From 52026b85c3df15476d38f308cee59a29a9b43195 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 2 Feb 2014 19:30:03 +0000 Subject: RSA keys These are implemented such that they don't depend on the backend. This means we don't have to worry about passing an RSA key created with one backend to a different one so much at the expense of having to create a backend specific context on demand. This is slightly non-trivial in (at least) OpenSSL as there are 3 additional derived parameters kept in its RSA struct. They aren't difficult to generate but it requires adding 30-40 lines of BN_* stuff to the backend so I'm leaving that out for now. We'll need to implement that before we can actually do any useful operations with the keys. This also adds a loader for some of the PKCS #1 test vectors. It only extracts the 10 key pairs from pss_vect.txt currently be should be extenable to include the example signatures and other files later. --- tests/hazmat/primitives/test_rsa.py | 58 +++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 tests/hazmat/primitives/test_rsa.py (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py new file mode 100644 index 00000000..e50417b8 --- /dev/null +++ b/tests/hazmat/primitives/test_rsa.py @@ -0,0 +1,58 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import absolute_import, division, print_function + +import pytest + +from cryptography.hazmat.primitives.asymmetric import rsa + +from ...utils import load_pkcs1_vectors, load_vectors_from_file + + +class TestRSA(object): + @pytest.mark.parametrize( + "pkcs1_example", + load_vectors_from_file( + "asymmetric/RSA/pkcs-1v2-1d2-vec/pss-vect.txt", + load_pkcs1_vectors + ) + ) + def test_load_pss_vect_example_keys(self, pkcs1_example): + secret, public = pkcs1_example + + skey = rsa.RSAPrivateKey(**secret) + pkey = rsa.RSAPublicKey(**public) + pkey2 = skey.public_key() + + assert skey and pkey and pkey2 + + assert skey.modulus + assert skey.modulus == pkey.modulus + assert skey.public_exponent == pkey.public_exponent + + assert pkey.modulus + assert pkey.modulus == pkey2.modulus + assert pkey.public_exponent == pkey2.public_exponent + + assert skey.key_size + assert skey.key_size == pkey.key_size + assert skey.key_size == pkey2.key_size + + def test_invalid_arguments(self): + with pytest.raises(TypeError): + rsa.RSAPrivateKey(None, None, None, None, None) + + with pytest.raises(TypeError): + rsa.RSAPublicKey(None, None) -- cgit v1.2.3 From 5d17ab3b354fe96e94689ad012163f42cc598a27 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 5 Feb 2014 19:47:00 +0000 Subject: Sanity check keys. Taken from RFC 3447. --- tests/hazmat/primitives/test_rsa.py | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index e50417b8..c725c5f0 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -50,9 +50,43 @@ class TestRSA(object): assert skey.key_size == pkey.key_size assert skey.key_size == pkey2.key_size - def test_invalid_arguments(self): + def test_invalid_argument_types(self): with pytest.raises(TypeError): rsa.RSAPrivateKey(None, None, None, None, None) with pytest.raises(TypeError): rsa.RSAPublicKey(None, None) + + def test_invalid_argument_values(self): + # tiny example key + rsa.RSAPrivateKey(3, 5, 14, 8, 15) + + # modulus too small + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 8, 2) + + # private exp too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 16, 8, 15) + + # public exp too low + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 2, 15) + + # public exp too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 16, 15) + + rsa.RSAPublicKey(8, 15) + + # modulus too small + with pytest.raises(ValueError): + rsa.RSAPublicKey(8, 2) + + # public exp too low + with pytest.raises(ValueError): + rsa.RSAPublicKey(2, 15) + + # public exp too high + with pytest.raises(ValueError): + rsa.RSAPublicKey(16, 15) -- cgit v1.2.3 From 3829bc2580491cd69981898dc66e67f16b5a28c4 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 5 Feb 2014 19:53:36 +0000 Subject: Check p*q=n in the tests --- tests/hazmat/primitives/test_rsa.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index c725c5f0..87d39730 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -50,6 +50,8 @@ class TestRSA(object): assert skey.key_size == pkey.key_size assert skey.key_size == pkey2.key_size + assert skey.p * skey.q == skey.modulus + def test_invalid_argument_types(self): with pytest.raises(TypeError): rsa.RSAPrivateKey(None, None, None, None, None) -- cgit v1.2.3 From 7d69d3a831abfdfadf014ece0b324d406742d286 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Wed, 5 Feb 2014 21:06:39 +0000 Subject: Test alias properties --- tests/hazmat/primitives/test_rsa.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 87d39730..5b1b3658 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -40,11 +40,16 @@ class TestRSA(object): assert skey.modulus assert skey.modulus == pkey.modulus + assert skey.modulus == skey.n assert skey.public_exponent == pkey.public_exponent + assert skey.public_exponent == skey.e + assert skey.private_exponent == skey.d assert pkey.modulus assert pkey.modulus == pkey2.modulus + assert pkey.modulus == pkey.n assert pkey.public_exponent == pkey2.public_exponent + assert pkey.public_exponent == pkey.e assert skey.key_size assert skey.key_size == pkey.key_size -- cgit v1.2.3 From 4eaab17b738963335c76cfafafee44fef8203dee Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 6 Feb 2014 21:06:18 +0000 Subject: More sanity checks --- tests/hazmat/primitives/test_rsa.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 5b1b3658..35207c11 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -72,6 +72,18 @@ class TestRSA(object): with pytest.raises(ValueError): rsa.RSAPrivateKey(3, 5, 14, 8, 2) + # modulus wrong + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 8, 16) + + # p too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(16, 5, 14, 8, 15) + + # q too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 16, 14, 8, 15) + # private exp too high with pytest.raises(ValueError): rsa.RSAPrivateKey(3, 5, 16, 8, 15) -- cgit v1.2.3 From e237637231018ce571ab336e9885438902ece99e Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 6 Feb 2014 21:11:05 +0000 Subject: Use os.path.join to make paths --- tests/hazmat/primitives/test_rsa.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 35207c11..50b3f7a7 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -14,6 +14,8 @@ from __future__ import absolute_import, division, print_function +import os + import pytest from cryptography.hazmat.primitives.asymmetric import rsa @@ -25,7 +27,8 @@ class TestRSA(object): @pytest.mark.parametrize( "pkcs1_example", load_vectors_from_file( - "asymmetric/RSA/pkcs-1v2-1d2-vec/pss-vect.txt", + os.path.join( + "asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"), load_pkcs1_vectors ) ) -- cgit v1.2.3 From a3b85506a5ca19d4469679e2cbc665f423066baf Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 7 Feb 2014 07:49:17 +0000 Subject: Check that public_exponent is odd --- tests/hazmat/primitives/test_rsa.py | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 50b3f7a7..b89daac3 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -69,46 +69,54 @@ class TestRSA(object): def test_invalid_argument_values(self): # tiny example key - rsa.RSAPrivateKey(3, 5, 14, 8, 15) + rsa.RSAPrivateKey(3, 5, 14, 7, 15) # modulus too small with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 8, 2) + rsa.RSAPrivateKey(3, 5, 14, 7, 2) # modulus wrong with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 8, 16) + rsa.RSAPrivateKey(3, 5, 14, 7, 16) # p too high with pytest.raises(ValueError): - rsa.RSAPrivateKey(16, 5, 14, 8, 15) + rsa.RSAPrivateKey(16, 5, 14, 7, 15) # q too high with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 16, 14, 8, 15) + rsa.RSAPrivateKey(3, 16, 14, 7, 15) # private exp too high with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 16, 8, 15) + rsa.RSAPrivateKey(3, 5, 16, 7, 15) # public exp too low with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 2, 15) + rsa.RSAPrivateKey(3, 5, 14, 1, 15) # public exp too high with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 16, 15) + rsa.RSAPrivateKey(3, 5, 14, 17, 15) - rsa.RSAPublicKey(8, 15) + # public exp not odd + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 8, 15) + + rsa.RSAPublicKey(7, 15) # modulus too small with pytest.raises(ValueError): - rsa.RSAPublicKey(8, 2) + rsa.RSAPublicKey(7, 2) # public exp too low with pytest.raises(ValueError): - rsa.RSAPublicKey(2, 15) + rsa.RSAPublicKey(1, 15) # public exp too high with pytest.raises(ValueError): - rsa.RSAPublicKey(16, 15) + rsa.RSAPublicKey(17, 15) + + # public exp not odd + with pytest.raises(ValueError): + rsa.RSAPublicKey(8, 15) -- cgit v1.2.3 From bc29f5b7741f1593234c6cae9df58e2ed8345f92 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 7 Feb 2014 20:06:29 +0000 Subject: Make tests more explicit. --- tests/hazmat/primitives/test_rsa.py | 127 +++++++++++++++++++++++++----------- 1 file changed, 89 insertions(+), 38 deletions(-) (limited to 'tests/hazmat/primitives/test_rsa.py') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index b89daac3..e2aca028 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -60,63 +60,114 @@ class TestRSA(object): assert skey.p * skey.q == skey.modulus - def test_invalid_argument_types(self): + def test_invalid_private_key_argument_types(self): with pytest.raises(TypeError): rsa.RSAPrivateKey(None, None, None, None, None) + def test_invalid_public_key_argument_types(self): with pytest.raises(TypeError): rsa.RSAPublicKey(None, None) - def test_invalid_argument_values(self): - # tiny example key - rsa.RSAPrivateKey(3, 5, 14, 7, 15) + def test_invalid_private_key_argument_values(self): + # Start with p=3, q=5, private_exponent=14, public_exponent=7, + # modulus=15. Then change one value at a time to test the bounds. - # modulus too small + # Test a modulus < 3. with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 7, 2) - - # modulus wrong + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=14, + public_exponent=7, + modulus=2 + ) + + # Test a modulus != p * q. with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 7, 16) - - # p too high + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=14, + public_exponent=7, + modulus=16 + ) + + # Test a p > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey(16, 5, 14, 7, 15) - - # q too high + rsa.RSAPrivateKey( + p=16, + q=5, + private_exponent=14, + public_exponent=7, + modulus=15 + ) + + # Test a q > modulus. with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 16, 14, 7, 15) - - # private exp too high + rsa.RSAPrivateKey( + p=3, + q=16, + private_exponent=14, + public_exponent=7, + modulus=15 + ) + + # Test a private_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 16, 7, 15) - - # public exp too low + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=16, + public_exponent=7, + modulus=15 + ) + + # Test a public_exponent < 3 with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 1, 15) - - # public exp too high + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=14, + public_exponent=1, + modulus=15 + ) + + # Test a public_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 17, 15) - - # public exp not odd + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=14, + public_exponent=17, + modulus=15 + ) + + # Test a public_exponent that is not odd. with pytest.raises(ValueError): - rsa.RSAPrivateKey(3, 5, 14, 8, 15) - - rsa.RSAPublicKey(7, 15) - - # modulus too small + rsa.RSAPrivateKey( + p=3, + q=5, + private_exponent=14, + public_exponent=6, + modulus=15 + ) + + def test_invalid_public_key_argument_values(self): + # Start with public_exponent=7, modulus=15. Then change one value at a + # time to test the bounds. + + # Test a modulus < 3. with pytest.raises(ValueError): - rsa.RSAPublicKey(7, 2) + rsa.RSAPublicKey(public_exponent=7, modulus=2) - # public exp too low + # Test a public_exponent < 3 with pytest.raises(ValueError): - rsa.RSAPublicKey(1, 15) + rsa.RSAPublicKey(public_exponent=1, modulus=15) - # public exp too high + # Test a public_exponent > modulus with pytest.raises(ValueError): - rsa.RSAPublicKey(17, 15) + rsa.RSAPublicKey(public_exponent=17, modulus=15) - # public exp not odd + # Test a public_exponent that is not odd. with pytest.raises(ValueError): - rsa.RSAPublicKey(8, 15) + rsa.RSAPublicKey(public_exponent=6, modulus=15) -- cgit v1.2.3