From fe5f3a9217cfebfec5cbafface7ef9cb7c5a0700 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 31 Jan 2025 10:20:31 -0800
Subject: [PATCH] Two more testscases for key loading (#12370)

* Two more testscases for key loading

* Update tests/hazmat/primitives/test_serialization.py

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>

---------

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---
 docs/development/test-vectors.rst             |  2 ++
 tests/hazmat/primitives/test_serialization.py | 22 ++++++++++++++
 .../key1-short-iv.pem                         | 30 +++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 2ed113efd..2eec0fd01 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -227,6 +227,8 @@ Custom asymmetric vectors
   comma).
 * ``asymmetric/Traditional_OpenSSL_Serialization/key1-malformed-iv.pem`` - An
   RSA key in an encrypted PEM with a malformed IV (not valid hex).
+* ``asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem`` - An
+  RSA key in an encrypted PEM with an IV that's too short (less than 8 bytes).
 
 Key exchange
 ~~~~~~~~~~~~
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 6c671f45b..bd15e9166 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -1127,6 +1127,15 @@ class TestPEMSerialization:
                 ),
             )
 
+    def test_encrypted_pkcs8_non_utf_password(self):
+        data = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "enc-rsa-pkcs8.pem"),
+            lambda f: f.read(),
+            mode="rb",
+        )
+        with pytest.raises(ValueError):
+            load_pem_private_key(data, password=b"\xff")
+
     @pytest.mark.xfail()
     def test_rsa_private_key_invalid_version(self):
         data = load_vectors_from_file(
@@ -1194,6 +1203,19 @@ class TestPEMSerialization:
         with pytest.raises(ValueError):
             load_pem_private_key(data, password=b"password")
 
+    def test_pem_encryption_short_iv(self):
+        data = load_vectors_from_file(
+            os.path.join(
+                "asymmetric",
+                "Traditional_OpenSSL_Serialization",
+                "key1-short-iv.pem",
+            ),
+            lambda f: f.read(),
+            mode="rb",
+        )
+        with pytest.raises(ValueError):
+            load_pem_private_key(data, password=b"password")
+
 
 class TestKeySerializationEncryptionTypes:
     def test_non_bytes_password(self):
diff --git a/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem
new file mode 100644
index 000000000..695a797e6
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,aaaa
+
+18phyq8pG3Tgov4rWiT0moaDbzIOk7v4/4Jnw3sc6IuMFmAYnIKHRs75hQdlFAxG
+uSXcAKzCzjhkzgSNyNaJ8ZgeDM+DskDTA109iQWCeSxKZkuHBm2Xux9p7ynEhrMf
++z0Dd5W36KRPs0PRwVoUAv/AYaLizBbAXaEx/e21uDB2cVnA2EhjEXEz7KZnqTWm
+qbSEAv/IJos1Eh1IvLupxh5naaRxfrHZgKu638ybxuxzJx+zn2DeB7g9uqVf3lCp
+B5bsoqumIhxBmIS7pKeWIq+GFVQuuHcDozRVolFuUvMkPdPfaGQjLI+ynaAfA9WH
+MULcRcBL+S8cp4xv8jmyW0n4Elak0ixw1UJLjeSrIGYLB+ZkYXPiUjhYZPzbKzdE
+rLstyGfFXH8Vjw6921P6iVH/JvskF9aj4NvYyZqxo9YznIN9nI8GWmqJgLyIYHET
+Ur5mp1/O+KGLWMzfX09/fUVF/mXBibcnJ/sixGCH4yNZR5kpnas6H8SmaGgKE1zk
+KYeuicGHm6nZ/uyjoL/AwvbUL1y9tHJ0vn816cCRdJ4ELZ5dotGPREPmkWzjv08A
+ZeTmdsgsGuUY/5mKZdIqlWCgrSKaZvS81+5tYgf0qMLBsAbLPDJy9kzTwCsEYxmh
+x9QxUeQ/UWVsMn6JqeBVp0B5z/sLcdx6GkFVGs9U2Al3aykVhrVq+0RUiYafluod
+Mkz1AczAxFtqdgaQIJbrwEAXoMc8/l8dunbuYoRuuf1y259U61aTm6wcknnDUZKs
+13sDVdcRZq1Lc1JI3B586Z7Jh0r/4HPiK1zearKLBPKZA6kEj4RzG3GUQVPxzpoD
+NDP8FxVgMy022+gylWr2EwZ/QWigIKeop0qRCeuPgju44Fvf0Z300GmpIwOjsPWT
+Ksmqw+erTT2UcN62z4+J0TvL44T9wpWbPcyxOe1r5HLpRkkBebMPNMlPZ4WGagsz
+jn0ctw7GwsJbKgyqturB83ZfuJv9lGkrXHOjrjeQNCebYDmybHl/aag8BKKYOiFW
+MkHmda+Jmq817aqcwVedMKs4CwdrE6frp2wgAIngzCILLVfyTa8v5HxpkezpKS3p
+Lia3/xkSrJwzd9ncNe43OVDlFbTE6fm/ycES8vhvS2NotuL/gZ9WpLOFPKCFl2CZ
+Cg6CUlTngEevd8kUrlt8BIEOPyhWqZOkxb1Q+Jr7PUQjgjQXmuxYoZ647xOYdIbd
+RQZd3oEFjQYTXTT7hHOuB+FehaJPEfIqJDIxVSs0gVhETaCn7L7jcq3uko3W2IpV
+qbVYBDv6+ae6Ia0dSTCtWGmqj0heIE1OOtMe7do0RijeeUz8snn6N7GYxVsQv+dg
+0zeV/2RdPz/N898agdJZywjCUwxVPIKXl4MpFEy79rhGBq7q8aImDRlrdMZNy9BJ
+nARaiDZ0ifmdh+smPWj/WuiAsYnuJBEFAQ88xECHbSXeJ6+Y/VS2jaJlMtL2tObW
+mB/vq+Kfj6yfMxYaxtjOIpqBQfGZVlNwkq9BEeEwUcas5QBrRktUS5taU3/FlfyC
+P3DsU4vseQILnqmEty7TWdHqw3up3Japzc3cTP9h4xxXuux+FmRuVdq0lfSPXB5E
+-----END RSA PRIVATE KEY-----