Merge pull request #1697 from reaperhulk/x509-request-vectors
add X509 request custom vectors
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst
new file mode 100644
index 0000000..fdf113f
--- /dev/null
+++ b/docs/hazmat/primitives/asymmetric/dh.rst
@@ -0,0 +1,64 @@
+.. hazmat::
+
+Diffie-Hellman key exchange
+===========================
+
+.. currentmodule:: cryptography.hazmat.primitives.asymmetric.dh
+
+
+.. class:: DHPrivateNumbers(x, public_numbers)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that make up a Diffie-Hellman private key.
+
+ .. attribute:: public_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
+
+ The :class:`DHPublicNumbers` which makes up the DH public
+ key associated with this DH private key.
+
+ .. attribute:: x
+
+ :type: int
+
+ The private value.
+
+
+.. class:: DHPublicNumbers(parameters, y)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that make up a Diffie-Hellman public key.
+
+ .. attribute:: parameter_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
+
+ The parameters for this DH group.
+
+ .. attribute:: y
+
+ :type: int
+
+ The public value.
+
+
+.. class:: DHParameterNumbers(p, g)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that define a Diffie-Hellman group.
+
+ .. attribute:: p
+
+ :type: int
+
+ The prime modulus value.
+
+ .. attribute:: g
+
+ :type: int
+
+ The generator value.
diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst
index 59f00c5..4242a0b 100644
--- a/docs/hazmat/primitives/asymmetric/index.rst
+++ b/docs/hazmat/primitives/asymmetric/index.rst
@@ -29,6 +29,7 @@
dsa
ec
rsa
+ dh
serialization
interfaces
utils
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 0f7e037..4748689 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -6,7 +6,6 @@
.. module:: cryptography.hazmat.primitives.ciphers
-
Symmetric encryption is a way to `encrypt`_ or hide the contents of material
where the sender and receiver both use the same secret key. Note that symmetric
encryption is **not** sufficient for most applications because it only
@@ -475,7 +474,7 @@
``AEADEncryptionContext`` provider. ``AEADCipherContext`` contains an
additional method :meth:`authenticate_additional_data` for adding
additional authenticated but unencrypted data (see note below). You should
- call this before calls to ``update``. When you are done call `finalize``
+ call this before calls to ``update``. When you are done call ``finalize``
to finish the operation.
.. note::
@@ -555,7 +554,7 @@
.. method:: validate_for_algorithm(algorithm)
- :param CipherAlgorithm algorithm:
+ :param cryptography.hazmat.primitives.ciphers.CipherAlgorithm algorithm:
Checks that the combination of this mode with the provided algorithm
meets any necessary invariants. This should raise an exception if they
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst
index 0d86f7c..89d8122 100644
--- a/docs/hazmat/primitives/twofactor.rst
+++ b/docs/hazmat/primitives/twofactor.rst
@@ -39,7 +39,7 @@
and be at least 128 bits. It is recommended that the
key be 160 bits.
:param int length: Length of generated one time password as ``int``.
- :param HashAlgorithm algorithm: A
+ :param cryptography.hazmat.primitives.hashes.HashAlgorithm algorithm: A
:class:`~cryptography.hazmat.primitives.hashes`
provider.
:param backend: A
@@ -137,7 +137,7 @@
and be at least 128 bits. It is recommended that the
key be 160 bits.
:param int length: Length of generated one time password as ``int``.
- :param HashAlgorithm algorithm: A
+ :param cryptography.hazmat.primitives.hashes.HashAlgorithm algorithm: A
:class:`~cryptography.hazmat.primitives.hashes`
provider.
:param int time_step: The time step size. The recommended size is 30.
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index ddd3789..9434a0b 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -14,6 +14,7 @@
cryptographic
cryptographically
Debian
+Diffie
decrypt
decrypted
decrypting
diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py
new file mode 100644
index 0000000..61556ef
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py
@@ -0,0 +1,101 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+
+
+class DHPrivateNumbers(object):
+ def __init__(self, x, public_numbers):
+ if not isinstance(x, six.integer_types):
+ raise TypeError("x must be an integer.")
+
+ if not isinstance(public_numbers, DHPublicNumbers):
+ raise TypeError("public_numbers must be an instance of "
+ "DHPublicNumbers.")
+
+ self._x = x
+ self._public_numbers = public_numbers
+
+ def __eq__(self, other):
+ if not isinstance(other, DHPrivateNumbers):
+ return NotImplemented
+
+ return (
+ self._x == other._x and
+ self._public_numbers == other._public_numbers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ public_numbers = utils.read_only_property("_public_numbers")
+ x = utils.read_only_property("_x")
+
+
+class DHPublicNumbers(object):
+ def __init__(self, y, parameter_numbers):
+ if not isinstance(y, six.integer_types):
+ raise TypeError("y must be an integer.")
+
+ if not isinstance(parameter_numbers, DHParameterNumbers):
+ raise TypeError(
+ "parameters must be an instance of DHParameterNumbers.")
+
+ self._y = y
+ self._parameter_numbers = parameter_numbers
+
+ def __eq__(self, other):
+ if not isinstance(other, DHPublicNumbers):
+ return NotImplemented
+
+ return (
+ self._y == other._y and
+ self._parameter_numbers == other._parameter_numbers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ y = utils.read_only_property("_y")
+ parameter_numbers = utils.read_only_property("_parameter_numbers")
+
+
+class DHParameterNumbers(object):
+ def __init__(self, p, g):
+ if (
+ not isinstance(p, six.integer_types) or
+ not isinstance(g, six.integer_types)
+ ):
+ raise TypeError("p and g must be integers")
+
+ self._p = p
+ self._g = g
+
+ def __eq__(self, other):
+ if not isinstance(other, DHParameterNumbers):
+ return NotImplemented
+
+ return (
+ self._p == other._p and
+ self._g == other._g
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ p = utils.read_only_property("_p")
+ g = utils.read_only_property("_g")
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
new file mode 100644
index 0000000..115f3d8
--- /dev/null
+++ b/tests/hazmat/primitives/test_dh.py
@@ -0,0 +1,113 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import pytest
+
+from cryptography.hazmat.primitives.asymmetric import dh
+
+
+def test_dh_parameternumbers():
+ params = dh.DHParameterNumbers(
+ 65537, 3
+ )
+
+ assert params.p == 65537
+ assert params.g == 3
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ None, 3
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ 65537, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ None, None
+ )
+
+
+def test_dh_numbers():
+ params = dh.DHParameterNumbers(
+ 65537, 3
+ )
+
+ public = dh.DHPublicNumbers(
+ 1, params
+ )
+
+ assert public.parameter_numbers is params
+ assert public.y == 1
+
+ with pytest.raises(TypeError):
+ dh.DHPublicNumbers(
+ 1, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHPublicNumbers(
+ None, params
+ )
+
+ private = dh.DHPrivateNumbers(
+ 1, public
+ )
+
+ assert private.public_numbers is public
+ assert private.x == 1
+
+ with pytest.raises(TypeError):
+ dh.DHPrivateNumbers(
+ 1, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHPrivateNumbers(
+ None, public
+ )
+
+
+def test_dh_parameter_numbers_equality():
+ assert dh.DHParameterNumbers(65537, 3) == dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(6, 3) != dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(65537, 0) != dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(65537, 0) != object()
+
+
+def test_dh_private_numbers_equality():
+ params = dh.DHParameterNumbers(65537, 3)
+ public = dh.DHPublicNumbers(1, params)
+ private = dh.DHPrivateNumbers(2, public)
+
+ assert private == dh.DHPrivateNumbers(2, public)
+ assert private != dh.DHPrivateNumbers(0, public)
+ assert private != dh.DHPrivateNumbers(2, dh.DHPublicNumbers(0, params))
+ assert private != dh.DHPrivateNumbers(
+ 2, dh.DHPublicNumbers(1, dh.DHParameterNumbers(65537, 0))
+ )
+ assert private != object()
+
+
+def test_dh_public_numbers_equality():
+ params = dh.DHParameterNumbers(65537, 3)
+ public = dh.DHPublicNumbers(1, params)
+
+ assert public == dh.DHPublicNumbers(1, params)
+ assert public != dh.DHPublicNumbers(0, params)
+ assert public != dh.DHPublicNumbers(1, dh.DHParameterNumbers(65537, 0))
+ assert public != object()
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 8c0fb80..9516492 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -10,7 +10,7 @@
from cryptography.exceptions import AlreadyFinalized, InvalidSignature
from cryptography.hazmat.backends.interfaces import DSABackend
-from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.asymmetric.utils import (
encode_rfc6979_signature
@@ -30,7 +30,7 @@
class TestDSA(object):
def test_generate_dsa_parameters(self, backend):
parameters = dsa.generate_parameters(1024, backend)
- assert isinstance(parameters, interfaces.DSAParameters)
+ assert isinstance(parameters, dsa.DSAParameters)
def test_generate_invalid_dsa_parameters(self, backend):
with pytest.raises(ValueError):
@@ -51,7 +51,7 @@
g=vector['g']
).parameters(backend)
skey = parameters.generate_private_key()
- if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
+ if isinstance(skey, dsa.DSAPrivateKeyWithNumbers):
numbers = skey.private_numbers()
skey_parameters = numbers.public_numbers.parameter_numbers
pkey = skey.public_key()
@@ -74,7 +74,7 @@
def test_generate_dsa_private_key_and_parameters(self, backend):
skey = dsa.generate_private_key(1024, backend)
assert skey
- if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
+ if isinstance(skey, dsa.DSAPrivateKeyWithNumbers):
numbers = skey.private_numbers()
skey_parameters = numbers.public_numbers.parameter_numbers
assert numbers.public_numbers.y == pow(
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 6d8e687..7418301 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -16,7 +16,7 @@
AlreadyFinalized, InvalidSignature, _Reasons
)
from cryptography.hazmat.backends.interfaces import RSABackend
-from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from cryptography.hazmat.primitives.asymmetric.rsa import (
RSAPrivateNumbers, RSAPublicNumbers
@@ -91,7 +91,7 @@
skey = rsa.generate_private_key(public_exponent, key_size, backend)
assert skey.key_size == key_size
- if isinstance(skey, interfaces.RSAPrivateKeyWithNumbers):
+ if isinstance(skey, rsa.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(skey.private_numbers())
pkey = skey.public_key()
assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers)
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index a4a9143..a17aac4 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -16,12 +16,7 @@
DERSerializationBackend, DSABackend, EllipticCurveBackend,
PEMSerializationBackend, RSABackend
)
-from cryptography.hazmat.primitives import interfaces
-from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.asymmetric.dsa import (
- DSAParameterNumbers, DSAPublicNumbers
-)
-from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
from cryptography.hazmat.primitives.serialization import (
load_der_private_key, load_der_public_key, load_pem_private_key,
load_pem_public_key, load_ssh_public_key
@@ -57,8 +52,8 @@
mode="rb"
)
assert key
- assert isinstance(key, interfaces.RSAPrivateKey)
- if isinstance(key, interfaces.RSAPrivateKeyWithNumbers):
+ assert isinstance(key, rsa.RSAPrivateKey)
+ if isinstance(key, rsa.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(key.private_numbers())
@pytest.mark.requires_backend_interface(interface=DSABackend)
@@ -80,8 +75,8 @@
mode="rb"
)
assert key
- assert isinstance(key, interfaces.DSAPrivateKey)
- if isinstance(key, interfaces.DSAPrivateKeyWithNumbers):
+ assert isinstance(key, dsa.DSAPrivateKey)
+ if isinstance(key, dsa.DSAPrivateKeyWithNumbers):
_check_dsa_private_numbers(key.private_numbers())
@pytest.mark.parametrize(
@@ -103,7 +98,7 @@
)
assert key
- assert isinstance(key, interfaces.EllipticCurvePrivateKey)
+ assert isinstance(key, ec.EllipticCurvePrivateKey)
assert key.curve.name == "secp256r1"
assert key.curve.key_size == 256
@@ -250,8 +245,8 @@
mode="rb"
)
assert key
- assert isinstance(key, interfaces.RSAPublicKey)
- if isinstance(key, interfaces.RSAPublicKeyWithNumbers):
+ assert isinstance(key, rsa.RSAPublicKey)
+ if isinstance(key, rsa.RSAPublicKeyWithNumbers):
numbers = key.public_numbers()
assert numbers.e == 65537
@@ -278,7 +273,7 @@
mode="rb"
)
assert key
- assert isinstance(key, interfaces.DSAPublicKey)
+ assert isinstance(key, dsa.DSAPublicKey)
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
def test_load_ec_public_key(self, backend):
@@ -293,7 +288,7 @@
mode="rb"
)
assert key
- assert isinstance(key, interfaces.EllipticCurvePublicKey)
+ assert isinstance(key, ec.EllipticCurvePublicKey)
assert key.curve.name == "secp256r1"
assert key.curve.key_size == 256
@@ -333,8 +328,8 @@
)
assert key
- assert isinstance(key, interfaces.RSAPrivateKey)
- if isinstance(key, interfaces.RSAPrivateKeyWithNumbers):
+ assert isinstance(key, rsa.RSAPrivateKey)
+ if isinstance(key, rsa.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(key.private_numbers())
@pytest.mark.parametrize(
@@ -355,8 +350,8 @@
)
)
assert key
- assert isinstance(key, interfaces.DSAPrivateKey)
- if isinstance(key, interfaces.DSAPrivateKeyWithNumbers):
+ assert isinstance(key, dsa.DSAPrivateKey)
+ if isinstance(key, dsa.DSAPrivateKeyWithNumbers):
_check_dsa_private_numbers(key.private_numbers())
@pytest.mark.parametrize(
@@ -379,7 +374,7 @@
)
assert key
- assert isinstance(key, interfaces.EllipticCurvePrivateKey)
+ assert isinstance(key, ec.EllipticCurvePrivateKey)
assert key.curve.name == "secp256r1"
assert key.curve.key_size == 256
@@ -399,8 +394,8 @@
)
)
assert key
- assert isinstance(key, interfaces.RSAPublicKey)
- if isinstance(key, interfaces.RSAPublicKeyWithNumbers):
+ assert isinstance(key, rsa.RSAPublicKey)
+ if isinstance(key, rsa.RSAPublicKeyWithNumbers):
numbers = key.public_numbers()
assert numbers.e == 65537
@@ -421,7 +416,7 @@
)
)
assert key
- assert isinstance(key, interfaces.DSAPublicKey)
+ assert isinstance(key, dsa.DSAPublicKey)
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
def test_load_ec_public_key(self, backend):
@@ -435,7 +430,7 @@
)
)
assert key
- assert isinstance(key, interfaces.EllipticCurvePublicKey)
+ assert isinstance(key, ec.EllipticCurvePublicKey)
assert key.curve.name == "secp256r1"
assert key.curve.key_size == 256
@@ -762,12 +757,12 @@
)
)
assert key
- assert isinstance(key, interfaces.DSAPrivateKey)
+ assert isinstance(key, dsa.DSAPrivateKey)
params = key.parameters()
- assert isinstance(params, interfaces.DSAParameters)
+ assert isinstance(params, dsa.DSAParameters)
- if isinstance(params, interfaces.DSAParametersWithNumbers):
+ if isinstance(params, dsa.DSAParametersWithNumbers):
num = key.private_numbers()
pub = num.public_numbers
parameter_numbers = pub.parameter_numbers
@@ -917,7 +912,7 @@
key = load_ssh_public_key(ssh_key, backend)
assert key is not None
- assert isinstance(key, interfaces.RSAPublicKey)
+ assert isinstance(key, rsa.RSAPublicKey)
numbers = key.public_numbers()
@@ -934,7 +929,7 @@
'46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31'
'7076A98ABF0A2D8550EAF2097D8CCC7BE76EF', 16)
- expected = RSAPublicNumbers(expected_e, expected_n)
+ expected = rsa.RSAPublicNumbers(expected_e, expected_n)
assert numbers == expected
@@ -1017,7 +1012,7 @@
key = load_ssh_public_key(ssh_key, backend)
assert key is not None
- assert isinstance(key, interfaces.DSAPublicKey)
+ assert isinstance(key, dsa.DSAPublicKey)
numbers = key.public_numbers()
@@ -1043,9 +1038,9 @@
"debb5982fc94d6a8c291f758feae63ad769a5621947221522a2dc31d18ede6f"
"b656", 16
)
- expected = DSAPublicNumbers(
+ expected = dsa.DSAPublicNumbers(
expected_y,
- DSAParameterNumbers(expected_p, expected_q, expected_g)
+ dsa.DSAParameterNumbers(expected_p, expected_q, expected_g)
)
assert numbers == expected
@@ -1062,7 +1057,7 @@
b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01"
)
key = load_ssh_public_key(ssh_key, backend)
- assert isinstance(key, interfaces.EllipticCurvePublicKey)
+ assert isinstance(key, ec.EllipticCurvePublicKey)
expected_x = int(
"44196257377740326295529888716212621920056478823906609851236662550"
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 8f00eee..0440832 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -17,8 +17,8 @@
from cryptography.hazmat.backends.interfaces import (
DSABackend, EllipticCurveBackend, RSABackend, X509Backend
)
-from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
from .hazmat.primitives.test_ec import _skip_curve_unsupported
from .utils import load_vectors_from_file
@@ -236,7 +236,7 @@
assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
assert cert.serial == 2
public_key = cert.public_key()
- assert isinstance(public_key, interfaces.RSAPublicKey)
+ assert isinstance(public_key, rsa.RSAPublicKey)
assert cert.version is x509.Version.v3
fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
@@ -352,8 +352,8 @@
)
assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
public_key = cert.public_key()
- assert isinstance(public_key, interfaces.DSAPublicKey)
- if isinstance(public_key, interfaces.DSAPublicKeyWithNumbers):
+ assert isinstance(public_key, dsa.DSAPublicKey)
+ if isinstance(public_key, dsa.DSAPublicKeyWithNumbers):
num = public_key.public_numbers()
assert num.y == int(
"4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
@@ -405,10 +405,8 @@
)
assert isinstance(cert.signature_hash_algorithm, hashes.SHA384)
public_key = cert.public_key()
- assert isinstance(public_key, interfaces.EllipticCurvePublicKey)
- if isinstance(
- public_key, interfaces.EllipticCurvePublicKeyWithNumbers
- ):
+ assert isinstance(public_key, ec.EllipticCurvePublicKey)
+ if isinstance(public_key, ec.EllipticCurvePublicKeyWithNumbers):
num = public_key.public_numbers()
assert num.x == int(
"dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"