Added tests for two more PKCS#8 key situations

pyca · Jan 19, 2025 · 75947fb · 75947fb
1 parent 17119de
commit 75947fb
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 0 deletions.
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
@@ -206,6 +206,12 @@ Custom asymmetric vectors
   the key (the OIDs are reversed from ``ec-inconsistent-curve.pem``).
 * ``asymmetric/EC/ec-missing-curve.pem`` - A PKCS#1 encoded EC key where the
   curve OID is missing.
+* ``asymmetric/PKCS8/ec-consistent-curve.pem`` - A PKCS8 encoded EC key where
+  the the curve OID in the parameters is the same as the curve OID in the key
+  (encoding the curve OID twice is duplicative, as the inner curve is
+  optional).
+* ``asymmetric/PKCS8/ec-invalid-version.pem`` - A PKCS8 encoded EC key with an
+  invalid elliptic curve version field.
 
 
 Key exchange

diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
@@ -51,6 +51,7 @@ Diffie
 disambiguating
 Django
 Docstrings
+duplicative
 El
 Encodings
 endian

diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
@@ -1147,6 +1147,18 @@ def test_pkcs8_inconsistent_curve(self):
         with pytest.raises(ValueError):
             serialization.load_pem_private_key(data, password=None)
 
+    def test_pkcs8_consistent_curve(self):
+        # Like the above, but both the inner and outer curves match
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "ec-consistent-curve.pem"),
+            lambda f: serialization.load_pem_private_key(
+                f.read(), password=None
+            ),
+            mode="rb",
+        )
+        assert isinstance(key, EllipticCurvePrivateKey)
+        assert isinstance(key.curve, ec.SECP256R1)
+
     def test_load_private_key_missing_curve(self):
         data = load_vectors_from_file(
             os.path.join("asymmetric", "EC", "ec-missing-curve.pem"),
@@ -1156,6 +1168,16 @@ def test_load_private_key_missing_curve(self):
         with pytest.raises(ValueError):
             serialization.load_pem_private_key(data, password=None)
 
+    @pytest.mark.xfail
+    def test_load_private_key_invalid_version(self):
+        data = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "ec-invalid-version.pem"),
+            lambda f: f.read(),
+            mode="rb",
+        )
+        with pytest.raises(ValueError):
+            serialization.load_pem_private_key(data, password=None)
+
 
 class TestEllipticCurvePEMPublicKeySerialization:
     @pytest.mark.parametrize(

diff --git a/vectors/cryptography_vectors/asymmetric/PKCS8/ec-consistent-curve.pem b/vectors/cryptography_vectors/asymmetric/PKCS8/ec-consistent-curve.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgYirTZSx+5O8Y6tlG
+cka6W6btJiocdrdolfcukSoTEk+gCgYIKoZIzj0DAQehRANCAAQkvPNu7Pa1GcsW
+U4v7ptNfqCJVq8Cxzo0MUVPQgwJ3aJtNM1QMOQUayCrRwfklg+D/rFSUwEUqtZh7
+fJDiFqz3
+-----END PRIVATE KEY-----
diff --git a/vectors/cryptography_vectors/asymmetric/PKCS8/ec-invalid-version.pem b/vectors/cryptography_vectors/asymmetric/PKCS8/ec-invalid-version.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBEQQgYirTZSx+5O8Y6tlG
+cka6W6btJiocdrdolfcukSoTEk+gCgYIKoZIzj0DAQehRANCAAQkvPNu7Pa1GcsW
+U4v7ptNfqCJVq8Cxzo0MUVPQgwJ3aJtNM1QMOQUayCrRwfklg+D/rFSUwEUqtZh7
+fJDiFqz3
+-----END PRIVATE KEY-----