aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/conftest.py4
-rw-r--r--tests/hazmat/backends/test_multibackend.py47
-rw-r--r--tests/hazmat/backends/test_openssl.py25
-rw-r--r--tests/hazmat/primitives/test_block.py1
-rw-r--r--tests/hazmat/primitives/test_dsa.py731
-rw-r--r--tests/hazmat/primitives/test_rsa.py151
-rw-r--r--tests/test_utils.py214
-rw-r--r--tests/utils.py11
8 files changed, 1129 insertions, 55 deletions
diff --git a/tests/conftest.py b/tests/conftest.py
index 8e89af57..1ee2a993 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -17,7 +17,8 @@ import pytest
from cryptography.hazmat.backends import _available_backends
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+ RSABackend
)
from .utils import check_backend_support, check_for_iface, select_backends
@@ -37,6 +38,7 @@ def pytest_runtest_setup(item):
check_for_iface("cipher", CipherBackend, item)
check_for_iface("hash", HashBackend, item)
check_for_iface("pbkdf2hmac", PBKDF2HMACBackend, item)
+ check_for_iface("dsa", DSABackend, item)
check_for_iface("rsa", RSABackend, item)
check_backend_support(item)
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index b7bcaf69..f46009d4 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -13,14 +13,13 @@
from __future__ import absolute_import, division, print_function
-import pytest
-
from cryptography import utils
from cryptography.exceptions import (
UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+ RSABackend
)
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.primitives import hashes, hmac
@@ -100,6 +99,15 @@ class DummyRSABackend(object):
pass
+@utils.register_interface(DSABackend)
+class DummyDSABackend(object):
+ def generate_dsa_parameters(self, key_size):
+ pass
+
+ def generate_dsa_private_key(self, parameters):
+ pass
+
+
class TestMultiBackend(object):
def test_ciphers(self):
backend = MultiBackend([
@@ -179,13 +187,40 @@ class TestMultiBackend(object):
padding.PKCS1v15(), hashes.MD5())
backend = MultiBackend([])
- with pytest.raises(UnsupportedAlgorithm):
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
- with pytest.raises(UnsupportedAlgorithm):
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
hashes.MD5())
- with pytest.raises(UnsupportedAlgorithm):
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
backend.create_rsa_verification_ctx(
"public_key", "sig", padding.PKCS1v15(), hashes.MD5())
+
+ def test_dsa(self):
+ backend = MultiBackend([
+ DummyDSABackend()
+ ])
+
+ backend.generate_dsa_parameters(key_size=1024)
+
+ parameters = object()
+ backend.generate_dsa_private_key(parameters)
+
+ backend = MultiBackend([])
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.generate_dsa_parameters(key_size=1024)
+
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.generate_dsa_private_key(parameters)
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 016da0fc..6ab16627 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -21,13 +21,15 @@ from cryptography.exceptions import (
)
from cryptography.hazmat.backends.openssl.backend import Backend, backend
from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers.algorithms import AES
from cryptography.hazmat.primitives.ciphers.modes import CBC
from ...utils import raises_unsupported_algorithm
+from cryptography.utils import bit_length
+
@utils.register_interface(interfaces.Mode)
class DummyMode(object):
@@ -192,6 +194,27 @@ class TestOpenSSL(object):
res = backend._lib.ENGINE_free(e)
assert res == 1
+ @pytest.mark.skipif(
+ backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000f,
+ reason="Requires an older OpenSSL. Must be < 1.0.0"
+ )
+ def test_large_key_size_on_old_openssl(self):
+ with pytest.raises(ValueError):
+ dsa.DSAParameters.generate(2048, backend=backend)
+
+ with pytest.raises(ValueError):
+ dsa.DSAParameters.generate(3072, backend=backend)
+
+ @pytest.mark.skipif(
+ backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f,
+ reason="Requires a newer OpenSSL. Must be >= 1.0.0"
+ )
+ def test_large_key_size_on_new_openssl(self):
+ parameters = dsa.DSAParameters.generate(2048, backend)
+ assert bit_length(parameters.p) == 2048
+ parameters = dsa.DSAParameters.generate(3072, backend)
+ assert bit_length(parameters.p) == 3072
+
class TestOpenSSLRandomEngine(object):
def teardown_method(self, method):
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 68d6c849..acfd947c 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -158,6 +158,7 @@ class TestAEADCipherContext(object):
)
+@pytest.mark.cipher
class TestModeValidation(object):
def test_cbc(self, backend):
with pytest.raises(ValueError):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
new file mode 100644
index 00000000..2b5d4bb3
--- /dev/null
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -0,0 +1,731 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+import pytest
+
+from cryptography.exceptions import _Reasons
+from cryptography.hazmat.primitives.asymmetric import dsa
+from cryptography.utils import bit_length
+
+from ...utils import (
+ load_vectors_from_file, load_fips_dsa_key_pair_vectors,
+ raises_unsupported_algorithm
+)
+
+
+def _check_dsa_private_key(skey):
+ assert skey
+ assert skey.x
+ assert skey.y
+ assert skey.key_size
+
+ skey_parameters = skey.parameters()
+ assert skey_parameters
+ assert skey_parameters.modulus
+ assert skey_parameters.subgroup_order
+ assert skey_parameters.generator
+ assert skey_parameters.modulus == skey_parameters.p
+ assert skey_parameters.subgroup_order == skey_parameters.q
+ assert skey_parameters.generator == skey_parameters.g
+
+ pkey = skey.public_key()
+ assert pkey
+ assert skey.y == pkey.y
+ assert skey.key_size == pkey.key_size
+
+ pkey_parameters = pkey.parameters()
+ assert pkey_parameters
+ assert pkey_parameters.modulus
+ assert pkey_parameters.subgroup_order
+ assert pkey_parameters.generator
+ assert pkey_parameters.modulus == pkey_parameters.p
+ assert pkey_parameters.subgroup_order == pkey_parameters.q
+ assert pkey_parameters.generator == pkey_parameters.g
+
+ assert skey_parameters.modulus == pkey_parameters.modulus
+ assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
+ assert skey_parameters.generator == pkey_parameters.generator
+
+
+@pytest.mark.dsa
+class TestDSA(object):
+ _parameters_1024 = {
+ 'p': 'd38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341eabb47'
+ 'cf8a7a8a41e792a156b7ce97206c4f9c5ce6fc5ae7912102b6b502e59050b5b21ce26'
+ '3dddb2044b652236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c7147123188f8'
+ 'dc551054ee162b634d60f097f719076640e20980a0093113a8bd73',
+
+ 'q': '96c5390a8b612c0e422bb2b0ea194a3ec935a281',
+
+ 'g': '06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce4991d2b862'
+ '259d6b4548a6495b195aa0e0b6137ca37eb23b94074d3c3d300042bdf15762812b633'
+ '3ef7b07ceba78607610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c61d39e'
+ '7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc076341a7e7d9',
+
+ 'x': '8185fee9cc7c0e91fd85503274f1cd5a3fd15a49',
+
+ 'y': '6f26d98d41de7d871b6381851c9d91fa03942092ab6097e76422070edb71db44'
+ 'ff568280fdb1709f8fc3feab39f1f824adaeb2a298088156ac31af1aa04bf54f475bd'
+ 'cfdcf2f8a2dd973e922d83e76f016558617603129b21c70bf7d0e5dc9e68fe332e295'
+ 'b65876eb9a12fe6fca9f1a1ce80204646bf99b5771d249a6fea627'
+ }
+
+ _parameters_2048 = {
+ 'p': 'ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace5e9c41434c9c'
+ 'f0a8e9498acb0f4663c08b4484eace845f6fb17dac62c98e706af0fc74e4da1c6c2b3'
+ 'fbf5a1d58ff82fc1a66f3e8b12252c40278fff9dd7f102eed2cb5b7323ebf1908c234'
+ 'd935414dded7f8d244e54561b0dca39b301de8c49da9fb23df33c6182e3f983208c56'
+ '0fb5119fbf78ebe3e6564ee235c6a15cbb9ac247baba5a423bc6582a1a9d8a2b4f0e9'
+ 'e3d9dbac122f750dd754325135257488b1f6ecabf21bff2947fe0d3b2cb7ffe67f4e7'
+ 'fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a908c36e95e60bf49ca4368b8b892b9'
+ 'c79f61ef91c47567c40e1f80ac5aa66ef7',
+
+ 'q': '8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b18f'
+ '507192c19d',
+
+ 'g': 'e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b1913413d'
+ '344d1d8d84a333839d88eee431521f6e357c16e6a93be111a98076739cd401bab3b9d'
+ '565bf4fb99e9d185b1e14d61c93700133f908bae03e28764d107dcd2ea76742176220'
+ '74bb19efff482f5f5c1a86d5551b2fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6'
+ 'ad7f9f0f3c61568f78d0706b10a26f23b4f197c322b825002284a0aca91807bba98ec'
+ 'e912b80e10cdf180cf99a35f210c1655fbfdd74f13b1b5046591f8403873d12239834'
+ 'dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed273b146ec1ca06d0adf55dd9'
+ '1d65c37297bda78c6d210c0bc26e558302',
+
+ 'x': '405772da6e90d809e77d5de796562a2dd4dfd10ef00a83a3aba6bd'
+ '818a0348a1',
+
+ 'y': '6b32e31ab9031dc4dd0b5039a78d07826687ab087ae6de4736f5b0434e125309'
+ '2e8a0b231f9c87f3fc8a4cb5634eb194bf1b638b7a7889620ce6711567e36aa36cda4'
+ '604cfaa601a45918371d4ccf68d8b10a50a0460eb1dc0fff62ef5e6ee4d473e18ea4a'
+ '66c196fb7e677a49b48241a0b4a97128eff30fa437050501a584f8771e7280d26d5af'
+ '30784039159c11ebfea10b692fd0a58215eeb18bff117e13f08db792ed4151a218e4b'
+ 'ed8dddfb0793225bd1e9773505166f4bd8cedbb286ea28232972da7bae836ba97329b'
+ 'a6b0a36508e50a52a7675e476d4d4137eae13f22a9d2fefde708ba8f34bf336c6e763'
+ '31761e4b0617633fe7ec3f23672fb19d27'
+ }
+
+ _parameters_3072 = {
+ 'p': 'f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d5828c352f5'
+ '93a9a787760ce34b789879941f2f01f02319f6ae0b756f1a842ba54c85612ed632ee2'
+ 'd79ef17f06b77c641b7b080aff52a03fc2462e80abc64d223723c236deeb7d201078e'
+ 'c01ca1fbc1763139e25099a84ec389159c409792080736bd7caa816b92edf23f2c351'
+ 'f90074aa5ea2651b372f8b58a0a65554db2561d706a63685000ac576b7e4562e262a1'
+ '4285a9c6370b290e4eb7757527d80b6c0fd5df831d36f3d1d35f12ab060548de1605f'
+ 'd15f7c7aafed688b146a02c945156e284f5b71282045aba9844d48b5df2e9e7a58871'
+ '21eae7d7b01db7cdf6ff917cd8eb50c6bf1d54f90cce1a491a9c74fea88f7e7230b04'
+ '7d16b5a6027881d6f154818f06e513faf40c8814630e4e254f17a47bfe9cb519b9828'
+ '9935bf17673ae4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f7476'
+ 'cd715eaabb7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c1136f303f4b4d2'
+ '5ad5b692229957',
+
+ 'q': 'd3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210f'
+ '6169041653b',
+
+ 'g': 'ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978db2104d7394b4'
+ '93c18332c64cec906a71c3778bd93341165dee8e6cd4ca6f13afff531191194ada55e'
+ 'cf01ff94d6cf7c4768b82dd29cd131aaf202aefd40e564375285c01f3220af4d70b96'
+ 'f1395420d778228f1461f5d0b8e47357e87b1fe3286223b553e3fc9928f16ae3067de'
+ 'd6721bedf1d1a01bfd22b9ae85fce77820d88cdf50a6bde20668ad77a707d1c60fcc5'
+ 'd51c9de488610d0285eb8ff721ff141f93a9fb23c1d1f7654c07c46e58836d1652828'
+ 'f71057b8aff0b0778ef2ca934ea9d0f37daddade2d823a4d8e362721082e279d003b5'
+ '75ee59fd050d105dfd71cd63154efe431a0869178d9811f4f231dc5dcf3b0ec0f2b0f'
+ '9896c32ec6c7ee7d60aa97109e09224907328d4e6acd10117e45774406c4c947da802'
+ '0649c3168f690e0bd6e91ac67074d1d436b58ae374523deaf6c93c1e6920db4a080b7'
+ '44804bb073cecfe83fa9398cf150afa286dc7eb7949750cf5001ce104e9187f7e1685'
+ '9afa8fd0d775ae',
+
+ 'x': 'b2764c46113983777d3e7e97589f1303806d14ad9f2f1ef033097'
+ 'de954b17706',
+
+ 'y': '814824e435e1e6f38daa239aad6dad21033afce6a3ebd35c1359348a0f241887'
+ '1968c2babfc2baf47742148828f8612183178f126504da73566b6bab33ba1f124c15a'
+ 'a461555c2451d86c94ee21c3e3fc24c55527e01b1f03adcdd8ec5cb08082803a7b6a8'
+ '29c3e99eeb332a2cf5c035b0ce0078d3d414d31fa47e9726be2989b8d06da2e6cd363'
+ 'f5a7d1515e3f4925e0b32adeae3025cc5a996f6fd27494ea408763de48f3bb39f6a06'
+ '514b019899b312ec570851637b8865cff3a52bf5d54ad5a19e6e400a2d33251055d0a'
+ '440b50d53f4791391dc754ad02b9eab74c46b4903f9d76f824339914db108057af7cd'
+ 'e657d41766a99991ac8787694f4185d6f91d7627048f827b405ec67bf2fe56141c4c5'
+ '81d8c317333624e073e5879a82437cb0c7b435c0ce434e15965db1315d64895991e6b'
+ 'be7dac040c42052408bbc53423fd31098248a58f8a67da3a39895cd0cc927515d044c'
+ '1e3cb6a3259c3d0da354cce89ea3552c59609db10ee989986527436af21d9485ddf25'
+ 'f90f7dff6d2bae'
+ }
+
+ def test_generate_dsa_parameters(self, backend):
+ parameters = dsa.DSAParameters.generate(1024, backend)
+ assert bit_length(parameters.p) == 1024
+
+ def test_generate_invalid_dsa_parameters(self, backend):
+ with pytest.raises(ValueError):
+ dsa.DSAParameters.generate(1, backend)
+
+ @pytest.mark.parametrize(
+ "vector",
+ load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "DSA", "FIPS_186-3", "KeyPair.rsp"),
+ load_fips_dsa_key_pair_vectors
+ )
+ )
+ def test_generate_dsa_keys(self, vector, backend):
+ parameters = dsa.DSAParameters(modulus=vector['p'],
+ subgroup_order=vector['q'],
+ generator=vector['g'])
+ skey = dsa.DSAPrivateKey.generate(parameters, backend)
+
+ skey_parameters = skey.parameters()
+ assert skey_parameters.p == vector['p']
+ assert skey_parameters.q == vector['q']
+ assert skey_parameters.g == vector['g']
+ assert skey.key_size == bit_length(vector['p'])
+ assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
+
+ def test_invalid_parameters_argument_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAParameters(None, None, None)
+
+ def test_invalid_private_key_argument_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateKey(None, None, None, None, None)
+
+ def test_invalid_public_key_argument_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAPublicKey(None, None, None, None)
+
+ def test_load_dsa_example_keys(self):
+ parameters = dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16))
+
+ assert parameters
+ assert parameters.modulus
+ assert parameters.subgroup_order
+ assert parameters.generator
+ assert parameters.modulus == parameters.p
+ assert parameters.subgroup_order == parameters.q
+ assert parameters.generator == parameters.g
+
+ pub_key = dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024["p"], 16),
+ subgroup_order=int(self._parameters_1024["q"], 16),
+ generator=int(self._parameters_1024["g"], 16),
+ y=int(self._parameters_1024["y"], 16)
+ )
+ assert pub_key
+ assert pub_key.key_size
+ assert pub_key.y
+ pub_key_parameters = pub_key.parameters()
+ assert pub_key_parameters
+ assert pub_key_parameters.modulus
+ assert pub_key_parameters.subgroup_order
+ assert pub_key_parameters.generator
+
+ skey = dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024["p"], 16),
+ subgroup_order=int(self._parameters_1024["q"], 16),
+ generator=int(self._parameters_1024["g"], 16),
+ x=int(self._parameters_1024["x"], 16),
+ y=int(self._parameters_1024["y"], 16)
+ )
+ assert skey
+ _check_dsa_private_key(skey)
+ skey_parameters = skey.parameters()
+ assert skey_parameters
+ assert skey_parameters.modulus
+ assert skey_parameters.subgroup_order
+ assert skey_parameters.generator
+
+ pkey = dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024["p"], 16),
+ subgroup_order=int(self._parameters_1024["q"], 16),
+ generator=int(self._parameters_1024["g"], 16),
+ y=int(self._parameters_1024["y"], 16)
+ )
+ assert pkey
+ pkey_parameters = pkey.parameters()
+ assert pkey_parameters
+ assert pkey_parameters.modulus
+ assert pkey_parameters.subgroup_order
+ assert pkey_parameters.generator
+
+ pkey2 = skey.public_key()
+ assert pkey2
+ pkey2_parameters = pkey.parameters()
+ assert pkey2_parameters
+ assert pkey2_parameters.modulus
+ assert pkey2_parameters.subgroup_order
+ assert pkey2_parameters.generator
+
+ assert skey_parameters.modulus == pkey_parameters.modulus
+ assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
+ assert skey_parameters.generator == pkey_parameters.generator
+ assert skey.y == pkey.y
+ assert skey.key_size == pkey.key_size
+
+ assert pkey_parameters.modulus == pkey2_parameters.modulus
+ assert pkey_parameters.subgroup_order == \
+ pkey2_parameters.subgroup_order
+ assert pkey_parameters.generator == pkey2_parameters.generator
+ assert pkey.y == pkey2.y
+ assert pkey.key_size == pkey2.key_size
+
+ def test_invalid_parameters_values(self):
+ # Test a modulus < 1024 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=2 ** 1000,
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16)
+ )
+
+ # Test a modulus < 2048 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=2 ** 2000,
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_2048['g'], 16)
+ )
+
+ # Test a modulus < 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=2 ** 3000,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16)
+ )
+
+ # Test a modulus > 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=2 ** 3100,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16)
+ )
+
+ # Test a subgroup_order < 160 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=2 ** 150,
+ generator=int(self._parameters_1024['g'], 16)
+ )
+
+ # Test a subgroup_order < 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=2 ** 250,
+ generator=int(self._parameters_2048['g'], 16)
+ )
+
+ # Test a subgroup_order > 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=2 ** 260,
+ generator=int(self._parameters_3072['g'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_1024['g'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_2048['g'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_3072['g'], 16)
+ )
+
+ # Test a generator < 1
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=0
+ )
+
+ # Test a generator = 1
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=1
+ )
+
+ # Test a generator > modulus
+ with pytest.raises(ValueError):
+ dsa.DSAParameters(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=2 ** 1200
+ )
+
+ def test_invalid_dsa_private_key_arguments(self):
+ # Test a modulus < 1024 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=2 ** 1000,
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a modulus < 2048 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=2 ** 2000,
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_2048['g'], 16),
+ x=int(self._parameters_2048['x'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a modulus < 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=2 ** 3000,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ x=int(self._parameters_3072['x'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a modulus > 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=2 ** 3100,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ x=int(self._parameters_3072['x'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a subgroup_order < 160 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=2 ** 150,
+ generator=int(self._parameters_1024['g'], 16),
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a subgroup_order < 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=2 ** 250,
+ generator=int(self._parameters_2048['g'], 16),
+ x=int(self._parameters_2048['x'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a subgroup_order > 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=2 ** 260,
+ generator=int(self._parameters_3072['g'], 16),
+ x=int(self._parameters_3072['x'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_2048['g'], 16),
+ x=int(self._parameters_2048['x'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ x=int(self._parameters_3072['x'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a generator < 1
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=0,
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a generator = 1
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=1,
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a generator > modulus
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=2 ** 1200,
+ x=int(self._parameters_1024['x'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test x = 0
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=0,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test x < 0
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=-2,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test x = subgroup_order
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=2 ** 159,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test x > subgroup_order
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=2 ** 200,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test y != (generator ** x) % modulus
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=int(self._parameters_1024['x'], 16),
+ y=2 ** 100
+ )
+
+ # Test a non-integer y value
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=int(self._parameters_1024['x'], 16),
+ y=None
+ )
+
+ # Test a non-integer x value
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ x=None,
+ y=int(self._parameters_1024['x'], 16)
+ )
+
+ def test_invalid_dsa_public_key_arguments(self):
+ # Test a modulus < 1024 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=2 ** 1000,
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a modulus < 2048 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=2 ** 2000,
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_2048['g'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a modulus < 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=2 ** 3000,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a modulus > 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=2 ** 3100,
+ subgroup_order=int(self._parameters_3072['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a subgroup_order < 160 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=2 ** 150,
+ generator=int(self._parameters_1024['g'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a subgroup_order < 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=2 ** 250,
+ generator=int(self._parameters_2048['g'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a subgroup_order > 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=2 ** 260,
+ generator=int(self._parameters_3072['g'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_2048['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_2048['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_2048['g'], 16),
+ y=int(self._parameters_2048['y'], 16)
+ )
+
+ # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_3072['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_3072['g'], 16),
+ y=int(self._parameters_3072['y'], 16)
+ )
+
+ # Test a generator < 1
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=0,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a generator = 1
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=1,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a generator > modulus
+ with pytest.raises(ValueError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=2 ** 1200,
+ y=int(self._parameters_1024['y'], 16)
+ )
+
+ # Test a non-integer y value
+ with pytest.raises(TypeError):
+ dsa.DSAPublicKey(
+ modulus=int(self._parameters_1024['p'], 16),
+ subgroup_order=int(self._parameters_1024['q'], 16),
+ generator=int(self._parameters_1024['g'], 16),
+ y=None
+ )
+
+
+def test_dsa_generate_invalid_backend():
+ pretend_backend = object()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ dsa.DSAParameters.generate(1024, pretend_backend)
+
+ pretend_parameters = object()
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 5d94e790..cc87d981 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -22,7 +22,7 @@ import os
import pytest
from cryptography import exceptions, utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.exceptions import _Reasons
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import padding, rsa
@@ -39,7 +39,7 @@ class DummyPadding(object):
class DummyMGF(object):
- pass
+ _salt_length = 0
def _modinv(e, m):
@@ -454,10 +454,8 @@ class TestRSASignature(object):
)
signer = private_key.signer(
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
@@ -471,6 +469,23 @@ class TestRSASignature(object):
verifier = public_key.verifier(
signature,
padding.PSS(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
+ ),
+ hashes.SHA1(),
+ backend
+ )
+ verifier.update(binascii.unhexlify(example["message"]))
+ verifier.verify()
+
+ def test_deprecated_pss_mgf1_salt_length(self, backend):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=512,
+ backend=backend
+ )
+ signer = private_key.signer(
+ padding.PSS(
mgf=padding.MGF1(
algorithm=hashes.SHA1(),
salt_length=padding.MGF1.MAX_LENGTH
@@ -479,7 +494,21 @@ class TestRSASignature(object):
hashes.SHA1(),
backend
)
- verifier.update(binascii.unhexlify(example["message"]))
+ signer.update(b"so deprecated")
+ signature = signer.finalize()
+ assert len(signature) == math.ceil(private_key.key_size / 8.0)
+ verifier = private_key.public_key().verifier(
+ signature,
+ padding.PSS(
+ mgf=padding.MGF1(
+ algorithm=hashes.SHA1(),
+ salt_length=padding.MGF1.MAX_LENGTH
+ )
+ ),
+ hashes.SHA1(),
+ backend
+ )
+ verifier.update(b"so deprecated")
verifier.verify()
@pytest.mark.parametrize(
@@ -498,10 +527,8 @@ class TestRSASignature(object):
)
public_key = private_key.public_key()
pss = padding.PSS(
- mgf=padding.MGF1(
- algorithm=hash_alg,
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(hash_alg),
+ salt_length=padding.PSS.MAX_LENGTH
)
signer = private_key.signer(
pss,
@@ -531,10 +558,8 @@ class TestRSASignature(object):
)
signer = private_key.signer(
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA512(),
backend
@@ -555,10 +580,8 @@ class TestRSASignature(object):
with pytest.raises(ValueError):
private_key.signer(
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA512(),
backend
@@ -572,10 +595,8 @@ class TestRSASignature(object):
)
signer = private_key.signer(
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=1000000
- )
+ mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=1000000
),
hashes.SHA1(),
backend
@@ -630,7 +651,7 @@ class TestRSASignature(object):
key_size=512,
backend=backend
)
- with pytest.raises(UnsupportedAlgorithm):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1(),
backend)
@@ -722,10 +743,8 @@ class TestRSAVerification(object):
verifier = public_key.verifier(
binascii.unhexlify(example["signature"]),
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=20
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=20
),
hashes.SHA1(),
backend
@@ -749,10 +768,8 @@ class TestRSAVerification(object):
verifier = public_key.verifier(
signature,
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
@@ -779,10 +796,8 @@ class TestRSAVerification(object):
verifier = public_key.verifier(
signature,
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
@@ -809,10 +824,8 @@ class TestRSAVerification(object):
verifier = public_key.verifier(
signature,
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
backend
@@ -881,7 +894,7 @@ class TestRSAVerification(object):
backend=backend
)
public_key = private_key.public_key()
- with pytest.raises(UnsupportedAlgorithm):
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()),
hashes.SHA1(), backend)
@@ -904,10 +917,8 @@ class TestRSAVerification(object):
public_key.verifier(
signature,
padding.PSS(
- mgf=padding.MGF1(
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA512(),
backend
@@ -1113,7 +1124,57 @@ class TestRSAPKCS1Verification(object):
))
+class TestPSS(object):
+ def test_deprecation_warning(self):
+ pytest.deprecated_call(
+ padding.PSS,
+ mgf=padding.MGF1(hashes.SHA1(), 20)
+ )
+
+ def test_invalid_salt_length_not_integer(self):
+ with pytest.raises(TypeError):
+ padding.PSS(
+ mgf=padding.MGF1(
+ hashes.SHA1()
+ ),
+ salt_length=b"not_a_length"
+ )
+
+ def test_invalid_salt_length_negative_integer(self):
+ with pytest.raises(ValueError):
+ padding.PSS(
+ mgf=padding.MGF1(
+ hashes.SHA1()
+ ),
+ salt_length=-1
+ )
+
+ def test_no_salt_length_supplied_pss_or_mgf1(self):
+ with pytest.raises(ValueError):
+ padding.PSS(mgf=padding.MGF1(hashes.SHA1()))
+
+ def test_valid_pss_parameters(self):
+ algorithm = hashes.SHA1()
+ salt_length = algorithm.digest_size
+ mgf = padding.MGF1(algorithm)
+ pss = padding.PSS(mgf=mgf, salt_length=salt_length)
+ assert pss._mgf == mgf
+ assert pss._salt_length == salt_length
+
+ def test_valid_pss_parameters_maximum(self):
+ algorithm = hashes.SHA1()
+ mgf = padding.MGF1(algorithm)
+ pss = padding.PSS(mgf=mgf, salt_length=padding.PSS.MAX_LENGTH)
+ assert pss._mgf == mgf
+ assert pss._salt_length == padding.PSS.MAX_LENGTH
+
+
class TestMGF1(object):
+ def test_deprecation_warning(self):
+ pytest.deprecated_call(
+ padding.MGF1, algorithm=hashes.SHA1(), salt_length=20
+ )
+
def test_invalid_hash_algorithm(self):
with pytest.raises(TypeError):
padding.MGF1(b"not_a_hash", 0)
diff --git a/tests/test_utils.py b/tests/test_utils.py
index d0b70663..e95a1cff 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -931,6 +931,220 @@ def test_load_pkcs1_vectors():
assert vectors == expected
+def test_load_pkcs1_oaep_vectors():
+ vector_data = textwrap.dedent("""
+ Test vectors for RSA-OAEP
+ =========================
+
+ This file contains test vectors for the RSA-OAEP encryption
+
+ Key lengths:
+
+ Key 1: 1024 bits
+ # <snip>
+ ===========================================================================
+ # Example 1: A 1024-bit RSA key pair
+ # -----------------------------------
+
+
+ # Public key
+ # ----------
+
+ # Modulus:
+ a8 b3 b2 84 af 8e b5 0b 38 70 34 a8 60 f1 46 c4
+ 91 9f 31 87 63 cd 6c 55 98 c8 ae 48 11 a1 e0 ab
+ c4 c7 e0 b0 82 d6 93 a5 e7 fc ed 67 5c f4 66 85
+ 12 77 2c 0c bc 64 a7 42 c6 c6 30 f5 33 c8 cc 72
+ f6 2a e8 33 c4 0b f2 58 42 e9 84 bb 78 bd bf 97
+ c0 10 7d 55 bd b6 62 f5 c4 e0 fa b9 84 5c b5 14
+ 8e f7 39 2d d3 aa ff 93 ae 1e 6b 66 7b b3 d4 24
+ 76 16 d4 f5 ba 10 d4 cf d2 26 de 88 d3 9f 16 fb
+
+ # Exponent:
+ 01 00 01
+
+ # Private key
+ # -----------
+
+ # Modulus:
+ a8 b3 b2 84 af 8e b5 0b 38 70 34 a8 60 f1 46 c4
+ 91 9f 31 87 63 cd 6c 55 98 c8 ae 48 11 a1 e0 ab
+ c4 c7 e0 b0 82 d6 93 a5 e7 fc ed 67 5c f4 66 85
+ 12 77 2c 0c bc 64 a7 42 c6 c6 30 f5 33 c8 cc 72
+ f6 2a e8 33 c4 0b f2 58 42 e9 84 bb 78 bd bf 97
+ c0 10 7d 55 bd b6 62 f5 c4 e0 fa b9 84 5c b5 14
+ 8e f7 39 2d d3 aa ff 93 ae 1e 6b 66 7b b3 d4 24
+ 76 16 d4 f5 ba 10 d4 cf d2 26 de 88 d3 9f 16 fb
+
+ # Public exponent:
+ 01 00 01
+
+ # Exponent:
+ 53 33 9c fd b7 9f c8 46 6a 65 5c 73 16 ac a8 5c
+ 55 fd 8f 6d d8 98 fd af 11 95 17 ef 4f 52 e8 fd
+ 8e 25 8d f9 3f ee 18 0f a0 e4 ab 29 69 3c d8 3b
+ 15 2a 55 3d 4a c4 d1 81 2b 8b 9f a5 af 0e 7f 55
+ fe 73 04 df 41 57 09 26 f3 31 1f 15 c4 d6 5a 73
+ 2c 48 31 16 ee 3d 3d 2d 0a f3 54 9a d9 bf 7c bf
+ b7 8a d8 84 f8 4d 5b eb 04 72 4d c7 36 9b 31 de
+ f3 7d 0c f5 39 e9 cf cd d3 de 65 37 29 ea d5 d1
+
+ # Prime 1:
+ d3 27 37 e7 26 7f fe 13 41 b2 d5 c0 d1 50 a8 1b
+ 58 6f b3 13 2b ed 2f 8d 52 62 86 4a 9c b9 f3 0a
+ f3 8b e4 48 59 8d 41 3a 17 2e fb 80 2c 21 ac f1
+ c1 1c 52 0c 2f 26 a4 71 dc ad 21 2e ac 7c a3 9d
+
+ # Prime 2:
+ cc 88 53 d1 d5 4d a6 30 fa c0 04 f4 71 f2 81 c7
+ b8 98 2d 82 24 a4 90 ed be b3 3d 3e 3d 5c c9 3c
+ 47 65 70 3d 1d d7 91 64 2f 1f 11 6a 0d d8 52 be
+ 24 19 b2 af 72 bf e9 a0 30 e8 60 b0 28 8b 5d 77
+
+ # Prime exponent 1:
+ 0e 12 bf 17 18 e9 ce f5 59 9b a1 c3 88 2f e8 04
+ 6a 90 87 4e ef ce 8f 2c cc 20 e4 f2 74 1f b0 a3
+ 3a 38 48 ae c9 c9 30 5f be cb d2 d7 68 19 96 7d
+ 46 71 ac c6 43 1e 40 37 96 8d b3 78 78 e6 95 c1
+
+ # Prime exponent 2:
+ 95 29 7b 0f 95 a2 fa 67 d0 07 07 d6 09 df d4 fc
+ 05 c8 9d af c2 ef 6d 6e a5 5b ec 77 1e a3 33 73
+ 4d 92 51 e7 90 82 ec da 86 6e fe f1 3c 45 9e 1a
+ 63 13 86 b7 e3 54 c8 99 f5 f1 12 ca 85 d7 15 83
+
+ # Coefficient:
+ 4f 45 6c 50 24 93 bd c0 ed 2a b7 56 a3 a6 ed 4d
+ 67 35 2a 69 7d 42 16 e9 32 12 b1 27 a6 3d 54 11
+ ce 6f a9 8d 5d be fd 73 26 3e 37 28 14 27 43 81
+ 81 66 ed 7d d6 36 87 dd 2a 8c a1 d2 f4 fb d8 e1
+
+ # RSA-OAEP encryption of 6 random messages with random seeds
+ # -----------------------------------------------------------
+
+ # OAEP Example 1.1
+ # ------------------
+
+ # Message:
+ 66 28 19 4e 12 07 3d b0 3b a9 4c da 9e f9 53 23
+ 97 d5 0d ba 79 b9 87 00 4a fe fe 34
+
+ # Seed:
+ 18 b7 76 ea 21 06 9d 69 77 6a 33 e9 6b ad 48 e1
+ dd a0 a5 ef
+
+ # Encryption:
+ 35 4f e6 7b 4a 12 6d 5d 35 fe 36 c7 77 79 1a 3f
+ 7b a1 3d ef 48 4e 2d 39 08 af f7 22 fa d4 68 fb
+ 21 69 6d e9 5d 0b e9 11 c2 d3 17 4f 8a fc c2 01
+ 03 5f 7b 6d 8e 69 40 2d e5 45 16 18 c2 1a 53 5f
+ a9 d7 bf c5 b8 dd 9f c2 43 f8 cf 92 7d b3 13 22
+ d6 e8 81 ea a9 1a 99 61 70 e6 57 a0 5a 26 64 26
+ d9 8c 88 00 3f 84 77 c1 22 70 94 a0 d9 fa 1e 8c
+ 40 24 30 9c e1 ec cc b5 21 00 35 d4 7a c7 2e 8a
+
+ # OAEP Example 1.2
+ # ------------------
+
+ # Message:
+ 75 0c 40 47 f5 47 e8 e4 14 11 85 65 23 29 8a c9
+ ba e2 45 ef af 13 97 fb e5 6f 9d d5
+
+ # Seed:
+ 0c c7 42 ce 4a 9b 7f 32 f9 51 bc b2 51 ef d9 25
+ fe 4f e3 5f
+
+ # Encryption:
+ 64 0d b1 ac c5 8e 05 68 fe 54 07 e5 f9 b7 01 df
+ f8 c3 c9 1e 71 6c 53 6f c7 fc ec 6c b5 b7 1c 11
+ 65 98 8d 4a 27 9e 15 77 d7 30 fc 7a 29 93 2e 3f
+ 00 c8 15 15 23 6d 8d 8e 31 01 7a 7a 09 df 43 52
+ d9 04 cd eb 79 aa 58 3a dc c3 1e a6 98 a4 c0 52
+ 83 da ba 90 89 be 54 91 f6 7c 1a 4e e4 8d c7 4b
+ bb e6 64 3a ef 84 66 79 b4 cb 39 5a 35 2d 5e d1
+ 15 91 2d f6 96 ff e0 70 29 32 94 6d 71 49 2b 44
+
+ # =============================================
+ """).splitlines()
+
+ vectors = load_pkcs1_vectors(vector_data)
+ expected = [
+ (
+ {
+ 'modulus': int(
+ 'a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae481'
+ '1a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6'
+ 'c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb'
+ '662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616'
+ 'd4f5ba10d4cfd226de88d39f16fb', 16),
+ 'public_exponent': int('10001', 16),
+ 'private_exponent': int(
+ '53339cfdb79fc8466a655c7316aca85c55fd8f6dd898fdaf119517ef4'
+ 'f52e8fd8e258df93fee180fa0e4ab29693cd83b152a553d4ac4d1812b'
+ '8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c483116ee3'
+ 'd3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d'
+ '0cf539e9cfcdd3de653729ead5d1', 16),
+ 'p': int(
+ 'd32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9'
+ 'cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dc'
+ 'ad212eac7ca39d', 16),
+ 'q': int(
+ 'cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3'
+ 'd5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030'
+ 'e860b0288b5d77', 16),
+ 'dmp1': int(
+ '0e12bf1718e9cef5599ba1c3882fe8046a90874eefce8f2ccc20e4f27'
+ '41fb0a33a3848aec9c9305fbecbd2d76819967d4671acc6431e403796'
+ '8db37878e695c1', 16),
+ 'dmq1': int(
+ '95297b0f95a2fa67d00707d609dfd4fc05c89dafc2ef6d6ea55bec771'
+ 'ea333734d9251e79082ecda866efef13c459e1a631386b7e354c899f5'
+ 'f112ca85d71583', 16),
+ 'iqmp': int(
+ '4f456c502493bdc0ed2ab756a3a6ed4d67352a697d4216e93212b127a'
+ '63d5411ce6fa98d5dbefd73263e3728142743818166ed7dd63687dd2a'
+ '8ca1d2f4fbd8e1', 16),
+ 'examples': [
+ {
+ 'message': b'6628194e12073db03ba94cda9ef9532397d50dba7'
+ b'9b987004afefe34',
+ 'seed': b'18b776ea21069d69776a33e96bad48e1dda0a5ef',
+ 'encryption': b'354fe67b4a126d5d35fe36c777791a3f7ba13d'
+ b'ef484e2d3908aff722fad468fb21696de95d0b'
+ b'e911c2d3174f8afcc201035f7b6d8e69402de5'
+ b'451618c21a535fa9d7bfc5b8dd9fc243f8cf92'
+ b'7db31322d6e881eaa91a996170e657a05a2664'
+ b'26d98c88003f8477c1227094a0d9fa1e8c4024'
+ b'309ce1ecccb5210035d47ac72e8a'
+ }, {
+ 'message': b'750c4047f547e8e41411856523298ac9bae245efa'
+ b'f1397fbe56f9dd5',
+ 'seed': b'0cc742ce4a9b7f32f951bcb251efd925fe4fe35f',
+ 'encryption': b'640db1acc58e0568fe5407e5f9b701dff8c3c9'
+ b'1e716c536fc7fcec6cb5b71c1165988d4a279e'
+ b'1577d730fc7a29932e3f00c81515236d8d8e31'
+ b'017a7a09df4352d904cdeb79aa583adcc31ea6'
+ b'98a4c05283daba9089be5491f67c1a4ee48dc7'
+ b'4bbbe6643aef846679b4cb395a352d5ed11591'
+ b'2df696ffe0702932946d71492b44'
+ }
+ ]
+ },
+
+ {
+ 'modulus': int(
+ 'a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae481'
+ '1a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6'
+ 'c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb'
+ '662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616'
+ 'd4f5ba10d4cfd226de88d39f16fb', 16),
+ 'public_exponent': int('10001', 16),
+ }
+ )
+ ]
+ assert vectors == expected
+
+
def test_load_hotp_vectors():
vector_data = textwrap.dedent("""
# HOTP Test Vectors
diff --git a/tests/utils.py b/tests/utils.py
index bdbf996f..35461821 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -199,7 +199,8 @@ def load_pkcs1_vectors(vector_data):
for line in vector_data:
if (
line.startswith("# PSS Example") or
- line.startswith("# PKCS#1 v1.5 Signature")
+ line.startswith("# OAEP Example") or
+ line.startswith("# PKCS#1 v1.5")
):
if example_vector:
for key, value in six.iteritems(example_vector):
@@ -210,15 +211,21 @@ def load_pkcs1_vectors(vector_data):
attr = None
example_vector = collections.defaultdict(list)
- if line.startswith("# Message to be signed"):
+ if line.startswith("# Message"):
attr = "message"
continue
elif line.startswith("# Salt"):
attr = "salt"
continue
+ elif line.startswith("# Seed"):
+ attr = "seed"
+ continue
elif line.startswith("# Signature"):
attr = "signature"
continue
+ elif line.startswith("# Encryption"):
+ attr = "encryption"
+ continue
elif (
example_vector and
line.startswith("# =============================================")
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 08:21:14 +0000