aboutsummaryrefslogtreecommitdiff
path: root/frozen_deps/ecdsa/test_pyecdsa.py
diff options
context:
space:
mode:
Diffstat (limited to 'frozen_deps/ecdsa/test_pyecdsa.py')
-rw-r--r--frozen_deps/ecdsa/test_pyecdsa.py607
1 files changed, 431 insertions, 176 deletions
diff --git a/frozen_deps/ecdsa/test_pyecdsa.py b/frozen_deps/ecdsa/test_pyecdsa.py
index d61f508..20201ba 100644
--- a/frozen_deps/ecdsa/test_pyecdsa.py
+++ b/frozen_deps/ecdsa/test_pyecdsa.py
@@ -5,24 +5,29 @@ try:
except ImportError:
import unittest
import os
-import sys
import shutil
import subprocess
import pytest
+import sys
from binascii import hexlify, unhexlify
-from hashlib import sha1, sha256, sha384, sha512
import hashlib
from functools import partial
-from hypothesis import given
+from hypothesis import given, settings
import hypothesis.strategies as st
from six import b, print_, binary_type
from .keys import SigningKey, VerifyingKey
from .keys import BadSignatureError, MalformedPointError, BadDigestError
from . import util
-from .util import sigencode_der, sigencode_strings
-from .util import sigdecode_der, sigdecode_strings
+from .util import (
+ sigencode_der,
+ sigencode_strings,
+ sigencode_strings_canonize,
+ sigencode_string_canonize,
+ sigencode_der_canonize,
+)
+from .util import sigdecode_der, sigdecode_strings, sigdecode_string
from .util import number_to_string, encoded_oid_ecPublicKey, MalformedSignature
from .curves import Curve, UnknownCurveError
from .curves import (
@@ -43,6 +48,13 @@ from .curves import (
BRAINPOOLP320r1,
BRAINPOOLP384r1,
BRAINPOOLP512r1,
+ BRAINPOOLP160t1,
+ BRAINPOOLP192t1,
+ BRAINPOOLP224t1,
+ BRAINPOOLP256t1,
+ BRAINPOOLP320t1,
+ BRAINPOOLP384t1,
+ BRAINPOOLP512t1,
Ed25519,
Ed448,
curves,
@@ -63,6 +75,13 @@ class SubprocessError(Exception):
pass
+HYP_SETTINGS = {}
+
+
+if "--fast" in sys.argv: # pragma: no cover
+ HYP_SETTINGS["max_examples"] = 2
+
+
def run_openssl(cmd):
OPENSSL = "openssl"
p = subprocess.Popen(
@@ -84,24 +103,29 @@ class ECDSA(unittest.TestCase):
priv = SigningKey.generate()
pub = priv.get_verifying_key()
- data = b("blahblah")
+ data = b"blahblah"
sig = priv.sign(data)
self.assertTrue(pub.verify(sig, data))
- self.assertRaises(BadSignatureError, pub.verify, sig, data + b("bad"))
+ self.assertRaises(BadSignatureError, pub.verify, sig, data + b"bad")
pub2 = VerifyingKey.from_string(pub.to_string())
self.assertTrue(pub2.verify(sig, data))
def test_deterministic(self):
- data = b("blahblah")
+ data = b"blahblah"
secexp = int("9d0219792467d7d37b4d43298a7d0c05", 16)
- priv = SigningKey.from_secret_exponent(secexp, SECP256k1, sha256)
+ priv = SigningKey.from_secret_exponent(
+ secexp, SECP256k1, hashlib.sha256
+ )
pub = priv.get_verifying_key()
k = rfc6979.generate_k(
- SECP256k1.generator.order(), secexp, sha256, sha256(data).digest()
+ SECP256k1.generator.order(),
+ secexp,
+ hashlib.sha256,
+ hashlib.sha256(data).digest(),
)
sig1 = priv.sign(data, k=k)
@@ -110,7 +134,7 @@ class ECDSA(unittest.TestCase):
sig2 = priv.sign(data, k=k)
self.assertTrue(pub.verify(sig2, data))
- sig3 = priv.sign_deterministic(data, sha256)
+ sig3 = priv.sign_deterministic(data, hashlib.sha256)
self.assertTrue(pub.verify(sig3, data))
self.assertEqual(sig1, sig2)
@@ -121,37 +145,16 @@ class ECDSA(unittest.TestCase):
self.assertRaises(TypeError, SigningKey)
self.assertRaises(TypeError, VerifyingKey)
- def test_lengths(self):
+ def test_lengths_default(self):
default = NIST192p
priv = SigningKey.generate()
pub = priv.get_verifying_key()
self.assertEqual(len(pub.to_string()), default.verifying_key_length)
- sig = priv.sign(b("data"))
+ sig = priv.sign(b"data")
self.assertEqual(len(sig), default.signature_length)
- for curve in (
- NIST192p,
- NIST224p,
- NIST256p,
- NIST384p,
- NIST521p,
- BRAINPOOLP160r1,
- BRAINPOOLP192r1,
- BRAINPOOLP224r1,
- BRAINPOOLP256r1,
- BRAINPOOLP320r1,
- BRAINPOOLP384r1,
- BRAINPOOLP512r1,
- ):
- priv = SigningKey.generate(curve=curve)
- pub1 = priv.get_verifying_key()
- pub2 = VerifyingKey.from_string(pub1.to_string(), curve)
- self.assertEqual(pub1.to_string(), pub2.to_string())
- self.assertEqual(len(pub1.to_string()), curve.verifying_key_length)
- sig = priv.sign(b("data"))
- self.assertEqual(len(sig), curve.signature_length)
def test_serialize(self):
- seed = b("secret")
+ seed = b"secret"
curve = NIST192p
secexp1 = util.randrange_from_seed__trytryagain(seed, curve.order)
secexp2 = util.randrange_from_seed__trytryagain(seed, curve.order)
@@ -164,7 +167,7 @@ class ECDSA(unittest.TestCase):
self.assertEqual(priv1.to_pem(), priv2.to_pem())
pub1 = priv1.get_verifying_key()
pub2 = priv2.get_verifying_key()
- data = b("data")
+ data = b"data"
sig1 = priv1.sign(data)
sig2 = priv2.sign(data)
self.assertTrue(pub1.verify(sig1, data))
@@ -174,7 +177,7 @@ class ECDSA(unittest.TestCase):
self.assertEqual(hexlify(pub1.to_string()), hexlify(pub2.to_string()))
def test_nonrandom(self):
- s = b("all the entropy in the entire world, compressed into one line")
+ s = b"all the entropy in the entire world, compressed into one line"
def not_much_entropy(numbytes):
return s[:numbytes]
@@ -190,8 +193,8 @@ class ECDSA(unittest.TestCase):
# want to do this with keys you care about, because the secrecy of
# the private key depends upon using different random numbers for
# each signature
- sig1 = priv1.sign(b("data"), entropy=not_much_entropy)
- sig2 = priv2.sign(b("data"), entropy=not_much_entropy)
+ sig1 = priv1.sign(b"data", entropy=not_much_entropy)
+ sig2 = priv2.sign(b"data", entropy=not_much_entropy)
self.assertEqual(hexlify(sig1), hexlify(sig2))
def assertTruePrivkeysEqual(self, priv1, priv2):
@@ -204,7 +207,7 @@ class ECDSA(unittest.TestCase):
)
def test_privkey_creation(self):
- s = b("all the entropy in the entire world, compressed into one line")
+ s = b"all the entropy in the entire world, compressed into one line"
def not_much_entropy(numbytes):
return s[:numbytes]
@@ -239,8 +242,8 @@ class ECDSA(unittest.TestCase):
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
- self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
- self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
+ self.assertTrue(s1.startswith(b"-----BEGIN EC PRIVATE KEY-----"))
+ self.assertTrue(s1.strip().endswith(b"-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
@@ -252,8 +255,8 @@ class ECDSA(unittest.TestCase):
priv1 = SigningKey.generate(curve=NIST256p)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
- self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
- self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
+ self.assertTrue(s1.startswith(b"-----BEGIN EC PRIVATE KEY-----"))
+ self.assertTrue(s1.strip().endswith(b"-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
@@ -266,8 +269,8 @@ class ECDSA(unittest.TestCase):
priv1 = SigningKey.generate(curve=BRAINPOOLP512r1)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
- self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
- self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
+ self.assertTrue(s1.startswith(b"-----BEGIN EC PRIVATE KEY-----"))
+ self.assertTrue(s1.strip().endswith(b"-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
@@ -304,7 +307,7 @@ class ECDSA(unittest.TestCase):
self.assertTruePubkeysEqual(pub1, pub2)
self.assertRaises(
- der.UnexpectedDER, VerifyingKey.from_der, pub1_der + b("junk")
+ der.UnexpectedDER, VerifyingKey.from_der, pub1_der + b"junk"
)
badpub = VerifyingKey.from_der(pub1_der)
@@ -328,10 +331,8 @@ class ECDSA(unittest.TestCase):
pem = pub1.to_pem()
self.assertEqual(type(pem), binary_type)
- self.assertTrue(pem.startswith(b("-----BEGIN PUBLIC KEY-----")), pem)
- self.assertTrue(
- pem.strip().endswith(b("-----END PUBLIC KEY-----")), pem
- )
+ self.assertTrue(pem.startswith(b"-----BEGIN PUBLIC KEY-----"), pem)
+ self.assertTrue(pem.strip().endswith(b"-----END PUBLIC KEY-----"), pem)
pub2 = VerifyingKey.from_pem(pem)
self.assertTruePubkeysEqual(pub1, pub2)
@@ -388,7 +389,7 @@ class ECDSA(unittest.TestCase):
type_oid_der = encoded_oid_ecPublicKey
curve_oid_der = der.encode_oid(*(1, 2, 840, 10045, 3, 1, 1))
enc_type_der = der.encode_sequence(type_oid_der, curve_oid_der)
- point_der = der.encode_bitstring(b"\x00\xff", None) + b("garbage")
+ point_der = der.encode_bitstring(b"\x00\xff", None) + b"garbage"
to_decode = der.encode_sequence(enc_type_der, point_der)
with self.assertRaises(der.UnexpectedDER):
@@ -427,7 +428,7 @@ class ECDSA(unittest.TestCase):
def test_signature_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
- data = b("data")
+ data = b"data"
sig = priv1.sign(data)
self.assertEqual(type(sig), binary_type)
@@ -447,24 +448,96 @@ class ECDSA(unittest.TestCase):
self.assertEqual(type(sig_der), binary_type)
self.assertTrue(pub1.verify(sig_der, data, sigdecode=sigdecode_der))
+ def test_sigencode_string_canonize_no_change(self):
+ r = 12
+ s = 400
+ order = SECP112r1.order
+
+ new_r, new_s = sigdecode_string(
+ sigencode_string_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(s, new_s)
+
+ def test_sigencode_string_canonize(self):
+ r = 12
+ order = SECP112r1.order
+ s = order - 10
+
+ new_r, new_s = sigdecode_string(
+ sigencode_string_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(order - s, new_s)
+
+ def test_sigencode_strings_canonize_no_change(self):
+ r = 12
+ s = 400
+ order = SECP112r1.order
+
+ new_r, new_s = sigdecode_strings(
+ sigencode_strings_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(s, new_s)
+
+ def test_sigencode_strings_canonize(self):
+ r = 12
+ order = SECP112r1.order
+ s = order - 10
+
+ new_r, new_s = sigdecode_strings(
+ sigencode_strings_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(order - s, new_s)
+
+ def test_sigencode_der_canonize_no_change(self):
+ r = 13
+ s = 200
+ order = SECP112r1.order
+
+ new_r, new_s = sigdecode_der(
+ sigencode_der_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(s, new_s)
+
+ def test_sigencode_der_canonize(self):
+ r = 13
+ order = SECP112r1.order
+ s = order - 14
+
+ new_r, new_s = sigdecode_der(
+ sigencode_der_canonize(r, s, order), order
+ )
+
+ self.assertEqual(r, new_r)
+ self.assertEqual(order - s, new_s)
+
def test_sig_decode_strings_with_invalid_count(self):
with self.assertRaises(MalformedSignature):
- sigdecode_strings([b("one"), b("two"), b("three")], 0xFF)
+ sigdecode_strings([b"one", b"two", b"three"], 0xFF)
def test_sig_decode_strings_with_wrong_r_len(self):
with self.assertRaises(MalformedSignature):
- sigdecode_strings([b("one"), b("two")], 0xFF)
+ sigdecode_strings([b"one", b"two"], 0xFF)
def test_sig_decode_strings_with_wrong_s_len(self):
with self.assertRaises(MalformedSignature):
- sigdecode_strings([b("\xa0"), b("\xb0\xff")], 0xFF)
+ sigdecode_strings([b"\xa0", b"\xb0\xff"], 0xFF)
def test_verify_with_too_long_input(self):
sk = SigningKey.generate()
vk = sk.verifying_key
with self.assertRaises(BadDigestError):
- vk.verify_digest(None, b("\x00") * 128)
+ vk.verify_digest(None, b"\x00" * 128)
def test_sk_from_secret_exponent_with_wrong_sec_exponent(self):
with self.assertRaises(MalformedPointError):
@@ -472,11 +545,11 @@ class ECDSA(unittest.TestCase):
def test_sk_from_string_with_wrong_len_string(self):
with self.assertRaises(MalformedPointError):
- SigningKey.from_string(b("\x01"))
+ SigningKey.from_string(b"\x01")
def test_sk_from_der_with_junk_after_sequence(self):
ver_der = der.encode_integer(1)
- to_decode = der.encode_sequence(ver_der) + b("garbage")
+ to_decode = der.encode_sequence(ver_der) + b"garbage"
with self.assertRaises(der.UnexpectedDER):
SigningKey.from_der(to_decode)
@@ -490,7 +563,7 @@ class ECDSA(unittest.TestCase):
def test_sk_from_der_invalid_const_tag(self):
ver_der = der.encode_integer(1)
- privkey_der = der.encode_octet_string(b("\x00\xff"))
+ privkey_der = der.encode_octet_string(b"\x00\xff")
curve_oid_der = der.encode_oid(*(1, 2, 3))
const_der = der.encode_constructed(1, curve_oid_der)
to_decode = der.encode_sequence(
@@ -502,8 +575,8 @@ class ECDSA(unittest.TestCase):
def test_sk_from_der_garbage_after_privkey_oid(self):
ver_der = der.encode_integer(1)
- privkey_der = der.encode_octet_string(b("\x00\xff"))
- curve_oid_der = der.encode_oid(*(1, 2, 3)) + b("garbage")
+ privkey_der = der.encode_octet_string(b"\x00\xff")
+ curve_oid_der = der.encode_oid(*(1, 2, 3)) + b"garbage"
const_der = der.encode_constructed(0, curve_oid_der)
to_decode = der.encode_sequence(
ver_der, privkey_der, const_der, curve_oid_der
@@ -514,7 +587,7 @@ class ECDSA(unittest.TestCase):
def test_sk_from_der_with_short_privkey(self):
ver_der = der.encode_integer(1)
- privkey_der = der.encode_octet_string(b("\x00\xff"))
+ privkey_der = der.encode_octet_string(b"\x00\xff")
curve_oid_der = der.encode_oid(*(1, 2, 840, 10045, 3, 1, 1))
const_der = der.encode_constructed(0, curve_oid_der)
to_decode = der.encode_sequence(
@@ -598,30 +671,32 @@ class ECDSA(unittest.TestCase):
sk = SigningKey.from_secret_exponent(12)
with self.assertRaises(BadDigestError):
- sk.sign_digest(b("\xff") * 64)
+ sk.sign_digest(b"\xff" * 64)
def test_hashfunc(self):
- sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
- data = b("security level is 128 bits")
+ sk = SigningKey.generate(curve=NIST256p, hashfunc=hashlib.sha256)
+ data = b"security level is 128 bits"
sig = sk.sign(data)
vk = VerifyingKey.from_string(
- sk.get_verifying_key().to_string(), curve=NIST256p, hashfunc=sha256
+ sk.get_verifying_key().to_string(),
+ curve=NIST256p,
+ hashfunc=hashlib.sha256,
)
self.assertTrue(vk.verify(sig, data))
sk2 = SigningKey.generate(curve=NIST256p)
- sig2 = sk2.sign(data, hashfunc=sha256)
+ sig2 = sk2.sign(data, hashfunc=hashlib.sha256)
vk2 = VerifyingKey.from_string(
sk2.get_verifying_key().to_string(),
curve=NIST256p,
- hashfunc=sha256,
+ hashfunc=hashlib.sha256,
)
self.assertTrue(vk2.verify(sig2, data))
vk3 = VerifyingKey.from_string(
sk.get_verifying_key().to_string(), curve=NIST256p
)
- self.assertTrue(vk3.verify(sig, data, hashfunc=sha256))
+ self.assertTrue(vk3.verify(sig, data, hashfunc=hashlib.sha256))
def test_public_key_recovery(self):
# Create keys
@@ -631,7 +706,7 @@ class ECDSA(unittest.TestCase):
vk = sk.get_verifying_key()
# Sign a message
- data = b("blahblah")
+ data = b"blahblah"
signature = sk.sign(data)
# Recover verifying keys
@@ -660,16 +735,20 @@ class ECDSA(unittest.TestCase):
# Create keys
curve = BRAINPOOLP160r1
- sk = SigningKey.generate(curve=curve, hashfunc=sha256)
+ sk = SigningKey.generate(curve=curve, hashfunc=hashlib.sha256)
vk = sk.get_verifying_key()
# Sign a message
- data = b("blahblah")
+ data = b"blahblah"
signature = sk.sign(data)
# Recover verifying keys
recovered_vks = VerifyingKey.from_public_key_recovery(
- signature, data, curve, hashfunc=sha256, allow_truncate=True
+ signature,
+ data,
+ curve,
+ hashfunc=hashlib.sha256,
+ allow_truncate=True,
)
# Test if each pk is valid
@@ -679,7 +758,7 @@ class ECDSA(unittest.TestCase):
# Test if properties are equal
self.assertEqual(vk.curve, recovered_vk.curve)
- self.assertEqual(sha256, recovered_vk.default_hashfunc)
+ self.assertEqual(hashlib.sha256, recovered_vk.default_hashfunc)
# Test if original vk is the list of recovered keys
self.assertIn(
@@ -698,9 +777,9 @@ class ECDSA(unittest.TestCase):
)
self.assertEqual(vk.to_string(), exp)
self.assertEqual(vk.to_string("raw"), exp)
- self.assertEqual(vk.to_string("uncompressed"), b("\x04") + exp)
- self.assertEqual(vk.to_string("compressed"), b("\x02") + exp[:24])
- self.assertEqual(vk.to_string("hybrid"), b("\x06") + exp)
+ self.assertEqual(vk.to_string("uncompressed"), b"\x04" + exp)
+ self.assertEqual(vk.to_string("compressed"), b"\x02" + exp[:24])
+ self.assertEqual(vk.to_string("hybrid"), b"\x06" + exp)
def test_decoding(self):
sk = SigningKey.from_secret_exponent(123456789)
@@ -715,13 +794,13 @@ class ECDSA(unittest.TestCase):
from_raw = VerifyingKey.from_string(enc)
self.assertEqual(from_raw.pubkey.point, vk.pubkey.point)
- from_uncompressed = VerifyingKey.from_string(b("\x04") + enc)
+ from_uncompressed = VerifyingKey.from_string(b"\x04" + enc)
self.assertEqual(from_uncompressed.pubkey.point, vk.pubkey.point)
- from_compressed = VerifyingKey.from_string(b("\x02") + enc[:24])
+ from_compressed = VerifyingKey.from_string(b"\x02" + enc[:24])
self.assertEqual(from_compressed.pubkey.point, vk.pubkey.point)
- from_uncompressed = VerifyingKey.from_string(b("\x06") + enc)
+ from_uncompressed = VerifyingKey.from_string(b"\x06" + enc)
self.assertEqual(from_uncompressed.pubkey.point, vk.pubkey.point)
def test_uncompressed_decoding_as_only_alowed(self):
@@ -797,7 +876,7 @@ class ECDSA(unittest.TestCase):
)
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x02") + enc)
+ VerifyingKey.from_string(b"\x02" + enc)
def test_decoding_with_malformed_compressed(self):
enc = b(
@@ -807,7 +886,7 @@ class ECDSA(unittest.TestCase):
)
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x01") + enc[:24])
+ VerifyingKey.from_string(b"\x01" + enc[:24])
def test_decoding_with_inconsistent_hybrid(self):
enc = b(
@@ -817,7 +896,7 @@ class ECDSA(unittest.TestCase):
)
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x07") + enc)
+ VerifyingKey.from_string(b"\x07" + enc)
def test_decoding_with_point_not_on_curve(self):
enc = b(
@@ -827,18 +906,18 @@ class ECDSA(unittest.TestCase):
)
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(enc[:47] + b("\x00"))
+ VerifyingKey.from_string(enc[:47] + b"\x00")
def test_decoding_with_point_at_infinity(self):
# decoding it is unsupported, as it's not necessary to encode it
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x00"))
+ VerifyingKey.from_string(b"\x00")
def test_not_lying_on_curve(self):
enc = number_to_string(NIST192p.curve.p(), NIST192p.curve.p() + 1)
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x02") + enc)
+ VerifyingKey.from_string(b"\x02" + enc)
def test_from_string_with_invalid_curve_too_short_ver_key_len(self):
# both verifying_key_length and baselen are calculated internally
@@ -849,7 +928,7 @@ class ECDSA(unittest.TestCase):
curve.baselen = 32
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x00") * 16, curve)
+ VerifyingKey.from_string(b"\x00" * 16, curve)
def test_from_string_with_invalid_curve_too_long_ver_key_len(self):
# both verifying_key_length and baselen are calculated internally
@@ -860,7 +939,7 @@ class ECDSA(unittest.TestCase):
curve.baselen = 16
with self.assertRaises(MalformedPointError):
- VerifyingKey.from_string(b("\x00") * 16, curve)
+ VerifyingKey.from_string(b"\x00" * 16, curve)
@pytest.mark.parametrize(
@@ -870,9 +949,9 @@ def test_VerifyingKey_decode_with_small_values(val, even):
enc = number_to_string(val, NIST192p.order)
if even:
- enc = b("\x02") + enc
+ enc = b"\x02" + enc
else:
- enc = b("\x03") + enc
+ enc = b"\x03" + enc
# small values can both be actual valid public keys and not, verify that
# only expected exceptions are raised if they are not
@@ -903,6 +982,24 @@ def test_VerifyingKey_encode_decode(curve, encoding):
assert vk.pubkey.point == from_enc.pubkey.point
+if "--fast" in sys.argv: # pragma: no cover
+ params = [NIST192p, BRAINPOOLP160r1]
+else:
+ params = curves
+
+
[email protected]("curve", params)
+def test_lengths(curve):
+ priv = SigningKey.generate(curve=curve)
+ pub1 = priv.get_verifying_key()
+ pub2 = VerifyingKey.from_string(pub1.to_string(), curve)
+ assert pub1.to_string() == pub2.to_string()
+ assert len(pub1.to_string()) == curve.verifying_key_length
+ sig = priv.sign(b"data")
+ assert len(sig) == curve.signature_length
+
+
class OpenSSL(unittest.TestCase):
# test interoperability with OpenSSL tools. Note that openssl's ECDSA
# sign/verify arguments changed between 0.9.8 and 1.0.0: the early
@@ -939,6 +1036,7 @@ class OpenSSL(unittest.TestCase):
# vk: 3:OpenSSL->python 4:python->OpenSSL
# sig: 5:OpenSSL->python 6:python->OpenSSL
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp112r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp112r1",
@@ -946,6 +1044,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_secp112r1(self):
return self.do_test_from_openssl(SECP112r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp112r2" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp112r2",
@@ -953,6 +1052,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_secp112r2(self):
return self.do_test_from_openssl(SECP112r2)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp128r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp128r1",
@@ -960,6 +1060,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_secp128r1(self):
return self.do_test_from_openssl(SECP128r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp160r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp160r1",
@@ -967,6 +1068,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_secp160r1(self):
return self.do_test_from_openssl(SECP160r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime192v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime192v1",
@@ -974,6 +1076,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist192p(self):
return self.do_test_from_openssl(NIST192p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime192v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime192v1",
@@ -981,6 +1084,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist192p_sha256(self):
return self.do_test_from_openssl(NIST192p, "SHA256")
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp224r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp224r1",
@@ -988,6 +1092,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist224p(self):
return self.do_test_from_openssl(NIST224p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -995,6 +1100,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist256p(self):
return self.do_test_from_openssl(NIST256p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -1002,6 +1108,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist256p_sha384(self):
return self.do_test_from_openssl(NIST256p, "SHA384")
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -1009,6 +1116,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist256p_sha512(self):
return self.do_test_from_openssl(NIST256p, "SHA512")
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp384r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp384r1",
@@ -1016,6 +1124,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist384p(self):
return self.do_test_from_openssl(NIST384p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp521r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp521r1",
@@ -1023,6 +1132,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_nist521p(self):
return self.do_test_from_openssl(NIST521p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp256k1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp256k1",
@@ -1030,6 +1140,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_secp256k1(self):
return self.do_test_from_openssl(SECP256k1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP160r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP160r1",
@@ -1037,6 +1148,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp160r1(self):
return self.do_test_from_openssl(BRAINPOOLP160r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP192r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP192r1",
@@ -1044,6 +1156,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp192r1(self):
return self.do_test_from_openssl(BRAINPOOLP192r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP224r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP224r1",
@@ -1051,6 +1164,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp224r1(self):
return self.do_test_from_openssl(BRAINPOOLP224r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP256r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP256r1",
@@ -1058,6 +1172,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp256r1(self):
return self.do_test_from_openssl(BRAINPOOLP256r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP320r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP320r1",
@@ -1065,6 +1180,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp320r1(self):
return self.do_test_from_openssl(BRAINPOOLP320r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP384r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP384r1",
@@ -1072,6 +1188,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp384r1(self):
return self.do_test_from_openssl(BRAINPOOLP384r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP512r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP512r1",
@@ -1079,6 +1196,62 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_brainpoolp512r1(self):
return self.do_test_from_openssl(BRAINPOOLP512r1)
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP160t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP160t1",
+ )
+ def test_from_openssl_brainpoolp160t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP160t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP192t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP192t1",
+ )
+ def test_from_openssl_brainpoolp192t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP192t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP224t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP224t1",
+ )
+ def test_from_openssl_brainpoolp224t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP224t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP256t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP256t1",
+ )
+ def test_from_openssl_brainpoolp256t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP256t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP320t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP320t1",
+ )
+ def test_from_openssl_brainpoolp320t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP320t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP384t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP384t1",
+ )
+ def test_from_openssl_brainpoolp384t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP384t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP512t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP512t1",
+ )
+ def test_from_openssl_brainpoolp512t1(self):
+ return self.do_test_from_openssl(BRAINPOOLP512t1)
+
def do_test_from_openssl(self, curve, hash_name="SHA1"):
curvename = curve.openssl_name
assert curvename
@@ -1090,7 +1263,7 @@ class OpenSSL(unittest.TestCase):
os.mkdir("t")
run_openssl("ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run_openssl("ec -in t/privkey.pem -pubout -out t/pubkey.pem")
- data = b("data")
+ data = b"data"
with open("t/data.txt", "wb") as e:
e.write(data)
run_openssl(
@@ -1131,6 +1304,7 @@ class OpenSSL(unittest.TestCase):
sk_from_p8 = SigningKey.from_pem(privkey_p8_pem)
self.assertEqual(sk, sk_from_p8)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp112r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp112r1",
@@ -1138,6 +1312,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_secp112r1(self):
self.do_test_to_openssl(SECP112r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp112r2" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp112r2",
@@ -1145,6 +1320,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_secp112r2(self):
self.do_test_to_openssl(SECP112r2)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp128r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp128r1",
@@ -1152,6 +1328,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_secp128r1(self):
self.do_test_to_openssl(SECP128r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp160r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp160r1",
@@ -1159,6 +1336,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_secp160r1(self):
self.do_test_to_openssl(SECP160r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime192v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime192v1",
@@ -1166,6 +1344,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist192p(self):
self.do_test_to_openssl(NIST192p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime192v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime192v1",
@@ -1173,6 +1352,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist192p_sha256(self):
self.do_test_to_openssl(NIST192p, "SHA256")
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp224r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp224r1",
@@ -1180,6 +1360,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist224p(self):
self.do_test_to_openssl(NIST224p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -1187,6 +1368,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist256p(self):
self.do_test_to_openssl(NIST256p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -1194,6 +1376,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist256p_sha384(self):
self.do_test_to_openssl(NIST256p, "SHA384")
+ @pytest.mark.slow
@pytest.mark.skipif(
"prime256v1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support prime256v1",
@@ -1201,6 +1384,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist256p_sha512(self):
self.do_test_to_openssl(NIST256p, "SHA512")
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp384r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp384r1",
@@ -1208,6 +1392,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist384p(self):
self.do_test_to_openssl(NIST384p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp521r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp521r1",
@@ -1215,6 +1400,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_nist521p(self):
self.do_test_to_openssl(NIST521p)
+ @pytest.mark.slow
@pytest.mark.skipif(
"secp256k1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support secp256k1",
@@ -1222,6 +1408,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_secp256k1(self):
self.do_test_to_openssl(SECP256k1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP160r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP160r1",
@@ -1229,6 +1416,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp160r1(self):
self.do_test_to_openssl(BRAINPOOLP160r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP192r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP192r1",
@@ -1236,6 +1424,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp192r1(self):
self.do_test_to_openssl(BRAINPOOLP192r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP224r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP224r1",
@@ -1243,6 +1432,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp224r1(self):
self.do_test_to_openssl(BRAINPOOLP224r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP256r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP256r1",
@@ -1250,6 +1440,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp256r1(self):
self.do_test_to_openssl(BRAINPOOLP256r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP320r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP320r1",
@@ -1257,6 +1448,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp320r1(self):
self.do_test_to_openssl(BRAINPOOLP320r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP384r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP384r1",
@@ -1264,6 +1456,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp384r1(self):
self.do_test_to_openssl(BRAINPOOLP384r1)
+ @pytest.mark.slow
@pytest.mark.skipif(
"brainpoolP512r1" not in OPENSSL_SUPPORTED_CURVES,
reason="system openssl does not support brainpoolP512r1",
@@ -1271,6 +1464,62 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_brainpoolp512r1(self):
self.do_test_to_openssl(BRAINPOOLP512r1)
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP160t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP160t1",
+ )
+ def test_to_openssl_brainpoolp160t1(self):
+ self.do_test_to_openssl(BRAINPOOLP160t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP192t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP192t1",
+ )
+ def test_to_openssl_brainpoolp192t1(self):
+ self.do_test_to_openssl(BRAINPOOLP192t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP224t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP224t1",
+ )
+ def test_to_openssl_brainpoolp224t1(self):
+ self.do_test_to_openssl(BRAINPOOLP224t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP256t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP256t1",
+ )
+ def test_to_openssl_brainpoolp256t1(self):
+ self.do_test_to_openssl(BRAINPOOLP256t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP320t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP320t1",
+ )
+ def test_to_openssl_brainpoolp320t1(self):
+ self.do_test_to_openssl(BRAINPOOLP320t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP384t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP384t1",
+ )
+ def test_to_openssl_brainpoolp384t1(self):
+ self.do_test_to_openssl(BRAINPOOLP384t1)
+
+ @pytest.mark.slow
+ @pytest.mark.skipif(
+ "brainpoolP512t1" not in OPENSSL_SUPPORTED_CURVES,
+ reason="system openssl does not support brainpoolP512t1",
+ )
+ def test_to_openssl_brainpoolp512t1(self):
+ self.do_test_to_openssl(BRAINPOOLP512t1)
+
def do_test_to_openssl(self, curve, hash_name="SHA1"):
curvename = curve.openssl_name
assert curvename
@@ -1282,7 +1531,7 @@ class OpenSSL(unittest.TestCase):
os.mkdir("t")
sk = SigningKey.generate(curve=curve)
vk = sk.get_verifying_key()
- data = b("data")
+ data = b"data"
with open("t/pubkey.der", "wb") as e:
e.write(vk.to_der()) # 4
with open("t/pubkey.pem", "wb") as e:
@@ -1298,7 +1547,7 @@ class OpenSSL(unittest.TestCase):
with open("t/data.txt", "wb") as e:
e.write(data)
with open("t/baddata.txt", "wb") as e:
- e.write(data + b("corrupt"))
+ e.write(data + b"corrupt")
self.assertRaises(
SubprocessError,
@@ -1359,17 +1608,15 @@ class OpenSSL(unittest.TestCase):
OPENSSL_SUPPORTED_TYPES = set()
try:
if "-rawin" in run_openssl("pkeyutl -help"):
- OPENSSL_SUPPORTED_TYPES = set(
+ OPENSSL_SUPPORTED_TYPES = set( # pragma: no branch
c.lower()
for c in ("ED25519", "ED448")
if c in run_openssl("list -public-key-methods")
)
- except SubprocessError:
+ except SubprocessError: # pragma: no cover
pass
def do_eddsa_test_to_openssl(self, curve):
- curvename = curve.name.upper()
-
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
@@ -1406,6 +1653,7 @@ class OpenSSL(unittest.TestCase):
# in practice at least OpenSSL 3.0.0 is needed to make EdDSA signatures
# earlier versions support EdDSA only in X.509 certificates
+ @pytest.mark.slow
@pytest.mark.skipif(
"ed25519" not in OPENSSL_SUPPORTED_TYPES,
reason="system openssl does not support signing with Ed25519",
@@ -1413,6 +1661,7 @@ class OpenSSL(unittest.TestCase):
def test_to_openssl_ed25519(self):
return self.do_eddsa_test_to_openssl(Ed25519)
+ @pytest.mark.slow
@pytest.mark.skipif(
"ed448" not in OPENSSL_SUPPORTED_TYPES,
reason="system openssl does not support signing with Ed448",
@@ -1456,6 +1705,7 @@ class OpenSSL(unittest.TestCase):
shutil.rmtree("t")
+ @pytest.mark.slow
@pytest.mark.skipif(
"ed25519" not in OPENSSL_SUPPORTED_TYPES,
reason="system openssl does not support signing with Ed25519",
@@ -1463,6 +1713,7 @@ class OpenSSL(unittest.TestCase):
def test_from_openssl_ed25519(self):
return self.do_eddsa_test_from_openssl(Ed25519)
+ @pytest.mark.slow
@pytest.mark.skipif(
"ed448" not in OPENSSL_SUPPORTED_TYPES,
reason="system openssl does not support signing with Ed448",
@@ -1483,7 +1734,7 @@ class TooSmallCurve(unittest.TestCase):
)
def test_sign_too_small_curve_dont_allow_truncate_raises(self):
sk = SigningKey.generate(curve=NIST192p)
- data = b("data")
+ data = b"data"
with self.assertRaises(BadDigestError):
sk.sign(
data,
@@ -1499,7 +1750,7 @@ class TooSmallCurve(unittest.TestCase):
def test_verify_too_small_curve_dont_allow_truncate_raises(self):
sk = SigningKey.generate(curve=NIST192p)
vk = sk.get_verifying_key()
- data = b("data")
+ data = b"data"
sig_der = sk.sign(
data,
hashfunc=partial(hashlib.new, "SHA256"),
@@ -1518,69 +1769,70 @@ class TooSmallCurve(unittest.TestCase):
class DER(unittest.TestCase):
def test_integer(self):
- self.assertEqual(der.encode_integer(0), b("\x02\x01\x00"))
- self.assertEqual(der.encode_integer(1), b("\x02\x01\x01"))
- self.assertEqual(der.encode_integer(127), b("\x02\x01\x7f"))
- self.assertEqual(der.encode_integer(128), b("\x02\x02\x00\x80"))
- self.assertEqual(der.encode_integer(256), b("\x02\x02\x01\x00"))
- # self.assertEqual(der.encode_integer(-1), b("\x02\x01\xff"))
+ self.assertEqual(der.encode_integer(0), b"\x02\x01\x00")
+ self.assertEqual(der.encode_integer(1), b"\x02\x01\x01")
+ self.assertEqual(der.encode_integer(127), b"\x02\x01\x7f")
+ self.assertEqual(der.encode_integer(128), b"\x02\x02\x00\x80")
+ self.assertEqual(der.encode_integer(256), b"\x02\x02\x01\x00")
+ # self.assertEqual(der.encode_integer(-1), b"\x02\x01\xff")
def s(n):
- return der.remove_integer(der.encode_integer(n) + b("junk"))
+ return der.remove_integer(der.encode_integer(n) + b"junk")
- self.assertEqual(s(0), (0, b("junk")))
- self.assertEqual(s(1), (1, b("junk")))
- self.assertEqual(s(127), (127, b("junk")))
- self.assertEqual(s(128), (128, b("junk")))
- self.assertEqual(s(256), (256, b("junk")))
+ self.assertEqual(s(0), (0, b"junk"))
+ self.assertEqual(s(1), (1, b"junk"))
+ self.assertEqual(s(127), (127, b"junk"))
+ self.assertEqual(s(128), (128, b"junk"))
+ self.assertEqual(s(256), (256, b"junk"))
self.assertEqual(
s(1234567890123456789012345678901234567890),
- (1234567890123456789012345678901234567890, b("junk")),
+ (1234567890123456789012345678901234567890, b"junk"),
)
def test_number(self):
- self.assertEqual(der.encode_number(0), b("\x00"))
- self.assertEqual(der.encode_number(127), b("\x7f"))
- self.assertEqual(der.encode_number(128), b("\x81\x00"))
- self.assertEqual(der.encode_number(3 * 128 + 7), b("\x83\x07"))
+ self.assertEqual(der.encode_number(0), b"\x00")
+ self.assertEqual(der.encode_number(127), b"\x7f")
+ self.assertEqual(der.encode_number(128), b"\x81\x00")
+ self.assertEqual(der.encode_number(3 * 128 + 7), b"\x83\x07")
# self.assertEqual(der.read_number("\x81\x9b" + "more"), (155, 2))
- # self.assertEqual(der.encode_number(155), b("\x81\x9b"))
+ # self.assertEqual(der.encode_number(155), b"\x81\x9b")
for n in (0, 1, 2, 127, 128, 3 * 128 + 7, 840, 10045): # , 155):
- x = der.encode_number(n) + b("more")
+ x = der.encode_number(n) + b"more"
n1, llen = der.read_number(x)
self.assertEqual(n1, n)
- self.assertEqual(x[llen:], b("more"))
+ self.assertEqual(x[llen:], b"more")
def test_length(self):
- self.assertEqual(der.encode_length(0), b("\x00"))
- self.assertEqual(der.encode_length(127), b("\x7f"))
- self.assertEqual(der.encode_length(128), b("\x81\x80"))
- self.assertEqual(der.encode_length(255), b("\x81\xff"))
- self.assertEqual(der.encode_length(256), b("\x82\x01\x00"))
- self.assertEqual(der.encode_length(3 * 256 + 7), b("\x82\x03\x07"))
- self.assertEqual(der.read_length(b("\x81\x9b") + b("more")), (155, 2))
- self.assertEqual(der.encode_length(155), b("\x81\x9b"))
+ self.assertEqual(der.encode_length(0), b"\x00")
+ self.assertEqual(der.encode_length(127), b"\x7f")
+ self.assertEqual(der.encode_length(128), b"\x81\x80")
+ self.assertEqual(der.encode_length(255), b"\x81\xff")
+ self.assertEqual(der.encode_length(256), b"\x82\x01\x00")
+ self.assertEqual(der.encode_length(3 * 256 + 7), b"\x82\x03\x07")
+ self.assertEqual(der.read_length(b"\x81\x9b" + b"more"), (155, 2))
+ self.assertEqual(der.encode_length(155), b"\x81\x9b")
for n in (0, 1, 2, 127, 128, 255, 256, 3 * 256 + 7, 155):
- x = der.encode_length(n) + b("more")
+ x = der.encode_length(n) + b"more"
n1, llen = der.read_length(x)
self.assertEqual(n1, n)
- self.assertEqual(x[llen:], b("more"))
+ self.assertEqual(x[llen:], b"more")
def test_sequence(self):
- x = der.encode_sequence(b("ABC"), b("DEF")) + b("GHI")
- self.assertEqual(x, b("\x30\x06ABCDEFGHI"))
+ x = der.encode_sequence(b"ABC", b"DEF") + b"GHI"
+ self.assertEqual(x, b"\x30\x06ABCDEFGHI")
x1, rest = der.remove_sequence(x)
- self.assertEqual(x1, b("ABCDEF"))
- self.assertEqual(rest, b("GHI"))
+ self.assertEqual(x1, b"ABCDEF")
+ self.assertEqual(rest, b"GHI")
def test_constructed(self):
x = der.encode_constructed(0, NIST224p.encoded_oid)
- self.assertEqual(hexlify(x), b("a007") + b("06052b81040021"))
- x = der.encode_constructed(1, unhexlify(b("0102030a0b0c")))
- self.assertEqual(hexlify(x), b("a106") + b("0102030a0b0c"))
+ self.assertEqual(hexlify(x), b"a007" + b"06052b81040021")
+ x = der.encode_constructed(1, unhexlify(b"0102030a0b0c"))
+ self.assertEqual(hexlify(x), b"a106" + b"0102030a0b0c")
class Util(unittest.TestCase):
+ @pytest.mark.slow
def test_trytryagain(self):
tta = util.randrange_from_seed__trytryagain
for i in range(1000):
@@ -1599,7 +1851,7 @@ class Util(unittest.TestCase):
# this trytryagain *does* provide long-term stability
self.assertEqual(
("%x" % (tta("seed", NIST224p.order))).encode(),
- b("6fa59d73bf0446ae8743cf748fc5ac11d5585a90356417e97155c3bc"),
+ b"6fa59d73bf0446ae8743cf748fc5ac11d5585a90356417e97155c3bc",
)
def test_trytryagain_single(self):
@@ -1610,9 +1862,10 @@ class Util(unittest.TestCase):
# known issue: https://github.com/warner/python-ecdsa/issues/221
if sys.version_info < (3, 0): # pragma: no branch
self.assertEqual(n, 228)
- else:
+ else: # pragma: no branch
self.assertEqual(n, 18)
+ @settings(**HYP_SETTINGS)
@given(st.integers(min_value=0, max_value=10**200))
def test_randrange(self, i):
# util.randrange does not provide long-term stability: we might
@@ -1656,8 +1909,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=SECP256k1.generator,
secexp=int("9d0219792467d7d37b4d43298a7d0c05", 16),
- hsh=sha256(b("sample")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"sample").digest(),
+ hash_func=hashlib.sha256,
expected=int(
"8fa1f95d514760e498f28957b824ee6ec39ed64826ff4fecc2b5739ec45b91cd",
16,
@@ -1671,8 +1924,8 @@ class RFC6979(unittest.TestCase):
"cca9fbcc1b41e5a95d369eaa6ddcff73b61a4efaa279cfc6567e8daa39cbaf50",
16,
),
- hsh=sha256(b("sample")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"sample").digest(),
+ hash_func=hashlib.sha256,
expected=int(
"2df40ca70e639d89528a6b670d9d48d9165fdc0febc0974056bdce192b8e16a3",
16,
@@ -1683,8 +1936,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=SECP256k1.generator,
secexp=0x1,
- hsh=sha256(b("Satoshi Nakamoto")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"Satoshi Nakamoto").digest(),
+ hash_func=hashlib.sha256,
expected=0x8F8A276C19F4149656B280621E358CCE24F5F52542772691EE69063B74F15D15,
)
@@ -1692,12 +1945,10 @@ class RFC6979(unittest.TestCase):
self._do(
generator=SECP256k1.generator,
secexp=0x1,
- hsh=sha256(
- b(
- "All those moments will be lost in time, like tears in rain. Time to die..."
- )
+ hsh=hashlib.sha256(
+ b"All those moments will be lost in time, like tears in rain. Time to die..."
).digest(),
- hash_func=sha256,
+ hash_func=hashlib.sha256,
expected=0x38AA22D72376B4DBC472E06C3BA403EE0A394DA63FC58D88686C611ABA98D6B3,
)
@@ -1705,8 +1956,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=SECP256k1.generator,
secexp=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140,
- hsh=sha256(b("Satoshi Nakamoto")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"Satoshi Nakamoto").digest(),
+ hash_func=hashlib.sha256,
expected=0x33A19B60E25FB6F4435AF53A3D42D493644827367E6453928554F43E49AA6F90,
)
@@ -1714,8 +1965,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=SECP256k1.generator,
secexp=0xF8B8AF8CE3C7CCA5E300D33939540C10D45CE001B8F252BFBC57BA0342904181,
- hsh=sha256(b("Alan Turing")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"Alan Turing").digest(),
+ hash_func=hashlib.sha256,
expected=0x525A82B70E67874398067543FD84C83D30C175FDC45FDEEE082FE13B1D7CFDF1,
)
@@ -1734,7 +1985,7 @@ class RFC6979(unittest.TestCase):
"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF"
)
),
- hash_func=sha256,
+ hash_func=hashlib.sha256,
expected=int("23AF4074C90A02B3FE61D286D5C87F425E6BDD81B", 16),
)
@@ -1742,8 +1993,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha1(b("sample")).digest(),
- hash_func=sha1,
+ hsh=hashlib.sha1(b"sample").digest(),
+ hash_func=hashlib.sha1,
expected=int(
"37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021", 16
),
@@ -1753,8 +2004,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha256(b("sample")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"sample").digest(),
+ hash_func=hashlib.sha256,
expected=int(
"32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496", 16
),
@@ -1764,8 +2015,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha512(b("sample")).digest(),
- hash_func=sha512,
+ hsh=hashlib.sha512(b"sample").digest(),
+ hash_func=hashlib.sha512,
expected=int(
"A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1", 16
),
@@ -1775,8 +2026,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha1(b("test")).digest(),
- hash_func=sha1,
+ hsh=hashlib.sha1(b"test").digest(),
+ hash_func=hashlib.sha1,
expected=int(
"D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25", 16
),
@@ -1786,8 +2037,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha256(b("test")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"test").digest(),
+ hash_func=hashlib.sha256,
expected=int(
"5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C", 16
),
@@ -1797,8 +2048,8 @@ class RFC6979(unittest.TestCase):
self._do(
generator=NIST192p.generator,
secexp=int("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16),
- hsh=sha512(b("test")).digest(),
- hash_func=sha512,
+ hsh=hashlib.sha512(b"test").digest(),
+ hash_func=hashlib.sha512,
expected=int(
"0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527", 16
),
@@ -1811,8 +2062,8 @@ class RFC6979(unittest.TestCase):
"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
16,
),
- hsh=sha1(b("sample")).digest(),
- hash_func=sha1,
+ hsh=hashlib.sha1(b"sample").digest(),
+ hash_func=hashlib.sha1,
expected=int(
"089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
16,
@@ -1826,8 +2077,8 @@ class RFC6979(unittest.TestCase):
"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
16,
),
- hsh=sha256(b("sample")).digest(),
- hash_func=sha256,
+ hsh=hashlib.sha256(b"sample").digest(),
+ hash_func=hashlib.sha256,
expected=int(
"0EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
16,
@@ -1841,8 +2092,8 @@ class RFC6979(unittest.TestCase):
"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
16,
),
- hsh=sha512(b("test")).digest(),
- hash_func=sha512,
+ hsh=hashlib.sha512(b"test").digest(),
+ hash_func=hashlib.sha512,
expected=int(
"16200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
16,
@@ -1945,6 +2196,7 @@ class RFC6932(ECDH):
),
)
+ @pytest.mark.slow
def test_brainpoolP384r1(self):
self._do(
curve=curve_brainpoolp384r1,
@@ -1991,6 +2243,7 @@ class RFC6932(ECDH):
),
)
+ @pytest.mark.slow
def test_brainpoolP512r1(self):
self._do(
curve=curve_brainpoolp512r1,
@@ -2095,6 +2348,7 @@ class RFC7027(ECDH):
),
)
+ @pytest.mark.slow
def test_brainpoolP384r1(self):
self._do(
curve=curve_brainpoolp384r1,
@@ -2141,6 +2395,7 @@ class RFC7027(ECDH):
),
)
+ @pytest.mark.slow
def test_brainpoolP512r1(self):
self._do(
curve=curve_brainpoolp512r1,
@@ -2206,7 +2461,7 @@ class RFC7027(ECDH):
"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D",
"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE",
b"abc",
- sha256,
+ hashlib.sha256,
"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C",
"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315",
NIST256p,
@@ -2222,7 +2477,7 @@ class RFC7027(ECDH):
"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B"
"854D7FA992F934D927376285E63414FA",
b"abc",
- sha384,
+ hashlib.sha384,
"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E"
"08E07C9C63F2D21A07DCB56A6AF56EB3",
"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1"
@@ -2244,7 +2499,7 @@ class RFC7027(ECDH):
"373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B95"
"6C2F",
b"abc",
- sha512,
+ hashlib.sha512,
"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339"
"B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE54432055"
"2251",