diff options
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 117 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 32 |
2 files changed, 127 insertions, 22 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 67b5b2e0..ae0b4538 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,7 +27,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_pss_test +from .utils import generate_rsa_signature_test from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -754,14 +754,16 @@ class TestRSAVerification(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha1 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA1() + hashes.SHA1(), + padding.PSS ) @@ -771,14 +773,16 @@ class TestRSAPSSMGF1VerificationSHA1(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha224 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA224() + hashes.SHA224(), + padding.PSS ) @@ -788,14 +792,16 @@ class TestRSAPSSMGF1VerificationSHA224(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha256 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA256() + hashes.SHA256(), + padding.PSS ) @@ -805,14 +811,16 @@ class TestRSAPSSMGF1VerificationSHA256(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha384 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA384() + hashes.SHA384(), + padding.PSS ) @@ -822,14 +830,101 @@ class TestRSAPSSMGF1VerificationSHA384(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha512 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA512() + hashes.SHA512(), + padding.PSS + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA1(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA224Verification(object): + test_rsa_pkcs1v15_verify_sha224 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA224(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA256Verification(object): + test_rsa_pkcs1v15_verify_sha256 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA256(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA384Verification(object): + test_rsa_pkcs1v15_verify_sha384 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA384(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA512Verification(object): + test_rsa_pkcs1v15_verify_sha512 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA512(), + padding.PKCS1v15 ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index a29ef70e..5db9a193 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -20,7 +20,8 @@ import os import pytest from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized + AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag, + NotYetFinalized ) from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -374,33 +375,42 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf -def generate_rsa_pss_test(param_loader, path, file_names, hash_alg): +def generate_rsa_signature_test(param_loader, path, file_names, hash_alg, + pad_cls): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) - def test_rsa_pss(self, backend, params): - rsa_pss_test(backend, params, hash_alg) + def test_rsa_signature(self, backend, params): + rsa_signature_test(backend, params, hash_alg, pad_cls) - return test_rsa_pss + return test_rsa_signature -def rsa_pss_test(backend, params, hash_alg): +def rsa_signature_test(backend, params, hash_alg, pad_cls): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] ) - verifier = public_key.verifier( - binascii.unhexlify(params["s"]), - padding.PSS( + if pad_cls is padding.PKCS1v15: + pad = padding.PKCS1v15() + else: + pad = padding.PSS( mgf=padding.MGF1( algorithm=hash_alg, salt_length=params["salt_length"] ) - ), + ) + verifier = public_key.verifier( + binascii.unhexlify(params["s"]), + pad, hash_alg, backend ) verifier.update(binascii.unhexlify(params["msg"])) - verifier.verify() + if params["fail"]: + with pytest.raises(InvalidSignature): + verifier.verify() + else: + verifier.verify() |