diff options
Diffstat (limited to 'tests/hazmat/primitives')
-rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 99 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_serialization.py | 29 |
2 files changed, 124 insertions, 4 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 74183010..72bc08ad 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -15,8 +15,10 @@ from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons ) -from cryptography.hazmat.backends.interfaces import RSABackend -from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.backends.interfaces import ( + PEMSerializationBackend, RSABackend +) +from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.primitives.asymmetric.rsa import ( RSAPrivateNumbers, RSAPublicNumbers @@ -46,6 +48,11 @@ class DummyMGF(object): _salt_length = 0 +@utils.register_interface(serialization.KeySerializationEncryption) +class DummyKeyEncryption(object): + pass + + def _flatten_pkcs1_examples(vectors): flattened_vectors = [] for vector in vectors: @@ -78,6 +85,18 @@ def test_modular_inverse(): ) +def _skip_if_no_serialization(key, backend): + if not isinstance(key, rsa.RSAPrivateKeyWithSerialization): + pytest.skip( + "{0} does not support RSA key serialization".format(backend) + ) + + +def test_skip_if_no_serialization(): + with pytest.raises(pytest.skip.Exception): + _skip_if_no_serialization("notakeywithserialization", "backend") + + @pytest.mark.requires_backend_interface(interface=RSABackend) class TestRSA(object): @pytest.mark.parametrize( @@ -1725,3 +1744,79 @@ class TestRSAPrimeFactorRecovery(object): def test_invalid_recover_prime_factors(self): with pytest.raises(ValueError): rsa.rsa_recover_prime_factors(34, 3, 7) + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=PEMSerializationBackend) +class TestRSAPEMWriter(object): + @pytest.mark.parametrize( + ("serializer", "password"), + itertools.product( + [serialization.TraditionalOpenSSL, serialization.PKCS8], + [ + b"s", + b"longerpassword", + b"!*$&(@#$*&($T@%_somesymbols", + b"\x01" * 1000, + ] + ) + ) + def test_dump_encrypted_pem(self, backend, serializer, password): + key = RSA_KEY_2048.private_key(backend) + _skip_if_no_serialization(key, backend) + serialized = key.dump( + serializer(serialization.Encoding.PEM), + serialization.BestAvailable(password) + ) + loaded_key = serialization.load_pem_private_key( + serialized, password, backend + ) + loaded_priv_num = loaded_key.private_numbers() + priv_num = key.private_numbers() + assert loaded_priv_num == priv_num + + @pytest.mark.parametrize( + "serializer", + (serialization.TraditionalOpenSSL, serialization.PKCS8), + ) + def test_dump_unencrypted_pem(self, backend, serializer): + key = RSA_KEY_2048.private_key(backend) + _skip_if_no_serialization(key, backend) + serialized = key.dump( + serializer(serialization.Encoding.PEM), + serialization.NoEncryption() + ) + loaded_key = serialization.load_pem_private_key( + serialized, None, backend + ) + loaded_priv_num = loaded_key.private_numbers() + priv_num = key.private_numbers() + assert loaded_priv_num == priv_num + + def test_dump_invalid_serializer(self, backend): + key = RSA_KEY_2048.private_key(backend) + _skip_if_no_serialization(key, backend) + with pytest.raises(TypeError): + key.dump("notaserializer", serialization.NoEncryption()) + + def test_dump_invalid_encryption_algorithm(self, backend): + key = RSA_KEY_2048.private_key(backend) + _skip_if_no_serialization(key, backend) + with pytest.raises(TypeError): + key.dump( + serialization.TraditionalOpenSSL( + serialization.Encoding.PEM + ), + "notanencalg" + ) + + def test_dump_unsupported_encryption_type(self, backend): + key = RSA_KEY_2048.private_key(backend) + _skip_if_no_serialization(key, backend) + with pytest.raises(ValueError): + key.dump( + serialization.TraditionalOpenSSL( + serialization.Encoding.PEM + ), + DummyKeyEncryption() + ) diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index a17aac4b..2a5fb21d 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -18,8 +18,9 @@ from cryptography.hazmat.backends.interfaces import ( ) from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.hazmat.primitives.serialization import ( - load_der_private_key, load_der_public_key, load_pem_private_key, - load_pem_public_key, load_ssh_public_key + BestAvailable, Encoding, PKCS8, TraditionalOpenSSL, load_der_private_key, + load_der_public_key, load_pem_private_key, load_pem_public_key, + load_ssh_public_key ) @@ -1159,3 +1160,27 @@ class TestECDSASSHSerialization(object): ) with pytest.raises(ValueError): load_ssh_public_key(ssh_key, backend) + + +@pytest.mark.parametrize( + "serializer", + [PKCS8, TraditionalOpenSSL] +) +class TestSerializers(object): + def test_invalid_encoding(self, serializer): + with pytest.raises(TypeError): + serializer("thing") + + def test_valid_params(self, serializer): + fmt = serializer(Encoding.PEM) + assert isinstance(fmt, (PKCS8, TraditionalOpenSSL)) + + +class TestKeySerializationEncryptionTypes(object): + def test_non_bytes_password(self): + with pytest.raises(ValueError): + BestAvailable(object()) + + def test_encryption_with_zero_length_password(self): + with pytest.raises(ValueError): + BestAvailable(b"") |