You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 lines
3.8 KiB
115 lines
3.8 KiB
# This file is dual licensed under the terms of the Apache License, Version
|
|
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
# for complete details.
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
import binascii
|
|
|
|
import pytest
|
|
|
|
from cryptography.exceptions import UnsupportedAlgorithm
|
|
from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
|
|
from cryptography.hazmat.primitives import serialization
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
|
|
from ..hazmat.primitives.test_ec import _skip_exchange_algorithm_unsupported
|
|
|
|
|
|
_CURVES = {
|
|
"secp224r1": ec.SECP224R1(),
|
|
"secp256r1": ec.SECP256R1(),
|
|
"secp384r1": ec.SECP384R1(),
|
|
"secp521r1": ec.SECP521R1(),
|
|
"secp256k1": ec.SECP256K1(),
|
|
"brainpoolP224r1": None,
|
|
"brainpoolP256r1": ec.BrainpoolP256R1(),
|
|
"brainpoolP320r1": None,
|
|
"brainpoolP384r1": ec.BrainpoolP384R1(),
|
|
"brainpoolP512r1": ec.BrainpoolP512R1(),
|
|
"brainpoolP224t1": None,
|
|
"brainpoolP256t1": None,
|
|
"brainpoolP320t1": None,
|
|
"brainpoolP384t1": None,
|
|
"brainpoolP512t1": None,
|
|
}
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
|
|
@pytest.mark.wycheproof_tests(
|
|
"ecdh_test.json",
|
|
"ecdh_brainpoolP224r1_test.json",
|
|
"ecdh_brainpoolP256r1_test.json",
|
|
"ecdh_brainpoolP320r1_test.json",
|
|
"ecdh_brainpoolP384r1_test.json",
|
|
"ecdh_brainpoolP512r1_test.json",
|
|
"ecdh_secp224r1_test.json",
|
|
"ecdh_secp256k1_test.json",
|
|
"ecdh_secp256r1_test.json",
|
|
"ecdh_secp384r1_test.json",
|
|
"ecdh_secp521r1_test.json",
|
|
)
|
|
def test_ecdh(backend, wycheproof):
|
|
curve = _CURVES[wycheproof.testgroup["curve"]]
|
|
if curve is None:
|
|
pytest.skip(
|
|
"Unsupported curve ({})".format(wycheproof.testgroup["curve"])
|
|
)
|
|
_skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve)
|
|
|
|
private_key = ec.derive_private_key(
|
|
int(wycheproof.testcase["private"], 16), curve, backend
|
|
)
|
|
|
|
try:
|
|
public_key = serialization.load_der_public_key(
|
|
binascii.unhexlify(wycheproof.testcase["public"]), backend
|
|
)
|
|
except NotImplementedError:
|
|
assert wycheproof.has_flag("UnnamedCurve")
|
|
return
|
|
except ValueError:
|
|
assert wycheproof.invalid or wycheproof.acceptable
|
|
return
|
|
except UnsupportedAlgorithm:
|
|
return
|
|
|
|
if wycheproof.valid or wycheproof.acceptable:
|
|
computed_shared = private_key.exchange(ec.ECDH(), public_key)
|
|
expected_shared = binascii.unhexlify(wycheproof.testcase["shared"])
|
|
assert computed_shared == expected_shared
|
|
else:
|
|
with pytest.raises(ValueError):
|
|
private_key.exchange(ec.ECDH(), public_key)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
|
|
@pytest.mark.wycheproof_tests(
|
|
"ecdh_secp224r1_ecpoint_test.json",
|
|
"ecdh_secp256r1_ecpoint_test.json",
|
|
"ecdh_secp384r1_ecpoint_test.json",
|
|
"ecdh_secp521r1_ecpoint_test.json",
|
|
)
|
|
def test_ecdh_ecpoint(backend, wycheproof):
|
|
curve = _CURVES[wycheproof.testgroup["curve"]]
|
|
_skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve)
|
|
|
|
private_key = ec.derive_private_key(
|
|
int(wycheproof.testcase["private"], 16), curve, backend
|
|
)
|
|
|
|
if wycheproof.invalid:
|
|
with pytest.raises(ValueError):
|
|
ec.EllipticCurvePublicKey.from_encoded_point(
|
|
curve, binascii.unhexlify(wycheproof.testcase["public"])
|
|
)
|
|
return
|
|
|
|
assert wycheproof.valid or wycheproof.acceptable
|
|
public_key = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
curve, binascii.unhexlify(wycheproof.testcase["public"])
|
|
)
|
|
computed_shared = private_key.exchange(ec.ECDH(), public_key)
|
|
expected_shared = binascii.unhexlify(wycheproof.testcase["shared"])
|
|
assert computed_shared == expected_shared
|