From e98034856d66cee99d95c9189c724373fa0172b2 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Thu, 23 Dec 2021 21:55:53 +0000 Subject: [PATCH] Annotations for tests, part 2 (#728) * Annotations for test_encoding * Annotations for test_exc * Annotations for test_generichash Only fix here was to add an assertion to some bare equality tests. The other changes are just clarifications. * Annotations for test_hash * Annotations for test_hashlib_scrypt * Annotations for test_kx * Annotations for test_public * Annotations for test_pwhash * Don't use TypedDict This doesn't exist in the stdbib until Python 3.8, and I don't think it's worth the faff to pull in `typing_extensions` just to annotate test source code. --- pyproject.toml | 16 ++++++ tests/test_encoding.py | 2 +- tests/test_exc.py | 21 ++++++- tests/test_generichash.py | 83 +++++++++++++++++++--------- tests/test_hash.py | 10 ++-- tests/test_hashlib_scrypt.py | 10 +++- tests/test_kx.py | 9 +-- tests/test_public.py | 8 +-- tests/test_pwhash.py | 103 +++++++++++++++++++++++------------ 9 files changed, 184 insertions(+), 78 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index d49a14fb..ac5c91ac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -45,6 +45,14 @@ files = [ "tests/test_aead.py", "tests/test_bindings.py", "tests/test_box.py", + "tests/test_encoding.py", + "tests/test_exc.py", + "tests/test_generichash.py", + "tests/test_hash.py", + "tests/test_hashlib_scrypt.py", + "tests/test_kx.py", + "tests/test_public.py", + "tests/test_pwhash.py", "tests/test_signing.py", "tests/utils.py", ] @@ -78,6 +86,14 @@ module = [ "tests.test_aead", "tests.test_bindings", "tests.test_box", + "tests.test_encoding", + "tests.test_exc", + "tests.test_generichash", + "tests.test_hash", + "tests.test_hashlib_scrypt", + "tests.test_kx", + "tests.test_public", + "tests.test_pwhash", "tests.test_signing", ] # Some library helpers types' involve `Any`, in particular `pytest.mark.parameterize` diff --git a/tests/test_encoding.py b/tests/test_encoding.py index 2b20f309..4bee2b68 100644 --- a/tests/test_encoding.py +++ b/tests/test_encoding.py @@ -74,7 +74,7 @@ @pytest.mark.parametrize(("encoder", "ciphertext"), VECTORS) -def test_encoders(encoder, ciphertext): +def test_encoders(encoder: nacl.encoding.Encoder, ciphertext: bytes): box = nacl.secret.SecretBox(KEY) test_ciphertext = box.encrypt(TEXT, NONCE, encoder=encoder) diff --git a/tests/test_exc.py b/tests/test_exc.py index cc8609ef..727c19c1 100644 --- a/tests/test_exc.py +++ b/tests/test_exc.py @@ -22,20 +22,35 @@ class CustomError(exc.CryptoError): pass +# Type safety: mypy can spot comparisons that will always evaluate to False, and the +# bad argument type. Suppress these: we want to test these are detected at runtime. + + def test_exceptions_ensure_with_true_condition(): exc.ensure(1 == 1, "one equals one") def test_exceptions_ensure_with_false_condition(): with pytest.raises(exc.AssertionError): - exc.ensure(1 == 0, "one is not zero", raising=exc.AssertionError) + exc.ensure( + 1 == 0, # type: ignore[comparison-overlap] + "one is not zero", + raising=exc.AssertionError, + ) def test_exceptions_ensure_with_unwanted_kwarg(): with pytest.raises(exc.TypeError): - exc.ensure(1 == 1, unexpected="unexpected") + exc.ensure( + 1 == 1, + unexpected="unexpected", # type: ignore[arg-type] + ) def test_exceptions_ensure_custom_exception(): with pytest.raises(CustomError): - exc.ensure(1 == 0, "Raising a CustomError", raising=CustomError) + exc.ensure( + 1 == 0, # type: ignore[comparison-overlap] + "Raising a CustomError", + raising=CustomError, + ) diff --git a/tests/test_generichash.py b/tests/test_generichash.py index 0ae3f281..d066c9f1 100644 --- a/tests/test_generichash.py +++ b/tests/test_generichash.py @@ -12,11 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. - import binascii import copy import json import os +from typing import AnyStr, Dict, List, Tuple, Union import pytest @@ -36,23 +36,29 @@ ] -def generichash_vectors(): +def generichash_vectors() -> List[Tuple[bytes, bytes, bytes, bytes]]: # Format: DATA = "crypto-test-vectors-blake2-nosalt-nopersonalization.txt" - return read_crypto_test_vectors(DATA, delimiter=b"\t") + # Type safety: read_crypto_test_vectors returns an arbitrary length tuple, but we + # know this file's test entries contain exactly four fields. + return read_crypto_test_vectors(DATA, delimiter=b"\t") # type: ignore[return-value] -def blake2_salt_pers_vectors(): +def blake2_salt_pers_vectors() -> List[ + Tuple[bytes, bytes, bytes, bytes, bytes, bytes] +]: # Format: # DATA = "crypto-test-vectors-blake2-salt-personalization.txt" - return read_crypto_test_vectors(DATA, delimiter=b"\t") + # Type safety: read_crypto_test_vectors returns an arbitrary length tuple, but we + # know this file's test entries contain exactly six fields. + return read_crypto_test_vectors(DATA, delimiter=b"\t") # type: ignore[return-value] -def blake2_reference_vectors(): +def blake2_reference_vectors() -> List[Tuple[str, str, int, str]]: DATA = "blake2-kat.json" path = os.path.join(os.path.dirname(__file__), "data", DATA) - jvectors = json.load(open(path)) + jvectors: List[Dict[str, str]] = json.load(open(path)) vectors = [ (x["in"], x["key"], len(x["out"]) // 2, x["out"]) for x in jvectors @@ -64,13 +70,15 @@ def blake2_reference_vectors(): @pytest.mark.parametrize( ["message", "key", "outlen", "output"], generichash_vectors() ) -def test_generichash(message, key, outlen, output): +def test_generichash( + message: AnyStr, key: AnyStr, outlen: Union[AnyStr, int], output: AnyStr +): msg = binascii.unhexlify(message) - output = binascii.hexlify(binascii.unhexlify(output)) + output_bytes = binascii.hexlify(binascii.unhexlify(output)) k = binascii.unhexlify(key) - outlen = int(outlen) - out = nacl.hash.generichash(msg, digest_size=outlen, key=k) - assert out == output + outlen_parsed = int(outlen) + out = nacl.hash.generichash(msg, digest_size=outlen_parsed, key=k) + assert out == output_bytes @pytest.mark.parametrize( @@ -78,7 +86,12 @@ def test_generichash(message, key, outlen, output): OVERLONG_PARAMS_VECTORS, ) def test_overlong_blake2b_oneshot_params( - message, key, salt, person, outlen, output + message: bytes, + key: bytes, + salt: bytes, + person: bytes, + outlen: int, + output: bytes, ): with pytest.raises(exc.ValueError): nacl.hash.blake2b( @@ -89,7 +102,9 @@ def test_overlong_blake2b_oneshot_params( @pytest.mark.parametrize( ["message", "key", "outlen", "output"], blake2_reference_vectors() ) -def test_generichash_blake2_ref(message, key, outlen, output): +def test_generichash_blake2_ref( + message: str, key: str, outlen: int, output: str +): test_generichash(message, key, outlen, output) @@ -97,15 +112,22 @@ def test_generichash_blake2_ref(message, key, outlen, output): ["message", "key", "salt", "person", "outlen", "output"], blake2_salt_pers_vectors(), ) -def test_hash_blake2b(message, key, salt, person, outlen, output): +def test_hash_blake2b( + message: bytes, + key: bytes, + salt: bytes, + person: bytes, + outlen: bytes, + output: bytes, +): msg = binascii.unhexlify(message) output = binascii.hexlify(binascii.unhexlify(output)) k = binascii.unhexlify(key) slt = binascii.unhexlify(salt) pers = binascii.unhexlify(person) - outlen = int(outlen) + outlen_parsed = int(outlen) out = nacl.hash.blake2b( - msg, digest_size=outlen, key=k, salt=slt, person=pers + msg, digest_size=outlen_parsed, key=k, salt=slt, person=pers ) assert out == output @@ -134,7 +156,9 @@ def test_expected_bindings_level_pickle_and_copy_failures(): @pytest.mark.parametrize( ["message", "key", "outlen", "output"], blake2_reference_vectors() ) -def test_hashlib_blake2_ref_vectors(message, key, outlen, output): +def test_hashlib_blake2_ref_vectors( + message: str, key: str, outlen: int, output: str +): msg = binascii.unhexlify(message) k = binascii.unhexlify(key) outlen = int(outlen) @@ -147,7 +171,9 @@ def test_hashlib_blake2_ref_vectors(message, key, outlen, output): @pytest.mark.parametrize( ["message", "key", "outlen", "output"], blake2_reference_vectors() ) -def test_hashlib_blake2_iuf_ref_vectors(message, key, outlen, output): +def test_hashlib_blake2_iuf_ref_vectors( + message: str, key: str, outlen: int, output: str +): msg = binascii.unhexlify(message) k = binascii.unhexlify(key) outlen = int(outlen) @@ -165,7 +191,9 @@ def test_hashlib_blake2_iuf_ref_vectors(message, key, outlen, output): @pytest.mark.parametrize( ["message", "key", "outlen", "output"], blake2_reference_vectors() ) -def test_hashlib_blake2_iuf_cp_ref_vectors(message, key, outlen, output): +def test_hashlib_blake2_iuf_cp_ref_vectors( + message: str, key: str, outlen: int, output: str +): msg = binascii.unhexlify(message) msglen = len(msg) if msglen < 2: @@ -190,7 +218,12 @@ def test_hashlib_blake2_iuf_cp_ref_vectors(message, key, outlen, output): OVERLONG_PARAMS_VECTORS, ) def test_overlong_blake2b_iuf_params( - message, key, salt, person, outlen, output + message: bytes, + key: bytes, + salt: bytes, + person: bytes, + outlen: int, + output: bytes, ): with pytest.raises(exc.ValueError): nacl.hashlib.blake2b( @@ -201,12 +234,12 @@ def test_overlong_blake2b_iuf_params( def test_blake2_descriptors_presence(): h = nacl.hashlib.blake2b() assert h.name == "blake2b" - h.block_size == 128 - h.digest_size == 32 # this is the default digest_size + assert h.block_size == 128 + assert h.digest_size == 32 # this is the default digest_size def test_blake2_digest_size_descriptor_coherence(): h = nacl.hashlib.blake2b(digest_size=64) assert h.name == "blake2b" - h.block_size == 128 - h.digest_size == 64 + assert h.block_size == 128 + assert h.digest_size == 64 diff --git a/tests/test_hash.py b/tests/test_hash.py index f581a64d..4b2242d7 100644 --- a/tests/test_hash.py +++ b/tests/test_hash.py @@ -11,8 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - - import pytest import nacl.encoding @@ -32,7 +30,7 @@ ), ], ) -def test_sha256_hex(inp, expected): +def test_sha256_hex(inp: bytes, expected: bytes): assert nacl.hash.sha256(inp) == expected @@ -55,7 +53,7 @@ def test_sha256_hex(inp, expected): ), ], ) -def test_sha256_binary(inp, expected): +def test_sha256_binary(inp: bytes, expected: bytes): assert nacl.hash.sha256(inp, encoder=nacl.encoding.RawEncoder) == expected @@ -78,7 +76,7 @@ def test_sha256_binary(inp, expected): ), ], ) -def test_sha512_hex(inp, expected): +def test_sha512_hex(inp: bytes, expected: bytes): assert nacl.hash.sha512(inp) == expected @@ -104,5 +102,5 @@ def test_sha512_hex(inp, expected): ), ], ) -def test_sha512_binary(inp, expected): +def test_sha512_binary(inp: bytes, expected: bytes): assert nacl.hash.sha512(inp, encoder=nacl.encoding.RawEncoder) == expected diff --git a/tests/test_hashlib_scrypt.py b/tests/test_hashlib_scrypt.py index c86bd4b9..c2e0b5b4 100644 --- a/tests/test_hashlib_scrypt.py +++ b/tests/test_hashlib_scrypt.py @@ -119,7 +119,15 @@ @pytest.mark.parametrize( ("password", "salt", "n", "r", "p", "dklen", "expected"), RFC_7914_VECTORS ) -def test_hashlib_scrypt_api(password, salt, n, r, p, dklen, expected): +def test_hashlib_scrypt_api( + password: bytes, + salt: bytes, + n: int, + r: int, + p: int, + dklen: int, + expected: bytes, +): _exp = unhexlify(expected.replace(b" ", b"")) dgst = nacl.hashlib.scrypt( password, salt=salt, n=n, r=r, p=p, dklen=dklen, maxmem=2 * (1024 ** 3) diff --git a/tests/test_kx.py b/tests/test_kx.py index 55a827b5..ee4eb699 100644 --- a/tests/test_kx.py +++ b/tests/test_kx.py @@ -34,7 +34,7 @@ def test_crypto_kx_keypair(): binary(min_size=32, max_size=32), ) @settings(max_examples=100) -def test_crypto_kx_seed_keypair(seed1, seed2): +def test_crypto_kx_seed_keypair(seed1: bytes, seed2: bytes): seeded = b.crypto_kx_seed_keypair(seed1) seeded_other = b.crypto_kx_seed_keypair(seed2) if seed1 != seed2: @@ -47,7 +47,7 @@ def test_crypto_kx_seed_keypair(seed1, seed2): binary(min_size=33, max_size=128), ) @settings(max_examples=20, suppress_health_check=[HealthCheck.too_slow]) -def test_crypto_kx_seed_keypair_seed_too_large(seed): +def test_crypto_kx_seed_keypair_seed_too_large(seed: bytes): with pytest.raises(exc.TypeError): b.crypto_kx_seed_keypair(seed) @@ -56,7 +56,7 @@ def test_crypto_kx_seed_keypair_seed_too_large(seed): binary(min_size=0, max_size=31), ) @settings(max_examples=20) -def test_crypto_kx_seed_keypair_seed_too_small(seed): +def test_crypto_kx_seed_keypair_seed_too_small(seed: bytes): with pytest.raises(exc.TypeError): b.crypto_kx_seed_keypair(seed) @@ -66,7 +66,7 @@ def test_crypto_kx_seed_keypair_seed_too_small(seed): binary(min_size=32, max_size=32), ) @settings(max_examples=100) -def test_crypto_kx_session_keys(seed1, seed2): +def test_crypto_kx_session_keys(seed1: bytes, seed2: bytes): s_keys = b.crypto_kx_seed_keypair(seed1) c_keys = b.crypto_kx_seed_keypair(seed2) @@ -85,6 +85,7 @@ def test_crypto_kx_session_wrong_key_lengths(): s_keys = b.crypto_kx_keypair() c_keys = b.crypto_kx_keypair() + # TODO: should invalid argument lengths (but correct types) raise ValueError? with pytest.raises(exc.TypeError): b.crypto_kx_server_session_keys(s_keys[0][:-1], s_keys[1], c_keys[0]) diff --git a/tests/test_public.py b/tests/test_public.py index ffc4c16a..eb4201f6 100644 --- a/tests/test_public.py +++ b/tests/test_public.py @@ -11,8 +11,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - import binascii +from typing import Tuple, Union import pytest @@ -44,7 +44,7 @@ def test_equal_keys_are_equal(self): PublicKey(b"\x00" * (crypto_box_PUBLICKEYBYTES - 1) + b"\x01"), ], ) - def test_different_keys_are_not_equal(self, k2): + def test_different_keys_are_not_equal(self, k2: Union[bytes, PublicKey]): k1 = PublicKey(b"\x00" * crypto_box_PUBLICKEYBYTES) assert_not_equal(k1, k2) @@ -62,7 +62,7 @@ def test_equal_keys_are_equal(self): assert_equal(k1, k1) assert_equal(k1, k2) - def _gen_equivalent_raw_keys_couple(self): + def _gen_equivalent_raw_keys_couple(self) -> Tuple[PrivateKey, PrivateKey]: rwk1 = bytearray(random(crypto_box_SECRETKEYBYTES)) rwk2 = bytearray(rwk1) # mask rwk1 bits @@ -99,7 +99,7 @@ def test_sk_and_pk_hashes_are_different(self): PrivateKey(b"\x00" * (crypto_box_SECRETKEYBYTES - 1) + b"\x01"), ], ) - def test_different_keys_are_not_equal(self, k2): + def test_different_keys_are_not_equal(self, k2: Union[bytes, PrivateKey]): k1 = PrivateKey(b"\x00" * crypto_box_SECRETKEYBYTES) assert_not_equal(k1, k2) diff --git a/tests/test_pwhash.py b/tests/test_pwhash.py index 8a7c1b6d..debce85b 100644 --- a/tests/test_pwhash.py +++ b/tests/test_pwhash.py @@ -11,13 +11,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - - import binascii import json import os import sys import unicodedata as ud +from typing import List, Tuple from hypothesis import given, settings from hypothesis.strategies import integers, text @@ -42,7 +41,7 @@ # Select Letters, number representations and spacing characters -def argon2i_modular_crypt_ref(): +def argon2i_modular_crypt_ref() -> List[Tuple[str, str]]: DATA = "modular_crypt_argon2i_hashes.json" path = os.path.join(os.path.dirname(__file__), "data", DATA) jvectors = json.load(open(path)) @@ -52,7 +51,7 @@ def argon2i_modular_crypt_ref(): return vectors -def argon2i_raw_ref(): +def argon2i_raw_ref() -> List[Tuple[int, str, str, int, int, str]]: DATA = "raw_argon2i_hashes.json" path = os.path.join(os.path.dirname(__file__), "data", DATA) jvectors = json.load(open(path)) @@ -71,7 +70,7 @@ def argon2i_raw_ref(): return vectors -def argon2id_modular_crypt_ref(): +def argon2id_modular_crypt_ref() -> List[Tuple[str, str]]: DATA = "modular_crypt_argon2id_hashes.json" path = os.path.join(os.path.dirname(__file__), "data", DATA) jvectors = json.load(open(path)) @@ -83,7 +82,7 @@ def argon2id_modular_crypt_ref(): return vectors -def argon2id_raw_ref(): +def argon2id_raw_ref() -> List[Tuple[int, str, str, int, int, str]]: DATA = "raw_argon2id_hashes.json" path = os.path.join(os.path.dirname(__file__), "data", DATA) jvectors = json.load(open(path)) @@ -122,7 +121,12 @@ def argon2id_raw_ref(): ], ) def test_kdf_scryptsalsa208sha256( - size, password, salt, opslimit, memlimit, expected + size: int, + password: bytes, + salt: bytes, + opslimit: int, + memlimit: int, + expected: bytes, ): res = nacl.pwhash.kdf_scryptsalsa208sha256( size, password, salt, opslimit, memlimit @@ -136,7 +140,7 @@ def test_kdf_scryptsalsa208sha256( @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scryptsalsa208sha256_random(password): +def test_scryptsalsa208sha256_random(password: bytes): h1 = nacl.pwhash.scryptsalsa208sha256_str(password) h2 = nacl.pwhash.scryptsalsa208sha256_str(password) assert h1 != h2 @@ -148,7 +152,7 @@ def test_scryptsalsa208sha256_random(password): @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scryptsalsa208sha256_verify(password): +def test_scryptsalsa208sha256_verify(password: bytes): assert nacl.pwhash.verify_scryptsalsa208sha256( nacl.pwhash.scryptsalsa208sha256_str(password), password ) @@ -160,7 +164,7 @@ def test_scryptsalsa208sha256_verify(password): @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scryptsalsa208sha256_verify_incorrect(password): +def test_scryptsalsa208sha256_verify_incorrect(password: bytes): with pytest.raises(exc.InvalidkeyError): nacl.pwhash.verify_scryptsalsa208sha256( nacl.pwhash.scryptsalsa208sha256_str(password), @@ -183,7 +187,9 @@ def test_scryptsalsa208sha256_verify_incorrect(password): ), ], ) -def test_wrong_salt_length(size, password, salt, opslimit, memlimit): +def test_wrong_salt_length( + size: int, password: bytes, salt: bytes, opslimit: int, memlimit: int +): with pytest.raises(exc.ValueError): nacl.pwhash.kdf_scryptsalsa208sha256( size, password, salt, opslimit, memlimit @@ -202,7 +208,7 @@ def test_wrong_salt_length(size, password, salt, opslimit, memlimit): ) ], ) -def test_wrong_hash_length(passwd_hash, password): +def test_wrong_hash_length(passwd_hash: bytes, password: bytes): with pytest.raises(exc.ValueError): nacl.pwhash.verify_scryptsalsa208sha256(passwd_hash, password) @@ -222,7 +228,9 @@ def test_wrong_hash_length(passwd_hash, password): ), ], ) -def test_kdf_wrong_salt_length(size, password, salt, opslimit, memlimit): +def test_kdf_wrong_salt_length( + size: int, password: bytes, salt: bytes, opslimit: int, memlimit: int +): with pytest.raises(exc.ValueError): nacl.pwhash.kdf_scryptsalsa208sha256( size, password, salt, opslimit, memlimit @@ -241,7 +249,7 @@ def test_kdf_wrong_salt_length(size, password, salt, opslimit, memlimit): ) ], ) -def test_str_verify_wrong_hash_length(passwd_hash, password): +def test_str_verify_wrong_hash_length(passwd_hash: bytes, password: bytes): with pytest.raises(exc.ValueError): nacl.pwhash.verify_scryptsalsa208sha256(passwd_hash, password) @@ -265,7 +273,14 @@ def test_str_verify_wrong_hash_length(passwd_hash, password): ), ], ) -def test_scrypt_kdf(size, password, salt, opslimit, memlimit, expected): +def test_scrypt_kdf( + size: int, + password: bytes, + salt: bytes, + opslimit: int, + memlimit: int, + expected: bytes, +): res = nacl.pwhash.scrypt.kdf(size, password, salt, opslimit, memlimit) assert res == expected @@ -276,7 +291,7 @@ def test_scrypt_kdf(size, password, salt, opslimit, memlimit, expected): @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scrypt_random(password): +def test_scrypt_random(password: bytes): h1 = nacl.pwhash.scrypt.str(password) h2 = nacl.pwhash.scrypt.str(password) assert h1 != h2 @@ -288,7 +303,7 @@ def test_scrypt_random(password): @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scrypt_verify(password): +def test_scrypt_verify(password: bytes): assert nacl.pwhash.scrypt.verify( nacl.pwhash.scrypt.str(password), password ) @@ -300,7 +315,7 @@ def test_scrypt_verify(password): @pytest.mark.parametrize( ("password",), [(b"The quick brown fox jumps over the lazy dog.",)] ) -def test_scrypt_verify_incorrect(password): +def test_scrypt_verify_incorrect(password: bytes): with pytest.raises(exc.InvalidkeyError): nacl.pwhash.scrypt.verify( nacl.pwhash.scrypt.str(password), password.replace(b"dog", b"cat") @@ -322,7 +337,9 @@ def test_scrypt_verify_incorrect(password): ), ], ) -def test_wrong_scrypt_salt_length(size, password, salt, opslimit, memlimit): +def test_wrong_scrypt_salt_length( + size: int, password: bytes, salt: bytes, opslimit: int, memlimit: int +): with pytest.raises(exc.ValueError): nacl.pwhash.scrypt.kdf(size, password, salt, opslimit, memlimit) @@ -339,7 +356,7 @@ def test_wrong_scrypt_salt_length(size, password, salt, opslimit, memlimit): ) ], ) -def test_wrong_scrypt_hash_length(passwd_hash, password): +def test_wrong_scrypt_hash_length(passwd_hash: bytes, password: bytes): with pytest.raises(exc.ValueError): nacl.pwhash.scrypt.verify(passwd_hash, password) @@ -360,7 +377,7 @@ def test_wrong_scrypt_hash_length(passwd_hash, password): ], ) def test_scrypt_kdf_wrong_salt_length( - size, password, salt, opslimit, memlimit + size: int, password: bytes, salt: bytes, opslimit: int, memlimit: int ): with pytest.raises(exc.ValueError): nacl.pwhash.scrypt.kdf(size, password, salt, opslimit, memlimit) @@ -376,7 +393,7 @@ def test_scrypt_kdf_wrong_salt_length( (2 * (2 ** 20), 2 * (2 ** 20), 11, 8, 32), ], ) -def test_variable_limits(opslimit, memlimit, n, r, p): +def test_variable_limits(opslimit: int, memlimit: int, n: int, r: int, p: int): rn, rr, rp = nacl.bindings.nacl_bindings_pick_scrypt_params( opslimit, memlimit ) @@ -397,7 +414,9 @@ def test_variable_limits(opslimit, memlimit, n, r, p): ) ], ) -def test_scrypt_str_verify_wrong_hash_length(passwd_hash, password): +def test_scrypt_str_verify_wrong_hash_length( + passwd_hash: bytes, password: bytes +): with pytest.raises(exc.ValueError): nacl.pwhash.scrypt.verify(passwd_hash, password) @@ -406,7 +425,7 @@ def test_scrypt_str_verify_wrong_hash_length(passwd_hash, password): ("password_hash", "password"), argon2i_modular_crypt_ref() + argon2id_modular_crypt_ref(), ) -def test_str_verify_argon2_ref(password_hash, password): +def test_str_verify_argon2_ref(password_hash: str, password: str): pw_hash = password_hash.encode("ascii") pw = password.encode("ascii") res = nacl.pwhash.argon2id.verify(pw_hash, pw) @@ -417,7 +436,7 @@ def test_str_verify_argon2_ref(password_hash, password): ("password_hash", "password"), argon2i_modular_crypt_ref() + argon2id_modular_crypt_ref(), ) -def test_str_verify_argon2_ref_fail(password_hash, password): +def test_str_verify_argon2_ref_fail(password_hash: str, password: str): pw_hash = password_hash.encode("ascii") pw = ("a" + password).encode("ascii") with pytest.raises(exc.InvalidkeyError): @@ -430,7 +449,7 @@ def test_str_verify_argon2_ref_fail(password_hash, password): integers(min_value=1024 * 1024, max_value=16 * 1024 * 1024), ) @settings(deadline=None, max_examples=20) -def test_argon2i_str_and_verify(password, ops, mem): +def test_argon2i_str_and_verify(password: str, ops: int, mem: int): _psw = password.encode("utf-8") pw_hash = nacl.pwhash.argon2i.str(_psw, opslimit=ops, memlimit=mem) res = nacl.pwhash.argon2i.verify(pw_hash, _psw) @@ -443,7 +462,7 @@ def test_argon2i_str_and_verify(password, ops, mem): integers(min_value=1024 * 1024, max_value=16 * 1024 * 1024), ) @settings(deadline=None, max_examples=20) -def test_argon2id_str_and_verify(password, ops, mem): +def test_argon2id_str_and_verify(password: str, ops: int, mem: int): _psw = password.encode("utf-8") pw_hash = nacl.pwhash.argon2id.str(_psw, opslimit=ops, memlimit=mem) res = nacl.pwhash.argon2id.verify(pw_hash, _psw) @@ -456,7 +475,7 @@ def test_argon2id_str_and_verify(password, ops, mem): integers(min_value=1024 * 1024, max_value=16 * 1024 * 1024), ) @settings(deadline=None, max_examples=20) -def test_argon2i_str_and_verify_fail(password, ops, mem): +def test_argon2i_str_and_verify_fail(password: str, ops: int, mem: int): _psw = password.encode("utf-8") pw_hash = nacl.pwhash.argon2i.str(_psw, opslimit=ops, memlimit=mem) with pytest.raises(exc.InvalidkeyError): @@ -465,7 +484,7 @@ def test_argon2i_str_and_verify_fail(password, ops, mem): @given(text(alphabet=PASSWD_CHARS, min_size=5, max_size=20)) @settings(deadline=None, max_examples=5) -def test_pwhash_str_and_verify(password): +def test_pwhash_str_and_verify(password: str): _psw = password.encode("utf-8") a2i_hash = nacl.pwhash.argon2i.str( @@ -490,7 +509,7 @@ def test_pwhash_str_and_verify(password): ) @given(text(alphabet=PASSWD_CHARS, min_size=5, max_size=20)) @settings(deadline=None, max_examples=5) -def test_pwhash_scrypt_str_and_verify(password): +def test_pwhash_scrypt_str_and_verify(password: str): _psw = password.encode("utf-8") scrypt_hash = nacl.pwhash.scrypt.str( @@ -520,7 +539,14 @@ def test_crypt_prefix_error(): ("dk_size", "password", "salt", "iters", "mem_kb", "pwhash"), argon2i_raw_ref(), ) -def test_argon2i_kdf(dk_size, password, salt, iters, mem_kb, pwhash): +def test_argon2i_kdf( + dk_size: int, + password: str, + salt: str, + iters: int, + mem_kb: int, + pwhash: str, +): dk = nacl.pwhash.argon2i.kdf( dk_size, password.encode("utf-8"), @@ -537,7 +563,12 @@ def test_argon2i_kdf(dk_size, password, salt, iters, mem_kb, pwhash): argon2id_raw_ref(), ) def test_argon2_kdf_alg_argon2id( - dk_size, password, salt, iters, mem_kb, pwhash + dk_size: int, + password: str, + salt: str, + iters: int, + mem_kb: int, + pwhash: str, ): dk = nacl.pwhash.argon2id.kdf( dk_size, @@ -574,7 +605,9 @@ def test_argon2_kdf_alg_argon2id( (20, "aPassword", 4 * "salt", 1, 256), ], ) -def test_argon2i_kdf_invalid_parms(dk_size, password, salt, iters, mem_kb): +def test_argon2i_kdf_invalid_parms( + dk_size: int, password: str, salt: str, iters: int, mem_kb: int +): with pytest.raises(exc.ValueError): nacl.pwhash.argon2i.kdf( dk_size, @@ -593,7 +626,9 @@ def test_argon2i_kdf_invalid_parms(dk_size, password, salt, iters, mem_kb): (20, "aPassword", 4 * "salt", 0, 256), ], ) -def test_argon2id_kdf_invalid_parms(dk_size, password, salt, iters, mem_kb): +def test_argon2id_kdf_invalid_parms( + dk_size: int, password: str, salt: str, iters: int, mem_kb: int +): with pytest.raises(exc.ValueError): nacl.pwhash.argon2id.kdf( dk_size,