Skip to content

Commit

Permalink
Update to the new wycheproof (pyca#8403)
Browse files Browse the repository at this point in the history
  • Loading branch information
alex committed Mar 1, 2023
1 parent a69fe98 commit a0cc2b5
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 3 deletions.
2 changes: 1 addition & 1 deletion docs/development/test-vectors.rst
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ for various cryptographic algorithms. These are not included in the repository
continuous integration environments.

We have ensured all test vectors are used as of commit
``2196000605e45d91097147c9c71f26b72af58003``.
``b063b4aedae951c69df014cd25fa6d69ae9e8cb9``.

Asymmetric ciphers
~~~~~~~~~~~~~~~~~~
Expand Down
5 changes: 4 additions & 1 deletion src/cryptography/hazmat/backends/openssl/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@ def _evp_pkey_derive(backend: "Backend", evp_pkey, peer_public_key) -> bytes:
res = backend._lib.EVP_PKEY_derive_init(ctx)
backend.openssl_assert(res == 1)
res = backend._lib.EVP_PKEY_derive_set_peer(ctx, peer_public_key._evp_pkey)
backend.openssl_assert(res == 1)
if res != 1:
errors_with_text = backend._consume_errors_with_text()
raise ValueError("Error computing shared key.", errors_with_text)

keylen = backend._ffi.new("size_t *")
res = backend._lib.EVP_PKEY_derive(ctx, backend._ffi.NULL, keylen)
backend.openssl_assert(res == 1)
Expand Down
21 changes: 20 additions & 1 deletion tests/wycheproof/test_ecdh.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@
"secp521r1": ec.SECP521R1(),
"secp224k1": None,
"secp256k1": ec.SECP256K1(),
"sect283r1": ec.SECT283R1(),
"sect409r1": ec.SECT409R1(),
"sect571r1": ec.SECT571R1(),
"sect283k1": ec.SECT283K1(),
"sect409k1": ec.SECT409K1(),
"sect571k1": ec.SECT571K1(),
"brainpoolP224r1": None,
"brainpoolP256r1": ec.BrainpoolP256R1(),
"brainpoolP320r1": None,
Expand All @@ -31,6 +37,7 @@
"brainpoolP320t1": None,
"brainpoolP384t1": None,
"brainpoolP512t1": None,
"FRP256v1": None,
}


Expand All @@ -46,6 +53,12 @@
"ecdh_secp256r1_test.json",
"ecdh_secp384r1_test.json",
"ecdh_secp521r1_test.json",
"ecdh_sect283k1_test.json",
"ecdh_sect283r1_test.json",
"ecdh_sect409k1_test.json",
"ecdh_sect409r1_test.json",
"ecdh_sect571k1_test.json",
"ecdh_sect571r1_test.json",
)
def test_ecdh(backend, wycheproof):
curve = _CURVES[wycheproof.testgroup["curve"]]
Expand All @@ -70,7 +83,13 @@ def test_ecdh(backend, wycheproof):
except UnsupportedAlgorithm:
return

if wycheproof.valid or wycheproof.acceptable:
if wycheproof.valid or (
wycheproof.acceptable
and not (
wycheproof.has_flag("LowOrderPublic")
and backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
)
):
computed_shared = private_key.exchange(ec.ECDH(), public_key)
expected_shared = binascii.unhexlify(wycheproof.testcase["shared"])
assert computed_shared == expected_shared
Expand Down
5 changes: 5 additions & 0 deletions tests/wycheproof/test_ecdsa.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@
"ecdsa_secp384r1_sha3_512_test.json",
"ecdsa_secp521r1_sha512_test.json",
"ecdsa_secp521r1_sha3_512_test.json",
"ecdsa_secp160k1_sha256_test.json",
"ecdsa_secp160r1_sha256_test.json",
"ecdsa_secp160r2_sha256_test.json",
"ecdsa_secp192k1_sha256_test.json",
"ecdsa_secp192r1_sha256_test.json",
)
def test_ecdsa_signature(backend, wycheproof):
try:
Expand Down

0 comments on commit a0cc2b5

Please sign in to comment.