summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeikki Toivonen <heikki@heikkitoivonen.net>2009-07-22 18:31:08 +0000
committerHeikki Toivonen <heikki@heikkitoivonen.net>2009-07-22 18:31:08 +0000
commit06ccede8b94472bafd2fd07508b4aed3378ba7e0 (patch)
treeb79424cb3b033e9be4386ea29fdd161df164f9d2
parentf03002846f0909b1432e284e446975f85963483a (diff)
downloadm2crypto-06ccede8b94472bafd2fd07508b4aed3378ba7e0.tar.gz
Bug 12742, better fix for FIPS mode issues by Miloslav Trmac.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@692 2715db39-9adf-0310-9c64-84f055769b4b
Diffstat
-rw-r--r--CHANGES4
-rw-r--r--tests/dhparams.pem5
-rw-r--r--tests/dsa.param.pem11
-rw-r--r--tests/dsa.priv.pem17
-rw-r--r--tests/dsa.pub.pem16
-rw-r--r--tests/rsa.priv.pem25
-rw-r--r--tests/rsa.priv2.pem32
-rw-r--r--tests/rsa.pub.pem6
-rw-r--r--tests/test_bio.py27
-rw-r--r--tests/test_dh.py10
-rw-r--r--tests/test_dsa.py8
-rw-r--r--tests/test_evp.py50
-rw-r--r--tests/test_rsa.py22
-rw-r--r--tests/test_ssl.py34
-rw-r--r--tests/test_x509.py12
15 files changed, 164 insertions, 115 deletions
diff --git a/CHANGES b/CHANGES
index 1f2c56f..fb83855 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,7 @@
0.20
----
- Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor
- is it being maintained
+ is it being maintained (if you do use it, please let me know)
- Added fedora_setup.sh to help work around differences on Fedora Core -based
distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac
- Added X509.load_request_bio and load_request_string, by Hartmut Goebel and
@@ -38,6 +38,8 @@
- SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7, smime_load_pkcs7_bio,
text_crlf, text_crlf_bio fixed to raise BIO.BIOError, SMIME.PKCS7_Error and
SMIME.SMIME_Error as appropriate instead of str
+- Added FIPS mode to unit tests, and used FIPS-compliant key sizes in other
+ tests, by Miloslav Trmac. Note that tests run much slower because of this!
- Unit tests cover 80% of the code
0.19.1 - 2008-10-12
diff --git a/tests/dhparams.pem b/tests/dhparams.pem
index 6b585b5..edb320a 100644
--- a/tests/dhparams.pem
+++ b/tests/dhparams.pem
@@ -1,4 +1,5 @@
-----BEGIN DH PARAMETERS-----
-MEYCQQDvbktzmJLagQnfNMxqrcFWw4nbxV1fQ1VvnEnqYn3qWfYAn1VZRptEcS3G
-f18KD5t1693IXcXn6n3e6wcJpa6LAgEC
+MIGHAoGBAIgAcu3gpJeO8aS6N+sTMa655BMzBNlK66q62VH9RqmHwFJSjjCs3ZsF
+aVsTkO3Mt0gULn1drXsK6Lc6pA8s0eQN8ggyEPVr6ND0jN2jr2qc1XlqD7jxzdxe
+igB66pLvrWvAulrGxg4QMsQjqcpwZZ2ndRpYSmErIi4M1r19nTgjAgEC
-----END DH PARAMETERS-----
diff --git a/tests/dsa.param.pem b/tests/dsa.param.pem
index 906871c..6300c4f 100644
--- a/tests/dsa.param.pem
+++ b/tests/dsa.param.pem
@@ -1,6 +1,9 @@
-----BEGIN DSA PARAMETERS-----
-MIGcAkEA5UAz0VLdCTWWn8avPHMjsgrO5HIPxa3TV8AexcFFgyZ+bO1tGXzUTLbG
-kgHEkLYVfr2Q6GkeoFlHSXjbj9OImwIVAISRjD+YqAYmH4VuZhVc+5CxKxy/AkA4
-6Lkjsc3BP1px1IR3+dLJ08EWh/d7/X6/RWfEd2vr9JfpnycmRtRTsVW46frHL3HY
-Ts35avQRXpqapoyHUCBV
+MIIBHgKBgQDqYu3smvs8KHBx4XX8otDHQUdtCyWKIRC52eQUSYeWejvdaqm11rIq
+QMFBJDnvicM4avyOIU2d/ZOfLzN7aXFw3Ep67amsLpj82N+n4lASUJwKdOJyzyLG
+9IS41RRek8B3lRAs/zqk1U6P5EaE/uIG4+avYmkSDpB4kmnRGhTYeQIVALKQpdTy
+uat9aoq9mFm8dVA2VxAhAoGAausAkdN4Hj6S5nfPMjJTnwV4u7hVY6b6eAZTJmxs
+ykr3XlKqM3PS0hKhjatp7f+mRNFxYvGrWPLAwnPOIp/iNn7lM7U41ceUj1O3KrD/
+Cg4LQ/bADvY48eytdjMLZDpL3Jwootfs4i8WIb0RnIxg8nClhkY2K2/+4voft+Xi
+DlA=
-----END DSA PARAMETERS-----
diff --git a/tests/dsa.priv.pem b/tests/dsa.priv.pem
index 8d5d97f..cd5578c 100644
--- a/tests/dsa.priv.pem
+++ b/tests/dsa.priv.pem
@@ -1,8 +1,9 @@
------BEGIN DSA PRIVATE KEY-----
-MIH4AgEAAkEA0NGZ0GRXdPLh/0c980Ot8ZbfV/DvJ19ZzsDhKXRxNNw36Ms4lb9Y
-ZMnJ1CliIDkpHx8sXEak0vkdeB2efGGBPQIVAJY7PF7CiA+jj+t3EyHf/sgVagPP
-AkEApkvDehftx8Kt+3GRsYkEgcKqsU6tue+QQOFOFYsCbMq/3rxIEKk0q1PqHfid
-+BsMiEY4FFmF5BqmgGAf6+V9twJATbbgPKi/EboVrtBdkTM52LSCQHPa/CEcj322
-0s5Ix1dwojdQaNpq6HhCm6+g9SXPENy9I/PK85YnawI4A6w1pQIULRB2HSm1X14c
-+guvmhIobv6wE50=
------END DSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAOpi7eya+zwocHHhdfyi0MdBR20L
+JYohELnZ5BRJh5Z6O91qqbXWsipAwUEkOe+Jwzhq/I4hTZ39k58vM3tpcXDcSnrt
+qawumPzY36fiUBJQnAp04nLPIsb0hLjVFF6TwHeVECz/OqTVTo/kRoT+4gbj5q9i
+aRIOkHiSadEaFNh5AhUAspCl1PK5q31qir2YWbx1UDZXECECgYBq6wCR03gePpLm
+d88yMlOfBXi7uFVjpvp4BlMmbGzKSvdeUqozc9LSEqGNq2nt/6ZE0XFi8atY8sDC
+c84in+I2fuUztTjVx5SPU7cqsP8KDgtD9sAO9jjx7K12MwtkOkvcnCii1+ziLxYh
+vRGcjGDycKWGRjYrb/7i+h+35eIOUAQWAhQ/vK8oLKHdEu7W77fbZ3+jQvvt6Q==
+-----END PRIVATE KEY-----
diff --git a/tests/dsa.pub.pem b/tests/dsa.pub.pem
index 4fe3dd9..34c8d45 100644
--- a/tests/dsa.pub.pem
+++ b/tests/dsa.pub.pem
@@ -1,8 +1,12 @@
-----BEGIN PUBLIC KEY-----
-MIHxMIGpBgcqhkjOOAQBMIGdAkEA0NGZ0GRXdPLh/0c980Ot8ZbfV/DvJ19ZzsDh
-KXRxNNw36Ms4lb9YZMnJ1CliIDkpHx8sXEak0vkdeB2efGGBPQIVAJY7PF7CiA+j
-j+t3EyHf/sgVagPPAkEApkvDehftx8Kt+3GRsYkEgcKqsU6tue+QQOFOFYsCbMq/
-3rxIEKk0q1PqHfid+BsMiEY4FFmF5BqmgGAf6+V9twNDAAJATbbgPKi/EboVrtBd
-kTM52LSCQHPa/CEcj3220s5Ix1dwojdQaNpq6HhCm6+g9SXPENy9I/PK85YnawI4
-A6w1pQ==
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAOpi7eya+zwocHHhdfyi0MdBR20LJYoh
+ELnZ5BRJh5Z6O91qqbXWsipAwUEkOe+Jwzhq/I4hTZ39k58vM3tpcXDcSnrtqawu
+mPzY36fiUBJQnAp04nLPIsb0hLjVFF6TwHeVECz/OqTVTo/kRoT+4gbj5q9iaRIO
+kHiSadEaFNh5AhUAspCl1PK5q31qir2YWbx1UDZXECECgYBq6wCR03gePpLmd88y
+MlOfBXi7uFVjpvp4BlMmbGzKSvdeUqozc9LSEqGNq2nt/6ZE0XFi8atY8sDCc84i
+n+I2fuUztTjVx5SPU7cqsP8KDgtD9sAO9jjx7K12MwtkOkvcnCii1+ziLxYhvRGc
+jGDycKWGRjYrb/7i+h+35eIOUAOBhQACgYEAmYO4Qss7pYq3vAEj5qj35A1gsOeC
+rGxvu8w9Dj8jACuz0IHOTq+vFbnB6p30rdloMU7Ci4NHPWqOVmWCFcXxkFgJMJld
+sBbkdbGnhPI80sWJGouUYofHFG4pK0QoMeDZKgg7OgwH8EnmQM+W9KDZYJRSuU4+
+6F6hQkmkwAKAXkU=
-----END PUBLIC KEY-----
diff --git a/tests/rsa.priv.pem b/tests/rsa.priv.pem
index ed34db6..0b8b163 100644
--- a/tests/rsa.priv.pem
+++ b/tests/rsa.priv.pem
@@ -1,9 +1,16 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBANQNY7RD9BarYRsmMazM1hd7a+u3QeMPFZQ7Ic+BmmeWHvvVP4Yj
-yu1t6vAut7mKkaDeKbT3yiGVUgAEUaWMXqECAwEAAQJAIHCz8h37N4ScZHThYJgt
-oIYHKpZsg/oIyRaKw54GKxZq5f7YivcWoZ8j7IQ65lHVH3gmaqKOvqdAVVt5imKZ
-KQIhAPPsr9i3FxU+Mac0pvQKhFVJUzAFfKiG3ulVUdHgAaw/AiEA3ozHKzfZWKxH
-gs8v8ZQ/FnfI7DwYYhJC0YsXb6NSvR8CIHymwLo73mTxsogjBQqDcVrwLL3GoAyz
-V6jf+/8HvXMbAiEAj1b3FVQEboOQD6WoyJ1mQO9n/xf50HjYhqRitOnp6ZsCIQDS
-AvkvYKc6LG8IANmVv93g1dyKZvU/OQkAZepqHZB2MQ==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAM1lIRXaaLVgzlvW
+F2S6OMFJsfG+coZLx9qzmNb2gK6qjyGa71HeaLvFmQFv60dPjpuaGPs2uhL88hcN
+JAChGiD8LxNpVW0EEw+RRH6/CBlDGuKjkSaPz8zzpEhSZq/yGb0F4zaau1HINnwo
+rYPyRXWyRUzfpEB/7mx8/FUD24knAgMBAAECgYAaInsSP8dBBP9c+iHh5DwihBEL
+VJNX+T6F2oJhH96B2xv5R7CZ9zXWZq8wWqBSY5IexH3XQUBt+BeJzVc+aUFcpKLM
+D1O3OZ8NwC9HGIY0sLeX+uawYdFAPJfF8BZ8x3LMxWA8jdJM+4/P3C3jh2EvyzLT
+HQ1rXBPrLkH45xJQSQJBAPPfSiObRvbeJvkgE0z5SqdbQjTGxeAX5qt1e2LtTwdU
+gAxpYnYPz9CFCcIpa0j9UejlGninXasQvhpdwytBLk0CQQDXm/2kKh9BuWzemIu/
+QcLSgc7VrGgZnGQ27fp3bXDSOV3Bev9VywLQ5VDBJcRSkMTC0V/+iHZbMl9EpwHN
+8ZdDAkBJHtAZ8PrMFjvVQnrG/5AUsdYeAONfl4sAKc9/D+w8JGfoUMjG4WLMALe2
+UbjrP5kJnXfcaUI6gmCdgzN7iqWZAkAvJbpKOrfJDH4lEuCEOyIaHC6ZhPDioNM9
+O77ofLMOFWNOGtJY9WKxQWPuSI7sqyGLpHNEWpzfBl3UylxXp3u3AkEAzCzGUMfM
+0qw/TFlVLzCHhrkP13SrJohdD693w9nuhYM2u27R32qJlF1OvN9NxEV7ZoOSGJxi
+CGTjWcXUGgYQgQ==
+-----END PRIVATE KEY-----
diff --git a/tests/rsa.priv2.pem b/tests/rsa.priv2.pem
index e2b93a1..013ab5e 100644
--- a/tests/rsa.priv2.pem
+++ b/tests/rsa.priv2.pem
@@ -1,15 +1,17 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,244DDAFE6F991A53
-
-h1/NnMxq2ku9UkBG2tfM7hCFWmOvwMbVQBYgS4jLm3ENvWRgkm7pCqjCug99Uo5o
-r+NhzqyvSBH+eX3ojVAfpMxkL0TIjMrogRq2TD75v6hTGu/fd4Yrw7vZaKRbLzoh
-rG6m7zdbiQwNyh0bTbbo3WmQ07FXkXrDqihLaZTJOvHNLS1lKwRjIS0MqtyhOfPj
-NNwuNEs6AFz4k6UxNMRXhyU2SXn5SOgZZB12SCIsYA034rwKFKqNRoneaLSlhtut
-1z/BlJaLiZDHJmtxtgz5h3Ss9fQ9J0pLnybx+EM70TPM3hz47/8cQiEYIVg7+QFW
-jNYaGIA6IOcyB7fwX5e/zFy5yXAsmuIw/iP0sYa29hdUG++T8Mp2knrBBwQO77OS
-WRz219dMQQRyyn2jpN5x23AZyz4gHj4YKMm3KO06Y2k=
------END RSA PRIVATE KEY-----
-
-This is the same key as rsa.priv.pem. Passphrase is 'qwerty'.
-
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIq+j6kBSOkTkCAggA
+MBQGCCqGSIb3DQMHBAin1qbPaI3dAQSCAoAwb9BTWY6+o9GAZk9ZUJHAHL0Yb7C/
+Hkm8Kh+YBqIEHbTzzSzIO3pFFnLrLLSVbWuYX3bBJRDSUfmV9JaZu0YYJ/TzBtb5
+epgD+sZ83E11NM0L3rJTI9GOUm8b9U15N94X+gnQj0JSK8Ex0dJpJ3rwHPd1zAOe
+0SjXViOCCuHeu4Mnz3P9B42FR5C/53GLkqtSZCsznSBsbPGZ/mb6eEGjgYtxFm15
+17Px7ezDjjr5knBozYua3OehCfI6lN1W+yyTvHGF4lpWkm7Pj24uHHh6yagFQuvB
+RgE8eFLLPLBBa3kHWTn6hAPL4pfPIaPiDtX69IshSv2LVcbUPp6pTkji7mo3EFpN
+Jigd3msMCf6w5Wh4I2k8Hb6eSkfsModIru05xq0fuTYi1nTh2l/M3FEGeOuBmpbD
+AYzpT6J1+373rshkdqmv1C/REsnnrACGwbM7JN6K3sKnJZesI3iiHY5tnumypyv3
+f7wMaRcIq0QOi/WUIKzU0B4f9WxgjDuFwWyYlEBl2IYZ8wxD0P2s968puc7RRwrc
+11Tn0a993122gBAHaa24iAW2ig2hGktLtxY1EvY6Sfd/migu2iVA6bwdVz68kKBj
+tYfJQEoMGJhR+NqSDYvgJYgoNljOIf6Wq++L9/zqgtYkiL7xRLqSvths2NWaxGmc
+RvjWFeq2sTiVXFn36jzO9YfJ4BFqgt5UoBRSw8jYQwm+W5TUhgWGQxQTTrCUs/36
+5oQXOwpRol+ivO/VtMdDShg6sKHEjQ/FhHqNpPccVLg/g81HbJyfmEmeqYu6rtOd
+xBe9lVFW+86wObsYl1WCHYUQuBUlPv+uEDLqC92/6zLdCtDYYRYvdLF8
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/rsa.pub.pem b/tests/rsa.pub.pem
index 42379aa..e4f13e0 100644
--- a/tests/rsa.pub.pem
+++ b/tests/rsa.pub.pem
@@ -1,4 +1,6 @@
-----BEGIN PUBLIC KEY-----
-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANQNY7RD9BarYRsmMazM1hd7a+u3QeMP
-FZQ7Ic+BmmeWHvvVP4Yjyu1t6vAut7mKkaDeKbT3yiGVUgAEUaWMXqECAwEAAQ==
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNZSEV2mi1YM5b1hdkujjBSbHx
+vnKGS8fas5jW9oCuqo8hmu9R3mi7xZkBb+tHT46bmhj7NroS/PIXDSQAoRog/C8T
+aVVtBBMPkUR+vwgZQxrio5Emj8/M86RIUmav8hm9BeM2mrtRyDZ8KK2D8kV1skVM
+36RAf+5sfPxVA9uJJwIDAQAB
-----END PUBLIC KEY-----
diff --git a/tests/test_bio.py b/tests/test_bio.py
index 56c3da8..1d7b0c3 100644
--- a/tests/test_bio.py
+++ b/tests/test_bio.py
@@ -12,6 +12,8 @@ Author: Heikki Toivonen
import unittest
from M2Crypto import BIO, Rand
+from fips import fips_mode
+
class CipherStreamTestCase(unittest.TestCase):
def try_algo(self, algo):
enc = 1
@@ -43,17 +45,20 @@ class CipherStreamTestCase(unittest.TestCase):
assert data == data2, '%s algorithm cipher test failed' % algo
def test_ciphers(self):
- ciphers=['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb',\
- #'idea_ecb', 'idea_cbc', 'idea_cfb', 'idea_ofb',\
- 'cast5_ecb', 'cast5_cbc', 'cast5_cfb', 'cast5_ofb',\
- #'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb',\
- 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb',\
- 'des_ede_ecb', 'des_ede_cbc', 'des_ede_cfb', 'des_ede_ofb',\
- 'des_ede3_ecb', 'des_ede3_cbc', 'des_ede3_cfb', 'des_ede3_ofb',\
- 'aes_128_ecb', 'aes_128_cbc', 'aes_128_cfb', 'aes_128_ofb',\
- 'aes_192_ecb', 'aes_192_cbc', 'aes_192_cfb', 'aes_192_ofb',\
- 'aes_256_ecb', 'aes_256_cbc', 'aes_256_cfb', 'aes_256_ofb',\
- 'rc4', 'rc2_40_cbc']
+ ciphers=[
+ 'des_ede_ecb', 'des_ede_cbc', 'des_ede_cfb', 'des_ede_ofb',
+ 'des_ede3_ecb', 'des_ede3_cbc', 'des_ede3_cfb', 'des_ede3_ofb',
+ 'aes_128_ecb', 'aes_128_cbc', 'aes_128_cfb', 'aes_128_ofb',
+ 'aes_192_ecb', 'aes_192_cbc', 'aes_192_cfb', 'aes_192_ofb',
+ 'aes_256_ecb', 'aes_256_cbc', 'aes_256_cfb', 'aes_256_ofb']
+ nonfips_ciphers=['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb',
+ #'idea_ecb', 'idea_cbc', 'idea_cfb', 'idea_ofb',
+ 'cast5_ecb', 'cast5_cbc', 'cast5_cfb', 'cast5_ofb',
+ #'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb',
+ 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb',
+ 'rc4', 'rc2_40_cbc']
+ if not fips_mode: # Forbidden ciphers
+ ciphers += nonfips_ciphers
for i in ciphers:
self.try_algo(i)
diff --git a/tests/test_dh.py b/tests/test_dh.py
index fffbe94..0e66c89 100644
--- a/tests/test_dh.py
+++ b/tests/test_dh.py
@@ -21,19 +21,19 @@ class DHTestCase(unittest.TestCase):
self.assertRaises(TypeError, DH.DH, 'junk')
def test_gen_params(self):
- a = DH.gen_params(128, 2, self.genparam_callback)
+ a = DH.gen_params(1024, 2, self.genparam_callback)
assert a.check_params() == 0
def test_gen_params_bad_cb(self):
- a = DH.gen_params(128, 2, self.genparam_callback2)
+ a = DH.gen_params(1024, 2, self.genparam_callback2)
assert a.check_params() == 0
def test_print_params(self):
- a = DH.gen_params(128, 2, self.genparam_callback)
+ a = DH.gen_params(1024, 2, self.genparam_callback)
bio = BIO.MemoryBuffer()
a.print_params(bio)
params = bio.read()
- assert params.find('(128 bit)')
+ assert params.find('(1024 bit)')
assert params.find('generator: 2 (0x2)')
def test_load_params(self):
@@ -48,7 +48,7 @@ class DHTestCase(unittest.TestCase):
ak = a.compute_key(b.pub)
bk = b.compute_key(a.pub)
assert ak == bk
- self.assertEqual(len(a), 64)
+ self.assertEqual(len(a), 128)
self.assertRaises(DH.DHError, setattr, a, 'p', 1)
self.assertRaises(DH.DHError, setattr, a, 'priv', 1)
diff --git a/tests/test_dsa.py b/tests/test_dsa.py
index d2ad00e..7823f50 100644
--- a/tests/test_dsa.py
+++ b/tests/test_dsa.py
@@ -26,7 +26,7 @@ class DSATestCase(unittest.TestCase):
def test_loadkey(self):
dsa = DSA.load_key(self.privkey)
- assert len(dsa) == 512
+ assert len(dsa) == 1024
self.assertRaises(AttributeError, getattr, dsa, 'foobar')
for k in ('p', 'q', 'g', 'priv', 'pub'):
self.assertRaises(DSA.DSAError, setattr, dsa, k, 1)
@@ -35,7 +35,7 @@ class DSATestCase(unittest.TestCase):
self.assertRaises(DSA.DSAError, DSA.load_key, self.param)
dsa = DSA.load_params(self.param)
assert not dsa.check_key()
- assert len(dsa) == 512
+ assert len(dsa) == 1024
def test_sign(self):
dsa = DSA.load_key(self.privkey)
@@ -75,8 +75,8 @@ class DSATestCase(unittest.TestCase):
self.assertRaises(AssertionError, dsa2.verify, self.data, r, s)
def test_genparam_setparam_genkey(self):
- dsa = DSA.gen_params(256, self.callback)
- assert len(dsa) == 512
+ dsa = DSA.gen_params(1024, self.callback)
+ assert len(dsa) == 1024
p = dsa.p
q = dsa.q
g = dsa.g
diff --git a/tests/test_evp.py b/tests/test_evp.py
index c173dae..ba09092 100644
--- a/tests/test_evp.py
+++ b/tests/test_evp.py
@@ -13,6 +13,8 @@ from binascii import hexlify, unhexlify
from M2Crypto import EVP, RSA, util, Rand, m2, BIO
from M2Crypto.util import h2b
+from fips import fips_mode
+
class EVPTestCase(unittest.TestCase):
def _gen_callback(self, *args):
pass
@@ -21,7 +23,7 @@ class EVPTestCase(unittest.TestCase):
return 'foobar'
def _assign_rsa(self):
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
pkey = EVP.PKey()
pkey.assign_rsa(rsa, capture=0) # capture=1 should cause crash
return rsa
@@ -31,7 +33,7 @@ class EVPTestCase(unittest.TestCase):
rsa.check_key()
def test_pem(self):
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
pkey = EVP.PKey()
pkey.assign_rsa(rsa)
assert pkey.as_pem(callback=self._pass_callback) != pkey.as_pem(cipher=None)
@@ -43,12 +45,12 @@ class EVPTestCase(unittest.TestCase):
Test DER encoding the PKey instance after assigning
a RSA key to it.
"""
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
pkey = EVP.PKey()
pkey.assign_rsa(rsa)
der_blob = pkey.as_der()
#A quick but not thorough sanity check
- assert len(der_blob) == 92
+ assert len(der_blob) == 160
def test_MessageDigest(self):
@@ -62,25 +64,26 @@ class EVPTestCase(unittest.TestCase):
Test DER encoding the PKey instance after assigning
a RSA key to it. Have the PKey instance capture the RSA key.
"""
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
pkey = EVP.PKey()
pkey.assign_rsa(rsa, 1)
der_blob = pkey.as_der()
#A quick but not thorough sanity check
- assert len(der_blob) == 92
+ assert len(der_blob) == 160
def test_size(self):
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
pkey = EVP.PKey()
pkey.assign_rsa(rsa)
size = pkey.size()
- assert size == 64
+ assert size == 128
def test_hmac(self):
assert util.octx_to_num(EVP.hmac('key', 'data')) == 92800611269186718152770431077867383126636491933, util.octx_to_num(EVP.hmac('key', 'data'))
- assert util.octx_to_num(EVP.hmac('key', 'data', algo='md5')) == 209168838103121722341657216703105225176, util.octx_to_num(EVP.hmac('key', 'data', algo='md5'))
- assert util.octx_to_num(EVP.hmac('key', 'data', algo='ripemd160')) == 1176807136224664126629105846386432860355826868536, util.octx_to_num(EVP.hmac('key', 'data', algo='ripemd160'))
-
+ if not fips_mode: # Disabled algorithms
+ assert util.octx_to_num(EVP.hmac('key', 'data', algo='md5')) == 209168838103121722341657216703105225176, util.octx_to_num(EVP.hmac('key', 'data', algo='md5'))
+ assert util.octx_to_num(EVP.hmac('key', 'data', algo='ripemd160')) == 1176807136224664126629105846386432860355826868536, util.octx_to_num(EVP.hmac('key', 'data', algo='ripemd160'))
+
if m2.OPENSSL_VERSION_NUMBER >= 0x90800F:
assert util.octx_to_num(EVP.hmac('key', 'data', algo='sha224')) == 2660082265842109788381286338540662430962855478412025487066970872635, util.octx_to_num(EVP.hmac('key', 'data', algo='sha224'))
assert util.octx_to_num(EVP.hmac('key', 'data', algo='sha256')) == 36273358097036101702192658888336808701031275731906771612800928188662823394256, util.octx_to_num(EVP.hmac('key', 'data', algo='sha256'))
@@ -112,7 +115,7 @@ class EVPTestCase(unittest.TestCase):
digest = sha.sha(message).digest()
assert rsa.sign(digest) == rsa2.sign(digest)
- rsa3 = RSA.gen_key(512, 3, callback=self._gen_callback)
+ rsa3 = RSA.gen_key(1024, 3, callback=self._gen_callback)
assert rsa.sign(digest) != rsa3.sign(digest)
def test_get_rsa_fail(self):
@@ -209,15 +212,20 @@ class CipherTestCase(unittest.TestCase):
assert otxt == ptxt, '%s algorithm cipher test failed' % algo
def test_ciphers(self):
- ciphers=['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb',\
- 'cast5_ecb', 'cast5_cbc', 'cast5_cfb', 'cast5_ofb',\
- 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb',\
- 'des_ede_ecb', 'des_ede_cbc', 'des_ede_cfb', 'des_ede_ofb',\
- 'des_ede3_ecb', 'des_ede3_cbc', 'des_ede3_cfb', 'des_ede3_ofb',\
- 'aes_128_ecb', 'aes_128_cbc', 'aes_128_cfb', 'aes_128_ofb',\
- 'aes_192_ecb', 'aes_192_cbc', 'aes_192_cfb', 'aes_192_ofb',\
- 'aes_256_ecb', 'aes_256_cbc', 'aes_256_cfb', 'aes_256_ofb',\
- 'rc4', 'rc2_40_cbc']
+ ciphers=[
+ 'des_ede_ecb', 'des_ede_cbc', 'des_ede_cfb', 'des_ede_ofb',
+ 'des_ede3_ecb', 'des_ede3_cbc', 'des_ede3_cfb', 'des_ede3_ofb',
+ 'aes_128_ecb', 'aes_128_cbc', 'aes_128_cfb', 'aes_128_ofb',
+ 'aes_192_ecb', 'aes_192_cbc', 'aes_192_cfb', 'aes_192_ofb',
+ 'aes_256_ecb', 'aes_256_cbc', 'aes_256_cfb', 'aes_256_ofb']
+ nonfips_ciphers=['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb',
+ #'idea_ecb', 'idea_cbc', 'idea_cfb', 'idea_ofb',
+ 'cast5_ecb', 'cast5_cbc', 'cast5_cfb', 'cast5_ofb',
+ #'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb',
+ 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb',
+ 'rc4', 'rc2_40_cbc']
+ if not fips_mode: # Disabled algorithms
+ ciphers += nonfips_ciphers
for i in ciphers:
self.try_algo(i)
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index 30b4f30..e23a2fb 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -41,7 +41,7 @@ class RSATestCase(unittest.TestCase):
def test_loadkey_pp(self):
rsa = RSA.load_key(self.privkey2, self.pp_callback)
- assert len(rsa) == 512
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
assert rsa.check_key() == 1
@@ -50,28 +50,28 @@ class RSATestCase(unittest.TestCase):
def test_loadkey(self):
rsa = RSA.load_key(self.privkey)
- assert len(rsa) == 512
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
- self.assertEqual(rsa.n, '\x00\x00\x00A\x00\xd4\rc\xb4C\xf4\x16\xaba\x1b&1\xac\xcc\xd6\x17{k\xeb\xb7A\xe3\x0f\x15\x94;!\xcf\x81\x9ag\x96\x1e\xfb\xd5?\x86#\xca\xedm\xea\xf0.\xb7\xb9\x8a\x91\xa0\xde)\xb4\xf7\xca!\x95R\x00\x04Q\xa5\x8c^\xa1')
+ self.assertEqual(rsa.n, "\x00\x00\x00\x81\x00\xcde!\x15\xdah\xb5`\xce[\xd6\x17d\xba8\xc1I\xb1\xf1\xber\x86K\xc7\xda\xb3\x98\xd6\xf6\x80\xae\xaa\x8f!\x9a\xefQ\xdeh\xbb\xc5\x99\x01o\xebGO\x8e\x9b\x9a\x18\xfb6\xba\x12\xfc\xf2\x17\r$\x00\xa1\x1a \xfc/\x13iUm\x04\x13\x0f\x91D~\xbf\x08\x19C\x1a\xe2\xa3\x91&\x8f\xcf\xcc\xf3\xa4HRf\xaf\xf2\x19\xbd\x05\xe36\x9a\xbbQ\xc86|(\xad\x83\xf2Eu\xb2EL\xdf\xa4@\x7f\xeel|\xfcU\x03\xdb\x89'")
self.assertRaises(AttributeError, getattr, rsa, 'nosuchprop')
assert rsa.check_key() == 1
def test_loadkey_bio(self):
keybio = BIO.MemoryBuffer(open(self.privkey).read())
rsa = RSA.load_key_bio(keybio)
- assert len(rsa) == 512
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
assert rsa.check_key() == 1
def test_keygen(self):
- rsa = RSA.gen_key(512, 65537, self.gen_callback)
- assert len(rsa) == 512
+ rsa = RSA.gen_key(1024, 65537, self.gen_callback)
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
assert rsa.check_key() == 1
def test_keygen_bad_cb(self):
- rsa = RSA.gen_key(512, 65537, self.gen2_callback)
- assert len(rsa) == 512
+ rsa = RSA.gen_key(1024, 65537, self.gen2_callback)
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
assert rsa.check_key() == 1
@@ -113,7 +113,7 @@ class RSATestCase(unittest.TestCase):
def test_loadpub(self):
rsa = RSA.load_pub_key(self.pubkey)
- assert len(rsa) == 512
+ assert len(rsa) == 1024
assert rsa.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
self.assertRaises(RSA.RSAError, setattr, rsa, 'e', '\000\000\000\003\001\000\001')
self.assertRaises(RSA.RSAError, rsa.private_encrypt, 1)
@@ -144,7 +144,7 @@ class RSATestCase(unittest.TestCase):
old = RSA.load_pub_key(self.pubkey)
new = RSA.new_pub_key(old.pub())
assert new.check_key()
- assert len(new) == 512
+ assert len(new) == 1024
assert new.e == '\000\000\000\003\001\000\001' # aka 65537 aka 0xf4
def test_sign_and_verify(self):
@@ -242,7 +242,7 @@ class RSATestCase(unittest.TestCase):
"""
rsa = RSA.load_key(self.privkey)
digest = """This string should be long enough to warrant an error in
- RSA_sign"""
+ RSA_sign""" * 2
self.assertRaises(RSA.RSAError, rsa.sign, digest)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 658e8a6..84df258 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -20,6 +20,8 @@ Others:
import os, socket, string, sys, tempfile, thread, time, unittest
from M2Crypto import Rand, SSL, m2, Err
+from fips import fips_mode
+
srv_host = 'localhost'
srv_port = 64000
@@ -340,6 +342,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def test_tls1_nok(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
@@ -367,6 +371,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def test_sslv23_no_v2(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
@@ -379,6 +385,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_sslv23_no_v2_no_service(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
self.args = self.args + ['-no_tls1', '-no_ssl3']
pid = self.start_server(self.args)
try:
@@ -390,6 +398,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_sslv23_weak_crypto(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
self.args = self.args + ['-no_tls1', '-no_ssl3']
pid = self.start_server(self.args)
try:
@@ -402,12 +412,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_cipher_mismatch(self):
- self.args = self.args + ['-cipher', 'EXP-RC4-MD5']
+ self.args = self.args + ['-cipher', 'AES256-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
- s.set_cipher_list('EXP-RC2-CBC-MD5')
+ s.set_cipher_list('AES128-SHA')
try:
s.connect(self.srv_addr)
except SSL.SSLError, e:
@@ -417,7 +427,7 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_no_such_cipher(self):
- self.args = self.args + ['-cipher', 'EXP-RC4-MD5']
+ self.args = self.args + ['-cipher', 'AES128-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
@@ -432,6 +442,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_no_weak_cipher(self):
+ if fips_mode: # Weak ciphers are prohibited
+ return
self.args = self.args + ['-cipher', 'EXP']
pid = self.start_server(self.args)
try:
@@ -446,6 +458,8 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.stop_server(pid)
def test_use_weak_cipher(self):
+ if fips_mode: # Weak ciphers are prohibited
+ return
self.args = self.args + ['-cipher', 'EXP']
pid = self.start_server(self.args)
try:
@@ -459,30 +473,30 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def test_cipher_ok(self):
- self.args = self.args + ['-cipher', 'EXP-RC4-MD5']
+ self.args = self.args + ['-cipher', 'AES128-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
- s.set_cipher_list('EXP-RC4-MD5')
+ s.set_cipher_list('AES128-SHA')
s.connect(self.srv_addr)
data = self.http_get(s)
- assert s.get_cipher().name() == 'EXP-RC4-MD5', s.get_cipher().name()
+ assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name()
cipher_stack = s.get_ciphers()
- assert cipher_stack[0].name() == 'EXP-RC4-MD5', cipher_stack[0].name()
+ assert cipher_stack[0].name() == 'AES128-SHA', cipher_stack[0].name()
self.assertRaises(IndexError, cipher_stack.__getitem__, 2)
# For some reason there are 2 entries in the stack
#assert len(cipher_stack) == 1, len(cipher_stack)
- assert s.get_cipher_list() == 'EXP-RC4-MD5', s.get_cipher_list()
+ assert s.get_cipher_list() == 'AES128-SHA', s.get_cipher_list()
# Test Cipher_Stack iterator
i = 0
for cipher in cipher_stack:
i += 1
- assert cipher.name() == 'EXP-RC4-MD5', '"%s"' % cipher.name()
- self.assertEqual('EXP-RC4-MD5-40', str(cipher))
+ assert cipher.name() == 'AES128-SHA', '"%s"' % cipher.name()
+ self.assertEqual('AES128-SHA-128', str(cipher))
# For some reason there are 2 entries in the stack
#assert i == 1, i
self.assertEqual(i, len(cipher_stack))
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 3904741..49df9c4 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -36,7 +36,7 @@ class X509TestCase(unittest.TestCase):
extstack.push(ext2)
x.add_extensions(extstack)
self.assertRaises(ValueError, x.sign, pk, 'sha513')
- x.sign(pk,'md5')
+ x.sign(pk,'sha1')
assert x.verify(pk)
pk2 = x.get_pubkey()
assert x.verify(pk2)
@@ -148,7 +148,7 @@ class X509TestCase(unittest.TestCase):
self.assert_(n[10])
def test_mkreq(self):
- (req, _) = self.mkreq(512)
+ (req, _) = self.mkreq(1024)
req.save_pem('tests/tmp_request.pem')
req2 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
@@ -176,7 +176,7 @@ class X509TestCase(unittest.TestCase):
def test_mkcert(self):
- req, pk = self.mkreq(512)
+ req, pk = self.mkreq(1024)
pkey = req.get_pubkey()
assert(req.verify(pkey))
sub = req.get_subject()
@@ -229,7 +229,7 @@ class X509TestCase(unittest.TestCase):
self.assertRaises(AttributeError, cert.check_ca)
def mkcacert(self):
- req, pk = self.mkreq(512, ca=1)
+ req, pk = self.mkreq(1024, ca=1)
pkey = req.get_pubkey()
sub = req.get_subject()
cert = X509.X509()
@@ -272,7 +272,7 @@ class X509TestCase(unittest.TestCase):
def test_mkproxycert(self):
cacert, pk1, pkey = self.mkcacert()
- end_entity_cert_req, pk2 = self.mkreq(512)
+ end_entity_cert_req, pk2 = self.mkreq(1024)
end_entity_cert = self.make_eecert(cacert)
end_entity_cert.set_subject(end_entity_cert_req.get_subject())
end_entity_cert.set_pubkey(end_entity_cert_req.get_pubkey())
@@ -303,7 +303,7 @@ class X509TestCase(unittest.TestCase):
def make_proxycert(self, eecert):
proxycert = X509.X509()
pk2 = EVP.PKey()
- proxykey = RSA.gen_key(512, 65537, self.callback)
+ proxykey = RSA.gen_key(1024, 65537, self.callback)
pk2.assign_rsa(proxykey)
proxycert.set_pubkey(pk2)
proxycert.set_version(2)
View Lorry Controller Status