diff options
| author |   Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
|---|---|---|
| committer | Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
| commit | af1a266670d040d2f4083ff309d732d648afba2a (patch) | |
| tree | 2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof | |
| parent | e02cda008591317b1625707ff8e115a4841aa889 (diff) | |
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof')
11 files changed, 725 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/__init__.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/__init__.py diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_aes.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_aes.py new file mode 100644 index 000000000..55e454546 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_aes.py @@ -0,0 +1,144 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidTag +from cryptography.hazmat.backends.interfaces import CipherBackend +from cryptography.hazmat.primitives import padding +from cryptography.hazmat.primitives.ciphers import ( + Cipher, algorithms, modes +) +from cryptography.hazmat.primitives.ciphers.aead import AESCCM, AESGCM + +from ..hazmat.primitives.test_aead import _aead_supported + + +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("aes_cbc_pkcs5_test.json") +def test_aes_cbc_pkcs5(backend, wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + iv = binascii.unhexlify(wycheproof.testcase["iv"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + ct = binascii.unhexlify(wycheproof.testcase["ct"]) + + padder = padding.PKCS7(128).padder() + + cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend) + enc = cipher.encryptor() + computed_ct = enc.update( + padder.update(msg) + padder.finalize()) + enc.finalize() + dec = cipher.decryptor() + padded_msg = dec.update(ct) + dec.finalize() + unpadder = padding.PKCS7(128).unpadder() + if wycheproof.valid or wycheproof.acceptable: + assert computed_ct == ct + computed_msg = unpadder.update(padded_msg) + unpadder.finalize() + assert computed_msg == msg + else: + assert computed_ct != ct + with pytest.raises(ValueError): + unpadder.update(padded_msg) + unpadder.finalize() + + +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("aes_gcm_test.json") +def test_aes_gcm(backend, wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + iv = binascii.unhexlify(wycheproof.testcase["iv"]) + aad = binascii.unhexlify(wycheproof.testcase["aad"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + ct = binascii.unhexlify(wycheproof.testcase["ct"]) + tag = binascii.unhexlify(wycheproof.testcase["tag"]) + if wycheproof.valid or wycheproof.acceptable: + enc = Cipher(algorithms.AES(key), modes.GCM(iv), backend).encryptor() + enc.authenticate_additional_data(aad) + computed_ct = enc.update(msg) + enc.finalize() + computed_tag = enc.tag + assert computed_ct == ct + assert computed_tag == tag + dec = Cipher( + algorithms.AES(key), + modes.GCM(iv, tag, min_tag_length=len(tag)), + backend + ).decryptor() + dec.authenticate_additional_data(aad) + computed_msg = dec.update(ct) + dec.finalize() + assert computed_msg == msg + elif len(iv) == 0: + with pytest.raises(ValueError): + Cipher(algorithms.AES(key), modes.GCM(iv), backend) + else: + dec = Cipher( + algorithms.AES(key), + modes.GCM(iv, tag, min_tag_length=len(tag)), + backend + ).decryptor() + dec.authenticate_additional_data(aad) + dec.update(ct) + with pytest.raises(InvalidTag): + dec.finalize() + + +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("aes_gcm_test.json") +def test_aes_gcm_aead_api(backend, wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + iv = binascii.unhexlify(wycheproof.testcase["iv"]) + aad = binascii.unhexlify(wycheproof.testcase["aad"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + ct = binascii.unhexlify(wycheproof.testcase["ct"]) + tag = binascii.unhexlify(wycheproof.testcase["tag"]) + aesgcm = AESGCM(key) + if wycheproof.valid or wycheproof.acceptable: + computed_ct = aesgcm.encrypt(iv, msg, aad) + assert computed_ct == ct + tag + computed_msg = aesgcm.decrypt(iv, ct + tag, aad) + assert computed_msg == msg + elif len(iv) == 0: + with pytest.raises(ValueError): + aesgcm.encrypt(iv, msg, aad) + else: + with pytest.raises(InvalidTag): + aesgcm.decrypt(iv, ct + tag, aad) + + +@pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", +) +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("aes_ccm_test.json") +def test_aes_ccm_aead_api(backend, wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + iv = binascii.unhexlify(wycheproof.testcase["iv"]) + aad = binascii.unhexlify(wycheproof.testcase["aad"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + ct = binascii.unhexlify(wycheproof.testcase["ct"]) + tag = binascii.unhexlify(wycheproof.testcase["tag"]) + + if ( + wycheproof.invalid and + wycheproof.testcase["comment"] == "Invalid tag size" + ): + with pytest.raises(ValueError): + AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8) + return + + aesccm = AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8) + if wycheproof.valid or wycheproof.acceptable: + computed_ct = aesccm.encrypt(iv, msg, aad) + assert computed_ct == ct + tag + computed_msg = aesccm.decrypt(iv, ct + tag, aad) + assert computed_msg == msg + elif not 7 <= len(iv) <= 13: + with pytest.raises(ValueError): + aesccm.decrypt(iv, ct + tag, aad) + else: + with pytest.raises(InvalidTag): + aesccm.decrypt(iv, ct + tag, aad) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_chacha20poly1305.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_chacha20poly1305.py new file mode 100644 index 000000000..deef5a0a7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_chacha20poly1305.py @@ -0,0 +1,47 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidTag +from cryptography.hazmat.backends.interfaces import CipherBackend +from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305 + +from ..hazmat.primitives.test_aead import _aead_supported + + +@pytest.mark.skipif( + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support" +) +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("chacha20_poly1305_test.json") +def test_chacha2poly1305(wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + iv = binascii.unhexlify(wycheproof.testcase["iv"]) + aad = binascii.unhexlify(wycheproof.testcase["aad"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + ct = binascii.unhexlify(wycheproof.testcase["ct"]) + tag = binascii.unhexlify(wycheproof.testcase["tag"]) + + if wycheproof.valid: + chacha = ChaCha20Poly1305(key) + computed_ct = chacha.encrypt(iv, msg, aad) + assert computed_ct == ct + tag + computed_msg = chacha.decrypt(iv, ct + tag, aad) + assert computed_msg == msg + elif len(iv) != 12: + chacha = ChaCha20Poly1305(key) + with pytest.raises(ValueError): + chacha.encrypt(iv, msg, aad) + with pytest.raises(ValueError): + chacha.decrypt(iv, ct + tag, aad) + else: + chacha = ChaCha20Poly1305(key) + with pytest.raises(InvalidTag): + chacha.decrypt(iv, msg + tag, aad) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_cmac.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_cmac.py new file mode 100644 index 000000000..bef858395 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_cmac.py @@ -0,0 +1,36 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends.interfaces import CMACBackend +from cryptography.hazmat.primitives.ciphers.algorithms import AES +from cryptography.hazmat.primitives.cmac import CMAC + + +@pytest.mark.requires_backend_interface(interface=CMACBackend) +@pytest.mark.wycheproof_tests("aes_cmac_test.json") +def test_aes_cmac(backend, wycheproof): + key = binascii.unhexlify(wycheproof.testcase["key"]) + msg = binascii.unhexlify(wycheproof.testcase["msg"]) + tag = binascii.unhexlify(wycheproof.testcase["tag"]) + + # skip truncated tags, which we don't support in the API + if wycheproof.valid and len(tag) == 16: + ctx = CMAC(AES(key), backend) + ctx.update(msg) + ctx.verify(tag) + elif len(key) not in [16, 24, 32]: + with pytest.raises(ValueError): + CMAC(AES(key), backend) + else: + ctx = CMAC(AES(key), backend) + ctx.update(msg) + with pytest.raises(InvalidSignature): + ctx.verify(tag) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_dsa.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_dsa.py new file mode 100644 index 000000000..3dc3056e1 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_dsa.py @@ -0,0 +1,49 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends.interfaces import DSABackend +from cryptography.hazmat.primitives import hashes, serialization + + +_DIGESTS = { + "SHA-1": hashes.SHA1(), + "SHA-224": hashes.SHA224(), + "SHA-256": hashes.SHA256(), +} + + +@pytest.mark.requires_backend_interface(interface=DSABackend) +@pytest.mark.wycheproof_tests( + "dsa_test.json", +) +def test_dsa_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + if ( + wycheproof.valid or ( + wycheproof.acceptable and not wycheproof.has_flag("NoLeadingZero") + ) + ): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + digest, + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + digest, + ) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdh.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdh.py new file mode 100644 index 000000000..a0c3f0d9f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdh.py @@ -0,0 +1,124 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import EllipticCurveBackend +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import ec + +from ..hazmat.primitives.test_ec import _skip_exchange_algorithm_unsupported + + +_CURVES = { + "secp224r1": ec.SECP224R1(), + "secp256r1": ec.SECP256R1(), + "secp384r1": ec.SECP384R1(), + "secp521r1": ec.SECP521R1(), + "secp256k1": ec.SECP256K1(), + "brainpoolP224r1": None, + "brainpoolP256r1": ec.BrainpoolP256R1(), + "brainpoolP320r1": None, + "brainpoolP384r1": ec.BrainpoolP384R1(), + "brainpoolP512r1": ec.BrainpoolP512R1(), + "brainpoolP224t1": None, + "brainpoolP256t1": None, + "brainpoolP320t1": None, + "brainpoolP384t1": None, + "brainpoolP512t1": None, +} + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +@pytest.mark.wycheproof_tests( + "ecdh_test.json", + "ecdh_brainpoolP224r1_test.json", + "ecdh_brainpoolP256r1_test.json", + "ecdh_brainpoolP320r1_test.json", + "ecdh_brainpoolP384r1_test.json", + "ecdh_brainpoolP512r1_test.json", + "ecdh_secp224r1_test.json", + "ecdh_secp256k1_test.json", + "ecdh_secp256r1_test.json", + "ecdh_secp384r1_test.json", + "ecdh_secp521r1_test.json", +) +def test_ecdh(backend, wycheproof): + curve = _CURVES[wycheproof.testgroup["curve"]] + if curve is None: + pytest.skip( + "Unsupported curve ({})".format(wycheproof.testgroup["curve"]) + ) + _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) + + private_key = ec.derive_private_key( + int(wycheproof.testcase["private"], 16), curve, backend + ) + + try: + public_key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testcase["public"]), backend + ) + except NotImplementedError: + assert wycheproof.has_flag("UnnamedCurve") + return + except ValueError: + assert wycheproof.invalid or wycheproof.acceptable + return + except UnsupportedAlgorithm: + return + + if wycheproof.valid or wycheproof.acceptable: + computed_shared = private_key.exchange(ec.ECDH(), public_key) + expected_shared = binascii.unhexlify(wycheproof.testcase["shared"]) + assert computed_shared == expected_shared + else: + with pytest.raises(ValueError): + private_key.exchange(ec.ECDH(), public_key) + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +@pytest.mark.wycheproof_tests( + "ecdh_secp224r1_ecpoint_test.json", + "ecdh_secp256r1_ecpoint_test.json", + "ecdh_secp384r1_ecpoint_test.json", + "ecdh_secp521r1_ecpoint_test.json", +) +def test_ecdh_ecpoint(backend, wycheproof): + curve = _CURVES[wycheproof.testgroup["curve"]] + _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve) + + private_key = ec.derive_private_key( + int(wycheproof.testcase["private"], 16), curve, backend + ) + # We don't support compressed points + if ( + wycheproof.has_flag("CompressedPoint") or + not wycheproof.testcase["public"] + ): + with pytest.raises(ValueError): + ec.EllipticCurvePublicNumbers.from_encoded_point( + curve, binascii.unhexlify(wycheproof.testcase["public"]) + ) + return + + public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( + curve, binascii.unhexlify(wycheproof.testcase["public"]) + ) + if wycheproof.testcase["comment"] == "point is not on curve": + assert wycheproof.invalid + with pytest.raises(ValueError): + public_numbers.public_key(backend) + return + + assert wycheproof.valid or wycheproof.acceptable + public_key = public_numbers.public_key(backend) + computed_shared = private_key.exchange(ec.ECDH(), public_key) + expected_shared = binascii.unhexlify(wycheproof.testcase["shared"]) + assert computed_shared == expected_shared diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdsa.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdsa.py new file mode 100644 index 000000000..5214052ec --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_ecdsa.py @@ -0,0 +1,76 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm +from cryptography.hazmat.backends.interfaces import EllipticCurveBackend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import ec + + +_DIGESTS = { + "SHA-1": hashes.SHA1(), + "SHA-224": hashes.SHA224(), + "SHA-256": hashes.SHA256(), + "SHA-384": hashes.SHA384(), + "SHA-512": hashes.SHA512(), +} + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +@pytest.mark.wycheproof_tests( + "ecdsa_test.json", + "ecdsa_brainpoolP224r1_sha224_test.json", + "ecdsa_brainpoolP256r1_sha256_test.json", + "ecdsa_brainpoolP320r1_sha384_test.json", + "ecdsa_brainpoolP384r1_sha384_test.json", + "ecdsa_brainpoolP512r1_sha512_test.json", + "ecdsa_secp224r1_sha224_test.json", + "ecdsa_secp224r1_sha256_test.json", + "ecdsa_secp224r1_sha512_test.json", + "ecdsa_secp256k1_sha256_test.json", + "ecdsa_secp256k1_sha512_test.json", + "ecdsa_secp256r1_sha256_test.json", + "ecdsa_secp256r1_sha512_test.json", + "ecdsa_secp384r1_sha384_test.json", + "ecdsa_secp384r1_sha512_test.json", + "ecdsa_secp521r1_sha512_test.json", +) +def test_ecdsa_signature(backend, wycheproof): + try: + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + except (UnsupportedAlgorithm, ValueError): + # In OpenSSL 1.0.1, some keys fail to load with ValueError, instead of + # Unsupported Algorithm. We can remove handling for that exception + # when we drop support. + pytest.skip( + "unable to load key (curve {})".format( + wycheproof.testgroup["key"]["curve"] + ) + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + if ( + wycheproof.valid or + (wycheproof.acceptable and not wycheproof.has_flag("MissingZero")) + ): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + ec.ECDSA(digest), + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + ec.ECDSA(digest), + ) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_keywrap.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_keywrap.py new file mode 100644 index 000000000..5f694e4d3 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_keywrap.py @@ -0,0 +1,61 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.hazmat.backends.interfaces import CipherBackend +from cryptography.hazmat.primitives import keywrap + + +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("kwp_test.json") +def test_keywrap_with_padding(backend, wycheproof): + wrapping_key = binascii.unhexlify(wycheproof.testcase["key"]) + key_to_wrap = binascii.unhexlify(wycheproof.testcase["msg"]) + expected = binascii.unhexlify(wycheproof.testcase["ct"]) + + result = keywrap.aes_key_wrap_with_padding( + wrapping_key, key_to_wrap, backend + ) + if wycheproof.valid or wycheproof.acceptable: + assert result == expected + + if wycheproof.valid or (wycheproof.acceptable and not len(expected) < 16): + result = keywrap.aes_key_unwrap_with_padding( + wrapping_key, expected, backend + ) + assert result == key_to_wrap + else: + with pytest.raises(keywrap.InvalidUnwrap): + keywrap.aes_key_unwrap_with_padding( + wrapping_key, expected, backend + ) + + +@pytest.mark.requires_backend_interface(interface=CipherBackend) +@pytest.mark.wycheproof_tests("kw_test.json") +def test_keywrap(backend, wycheproof): + wrapping_key = binascii.unhexlify(wycheproof.testcase["key"]) + key_to_wrap = binascii.unhexlify(wycheproof.testcase["msg"]) + expected = binascii.unhexlify(wycheproof.testcase["ct"]) + + if ( + wycheproof.valid or ( + wycheproof.acceptable and + wycheproof.testcase["comment"] != "invalid size of wrapped key" + ) + ): + result = keywrap.aes_key_wrap(wrapping_key, key_to_wrap, backend) + assert result == expected + + if wycheproof.valid or wycheproof.acceptable: + result = keywrap.aes_key_unwrap(wrapping_key, expected, backend) + assert result == key_to_wrap + else: + with pytest.raises(keywrap.InvalidUnwrap): + keywrap.aes_key_unwrap(wrapping_key, expected, backend) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_rsa.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_rsa.py new file mode 100644 index 000000000..3d35f42d7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_rsa.py @@ -0,0 +1,125 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends.interfaces import RSABackend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import padding + + +_DIGESTS = { + "SHA-1": hashes.SHA1(), + "SHA-224": hashes.SHA224(), + "SHA-256": hashes.SHA256(), + "SHA-384": hashes.SHA384(), + "SHA-512": hashes.SHA512(), +} + + +def should_verify(backend, wycheproof): + if wycheproof.valid: + return True + + if wycheproof.acceptable: + if ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and + wycheproof.has_flag("MissingNull") + ): + return False + return True + + return False + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.supported( + only_if=lambda backend: ( + # TODO: this also skips on LibreSSL, which is ok for now, since these + # don't pass on Libre, but we'll need to fix this when LibreSSL 2.8 is + # released. + not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 + ), + skip_message=( + "Many of these tests fail on OpenSSL < 1.0.2 and since upstream isn't" + " maintaining it, they'll never be fixed." + ), +) +@pytest.mark.wycheproof_tests( + "rsa_signature_test.json", + "rsa_signature_2048_sha224_test.json", + "rsa_signature_2048_sha256_test.json", + "rsa_signature_2048_sha512_test.json", + "rsa_signature_3072_sha256_test.json", + "rsa_signature_3072_sha384_test.json", + "rsa_signature_3072_sha512_test.json", + "rsa_signature_4096_sha384_test.json", + "rsa_signature_4096_sha512_test.json", +) +def test_rsa_pkcs1v15_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + if should_verify(backend, wycheproof): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.wycheproof_tests( + "rsa_pss_2048_sha1_mgf1_20_test.json", + "rsa_pss_2048_sha256_mgf1_0_test.json", + "rsa_pss_2048_sha256_mgf1_32_test.json", + "rsa_pss_3072_sha256_mgf1_32_test.json", + "rsa_pss_4096_sha256_mgf1_32_test.json", + "rsa_pss_4096_sha512_mgf1_32_test.json", + "rsa_pss_misc_test.json", +) +def test_rsa_pss_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] + + if wycheproof.valid or wycheproof.acceptable: + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PSS( + mgf=padding.MGF1(mgf_digest), + salt_length=wycheproof.testgroup["sLen"] + ), + digest + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PSS( + mgf=padding.MGF1(mgf_digest), + salt_length=wycheproof.testgroup["sLen"] + ), + digest + ) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_utils.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_utils.py new file mode 100644 index 000000000..82c0a3596 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_utils.py @@ -0,0 +1,21 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import pytest + +from ..utils import WycheproofTest, skip_if_wycheproof_none + + +def test_wycheproof_test_repr(): + wycheproof = WycheproofTest({}, {"tcId": 3}) + assert repr(wycheproof) == "<WycheproofTest({}, {'tcId': 3}, tcId=3)>" + + +def test_skip_if_wycheproof_none(): + with pytest.raises(pytest.skip.Exception): + skip_if_wycheproof_none(None) + + skip_if_wycheproof_none("abc") diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_x25519.py b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_x25519.py new file mode 100644 index 000000000..5e6253ce1 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/tests/wycheproof/test_x25519.py @@ -0,0 +1,42 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.hazmat.backends.interfaces import DHBackend +from cryptography.hazmat.primitives.asymmetric.x25519 import ( + X25519PrivateKey, X25519PublicKey +) + + +@pytest.mark.supported( + only_if=lambda backend: backend.x25519_supported(), + skip_message="Requires OpenSSL with X25519 support" +) +@pytest.mark.requires_backend_interface(interface=DHBackend) +@pytest.mark.wycheproof_tests("x25519_test.json") +def test_x25519(backend, wycheproof): + assert list(wycheproof.testgroup.items()) == [("curve", "curve25519")] + + private_key = X25519PrivateKey._from_private_bytes( + binascii.unhexlify(wycheproof.testcase["private"]) + ) + public_key = X25519PublicKey.from_public_bytes( + binascii.unhexlify(wycheproof.testcase["public"]) + ) + + assert wycheproof.valid or wycheproof.acceptable + + expected = binascii.unhexlify(wycheproof.testcase["shared"]) + if expected == b"\x00" * 32: + assert wycheproof.acceptable + # OpenSSL returns an error on all zeros shared key + with pytest.raises(ValueError): + private_key.exchange(public_key) + else: + assert private_key.exchange(public_key) == expected |