aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives/test_rsa.py
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2014-06-11 15:53:58 -0500
committerPaul Kehrer <paul.l.kehrer@gmail.com>2014-06-12 09:41:21 -0500
commit1bb60898e88abe4402c241ec7a2e6b5d7db03e6f (patch)
treeda9fa285533d57b1a636e5b8b7471dc2042cf045 /tests/hazmat/primitives/test_rsa.py
parentbad7f2e8ab2d93f84ed6b7f9566098dbfc430487 (diff)
downloadcryptography-1bb60898e88abe4402c241ec7a2e6b5d7db03e6f.tar.gz
cryptography-1bb60898e88abe4402c241ec7a2e6b5d7db03e6f.tar.bz2
cryptography-1bb60898e88abe4402c241ec7a2e6b5d7db03e6f.zip
simplify test_rsa changes
Diffstat (limited to 'tests/hazmat/primitives/test_rsa.py')
-rw-r--r--tests/hazmat/primitives/test_rsa.py810
1 files changed, 343 insertions, 467 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 4dd34c2b..6b65eba5 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -28,7 +28,7 @@ from cryptography.exceptions import (
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from cryptography.hazmat.primitives.serialization import (
- load_rsa_private_numbers, load_rsa_public_numbers
+ load_rsa_private_numbers
)
from .fixtures_rsa import (
@@ -98,9 +98,11 @@ class TestRSA(object):
)
def test_generate_rsa_keys(self, backend, public_exponent, key_size):
skey = rsa.generate_private_key(public_exponent, key_size, backend)
- assert skey
assert skey.key_size == key_size
+ if isinstance(skey, interfaces.RSAPrivateKeyWithNumbers):
+ _check_rsa_private_numbers(skey.private_numbers())
+
def test_generate_rsa_key_class_method(self, backend):
skey = rsa.RSAPrivateKey.generate(65537, 512, backend)
assert skey.key_size == 512
@@ -165,6 +167,218 @@ class TestRSA(object):
assert public_num.n == public_num2.n
assert public_num.e == public_num2.e
+ def test_invalid_private_key_argument_types(self):
+ with pytest.raises(TypeError):
+ rsa.RSAPrivateKey(None, None, None, None, None, None, None, None)
+
+ def test_invalid_public_key_argument_types(self):
+ with pytest.raises(TypeError):
+ rsa.RSAPublicKey(None, None)
+
+ def test_invalid_private_key_argument_values(self):
+ # Start with p=3, q=11, private_exponent=3, public_exponent=7,
+ # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at
+ # a time to test the bounds.
+
+ # Test a modulus < 3.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=2
+ )
+
+ # Test a modulus != p * q.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=35
+ )
+
+ # Test a p > modulus.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=37,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a q > modulus.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=37,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a dmp1 > modulus.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=35,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a dmq1 > modulus.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=35,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test an iqmp > modulus.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=35,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a private_exponent > modulus
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=37,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a public_exponent < 3
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=1,
+ modulus=33
+ )
+
+ # Test a public_exponent > modulus
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=65537,
+ modulus=33
+ )
+
+ # Test a public_exponent that is not odd.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=6,
+ modulus=33
+ )
+
+ # Test a dmp1 that is not odd.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=2,
+ dmq1=3,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ # Test a dmq1 that is not odd.
+ with pytest.raises(ValueError):
+ rsa.RSAPrivateKey(
+ p=3,
+ q=11,
+ private_exponent=3,
+ dmp1=1,
+ dmq1=4,
+ iqmp=2,
+ public_exponent=7,
+ modulus=33
+ )
+
+ def test_invalid_public_key_argument_values(self):
+ # Start with public_exponent=7, modulus=15. Then change one value at a
+ # time to test the bounds.
+
+ # Test a modulus < 3.
+ with pytest.raises(ValueError):
+ rsa.RSAPublicKey(public_exponent=7, modulus=2)
+
+ # Test a public_exponent < 3
+ with pytest.raises(ValueError):
+ rsa.RSAPublicKey(public_exponent=1, modulus=15)
+
+ # Test a public_exponent > modulus
+ with pytest.raises(ValueError):
+ rsa.RSAPublicKey(public_exponent=17, modulus=15)
+
+ # Test a public_exponent that is not odd.
+ with pytest.raises(ValueError):
+ rsa.RSAPublicKey(public_exponent=6, modulus=15)
+
+
+def test_rsa_generate_invalid_backend():
+ pretend_backend = object()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ rsa.generate_private_key(65537, 2048, pretend_backend)
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
+
@pytest.mark.rsa
class TestRSASignature(object):
@@ -184,20 +398,17 @@ class TestRSASignature(object):
)
def test_pkcs1v15_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_numbers = rsa.RSAPrivateNumbers(
+ private_key = rsa.RSAPrivateKey(
p=private["p"],
q=private["q"],
- d=private["private_exponent"],
+ private_exponent=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_numbers=rsa.RSAPublicNumbers(
- e=private["public_exponent"],
- n=private["modulus"]
- )
+ public_exponent=private["public_exponent"],
+ modulus=private["modulus"]
)
- private_key = load_rsa_private_numbers(private_numbers, backend)
- signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
+ signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(binascii.unhexlify(example["message"]))
signature = signer.finalize()
assert binascii.hexlify(signature) == example["signature"]
@@ -221,30 +432,27 @@ class TestRSASignature(object):
)
def test_pss_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_numbers = rsa.RSAPrivateNumbers(
+ private_key = rsa.RSAPrivateKey(
p=private["p"],
q=private["q"],
- d=private["private_exponent"],
+ private_exponent=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_numbers=rsa.RSAPublicNumbers(
- e=private["public_exponent"],
- n=private["modulus"]
- )
+ public_exponent=private["public_exponent"],
+ modulus=private["modulus"]
)
- public_numbers = rsa.RSAPublicNumbers(
- e=public["public_exponent"],
- n=public["modulus"]
+ public_key = rsa.RSAPublicKey(
+ public_exponent=public["public_exponent"],
+ modulus=public["modulus"]
)
- private_key = load_rsa_private_numbers(private_numbers, backend)
- public_key = load_rsa_public_numbers(public_numbers, backend)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
signer.update(binascii.unhexlify(example["message"]))
signature = signer.finalize()
@@ -258,7 +466,8 @@ class TestRSASignature(object):
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -426,6 +635,23 @@ class TestRSASignature(object):
with pytest.raises(TypeError):
private_key.signer("notpadding", hashes.SHA1())
+ def test_rsa_signer_invalid_backend(self, backend):
+ pretend_backend = object()
+ private_key = rsa.RSAPrivateKey(
+ p=RSA_KEY_512.p,
+ q=RSA_KEY_512.q,
+ private_exponent=RSA_KEY_512.d,
+ dmp1=RSA_KEY_512.dmp1,
+ dmq1=RSA_KEY_512.dmq1,
+ iqmp=RSA_KEY_512.iqmp,
+ public_exponent=RSA_KEY_512.public_numbers.e,
+ modulus=RSA_KEY_512.public_numbers.n
+ )
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ private_key.signer(
+ padding.PKCS1v15(), hashes.SHA256, pretend_backend)
+
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
@@ -461,7 +687,10 @@ class TestRSASignature(object):
)
def test_pkcs1_minimum_key_size(self, backend):
private_key = load_rsa_private_numbers(RSA_KEY_745, backend)
- signer = private_key.signer(padding.PKCS1v15(), hashes.SHA512())
+ signer = private_key.signer(
+ padding.PKCS1v15(),
+ hashes.SHA512()
+ )
signer.update(b"no failure")
signer.finalize()
@@ -484,15 +713,15 @@ class TestRSAVerification(object):
)
def test_pkcs1v15_verification(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- public_numbers = rsa.RSAPublicNumbers(
- e=public["public_exponent"],
- n=public["modulus"]
+ public_key = rsa.RSAPublicKey(
+ public_exponent=public["public_exponent"],
+ modulus=public["modulus"]
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
binascii.unhexlify(example["signature"]),
padding.PKCS1v15(),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -559,18 +788,18 @@ class TestRSAVerification(object):
)
def test_pss_verification(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- public_numbers = rsa.RSAPublicNumbers(
- e=public["public_exponent"],
- n=public["modulus"]
+ public_key = rsa.RSAPublicKey(
+ public_exponent=public["public_exponent"],
+ modulus=public["modulus"]
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
binascii.unhexlify(example["signature"]),
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=20
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -585,26 +814,26 @@ class TestRSAVerification(object):
skip_message="Does not support PSS."
)
def test_invalid_pss_signature_wrong_data(self, backend):
- public_numbers = rsa.RSAPublicNumbers(
- n=int(
+ public_key = rsa.RSAPublicKey(
+ modulus=int(
b"dffc2137d5e810cde9e4b4612f5796447218bab913b3fa98bdf7982e4fa6"
b"ec4d6653ef2b29fb1642b095befcbea6decc178fb4bed243d3c3592c6854"
b"6af2d3f3", 16
),
- e=65537
+ public_exponent=65537
)
signature = binascii.unhexlify(
b"0e68c3649df91c5bc3665f96e157efa75b71934aaa514d91e94ca8418d100f45"
b"6f05288e58525f99666bab052adcffdf7186eb40f583bd38d98c97d3d524808b"
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(b"incorrect data")
with pytest.raises(InvalidSignature):
@@ -624,24 +853,24 @@ class TestRSAVerification(object):
b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826"
b"f8a46c431e0d7be0ca3e453f8b2b009e2733764da7927cc6dbe7a021437a242e"
)
- public_numbers = rsa.RSAPublicNumbers(
- n=int(
+ public_key = rsa.RSAPublicKey(
+ modulus=int(
b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68"
b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8"
b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303"
b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4"
b"030d3581e13522e1", 16
),
- e=65537
+ public_exponent=65537
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -661,24 +890,24 @@ class TestRSAVerification(object):
b"cb43bde4f7ab89eb4a79c6e8dd67e0d1af60715da64429d90c716a490b799c29"
b"194cf8046509c6ed851052367a74e2e92d9b38947ed74332acb115a03fcc0222"
)
- public_numbers = rsa.RSAPublicNumbers(
- n=int(
+ public_key = rsa.RSAPublicKey(
+ modulus=int(
b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68"
b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8"
b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303"
b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4"
b"030d3581e13522", 16
),
- e=65537
+ public_exponent=65537
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -721,6 +950,15 @@ class TestRSAVerification(object):
with pytest.raises(TypeError):
public_key.verifier(b"sig", "notpadding", hashes.SHA1())
+ def test_rsa_verifier_invalid_backend(self, backend):
+ pretend_backend = object()
+ private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+ public_key = private_key.public_key()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ public_key.verifier(
+ b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
+
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
@@ -778,15 +1016,14 @@ class TestRSAVerification(object):
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
)
- public_numbers = rsa.RSAPublicNumbers(
- n=int(
+ public_key = rsa.RSAPublicKey(
+ modulus=int(
b"d309e4612809437548b747d7f9eb9cd3340f54fe42bb3f84a36933b0839c"
b"11b0c8b7f67e11f7252370161e31159c49c784d4bc41c42a78ce0f0b40a3"
b"ca8ffb91", 16
),
- e=65537
+ public_exponent=65537
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
verifier = public_key.verifier(
signature,
padding.PSS(
@@ -795,7 +1032,8 @@ class TestRSAVerification(object):
),
salt_length=1000000
),
- hashes.SHA1()
+ hashes.SHA1(),
+ backend
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -1129,22 +1367,23 @@ class TestRSADecryption(object):
)
def test_decrypt_pkcs1v15_vectors(self, vector, backend):
private, public, example = vector
- private_numbers = rsa.RSAPrivateNumbers(
+ skey = rsa.RSAPrivateKey(
p=private["p"],
q=private["q"],
- d=private["private_exponent"],
+ private_exponent=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_numbers=rsa.RSAPublicNumbers(
- e=private["public_exponent"],
- n=private["modulus"]
- )
+ public_exponent=private["public_exponent"],
+ modulus=private["modulus"]
)
- private = load_rsa_private_numbers(private_numbers, backend)
ciphertext = binascii.unhexlify(example["encryption"])
- assert len(ciphertext) == math.ceil(private.key_size / 8.0)
- message = private.decrypt(ciphertext, padding.PKCS1v15())
+ assert len(ciphertext) == math.ceil(skey.key_size / 8.0)
+ message = skey.decrypt(
+ ciphertext,
+ padding.PKCS1v15(),
+ backend
+ )
assert message == binascii.unhexlify(example["message"])
def test_unsupported_padding(self, backend):
@@ -1198,6 +1437,17 @@ class TestRSADecryption(object):
padding.PKCS1v15()
)
+ def test_rsa_decrypt_invalid_backend(self, backend):
+ pretend_backend = object()
+ private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ private_key.decrypt(
+ b"irrelevant",
+ padding.PKCS1v15(),
+ pretend_backend
+ )
+
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.OAEP(
@@ -1218,26 +1468,24 @@ class TestRSADecryption(object):
)
def test_decrypt_oaep_vectors(self, vector, backend):
private, public, example = vector
- private_numbers = rsa.RSAPrivateNumbers(
+ skey = rsa.RSAPrivateKey(
p=private["p"],
q=private["q"],
- d=private["private_exponent"],
+ private_exponent=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_numbers=rsa.RSAPublicNumbers(
- e=private["public_exponent"],
- n=private["modulus"]
- )
+ public_exponent=private["public_exponent"],
+ modulus=private["modulus"]
)
- skey = load_rsa_private_numbers(private_numbers, backend)
message = skey.decrypt(
binascii.unhexlify(example["encryption"]),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
- )
+ ),
+ backend
)
assert message == binascii.unhexlify(example["message"])
@@ -1282,13 +1530,22 @@ class TestRSAEncryption(object):
)
)
def test_rsa_encrypt_oaep(self, key_data, pad, backend):
- private_key = load_rsa_private_numbers(key_data, backend)
+ private_key = rsa.RSAPrivateKey(
+ p=key_data.p,
+ q=key_data.q,
+ private_exponent=key_data.d,
+ dmp1=key_data.dmp1,
+ dmq1=key_data.dmq1,
+ iqmp=key_data.iqmp,
+ public_exponent=key_data.public_numbers.e,
+ modulus=key_data.public_numbers.n
+ )
pt = b"encrypt me!"
public_key = private_key.public_key()
- ct = public_key.encrypt(pt, pad)
+ ct = public_key.encrypt(pt, pad, backend)
assert ct != pt
assert len(ct) == math.ceil(public_key.key_size / 8.0)
- recovered_pt = private_key.decrypt(ct, pad)
+ recovered_pt = private_key.decrypt(ct, pad, backend)
assert recovered_pt == pt
@pytest.mark.supported(
@@ -1349,6 +1606,18 @@ class TestRSAEncryption(object):
pad
)
+ def test_rsa_encrypt_invalid_backend(self, backend):
+ pretend_backend = object()
+ private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ public_key = private_key.public_key()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ public_key.encrypt(
+ b"irrelevant",
+ padding.PKCS1v15(),
+ pretend_backend
+ )
+
def test_unsupported_padding(self, backend):
private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
public_key = private_key.public_key()
@@ -1731,396 +2000,3 @@ class TestRSANumbers(object):
)
)
)
-
-
-@pytest.mark.rsa
-class TestDeprecatedRSA(object):
- def test_deprecated_invalid_private_key_argument_types(self):
- with pytest.raises(TypeError):
- rsa.RSAPrivateKey(None, None, None, None, None, None, None, None)
-
- def test_deprecated_invalid_public_key_argument_types(self):
- with pytest.raises(TypeError):
- rsa.RSAPublicKey(None, None)
-
- def test_deprecated_invalid_private_key_argument_values(self):
- # This can be removed when we finish deprecation for DeprecatedIn05
-
- # Start with p=3, q=11, private_exponent=3, public_exponent=7,
- # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at
- # a time to test the bounds.
-
- # Test a modulus < 3.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=2
- )
-
- # Test a modulus != p * q.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=35
- )
-
- # Test a p > modulus.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=37,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a q > modulus.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=37,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmp1 > modulus.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=35,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmq1 > modulus.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=35,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test an iqmp > modulus.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=35,
- public_exponent=7,
- modulus=33
- )
-
- # Test a private_exponent > modulus
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=37,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a public_exponent < 3
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=1,
- modulus=33
- )
-
- # Test a public_exponent > modulus
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=65537,
- modulus=33
- )
-
- # Test a public_exponent that is not odd.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=6,
- modulus=33
- )
-
- # Test a dmp1 that is not odd.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=2,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmq1 that is not odd.
- with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=4,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- def test_deprecated_invalid_public_key_argument_values(self):
- # This can be removed when we finish deprecation for DeprecatedIn05
-
- # Start with public_exponent=7, modulus=15. Then change one value at a
- # time to test the bounds.
-
- # Test a modulus < 3.
- with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=7, modulus=2)
-
- # Test a public_exponent < 3
- with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=1, modulus=15)
-
- # Test a public_exponent > modulus
- with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=17, modulus=15)
-
- # Test a public_exponent that is not odd.
- with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=6, modulus=15)
-
- def test_rsa_deprecated_generate_invalid_backend(self):
- # This can be removed when we finish deprecation for DeprecatedIn05
- pretend_backend = object()
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- rsa.generate_private_key(65537, 2048, pretend_backend)
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
-
- @pytest.mark.supported(
- only_if=lambda backend: backend.rsa_padding_supported(
- padding.PKCS1v15()
- ),
- skip_message="Does not support PKCS1v1.5."
- )
- @pytest.mark.parametrize(
- "pkcs1_example",
- _flatten_pkcs1_examples(load_vectors_from_file(
- os.path.join(
- "asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
- load_pkcs1_vectors
- ))
- )
- def test_deprecated_pkcs1v15_signing(self, pkcs1_example, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
-
- private, public, example = pkcs1_example
- private_key = rsa.RSAPrivateKey(
- p=private["p"],
- q=private["q"],
- private_exponent=private["private_exponent"],
- dmp1=private["dmp1"],
- dmq1=private["dmq1"],
- iqmp=private["iqmp"],
- public_exponent=private["public_exponent"],
- modulus=private["modulus"]
- )
- signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
- signer.update(binascii.unhexlify(example["message"]))
- signature = signer.finalize()
- assert binascii.hexlify(signature) == example["signature"]
-
- def test_rsa_deprecated_signer_invalid_backend(self, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
- pretend_backend = object()
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_2048.p,
- q=RSA_KEY_2048.q,
- private_exponent=RSA_KEY_2048.d,
- dmp1=RSA_KEY_2048.dmp1,
- dmq1=RSA_KEY_2048.dmq1,
- iqmp=RSA_KEY_2048.iqmp,
- public_exponent=RSA_KEY_2048.public_numbers.e,
- modulus=RSA_KEY_2048.public_numbers.n
- )
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- private_key.signer(
- padding.PKCS1v15(), hashes.SHA256, pretend_backend)
-
- def test_rsa_deprecated_verifier_invalid_backend(self, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
- pretend_backend = object()
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_2048.p,
- q=RSA_KEY_2048.q,
- private_exponent=RSA_KEY_2048.d,
- dmp1=RSA_KEY_2048.dmp1,
- dmq1=RSA_KEY_2048.dmq1,
- iqmp=RSA_KEY_2048.iqmp,
- public_exponent=RSA_KEY_2048.public_numbers.e,
- modulus=RSA_KEY_2048.public_numbers.n
- )
- public_key = private_key.public_key()
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- public_key.verifier(
- b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
-
- def test_rsa_decrypt_invalid_backend(self, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
- pretend_backend = object()
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_2048.p,
- q=RSA_KEY_2048.q,
- private_exponent=RSA_KEY_2048.d,
- dmp1=RSA_KEY_2048.dmp1,
- dmq1=RSA_KEY_2048.dmq1,
- iqmp=RSA_KEY_2048.iqmp,
- public_exponent=RSA_KEY_2048.public_numbers.e,
- modulus=RSA_KEY_2048.public_numbers.n
- )
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- private_key.decrypt(
- b"irrelevant",
- padding.PKCS1v15(),
- pretend_backend
- )
-
- @pytest.mark.supported(
- only_if=lambda backend: backend.rsa_padding_supported(
- padding.PKCS1v15()
- ),
- skip_message="Does not support PKCS1v1.5."
- )
- def test_deprecated_rsa_encrypt_pkcs1v15(self, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_1024.p,
- q=RSA_KEY_1024.q,
- private_exponent=RSA_KEY_1024.d,
- dmp1=RSA_KEY_1024.dmp1,
- dmq1=RSA_KEY_1024.dmq1,
- iqmp=RSA_KEY_1024.iqmp,
- public_exponent=RSA_KEY_1024.public_numbers.e,
- modulus=RSA_KEY_1024.public_numbers.n
- )
- pt = b"encrypt me!"
- public_key = private_key.public_key()
- pad = padding.PKCS1v15()
- ct = public_key.encrypt(pt, pad, backend)
- assert ct != pt
- assert len(ct) == math.ceil(public_key.key_size / 8.0)
- recovered_pt = private_key.decrypt(ct, pad, backend)
- assert recovered_pt == pt
-
- def test_rsa_deprecated_encrypt_invalid_backend(self, backend):
- # This can be removed when we finish deprecation for DeprecatedIn05
- pretend_backend = object()
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_2048.p,
- q=RSA_KEY_2048.q,
- private_exponent=RSA_KEY_2048.d,
- dmp1=RSA_KEY_2048.dmp1,
- dmq1=RSA_KEY_2048.dmq1,
- iqmp=RSA_KEY_2048.iqmp,
- public_exponent=RSA_KEY_2048.public_numbers.e,
- modulus=RSA_KEY_2048.public_numbers.n
- )
- public_key = private_key.public_key()
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- public_key.encrypt(
- b"irrelevant",
- padding.PKCS1v15(),
- pretend_backend
- )
-
- @pytest.mark.supported(
- only_if=lambda backend: backend.rsa_padding_supported(
- padding.OAEP(
- mgf=padding.MGF1(algorithm=hashes.SHA1()),
- algorithm=hashes.SHA1(),
- label=None
- )
- ),
- skip_message="Does not support OAEP."
- )
- def test_rsa_deprecated_decrypt_oaep(self, backend):
- private_key = rsa.RSAPrivateKey(
- p=RSA_KEY_2048.p,
- q=RSA_KEY_2048.q,
- private_exponent=RSA_KEY_2048.d,
- dmp1=RSA_KEY_2048.dmp1,
- dmq1=RSA_KEY_2048.dmq1,
- iqmp=RSA_KEY_2048.iqmp,
- public_exponent=RSA_KEY_2048.public_numbers.e,
- modulus=RSA_KEY_2048.public_numbers.n
- )
- pt = b"encrypt me!"
- public_key = private_key.public_key()
- pad = padding.OAEP(
- mgf=padding.MGF1(algorithm=hashes.SHA1()),
- algorithm=hashes.SHA1(),
- label=None
- )
- ct = public_key.encrypt(pt, pad, backend)
- assert ct != pt
- assert len(ct) == math.ceil(public_key.key_size / 8.0)
- recovered_pt = private_key.decrypt(ct, pad, backend)
- assert recovered_pt == pt
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 18:19:44 +0000