# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import binascii
import pytest
from cryptography.hazmat.backends.interfaces import CipherBackend
from cryptography.hazmat.primitives import keywrap
@pytest.mark.requires_backend_interface(interface=CipherBackend)
@pytest.mark.wycheproof_tests("kwp_test.json")
def test_keywrap_with_padding(backend, wycheproof):
wrapping_key = binascii.unhexlify(wycheproof.testcase["key"])
key_to_wrap = binascii.unhexlify(wycheproof.testcase["msg"])
expected = binascii.unhexlify(wycheproof.testcase["ct"])
result = keywrap.aes_key_wrap_with_padding(
wrapping_key, key_to_wrap, backend
)
if wycheproof.valid or wycheproof.acceptable:
assert result == expected
if wycheproof.valid or (wycheproof.acceptable and not len(expected) < 16):
result = keywrap.aes_key_unwrap_with_padding(
wrapping_key, expected, backend
)
assert result == key_to_wrap
else:
with pytest.raises(keywrap.InvalidUnwrap):
keywrap.aes_key_unwrap_with_padding(
wrapping_key, expected, backend
)
@pytest.mark.requires_backend_interface(interface=CipherBackend)
@pytest.mark.wycheproof_tests("kw_test.json")
def test_keywrap(backend, wycheproof):
wrapping_key = binascii.unhexlify(wycheproof.testcase["key"])
key_to_wrap = binascii.unhexlify(wycheproof.testcase["msg"])
expected = binascii.unhexlify(wycheproof.testcase["ct"])
if (
wycheproof.valid or (
wycheproof.acceptable and
wycheproof.testcase["comment"] != "invalid size of wrapped key"
)
):
result = keywrap.aes_key_wrap(wrapping_key, key_to_wrap, backend)
assert result == expected
if wycheproof.valid or wycheproof.acceptable:
result = keywrap.aes_key_unwrap(wrapping_key, expected, backend)
assert result == key_to_wrap
else:
with pytest.raises(keywrap.InvalidUnwrap):
keywrap.aes_key_unwrap(wrapping_key, expected, backend)