Skip to content

Commit 1a2b48a

Browse files
jschlyterjschlyter
committed
test all the algorithms
1 parent 78d1fd2 commit 1a2b48a

3 files changed

Lines changed: 56 additions & 12 deletions

File tree

nodeman/models.py

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,18 @@
99

1010
class PublicJwk(BaseModel):
1111
kty: str
12-
crv: str
13-
x: str
12+
13+
# for EC and ED
14+
crv: str | None = None
15+
x: str | None = None
16+
17+
# for EC
1418
y: str | None = None
1519

20+
# for RSA
21+
n: str | None = None
22+
e: str | None = None
23+
1624

1725
class NodeInformation(BaseModel):
1826
name: str = Field(title="Node name")

nodeman/x509.py

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,13 @@
33

44
from cryptography import x509
55
from cryptography.hazmat.primitives import hashes
6-
from cryptography.hazmat.primitives.asymmetric import ec
6+
from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey
7+
from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey
8+
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
9+
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
710
from cryptography.x509.oid import ExtensionOID, NameOID
811

9-
type PrivateKey = ec.EllipticCurvePrivateKey
12+
type PrivateKey = RSAPrivateKey | EllipticCurvePrivateKey | Ed25519PrivateKey | Ed448PrivateKey
1013

1114

1215
@dataclass(frozen=True)
@@ -21,6 +24,12 @@ def sign_csr(self, csr: x509.CertificateSigningRequest, name: str) -> Certificat
2124
pass
2225

2326

27+
def get_hash_algorithm_from_key(key: PrivateKey) -> hashes.SHA256 | None:
28+
if isinstance(key, (Ed25519PrivateKey, Ed448PrivateKey)):
29+
return None
30+
return hashes.SHA256()
31+
32+
2433
def generate_x509_csr(name: str, key: PrivateKey) -> x509.CertificateSigningRequest:
2534
"""Generate X.509 CSR with name and key"""
2635
return (
@@ -30,7 +39,7 @@ def generate_x509_csr(name: str, key: PrivateKey) -> x509.CertificateSigningRequ
3039
x509.SubjectAlternativeName([x509.DNSName(name)]),
3140
critical=False,
3241
)
33-
.sign(key, hashes.SHA256())
42+
.sign(key, get_hash_algorithm_from_key(key))
3443
)
3544

3645

tests/test_api.py

Lines changed: 34 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,9 @@
44
from urllib.parse import urljoin
55

66
from cryptography.hazmat.primitives import serialization
7-
from cryptography.hazmat.primitives.asymmetric import ec
7+
from cryptography.hazmat.primitives.asymmetric import ec, rsa
8+
from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey
9+
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
810
from cryptography.hazmat.primitives.serialization import load_pem_public_key
911
from fastapi.testclient import TestClient
1012
from jwcrypto.jwk import JWK
@@ -31,13 +33,10 @@ def get_test_client() -> TestClient:
3133
return TestClient(app)
3234

3335

34-
def test_enroll() -> None:
36+
def _test_enroll(data_key, x509_key) -> None:
3537
client = get_test_client()
3638
server = ""
3739

38-
kty = "OKP"
39-
crv = "Ed25519"
40-
4140
logging.basicConfig(level=logging.DEBUG)
4241
logging.debug("Testing enrollment")
4342

@@ -59,10 +58,8 @@ def test_enroll() -> None:
5958
hmac_key = JWK(kty="oct", k=secret)
6059
hmac_alg = "HS256"
6160

62-
data_key = JWK.generate(kty=kty, crv=crv)
6361
data_alg = jwk_to_alg(data_key)
6462

65-
x509_key = ec.generate_private_key(ec.SECP256R1())
6663
x509_csr = generate_x509_csr(key=x509_key, name=name).public_bytes(serialization.Encoding.PEM).decode()
6764

6865
payload = {"x509_csr": x509_csr, "public_key": data_key.export_public(as_dict=True)}
@@ -107,6 +104,36 @@ def test_enroll() -> None:
107104
assert response.status_code == 404
108105

109106

107+
def test_enroll_p256_p256() -> None:
108+
data_key = JWK.generate(kty="EC", crv="P-256")
109+
x509_key = ec.generate_private_key(ec.SECP256R1())
110+
_test_enroll(data_key=data_key, x509_key=x509_key)
111+
112+
113+
def test_enroll_ed25519_p256() -> None:
114+
data_key = JWK.generate(kty="OKP", crv="Ed25519")
115+
x509_key = ec.generate_private_key(ec.SECP256R1())
116+
_test_enroll(data_key=data_key, x509_key=x509_key)
117+
118+
119+
def test_enroll_ed25519_ed25519() -> None:
120+
data_key = JWK.generate(kty="OKP", crv="Ed25519")
121+
x509_key = Ed25519PrivateKey.generate()
122+
_test_enroll(data_key=data_key, x509_key=x509_key)
123+
124+
125+
def test_enroll_ed448_ed448() -> None:
126+
data_key = JWK.generate(kty="OKP", crv="Ed448")
127+
x509_key = Ed448PrivateKey.generate()
128+
_test_enroll(data_key=data_key, x509_key=x509_key)
129+
130+
131+
def test_enroll_rsa_rsa() -> None:
132+
data_key = JWK.generate(kty="RSA", size=2048)
133+
x509_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
134+
_test_enroll(data_key=data_key, x509_key=x509_key)
135+
136+
110137
def test_enroll_bad_hmac_signature() -> None:
111138
client = get_test_client()
112139
server = ""

0 commit comments

Comments
 (0)