summaryrefslogtreecommitdiff
path: root/tests/test_evp.py
diff options
context:
space:
mode:
authorMatěj Cepl <mcepl@cepl.eu>2016-04-06 19:19:32 +0200
committerMatěj Cepl <mcepl@cepl.eu>2016-05-20 21:39:28 +0200
commit23fa6e442175b4ad2b3621f859ef73271d56c5f5 (patch)
treebf0ac3e1986ca1a9a3bcf7bdf792ace7526bd5fa /tests/test_evp.py
parent092bf5c66d45a96776f5d85ea1a85302ab925d40 (diff)
downloadm2crypto-23fa6e442175b4ad2b3621f859ef73271d56c5f5.tar.gz
Fix EC tests
* add implementation of the function ec_get_builtin_curves. * including Python interface (EC.get_builtin_curves). * including test for EC.get_builtin_curves * we cannot name NIDs completely arbitrarily, because otherwise m2.obj_nid2sn and co. functions don't work. * use only EC curves which are available. * use hashlib instead of removed sha and use bytes type * fixes some helpers in util.py to deal with bytes (h2b, octx_to_num) * fixes strange behavior of switch in pkey_get_modulus, where return must be called on the end of each case chain * fix almost two tests, module and bytes/string issues * in EC.save_key and EC.save_pub_key prefer context managers to plain BIO.openfile to avoid memleaks.
Diffstat (limited to 'tests/test_evp.py')
-rw-r--r--tests/test_evp.py133
1 files changed, 69 insertions, 64 deletions
diff --git a/tests/test_evp.py b/tests/test_evp.py
index eb97d96..872f0a8 100644
--- a/tests/test_evp.py
+++ b/tests/test_evp.py
@@ -8,9 +8,9 @@ Copyright (c) 2004-2007 Open Source Applications Foundation
Author: Heikki Toivonen
"""
-import cStringIO
+import hashlib
+import io
import logging
-import sha
from M2Crypto import BIO, EVP, RSA, Rand, m2, six, util
@@ -112,45 +112,45 @@ class EVPTestCase(unittest.TestCase):
self.assertEqual(size, 128)
def test_hmac(self):
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data')),
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data')),
92800611269186718152770431077867383126636491933,
- util.octx_to_num(EVP.hmac('key', 'data')))
+ util.octx_to_num(EVP.hmac(b'key', b'data')))
if not fips_mode: # Disabled algorithms
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='md5')),
209168838103121722341657216703105225176,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='md5')))
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='ripemd160')),
1176807136224664126629105846386432860355826868536,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='ripemd160')))
if m2.OPENSSL_VERSION_NUMBER >= 0x90800F:
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha224')),
2660082265842109788381286338540662430962855478412025487066970872635,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha224')))
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha256')),
36273358097036101702192658888336808701031275731906771612800928188662823394256,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha256')))
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha384')),
30471069101236165765942696708481556386452105164815350204559050657318908408184002707969468421951222432574647369766282,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha384')))
- self.assertEqual(util.octx_to_num(EVP.hmac('key', 'data',
+ self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha512')),
3160730054100700080556942280820129108466291087966635156623014063982211353635774277148932854680195471287740489442390820077884317620321797003323909388868696,
- util.octx_to_num(EVP.hmac('key', 'data',
+ util.octx_to_num(EVP.hmac(b'key', b'data',
algo='sha512')))
with self.assertRaises(ValueError):
- EVP.hmac('key', 'data', algo='sha513')
+ EVP.hmac(b'key', b'data', algo='sha513')
@unittest.skipIf(six.PY3,
"test_get_rsa hangs under python3 and is not yet fixed")
@@ -166,14 +166,19 @@ class EVPTestCase(unittest.TestCase):
self.assertIsInstance(rsa2, RSA.RSA_pub)
self.assertEqual(rsa.e, rsa2.e)
self.assertEqual(rsa.n, rsa2.n)
+ # FIXME
+ # hanging call is
+ # m2.rsa_write_key(self.rsa, bio._ptr(), ciph, callback)s
+ # from RSA.py/save_key_bio
+
pem = rsa.as_pem(callback=self._pass_callback)
pem2 = rsa2.as_pem()
assert pem
assert pem2
self.assertNotEqual(pem, pem2)
- message = "This is the message string"
- digest = sha.sha(message).digest()
+ message = b'This is the message string'
+ digest = hashlib.sha1(message).digest()
self.assertEqual(rsa.sign(digest), rsa2.sign(digest))
rsa3 = RSA.gen_key(1024, 3, callback=self._gen_callback)
@@ -219,34 +224,34 @@ class EVPTestCase(unittest.TestCase):
pkey.assign_rsa(rsa)
mod = pkey.get_modulus()
self.assertGreater(len(mod), 0, mod)
- self.assertEqual(len(mod.strip('0123456789ABCDEF')), 0)
+ self.assertEqual(len(mod.strip(b'0123456789ABCDEF')), 0)
def test_verify_final(self):
from M2Crypto import X509
pkey = EVP.load_key('tests/signer_key.pem')
pkey.sign_init()
- pkey.sign_update('test message')
+ pkey.sign_update(b'test message')
sig = pkey.sign_final()
# OK
x509 = X509.load_cert('tests/signer.pem')
pubkey = x509.get_pubkey()
pubkey.verify_init()
- pubkey.verify_update('test message')
+ pubkey.verify_update(b'test message')
self.assertEqual(pubkey.verify_final(sig), 1)
# wrong cert
x509 = X509.load_cert('tests/x509.pem')
pubkey = x509.get_pubkey()
pubkey.verify_init()
- pubkey.verify_update('test message')
+ pubkey.verify_update(b'test message')
self.assertEqual(pubkey.verify_final(sig), 0)
# wrong message
x509 = X509.load_cert('tests/signer.pem')
pubkey = x509.get_pubkey()
pubkey.verify_init()
- pubkey.verify_update('test message not')
+ pubkey.verify_update(b'test message not')
self.assertEqual(pubkey.verify_final(sig), 0)
def test_load_bad(self):
@@ -255,7 +260,7 @@ class EVPTestCase(unittest.TestCase):
with self.assertRaises(EVP.EVPError):
EVP.load_key('tests/signer.pem') # not a key
with self.assertRaises(EVP.EVPError):
- EVP.load_key_bio(BIO.MemoryBuffer('no a key'))
+ EVP.load_key_bio(BIO.MemoryBuffer(b'no a key'))
def test_pad(self):
self.assertEqual(util.pkcs5_pad('Hello World'),
@@ -279,20 +284,20 @@ class CipherTestCase(unittest.TestCase):
def try_algo(self, algo):
enc = 1
dec = 0
- otxt = 'against stupidity the gods themselves contend in vain'
+ otxt = b'against stupidity the gods themselves contend in vain'
- k = EVP.Cipher(algo, 'goethe', '12345678', enc,
- 1, 'sha1', 'saltsalt', 5)
- pbuf = cStringIO.StringIO(otxt)
- cbuf = cStringIO.StringIO()
+ k = EVP.Cipher(algo, b'goethe', b'12345678', enc,
+ 1, 'sha1', b'saltsalt', 5)
+ pbuf = io.BytesIO(otxt)
+ cbuf = io.BytesIO()
ctxt = self.cipher_filter(k, pbuf, cbuf)
pbuf.close()
cbuf.close()
- j = EVP.Cipher(algo, 'goethe', '12345678', dec,
- 1, 'sha1', 'saltsalt', 5)
- pbuf = cStringIO.StringIO()
- cbuf = cStringIO.StringIO(ctxt)
+ j = EVP.Cipher(algo, b'goethe', b'12345678', dec,
+ 1, 'sha1', b'saltsalt', 5)
+ pbuf = io.BytesIO()
+ cbuf = io.BytesIO(ctxt)
ptxt = self.cipher_filter(j, cbuf, pbuf)
pbuf.close()
cbuf.close()
@@ -349,8 +354,8 @@ class CipherTestCase(unittest.TestCase):
{
'KEY': '06a9214036b8a15b512e03d534120006',
'IV': '3dafba429d9eb430b422da802c9fac41',
- 'PT': 'Single block msg',
- 'CT': 'e353779c1079aeb82708942dbe77181a',
+ 'PT': b'Single block msg',
+ 'CT': b'e353779c1079aeb82708942dbe77181a',
},
# Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC with
@@ -358,8 +363,8 @@ class CipherTestCase(unittest.TestCase):
{
'KEY': 'c286696d887c9aa0611bbb3e2025a45a',
'IV': '562e17996d093d28ddb3ba695a2e6f58',
- 'PT': unhexlify('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'),
- 'CT': 'd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1',
+ 'PT': unhexlify(b'000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'),
+ 'CT': b'd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1',
},
# Case #3: Encrypting 48 bytes (3 blocks) using AES-CBC with
@@ -367,8 +372,8 @@ class CipherTestCase(unittest.TestCase):
{
'KEY': '6c3ea0477630ce21a2ce334aa746c2cd',
'IV': 'c782dc4c098c66cbd9cd27d825682c81',
- 'PT': 'This is a 48-byte message (exactly 3 AES blocks)',
- 'CT': 'd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684',
+ 'PT': b'This is a 48-byte message (exactly 3 AES blocks)',
+ 'CT': b'd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684',
},
]
@@ -377,8 +382,8 @@ class CipherTestCase(unittest.TestCase):
# encrypt
k = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']),
iv=unhexlify(test['IV']), op=enc)
- pbuf = cStringIO.StringIO(test['PT'])
- cbuf = cStringIO.StringIO()
+ pbuf = io.BytesIO(test['PT'])
+ cbuf = io.BytesIO()
ciphertext = hexlify(self.cipher_filter(k, pbuf, cbuf))
cipherpadding = ciphertext[len(test['PT']) * 2:]
# Remove the padding from the end
@@ -390,8 +395,8 @@ class CipherTestCase(unittest.TestCase):
# decrypt
j = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']),
iv=unhexlify(test['IV']), op=dec)
- pbuf = cStringIO.StringIO()
- cbuf = cStringIO.StringIO(unhexlify(test['CT'] + cipherpadding))
+ pbuf = io.BytesIO()
+ cbuf = io.BytesIO(unhexlify(test['CT'] + cipherpadding))
plaintext = self.cipher_filter(j, cbuf, pbuf)
pbuf.close()
cbuf.close()
@@ -402,8 +407,8 @@ class CipherTestCase(unittest.TestCase):
# encrypt
k = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']),
iv=unhexlify(test['IV']), op=enc, padding=False)
- pbuf = cStringIO.StringIO(test['PT'])
- cbuf = cStringIO.StringIO()
+ pbuf = io.BytesIO(test['PT'])
+ cbuf = io.BytesIO()
ciphertext = hexlify(self.cipher_filter(k, pbuf, cbuf))
pbuf.close()
cbuf.close()
@@ -412,8 +417,8 @@ class CipherTestCase(unittest.TestCase):
# decrypt
j = EVP.Cipher(alg='aes_128_cbc', key=unhexlify(test['KEY']),
iv=unhexlify(test['IV']), op=dec, padding=False)
- pbuf = cStringIO.StringIO()
- cbuf = cStringIO.StringIO(unhexlify(test['CT']))
+ pbuf = io.BytesIO()
+ cbuf = io.BytesIO(unhexlify(test['CT']))
plaintext = self.cipher_filter(j, cbuf, pbuf)
pbuf.close()
cbuf.close()
@@ -469,8 +474,8 @@ class CipherTestCase(unittest.TestCase):
def decrypt(ciphertext, key, iv, alg='aes_256_cbc'):
cipher = EVP.Cipher(alg=alg, key=key, iv=iv, op=0)
- pbuf = cStringIO.StringIO()
- cbuf = cStringIO.StringIO(ciphertext)
+ pbuf = io.BytesIO()
+ cbuf = io.BytesIO(ciphertext)
plaintext = _cipherFilter(cipher, cbuf, pbuf)
pbuf.close()
cbuf.close()
@@ -493,20 +498,20 @@ class PBKDF2TestCase(unittest.TestCase):
def test_rfc3211_test_vectors(self):
from binascii import hexlify, unhexlify
- password = 'password'
+ password = b'password'
salt = unhexlify('12 34 56 78 78 56 34 12'.replace(' ', ''))
iter = 5
keylen = 8
ret = EVP.pbkdf2(password, salt, iter, keylen)
- self.assertEqual(hexlify(ret), 'D1 DA A7 86 15 F2 87 E6'.
+ self.assertEqual(hexlify(ret), b'D1 DA A7 86 15 F2 87 E6'.
replace(' ', '').lower())
- password = 'All n-entities must communicate with other n-entities via n-1 entiteeheehees'
+ password = b'All n-entities must communicate with other n-entities via n-1 entiteeheehees'
salt = unhexlify('12 34 56 78 78 56 34 12'.replace(' ', ''))
iter = 500
keylen = 16
ret = EVP.pbkdf2(password, salt, iter, keylen)
- self.assertEqual(hexlify(ret), '6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86'.replace(' ', '').lower())
+ self.assertEqual(hexlify(ret), b'6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86'.replace(b' ', b'').lower())
class HMACTestCase(unittest.TestCase):
@@ -550,35 +555,35 @@ class HMACTestCase(unittest.TestCase):
def make_chain_hmac(self, key, start, input, algo='sha1'):
from M2Crypto.EVP import hmac
chain = []
- digest = hmac(key, repr(start), algo)
+ digest = hmac(key, start, algo)
chain.append((digest, start))
for i in input:
- digest = hmac(digest, repr(i), algo)
+ digest = hmac(digest, i, algo)
chain.append((digest, i))
return chain
def verify_chain_hmac(self, key, start, chain, algo='sha1'):
from M2Crypto.EVP import hmac
- digest = hmac(key, repr(start), algo)
+ digest = hmac(key, start, algo)
c = chain[0]
if c[0] != digest or c[1] != start:
return 0
for d, v in chain[1:]:
- digest = hmac(digest, repr(v), algo)
+ digest = hmac(digest, v, algo)
if digest != d:
return 0
return 1
def verify_chain_HMAC(self, key, start, chain, algo='sha1'): # noqa
hmac = EVP.HMAC(key, algo)
- hmac.update(repr(start))
+ hmac.update(start)
digest = hmac.final()
c = chain[0]
if c[0] != digest or c[1] != start:
return 0
for d, v in chain[1:]:
hmac.reset(digest)
- hmac.update(repr(v))
+ hmac.update(v)
digest = hmac.final()
if digest != d:
return 0
@@ -587,11 +592,11 @@ class HMACTestCase(unittest.TestCase):
def test_complicated(self):
make_chain = self.make_chain_hmac
verify_chain = self.verify_chain_hmac
- key = 'numero uno'
- start = 'zeroth item'
- input = ['first item', 'go go go', 'fly fly fly']
+ key = b'numero uno'
+ start = b'zeroth item'
+ input = [b'first item', b'go go go', b'fly fly fly']
chain = make_chain(key, start, input)
- self.assertEqual(verify_chain('some key', start, chain), 0)
+ self.assertEqual(verify_chain(b'some key', start, chain), 0)
self.assertEqual(verify_chain(key, start, chain), 1)
View Lorry Controller Status