diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2024-01-29 18:42:21 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-29 19:42:21 -0500 |
commit | 722a6393e61b3acb569f404218f213fe08478a96 (patch) | |
tree | 676d864abb4b7ff086f33ded66913ce95465c9d7 /tests | |
parent | 46655d7736ecabc6a3a90fbbc06fd1fa6114ad2e (diff) | |
download | pyca-cryptography-722a6393e61b3acb569f404218f213fe08478a96.zip pyca-cryptography-722a6393e61b3acb569f404218f213fe08478a96.tar.gz pyca-cryptography-722a6393e61b3acb569f404218f213fe08478a96.tar.bz2 |
migrate ARC4 and TripleDES to decrepit (#10286)
Diffstat (limited to 'tests')
-rw-r--r-- | tests/hazmat/primitives/decrepit/test_3des.py (renamed from tests/hazmat/primitives/test_3des.py) | 7 | ||||
-rw-r--r-- | tests/hazmat/primitives/decrepit/test_algorithms.py | 67 | ||||
-rw-r--r-- | tests/hazmat/primitives/decrepit/test_arc4.py (renamed from tests/hazmat/primitives/test_arc4.py) | 6 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_ciphers.py | 79 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_cmac.py | 3 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_kbkdf.py | 2 | ||||
-rw-r--r-- | tests/hazmat/primitives/utils.py | 9 |
7 files changed, 91 insertions, 82 deletions
diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/decrepit/test_3des.py index 007ecfe..f64cbd2 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/decrepit/test_3des.py @@ -12,10 +12,11 @@ import os import pytest -from cryptography.hazmat.primitives.ciphers import algorithms, modes +from cryptography.hazmat.decrepit.ciphers import algorithms +from cryptography.hazmat.primitives.ciphers import modes -from ...utils import load_nist_vectors -from .utils import generate_encrypt_test +from ....utils import load_nist_vectors +from ..utils import generate_encrypt_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/decrepit/test_algorithms.py b/tests/hazmat/primitives/decrepit/test_algorithms.py index c812f17..0dbdac7 100644 --- a/tests/hazmat/primitives/decrepit/test_algorithms.py +++ b/tests/hazmat/primitives/decrepit/test_algorithms.py @@ -8,18 +8,83 @@ import os import pytest +from cryptography.exceptions import _Reasons from cryptography.hazmat.decrepit.ciphers.algorithms import ( + ARC4, CAST5, IDEA, SEED, Blowfish, + TripleDES, ) +from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers import modes -from ....utils import load_nist_vectors +from ....utils import load_nist_vectors, raises_unsupported_algorithm from ..utils import generate_encrypt_test +class TestARC4: + @pytest.mark.parametrize( + ("key", "keysize"), + [ + (b"0" * 10, 40), + (b"0" * 14, 56), + (b"0" * 16, 64), + (b"0" * 20, 80), + (b"0" * 32, 128), + (b"0" * 48, 192), + (b"0" * 64, 256), + ], + ) + def test_key_size(self, key, keysize): + cipher = ARC4(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + ARC4(binascii.unhexlify(b"0" * 34)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + ARC4("0" * 10) # type: ignore[arg-type] + + +def test_invalid_mode_algorithm(): + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.GCM(b"\x00" * 12), + ) + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.CBC(b"\x00" * 12), + ) + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): + ciphers.Cipher( + ARC4(b"\x00" * 16), + modes.CTR(b"\x00" * 12), + ) + + +class TestTripleDES: + @pytest.mark.parametrize("key", [b"0" * 16, b"0" * 32, b"0" * 48]) + def test_key_size(self, key): + cipher = TripleDES(binascii.unhexlify(key)) + assert cipher.key_size == 192 + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + TripleDES(binascii.unhexlify(b"0" * 12)) + + def test_invalid_key_type(self): + with pytest.raises(TypeError, match="key must be bytes"): + TripleDES("0" * 16) # type: ignore[arg-type] + + class TestBlowfish: @pytest.mark.parametrize( ("key", "keysize"), diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/decrepit/test_arc4.py index b589518..116f4b1 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/decrepit/test_arc4.py @@ -8,10 +8,10 @@ import os import pytest -from cryptography.hazmat.primitives.ciphers import algorithms +from cryptography.hazmat.decrepit.ciphers import algorithms -from ...utils import load_nist_vectors -from .utils import generate_stream_encryption_test +from ....utils import load_nist_vectors +from ..utils import generate_stream_encryption_test @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index e096986..5fef25b 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -11,21 +11,15 @@ import sys import pytest from cryptography import utils -from cryptography.exceptions import AlreadyFinalized, _Reasons +from cryptography.exceptions import AlreadyFinalized from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers import modes from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, - ARC4, Camellia, - TripleDES, ) -from ...utils import ( - load_nist_vectors, - load_vectors_from_file, - raises_unsupported_algorithm, -) +from ...utils import load_nist_vectors, load_vectors_from_file def test_deprecated_ciphers_import_with_warning(): @@ -45,6 +39,14 @@ def test_deprecated_ciphers_import_with_warning(): from cryptography.hazmat.primitives.ciphers.algorithms import ( SEED, # noqa: F401 ) + with pytest.warns(utils.CryptographyDeprecationWarning): + from cryptography.hazmat.primitives.ciphers.algorithms import ( + ARC4, # noqa: F401 + ) + with pytest.warns(utils.CryptographyDeprecationWarning): + from cryptography.hazmat.primitives.ciphers.algorithms import ( + TripleDES, # noqa: F401 + ) class TestAES: @@ -111,67 +113,6 @@ class TestCamellia: Camellia("0" * 32) # type: ignore[arg-type] -class TestTripleDES: - @pytest.mark.parametrize("key", [b"0" * 16, b"0" * 32, b"0" * 48]) - def test_key_size(self, key): - cipher = TripleDES(binascii.unhexlify(key)) - assert cipher.key_size == 192 - - def test_invalid_key_size(self): - with pytest.raises(ValueError): - TripleDES(binascii.unhexlify(b"0" * 12)) - - def test_invalid_key_type(self): - with pytest.raises(TypeError, match="key must be bytes"): - TripleDES("0" * 16) # type: ignore[arg-type] - - -class TestARC4: - @pytest.mark.parametrize( - ("key", "keysize"), - [ - (b"0" * 10, 40), - (b"0" * 14, 56), - (b"0" * 16, 64), - (b"0" * 20, 80), - (b"0" * 32, 128), - (b"0" * 48, 192), - (b"0" * 64, 256), - ], - ) - def test_key_size(self, key, keysize): - cipher = ARC4(binascii.unhexlify(key)) - assert cipher.key_size == keysize - - def test_invalid_key_size(self): - with pytest.raises(ValueError): - ARC4(binascii.unhexlify(b"0" * 34)) - - def test_invalid_key_type(self): - with pytest.raises(TypeError, match="key must be bytes"): - ARC4("0" * 10) # type: ignore[arg-type] - - -def test_invalid_mode_algorithm(): - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - ciphers.Cipher( - ARC4(b"\x00" * 16), - modes.GCM(b"\x00" * 12), - ) - - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - ciphers.Cipher( - ARC4(b"\x00" * 16), - modes.CBC(b"\x00" * 12), - ) - - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): - ciphers.Cipher( - ARC4(b"\x00" * 16), - modes.CTR(b"\x00" * 12), - ) - - @pytest.mark.supported( only_if=lambda backend: backend.cipher_supported( AES(b"\x00" * 16), modes.ECB() diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py index 18ba898..5e81563 100644 --- a/tests/hazmat/primitives/test_cmac.py +++ b/tests/hazmat/primitives/test_cmac.py @@ -12,10 +12,9 @@ from cryptography.exceptions import ( InvalidSignature, _Reasons, ) +from cryptography.hazmat.decrepit.ciphers.algorithms import ARC4, TripleDES from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, - ARC4, - TripleDES, ) from cryptography.hazmat.primitives.cmac import CMAC diff --git a/tests/hazmat/primitives/test_kbkdf.py b/tests/hazmat/primitives/test_kbkdf.py index 4329e3d..965075d 100644 --- a/tests/hazmat/primitives/test_kbkdf.py +++ b/tests/hazmat/primitives/test_kbkdf.py @@ -871,7 +871,7 @@ class TestKBKDFCMAC: with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): KBKDFCMAC( - algorithms.ARC4, + algorithms.ChaCha20, Mode.CounterMode, 32, 4, diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index b15955f..9e119f0 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -16,6 +16,9 @@ from cryptography.exceptions import ( InvalidTag, NotYetFinalized, ) +from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, +) from cryptography.hazmat.primitives import hashes, hmac, serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers import ( @@ -430,15 +433,15 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, brk_loc, params): "cmac_aes128": algorithms.AES, "cmac_aes192": algorithms.AES, "cmac_aes256": algorithms.AES, - "cmac_tdes2": algorithms.TripleDES, - "cmac_tdes3": algorithms.TripleDES, + "cmac_tdes2": decrepit_algorithms.TripleDES, + "cmac_tdes3": decrepit_algorithms.TripleDES, } algorithm = supported_cipher_algorithms.get(prf) assert algorithm is not None # TripleDES is disallowed in FIPS mode. - if backend._fips_enabled and algorithm is algorithms.TripleDES: + if backend._fips_enabled and algorithm is decrepit_algorithms.TripleDES: pytest.skip("TripleDES is not supported in FIPS mode.") ctrkdf = KBKDFCMAC( |