tests/hazmat/primitives/test_asym_utils.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import absolute_import, division, print_function

import pytest

from cryptography.hazmat.primitives.asymmetric.utils import (
    decode_rfc6979_signature, encode_rfc6979_signature
)


def test_rfc6979_signature():
    sig = encode_rfc6979_signature(1, 1)
    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
    assert decode_rfc6979_signature(sig) == (1, 1)

    r_s1 = (
        1037234182290683143945502320610861668562885151617,
        559776156650501990899426031439030258256861634312
    )
    sig2 = encode_rfc6979_signature(*r_s1)
    assert sig2 == (
        b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
    )
    assert decode_rfc6979_signature(sig2) == r_s1

    sig3 = encode_rfc6979_signature(0, 0)
    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
    assert decode_rfc6979_signature(sig3) == (0, 0)

    sig4 = encode_rfc6979_signature(-1, 0)
    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
    assert decode_rfc6979_signature(sig4) == (-1, 0)


def test_encode_rfc6979_non_integer():
    with pytest.raises(ValueError):
        encode_rfc6979_signature("h", 3)

    with pytest.raises(ValueError):
        encode_rfc6979_signature("3", "2")

    with pytest.raises(ValueError):
        encode_rfc6979_signature(3, "h")

    with pytest.raises(ValueError):
        encode_rfc6979_signature(3.3, 1.2)

    with pytest.raises(ValueError):
        encode_rfc6979_signature("hello", "world")


def test_decode_rfc6979_trailing_bytes():
    with pytest.raises(ValueError):
        decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")


def test_decode_rfc6979_invalid_asn1():
    with pytest.raises(ValueError):
        # This byte sequence has an invalid ASN.1 sequence length as well as
        # an invalid integer length for the second integer.
        decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")

    with pytest.raises(ValueError):
        # This is the BER "end-of-contents octets," which older versions of
        # pyasn1 are wrongly willing to return from top-level DER decoding.
        decode_rfc6979_signature(b"\x00\x00")