Refs pyca#3331 -- added initial wycheproof integration, starting with…

… x25519 tests
alex · Jul 5, 2018 · 0ad022b · 0ad022b
1 parent e2a0493
commit 0ad022b
Show file tree

Hide file tree

Showing 7 changed files with 87 additions and 6 deletions.
diff --git a/.travis/install.sh b/.travis/install.sh
@@ -18,23 +18,28 @@ if [ -n "${OPENSSL}" ]; then
     if [[ ! -f "$HOME/$OPENSSL_DIR/bin/openssl" ]]; then
         curl -O "https://www.openssl.org/source/openssl-${OPENSSL}.tar.gz"
         tar zxf "openssl-${OPENSSL}.tar.gz"
-        cd "openssl-${OPENSSL}"
+        pushd "openssl-${OPENSSL}"
         ./config shared no-asm no-ssl2 no-ssl3 -fPIC --prefix="$HOME/$OPENSSL_DIR"
         shlib_sed
         make depend
         make install
+        popd
     fi
 elif [ -n "${LIBRESSL}" ]; then
     LIBRESSL_DIR="ossl-1/${LIBRESSL}"
     if [[ ! -f "$HOME/$LIBRESSL_DIR/bin/openssl" ]]; then
         curl -O "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL}.tar.gz"
         tar zxf "libressl-${LIBRESSL}.tar.gz"
-        cd "libressl-${LIBRESSL}"
+        pushd "libressl-${LIBRESSL}"
         ./config -Wl -Wl,-Bsymbolic-functions -fPIC shared --prefix="$HOME/$LIBRESSL_DIR"
         shlib_sed
         make -j"$(nproc)" install
+        popd
     fi
 fi
+
+git clone --depth=1 https://github.com/google/wycheproof $HOME/wycheproof
+
 pip install virtualenv
 
 python -m virtualenv ~/.venv

diff --git a/.travis/run.sh b/.travis/run.sh
@@ -24,7 +24,7 @@ fi
 source ~/.venv/bin/activate
 
 if [ -n "${TOXENV}" ]; then
-    tox
+    tox -- --wycheproof-root=$HOME/wycheproof
 else
     pip install .
     case "${DOWNSTREAM}" in

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -144,6 +144,16 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) {
         timeout(time: 30, unit: 'MINUTES') {
 
             checkout_git(label)
+            checkout([
+                $class: 'GitSCM',
+                extensions: [[
+                    $class: 'RelativeTargetDirectory',
+                    relativeTargetDir: 'wycheproof',
+                ]],
+                userRemoteConfigs: [[
+                    'url': 'https://github.com/google/wycheproof',
+                ]]
+            ])
 
             withCredentials([string(credentialsId: 'cryptography-codecov-token', variable: 'CODECOV_TOKEN')]) {
                 withEnv(["LABEL=$label", "TOXENV=$toxenv", "IMAGE_NAME=$imageName"]) {
@@ -185,7 +195,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) {
 
                             @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE%
                             @set LIB="${opensslPaths[label]['lib']}";%LIB%
-                            tox -r
+                            tox -r -- --wycheproof-root=../wycheproof
                             IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
                             virtualenv .codecov
                             call .codecov/Scripts/activate
@@ -205,7 +215,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) {
                                 CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \
                                     LDFLAGS="/usr/local/opt/openssl\\@1.1/lib/libcrypto.a /usr/local/opt/openssl\\@1.1/lib/libssl.a" \
                                     CFLAGS="-I/usr/local/opt/openssl\\@1.1/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.9" \
-                                    tox -r --  --color=yes
+                                    tox -r --  --color=yes --wycheproof-root=../wycheproof
                                 virtualenv .venv
                                 source .venv/bin/activate
                                 # This pin must be kept in sync with tox.ini
@@ -218,7 +228,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) {
                             sh """#!/usr/bin/env bash
                                 set -xe
                                 cd cryptography
-                                tox -r -- --color=yes
+                                tox -r -- --color=yes --wycheproof-root=../wycheproof
                                 virtualenv .venv
                                 source .venv/bin/activate
                                 # This pin must be kept in sync with tox.ini

diff --git a/tests/wycheproof/__init__.py b/tests/wycheproof/__init__.py
diff --git a/tests/wycheproof/conftest.py b/tests/wycheproof/conftest.py
@@ -0,0 +1,20 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import pytest
+
+
+def pytest_addoption(parser):
+    parser.addoption("--wycheproof-root", default=None)
+
+
+@pytest.fixture
+def whycheproof(request):
+    wycheproof = request.config.getoption("--wycheproof-root")
+    if wycheproof is None:
+        pytest.skip("--wycheproof-root not provided")
+    return wycheproof
+
diff --git a/tests/wycheproof/test_x25519.py b/tests/wycheproof/test_x25519.py
@@ -0,0 +1,29 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+from cryptography.hazmat.primitives.asymmetric.x25519 import (
+    X25519PrivateKey, X25519PublicKey
+)
+
+from .utils import load_tests
+
+def test_x25519(backend, wycheproof):
+    for group, test in load_tests(wycheproof, "x25519_test.json"):
+        assert not group
+        private_key = X25519PrivateKey._from_private_bytes(
+            binascii.unhexlify(test["private"])
+        )
+        public_key = X25519PublicKey.from_public_bytes(
+            binascii.unhexlify(test{"public"])
+        )
+
+        assert test["result"] in ["valid", "acceptable"]
+        assert (
+            private_key.exchange(public_key) ==
+            binascii.unhexlify(test["shared"]
+        )
diff --git a/tests/wycheproof/utils.py b/tests/wycheproof/utils.py
@@ -0,0 +1,17 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import json
+
+
+def load_tests(wycheproof, test_file):
+    path = os.path.join(wycheproof, "testvectors", test_file)
+    with open(path) as f:
+        data = json.load(f)
+        for group in data["testGroups"]:
+            cases = group.pop("tests")
+            for c in cases:
+                yield group, c