3 files changed, 244 insertions, 1 deletions

diff --git a/tests/conftest.py b/tests/conftest.py
index ecad1b23..64982efd 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -2,7 +2,7 @@ import pytest
 
 from cryptography.hazmat.backends import _ALL_BACKENDS
 from cryptography.hazmat.backends.interfaces import (
-    HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend
+    HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend, RSABackend
 )
 
 from .utils import check_for_iface, check_backend_support, select_backends
@@ -22,6 +22,7 @@ def pytest_runtest_setup(item):
     check_for_iface("cipher", CipherBackend, item)
     check_for_iface("hash", HashBackend, item)
     check_for_iface("pbkdf2hmac", PBKDF2HMACBackend, item)
+    check_for_iface("rsa", RSABackend, item)
     check_backend_support(item)
 
 
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index ea04c133..b24808df 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -152,3 +152,72 @@ class TestOpenSSL(object):
             pytest.skip("Requires an older OpenSSL")
         with pytest.raises(UnsupportedAlgorithm):
             backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
+
+    # This test is not in the next class because to check if it's really
+    # default we don't want to run the setup_method before it
+    def test_osrandom_engine_is_default(self):
+        e = backend._lib.ENGINE_get_default_RAND()
+        name = backend._lib.ENGINE_get_name(e)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+        res = backend._lib.ENGINE_free(e)
+        assert res == 1
+
+
+class TestOpenSSLRandomEngine(object):
+    def teardown_method(self, method):
+        # we need to reset state to being default. backend is a shared global
+        # for all these tests.
+        backend.activate_osrandom_engine()
+        current_default = backend._lib.ENGINE_get_default_RAND()
+        name = backend._lib.ENGINE_get_name(current_default)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+
+    def test_osrandom_sanity_check(self):
+        # This test serves as a check against catastrophic failure.
+        buf = backend._ffi.new("char[]", 500)
+        res = backend._lib.RAND_bytes(buf, 500)
+        assert res == 1
+        assert backend._ffi.buffer(buf)[:] != "\x00" * 500
+
+    def test_activate_osrandom_already_default(self):
+        e = backend._lib.ENGINE_get_default_RAND()
+        name = backend._lib.ENGINE_get_name(e)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+        res = backend._lib.ENGINE_free(e)
+        assert res == 1
+        backend.activate_osrandom_engine()
+        e = backend._lib.ENGINE_get_default_RAND()
+        name = backend._lib.ENGINE_get_name(e)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+        res = backend._lib.ENGINE_free(e)
+        assert res == 1
+
+    def test_activate_osrandom_no_default(self):
+        backend.activate_builtin_random()
+        e = backend._lib.ENGINE_get_default_RAND()
+        assert e == backend._ffi.NULL
+        backend.activate_osrandom_engine()
+        e = backend._lib.ENGINE_get_default_RAND()
+        name = backend._lib.ENGINE_get_name(e)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+        res = backend._lib.ENGINE_free(e)
+        assert res == 1
+
+    def test_activate_builtin_random(self):
+        e = backend._lib.ENGINE_get_default_RAND()
+        assert e != backend._ffi.NULL
+        name = backend._lib.ENGINE_get_name(e)
+        assert name == backend._lib.Cryptography_osrandom_engine_name
+        res = backend._lib.ENGINE_free(e)
+        assert res == 1
+        backend.activate_builtin_random()
+        e = backend._lib.ENGINE_get_default_RAND()
+        assert e == backend._ffi.NULL
+
+    def test_activate_builtin_random_already_active(self):
+        backend.activate_builtin_random()
+        e = backend._lib.ENGINE_get_default_RAND()
+        assert e == backend._ffi.NULL
+        backend.activate_builtin_random()
+        e = backend._lib.ENGINE_get_default_RAND()
+        assert e == backend._ffi.NULL
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
new file mode 100644
index 00000000..e2aca028
--- /dev/null
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -0,0 +1,173 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+import pytest
+
+from cryptography.hazmat.primitives.asymmetric import rsa
+
+from ...utils import load_pkcs1_vectors, load_vectors_from_file
+
+
+class TestRSA(object):
+    @pytest.mark.parametrize(
+        "pkcs1_example",
+        load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"),
+            load_pkcs1_vectors
+        )
+    )
+    def test_load_pss_vect_example_keys(self, pkcs1_example):
+        secret, public = pkcs1_example
+
+        skey = rsa.RSAPrivateKey(**secret)
+        pkey = rsa.RSAPublicKey(**public)
+        pkey2 = skey.public_key()
+
+        assert skey and pkey and pkey2
+
+        assert skey.modulus
+        assert skey.modulus == pkey.modulus
+        assert skey.modulus == skey.n
+        assert skey.public_exponent == pkey.public_exponent
+        assert skey.public_exponent == skey.e
+        assert skey.private_exponent == skey.d
+
+        assert pkey.modulus
+        assert pkey.modulus == pkey2.modulus
+        assert pkey.modulus == pkey.n
+        assert pkey.public_exponent == pkey2.public_exponent
+        assert pkey.public_exponent == pkey.e
+
+        assert skey.key_size
+        assert skey.key_size == pkey.key_size
+        assert skey.key_size == pkey2.key_size
+
+        assert skey.p * skey.q == skey.modulus
+
+    def test_invalid_private_key_argument_types(self):
+        with pytest.raises(TypeError):
+            rsa.RSAPrivateKey(None, None, None, None, None)
+
+    def test_invalid_public_key_argument_types(self):
+        with pytest.raises(TypeError):
+            rsa.RSAPublicKey(None, None)
+
+    def test_invalid_private_key_argument_values(self):
+        # Start with p=3, q=5, private_exponent=14, public_exponent=7,
+        # modulus=15. Then change one value at a time to test the bounds.
+
+        # Test a modulus < 3.
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=14,
+                public_exponent=7,
+                modulus=2
+            )
+
+        # Test a modulus != p * q.
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=14,
+                public_exponent=7,
+                modulus=16
+            )
+
+        # Test a p > modulus.
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=16,
+                q=5,
+                private_exponent=14,
+                public_exponent=7,
+                modulus=15
+            )
+
+        # Test a q > modulus.
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=16,
+                private_exponent=14,
+                public_exponent=7,
+                modulus=15
+            )
+
+        # Test a private_exponent > modulus
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=16,
+                public_exponent=7,
+                modulus=15
+            )
+
+        # Test a public_exponent < 3
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=14,
+                public_exponent=1,
+                modulus=15
+            )
+
+        # Test a public_exponent > modulus
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=14,
+                public_exponent=17,
+                modulus=15
+            )
+
+        # Test a public_exponent that is not odd.
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(
+                p=3,
+                q=5,
+                private_exponent=14,
+                public_exponent=6,
+                modulus=15
+            )
+
+    def test_invalid_public_key_argument_values(self):
+        # Start with public_exponent=7, modulus=15. Then change one value at a
+        # time to test the bounds.
+
+        # Test a modulus < 3.
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(public_exponent=7, modulus=2)
+
+        # Test a public_exponent < 3
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(public_exponent=1, modulus=15)
+
+        # Test a public_exponent > modulus
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(public_exponent=17, modulus=15)
+
+        # Test a public_exponent that is not odd.
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(public_exponent=6, modulus=15)