forked from pyca/cryptography
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refs pyca#3331 -- integrated wycheproof ECDSA tests
- Loading branch information
Showing
1 changed file
with
74 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| # This file is dual licensed under the terms of the Apache License, Version | ||
| # 2.0, and the BSD License. See the LICENSE file in the root of this repository | ||
| # for complete details. | ||
|
|
||
| from __future__ import absolute_import, division, print_function | ||
|
|
||
| import binascii | ||
|
|
||
| import pytest | ||
|
|
||
| from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm | ||
| from cryptography.hazmat.backends.interfaces import EllipticCurveBackend | ||
| from cryptography.hazmat.primitives import hashes, serialization | ||
| from cryptography.hazmat.primitives.asymmetric import ec | ||
|
|
||
|
|
||
| _DIGESTS = { | ||
| "SHA-1": hashes.SHA1(), | ||
| "SHA-224": hashes.SHA224(), | ||
| "SHA-256": hashes.SHA256(), | ||
| "SHA-384": hashes.SHA384(), | ||
| "SHA-512": hashes.SHA512(), | ||
| } | ||
| _CURVES = {} | ||
|
|
||
|
|
||
| @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) | ||
| @pytest.mark.wycheproof_tests( | ||
| "ecdsa_test.json", | ||
| "ecdsa_brainpoolP224r1_sha224_test.json", | ||
| "ecdsa_brainpoolP256r1_sha256_test.json", | ||
| "ecdsa_brainpoolP320r1_sha384_test.json", | ||
| "ecdsa_brainpoolP384r1_sha384_test.json", | ||
| "ecdsa_brainpoolP512r1_sha512_test.json", | ||
| "ecdsa_secp224r1_sha224_test.json", | ||
| "ecdsa_secp224r1_sha256_test.json", | ||
| "ecdsa_secp224r1_sha512_test.json", | ||
| "ecdsa_secp256k1_sha256_test.json", | ||
| "ecdsa_secp256k1_sha512_test.json", | ||
| "ecdsa_secp256r1_sha256_test.json", | ||
| "ecdsa_secp256r1_sha512_test.json", | ||
| "ecdsa_secp384r1_sha384_test.json", | ||
| "ecdsa_secp384r1_sha512_test.json", | ||
| "ecdsa_secp521r1_sha512_test.json", | ||
| ) | ||
| def test_rsa_signature(backend, wycheproof): | ||
| try: | ||
| key = serialization.load_der_public_key( | ||
| binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend | ||
| ) | ||
| except UnsupportedAlgorithm: | ||
| pytest.skip( | ||
| "curve not supported ({})".format( | ||
| wycheproof.testgroup["key"]["curve"] | ||
| ) | ||
| ) | ||
| digest = _DIGESTS[wycheproof.testgroup["sha"]] | ||
|
|
||
| if ( | ||
| wycheproof.valid or | ||
| (wycheproof.acceptable and not wycheproof.has_flag("MissingZero")) | ||
| ): | ||
| key.verify( | ||
| binascii.unhexlify(wycheproof.testcase["sig"]), | ||
| binascii.unhexlify(wycheproof.testcase["msg"]), | ||
| ec.ECDSA(digest), | ||
| ) | ||
| else: | ||
| with pytest.raises(InvalidSignature): | ||
| key.verify( | ||
| binascii.unhexlify(wycheproof.testcase["sig"]), | ||
| binascii.unhexlify(wycheproof.testcase["msg"]), | ||
| ec.ECDSA(digest), | ||
| ) |