Merge branch 'master' into rsa-pss-signing

* master: add mgf1_hash_supported unsupported hash check more concise way of generating tests switch to a lambda rename some things add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSS revert one import order change a few small fixes Add ASN1_TIME_free import order fixes for future automated checking Conflicts: tests/hazmat/primitives/test_rsa.py tests/hazmat/primitives/utils.py
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-03-20 18:43:04 -0400
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-03-20 18:43:04 -0400
commit: cdd0d2f045816f007a44d56691a023dd25bcb47a (patch)
tree: a81524d68aa5af550a69772e94c22977d2811d29
parent: 798c03456d6f1fa8f27433a7e3928d583e1e120f (diff)
parent: 23c641dad201446a019d4a5f1181908744fd347a (diff)
download: cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.gz
cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.bz2
cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.zip
26 files changed, 214 insertions, 114 deletions
diff --git a/cryptography/__init__.py b/cryptography/__init__.py
index 599bb059..f27ba856 100644
--- a/cryptography/__init__.py
+++ b/cryptography/__init__.py
@@ -14,8 +14,8 @@
 from __future__ import absolute_import, division, print_function
 
 from cryptography.__about__ import (
-    __title__, __summary__, __uri__, __version__, __author__, __email__,
-    __license__, __copyright__
+    __author__, __copyright__, __email__, __license__, __summary__, __title__,
+    __uri__, __version__
 )
 
 
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 28d9c928..674ce8ae 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -23,7 +23,7 @@ import six
 
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import padding, hashes
+from cryptography.hazmat.primitives import hashes, padding
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.hazmat.primitives.hmac import HMAC
 
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 53228b31..dc0534ee 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,18 +17,18 @@ from collections import namedtuple
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InvalidTag, InternalError, UnsupportedCipher, UnsupportedHash
+    InternalError, InvalidTag, UnsupportedCipher, UnsupportedHash
 )
 from cryptography.hazmat.backends.interfaces import (
-    HashBackend, HMACBackend, CipherBackend, PBKDF2HMACBackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend
 )
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
-from cryptography.hazmat.primitives import interfaces, constant_time
+from cryptography.hazmat.primitives import constant_time, interfaces
 from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, Blowfish, TripleDES, ARC4, CAST5
+    AES, ARC4, Blowfish, CAST5, TripleDES
 )
 from cryptography.hazmat.primitives.ciphers.modes import (
-    CBC, CTR, ECB, OFB, CFB, GCM
+    CBC, CFB, CTR, ECB, GCM, OFB
 )
 
 
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index cca82a59..6c57b3df 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -18,7 +18,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
 )
 
 
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index fa50fcab..e3f421a5 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -21,23 +21,24 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InvalidTag, InternalError, AlreadyFinalized, UnsupportedCipher,
-    UnsupportedAlgorithm, UnsupportedHash, UnsupportedPadding, InvalidSignature
+    AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
+    UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash,
+    UnsupportedPadding
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
 )
 from cryptography.hazmat.bindings.openssl.binding import Binding
-from cryptography.hazmat.primitives import interfaces, hashes
+from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.asymmetric.padding import (
-    PKCS1v15, PSS, MGF1
+    MGF1, PKCS1v15, PSS
 )
 from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, Blowfish, Camellia, CAST5, TripleDES, ARC4, IDEA
+    AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES
 )
 from cryptography.hazmat.primitives.ciphers.modes import (
-    CBC, CTR, ECB, OFB, CFB, GCM,
+    CBC, CFB, CTR, ECB, GCM, OFB
 )
 
 
diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index ee809425..3673ea36 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -13,8 +13,8 @@
 
 from __future__ import absolute_import, division, print_function
 
-import sys
 import platform
+import sys
 
 from cryptography.hazmat.bindings.utils import build_ffi
 
diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/bindings/openssl/asn1.py
index 144a893e..dfdf1bf5 100644
--- a/cryptography/hazmat/bindings/openssl/asn1.py
+++ b/cryptography/hazmat/bindings/openssl/asn1.py
@@ -99,6 +99,7 @@ int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *);
 
 /*  ASN1 TIME */
 ASN1_TIME *ASN1_TIME_new(void);
+void ASN1_TIME_free(ASN1_TIME *);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
                                                    ASN1_GENERALIZEDTIME **);
 
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index 1275019e..f5dd2ed5 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -15,7 +15,7 @@ from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, NotYetFinalized, AlreadyUpdated, UnsupportedInterface
+    AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedInterface
 )
 from cryptography.hazmat.backends.interfaces import CipherBackend
 from cryptography.hazmat.primitives import interfaces
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index f70a7ddf..705e45d7 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface
+    AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
 )
 from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
 from cryptography.hazmat.primitives import constant_time, interfaces
diff --git a/setup.py b/setup.py
index f8b84a3b..1dfb80db 100644
--- a/setup.py
+++ b/setup.py
@@ -17,9 +17,10 @@ import os
 import sys
 from distutils.command.build import build
 
-from setuptools import setup, find_packages
+from setuptools import find_packages, setup
 from setuptools.command.test import test
 
+
 base_dir = os.path.dirname(__file__)
 
 about = {}
diff --git a/tests/conftest.py b/tests/conftest.py
index 36183f46..8e89af57 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -17,10 +17,10 @@ import pytest
 
 from cryptography.hazmat.backends import _available_backends
 from cryptography.hazmat.backends.interfaces import (
-    HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
 )
 
-from .utils import check_for_iface, check_backend_support, select_backends
+from .utils import check_backend_support, check_for_iface, select_backends
 
 
 def pytest_generate_tests(metafunc):
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 1062b2ba..72ed61c0 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedCipher, InternalError
+from cryptography.exceptions import InternalError, UnsupportedCipher
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 31fb0a26..c5c0d82a 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -20,7 +20,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
 )
 from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.primitives import hashes, hmac
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index ebabd5f1..3747f436 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -17,11 +17,11 @@ import pytest
 
 from cryptography import utils
 from cryptography.exceptions import (
-    UnsupportedCipher, UnsupportedHash, InternalError
+    InternalError, UnsupportedCipher, UnsupportedHash
 )
-from cryptography.hazmat.backends.openssl.backend import backend, Backend
-from cryptography.hazmat.primitives import interfaces, hashes
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography.hazmat.backends.openssl.backend import Backend, backend
+from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -40,6 +40,11 @@ class DummyCipher(object):
     name = "dummy-cipher"
 
 
+@utils.register_interface(interfaces.HashAlgorithm)
+class DummyHash(object):
+    name = "dummy-hash"
+
+
 class TestOpenSSL(object):
     def test_backend_exists(self):
         assert backend
@@ -173,6 +178,9 @@ class TestOpenSSL(object):
                 backend
             )
 
+    def test_unsupported_mgf1_hash_algorithm(self):
+        assert backend.mgf1_hash_supported(DummyHash()) is False
+
     # This test is not in the next class because to check if it's really
     # default we don't want to run the setup_method before it
     def test_osrandom_engine_is_default(self):
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index ad3626af..03be268d 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -20,7 +20,7 @@ import pytest
 
 from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
-from .utils import generate_encrypt_test, generate_aead_test
+from .utils import generate_aead_test, generate_encrypt_test
 from ...utils import load_nist_vectors
 
 
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 8ff00fd9..f2dab6cf 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -18,7 +18,7 @@ import binascii
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedCipher, AlreadyFinalized
+from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.ciphers import (
     Cipher, algorithms, modes
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index bd9625e9..1bea0bdb 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -20,7 +20,7 @@ import pytest
 from cryptography.exceptions import UnsupportedInterface
 from cryptography.hazmat.primitives import ciphers
 from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, Camellia, TripleDES, Blowfish, ARC4, CAST5, IDEA
+    AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES
 )
 from cryptography.hazmat.primitives.ciphers.modes import ECB
 
diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py
index 963fb69c..367addc9 100644
--- a/tests/hazmat/primitives/test_hkdf.py
+++ b/tests/hazmat/primitives/test_hkdf.py
@@ -13,10 +13,10 @@
 
 from __future__ import absolute_import, division, print_function
 
-import six
-
 import pytest
 
+import six
+
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidKey, UnsupportedInterface
 )
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 3589e6ac..1065359a 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -21,7 +21,7 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, UnsupportedHash, InvalidSignature, UnsupportedInterface
+    AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface
 )
 from cryptography.hazmat.backends.interfaces import HMACBackend
 from cryptography.hazmat.primitives import hashes, hmac, interfaces
diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py
index bf1e7f14..585693ea 100644
--- a/tests/hazmat/primitives/test_pbkdf2hmac.py
+++ b/tests/hazmat/primitives/test_pbkdf2hmac.py
@@ -18,11 +18,11 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface
+    AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface
 )
+from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
-from cryptography.hazmat.backends import default_backend
 
 
 @utils.register_interface(interfaces.HashAlgorithm)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 34f49f94..957e70a3 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -26,11 +26,11 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, UnsupportedInterface
 )
 from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
 
-from .utils import generate_rsa_pss_test, rsa_pss_signing_test
+from .utils import generate_rsa_verification_test, rsa_pss_signing_test
 from ...utils import (
-    load_pkcs1_vectors, load_vectors_from_file, load_rsa_nist_vectors
+    load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
 )
 
 
@@ -934,89 +934,175 @@ class TestRSAVerification(object):
             verifier.verify()
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
-    skip_message="Does not support SHA1 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA1(object):
-    test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test(
+class TestRSAPSSMGF1Verification(object):
+    test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA1()
-    )
-
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
-    skip_message="Does not support SHA224 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA224(object):
-    test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA224()
-    )
-
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
-    skip_message="Does not support SHA256 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA256(object):
-    test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA256()
-    )
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
+    test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384 with MGF1."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigGenPSS_186-2.rsp",
+            "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
-    skip_message="Does not support SHA384 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA384(object):
-    test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA384()
-    )
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
-    skip_message="Does not support SHA512 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA512(object):
-    test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test(
+class TestRSAPKCS1Verification(object):
+    test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
-            "SigGenPSS_186-2.rsp",
-            "SigGenPSS_186-3.rsp",
+            "SigVer15_186-3.rsp",
         ],
-        hashes.SHA512()
-    )
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
 
 
 class TestMGF1(object):
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index 548c6264..4bb7c6b3 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -18,10 +18,11 @@ import os
 import pytest
 
 from cryptography.exceptions import InvalidToken, UnsupportedInterface
-from cryptography.hazmat.primitives.twofactor.hotp import HOTP
 from cryptography.hazmat.primitives import hashes
-from tests.utils import load_vectors_from_file, load_nist_vectors
 from cryptography.hazmat.primitives.hashes import MD5, SHA1
+from cryptography.hazmat.primitives.twofactor.hotp import HOTP
+
+from ....utils import load_nist_vectors, load_vectors_from_file
 
 vectors = load_vectors_from_file(
     "twofactor/rfc-4226.txt", load_nist_vectors)
diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
index 294c19ab..d5b0a8ed 100644
--- a/tests/hazmat/primitives/twofactor/test_totp.py
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -18,7 +18,8 @@ import pytest
 from cryptography.exceptions import InvalidToken, UnsupportedInterface
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.twofactor.totp import TOTP
-from tests.utils import load_vectors_from_file, load_nist_vectors
+
+from ....utils import load_nist_vectors, load_vectors_from_file
 
 vectors = load_vectors_from_file(
     "twofactor/rfc-6238.txt", load_nist_vectors)
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 5d3b4d15..76212daa 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -14,21 +14,20 @@
 from __future__ import absolute_import, division, print_function
 
 import binascii
-import os
-
 import itertools
+import os
 
 import pytest
 
+from cryptography.exceptions import (
+    AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag,
+    NotYetFinalized
+)
 from cryptography.hazmat.primitives import hashes, hmac
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
-from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.kdf.hkdf import HKDF
-
-from cryptography.exceptions import (
-    AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag,
-)
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 
 from ...utils import load_vectors_from_file
 
@@ -376,36 +375,37 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm):
     return test_hkdf
 
 
-def generate_rsa_pss_test(param_loader, path, file_names, hash_alg):
+def generate_rsa_verification_test(param_loader, path, file_names, hash_alg,
+                                   pad_factory):
     all_params = _load_all_params(path, file_names, param_loader)
     all_params = [i for i in all_params
                   if i["algorithm"] == hash_alg.name.upper()]
 
     @pytest.mark.parametrize("params", all_params)
-    def test_rsa_pss(self, backend, params):
-        rsa_pss_test(backend, params, hash_alg)
+    def test_rsa_verification(self, backend, params):
+        rsa_verification_test(backend, params, hash_alg, pad_factory)
 
-    return test_rsa_pss
+    return test_rsa_verification
 
 
-def rsa_pss_test(backend, params, hash_alg):
+def rsa_verification_test(backend, params, hash_alg, pad_factory):
     public_key = rsa.RSAPublicKey(
         public_exponent=params["public_exponent"],
         modulus=params["modulus"]
     )
+    pad = pad_factory(params, hash_alg)
     verifier = public_key.verifier(
         binascii.unhexlify(params["s"]),
-        padding.PSS(
-            mgf=padding.MGF1(
-                algorithm=hash_alg,
-                salt_length=params["salt_length"]
-            )
-        ),
+        pad,
         hash_alg,
         backend
     )
     verifier.update(binascii.unhexlify(params["msg"]))
-    verifier.verify()
+    if params["fail"]:
+        with pytest.raises(InvalidSignature):
+            verifier.verify()
+    else:
+        verifier.verify()
 
 
 def rsa_pss_signing_test(backend, hash_alg):
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 1003d61d..e5ab4cf1 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -21,10 +21,10 @@ import pretend
 import pytest
 
 from .utils import (
-    load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors,
-    load_hash_vectors, check_for_iface, check_backend_support,
-    select_backends, load_pkcs1_vectors, load_rsa_nist_vectors,
-    load_fips_dsa_key_pair_vectors
+    check_backend_support, check_for_iface, load_cryptrec_vectors,
+    load_fips_dsa_key_pair_vectors, load_hash_vectors, load_nist_vectors,
+    load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,
+    select_backends
 )
 
 
diff --git a/tests/utils.py b/tests/utils.py
index 4d6882c2..79996b6d 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -16,9 +16,10 @@ from __future__ import absolute_import, division, print_function
 import collections
 import os
 
-import six
 import pytest
 
+import six
+
 
 HashVector = collections.namedtuple("HashVector", ["message", "digest"])
 KeyedHashVector = collections.namedtuple(
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-03-20 18:43:04 -0400
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-03-20 18:43:04 -0400
commit	cdd0d2f045816f007a44d56691a023dd25bcb47a (patch)
tree	a81524d68aa5af550a69772e94c22977d2811d29
parent	798c03456d6f1fa8f27433a7e3928d583e1e120f (diff)
parent	23c641dad201446a019d4a5f1181908744fd347a (diff)
download	cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.gz cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.bz2 cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.zip