mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Update ssl_crypto submodule and propogate changes to TUF
This commit is contained in:
parent
fe3aa99d59
commit
8da0d92f44
5 changed files with 150 additions and 226 deletions
|
|
@ -65,10 +65,12 @@ def test_generate_rsa_key(self):
|
|||
|
||||
# Passing a bit value that is <2048 to generate() - should raise
|
||||
# 'tuf.ssl_commons.exceptions.FormatError'.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.generate_rsa_key, 555)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.generate_rsa_key, 555)
|
||||
|
||||
# Passing a string instead of integer for a bit value.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.generate_rsa_key, 'bits')
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.generate_rsa_key, 'bits')
|
||||
|
||||
# NOTE if random bit value >=2048 (not 4096) is passed generate(bits)
|
||||
# does not raise any errors and returns a valid key.
|
||||
|
|
@ -97,20 +99,23 @@ def test_format_keyval_to_metadata(self):
|
|||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Supplying a 'bad' keyvalue.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.format_keyval_to_metadata,
|
||||
'bad_keytype', keyvalue)
|
||||
|
||||
# Test for missing 'public' entry.
|
||||
public = keyvalue['public']
|
||||
del keyvalue['public']
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.format_keyval_to_metadata,
|
||||
keytype, keyvalue)
|
||||
keyvalue['public'] = public
|
||||
|
||||
# Test for missing 'private' entry.
|
||||
private = keyvalue['private']
|
||||
del keyvalue['private']
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_keyval_to_metadata,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.format_keyval_to_metadata,
|
||||
keytype, keyvalue, private=True)
|
||||
keyvalue['private'] = private
|
||||
|
||||
|
|
@ -128,7 +133,8 @@ def test_format_rsakey_from_pem(self):
|
|||
self.assertEqual(rsa_key, KEYS.format_rsakey_from_pem(pem + '\n'))
|
||||
|
||||
# Supplying a 'bad_pem' argument.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.format_rsakey_from_pem, 'bad_pem')
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.format_rsakey_from_pem, 'bad_pem')
|
||||
|
||||
# Supplying an improperly formatted PEM.
|
||||
# Strip the PEM header and footer.
|
||||
|
|
@ -236,7 +242,8 @@ def test_verify_signature(self):
|
|||
self.assertTrue(verified, "Incorrect signature.")
|
||||
|
||||
# Verifying the 'ed25519_signature' of 'DATA'.
|
||||
verified = KEYS.verify_signature(self.ed25519key_dict, ed25519_signature, DATA)
|
||||
verified = KEYS.verify_signature(self.ed25519key_dict, ed25519_signature,
|
||||
DATA)
|
||||
self.assertTrue(verified, "Incorrect signature.")
|
||||
|
||||
# Testing an invalid 'rsa_signature'. Same 'rsa_signature' is passed, with
|
||||
|
|
@ -256,7 +263,8 @@ def test_verify_signature(self):
|
|||
rsa_signature['method'] = 'Biff'
|
||||
|
||||
args = (self.rsakey_dict, rsa_signature, DATA)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, KEYS.verify_signature, *args)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError,
|
||||
KEYS.verify_signature, *args)
|
||||
|
||||
# Passing incorrect number of arguments.
|
||||
self.assertRaises(TypeError, KEYS.verify_signature)
|
||||
|
|
@ -288,19 +296,22 @@ def test_create_rsa_encrypted_pem(self):
|
|||
self.assertTrue(tuf.ssl_crypto.formats.PEMRSA_SCHEMA.matches(encrypted_pem))
|
||||
|
||||
# Try to import the encryped PEM file.
|
||||
rsakey = KEYS.import_rsakey_from_encrypted_pem(encrypted_pem, passphrase)
|
||||
rsakey = KEYS.import_rsakey_from_pem(encrypted_pem, passphrase)
|
||||
self.assertTrue(tuf.ssl_crypto.formats.RSAKEY_SCHEMA.matches(rsakey))
|
||||
|
||||
# Test improperly formatted arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.create_rsa_encrypted_pem,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.create_rsa_encrypted_pem,
|
||||
8, passphrase)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, KEYS.create_rsa_encrypted_pem,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
KEYS.create_rsa_encrypted_pem,
|
||||
private, 8)
|
||||
|
||||
# Test for missing required library.
|
||||
KEYS._RSA_CRYPTO_LIBRARY = 'invalid'
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError, KEYS.create_rsa_encrypted_pem,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError,
|
||||
KEYS.create_rsa_encrypted_pem,
|
||||
private, passphrase)
|
||||
KEYS._RSA_CRYPTO_LIBRARY = 'pycrypto'
|
||||
|
||||
|
|
@ -329,7 +340,8 @@ def test_decrypt_key(self):
|
|||
|
||||
# Test for missing required library.
|
||||
KEYS._GENERAL_CRYPTO_LIBRARY = 'invalid'
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError, KEYS.decrypt_key,
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnsupportedLibraryError,
|
||||
KEYS.decrypt_key,
|
||||
encrypted_key, passphrase)
|
||||
KEYS._GENERAL_CRYPTO_LIBRARY = 'pycrypto'
|
||||
|
||||
|
|
|
|||
|
|
@ -28,16 +28,14 @@
|
|||
import unittest
|
||||
import logging
|
||||
|
||||
import tuf
|
||||
import tuf.log
|
||||
import tuf.ssl_crypto.formats
|
||||
import tuf.ssl_crypto.pyca_crypto_keys as crypto_keys
|
||||
import tuf.ssl_commons.exceptions as ssl_commons_exceptions
|
||||
import tuf.ssl_crypto.formats as ssl_crypto_formats
|
||||
import tuf.ssl_crypto.pyca_crypto_keys as ssl_crypto_pyca_crypto_keys
|
||||
|
||||
logger = logging.getLogger('tuf.test_pyca_crypto_keys')
|
||||
logger = logging.getLogger('ssl_crypto_test_pyca_crypto_keys')
|
||||
|
||||
public_rsa, private_rsa = crypto_keys.generate_rsa_public_and_private()
|
||||
FORMAT_ERROR_MSG = 'tuf.ssl_commons.exceptions.FormatError raised.' + \
|
||||
' Check object\'s format.'
|
||||
public_rsa, private_rsa = ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private()
|
||||
FORMAT_ERROR_MSG = 'ssl_commons_exceptions.FormatError raised. Check object\'s format.'
|
||||
|
||||
|
||||
class TestPyca_crypto_keys(unittest.TestCase):
|
||||
|
|
@ -46,20 +44,20 @@ def setUp(self):
|
|||
|
||||
|
||||
def test_generate_rsa_public_and_private(self):
|
||||
pub, priv = crypto_keys.generate_rsa_public_and_private()
|
||||
pub, priv = ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private()
|
||||
|
||||
# Check format of 'pub' and 'priv'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
FORMAT_ERROR_MSG)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check for an invalid "bits" argument. bits >= 2048.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
crypto_keys.generate_rsa_public_and_private, 1024)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private, 1024)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
crypto_keys.generate_rsa_public_and_private, '2048')
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pyca_crypto_keys.generate_rsa_public_and_private, '2048')
|
||||
|
||||
|
||||
|
||||
|
|
@ -67,31 +65,31 @@ def test_create_rsa_signature(self):
|
|||
global private_rsa
|
||||
global public_rsa
|
||||
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
|
||||
signature, method = crypto_keys.create_rsa_signature(private_rsa, data)
|
||||
signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa, data)
|
||||
|
||||
# Verify format of returned values.
|
||||
self.assertNotEqual(None, signature)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.NAME_SCHEMA.check_match(method),
|
||||
self.assertEqual(None, ssl_crypto_formats.NAME_SCHEMA.check_match(method),
|
||||
FORMAT_ERROR_MSG)
|
||||
self.assertEqual('RSASSA-PSS', method)
|
||||
|
||||
# Check for improperly formatted arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
crypto_keys.create_rsa_signature, 123, data)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pyca_crypto_keys.create_rsa_signature, 123, data)
|
||||
|
||||
self.assertRaises(ValueError,
|
||||
crypto_keys.create_rsa_signature, '', data)
|
||||
ssl_crypto_pyca_crypto_keys.create_rsa_signature, '', data)
|
||||
|
||||
# Check for invalid 'data'.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
crypto_keys.create_rsa_signature, private_rsa, '')
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pyca_crypto_keys.create_rsa_signature, private_rsa, '')
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
crypto_keys.create_rsa_signature, private_rsa, 123)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pyca_crypto_keys.create_rsa_signature, private_rsa, 123)
|
||||
|
||||
# Check for missing private key.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
crypto_keys.create_rsa_signature, public_rsa, data)
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError,
|
||||
ssl_crypto_pyca_crypto_keys.create_rsa_signature, public_rsa, data)
|
||||
|
||||
|
||||
|
||||
|
|
@ -99,119 +97,42 @@ def test_verify_rsa_signature(self):
|
|||
global public_rsa
|
||||
global private_rsa
|
||||
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
|
||||
signature, method = crypto_keys.create_rsa_signature(private_rsa, data)
|
||||
signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa, data)
|
||||
|
||||
valid_signature = crypto_keys.verify_rsa_signature(signature, method, public_rsa,
|
||||
valid_signature = ssl_crypto_pyca_crypto_keys.verify_rsa_signature(signature, method, public_rsa,
|
||||
data)
|
||||
self.assertEqual(True, valid_signature)
|
||||
|
||||
# Check for improperly formatted arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, 123, method,
|
||||
public_rsa, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, signature,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, signature,
|
||||
123, public_rsa, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature, signature,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, signature,
|
||||
method, 123, data)
|
||||
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature, 123, method,
|
||||
public_rsa, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, crypto_keys.verify_rsa_signature,
|
||||
signature,
|
||||
'invalid_method',
|
||||
public_rsa, data)
|
||||
self.assertRaises(ssl_commons_exceptions.UnknownMethodError,
|
||||
ssl_crypto_pyca_crypto_keys.verify_rsa_signature,
|
||||
signature,
|
||||
'invalid_method',
|
||||
public_rsa, data)
|
||||
|
||||
# Check for invalid 'signature', 'public_key', and 'data' arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.verify_rsa_signature,
|
||||
# Check for invalid 'signature' and 'data' arguments.
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pyca_crypto_keys.verify_rsa_signature,
|
||||
signature, method, public_rsa, 123)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys.verify_rsa_signature,
|
||||
signature, method, 'bad_key', data)
|
||||
|
||||
self.assertEqual(False, crypto_keys.verify_rsa_signature(signature, method,
|
||||
|
||||
self.assertEqual(False, ssl_crypto_pyca_crypto_keys.verify_rsa_signature(signature, method,
|
||||
public_rsa, b'mismatched data'))
|
||||
|
||||
mismatched_signature, method = crypto_keys.create_rsa_signature(private_rsa,
|
||||
mismatched_signature, method = ssl_crypto_pyca_crypto_keys.create_rsa_signature(private_rsa,
|
||||
b'mismatched data')
|
||||
|
||||
self.assertEqual(False, crypto_keys.verify_rsa_signature(mismatched_signature,
|
||||
self.assertEqual(False, ssl_crypto_pyca_crypto_keys.verify_rsa_signature(mismatched_signature,
|
||||
method, public_rsa, data))
|
||||
|
||||
|
||||
|
||||
def test__decrypt(self):
|
||||
# Verify that invalid encrypted file is detected.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys._decrypt,
|
||||
'bad encrypted file', 'password')
|
||||
|
||||
|
||||
|
||||
def test_encrypt_key(self):
|
||||
# Normal case.
|
||||
ed25519_key = {'keytype': 'ed25519',
|
||||
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
|
||||
'keyval': {'public': '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad',
|
||||
'private': '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}}
|
||||
|
||||
crypto_keys.encrypt_key(ed25519_key, 'password')
|
||||
|
||||
# Verify that a key with a missing 'private' key is rejected.
|
||||
del ed25519_key['keyval']['private']
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.encrypt_key,
|
||||
ed25519_key, 'password')
|
||||
|
||||
|
||||
|
||||
def test__decrypt_key(self):
|
||||
ed25519_key = {'keytype': 'ed25519',
|
||||
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
|
||||
'keyval': {'public': '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad',
|
||||
'private': '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}}
|
||||
|
||||
encrypted_key = crypto_keys.encrypt_key(ed25519_key, 'password')
|
||||
crypto_keys.encrypt_key(ed25519_key, 'password')
|
||||
|
||||
salt, iterations, hmac, iv, ciphertext = \
|
||||
encrypted_key.split(crypto_keys._ENCRYPTION_DELIMITER)
|
||||
|
||||
encrypted_key_invalid_hmac = encrypted_key.replace(hmac, '123abc')
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys._decrypt,
|
||||
encrypted_key_invalid_hmac, 'password')
|
||||
|
||||
|
||||
|
||||
def test_create_rsa_public_and_private_from_encrypted_pem(self):
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
crypto_keys.create_rsa_public_and_private_from_encrypted_pem,
|
||||
'bad_encrypted_key', 'password')
|
||||
|
||||
|
||||
|
||||
def test_create_rsa_encrypted_pem(self):
|
||||
global private_rsa
|
||||
passphrase = 'password'
|
||||
|
||||
# Verify normal case.
|
||||
encrypted_pem = crypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
|
||||
|
||||
self.assertTrue(tuf.ssl_crypto.formats.PEMRSA_SCHEMA.matches(encrypted_pem))
|
||||
|
||||
# Test for invalid arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.create_rsa_encrypted_pem,
|
||||
1, passphrase)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, crypto_keys.create_rsa_encrypted_pem,
|
||||
private_rsa, 2)
|
||||
|
||||
self.assertRaises(TypeError, crypto_keys.create_rsa_encrypted_pem,
|
||||
'', passphrase)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, crypto_keys.create_rsa_encrypted_pem,
|
||||
'bad_private_pem', passphrase)
|
||||
|
||||
|
||||
|
||||
|
||||
# Run the unit tests.
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
|
|
|
|||
|
|
@ -28,15 +28,14 @@
|
|||
import unittest
|
||||
import logging
|
||||
|
||||
import tuf
|
||||
import tuf.log
|
||||
import tuf.ssl_crypto.formats
|
||||
import tuf.ssl_crypto.pycrypto_keys as pycrypto
|
||||
import tuf.ssl_commons.exceptions as ssl_commons_exceptions
|
||||
import tuf.ssl_crypto.formats as ssl_crypto_formats
|
||||
import tuf.ssl_crypto.pycrypto_keys as ssl_crypto_pycrypto_keys
|
||||
|
||||
logger = logging.getLogger('tuf.test_pycrypto_keys')
|
||||
logger = logging.getLogger('ssl_crypto_test_pycrypto_keys')
|
||||
|
||||
public_rsa, private_rsa = pycrypto.generate_rsa_public_and_private()
|
||||
FORMAT_ERROR_MSG = 'tuf.ssl_commons.exceptions.FormatError raised. Check object\'s format.'
|
||||
public_rsa, private_rsa = ssl_crypto_pycrypto_keys.generate_rsa_public_and_private()
|
||||
FORMAT_ERROR_MSG = 'ssl_commons_exceptions.FormatError raised. Check object\'s format.'
|
||||
|
||||
|
||||
class TestPycrypto_keys(unittest.TestCase):
|
||||
|
|
@ -45,104 +44,95 @@ def setUp(self):
|
|||
|
||||
|
||||
def test_generate_rsa_public_and_private(self):
|
||||
pub, priv = pycrypto.generate_rsa_public_and_private()
|
||||
pub, priv = ssl_crypto_pycrypto_keys.generate_rsa_public_and_private()
|
||||
|
||||
# Check format of 'pub' and 'priv'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
FORMAT_ERROR_MSG)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check for invalid bits argument. bit >= 2048 and a multiple of 256.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.generate_rsa_public_and_private, 1024)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, 1024)
|
||||
|
||||
self.assertRaises(ValueError,
|
||||
pycrypto.generate_rsa_public_and_private, 2049)
|
||||
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, 2049)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.generate_rsa_public_and_private, '2048')
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.generate_rsa_public_and_private, '2048')
|
||||
|
||||
|
||||
def test_create_rsa_signature(self):
|
||||
global private_rsa
|
||||
global public_rsa
|
||||
|
||||
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
|
||||
signature, method = pycrypto.create_rsa_signature(private_rsa, data)
|
||||
signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa, data)
|
||||
|
||||
# Verify format of returned values.
|
||||
self.assertNotEqual(None, signature)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.NAME_SCHEMA.check_match(method),
|
||||
self.assertEqual(None, ssl_crypto_formats.NAME_SCHEMA.check_match(method),
|
||||
FORMAT_ERROR_MSG)
|
||||
self.assertEqual('RSASSA-PSS', method)
|
||||
|
||||
# Check for improperly formatted arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_signature, 123, data)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_signature, 123, data)
|
||||
|
||||
self.assertRaises(ValueError,
|
||||
pycrypto.create_rsa_signature, '', data)
|
||||
ssl_crypto_pycrypto_keys.create_rsa_signature, '', data)
|
||||
|
||||
# Check for invalid 'data'.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_signature, private_rsa, '')
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_signature, private_rsa, '')
|
||||
|
||||
# create_rsa_signature should reject non-string data.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_signature, private_rsa, 123)
|
||||
|
||||
# Verify that a valid private key is needed.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
pycrypto.create_rsa_signature, 'bad_key', data)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_signature, private_rsa, 123)
|
||||
|
||||
# Check for missing private key.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
pycrypto.create_rsa_signature, public_rsa, data)
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_signature, public_rsa, data)
|
||||
|
||||
|
||||
def test_verify_rsa_signature(self):
|
||||
global public_rsa
|
||||
global private_rsa
|
||||
data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8')
|
||||
signature, method = pycrypto.create_rsa_signature(private_rsa, data)
|
||||
signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa, data)
|
||||
|
||||
valid_signature = pycrypto.verify_rsa_signature(signature, method, public_rsa,
|
||||
valid_signature = ssl_crypto_pycrypto_keys.verify_rsa_signature(signature, method, public_rsa,
|
||||
data)
|
||||
self.assertEqual(True, valid_signature)
|
||||
|
||||
# Check for improperly formatted arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
|
||||
123, public_rsa, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
|
||||
method, 123, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, 123, method,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, 123, method,
|
||||
public_rsa, data)
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.UnknownMethodError, pycrypto.verify_rsa_signature,
|
||||
self.assertRaises(ssl_commons_exceptions.UnknownMethodError, ssl_crypto_pycrypto_keys.verify_rsa_signature,
|
||||
signature,
|
||||
'invalid_method',
|
||||
public_rsa, data)
|
||||
|
||||
|
||||
# Check for invalid signature and data.
|
||||
# Verify_rsa_signature should reject non-string data.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, pycrypto.verify_rsa_signature, signature,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.verify_rsa_signature, signature,
|
||||
method, public_rsa, 123)
|
||||
|
||||
self.assertEqual(False, pycrypto.verify_rsa_signature(signature, method,
|
||||
self.assertEqual(False, ssl_crypto_pycrypto_keys.verify_rsa_signature(signature, method,
|
||||
public_rsa, b'mismatched data'))
|
||||
|
||||
mismatched_signature, method = pycrypto.create_rsa_signature(private_rsa,
|
||||
mismatched_signature, method = ssl_crypto_pycrypto_keys.create_rsa_signature(private_rsa,
|
||||
b'mismatched data')
|
||||
|
||||
self.assertEqual(False, pycrypto.verify_rsa_signature(mismatched_signature,
|
||||
self.assertEqual(False, ssl_crypto_pycrypto_keys.verify_rsa_signature(mismatched_signature,
|
||||
method, public_rsa, data))
|
||||
|
||||
# Verify that a valid public key is needed.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, pycrypto.verify_rsa_signature,
|
||||
signature, method, 'bad_public_key', data)
|
||||
|
||||
|
||||
def test_create_rsa_encrypted_pem(self):
|
||||
|
|
@ -151,54 +141,54 @@ def test_create_rsa_encrypted_pem(self):
|
|||
passphrase = 'pw'
|
||||
|
||||
# Check format of 'public_rsa'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(public_rsa),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(public_rsa),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check format of 'passphrase'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
self.assertEqual(None, ssl_crypto_formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Generate the encrypted PEM string of 'public_rsa'.
|
||||
pem_rsakey = pycrypto.create_rsa_encrypted_pem(private_rsa, passphrase)
|
||||
pem_rsakey = ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
|
||||
|
||||
# Check format of 'pem_rsakey'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pem_rsakey),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pem_rsakey),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check for invalid arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_encrypted_pem, 1, passphrase)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_encrypted_pem, private_rsa, ['pw'])
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, 1, passphrase)
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, private_rsa, ['pw'])
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, pycrypto.create_rsa_encrypted_pem,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem,
|
||||
'abc', passphrase)
|
||||
self.assertRaises(TypeError, pycrypto.create_rsa_encrypted_pem, '', passphrase)
|
||||
self.assertRaises(TypeError, ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem, '', passphrase)
|
||||
|
||||
|
||||
|
||||
def test_create_rsa_public_and_private_from_encrypted_pem(self):
|
||||
def test_create_rsa_public_and_private_from_pem(self):
|
||||
global private_rsa
|
||||
passphrase = 'pw'
|
||||
|
||||
# Generate the encrypted PEM string of 'private_rsa'.
|
||||
pem_rsakey = pycrypto.create_rsa_encrypted_pem(private_rsa, passphrase)
|
||||
pem_rsakey = ssl_crypto_pycrypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
|
||||
|
||||
# Check format of 'passphrase'.
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
self.assertEqual(None, ssl_crypto_formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Decrypt 'pem_rsakey' and verify the decrypted object is properly
|
||||
# formatted.
|
||||
public_decrypted, private_decrypted = \
|
||||
pycrypto.create_rsa_public_and_private_from_encrypted_pem(pem_rsakey,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem(pem_rsakey,
|
||||
passphrase)
|
||||
self.assertEqual(None,
|
||||
tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(public_decrypted),
|
||||
ssl_crypto_formats.PEMRSA_SCHEMA.check_match(public_decrypted),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
self.assertEqual(None,
|
||||
tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(private_decrypted),
|
||||
ssl_crypto_formats.PEMRSA_SCHEMA.check_match(private_decrypted),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Does 'public_decrypted' and 'private_decrypted' match the originals?
|
||||
|
|
@ -206,31 +196,31 @@ def test_create_rsa_public_and_private_from_encrypted_pem(self):
|
|||
self.assertEqual(private_rsa, private_decrypted)
|
||||
|
||||
# Attempt decryption of 'pem_rsakey' using an incorrect passphrase.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
|
||||
pem_rsakey, 'bad_pw')
|
||||
|
||||
# Check for non-encrypted PEM strings.
|
||||
# create_rsa_public_and_private_from_encrypted_pem()
|
||||
# returns a tuple of tuf.ssl_crypto.formats.PEMRSA_SCHEMA objects if the PEM formatted
|
||||
# string is not actually encrypted but still a valid PEM string.
|
||||
pub, priv = pycrypto.create_rsa_public_and_private_from_encrypted_pem(
|
||||
# create_rsa_public_and_private_from_pem() returns a tuple of
|
||||
# ssl_crypto_formats.PEMRSA_SCHEMA objects if the PEM formatted string is
|
||||
# not actually encrypted but still a valid PEM string.
|
||||
pub, priv = ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem(
|
||||
private_rsa, passphrase)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(pub),
|
||||
FORMAT_ERROR_MSG)
|
||||
self.assertEqual(None, tuf.ssl_crypto.formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
self.assertEqual(None, ssl_crypto_formats.PEMRSA_SCHEMA.check_match(priv),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check for invalid arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
|
||||
123, passphrase)
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError,
|
||||
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
|
||||
pem_rsakey, ['pw'])
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError,
|
||||
pycrypto.create_rsa_public_and_private_from_encrypted_pem,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError,
|
||||
ssl_crypto_pycrypto_keys.create_rsa_public_and_private_from_pem,
|
||||
'invalid_pem', passphrase)
|
||||
|
||||
|
||||
|
|
@ -245,11 +235,11 @@ def test_encrypt_key(self):
|
|||
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
|
||||
'keyval': {'public': public_rsa, 'private': private_rsa}}
|
||||
|
||||
encrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.encrypt_key(rsa_key, passphrase)
|
||||
encrypted_rsa_key = ssl_crypto_pycrypto_keys.encrypt_key(rsa_key, passphrase)
|
||||
|
||||
# Test for invalid arguments.
|
||||
rsa_key['keyval']['private'] = ''
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, tuf.ssl_crypto.pycrypto_keys.encrypt_key, rsa_key,
|
||||
self.assertRaises(ssl_commons_exceptions.FormatError, ssl_crypto_pycrypto_keys.encrypt_key, rsa_key,
|
||||
'passphrase')
|
||||
|
||||
|
||||
|
|
@ -263,29 +253,29 @@ def test_decrypt_key(self):
|
|||
'keyid': 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d',
|
||||
'keyval': {'public': public_rsa, 'private': private_rsa}}
|
||||
|
||||
encrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.encrypt_key(rsa_key, passphrase).encode('utf-8')
|
||||
encrypted_rsa_key = ssl_crypto_pycrypto_keys.encrypt_key(rsa_key, passphrase).encode('utf-8')
|
||||
|
||||
decrypted_rsa_key = tuf.ssl_crypto.pycrypto_keys.decrypt_key(encrypted_rsa_key, passphrase)
|
||||
decrypted_rsa_key = ssl_crypto_pycrypto_keys.decrypt_key(encrypted_rsa_key, passphrase)
|
||||
|
||||
|
||||
# Test for invalid arguments.
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key, b'bad',
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key, b'bad',
|
||||
passphrase)
|
||||
|
||||
# Test for invalid encrypted content (i.e., invalid hmac and ciphertext.)
|
||||
encryption_delimiter = tuf.ssl_crypto.pycrypto_keys._ENCRYPTION_DELIMITER
|
||||
encryption_delimiter = ssl_crypto_pycrypto_keys._ENCRYPTION_DELIMITER
|
||||
salt, iterations, hmac, iv, ciphertext = \
|
||||
encrypted_rsa_key.decode('utf-8').split(encryption_delimiter)
|
||||
|
||||
# Set an invalid hmac. The decryption routine sould raise a tuf.ssl_commons.exceptions.CryptoError
|
||||
# exception because 'hmac' does not match the hmac calculated by the
|
||||
# decryption routine.
|
||||
# Set an invalid hmac. The decryption routine sould raise a
|
||||
# ssl_commons_exceptions.CryptoError exception because 'hmac' does not
|
||||
# match the hmac calculated by the decryption routine.
|
||||
bad_hmac = '12345abcd'
|
||||
invalid_encrypted_rsa_key = \
|
||||
salt + encryption_delimiter + iterations + encryption_delimiter + \
|
||||
bad_hmac + encryption_delimiter + iv + encryption_delimiter + ciphertext
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key,
|
||||
invalid_encrypted_rsa_key.encode('utf-8'), passphrase)
|
||||
|
||||
# Test for invalid 'ciphertext'
|
||||
|
|
@ -294,18 +284,18 @@ def test_decrypt_key(self):
|
|||
salt + encryption_delimiter + iterations + encryption_delimiter + \
|
||||
hmac + encryption_delimiter + iv + encryption_delimiter + bad_ciphertext
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys.decrypt_key,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys.decrypt_key,
|
||||
invalid_encrypted_rsa_key.encode('utf-8'), passphrase)
|
||||
|
||||
|
||||
|
||||
def test__decrypt_key(self):
|
||||
# Test for invalid arguments.
|
||||
salt, iterations, derived_key = tuf.ssl_crypto.pycrypto_keys._generate_derived_key('pw')
|
||||
salt, iterations, derived_key = ssl_crypto_pycrypto_keys._generate_derived_key('pw')
|
||||
derived_key_information = {'salt': salt, 'derived_key': derived_key,
|
||||
'iterations': iterations}
|
||||
|
||||
self.assertRaises(tuf.ssl_commons.exceptions.CryptoError, tuf.ssl_crypto.pycrypto_keys._encrypt,
|
||||
self.assertRaises(ssl_commons_exceptions.CryptoError, ssl_crypto_pycrypto_keys._encrypt,
|
||||
8, derived_key_information)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -960,9 +960,10 @@ def import_rsa_privatekey_from_file(filepath, password=None):
|
|||
with open(filepath, 'rb') as file_object:
|
||||
encrypted_pem = file_object.read().decode('utf-8')
|
||||
|
||||
# Convert 'encrypted_pem' to 'tuf.ssl_crypto.formats.RSAKEY_SCHEMA' format. Raise
|
||||
# 'tuf.ssl_commons.exceptions.CryptoError' if 'encrypted_pem' is invalid.
|
||||
rsa_key = tuf.ssl_crypto.keys.import_rsakey_from_encrypted_pem(encrypted_pem, password)
|
||||
# Convert 'encrypted_pem' to 'tuf.ssl_crypto.formats.RSAKEY_SCHEMA' format.
|
||||
# Raise 'tuf.ssl_commons.exceptions.CryptoError' if 'encrypted_pem' is
|
||||
# invalid.
|
||||
rsa_key = tuf.ssl_crypto.keys.import_rsakey_from_pem(encrypted_pem, password)
|
||||
|
||||
return rsa_key
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 22461440fa4e0521bdf584490733a130ed02550f
|
||||
Subproject commit ff19a508023cec859a3e2bc3a897030075743792
|
||||
Loading…
Reference in a new issue