aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/hazmat/backends/test_multibackend.py107
-rw-r--r--tests/hazmat/primitives/test_rsa.py37
2 files changed, 127 insertions, 17 deletions
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 93d58483..64dc062c 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -18,12 +18,12 @@ from cryptography.exceptions import (
UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
- CMACBackend, CipherBackend, DSABackend, HMACBackend, HashBackend,
- PBKDF2HMACBackend, RSABackend
+ CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend,
+ HashBackend, PBKDF2HMACBackend, RSABackend
)
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.primitives import cmac, hashes, hmac
-from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.primitives.asymmetric import ec, padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from ...utils import raises_unsupported_algorithm
@@ -154,6 +154,41 @@ class DummyCMACBackend(object):
raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER)
+@utils.register_interface(EllipticCurveBackend)
+class DummyEllipticCurveBackend(object):
+ def __init__(self, supported_curves):
+ self._curves = supported_curves
+
+ def elliptic_curve_supported(self, curve):
+ return any(
+ isinstance(curve, curve_type)
+ for curve_type in self._curves
+ )
+
+ def elliptic_curve_signature_algorithm_supported(
+ self, signature_algorithm, curve
+ ):
+ return (
+ isinstance(signature_algorithm, ec.ECDSA) and
+ any(
+ isinstance(curve, curve_type)
+ for curve_type in self._curves
+ )
+ )
+
+ def generate_elliptic_curve_private_key(self, curve):
+ if not self.elliptic_curve_supported(curve):
+ raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
+
+ def elliptic_curve_private_key_from_numbers(self, numbers):
+ if not self.elliptic_curve_supported(numbers.public_numbers.curve):
+ raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
+
+ def elliptic_curve_public_key_from_numbers(self, numbers):
+ if not self.elliptic_curve_supported(numbers.curve):
+ raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
+
+
class TestMultiBackend(object):
def test_ciphers(self):
backend = MultiBackend([
@@ -361,3 +396,69 @@ class TestMultiBackend(object):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cmac.CMAC(algorithms.TripleDES(fake_key), backend)
+
+ def test_elliptic_curve(self):
+ backend = MultiBackend([
+ DummyEllipticCurveBackend([
+ ec.SECT283K1
+ ])
+ ])
+
+ assert backend.elliptic_curve_supported(ec.SECT283K1()) is True
+
+ assert backend.elliptic_curve_signature_algorithm_supported(
+ ec.ECDSA(hashes.SHA256()),
+ ec.SECT283K1()
+ ) is True
+
+ backend.generate_elliptic_curve_private_key(ec.SECT283K1())
+
+ backend.elliptic_curve_private_key_from_numbers(
+ ec.EllipticCurvePrivateNumbers(
+ 1,
+ ec.EllipticCurvePublicNumbers(
+ 2,
+ 3,
+ ec.SECT283K1()
+ )
+ )
+ )
+
+ backend.elliptic_curve_public_key_from_numbers(
+ ec.EllipticCurvePublicNumbers(
+ 2,
+ 3,
+ ec.SECT283K1()
+ )
+ )
+
+ assert backend.elliptic_curve_supported(ec.SECT163K1()) is False
+
+ assert backend.elliptic_curve_signature_algorithm_supported(
+ ec.ECDSA(hashes.SHA256()),
+ ec.SECT163K1()
+ ) is False
+
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
+ backend.generate_elliptic_curve_private_key(ec.SECT163K1())
+
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
+ backend.elliptic_curve_private_key_from_numbers(
+ ec.EllipticCurvePrivateNumbers(
+ 1,
+ ec.EllipticCurvePublicNumbers(
+ 2,
+ 3,
+ ec.SECT163K1()
+ )
+ )
+ )
+
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
+ backend.elliptic_curve_public_key_from_numbers(
+ ec.EllipticCurvePublicNumbers(
+ 2,
+ 3,
+ ec.SECT163K1()
+ )
+ )
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 610fa625..8f10fb10 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -97,32 +97,38 @@ class TestRSA(object):
)
)
def test_generate_rsa_keys(self, backend, public_exponent, key_size):
- skey = rsa.RSAPrivateKey.generate(public_exponent, key_size, backend)
+ skey = rsa.generate_private_key(public_exponent, key_size, backend)
_check_rsa_private_key(skey)
assert skey.key_size == key_size
assert skey.public_exponent == public_exponent
+ def test_generate_rsa_key_class_method(self, backend):
+ skey = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ _check_rsa_private_key(skey)
+ assert skey.key_size == 512
+ assert skey.public_exponent == 65537
+
def test_generate_bad_public_exponent(self, backend):
with pytest.raises(ValueError):
- rsa.RSAPrivateKey.generate(public_exponent=1,
- key_size=2048,
- backend=backend)
+ rsa.generate_private_key(public_exponent=1,
+ key_size=2048,
+ backend=backend)
with pytest.raises(ValueError):
- rsa.RSAPrivateKey.generate(public_exponent=4,
- key_size=2048,
- backend=backend)
+ rsa.generate_private_key(public_exponent=4,
+ key_size=2048,
+ backend=backend)
def test_cant_generate_insecure_tiny_key(self, backend):
with pytest.raises(ValueError):
- rsa.RSAPrivateKey.generate(public_exponent=65537,
- key_size=511,
- backend=backend)
+ rsa.generate_private_key(public_exponent=65537,
+ key_size=511,
+ backend=backend)
with pytest.raises(ValueError):
- rsa.RSAPrivateKey.generate(public_exponent=65537,
- key_size=256,
- backend=backend)
+ rsa.generate_private_key(public_exponent=65537,
+ key_size=256,
+ backend=backend)
@pytest.mark.parametrize(
"pkcs1_example",
@@ -380,6 +386,9 @@ def test_rsa_generate_invalid_backend():
pretend_backend = object()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ rsa.generate_private_key(65537, 2048, pretend_backend)
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
@@ -966,7 +975,7 @@ class TestRSAVerification(object):
def test_rsa_verifier_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+ private_key = rsa.generate_private_key(65537, 2048, backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 16:18:01 +0000