From 04e783f5610d3983bb3cbdf82720d17a97c779a7 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 11 Sep 2014 18:27:56 +0100 Subject: Implemented support for loading EC private keys Loads Elliptic Curve private keys from .PEM files, whether encrypted or unencrypted, given that the encryption method is supported. Also included changes to the test files and documentation for said method. --- tests/hazmat/primitives/test_serialization.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'tests/hazmat') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 9333a6bd..4d32fba2 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -46,6 +46,29 @@ class TestPEMSerialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + def test_load_pem_ec_private_key_unencrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), None, backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) + + def test_load_pem_ec_private_key_encrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key_encrypted.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), b"123456", backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) @pytest.mark.traditional_openssl_serialization class TestTraditionalOpenSSLSerialization(object): -- cgit v1.2.3 From 84005936bc02bc928fc7901e08b7866bf808da6b Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 12 Sep 2014 10:03:56 +0100 Subject: Adjusted formatting and added EC check Due to the code failing the PEP-8 test, the test code has been reformatted so that there are two blank lines between the function and the next class, and the overlong line has been adjusted. Also added a check to the private key loading function to check for the Cryptography_HAS_EC field. This has been tested on Windows only. --- tests/hazmat/primitives/test_serialization.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests/hazmat') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 4d32fba2..77d748b3 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -61,7 +61,8 @@ class TestPEMSerialization(object): def test_load_pem_ec_private_key_encrypted(self, backend): key = load_vectors_from_file( os.path.join( - "asymmetric", "PEM_Serialization", "ec_private_key_encrypted.pem"), + "asymmetric", "PEM_Serialization", + "ec_private_key_encrypted.pem"), lambda pemfile: load_pem_private_key( pemfile.read().encode(), b"123456", backend ) @@ -70,6 +71,7 @@ class TestPEMSerialization(object): assert key assert isinstance(key, interfaces.EllipticCurvePrivateKey) + @pytest.mark.traditional_openssl_serialization class TestTraditionalOpenSSLSerialization(object): @pytest.mark.parametrize( -- cgit v1.2.3 From 909f8222a5ee23c558876a783741e38b3027f59d Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 12 Sep 2014 16:19:39 +0100 Subject: Changed EC curve type and add test markers Changed the Elliptic Curve curve type from secp256k1 to secp256r1, as this is supported, in an attempt to pass tests on CentOS 7; also added markers and methods to skip test functions for systems that do not support ECC. --- tests/hazmat/primitives/test_serialization.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/hazmat') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 77d748b3..cbcc772d 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -25,6 +25,10 @@ from cryptography.hazmat.primitives.serialization import ( load_pem_pkcs8_private_key, load_pem_private_key, load_pem_traditional_openssl_private_key ) +from tests.hazmat.primitives.test_ec import ( + _skip_curve_unsupported +) +from cryptography.hazmat.primitives.asymmetric import ec from .utils import _check_rsa_private_numbers, load_vectors_from_file from ...utils import raises_unsupported_algorithm @@ -46,7 +50,9 @@ class TestPEMSerialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + @pytest.mark.elliptic def test_load_pem_ec_private_key_unencrypted(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) key = load_vectors_from_file( os.path.join( "asymmetric", "PEM_Serialization", "ec_private_key.pem"), @@ -58,7 +64,9 @@ class TestPEMSerialization(object): assert key assert isinstance(key, interfaces.EllipticCurvePrivateKey) + @pytest.mark.elliptic def test_load_pem_ec_private_key_encrypted(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) key = load_vectors_from_file( os.path.join( "asymmetric", "PEM_Serialization", -- cgit v1.2.3 From ed2a510d39d87540fc9c3a2239a0cdd34c7bc7de Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 12 Sep 2014 16:56:32 +0100 Subject: Reorganised imports Swapped the order of the imports so that flake8 will see that they are correct, and changed the test import to be relative rather than absolute, as is the standard --- tests/hazmat/primitives/test_serialization.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'tests/hazmat') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index cbcc772d..8542408b 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -21,15 +21,14 @@ import pytest from cryptography.exceptions import _Reasons from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.serialization import ( load_pem_pkcs8_private_key, load_pem_private_key, load_pem_traditional_openssl_private_key ) -from tests.hazmat.primitives.test_ec import ( - _skip_curve_unsupported -) -from cryptography.hazmat.primitives.asymmetric import ec + +from .test_ec import _skip_curve_unsupported from .utils import _check_rsa_private_numbers, load_vectors_from_file from ...utils import raises_unsupported_algorithm -- cgit v1.2.3 From acda0445b1d22da120bbd46283e374887758c8b2 Mon Sep 17 00:00:00 2001 From: Michael Hart Date: Fri, 12 Sep 2014 23:21:32 +0100 Subject: Added PKCS8 encoded private keys to tests Generated two files with the same private key as PEM_Serialization's ec_private_key.pem, one unencrypted and one encrypted with "123456". Also changed existing PEMSerialization unit tests to take parameters so that tests can be extended easily. --- tests/hazmat/primitives/test_serialization.py | 48 +++++++++++++++++---------- 1 file changed, 30 insertions(+), 18 deletions(-) (limited to 'tests/hazmat') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 8542408b..7c912a92 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -49,29 +49,21 @@ class TestPEMSerialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + @pytest.mark.parametrize( + ("key_file", "password"), + [ + ("ec_private_key.pem", None), + ("ec_private_key_encrypted.pem", b"123456"), + ] + ) @pytest.mark.elliptic - def test_load_pem_ec_private_key_unencrypted(self, backend): - _skip_curve_unsupported(backend, ec.SECP256R1()) - key = load_vectors_from_file( - os.path.join( - "asymmetric", "PEM_Serialization", "ec_private_key.pem"), - lambda pemfile: load_pem_private_key( - pemfile.read().encode(), None, backend - ) - ) - - assert key - assert isinstance(key, interfaces.EllipticCurvePrivateKey) - - @pytest.mark.elliptic - def test_load_pem_ec_private_key_encrypted(self, backend): + def test_load_pem_ec_private_key(self, key_file, password, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) key = load_vectors_from_file( os.path.join( - "asymmetric", "PEM_Serialization", - "ec_private_key_encrypted.pem"), + "asymmetric", "PEM_Serialization", key_file), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), b"123456", backend + pemfile.read().encode(), password, backend ) ) @@ -335,6 +327,26 @@ class TestPKCS8Serialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + @pytest.mark.parametrize( + ("key_file", "password"), + [ + ("ec_private_key.pem", None), + ("ec_private_key_encrypted.pem", b"123456"), + ] + ) + @pytest.mark.elliptic + def test_load_pem_ec_private_key(self, key_file, password, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PKCS8", key_file), + lambda pemfile: load_pem_pkcs8_private_key( + pemfile.read().encode(), password, backend + ) + ) + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) + def test_unused_password(self, backend): key_file = os.path.join( "asymmetric", "PKCS8", "unencpkcs8.pem") -- cgit v1.2.3