) + assert isinstance(loaded_key, X25519PrivateKey) |