Skip to content

Commit

Permalink
stop using SHA1 in most of test_ec where it isn't needed (#10287)
Browse files Browse the repository at this point in the history
  • Loading branch information
reaperhulk authored Jan 29, 2024
1 parent 49bf4e4 commit 4ea4309
Showing 1 changed file with 13 additions and 11 deletions.
24 changes: 13 additions & 11 deletions tests/hazmat/primitives/test_ec.py
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,7 @@ def test_signature_failures(self, backend, subtests):
def test_sign(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
algorithm = ec.ECDSA(hashes.SHA1())
algorithm = ec.ECDSA(hashes.SHA256())
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
signature = private_key.sign(message, algorithm)
public_key = private_key.public_key()
Expand All @@ -519,7 +519,7 @@ def test_sign(self, backend):
def test_sign_verify_buffers(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = bytearray(b"one little message")
algorithm = ec.ECDSA(hashes.SHA1())
algorithm = ec.ECDSA(hashes.SHA256())
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
signature = private_key.sign(message, algorithm)
public_key = private_key.public_key()
Expand All @@ -528,19 +528,19 @@ def test_sign_verify_buffers(self, backend):
def test_sign_prehashed(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
h = hashes.Hash(hashes.SHA1(), backend)
h = hashes.Hash(hashes.SHA256(), backend)
h.update(message)
data = h.finalize()
algorithm = ec.ECDSA(Prehashed(hashes.SHA1()))
algorithm = ec.ECDSA(Prehashed(hashes.SHA256()))
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
signature = private_key.sign(data, algorithm)
public_key = private_key.public_key()
public_key.verify(signature, message, ec.ECDSA(hashes.SHA1()))
public_key.verify(signature, message, ec.ECDSA(hashes.SHA256()))

def test_sign_prehashed_digest_mismatch(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
h = hashes.Hash(hashes.SHA1(), backend)
h = hashes.Hash(hashes.SHA224(), backend)
h.update(message)
data = h.finalize()
algorithm = ec.ECDSA(Prehashed(hashes.SHA256()))
Expand All @@ -551,7 +551,7 @@ def test_sign_prehashed_digest_mismatch(self, backend):
def test_verify(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
algorithm = ec.ECDSA(hashes.SHA1())
algorithm = ec.ECDSA(hashes.SHA256())
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
signature = private_key.sign(message, algorithm)
public_key = private_key.public_key()
Expand All @@ -560,20 +560,22 @@ def test_verify(self, backend):
def test_verify_prehashed(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
algorithm = ec.ECDSA(hashes.SHA1())
algorithm = ec.ECDSA(hashes.SHA256())
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
signature = private_key.sign(message, algorithm)
h = hashes.Hash(hashes.SHA1(), backend)
h = hashes.Hash(hashes.SHA256(), backend)
h.update(message)
data = h.finalize()
public_key = private_key.public_key()
public_key.verify(signature, data, ec.ECDSA(Prehashed(hashes.SHA1())))
public_key.verify(
signature, data, ec.ECDSA(Prehashed(hashes.SHA256()))
)

def test_verify_prehashed_digest_mismatch(self, backend):
_skip_curve_unsupported(backend, ec.SECP256R1())
message = b"one little message"
private_key = ec.generate_private_key(ec.SECP256R1(), backend)
h = hashes.Hash(hashes.SHA1(), backend)
h = hashes.Hash(hashes.SHA224(), backend)
h.update(message)
data = h.finalize()
public_key = private_key.public_key()
Expand Down

0 comments on commit 4ea4309

Please sign in to comment.