diff options
author | Matěj Cepl <mcepl@cepl.eu> | 2016-04-06 19:19:32 +0200 |
---|---|---|
committer | Matěj Cepl <mcepl@cepl.eu> | 2016-05-20 21:39:28 +0200 |
commit | 23fa6e442175b4ad2b3621f859ef73271d56c5f5 (patch) | |
tree | bf0ac3e1986ca1a9a3bcf7bdf792ace7526bd5fa /tests/test_evp.py | |
parent | 092bf5c66d45a96776f5d85ea1a85302ab925d40 (diff) | |
download | m2crypto-23fa6e442175b4ad2b3621f859ef73271d56c5f5.tar.gz |
Fix EC tests
* add implementation of the function ec_get_builtin_curves.
* including Python interface (EC.get_builtin_curves).
* including test for EC.get_builtin_curves
* we cannot name NIDs completely arbitrarily, because otherwise
m2.obj_nid2sn and co. functions don't work.
* use only EC curves which are available.
* use hashlib instead of removed sha and use bytes type
* fixes some helpers in util.py to deal with bytes (h2b, octx_to_num)
* fixes strange behavior of switch in pkey_get_modulus, where return
must be called on the end of each case chain
* fix almost two tests, module and bytes/string issues
* in EC.save_key and EC.save_pub_key prefer context managers to plain
BIO.openfile to avoid memleaks.
Diffstat (limited to 'tests/test_evp.py')
-rw-r--r-- | tests/test_evp.py | 133 |
1 files changed, 69 insertions, 64 deletions
diff --git a/tests/test_evp.py b/tests/test_evp.py index eb97d96..872f0a8 100644 --- a/tests/test_evp.py +++ b/tests/test_evp.py @@ -8,9 +8,9 @@ Copyright (c) 2004-2007 Open Source Applications Foundation Author: Heikki Toivonen """ -import cStringIO +import hashlib +import io import logging -import sha from M2Crypto import BIO, EVP, RSA, Rand, m2, six, util @@ -112,45 +112,45 @@ class EVPTestCase(unittest.TestCase): self.assertEqual(size, 128) def test_hmac(self): - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data')), + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data')), 92800611269186718152770431077867383126636491933, - util.octx_to_num(EVP.hmac('key', 'data'))) + util.octx_to_num(EVP.hmac(b'key', b'data'))) if not fips_mode: # Disabled algorithms - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='md5')), 209168838103121722341657216703105225176, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='md5'))) - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='ripemd160')), 1176807136224664126629105846386432860355826868536, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='ripemd160'))) if m2.OPENSSL_VERSION_NUMBER >= 0x90800F: - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha224')), 2660082265842109788381286338540662430962855478412025487066970872635, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha224'))) - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha256')), 36273358097036101702192658888336808701031275731906771612800928188662823394256, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha256'))) - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha384')), 30471069101236165765942696708481556386452105164815350204559050657318908408184002707969468421951222432574647369766282, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha384'))) - self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data', + self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha512')), 3160730054100700080556942280820129108466291087966635156623014063982211353635774277148932854680195471287740489442390820077884317620321797003323909388868696, - util.octx_to_num(EVP.hmac('key', 'data', + util.octx_to_num(EVP.hmac(b'key', b'data', algo='sha512'))) with self.assertRaises(ValueError): - EVP.hmac('key', 'data', algo='sha513') + EVP.hmac(b'key', b'data', algo='sha513') @unittest.skipIf(six.PY3, "test_get_rsa hangs under python3 and is not yet fixed") @@ -166,14 +166,19 @@ class EVPTestCase(unittest.TestCase): self.assertIsInstance(rsa2, RSA.RSA_pub) self.assertEqual(rsa.e, rsa2.e) self.assertEqual(rsa.n, rsa2.n) + # FIXME + # hanging call is + # m2.rsa_write_key(self.rsa, bio._ptr(), ciph, callback)s + # from RSA.py/save_key_bio + pem = rsa.as_pem(callback=self._pass_callback) pem2 = rsa2.as_pem() assert pem assert pem2 self.assertNotEqual(pem, pem2) - message = "This is the message string" - digest = sha.sha(message).digest() + message = b'This is the message string' + digest = hashlib.sha1(message).digest() self.assertEqual(rsa.sign(digest), rsa2.sign(digest)) rsa3 = RSA.gen_key(1024, 3, callback=self._gen_callback) @@ -219,34 +224,34 @@ class EVPTestCase(unittest.TestCase): pkey.assign_rsa(rsa) mod = pkey.get_modulus() self.assertGreater(len(mod), 0, mod) - self.assertEqual(len(mod.strip('0123456789ABCDEF')), 0) + self.assertEqual(len(mod.strip(b'0123456789ABCDEF')), 0) def test_verify_final(self): from M2Crypto import X509 pkey = EVP.load_key('tests/signer_key.pem') pkey.sign_init() - pkey.sign_update('test message') + pkey.sign_update(b'test message') sig = pkey.sign_final() # OK x509 = X509.load_cert('tests/signer.pem') pubkey = x509.get_pubkey() pubkey.verify_init() - pubkey.verify_update('test message') + pubkey.verify_update(b'test message') self.assertEqual(pubkey.verify_final(sig), 1) # wrong cert x509 = X509.load_cert('tests/x509.pem') pubkey = x509.get_pubkey() pubkey.verify_init() - pubkey.verify_update('test message') + pubkey.verify_update(b'test message') self.assertEqual(pubkey.verify_final(sig), 0) # wrong message x509 = X509.load_cert('tests/signer.pem') pubkey = x509.get_pubkey() pubkey.verify_init() - pubkey.verify_update('test message not') + pubkey.verify_update(b'test message not') self.assertEqual(pubkey.verify_final(sig), 0) def test_load_bad(self): @@ -255,7 +260,7 @@ class EVPTestCase(unittest.TestCase): with self.assertRaises(EVP.EVPError): EVP.load_key('tests/signer.pem') # not a key with self.assertRaises(EVP.EVPError): - EVP.load_key_bio(BIO.MemoryBuffer('no a key')) + EVP.load_key_bio(BIO.MemoryBuffer(b'no a key')) def test_pad(self): self.assertEqual(util.pkcs5_pad('Hello World'), @@ -279,20 +284,20 @@ class CipherTestCase(unittest.TestCase): def try_algo(self, algo): enc = 1 dec = 0 - otxt = 'against stupidity the gods themselves contend in vain' + otxt = b'against stupidity the gods themselves contend in vain' - k = EVP.Cipher(algo, 'goethe', '12345678', enc, - 1, 'sha1', 'saltsalt', 5) - pbuf = cStringIO.StringIO(otxt) - cbuf = cStringIO.StringIO() + k = EVP.Cipher(algo, b'goethe', b'12345678', enc, + 1, 'sha1', b'saltsalt', 5) + pbuf = io.BytesIO(otxt) + cbuf = io.BytesIO() ctxt = self.cipher_filter(k, pbuf, cbuf) pbuf.close() cbuf.close() - j = EVP.Cipher(algo, 'goethe', '12345678', dec, - 1, 'sha1', 'saltsalt', 5) - pbuf = cStringIO.StringIO() - cbuf = cStringIO.StringIO(ctxt) + j = EVP.Cipher(algo, b'goethe', b'12345678', dec, + 1, 'sha1', b'saltsalt', 5) + pbuf = io.BytesIO() + cbuf = io.BytesIO(ctxt) ptxt = self.cipher_filter(j, cbuf, pbuf) pbuf.close() cbuf.close() @@ -349,8 +354,8 @@ class CipherTestCase(unittest.TestCase): { 'KEY': '06a9214036b8a15b512e03d534120006', 'IV': '3dafba429d9eb430b422da802c9fac41', - 'PT': 'Single block msg', - 'CT': 'e353779c1079aeb82708942dbe77181a', + 'PT': b'Single block msg', + 'CT': b'e353779c1079aeb82708942dbe77181a', }, # Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC with @@ -358,8 +363,8 @@ class CipherTestCase(unittest.TestCase): { 'KEY': 'c286696d887c9aa0611bbb3e2025a45a', 'IV': '562e17996d093d28ddb3ba695a2e6f58', - 'PT': unhexlify('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'), - 'CT': 'd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1', + 'PT': unhexlify(b'000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'), + 'CT': b'd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1', }, # Case #3: Encrypting 48 bytes (3 blocks) using AES-CBC with @@ -367,8 +372,8 @@ class CipherTestCase(unittest.TestCase): { 'KEY': '6c3ea0477630ce21a2ce334aa746c2cd', 'IV': 'c782dc4c098c66cbd9cd27d825682c81', - 'PT': 'This is a 48-byte message (exactly 3 AES blocks)', - 'CT': 'd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684', + 'PT': b'This is a 48-byte message (exactly 3 AES blocks)', + 'CT': b'd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684', }, ] @@ -377,8 +382,8 @@ class CipherTestCase(unittest.TestCase): # encrypt k = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']), iv=unhexlify(test['IV']), op=enc) - pbuf = cStringIO.StringIO(test['PT']) - cbuf = cStringIO.StringIO() + pbuf = io.BytesIO(test['PT']) + cbuf = io.BytesIO() ciphertext = hexlify(self.cipher_filter(k, pbuf, cbuf)) cipherpadding = ciphertext[len(test['PT']) * 2:] # Remove the padding from the end @@ -390,8 +395,8 @@ class CipherTestCase(unittest.TestCase): # decrypt j = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']), iv=unhexlify(test['IV']), op=dec) - pbuf = cStringIO.StringIO() - cbuf = cStringIO.StringIO(unhexlify(test['CT'] + cipherpadding)) + pbuf = io.BytesIO() + cbuf = io.BytesIO(unhexlify(test['CT'] + cipherpadding)) plaintext = self.cipher_filter(j, cbuf, pbuf) pbuf.close() cbuf.close() @@ -402,8 +407,8 @@ class CipherTestCase(unittest.TestCase): # encrypt k = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']), iv=unhexlify(test['IV']), op=enc, padding=False) - pbuf = cStringIO.StringIO(test['PT']) - cbuf = cStringIO.StringIO() + pbuf = io.BytesIO(test['PT']) + cbuf = io.BytesIO() ciphertext = hexlify(self.cipher_filter(k, pbuf, cbuf)) pbuf.close() cbuf.close() @@ -412,8 +417,8 @@ class CipherTestCase(unittest.TestCase): # decrypt j = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']), iv=unhexlify(test['IV']), op=dec, padding=False) - pbuf = cStringIO.StringIO() - cbuf = cStringIO.StringIO(unhexlify(test['CT'])) + pbuf = io.BytesIO() + cbuf = io.BytesIO(unhexlify(test['CT'])) plaintext = self.cipher_filter(j, cbuf, pbuf) pbuf.close() cbuf.close() @@ -469,8 +474,8 @@ class CipherTestCase(unittest.TestCase): def decrypt(ciphertext, key, iv, alg='aes_256_cbc'): cipher = EVP.Cipher(alg=alg, key=key, iv=iv, op=0) - pbuf = cStringIO.StringIO() - cbuf = cStringIO.StringIO(ciphertext) + pbuf = io.BytesIO() + cbuf = io.BytesIO(ciphertext) plaintext = _cipherFilter(cipher, cbuf, pbuf) pbuf.close() cbuf.close() @@ -493,20 +498,20 @@ class PBKDF2TestCase(unittest.TestCase): def test_rfc3211_test_vectors(self): from binascii import hexlify, unhexlify - password = 'password' + password = b'password' salt = unhexlify('12 34 56 78 78 56 34 12'.replace(' ', '')) iter = 5 keylen = 8 ret = EVP.pbkdf2(password, salt, iter, keylen) - self.assertEqual(hexlify(ret), 'D1 DA A7 86 15 F2 87 E6'. + self.assertEqual(hexlify(ret), b'D1 DA A7 86 15 F2 87 E6'. replace(' ', '').lower()) - password = 'All n-entities must communicate with other n-entities via n-1 entiteeheehees' + password = b'All n-entities must communicate with other n-entities via n-1 entiteeheehees' salt = unhexlify('12 34 56 78 78 56 34 12'.replace(' ', '')) iter = 500 keylen = 16 ret = EVP.pbkdf2(password, salt, iter, keylen) - self.assertEqual(hexlify(ret), '6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86'.replace(' ', '').lower()) + self.assertEqual(hexlify(ret), b'6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86'.replace(b' ', b'').lower()) class HMACTestCase(unittest.TestCase): @@ -550,35 +555,35 @@ class HMACTestCase(unittest.TestCase): def make_chain_hmac(self, key, start, input, algo='sha1'): from M2Crypto.EVP import hmac chain = [] - digest = hmac(key, repr(start), algo) + digest = hmac(key, start, algo) chain.append((digest, start)) for i in input: - digest = hmac(digest, repr(i), algo) + digest = hmac(digest, i, algo) chain.append((digest, i)) return chain def verify_chain_hmac(self, key, start, chain, algo='sha1'): from M2Crypto.EVP import hmac - digest = hmac(key, repr(start), algo) + digest = hmac(key, start, algo) c = chain[0] if c[0] != digest or c[1] != start: return 0 for d, v in chain[1:]: - digest = hmac(digest, repr(v), algo) + digest = hmac(digest, v, algo) if digest != d: return 0 return 1 def verify_chain_HMAC(self, key, start, chain, algo='sha1'): # noqa hmac = EVP.HMAC(key, algo) - hmac.update(repr(start)) + hmac.update(start) digest = hmac.final() c = chain[0] if c[0] != digest or c[1] != start: return 0 for d, v in chain[1:]: hmac.reset(digest) - hmac.update(repr(v)) + hmac.update(v) digest = hmac.final() if digest != d: return 0 @@ -587,11 +592,11 @@ class HMACTestCase(unittest.TestCase): def test_complicated(self): make_chain = self.make_chain_hmac verify_chain = self.verify_chain_hmac - key = 'numero uno' - start = 'zeroth item' - input = ['first item', 'go go go', 'fly fly fly'] + key = b'numero uno' + start = b'zeroth item' + input = [b'first item', b'go go go', b'fly fly fly'] chain = make_chain(key, start, input) - self.assertEqual(verify_chain('some key', start, chain), 0) + self.assertEqual(verify_chain(b'some key', start, chain), 0) self.assertEqual(verify_chain(key, start, chain), 1) |