aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/primitives/__init__.py0
-rw-r--r--tests/primitives/test_block.py59
-rw-r--r--tests/primitives/test_ciphers.py29
-rw-r--r--tests/primitives/test_nist.py196
-rw-r--r--tests/test_utils.py153
-rw-r--r--tests/utils.py15
6 files changed, 393 insertions, 59 deletions
diff --git a/tests/primitives/__init__.py b/tests/primitives/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/primitives/__init__.py
diff --git a/tests/primitives/test_block.py b/tests/primitives/test_block.py
new file mode 100644
index 00000000..aa670be3
--- /dev/null
+++ b/tests/primitives/test_block.py
@@ -0,0 +1,59 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import binascii
+
+import pytest
+
+from cryptography.primitives.block import BlockCipher, ciphers, modes, padding
+
+
+class TestBlockCipher(object):
+ def test_cipher_name(self):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(b"0" * 32)),
+ modes.CBC(binascii.unhexlify(b"0" * 32), padding.NoPadding())
+ )
+ assert cipher.name == "AES-128-CBC"
+
+ def test_use_after_finalize(self):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(b"0" * 32)),
+ modes.CBC(binascii.unhexlify(b"0" * 32), padding.NoPadding())
+ )
+ cipher.encrypt(b"a" * 16)
+ cipher.finalize()
+ with pytest.raises(ValueError):
+ cipher.encrypt(b"b" * 16)
+ with pytest.raises(ValueError):
+ cipher.finalize()
+
+ def test_encrypt_with_invalid_operation(self):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(b"0" * 32)),
+ modes.CBC(binascii.unhexlify(b"0" * 32), padding.NoPadding())
+ )
+ cipher._operation = "decrypt"
+
+ with pytest.raises(ValueError):
+ cipher.encrypt(b"b" * 16)
+
+ def test_finalize_with_invalid_operation(self):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(b"0" * 32)),
+ modes.CBC(binascii.unhexlify(b"0" * 32), padding.NoPadding())
+ )
+ cipher._operation = "wat"
+
+ with pytest.raises(ValueError):
+ cipher.encrypt(b"b" * 16)
diff --git a/tests/primitives/test_ciphers.py b/tests/primitives/test_ciphers.py
new file mode 100644
index 00000000..31b4275e
--- /dev/null
+++ b/tests/primitives/test_ciphers.py
@@ -0,0 +1,29 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import binascii
+
+import pytest
+
+from cryptography.primitives.block.ciphers import AES
+
+
+class TestAES(object):
+ @pytest.mark.parametrize(("key", "keysize"), [
+ (b"0" * 32, 128),
+ (b"0" * 48, 192),
+ (b"0" * 64, 256),
+ ])
+ def test_key_size(self, key, keysize):
+ cipher = AES(binascii.unhexlify(key))
+ assert cipher.key_size == keysize
diff --git a/tests/primitives/test_nist.py b/tests/primitives/test_nist.py
new file mode 100644
index 00000000..4452e936
--- /dev/null
+++ b/tests/primitives/test_nist.py
@@ -0,0 +1,196 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Test using the NIST Test Vectors
+"""
+import binascii
+import os
+
+import pytest
+
+from cryptography.primitives.block import BlockCipher, ciphers, modes, padding
+
+from ..utils import load_nist_vectors_from_file
+
+
+def parameterize_kat_encrypt(fname):
+ return pytest.mark.parametrize(("key", "iv", "plaintext", "ciphertext"),
+ load_nist_vectors_from_file(
+ os.path.join("AES/KAT/", fname),
+ "ENCRYPT",
+ ["key", "iv", "plaintext", "ciphertext"],
+ ),
+ )
+
+
+def paramterize_mmt_encrypt(fname):
+ return pytest.mark.parametrize(("key", "iv", "plaintext", "ciphertext"),
+ load_nist_vectors_from_file(
+ os.path.join("AES/MMT", fname),
+ "ENCRYPT",
+ ["key", "iv", "plaintext", "ciphertext"],
+ )
+ )
+
+
+class TestAES_CBC(object):
+ @parameterize_kat_encrypt("CBCGFSbox128.rsp")
+ def test_KAT_GFSbox_128_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCGFSbox192.rsp")
+ def test_KAT_GFSbox_192_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCGFSbox256.rsp")
+ def test_KAT_GFSbox_256_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCKeySbox128.rsp")
+ def test_KAT_KeySbox_128_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCKeySbox192.rsp")
+ def test_KAT_KeySbox_192_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCKeySbox256.rsp")
+ def test_KAT_KeySbox_256_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarKey128.rsp")
+ def test_KAT_VarKey_128_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarKey192.rsp")
+ def test_KAT_VarKey_192_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarKey256.rsp")
+ def test_KAT_VarKey_256_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarTxt128.rsp")
+ def test_KAT_VarTxt_128_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarTxt192.rsp")
+ def test_KAT_VarTxt_192_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @parameterize_kat_encrypt("CBCVarTxt256.rsp")
+ def test_KAT_VarTxt_256_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @paramterize_mmt_encrypt("CBCMMT128.rsp")
+ def test_MMT_128_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @paramterize_mmt_encrypt("CBCMMT192.rsp")
+ def test_MMT_192_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+ @paramterize_mmt_encrypt("CBCMMT256.rsp")
+ def test_MMT_256_encrypt(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.AES(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv), padding.NoPadding())
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext) == ciphertext
diff --git a/tests/test_utils.py b/tests/test_utils.py
index acb36d4c..fd56dd30 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -1,3 +1,16 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
import textwrap
from .utils import load_nist_vectors, load_nist_vectors_from_file
@@ -45,16 +58,16 @@ def test_load_nist_vectors_encrypt():
["key", "iv", "plaintext", "ciphertext"],
) == [
(
- "00000000000000000000000000000000",
- "00000000000000000000000000000000",
- "f34481ec3cc627bacd5dc3fb08f273e6",
- "0336763e966d92595a567cc9ce537f5e",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"f34481ec3cc627bacd5dc3fb08f273e6",
+ b"0336763e966d92595a567cc9ce537f5e",
),
(
- "00000000000000000000000000000000",
- "00000000000000000000000000000000",
- "9798c4640bad75c7c3227db910174e72",
- "a9a1631bf4996954ebc093957b234589",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"9798c4640bad75c7c3227db910174e72",
+ b"a9a1631bf4996954ebc093957b234589",
),
]
@@ -101,93 +114,117 @@ def test_load_nist_vectors_decrypt():
["key", "iv", "ciphertext", "plaintext"],
) == [
(
- "00000000000000000000000000000000",
- "00000000000000000000000000000000",
- "0336763e966d92595a567cc9ce537f5e",
- "f34481ec3cc627bacd5dc3fb08f273e6",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"0336763e966d92595a567cc9ce537f5e",
+ b"f34481ec3cc627bacd5dc3fb08f273e6",
),
(
- "00000000000000000000000000000000",
- "00000000000000000000000000000000",
- "a9a1631bf4996954ebc093957b234589",
- "9798c4640bad75c7c3227db910174e72",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"a9a1631bf4996954ebc093957b234589",
+ b"9798c4640bad75c7c3227db910174e72",
),
]
def test_load_nist_vectors_from_file_encrypt():
assert load_nist_vectors_from_file(
- "AES/KAT/CBCGFSbox256.rsp",
+ "AES/KAT/CBCGFSbox128.rsp",
"ENCRYPT",
["key", "iv", "plaintext", "ciphertext"],
) == [
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "014730f80ac625fe84f026c60bfd547d",
- "5c9d844ed46f9885085e5d6a4f94c7d7",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"f34481ec3cc627bacd5dc3fb08f273e6",
+ b"0336763e966d92595a567cc9ce537f5e",
+ ),
+ (
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"9798c4640bad75c7c3227db910174e72",
+ b"a9a1631bf4996954ebc093957b234589",
+ ),
+ (
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"96ab5c2ff612d9dfaae8c31f30c42168",
+ b"ff4f8391a6a40ca5b25d23bedd44a597",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "0b24af36193ce4665f2825d7b4749c98",
- "a9ff75bd7cf6613d3731c77c3b6d0c04",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"6a118a874519e64e9963798a503f1d35",
+ b"dc43be40be0e53712f7e2bf5ca707209",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "761c1fe41a18acf20d241650611d90f1",
- "623a52fcea5d443e48d9181ab32c7421",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"cb9fceec81286ca3e989bd979b0cb284",
+ b"92beedab1895a94faa69b632e5cc47ce",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "8a560769d605868ad80d819bdba03771",
- "38f2c7ae10612415d27ca190d27da8b4",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"b26aeb1874e47ca8358ff22378f09144",
+ b"459264f4798f6a78bacb89c15ed3d601",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "91fbef2d15a97816060bee1feaa49afe",
- "1bc704f1bce135ceb810341b216d7abe",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"58c8e00b2631686d54eab84b91f0aca1",
+ b"08a4e2efec8a8e3312ca7460b9040bbf",
),
]
def test_load_nist_vectors_from_file_decypt():
assert load_nist_vectors_from_file(
- "AES/KAT/CBCGFSbox256.rsp",
+ "AES/KAT/CBCGFSbox128.rsp",
"DECRYPT",
["key", "iv", "ciphertext", "plaintext"],
) == [
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "5c9d844ed46f9885085e5d6a4f94c7d7",
- "014730f80ac625fe84f026c60bfd547d",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"0336763e966d92595a567cc9ce537f5e",
+ b"f34481ec3cc627bacd5dc3fb08f273e6",
+ ),
+ (
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"a9a1631bf4996954ebc093957b234589",
+ b"9798c4640bad75c7c3227db910174e72",
+ ),
+ (
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"ff4f8391a6a40ca5b25d23bedd44a597",
+ b"96ab5c2ff612d9dfaae8c31f30c42168",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "a9ff75bd7cf6613d3731c77c3b6d0c04",
- "0b24af36193ce4665f2825d7b4749c98",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"dc43be40be0e53712f7e2bf5ca707209",
+ b"6a118a874519e64e9963798a503f1d35",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "623a52fcea5d443e48d9181ab32c7421",
- "761c1fe41a18acf20d241650611d90f1",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"92beedab1895a94faa69b632e5cc47ce",
+ b"cb9fceec81286ca3e989bd979b0cb284",
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "38f2c7ae10612415d27ca190d27da8b4",
- "8a560769d605868ad80d819bdba03771",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"459264f4798f6a78bacb89c15ed3d601",
+ b"b26aeb1874e47ca8358ff22378f09144"
),
(
- "0000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000",
- "1bc704f1bce135ceb810341b216d7abe",
- "91fbef2d15a97816060bee1feaa49afe",
+ b"00000000000000000000000000000000",
+ b"00000000000000000000000000000000",
+ b"08a4e2efec8a8e3312ca7460b9040bbf",
+ b"58c8e00b2631686d54eab84b91f0aca1"
),
]
diff --git a/tests/utils.py b/tests/utils.py
index 9fe35311..9362464e 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -1,3 +1,16 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
import os.path
@@ -35,7 +48,7 @@ def load_nist_vectors(vector_data, op, fields):
# We want to test only for a particular operation
return [
- tuple(vector[1][f] for f in fields)
+ tuple(vector[1][f].encode("ascii") for f in fields)
for vector in sorted(data[op].items(), key=lambda v: v[0])
]
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-09 23:52:39 +0000