aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/primitives/test_rsa.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/hazmat/primitives/test_rsa.py')
-rw-r--r--tests/hazmat/primitives/test_rsa.py529
1 files changed, 353 insertions, 176 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index be5e8bfc..ea72f916 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -28,6 +28,12 @@ from cryptography.exceptions import (
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from .fixtures_rsa import (
+ RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028,
+ RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031, RSA_KEY_1536, RSA_KEY_2048,
+ RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, RSA_KEY_745,
+ RSA_KEY_768,
+)
from .utils import (
_check_rsa_private_key, generate_rsa_verification_test
)
@@ -93,7 +99,7 @@ class TestRSA(object):
assert skey.key_size == key_size
assert skey.public_exponent == public_exponent
- def test_generate_bad_rsa_key(self, backend):
+ def test_generate_bad_public_exponent(self, backend):
with pytest.raises(ValueError):
rsa.RSAPrivateKey.generate(public_exponent=1,
key_size=2048,
@@ -376,6 +382,12 @@ def test_rsa_generate_invalid_backend():
@pytest.mark.rsa
class TestRSASignature(object):
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
@pytest.mark.parametrize(
"pkcs1_example",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -401,6 +413,15 @@ class TestRSASignature(object):
signature = signer.finalize()
assert binascii.hexlify(signature) == example["signature"]
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
@pytest.mark.parametrize(
"pkcs1_example",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -451,12 +472,17 @@ class TestRSASignature(object):
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_deprecated_pss_mgf1_salt_length(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
signer = private_key.signer(
pytest.deprecated_call(
padding.PSS,
@@ -493,15 +519,16 @@ class TestRSASignature(object):
[hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()]
)
def test_pss_signing_sha2(self, hash_alg, backend):
- if not backend.mgf1_hash_supported(hash_alg):
+ if not backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hash_alg),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ):
pytest.skip(
- "Does not support {0} with MGF1.".format(hash_alg.name)
+ "Does not support {0} in MGF1 using PSS.".format(hash_alg.name)
)
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=768,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_768)
public_key = private_key.public_key()
pss = padding.PSS(
mgf=padding.MGF1(hash_alg),
@@ -524,15 +551,19 @@ class TestRSASignature(object):
verifier.verify()
@pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA512()) and
+ backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ )
+ ),
skip_message="Does not support SHA512."
)
def test_pss_minimum_key_size_for_digest(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=522,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_522)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(hashes.SHA1()),
@@ -545,15 +576,20 @@ class TestRSASignature(object):
signer.finalize()
@pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
+ @pytest.mark.supported(
only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
skip_message="Does not support SHA512."
)
def test_pss_signing_digest_too_large_for_key_size(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with pytest.raises(ValueError):
private_key.signer(
padding.PSS(
@@ -564,12 +600,17 @@ class TestRSASignature(object):
backend
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_pss_signing_salt_length_too_long(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(hashes.SHA1()),
@@ -582,12 +623,14 @@ class TestRSASignature(object):
with pytest.raises(ValueError):
signer.finalize()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_use_after_finalize(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(b"sign me")
signer.finalize()
@@ -597,47 +640,43 @@ class TestRSASignature(object):
signer.update(b"more data")
def test_unsupported_padding(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.signer(DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with pytest.raises(TypeError):
private_key.signer("notpadding", hashes.SHA1(), backend)
def test_rsa_signer_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_2048)
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
private_key.signer(
padding.PKCS1v15(), hashes.SHA256, pretend_backend)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
+ ),
+ skip_message="Does not support PSS."
+ )
def test_unsupported_pss_mgf(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1(),
backend)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_pkcs1_digest_too_large_for_key_size(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=599,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_599)
signer = private_key.signer(
padding.PKCS1v15(),
hashes.SHA512(),
@@ -647,12 +686,14 @@ class TestRSASignature(object):
with pytest.raises(ValueError):
signer.finalize()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_pkcs1_minimum_key_size(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=745,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_745)
signer = private_key.signer(
padding.PKCS1v15(),
hashes.SHA512(),
@@ -664,6 +705,12 @@ class TestRSASignature(object):
@pytest.mark.rsa
class TestRSAVerification(object):
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
@pytest.mark.parametrize(
"pkcs1_example",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -687,12 +734,14 @@ class TestRSAVerification(object):
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_invalid_pkcs1v15_signature_wrong_data(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(b"sign me")
@@ -707,17 +756,15 @@ class TestRSAVerification(object):
with pytest.raises(InvalidSignature):
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_invalid_pkcs1v15_signature_wrong_key(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
- private_key2 = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
+ private_key2 = rsa.RSAPrivateKey(**RSA_KEY_512_ALT)
public_key = private_key2.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(b"sign me")
@@ -732,6 +779,15 @@ class TestRSAVerification(object):
with pytest.raises(InvalidSignature):
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=20
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
@pytest.mark.parametrize(
"pkcs1_example",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -758,6 +814,15 @@ class TestRSAVerification(object):
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_invalid_pss_signature_wrong_data(self, backend):
public_key = rsa.RSAPublicKey(
modulus=int(
@@ -784,6 +849,15 @@ class TestRSAVerification(object):
with pytest.raises(InvalidSignature):
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_invalid_pss_signature_wrong_key(self, backend):
signature = binascii.unhexlify(
b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826"
@@ -812,6 +886,15 @@ class TestRSAVerification(object):
with pytest.raises(InvalidSignature):
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_invalid_pss_signature_data_too_large_for_modulus(self, backend):
signature = binascii.unhexlify(
b"cb43bde4f7ab89eb4a79c6e8dd67e0d1af60715da64429d90c716a490b799c29"
@@ -840,12 +923,14 @@ class TestRSAVerification(object):
with pytest.raises(InvalidSignature):
verifier.verify()
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_use_after_finalize(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
signer.update(b"sign me")
@@ -865,21 +950,13 @@ class TestRSAVerification(object):
verifier.update(b"more data")
def test_unsupported_padding(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend)
def test_padding_incorrect_type(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
with pytest.raises(TypeError):
public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend)
@@ -893,27 +970,34 @@ class TestRSAVerification(object):
public_key.verifier(
b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
+ ),
+ skip_message="Does not support PSS."
+ )
def test_unsupported_pss_mgf(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()),
hashes.SHA1(), backend)
@pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
+ @pytest.mark.supported(
only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
skip_message="Does not support SHA512."
)
def test_pss_verify_digest_too_large_for_key_size(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
signature = binascii.unhexlify(
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
@@ -930,6 +1014,15 @@ class TestRSAVerification(object):
backend
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS."
+ )
def test_pss_verify_salt_length_too_long(self, backend):
signature = binascii.unhexlify(
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
@@ -962,8 +1055,13 @@ class TestRSAVerification(object):
@pytest.mark.rsa
class TestRSAPSSMGF1Verification(object):
test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
- skip_message="Does not support SHA1 with MGF1."
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS using MGF1 with SHA1."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -982,8 +1080,13 @@ class TestRSAPSSMGF1Verification(object):
))
test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
- skip_message="Does not support SHA224 with MGF1."
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA224()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS using MGF1 with SHA224."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1002,8 +1105,13 @@ class TestRSAPSSMGF1Verification(object):
))
test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
- skip_message="Does not support SHA256 with MGF1."
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS using MGF1 with SHA256."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1022,8 +1130,13 @@ class TestRSAPSSMGF1Verification(object):
))
test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
- skip_message="Does not support SHA384 with MGF1."
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA384()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS using MGF1 with SHA384."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1042,8 +1155,13 @@ class TestRSAPSSMGF1Verification(object):
))
test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
- only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
- skip_message="Does not support SHA512 with MGF1."
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA512()),
+ salt_length=padding.PSS.MAX_LENGTH
+ )
+ ),
+ skip_message="Does not support PSS using MGF1 with SHA512."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1065,8 +1183,11 @@ class TestRSAPSSMGF1Verification(object):
@pytest.mark.rsa
class TestRSAPKCS1Verification(object):
test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA1()),
- skip_message="Does not support SHA1."
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA1()) and
+ backend.rsa_padding_supported(padding.PKCS1v15())
+ ),
+ skip_message="Does not support SHA1 and PKCS1v1.5."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1080,8 +1201,11 @@ class TestRSAPKCS1Verification(object):
))
test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA224()),
- skip_message="Does not support SHA224."
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA224()) and
+ backend.rsa_padding_supported(padding.PKCS1v15())
+ ),
+ skip_message="Does not support SHA224 and PKCS1v1.5."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1095,8 +1219,11 @@ class TestRSAPKCS1Verification(object):
))
test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA256()),
- skip_message="Does not support SHA256."
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA256()) and
+ backend.rsa_padding_supported(padding.PKCS1v15())
+ ),
+ skip_message="Does not support SHA256 and PKCS1v1.5."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1110,8 +1237,11 @@ class TestRSAPKCS1Verification(object):
))
test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA384()),
- skip_message="Does not support SHA384."
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA384()) and
+ backend.rsa_padding_supported(padding.PKCS1v15())
+ ),
+ skip_message="Does not support SHA384 and PKCS1v1.5."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1125,8 +1255,11 @@ class TestRSAPKCS1Verification(object):
))
test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
- only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
- skip_message="Does not support SHA512."
+ only_if=lambda backend: (
+ backend.hash_supported(hashes.SHA512()) and
+ backend.rsa_padding_supported(padding.PKCS1v15())
+ ),
+ skip_message="Does not support SHA512 and PKCS1v1.5."
)(generate_rsa_verification_test(
load_rsa_nist_vectors,
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
@@ -1230,6 +1363,12 @@ class TestOAEP(object):
@pytest.mark.rsa
class TestRSADecryption(object):
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
@pytest.mark.parametrize(
"vector",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -1260,20 +1399,18 @@ class TestRSADecryption(object):
assert message == binascii.unhexlify(example["message"])
def test_unsupported_padding(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.decrypt(b"0" * 64, DummyPadding(), backend)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_decrypt_invalid_decrypt(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with pytest.raises(ValueError):
private_key.decrypt(
b"\x00" * 64,
@@ -1281,12 +1418,14 @@ class TestRSADecryption(object):
backend
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_decrypt_ciphertext_too_large(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with pytest.raises(ValueError):
private_key.decrypt(
b"\x00" * 65,
@@ -1294,12 +1433,14 @@ class TestRSADecryption(object):
backend
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
+ )
def test_decrypt_ciphertext_too_small(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
ct = binascii.unhexlify(
b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1"
b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0"
@@ -1322,6 +1463,16 @@ class TestRSADecryption(object):
pretend_backend
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=None
+ )
+ ),
+ skip_message="Does not support OAEP."
+ )
@pytest.mark.parametrize(
"vector",
_flatten_pkcs1_examples(load_vectors_from_file(
@@ -1354,11 +1505,7 @@ class TestRSADecryption(object):
assert message == binascii.unhexlify(example["message"])
def test_unsupported_oaep_mgf(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
private_key.decrypt(
b"0" * 64,
@@ -1373,26 +1520,66 @@ class TestRSADecryption(object):
@pytest.mark.rsa
class TestRSAEncryption(object):
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=None
+ )
+ ),
+ skip_message="Does not support OAEP."
+ )
@pytest.mark.parametrize(
- ("key_size", "pad"),
+ ("key_data", "pad"),
itertools.product(
- (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048),
- (
+ (RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027,
+ RSA_KEY_1028, RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031,
+ RSA_KEY_1536, RSA_KEY_2048),
+ [
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
- ),
- padding.PKCS1v15()
- )
+ )
+ ]
+ )
+ )
+ def test_rsa_encrypt_oaep(self, key_data, pad, backend):
+ private_key = rsa.RSAPrivateKey(**key_data)
+ pt = b"encrypt me!"
+ public_key = private_key.public_key()
+ ct = public_key.encrypt(
+ pt,
+ pad,
+ backend
)
+ assert ct != pt
+ assert len(ct) == math.ceil(public_key.key_size / 8.0)
+ recovered_pt = private_key.decrypt(
+ ct,
+ pad,
+ backend
+ )
+ assert recovered_pt == pt
+
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PKCS1v15()
+ ),
+ skip_message="Does not support PKCS1v1.5."
)
- def test_rsa_encrypt(self, key_size, pad, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=key_size,
- backend=backend
+ @pytest.mark.parametrize(
+ ("key_data", "pad"),
+ itertools.product(
+ (RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027,
+ RSA_KEY_1028, RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031,
+ RSA_KEY_1536, RSA_KEY_2048),
+ [padding.PKCS1v15()]
)
+ )
+ def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend):
+ private_key = rsa.RSAPrivateKey(**key_data)
pt = b"encrypt me!"
public_key = private_key.public_key()
ct = public_key.encrypt(
@@ -1410,9 +1597,11 @@ class TestRSAEncryption(object):
assert recovered_pt == pt
@pytest.mark.parametrize(
- ("key_size", "pad"),
+ ("key_data", "pad"),
itertools.product(
- (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048),
+ (RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027,
+ RSA_KEY_1028, RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031,
+ RSA_KEY_1536, RSA_KEY_2048),
(
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
@@ -1423,17 +1612,13 @@ class TestRSAEncryption(object):
)
)
)
- def test_rsa_encrypt_key_too_small(self, key_size, pad, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=key_size,
- backend=backend
- )
+ def test_rsa_encrypt_key_too_small(self, key_data, pad, backend):
+ private_key = rsa.RSAPrivateKey(**key_data)
public_key = private_key.public_key()
# Slightly smaller than the key size but not enough for padding.
with pytest.raises(ValueError):
public_key.encrypt(
- b"\x00" * (key_size // 8 - 1),
+ b"\x00" * (private_key.key_size // 8 - 1),
pad,
backend
)
@@ -1441,7 +1626,7 @@ class TestRSAEncryption(object):
# Larger than the key size.
with pytest.raises(ValueError):
public_key.encrypt(
- b"\x00" * (key_size // 8 + 5),
+ b"\x00" * (private_key.key_size // 8 + 5),
pad,
backend
)
@@ -1459,22 +1644,14 @@ class TestRSAEncryption(object):
)
def test_unsupported_padding(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
public_key.encrypt(b"somedata", DummyPadding(), backend)
def test_unsupported_oaep_mgf(self, backend):
- private_key = rsa.RSAPrivateKey.generate(
- public_exponent=65537,
- key_size=512,
- backend=backend
- )
+ private_key = rsa.RSAPrivateKey(**RSA_KEY_512)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-09 09:02:12 +0000