diff --git a/.travis/install.sh b/.travis/install.sh index 2858d25d8e1b..ffc426c4e1a0 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -18,23 +18,28 @@ if [ -n "${OPENSSL}" ]; then if [[ ! -f "$HOME/$OPENSSL_DIR/bin/openssl" ]]; then curl -O "https://www.openssl.org/source/openssl-${OPENSSL}.tar.gz" tar zxf "openssl-${OPENSSL}.tar.gz" - cd "openssl-${OPENSSL}" + pushd "openssl-${OPENSSL}" ./config shared no-asm no-ssl2 no-ssl3 -fPIC --prefix="$HOME/$OPENSSL_DIR" shlib_sed make depend make install + popd fi elif [ -n "${LIBRESSL}" ]; then LIBRESSL_DIR="ossl-1/${LIBRESSL}" if [[ ! -f "$HOME/$LIBRESSL_DIR/bin/openssl" ]]; then curl -O "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL}.tar.gz" tar zxf "libressl-${LIBRESSL}.tar.gz" - cd "libressl-${LIBRESSL}" + pushd "libressl-${LIBRESSL}" ./config -Wl -Wl,-Bsymbolic-functions -fPIC shared --prefix="$HOME/$LIBRESSL_DIR" shlib_sed make -j"$(nproc)" install + popd fi fi + +git clone --depth=1 https://github.com/google/wycheproof $HOME/wycheproof + pip install virtualenv python -m virtualenv ~/.venv diff --git a/.travis/run.sh b/.travis/run.sh index a68ad1570343..befcdb07f5a5 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -24,7 +24,7 @@ fi source ~/.venv/bin/activate if [ -n "${TOXENV}" ]; then - tox + tox -- --wycheproof-root=$HOME/wycheproof else pip install . case "${DOWNSTREAM}" in diff --git a/Jenkinsfile b/Jenkinsfile index 2697b8f60406..816e9de84ba8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -144,6 +144,16 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) { timeout(time: 30, unit: 'MINUTES') { checkout_git(label) + checkout([ + $class: 'GitSCM', + extensions: [[ + $class: 'RelativeTargetDirectory', + relativeTargetDir: 'wycheproof', + ]], + userRemoteConfigs: [[ + 'url': 'https://github.com/google/wycheproof', + ]] + ]) withCredentials([string(credentialsId: 'cryptography-codecov-token', variable: 'CODECOV_TOKEN')]) { withEnv(["LABEL=$label", "TOXENV=$toxenv", "IMAGE_NAME=$imageName"]) { @@ -185,7 +195,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) { @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE% @set LIB="${opensslPaths[label]['lib']}";%LIB% - tox -r + tox -r -- --wycheproof-root=../wycheproof IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL% virtualenv .codecov call .codecov/Scripts/activate @@ -205,7 +215,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) { CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \ LDFLAGS="/usr/local/opt/openssl\\@1.1/lib/libcrypto.a /usr/local/opt/openssl\\@1.1/lib/libssl.a" \ CFLAGS="-I/usr/local/opt/openssl\\@1.1/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.9" \ - tox -r -- --color=yes + tox -r -- --color=yes --wycheproof-root=../wycheproof virtualenv .venv source .venv/bin/activate # This pin must be kept in sync with tox.ini @@ -218,7 +228,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) { sh """#!/usr/bin/env bash set -xe cd cryptography - tox -r -- --color=yes + tox -r -- --color=yes --wycheproof-root=../wycheproof virtualenv .venv source .venv/bin/activate # This pin must be kept in sync with tox.ini diff --git a/tests/wycheproof/__init__.py b/tests/wycheproof/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/wycheproof/conftest.py b/tests/wycheproof/conftest.py new file mode 100644 index 000000000000..d7042d57ce83 --- /dev/null +++ b/tests/wycheproof/conftest.py @@ -0,0 +1,20 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import pytest + + +def pytest_addoption(parser): + parser.addoption("--wycheproof-root", default=None) + + +@pytest.fixture +def whycheproof(request): + wycheproof = request.config.getoption("--wycheproof-root") + if wycheproof is None: + pytest.skip("--wycheproof-root not provided") + return wycheproof + diff --git a/tests/wycheproof/test_x25519.py b/tests/wycheproof/test_x25519.py new file mode 100644 index 000000000000..f2559182bfcd --- /dev/null +++ b/tests/wycheproof/test_x25519.py @@ -0,0 +1,29 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +from cryptography.hazmat.primitives.asymmetric.x25519 import ( + X25519PrivateKey, X25519PublicKey +) + +from .utils import load_tests + +def test_x25519(backend, wycheproof): + for group, test in load_tests(wycheproof, "x25519_test.json"): + assert not group + private_key = X25519PrivateKey._from_private_bytes( + binascii.unhexlify(test["private"]) + ) + public_key = X25519PublicKey.from_public_bytes( + binascii.unhexlify(test{"public"]) + ) + + assert test["result"] in ["valid", "acceptable"] + assert ( + private_key.exchange(public_key) == + binascii.unhexlify(test["shared"] + ) diff --git a/tests/wycheproof/utils.py b/tests/wycheproof/utils.py new file mode 100644 index 000000000000..bbcb6a6dd413 --- /dev/null +++ b/tests/wycheproof/utils.py @@ -0,0 +1,17 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import json + + +def load_tests(wycheproof, test_file): + path = os.path.join(wycheproof, "testvectors", test_file) + with open(path) as f: + data = json.load(f) + for group in data["testGroups"]: + cases = group.pop("tests") + for c in cases: + yield group, c