Package: src:python-pykmip
Version: 0.10.0-6
Severity: serious
Tags: ftbfs
Dear maintainer:
During a rebuild of all packages in unstable, your package failed to build:
--------------------------------------------------------------------------------
[...]
debian/rules build
make: pyversions: No such file or directory
py3versions: no X-Python3-Version in control file, using supported versions
dh build --buildsystem=python_distutils --with python3
dh_update_autotools_config -O--buildsystem=python_distutils
dh_autoreconf -O--buildsystem=python_distutils
dh_auto_configure -O--buildsystem=python_distutils
dh_auto_configure: warning: Please use the third-party "pybuild" build system
instead of python-distutils
dh_auto_configure: warning: This feature will be removed in compat 12.
debian/rules override_dh_auto_build
make[1]: Entering directory '/<<PKGBUILDDIR>>'
make[1]: pyversions: No such file or directory
py3versions: no X-Python3-Version in control file, using supported versions
echo "Do nothing..."
Do nothing...
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
debian/rules override_dh_auto_test
make[1]: Entering directory '/<<PKGBUILDDIR>>'
make[1]: pyversions: No such file or directory
py3versions: no X-Python3-Version in control file, using supported versions
set -e ; for i in 3.12 3.11 ; do \
PYTHONPATH=. PYTHON=python$i python$i -m coverage run --source=kmip/ -m
pytest --strict kmip/tests/unit ; \
done
============================= test session starts ==============================
platform linux -- Python 3.12.2, pytest-8.1.1, pluggy-1.4.0
rootdir: /<<PKGBUILDDIR>>
configfile: pytest.ini
collected 3394 items
kmip/tests/unit/core/attributes/test_application_specific_information.py . [
0%]
.............. [ 0%]
kmip/tests/unit/core/attributes/test_attributes.py ...ssss...ssss....... [ 1%]
........................................................................ [ 3%]
.................... [ 3%]
kmip/tests/unit/core/attributes/test_digest.py ........................ [ 4%]
kmip/tests/unit/core/factories/payloads/test_payload.py ................ [ 4%]
........................... [ 5%]
kmip/tests/unit/core/factories/payloads/test_request.py ................ [ 6%]
.......................... [ 6%]
kmip/tests/unit/core/factories/payloads/test_response.py ............... [ 7%]
........................... [ 8%]
kmip/tests/unit/core/factories/test_attribute.py . [ 8%]
kmip/tests/unit/core/factories/test_attribute_values.py ..........ss.s.s [ 8%]
....................s.... [ 9%]
kmip/tests/unit/core/messages/contents/test_authentication.py .......... [ 9%]
...... [ 9%]
kmip/tests/unit/core/messages/contents/test_protocol_version.py ........ [ 10%]
..................... [ 10%]
kmip/tests/unit/core/messages/payloads/test_activate.py .......... [ 11%]
kmip/tests/unit/core/messages/payloads/test_archive.py ................. [ 11%]
............. [ 11%]
kmip/tests/unit/core/messages/payloads/test_cancel.py .................. [ 12%]
............... [ 12%]
kmip/tests/unit/core/messages/payloads/test_check.py ................... [ 13%]
................................. [ 14%]
kmip/tests/unit/core/messages/payloads/test_create.py .................. [ 14%]
................................ [ 15%]
kmip/tests/unit/core/messages/payloads/test_create_key_pair.py ......... [ 16%]
....................................................... [ 17%]
kmip/tests/unit/core/messages/payloads/test_decrypt.py ................. [ 18%]
................................. [ 19%]
kmip/tests/unit/core/messages/payloads/test_delete_attribute.py ........ [ 19%]
................................. [ 20%]
kmip/tests/unit/core/messages/payloads/test_derive_key.py .............. [ 20%]
............................................... [ 22%]
kmip/tests/unit/core/messages/payloads/test_discover_versions.py ....... [ 22%]
............. [ 22%]
kmip/tests/unit/core/messages/payloads/test_encrypt.py ................. [ 23%]
...................................... [ 24%]
kmip/tests/unit/core/messages/payloads/test_get.py ..................... [ 25%]
.............................. [ 26%]
kmip/tests/unit/core/messages/payloads/test_get_attribute_list.py ...... [ 26%]
............................................... [ 27%]
kmip/tests/unit/core/messages/payloads/test_get_attributes.py .......... [ 27%]
.......................................................... [ 29%]
kmip/tests/unit/core/messages/payloads/test_get_usage_allocation.py .... [ 29%]
............................... [ 30%]
kmip/tests/unit/core/messages/payloads/test_locate.py .................. [ 31%]
..................................... [ 32%]
kmip/tests/unit/core/messages/payloads/test_mac.py ................... [ 32%]
kmip/tests/unit/core/messages/payloads/test_modify_attribute.py ........ [ 33%]
............................ [ 33%]
kmip/tests/unit/core/messages/payloads/test_obtain_lease.py ............ [ 34%]
.......................... [ 34%]
kmip/tests/unit/core/messages/payloads/test_poll.py ............... [ 35%]
kmip/tests/unit/core/messages/payloads/test_query.py ................... [ 35%]
...................................................... [ 37%]
kmip/tests/unit/core/messages/payloads/test_recover.py ................. [ 38%]
............. [ 38%]
kmip/tests/unit/core/messages/payloads/test_register.py ................ [ 38%]
.................................. [ 39%]
kmip/tests/unit/core/messages/payloads/test_rekey.py ................... [ 40%]
........................ [ 41%]
kmip/tests/unit/core/messages/payloads/test_rekey_key_pair.py .......... [ 41%]
. [ 41%]
kmip/tests/unit/core/messages/payloads/test_revoke.py ............ [ 41%]
kmip/tests/unit/core/messages/payloads/test_set_attribute.py ........... [ 42%]
................. [ 42%]
kmip/tests/unit/core/messages/payloads/test_sign.py .................... [ 43%]
..................... [ 43%]
kmip/tests/unit/core/messages/payloads/test_signature_verify.py ........ [ 44%]
.......................................................... [ 45%]
kmip/tests/unit/core/messages/test_messages.py ......................... [ 46%]
.... [ 46%]
kmip/tests/unit/core/misc/test_misc.py ........... [ 47%]
kmip/tests/unit/core/misc/test_server_information.py ................ [ 47%]
kmip/tests/unit/core/objects/test_attribute.py sssss.sssssss..s [ 47%]
kmip/tests/unit/core/objects/test_credentials.py ....................... [ 48%]
........................................................................ [ 50%]
....................................... [ 51%]
kmip/tests/unit/core/objects/test_current_attribute.py ................ [ 52%]
kmip/tests/unit/core/objects/test_extension_information.py ............. [ 52%]
............ [ 53%]
kmip/tests/unit/core/objects/test_new_attribute.py ................ [ 53%]
kmip/tests/unit/core/objects/test_objects.py ........................... [ 54%]
........................................................................ [ 56%]
........................................................................ [ 58%]
........................................................................ [ 60%]
........................................................................ [ 62%]
........................................................... [ 64%]
kmip/tests/unit/core/primitives/test_base.py ..................s.... [ 65%]
kmip/tests/unit/core/primitives/test_big_integer.py .................... [ 65%]
.. [ 65%]
kmip/tests/unit/core/primitives/test_boolean.py ........................ [ 66%]
.. [ 66%]
kmip/tests/unit/core/primitives/test_byte_string.py ................ [ 67%]
kmip/tests/unit/core/primitives/test_date_time.py ...... [ 67%]
kmip/tests/unit/core/primitives/test_enumeration.py .................... [ 67%]
... [ 68%]
kmip/tests/unit/core/primitives/test_integer.py ........................ [ 68%]
......... [ 69%]
kmip/tests/unit/core/primitives/test_interval.py ................... [ 69%]
kmip/tests/unit/core/primitives/test_long_integer.py ................... [ 70%]
........... [ 70%]
kmip/tests/unit/core/primitives/test_text_string.py .............. [ 70%]
kmip/tests/unit/core/secrets/test_certificate.py ............... [ 71%]
kmip/tests/unit/core/secrets/test_split_key.py .s....................... [ 72%]
..... [ 72%]
kmip/tests/unit/core/test_config_helper.py ...... [ 72%]
kmip/tests/unit/core/test_enums.py .................. [ 72%]
kmip/tests/unit/core/test_policy.py ........... [ 73%]
kmip/tests/unit/core/test_utils.py .....s.sssss [ 73%]
kmip/tests/unit/pie/objects/test_application_specific_information.py ... [ 73%]
........ [ 73%]
kmip/tests/unit/pie/objects/test_certificate.py ............. [ 74%]
kmip/tests/unit/pie/objects/test_cryptographic_object.py ..... [ 74%]
kmip/tests/unit/pie/objects/test_key.py ...... [ 74%]
kmip/tests/unit/pie/objects/test_managed_object.py ........ [ 74%]
kmip/tests/unit/pie/objects/test_object_group.py ......... [ 75%]
kmip/tests/unit/pie/objects/test_opaque_object.py ...................... [ 75%]
.. [ 75%]
kmip/tests/unit/pie/objects/test_private_key.py ........................ [ 76%]
........... [ 76%]
kmip/tests/unit/pie/objects/test_public_key.py ......................... [ 77%]
.......... [ 77%]
kmip/tests/unit/pie/objects/test_secret_data.py ........................ [ 78%]
.. [ 78%]
kmip/tests/unit/pie/objects/test_split_key.py ......................... [ 79%]
kmip/tests/unit/pie/objects/test_sqltypes.py ........... [ 79%]
kmip/tests/unit/pie/objects/test_symmetric_key.py ...................... [ 80%]
........... [ 80%]
kmip/tests/unit/pie/objects/test_x509_certificate.py ................... [ 81%]
.... [ 81%]
kmip/tests/unit/pie/test_client.py ..................................... [ 82%]
........................................................................ [ 84%]
..... [ 84%]
kmip/tests/unit/pie/test_exceptions.py ..... [ 84%]
kmip/tests/unit/pie/test_factory.py ......................... [ 85%]
kmip/tests/unit/services/server/auth/test_slugs.py ......... [ 85%]
kmip/tests/unit/services/server/auth/test_utils.py ......... [ 86%]
kmip/tests/unit/services/server/crypto/test_engine.py .................. [ 86%]
........................F.....F.........................FF.............. [ 88%]
...............................FF [ 89%]
kmip/tests/unit/services/server/test_config.py ......................... [ 90%]
. [ 90%]
kmip/tests/unit/services/server/test_engine.py ......................... [ 91%]
..................s..................................................... [ 93%]
........................................................................ [ 95%]
......F........ [ 95%]
kmip/tests/unit/services/server/test_monitor.py ..................... [ 96%]
kmip/tests/unit/services/server/test_policy.py ........ [ 96%]
kmip/tests/unit/services/server/test_server.py ........ [ 97%]
kmip/tests/unit/services/server/test_session.py .................... [ 97%]
kmip/tests/unit/services/test_auth.py .......... [ 97%]
kmip/tests/unit/services/test_kmip_client.py ........................... [ 98%]
..................................... [ 99%]
kmip/tests/unit/services/test_kmip_protocol.py ...... [ 99%]
kmip/tests/unit/test_kmip.py . [100%]
=================================== FAILURES ===================================
________ TestCryptographyEngine.test_verify_signature_invalid_signature ________
'NoneType' object is not iterable
During handling of the above exception, another exception occurred:
NOTE: Incompatible Exception Representation, displaying natively:
testtools.testresult.real._StringException: Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1492, in
verify_signature
public_key = backend.load_der_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_der_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1495, in
verify_signature
public_key = backend.load_pem_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_pem_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File
"/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/crypto/test_engine.py", line
1187, in test_verify_signature_invalid_signature
engine.verify_signature(*args, **kwargs)
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1497, in
verify_signature
raise exceptions.CryptographicFailure(
kmip.core.exceptions.CryptographicFailure: The signing key bytes could not be
loaded.
__ TestCryptographyEngine.test_verify_signature_unexpected_verification_error __
'NoneType' object is not iterable
During handling of the above exception, another exception occurred:
NOTE: Incompatible Exception Representation, displaying natively:
testtools.testresult.real._StringException: Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1492, in
verify_signature
public_key = backend.load_der_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_der_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1495, in
verify_signature
public_key = backend.load_pem_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_pem_public_key'
During handling of the above exception, another exception occurred:
kmip.core.exceptions.CryptographicFailure: The signing key bytes could not be
loaded.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File
"/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/crypto/test_engine.py", line
1225, in test_verify_signature_unexpected_verification_error
self.assertRaisesRegex(
File "/usr/lib/python3.12/unittest/case.py", line 1316, in assertRaisesRegex
return context.handle('assertRaisesRegex', args, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/unittest/case.py", line 237, in handle
with self:
File "/usr/lib/python3.12/unittest/case.py", line 276, in __exit__
self._raiseFailure('"{}" does not match "{}"'.format(
File "/usr/lib/python3.12/unittest/case.py", line 200, in _raiseFailure
raise self.test_case.failureException(msg)
AssertionError: "The signature verification process failed." does not match "The
signing key bytes could not be loaded."
___________ test_encrypt_decrypt_asymmetric[asymmetric_parameters0] ____________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3550d0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key =
b'0\x81\x89\x02\x81\x81\x00\xa8\xb3\xb2\x84\xaf\x8e\xb5\x0b8p4\xa8`\xf1F\xc4\x91\x9f1\x87c\xcdlU\x98\xc8\xaeH\x11\xa1\...f79-\xd3\xaa\xff\x93\xae\x1ekf{\xb3\xd4$v\x16\xd4\xf5\xba\x10\xd4\xcf\xd2&\xde\x88\xd3\x9f\x16\xfb\x02\x03\x01\x00\x01'
plain_text =
b'f(\x19N\x12\x07=\xb0;\xa9L\xda\x9e\xf9S#\x97\xd5\r\xbay\xb9\x87\x00J\xfe\xfe4'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.OAEP object at
0x7fe2fc355160>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute
'load_der_public_key'
kmip/services/server/crypto/engine.py:591: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3550d0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key =
b'0\x81\x89\x02\x81\x81\x00\xa8\xb3\xb2\x84\xaf\x8e\xb5\x0b8p4\xa8`\xf1F\xc4\x91\x9f1\x87c\xcdlU\x98\xc8\xaeH\x11\xa1\...f79-\xd3\xaa\xff\x93\xae\x1ekf{\xb3\xd4$v\x16\xd4\xf5\xba\x10\xd4\xcf\xd2&\xde\x88\xd3\x9f\x16\xfb\x02\x03\x01\x00\x01'
plain_text =
b'f(\x19N\x12\x07=\xb0;\xa9L\xda\x9e\xf9S#\x97\xd5\r\xbay\xb9\x87\x00J\xfe\xfe4'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.OAEP object at
0x7fe2fc355160>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute
'load_pem_public_key'
kmip/services/server/crypto/engine.py:594: AttributeError
During handling of the above exception, another exception occurred:
asymmetric_parameters = {'algorithm': <CryptographicAlgorithm.RSA: 4>, 'encoding':
<Encoding.DER: 'DER'>, 'hashing_algorithm': <HashingAlgorithm.SHA_1: 4>, 'padding_method':
<PaddingMethod.OAEP: 2>, ...}
def test_encrypt_decrypt_asymmetric(asymmetric_parameters):
"""
Test that various encryption/decryption algorithms can be used to
correctly asymmetrically encrypt data.
"""
# NOTE (peter-hamilton) Randomness included in RSA padding schemes
# makes it impossible to unit test just encryption; it's not possible
# to predict the cipher text. Instead, we test the encrypt/decrypt
# cycle to ensure that they correctly mirror each other.
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
asymmetric_parameters.get('public_key').get('e'),
asymmetric_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
asymmetric_parameters.get('encoding'),
serialization.PublicFormat.PKCS1
)
private_key_numbers = rsa.RSAPrivateNumbers(
p=asymmetric_parameters.get('private_key').get('p'),
q=asymmetric_parameters.get('private_key').get('q'),
d=asymmetric_parameters.get('private_key').get('d'),
dmp1=asymmetric_parameters.get('private_key').get('dmp1'),
dmq1=asymmetric_parameters.get('private_key').get('dmq1'),
iqmp=asymmetric_parameters.get('private_key').get('iqmp'),
public_numbers=public_key_numbers
)
private_key = private_key_numbers.private_key(backend)
private_bytes = private_key.private_bytes(
asymmetric_parameters.get('encoding'),
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption()
)
engine = crypto.CryptographyEngine()
result = engine.encrypt(
asymmetric_parameters.get('algorithm'),
public_bytes,
asymmetric_parameters.get('plain_text'),
padding_method=asymmetric_parameters.get('padding_method'),
hashing_algorithm=asymmetric_parameters.get('hashing_algorithm')
)
kmip/tests/unit/services/server/crypto/test_engine.py:1752:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
kmip/services/server/crypto/engine.py:371: in encrypt
return self._encrypt_asymmetric(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3550d0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key =
b'0\x81\x89\x02\x81\x81\x00\xa8\xb3\xb2\x84\xaf\x8e\xb5\x0b8p4\xa8`\xf1F\xc4\x91\x9f1\x87c\xcdlU\x98\xc8\xaeH\x11\xa1\...f79-\xd3\xaa\xff\x93\xae\x1ekf{\xb3\xd4$v\x16\xd4\xf5\xba\x10\xd4\xcf\xd2&\xde\x88\xd3\x9f\x16\xfb\x02\x03\x01\x00\x01'
plain_text =
b'f(\x19N\x12\x07=\xb0;\xa9L\xda\x9e\xf9S#\x97\xd5\r\xbay\xb9\x87\x00J\xfe\xfe4'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.OAEP object at
0x7fe2fc355160>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
except Exception:
raise exceptions.CryptographicFailure(
"The public key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The public key
bytes could not be loaded.
kmip/services/server/crypto/engine.py:596: CryptographicFailure
___________ test_encrypt_decrypt_asymmetric[asymmetric_parameters1] ____________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15
object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute
'load_der_public_key'
kmip/services/server/crypto/engine.py:591: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15
object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute
'load_pem_public_key'
kmip/services/server/crypto/engine.py:594: AttributeError
During handling of the above exception, another exception occurred:
asymmetric_parameters = {'algorithm': <CryptographicAlgorithm.RSA: 4>, 'encoding':
<Encoding.PEM: 'PEM'>, 'padding_method': <PaddingMethod.PKCS1v15: 8>, 'plain_text':
b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7', ...}
def test_encrypt_decrypt_asymmetric(asymmetric_parameters):
"""
Test that various encryption/decryption algorithms can be used to
correctly asymmetrically encrypt data.
"""
# NOTE (peter-hamilton) Randomness included in RSA padding schemes
# makes it impossible to unit test just encryption; it's not possible
# to predict the cipher text. Instead, we test the encrypt/decrypt
# cycle to ensure that they correctly mirror each other.
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
asymmetric_parameters.get('public_key').get('e'),
asymmetric_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
asymmetric_parameters.get('encoding'),
serialization.PublicFormat.PKCS1
)
private_key_numbers = rsa.RSAPrivateNumbers(
p=asymmetric_parameters.get('private_key').get('p'),
q=asymmetric_parameters.get('private_key').get('q'),
d=asymmetric_parameters.get('private_key').get('d'),
dmp1=asymmetric_parameters.get('private_key').get('dmp1'),
dmq1=asymmetric_parameters.get('private_key').get('dmq1'),
iqmp=asymmetric_parameters.get('private_key').get('iqmp'),
public_numbers=public_key_numbers
)
private_key = private_key_numbers.private_key(backend)
private_bytes = private_key.private_bytes(
asymmetric_parameters.get('encoding'),
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption()
)
engine = crypto.CryptographyEngine()
result = engine.encrypt(
asymmetric_parameters.get('algorithm'),
public_bytes,
asymmetric_parameters.get('plain_text'),
padding_method=asymmetric_parameters.get('padding_method'),
hashing_algorithm=asymmetric_parameters.get('hashing_algorithm')
)
kmip/tests/unit/services/server/crypto/test_engine.py:1752:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
kmip/services/server/crypto/engine.py:371: in encrypt
return self._encrypt_asymmetric(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15
object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
except Exception:
raise exceptions.CryptographicFailure(
"The public key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The public key
bytes could not be loaded.
kmip/services/server/crypto/engine.py:596: CryptographicFailure
_________________ test_verify_signature[signature_parameters0] _________________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37e0f0>
signing_key =
b'0\x81\x89\x02\x81\x81\x00\xa5nJ\x0ep\x10\x17X\x9aQ\x87\xdc~\xa8A\xd1V\xf2\xec\x0e6\xadR\xa4M\xfe\xb1\xe6\x1fz\xd9\x9...f1\x05\xac\xc2\xd3\xf0\xcb5\xf2\x92\x80\xe18kod\xc4\xef"\xe1\xe1\xf2\r\x0c\xe8\xcf\xfb"I\xbd\x9a!7\x02\x03\x01\x00\x01'
message =
b'\xcd\xc8}\xa2#\xd7\x86\xdf;E\xe0\xbb\xbcr\x13&\xd1\xee*\xf8\x06\xcc1Tu\xcco\r\x9cf\xe1\xb6#q\xd4\\\xe29.\x1a\xc9(D\x...\xca\xb2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0'
signature =
b'k\xc3\xa0fV\x84)0\xa2G\xe3\rXd\xb4\xd8\x19#k\xa7\xc6\x89e\x86*\xd7\xdb\xc4\xe2J\xf2\x8e\x86\xbbS\x1f\x035\x8b\xe5\xf...d\x13\xe4r\xd1I\x05G\xc6Y\xc7a\x7f=$\x08}\xdbo+r\tag\xfc\t|\xab\x18\xe9\xa4X\xfc\xb64\xcd\xce\x8e\xe3X\x94\xc4\x84\xd7'
padding_method = <PaddingMethod.PKCS1v15: 8>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
digital_signature_algorithm = None
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute
'load_der_public_key'
kmip/services/server/crypto/engine.py:1492: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37e0f0>
signing_key =
b'0\x81\x89\x02\x81\x81\x00\xa5nJ\x0ep\x10\x17X\x9aQ\x87\xdc~\xa8A\xd1V\xf2\xec\x0e6\xadR\xa4M\xfe\xb1\xe6\x1fz\xd9\x9...f1\x05\xac\xc2\xd3\xf0\xcb5\xf2\x92\x80\xe18kod\xc4\xef"\xe1\xe1\xf2\r\x0c\xe8\xcf\xfb"I\xbd\x9a!7\x02\x03\x01\x00\x01'
message =
b'\xcd\xc8}\xa2#\xd7\x86\xdf;E\xe0\xbb\xbcr\x13&\xd1\xee*\xf8\x06\xcc1Tu\xcco\r\x9cf\xe1\xb6#q\xd4\\\xe29.\x1a\xc9(D\x...\xca\xb2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0'
signature =
b'k\xc3\xa0fV\x84)0\xa2G\xe3\rXd\xb4\xd8\x19#k\xa7\xc6\x89e\x86*\xd7\xdb\xc4\xe2J\xf2\x8e\x86\xbbS\x1f\x035\x8b\xe5\xf...d\x13\xe4r\xd1I\x05G\xc6Y\xc7a\x7f=$\x08}\xdbo+r\tag\xfc\t|\xab\x18\xe9\xa4X\xfc\xb64\xcd\xce\x8e\xe3X\x94\xc4\x84\xd7'
padding_method = <PaddingMethod.PKCS1v15: 8>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
digital_signature_algorithm = None
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
except Exception:
try:
public_key = backend.load_pem_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute
'load_pem_public_key'
kmip/services/server/crypto/engine.py:1495: AttributeError
During handling of the above exception, another exception occurred:
signature_parameters = {'digital_signature_algorithm': None, 'encoding': <Encoding.DER:
'DER'>, 'hashing_algorithm':
<HashingAlgorithm.SHA_1:...b2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0',
...}
def test_verify_signature(signature_parameters):
"""
Test that various signature verification methods and settings can be
used
to correctly verify signatures.
"""
engine = crypto.CryptographyEngine()
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
signature_parameters.get('public_key').get('e'),
signature_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
signature_parameters.get('encoding'),
serialization.PublicFormat.PKCS1
)
result = engine.verify_signature(
signing_key=public_bytes,
message=signature_parameters.get('message'),
signature=signature_parameters.get('signature'),
padding_method=signature_parameters.get('padding_method'),
signing_algorithm=signature_parameters.get('signing_algorithm'),
hashing_algorithm=signature_parameters.get('hashing_algorithm'),
digital_signature_algorithm=signature_parameters.get(
'digital_signature_algorithm'
)
)
kmip/tests/unit/services/server/crypto/test_engine.py:2938:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37e0f0>
signing_key =
b'0\x81\x89\x02\x81\x81\x00\xa5nJ\x0ep\x10\x17X\x9aQ\x87\xdc~\xa8A\xd1V\xf2\xec\x0e6\xadR\xa4M\xfe\xb1\xe6\x1fz\xd9\x9...f1\x05\xac\xc2\xd3\xf0\xcb5\xf2\x92\x80\xe18kod\xc4\xef"\xe1\xe1\xf2\r\x0c\xe8\xcf\xfb"I\xbd\x9a!7\x02\x03\x01\x00\x01'
message =
b'\xcd\xc8}\xa2#\xd7\x86\xdf;E\xe0\xbb\xbcr\x13&\xd1\xee*\xf8\x06\xcc1Tu\xcco\r\x9cf\xe1\xb6#q\xd4\\\xe29.\x1a\xc9(D\x...\xca\xb2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0'
signature =
b'k\xc3\xa0fV\x84)0\xa2G\xe3\rXd\xb4\xd8\x19#k\xa7\xc6\x89e\x86*\xd7\xdb\xc4\xe2J\xf2\x8e\x86\xbbS\x1f\x035\x8b\xe5\xf...d\x13\xe4r\xd1I\x05G\xc6Y\xc7a\x7f=$\x08}\xdbo+r\tag\xfc\t|\xab\x18\xe9\xa4X\xfc\xb64\xcd\xce\x8e\xe3X\x94\xc4\x84\xd7'
padding_method = <PaddingMethod.PKCS1v15: 8>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
digital_signature_algorithm = None
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
except Exception:
try:
public_key = backend.load_pem_public_key(signing_key)
except Exception:
raise exceptions.CryptographicFailure(
"The signing key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The signing key
bytes could not be loaded.
kmip/services/server/crypto/engine.py:1497: CryptographicFailure
_________________ test_verify_signature[signature_parameters1] _________________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37f1a0>
signing_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAKwT2f2ue3M1tpzZhWfpZH2Zvzc6ngXONDXWZGXzKLf3M0t5Ku5++gRO\nvEx6MLIaXXqJzbOjDf...9T+00pRBvxt+1svdSkf5JSJp\n4WRvbBruBRTpP2y533HQbAYKIQS0e3JgrDfBBoYdx4ylol+qnLLjAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
message =
b"\xe1\xc0\xf9\x8dS\xf8\xf8\xb1A\x90W\xd5\xb9\xb1\x0b\x07\xfe\xea\xec2\xc0F:Mh8/S\x1b\xa1\xd6\xcf\xe4\xed8\xa2iJ4\xb9\...3\xca\xe1?\xc5\xc6e\x08\xcf\xb7#x\xfd\xd6\xc8\xde$\x97e\x10<\xe8\xfe|\xd3:\xd0\xef\x16\x86\xfe\xb2^j5\xfbd\xe0\x96\xa4"
signature =
b'\x01\xf6\xe5\xff\x04"\x1a\xdcl/"\xa7a\x05;\xc4s\'e\xdd\xdc?vV\xd0\xd1"\xad;\x8aNO\x8f\xe5[\xd0\xc0\x9e\xb1\x07\x80\x...\xea\xa2\x8au\x8c\xa94\xf2\xff\x16\x98\x8f\xe8_\xf8AW\xd9QD\x8a\x85\xec\x1e\xd1q\xf9\xef\x8b\xb8\xa1\x0c\xfa\x14{~\xf8'
padding_method = <PaddingMethod.PSS: 10>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>, hashing_algorithm = None
digital_signature_algorithm = <DigitalSignatureAlgorithm.SHA1_WITH_RSA_ENCRYPTION:
3>
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute
'load_der_public_key'
kmip/services/server/crypto/engine.py:1492: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37f1a0>
signing_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAKwT2f2ue3M1tpzZhWfpZH2Zvzc6ngXONDXWZGXzKLf3M0t5Ku5++gRO\nvEx6MLIaXXqJzbOjDf...9T+00pRBvxt+1svdSkf5JSJp\n4WRvbBruBRTpP2y533HQbAYKIQS0e3JgrDfBBoYdx4ylol+qnLLjAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
message =
b"\xe1\xc0\xf9\x8dS\xf8\xf8\xb1A\x90W\xd5\xb9\xb1\x0b\x07\xfe\xea\xec2\xc0F:Mh8/S\x1b\xa1\xd6\xcf\xe4\xed8\xa2iJ4\xb9\...3\xca\xe1?\xc5\xc6e\x08\xcf\xb7#x\xfd\xd6\xc8\xde$\x97e\x10<\xe8\xfe|\xd3:\xd0\xef\x16\x86\xfe\xb2^j5\xfbd\xe0\x96\xa4"
signature =
b'\x01\xf6\xe5\xff\x04"\x1a\xdcl/"\xa7a\x05;\xc4s\'e\xdd\xdc?vV\xd0\xd1"\xad;\x8aNO\x8f\xe5[\xd0\xc0\x9e\xb1\x07\x80\x...\xea\xa2\x8au\x8c\xa94\xf2\xff\x16\x98\x8f\xe8_\xf8AW\xd9QD\x8a\x85\xec\x1e\xd1q\xf9\xef\x8b\xb8\xa1\x0c\xfa\x14{~\xf8'
padding_method = <PaddingMethod.PSS: 10>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>, hashing_algorithm = None
digital_signature_algorithm = <DigitalSignatureAlgorithm.SHA1_WITH_RSA_ENCRYPTION:
3>
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
except Exception:
try:
public_key = backend.load_pem_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute
'load_pem_public_key'
kmip/services/server/crypto/engine.py:1495: AttributeError
During handling of the above exception, another exception occurred:
signature_parameters = {'digital_signature_algorithm':
<DigitalSignatureAlgorithm.SHA1_WITH_RSA_ENCRYPTION: 3>, 'encoding': <Encoding.PEM:
'P...xe1?\xc5\xc6e\x08\xcf\xb7#x\xfd\xd6\xc8\xde$\x97e\x10<\xe8\xfe|\xd3:\xd0\xef\x16\x86\xfe\xb2^j5\xfbd\xe0\x96\xa4",
...}
def test_verify_signature(signature_parameters):
"""
Test that various signature verification methods and settings can be
used
to correctly verify signatures.
"""
engine = crypto.CryptographyEngine()
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
signature_parameters.get('public_key').get('e'),
signature_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
signature_parameters.get('encoding'),
serialization.PublicFormat.PKCS1
)
result = engine.verify_signature(
signing_key=public_bytes,
message=signature_parameters.get('message'),
signature=signature_parameters.get('signature'),
padding_method=signature_parameters.get('padding_method'),
signing_algorithm=signature_parameters.get('signing_algorithm'),
hashing_algorithm=signature_parameters.get('hashing_algorithm'),
digital_signature_algorithm=signature_parameters.get(
'digital_signature_algorithm'
)
)
kmip/tests/unit/services/server/crypto/test_engine.py:2938:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at
0x7fe2fc37f1a0>
signing_key = b'-----BEGIN RSA PUBLIC
KEY-----\nMIGJAoGBAKwT2f2ue3M1tpzZhWfpZH2Zvzc6ngXONDXWZGXzKLf3M0t5Ku5++gRO\nvEx6MLIaXXqJzbOjDf...9T+00pRBvxt+1svdSkf5JSJp\n4WRvbBruBRTpP2y533HQbAYKIQS0e3JgrDfBBoYdx4ylol+qnLLjAgMBAAE=\n-----END
RSA PUBLIC KEY-----\n'
message =
b"\xe1\xc0\xf9\x8dS\xf8\xf8\xb1A\x90W\xd5\xb9\xb1\x0b\x07\xfe\xea\xec2\xc0F:Mh8/S\x1b\xa1\xd6\xcf\xe4\xed8\xa2iJ4\xb9\...3\xca\xe1?\xc5\xc6e\x08\xcf\xb7#x\xfd\xd6\xc8\xde$\x97e\x10<\xe8\xfe|\xd3:\xd0\xef\x16\x86\xfe\xb2^j5\xfbd\xe0\x96\xa4"
signature =
b'\x01\xf6\xe5\xff\x04"\x1a\xdcl/"\xa7a\x05;\xc4s\'e\xdd\xdc?vV\xd0\xd1"\xad;\x8aNO\x8f\xe5[\xd0\xc0\x9e\xb1\x07\x80\x...\xea\xa2\x8au\x8c\xa94\xf2\xff\x16\x98\x8f\xe8_\xf8AW\xd9QD\x8a\x85\xec\x1e\xd1q\xf9\xef\x8b\xb8\xa1\x0c\xfa\x14{~\xf8'
padding_method = <PaddingMethod.PSS: 10>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>, hashing_algorithm = None
digital_signature_algorithm = <DigitalSignatureAlgorithm.SHA1_WITH_RSA_ENCRYPTION:
3>
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
except Exception:
try:
public_key = backend.load_pem_public_key(signing_key)
except Exception:
raise exceptions.CryptographicFailure(
"The signing key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The signing key
bytes could not be loaded.
kmip/services/server/crypto/engine.py:1497: CryptographicFailure
_____________________ TestKmipEngine.test_signature_verify _____________________
'NoneType' object is not iterable
During handling of the above exception, another exception occurred:
NOTE: Incompatible Exception Representation, displaying natively:
testtools.testresult.real._StringException: Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1492, in
verify_signature
public_key = backend.load_der_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_der_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1495, in
verify_signature
public_key = backend.load_pem_public_key(signing_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Backend' object has no attribute 'load_pem_public_key'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/test_engine.py", line
10944, in test_signature_verify
response_payload = e._process_signature_verify(payload)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/<<PKGBUILDDIR>>/kmip/services/server/engine.py", line 154, in wrapper
return function(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/<<PKGBUILDDIR>>/kmip/services/server/engine.py", line 3077, in
_process_signature_verify
result = self._cryptography_engine.verify_signature(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py", line 1497, in
verify_signature
raise exceptions.CryptographicFailure(
kmip.core.exceptions.CryptographicFailure: The signing key bytes could not be
loaded.
=============================== warnings summary ===============================
kmip/pie/sqltypes.py:24
/<<PKGBUILDDIR>>/kmip/pie/sqltypes.py:24: MovedIn20Warning: Deprecated API features
detected! These feature(s) are not compatible with SQLAlchemy 2.0. To prevent incompatible upgrades
prior to updating applications, ensure requirements files are pinned to "sqlalchemy<2.0".
Set environment variable SQLALCHEMY_WARN_20=1 to show all deprecation warnings. Set environment
variable SQLALCHEMY_SILENCE_UBER_WARNING=1 to silence this message. (Background on SQLAlchemy 2.0 at:
https://sqlalche.me/e/b8d9)
Base = declarative_base()
kmip/tests/unit/pie/objects/test_certificate.py:22
/<<PKGBUILDDIR>>/kmip/tests/unit/pie/objects/test_certificate.py:22: SAWarning:
Mapper mapped class DummyCertificate->certificates does not indicate a
polymorphic_identity, yet is part of an inheritance hierarchy that has a polymorphic_on column
of 'managed_objects.class_type'. Objects of this type cannot be loaded polymorphically which
can lead to degraded or incorrect loading behavior in some scenarios. Please establish a
polmorphic_identity for this class, or leave it un-mapped. To omit mapping an intermediary
class when using declarative, set the '__abstract__ = True' attribute on that class.
class DummyCertificate(objects.Certificate):
kmip/tests/unit/pie/objects/test_cryptographic_object.py:22
/<<PKGBUILDDIR>>/kmip/tests/unit/pie/objects/test_cryptographic_object.py:22:
SAWarning: Mapper mapped class DummyCryptographicObject->crypto_objects does not indicate a
polymorphic_identity, yet is part of an inheritance hierarchy that has a polymorphic_on column
of 'managed_objects.class_type'. Objects of this type cannot be loaded polymorphically which
can lead to degraded or incorrect loading behavior in some scenarios. Please establish a
polmorphic_identity for this class, or leave it un-mapped. To omit mapping an intermediary
class when using declarative, set the '__abstract__ = True' attribute on that class.
class DummyCryptographicObject(CryptographicObject):
kmip/tests/unit/pie/objects/test_key.py:22
/<<PKGBUILDDIR>>/kmip/tests/unit/pie/objects/test_key.py:22: SAWarning: Mapper
mapped class DummyKey->keys does not indicate a polymorphic_identity, yet is part of an
inheritance hierarchy that has a polymorphic_on column of 'managed_objects.class_type'.
Objects of this type cannot be loaded polymorphically which can lead to degraded or incorrect
loading behavior in some scenarios. Please establish a polmorphic_identity for this class, or
leave it un-mapped. To omit mapping an intermediary class when using declarative, set the
'__abstract__ = True' attribute on that class.
class DummyKey(Key):
kmip/tests/unit/pie/objects/test_managed_object.py:21
/<<PKGBUILDDIR>>/kmip/tests/unit/pie/objects/test_managed_object.py:21:
SAWarning: Mapper mapped class DummyManagedObject->managed_objects does not indicate a
polymorphic_identity, yet is part of an inheritance hierarchy that has a polymorphic_on column
of 'managed_objects.class_type'. Objects of this type cannot be loaded polymorphically which
can lead to degraded or incorrect loading behavior in some scenarios. Please establish a
polmorphic_identity for this class, or leave it un-mapped. To omit mapping an intermediary
class when using declarative, set the '__abstract__ = True' attribute on that class.
class DummyManagedObject(ManagedObject):
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:117:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow()
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:119:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow() + datetime.timedelta(days=1)
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:134:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow()
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:136:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow() + datetime.timedelta(days=1)
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:148:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow()
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_certificate_from_connection_with_load_failure
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_multiple_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_client_identity_from_certificate_no_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_common_names_from_certificate_no_common_names
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate
kmip/tests/unit/services/server/auth/test_utils.py::TestUtils::test_get_extended_key_usage_from_certificate_with_no_extension
/<<PKGBUILDDIR>>/kmip/tests/unit/services/server/auth/test_utils.py:150:
DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a
future version. Use timezone-aware objects to represent datetimes in UTC:
datetime.datetime.now(datetime.UTC).
datetime.datetime.utcnow() + datetime.timedelta(days=1)
kmip/tests/unit/services/server/crypto/test_engine.py: 123 warnings
kmip/tests/unit/services/server/test_engine.py: 183 warnings
kmip/tests/unit/services/server/test_session.py: 8 warnings
/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py:54:
CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a
future release
enums.CryptographicAlgorithm.BLOWFISH: algorithms.Blowfish,
kmip/tests/unit/services/server/crypto/test_engine.py: 123 warnings
kmip/tests/unit/services/server/test_engine.py: 183 warnings
kmip/tests/unit/services/server/test_session.py: 8 warnings
/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py:56:
CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future
release
enums.CryptographicAlgorithm.CAST5: algorithms.CAST5,
kmip/tests/unit/services/server/crypto/test_engine.py: 123 warnings
kmip/tests/unit/services/server/test_engine.py: 183 warnings
kmip/tests/unit/services/server/test_session.py: 8 warnings
/<<PKGBUILDDIR>>/kmip/services/server/crypto/engine.py:57:
CryptographyDeprecationWarning: IDEA has been deprecated and will be removed in a future
release
enums.CryptographicAlgorithm.IDEA: algorithms.IDEA,
kmip/tests/unit/services/server/test_engine.py: 94 warnings
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:441: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
).one()[0]
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_certificate_type
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:678: SAWarning: TypeDecorator
UsageMaskType() will not produce a cache key because the ``cache_ok`` attribute is not set
to True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.certificate_type
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_certificate_type
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:678: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.certificate_type
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_algorithm
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:670: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_algorithm
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_algorithm
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:670: SAWarning: TypeDecorator
UsageMaskType() will not produce a cache key because the ``cache_ok`` attribute is not set
to True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_algorithm
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_length
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:672: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_length
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_length
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:672: SAWarning: TypeDecorator
UsageMaskType() will not produce a cache key because the ``cache_ok`` attribute is not set
to True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_length
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_usage_masks
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:700: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_usage_masks
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_cryptographic_usage_masks
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:700: SAWarning: TypeDecorator
UsageMaskType() will not produce a cache key because the ``cache_ok`` attribute is not set
to True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.cryptographic_usage_masks
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_state
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:706: SAWarning: TypeDecorator
EnumType() will not produce a cache key because the ``cache_ok`` attribute is not set to
True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.state
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_locate_with_state
/<<PKGBUILDDIR>>/kmip/services/server/engine.py:706: SAWarning: TypeDecorator
UsageMaskType() will not produce a cache key because the ``cache_ok`` attribute is not set
to True. This can have significant performance implications including some performance
degradations in comparison to prior SQLAlchemy versions. Set this attribute to True if
this type object's state is safe to use in a cache key, or False to disable this warning.
(Background on this error at: https://sqlalche.me/e/14/cprf)
return managed_object.state
kmip/tests/unit/services/server/test_server.py::TestKmipServer::test_start
kmip/tests/unit/services/server/test_server.py::TestKmipServer::test_start
/<<PKGBUILDDIR>>/kmip/services/server/server.py:290: DeprecationWarning:
ssl.PROTOCOL_TLSv1 is deprecated
context = ssl.SSLContext(self.auth_suite.protocol if
self.auth_suite.protocol else ssl.PROTOCOL_TLS_SERVER)
kmip/tests/unit/services/test_kmip_client.py::TestKMIPClient::test_socket_ssl_wrap
/<<PKGBUILDDIR>>/kmip/services/kmip_client.py:288: DeprecationWarning:
ssl.PROTOCOL_TLS is deprecated
context = ssl.SSLContext(self.ssl_version)
-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::TestCryptographyEngine::test_verify_signature_invalid_signature
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::TestCryptographyEngine::test_verify_signature_unexpected_verification_error
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::test_encrypt_decrypt_asymmetric[asymmetric_parameters0]
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::test_encrypt_decrypt_asymmetric[asymmetric_parameters1]
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::test_verify_signature[signature_parameters0]
FAILED
kmip/tests/unit/services/server/crypto/test_engine.py::test_verify_signature[signature_parameters1]
FAILED
kmip/tests/unit/services/server/test_engine.py::TestKmipEngine::test_signature_verify
===== 7 failed, 3352 passed, 35 skipped, 1108 warnings in 60.60s (0:01:00) =====
make[1]: *** [debian/rules:22: override_dh_auto_test] Error 1
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
make: *** [debian/rules:7: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
--------------------------------------------------------------------------------
The above is just how the build ends and not necessarily the most relevant part.
If required, the full build log is available here:
https://people.debian.org/~sanvila/build-logs/202403/
About the archive rebuild: The build was made on virtual machines
of type m6a.large from AWS, using sbuild and a reduced chroot
with only build-essential packages.
If you could not reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.
If this is really a bug in one of the build-depends, please use
reassign and affects, so that this is still visible in the BTS web
page for this package.
Thanks.
