1 files changed, 97 insertions, 26 deletions
diff --git a/frozen_deps/ecdsa/test_ecdh.py b/frozen_deps/ecdsa/test_ecdh.py
index caf6835..872d4d1 100644
--- a/frozen_deps/ecdsa/test_ecdh.py
+++ b/frozen_deps/ecdsa/test_ecdh.py
@@ -2,18 +2,41 @@ import os
 import shutil
 import subprocess
 import pytest
-from binascii import hexlify, unhexlify
-
-from .curves import NIST192p, NIST224p, NIST256p, NIST384p, NIST521p
+from binascii import unhexlify
+
+try:
+ import unittest2 as unittest
+except ImportError:
+ import unittest
+
+from .curves import (
+ NIST192p,
+ NIST224p,
+ NIST256p,
+ NIST384p,
+ NIST521p,
+ BRAINPOOLP160r1,
+)
 from .curves import curves
-from .ecdh import ECDH, InvalidCurveError, InvalidSharedSecretError, NoKeyError
+from .ecdh import (
+ ECDH,
+ InvalidCurveError,
+ InvalidSharedSecretError,
+ NoKeyError,
+ NoCurveError,
+)
 from .keys import SigningKey, VerifyingKey
+from .ellipticcurve import CurveEdTw
 
 
 @pytest.mark.parametrize(
- "vcurve", curves, ids=[curve.name for curve in curves]
+ "vcurve",
+ curves,
+ ids=[curve.name for curve in curves],
 )
 def test_ecdh_each(vcurve):
+ if isinstance(vcurve.curve, CurveEdTw):
+ pytest.skip("ECDH is not supported for Edwards curves")
 ecdh1 = ECDH(curve=vcurve)
 ecdh2 = ECDH(curve=vcurve)
 
@@ -26,6 +49,19 @@ def test_ecdh_each(vcurve):
 assert secret1 == secret2
 
 
+def test_ecdh_both_keys_present():
+ key1 = SigningKey.generate(BRAINPOOLP160r1)
+ key2 = SigningKey.generate(BRAINPOOLP160r1)
+
+ ecdh1 = ECDH(BRAINPOOLP160r1, key1, key2.verifying_key)
+ ecdh2 = ECDH(private_key=key2, public_key=key1.verifying_key)
+
+ secret1 = ecdh1.generate_sharedsecret_bytes()
+ secret2 = ecdh2.generate_sharedsecret_bytes()
+
+ assert secret1 == secret2
+
+
 def test_ecdh_no_public_key():
 ecdh1 = ECDH(curve=NIST192p)
 
@@ -38,6 +74,44 @@ def test_ecdh_no_public_key():
 ecdh1.generate_sharedsecret_bytes()
 
 
+class TestECDH(unittest.TestCase):
+ def test_load_key_from_wrong_curve(self):
+ ecdh1 = ECDH()
+ ecdh1.set_curve(NIST192p)
+
+ key1 = SigningKey.generate(BRAINPOOLP160r1)
+
+ with self.assertRaises(InvalidCurveError) as e:
+ ecdh1.load_private_key(key1)
+
+ self.assertIn("Curve mismatch", str(e.exception))
+
+ def test_generate_without_curve(self):
+ ecdh1 = ECDH()
+
+ with self.assertRaises(NoCurveError) as e:
+ ecdh1.generate_private_key()
+
+ self.assertIn("Curve must be set", str(e.exception))
+
+ def test_load_bytes_without_curve_set(self):
+ ecdh1 = ECDH()
+
+ with self.assertRaises(NoCurveError) as e:
+ ecdh1.load_private_key_bytes(b"\x01" * 32)
+
+ self.assertIn("Curve must be set", str(e.exception))
+
+ def test_set_curve_from_received_public_key(self):
+ ecdh1 = ECDH()
+
+ key1 = SigningKey.generate(BRAINPOOLP160r1)
+
+ ecdh1.load_received_public_key(key1.verifying_key)
+
+ self.assertEqual(ecdh1.curve, BRAINPOOLP160r1)
+
+
 def test_ecdh_wrong_public_key_curve():
 ecdh1 = ECDH(curve=NIST192p)
 ecdh1.generate_private_key()
@@ -293,25 +367,27 @@ OPENSSL_SUPPORTED_CURVES = set(
 
 
 @pytest.mark.parametrize(
- "vcurve", curves, ids=[curve.name for curve in curves]
+ "vcurve",
+ curves,
+ ids=[curve.name for curve in curves],
 )
 def test_ecdh_with_openssl(vcurve):
+ if isinstance(vcurve.curve, CurveEdTw):
+ pytest.skip("Edwards curves are not supported for ECDH")
+
 assert vcurve.openssl_name
 
 if vcurve.openssl_name not in OPENSSL_SUPPORTED_CURVES:
 pytest.skip("system openssl does not support " + vcurve.openssl_name)
- return
 
 try:
 hlp = run_openssl("pkeyutl -help")
- if hlp.find("-derive") == 0:
+ if hlp.find("-derive") == 0: # pragma: no cover
 pytest.skip("system openssl does not support `pkeyutl -derive`")
- return
- except RunOpenSslError:
- pytest.skip("system openssl does not support `pkeyutl -derive`")
- return
+ except RunOpenSslError: # pragma: no cover
+ pytest.skip("system openssl could not be executed")
 
- if os.path.isdir("t"):
+ if os.path.isdir("t"): # pragma: no branch
 shutil.rmtree("t")
 os.mkdir("t")
 run_openssl(
@@ -346,25 +422,20 @@ def test_ecdh_with_openssl(vcurve):
 
 assert secret1 == secret2
 
- try:
- run_openssl(
- "pkeyutl -derive -inkey t/privkey1.pem -peerkey t/pubkey2.pem -out t/secret1"
- )
- run_openssl(
- "pkeyutl -derive -inkey t/privkey2.pem -peerkey t/pubkey1.pem -out t/secret2"
- )
- except RunOpenSslError:
- pytest.skip("system openssl does not support `pkeyutl -derive`")
- return
+ run_openssl(
+ "pkeyutl -derive -inkey t/privkey1.pem -peerkey t/pubkey2.pem -out t/secret1"
+ )
+ run_openssl(
+ "pkeyutl -derive -inkey t/privkey2.pem -peerkey t/pubkey1.pem -out t/secret2"
+ )
 
 with open("t/secret1", "rb") as e:
 ssl_secret1 = e.read()
 with open("t/secret1", "rb") as e:
 ssl_secret2 = e.read()
 
- if len(ssl_secret1) != vk1.curve.baselen:
- pytest.skip("system openssl does not support `pkeyutl -derive`")
- return
+ assert len(ssl_secret1) == vk1.curve.verifying_key_length // 2
+ assert len(secret1) == vk1.curve.verifying_key_length // 2
 
 assert ssl_secret1 == ssl_secret2
 assert secret1 == ssl_secret1