aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/hazmat/backends/test_openssl.py82
-rw-r--r--tests/hazmat/primitives/test_dsa.py60
-rw-r--r--tests/hazmat/primitives/test_ec.py29
-rw-r--r--tests/hazmat/primitives/test_rsa.py496
-rw-r--r--tests/hazmat/primitives/test_serialization.py21
-rw-r--r--tests/hazmat/primitives/utils.py5
6 files changed, 413 insertions, 280 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index aa2122fb..bd99c8f2 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -13,6 +13,10 @@
from __future__ import absolute_import, division, print_function
+import subprocess
+import sys
+import textwrap
+
import pretend
import pytest
@@ -212,14 +216,32 @@ class TestOpenSSLRandomEngine(object):
name = backend._lib.ENGINE_get_name(current_default)
assert name == backend._lib.Cryptography_osrandom_engine_name
- # This must be the first test in the class so that the teardown method
- # has not (potentially) altered the default engine.
- def test_osrandom_engine_is_default(self):
- e = backend._lib.ENGINE_get_default_RAND()
- name = backend._lib.ENGINE_get_name(e)
- assert name == backend._lib.Cryptography_osrandom_engine_name
- res = backend._lib.ENGINE_free(e)
- assert res == 1
+ def test_osrandom_engine_is_default(self, tmpdir):
+ engine_printer = textwrap.dedent(
+ """
+ import sys
+ from cryptography.hazmat.backends.openssl.backend import backend
+
+ e = backend._lib.ENGINE_get_default_RAND()
+ name = backend._lib.ENGINE_get_name(e)
+ sys.stdout.write(backend._ffi.string(name).decode('ascii'))
+ res = backend._lib.ENGINE_free(e)
+ assert res == 1
+ """
+ )
+ engine_name = tmpdir.join('engine_name')
+
+ with engine_name.open('w') as out:
+ subprocess.check_call(
+ [sys.executable, "-c", engine_printer],
+ stdout=out
+ )
+
+ osrandom_engine_name = backend._ffi.string(
+ backend._lib.Cryptography_osrandom_engine_name
+ )
+
+ assert engine_name.read().encode('ascii') == osrandom_engine_name
def test_osrandom_sanity_check(self):
# This test serves as a check against catastrophic failure.
@@ -331,7 +353,10 @@ class TestOpenSSLRSA(object):
)
def test_unsupported_mgf1_hash_algorithm(self):
- assert backend.mgf1_hash_supported(DummyHash()) is False
+ assert pytest.deprecated_call(
+ backend.mgf1_hash_supported,
+ DummyHash()
+ ) is False
def test_rsa_padding_unsupported_pss_mgf1_hash(self):
assert backend.rsa_padding_supported(
@@ -462,7 +487,40 @@ class TestOpenSSLNoEllipticCurve(object):
None, None
) is False
- def test_supported_curves(self, monkeypatch):
- monkeypatch.setattr(backend._lib, "Cryptography_HAS_EC", 0)
- assert backend._supported_curves() == []
+class TestDeprecatedRSABackendMethods(object):
+ def test_create_rsa_signature_ctx(self):
+ private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ pytest.deprecated_call(
+ backend.create_rsa_signature_ctx,
+ private_key,
+ padding.PKCS1v15(),
+ hashes.SHA1()
+ )
+
+ def test_create_rsa_verification_ctx(self):
+ private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ public_key = private_key.public_key()
+ pytest.deprecated_call(
+ backend.create_rsa_verification_ctx,
+ public_key,
+ b"\x00" * 64,
+ padding.PKCS1v15(),
+ hashes.SHA1()
+ )
+
+ def test_encrypt_decrypt_rsa(self):
+ private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ public_key = private_key.public_key()
+ ct = pytest.deprecated_call(
+ backend.encrypt_rsa,
+ public_key,
+ b"\x00" * 32,
+ padding.PKCS1v15()
+ )
+ pytest.deprecated_call(
+ backend.decrypt_rsa,
+ private_key,
+ ct,
+ padding.PKCS1v15()
+ )
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index cbe10e9c..51a03c48 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -872,3 +872,63 @@ def test_dsa_generate_invalid_backend():
with raises_unsupported_algorithm(
_Reasons.BACKEND_MISSING_INTERFACE):
dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
+
+
+class TestDSANumbers(object):
+ def test_dsa_parameter_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ assert parameter_numbers.p == 1
+ assert parameter_numbers.q == 2
+ assert parameter_numbers.g == 3
+
+ def test_dsa_parameter_numbers_invalid_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=None, q=2, g=3)
+
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=1, q=None, g=3)
+
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=1, q=2, g=None)
+
+ def test_dsa_public_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ assert public_numbers.y == 4
+ assert public_numbers.parameter_numbers == parameter_numbers
+
+ def test_dsa_public_numbers_invalid_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAPublicNumbers(y=4, parameter_numbers=None)
+
+ with pytest.raises(TypeError):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ dsa.DSAPublicNumbers(y=None, parameter_numbers=parameter_numbers)
+
+ def test_dsa_private_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ private_numbers = dsa.DSAPrivateNumbers(
+ x=5,
+ public_numbers=public_numbers
+ )
+ assert private_numbers.x == 5
+ assert private_numbers.public_numbers == public_numbers
+
+ def test_dsa_private_numbers_invalid_types(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateNumbers(x=4, public_numbers=None)
+
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateNumbers(x=None, public_numbers=public_numbers)
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 1879f4fc..2690e794 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -70,6 +70,15 @@ def _skip_ecdsa_vector(backend, curve_type, hash_type):
)
+def _skip_curve_unsupported(backend, curve):
+ if not backend.elliptic_curve_supported(curve):
+ pytest.skip(
+ "Curve {0} is not supported by this backend {1}".format(
+ curve.name, backend
+ )
+ )
+
+
@utils.register_interface(interfaces.EllipticCurve)
class DummyCurve(object):
name = "dummy-curve"
@@ -81,6 +90,12 @@ class DummySignatureAlgorithm(object):
pass
+@pytest.mark.elliptic
+def test_skip_curve_unsupported(backend):
+ with pytest.raises(pytest.skip.Exception):
+ _skip_curve_unsupported(backend, DummyCurve())
+
+
def test_ec_numbers():
numbers = ec.EllipticCurvePrivateNumbers(
1,
@@ -176,12 +191,7 @@ class TestECDSAVectors(object):
"curve", _CURVE_TYPES.values()
)
def test_generate_vector_curves(self, backend, curve):
- if not backend.elliptic_curve_supported(curve()):
- pytest.skip(
- "Curve {0} is not supported by this backend {1}".format(
- curve().name, backend
- )
- )
+ _skip_curve_unsupported(backend, curve())
key = ec.generate_private_key(curve(), backend)
assert key
@@ -205,12 +215,7 @@ class TestECDSAVectors(object):
) is False
def test_unknown_signature_algoritm(self, backend):
- if not backend.elliptic_curve_supported(ec.SECP192R1()):
- pytest.skip(
- "Curve secp192r1 is not supported by this backend {0}".format(
- backend
- )
- )
+ _skip_curve_unsupported(backend, ec.SECP192R1())
key = ec.generate_private_key(ec.SECP192R1(), backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index ffaaf587..04908453 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -27,9 +27,6 @@ from cryptography.exceptions import (
)
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
-from cryptography.hazmat.primitives.serialization import (
- load_rsa_private_numbers
-)
from .fixtures_rsa import (
RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028,
@@ -102,9 +99,16 @@ class TestRSA(object):
if isinstance(skey, interfaces.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(skey.private_numbers())
+ pkey = skey.public_key()
+ assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers)
def test_generate_rsa_key_class_method(self, backend):
- skey = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ skey = pytest.deprecated_call(
+ rsa.RSAPrivateKey.generate,
+ 65537,
+ 512,
+ backend
+ )
assert skey.key_size == 512
assert skey.public_exponent == 65537
@@ -169,11 +173,21 @@ class TestRSA(object):
def test_invalid_private_key_argument_types(self):
with pytest.raises(TypeError):
- rsa.RSAPrivateKey(None, None, None, None, None, None, None, None)
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
+ None,
+ None,
+ None,
+ None,
+ None,
+ None,
+ None,
+ None
+ )
def test_invalid_public_key_argument_types(self):
with pytest.raises(TypeError):
- rsa.RSAPublicKey(None, None)
+ pytest.deprecated_call(rsa.RSAPublicKey, None, None)
def test_invalid_private_key_argument_values(self):
# Start with p=3, q=11, private_exponent=3, public_exponent=7,
@@ -182,7 +196,8 @@ class TestRSA(object):
# Test a modulus < 3.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -195,7 +210,8 @@ class TestRSA(object):
# Test a modulus != p * q.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -208,7 +224,8 @@ class TestRSA(object):
# Test a p > modulus.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=37,
q=11,
private_exponent=3,
@@ -221,7 +238,8 @@ class TestRSA(object):
# Test a q > modulus.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=37,
private_exponent=3,
@@ -234,7 +252,8 @@ class TestRSA(object):
# Test a dmp1 > modulus.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -247,7 +266,8 @@ class TestRSA(object):
# Test a dmq1 > modulus.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -260,7 +280,8 @@ class TestRSA(object):
# Test an iqmp > modulus.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -273,7 +294,8 @@ class TestRSA(object):
# Test a private_exponent > modulus
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=37,
@@ -286,7 +308,8 @@ class TestRSA(object):
# Test a public_exponent < 3
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -299,7 +322,8 @@ class TestRSA(object):
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -312,7 +336,8 @@ class TestRSA(object):
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -325,7 +350,8 @@ class TestRSA(object):
# Test a dmp1 that is not odd.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -338,7 +364,8 @@ class TestRSA(object):
# Test a dmq1 that is not odd.
with pytest.raises(ValueError):
- rsa.RSAPrivateKey(
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=3,
q=11,
private_exponent=3,
@@ -355,19 +382,27 @@ class TestRSA(object):
# Test a modulus < 3.
with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=7, modulus=2)
+ pytest.deprecated_call(
+ rsa.RSAPublicKey, public_exponent=7, modulus=2
+ )
# Test a public_exponent < 3
with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=1, modulus=15)
+ pytest.deprecated_call(
+ rsa.RSAPublicKey, public_exponent=1, modulus=15
+ )
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=17, modulus=15)
+ pytest.deprecated_call(
+ rsa.RSAPublicKey, public_exponent=17, modulus=15
+ )
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- rsa.RSAPublicKey(public_exponent=6, modulus=15)
+ pytest.deprecated_call(
+ rsa.RSAPublicKey, public_exponent=6, modulus=15
+ )
def test_rsa_generate_invalid_backend():
@@ -377,7 +412,9 @@ def test_rsa_generate_invalid_backend():
rsa.generate_private_key(65537, 2048, pretend_backend)
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend)
+ pytest.deprecated_call(
+ rsa.RSAPrivateKey.generate, 65537, 2048, pretend_backend
+ )
@pytest.mark.rsa
@@ -398,7 +435,8 @@ class TestRSASignature(object):
)
def test_pkcs1v15_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_key = rsa.RSAPrivateKey(
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=private["p"],
q=private["q"],
private_exponent=private["private_exponent"],
@@ -432,7 +470,8 @@ class TestRSASignature(object):
)
def test_pss_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_key = rsa.RSAPrivateKey(
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=private["p"],
q=private["q"],
private_exponent=private["private_exponent"],
@@ -482,7 +521,7 @@ class TestRSASignature(object):
skip_message="Does not support PSS."
)
def test_deprecated_pss_mgf1_salt_length(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
signer = private_key.signer(
pytest.deprecated_call(
padding.PSS,
@@ -526,7 +565,7 @@ class TestRSASignature(object):
pytest.skip(
"Does not support {0} in MGF1 using PSS.".format(hash_alg.name)
)
- private_key = load_rsa_private_numbers(RSA_KEY_768, backend)
+ private_key = RSA_KEY_768.private_key(backend)
public_key = private_key.public_key()
pss = padding.PSS(
mgf=padding.MGF1(hash_alg),
@@ -552,7 +591,7 @@ class TestRSASignature(object):
skip_message="Does not support SHA512."
)
def test_pss_minimum_key_size_for_digest(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_522, backend)
+ private_key = RSA_KEY_522.private_key(backend)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(hashes.SHA1()),
@@ -577,7 +616,7 @@ class TestRSASignature(object):
skip_message="Does not support SHA512."
)
def test_pss_signing_digest_too_large_for_key_size(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with pytest.raises(ValueError):
private_key.signer(
padding.PSS(
@@ -597,7 +636,7 @@ class TestRSASignature(object):
skip_message="Does not support PSS."
)
def test_pss_signing_salt_length_too_long(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(hashes.SHA1()),
@@ -616,7 +655,7 @@ class TestRSASignature(object):
skip_message="Does not support PKCS1v1.5."
)
def test_use_after_finalize(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(b"sign me")
signer.finalize()
@@ -626,18 +665,19 @@ class TestRSASignature(object):
signer.update(b"more data")
def test_unsupported_padding(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.signer(DummyPadding(), hashes.SHA1())
def test_padding_incorrect_type(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with pytest.raises(TypeError):
private_key.signer("notpadding", hashes.SHA1())
def test_rsa_signer_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey(
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=RSA_KEY_512.p,
q=RSA_KEY_512.q,
private_exponent=RSA_KEY_512.d,
@@ -659,7 +699,7 @@ class TestRSASignature(object):
skip_message="Does not support PSS."
)
def test_unsupported_pss_mgf(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1())
@@ -670,7 +710,7 @@ class TestRSASignature(object):
skip_message="Does not support PKCS1v1.5."
)
def test_pkcs1_digest_too_large_for_key_size(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_599, backend)
+ private_key = RSA_KEY_599.private_key(backend)
signer = private_key.signer(
padding.PKCS1v15(),
hashes.SHA512()
@@ -686,7 +726,7 @@ class TestRSASignature(object):
skip_message="Does not support PKCS1v1.5."
)
def test_pkcs1_minimum_key_size(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_745, backend)
+ private_key = RSA_KEY_745.private_key(backend)
signer = private_key.signer(
padding.PKCS1v15(),
hashes.SHA512()
@@ -733,7 +773,7 @@ class TestRSAVerification(object):
skip_message="Does not support PKCS1v1.5."
)
def test_invalid_pkcs1v15_signature_wrong_data(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(b"sign me")
@@ -754,8 +794,8 @@ class TestRSAVerification(object):
skip_message="Does not support PKCS1v1.5."
)
def test_invalid_pkcs1v15_signature_wrong_key(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
- private_key2 = load_rsa_private_numbers(RSA_KEY_512_ALT, backend)
+ private_key = RSA_KEY_512.private_key(backend)
+ private_key2 = RSA_KEY_512_ALT.private_key(backend)
public_key = private_key2.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(b"sign me")
@@ -920,7 +960,7 @@ class TestRSAVerification(object):
skip_message="Does not support PKCS1v1.5."
)
def test_use_after_finalize(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(b"sign me")
@@ -939,20 +979,25 @@ class TestRSAVerification(object):
verifier.update(b"more data")
def test_unsupported_padding(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
public_key.verifier(b"sig", DummyPadding(), hashes.SHA1())
def test_padding_incorrect_type(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with pytest.raises(TypeError):
public_key.verifier(b"sig", "notpadding", hashes.SHA1())
def test_rsa_verifier_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey.generate,
+ 65537,
+ 2048,
+ backend
+ )
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
@@ -966,7 +1011,7 @@ class TestRSAVerification(object):
skip_message="Does not support PSS."
)
def test_unsupported_pss_mgf(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()),
@@ -986,7 +1031,7 @@ class TestRSAVerification(object):
skip_message="Does not support SHA512."
)
def test_pss_verify_digest_too_large_for_key_size(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
signature = binascii.unhexlify(
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
@@ -1387,7 +1432,7 @@ class TestRSADecryption(object):
assert message == binascii.unhexlify(example["message"])
def test_unsupported_padding(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
private_key.decrypt(b"0" * 64, DummyPadding())
@@ -1398,7 +1443,7 @@ class TestRSADecryption(object):
skip_message="Does not support PKCS1v1.5."
)
def test_decrypt_invalid_decrypt(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with pytest.raises(ValueError):
private_key.decrypt(
b"\x00" * 64,
@@ -1412,7 +1457,7 @@ class TestRSADecryption(object):
skip_message="Does not support PKCS1v1.5."
)
def test_decrypt_ciphertext_too_large(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with pytest.raises(ValueError):
private_key.decrypt(
b"\x00" * 65,
@@ -1426,7 +1471,7 @@ class TestRSADecryption(object):
skip_message="Does not support PKCS1v1.5."
)
def test_decrypt_ciphertext_too_small(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
ct = binascii.unhexlify(
b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1"
b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0"
@@ -1439,7 +1484,9 @@ class TestRSADecryption(object):
def test_rsa_decrypt_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend)
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey.generate, 65537, 2048, backend
+ )
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
private_key.decrypt(
@@ -1468,7 +1515,8 @@ class TestRSADecryption(object):
)
def test_decrypt_oaep_vectors(self, vector, backend):
private, public, example = vector
- skey = rsa.RSAPrivateKey(
+ skey = pytest.deprecated_call(
+ rsa.RSAPrivateKey,
p=private["p"],
q=private["q"],
private_exponent=private["private_exponent"],
@@ -1490,7 +1538,7 @@ class TestRSADecryption(object):
assert message == binascii.unhexlify(example["message"])
def test_unsupported_oaep_mgf(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
private_key.decrypt(
b"0" * 64,
@@ -1564,7 +1612,7 @@ class TestRSAEncryption(object):
)
)
def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend):
- private_key = load_rsa_private_numbers(key_data, backend)
+ private_key = key_data.private_key(backend)
pt = b"encrypt me!"
public_key = private_key.public_key()
ct = public_key.encrypt(pt, pad)
@@ -1590,7 +1638,7 @@ class TestRSAEncryption(object):
)
)
def test_rsa_encrypt_key_too_small(self, key_data, pad, backend):
- private_key = load_rsa_private_numbers(key_data, backend)
+ private_key = key_data.private_key(backend)
public_key = private_key.public_key()
# Slightly smaller than the key size but not enough for padding.
with pytest.raises(ValueError):
@@ -1608,7 +1656,9 @@ class TestRSAEncryption(object):
def test_rsa_encrypt_invalid_backend(self, backend):
pretend_backend = object()
- private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
+ private_key = pytest.deprecated_call(
+ rsa.RSAPrivateKey.generate, 65537, 512, backend
+ )
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
@@ -1619,14 +1669,14 @@ class TestRSAEncryption(object):
)
def test_unsupported_padding(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
public_key.encrypt(b"somedata", DummyPadding())
def test_unsupported_oaep_mgf(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_512, backend)
+ private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
@@ -1667,6 +1717,14 @@ class TestRSANumbers(object):
assert private_numbers.iqmp == 2
assert private_numbers.public_numbers == public_numbers
+ def test_rsa_private_numbers_create_key(self, backend):
+ private_key = RSA_KEY_1024.private_key(backend)
+ assert private_key
+
+ def test_rsa_public_numbers_create_key(self, backend):
+ public_key = RSA_KEY_1024.public_numbers.public_key(backend)
+ assert public_key
+
def test_public_numbers_invalid_types(self):
with pytest.raises(TypeError):
rsa.RSAPublicNumbers(e=None, n=15)
@@ -1761,19 +1819,19 @@ class TestRSANumbers(object):
# Test a modulus < 3.
with pytest.raises(ValueError):
- backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=7, n=2))
+ rsa.RSAPublicNumbers(e=7, n=2).public_key(backend)
# Test a public_exponent < 3
with pytest.raises(ValueError):
- backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=1, n=15))
+ rsa.RSAPublicNumbers(e=1, n=15).public_key(backend)
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=17, n=15))
+ rsa.RSAPublicNumbers(e=17, n=15).public_key(backend)
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=16, n=15))
+ rsa.RSAPublicNumbers(e=16, n=15).public_key(backend)
def test_invalid_private_numbers_argument_values(self, backend):
# Start with p=3, q=11, private_exponent=3, public_exponent=7,
@@ -1782,221 +1840,195 @@ class TestRSANumbers(object):
# Test a modulus < 3.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=2
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=2
)
- )
+ ).private_key(backend)
# Test a modulus != p * q.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=35
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=35
)
- )
+ ).private_key(backend)
# Test a p > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=37,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=37,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a q > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=37,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=37,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a dmp1 > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=35,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=35,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a dmq1 > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=35,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=35,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test an iqmp > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=35,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=35,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a private_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=37,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=37,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a public_exponent < 3
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=1,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=1,
+ n=33
)
- )
+ ).private_key(backend)
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=35,
- public_numbers=rsa.RSAPublicNumbers(
- e=65537,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=35,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=65537,
+ n=33
)
- )
+ ).private_key(backend)
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=6,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=6,
+ n=33
)
- )
+ ).private_key(backend)
# Test a dmp1 that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=2,
- dmq1=3,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=2,
+ dmq1=3,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
# Test a dmq1 that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_private_numbers(
- rsa.RSAPrivateNumbers(
- p=3,
- q=11,
- d=3,
- dmp1=1,
- dmq1=4,
- iqmp=2,
- public_numbers=rsa.RSAPublicNumbers(
- e=7,
- n=33
- )
+ rsa.RSAPrivateNumbers(
+ p=3,
+ q=11,
+ d=3,
+ dmp1=1,
+ dmq1=4,
+ iqmp=2,
+ public_numbers=rsa.RSAPublicNumbers(
+ e=7,
+ n=33
)
- )
+ ).private_key(backend)
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index ae990b64..8a90b30e 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -23,13 +23,9 @@ from cryptography.exceptions import _Reasons
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.serialization import (
- load_pem_pkcs8_private_key,
- load_pem_traditional_openssl_private_key,
- load_rsa_private_numbers,
- load_rsa_public_numbers
+ load_pem_pkcs8_private_key, load_pem_traditional_openssl_private_key
)
-from .fixtures_rsa import RSA_KEY_1024
from .utils import _check_rsa_private_numbers, load_vectors_from_file
from ...utils import raises_unsupported_algorithm
@@ -553,18 +549,3 @@ class TestPKCS8Serialisation(object):
pemfile.read().encode(), password, backend
)
)
-
-
-@pytest.mark.rsa
-class TestLoadRSANumbers(object):
- def test_load_private_numbers(self, backend):
- private_key = load_rsa_private_numbers(RSA_KEY_1024, backend)
- assert private_key
- assert private_key.private_numbers()
-
- def test_load_public_numbers(self, backend):
- public_key = load_rsa_public_numbers(
- RSA_KEY_1024.public_numbers, backend
- )
- assert public_key
- assert public_key.public_numbers()
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 54659aa9..49b73f01 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -28,9 +28,6 @@ from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
-from cryptography.hazmat.primitives.serialization import (
- load_rsa_public_numbers
-)
from ...utils import load_vectors_from_file
@@ -395,7 +392,7 @@ def rsa_verification_test(backend, params, hash_alg, pad_factory):
e=params["public_exponent"],
n=params["modulus"]
)
- public_key = load_rsa_public_numbers(public_numbers, backend)
+ public_key = public_numbers.public_key(backend)
pad = pad_factory(params, hash_alg)
verifier = public_key.verifier(
binascii.unhexlify(params["s"]),
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-23 20:12:17 +0000