diff options
Diffstat (limited to 'tests/hazmat')
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 44 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_3des.py | 14 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 35 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_arc4.py | 43 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 80 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_blowfish.py | 18 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_camellia.py | 18 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_cast5.py | 10 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ciphers.py | 21 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hash_vectors.py | 38 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 48 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 25 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac_vectors.py | 30 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_utils.py | 47 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 226 |
15 files changed, 564 insertions, 133 deletions
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index f1493e8d..1eb6f200 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -13,18 +13,22 @@ import pytest +from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.bindings import default_backend from cryptography.hazmat.bindings.openssl.backend import backend, Backend +from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC -class FakeMode(object): +class DummyMode(object): pass -class FakeCipher(object): +@utils.register_interface(interfaces.CipherAlgorithm) +class DummyCipher(object): pass @@ -32,6 +36,9 @@ class TestOpenSSL(object): def test_backend_exists(self): assert backend + def test_is_default(self): + assert backend == default_backend() + def test_openssl_version_text(self): """ This test checks the value of OPENSSL_VERSION_TEXT. @@ -44,11 +51,11 @@ class TestOpenSSL(object): assert backend.openssl_version_text().startswith("OpenSSL") def test_supports_cipher(self): - assert backend.ciphers.supported(None, None) is False + assert backend.cipher_supported(None, None) is False def test_register_duplicate_cipher_adapter(self): with pytest.raises(ValueError): - backend.ciphers.register_cipher_adapter(AES, CBC, None) + backend.register_cipher_adapter(AES, CBC, None) def test_instances_share_ffi(self): b = Backend() @@ -57,13 +64,34 @@ class TestOpenSSL(object): def test_nonexistent_cipher(self): b = Backend() - b.ciphers.register_cipher_adapter( - FakeCipher, - FakeMode, + b.register_cipher_adapter( + DummyCipher, + DummyMode, lambda backend, cipher, mode: backend.ffi.NULL ) cipher = Cipher( - FakeCipher(), FakeMode(), backend=b, + DummyCipher(), DummyMode(), backend=b, ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() + + def test_handle_unknown_error(self): + with pytest.raises(SystemError): + backend._handle_error_code(0, 0, 0) + + with pytest.raises(SystemError): + backend._handle_error_code(backend.lib.ERR_LIB_EVP, 0, 0) + + with pytest.raises(SystemError): + backend._handle_error_code( + backend.lib.ERR_LIB_EVP, + backend.lib.EVP_F_EVP_ENCRYPTFINAL_EX, + 0 + ) + + with pytest.raises(SystemError): + backend._handle_error_code( + backend.lib.ERR_LIB_EVP, + backend.lib.EVP_F_EVP_DECRYPTFINAL_EX, + 0 + ) diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index af6bdc04..69ec9c9a 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -23,12 +23,12 @@ import os from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test -from ...utils import load_nist_vectors_from_file +from ...utils import load_nist_vectors class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "CBC"), [ "TCBCinvperm.rsp", @@ -42,7 +42,7 @@ class TestTripleDES_CBC(object): ) test_MMT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "CBC"), [ "TCBCMMT1.rsp", @@ -58,7 +58,7 @@ class TestTripleDES_CBC(object): class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "OFB"), [ "TOFBpermop.rsp", @@ -72,7 +72,7 @@ class TestTripleDES_OFB(object): ) test_MMT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "OFB"), [ "TOFBMMT1.rsp", @@ -88,7 +88,7 @@ class TestTripleDES_OFB(object): class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "CFB"), [ "TCFB64invperm.rsp", @@ -102,7 +102,7 @@ class TestTripleDES_CFB(object): ) test_MMT = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "3DES", "CFB"), [ "TCFB64MMT1.rsp", diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 66471fac..f7b0b9a0 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -18,15 +18,15 @@ import os from cryptography.hazmat.primitives.ciphers import algorithms, modes -from .utils import generate_encrypt_test +from .utils import generate_encrypt_test, generate_aead_test from ...utils import ( - load_nist_vectors_from_file, load_openssl_vectors_from_file + load_nist_vectors, load_openssl_vectors, ) class TestAES(object): test_CBC = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "AES", "CBC"), [ "CBCGFSbox128.rsp", @@ -50,7 +50,7 @@ class TestAES(object): ) test_ECB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "AES", "ECB"), [ "ECBGFSbox128.rsp", @@ -74,7 +74,7 @@ class TestAES(object): ) test_OFB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "AES", "OFB"), [ "OFBGFSbox128.rsp", @@ -98,7 +98,7 @@ class TestAES(object): ) test_CFB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "AES", "CFB"), [ "CFB128GFSbox128.rsp", @@ -122,13 +122,32 @@ class TestAES(object): ) test_CTR = generate_encrypt_test( - load_openssl_vectors_from_file, + load_openssl_vectors, os.path.join("ciphers", "AES", "CTR"), ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], lambda key, iv: algorithms.AES(binascii.unhexlify(key)), lambda key, iv: modes.CTR(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) ), skip_message="Does not support AES CTR", ) + + test_GCM = generate_aead_test( + load_nist_vectors, + os.path.join("ciphers", "AES", "GCM"), + [ + "gcmDecrypt128.rsp", + "gcmDecrypt192.rsp", + "gcmDecrypt256.rsp", + "gcmEncryptExtIV128.rsp", + "gcmEncryptExtIV192.rsp", + "gcmEncryptExtIV256.rsp", + ], + lambda key: algorithms.AES(key), + lambda iv, tag: modes.GCM(iv, tag), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", + ) diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py new file mode 100644 index 00000000..d233bec2 --- /dev/null +++ b/tests/hazmat/primitives/test_arc4.py @@ -0,0 +1,43 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import binascii +import os + +from cryptography.hazmat.primitives.ciphers import algorithms + +from .utils import generate_stream_encryption_test +from ...utils import load_nist_vectors + + +class TestARC4(object): + test_rfc = generate_stream_encryption_test( + load_nist_vectors, + os.path.join("ciphers", "ARC4"), + [ + "rfc-6229-40.txt", + "rfc-6229-56.txt", + "rfc-6229-64.txt", + "rfc-6229-80.txt", + "rfc-6229-128.txt", + "rfc-6229-192.txt", + "rfc-6229-256.txt", + ], + lambda key: algorithms.ARC4(binascii.unhexlify((key))), + only_if=lambda backend: backend.cipher_supported( + algorithms.ARC4("\x00" * 16), None + ), + skip_message="Does not support ARC4", + ) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 28f34478..02de3861 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -17,34 +17,47 @@ import binascii import pytest -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography import utils +from cryptography.exceptions import ( + UnsupportedAlgorithm, AlreadyFinalized, +) from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes ) +from .utils import ( + generate_aead_exception_test, generate_aead_tag_exception_test +) -class TestCipher(object): - def test_instantiate_without_backend(self): - Cipher( - algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) - ) - def test_creates_encryptor(self): +@utils.register_interface(interfaces.CipherAlgorithm) +class DummyCipher(object): + pass + + +class TestCipher(object): + def test_creates_encryptor(self, backend): cipher = Cipher( algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) + modes.CBC(binascii.unhexlify(b"0" * 32)), + backend ) assert isinstance(cipher.encryptor(), interfaces.CipherContext) - def test_creates_decryptor(self): + def test_creates_decryptor(self, backend): cipher = Cipher( algorithms.AES(binascii.unhexlify(b"0" * 32)), - modes.CBC(binascii.unhexlify(b"0" * 32)) + modes.CBC(binascii.unhexlify(b"0" * 32)), + backend ) assert isinstance(cipher.decryptor(), interfaces.CipherContext) + def test_instantiate_with_non_algorithm(self, backend): + algorithm = object() + with pytest.raises(TypeError): + Cipher(algorithm, mode=None, backend=backend) + class TestCipherContext(object): def test_use_after_finalize(self, backend): @@ -56,16 +69,16 @@ class TestCipherContext(object): encryptor = cipher.encryptor() encryptor.update(b"a" * 16) encryptor.finalize() - with pytest.raises(ValueError): + with pytest.raises(AlreadyFinalized): encryptor.update(b"b" * 16) - with pytest.raises(ValueError): + with pytest.raises(AlreadyFinalized): encryptor.finalize() decryptor = cipher.decryptor() decryptor.update(b"a" * 16) decryptor.finalize() - with pytest.raises(ValueError): + with pytest.raises(AlreadyFinalized): decryptor.update(b"b" * 16) - with pytest.raises(ValueError): + with pytest.raises(AlreadyFinalized): decryptor.finalize() def test_unaligned_block_encryption(self, backend): @@ -90,10 +103,45 @@ class TestCipherContext(object): def test_nonexistent_cipher(self, backend): cipher = Cipher( - object(), object(), backend + DummyCipher(), object(), backend ) with pytest.raises(UnsupportedAlgorithm): cipher.encryptor() with pytest.raises(UnsupportedAlgorithm): cipher.decryptor() + + def test_incorrectly_padded(self, backend): + cipher = Cipher( + algorithms.AES(b"\x00" * 16), + modes.CBC(b"\x00" * 16), + backend + ) + encryptor = cipher.encryptor() + encryptor.update(b"1") + with pytest.raises(ValueError): + encryptor.finalize() + + decryptor = cipher.decryptor() + decryptor.update(b"1") + with pytest.raises(ValueError): + decryptor.finalize() + + +class TestAEADCipherContext(object): + test_aead_exceptions = generate_aead_exception_test( + algorithms.AES, + modes.GCM, + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", + ) + test_aead_tag_exceptions = generate_aead_tag_exception_test( + algorithms.AES, + modes.GCM, + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", + ) diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index a7f13823..d5fbed6f 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -19,53 +19,53 @@ import os from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test -from ...utils import load_nist_vectors_from_file +from ...utils import load_nist_vectors class TestBlowfish(object): test_ECB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ecb.txt"], lambda key: algorithms.Blowfish(binascii.unhexlify(key)), lambda key: modes.ECB(), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.ECB() ), skip_message="Does not support Blowfish ECB", ) test_CBC = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cbc.txt"], lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), lambda key, iv: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) ), skip_message="Does not support Blowfish CBC", ) test_OFB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ofb.txt"], lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), lambda key, iv: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) ), skip_message="Does not support Blowfish OFB", ) test_CFB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cfb.txt"], lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)), lambda key, iv: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) ), skip_message="Does not support Blowfish CFB", diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index e1be5d1d..a2c935d9 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -20,13 +20,13 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test from ...utils import ( - load_cryptrec_vectors_from_file, load_openssl_vectors_from_file + load_cryptrec_vectors, load_openssl_vectors ) class TestCamellia(object): test_ECB = generate_encrypt_test( - load_cryptrec_vectors_from_file, + load_cryptrec_vectors, os.path.join("ciphers", "Camellia"), [ "camellia-128-ecb.txt", @@ -35,43 +35,43 @@ class TestCamellia(object): ], lambda key: algorithms.Camellia(binascii.unhexlify((key))), lambda key: modes.ECB(), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.ECB() ), skip_message="Does not support Camellia ECB", ) test_CBC = generate_encrypt_test( - load_openssl_vectors_from_file, + load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cbc.txt"], lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), lambda key, iv: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) ), skip_message="Does not support Camellia CBC", ) test_OFB = generate_encrypt_test( - load_openssl_vectors_from_file, + load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-ofb.txt"], lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), lambda key, iv: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) ), skip_message="Does not support Camellia OFB", ) test_CFB = generate_encrypt_test( - load_openssl_vectors_from_file, + load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cfb.txt"], lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)), lambda key, iv: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) ), skip_message="Does not support Camellia CFB", diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index b2988437..a283dafc 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -19,19 +19,17 @@ import os from cryptography.hazmat.primitives.ciphers import algorithms, modes from .utils import generate_encrypt_test -from ...utils import load_nist_vectors_from_file +from ...utils import load_nist_vectors class TestCAST5(object): test_ECB = generate_encrypt_test( - lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + load_nist_vectors, os.path.join("ciphers", "CAST5"), - [ - "cast5-ecb.txt", - ], + ["cast5-ecb.txt"], lambda key: algorithms.CAST5(binascii.unhexlify((key))), lambda key: modes.ECB(), - only_if=lambda backend: backend.ciphers.supported( + only_if=lambda backend: backend.cipher_supported( algorithms.CAST5("\x00" * 16), modes.ECB() ), skip_message="Does not support CAST5 ECB", diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index dfafab3f..653f7ce6 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Camellia, TripleDES, Blowfish, CAST5 + AES, Camellia, TripleDES, Blowfish, CAST5, ARC4 ) @@ -91,3 +91,22 @@ class TestCAST5(object): def test_invalid_key_size(self): with pytest.raises(ValueError): CAST5(binascii.unhexlify(b"0" * 34)) + + +class TestARC4(object): + @pytest.mark.parametrize(("key", "keysize"), [ + (b"0" * 10, 40), + (b"0" * 14, 56), + (b"0" * 16, 64), + (b"0" * 20, 80), + (b"0" * 32, 128), + (b"0" * 48, 192), + (b"0" * 64, 256), + ]) + def test_key_size(self, key, keysize): + cipher = ARC4(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + ARC4(binascii.unhexlify(b"0" * 34)) diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index fca839c7..a8655812 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -18,108 +18,108 @@ import os from cryptography.hazmat.primitives import hashes from .utils import generate_hash_test, generate_long_string_hash_test -from ...utils import load_hash_vectors_from_file +from ...utils import load_hash_vectors class TestSHA1(object): test_SHA1 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "SHA1"), [ "SHA1LongMsg.rsp", "SHA1ShortMsg.rsp", ], hashes.SHA1(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA1), + only_if=lambda backend: backend.hash_supported(hashes.SHA1), skip_message="Does not support SHA1", ) class TestSHA224(object): test_SHA224 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "SHA2"), [ "SHA224LongMsg.rsp", "SHA224ShortMsg.rsp", ], hashes.SHA224(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA224), + only_if=lambda backend: backend.hash_supported(hashes.SHA224), skip_message="Does not support SHA224", ) class TestSHA256(object): test_SHA256 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "SHA2"), [ "SHA256LongMsg.rsp", "SHA256ShortMsg.rsp", ], hashes.SHA256(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA256), + only_if=lambda backend: backend.hash_supported(hashes.SHA256), skip_message="Does not support SHA256", ) class TestSHA384(object): test_SHA384 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "SHA2"), [ "SHA384LongMsg.rsp", "SHA384ShortMsg.rsp", ], hashes.SHA384(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA384), + only_if=lambda backend: backend.hash_supported(hashes.SHA384), skip_message="Does not support SHA384", ) class TestSHA512(object): test_SHA512 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "SHA2"), [ "SHA512LongMsg.rsp", "SHA512ShortMsg.rsp", ], hashes.SHA512(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA512), + only_if=lambda backend: backend.hash_supported(hashes.SHA512), skip_message="Does not support SHA512", ) class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "ripemd160"), [ "ripevectors.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) test_RIPEMD160_long_string = generate_long_string_hash_test( hashes.RIPEMD160(), "52783243c1697bdbe16d37f97f68f08325dc1528", - only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) class TestWhirlpool(object): test_whirlpool = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "whirlpool"), [ "iso-test-vectors.txt", ], hashes.Whirlpool(), - only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool), + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), skip_message="Does not support Whirlpool", ) @@ -128,19 +128,19 @@ class TestWhirlpool(object): ("0c99005beb57eff50a7cf005560ddf5d29057fd86b2" "0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b" "66c34ff9ad8c6008ad677f77126953b226e4ed8b01"), - only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool), + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), skip_message="Does not support Whirlpool", ) class TestMD5(object): test_md5 = generate_hash_test( - load_hash_vectors_from_file, + load_hash_vectors, os.path.join("hashes", "MD5"), [ "rfc-1321.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hashes.supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5), skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 07ab2489..ff42e8f4 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -19,7 +19,7 @@ import pytest import six -from cryptography.hazmat.bindings import _default_backend +from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.primitives import hashes from .utils import generate_base_hash_test @@ -32,24 +32,30 @@ class TestHashContext(object): m.update(six.u("\u00FC")) def test_copy_backend_object(self): - pretend_hashes = pretend.stub(copy_ctx=lambda a: "copiedctx") - pretend_backend = pretend.stub(hashes=pretend_hashes) - pretend_ctx = pretend.stub() + pretend_backend = pretend.stub() + copied_ctx = pretend.stub() + pretend_ctx = pretend.stub(copy=lambda: copied_ctx) h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is h._backend - def test_default_backend_creation(self): - """ - This test assumes the presence of SHA1 in the default backend. - """ - h = hashes.Hash(hashes.SHA1()) - assert h._backend is _default_backend - - def test_hash_algorithm_instance(self): + def test_hash_algorithm_instance(self, backend): with pytest.raises(TypeError): - hashes.Hash(hashes.SHA1) + hashes.Hash(hashes.SHA1, backend=backend) + + def test_raises_after_finalize(self, backend): + h = hashes.Hash(hashes.SHA1(), backend=backend) + h.finalize() + + with pytest.raises(AlreadyFinalized): + h.update(b"foo") + + with pytest.raises(AlreadyFinalized): + h.copy() + + with pytest.raises(AlreadyFinalized): + h.finalize() class TestSHA1(object): @@ -57,7 +63,7 @@ class TestSHA1(object): hashes.SHA1(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.SHA1), + only_if=lambda backend: backend.hash_supported(hashes.SHA1), skip_message="Does not support SHA1", ) @@ -67,7 +73,7 @@ class TestSHA224(object): hashes.SHA224(), digest_size=28, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.SHA224), + only_if=lambda backend: backend.hash_supported(hashes.SHA224), skip_message="Does not support SHA224", ) @@ -77,7 +83,7 @@ class TestSHA256(object): hashes.SHA256(), digest_size=32, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.SHA256), + only_if=lambda backend: backend.hash_supported(hashes.SHA256), skip_message="Does not support SHA256", ) @@ -87,7 +93,7 @@ class TestSHA384(object): hashes.SHA384(), digest_size=48, block_size=128, - only_if=lambda backend: backend.hashes.supported(hashes.SHA384), + only_if=lambda backend: backend.hash_supported(hashes.SHA384), skip_message="Does not support SHA384", ) @@ -97,7 +103,7 @@ class TestSHA512(object): hashes.SHA512(), digest_size=64, block_size=128, - only_if=lambda backend: backend.hashes.supported(hashes.SHA512), + only_if=lambda backend: backend.hash_supported(hashes.SHA512), skip_message="Does not support SHA512", ) @@ -107,7 +113,7 @@ class TestRIPEMD160(object): hashes.RIPEMD160(), digest_size=20, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) @@ -117,7 +123,7 @@ class TestWhirlpool(object): hashes.Whirlpool(), digest_size=64, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool), + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), skip_message="Does not support Whirlpool", ) @@ -127,6 +133,6 @@ class TestMD5(object): hashes.MD5(), digest_size=16, block_size=64, - only_if=lambda backend: backend.hashes.supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5), skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index a44838cf..992bcb1a 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -19,6 +19,7 @@ import pytest import six +from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.primitives import hashes, hmac from .utils import generate_base_hmac_test @@ -27,7 +28,7 @@ from .utils import generate_base_hmac_test class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), - only_if=lambda backend: backend.hashes.supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5), skip_message="Does not support MD5", ) @@ -37,14 +38,28 @@ class TestHMAC(object): h.update(six.u("\u00FC")) def test_copy_backend_object(self): - pretend_hmac = pretend.stub(copy_ctx=lambda a: True) + pretend_hmac = pretend.stub() pretend_backend = pretend.stub(hmacs=pretend_hmac) - pretend_ctx = pretend.stub() + copied_ctx = pretend.stub() + pretend_ctx = pretend.stub(copy=lambda: copied_ctx) h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend, ctx=pretend_ctx) assert h._backend is pretend_backend assert h.copy()._backend is pretend_backend - def test_hmac_algorithm_instance(self): + def test_hmac_algorithm_instance(self, backend): with pytest.raises(TypeError): - hmac.HMAC(b"key", hashes.SHA1) + hmac.HMAC(b"key", hashes.SHA1, backend=backend) + + def test_raises_after_finalize(self, backend): + h = hmac.HMAC(b"key", hashes.SHA1(), backend=backend) + h.finalize() + + with pytest.raises(AlreadyFinalized): + h.update(b"foo") + + with pytest.raises(AlreadyFinalized): + h.copy() + + with pytest.raises(AlreadyFinalized): + h.finalize() diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 52d592b6..7d0f156a 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -16,95 +16,95 @@ from __future__ import absolute_import, division, print_function from cryptography.hazmat.primitives import hashes from .utils import generate_hmac_test -from ...utils import load_hash_vectors_from_file +from ...utils import load_hash_vectors class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hashes.supported(hashes.MD5), + only_if=lambda backend: backend.hash_supported(hashes.MD5), skip_message="Does not support MD5", ) class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA1), + only_if=lambda backend: backend.hash_supported(hashes.SHA1), skip_message="Does not support SHA1", ) class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA224), + only_if=lambda backend: backend.hash_supported(hashes.SHA224), skip_message="Does not support SHA224", ) class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA256), + only_if=lambda backend: backend.hash_supported(hashes.SHA256), skip_message="Does not support SHA256", ) class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA384), + only_if=lambda backend: backend.hash_supported(hashes.SHA384), skip_message="Does not support SHA384", ) class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hashes.supported(hashes.SHA512), + only_if=lambda backend: backend.hash_supported(hashes.SHA512), skip_message="Does not support SHA512", ) class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( - load_hash_vectors_from_file, + load_hash_vectors, "HMAC", [ "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py index d7247e67..c39364c7 100644 --- a/tests/hazmat/primitives/test_utils.py +++ b/tests/hazmat/primitives/test_utils.py @@ -2,7 +2,8 @@ import pytest from .utils import ( base_hash_test, encrypt_test, hash_test, long_string_hash_test, - base_hmac_test, hmac_test + base_hmac_test, hmac_test, stream_encryption_test, aead_test, + aead_exception_test, aead_tag_exception_test, ) @@ -17,6 +18,39 @@ class TestEncryptTest(object): assert exc_info.value.args[0] == "message!" +class TestAEADTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + aead_test( + None, None, None, None, + only_if=lambda backend: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" + + +class TestAEADExceptionTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + aead_exception_test( + None, None, None, + only_if=lambda backend: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" + + +class TestAEADTagExceptionTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + aead_tag_exception_test( + None, None, None, + only_if=lambda backend: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" + + class TestHashTest(object): def test_skips_if_only_if_returns_false(self): with pytest.raises(pytest.skip.Exception) as exc_info: @@ -70,3 +104,14 @@ class TestBaseHMACTest(object): skip_message="message!" ) assert exc_info.value.args[0] == "message!" + + +class TestStreamEncryptionTest(object): + def test_skips_if_only_if_returns_false(self): + with pytest.raises(pytest.skip.Exception) as exc_info: + stream_encryption_test( + None, None, None, + only_if=lambda backend: False, + skip_message="message!" + ) + assert exc_info.value.args[0] == "message!" diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index e6e97d1d..705983a0 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -4,9 +4,13 @@ import os import pytest from cryptography.hazmat.bindings import _ALL_BACKENDS -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives import hmac +from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher +from cryptography.exceptions import ( + AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag, +) + +from ...utils import load_vectors_from_file def generate_encrypt_test(param_loader, path, file_names, cipher_factory, @@ -15,7 +19,10 @@ def generate_encrypt_test(param_loader, path, file_names, cipher_factory, def test_encryption(self): for backend in _ALL_BACKENDS: for file_name in file_names: - for params in param_loader(os.path.join(path, file_name)): + for params in load_vectors_from_file( + os.path.join(path, file_name), + param_loader + ): yield ( encrypt_test, backend, @@ -37,7 +44,7 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, cipher = Cipher( cipher_factory(**params), mode_factory(**params), - backend + backend=backend ) encryptor = cipher.encryptor() actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext)) @@ -49,12 +56,123 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, assert actual_plaintext == binascii.unhexlify(plaintext) +def generate_aead_test(param_loader, path, file_names, cipher_factory, + mode_factory, only_if, skip_message): + def test_aead(self): + for backend in _ALL_BACKENDS: + for file_name in file_names: + for params in load_vectors_from_file( + os.path.join(path, file_name), + param_loader + ): + yield ( + aead_test, + backend, + cipher_factory, + mode_factory, + params, + only_if, + skip_message + ) + return test_aead + + +def aead_test(backend, cipher_factory, mode_factory, params, only_if, + skip_message): + if not only_if(backend): + pytest.skip(skip_message) + if params.get("pt") is not None: + plaintext = params.pop("pt") + ciphertext = params.pop("ct") + aad = params.pop("aad") + if params.get("fail") is True: + cipher = Cipher( + cipher_factory(binascii.unhexlify(params["key"])), + mode_factory(binascii.unhexlify(params["iv"]), + binascii.unhexlify(params["tag"])), + backend + ) + decryptor = cipher.decryptor() + decryptor.authenticate_additional_data(binascii.unhexlify(aad)) + actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext)) + with pytest.raises(InvalidTag): + decryptor.finalize() + else: + cipher = Cipher( + cipher_factory(binascii.unhexlify(params["key"])), + mode_factory(binascii.unhexlify(params["iv"]), None), + backend + ) + encryptor = cipher.encryptor() + encryptor.authenticate_additional_data(binascii.unhexlify(aad)) + actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext)) + actual_ciphertext += encryptor.finalize() + tag_len = len(params["tag"]) + assert binascii.hexlify(encryptor.tag)[:tag_len] == params["tag"] + cipher = Cipher( + cipher_factory(binascii.unhexlify(params["key"])), + mode_factory(binascii.unhexlify(params["iv"]), + binascii.unhexlify(params["tag"])), + backend + ) + decryptor = cipher.decryptor() + decryptor.authenticate_additional_data(binascii.unhexlify(aad)) + actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext)) + actual_plaintext += decryptor.finalize() + assert actual_plaintext == binascii.unhexlify(plaintext) + + +def generate_stream_encryption_test(param_loader, path, file_names, + cipher_factory, only_if=None, + skip_message=None): + def test_stream_encryption(self): + for backend in _ALL_BACKENDS: + for file_name in file_names: + for params in load_vectors_from_file( + os.path.join(path, file_name), + param_loader + ): + yield ( + stream_encryption_test, + backend, + cipher_factory, + params, + only_if, + skip_message + ) + return test_stream_encryption + + +def stream_encryption_test(backend, cipher_factory, params, only_if, + skip_message): + if not only_if(backend): + pytest.skip(skip_message) + plaintext = params.pop("plaintext") + ciphertext = params.pop("ciphertext") + offset = params.pop("offset") + cipher = Cipher(cipher_factory(**params), None, backend=backend) + encryptor = cipher.encryptor() + # throw away offset bytes + encryptor.update(b"\x00" * int(offset)) + actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext)) + actual_ciphertext += encryptor.finalize() + assert actual_ciphertext == binascii.unhexlify(ciphertext) + decryptor = cipher.decryptor() + decryptor.update(b"\x00" * int(offset)) + actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext)) + actual_plaintext += decryptor.finalize() + assert actual_plaintext == binascii.unhexlify(plaintext) + + def generate_hash_test(param_loader, path, file_names, hash_cls, only_if=None, skip_message=None): def test_hash(self): for backend in _ALL_BACKENDS: for file_name in file_names: - for params in param_loader(os.path.join(path, file_name)): + for params in load_vectors_from_file( + os.path.join(path, file_name), + param_loader + ): yield ( hash_test, backend, @@ -105,6 +223,12 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, assert m != m_copy assert m._ctx != m_copy._ctx + m.update(b"abc") + copy = m.copy() + copy.update(b"123") + m.update(b"123") + assert copy.finalize() == m.finalize() + def generate_long_string_hash_test(hash_factory, md, only_if=None, skip_message=None): @@ -134,7 +258,10 @@ def generate_hmac_test(param_loader, path, file_names, algorithm, def test_hmac(self): for backend in _ALL_BACKENDS: for file_name in file_names: - for params in param_loader(os.path.join(path, file_name)): + for params in load_vectors_from_file( + os.path.join(path, file_name), + param_loader + ): yield ( hmac_test, backend, @@ -152,7 +279,7 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): msg = params[0] md = params[1] key = params[2] - h = hmac.HMAC(binascii.unhexlify(key), algorithm) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) h.update(binascii.unhexlify(msg)) assert h.finalize() == binascii.unhexlify(md.encode("ascii")) @@ -174,7 +301,90 @@ def base_hmac_test(backend, algorithm, only_if, skip_message): if only_if is not None and not only_if(backend): pytest.skip(skip_message) key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm) + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) h_copy = h.copy() assert h != h_copy assert h._ctx != h_copy._ctx + + +def generate_aead_exception_test(cipher_factory, mode_factory, + only_if, skip_message): + def test_aead_exception(self): + for backend in _ALL_BACKENDS: + yield ( + aead_exception_test, + backend, + cipher_factory, + mode_factory, + only_if, + skip_message + ) + return test_aead_exception + + +def aead_exception_test(backend, cipher_factory, mode_factory, + only_if, skip_message): + if not only_if(backend): + pytest.skip(skip_message) + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24)), + backend + ) + encryptor = cipher.encryptor() + encryptor.update(b"a" * 16) + with pytest.raises(NotYetFinalized): + encryptor.tag + with pytest.raises(AlreadyUpdated): + encryptor.authenticate_additional_data(b"b" * 16) + encryptor.finalize() + with pytest.raises(AlreadyFinalized): + encryptor.authenticate_additional_data(b"b" * 16) + with pytest.raises(AlreadyFinalized): + encryptor.update(b"b" * 16) + with pytest.raises(AlreadyFinalized): + encryptor.finalize() + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16), + backend + ) + decryptor = cipher.decryptor() + decryptor.update(b"a" * 16) + with pytest.raises(AttributeError): + decryptor.tag + + +def generate_aead_tag_exception_test(cipher_factory, mode_factory, + only_if, skip_message): + def test_aead_tag_exception(self): + for backend in _ALL_BACKENDS: + yield ( + aead_tag_exception_test, + backend, + cipher_factory, + mode_factory, + only_if, + skip_message + ) + return test_aead_tag_exception + + +def aead_tag_exception_test(backend, cipher_factory, mode_factory, + only_if, skip_message): + if not only_if(backend): + pytest.skip(skip_message) + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24)), + backend + ) + with pytest.raises(ValueError): + cipher.decryptor() + cipher = Cipher( + cipher_factory(binascii.unhexlify(b"0" * 32)), + mode_factory(binascii.unhexlify(b"0" * 24), b"0" * 16), + backend + ) + with pytest.raises(ValueError): + cipher.encryptor() |