aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives/utils.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat/primitives/utils.py')
-rw-r--r--tests/hazmat/primitives/utils.py157
1 files changed, 154 insertions, 3 deletions
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 6c67ddb3..b06f9b29 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -3,10 +3,12 @@ import os
import pytest
-from cryptography.hazmat.bindings import _ALL_BACKENDS
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives import hmac
+from cryptography.hazmat.backends import _ALL_BACKENDS
+from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.exceptions import (
+ AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag,
+)
from ...utils import load_vectors_from_file
@@ -54,6 +56,72 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if,
assert actual_plaintext == binascii.unhexlify(plaintext)
+def generate_aead_test(param_loader, path, file_names, cipher_factory,
+ mode_factory, only_if, skip_message):
+ def test_aead(self):
+ for backend in _ALL_BACKENDS:
+ for file_name in file_names:
+ for params in load_vectors_from_file(
+ os.path.join(path, file_name),
+ param_loader
+ ):
+ yield (
+ aead_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ params,
+ only_if,
+ skip_message
+ )
+ return test_aead
+
+
+def aead_test(backend, cipher_factory, mode_factory, params, only_if,
+ skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ if params.get("pt") is not None:
+ plaintext = params.pop("pt")
+ ciphertext = params.pop("ct")
+ aad = params.pop("aad")
+ if params.get("fail") is True:
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]),
+ binascii.unhexlify(params["tag"])),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+ with pytest.raises(InvalidTag):
+ decryptor.finalize()
+ else:
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]), None),
+ backend
+ )
+ encryptor = cipher.encryptor()
+ encryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
+ actual_ciphertext += encryptor.finalize()
+ tag_len = len(params["tag"])
+ assert binascii.hexlify(encryptor.tag)[:tag_len] == params["tag"]
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(params["key"])),
+ mode_factory(binascii.unhexlify(params["iv"]),
+ binascii.unhexlify(params["tag"])),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.authenticate_additional_data(binascii.unhexlify(aad))
+ actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+ actual_plaintext += decryptor.finalize()
+ assert actual_plaintext == binascii.unhexlify(plaintext)
+
+
def generate_stream_encryption_test(param_loader, path, file_names,
cipher_factory, only_if=None,
skip_message=None):
@@ -237,3 +305,86 @@ def base_hmac_test(backend, algorithm, only_if, skip_message):
h_copy = h.copy()
assert h != h_copy
assert h._ctx != h_copy._ctx
+
+
+def generate_aead_exception_test(cipher_factory, mode_factory,
+ only_if, skip_message):
+ def test_aead_exception(self):
+ for backend in _ALL_BACKENDS:
+ yield (
+ aead_exception_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ only_if,
+ skip_message
+ )
+ return test_aead_exception
+
+
+def aead_exception_test(backend, cipher_factory, mode_factory,
+ only_if, skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24)),
+ backend
+ )
+ encryptor = cipher.encryptor()
+ encryptor.update(b"a" * 16)
+ with pytest.raises(NotYetFinalized):
+ encryptor.tag
+ with pytest.raises(AlreadyUpdated):
+ encryptor.authenticate_additional_data(b"b" * 16)
+ encryptor.finalize()
+ with pytest.raises(AlreadyFinalized):
+ encryptor.authenticate_additional_data(b"b" * 16)
+ with pytest.raises(AlreadyFinalized):
+ encryptor.update(b"b" * 16)
+ with pytest.raises(AlreadyFinalized):
+ encryptor.finalize()
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),
+ backend
+ )
+ decryptor = cipher.decryptor()
+ decryptor.update(b"a" * 16)
+ with pytest.raises(AttributeError):
+ decryptor.tag
+
+
+def generate_aead_tag_exception_test(cipher_factory, mode_factory,
+ only_if, skip_message):
+ def test_aead_tag_exception(self):
+ for backend in _ALL_BACKENDS:
+ yield (
+ aead_tag_exception_test,
+ backend,
+ cipher_factory,
+ mode_factory,
+ only_if,
+ skip_message
+ )
+ return test_aead_tag_exception
+
+
+def aead_tag_exception_test(backend, cipher_factory, mode_factory,
+ only_if, skip_message):
+ if not only_if(backend):
+ pytest.skip(skip_message)
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24)),
+ backend
+ )
+ with pytest.raises(ValueError):
+ cipher.decryptor()
+ cipher = Cipher(
+ cipher_factory(binascii.unhexlify(b"0" * 32)),
+ mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16),
+ backend
+ )
+ with pytest.raises(ValueError):
+ cipher.encryptor()
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 18:33:27 +0000