more testing for rsa decrypt

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-09 14:11:42 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-20 16:53:03 -0500
commit: 67feca0acd64a5c19fa56efd754430d4213e9f8b (patch)
tree: 21a7504dfd74e9d30f65ea08daf77af50f4b1618
parent: a84de770889dec70d9976981445e68f9c4d658bf (diff)
download: cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.tar.gz
cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.tar.bz2
cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.zip
3 files changed, 29 insertions, 0 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 0d27bc7f..1586bf71 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -544,6 +544,11 @@ class Backend(object):
         if res <= 0:
             errors = self._consume_errors()
             assert errors
+            assert errors[0].lib == self._lib.ERR_LIB_RSA
+            assert (errors[0].reason ==
+                    self._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or
+                    errors[0].reason ==
+                    self._lib.RSA_R_BLOCK_TYPE_IS_NOT_02)
             raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:outlen[0]]
@@ -566,6 +571,11 @@ class Backend(object):
         if res < 0:
             errors = self._consume_errors()
             assert errors
+            assert errors[0].lib == self._lib.ERR_LIB_RSA
+            assert (errors[0].reason ==
+                    self._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or
+                    errors[0].reason ==
+                    self._lib.RSA_R_BLOCK_TYPE_IS_NOT_02)
             raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:res]
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index f51393aa..c08c880c 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -216,6 +216,8 @@ static const int PEM_R_UNSUPPORTED_ENCRYPTION;
 
 static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
 static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
+static const int RSA_R_BLOCK_TYPE_IS_NOT_01;
+static const int RSA_R_BLOCK_TYPE_IS_NOT_02;
 """
 
 FUNCTIONS = """
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index d8b25cbb..38fab6ec 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1349,3 +1349,20 @@ class TestRSADecryption(object):
                 padding.PKCS1v15(),
                 backend
             )
+
+    def test_decrypt_ciphertext_too_small(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        ct = binascii.unhexlify(
+            b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1"
+            b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0"
+        )
+        with pytest.raises(exceptions.InvalidDecryption):
+            private_key.decrypt(
+                ct,
+                padding.PKCS1v15(),
+                backend
+            )
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-09 14:11:42 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-20 16:53:03 -0500
commit	67feca0acd64a5c19fa56efd754430d4213e9f8b (patch)
tree	21a7504dfd74e9d30f65ea08daf77af50f4b1618
parent	a84de770889dec70d9976981445e68f9c4d658bf (diff)
download	cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.tar.gz cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.tar.bz2 cryptography-67feca0acd64a5c19fa56efd754430d4213e9f8b.zip