diff options
Diffstat (limited to 'tests/hazmat/primitives/test_rsa.py')
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 946 |
1 files changed, 516 insertions, 430 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 8f10fb10..4dd34c2b 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -28,7 +28,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.primitives.serialization import ( - load_rsa_private_numbers + load_rsa_private_numbers, load_rsa_public_numbers ) from .fixtures_rsa import ( @@ -38,7 +38,7 @@ from .fixtures_rsa import ( RSA_KEY_768, ) from .utils import ( - _check_rsa_private_key, generate_rsa_verification_test + _check_rsa_private_numbers, generate_rsa_verification_test ) from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file, @@ -98,13 +98,11 @@ class TestRSA(object): ) def test_generate_rsa_keys(self, backend, public_exponent, key_size): skey = rsa.generate_private_key(public_exponent, key_size, backend) - _check_rsa_private_key(skey) + assert skey assert skey.key_size == key_size - assert skey.public_exponent == public_exponent def test_generate_rsa_key_class_method(self, backend): skey = rsa.RSAPrivateKey.generate(65537, 512, backend) - _check_rsa_private_key(skey) assert skey.key_size == 512 assert skey.public_exponent == 65537 @@ -141,255 +139,31 @@ class TestRSA(object): def test_load_pss_vect_example_keys(self, pkcs1_example): secret, public = pkcs1_example - skey = rsa.RSAPrivateKey( + private_num = rsa.RSAPrivateNumbers( p=secret["p"], q=secret["q"], - private_exponent=secret["private_exponent"], + d=secret["private_exponent"], dmp1=secret["dmp1"], dmq1=secret["dmq1"], iqmp=secret["iqmp"], - public_exponent=secret["public_exponent"], - modulus=secret["modulus"] + public_numbers=rsa.RSAPublicNumbers( + e=secret["public_exponent"], + n=secret["modulus"] + ) ) - assert skey - _check_rsa_private_key(skey) + _check_rsa_private_numbers(private_num) - pkey = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] + public_num = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] ) - assert pkey - - pkey2 = skey.public_key() - assert pkey2 - - assert skey.modulus == pkey.modulus - assert skey.modulus == skey.n - assert skey.public_exponent == pkey.public_exponent - assert skey.public_exponent == skey.e - assert skey.private_exponent == skey.d - - assert pkey.modulus - assert pkey.modulus == pkey2.modulus - assert pkey.modulus == pkey.n - assert pkey.public_exponent == pkey2.public_exponent - assert pkey.public_exponent == pkey.e - - assert skey.key_size - assert skey.key_size == pkey.key_size - assert skey.key_size == pkey2.key_size - - def test_invalid_private_key_argument_types(self): - with pytest.raises(TypeError): - rsa.RSAPrivateKey(None, None, None, None, None, None, None, None) - - def test_invalid_public_key_argument_types(self): - with pytest.raises(TypeError): - rsa.RSAPublicKey(None, None) - - def test_invalid_private_key_argument_values(self): - # Start with p=3, q=11, private_exponent=3, public_exponent=7, - # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at - # a time to test the bounds. - - # Test a modulus < 3. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=2 - ) - - # Test a modulus != p * q. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=35 - ) - - # Test a p > modulus. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=37, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a q > modulus. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=37, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmp1 > modulus. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=35, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmq1 > modulus. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=35, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test an iqmp > modulus. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=35, - public_exponent=7, - modulus=33 - ) - - # Test a private_exponent > modulus - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=37, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a public_exponent < 3 - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=1, - modulus=33 - ) - - # Test a public_exponent > modulus - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=65537, - modulus=33 - ) - - # Test a public_exponent that is not odd. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=3, - iqmp=2, - public_exponent=6, - modulus=33 - ) - - # Test a dmp1 that is not odd. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=2, - dmq1=3, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - # Test a dmq1 that is not odd. - with pytest.raises(ValueError): - rsa.RSAPrivateKey( - p=3, - q=11, - private_exponent=3, - dmp1=1, - dmq1=4, - iqmp=2, - public_exponent=7, - modulus=33 - ) - - def test_invalid_public_key_argument_values(self): - # Start with public_exponent=7, modulus=15. Then change one value at a - # time to test the bounds. - - # Test a modulus < 3. - with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=7, modulus=2) + assert public_num - # Test a public_exponent < 3 - with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=1, modulus=15) + public_num2 = private_num.public_numbers + assert public_num2 - # Test a public_exponent > modulus - with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=17, modulus=15) - - # Test a public_exponent that is not odd. - with pytest.raises(ValueError): - rsa.RSAPublicKey(public_exponent=6, modulus=15) - - -def test_rsa_generate_invalid_backend(): - pretend_backend = object() - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - rsa.generate_private_key(65537, 2048, pretend_backend) - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + assert public_num.n == public_num2.n + assert public_num.e == public_num2.e @pytest.mark.rsa @@ -410,17 +184,20 @@ class TestRSASignature(object): ) def test_pkcs1v15_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = rsa.RSAPrivateKey( + private_numbers = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) ) - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + private_key = load_rsa_private_numbers(private_numbers, backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(binascii.unhexlify(example["message"])) signature = signer.finalize() assert binascii.hexlify(signature) == example["signature"] @@ -444,27 +221,30 @@ class TestRSASignature(object): ) def test_pss_signing(self, pkcs1_example, backend): private, public, example = pkcs1_example - private_key = rsa.RSAPrivateKey( + private_numbers = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) ) - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] + public_numbers = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] ) + private_key = load_rsa_private_numbers(private_numbers, backend) + public_key = load_rsa_public_numbers(public_numbers, backend) signer = private_key.signer( padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) signer.update(binascii.unhexlify(example["message"])) signature = signer.finalize() @@ -478,8 +258,7 @@ class TestRSASignature(object): mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -504,8 +283,7 @@ class TestRSASignature(object): salt_length=padding.MGF1.MAX_LENGTH ) ), - hashes.SHA1(), - backend + hashes.SHA1() ) signer.update(b"so deprecated") signature = signer.finalize() @@ -520,8 +298,7 @@ class TestRSASignature(object): salt_length=padding.MGF1.MAX_LENGTH ) ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"so deprecated") verifier.verify() @@ -546,19 +323,10 @@ class TestRSASignature(object): mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH ) - signer = private_key.signer( - pss, - hash_alg, - backend - ) + signer = private_key.signer(pss, hash_alg) signer.update(b"testing signature") signature = signer.finalize() - verifier = public_key.verifier( - signature, - pss, - hash_alg, - backend - ) + verifier = public_key.verifier(signature, pss, hash_alg) verifier.update(b"testing signature") verifier.verify() @@ -581,8 +349,7 @@ class TestRSASignature(object): mgf=padding.MGF1(hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA512(), - backend + hashes.SHA512() ) signer.update(b"no failure") signer.finalize() @@ -608,8 +375,7 @@ class TestRSASignature(object): mgf=padding.MGF1(hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA512(), - backend + hashes.SHA512() ) @pytest.mark.supported( @@ -628,8 +394,7 @@ class TestRSASignature(object): mgf=padding.MGF1(hashes.SHA1()), salt_length=1000000 ), - hashes.SHA1(), - backend + hashes.SHA1() ) signer.update(b"failure coming") with pytest.raises(ValueError): @@ -643,7 +408,7 @@ class TestRSASignature(object): ) def test_use_after_finalize(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") signer.finalize() with pytest.raises(AlreadyFinalized): @@ -654,20 +419,12 @@ class TestRSASignature(object): def test_unsupported_padding(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.signer(DummyPadding(), hashes.SHA1(), backend) + private_key.signer(DummyPadding(), hashes.SHA1()) def test_padding_incorrect_type(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) with pytest.raises(TypeError): - private_key.signer("notpadding", hashes.SHA1(), backend) - - def test_rsa_signer_invalid_backend(self, backend): - pretend_backend = object() - private_key = load_rsa_private_numbers(RSA_KEY_2048, backend) - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - private_key.signer( - padding.PKCS1v15(), hashes.SHA256, pretend_backend) + private_key.signer("notpadding", hashes.SHA1()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -678,8 +435,7 @@ class TestRSASignature(object): def test_unsupported_pss_mgf(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): - private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1(), - backend) + private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -691,8 +447,7 @@ class TestRSASignature(object): private_key = load_rsa_private_numbers(RSA_KEY_599, backend) signer = private_key.signer( padding.PKCS1v15(), - hashes.SHA512(), - backend + hashes.SHA512() ) signer.update(b"failure coming") with pytest.raises(ValueError): @@ -706,11 +461,7 @@ class TestRSASignature(object): ) def test_pkcs1_minimum_key_size(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_745, backend) - signer = private_key.signer( - padding.PKCS1v15(), - hashes.SHA512(), - backend - ) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA512()) signer.update(b"no failure") signer.finalize() @@ -733,15 +484,15 @@ class TestRSAVerification(object): ) def test_pkcs1v15_verification(self, pkcs1_example, backend): private, public, example = pkcs1_example - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] + public_numbers = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), padding.PKCS1v15(), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -755,14 +506,13 @@ class TestRSAVerification(object): def test_invalid_pkcs1v15_signature_wrong_data(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) public_key = private_key.public_key() - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, padding.PKCS1v15(), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"incorrect data") with pytest.raises(InvalidSignature): @@ -778,14 +528,13 @@ class TestRSAVerification(object): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) private_key2 = load_rsa_private_numbers(RSA_KEY_512_ALT, backend) public_key = private_key2.public_key() - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, padding.PKCS1v15(), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -810,18 +559,18 @@ class TestRSAVerification(object): ) def test_pss_verification(self, pkcs1_example, backend): private, public, example = pkcs1_example - public_key = rsa.RSAPublicKey( - public_exponent=public["public_exponent"], - modulus=public["modulus"] + public_numbers = rsa.RSAPublicNumbers( + e=public["public_exponent"], + n=public["modulus"] ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=20 ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(binascii.unhexlify(example["message"])) verifier.verify() @@ -836,26 +585,26 @@ class TestRSAVerification(object): skip_message="Does not support PSS." ) def test_invalid_pss_signature_wrong_data(self, backend): - public_key = rsa.RSAPublicKey( - modulus=int( + public_numbers = rsa.RSAPublicNumbers( + n=int( b"dffc2137d5e810cde9e4b4612f5796447218bab913b3fa98bdf7982e4fa6" b"ec4d6653ef2b29fb1642b095befcbea6decc178fb4bed243d3c3592c6854" b"6af2d3f3", 16 ), - public_exponent=65537 + e=65537 ) signature = binascii.unhexlify( b"0e68c3649df91c5bc3665f96e157efa75b71934aaa514d91e94ca8418d100f45" b"6f05288e58525f99666bab052adcffdf7186eb40f583bd38d98c97d3d524808b" ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( signature, padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"incorrect data") with pytest.raises(InvalidSignature): @@ -875,24 +624,24 @@ class TestRSAVerification(object): b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826" b"f8a46c431e0d7be0ca3e453f8b2b009e2733764da7927cc6dbe7a021437a242e" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_numbers = rsa.RSAPublicNumbers( + n=int( b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68" b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8" b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303" b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4" b"030d3581e13522e1", 16 ), - public_exponent=65537 + e=65537 ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( signature, padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -912,24 +661,24 @@ class TestRSAVerification(object): b"cb43bde4f7ab89eb4a79c6e8dd67e0d1af60715da64429d90c716a490b799c29" b"194cf8046509c6ed851052367a74e2e92d9b38947ed74332acb115a03fcc0222" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_numbers = rsa.RSAPublicNumbers( + n=int( b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68" b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8" b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303" b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4" b"030d3581e13522", 16 ), - public_exponent=65537 + e=65537 ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( signature, padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -944,15 +693,14 @@ class TestRSAVerification(object): def test_use_after_finalize(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) public_key = private_key.public_key() - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, padding.PKCS1v15(), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") verifier.verify() @@ -965,22 +713,13 @@ class TestRSAVerification(object): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) + public_key.verifier(b"sig", DummyPadding(), hashes.SHA1()) def test_padding_incorrect_type(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) public_key = private_key.public_key() with pytest.raises(TypeError): - public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend) - - def test_rsa_verifier_invalid_backend(self, backend): - pretend_backend = object() - private_key = rsa.generate_private_key(65537, 2048, backend) - public_key = private_key.public_key() - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - public_key.verifier( - b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) + public_key.verifier(b"sig", "notpadding", hashes.SHA1()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -993,7 +732,7 @@ class TestRSAVerification(object): public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()), - hashes.SHA1(), backend) + hashes.SHA1()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -1022,8 +761,7 @@ class TestRSAVerification(object): mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=padding.PSS.MAX_LENGTH ), - hashes.SHA512(), - backend + hashes.SHA512() ) @pytest.mark.supported( @@ -1040,14 +778,15 @@ class TestRSAVerification(object): b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8" b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd" ) - public_key = rsa.RSAPublicKey( - modulus=int( + public_numbers = rsa.RSAPublicNumbers( + n=int( b"d309e4612809437548b747d7f9eb9cd3340f54fe42bb3f84a36933b0839c" b"11b0c8b7f67e11f7252370161e31159c49c784d4bc41c42a78ce0f0b40a3" b"ca8ffb91", 16 ), - public_exponent=65537 + e=65537 ) + public_key = load_rsa_public_numbers(public_numbers, backend) verifier = public_key.verifier( signature, padding.PSS( @@ -1056,8 +795,7 @@ class TestRSAVerification(object): ), salt_length=1000000 ), - hashes.SHA1(), - backend + hashes.SHA1() ) verifier.update(b"sign me") with pytest.raises(InvalidSignature): @@ -1391,29 +1129,28 @@ class TestRSADecryption(object): ) def test_decrypt_pkcs1v15_vectors(self, vector, backend): private, public, example = vector - skey = rsa.RSAPrivateKey( + private_numbers = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) ) + private = load_rsa_private_numbers(private_numbers, backend) ciphertext = binascii.unhexlify(example["encryption"]) - assert len(ciphertext) == math.ceil(skey.key_size / 8.0) - message = skey.decrypt( - ciphertext, - padding.PKCS1v15(), - backend - ) + assert len(ciphertext) == math.ceil(private.key_size / 8.0) + message = private.decrypt(ciphertext, padding.PKCS1v15()) assert message == binascii.unhexlify(example["message"]) def test_unsupported_padding(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt(b"0" * 64, DummyPadding(), backend) + private_key.decrypt(b"0" * 64, DummyPadding()) @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( @@ -1426,8 +1163,7 @@ class TestRSADecryption(object): with pytest.raises(ValueError): private_key.decrypt( b"\x00" * 64, - padding.PKCS1v15(), - backend + padding.PKCS1v15() ) @pytest.mark.supported( @@ -1441,8 +1177,7 @@ class TestRSADecryption(object): with pytest.raises(ValueError): private_key.decrypt( b"\x00" * 65, - padding.PKCS1v15(), - backend + padding.PKCS1v15() ) @pytest.mark.supported( @@ -1460,19 +1195,7 @@ class TestRSADecryption(object): with pytest.raises(ValueError): private_key.decrypt( ct, - padding.PKCS1v15(), - backend - ) - - def test_rsa_decrypt_invalid_backend(self, backend): - pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - private_key.decrypt( - b"irrelevant", - padding.PKCS1v15(), - pretend_backend + padding.PKCS1v15() ) @pytest.mark.supported( @@ -1495,24 +1218,26 @@ class TestRSADecryption(object): ) def test_decrypt_oaep_vectors(self, vector, backend): private, public, example = vector - skey = rsa.RSAPrivateKey( + private_numbers = rsa.RSAPrivateNumbers( p=private["p"], q=private["q"], - private_exponent=private["private_exponent"], + d=private["private_exponent"], dmp1=private["dmp1"], dmq1=private["dmq1"], iqmp=private["iqmp"], - public_exponent=private["public_exponent"], - modulus=private["modulus"] + public_numbers=rsa.RSAPublicNumbers( + e=private["public_exponent"], + n=private["modulus"] + ) ) + skey = load_rsa_private_numbers(private_numbers, backend) message = skey.decrypt( binascii.unhexlify(example["encryption"]), padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None - ), - backend + ) ) assert message == binascii.unhexlify(example["message"]) @@ -1525,8 +1250,7 @@ class TestRSADecryption(object): mgf=DummyMGF(), algorithm=hashes.SHA1(), label=None - ), - backend + ) ) @@ -1561,18 +1285,10 @@ class TestRSAEncryption(object): private_key = load_rsa_private_numbers(key_data, backend) pt = b"encrypt me!" public_key = private_key.public_key() - ct = public_key.encrypt( - pt, - pad, - backend - ) + ct = public_key.encrypt(pt, pad) assert ct != pt assert len(ct) == math.ceil(public_key.key_size / 8.0) - recovered_pt = private_key.decrypt( - ct, - pad, - backend - ) + recovered_pt = private_key.decrypt(ct, pad) assert recovered_pt == pt @pytest.mark.supported( @@ -1594,18 +1310,10 @@ class TestRSAEncryption(object): private_key = load_rsa_private_numbers(key_data, backend) pt = b"encrypt me!" public_key = private_key.public_key() - ct = public_key.encrypt( - pt, - pad, - backend - ) + ct = public_key.encrypt(pt, pad) assert ct != pt assert len(ct) == math.ceil(public_key.key_size / 8.0) - recovered_pt = private_key.decrypt( - ct, - pad, - backend - ) + recovered_pt = private_key.decrypt(ct, pad) assert recovered_pt == pt @pytest.mark.parametrize( @@ -1631,28 +1339,14 @@ class TestRSAEncryption(object): with pytest.raises(ValueError): public_key.encrypt( b"\x00" * (private_key.key_size // 8 - 1), - pad, - backend + pad ) # Larger than the key size. with pytest.raises(ValueError): public_key.encrypt( b"\x00" * (private_key.key_size // 8 + 5), - pad, - backend - ) - - def test_rsa_encrypt_invalid_backend(self, backend): - pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) - public_key = private_key.public_key() - - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - public_key.encrypt( - b"irrelevant", - padding.PKCS1v15(), - pretend_backend + pad ) def test_unsupported_padding(self, backend): @@ -1660,7 +1354,7 @@ class TestRSAEncryption(object): public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - public_key.encrypt(b"somedata", DummyPadding(), backend) + public_key.encrypt(b"somedata", DummyPadding()) def test_unsupported_oaep_mgf(self, backend): private_key = load_rsa_private_numbers(RSA_KEY_512, backend) @@ -1673,8 +1367,7 @@ class TestRSAEncryption(object): mgf=DummyMGF(), algorithm=hashes.SHA1(), label=None - ), - backend + ) ) @@ -1682,7 +1375,7 @@ class TestRSAEncryption(object): class TestRSANumbers(object): def test_rsa_public_numbers(self): public_numbers = rsa.RSAPublicNumbers(e=1, n=15) - assert public_numbers.e == 1 + assert public_numbers.e == 3 assert public_numbers.n == 15 def test_rsa_private_numbers(self): @@ -2038,3 +1731,396 @@ class TestRSANumbers(object): ) ) ) + + +@pytest.mark.rsa +class TestDeprecatedRSA(object): + def test_deprecated_invalid_private_key_argument_types(self): + with pytest.raises(TypeError): + rsa.RSAPrivateKey(None, None, None, None, None, None, None, None) + + def test_deprecated_invalid_public_key_argument_types(self): + with pytest.raises(TypeError): + rsa.RSAPublicKey(None, None) + + def test_deprecated_invalid_private_key_argument_values(self): + # This can be removed when we finish deprecation for DeprecatedIn05 + + # Start with p=3, q=11, private_exponent=3, public_exponent=7, + # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at + # a time to test the bounds. + + # Test a modulus < 3. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=2 + ) + + # Test a modulus != p * q. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=35 + ) + + # Test a p > modulus. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=37, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test a q > modulus. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=37, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test a dmp1 > modulus. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=35, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test a dmq1 > modulus. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=35, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test an iqmp > modulus. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=35, + public_exponent=7, + modulus=33 + ) + + # Test a private_exponent > modulus + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=37, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test a public_exponent < 3 + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=1, + modulus=33 + ) + + # Test a public_exponent > modulus + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=65537, + modulus=33 + ) + + # Test a public_exponent that is not odd. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=3, + iqmp=2, + public_exponent=6, + modulus=33 + ) + + # Test a dmp1 that is not odd. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=2, + dmq1=3, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + # Test a dmq1 that is not odd. + with pytest.raises(ValueError): + rsa.RSAPrivateKey( + p=3, + q=11, + private_exponent=3, + dmp1=1, + dmq1=4, + iqmp=2, + public_exponent=7, + modulus=33 + ) + + def test_deprecated_invalid_public_key_argument_values(self): + # This can be removed when we finish deprecation for DeprecatedIn05 + + # Start with public_exponent=7, modulus=15. Then change one value at a + # time to test the bounds. + + # Test a modulus < 3. + with pytest.raises(ValueError): + rsa.RSAPublicKey(public_exponent=7, modulus=2) + + # Test a public_exponent < 3 + with pytest.raises(ValueError): + rsa.RSAPublicKey(public_exponent=1, modulus=15) + + # Test a public_exponent > modulus + with pytest.raises(ValueError): + rsa.RSAPublicKey(public_exponent=17, modulus=15) + + # Test a public_exponent that is not odd. + with pytest.raises(ValueError): + rsa.RSAPublicKey(public_exponent=6, modulus=15) + + def test_rsa_deprecated_generate_invalid_backend(self): + # This can be removed when we finish deprecation for DeprecatedIn05 + pretend_backend = object() + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + rsa.generate_private_key(65537, 2048, pretend_backend) + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5." + ) + @pytest.mark.parametrize( + "pkcs1_example", + _flatten_pkcs1_examples(load_vectors_from_file( + os.path.join( + "asymmetric", "RSA", "pkcs1v15sign-vectors.txt"), + load_pkcs1_vectors + )) + ) + def test_deprecated_pkcs1v15_signing(self, pkcs1_example, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + + private, public, example = pkcs1_example + private_key = rsa.RSAPrivateKey( + p=private["p"], + q=private["q"], + private_exponent=private["private_exponent"], + dmp1=private["dmp1"], + dmq1=private["dmq1"], + iqmp=private["iqmp"], + public_exponent=private["public_exponent"], + modulus=private["modulus"] + ) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) + signer.update(binascii.unhexlify(example["message"])) + signature = signer.finalize() + assert binascii.hexlify(signature) == example["signature"] + + def test_rsa_deprecated_signer_invalid_backend(self, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + pretend_backend = object() + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_2048.p, + q=RSA_KEY_2048.q, + private_exponent=RSA_KEY_2048.d, + dmp1=RSA_KEY_2048.dmp1, + dmq1=RSA_KEY_2048.dmq1, + iqmp=RSA_KEY_2048.iqmp, + public_exponent=RSA_KEY_2048.public_numbers.e, + modulus=RSA_KEY_2048.public_numbers.n + ) + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + private_key.signer( + padding.PKCS1v15(), hashes.SHA256, pretend_backend) + + def test_rsa_deprecated_verifier_invalid_backend(self, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + pretend_backend = object() + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_2048.p, + q=RSA_KEY_2048.q, + private_exponent=RSA_KEY_2048.d, + dmp1=RSA_KEY_2048.dmp1, + dmq1=RSA_KEY_2048.dmq1, + iqmp=RSA_KEY_2048.iqmp, + public_exponent=RSA_KEY_2048.public_numbers.e, + modulus=RSA_KEY_2048.public_numbers.n + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + public_key.verifier( + b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend) + + def test_rsa_decrypt_invalid_backend(self, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + pretend_backend = object() + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_2048.p, + q=RSA_KEY_2048.q, + private_exponent=RSA_KEY_2048.d, + dmp1=RSA_KEY_2048.dmp1, + dmq1=RSA_KEY_2048.dmq1, + iqmp=RSA_KEY_2048.iqmp, + public_exponent=RSA_KEY_2048.public_numbers.e, + modulus=RSA_KEY_2048.public_numbers.n + ) + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + private_key.decrypt( + b"irrelevant", + padding.PKCS1v15(), + pretend_backend + ) + + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5." + ) + def test_deprecated_rsa_encrypt_pkcs1v15(self, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_1024.p, + q=RSA_KEY_1024.q, + private_exponent=RSA_KEY_1024.d, + dmp1=RSA_KEY_1024.dmp1, + dmq1=RSA_KEY_1024.dmq1, + iqmp=RSA_KEY_1024.iqmp, + public_exponent=RSA_KEY_1024.public_numbers.e, + modulus=RSA_KEY_1024.public_numbers.n + ) + pt = b"encrypt me!" + public_key = private_key.public_key() + pad = padding.PKCS1v15() + ct = public_key.encrypt(pt, pad, backend) + assert ct != pt + assert len(ct) == math.ceil(public_key.key_size / 8.0) + recovered_pt = private_key.decrypt(ct, pad, backend) + assert recovered_pt == pt + + def test_rsa_deprecated_encrypt_invalid_backend(self, backend): + # This can be removed when we finish deprecation for DeprecatedIn05 + pretend_backend = object() + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_2048.p, + q=RSA_KEY_2048.q, + private_exponent=RSA_KEY_2048.d, + dmp1=RSA_KEY_2048.dmp1, + dmq1=RSA_KEY_2048.dmq1, + iqmp=RSA_KEY_2048.iqmp, + public_exponent=RSA_KEY_2048.public_numbers.e, + modulus=RSA_KEY_2048.public_numbers.n + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + public_key.encrypt( + b"irrelevant", + padding.PKCS1v15(), + pretend_backend + ) + + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ) + ), + skip_message="Does not support OAEP." + ) + def test_rsa_deprecated_decrypt_oaep(self, backend): + private_key = rsa.RSAPrivateKey( + p=RSA_KEY_2048.p, + q=RSA_KEY_2048.q, + private_exponent=RSA_KEY_2048.d, + dmp1=RSA_KEY_2048.dmp1, + dmq1=RSA_KEY_2048.dmq1, + iqmp=RSA_KEY_2048.iqmp, + public_exponent=RSA_KEY_2048.public_numbers.e, + modulus=RSA_KEY_2048.public_numbers.n + ) + pt = b"encrypt me!" + public_key = private_key.public_key() + pad = padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ) + ct = public_key.encrypt(pt, pad, backend) + assert ct != pt + assert len(ct) == math.ceil(public_key.key_size / 8.0) + recovered_pt = private_key.decrypt(ct, pad, backend) + assert recovered_pt == pt |