From 49c8e2146492e83315145f803dfb0b746203e8e4 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 18 Mar 2014 07:54:34 -0400 Subject: add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSS --- tests/hazmat/primitives/test_rsa.py | 117 ++++++++++++++++++++++++++++++++---- tests/hazmat/primitives/utils.py | 32 ++++++---- 2 files changed, 127 insertions(+), 22 deletions(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 67b5b2e0..ae0b4538 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,7 +27,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_pss_test +from .utils import generate_rsa_signature_test from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -754,14 +754,16 @@ class TestRSAVerification(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha1 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA1() + hashes.SHA1(), + padding.PSS ) @@ -771,14 +773,16 @@ class TestRSAPSSMGF1VerificationSHA1(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha224 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA224() + hashes.SHA224(), + padding.PSS ) @@ -788,14 +792,16 @@ class TestRSAPSSMGF1VerificationSHA224(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha256 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA256() + hashes.SHA256(), + padding.PSS ) @@ -805,14 +811,16 @@ class TestRSAPSSMGF1VerificationSHA256(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha384 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA384() + hashes.SHA384(), + padding.PSS ) @@ -822,14 +830,101 @@ class TestRSAPSSMGF1VerificationSHA384(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha512 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA512() + hashes.SHA512(), + padding.PSS + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA1(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA224Verification(object): + test_rsa_pkcs1v15_verify_sha224 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA224(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA256Verification(object): + test_rsa_pkcs1v15_verify_sha256 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA256(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA384Verification(object): + test_rsa_pkcs1v15_verify_sha384 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA384(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA512Verification(object): + test_rsa_pkcs1v15_verify_sha512 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA512(), + padding.PKCS1v15 ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index a29ef70e..5db9a193 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -20,7 +20,8 @@ import os import pytest from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized + AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag, + NotYetFinalized ) from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -374,33 +375,42 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf -def generate_rsa_pss_test(param_loader, path, file_names, hash_alg): +def generate_rsa_signature_test(param_loader, path, file_names, hash_alg, + pad_cls): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) - def test_rsa_pss(self, backend, params): - rsa_pss_test(backend, params, hash_alg) + def test_rsa_signature(self, backend, params): + rsa_signature_test(backend, params, hash_alg, pad_cls) - return test_rsa_pss + return test_rsa_signature -def rsa_pss_test(backend, params, hash_alg): +def rsa_signature_test(backend, params, hash_alg, pad_cls): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] ) - verifier = public_key.verifier( - binascii.unhexlify(params["s"]), - padding.PSS( + if pad_cls is padding.PKCS1v15: + pad = padding.PKCS1v15() + else: + pad = padding.PSS( mgf=padding.MGF1( algorithm=hash_alg, salt_length=params["salt_length"] ) - ), + ) + verifier = public_key.verifier( + binascii.unhexlify(params["s"]), + pad, hash_alg, backend ) verifier.update(binascii.unhexlify(params["msg"])) - verifier.verify() + if params["fail"]: + with pytest.raises(InvalidSignature): + verifier.verify() + else: + verifier.verify() -- cgit v1.2.3 From f29c3c55e86714dcdb81dd3a4625f9707966be78 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:35:40 -0400 Subject: rename some things --- tests/hazmat/primitives/test_rsa.py | 22 +++++++++++----------- tests/hazmat/primitives/utils.py | 12 ++++++------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index ae0b4538..cf201212 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,7 +27,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_signature_test +from .utils import generate_rsa_verification_test from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -754,7 +754,7 @@ class TestRSAVerification(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha1 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -773,7 +773,7 @@ class TestRSAPSSMGF1VerificationSHA1(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha224 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -792,7 +792,7 @@ class TestRSAPSSMGF1VerificationSHA224(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha256 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -811,7 +811,7 @@ class TestRSAPSSMGF1VerificationSHA256(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha384 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -830,7 +830,7 @@ class TestRSAPSSMGF1VerificationSHA384(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha512 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -849,7 +849,7 @@ class TestRSAPSSMGF1VerificationSHA512(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA1Verification(object): - test_rsa_pkcs1v15_verify_sha1 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha1 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -866,7 +866,7 @@ class TestRSAPKCS1SHA1Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA224Verification(object): - test_rsa_pkcs1v15_verify_sha224 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha224 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -883,7 +883,7 @@ class TestRSAPKCS1SHA224Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA256Verification(object): - test_rsa_pkcs1v15_verify_sha256 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha256 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -900,7 +900,7 @@ class TestRSAPKCS1SHA256Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA384Verification(object): - test_rsa_pkcs1v15_verify_sha384 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha384 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -917,7 +917,7 @@ class TestRSAPKCS1SHA384Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA512Verification(object): - test_rsa_pkcs1v15_verify_sha512 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha512 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 5db9a193..89d0f5f1 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -375,20 +375,20 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf -def generate_rsa_signature_test(param_loader, path, file_names, hash_alg, - pad_cls): +def generate_rsa_verification_test(param_loader, path, file_names, hash_alg, + pad_cls): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) - def test_rsa_signature(self, backend, params): - rsa_signature_test(backend, params, hash_alg, pad_cls) + def test_rsa_verification(self, backend, params): + rsa_verification_test(backend, params, hash_alg, pad_cls) - return test_rsa_signature + return test_rsa_verification -def rsa_signature_test(backend, params, hash_alg, pad_cls): +def rsa_verification_test(backend, params, hash_alg, pad_cls): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] -- cgit v1.2.3 From c85f1797e4a02c0f4bcf5e70d0dc93bd46ec3d85 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:45:42 -0400 Subject: switch to a lambda --- tests/hazmat/primitives/test_rsa.py | 45 ++++++++++++++++++++++++++++--------- tests/hazmat/primitives/utils.py | 18 +++++---------- 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index cf201212..97ca3935 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -763,7 +763,12 @@ class TestRSAPSSMGF1VerificationSHA1(object): "SigVerPSS_186-3.rsp", ], hashes.SHA1(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -782,7 +787,12 @@ class TestRSAPSSMGF1VerificationSHA224(object): "SigVerPSS_186-3.rsp", ], hashes.SHA224(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -801,7 +811,12 @@ class TestRSAPSSMGF1VerificationSHA256(object): "SigVerPSS_186-3.rsp", ], hashes.SHA256(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -820,7 +835,12 @@ class TestRSAPSSMGF1VerificationSHA384(object): "SigVerPSS_186-3.rsp", ], hashes.SHA384(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -839,7 +859,12 @@ class TestRSAPSSMGF1VerificationSHA512(object): "SigVerPSS_186-3.rsp", ], hashes.SHA512(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -856,7 +881,7 @@ class TestRSAPKCS1SHA1Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA1(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -873,7 +898,7 @@ class TestRSAPKCS1SHA224Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA224(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -890,7 +915,7 @@ class TestRSAPKCS1SHA256Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA256(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -907,7 +932,7 @@ class TestRSAPKCS1SHA384Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA384(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -924,7 +949,7 @@ class TestRSAPKCS1SHA512Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA512(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 89d0f5f1..2e838474 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -24,7 +24,7 @@ from cryptography.exceptions import ( NotYetFinalized ) from cryptography.hazmat.primitives import hashes, hmac -from cryptography.hazmat.primitives.asymmetric import padding, rsa +from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.kdf.hkdf import HKDF from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC @@ -376,32 +376,24 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): def generate_rsa_verification_test(param_loader, path, file_names, hash_alg, - pad_cls): + pad_factory): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) def test_rsa_verification(self, backend, params): - rsa_verification_test(backend, params, hash_alg, pad_cls) + rsa_verification_test(backend, params, hash_alg, pad_factory) return test_rsa_verification -def rsa_verification_test(backend, params, hash_alg, pad_cls): +def rsa_verification_test(backend, params, hash_alg, pad_factory): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] ) - if pad_cls is padding.PKCS1v15: - pad = padding.PKCS1v15() - else: - pad = padding.PSS( - mgf=padding.MGF1( - algorithm=hash_alg, - salt_length=params["salt_length"] - ) - ) + pad = pad_factory(params, hash_alg) verifier = public_key.verifier( binascii.unhexlify(params["s"]), pad, -- cgit v1.2.3 From 503ddf4376beff5495f746410a268f72b5e84bb4 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:55:06 -0400 Subject: more concise way of generating tests --- tests/hazmat/primitives/test_rsa.py | 138 ++++++++++++++---------------------- 1 file changed, 52 insertions(+), 86 deletions(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 97ca3935..67189c24 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -748,13 +748,12 @@ class TestRSAVerification(object): verifier.verify() -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1 with MGF1." -) @pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_verification_test( +class TestRSAPSSMGF1Verification(object): + test_rsa_pss_mgf1_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -769,16 +768,12 @@ class TestRSAPSSMGF1VerificationSHA1(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), - skip_message="Does not support SHA224 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -793,16 +788,12 @@ class TestRSAPSSMGF1VerificationSHA224(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), - skip_message="Does not support SHA256 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -817,16 +808,12 @@ class TestRSAPSSMGF1VerificationSHA256(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), - skip_message="Does not support SHA384 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -841,16 +828,12 @@ class TestRSAPSSMGF1VerificationSHA384(object): salt_length=params["salt_length"] ) ) - ) + )) - -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), - skip_message="Does not support SHA512 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -865,16 +848,15 @@ class TestRSAPSSMGF1VerificationSHA512(object): salt_length=params["salt_length"] ) ) - ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1", -) @pytest.mark.rsa -class TestRSAPKCS1SHA1Verification(object): - test_rsa_pkcs1v15_verify_sha1 = generate_rsa_verification_test( +class TestRSAPKCS1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -882,16 +864,12 @@ class TestRSAPKCS1SHA1Verification(object): ], hashes.SHA1(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA224()), - skip_message="Does not support SHA224", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA224Verification(object): - test_rsa_pkcs1v15_verify_sha224 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -899,16 +877,12 @@ class TestRSAPKCS1SHA224Verification(object): ], hashes.SHA224(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA256()), - skip_message="Does not support SHA256", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA256Verification(object): - test_rsa_pkcs1v15_verify_sha256 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -916,16 +890,12 @@ class TestRSAPKCS1SHA256Verification(object): ], hashes.SHA256(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA384()), - skip_message="Does not support SHA384", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA384Verification(object): - test_rsa_pkcs1v15_verify_sha384 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -933,16 +903,12 @@ class TestRSAPKCS1SHA384Verification(object): ], hashes.SHA384(), lambda params, hash_alg: padding.PKCS1v15() - ) + )) - -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA512()), - skip_message="Does not support SHA512", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA512Verification(object): - test_rsa_pkcs1v15_verify_sha512 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -950,7 +916,7 @@ class TestRSAPKCS1SHA512Verification(object): ], hashes.SHA512(), lambda params, hash_alg: padding.PKCS1v15() - ) + )) class TestMGF1(object): -- cgit v1.2.3 From 4d8358fb50253bebdf637f517da8ba2406080d3f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 19:14:15 -0400 Subject: add mgf1_hash_supported unsupported hash check --- tests/hazmat/backends/test_openssl.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 501ee0f6..5c6efbaf 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -40,6 +40,11 @@ class DummyCipher(object): name = "dummy-cipher" +@utils.register_interface(interfaces.HashAlgorithm) +class DummyHash(object): + name = "dummy-hash" + + class TestOpenSSL(object): def test_backend_exists(self): assert backend @@ -162,6 +167,9 @@ class TestOpenSSL(object): backend ) + def test_unsupported_mgf1_hash_algorithm(self): + assert backend.mgf1_hash_supported(DummyHash()) is False + # This test is not in the next class because to check if it's really # default we don't want to run the setup_method before it def test_osrandom_engine_is_default(self): -- cgit v1.2.3