diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-30 07:43:33 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-30 07:43:33 -0700 |
| commit | d9f3eda687002fc55b389e15f62a963029fa0fb6 (patch) | |
| tree | 83a76329d9b6c2c7f3fc4115c93ea259752849bc | |
| parent | 3a660c05aa99a4bbd0293eebff9d6d4d42560710 (diff) | |
| parent | 12ff164e1144fccc4d9a81af8a056a50c340164c (diff) | |
| download | cryptography-d9f3eda687002fc55b389e15f62a963029fa0fb6.tar.gz cryptography-d9f3eda687002fc55b389e15f62a963029fa0fb6.tar.bz2 cryptography-d9f3eda687002fc55b389e15f62a963029fa0fb6.zip | |
Merge pull request #1371 from reaperhulk/advance-rsa-deprecation-cycle
Advance RSA deprecation cycle
| -rw-r--r-- | cryptography/hazmat/backends/interfaces.py | 33 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 88 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/rsa.py | 192 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 100 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 237 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 67 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 464 |
7 files changed, 80 insertions, 1101 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index f471b948..00bcc443 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -112,39 +112,6 @@ class RSABackend(object): """ @abc.abstractmethod - def create_rsa_signature_ctx(self, private_key, padding, algorithm): - """ - Returns an object conforming to the AsymmetricSignatureContext - interface. - """ - - @abc.abstractmethod - def create_rsa_verification_ctx(self, public_key, signature, padding, - algorithm): - """ - Returns an object conforming to the AsymmetricVerificationContext - interface. - """ - - @abc.abstractmethod - def mgf1_hash_supported(self, algorithm): - """ - Return True if the hash algorithm is supported for MGF1 in PSS. - """ - - @abc.abstractmethod - def decrypt_rsa(self, private_key, ciphertext, padding): - """ - Returns decrypted bytes. - """ - - @abc.abstractmethod - def encrypt_rsa(self, public_key, plaintext, padding): - """ - Returns encrypted bytes. - """ - - @abc.abstractmethod def rsa_padding_supported(self, padding): """ Returns True if the backend supports the given padding options. diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 9a36674a..a0a7ac18 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -44,8 +44,7 @@ from cryptography.hazmat.backends.openssl.ec import ( from cryptography.hazmat.backends.openssl.hashes import _HashContext from cryptography.hazmat.backends.openssl.hmac import _HMACContext from cryptography.hazmat.backends.openssl.rsa import ( - _RSAPrivateKey, _RSAPublicKey, _RSASignatureContext, - _RSAVerificationContext + _RSAPrivateKey, _RSAPublicKey ) from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import hashes @@ -551,69 +550,6 @@ class Backend(object): pem_password_cb ) - def _rsa_cdata_from_private_key(self, private_key): - ctx = self._lib.RSA_new() - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) - - ctx.p = self._int_to_bn(private_key.p) - ctx.q = self._int_to_bn(private_key.q) - ctx.d = self._int_to_bn(private_key.d) - ctx.e = self._int_to_bn(private_key.e) - ctx.n = self._int_to_bn(private_key.n) - ctx.dmp1 = self._int_to_bn(private_key.dmp1) - ctx.dmq1 = self._int_to_bn(private_key.dmq1) - ctx.iqmp = self._int_to_bn(private_key.iqmp) - res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL) - assert res == 1 - - return ctx - - def _rsa_cdata_from_public_key(self, public_key): - ctx = self._lib.RSA_new() - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.RSA_free) - - ctx.e = self._int_to_bn(public_key.e) - ctx.n = self._int_to_bn(public_key.n) - res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL) - assert res == 1 - - return ctx - - def create_rsa_signature_ctx(self, private_key, padding, algorithm): - warnings.warn( - "create_rsa_signature_ctx is deprecated and will be removed in a " - "future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - rsa_cdata = self._rsa_cdata_from_private_key(private_key) - key = _RSAPrivateKey(self, rsa_cdata) - return _RSASignatureContext(self, key, padding, algorithm) - - def create_rsa_verification_ctx(self, public_key, signature, padding, - algorithm): - warnings.warn( - "create_rsa_verification_ctx is deprecated and will be removed in " - "a future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - rsa_cdata = self._rsa_cdata_from_public_key(public_key) - key = _RSAPublicKey(self, rsa_cdata) - return _RSAVerificationContext(self, key, signature, padding, - algorithm) - - def mgf1_hash_supported(self, algorithm): - warnings.warn( - "mgf1_hash_supported is deprecated and will be removed in " - "a future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - return self._mgf1_hash_supported(algorithm) - def _mgf1_hash_supported(self, algorithm): if self._lib.Cryptography_HAS_MGF1_MD: return self.hash_supported(algorithm) @@ -774,28 +710,6 @@ class Backend(object): else: return True - def decrypt_rsa(self, private_key, ciphertext, padding): - warnings.warn( - "decrypt_rsa is deprecated and will be removed in a future " - "version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - rsa_cdata = self._rsa_cdata_from_private_key(private_key) - key = _RSAPrivateKey(self, rsa_cdata) - return key.decrypt(ciphertext, padding) - - def encrypt_rsa(self, public_key, plaintext, padding): - warnings.warn( - "encrypt_rsa is deprecated and will be removed in a future " - "version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - rsa_cdata = self._rsa_cdata_from_public_key(public_key) - key = _RSAPublicKey(self, rsa_cdata) - return key.encrypt(plaintext, padding) - def cmac_algorithm_supported(self, algorithm): return ( self._lib.Cryptography_HAS_CMAC == 1 diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 398b3763..c192811d 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -13,11 +13,8 @@ from __future__ import absolute_import, division, print_function -import warnings - import six -from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend @@ -94,65 +91,6 @@ def _check_public_key_components(e, n): raise ValueError("e must be odd.") -class RSAPublicKey(object): - def __init__(self, public_exponent, modulus): - warnings.warn( - "The RSAPublicKey class is deprecated and will be removed in a " - "future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - if ( - not isinstance(public_exponent, six.integer_types) or - not isinstance(modulus, six.integer_types) - ): - raise TypeError("RSAPublicKey arguments must be integers.") - - _check_public_key_components(public_exponent, modulus) - - self._public_exponent = public_exponent - self._modulus = modulus - - def verifier(self, signature, padding, algorithm, backend): - if not isinstance(backend, RSABackend): - raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend.", - _Reasons.BACKEND_MISSING_INTERFACE - ) - - return backend.create_rsa_verification_ctx(self, signature, padding, - algorithm) - - def encrypt(self, plaintext, padding, backend): - if not isinstance(backend, RSABackend): - raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend.", - _Reasons.BACKEND_MISSING_INTERFACE - ) - - return backend.encrypt_rsa(self, plaintext, padding) - - @property - def key_size(self): - return utils.bit_length(self.modulus) - - @property - def public_exponent(self): - return self._public_exponent - - @property - def modulus(self): - return self._modulus - - @property - def e(self): - return self.public_exponent - - @property - def n(self): - return self.modulus - - def _modinv(e, m): """ Modular Multiplicative Inverse. Returns x such that: (x*e) mod m == 1 @@ -189,136 +127,6 @@ def rsa_crt_dmq1(private_exponent, q): return private_exponent % (q - 1) -class RSAPrivateKey(object): - def __init__(self, p, q, private_exponent, dmp1, dmq1, iqmp, - public_exponent, modulus): - warnings.warn( - "The RSAPrivateKey class is deprecated and will be removed in a " - "future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - if ( - not isinstance(p, six.integer_types) or - not isinstance(q, six.integer_types) or - not isinstance(dmp1, six.integer_types) or - not isinstance(dmq1, six.integer_types) or - not isinstance(iqmp, six.integer_types) or - not isinstance(private_exponent, six.integer_types) or - not isinstance(public_exponent, six.integer_types) or - not isinstance(modulus, six.integer_types) - ): - raise TypeError("RSAPrivateKey arguments must be integers.") - - _check_private_key_components(p, q, private_exponent, dmp1, dmq1, iqmp, - public_exponent, modulus) - - self._p = p - self._q = q - self._dmp1 = dmp1 - self._dmq1 = dmq1 - self._iqmp = iqmp - self._private_exponent = private_exponent - self._public_exponent = public_exponent - self._modulus = modulus - - @classmethod - def generate(cls, public_exponent, key_size, backend): - warnings.warn( - "generate is deprecated and will be removed in a future version.", - utils.DeprecatedIn05, - stacklevel=2 - ) - if not isinstance(backend, RSABackend): - raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend.", - _Reasons.BACKEND_MISSING_INTERFACE - ) - - _verify_rsa_parameters(public_exponent, key_size) - key = backend.generate_rsa_private_key(public_exponent, key_size) - private_numbers = key.private_numbers() - return RSAPrivateKey( - p=private_numbers.p, - q=private_numbers.q, - dmp1=private_numbers.dmp1, - dmq1=private_numbers.dmq1, - iqmp=private_numbers.iqmp, - private_exponent=private_numbers.d, - public_exponent=private_numbers.public_numbers.e, - modulus=private_numbers.public_numbers.n - ) - - def signer(self, padding, algorithm, backend): - if not isinstance(backend, RSABackend): - raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend.", - _Reasons.BACKEND_MISSING_INTERFACE - ) - - return backend.create_rsa_signature_ctx(self, padding, algorithm) - - def decrypt(self, ciphertext, padding, backend): - if not isinstance(backend, RSABackend): - raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend.", - _Reasons.BACKEND_MISSING_INTERFACE - ) - - return backend.decrypt_rsa(self, ciphertext, padding) - - @property - def key_size(self): - return utils.bit_length(self.modulus) - - def public_key(self): - return RSAPublicKey(self.public_exponent, self.modulus) - - @property - def p(self): - return self._p - - @property - def q(self): - return self._q - - @property - def private_exponent(self): - return self._private_exponent - - @property - def public_exponent(self): - return self._public_exponent - - @property - def modulus(self): - return self._modulus - - @property - def d(self): - return self.private_exponent - - @property - def dmp1(self): - return self._dmp1 - - @property - def dmq1(self): - return self._dmq1 - - @property - def iqmp(self): - return self._iqmp - - @property - def e(self): - return self.public_exponent - - @property - def n(self): - return self.modulus - - class RSAPrivateNumbers(object): def __init__(self, p, q, d, dmp1, dmq1, iqmp, public_numbers): diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 77de4ac8..4f4c5680 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -240,63 +240,6 @@ A specific ``backend`` may provide one or more of these interfaces. :raises ValueError: If the public_exponent is not valid. - .. method:: create_rsa_signature_ctx(private_key, padding, algorithm) - - .. deprecated:: 0.5 - - :param private_key: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` - provider. - - :param padding: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - - .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm) - - .. deprecated:: 0.5 - - :param public_key: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` - provider. - - :param bytes signature: The signature to verify. - - :param padding: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - - .. method:: mgf1_hash_supported(algorithm) - - ..deprecated:: 0.5 - - Check if the specified ``algorithm`` is supported for use with - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - padding. This method is deprecated in favor of - ``rsa_padding_supported``. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :returns: ``True`` if the specified ``algorithm`` is supported by this - backend, otherwise ``False``. - .. method:: rsa_padding_supported(padding) Check if the specified ``padding`` is supported by the backend. @@ -317,49 +260,6 @@ A specific ``backend`` may provide one or more of these interfaces. :param int key_size: The bit length of the generated modulus. - .. method:: decrypt_rsa(private_key, ciphertext, padding) - - .. deprecated:: 0.5 - - :param private_key: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` - provider. - - :param bytes ciphertext: The ciphertext to decrypt. - - :param padding: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :return bytes: The decrypted data. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported - MGF, hash function, or padding is chosen. - - :raises ValueError: When decryption fails or key size does not match - ciphertext length. - - .. method:: encrypt_rsa(public_key, plaintext, padding) - - .. deprecated:: 0.5 - - :param public_key: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` - provider. - - :param bytes plaintext: The plaintext to encrypt. - - :param padding: An instance of an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :return bytes: The encrypted data. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported - MGF, hash function, or padding is chosen. - - :raises ValueError: When plaintext is too long for the key size. - .. method:: load_rsa_private_numbers(numbers): :param numbers: An instance of diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index a9637523..a5cebb1d 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -265,243 +265,6 @@ this without having to do the math themselves. Generates the ``dmq1`` parameter from the RSA private exponent and prime ``q``. -Deprecated Concrete Classes -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -These classes were deprecated in version 0.5 in favor of backend specific -providers of the -:class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` and -:class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interfaces. - -.. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus) - - .. versionadded:: 0.2 - - .. deprecated:: 0.5 - - An RSA private key is required for decryption and signing of messages. - - You should use :func:`generate_private_key` to generate new keys. - - .. warning:: - This method only checks a limited set of properties of its arguments. - Using an RSA private key that you do not trust or with incorrect - parameters may lead to insecure operation, crashes, and other undefined - behavior. We recommend that you only ever load private keys that were - generated with software you trust. - - - :raises TypeError: This is raised when the arguments are not all integers. - - :raises ValueError: This is raised when the values of ``p``, ``q``, - ``private_exponent``, ``public_exponent``, or - ``modulus`` do not match the bounds specified in - :rfc:`3447`. - - .. classmethod:: generate(public_exponent, key_size, backend) - - Generate a new ``RSAPrivateKey`` instance using ``backend``. - - :param int public_exponent: The public exponent of the new key. - Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in - doubt you should `use 65537`_. - :param int key_size: The length of the modulus in bits. For keys - generated in 2014 it is strongly recommended to be - `at least 2048`_ (See page 41). It must not be less than 512. - Some backends may have additional limitations. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - :return: A new instance of ``RSAPrivateKey``. - - :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if - the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - - - .. method:: signer(padding, algorithm, backend) - - .. versionadded:: 0.3 - - Sign data which can be verified later by others using the public key. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. Valid values are - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` and - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` - (``PSS`` is recommended for all new applications). - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext` - - :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if - the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if - the backend does not support the chosen hash or padding algorithm. - If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the ``MGF1`` hash - algorithm. - - :raises TypeError: This is raised when the padding is not an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :raises ValueError: This is raised when the chosen hash algorithm is - too large for the key size. - - .. method:: decrypt(ciphertext, padding, backend) - - .. versionadded:: 0.4 - - Decrypt data that was encrypted with the public key. - - :param bytes ciphertext: The ciphertext to decrypt. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - - :return bytes: Decrypted data. - - :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if - the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if - the backend does not support the chosen hash or padding algorithm. - If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the ``MGF1`` hash - algorithm. - - :raises TypeError: This is raised when the padding is not an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :raises ValueError: This is raised when decryption fails or the data - is too large for the key size. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` - it may also be raised for invalid label values. - - -.. class:: RSAPublicKey(public_exponent, modulus) - - .. versionadded:: 0.2 - - .. deprecated:: 0.5 - - An RSA public key is required for encryption and verification of messages. - - Normally you do not need to directly construct public keys because you'll - be loading them from a file, generating them automatically or receiving - them from a 3rd party. - - :raises TypeError: This is raised when the arguments are not all integers. - - :raises ValueError: This is raised when the values of ``public_exponent`` - or ``modulus`` do not match the bounds specified in - :rfc:`3447`. - - .. method:: verifier(signature, padding, algorithm, backend) - - .. versionadded:: 0.3 - - Verify data was signed by the private key associated with this public - key. - - :param bytes signature: The signature to verify. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. Valid values are - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` and - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15` - (``PSS`` is recommended for all new applications). - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` - provider. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` - - :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if - the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if - the backend does not support the chosen hash or padding algorithm. - If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the ``MGF1`` hash - algorithm. - - :raises TypeError: This is raised when the padding is not an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :raises ValueError: This is raised when the chosen hash algorithm is - too large for the key size. - - .. method:: encrypt(plaintext, padding, backend) - - .. versionadded:: 0.4 - - Encrypt data using the public key. The resulting ciphertext can only - be decrypted with the private key. - - :param bytes plaintext: The plaintext to encrypt. - - :param padding: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - - :return bytes: Encrypted data. - - :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if - the provided ``backend`` does not implement - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if - the backend does not support the chosen hash or padding algorithm. - If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` - with the - :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` - mask generation function it may also refer to the ``MGF1`` hash - algorithm. - - :raises TypeError: This is raised when the padding is not an - :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` - provider. - - :raises ValueError: This is raised if the data is too large for the - key size. If the padding is - :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` - it may also be raised for invalid label values. - .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index b00543fe..b3a17884 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -325,7 +325,7 @@ class TestOpenSSLRSA(object): reason="Requires an older OpenSSL. Must be < 1.0.1" ) def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self): - private_key = rsa.RSAPrivateKey.generate( + private_key = rsa.generate_private_key( public_exponent=65537, key_size=512, backend=backend @@ -338,8 +338,7 @@ class TestOpenSSLRSA(object): ), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): @@ -351,16 +350,9 @@ class TestOpenSSLRSA(object): ), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) - def test_unsupported_mgf1_hash_algorithm(self): - assert pytest.deprecated_call( - backend.mgf1_hash_supported, - DummyHash() - ) is False - def test_rsa_padding_unsupported_pss_mgf1_hash(self): assert backend.rsa_padding_supported( padding.PSS(mgf=padding.MGF1(DummyHash()), salt_length=0) @@ -400,7 +392,7 @@ class TestOpenSSLRSA(object): ) is False def test_unsupported_mgf1_hash_algorithm_decrypt(self): - private_key = rsa.RSAPrivateKey.generate( + private_key = rsa.generate_private_key( public_exponent=65537, key_size=512, backend=backend @@ -412,12 +404,11 @@ class TestOpenSSLRSA(object): mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA1(), label=None - ), - backend + ) ) def test_unsupported_oaep_hash_algorithm_decrypt(self): - private_key = rsa.RSAPrivateKey.generate( + private_key = rsa.generate_private_key( public_exponent=65537, key_size=512, backend=backend @@ -429,12 +420,11 @@ class TestOpenSSLRSA(object): mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA256(), label=None - ), - backend + ) ) def test_unsupported_oaep_label_decrypt(self): - private_key = rsa.RSAPrivateKey.generate( + private_key = rsa.generate_private_key( public_exponent=65537, key_size=512, backend=backend @@ -446,8 +436,7 @@ class TestOpenSSLRSA(object): mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=b"label" - ), - backend + ) ) @@ -513,44 +502,6 @@ class TestOpenSSLEllipticCurve(object): _sn_to_elliptic_curve(backend, b"fake") -class TestDeprecatedRSABackendMethods(object): - def test_create_rsa_signature_ctx(self): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) - pytest.deprecated_call( - backend.create_rsa_signature_ctx, - private_key, - padding.PKCS1v15(), - hashes.SHA1() - ) - - def test_create_rsa_verification_ctx(self): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) - public_key = private_key.public_key() - pytest.deprecated_call( - backend.create_rsa_verification_ctx, - public_key, - b"\x00" * 64, - padding.PKCS1v15(), - hashes.SHA1() - ) - - def test_encrypt_decrypt_rsa(self): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) - public_key = private_key.public_key() - ct = pytest.deprecated_call( - backend.encrypt_rsa, - public_key, - b"\x00" * 32, - padding.PKCS1v15() - ) - pytest.deprecated_call( - backend.decrypt_rsa, - private_key, - ct, - padding.PKCS1v15() - ) - - class TestDeprecatedDSABackendMethods(object): def test_create_dsa_signature_ctx(self): params = dsa.DSAParameters.generate(1024, backend) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 88b30d61..d1583e25 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -103,16 +103,6 @@ class TestRSA(object): pkey = skey.public_key() assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers) - def test_generate_rsa_key_class_method(self, backend): - skey = pytest.deprecated_call( - rsa.RSAPrivateKey.generate, - 65537, - 512, - backend - ) - assert skey.key_size == 512 - assert skey.public_exponent == 65537 - def test_generate_bad_public_exponent(self, backend): with pytest.raises(ValueError): rsa.generate_private_key(public_exponent=1, @@ -172,239 +162,6 @@ class TestRSA(object): assert public_num.n == public_num2.n assert public_num.e == public_num2.e - def test_invalid_private_key_argument_types(self): - with pytest.raises(TypeError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - None, - None, - None, - None, - None, - None, - None, - None - ) - - def test_invalid_public_key_argument_types(self): - with pytest.raises(TypeError): - pytest.deprecated_call(rsa.RSAPublicKey, None, None) - - def test_invalid_private_key_argument_values(self): - # Start with p=3, q=11, private_exponent=3, public_exponent=7, - # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at - # a time to test the bounds. - - # Test a modulus < 3. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=2 - ) - - # Test a modulus != p * q. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=35 - ) - - # Test a p > modulus. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=37, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a q > modulus. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=37, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmp1 > modulus. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=35, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmq1 > modulus. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=35, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test an iqmp > modulus. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=35, - public_exponent=7, - modulus=33 - ) - - # Test a private_exponent > modulus - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=37, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a public_exponent < 3 - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=1, - modulus=33 - ) - - # Test a public_exponent > modulus - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=65537, - modulus=33 - ) - - # Test a public_exponent that is not odd. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=6, - modulus=33 - ) - - # Test a dmp1 that is not odd. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=2, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmq1 that is not odd. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPrivateKey, - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=4, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - def test_invalid_public_key_argument_values(self): - # Start with public_exponent=7, modulus=15. Then change one value at a - # time to test the bounds. - - # Test a modulus < 3. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPublicKey, public_exponent=7, modulus=2 - ) - - # Test a public_exponent < 3 - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPublicKey, public_exponent=1, modulus=15 - ) - - # Test a public_exponent > modulus - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPublicKey, public_exponent=17, modulus=15 - ) - - # Test a public_exponent that is not odd. - with pytest.raises(ValueError): - pytest.deprecated_call( - rsa.RSAPublicKey, public_exponent=6, modulus=15 - ) - def test_rsa_generate_invalid_backend(): pretend_backend = object() @@ -412,11 +169,6 @@ def test_rsa_generate_invalid_backend(): with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): rsa.generate_private_key(65537, 2048, pretend_backend) - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - pytest.deprecated_call( - rsa.RSAPrivateKey.generate, 65537, 2048, pretend_backend - ) - @pytest.mark.rsa class TestRSASignature(object): @@ -436,18 +188,19 @@ class TestRSASignature(object): ) def test_pkcs1v15_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey, + private_key = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] - ) - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) + ).private_key(backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(binascii.unhexlify(example["message"])) signature = signer.finalize() assert binascii.hexlify(signature) == example["signature"] @@ -471,28 +224,28 @@ class TestRSASignature(object): ) def test_pss_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey, + private_key = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] - ) - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] - ) + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) + ).private_key(backend) + public_key = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] + ).public_key(backend) signer = private_key.signer( padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) signer.update(binascii.unhexlify(example["message"])) signature = signer.finalize() @@ -507,7 +260,6 @@ class TestRSASignature(object): salt_length=padding.PSS.MAX_LENGTH ), hashes.SHA1(), - backend ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -635,24 +387,6 @@ class TestRSASignature(object): with pytest.raises(TypeError): private_key.signer("notpadding", hashes.SHA1()) - def test_rsa_signer_invalid_backend(self, backend): - pretend_backend = object() - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey, - p=RSA_KEY_512.p, - q=RSA_KEY_512.q, - private_exponent=RSA_KEY_512.d, - dmp1=RSA_KEY_512.dmp1, - dmq1=RSA_KEY_512.dmq1, - iqmp=RSA_KEY_512.iqmp, - public_exponent=RSA_KEY_512.public_numbers.e, - modulus=RSA_KEY_512.public_numbers.n - ) - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - private_key.signer( - padding.PKCS1v15(), hashes.SHA256, pretend_backend) - @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) @@ -720,15 +454,14 @@ class TestRSAVerification(object): ) def test_pkcs1v15_verification(self, pkcs1_example, backend): private, public, example = pkcs1_example - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] - ) + public_key = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] + ).public_key(backend) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), padding.PKCS1v15(), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -795,18 +528,17 @@ class TestRSAVerification(object): ) def test_pss_verification(self, pkcs1_example, backend): private, public, example = pkcs1_example - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] - ) + public_key = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] + ).public_key(backend) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=20 ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -821,14 +553,14 @@ class TestRSAVerification(object): skip_message="Does not support PSS." ) def test_invalid_pss_signature_wrong_data(self, backend): - public_key = rsa.RSAPublicKey( - modulus=int( + public_key = rsa.RSAPublicNumbers( + n=int( b"dffc2137d5e810cde9e4b4612f5796447218bab913b3fa98bdf7982e4fa6" b"ec4d6653ef2b29fb1642b095befcbea6decc178fb4bed243d3c3592c6854" b"6af2d3f3", 16 ), - public_exponent=65537 - ) + e=65537 + ).public_key(backend) signature = binascii.unhexlify( b"0e68c3649df91c5bc3665f96e157efa75b71934aaa514d91e94ca8418d100f45" b"6f05288e58525f99666bab052adcffdf7186eb40f583bd38d98c97d3d524808b" @@ -839,8 +571,7 @@ class TestRSAVerification(object): mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"incorrect data") with pytest.raises(InvalidSignature): @@ -860,24 +591,23 @@ class TestRSAVerification(object): b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826" b"f8a46c431e0d7be0ca3e453f8b2b009e2733764da7927cc6dbe7a021437a242e" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_key = rsa.RSAPublicNumbers( + n=int( b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68" b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8" b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303" b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4" b"030d3581e13522e1", 16 ), - public_exponent=65537 - ) + e=65537 + ).public_key(backend) verifier = public_key.verifier( signature, padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -897,24 +627,23 @@ class TestRSAVerification(object): b"cb43bde4f7ab89eb4a79c6e8dd67e0d1af60715da64429d90c716a490b799c29" b"194cf8046509c6ed851052367a74e2e92d9b38947ed74332acb115a03fcc0222" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_key = rsa.RSAPublicNumbers( + n=int( b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68" b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8" b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303" b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4" b"030d3581e13522", 16 ), - public_exponent=65537 - ) + e=65537 + ).public_key(backend) verifier = public_key.verifier( signature, padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -957,20 +686,6 @@ class TestRSAVerification(object): with pytest.raises(TypeError): public_key.verifier(b"sig", "notpadding", hashes.SHA1()) - def test_rsa_verifier_invalid_backend(self, backend): - pretend_backend = object() - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey.generate, - 65537, - 2048, - backend - ) - public_key = private_key.public_key() - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - public_key.verifier( - b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) - @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) @@ -1034,14 +749,14 @@ class TestRSAVerification(object): b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8" b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_key = rsa.RSAPublicNumbers( + n=int( b"d309e4612809437548b747d7f9eb9cd3340f54fe42bb3f84a36933b0839c" b"11b0c8b7f67e11f7252370161e31159c49c784d4bc41c42a78ce0f0b40a3" b"ca8ffb91", 16 ), - public_exponent=65537 - ) + e=65537 + ).public_key(backend) verifier = public_key.verifier( signature, padding.PSS( @@ -1050,8 +765,7 @@ class TestRSAVerification(object): ), salt_length=1000000 ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -1354,23 +1068,21 @@ class TestRSADecryption(object): ) def test_decrypt_pkcs1v15_vectors(self, vector, backend): private, public, example = vector - skey = rsa.RSAPrivateKey( + skey = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] - ) + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) + ).private_key(backend) ciphertext = binascii.unhexlify(example["encryption"]) assert len(ciphertext) == math.ceil(skey.key_size / 8.0) - message = skey.decrypt( - ciphertext, - padding.PKCS1v15(), - backend - ) + message = skey.decrypt(ciphertext, padding.PKCS1v15()) assert message == binascii.unhexlify(example["message"]) def test_unsupported_padding(self, backend): @@ -1424,19 +1136,6 @@ class TestRSADecryption(object): padding.PKCS1v15() ) - def test_rsa_decrypt_invalid_backend(self, backend): - pretend_backend = object() - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey.generate, 65537, 2048, backend - ) - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - private_key.decrypt( - b"irrelevant", - padding.PKCS1v15(), - pretend_backend - ) - @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.OAEP( @@ -1457,25 +1156,25 @@ class TestRSADecryption(object): ) def test_decrypt_oaep_vectors(self, vector, backend): private, public, example = vector - skey = pytest.deprecated_call( - rsa.RSAPrivateKey, + skey = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] - ) + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) + ).private_key(backend) message = skey.decrypt( binascii.unhexlify(example["encryption"]), padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None - ), - backend + ) ) assert message == binascii.unhexlify(example["message"]) @@ -1520,22 +1219,13 @@ class TestRSAEncryption(object): ) ) def test_rsa_encrypt_oaep(self, key_data, pad, backend): - private_key = rsa.RSAPrivateKey( - p=key_data.p, - q=key_data.q, - private_exponent=key_data.d, - dmp1=key_data.dmp1, - dmq1=key_data.dmq1, - iqmp=key_data.iqmp, - public_exponent=key_data.public_numbers.e, - modulus=key_data.public_numbers.n - ) + private_key = key_data.private_key(backend) pt = b"encrypt me!" public_key = private_key.public_key() - ct = public_key.encrypt(pt, pad, backend) + ct = public_key.encrypt(pt, pad) assert ct != pt assert len(ct) == math.ceil(public_key.key_size / 8.0) - recovered_pt = private_key.decrypt(ct, pad, backend) + recovered_pt = private_key.decrypt(ct, pad) assert recovered_pt == pt @pytest.mark.supported( @@ -1596,20 +1286,6 @@ class TestRSAEncryption(object): pad ) - def test_rsa_encrypt_invalid_backend(self, backend): - pretend_backend = object() - private_key = pytest.deprecated_call( - rsa.RSAPrivateKey.generate, 65537, 512, backend - ) - public_key = private_key.public_key() - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - public_key.encrypt( - b"irrelevant", - padding.PKCS1v15(), - pretend_backend - ) - def test_unsupported_padding(self, backend): private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() @@ -1775,7 +1451,7 @@ class TestRSANumbers(object): # Test a public_exponent that is not odd. with pytest.raises(ValueError): - rsa.RSAPublicNumbers(e=16, n=15).public_key(backend) + rsa.RSAPublicNumbers(e=14, n=15).public_key(backend) def test_invalid_private_numbers_argument_values(self, backend): # Start with p=3, q=11, private_exponent=3, public_exponent=7, |