def hmac(self, request, key):
feature = request.param.__name__
if not mbedtls.has_feature({
"sha224": "sha256",
"sha384": "sha512"
}.get(feature, feature)):
return pytest.skip("requires %s support in mbedtls" % feature)
return request.param
def test_copy_and_update(self, algorithm, buffer):
copy = algorithm.copy()
algorithm.update(buffer)
copy.update(buffer)
assert algorithm.digest() == copy.digest()
assert algorithm.hexdigest() == copy.hexdigest()
def test_copy_and_update_nothing(self, algorithm, buffer):
copy = algorithm.copy()
algorithm.update(b"")
assert algorithm.digest() == copy.digest()
assert algorithm.hexdigest() == copy.hexdigest()
@pytest.mark.skipif(
not mbedtls.has_feature("md2"), reason="requires MD2 support in libmbedtls"
)
class TestHashMD2(_TestHash):
@pytest.fixture
def algorithm(self):
return hashlib.md2()
@pytest.fixture
def digest_size(self):
return 16
@pytest.fixture
def block_size(self):
return 16
import sys
import pytest
import mbedtls
import mbedtls.hkdf as _hkdf
import mbedtls.hmac as _hmac
@pytest.mark.skipif(
not mbedtls.has_feature("HKDF"),
reason="requires HKDF support in libmbedtls",
)
class TestHKDF:
@pytest.fixture(params=[0, 128])
def key(self, request, randbytes):
return randbytes(request.param)
@pytest.fixture(params=[
_hmac.md2,
_hmac.md4,
_hmac.md5,
_hmac.sha1,
_hmac.sha224,
_hmac.sha256,
_hmac.sha384,
_hmac.sha512,
_hmac.ripemd160,
])
def hmac(self, request, key):
feature = request.param.__name__
def _mode(mode):
return (mode if mbedtls.has_feature("cipher_mode_%s" % mode.name) else
pytest.skip("requires %s support in libmbedtls" % mode.name))
@pytest.fixture(params=[0, 1, 16, 256])
def ad(self, mode, randbytes, request):
return randbytes(request.param)
def test_encrypt_decrypt(self, cipher, data):
msg, tag = cipher.encrypt(data)
assert cipher.decrypt(msg, tag) == data
def test_decrypt_nothing_raises(self, cipher, data):
msg, tag = cipher.encrypt(data)
with pytest.raises(TLSError):
cipher.decrypt(b"", tag)
@pytest.mark.skipif(not mbedtls.has_feature("aes"),
reason="requires AES support in libmbedtls")
class _TestAESBase(_TestCipher):
@pytest.fixture(params=[mb.Mode.STREAM, mb.Mode.CHACHAPOLY])
def unsupported_mode(self, request):
return request.param
@pytest.fixture(params=[8, 15, 128])
def invalid_key_size(self, request):
return request.param
@pytest.fixture
def module(self):
return mb.AES
def test_copy_and_update(self, algorithm, buffer):
copy = algorithm.copy()
algorithm.update(buffer)
copy.update(buffer)
assert algorithm.digest() == copy.digest()
assert algorithm.hexdigest() == copy.hexdigest()
def test_copy_and_update_nothing(self, algorithm, buffer):
copy = algorithm.copy()
algorithm.update(b"")
assert algorithm.digest() == copy.digest()
assert algorithm.hexdigest() == copy.hexdigest()
@pytest.mark.skipif(not mbedtls.has_feature("md2"),
reason="requires MD2 support in libmbedtls")
class TestHashMD2(_TestHash):
@pytest.fixture
def algorithm(self):
return hashlib.md2()
@pytest.fixture
def digest_size(self):
return 16
@pytest.fixture
def block_size(self):
return 16
assert check_pair(cipher, other) is False # Test private half.
assert check_pair(other, cipher) is True # Test public half.
assert check_pair(other, other) is False
assert cipher != other
def test_import_private_key(self, cipher, key):
other = type(cipher).from_buffer(key)
assert other.export_key()
assert other.export_public_key()
assert check_pair(cipher, other) is True # Test private half.
assert check_pair(other, cipher) is True # Test public half.
assert check_pair(other, other) is True
assert cipher == other
@pytest.mark.skipif(not mbedtls.has_feature("rsa"),
reason="requires RSA support in libmbedtls")
class TestRSA(_TestCipherBase):
@pytest.fixture
def cipher(self):
return RSA()
@pytest.fixture
def key(self, cipher):
key_size = 1024
return cipher.generate(key_size)
@pytest.mark.usefixtures("key")
def test_encrypt_decrypt(self, cipher, randbytes):
msg = randbytes(cipher.key_size - 11)
assert cipher.decrypt(cipher.encrypt(msg)) == msg
with pytest.raises(ValueError):
cipher.encrypt(data)
assert cipher.decrypt(*cipher.encrypt(data)) == data
def test_encrypt_decrypt(self, cipher, data):
msg, tag = cipher.encrypt(data)
assert cipher.decrypt(msg, tag) == data
def test_decrypt_nothing_raises(self, cipher, data):
msg, tag = cipher.encrypt(data)
with pytest.raises(TLSError):
cipher.decrypt(b"", tag)
@pytest.mark.skipif(
not mbedtls.has_feature("aes"), reason="requires AES support in libmbedtls"
)
class _TestAESBase(_TestCipher):
@pytest.fixture(params=[mb.Mode.STREAM, mb.Mode.CHACHAPOLY])
def unsupported_mode(self, request):
return request.param
@pytest.fixture(params=[8, 15, 128])
def invalid_key_size(self, request):
return request.param
@pytest.fixture
def module(self):
return mb.AES