Migrate DH to Rust (#8768)

7 files changed, 49 insertions, 41 deletions

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 27a0b9528..c8fa1efa2 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -13,7 +13,7 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.backends.openssl.backend import backend
 from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve
 from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import dh, padding
+from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -27,7 +27,6 @@ from ...doubles import (
 )
 from ...hazmat.primitives.test_rsa import rsa_key_512, rsa_key_2048
 from ...utils import (
-    load_nist_vectors,
     load_vectors_from_file,
     raises_unsupported_algorithm,
 )
@@ -374,36 +373,6 @@ class TestRSAPEMSerialization:
 )
 class TestOpenSSLDHSerialization:
     @pytest.mark.parametrize(
-        "vector",
-        load_vectors_from_file(
-            os.path.join("asymmetric", "DH", "RFC5114.txt"), load_nist_vectors
-        ),
-    )
-    def test_dh_serialization_with_q_unsupported(self, backend, vector):
-        parameters = dh.DHParameterNumbers(
-            int(vector["p"], 16), int(vector["g"], 16), int(vector["q"], 16)
-        )
-        public = dh.DHPublicNumbers(int(vector["ystatcavs"], 16), parameters)
-        private = dh.DHPrivateNumbers(int(vector["xstatcavs"], 16), public)
-        private_key = private.private_key(backend)
-        public_key = private_key.public_key()
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
-            private_key.private_bytes(
-                serialization.Encoding.PEM,
-                serialization.PrivateFormat.PKCS8,
-                serialization.NoEncryption(),
-            )
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
-            public_key.public_bytes(
-                serialization.Encoding.PEM,
-                serialization.PublicFormat.SubjectPublicKeyInfo,
-            )
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
-            parameters.parameters(backend).parameter_bytes(
-                serialization.Encoding.PEM, serialization.ParameterFormat.PKCS3
-            )
-
-    @pytest.mark.parametrize(
         ("key_path", "loader_func"),
         [
             (
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index d47739ac0..098d6e142 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -148,7 +148,7 @@ class TestDH:
         with pytest.raises(ValueError):
             dh.generate_parameters(7, 512, backend)
 
-    def test_large_key_generate_dh(self):
+    def test_large_key_generate_dh(self, backend):
         with pytest.raises(ValueError):
             dh.generate_parameters(2, 1 << 30)
 
@@ -486,6 +486,9 @@ class TestDH:
         assert key1 != key3
         assert key1 != object()
 
+        with pytest.raises(TypeError):
+            key1 < key2  # type: ignore[operator]
+
 
 @pytest.mark.supported(
     only_if=lambda backend: backend.dh_supported(),
diff --git a/tests/hazmat/primitives/test_ed25519.py b/tests/hazmat/primitives/test_ed25519.py
index 7f847078c..4b47e0a16 100644
--- a/tests/hazmat/primitives/test_ed25519.py
+++ b/tests/hazmat/primitives/test_ed25519.py
@@ -15,6 +15,7 @@ from cryptography.hazmat.primitives.asymmetric.ed25519 import (
     Ed25519PublicKey,
 )
 
+from ...doubles import DummyKeySerializationEncryption
 from ...utils import load_vectors_from_file, raises_unsupported_algorithm
 
 
@@ -156,18 +157,24 @@ class TestEd25519Signing:
 
     def test_invalid_private_bytes(self, backend):
         key = Ed25519PrivateKey.generate()
-        with pytest.raises(ValueError):
+        with pytest.raises(TypeError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.Raw,
                 None,  # type: ignore[arg-type]
             )
+        with pytest.raises(ValueError):
+            key.private_bytes(
+                serialization.Encoding.Raw,
+                serialization.PrivateFormat.Raw,
+                DummyKeySerializationEncryption(),
+            )
 
         with pytest.raises(ValueError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.PKCS8,
-                None,  # type: ignore[arg-type]
+                DummyKeySerializationEncryption(),
             )
 
         with pytest.raises(ValueError):
diff --git a/tests/hazmat/primitives/test_ed448.py b/tests/hazmat/primitives/test_ed448.py
index e88d3dce2..650cdda79 100644
--- a/tests/hazmat/primitives/test_ed448.py
+++ b/tests/hazmat/primitives/test_ed448.py
@@ -15,6 +15,7 @@ from cryptography.hazmat.primitives.asymmetric.ed448 import (
     Ed448PublicKey,
 )
 
+from ...doubles import DummyKeySerializationEncryption
 from ...utils import (
     load_nist_vectors,
     load_vectors_from_file,
@@ -192,18 +193,24 @@ class TestEd448Signing:
 
     def test_invalid_private_bytes(self, backend):
         key = Ed448PrivateKey.generate()
-        with pytest.raises(ValueError):
+        with pytest.raises(TypeError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.Raw,
                 None,  # type: ignore[arg-type]
             )
+        with pytest.raises(ValueError):
+            key.private_bytes(
+                serialization.Encoding.Raw,
+                serialization.PrivateFormat.Raw,
+                DummyKeySerializationEncryption(),
+            )
 
         with pytest.raises(ValueError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.PKCS8,
-                None,  # type: ignore[arg-type]
+                DummyKeySerializationEncryption(),
             )
 
         with pytest.raises(ValueError):
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 59a141d33..58693a491 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -395,6 +395,10 @@ class TestDERSerialization:
         assert key.curve.name == "secp256r1"
         assert key.curve.key_size == 256
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.dh_supported(),
+        skip_message="DH not supported",
+    )
     def test_wrong_parameters_format(self, backend):
         param_data = b"---- NOT A KEY ----\n"
 
@@ -734,6 +738,10 @@ class TestPEMSerialization:
         with pytest.raises(ValueError):
             load_pem_public_key(key_data, backend)
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.dh_supported(),
+        skip_message="DH not supported",
+    )
     def test_wrong_parameters_format(self, backend):
         param_data = b"---- NOT A KEY ----\n"
 
diff --git a/tests/hazmat/primitives/test_x25519.py b/tests/hazmat/primitives/test_x25519.py
index 21cc55edf..ae4f382bc 100644
--- a/tests/hazmat/primitives/test_x25519.py
+++ b/tests/hazmat/primitives/test_x25519.py
@@ -15,6 +15,7 @@ from cryptography.hazmat.primitives.asymmetric.x25519 import (
     X25519PublicKey,
 )
 
+from ...doubles import DummyKeySerializationEncryption
 from ...utils import (
     load_nist_vectors,
     load_vectors_from_file,
@@ -195,18 +196,24 @@ class TestX25519Exchange:
 
     def test_invalid_private_bytes(self, backend):
         key = X25519PrivateKey.generate()
-        with pytest.raises(ValueError):
+        with pytest.raises(TypeError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.Raw,
                 None,  # type: ignore[arg-type]
             )
+        with pytest.raises(ValueError):
+            key.private_bytes(
+                serialization.Encoding.Raw,
+                serialization.PrivateFormat.Raw,
+                DummyKeySerializationEncryption(),
+            )
 
         with pytest.raises(ValueError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.PKCS8,
-                None,  # type: ignore[arg-type]
+                DummyKeySerializationEncryption(),
             )
 
         with pytest.raises(ValueError):
diff --git a/tests/hazmat/primitives/test_x448.py b/tests/hazmat/primitives/test_x448.py
index c9d92112b..e2f840fa8 100644
--- a/tests/hazmat/primitives/test_x448.py
+++ b/tests/hazmat/primitives/test_x448.py
@@ -15,6 +15,7 @@ from cryptography.hazmat.primitives.asymmetric.x448 import (
     X448PublicKey,
 )
 
+from ...doubles import DummyKeySerializationEncryption
 from ...utils import (
     load_nist_vectors,
     load_vectors_from_file,
@@ -200,18 +201,24 @@ class TestX448Exchange:
 
     def test_invalid_private_bytes(self, backend):
         key = X448PrivateKey.generate()
-        with pytest.raises(ValueError):
+        with pytest.raises(TypeError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.Raw,
                 None,  # type: ignore[arg-type]
             )
+        with pytest.raises(ValueError):
+            key.private_bytes(
+                serialization.Encoding.Raw,
+                serialization.PrivateFormat.Raw,
+                DummyKeySerializationEncryption(),
+            )
 
         with pytest.raises(ValueError):
             key.private_bytes(
                 serialization.Encoding.Raw,
                 serialization.PrivateFormat.PKCS8,
-                None,  # type: ignore[arg-type]
+                DummyKeySerializationEncryption(),
             )
 
         with pytest.raises(ValueError):