def test_ciphers(self):
backend = MultiBackend([
DummyHashBackend([]),
DummyCipherBackend([
(algorithms.AES, modes.CBC),
])
])
assert backend.cipher_supported(
algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16)
)
cipher = Cipher(
algorithms.AES(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
cipher.encryptor()
cipher.decryptor()
cipher = Cipher(
algorithms.Camellia(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
with pytest.raises(UnsupportedCipher):
cipher.encryptor()
with pytest.raises(UnsupportedCipher):
cipher.decryptor()
def test_ciphers(self):
backend = MultiBackend([
DummyHashBackend([]),
DummyCipherBackend([
(algorithms.AES, modes.CBC),
])
])
assert backend.cipher_supported(
algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16)
)
cipher = Cipher(
algorithms.AES(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
cipher.encryptor()
cipher.decryptor()
cipher = Cipher(
algorithms.Camellia(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
with pytest.raises(UnsupportedAlgorithm):
cipher.encryptor()
with pytest.raises(UnsupportedAlgorithm):
cipher.decryptor()
def test_ciphers(self):
backend = MultiBackend([
DummyHashBackend([]),
DummyCipherBackend([
(algorithms.AES, modes.CBC),
])
])
assert backend.cipher_supported(
algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16)
)
cipher = Cipher(
algorithms.AES(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
cipher.encryptor()
cipher.decryptor()
cipher = Cipher(
algorithms.Camellia(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.decryptor()
def test_ciphers(self):
backend = MultiBackend([
DummyHashBackend([]),
DummyCipherBackend([
(algorithms.AES, modes.CBC),
])
])
assert backend.cipher_supported(
algorithms.AES(b"\x00" * 16), modes.CBC(b"\x00" * 16)
)
assert not backend.cipher_supported(
algorithms.TripleDES(b"\x00" * 16), modes.CBC(b"\x00" * 16)
)
cipher = Cipher(
algorithms.AES(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
cipher.encryptor()
cipher.decryptor()
cipher = Cipher(
algorithms.Camellia(b"\x00" * 16),
modes.CBC(b"\x00" * 16),
backend=backend
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.encryptor()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cipher.decryptor()
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
backend = MultiBackend([DummyHMACBackend([hashes.MD5])])
assert backend.hmac_supported(hashes.MD5())
hmac.HMAC(b"", hashes.MD5(), backend=backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_hashes(self):
backend = MultiBackend([DummyHashBackend([hashes.MD5])])
assert backend.hash_supported(hashes.MD5())
hashes.Hash(hashes.MD5(), backend=backend)
with pytest.raises(UnsupportedAlgorithm):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_der_serialization_backend(self):
backend = MultiBackend([DummyDERSerializationBackend()])
backend.load_der_private_key(b"keydata", None)
backend.load_der_public_key(b"keydata")
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_der_private_key(b"keydata", None)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_der_public_key(b"keydata")
def test_x509_backend(self):
backend = MultiBackend([DummyX509Backend()])
backend.load_pem_x509_certificate(b"certdata")
backend.load_der_x509_certificate(b"certdata")
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_certificate(b"certdata")
def test_cmac(self):
backend = MultiBackend([DummyCMACBackend([algorithms.AES])])
fake_key = b"\x00" * 16
assert backend.cmac_algorithm_supported(
algorithms.AES(fake_key)) is True
cmac.CMAC(algorithms.AES(fake_key), backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cmac.CMAC(algorithms.TripleDES(fake_key), backend)
def test_scrypt(self):
backend = MultiBackend([DummyScryptBackend()])
backend.derive_scrypt(b"key", b"salt", 1, 1, 1, 1)
backend = MultiBackend([DummyBackend])
with pytest.raises(UnsupportedAlgorithm):
backend.derive_scrypt(b"key", b"salt", 1, 1, 1, 1)
def test_dsa(self):
backend = MultiBackend([DummyDSABackend()])
backend.generate_dsa_parameters(key_size=1024)
parameters = object()
backend.generate_dsa_private_key(parameters)
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_parameters(key_size=1024)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_private_key(parameters)
def test_cmac(self):
backend = MultiBackend([
DummyCMACBackend([algorithms.AES])
])
fake_key = b"\x00" * 16
assert backend.cmac_algorithm_supported(
algorithms.AES(fake_key)) is True
cmac.CMAC(algorithms.AES(fake_key), backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
cmac.CMAC(algorithms.TripleDES(fake_key), backend)
def test_pkcs8_serialization_backend(self):
backend = MultiBackend([DummyPKCS8SerializationBackend()])
backend.load_pkcs8_pem_private_key(b"keydata", None)
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_pkcs8_pem_private_key(b"keydata", None)
def test_traditional_openssl_serialization_backend(self):
backend = MultiBackend([DummyTraditionalOpenSSLSerializationBackend()])
backend.load_traditional_openssl_pem_private_key(b"keydata", None)
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_traditional_openssl_pem_private_key(b"keydata", None)
def decrypt_sym(data, key, iv):
"""
Decrypt some data previously encrypted using AES-256 cipher in CTR mode.
:param data: The data to be decrypted.
:type data: str
:param key: The symmetric key used to decrypt data (must be 256 bits
long).
:type key: str
:param iv: The initialization vector.
:type iv: long
:return: The decrypted data.
:rtype: str
"""
soledad_assert_type(key, str)
# assert params
soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s (must be 256 bits long).' % len(key))
backend = MultiBackend([OpenSSLBackend()])
iv = binascii.a2b_base64(iv)
cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
decryptor = cipher.decryptor()
return decryptor.update(data) + decryptor.finalize()
def default_backend():
global _default_backend
if _default_backend is None:
_default_backend = MultiBackend(_available_backends())
return _default_backend
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with pytest.raises(UnsupportedAlgorithm):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with pytest.raises(UnsupportedAlgorithm):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_pkcs8_serialization_backend(self):
backend = MultiBackend([DummyPKCS8SerializationBackend()])
backend.load_pkcs8_pem_private_key(b"keydata", None)
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_pkcs8_pem_private_key(b"keydata", None)
def test_traditional_openssl_serialization_backend(self):
backend = MultiBackend([DummyTraditionalOpenSSLSerializationBackend()])
backend.load_traditional_openssl_pem_private_key(b"keydata", None)
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_traditional_openssl_pem_private_key(b"keydata", None)
def test_pbkdf2(self):
backend = MultiBackend([DummyPBKDF2HMACBackend([hashes.MD5])])
assert backend.pbkdf2_hmac_supported(hashes.MD5())
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_rsa(self):
backend = MultiBackend([
DummyRSABackend()
])
backend.generate_rsa_private_key(
key_size=1024, public_exponent=65537
)
backend = MultiBackend([])
with pytest.raises(UnsupportedAlgorithm):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
def test_deprecated_elliptic_curve(self):
backend = MultiBackend([DummyEllipticCurveBackend([ec.SECT283K1])])
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()), ec.SECT163K1()) is False
pub_numbers = ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1())
numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers)
pytest.deprecated_call(backend.elliptic_curve_private_key_from_numbers,
numbers)
pytest.deprecated_call(backend.elliptic_curve_public_key_from_numbers,
pub_numbers)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.elliptic_curve_private_key_from_numbers(
ec.EllipticCurvePrivateNumbers(
1, ec.EllipticCurvePublicNumbers(2, 3, ec.SECT163K1())))
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.elliptic_curve_public_key_from_numbers(
ec.EllipticCurvePublicNumbers(2, 3, ec.SECT163K1()))
def test_deprecated_elliptic_curve(self):
backend = MultiBackend([
DummyEllipticCurveBackend([
ec.SECT283K1
])
])
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()),
ec.SECT163K1()
) is False
pub_numbers = ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1())
numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers)
pytest.deprecated_call(
backend.elliptic_curve_private_key_from_numbers,
numbers
)
pytest.deprecated_call(
backend.elliptic_curve_public_key_from_numbers,
pub_numbers
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.elliptic_curve_private_key_from_numbers(
ec.EllipticCurvePrivateNumbers(
1,
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT163K1()
)
)
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.elliptic_curve_public_key_from_numbers(
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT163K1()
)
)
def encrypt_sym(data, key):
"""
Encrypt data using AES-256 cipher in CTR mode.
:param data: The data to be encrypted.
:type data: str
:param key: The key used to encrypt data (must be 256 bits long).
:type key: str
:return: A tuple with the initialization vector and the encrypted data.
:rtype: (long, str)
"""
soledad_assert_type(key, str)
soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s bits (must be 256 bits long).' % (len(key) * 8))
iv = os.urandom(16)
backend = MultiBackend([OpenSSLBackend()])
cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(data) + encryptor.finalize()
return binascii.b2a_base64(iv), ciphertext
def test_raises_error_with_empty_list(self):
with pytest.raises(ValueError):
MultiBackend([])
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Walk a message tree and generate documents that can be inserted in the backend
store.
"""
from email.parser import Parser
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.backends.openssl.backend import (Backend as
OpenSSLBackend)
from cryptography.hazmat.primitives import hashes
from leap.bitmask.mail.utils import first
crypto_backend = MultiBackend([OpenSSLBackend()])
_parser = Parser()
def get_tree(msg):
p = {}
p['ctype'] = msg.get_content_type()
p['headers'] = msg.items()
payload = msg.get_payload()
is_multi = msg.is_multipart()
if is_multi:
p['part_map'] = dict([(idx, get_tree(part))
for idx, part in enumerate(payload, 1)])
p['parts'] = len(payload)
def test_x509_backend(self):
backend = MultiBackend([DummyX509Backend()])
backend.load_pem_x509_certificate(b"certdata")
backend.load_der_x509_certificate(b"certdata")
backend.load_pem_x509_csr(b"reqdata")
backend.load_der_x509_csr(b"reqdata")
backend.create_x509_csr(object(), b"privatekey", hashes.SHA1())
backend.create_x509_certificate(object(), b"privatekey", hashes.SHA1())
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_csr(b"reqdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_csr(b"reqdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_csr(object(), b"privatekey", hashes.SHA1())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_certificate(
object(), b"privatekey", hashes.SHA1()
)
def test_dsa(self):
backend = MultiBackend([
DummyDSABackend()
])
backend.generate_dsa_parameters(key_size=1024)
parameters = object()
backend.generate_dsa_private_key(parameters)
backend.generate_dsa_private_key_and_parameters(key_size=1024)
backend.create_dsa_verification_ctx("public_key", "sig", hashes.SHA1())
backend.create_dsa_signature_ctx("private_key", hashes.SHA1())
backend.dsa_hash_supported(hashes.SHA1())
backend.dsa_parameters_supported(1, 2, 3)
backend.load_dsa_private_numbers("numbers")
backend.load_dsa_public_numbers("numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_dsa_parameters(key_size=1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_dsa_private_key(parameters)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_dsa_private_key_and_parameters(key_size=1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.create_dsa_signature_ctx("private_key", hashes.SHA1())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.create_dsa_verification_ctx(
"public_key", b"sig", hashes.SHA1()
)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.dsa_hash_supported(hashes.SHA1())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.dsa_parameters_supported('p', 'q', 'g')
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_dsa_private_numbers("numbers")
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_dsa_public_numbers("numbers")
def test_elliptic_curve(self):
backend = MultiBackend([DummyEllipticCurveBackend([ec.SECT283K1])])
assert backend.elliptic_curve_supported(ec.SECT283K1()) is True
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()), ec.SECT283K1()) is True
backend.generate_elliptic_curve_private_key(ec.SECT283K1())
backend.load_elliptic_curve_private_numbers(
ec.EllipticCurvePrivateNumbers(
1, ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1())))
backend.load_elliptic_curve_public_numbers(
ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1()))
assert backend.elliptic_curve_supported(ec.SECT163K1()) is False
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()), ec.SECT163K1()) is False
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.generate_elliptic_curve_private_key(ec.SECT163K1())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.load_elliptic_curve_private_numbers(
ec.EllipticCurvePrivateNumbers(
1, ec.EllipticCurvePublicNumbers(2, 3, ec.SECT163K1())))
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.load_elliptic_curve_public_numbers(
ec.EllipticCurvePublicNumbers(2, 3, ec.SECT163K1()))
def test_rsa(self):
backend = MultiBackend([DummyRSABackend()])
backend.generate_rsa_private_key(key_size=1024, public_exponent=65537)
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(), hashes.MD5())
backend.create_rsa_verification_ctx("public_key", "sig", padding.PKCS1v15(), hashes.MD5())
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(), hashes.MD5())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_verification_ctx("public_key", "sig", padding.PKCS1v15(), hashes.MD5())
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from cryptography.hazmat.backends import openssl
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.bindings.commoncrypto.binding import (
Binding as CommonCryptoBinding)
_ALL_BACKENDS = []
if CommonCryptoBinding.is_available():
from cryptography.hazmat.backends import commoncrypto
_ALL_BACKENDS.append(commoncrypto.backend)
_ALL_BACKENDS.append(openssl.backend)
_default_backend = MultiBackend(_ALL_BACKENDS)
def default_backend():
return _default_backend
def test_rsa(self):
backend = MultiBackend([DummyRSABackend()])
backend.generate_rsa_private_key(key_size=1024, public_exponent=65537)
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(), hashes.MD5())
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(),
hashes.MD5())
def test_dsa(self):
backend = MultiBackend([DummyDSABackend()])
backend.generate_dsa_parameters(key_size=1024)
parameters = object()
backend.generate_dsa_private_key(parameters)
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_parameters(key_size=1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_private_key(parameters)
def test_dh_backend(self):
backend = MultiBackend([DummyDHBackend()])
backend.generate_dh_parameters(2, 512)
backend.load_dh_parameter_numbers(object())
backend.generate_dh_private_key(object())
backend.load_dh_private_numbers(object())
backend.load_dh_public_numbers(object())
backend.generate_dh_private_key_and_parameters(2, 512)
backend.dh_parameters_supported(2, 3)
backend = MultiBackend([DummyBackend()])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.generate_dh_parameters(2, 512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.load_dh_parameter_numbers(object())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.generate_dh_private_key(object())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.load_dh_private_numbers(object())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.load_dh_public_numbers(object())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.generate_dh_private_key_and_parameters(2, 512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
backend.dh_parameters_supported(2, 3)
def patched_resource_filename(_, resource_name):
""" returns the resource name, related to the frozen executable, ignoring
the module name"""
return os.path.join(os.path.dirname(sys.executable), resource_name)
def cerify_patch():
""" patch to make certifi work, which then is used by requests """
return os.path.join(os.path.dirname(sys.executable), 'cacert.pem')
certifi.where = cerify_patch
certifi.core.where = cerify_patch
pkg_resources.resource_filename = patched_resource_filename
import cc.crypto
cc.crypto.default_backend = lambda: MultiBackend(
[cryptography.hazmat.backends.openssl.backend])
# set the working diretory to the cache dir
# (there are some funny modules writing files)
from cc.configuration.constants import CACHE_DIR
os.makedirs(CACHE_DIR, exist_ok=True)
os.chdir(CACHE_DIR)
if os.name == 'nt':
from cc.native.windows_explorer import register_quick_access as platform_start
elif sys.platform == 'darwin':
from cc.native.osx_finder import init_findersync as platform_start
else:
def platform_start():
def test_der_serialization_backend(self):
backend = MultiBackend([DummyDERSerializationBackend()])
backend.load_der_private_key(b"keydata", None)
backend.load_der_public_key(b"keydata")
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_der_private_key(b"keydata", None)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
backend.load_der_public_key(b"keydata")
def test_rsa(self):
backend = MultiBackend([
DummyRSABackend()
])
backend.generate_rsa_private_key(
key_size=1024, public_exponent=65537
)
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
backend = MultiBackend([])
with pytest.raises(UnsupportedAlgorithm):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with pytest.raises(UnsupportedAlgorithm):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
def test_dsa(self):
backend = MultiBackend([DummyDSABackend()])
backend.generate_dsa_parameters(key_size=1024)
parameters = object()
backend.generate_dsa_private_key(parameters)
backend.generate_dsa_private_key_and_parameters(key_size=1024)
backend.dsa_hash_supported(hashes.SHA1())
backend.dsa_parameters_supported(1, 2, 3)
backend.load_dsa_private_numbers("numbers")
backend.load_dsa_public_numbers("numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_parameters(key_size=1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_private_key(parameters)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_dsa_private_key_and_parameters(key_size=1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.dsa_hash_supported(hashes.SHA1())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.dsa_parameters_supported('p', 'q', 'g')
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.load_dsa_private_numbers("numbers")
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.load_dsa_public_numbers("numbers")
def test_elliptic_curve(self):
backend = MultiBackend([
DummyEllipticCurveBackend([
ec.SECT283K1
])
])
assert backend.elliptic_curve_supported(ec.SECT283K1()) is True
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()),
ec.SECT283K1()
) is True
backend.generate_elliptic_curve_private_key(ec.SECT283K1())
backend.load_elliptic_curve_private_numbers(
ec.EllipticCurvePrivateNumbers(
1,
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT283K1()
)
)
)
backend.load_elliptic_curve_public_numbers(
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT283K1()
)
)
assert backend.elliptic_curve_supported(ec.SECT163K1()) is False
assert backend.elliptic_curve_signature_algorithm_supported(
ec.ECDSA(hashes.SHA256()),
ec.SECT163K1()
) is False
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.generate_elliptic_curve_private_key(ec.SECT163K1())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.load_elliptic_curve_private_numbers(
ec.EllipticCurvePrivateNumbers(
1,
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT163K1()
)
)
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
backend.load_elliptic_curve_public_numbers(
ec.EllipticCurvePublicNumbers(
2,
3,
ec.SECT163K1()
)
)
def test_x509_backend(self):
backend = MultiBackend([DummyX509Backend()])
backend.load_pem_x509_certificate(b"certdata")
backend.load_der_x509_certificate(b"certdata")
backend.load_pem_x509_crl(b"crldata")
backend.load_der_x509_crl(b"crldata")
backend.load_pem_x509_csr(b"reqdata")
backend.load_der_x509_csr(b"reqdata")
backend.create_x509_csr(object(), b"privatekey", hashes.SHA1())
backend.create_x509_certificate(object(), b"privatekey", hashes.SHA1())
backend.create_x509_crl(object(), b"privatekey", hashes.SHA1())
backend.create_x509_revoked_certificate(object())
backend.x509_name_bytes(object())
backend = MultiBackend([DummyBackend()])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_crl(b"crldata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_crl(b"crldata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_csr(b"reqdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_csr(b"reqdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_csr(object(), b"privatekey", hashes.SHA1())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_certificate(
object(), b"privatekey", hashes.SHA1()
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_crl(
object(), b"privatekey", hashes.SHA1()
)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.create_x509_revoked_certificate(object())
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.x509_name_bytes(object())
def test_rsa(self):
backend = MultiBackend([
DummyRSABackend()
])
backend.generate_rsa_private_key(
key_size=1024, public_exponent=65537
)
backend.rsa_padding_supported(padding.PKCS1v15())
backend.generate_rsa_parameters_supported(65537, 1024)
backend.load_rsa_private_numbers("private_numbers")
backend.load_rsa_public_numbers("public_numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.rsa_padding_supported(padding.PKCS1v15())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_rsa_parameters_supported(65537, 1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_rsa_private_numbers("private_numbers")
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_rsa_public_numbers("public_numbers")
def test_rsa(self):
backend = MultiBackend([
DummyRSABackend()
])
backend.generate_rsa_private_key(
key_size=1024, public_exponent=65537
)
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
backend.create_rsa_verification_ctx("public_key", "sig",
padding.PKCS1v15(), hashes.MD5())
backend.mgf1_hash_supported(hashes.MD5())
backend.rsa_padding_supported(padding.PKCS1v15())
backend.generate_rsa_parameters_supported(65537, 1024)
backend.encrypt_rsa("public_key", "encryptme", padding.PKCS1v15())
backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15())
backend.load_rsa_private_numbers("private_numbers")
backend.load_rsa_public_numbers("public_numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.create_rsa_verification_ctx(
"public_key", "sig", padding.PKCS1v15(), hashes.MD5())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.mgf1_hash_supported(hashes.MD5())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.rsa_padding_supported(padding.PKCS1v15())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.generate_rsa_parameters_supported(65537, 1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.encrypt_rsa("public_key", "encryptme", padding.PKCS1v15())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_rsa_private_numbers("private_numbers")
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
backend.load_rsa_public_numbers("public_numbers")
def test_x509_backend(self):
backend = MultiBackend([DummyX509Backend()])
backend.load_pem_x509_certificate(b"certdata")
backend.load_der_x509_certificate(b"certdata")
backend.load_pem_x509_csr(b"reqdata")
backend.load_der_x509_csr(b"reqdata")
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_certificate(b"certdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_pem_x509_csr(b"reqdata")
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
backend.load_der_x509_csr(b"reqdata")
def test_rsa(self):
backend = MultiBackend([DummyRSABackend()])
backend.generate_rsa_private_key(key_size=1024, public_exponent=65537)
backend.rsa_padding_supported(padding.PKCS1v15())
backend.generate_rsa_parameters_supported(65537, 1024)
backend.load_rsa_private_numbers("private_numbers")
backend.load_rsa_public_numbers("public_numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.rsa_padding_supported(padding.PKCS1v15())
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.generate_rsa_parameters_supported(65537, 1024)
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.load_rsa_private_numbers("private_numbers")
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM):
backend.load_rsa_public_numbers("public_numbers")