aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--tests/hazmat/backends/test_openssl.py8
-rw-r--r--tests/hazmat/primitives/test_rsa.py182
-rw-r--r--tests/hazmat/primitives/utils.py30
3 files changed, 158 insertions, 62 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 501ee0f6..5c6efbaf 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -40,6 +40,11 @@ class DummyCipher(object):
name = "dummy-cipher"
+@utils.register_interface(interfaces.HashAlgorithm)
+class DummyHash(object):
+ name = "dummy-hash"
+
+
class TestOpenSSL(object):
def test_backend_exists(self):
assert backend
@@ -162,6 +167,9 @@ class TestOpenSSL(object):
backend
)
+ def test_unsupported_mgf1_hash_algorithm(self):
+ assert backend.mgf1_hash_supported(DummyHash()) is False
+
# This test is not in the next class because to check if it's really
# default we don't want to run the setup_method before it
def test_osrandom_engine_is_default(self):
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 67b5b2e0..67189c24 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -27,7 +27,7 @@ from cryptography.exceptions import (
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
-from .utils import generate_rsa_pss_test
+from .utils import generate_rsa_verification_test
from ...utils import (
load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
)
@@ -748,89 +748,175 @@ class TestRSAVerification(object):
verifier.verify()
-@pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
- skip_message="Does not support SHA1 with MGF1."
-)
@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA1(object):
- test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test(
+class TestRSAPSSMGF1Verification(object):
+ test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
+ only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
+ skip_message="Does not support SHA1 with MGF1."
+ )(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
"SigGenPSS_186-2.rsp",
"SigGenPSS_186-3.rsp",
+ "SigVerPSS_186-3.rsp",
],
- hashes.SHA1()
- )
-
+ hashes.SHA1(),
+ lambda params, hash_alg: padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hash_alg,
+ salt_length=params["salt_length"]
+ )
+ )
+ ))
-@pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
- skip_message="Does not support SHA224 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA224(object):
- test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test(
+ test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
+ only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
+ skip_message="Does not support SHA224 with MGF1."
+ )(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
"SigGenPSS_186-2.rsp",
"SigGenPSS_186-3.rsp",
+ "SigVerPSS_186-3.rsp",
],
- hashes.SHA224()
- )
-
+ hashes.SHA224(),
+ lambda params, hash_alg: padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hash_alg,
+ salt_length=params["salt_length"]
+ )
+ )
+ ))
-@pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
- skip_message="Does not support SHA256 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA256(object):
- test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test(
+ test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
+ only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
+ skip_message="Does not support SHA256 with MGF1."
+ )(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
"SigGenPSS_186-2.rsp",
"SigGenPSS_186-3.rsp",
+ "SigVerPSS_186-3.rsp",
],
- hashes.SHA256()
- )
+ hashes.SHA256(),
+ lambda params, hash_alg: padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hash_alg,
+ salt_length=params["salt_length"]
+ )
+ )
+ ))
+ test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
+ only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
+ skip_message="Does not support SHA384 with MGF1."
+ )(generate_rsa_verification_test(
+ load_rsa_nist_vectors,
+ os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+ [
+ "SigGenPSS_186-2.rsp",
+ "SigGenPSS_186-3.rsp",
+ "SigVerPSS_186-3.rsp",
+ ],
+ hashes.SHA384(),
+ lambda params, hash_alg: padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hash_alg,
+ salt_length=params["salt_length"]
+ )
+ )
+ ))
-@pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
- skip_message="Does not support SHA384 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA384(object):
- test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test(
+ test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
+ only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
+ skip_message="Does not support SHA512 with MGF1."
+ )(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
"SigGenPSS_186-2.rsp",
"SigGenPSS_186-3.rsp",
+ "SigVerPSS_186-3.rsp",
],
- hashes.SHA384()
- )
+ hashes.SHA512(),
+ lambda params, hash_alg: padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hash_alg,
+ salt_length=params["salt_length"]
+ )
+ )
+ ))
-@pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
- skip_message="Does not support SHA512 with MGF1."
-)
@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA512(object):
- test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test(
+class TestRSAPKCS1Verification(object):
+ test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA1()),
+ skip_message="Does not support SHA1."
+ )(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
[
- "SigGenPSS_186-2.rsp",
- "SigGenPSS_186-3.rsp",
+ "SigVer15_186-3.rsp",
],
- hashes.SHA512()
- )
+ hashes.SHA1(),
+ lambda params, hash_alg: padding.PKCS1v15()
+ ))
+
+ test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA224()),
+ skip_message="Does not support SHA224."
+ )(generate_rsa_verification_test(
+ load_rsa_nist_vectors,
+ os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+ [
+ "SigVer15_186-3.rsp",
+ ],
+ hashes.SHA224(),
+ lambda params, hash_alg: padding.PKCS1v15()
+ ))
+
+ test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA256()),
+ skip_message="Does not support SHA256."
+ )(generate_rsa_verification_test(
+ load_rsa_nist_vectors,
+ os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+ [
+ "SigVer15_186-3.rsp",
+ ],
+ hashes.SHA256(),
+ lambda params, hash_alg: padding.PKCS1v15()
+ ))
+
+ test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA384()),
+ skip_message="Does not support SHA384."
+ )(generate_rsa_verification_test(
+ load_rsa_nist_vectors,
+ os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+ [
+ "SigVer15_186-3.rsp",
+ ],
+ hashes.SHA384(),
+ lambda params, hash_alg: padding.PKCS1v15()
+ ))
+
+ test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
+ skip_message="Does not support SHA512."
+ )(generate_rsa_verification_test(
+ load_rsa_nist_vectors,
+ os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+ [
+ "SigVer15_186-3.rsp",
+ ],
+ hashes.SHA512(),
+ lambda params, hash_alg: padding.PKCS1v15()
+ ))
class TestMGF1(object):
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index a29ef70e..2e838474 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -20,10 +20,11 @@ import os
import pytest
from cryptography.exceptions import (
- AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized
+ AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag,
+ NotYetFinalized
)
from cryptography.hazmat.primitives import hashes, hmac
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@@ -374,33 +375,34 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm):
return test_hkdf
-def generate_rsa_pss_test(param_loader, path, file_names, hash_alg):
+def generate_rsa_verification_test(param_loader, path, file_names, hash_alg,
+ pad_factory):
all_params = _load_all_params(path, file_names, param_loader)
all_params = [i for i in all_params
if i["algorithm"] == hash_alg.name.upper()]
@pytest.mark.parametrize("params", all_params)
- def test_rsa_pss(self, backend, params):
- rsa_pss_test(backend, params, hash_alg)
+ def test_rsa_verification(self, backend, params):
+ rsa_verification_test(backend, params, hash_alg, pad_factory)
- return test_rsa_pss
+ return test_rsa_verification
-def rsa_pss_test(backend, params, hash_alg):
+def rsa_verification_test(backend, params, hash_alg, pad_factory):
public_key = rsa.RSAPublicKey(
public_exponent=params["public_exponent"],
modulus=params["modulus"]
)
+ pad = pad_factory(params, hash_alg)
verifier = public_key.verifier(
binascii.unhexlify(params["s"]),
- padding.PSS(
- mgf=padding.MGF1(
- algorithm=hash_alg,
- salt_length=params["salt_length"]
- )
- ),
+ pad,
hash_alg,
backend
)
verifier.update(binascii.unhexlify(params["msg"]))
- verifier.verify()
+ if params["fail"]:
+ with pytest.raises(InvalidSignature):
+ verifier.verify()
+ else:
+ verifier.verify()
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 09:03:56 +0000