diff options
| author | bertagaz <bertagaz@ptitcanardnoir.org> | 2011-06-14 15:26:19 +0200 |
|---|---|---|
| committer | bertagaz <bertagaz@ptitcanardnoir.org> | 2011-06-14 15:26:19 +0200 |
| commit | 30e9097985656920f01a72efc1088caa2b8d41b3 (patch) | |
| tree | bedbdb1aaa484af467e538110ab4c0c95985b6b8 /pycryptopp/test | |
Imported Upstream version 0.5.29upstream/0.5.29
Diffstat (limited to 'pycryptopp/test')
| -rw-r--r-- | pycryptopp/test/__init__.py | 0 | ||||
| -rw-r--r-- | pycryptopp/test/test_aes.py | 107 | ||||
| -rw-r--r-- | pycryptopp/test/test_ecdsa.py | 263 | ||||
| -rw-r--r-- | pycryptopp/test/test_from_Nikratio.py | 32 | ||||
| -rw-r--r-- | pycryptopp/test/test_rsa.py | 122 | ||||
| -rw-r--r-- | pycryptopp/test/test_sha256.py | 181 | ||||
| -rw-r--r-- | pycryptopp/test/test_startup.py | 5 |
7 files changed, 710 insertions, 0 deletions
diff --git a/pycryptopp/test/__init__.py b/pycryptopp/test/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/pycryptopp/test/__init__.py diff --git a/pycryptopp/test/test_aes.py b/pycryptopp/test/test_aes.py new file mode 100644 index 0000000..d4e2c44 --- /dev/null +++ b/pycryptopp/test/test_aes.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python + +import random, re + +import unittest + +from binascii import a2b_hex, b2a_hex + +global VERBOSE +VERBOSE=False + +from pycryptopp.cipher import aes + +from pkg_resources import resource_string, resource_listdir + +from base64 import b32encode +def ab(x): # debuggery + if len(x) >= 3: + return "%s:%s" % (len(x), b32encode(x[-3:]),) + elif len(x) == 2: + return "%s:%s" % (len(x), b32encode(x[-2:]),) + elif len(x) == 1: + return "%s:%s" % (len(x), b32encode(x[-1:]),) + elif len(x) == 0: + return "%s:%s" % (len(x), "--empty--",) + +def randstr(n): + return ''.join(map(chr, map(random.randrange, [0]*n, [256]*n))) + +class AES256(unittest.TestCase): + enc0 = "dc95c078a2408989ad48a21492842087530f8afbc74536b9a963b4f1c4cb738b" + + def test_encrypt_zeroes(self): + cryptor = aes.AES(key="\x00"*32) + ct = cryptor.process("\x00"*32) + self.failUnlessEqual(self.enc0, b2a_hex(ct)) + + def test_init_type_check(self): + self.failUnlessRaises(TypeError, aes.AES, None) + self.failUnlessRaises(aes.Error, aes.AES, "a"*1) # too short + self.failUnlessRaises(aes.Error, aes.AES, "a"*17) # not one of the valid key sizes for AES (16, 24, 32) + + def test_encrypt_zeroes_in_two_parts(self): + cryptor = aes.AES(key="\x00"*32) + ct1 = cryptor.process("\x00"*15) + ct2 = cryptor.process("\x00"*17) + self.failUnlessEqual(self.enc0, b2a_hex(ct1+ct2)) + +class AES128(unittest.TestCase): + enc0 = "66e94bd4ef8a2c3b884cfa59ca342b2e" + + def test_encrypt_zeroes(self): + cryptor = aes.AES(key="\x00"*16) + ct = cryptor.process("\x00"*16) + self.failUnlessEqual(self.enc0, b2a_hex(ct)) + + def test_init_type_check(self): + self.failUnlessRaises(TypeError, aes.AES, None) + self.failUnlessRaises(aes.Error, aes.AES, "a") # too short + + def test_encrypt_zeroes_in_two_parts(self): + cryptor = aes.AES(key="\x00"*16) + ct1 = cryptor.process("\x00"*8) + ct2 = cryptor.process("\x00"*8) + self.failUnlessEqual(self.enc0, b2a_hex(ct1+ct2)) + +def fake_ecb_using_ctr(k, p): + return aes.AES(key=k, iv=p).process('\x00'*16) + +NIST_KAT_VECTS_RE=re.compile("\nCOUNT = ([0-9]+)\nKEY = ([0-9a-f]+)\nPLAINTEXT = ([0-9a-f]+)\nCIPHERTEXT = ([0-9a-f]+)") + +class AES_from_NIST_KAT(unittest.TestCase): + def test_NIST_KAT(self): + for vectname in resource_listdir('pycryptopp', 'testvectors/KAT_AES'): + self._test_KAT_file(resource_string('pycryptopp', '/'.join(['testvectors/KAT_AES', vectname]))) + + def _test_KAT_file(self, vects_str): + for mo in NIST_KAT_VECTS_RE.finditer(vects_str): + key = a2b_hex(mo.group(2)) + plaintext = a2b_hex(mo.group(3)) + ciphertext = a2b_hex(mo.group(4)) + + computedciphertext = fake_ecb_using_ctr(key, plaintext) + self.failUnlessEqual(computedciphertext, ciphertext, "computedciphertext: %s, ciphertext: %s, key: %s, plaintext: %s" % (b2a_hex(computedciphertext), b2a_hex(ciphertext), b2a_hex(key), b2a_hex(plaintext))) + +class AES_from_Niels_Ferguson(unittest.TestCase): + # http://blogs.msdn.com/si_team/archive/2006/05/19/aes-test-vectors.aspx + def _test_from_Niels_AES(self, keysize, result): + E = fake_ecb_using_ctr + b = 16 + k = keysize + S = '\x00' * (k+b) + for i in range(1000): + K = S[-k:] + P = S[-k-b:-k] + S += E(K, E(K, P)) + + self.failUnlessEqual(S[-b:], a2b_hex(result)) + + def test_from_Niels_AES128(self): + return self._test_from_Niels_AES(16, 'bd883f01035e58f42f9d812f2dacbcd8') + + def test_from_Niels_AES256(self): + return self._test_from_Niels_AES(32, 'c84b0f3a2c76dd9871900b07f09bdd3e') + +if __name__ == "__main__": + unittest.main() diff --git a/pycryptopp/test/test_ecdsa.py b/pycryptopp/test/test_ecdsa.py new file mode 100644 index 0000000..d70a000 --- /dev/null +++ b/pycryptopp/test/test_ecdsa.py @@ -0,0 +1,263 @@ +#!/usr/bin/env python + +import random +import base64 + +import os +SEED = os.environ.get('REPEATABLE_RANDOMNESS_SEED', None) + +if SEED is None: + # Generate a seed which is fairly short (to ease cut-and-paste, writing it + # down, etc.). Note that Python's random module's seed() function is going + # to take the hash() of this seed, which is a 32-bit value (currently) so + # there is no point in making this seed larger than 32 bits. Make it 30 + # bits, which conveniently fits into six base-32 chars. Include a separator + # because chunking facilitates memory (including working and short-term + # memory) in humans. + chars = "ybndrfg8ejkmcpqxot1uwisza345h769" # Zooko's choice, rationale in "DESIGN" doc in z-base-32 project + SEED = ''.join([random.choice(chars) for x in range(3)] + ['-'] + [random.choice(chars) for x in range(3)]) + +import logging +logging.info("REPEATABLE_RANDOMNESS_SEED: %s\n" % SEED) +logging.info("In order to reproduce this run of the code, set the environment variable \"REPEATABLE_RANDOMNESS_SEED\" to %s before executing.\n" % SEED) +random.seed(SEED) + +def seed_which_refuses(a): + logging.warn("I refuse to reseed to %s -- I already seeded with %s.\n" % (a, SEED,)) + return +random.seed = seed_which_refuses + +from random import randrange + +import unittest + +from pycryptopp.publickey import ecdsa + +def randstr(n, rr=randrange): + return ''.join([chr(rr(0, 256)) for x in xrange(n)]) + +from base64 import b32encode +def ab(x): # debuggery + if len(x) >= 3: + return "%s:%s" % (len(x), b32encode(x[-3:]),) + elif len(x) == 2: + return "%s:%s" % (len(x), b32encode(x[-2:]),) + elif len(x) == 1: + return "%s:%s" % (len(x), b32encode(x[-1:]),) + elif len(x) == 0: + return "%s:%s" % (len(x), "--empty--",) + +def div_ceil(n, d): + """ + The smallest integer k such that k*d >= n. + """ + return (n/d) + (n%d != 0) + +KEYBITS=192 + +# The number of bytes required for a seed to have the same security level as a +# key in this elliptic curve: 2 bits of public key per bit of security. +SEEDBITS=div_ceil(192, 2) +SEEDBYTES=div_ceil(SEEDBITS, 8) + +# The number of bytes required to encode a public key in this elliptic curve. +PUBKEYBYTES=div_ceil(KEYBITS, 8)+1 # 1 byte for the sign of the y component + +# The number of bytes requires to encode a signature in this elliptic curve. +SIGBITS=KEYBITS*2 +SIGBYTES=div_ceil(SIGBITS, 8) + +class Signer(unittest.TestCase): + def test_construct(self): + seed = randstr(SEEDBYTES) + ecdsa.SigningKey(seed) + + def test_sign(self): + seed = randstr(SEEDBYTES) + signer = ecdsa.SigningKey(seed) + sig = signer.sign("message") + self.failUnlessEqual(len(sig), SIGBYTES) + + def test_sign_and_verify(self): + seed = randstr(SEEDBYTES) + signer = ecdsa.SigningKey(seed) + sig = signer.sign("message") + v = signer.get_verifying_key() + self.failUnless(v.verify("message", sig)) + + def test_sign_and_verify_emptymsg(self): + seed = randstr(SEEDBYTES) + signer = ecdsa.SigningKey(seed) + sig = signer.sign("") + v = signer.get_verifying_key() + self.failUnless(v.verify("", sig)) + + def test_construct_from_same_seed_is_reproducible(self): + seed = randstr(SEEDBYTES) + signer1 = ecdsa.SigningKey(seed) + signer2 = ecdsa.SigningKey(seed) + self.failUnlessEqual(signer1.get_verifying_key().serialize(), signer2.get_verifying_key().serialize()) + + # ... and using different seeds constructs a different private key. + seed3 = randstr(SEEDBYTES) + assert seed3 != seed, "Internal error in Python random module's PRNG (or in pycryptopp's hacks to it to facilitate testing) -- got two identical strings from randstr(%s)" % SEEDBYTES + signer3 = ecdsa.SigningKey(seed3) + self.failIfEqual(signer1.get_verifying_key().serialize(), signer3.get_verifying_key().serialize()) + + # Also try the all-zeroes string just because bugs sometimes are + # data-dependent on zero or cause bogus zeroes. + seed4 = '\x00'*SEEDBYTES + assert seed4 != seed, "Internal error in Python random module's PRNG (or in pycryptopp's hacks to it to facilitate testing) -- got the all-zeroes string from randstr(%s)" % SEEDBYTES + signer4 = ecdsa.SigningKey(seed4) + self.failIfEqual(signer4.get_verifying_key().serialize(), signer1.get_verifying_key().serialize()) + + signer5 = ecdsa.SigningKey(seed4) + self.failUnlessEqual(signer5.get_verifying_key().serialize(), signer4.get_verifying_key().serialize()) + + def test_construct_short_seed(self): + try: + ecdsa.SigningKey("\x00\x00\x00") + except ecdsa.Error, le: + self.failUnless("seed is required to be of length " in str(le), le) + else: + self.fail("Should have raised error from seed being too short.") + + def test_construct_bad_arg_type(self): + try: + ecdsa.SigningKey(1) + except TypeError, le: + self.failUnless("must be string" in str(le), le) + else: + self.fail("Should have raised error from seed being of the wrong type.") + +class Verifier(unittest.TestCase): + def test_from_signer_and_serialize_and_deserialize(self): + seed = randstr(SEEDBYTES) + signer = ecdsa.SigningKey(seed) + + verifier = signer.get_verifying_key() + s1 = verifier.serialize() + self.failUnlessEqual(len(s1), PUBKEYBYTES) + ecdsa.VerifyingKey(s1) + s2 = verifier.serialize() + self.failUnlessEqual(s1, s2) + +def flip_one_bit(s): + assert s + i = randrange(0, len(s)) + result = s[:i] + chr(ord(s[i])^(0x01<<randrange(0, 8))) + s[i+1:] + assert result != s, "Internal error -- flip_one_bit() produced the same string as its input: %s == %s" % (result, s) + return result + +def randmsg(): + # Choose a random message size from a range probably large enough to + # exercise any different code paths which depend on the message length. + randmsglen = randrange(1, SIGBYTES*2+2) + return randstr(randmsglen) + +class SignAndVerify(unittest.TestCase): + def _help_test_sign_and_check_good_keys(self, signer, verifier): + msg = randmsg() + + sig = signer.sign(msg) + self.failUnlessEqual(len(sig), SIGBYTES) + self.failUnless(verifier.verify(msg, sig)) + + # Now flip one bit of the signature and make sure that the signature doesn't check. + badsig = flip_one_bit(sig) + self.failIf(verifier.verify(msg, badsig)) + + # Now generate a random signature and make sure that the signature doesn't check. + badsig = randstr(len(sig)) + assert badsig != sig, "Internal error -- randstr() produced the same string twice: %s == %s" % (badsig, sig) + self.failIf(verifier.verify(msg, badsig)) + + # Now flip one bit of the message and make sure that the original signature doesn't check. + badmsg = flip_one_bit(msg) + self.failIf(verifier.verify(badmsg, sig)) + + # Now generate a random message and make sure that the original signature doesn't check. + badmsg = randstr(len(msg)) + assert badmsg != msg, "Internal error -- randstr() produced the same string twice: %s == %s" % (badmsg, msg) + self.failIf(verifier.verify(badmsg, sig)) + + def _help_test_sign_and_check_bad_keys(self, signer, verifier): + """ + Make sure that this signer/verifier pair cannot produce and verify signatures. + """ + msg = randmsg() + + sig = signer.sign(msg) + self.failUnlessEqual(len(sig), SIGBYTES) + self.failIf(verifier.verify(msg, sig)) + + def test(self): + seed = randstr(SEEDBYTES) + signer = ecdsa.SigningKey(seed) + verifier = signer.get_verifying_key() + self._help_test_sign_and_check_good_keys(signer, verifier) + + vstr = verifier.serialize() + self.failUnlessEqual(len(vstr), PUBKEYBYTES) + verifier2 = ecdsa.VerifyingKey(vstr) + self._help_test_sign_and_check_good_keys(signer, verifier2) + + signer2 = ecdsa.SigningKey(seed) + self._help_test_sign_and_check_good_keys(signer2, verifier2) + + verifier3 = signer2.get_verifying_key() + self._help_test_sign_and_check_good_keys(signer, verifier3) + + # Now test various ways that the keys could be corrupted or ill-matched. + + # Flip one bit of the public key. + badvstr = flip_one_bit(vstr) + try: + badverifier = ecdsa.VerifyingKey(badvstr) + except ecdsa.Error: + # Ok, fine, the verifying key was corrupted and Crypto++ detected this fact. + pass + else: + self._help_test_sign_and_check_bad_keys(signer, badverifier) + + # Randomize all bits of the public key. + badvstr = randstr(len(vstr)) + assert badvstr != vstr, "Internal error -- randstr() produced the same string twice: %s == %s" % (badvstr, vstr) + try: + badverifier = ecdsa.VerifyingKey(badvstr) + except ecdsa.Error: + # Ok, fine, the key was corrupted and Crypto++ detected this fact. + pass + else: + self._help_test_sign_and_check_bad_keys(signer, badverifier) + + # Flip one bit of the private key. + badseed = flip_one_bit(seed) + badsigner = ecdsa.SigningKey(badseed) + self._help_test_sign_and_check_bad_keys(badsigner, verifier) + + # Randomize all bits of the private key. + badseed = randstr(len(seed)) + assert badseed != seed, "Internal error -- randstr() produced the same string twice: %s == %s" % (badseed, seed) + badsigner = ecdsa.SigningKey(badseed) + self._help_test_sign_and_check_bad_keys(badsigner, verifier) + +class Compatibility(unittest.TestCase): + def test_compatibility(self): + # Confirm that the KDF used by the SigningKey constructor doesn't + # change without suitable backwards-compability + seed = base64.b32decode('XS27TJRP3JBZKDEFBDKQ====') + signer = ecdsa.SigningKey(seed) + v1 = signer.get_verifying_key() + vs = v1.serialize() + vs32 = base64.b32encode(vs) + self.failUnlessEqual(vs32, "ANPNDWJWHQXYSQMD4L36D7WQEGXA42MS5JRUFIWA") + v2 = ecdsa.VerifyingKey(vs) + #print base64.b32encode(signer.sign("message")) + sig32 = "EA3Y7A4T62J3K6MUPJQN3WJ5S4SS53EGZXOSTQW7EQ7OXEMS6QJLYL63BLHMHZD7KFT37KEPJBAKI===" + sig = base64.b32decode(sig32) + self.failUnless(v1.verify("message", sig)) + self.failUnless(v2.verify("message", sig)) + +if __name__ == "__main__": + unittest.main() diff --git a/pycryptopp/test/test_from_Nikratio.py b/pycryptopp/test/test_from_Nikratio.py new file mode 100644 index 0000000..a991415 --- /dev/null +++ b/pycryptopp/test/test_from_Nikratio.py @@ -0,0 +1,32 @@ +import unittest + +# This was reported as triggering a "Use of uninitialised value of +# size 4" under valgrind by Nikratio in pycryptopp-0.5.17 and Crypto++ +# 5.6.0. See http://tahoe-lafs.org/trac/pycryptopp/ticket/67 + +class T(unittest.TestCase): + def test_t(self): + import hmac + import pycryptopp + try: + import hashlib + except ImportError: + # Oh nevermind. + return + import struct + + def encrypt(buf, passphrase, nonce): + + key = hashlib.sha256(passphrase + nonce).digest() + cipher = pycryptopp.cipher.aes.AES(key) + hmac_ = hmac.new(key, digestmod=hashlib.sha256) + + hmac_.update(buf) + buf = cipher.process(buf) + hash_ = cipher.process(hmac_.digest()) + + return ''.join( + (struct.pack('<B', len(nonce)), + nonce, hash_, buf)) + + encrypt('foobar', 'passphrase', 'nonce') diff --git a/pycryptopp/test/test_rsa.py b/pycryptopp/test/test_rsa.py new file mode 100644 index 0000000..e4c5497 --- /dev/null +++ b/pycryptopp/test/test_rsa.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python + +import random + +import unittest + +global VERBOSE +VERBOSE=False + +from pycryptopp.publickey import rsa + +from base64 import b32encode +def ab(x): # debuggery + if len(x) >= 3: + return "%s:%s" % (len(x), b32encode(x[-3:]),) + elif len(x) == 2: + return "%s:%s" % (len(x), b32encode(x[-2:]),) + elif len(x) == 1: + return "%s:%s" % (len(x), b32encode(x[-1:]),) + elif len(x) == 0: + return "%s:%s" % (len(x), "--empty--",) + +def randstr(n): + return ''.join(map(chr, map(random.randrange, [0]*n, [256]*n))) + +KEYSIZE=522 # 522 bits is far too few for actual security -- it is used only for faster unit tests + +class Signer(unittest.TestCase): + def test_generate_bad_size(self): + try: + rsa.generate(KEYSIZE-1) + except rsa.Error, le: + self.failUnless("size in bits is required to be >=" in str(le), le) + else: + self.fail("Should have raised error from size being too small.") + try: + rsa.generate(sizeinbits=KEYSIZE-1) + except rsa.Error, le: + self.failUnless("size in bits is required to be >=" in str(le), le) + else: + self.fail("Should have raised error from size being too small.") + + def test_generate(self): + rsa.generate(KEYSIZE) + # Hooray! It didn't raise an exception! We win! + rsa.generate(sizeinbits=KEYSIZE) + # Hooray! It didn't raise an exception! We win! + + def test_sign(self): + signer = rsa.generate(KEYSIZE) + result = signer.sign("abc") + self.failUnlessEqual(len(result), ((KEYSIZE+7)/8)) + # TODO: test against RSAInc. test vectors. + +class SignAndVerify(unittest.TestCase): + def _help_test_sign_and_check(self, signer, verifier, msg): + sig = signer.sign(msg) + self.failUnlessEqual(len(sig), ((KEYSIZE+7)/8)) + self.failUnless(verifier.verify(msg, sig)) + + def test_sign_and_check_a(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + return self._help_test_sign_and_check(signer, verifier, "a") + + def _help_test_sign_and_check_random(self, signer, verifier): + for i in range(3): + l = random.randrange(0, 2**10) + msg = randstr(l) + self._help_test_sign_and_check(signer, verifier, msg) + + def test_sign_and_check_random(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + return self._help_test_sign_and_check_random(signer, verifier) + + def _help_test_sign_and_failcheck(self, signer, verifier, msg): + sig = signer.sign("a") + sig = sig[:-1] + chr(ord(sig[-1])^0x01) + self.failUnless(not verifier.verify(msg, sig)) + + def test_sign_and_failcheck_a(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + return self._help_test_sign_and_failcheck(signer, verifier, "a") + + def _help_test_sign_and_failcheck_random(self, signer, verifier): + for i in range(3): + l = random.randrange(0, 2**10) + msg = randstr(l) + self._help_test_sign_and_failcheck(signer, verifier, msg) + + def test_sign_and_failcheck_random(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + return self._help_test_sign_and_failcheck_random(signer, verifier) + + def test_serialize_and_deserialize_verifying_key_and_test(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + serstr = verifier.serialize() + verifier = None + newverifier = rsa.create_verifying_key_from_string(serstr) + self._help_test_sign_and_check(signer, newverifier, "a") + self._help_test_sign_and_check_random(signer, newverifier) + self._help_test_sign_and_failcheck(signer, newverifier, "a") + self._help_test_sign_and_failcheck_random(signer, newverifier) + + def test_serialize_and_deserialize_signing_key_and_test(self): + signer = rsa.generate(KEYSIZE) + verifier = signer.get_verifying_key() + serstr = signer.serialize() + signer = None + newsigner = rsa.create_signing_key_from_string(serstr) + self._help_test_sign_and_check(newsigner, verifier, "a") + self._help_test_sign_and_check_random(newsigner, verifier) + self._help_test_sign_and_failcheck(newsigner, verifier, "a") + self._help_test_sign_and_failcheck_random(newsigner, verifier) + + +if __name__ == "__main__": + unittest.main() diff --git a/pycryptopp/test/test_sha256.py b/pycryptopp/test/test_sha256.py new file mode 100644 index 0000000..5e982dc --- /dev/null +++ b/pycryptopp/test/test_sha256.py @@ -0,0 +1,181 @@ +#!/usr/bin/env python + +import random, re + +import unittest + +from binascii import b2a_hex, a2b_hex + +global VERBOSE +VERBOSE=False + +from pycryptopp.hash import sha256 + +from pkg_resources import resource_string + +def resource_string_lines(pkgname, resname): + return split_on_newlines(resource_string(pkgname, resname)) + +from base64 import b32encode +def ab(x): # debuggery + if len(x) >= 3: + return "%s:%s" % (len(x), b32encode(x[-3:]),) + elif len(x) == 2: + return "%s:%s" % (len(x), b32encode(x[-2:]),) + elif len(x) == 1: + return "%s:%s" % (len(x), b32encode(x[-1:]),) + elif len(x) == 0: + return "%s:%s" % (len(x), "--empty--",) + +def randstr(n): + return ''.join(map(chr, map(random.randrange, [0]*n, [256]*n))) + +h0 = a2b_hex("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") +h_bd = a2b_hex("68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b") +h_5fd4 = a2b_hex("7c4fbf484498d21b487b9d61de8914b2eadaf2698712936d47c3ada2558f6788") + +class SHA256(unittest.TestCase): + def test_digest(self): + empty_digest = sha256.SHA256().digest() + self.failUnless(isinstance(empty_digest, str)) + self.failUnlessEqual(len(empty_digest), 32) + self.failUnlessEqual(empty_digest, h0) + + def test_hexdigest(self): + empty_hexdigest = sha256.SHA256().hexdigest() + self.failUnlessEqual(a2b_hex(empty_hexdigest), h0) + test_hexdigest.todo = "Not yet implemented: SHA256.hexdigest()." + + def test_onebyte_1(self): + d = sha256.SHA256("\xbd").digest() + self.failUnlessEqual(d, h_bd) + + def test_onebyte_2(self): + s = sha256.SHA256() + s.update("\xbd") + d = s.digest() + self.failUnlessEqual(d, h_bd) + + def test_update(self): + s = sha256.SHA256("\x5f") + s.update("\xd4") + d = s.digest() + self.failUnlessEqual(d, h_5fd4) + + def test_constructor_type_check(self): + self.failUnlessRaises(TypeError, sha256.SHA256, None) + + def test_update_type_check(self): + h = sha256.SHA256() + self.failUnlessRaises(TypeError, h.update, None) + + def test_digest_twice(self): + h = sha256.SHA256() + d1 = h.digest() + self.failUnless(isinstance(d1, str)) + d2 = h.digest() + self.failUnlessEqual(d1, d2) + + def test_digest_then_update_fail(self): + h = sha256.SHA256() + h.digest() + try: + h.update("oops") + except sha256.Error, le: + self.failUnless("digest() has been called" in str(le), le) + + def test_chunksize(self): + # hashes can be computed on arbitrarily-sized chunks + problems = False + for length in range(2, 140): + s = "a"*length + expected = sha256.SHA256(s).hexdigest() + for a in range(0, length): + h = sha256.SHA256() + h.update(s[:a]) + h.update(s[a:]) + got = h.hexdigest() + if got != expected: + problems = True + print len(s[:a]), len(s[a:]), len(s), got, expected + self.failIf(problems) + + def test_recursive_different_chunksizes(self): + """ + Test that updating a hasher with various sized inputs yields + the expected answer. This is somewhat redundant with + test_chunksize(), but that's okay. This one exercises some + slightly different situations (such as finalizing a hash after + different length inputs.) This one is recursive so that there + is a single fixed result that we expect. + """ + hx = sha256.SHA256() + s = ''.join([ chr(c) for c in range(65) ]) + for i in range(0, 65): + hy = sha256.SHA256(s[:i]).digest() + hx.update(hy) + for i in range(0, 65): + hx.update(chr(0xFE)) + hx.update(s[:64]) + self.failUnlessEqual(hx.hexdigest().lower(), '5191c7841dd4e16aa454d40af924585dffc67157ffdbfd0236acddd07901629d') + + +VECTS_RE=re.compile("\nLen = ([0-9]+)\nMsg = ([0-9a-f]+)\nMD = ([0-9a-f]+)") + +# split_on_newlines() copied from pyutil.strutil +def split_on_newlines(s): + """ + Splits s on all of the three newline sequences: "\r\n", "\r", or "\n". + """ + res = [] + for x in s.split('\r\n'): + for y in x.split('\r'): + res.extend(y.split('\n')) + return res + +class SHSVectors(unittest.TestCase): + """ + All of the SHA-256 test vectors from the NIST SHS, in the files distributed + by NIST. (NIST distributes them in a .zip, but we expect them to be + unpacked and in a subdirectory named 'testvectors'). + """ + def test_short(self): + return self._test_vect(resource_string('pycryptopp', 'testvectors/SHA256ShortMsg.txt')) + + def test_long(self): + return self._test_vect(resource_string('pycryptopp', 'testvectors/SHA256LongMsg.txt')) + + def _test_vect(self, vects_str): + for mo in VECTS_RE.finditer(vects_str): + msglenbits = int(mo.group(1)) + assert msglenbits % 8 == 0 + msglen = msglenbits / 8 + msg = a2b_hex(mo.group(2))[:msglen] # The slice is necessary because NIST seems to think that "00" is a reasonable representation for the zero-length string. + assert len(msg) == msglen, (len(msg), msglen) + md = a2b_hex(mo.group(3)) + + computed_md = sha256.SHA256(msg).digest() + self.failUnlessEqual(computed_md, md) + + def test_monte(self): + inlines = resource_string_lines('pycryptopp', 'testvectors/SHA256Monte.txt') + for line in inlines: + line = line.strip() + if line[:7] == 'Seed = ': + seed = a2b_hex(line[7:]) + break + + j = 0 + for line in inlines: + line = line.strip() + if line[:8] == 'COUNT = ': + assert int(line[8:]) == j + elif line[:5] == 'MD = ': + mds = [] + mds.append(seed);mds.append(seed);mds.append(seed); + for i in range(1000): + m = mds[-3]+mds[-2]+mds[-1] + mds.append(sha256.SHA256(m).digest()) + seed = mds[-1] + self.failUnlessEqual(line[5:], b2a_hex(seed)) + j += 1 diff --git a/pycryptopp/test/test_startup.py b/pycryptopp/test/test_startup.py new file mode 100644 index 0000000..3160feb --- /dev/null +++ b/pycryptopp/test/test_startup.py @@ -0,0 +1,5 @@ +import unittest + +class T(unittest.TestCase): + def test_load_dll_twice(self): + pass |