expand RSA and ECDSA compatibility tests to validate serialization compatibility between backends

mattsb42-aws · mattsb42-aws · commit eaa63837d50d · 2018-12-26T15:17:16.000-08:00
diff --git a/tests/algorithms/test_EC_compat.py b/tests/algorithms/test_EC_compat.py
@@ -15,7 +15,7 @@
     None in (ECDSAECKey, CryptographyECKey),
     reason="Multiple crypto backends not available for backend compatibility tests"
 )
-class TestBackendRsaCompatibility(object):
+class TestBackendEcdsaCompatibility(object):
 
     @pytest.mark.parametrize("BackendSign", [ECDSAECKey, CryptographyECKey])
     @pytest.mark.parametrize("BackendVerify", [ECDSAECKey, CryptographyECKey])
@@ -31,3 +31,42 @@ def test_signing_parity(self, BackendSign, BackendVerify):
 
         # invalid signature
         assert not key_verify.verify(msg, b'n' * 64)
+
+    @pytest.mark.parametrize("BackendFrom", [ECDSAECKey, CryptographyECKey])
+    @pytest.mark.parametrize("BackendTo", [ECDSAECKey, CryptographyECKey])
+    def test_public_key_to_pem(self, BackendFrom, BackendTo):
+        key = BackendFrom(private_key, ALGORITHMS.ES256)
+        key2 = BackendTo(private_key, ALGORITHMS.ES256)
+
+        assert key.public_key().to_pem().strip() == key2.public_key().to_pem().strip()
+
+    @pytest.mark.parametrize("BackendFrom", [ECDSAECKey, CryptographyECKey])
+    @pytest.mark.parametrize("BackendTo", [ECDSAECKey, CryptographyECKey])
+    def test_private_key_to_pem(self, BackendFrom, BackendTo):
+        key = BackendFrom(private_key, ALGORITHMS.ES256)
+        key2 = BackendTo(private_key, ALGORITHMS.ES256)
+
+        assert key.to_pem().strip() == key2.to_pem().strip()
+
+    @pytest.mark.parametrize("BackendFrom", [ECDSAECKey, CryptographyECKey])
+    @pytest.mark.parametrize("BackendTo", [ECDSAECKey, CryptographyECKey])
+    def test_public_key_load_cycle(self, BackendFrom, BackendTo):
+        key = BackendFrom(private_key, ALGORITHMS.ES256)
+        pubkey = key.public_key()
+
+        pub_pem_source = pubkey.to_pem().strip()
+
+        pub_target = BackendTo(pub_pem_source, ALGORITHMS.ES256)
+
+        assert pub_pem_source == pub_target.to_pem().strip()
+
+    @pytest.mark.parametrize("BackendFrom", [ECDSAECKey, CryptographyECKey])
+    @pytest.mark.parametrize("BackendTo", [ECDSAECKey, CryptographyECKey])
+    def test_private_key_load_cycle(self, BackendFrom, BackendTo):
+        key = BackendFrom(private_key, ALGORITHMS.ES256)
+
+        pem_source = key.to_pem().strip()
+
+        target = BackendTo(pem_source, ALGORITHMS.ES256)
+
+        assert pem_source == target.to_pem().strip()
diff --git a/tests/algorithms/test_RSA_compat.py b/tests/algorithms/test_RSA_compat.py
@@ -3,23 +3,30 @@
 try:
     from jose.backends.rsa_backend import RSAKey as PurePythonRSAKey
     from jose.backends.cryptography_backend import CryptographyRSAKey
-    from jose.backends.pycrypto_backend import RSAKey
+    from jose.backends.pycrypto_backend import RSAKey as PyCryptoRSAKey
 except ImportError:
-    PurePythonRSAKey = CryptographyRSAKey = RSAKey = None
+    PurePythonRSAKey = CryptographyRSAKey = PyCryptoRSAKey = None
 from jose.constants import ALGORITHMS
 
 from .test_RSA import private_key
 
+CRYPTO_BACKENDS = (
+    pytest.param(PurePythonRSAKey, id="python_rsa"),
+    pytest.param(CryptographyRSAKey, id="pyca/cryptography"),
+    pytest.param(PyCryptoRSAKey, id="pycrypto/dome")
+)
+ENCODINGS = ("PKCS1", "PKCS8")
+
 
 @pytest.mark.backend_compatibility
 @pytest.mark.skipif(
-    None in (PurePythonRSAKey, CryptographyRSAKey, RSAKey),
+    None in (PurePythonRSAKey, CryptographyRSAKey, PyCryptoRSAKey),
     reason="Multiple crypto backends not available for backend compatibility tests"
 )
 class TestBackendRsaCompatibility(object):
 
-    @pytest.mark.parametrize("BackendSign", [RSAKey, CryptographyRSAKey, PurePythonRSAKey])
-    @pytest.mark.parametrize("BackendVerify", [RSAKey, CryptographyRSAKey, PurePythonRSAKey])
+    @pytest.mark.parametrize("BackendSign", CRYPTO_BACKENDS)
+    @pytest.mark.parametrize("BackendVerify", CRYPTO_BACKENDS)
     def test_signing_parity(self, BackendSign, BackendVerify):
         key_sign = BackendSign(private_key, ALGORITHMS.RS256)
         key_verify = BackendVerify(private_key, ALGORITHMS.RS256).public_key()
@@ -33,18 +40,58 @@ def test_signing_parity(self, BackendSign, BackendVerify):
         # invalid signature
         assert not key_verify.verify(msg, b'n' * 64)
 
-    @pytest.mark.parametrize("BackendFrom", [RSAKey, CryptographyRSAKey, PurePythonRSAKey])
-    @pytest.mark.parametrize("BackendTo", [RSAKey, CryptographyRSAKey, PurePythonRSAKey])
-    def test_public_key_to_pem(self, BackendFrom, BackendTo):
+    @pytest.mark.parametrize("encoding", ENCODINGS)
+    @pytest.mark.parametrize("BackendFrom", CRYPTO_BACKENDS)
+    @pytest.mark.parametrize("BackendTo", CRYPTO_BACKENDS)
+    def test_public_key_to_pem(self, BackendFrom, BackendTo, encoding):
+        key = BackendFrom(private_key, ALGORITHMS.RS256)
+        key2 = BackendTo(private_key, ALGORITHMS.RS256)
+
+        key1_pem = key.public_key().to_pem(pem_format=encoding).strip()
+        key2_pem = key2.public_key().to_pem(pem_format=encoding).strip()
+        assert key1_pem == key2_pem
+
+    @pytest.mark.parametrize("encoding", ENCODINGS)
+    @pytest.mark.parametrize("BackendFrom", CRYPTO_BACKENDS)
+    @pytest.mark.parametrize("BackendTo", CRYPTO_BACKENDS)
+    def test_private_key_to_pem(self, BackendFrom, BackendTo, encoding):
+        key = BackendFrom(private_key, ALGORITHMS.RS256)
+        key2 = BackendTo(private_key, ALGORITHMS.RS256)
+
+        key1_pem = key.to_pem(pem_format=encoding).strip()
+        key2_pem = key2.to_pem(pem_format=encoding).strip()
+
+        import base64
+        a = base64.b64decode(key1_pem[key1_pem.index(b"\n"):key1_pem.rindex(b"\n")])
+        b = base64.b64decode(key2_pem[key2_pem.index(b"\n"):key2_pem.rindex(b"\n")])
+        assert a == b
+
+        assert key1_pem == key2_pem
+
+    @pytest.mark.parametrize("encoding_save", ENCODINGS)
+    @pytest.mark.parametrize("encoding_load", ENCODINGS)
+    @pytest.mark.parametrize("BackendFrom", CRYPTO_BACKENDS)
+    @pytest.mark.parametrize("BackendTo", CRYPTO_BACKENDS)
+    def test_public_key_load_cycle(self, BackendFrom, BackendTo, encoding_save, encoding_load):
+        key = BackendFrom(private_key, ALGORITHMS.RS256)
+
+        pem_pub_reference = key.public_key().to_pem(pem_format=encoding_save).strip()
+        pem_pub_load = key.public_key().to_pem(pem_format=encoding_load).strip()
+
+        pubkey_2 = BackendTo(pem_pub_load, ALGORITHMS.RS256)
+
+        assert pem_pub_reference == pubkey_2.to_pem(encoding_save).strip()
+
+    @pytest.mark.parametrize("encoding_save", ENCODINGS)
+    @pytest.mark.parametrize("encoding_load", ENCODINGS)
+    @pytest.mark.parametrize("BackendFrom", CRYPTO_BACKENDS)
+    @pytest.mark.parametrize("BackendTo", CRYPTO_BACKENDS)
+    def test_private_key_load_cycle(self, BackendFrom, BackendTo, encoding_save, encoding_load):
         key = BackendFrom(private_key, ALGORITHMS.RS256)
-        pubkey = key.public_key()
 
-        pkcs1_pub = pubkey.to_pem(pem_format='PKCS1').strip()
-        pkcs8_pub = pubkey.to_pem(pem_format='PKCS8').strip()
-        assert pkcs1_pub != pkcs8_pub, BackendFrom
+        pem_reference = key.to_pem(pem_format=encoding_save).strip()
+        pem_load = key.to_pem(pem_format=encoding_load).strip()
 
-        pub1 = BackendTo(pkcs1_pub, ALGORITHMS.RS256)
-        pub8 = BackendTo(pkcs8_pub, ALGORITHMS.RS256)
+        key_2 = BackendTo(pem_load, ALGORITHMS.RS256)
 
-        assert pkcs8_pub == pub1.to_pem(pem_format='PKCS8').strip()
-        assert pkcs1_pub == pub8.to_pem(pem_format='PKCS1').strip()
+        assert pem_reference == key_2.to_pem(encoding_save).strip()
