Update ssl_crypto submodule and propogate changes to TUF

This commit is contained in:
Vladimir Diaz 2016-11-16 11:08:22 -05:00
parent fe3aa99d59
commit 8da0d92f44
5 changed files with 150 additions and 226 deletions

View file

@ -65,10 +65,12 @@ def test_generate_rsa_key(self):
# Passing a bit value that is <2048 to generate() - should raise
# 'tuf.ssl_commons.exceptions.FormatError'.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.generate_rsa_key, 555)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.generate_rsa_key, 555)
# Passing a string instead of integer for a bit value.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.generate_rsa_key, 'bits')
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.generate_rsa_key, 'bits')
# NOTE if random bit value >=2048 (not 4096) is passed generate(bits)
# does not raise any errors and returns a valid key.
@ -97,20 +99,23 @@ def test_format_keyval_to_metadata(self):
FORMAT_ERROR_MSG)
# Supplying a 'bad' keyvalue.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.format_keyval_to_metadata,
'bad_keytype', keyvalue)
# Test for missing 'public' entry.
public = keyvalue['public']
del keyvalue['public']
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.format_keyval_to_metadata,
keytype, keyvalue)
keyvalue['public'] = public
# Test for missing 'private' entry.
private = keyvalue['private']
del keyvalue['private']
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.format_keyval_to_metadata,
keytype, keyvalue, private=True)
keyvalue['private'] = private
@ -128,7 +133,8 @@ def test_format_rsakey_from_pem(self):
self.assertEqual(rsa_key, KEYS.format_rsakey_from_pem(pem + '\n'))
# Supplying a 'bad_pem' argument.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_rsakey_from_pem, 'bad_pem')
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.format_rsakey_from_pem, 'bad_pem')
# Supplying an improperly formatted PEM.
# Strip the PEM header and footer.
@ -236,7 +242,8 @@ def test_verify_signature(self):
self.assertTrue(verified, "Incorrect signature.")
# Verifying the 'ed25519_signature' of 'DATA'.
verified = KEYS.verify_signature(self.ed25519key_dict, ed25519_signature, DATA)
verified = KEYS.verify_signature(self.ed25519key_dict, ed25519_signature,
DATA)
self.assertTrue(verified, "Incorrect signature.")
# Testing an invalid 'rsa_signature'. Same 'rsa_signature' is passed, with
@ -256,7 +263,8 @@ def test_verify_signature(self):
rsa_signature['method'] = 'Biff'
args = (self.rsakey_dict, rsa_signature, DATA)
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, KEYS.verify_signature, *args)
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError,
KEYS.verify_signature, *args)
# Passing incorrect number of arguments.
self.assertRaises(TypeError, KEYS.verify_signature)
@ -288,19 +296,22 @@ def test_create_rsa_encrypted_pem(self):
self.assertTrue(tuf.ssl_crypto.formats.PEMRSA_SCHEMA.matches(encrypted_pem))
# Try to import the encryped PEM file.
rsakey = KEYS.import_rsakey_from_encrypted_pem(encrypted_pem, passphrase)
rsakey = KEYS.import_rsakey_from_pem(encrypted_pem, passphrase)
self.assertTrue(tuf.ssl_crypto.formats.RSAKEY_SCHEMA.matches(rsakey))
# Test improperly formatted arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.create_rsa_encrypted_pem,
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.create_rsa_encrypted_pem,
8, passphrase)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.create_rsa_encrypted_pem,
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
KEYS.create_rsa_encrypted_pem,
private, 8)
# Test for missing required library.
KEYS._RSA_CRYPTO_LIBRARY = 'invalid'
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError, KEYS.create_rsa_encrypted_pem,
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError,
KEYS.create_rsa_encrypted_pem,
private, passphrase)
KEYS._RSA_CRYPTO_LIBRARY = 'pycrypto'
@ -329,7 +340,8 @@ def test_decrypt_key(self):
# Test for missing required library.
KEYS._GENERAL_CRYPTO_LIBRARY = 'invalid'
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError, KEYS.decrypt_key,
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError,
KEYS.decrypt_key,
encrypted_key, passphrase)
KEYS._GENERAL_CRYPTO_LIBRARY = 'pycrypto'

View file

@ -28,16 +28,14 @@
import unittest
import logging
import tuf
import tuf.log
import tuf.ssl_crypto.formats
import tuf.ssl_crypto.pyca_crypto_keys as crypto_keys
import tuf.ssl_commons.exceptions as ssl_commons_exceptions
import tuf.ssl_crypto.formats as ssl_crypto_formats
import tuf.ssl_crypto.pyca_crypto_keys as ssl_crypto_pyca_crypto_keys
logger = logging.getLogger('tuf.test_pyca_crypto_keys')
logger = logging.getLogger('ssl_crypto_test_pyca_crypto_keys')
public_rsa, private_rsa = crypto_keys.generate_rsa_public_and_private()
FORMAT_ERROR_MSG = 'tuf.ssl_commons.exceptions.FormatError raised.' + \
' Check object\'s format.'
public_rsa, private_rsa = ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private()
FORMAT_ERROR_MSG = 'ssl_commons_exceptions.FormatError raised. Check object\'s format.'
class TestPyca_crypto_keys(unittest.TestCase):
@ -46,20 +44,20 @@ def setUp(self):
def test_generate_rsa_public_and_private(self):
pub, priv = crypto_keys.generate_rsa_public_and_private()
pub, priv = ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private()
# Check format of 'pub' and 'priv'.
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
FORMAT_ERROR_MSG)
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
FORMAT_ERROR_MSG)
# Check for an invalid "bits" argument. bits >= 2048.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
crypto_keys.generate_rsa_public_and_private, 1024)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private, 1024)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
crypto_keys.generate_rsa_public_and_private, '2048')
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private, '2048')
@ -67,31 +65,31 @@ def test_create_rsa_signature(self):
global private_rsa
global public_rsa
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
signature, method = crypto_keys.create_rsa_signature(private_rsa, data)
signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa, data)
# Verify format of returned values.
self.assertNotEqual(None, signature)
self.assertEqual(None, tuf.ssl_crypto.formats.NAME_SCHEMA.check_match(method),
self.assertEqual(None, ssl_crypto_formats.NAME_SCHEMA.check_match(method),
FORMAT_ERROR_MSG)
self.assertEqual('RSASSA-PSS', method)
# Check for improperly formatted arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
crypto_keys.create_rsa_signature, 123, data)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pyca_crypto_keys.create_rsa_signature, 123, data)
self.assertRaises(ValueError,
crypto_keys.create_rsa_signature, '', data)
ssl_crypto_pyca_crypto_keys.create_rsa_signature, '', data)
# Check for invalid 'data'.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
crypto_keys.create_rsa_signature, private_rsa, '')
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pyca_crypto_keys.create_rsa_signature, private_rsa, '')
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
crypto_keys.create_rsa_signature, private_rsa, 123)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pyca_crypto_keys.create_rsa_signature, private_rsa, 123)
# Check for missing private key.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
crypto_keys.create_rsa_signature, public_rsa, data)
self.assertRaises(ssl_commons_exceptions.CryptoError,
ssl_crypto_pyca_crypto_keys.create_rsa_signature, public_rsa, data)
@ -99,119 +97,42 @@ def test_verify_rsa_signature(self):
global public_rsa
global private_rsa
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
signature, method = crypto_keys.create_rsa_signature(private_rsa, data)
signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa, data)
valid_signature = crypto_keys.verify_rsa_signature(signature, method, public_rsa,
valid_signature = ssl_crypto_pyca_crypto_keys.verify_rsa_signature(signature, method, public_rsa,
data)
self.assertEqual(True, valid_signature)
# Check for improperly formatted arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, 123, method,
public_rsa, data)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, signature,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, signature,
123, public_rsa, data)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, signature,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, signature,
method, 123, data)
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, 123, method,
public_rsa, data)
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, crypto_keys.verify_rsa_signature,
signature,
'invalid_method',
public_rsa, data)
self.assertRaises(ssl_commons_exceptions.UnknownMethodError,
ssl_crypto_pyca_crypto_keys.verify_rsa_signature,
signature,
'invalid_method',
public_rsa, data)
# Check for invalid 'signature', 'public_key', and 'data' arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature,
# Check for invalid 'signature' and 'data' arguments.
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature,
signature, method, public_rsa, 123)
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys.verify_rsa_signature,
signature, method, 'bad_key', data)
self.assertEqual(False, crypto_keys.verify_rsa_signature(signature, method,
self.assertEqual(False, ssl_crypto_pyca_crypto_keys.verify_rsa_signature(signature, method,
public_rsa, b'mismatched data'))
mismatched_signature, method = crypto_keys.create_rsa_signature(private_rsa,
mismatched_signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa,
b'mismatched data')
self.assertEqual(False, crypto_keys.verify_rsa_signature(mismatched_signature,
self.assertEqual(False, ssl_crypto_pyca_crypto_keys.verify_rsa_signature(mismatched_signature,
method, public_rsa, data))
def test__decrypt(self):
# Verify that invalid encrypted file is detected.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys._decrypt,
'bad encrypted file', 'password')
def test_encrypt_key(self):
# Normal case.
ed25519_key = {'keytype': 'ed25519',
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
'keyval': {'public': '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad',
'private': '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}}
crypto_keys.encrypt_key(ed25519_key, 'password')
# Verify that a key with a missing 'private' key is rejected.
del ed25519_key['keyval']['private']
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.encrypt_key,
ed25519_key, 'password')
def test__decrypt_key(self):
ed25519_key = {'keytype': 'ed25519',
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
'keyval': {'public': '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad',
'private': '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}}
encrypted_key = crypto_keys.encrypt_key(ed25519_key, 'password')
crypto_keys.encrypt_key(ed25519_key, 'password')
salt, iterations, hmac, iv, ciphertext = \
encrypted_key.split(crypto_keys._ENCRYPTION_DELIMITER)
encrypted_key_invalid_hmac = encrypted_key.replace(hmac, '123abc')
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys._decrypt,
encrypted_key_invalid_hmac, 'password')
def test_create_rsa_public_and_private_from_encrypted_pem(self):
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
crypto_keys.create_rsa_public_and_private_from_encrypted_pem,
'bad_encrypted_key', 'password')
def test_create_rsa_encrypted_pem(self):
global private_rsa
passphrase = 'password'
# Verify normal case.
encrypted_pem = crypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
self.assertTrue(tuf.ssl_crypto.formats.PEMRSA_SCHEMA.matches(encrypted_pem))
# Test for invalid arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.create_rsa_encrypted_pem,
1, passphrase)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.create_rsa_encrypted_pem,
private_rsa, 2)
self.assertRaises(TypeError, crypto_keys.create_rsa_encrypted_pem,
'', passphrase)
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys.create_rsa_encrypted_pem,
'bad_private_pem', passphrase)
# Run the unit tests.
if __name__ == '__main__':
unittest.main()

View file

@ -28,15 +28,14 @@
import unittest
import logging
import tuf
import tuf.log
import tuf.ssl_crypto.formats
import tuf.ssl_crypto.pycrypto_keys as pycrypto
import tuf.ssl_commons.exceptions as ssl_commons_exceptions
import tuf.ssl_crypto.formats as ssl_crypto_formats
import tuf.ssl_crypto.pycrypto_keys as ssl_crypto_pycrypto_keys
logger = logging.getLogger('tuf.test_pycrypto_keys')
logger = logging.getLogger('ssl_crypto_test_pycrypto_keys')
public_rsa, private_rsa = pycrypto.generate_rsa_public_and_private()
FORMAT_ERROR_MSG = 'tuf.ssl_commons.exceptions.FormatError raised. Check object\'s format.'
public_rsa, private_rsa = ssl_crypto_pycrypto_keys.generate_rsa_public_and_private()
FORMAT_ERROR_MSG = 'ssl_commons_exceptions.FormatError raised. Check object\'s format.'
class TestPycrypto_keys(unittest.TestCase):
@ -45,104 +44,95 @@ def setUp(self):
def test_generate_rsa_public_and_private(self):
pub, priv = pycrypto.generate_rsa_public_and_private()
pub, priv = ssl_crypto_pycrypto_keys.generate_rsa_public_and_private()
# Check format of 'pub' and 'priv'.
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
FORMAT_ERROR_MSG)
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
FORMAT_ERROR_MSG)
# Check for invalid bits argument. bit >= 2048 and a multiple of 256.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.generate_rsa_public_and_private, 1024)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, 1024)
self.assertRaises(ValueError,
pycrypto.generate_rsa_public_and_private, 2049)
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, 2049)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.generate_rsa_public_and_private, '2048')
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, '2048')
def test_create_rsa_signature(self):
global private_rsa
global public_rsa
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
signature, method = pycrypto.create_rsa_signature(private_rsa, data)
signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa, data)
# Verify format of returned values.
self.assertNotEqual(None, signature)
self.assertEqual(None, tuf.ssl_crypto.formats.NAME_SCHEMA.check_match(method),
self.assertEqual(None, ssl_crypto_formats.NAME_SCHEMA.check_match(method),
FORMAT_ERROR_MSG)
self.assertEqual('RSASSA-PSS', method)
# Check for improperly formatted arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_signature, 123, data)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_signature, 123, data)
self.assertRaises(ValueError,
pycrypto.create_rsa_signature, '', data)
ssl_crypto_pycrypto_keys.create_rsa_signature, '', data)
# Check for invalid 'data'.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_signature, private_rsa, '')
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_signature, private_rsa, '')
# create_rsa_signature should reject non-string data.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_signature, private_rsa, 123)
# Verify that a valid private key is needed.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
pycrypto.create_rsa_signature, 'bad_key', data)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_signature, private_rsa, 123)
# Check for missing private key.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
pycrypto.create_rsa_signature, public_rsa, data)
self.assertRaises(ssl_commons_exceptions.CryptoError,
ssl_crypto_pycrypto_keys.create_rsa_signature, public_rsa, data)
def test_verify_rsa_signature(self):
global public_rsa
global private_rsa
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
signature, method = pycrypto.create_rsa_signature(private_rsa, data)
signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa, data)
valid_signature = pycrypto.verify_rsa_signature(signature, method, public_rsa,
valid_signature = ssl_crypto_pycrypto_keys.verify_rsa_signature(signature, method, public_rsa,
data)
self.assertEqual(True, valid_signature)
# Check for improperly formatted arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
123, public_rsa, data)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
method, 123, data)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, 123, method,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, 123, method,
public_rsa, data)
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, pycrypto.verify_rsa_signature,
self.assertRaises(ssl_commons_exceptions.UnknownMethodError, ssl_crypto_pycrypto_keys.verify_rsa_signature,
signature,
'invalid_method',
public_rsa, data)
# Check for invalid signature and data.
# Verify_rsa_signature should reject non-string data.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
method, public_rsa, 123)
self.assertEqual(False, pycrypto.verify_rsa_signature(signature, method,
self.assertEqual(False, ssl_crypto_pycrypto_keys.verify_rsa_signature(signature, method,
public_rsa, b'mismatched data'))
mismatched_signature, method = pycrypto.create_rsa_signature(private_rsa,
mismatched_signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa,
b'mismatched data')
self.assertEqual(False, pycrypto.verify_rsa_signature(mismatched_signature,
self.assertEqual(False, ssl_crypto_pycrypto_keys.verify_rsa_signature(mismatched_signature,
method, public_rsa, data))
# Verify that a valid public key is needed.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, pycrypto.verify_rsa_signature,
signature, method, 'bad_public_key', data)
def test_create_rsa_encrypted_pem(self):
@ -151,54 +141,54 @@ def test_create_rsa_encrypted_pem(self):
passphrase = 'pw'
# Check format of 'public_rsa'.
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(public_rsa),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(public_rsa),
FORMAT_ERROR_MSG)
# Check format of 'passphrase'.
self.assertEqual(None, tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase),
self.assertEqual(None, ssl_crypto_formats.PASSWORD_SCHEMA.check_match(passphrase),
FORMAT_ERROR_MSG)
# Generate the encrypted PEM string of 'public_rsa'.
pem_rsakey = pycrypto.create_rsa_encrypted_pem(private_rsa, passphrase)
pem_rsakey = ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
# Check format of 'pem_rsakey'.
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pem_rsakey),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pem_rsakey),
FORMAT_ERROR_MSG)
# Check for invalid arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_encrypted_pem, 1, passphrase)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_encrypted_pem, private_rsa, ['pw'])
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, 1, passphrase)
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, private_rsa, ['pw'])
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, pycrypto.create_rsa_encrypted_pem,
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem,
'abc', passphrase)
self.assertRaises(TypeError, pycrypto.create_rsa_encrypted_pem, '', passphrase)
self.assertRaises(TypeError, ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, '', passphrase)
def test_create_rsa_public_and_private_from_encrypted_pem(self):
def test_create_rsa_public_and_private_from_pem(self):
global private_rsa
passphrase = 'pw'
# Generate the encrypted PEM string of 'private_rsa'.
pem_rsakey = pycrypto.create_rsa_encrypted_pem(private_rsa, passphrase)
pem_rsakey = ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
# Check format of 'passphrase'.
self.assertEqual(None, tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase),
self.assertEqual(None, ssl_crypto_formats.PASSWORD_SCHEMA.check_match(passphrase),
FORMAT_ERROR_MSG)
# Decrypt 'pem_rsakey' and verify the decrypted object is properly
# formatted.
public_decrypted, private_decrypted = \
pycrypto.create_rsa_public_and_private_from_encrypted_pem(pem_rsakey,
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem(pem_rsakey,
passphrase)
self.assertEqual(None,
tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(public_decrypted),
ssl_crypto_formats.PEMRSA_SCHEMA.check_match(public_decrypted),
FORMAT_ERROR_MSG)
self.assertEqual(None,
tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(private_decrypted),
ssl_crypto_formats.PEMRSA_SCHEMA.check_match(private_decrypted),
FORMAT_ERROR_MSG)
# Does 'public_decrypted' and 'private_decrypted' match the originals?
@ -206,31 +196,31 @@ def test_create_rsa_public_and_private_from_encrypted_pem(self):
self.assertEqual(private_rsa, private_decrypted)
# Attempt decryption of 'pem_rsakey' using an incorrect passphrase.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
self.assertRaises(ssl_commons_exceptions.CryptoError,
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
pem_rsakey, 'bad_pw')
# Check for non-encrypted PEM strings.
# create_rsa_public_and_private_from_encrypted_pem()
# returns a tuple of tuf.ssl_crypto.formats.PEMRSA_SCHEMA objects if the PEM formatted
# string is not actually encrypted but still a valid PEM string.
pub, priv = pycrypto.create_rsa_public_and_private_from_encrypted_pem(
# create_rsa_public_and_private_from_pem() returns a tuple of
# ssl_crypto_formats.PEMRSA_SCHEMA objects if the PEM formatted string is
# not actually encrypted but still a valid PEM string.
pub, priv = ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem(
private_rsa, passphrase)
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
FORMAT_ERROR_MSG)
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
FORMAT_ERROR_MSG)
# Check for invalid arguments.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
123, passphrase)
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
self.assertRaises(ssl_commons_exceptions.FormatError,
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
pem_rsakey, ['pw'])
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
self.assertRaises(ssl_commons_exceptions.CryptoError,
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
'invalid_pem', passphrase)
@ -245,11 +235,11 @@ def test_encrypt_key(self):
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
'keyval': {'public': public_rsa, 'private': private_rsa}}
encrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.encrypt_key(rsa_key, passphrase)
encrypted_rsa_key = ssl_crypto_pycrypto_keys.encrypt_key(rsa_key, passphrase)
# Test for invalid arguments.
rsa_key['keyval']['private'] = ''
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, tuf.ssl_crypto.pycrypto_keys.encrypt_key, rsa_key,
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.encrypt_key, rsa_key,
'passphrase')
@ -263,29 +253,29 @@ def test_decrypt_key(self):
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
'keyval': {'public': public_rsa, 'private': private_rsa}}
encrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.encrypt_key(rsa_key, passphrase).encode('utf-8')
encrypted_rsa_key = ssl_crypto_pycrypto_keys.encrypt_key(rsa_key, passphrase).encode('utf-8')
decrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.decrypt_key(encrypted_rsa_key, passphrase)
decrypted_rsa_key = ssl_crypto_pycrypto_keys.decrypt_key(encrypted_rsa_key, passphrase)
# Test for invalid arguments.
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key, b'bad',
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key, b'bad',
passphrase)
# Test for invalid encrypted content (i.e., invalid hmac and ciphertext.)
encryption_delimiter = tuf.ssl_crypto.pycrypto_keys._ENCRYPTION_DELIMITER
encryption_delimiter = ssl_crypto_pycrypto_keys._ENCRYPTION_DELIMITER
salt, iterations, hmac, iv, ciphertext = \
encrypted_rsa_key.decode('utf-8').split(encryption_delimiter)
# Set an invalid hmac. The decryption routine sould raise a tuf.ssl_commons.exceptions.CryptoError
# exception because 'hmac' does not match the hmac calculated by the
# decryption routine.
# Set an invalid hmac. The decryption routine sould raise a
# ssl_commons_exceptions.CryptoError exception because 'hmac' does not
# match the hmac calculated by the decryption routine.
bad_hmac = '12345abcd'
invalid_encrypted_rsa_key = \
salt + encryption_delimiter + iterations + encryption_delimiter + \
bad_hmac + encryption_delimiter + iv + encryption_delimiter + ciphertext
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key,
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key,
invalid_encrypted_rsa_key.encode('utf-8'), passphrase)
# Test for invalid 'ciphertext'
@ -294,18 +284,18 @@ def test_decrypt_key(self):
salt + encryption_delimiter + iterations + encryption_delimiter + \
hmac + encryption_delimiter + iv + encryption_delimiter + bad_ciphertext
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key,
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key,
invalid_encrypted_rsa_key.encode('utf-8'), passphrase)
def test__decrypt_key(self):
# Test for invalid arguments.
salt, iterations, derived_key = tuf.ssl_crypto.pycrypto_keys._generate_derived_key('pw')
salt, iterations, derived_key = ssl_crypto_pycrypto_keys._generate_derived_key('pw')
derived_key_information = {'salt': salt, 'derived_key': derived_key,
'iterations': iterations}
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys._encrypt,
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys._encrypt,
8, derived_key_information)

View file

@ -960,9 +960,10 @@ def import_rsa_privatekey_from_file(filepath, password=None):
with open(filepath, 'rb') as file_object:
encrypted_pem = file_object.read().decode('utf-8')
# Convert 'encrypted_pem' to 'tuf.ssl_crypto.formats.RSAKEY_SCHEMA' format. Raise
# 'tuf.ssl_commons.exceptions.CryptoError' if 'encrypted_pem' is invalid.
rsa_key = tuf.ssl_crypto.keys.import_rsakey_from_encrypted_pem(encrypted_pem, password)
# Convert 'encrypted_pem' to 'tuf.ssl_crypto.formats.RSAKEY_SCHEMA' format.
# Raise 'tuf.ssl_commons.exceptions.CryptoError' if 'encrypted_pem' is
# invalid.
rsa_key = tuf.ssl_crypto.keys.import_rsakey_from_pem(encrypted_pem, password)
return rsa_key

@ -1 +1 @@
Subproject commit 22461440fa4e0521bdf584490733a130ed02550f
Subproject commit ff19a508023cec859a3e2bc3a897030075743792