diff options
author | David Benjamin <davidben@davidben.net> | 2018-05-14 22:49:24 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-05-14 22:49:24 -0400 |
commit | 763990efa6c158d8a4dec8d71693665d026588a2 (patch) | |
tree | 403920e5daa441ca7e089ab26f54109447a4608d /tests/hazmat/primitives | |
parent | 10cabad73b4e0cc15463e43f9a94855c4db7f032 (diff) | |
download | cryptography-763990efa6c158d8a4dec8d71693665d026588a2.tar.gz |
Validate the public/private halves of EC keys on import. (#4241)
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
Diffstat (limited to 'tests/hazmat/primitives')
-rw-r--r-- | tests/hazmat/primitives/test_ec.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 1b491a109..59e4c9955 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -1068,9 +1068,9 @@ class TestECDH(object): ec._CURVE_TYPES[vector['curve']]() ) ) - # Errno 5 and 6 indicates a bad public key, this doesn't test the ECDH - # code at all - if vector['fail'] and vector['errno'] in [5, 6]: + # Errno 5-7 indicates a bad public or private key, this doesn't test + # the ECDH code at all + if vector['fail'] and vector['errno'] in [5, 6, 7]: with pytest.raises(ValueError): private_numbers.private_key(backend) return |