aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/hazmat/backends/test_openssl.py8
-rw-r--r--tests/hazmat/bindings/test_commoncrypto.py15
-rw-r--r--tests/hazmat/bindings/test_openssl.py19
-rw-r--r--tests/hazmat/bindings/test_utils.py30
-rw-r--r--tests/hazmat/primitives/test_concatkdf.py251
5 files changed, 265 insertions, 58 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 867c5dd6..b35e7670 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -482,14 +482,18 @@ class TestOpenSSLSerialisationWithOpenSSL(object):
)
+class DummyLibrary(object):
+ Cryptography_HAS_EC = 0
+
+
class TestOpenSSLEllipticCurve(object):
def test_elliptic_curve_supported(self, monkeypatch):
- monkeypatch.setattr(backend._lib, "Cryptography_HAS_EC", 0)
+ monkeypatch.setattr(backend, "_lib", DummyLibrary())
assert backend.elliptic_curve_supported(None) is False
def test_elliptic_curve_signature_algorithm_supported(self, monkeypatch):
- monkeypatch.setattr(backend._lib, "Cryptography_HAS_EC", 0)
+ monkeypatch.setattr(backend, "_lib", DummyLibrary())
assert backend.elliptic_curve_signature_algorithm_supported(
None, None
diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py
index a86a1fab..b0a2dc43 100644
--- a/tests/hazmat/bindings/test_commoncrypto.py
+++ b/tests/hazmat/bindings/test_commoncrypto.py
@@ -6,22 +6,21 @@ from __future__ import absolute_import, division, print_function
import pytest
-from cryptography.hazmat.backends import _available_backends
-from cryptography.hazmat.bindings.commoncrypto.binding import Binding
+
+ccbinding = pytest.importorskip(
+ "cryptography.hazmat.bindings.commoncrypto.binding"
+)
-@pytest.mark.skipif("commoncrypto" not in
- [i.name for i in _available_backends()],
- reason="CommonCrypto not available")
class TestCommonCrypto(object):
def test_binding_loads(self):
- binding = Binding()
+ binding = ccbinding.Binding()
assert binding
assert binding.lib
assert binding.ffi
def test_binding_returns_same_lib(self):
- binding = Binding()
- binding2 = Binding()
+ binding = ccbinding.Binding()
+ binding2 = ccbinding.Binding()
assert binding.lib == binding2.lib
assert binding.ffi == binding2.ffi
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index 8cc81cdc..e6d6fc45 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -6,9 +6,7 @@ from __future__ import absolute_import, division, print_function
import pytest
-from cryptography.hazmat.bindings.openssl.binding import (
- Binding, _get_libraries, _get_windows_libraries
-)
+from cryptography.hazmat.bindings.openssl.binding import Binding
class TestOpenSSL(object):
@@ -133,18 +131,3 @@ class TestOpenSSL(object):
expected_options = current_options | b.lib.SSL_OP_ALL
assert resp == expected_options
assert b.lib.SSL_get_mode(ssl) == expected_options
-
- def test_libraries(self, monkeypatch):
- assert _get_libraries("darwin") == ["ssl", "crypto"]
- monkeypatch.setenv('PYCA_WINDOWS_LINK_TYPE', 'static')
- assert "ssleay32mt" in _get_libraries("win32")
-
- def test_windows_static_dynamic_libraries(self):
- assert "ssleay32mt" in _get_windows_libraries("static")
-
- assert "ssleay32mt" in _get_windows_libraries("")
-
- assert "ssleay32" in _get_windows_libraries("dynamic")
-
- with pytest.raises(ValueError):
- _get_windows_libraries("notvalid")
diff --git a/tests/hazmat/bindings/test_utils.py b/tests/hazmat/bindings/test_utils.py
deleted file mode 100644
index 13d5d1cb..00000000
--- a/tests/hazmat/bindings/test_utils.py
+++ /dev/null
@@ -1,30 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import binascii
-import os
-
-import pytest
-
-from cryptography.hazmat.bindings import utils
-
-
-def test_create_modulename():
- cdef_source = "cdef sources go here"
- source = "source code"
- name = utils._create_modulename(cdef_source, source, "2.7")
- assert name == "_Cryptography_cffi_bcba7f4bx4a14b588"
- name = utils._create_modulename(cdef_source, source, "3.2")
- assert name == "_Cryptography_cffi_a7462526x4a14b588"
-
-
-def test_implicit_compile_explodes():
- # This uses a random comment to make sure each test gets its own hash
- random_comment = binascii.hexlify(os.urandom(24))
- ffi = utils.build_ffi("/* %s */" % random_comment, "")
-
- with pytest.raises(RuntimeError):
- ffi.verifier.load_library()
diff --git a/tests/hazmat/primitives/test_concatkdf.py b/tests/hazmat/primitives/test_concatkdf.py
new file mode 100644
index 00000000..27e5460e
--- /dev/null
+++ b/tests/hazmat/primitives/test_concatkdf.py
@@ -0,0 +1,251 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import pytest
+
+from cryptography.exceptions import (
+ AlreadyFinalized, InvalidKey, _Reasons
+)
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.backends.interfaces import HashBackend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.concatkdf import ConcatKDFHMAC
+from cryptography.hazmat.primitives.kdf.concatkdf import ConcatKDFHash
+
+from ...utils import raises_unsupported_algorithm
+
+
+@pytest.mark.requires_backend_interface(interface=HashBackend)
+class TestConcatKDFHash(object):
+ def test_length_limit(self, backend):
+ big_length = hashes.SHA256().digest_size * (2 ** 32 - 1) + 1
+
+ with pytest.raises(ValueError):
+ ConcatKDFHash(hashes.SHA256(), big_length, None, backend)
+
+ def test_already_finalized(self, backend):
+ ckdf = ConcatKDFHash(hashes.SHA256(), 16, None, backend)
+
+ ckdf.derive(b"\x01" * 16)
+
+ with pytest.raises(AlreadyFinalized):
+ ckdf.derive(b"\x02" * 16)
+
+ def test_derive(self, backend):
+ prk = binascii.unhexlify(
+ b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
+ )
+
+ okm = binascii.unhexlify(b"1c3bc9e7c4547c5191c0d478cccaed55")
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
+ b"46f72971f292badaa2fe4124612cba"
+ )
+
+ ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
+
+ assert ckdf.derive(prk) == okm
+
+ def test_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
+ )
+
+ okm = binascii.unhexlify(b"1c3bc9e7c4547c5191c0d478cccaed55")
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
+ b"46f72971f292badaa2fe4124612cba"
+ )
+
+ ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
+
+ assert ckdf.verify(prk, okm) is None
+
+ def test_invalid_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
+ )
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
+ b"46f72971f292badaa2fe4124612cba"
+ )
+
+ ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
+
+ with pytest.raises(InvalidKey):
+ ckdf.verify(prk, b"wrong key")
+
+ def test_unicode_typeerror(self, backend):
+ with pytest.raises(TypeError):
+ ConcatKDFHash(
+ hashes.SHA256(),
+ 16,
+ otherinfo=u"foo",
+ backend=backend
+ )
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHash(
+ hashes.SHA256(),
+ 16,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.derive(u"foo")
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHash(
+ hashes.SHA256(),
+ 16,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.verify(u"foo", b"bar")
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHash(
+ hashes.SHA256(),
+ 16,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.verify(b"foo", u"bar")
+
+
+@pytest.mark.requires_backend_interface(interface=HMACBackend)
+class TestConcatKDFHMAC(object):
+ def test_length_limit(self, backend):
+ big_length = hashes.SHA256().digest_size * (2 ** 32 - 1) + 1
+
+ with pytest.raises(ValueError):
+ ConcatKDFHMAC(hashes.SHA256(), big_length, None, None, backend)
+
+ def test_already_finalized(self, backend):
+ ckdf = ConcatKDFHMAC(hashes.SHA256(), 16, None, None, backend)
+
+ ckdf.derive(b"\x01" * 16)
+
+ with pytest.raises(AlreadyFinalized):
+ ckdf.derive(b"\x02" * 16)
+
+ def test_derive(self, backend):
+ prk = binascii.unhexlify(
+ b"013951627c1dea63ea2d7702dd24e963eef5faac6b4af7e4"
+ b"b831cde499dff1ce45f6179f741c728aa733583b02409208"
+ b"8f0af7fce1d045edbc5790931e8d5ca79c73"
+ )
+
+ okm = binascii.unhexlify(b"64ce901db10d558661f10b6836a122a7"
+ b"605323ce2f39bf27eaaac8b34cf89f2f")
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e55e600be5f367e0e8a465f4bf2704db00c9325c"
+ b"9fbd216d12b49160b2ae5157650f43415653696421e68e"
+ )
+
+ ckdf = ConcatKDFHMAC(hashes.SHA512(), 32, None, oinfo, backend)
+
+ assert ckdf.derive(prk) == okm
+
+ def test_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"013951627c1dea63ea2d7702dd24e963eef5faac6b4af7e4"
+ b"b831cde499dff1ce45f6179f741c728aa733583b02409208"
+ b"8f0af7fce1d045edbc5790931e8d5ca79c73"
+ )
+
+ okm = binascii.unhexlify(b"64ce901db10d558661f10b6836a122a7"
+ b"605323ce2f39bf27eaaac8b34cf89f2f")
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e55e600be5f367e0e8a465f4bf2704db00c9325c"
+ b"9fbd216d12b49160b2ae5157650f43415653696421e68e"
+ )
+
+ ckdf = ConcatKDFHMAC(hashes.SHA512(), 32, None, oinfo, backend)
+
+ assert ckdf.verify(prk, okm) is None
+
+ def test_invalid_verify(self, backend):
+ prk = binascii.unhexlify(
+ b"013951627c1dea63ea2d7702dd24e963eef5faac6b4af7e4"
+ b"b831cde499dff1ce45f6179f741c728aa733583b02409208"
+ b"8f0af7fce1d045edbc5790931e8d5ca79c73"
+ )
+
+ oinfo = binascii.unhexlify(
+ b"a1b2c3d4e55e600be5f367e0e8a465f4bf2704db00c9325c"
+ b"9fbd216d12b49160b2ae5157650f43415653696421e68e"
+ )
+
+ ckdf = ConcatKDFHMAC(hashes.SHA512(), 32, None, oinfo, backend)
+
+ with pytest.raises(InvalidKey):
+ ckdf.verify(prk, b"wrong key")
+
+ def test_unicode_typeerror(self, backend):
+ with pytest.raises(TypeError):
+ ConcatKDFHMAC(
+ hashes.SHA256(),
+ 16, salt=u"foo",
+ otherinfo=None,
+ backend=backend
+ )
+
+ with pytest.raises(TypeError):
+ ConcatKDFHMAC(
+ hashes.SHA256(),
+ 16, salt=None,
+ otherinfo=u"foo",
+ backend=backend
+ )
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHMAC(
+ hashes.SHA256(),
+ 16, salt=None,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.derive(u"foo")
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHMAC(
+ hashes.SHA256(),
+ 16, salt=None,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.verify(u"foo", b"bar")
+
+ with pytest.raises(TypeError):
+ ckdf = ConcatKDFHMAC(
+ hashes.SHA256(),
+ 16, salt=None,
+ otherinfo=None,
+ backend=backend
+ )
+
+ ckdf.verify(b"foo", u"bar")
+
+
+def test_invalid_backend():
+ pretend_backend = object()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ ConcatKDFHash(hashes.SHA256(), 16, None, pretend_backend)
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ ConcatKDFHMAC(hashes.SHA256(), 16, None, None, pretend_backend)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 12:43:16 +0000