Ensure curves are supported in determinisic ECDSA tests (#10917)

* Ensure curves are supported in determinisic ECDSA tests * x25519/x448 isnt fips anymore i guess
pyca · May 2, 2024 · b4ca965 · b4ca965
1 parent 05d44a8
commit b4ca965
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 10 deletions.
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -325,20 +325,12 @@ def dh_x942_serialization_supported(self) -> bool:
         return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1
 
     def x25519_supported(self) -> bool:
-        # Beginning with OpenSSL 3.2.0, X25519 is considered FIPS.
-        if (
-            self._fips_enabled
-            and not rust_openssl.CRYPTOGRAPHY_OPENSSL_320_OR_GREATER
-        ):
+        if self._fips_enabled:
             return False
         return True
 
     def x448_supported(self) -> bool:
-        # Beginning with OpenSSL 3.2.0, X448 is considered FIPS.
-        if (
-            self._fips_enabled
-            and not rust_openssl.CRYPTOGRAPHY_OPENSSL_320_OR_GREATER
-        ):
+        if self._fips_enabled:
             return False
         return (
             not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL

diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
@@ -535,6 +535,23 @@ def test_deterministic_nonce(self, backend, subtests):
             "SHA384": hashes.SHA384(),
             "SHA512": hashes.SHA512(),
         }
+        curves = {
+            "B-163": ec.SECT163R2(),
+            "B-233": ec.SECT233R1(),
+            "B-283": ec.SECT283R1(),
+            "B-409": ec.SECT409R1(),
+            "B-571": ec.SECT571R1(),
+            "K-163": ec.SECT163K1(),
+            "K-233": ec.SECT233K1(),
+            "K-283": ec.SECT283K1(),
+            "K-409": ec.SECT409K1(),
+            "K-571": ec.SECT571K1(),
+            "P-192": ec.SECP192R1(),
+            "P-224": ec.SECP224R1(),
+            "P-256": ec.SECP256R1(),
+            "P-384": ec.SECP384R1(),
+            "P-521": ec.SECP521R1(),
+        }
         vectors = load_vectors_from_file(
             os.path.join(
                 "asymmetric", "ECDSA", "RFC6979", "evppkey_ecdsa_rfc6979.txt"
@@ -547,6 +564,9 @@ def test_deterministic_nonce(self, backend, subtests):
                 input = bytes(vector["input"], "utf-8")
                 output = bytes.fromhex(vector["output"])
                 key = bytes("\n".join(vector["key"]), "utf-8")
+                curve = curves[vector["key_name"].split("_")[0]]
+                _skip_curve_unsupported(backend, curve)
+
                 if "digest_sign" in vector:
                     algorithm = vector["digest_sign"]
                     hash_algorithm = supported_hash_algorithms[algorithm]

diff --git a/tests/utils.py b/tests/utils.py
@@ -734,6 +734,7 @@ def load_rfc6979_vectors(vector_data):
             key_name = line.split("=")[1].strip()
             assert key_name in keys
             data["key"] = keys[key_name]
+            data["key_name"] = key_name
         elif line.startswith("NonceType = "):
             nonce_type = line.split("=")[1].strip()
             data["deterministic_nonce"] = nonce_type == "deterministic"