From 1050ddf44f0713a587cd0ba239e23c95064a39bc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 27 Jan 2014 21:04:03 -0600 Subject: PBKDF2 support for OpenSSL backend --- tests/conftest.py | 3 ++- tests/hazmat/primitives/test_pbkdf2_vectors.py | 37 ++++++++++++++++++++++++++ tests/hazmat/primitives/utils.py | 25 +++++++++++++++++ tests/utils.py | 4 +++ 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 tests/hazmat/primitives/test_pbkdf2_vectors.py (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index a9acb54a..7370294f 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,7 +2,7 @@ import pytest from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.backends.interfaces import ( - HMACBackend, CipherBackend, HashBackend + HMACBackend, CipherBackend, HashBackend, PBKDF2Backend ) from .utils import check_for_iface, check_backend_support, select_backends @@ -21,6 +21,7 @@ def pytest_runtest_setup(item): check_for_iface("hmac", HMACBackend, item) check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) + check_for_iface("pbkdf2", PBKDF2Backend, item) check_backend_support(item) diff --git a/tests/hazmat/primitives/test_pbkdf2_vectors.py b/tests/hazmat/primitives/test_pbkdf2_vectors.py new file mode 100644 index 00000000..e6e3935f --- /dev/null +++ b/tests/hazmat/primitives/test_pbkdf2_vectors.py @@ -0,0 +1,37 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pytest + +from cryptography.hazmat.primitives import hashes + +from .utils import generate_pbkdf2_test +from ...utils import load_nist_vectors + + +@pytest.mark.supported( + only_if=lambda backend: backend.pbkdf2_hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1 for PBKDF2", +) +@pytest.mark.pbkdf2 +class TestPBKDF2_SHA1(object): + test_pbkdf2_sha1 = generate_pbkdf2_test( + load_nist_vectors, + "KDF", + [ + "rfc-6070-PBKDF2-SHA1.txt", + ], + hashes.SHA1(), + ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index f27afe41..3a1d6d88 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -4,6 +4,7 @@ import os import pytest from cryptography.hazmat.primitives import hashes, hmac +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2 from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.exceptions import ( AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag, @@ -211,6 +212,30 @@ def hmac_test(backend, algorithm, params): assert h.finalize() == binascii.unhexlify(md.encode("ascii")) +def generate_pbkdf2_test(param_loader, path, file_names, algorithm): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_pbkdf2(self, backend, params): + pbkdf2_test(backend, algorithm, params) + return test_pbkdf2 + + +def pbkdf2_test(backend, algorithm, params): + # Password and salt can contain \0, which should be loaded as a null char. + # The NIST loader loads them as literal strings so we replace with the + # proper value. + kdf = PBKDF2( + algorithm, + int(params["length"]), + params["salt"], + int(params["iterations"]), + backend + ) + derived_key = kdf.derive(params["password"]) + assert binascii.hexlify(derived_key) == params["derived_key"] + + def generate_aead_exception_test(cipher_factory, mode_factory): def test_aead_exception(self, backend): aead_exception_test(backend, cipher_factory, mode_factory) diff --git a/tests/utils.py b/tests/utils.py index 507bc421..5c0e524f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -89,6 +89,10 @@ def load_nist_vectors(vector_data): # Build our data using a simple Key = Value format name, value = [c.strip() for c in line.split("=")] + # Some tests (PBKDF2) contain \0, which should be interpreted as a + # null character rather than literal. + value = value.replace("\\0", "\0") + # COUNT is a special token that indicates a new block of data if name.upper() == "COUNT": test_data = {} -- cgit v1.2.3 From 6f2a04b4cf3cb938cdd58205a4fc7e8ddb6af299 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 28 Jan 2014 12:05:51 -0600 Subject: test coverage, other changes --- tests/hazmat/primitives/test_pbkdf2.py | 63 ++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 tests/hazmat/primitives/test_pbkdf2.py (limited to 'tests') diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py new file mode 100644 index 00000000..6dd10129 --- /dev/null +++ b/tests/hazmat/primitives/test_pbkdf2.py @@ -0,0 +1,63 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pytest + +from cryptography import utils +from cryptography.exceptions import ( + InvalidKey, UnsupportedAlgorithm, AlreadyFinalized +) +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2 +from cryptography.hazmat.backends import default_backend + + +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + +class TestPBKDF2(object): + def test_already_finalized(self): + kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf.derive(b"password") + with pytest.raises(AlreadyFinalized): + kdf.derive(b"password2") + + kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + key = kdf.derive(b"password") + with pytest.raises(AlreadyFinalized): + kdf.verify(b"password", key) + + kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf.verify(b"password", key) + with pytest.raises(AlreadyFinalized): + kdf.verify(b"password", key) + + def test_unsupported_algorithm(self): + with pytest.raises(UnsupportedAlgorithm): + PBKDF2(UnsupportedDummyHash(), 20, b"salt", 10, default_backend()) + + def test_invalid_key(self): + kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + key = kdf.derive(b"password") + + kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + with pytest.raises(InvalidKey): + kdf.verify(b"password2", key) + + def test_salt_too_long(self): + with pytest.raises(ValueError): + PBKDF2(hashes.SHA1(), 2**31, b"salt", 10, default_backend()) -- cgit v1.2.3 From 695313ff7cb1a7026a2624b8c61d495978d6f41c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 28 Jan 2014 13:13:48 -0600 Subject: remove length check (which cffi handles) --- tests/hazmat/primitives/test_pbkdf2.py | 4 ---- 1 file changed, 4 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py index 6dd10129..4d15d7a7 100644 --- a/tests/hazmat/primitives/test_pbkdf2.py +++ b/tests/hazmat/primitives/test_pbkdf2.py @@ -57,7 +57,3 @@ class TestPBKDF2(object): kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) with pytest.raises(InvalidKey): kdf.verify(b"password2", key) - - def test_salt_too_long(self): - with pytest.raises(ValueError): - PBKDF2(hashes.SHA1(), 2**31, b"salt", 10, default_backend()) -- cgit v1.2.3 From 1277bc7e993dec8bbe64f1b5aeaaae6cff6429dd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 28 Jan 2014 17:09:59 -0600 Subject: okay this time really finish the rename. Up example iterations to 100k --- tests/conftest.py | 4 ++-- tests/hazmat/primitives/test_pbkdf2.py | 20 ++++++++++---------- tests/hazmat/primitives/test_pbkdf2_vectors.py | 8 ++++---- tests/hazmat/primitives/utils.py | 4 ++-- 4 files changed, 18 insertions(+), 18 deletions(-) (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 7370294f..ecad1b23 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,7 +2,7 @@ import pytest from cryptography.hazmat.backends import _ALL_BACKENDS from cryptography.hazmat.backends.interfaces import ( - HMACBackend, CipherBackend, HashBackend, PBKDF2Backend + HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend ) from .utils import check_for_iface, check_backend_support, select_backends @@ -21,7 +21,7 @@ def pytest_runtest_setup(item): check_for_iface("hmac", HMACBackend, item) check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) - check_for_iface("pbkdf2", PBKDF2Backend, item) + check_for_iface("pbkdf2hmac", PBKDF2HMACBackend, item) check_backend_support(item) diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py index 4d15d7a7..41123557 100644 --- a/tests/hazmat/primitives/test_pbkdf2.py +++ b/tests/hazmat/primitives/test_pbkdf2.py @@ -20,40 +20,40 @@ from cryptography.exceptions import ( InvalidKey, UnsupportedAlgorithm, AlreadyFinalized ) from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2 +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.backends import default_backend @utils.register_interface(interfaces.HashAlgorithm) -class UnsupportedDummyHash(object): - name = "unsupported-dummy-hash" +class DummyHash(object): + name = "dummy-hash" -class TestPBKDF2(object): +class TestPBKDF2HMAC(object): def test_already_finalized(self): - kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) kdf.derive(b"password") with pytest.raises(AlreadyFinalized): kdf.derive(b"password2") - kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) key = kdf.derive(b"password") with pytest.raises(AlreadyFinalized): kdf.verify(b"password", key) - kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) kdf.verify(b"password", key) with pytest.raises(AlreadyFinalized): kdf.verify(b"password", key) def test_unsupported_algorithm(self): with pytest.raises(UnsupportedAlgorithm): - PBKDF2(UnsupportedDummyHash(), 20, b"salt", 10, default_backend()) + PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) def test_invalid_key(self): - kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) key = kdf.derive(b"password") - kdf = PBKDF2(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) with pytest.raises(InvalidKey): kdf.verify(b"password2", key) diff --git a/tests/hazmat/primitives/test_pbkdf2_vectors.py b/tests/hazmat/primitives/test_pbkdf2_vectors.py index e6e3935f..cbd4cc9d 100644 --- a/tests/hazmat/primitives/test_pbkdf2_vectors.py +++ b/tests/hazmat/primitives/test_pbkdf2_vectors.py @@ -22,11 +22,11 @@ from ...utils import load_nist_vectors @pytest.mark.supported( - only_if=lambda backend: backend.pbkdf2_hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1 for PBKDF2", + only_if=lambda backend: backend.pbkdf2_hmac_supported(hashes.SHA1()), + skip_message="Does not support SHA1 for PBKDF2HMAC", ) -@pytest.mark.pbkdf2 -class TestPBKDF2_SHA1(object): +@pytest.mark.pbkdf2hmac +class TestPBKDF2HMAC_SHA1(object): test_pbkdf2_sha1 = generate_pbkdf2_test( load_nist_vectors, "KDF", diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 3a1d6d88..6b1d055d 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -4,7 +4,7 @@ import os import pytest from cryptography.hazmat.primitives import hashes, hmac -from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2 +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.exceptions import ( AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag, @@ -225,7 +225,7 @@ def pbkdf2_test(backend, algorithm, params): # Password and salt can contain \0, which should be loaded as a null char. # The NIST loader loads them as literal strings so we replace with the # proper value. - kdf = PBKDF2( + kdf = PBKDF2HMAC( algorithm, int(params["length"]), params["salt"], -- cgit v1.2.3 From 5c8ea70ca7a36a0e090640b329bd9931232b7b23 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 28 Jan 2014 19:23:01 -0600 Subject: add some unicode checks for salt on init and key_material on derive --- tests/hazmat/primitives/test_pbkdf2.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py index 41123557..6ad225a8 100644 --- a/tests/hazmat/primitives/test_pbkdf2.py +++ b/tests/hazmat/primitives/test_pbkdf2.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import pytest +import six from cryptography import utils from cryptography.exceptions import ( @@ -57,3 +58,12 @@ class TestPBKDF2HMAC(object): kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) with pytest.raises(InvalidKey): kdf.verify(b"password2", key) + + def test_unicode_error_with_salt(self): + with pytest.raises(TypeError): + PBKDF2HMAC(hashes.SHA1(), 20, six.u("salt"), 10, default_backend()) + + def test_unicode_error_with_key_material(self): + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + with pytest.raises(TypeError): + kdf.derive(six.u("unicode here")) -- cgit v1.2.3 From 2e8617bea70e1b29b4138f591c2264041f5b1099 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 28 Jan 2014 19:27:06 -0600 Subject: rename test files --- tests/hazmat/primitives/test_pbkdf2.py | 69 ---------------------- tests/hazmat/primitives/test_pbkdf2_vectors.py | 37 ------------ tests/hazmat/primitives/test_pbkdf2hmac.py | 69 ++++++++++++++++++++++ tests/hazmat/primitives/test_pbkdf2hmac_vectors.py | 37 ++++++++++++ 4 files changed, 106 insertions(+), 106 deletions(-) delete mode 100644 tests/hazmat/primitives/test_pbkdf2.py delete mode 100644 tests/hazmat/primitives/test_pbkdf2_vectors.py create mode 100644 tests/hazmat/primitives/test_pbkdf2hmac.py create mode 100644 tests/hazmat/primitives/test_pbkdf2hmac_vectors.py (limited to 'tests') diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py deleted file mode 100644 index 6ad225a8..00000000 --- a/tests/hazmat/primitives/test_pbkdf2.py +++ /dev/null @@ -1,69 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import pytest -import six - -from cryptography import utils -from cryptography.exceptions import ( - InvalidKey, UnsupportedAlgorithm, AlreadyFinalized -) -from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC -from cryptography.hazmat.backends import default_backend - - -@utils.register_interface(interfaces.HashAlgorithm) -class DummyHash(object): - name = "dummy-hash" - - -class TestPBKDF2HMAC(object): - def test_already_finalized(self): - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - kdf.derive(b"password") - with pytest.raises(AlreadyFinalized): - kdf.derive(b"password2") - - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - key = kdf.derive(b"password") - with pytest.raises(AlreadyFinalized): - kdf.verify(b"password", key) - - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - kdf.verify(b"password", key) - with pytest.raises(AlreadyFinalized): - kdf.verify(b"password", key) - - def test_unsupported_algorithm(self): - with pytest.raises(UnsupportedAlgorithm): - PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) - - def test_invalid_key(self): - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - key = kdf.derive(b"password") - - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - with pytest.raises(InvalidKey): - kdf.verify(b"password2", key) - - def test_unicode_error_with_salt(self): - with pytest.raises(TypeError): - PBKDF2HMAC(hashes.SHA1(), 20, six.u("salt"), 10, default_backend()) - - def test_unicode_error_with_key_material(self): - kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) - with pytest.raises(TypeError): - kdf.derive(six.u("unicode here")) diff --git a/tests/hazmat/primitives/test_pbkdf2_vectors.py b/tests/hazmat/primitives/test_pbkdf2_vectors.py deleted file mode 100644 index cbd4cc9d..00000000 --- a/tests/hazmat/primitives/test_pbkdf2_vectors.py +++ /dev/null @@ -1,37 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import pytest - -from cryptography.hazmat.primitives import hashes - -from .utils import generate_pbkdf2_test -from ...utils import load_nist_vectors - - -@pytest.mark.supported( - only_if=lambda backend: backend.pbkdf2_hmac_supported(hashes.SHA1()), - skip_message="Does not support SHA1 for PBKDF2HMAC", -) -@pytest.mark.pbkdf2hmac -class TestPBKDF2HMAC_SHA1(object): - test_pbkdf2_sha1 = generate_pbkdf2_test( - load_nist_vectors, - "KDF", - [ - "rfc-6070-PBKDF2-SHA1.txt", - ], - hashes.SHA1(), - ) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py new file mode 100644 index 00000000..6ad225a8 --- /dev/null +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -0,0 +1,69 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pytest +import six + +from cryptography import utils +from cryptography.exceptions import ( + InvalidKey, UnsupportedAlgorithm, AlreadyFinalized +) +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from cryptography.hazmat.backends import default_backend + + +@utils.register_interface(interfaces.HashAlgorithm) +class DummyHash(object): + name = "dummy-hash" + + +class TestPBKDF2HMAC(object): + def test_already_finalized(self): + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf.derive(b"password") + with pytest.raises(AlreadyFinalized): + kdf.derive(b"password2") + + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + key = kdf.derive(b"password") + with pytest.raises(AlreadyFinalized): + kdf.verify(b"password", key) + + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + kdf.verify(b"password", key) + with pytest.raises(AlreadyFinalized): + kdf.verify(b"password", key) + + def test_unsupported_algorithm(self): + with pytest.raises(UnsupportedAlgorithm): + PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) + + def test_invalid_key(self): + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + key = kdf.derive(b"password") + + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + with pytest.raises(InvalidKey): + kdf.verify(b"password2", key) + + def test_unicode_error_with_salt(self): + with pytest.raises(TypeError): + PBKDF2HMAC(hashes.SHA1(), 20, six.u("salt"), 10, default_backend()) + + def test_unicode_error_with_key_material(self): + kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) + with pytest.raises(TypeError): + kdf.derive(six.u("unicode here")) diff --git a/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py b/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py new file mode 100644 index 00000000..cbd4cc9d --- /dev/null +++ b/tests/hazmat/primitives/test_pbkdf2hmac_vectors.py @@ -0,0 +1,37 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pytest + +from cryptography.hazmat.primitives import hashes + +from .utils import generate_pbkdf2_test +from ...utils import load_nist_vectors + + +@pytest.mark.supported( + only_if=lambda backend: backend.pbkdf2_hmac_supported(hashes.SHA1()), + skip_message="Does not support SHA1 for PBKDF2HMAC", +) +@pytest.mark.pbkdf2hmac +class TestPBKDF2HMAC_SHA1(object): + test_pbkdf2_sha1 = generate_pbkdf2_test( + load_nist_vectors, + "KDF", + [ + "rfc-6070-PBKDF2-SHA1.txt", + ], + hashes.SHA1(), + ) -- cgit v1.2.3 From 6fb1a5a99d3742763961d907c9f297f89f2f0b91 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 29 Jan 2014 13:44:07 -0600 Subject: add test for null char replacement --- tests/test_utils.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'tests') diff --git a/tests/test_utils.py b/tests/test_utils.py index f852f3ab..8ecb33f9 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -180,6 +180,25 @@ def test_load_nist_vectors(): ] +def test_load_nist_vectors_with_null_chars(): + vector_data = textwrap.dedent(""" + COUNT = 0 + KEY = thing\\0withnulls + + COUNT = 1 + KEY = 00000000000000000000000000000000 + """).splitlines() + + assert load_nist_vectors(vector_data) == [ + { + "key": b"thing\x00withnulls", + }, + { + "key": b"00000000000000000000000000000000", + }, + ] + + def test_load_cryptrec_vectors(): vector_data = textwrap.dedent(""" # Vectors taken from http://info.isl.ntt.co.jp/crypt/eng/camellia/ -- cgit v1.2.3