Ed25519 and Ed448 are supported under FIPS (#14616)

* Ed25519 and Ed448 are supported under FIPS

Ed25519 and Ed448 signature schemes (both EdDSA) are FIPS approved. See
section 7 of [FIPS 186-5][1].

[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf

* Remove Ed25519 support test conditions

* Appease flake

* Remove support check from ed25519.py

* Remove other ed25519_supported checks from tests

* Add coverage for ed25519_supported()

* Remove comments

Author: WillChilds-Klein

src/cryptography/hazmat/backends/openssl/backend.py

@@ -276,11 +276,9 @@ def mldsa_supported(self) -> bool:
         return rust_openssl.CRYPTOGRAPHY_IS_AWSLC
 
     def ed25519_supported(self) -> bool:
-        return not self._fips_enabled
+        return True
 
     def ed448_supported(self) -> bool:
-        if self._fips_enabled:
-            return False
         return (
             not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
             and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL

src/cryptography/hazmat/primitives/asymmetric/ed25519.py

@@ -6,7 +6,6 @@
 
 import abc
 
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import _serialization
 from cryptography.utils import Buffer
@@ -15,14 +14,6 @@
 class Ed25519PublicKey(metaclass=abc.ABCMeta):
     @classmethod
     def from_public_bytes(cls, data: bytes) -> Ed25519PublicKey:
-        from cryptography.hazmat.backends.openssl.backend import backend
-
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
-            )
-
         return rust_openssl.ed25519.from_public_bytes(data)
 
     @abc.abstractmethod
@@ -73,26 +64,10 @@ def __deepcopy__(self, memo: dict) -> Ed25519PublicKey:
 class Ed25519PrivateKey(metaclass=abc.ABCMeta):
     @classmethod
     def generate(cls) -> Ed25519PrivateKey:
-        from cryptography.hazmat.backends.openssl.backend import backend
-
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
-            )
-
         return rust_openssl.ed25519.generate_key()
 
     @classmethod
     def from_private_bytes(cls, data: Buffer) -> Ed25519PrivateKey:
-        from cryptography.hazmat.backends.openssl.backend import backend
-
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
-            )
-
         return rust_openssl.ed25519.from_private_bytes(data)
 
     @abc.abstractmethod

tests/hazmat/primitives/test_ed25519.py

@@ -10,15 +10,15 @@
 
 import pytest
 
-from cryptography.exceptions import InvalidSignature, _Reasons
+from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ed25519 import (
     Ed25519PrivateKey,
     Ed25519PublicKey,
 )
 
 from ...doubles import DummyKeySerializationEncryption
-from ...utils import load_vectors_from_file, raises_unsupported_algorithm
+from ...utils import load_vectors_from_file
 
 
 def load_ed25519_vectors(vector_data):
@@ -45,31 +45,10 @@ def load_ed25519_vectors(vector_data):
     return data
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: not backend.ed25519_supported(),
-    skip_message="Requires OpenSSL without Ed25519 support",
-)
-def test_ed25519_unsupported(backend):
-    with raises_unsupported_algorithm(
-        _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-    ):
-        Ed25519PublicKey.from_public_bytes(b"0" * 32)
-
-    with raises_unsupported_algorithm(
-        _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-    ):
-        Ed25519PrivateKey.from_private_bytes(b"0" * 32)
-
-    with raises_unsupported_algorithm(
-        _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-    ):
-        Ed25519PrivateKey.generate()
+def test_ed25519_always_supported(backend):
+    assert backend.ed25519_supported()
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 class TestEd25519Signing:
     def test_sign_verify_input(self, backend, subtests):
         vectors = load_vectors_from_file(
@@ -292,10 +271,6 @@ def test_buffer_protocol(self, backend):
         )
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 def test_public_key_equality(backend):
     key_bytes = load_vectors_from_file(
         os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"),
@@ -313,10 +288,6 @@ def test_public_key_equality(backend):
         key1 < key2  # type: ignore[operator]
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 def test_public_key_copy(backend):
     key_bytes = load_vectors_from_file(
         os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"),
@@ -329,10 +300,6 @@ def test_public_key_copy(backend):
     assert key1 == key2
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 def test_public_key_deepcopy(backend):
     key_bytes = load_vectors_from_file(
         os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"),
@@ -345,10 +312,6 @@ def test_public_key_deepcopy(backend):
     assert key1 == key2
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 def test_private_key_copy(backend):
     key_bytes = load_vectors_from_file(
         os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"),
@@ -361,10 +324,6 @@ def test_private_key_copy(backend):
     assert key1 == key2
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 def test_private_key_deepcopy(backend):
     key_bytes = load_vectors_from_file(
         os.path.join("asymmetric", "Ed25519", "ed25519-pkcs8.der"),

tests/hazmat/primitives/test_pkcs12.py

@@ -323,10 +323,6 @@ class TestPKCS12Creation:
                 ed25519.Ed25519PrivateKey.generate,
                 ed25519.Ed25519PrivateKey,
                 [],
-                marks=pytest.mark.supported(
-                    only_if=lambda backend: backend.ed25519_supported(),
-                    skip_message="Requires OpenSSL with Ed25519 support",
-                ),
             ),
             (rsa.generate_private_key, rsa.RSAPrivateKey, [65537, 1024]),
             (dsa.generate_private_key, dsa.DSAPrivateKey, [1024]),

tests/hazmat/primitives/test_pkcs7.py

@@ -213,10 +213,6 @@ def test_not_a_cert(self, backend):
                 hashes.SHA256(),
             )
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Does not support ed25519.",
-    )
     def test_unsupported_key_type(self, backend):
         cert, _ = _load_cert_key()
         key = ed25519.Ed25519PrivateKey.generate()

tests/hazmat/primitives/test_serialization.py

@@ -1399,10 +1399,6 @@ def test_encryption_with_zero_length_password(self):
             BestAvailableEncryption(b"")
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 class TestEd25519Serialization:
     def test_load_der_private_key(self, backend):
         data = load_vectors_from_file(

tests/hazmat/primitives/test_ssh.py

@@ -68,9 +68,6 @@ class TestOpenSSHSerialization:
         ],
     )
     def test_load_ssh_public_key(self, key_file, cert_file, backend):
-        if "ed25519" in key_file and not backend.ed25519_supported():
-            pytest.skip("Requires OpenSSL with Ed25519 support")
-
         # normal public key
         pub_data = load_vectors_from_file(
             os.path.join("asymmetric", "OpenSSH", key_file),
@@ -174,8 +171,6 @@ def run_partial_pubkey(self, pubdata, backend):
         ],
     )
     def test_load_ssh_private_key(self, key_file, backend):
-        if "ed25519" in key_file and not backend.ed25519_supported():
-            pytest.skip("Requires OpenSSL with Ed25519 support")
         if "-psw" in key_file and not ssh._bcrypt_supported:
             pytest.skip("Requires bcrypt module")
 
@@ -261,10 +256,6 @@ def test_load_ssh_private_key(self, key_file, backend):
         maxline = max(map(len, priv_data2.split(b"\n")))
         assert maxline < 80
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires Ed25519 support",
-    )
     @pytest.mark.parametrize(
         "key_file",
         [
@@ -281,10 +272,6 @@ def test_load_unsupported_ssh_private_key(self, key_file):
         with pytest.raises(UnsupportedAlgorithm):
             load_ssh_private_key(data, None)
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires Ed25519 support",
-    )
     @pytest.mark.supported(
         only_if=lambda backend: ssh._bcrypt_supported,
         skip_message="Requires that bcrypt exists",
@@ -304,10 +291,6 @@ def test_load_ssh_private_key_invalid_tag(self, backend):
         with pytest.raises(InvalidTag):
             load_ssh_private_key(priv_data, b"password")
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires Ed25519 support",
-    )
     @pytest.mark.supported(
         only_if=lambda backend: ssh._bcrypt_supported,
         skip_message="Requires that bcrypt exists",
@@ -1140,10 +1123,6 @@ def test_load_ssh_public_key_ecdsa_nist_p256_bad_curve_name(self, backend):
             load_ssh_public_key(ssh_key, backend)
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 class TestEd25519SSHSerialization:
     def test_load_ssh_public_key(self, backend):
         ssh_key = (
@@ -1186,10 +1165,6 @@ def test_load_ssh_public_key_trailing_data(self, backend):
 
 
 class TestSSHCertificate:
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires OpenSSL with Ed25519 support",
-    )
     def test_loads_ssh_cert(self, backend):
         # secp256r1 public key, ed25519 signing key
         cert = load_ssh_public_identity(
@@ -1718,10 +1693,6 @@ def test_crit_opts_exts_lexically_sorted(self):
             (b"zebra@cryptography.io", b""),
         ]
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires OpenSSL with Ed25519 support",
-    )
     def test_sign_ed25519(self, backend):
         private_key = ed25519.Ed25519PrivateKey.generate()
         builder = (
@@ -1818,10 +1789,6 @@ def test_sign_and_byte_compare_rsa(self, monkeypatch):
             b"zbwL217Q93R08bJn1hDWuiTiaHGauSy2gPUI+cnkvlEocHM"
         )
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires OpenSSL with Ed25519 support",
-    )
     def test_sign_and_byte_compare_ed25519(self, monkeypatch, backend):
         # Monkey patch urandom to return a known value so we
         # get a deterministic signature with Ed25519.
@@ -1911,10 +1878,7 @@ def test_ssh_key_fingerprint_rsa_sha256(self):
         )
 
     @pytest.mark.supported(
-        only_if=lambda backend: (
-            backend.hash_supported(hashes.MD5())
-            and backend.ed25519_supported()
-        ),
+        only_if=lambda backend: backend.hash_supported(hashes.MD5()),
         skip_message="Does not support MD5 or Ed25519",
     )
     def test_ssh_key_fingerprint_ed25519_md5(self):
@@ -1927,10 +1891,6 @@ def test_ssh_key_fingerprint_ed25519_md5(self):
         fingerprint = ssh_key_fingerprint(public_key, hashes.MD5())
         assert fingerprint == b"\xe5R=\x01\x9e\xa0\xc1\xe9\x8c?L|\xc5\x94W\x85"
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Ed25519 not supported",
-    )
     def test_ssh_key_fingerprint_ed25519_sha256(self):
         ssh_key = load_vectors_from_file(
             os.path.join("asymmetric", "OpenSSH", "ed25519-nopsw.key.pub"),

tests/wycheproof/test_eddsa.py

@@ -13,10 +13,6 @@
 from .utils import wycheproof_tests
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.ed25519_supported(),
-    skip_message="Requires OpenSSL with Ed25519 support",
-)
 @wycheproof_tests("ed25519_test.json")
 def test_ed25519_signature(backend, wycheproof):
     # We want to fail if/when wycheproof adds more edwards curve tests

tests/x509/test_ocsp.py

@@ -1638,10 +1638,6 @@ def test_unknown_response_status(self):
 
 
 class TestOCSPEdDSA:
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires OpenSSL with Ed25519 support / OCSP",
-    )
     def test_invalid_algorithm(self, backend):
         builder = ocsp.OCSPResponseBuilder()
         cert, issuer = _cert_and_issuer()
@@ -1670,10 +1666,6 @@ def test_invalid_algorithm(self, backend):
         with pytest.raises(ValueError):
             builder.sign(private_key, hashes.SHA256())
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.ed25519_supported(),
-        skip_message="Requires OpenSSL with Ed25519 support / OCSP",
-    )
     def test_sign_ed25519(self, backend):
         builder = ocsp.OCSPResponseBuilder()
         cert, issuer = _cert_and_issuer()