diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2023-03-10 10:07:34 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-09 21:07:34 -0500 |
| commit | f046fd5844b7b575ee4f4a810b1510b07532d369 (patch) | |
| tree | 5f3f4c71345151bdd59baa8a7e9d2b7e8faaffe8 /tests/hazmat | |
| parent | 0e9853f717d79491f386588cd5e602bda15222fa (diff) | |
| download | cryptography-f046fd5844b7b575ee4f4a810b1510b07532d369.tar.gz | |
speed up RSA key loading in tests a bit more (#8486)
Diffstat (limited to 'tests/hazmat')
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 16 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_pkcs7.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_serialization.py | 36 |
3 files changed, 38 insertions, 20 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 6188689cd..6f3f4a2bf 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -28,12 +28,16 @@ from ...doubles import ( DummyHashAlgorithm, DummyMode, ) +from ...hazmat.primitives.test_rsa import rsa_key_512, rsa_key_2048 from ...utils import ( load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm, ) -from ..primitives.fixtures_rsa import RSA_KEY_512, RSA_KEY_2048 + +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_512", "rsa_key_2048"] def skip_if_libre_ssl(openssl_version): @@ -433,10 +437,9 @@ class TestOpenSSLRSA: is False ) - def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self): - private_key = RSA_KEY_512.private_key(backend) + def test_unsupported_mgf1_hash_algorithm_md5_decrypt(self, rsa_key_512): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt( + rsa_key_512.decrypt( b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.MD5()), @@ -516,11 +519,10 @@ class TestOpenSSLEllipticCurve: class TestRSAPEMSerialization: - def test_password_length_limit(self): + def test_password_length_limit(self, rsa_key_2048): password = b"x" * 1024 - key = RSA_KEY_2048.private_key(backend) with pytest.raises(ValueError): - key.private_bytes( + rsa_key_2048.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.PKCS8, serialization.BestAvailableEncryption(password), diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py index d879563e1..88de12ff5 100644 --- a/tests/hazmat/primitives/test_pkcs7.py +++ b/tests/hazmat/primitives/test_pkcs7.py @@ -150,7 +150,7 @@ def _load_cert_key(): key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "ca_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -599,7 +599,7 @@ class TestPKCS7Builder: rsa_key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "rsa_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -636,7 +636,7 @@ class TestPKCS7Builder: rsa_key = load_vectors_from_file( os.path.join("x509", "custom", "ca", "rsa_key.pem"), lambda pemfile: serialization.load_pem_private_key( - pemfile.read(), None + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 6ea5498fd..59a141d33 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -36,10 +36,14 @@ from cryptography.hazmat.primitives.serialization import ( from cryptography.hazmat.primitives.serialization.pkcs12 import PBES from ...utils import load_vectors_from_file -from .fixtures_rsa import RSA_KEY_2048 from .test_ec import _skip_curve_unsupported +from .test_rsa import rsa_key_2048 from .utils import _check_dsa_private_numbers, _check_rsa_private_numbers +# Make ruff happy since we're importing fixtures that pytest patches in as +# func args +__all__ = ["rsa_key_2048"] + def _skip_fips_format(key_path, password, backend): if backend._fips_enabled: @@ -77,7 +81,9 @@ class TestBufferProtocolSerialization: lambda derfile: derfile.read(), mode="rb", ) - key = load_der_private_key(bytearray(data), password, backend) + key = load_der_private_key( + bytearray(data), password, unsafe_skip_rsa_key_validation=True + ) assert key assert isinstance(key, rsa.RSAPrivateKey) _check_rsa_private_numbers(key.private_numbers()) @@ -105,7 +111,9 @@ class TestBufferProtocolSerialization: lambda pemfile: pemfile.read(), mode="rb", ) - key = load_pem_private_key(bytearray(data), password, backend) + key = load_pem_private_key( + bytearray(data), password, unsafe_skip_rsa_key_validation=True + ) assert key assert isinstance(key, rsa.RSAPrivateKey) _check_rsa_private_numbers(key.private_numbers()) @@ -126,7 +134,7 @@ class TestDERSerialization: key = load_vectors_from_file( os.path.join("asymmetric", *key_path), lambda derfile: load_der_private_key( - derfile.read(), password, backend + derfile.read(), password, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -426,7 +434,9 @@ class TestPEMSerialization: key = load_vectors_from_file( os.path.join("asymmetric", *key_file), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), password, backend + pemfile.read().encode(), + password, + unsafe_skip_rsa_key_validation=True, ), ) @@ -506,13 +516,15 @@ class TestPEMSerialization: numbers = key.public_numbers() assert numbers.e == 65537 - def test_load_priv_key_with_public_key_api_fails(self, backend): + def test_load_priv_key_with_public_key_api_fails( + self, rsa_key_2048, backend + ): # In OpenSSL 3.0.x the PEM_read_bio_PUBKEY function will invoke # the default password callback if you pass an encrypted private # key. This is very, very, very bad as the default callback can # trigger an interactive console prompt, which will hang the # Python process. This test makes sure we don't do that. - priv_key_serialized = RSA_KEY_2048.private_key().private_bytes( + priv_key_serialized = rsa_key_2048.private_bytes( Encoding.PEM, PrivateFormat.PKCS8, BestAvailableEncryption(b"password"), @@ -567,7 +579,9 @@ class TestPEMSerialization: "asymmetric", "Traditional_OpenSSL_Serialization", "key1.pem" ), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), b"123456", backend + pemfile.read().encode(), + b"123456", + unsafe_skip_rsa_key_validation=True, ), ) assert isinstance(pkey, rsa.RSAPrivateKey) @@ -631,7 +645,7 @@ class TestPEMSerialization: key = load_vectors_from_file( key_file, lambda pemfile: load_pem_private_key( - pemfile.read(), None, backend + pemfile.read(), None, unsafe_skip_rsa_key_validation=True ), mode="rb", ) @@ -866,7 +880,9 @@ class TestPEMSerialization: pkey = load_vectors_from_file( os.path.join("asymmetric", "PKCS8", "enc-rsa-pkcs8.pem"), lambda pemfile: load_pem_private_key( - pemfile.read().encode(), b"foobar", backend + pemfile.read().encode(), + b"foobar", + unsafe_skip_rsa_key_validation=True, ), ) assert isinstance(pkey, rsa.RSAPrivateKey) |