From 3bef51eec2299403467e621ae660cef3f9256ac8 Mon Sep 17 00:00:00 2001 From: Determinant Date: Tue, 17 Nov 2020 18:47:40 -0500 Subject: update frozen deps --- freezed_deps/ecdsa/test_malformed_sigs.py | 306 ------------------------------ 1 file changed, 306 deletions(-) delete mode 100644 freezed_deps/ecdsa/test_malformed_sigs.py (limited to 'freezed_deps/ecdsa/test_malformed_sigs.py') diff --git a/freezed_deps/ecdsa/test_malformed_sigs.py b/freezed_deps/ecdsa/test_malformed_sigs.py deleted file mode 100644 index c1dca44..0000000 --- a/freezed_deps/ecdsa/test_malformed_sigs.py +++ /dev/null @@ -1,306 +0,0 @@ -from __future__ import with_statement, division - -import hashlib -try: - from hashlib import algorithms_available -except ImportError: # pragma: no cover - algorithms_available = [ - "md5", "sha1", "sha224", "sha256", "sha384", "sha512"] -from functools import partial -import pytest -import sys -from six import binary_type -import hypothesis.strategies as st -from hypothesis import note, assume, given, settings, example - -from .keys import SigningKey -from .keys import BadSignatureError -from .util import sigencode_der, sigencode_string -from .util import sigdecode_der, sigdecode_string -from .curves import curves, NIST256p -from .der import encode_integer, encode_bitstring, encode_octet_string, \ - encode_oid, encode_sequence, encode_constructed - - -example_data = b"some data to sign" -"""Since the data is hashed for processing, really any string will do.""" - - -hash_and_size = [(name, hashlib.new(name).digest_size) - for name in algorithms_available] -"""Pairs of hash names and their output sizes. -Needed for pairing with curves as we don't support hashes -bigger than order sizes of curves.""" - - -keys_and_sigs = [] -"""Name of the curve+hash combination, VerifyingKey and DER signature.""" - - -# for hypothesis strategy shrinking we want smallest curves and hashes first -for curve in sorted(curves, key=lambda x: x.baselen): - for hash_alg in [name for name, size in - sorted(hash_and_size, key=lambda x: x[1]) - if 0 < size <= curve.baselen]: - sk = SigningKey.generate( - curve, - hashfunc=partial(hashlib.new, hash_alg)) - - keys_and_sigs.append( - ("{0} {1}".format(curve, hash_alg), - sk.verifying_key, - sk.sign(example_data, sigencode=sigencode_der))) - - -# first make sure that the signatures can be verified -@pytest.mark.parametrize( - "verifying_key,signature", - [pytest.param(vk, sig, id=name) for name, vk, sig in keys_and_sigs]) -def test_signatures(verifying_key, signature): - assert verifying_key.verify(signature, example_data, - sigdecode=sigdecode_der) - - -@st.composite -def st_fuzzed_sig(draw, keys_and_sigs): - """ - Hypothesis strategy that generates pairs of VerifyingKey and malformed - signatures created by fuzzing of a valid signature. - """ - name, verifying_key, old_sig = draw(st.sampled_from(keys_and_sigs)) - note("Configuration: {0}".format(name)) - - sig = bytearray(old_sig) - - # decide which bytes should be removed - to_remove = draw(st.lists( - st.integers(min_value=0, max_value=len(sig)-1), - unique=True)) - to_remove.sort() - for i in reversed(to_remove): - del sig[i] - note("Remove bytes: {0}".format(to_remove)) - - # decide which bytes of the original signature should be changed - if sig: # pragma: no branch - xors = draw(st.dictionaries( - st.integers(min_value=0, max_value=len(sig)-1), - st.integers(min_value=1, max_value=255))) - for i, val in xors.items(): - sig[i] ^= val - note("xors: {0}".format(xors)) - - # decide where new data should be inserted - insert_pos = draw(st.integers(min_value=0, max_value=len(sig))) - # NIST521p signature is about 140 bytes long, test slightly longer - insert_data = draw(st.binary(max_size=256)) - - sig = sig[:insert_pos] + insert_data + sig[insert_pos:] - note("Inserted at position {0} bytes: {1!r}" - .format(insert_pos, insert_data)) - - sig = bytes(sig) - # make sure that there was performed at least one mutation on the data - assume(to_remove or xors or insert_data) - # and that the mutations didn't cancel each-other out - assume(sig != old_sig) - - return verifying_key, sig - - -params = {} -# not supported in hypothesis 2.0.0 -if sys.version_info >= (2, 7): # pragma: no branch - from hypothesis import HealthCheck - # deadline=5s because NIST521p are slow to verify - params["deadline"] = 5000 - params["suppress_health_check"] = [HealthCheck.data_too_large, - HealthCheck.filter_too_much, - HealthCheck.too_slow] - -slow_params = dict(params) -slow_params["max_examples"] = 10 - - -@settings(**params) -@given(st_fuzzed_sig(keys_and_sigs)) -def test_fuzzed_der_signatures(args): - verifying_key, sig = args - - with pytest.raises(BadSignatureError): - verifying_key.verify(sig, example_data, sigdecode=sigdecode_der) - - -@st.composite -def st_random_der_ecdsa_sig_value(draw): - """ - Hypothesis strategy for selecting random values and encoding them - to ECDSA-Sig-Value object:: - - ECDSA-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER - } - """ - name, verifying_key, _ = draw(st.sampled_from(keys_and_sigs)) - note("Configuration: {0}".format(name)) - order = int(verifying_key.curve.order) - - # the encode_integer doesn't suport negative numbers, would be nice - # to generate them too, but we have coverage for remove_integer() - # verifying that it doesn't accept them, so meh. - # Test all numbers around the ones that can show up (around order) - # way smaller and slightly bigger - r = draw(st.integers(min_value=0, max_value=order << 4) | - st.integers(min_value=order >> 2, max_value=order+1)) - s = draw(st.integers(min_value=0, max_value=order << 4) | - st.integers(min_value=order >> 2, max_value=order+1)) - - sig = encode_sequence(encode_integer(r), encode_integer(s)) - - return verifying_key, sig - - -@settings(**slow_params) -@given(st_random_der_ecdsa_sig_value()) -def test_random_der_ecdsa_sig_value(params): - """ - Check if random values encoded in ECDSA-Sig-Value structure are rejected - as signature. - """ - verifying_key, sig = params - - with pytest.raises(BadSignatureError): - verifying_key.verify(sig, example_data, sigdecode=sigdecode_der) - - -def st_der_integer(*args, **kwargs): - """ - Hypothesis strategy that returns a random positive integer as DER - INTEGER. - Parameters are passed to hypothesis.strategy.integer. - """ - if "min_value" not in kwargs: # pragma: no branch - kwargs["min_value"] = 0 - return st.builds(encode_integer, st.integers(*args, **kwargs)) - - -@st.composite -def st_der_bit_string(draw, *args, **kwargs): - """ - Hypothesis strategy that returns a random DER BIT STRING. - Parameters are passed to hypothesis.strategy.binary. - """ - data = draw(st.binary(*args, **kwargs)) - if data: - unused = draw(st.integers(min_value=0, max_value=7)) - data = bytearray(data) - data[-1] &= - (2**unused) - data = bytes(data) - else: - unused = 0 - return encode_bitstring(data, unused) - - -def st_der_octet_string(*args, **kwargs): - """ - Hypothesis strategy that returns a random DER OCTET STRING object. - Parameters are passed to hypothesis.strategy.binary - """ - return st.builds(encode_octet_string, st.binary(*args, **kwargs)) - - -def st_der_null(): - """ - Hypothesis strategy that returns DER NULL object. - """ - return st.just(b'\x05\x00') - - -@st.composite -def st_der_oid(draw): - """ - Hypothesis strategy that returns DER OBJECT IDENTIFIER objects. - """ - first = draw(st.integers(min_value=0, max_value=2)) - if first < 2: - second = draw(st.integers(min_value=0, max_value=39)) - else: - second = draw(st.integers(min_value=0, max_value=2**512)) - rest = draw(st.lists(st.integers(min_value=0, max_value=2**512), - max_size=50)) - return encode_oid(first, second, *rest) - - -def st_der(): - """ - Hypothesis strategy that returns random DER structures. - - A valid DER structure is any primitive object, an octet encoding - of a valid DER structure, sequence of valid DER objects or a constructed - encoding of any of the above. - """ - return st.recursive( - st.just(b'') | st_der_integer(max_value=2**4096) | - st_der_bit_string(max_size=1024**2) | - st_der_octet_string(max_size=1024**2) | st_der_null() | st_der_oid(), - lambda children: - st.builds(lambda x: encode_octet_string(x), st.one_of(children)) | - st.builds(lambda x: encode_bitstring(x, 0), st.one_of(children)) | - st.builds(lambda x: encode_sequence(*x), - st.lists(children, max_size=200)) | - st.builds(lambda tag, x: - encode_constructed(tag, x), - st.integers(min_value=0, max_value=0x3f), - st.one_of(children)), - max_leaves=40 - ) - - -@settings(**params) -@given(st.sampled_from(keys_and_sigs), st_der()) -def test_random_der_as_signature(params, der): - """Check if random DER structures are rejected as signature""" - name, verifying_key, _ = params - - with pytest.raises(BadSignatureError): - verifying_key.verify(der, example_data, sigdecode=sigdecode_der) - - -@settings(**params) -@given(st.sampled_from(keys_and_sigs), st.binary(max_size=1024**2)) -@example( - keys_and_sigs[0], - encode_sequence(encode_integer(0), encode_integer(0))) -@example( - keys_and_sigs[0], - encode_sequence(encode_integer(1), encode_integer(1)) + b'\x00') -@example( - keys_and_sigs[0], - encode_sequence(*[encode_integer(1)] * 3)) -def test_random_bytes_as_signature(params, der): - """Check if random bytes are rejected as signature""" - name, verifying_key, _ = params - - with pytest.raises(BadSignatureError): - verifying_key.verify(der, example_data, sigdecode=sigdecode_der) - - -keys_and_string_sigs = [ - (name, verifying_key, - sigencode_string(*sigdecode_der(sig, verifying_key.curve.order), - order=verifying_key.curve.order)) - for name, verifying_key, sig in keys_and_sigs] -""" -Name of the curve+hash combination, VerifyingKey and signature as a -byte string. -""" - - -@settings(**params) -@given(st_fuzzed_sig(keys_and_string_sigs)) -def test_fuzzed_string_signatures(params): - verifying_key, sig = params - - with pytest.raises(BadSignatureError): - verifying_key.verify(sig, example_data, sigdecode=sigdecode_string) -- cgit v1.2.3-70-g09d2