2454 lines
86 KiB
Python
2454 lines
86 KiB
Python
# This file is dual licensed under the terms of the Apache License, Version
|
|
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
# for complete details.
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
import binascii
|
|
import itertools
|
|
import os
|
|
|
|
import pytest
|
|
|
|
from cryptography.exceptions import (
|
|
AlreadyFinalized,
|
|
InvalidSignature,
|
|
_Reasons,
|
|
)
|
|
from cryptography.hazmat.backends.interfaces import (
|
|
PEMSerializationBackend,
|
|
RSABackend,
|
|
)
|
|
from cryptography.hazmat.primitives import hashes, serialization
|
|
from cryptography.hazmat.primitives.asymmetric import (
|
|
padding,
|
|
rsa,
|
|
utils as asym_utils,
|
|
)
|
|
from cryptography.hazmat.primitives.asymmetric.rsa import (
|
|
RSAPrivateNumbers,
|
|
RSAPublicNumbers,
|
|
)
|
|
from cryptography.utils import CryptographyDeprecationWarning
|
|
|
|
from .fixtures_rsa import (
|
|
RSA_KEY_1024,
|
|
RSA_KEY_1025,
|
|
RSA_KEY_1026,
|
|
RSA_KEY_1027,
|
|
RSA_KEY_1028,
|
|
RSA_KEY_1029,
|
|
RSA_KEY_1030,
|
|
RSA_KEY_1031,
|
|
RSA_KEY_1536,
|
|
RSA_KEY_2048,
|
|
RSA_KEY_2048_ALT,
|
|
RSA_KEY_512,
|
|
RSA_KEY_512_ALT,
|
|
RSA_KEY_522,
|
|
RSA_KEY_599,
|
|
RSA_KEY_745,
|
|
RSA_KEY_768,
|
|
RSA_KEY_CORRUPTED,
|
|
)
|
|
from .utils import (
|
|
_check_rsa_private_numbers,
|
|
generate_rsa_verification_test,
|
|
skip_fips_traditional_openssl,
|
|
)
|
|
from ...doubles import (
|
|
DummyAsymmetricPadding,
|
|
DummyHashAlgorithm,
|
|
DummyKeySerializationEncryption,
|
|
)
|
|
from ...utils import (
|
|
load_nist_vectors,
|
|
load_pkcs1_vectors,
|
|
load_rsa_nist_vectors,
|
|
load_vectors_from_file,
|
|
raises_unsupported_algorithm,
|
|
)
|
|
|
|
|
|
class DummyMGF(object):
|
|
_salt_length = 0
|
|
|
|
|
|
def _check_rsa_private_numbers_if_serializable(key):
|
|
if isinstance(key, rsa.RSAPrivateKeyWithSerialization):
|
|
_check_rsa_private_numbers(key.private_numbers())
|
|
|
|
|
|
def test_check_rsa_private_numbers_if_serializable():
|
|
_check_rsa_private_numbers_if_serializable("notserializable")
|
|
|
|
|
|
def _flatten_pkcs1_examples(vectors):
|
|
flattened_vectors = []
|
|
for vector in vectors:
|
|
examples = vector[0].pop("examples")
|
|
for example in examples:
|
|
merged_vector = (vector[0], vector[1], example)
|
|
flattened_vectors.append(merged_vector)
|
|
|
|
return flattened_vectors
|
|
|
|
|
|
def _build_oaep_sha2_vectors():
|
|
base_path = os.path.join("asymmetric", "RSA", "oaep-custom")
|
|
vectors = []
|
|
hashalgs = [
|
|
hashes.SHA1(),
|
|
hashes.SHA224(),
|
|
hashes.SHA256(),
|
|
hashes.SHA384(),
|
|
hashes.SHA512(),
|
|
]
|
|
for mgf1alg, oaepalg in itertools.product(hashalgs, hashalgs):
|
|
if mgf1alg.name == "sha1" and oaepalg.name == "sha1":
|
|
# We need to generate the cartesian product of the permutations
|
|
# of all the SHAs above, but SHA1/SHA1 is something we already
|
|
# tested previously and thus did not generate custom vectors for.
|
|
continue
|
|
|
|
examples = _flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join(
|
|
base_path,
|
|
"oaep-{}-{}.txt".format(mgf1alg.name, oaepalg.name),
|
|
),
|
|
load_pkcs1_vectors,
|
|
)
|
|
)
|
|
# We've loaded the files, but the loaders don't give us any information
|
|
# about the mgf1 or oaep hash algorithms. We know this info so we'll
|
|
# just add that to the end of the tuple
|
|
for private, public, vector in examples:
|
|
vectors.append((private, public, vector, mgf1alg, oaepalg))
|
|
return vectors
|
|
|
|
|
|
def _skip_pss_hash_algorithm_unsupported(backend, hash_alg):
|
|
if not backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH
|
|
)
|
|
):
|
|
pytest.skip(
|
|
"Does not support {} in MGF1 using PSS.".format(hash_alg.name)
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
def test_skip_pss_hash_algorithm_unsupported(backend):
|
|
with pytest.raises(pytest.skip.Exception):
|
|
_skip_pss_hash_algorithm_unsupported(backend, DummyHashAlgorithm())
|
|
|
|
|
|
def test_modular_inverse():
|
|
p = int(
|
|
"d1f9f6c09fd3d38987f7970247b85a6da84907753d42ec52bc23b745093f4fff5cff3"
|
|
"617ce43d00121a9accc0051f519c76e08cf02fc18acfe4c9e6aea18da470a2b611d2e"
|
|
"56a7b35caa2c0239bc041a53cc5875ca0b668ae6377d4b23e932d8c995fd1e58ecfd8"
|
|
"c4b73259c0d8a54d691cca3f6fb85c8a5c1baf588e898d481",
|
|
16,
|
|
)
|
|
q = int(
|
|
"d1519255eb8f678c86cfd06802d1fbef8b664441ac46b73d33d13a8404580a33a8e74"
|
|
"cb2ea2e2963125b3d454d7a922cef24dd13e55f989cbabf64255a736671f4629a47b5"
|
|
"b2347cfcd669133088d1c159518531025297c2d67c9da856a12e80222cd03b4c6ec0f"
|
|
"86c957cb7bb8de7a127b645ec9e820aa94581e4762e209f01",
|
|
16,
|
|
)
|
|
assert rsa._modinv(q, p) == int(
|
|
"0275e06afa722999315f8f322275483e15e2fb46d827b17800f99110b269a6732748f"
|
|
"624a382fa2ed1ec68c99f7fc56fb60e76eea51614881f497ba7034c17dde955f92f15"
|
|
"772f8b2b41f3e56d88b1e096cdd293eba4eae1e82db815e0fadea0c4ec971bc6fd875"
|
|
"c20e67e48c31a611e98d32c6213ae4c4d7b53023b2f80c538",
|
|
16,
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSA(object):
|
|
@pytest.mark.parametrize(
|
|
("public_exponent", "key_size"),
|
|
itertools.product(
|
|
(3, 65537),
|
|
(1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048),
|
|
),
|
|
)
|
|
def test_generate_rsa_keys(self, backend, public_exponent, key_size):
|
|
if backend._fips_enabled:
|
|
if key_size < backend._fips_rsa_min_key_size:
|
|
pytest.skip("Key size not FIPS compliant: {}".format(key_size))
|
|
if public_exponent < backend._fips_rsa_min_public_exponent:
|
|
pytest.skip(
|
|
"Exponent not FIPS compliant: {}".format(public_exponent)
|
|
)
|
|
skey = rsa.generate_private_key(public_exponent, key_size, backend)
|
|
assert skey.key_size == key_size
|
|
|
|
_check_rsa_private_numbers_if_serializable(skey)
|
|
pkey = skey.public_key()
|
|
assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers)
|
|
|
|
def test_generate_bad_public_exponent(self, backend):
|
|
with pytest.raises(ValueError):
|
|
rsa.generate_private_key(
|
|
public_exponent=1, key_size=2048, backend=backend
|
|
)
|
|
|
|
with pytest.raises(ValueError):
|
|
rsa.generate_private_key(
|
|
public_exponent=4, key_size=2048, backend=backend
|
|
)
|
|
|
|
with pytest.raises(ValueError):
|
|
rsa.generate_private_key(
|
|
public_exponent=65535, key_size=2048, backend=backend
|
|
)
|
|
|
|
def test_cant_generate_insecure_tiny_key(self, backend):
|
|
with pytest.raises(ValueError):
|
|
rsa.generate_private_key(
|
|
public_exponent=65537, key_size=511, backend=backend
|
|
)
|
|
|
|
with pytest.raises(ValueError):
|
|
rsa.generate_private_key(
|
|
public_exponent=65537, key_size=256, backend=backend
|
|
)
|
|
|
|
@pytest.mark.parametrize(
|
|
"pkcs1_example",
|
|
load_vectors_from_file(
|
|
os.path.join(
|
|
"asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"
|
|
),
|
|
load_pkcs1_vectors,
|
|
),
|
|
)
|
|
def test_load_pss_vect_example_keys(self, pkcs1_example):
|
|
secret, public = pkcs1_example
|
|
|
|
private_num = rsa.RSAPrivateNumbers(
|
|
p=secret["p"],
|
|
q=secret["q"],
|
|
d=secret["private_exponent"],
|
|
dmp1=secret["dmp1"],
|
|
dmq1=secret["dmq1"],
|
|
iqmp=secret["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=secret["public_exponent"], n=secret["modulus"]
|
|
),
|
|
)
|
|
_check_rsa_private_numbers(private_num)
|
|
|
|
public_num = rsa.RSAPublicNumbers(
|
|
e=public["public_exponent"], n=public["modulus"]
|
|
)
|
|
assert public_num
|
|
|
|
public_num2 = private_num.public_numbers
|
|
assert public_num2
|
|
|
|
assert public_num.n == public_num2.n
|
|
assert public_num.e == public_num2.e
|
|
|
|
@pytest.mark.parametrize(
|
|
"vector",
|
|
load_vectors_from_file(
|
|
os.path.join("asymmetric", "RSA", "oaep-label.txt"),
|
|
load_nist_vectors,
|
|
),
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=b"label",
|
|
)
|
|
),
|
|
skip_message="Does not support RSA OAEP labels",
|
|
)
|
|
def test_oaep_label_decrypt(self, vector, backend):
|
|
private_key = serialization.load_der_private_key(
|
|
binascii.unhexlify(vector["key"]), None, backend
|
|
)
|
|
assert vector["oaepdigest"] == b"SHA512"
|
|
decrypted = private_key.decrypt(
|
|
binascii.unhexlify(vector["input"]),
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA512()),
|
|
algorithm=hashes.SHA512(),
|
|
label=binascii.unhexlify(vector["oaeplabel"]),
|
|
),
|
|
)
|
|
assert vector["output"][1:-1] == decrypted
|
|
|
|
@pytest.mark.parametrize(
|
|
("msg", "label"),
|
|
[
|
|
(b"amazing encrypted msg", b"some label"),
|
|
(b"amazing encrypted msg", b""),
|
|
],
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=b"label",
|
|
)
|
|
),
|
|
skip_message="Does not support RSA OAEP labels",
|
|
)
|
|
def test_oaep_label_roundtrip(self, msg, label, backend):
|
|
private_key = RSA_KEY_2048.private_key(backend)
|
|
ct = private_key.public_key().encrypt(
|
|
msg,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=label,
|
|
),
|
|
)
|
|
pt = private_key.decrypt(
|
|
ct,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=label,
|
|
),
|
|
)
|
|
assert pt == msg
|
|
|
|
@pytest.mark.parametrize(
|
|
("enclabel", "declabel"),
|
|
[(b"label1", b"label2"), (b"label3", b""), (b"", b"label4")],
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=b"label",
|
|
)
|
|
),
|
|
skip_message="Does not support RSA OAEP labels",
|
|
)
|
|
def test_oaep_wrong_label(self, enclabel, declabel, backend):
|
|
private_key = RSA_KEY_2048.private_key(backend)
|
|
msg = b"test"
|
|
ct = private_key.public_key().encrypt(
|
|
msg,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=enclabel,
|
|
),
|
|
)
|
|
with pytest.raises(ValueError):
|
|
private_key.decrypt(
|
|
ct,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=declabel,
|
|
),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: not backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA256(),
|
|
label=b"label",
|
|
)
|
|
),
|
|
skip_message="Requires backend without RSA OAEP label support",
|
|
)
|
|
def test_unsupported_oaep_label_decrypt(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
private_key.decrypt(
|
|
b"0" * 64,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=b"label",
|
|
),
|
|
)
|
|
|
|
|
|
def test_rsa_generate_invalid_backend():
|
|
pretend_backend = object()
|
|
|
|
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
|
|
rsa.generate_private_key(65537, 2048, pretend_backend)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSASignature(object):
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"pkcs1_example",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join("asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_pkcs1v15_signing(self, pkcs1_example, backend):
|
|
private, public, example = pkcs1_example
|
|
private_key = rsa.RSAPrivateNumbers(
|
|
p=private["p"],
|
|
q=private["q"],
|
|
d=private["private_exponent"],
|
|
dmp1=private["dmp1"],
|
|
dmq1=private["dmq1"],
|
|
iqmp=private["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=private["public_exponent"], n=private["modulus"]
|
|
),
|
|
).private_key(backend)
|
|
signature = private_key.sign(
|
|
binascii.unhexlify(example["message"]),
|
|
padding.PKCS1v15(),
|
|
hashes.SHA1(),
|
|
)
|
|
assert binascii.hexlify(signature) == example["signature"]
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"pkcs1_example",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join(
|
|
"asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"
|
|
),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_pss_signing(self, pkcs1_example, backend):
|
|
private, public, example = pkcs1_example
|
|
private_key = rsa.RSAPrivateNumbers(
|
|
p=private["p"],
|
|
q=private["q"],
|
|
d=private["private_exponent"],
|
|
dmp1=private["dmp1"],
|
|
dmq1=private["dmq1"],
|
|
iqmp=private["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=private["public_exponent"], n=private["modulus"]
|
|
),
|
|
).private_key(backend)
|
|
public_key = rsa.RSAPublicNumbers(
|
|
e=public["public_exponent"], n=public["modulus"]
|
|
).public_key(backend)
|
|
signature = private_key.sign(
|
|
binascii.unhexlify(example["message"]),
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
assert len(signature) == (private_key.key_size + 7) // 8
|
|
# PSS signatures contain randomness so we can't do an exact
|
|
# signature check. Instead we'll verify that the signature created
|
|
# successfully verifies.
|
|
public_key.verify(
|
|
signature,
|
|
binascii.unhexlify(example["message"]),
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.parametrize(
|
|
"hash_alg",
|
|
[hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()],
|
|
)
|
|
def test_pss_signing_sha2(self, hash_alg, backend):
|
|
_skip_pss_hash_algorithm_unsupported(backend, hash_alg)
|
|
private_key = RSA_KEY_768.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
pss = padding.PSS(
|
|
mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH
|
|
)
|
|
msg = b"testing signature"
|
|
signature = private_key.sign(msg, pss, hash_alg)
|
|
public_key.verify(signature, msg, pss, hash_alg)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA512())
|
|
and backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
)
|
|
),
|
|
skip_message="Does not support SHA512.",
|
|
)
|
|
def test_pss_minimum_key_size_for_digest(self, backend):
|
|
private_key = RSA_KEY_522.private_key(backend)
|
|
private_key.sign(
|
|
b"no failure",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA512(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
|
|
skip_message="Does not support SHA512.",
|
|
)
|
|
def test_pss_signing_digest_too_large_for_key_size(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
private_key.sign(
|
|
b"msg",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA512(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_pss_signing_salt_length_too_long(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
private_key.sign(
|
|
b"failure coming",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()), salt_length=1000000
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_use_after_finalize(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.warns(CryptographyDeprecationWarning):
|
|
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
|
|
signer.update(b"sign me")
|
|
signer.finalize()
|
|
with pytest.raises(AlreadyFinalized):
|
|
signer.finalize()
|
|
with pytest.raises(AlreadyFinalized):
|
|
signer.update(b"more data")
|
|
|
|
def test_unsupported_padding(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
private_key.sign(b"msg", DummyAsymmetricPadding(), hashes.SHA1())
|
|
|
|
def test_padding_incorrect_type(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(TypeError):
|
|
private_key.sign(b"msg", "notpadding", hashes.SHA1())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_unsupported_pss_mgf(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
|
|
private_key.sign(
|
|
b"msg",
|
|
padding.PSS(
|
|
mgf=DummyMGF(), salt_length=padding.PSS.MAX_LENGTH
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_pkcs1_digest_too_large_for_key_size(self, backend):
|
|
private_key = RSA_KEY_599.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
private_key.sign(
|
|
b"failure coming", padding.PKCS1v15(), hashes.SHA512()
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_pkcs1_minimum_key_size(self, backend):
|
|
private_key = RSA_KEY_745.private_key(backend)
|
|
private_key.sign(b"no failure", padding.PKCS1v15(), hashes.SHA512())
|
|
|
|
def test_sign(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
pkcs = padding.PKCS1v15()
|
|
algorithm = hashes.SHA1()
|
|
signature = private_key.sign(message, pkcs, algorithm)
|
|
public_key = private_key.public_key()
|
|
public_key.verify(signature, message, pkcs, algorithm)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_prehashed_sign(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
h = hashes.Hash(hashes.SHA1(), backend)
|
|
h.update(message)
|
|
digest = h.finalize()
|
|
pss = padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
prehashed_alg = asym_utils.Prehashed(hashes.SHA1())
|
|
signature = private_key.sign(digest, pss, prehashed_alg)
|
|
public_key = private_key.public_key()
|
|
public_key.verify(signature, message, pss, hashes.SHA1())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.hash_supported(
|
|
hashes.BLAKE2s(digest_size=32)
|
|
),
|
|
skip_message="Does not support BLAKE2s",
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_unsupported_hash(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
pss = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
|
|
private_key.sign(message, pss, hashes.BLAKE2s(32))
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_prehashed_digest_mismatch(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
h = hashes.Hash(hashes.SHA512(), backend)
|
|
h.update(message)
|
|
digest = h.finalize()
|
|
pss = padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
prehashed_alg = asym_utils.Prehashed(hashes.SHA1())
|
|
with pytest.raises(ValueError):
|
|
private_key.sign(digest, pss, prehashed_alg)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_prehashed_unsupported_in_signer_ctx(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(TypeError), pytest.warns(
|
|
CryptographyDeprecationWarning
|
|
):
|
|
private_key.signer(
|
|
padding.PKCS1v15(), asym_utils.Prehashed(hashes.SHA1())
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_prehashed_unsupported_in_verifier_ctx(self, backend):
|
|
public_key = RSA_KEY_512.private_key(backend).public_key()
|
|
with pytest.raises(TypeError), pytest.warns(
|
|
CryptographyDeprecationWarning
|
|
):
|
|
public_key.verifier(
|
|
b"0" * 64,
|
|
padding.PKCS1v15(),
|
|
asym_utils.Prehashed(hashes.SHA1()),
|
|
)
|
|
|
|
def test_prehashed_unsupported_in_signature_recover(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
signature = private_key.sign(
|
|
b"sign me", padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
prehashed_alg = asym_utils.Prehashed(hashes.SHA1())
|
|
with pytest.raises(TypeError):
|
|
public_key.recover_data_from_signature(
|
|
signature, padding.PKCS1v15(), prehashed_alg
|
|
)
|
|
|
|
def test_corrupted_private_key(self, backend):
|
|
with pytest.raises(ValueError):
|
|
serialization.load_pem_private_key(
|
|
RSA_KEY_CORRUPTED, password=None, backend=backend
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSAVerification(object):
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"pkcs1_example",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join("asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_pkcs1v15_verification(self, pkcs1_example, backend):
|
|
private, public, example = pkcs1_example
|
|
public_key = rsa.RSAPublicNumbers(
|
|
e=public["public_exponent"], n=public["modulus"]
|
|
).public_key(backend)
|
|
signature = binascii.unhexlify(example["signature"])
|
|
message = binascii.unhexlify(example["message"])
|
|
public_key.verify(
|
|
signature, message, padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
|
|
# Test digest recovery by providing hash
|
|
digest = hashes.Hash(hashes.SHA1())
|
|
digest.update(message)
|
|
msg_digest = digest.finalize()
|
|
rec_msg_digest = public_key.recover_data_from_signature(
|
|
signature, padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
assert msg_digest == rec_msg_digest
|
|
|
|
# Test recovery of all data (full DigestInfo) with hash alg. as None
|
|
rec_sig_data = public_key.recover_data_from_signature(
|
|
signature, padding.PKCS1v15(), None
|
|
)
|
|
assert len(rec_sig_data) > len(msg_digest)
|
|
assert msg_digest == rec_sig_data[-len(msg_digest) :]
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_invalid_pkcs1v15_signature_wrong_data(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
signature = private_key.sign(
|
|
b"sign me", padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature, b"incorrect data", padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
|
|
def test_invalid_pkcs1v15_signature_recover_wrong_hash_alg(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
signature = private_key.sign(
|
|
b"sign me", padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.recover_data_from_signature(
|
|
signature, padding.PKCS1v15(), hashes.SHA256()
|
|
)
|
|
|
|
def test_invalid_signature_sequence_removed(self, backend):
|
|
"""
|
|
This test comes from wycheproof
|
|
"""
|
|
key_der = binascii.unhexlify(
|
|
b"30820122300d06092a864886f70d01010105000382010f003082010a02820101"
|
|
b"00a2b451a07d0aa5f96e455671513550514a8a5b462ebef717094fa1fee82224"
|
|
b"e637f9746d3f7cafd31878d80325b6ef5a1700f65903b469429e89d6eac88450"
|
|
b"97b5ab393189db92512ed8a7711a1253facd20f79c15e8247f3d3e42e46e48c9"
|
|
b"8e254a2fe9765313a03eff8f17e1a029397a1fa26a8dce26f490ed81299615d9"
|
|
b"814c22da610428e09c7d9658594266f5c021d0fceca08d945a12be82de4d1ece"
|
|
b"6b4c03145b5d3495d4ed5411eb878daf05fd7afc3e09ada0f1126422f590975a"
|
|
b"1969816f48698bcbba1b4d9cae79d460d8f9f85e7975005d9bc22c4e5ac0f7c1"
|
|
b"a45d12569a62807d3b9a02e5a530e773066f453d1f5b4c2e9cf7820283f742b9"
|
|
b"d50203010001"
|
|
)
|
|
sig = binascii.unhexlify(
|
|
b"498209f59a0679a1f926eccf3056da2cba553d7ab3064e7c41ad1d739f038249"
|
|
b"f02f5ad12ee246073d101bc3cdb563e8b6be61562056422b7e6c16ad53deb12a"
|
|
b"f5de744197753a35859833f41bb59c6597f3980132b7478fd0b95fd27dfad64a"
|
|
b"20fd5c25312bbd41a85286cd2a83c8df5efa0779158d01b0747ff165b055eb28"
|
|
b"80ea27095700a295593196d8c5922cf6aa9d7e29b5056db5ded5eb20aeb31b89"
|
|
b"42e26b15a5188a4934cd7e39cfe379a197f49a204343a493452deebca436ee61"
|
|
b"4f4daf989e355544489f7e69ffa8ccc6a1e81cf0ab33c3e6d7591091485a6a31"
|
|
b"bda3b33946490057b9a3003d3fd9daf7c4778b43fd46144d945d815f12628ff4"
|
|
)
|
|
public_key = serialization.load_der_public_key(key_der, backend)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
sig,
|
|
binascii.unhexlify(b"313233343030"),
|
|
padding.PKCS1v15(),
|
|
hashes.SHA256(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_invalid_pkcs1v15_signature_wrong_key(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
private_key2 = RSA_KEY_512_ALT.private_key(backend)
|
|
public_key = private_key2.public_key()
|
|
msg = b"sign me"
|
|
signature = private_key.sign(msg, padding.PKCS1v15(), hashes.SHA1())
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature, msg, padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=20)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"pkcs1_example",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join(
|
|
"asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"
|
|
),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_pss_verification(self, pkcs1_example, backend):
|
|
private, public, example = pkcs1_example
|
|
public_key = rsa.RSAPublicNumbers(
|
|
e=public["public_exponent"], n=public["modulus"]
|
|
).public_key(backend)
|
|
public_key.verify(
|
|
binascii.unhexlify(example["signature"]),
|
|
binascii.unhexlify(example["message"]),
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()), salt_length=20
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_invalid_pss_signature_wrong_data(self, backend):
|
|
public_key = rsa.RSAPublicNumbers(
|
|
n=int(
|
|
b"dffc2137d5e810cde9e4b4612f5796447218bab913b3fa98bdf7982e4fa6"
|
|
b"ec4d6653ef2b29fb1642b095befcbea6decc178fb4bed243d3c3592c6854"
|
|
b"6af2d3f3",
|
|
16,
|
|
),
|
|
e=65537,
|
|
).public_key(backend)
|
|
signature = binascii.unhexlify(
|
|
b"0e68c3649df91c5bc3665f96e157efa75b71934aaa514d91e94ca8418d100f45"
|
|
b"6f05288e58525f99666bab052adcffdf7186eb40f583bd38d98c97d3d524808b"
|
|
)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature,
|
|
b"incorrect data",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_invalid_pss_signature_wrong_key(self, backend):
|
|
signature = binascii.unhexlify(
|
|
b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826"
|
|
b"f8a46c431e0d7be0ca3e453f8b2b009e2733764da7927cc6dbe7a021437a242e"
|
|
)
|
|
public_key = rsa.RSAPublicNumbers(
|
|
n=int(
|
|
b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68"
|
|
b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8"
|
|
b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303"
|
|
b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4"
|
|
b"030d3581e13522e1",
|
|
16,
|
|
),
|
|
e=65537,
|
|
).public_key(backend)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature,
|
|
b"sign me",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_invalid_pss_signature_data_too_large_for_modulus(self, backend):
|
|
# 2048 bit PSS signature
|
|
signature = binascii.unhexlify(
|
|
b"58750fc3d2f560d1f3e37c8e28bc8da6d3e93f5d58f8becd25b1c931eea30fea"
|
|
b"54cb17d44b90104a0aacb7fe9ffa2a59c5788435911d63de78178d21eb875ccd"
|
|
b"0b07121b641ed4fe6bcb1ca5060322765507b4f24bdba8a698a8e4e07e6bf2c4"
|
|
b"7a736abe5a912e85cd32f648f3e043b4385e8b612dcce342c5fddf18c524deb5"
|
|
b"6295b95f6dfa759b2896b793628a90f133e74c1ff7d3af43e3f7ee792df2e5b6"
|
|
b"a19e996ac3676884354899a437b3ae4e3ac91976c336c332a3b1db0d172b19cb"
|
|
b"40ad3d871296cfffb3c889ce74a179a3e290852c35d59525afe4b39dc907fad2"
|
|
b"ac462c50a488dca486031a3dc8c4cdbbc53e9f71d64732e1533a5d1249b833ce"
|
|
)
|
|
# 1024 bit key
|
|
public_key = RSA_KEY_1024.private_key(backend).public_key()
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature,
|
|
b"sign me",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
def test_invalid_pss_signature_recover(self, backend):
|
|
private_key = RSA_KEY_1024.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
pss_padding = padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
signature = private_key.sign(b"sign me", pss_padding, hashes.SHA1())
|
|
|
|
# Hash algorithm can not be absent for PSS padding
|
|
with pytest.raises(TypeError):
|
|
public_key.recover_data_from_signature(
|
|
signature, pss_padding, None
|
|
)
|
|
|
|
# Signature data recovery not supported with PSS
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
public_key.recover_data_from_signature(
|
|
signature, pss_padding, hashes.SHA1()
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_use_after_finalize(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
signature = private_key.sign(
|
|
b"sign me", padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
|
|
with pytest.warns(CryptographyDeprecationWarning):
|
|
verifier = public_key.verifier(
|
|
signature, padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
verifier.update(b"sign me")
|
|
verifier.verify()
|
|
with pytest.raises(AlreadyFinalized):
|
|
verifier.verify()
|
|
with pytest.raises(AlreadyFinalized):
|
|
verifier.update(b"more data")
|
|
|
|
def test_unsupported_padding(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
public_key.verify(
|
|
b"sig", b"msg", DummyAsymmetricPadding(), hashes.SHA1()
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_signature_not_bytes(self, backend):
|
|
public_key = RSA_KEY_512.public_numbers.public_key(backend)
|
|
signature = 1234
|
|
|
|
with pytest.raises(TypeError), pytest.warns(
|
|
CryptographyDeprecationWarning
|
|
):
|
|
public_key.verifier(signature, padding.PKCS1v15(), hashes.SHA1())
|
|
|
|
def test_padding_incorrect_type(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
with pytest.raises(TypeError):
|
|
public_key.verify(b"sig", b"msg", "notpadding", hashes.SHA1())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_unsupported_pss_mgf(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
|
|
public_key.verify(
|
|
b"sig",
|
|
b"msg",
|
|
padding.PSS(
|
|
mgf=DummyMGF(), salt_length=padding.PSS.MAX_LENGTH
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
|
|
skip_message="Does not support SHA512.",
|
|
)
|
|
def test_pss_verify_digest_too_large_for_key_size(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
signature = binascii.unhexlify(
|
|
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
|
|
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
|
|
)
|
|
public_key = private_key.public_key()
|
|
with pytest.raises(ValueError):
|
|
public_key.verify(
|
|
signature,
|
|
b"msg doesn't matter",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
),
|
|
hashes.SHA512(),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS.",
|
|
)
|
|
def test_pss_verify_salt_length_too_long(self, backend):
|
|
signature = binascii.unhexlify(
|
|
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
|
|
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
|
|
)
|
|
public_key = rsa.RSAPublicNumbers(
|
|
n=int(
|
|
b"d309e4612809437548b747d7f9eb9cd3340f54fe42bb3f84a36933b0839c"
|
|
b"11b0c8b7f67e11f7252370161e31159c49c784d4bc41c42a78ce0f0b40a3"
|
|
b"ca8ffb91",
|
|
16,
|
|
),
|
|
e=65537,
|
|
).public_key(backend)
|
|
with pytest.raises(InvalidSignature):
|
|
public_key.verify(
|
|
signature,
|
|
b"sign me",
|
|
padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hashes.SHA1(),
|
|
),
|
|
salt_length=1000000,
|
|
),
|
|
hashes.SHA1(),
|
|
)
|
|
|
|
def test_verify(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
pkcs = padding.PKCS1v15()
|
|
algorithm = hashes.SHA1()
|
|
signature = private_key.sign(message, pkcs, algorithm)
|
|
public_key = private_key.public_key()
|
|
public_key.verify(signature, message, pkcs, algorithm)
|
|
|
|
def test_prehashed_verify(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
message = b"one little message"
|
|
h = hashes.Hash(hashes.SHA1(), backend)
|
|
h.update(message)
|
|
digest = h.finalize()
|
|
prehashed_alg = asym_utils.Prehashed(hashes.SHA1())
|
|
pkcs = padding.PKCS1v15()
|
|
signature = private_key.sign(message, pkcs, hashes.SHA1())
|
|
public_key = private_key.public_key()
|
|
public_key.verify(signature, digest, pkcs, prehashed_alg)
|
|
|
|
def test_prehashed_digest_mismatch(self, backend):
|
|
public_key = RSA_KEY_512.private_key(backend).public_key()
|
|
message = b"one little message"
|
|
h = hashes.Hash(hashes.SHA1(), backend)
|
|
h.update(message)
|
|
data = h.finalize()
|
|
prehashed_alg = asym_utils.Prehashed(hashes.SHA512())
|
|
pkcs = padding.PKCS1v15()
|
|
with pytest.raises(ValueError):
|
|
public_key.verify(b"\x00" * 64, data, pkcs, prehashed_alg)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSAPSSMGF1Verification(object):
|
|
test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS using MGF1 with SHA1.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGenPSS_186-2.rsp",
|
|
"SigGenPSS_186-3.rsp",
|
|
"SigVerPSS_186-3.rsp",
|
|
],
|
|
hashes.SHA1(),
|
|
lambda params, hash_alg: padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hash_alg,
|
|
),
|
|
salt_length=params["salt_length"],
|
|
),
|
|
)
|
|
)
|
|
|
|
test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA224()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS using MGF1 with SHA224.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGenPSS_186-2.rsp",
|
|
"SigGenPSS_186-3.rsp",
|
|
"SigVerPSS_186-3.rsp",
|
|
],
|
|
hashes.SHA224(),
|
|
lambda params, hash_alg: padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hash_alg,
|
|
),
|
|
salt_length=params["salt_length"],
|
|
),
|
|
)
|
|
)
|
|
|
|
test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA256()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS using MGF1 with SHA256.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGenPSS_186-2.rsp",
|
|
"SigGenPSS_186-3.rsp",
|
|
"SigVerPSS_186-3.rsp",
|
|
],
|
|
hashes.SHA256(),
|
|
lambda params, hash_alg: padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hash_alg,
|
|
),
|
|
salt_length=params["salt_length"],
|
|
),
|
|
)
|
|
)
|
|
|
|
test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA384()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS using MGF1 with SHA384.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGenPSS_186-2.rsp",
|
|
"SigGenPSS_186-3.rsp",
|
|
"SigVerPSS_186-3.rsp",
|
|
],
|
|
hashes.SHA384(),
|
|
lambda params, hash_alg: padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hash_alg,
|
|
),
|
|
salt_length=params["salt_length"],
|
|
),
|
|
)
|
|
)
|
|
|
|
test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA512()),
|
|
salt_length=padding.PSS.MAX_LENGTH,
|
|
)
|
|
),
|
|
skip_message="Does not support PSS using MGF1 with SHA512.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGenPSS_186-2.rsp",
|
|
"SigGenPSS_186-3.rsp",
|
|
"SigVerPSS_186-3.rsp",
|
|
],
|
|
hashes.SHA512(),
|
|
lambda params, hash_alg: padding.PSS(
|
|
mgf=padding.MGF1(
|
|
algorithm=hash_alg,
|
|
),
|
|
salt_length=params["salt_length"],
|
|
),
|
|
)
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSAPKCS1Verification(object):
|
|
test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA1())
|
|
and backend.rsa_padding_supported(padding.PKCS1v15())
|
|
),
|
|
skip_message="Does not support SHA1 and PKCS1v1.5.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGen15_186-2.rsp",
|
|
"SigGen15_186-3.rsp",
|
|
"SigVer15_186-3.rsp",
|
|
],
|
|
hashes.SHA1(),
|
|
lambda params, hash_alg: padding.PKCS1v15(),
|
|
)
|
|
)
|
|
|
|
test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA224())
|
|
and backend.rsa_padding_supported(padding.PKCS1v15())
|
|
),
|
|
skip_message="Does not support SHA224 and PKCS1v1.5.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGen15_186-2.rsp",
|
|
"SigGen15_186-3.rsp",
|
|
"SigVer15_186-3.rsp",
|
|
],
|
|
hashes.SHA224(),
|
|
lambda params, hash_alg: padding.PKCS1v15(),
|
|
)
|
|
)
|
|
|
|
test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA256())
|
|
and backend.rsa_padding_supported(padding.PKCS1v15())
|
|
),
|
|
skip_message="Does not support SHA256 and PKCS1v1.5.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGen15_186-2.rsp",
|
|
"SigGen15_186-3.rsp",
|
|
"SigVer15_186-3.rsp",
|
|
],
|
|
hashes.SHA256(),
|
|
lambda params, hash_alg: padding.PKCS1v15(),
|
|
)
|
|
)
|
|
|
|
test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA384())
|
|
and backend.rsa_padding_supported(padding.PKCS1v15())
|
|
),
|
|
skip_message="Does not support SHA384 and PKCS1v1.5.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGen15_186-2.rsp",
|
|
"SigGen15_186-3.rsp",
|
|
"SigVer15_186-3.rsp",
|
|
],
|
|
hashes.SHA384(),
|
|
lambda params, hash_alg: padding.PKCS1v15(),
|
|
)
|
|
)
|
|
|
|
test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
|
|
only_if=lambda backend: (
|
|
backend.hash_supported(hashes.SHA512())
|
|
and backend.rsa_padding_supported(padding.PKCS1v15())
|
|
),
|
|
skip_message="Does not support SHA512 and PKCS1v1.5.",
|
|
)(
|
|
generate_rsa_verification_test(
|
|
load_rsa_nist_vectors,
|
|
os.path.join("asymmetric", "RSA", "FIPS_186-2"),
|
|
[
|
|
"SigGen15_186-2.rsp",
|
|
"SigGen15_186-3.rsp",
|
|
"SigVer15_186-3.rsp",
|
|
],
|
|
hashes.SHA512(),
|
|
lambda params, hash_alg: padding.PKCS1v15(),
|
|
)
|
|
)
|
|
|
|
|
|
class TestPSS(object):
|
|
def test_calculate_max_pss_salt_length(self):
|
|
with pytest.raises(TypeError):
|
|
padding.calculate_max_pss_salt_length(object(), hashes.SHA256())
|
|
|
|
def test_invalid_salt_length_not_integer(self):
|
|
with pytest.raises(TypeError):
|
|
padding.PSS(
|
|
mgf=padding.MGF1(hashes.SHA1()), salt_length=b"not_a_length"
|
|
)
|
|
|
|
def test_invalid_salt_length_negative_integer(self):
|
|
with pytest.raises(ValueError):
|
|
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=-1)
|
|
|
|
def test_valid_pss_parameters(self):
|
|
algorithm = hashes.SHA1()
|
|
salt_length = algorithm.digest_size
|
|
mgf = padding.MGF1(algorithm)
|
|
pss = padding.PSS(mgf=mgf, salt_length=salt_length)
|
|
assert pss._mgf == mgf
|
|
assert pss._salt_length == salt_length
|
|
|
|
def test_valid_pss_parameters_maximum(self):
|
|
algorithm = hashes.SHA1()
|
|
mgf = padding.MGF1(algorithm)
|
|
pss = padding.PSS(mgf=mgf, salt_length=padding.PSS.MAX_LENGTH)
|
|
assert pss._mgf == mgf
|
|
assert pss._salt_length == padding.PSS.MAX_LENGTH
|
|
|
|
|
|
class TestMGF1(object):
|
|
def test_invalid_hash_algorithm(self):
|
|
with pytest.raises(TypeError):
|
|
padding.MGF1(b"not_a_hash")
|
|
|
|
def test_valid_mgf1_parameters(self):
|
|
algorithm = hashes.SHA1()
|
|
mgf = padding.MGF1(algorithm)
|
|
assert mgf._algorithm == algorithm
|
|
|
|
|
|
class TestOAEP(object):
|
|
def test_invalid_algorithm(self):
|
|
mgf = padding.MGF1(hashes.SHA1())
|
|
with pytest.raises(TypeError):
|
|
padding.OAEP(mgf=mgf, algorithm=b"", label=None)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSADecryption(object):
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"vector",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join("asymmetric", "RSA", "pkcs1v15crypt-vectors.txt"),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_decrypt_pkcs1v15_vectors(self, vector, backend):
|
|
private, public, example = vector
|
|
skey = rsa.RSAPrivateNumbers(
|
|
p=private["p"],
|
|
q=private["q"],
|
|
d=private["private_exponent"],
|
|
dmp1=private["dmp1"],
|
|
dmq1=private["dmq1"],
|
|
iqmp=private["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=private["public_exponent"], n=private["modulus"]
|
|
),
|
|
).private_key(backend)
|
|
ciphertext = binascii.unhexlify(example["encryption"])
|
|
assert len(ciphertext) == (skey.key_size + 7) // 8
|
|
message = skey.decrypt(ciphertext, padding.PKCS1v15())
|
|
assert message == binascii.unhexlify(example["message"])
|
|
|
|
def test_unsupported_padding(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
private_key.decrypt(b"0" * 64, DummyAsymmetricPadding())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_decrypt_invalid_decrypt(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
private_key.decrypt(b"\x00" * 64, padding.PKCS1v15())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_decrypt_ciphertext_too_large(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
private_key.decrypt(b"\x00" * 65, padding.PKCS1v15())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
def test_decrypt_ciphertext_too_small(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
ct = binascii.unhexlify(
|
|
b"50b4c14136bd198c2f3c3ed243fce036e168d56517984a263cd66492b80804f1"
|
|
b"69d210f2b9bdfb48b12f9ea05009c77da257cc600ccefe3a6283789d8ea0"
|
|
)
|
|
with pytest.raises(ValueError):
|
|
private_key.decrypt(ct, padding.PKCS1v15())
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message="Does not support OAEP.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
"vector",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join(
|
|
"asymmetric", "RSA", "pkcs-1v2-1d2-vec", "oaep-vect.txt"
|
|
),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_decrypt_oaep_vectors(self, vector, backend):
|
|
private, public, example = vector
|
|
skey = rsa.RSAPrivateNumbers(
|
|
p=private["p"],
|
|
q=private["q"],
|
|
d=private["private_exponent"],
|
|
dmp1=private["dmp1"],
|
|
dmq1=private["dmq1"],
|
|
iqmp=private["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=private["public_exponent"], n=private["modulus"]
|
|
),
|
|
).private_key(backend)
|
|
message = skey.decrypt(
|
|
binascii.unhexlify(example["encryption"]),
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
),
|
|
)
|
|
assert message == binascii.unhexlify(example["message"])
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA224()),
|
|
algorithm=hashes.SHA224(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message=(
|
|
"Does not support OAEP using SHA224 MGF1 and SHA224 hash."
|
|
),
|
|
)
|
|
@pytest.mark.parametrize("vector", _build_oaep_sha2_vectors())
|
|
def test_decrypt_oaep_sha2_vectors(self, vector, backend):
|
|
private, public, example, mgf1_alg, hash_alg = vector
|
|
skey = rsa.RSAPrivateNumbers(
|
|
p=private["p"],
|
|
q=private["q"],
|
|
d=private["private_exponent"],
|
|
dmp1=private["dmp1"],
|
|
dmq1=private["dmq1"],
|
|
iqmp=private["iqmp"],
|
|
public_numbers=rsa.RSAPublicNumbers(
|
|
e=private["public_exponent"], n=private["modulus"]
|
|
),
|
|
).private_key(backend)
|
|
message = skey.decrypt(
|
|
binascii.unhexlify(example["encryption"]),
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=mgf1_alg),
|
|
algorithm=hash_alg,
|
|
label=None,
|
|
),
|
|
)
|
|
assert message == binascii.unhexlify(example["message"])
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message="Does not support OAEP.",
|
|
)
|
|
def test_invalid_oaep_decryption(self, backend):
|
|
# More recent versions of OpenSSL may raise different errors.
|
|
# This test triggers a failure and confirms that we properly handle
|
|
# it.
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
|
|
ciphertext = private_key.public_key().encrypt(
|
|
b"secure data",
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
),
|
|
)
|
|
|
|
private_key_alt = RSA_KEY_512_ALT.private_key(backend)
|
|
|
|
with pytest.raises(ValueError):
|
|
private_key_alt.decrypt(
|
|
ciphertext,
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
),
|
|
)
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message="Does not support OAEP.",
|
|
)
|
|
def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend):
|
|
key = RSA_KEY_2048_ALT.private_key(backend)
|
|
|
|
ciphertext = (
|
|
b"\xb1ph\xc0\x0b\x1a|\xe6\xda\xea\xb5\xd7%\x94\x07\xf96\xfb\x96"
|
|
b"\x11\x9b\xdc4\xea.-\x91\x80\x13S\x94\x04m\xe9\xc5/F\x1b\x9b:\\"
|
|
b"\x1d\x04\x16ML\xae\xb32J\x01yuA\xbb\x83\x1c\x8f\xf6\xa5\xdbp\xcd"
|
|
b"\nx\xc7\xf6\x15\xb2/\xdcH\xae\xe7\x13\x13by\r4t\x99\x0fc\x1f\xc1"
|
|
b"\x1c\xb1\xdd\xc5\x08\xd1\xee\xa1XQ\xb8H@L5v\xc3\xaf\xf2\r\x97"
|
|
b"\xed\xaa\xe7\xf1\xd4xai\xd3\x83\xd9\xaa9\xbfx\xe1\x87F \x01\xff"
|
|
b"L\xccv}ae\xb3\xfa\xf2B\xb8\xf9\x04H\x94\x85\xcb\x86\xbb\\ghx!W31"
|
|
b"\xc7;t\na_E\xc2\x16\xb0;\xa1\x18\t\x1b\xe1\xdb\x80>)\x15\xc6\x12"
|
|
b"\xcb\xeeg`\x8b\x9b\x1b\x05y4\xb0\x84M6\xcd\xa1\x827o\xfd\x96\xba"
|
|
b"Z#\x8d\xae\x01\xc9\xf2\xb6\xde\x89{8&eQ\x1e8\x03\x01#?\xb66\\"
|
|
b"\xad.\xe9\xfa!\x95 c{\xcaz\xe0*\tP\r\x91\x9a)B\xb5\xadN\xf4$\x83"
|
|
b"\t\xb5u\xab\x19\x99"
|
|
)
|
|
|
|
with pytest.raises(ValueError):
|
|
key.decrypt(
|
|
ciphertext,
|
|
padding.OAEP(
|
|
algorithm=hashes.SHA1(),
|
|
mgf=padding.MGF1(hashes.SHA1()),
|
|
label=None,
|
|
),
|
|
)
|
|
|
|
def test_unsupported_oaep_mgf(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
|
|
private_key.decrypt(
|
|
b"0" * 64,
|
|
padding.OAEP(
|
|
mgf=DummyMGF(), algorithm=hashes.SHA1(), label=None
|
|
),
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSAEncryption(object):
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message="Does not support OAEP.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
("key_data", "pad"),
|
|
itertools.product(
|
|
(
|
|
RSA_KEY_1024,
|
|
RSA_KEY_1025,
|
|
RSA_KEY_1026,
|
|
RSA_KEY_1027,
|
|
RSA_KEY_1028,
|
|
RSA_KEY_1029,
|
|
RSA_KEY_1030,
|
|
RSA_KEY_1031,
|
|
RSA_KEY_1536,
|
|
RSA_KEY_2048,
|
|
),
|
|
[
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
)
|
|
],
|
|
),
|
|
)
|
|
def test_rsa_encrypt_oaep(self, key_data, pad, backend):
|
|
private_key = key_data.private_key(backend)
|
|
pt = b"encrypt me!"
|
|
public_key = private_key.public_key()
|
|
ct = public_key.encrypt(pt, pad)
|
|
assert ct != pt
|
|
assert len(ct) == (public_key.key_size + 7) // 8
|
|
recovered_pt = private_key.decrypt(ct, pad)
|
|
assert recovered_pt == pt
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA256()),
|
|
algorithm=hashes.SHA512(),
|
|
label=None,
|
|
)
|
|
),
|
|
skip_message=(
|
|
"Does not support OAEP using SHA256 MGF1 and SHA512 hash."
|
|
),
|
|
)
|
|
@pytest.mark.parametrize(
|
|
("mgf1hash", "oaephash"),
|
|
itertools.product(
|
|
[
|
|
hashes.SHA1(),
|
|
hashes.SHA224(),
|
|
hashes.SHA256(),
|
|
hashes.SHA384(),
|
|
hashes.SHA512(),
|
|
],
|
|
[
|
|
hashes.SHA1(),
|
|
hashes.SHA224(),
|
|
hashes.SHA256(),
|
|
hashes.SHA384(),
|
|
hashes.SHA512(),
|
|
],
|
|
),
|
|
)
|
|
def test_rsa_encrypt_oaep_sha2(self, mgf1hash, oaephash, backend):
|
|
pad = padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=mgf1hash),
|
|
algorithm=oaephash,
|
|
label=None,
|
|
)
|
|
private_key = RSA_KEY_2048.private_key(backend)
|
|
pt = b"encrypt me using sha2 hashes!"
|
|
public_key = private_key.public_key()
|
|
ct = public_key.encrypt(pt, pad)
|
|
assert ct != pt
|
|
assert len(ct) == (public_key.key_size + 7) // 8
|
|
recovered_pt = private_key.decrypt(ct, pad)
|
|
assert recovered_pt == pt
|
|
|
|
@pytest.mark.supported(
|
|
only_if=lambda backend: backend.rsa_padding_supported(
|
|
padding.PKCS1v15()
|
|
),
|
|
skip_message="Does not support PKCS1v1.5.",
|
|
)
|
|
@pytest.mark.parametrize(
|
|
("key_data", "pad"),
|
|
itertools.product(
|
|
(
|
|
RSA_KEY_1024,
|
|
RSA_KEY_1025,
|
|
RSA_KEY_1026,
|
|
RSA_KEY_1027,
|
|
RSA_KEY_1028,
|
|
RSA_KEY_1029,
|
|
RSA_KEY_1030,
|
|
RSA_KEY_1031,
|
|
RSA_KEY_1536,
|
|
RSA_KEY_2048,
|
|
),
|
|
[padding.PKCS1v15()],
|
|
),
|
|
)
|
|
def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend):
|
|
private_key = key_data.private_key(backend)
|
|
pt = b"encrypt me!"
|
|
public_key = private_key.public_key()
|
|
ct = public_key.encrypt(pt, pad)
|
|
assert ct != pt
|
|
assert len(ct) == (public_key.key_size + 7) // 8
|
|
recovered_pt = private_key.decrypt(ct, pad)
|
|
assert recovered_pt == pt
|
|
|
|
@pytest.mark.parametrize(
|
|
("key_data", "pad"),
|
|
itertools.product(
|
|
(
|
|
RSA_KEY_1024,
|
|
RSA_KEY_1025,
|
|
RSA_KEY_1026,
|
|
RSA_KEY_1027,
|
|
RSA_KEY_1028,
|
|
RSA_KEY_1029,
|
|
RSA_KEY_1030,
|
|
RSA_KEY_1031,
|
|
RSA_KEY_1536,
|
|
RSA_KEY_2048,
|
|
),
|
|
(
|
|
padding.OAEP(
|
|
mgf=padding.MGF1(algorithm=hashes.SHA1()),
|
|
algorithm=hashes.SHA1(),
|
|
label=None,
|
|
),
|
|
padding.PKCS1v15(),
|
|
),
|
|
),
|
|
)
|
|
def test_rsa_encrypt_key_too_small(self, key_data, pad, backend):
|
|
private_key = key_data.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
# Slightly smaller than the key size but not enough for padding.
|
|
with pytest.raises(ValueError):
|
|
public_key.encrypt(b"\x00" * (private_key.key_size // 8 - 1), pad)
|
|
|
|
# Larger than the key size.
|
|
with pytest.raises(ValueError):
|
|
public_key.encrypt(b"\x00" * (private_key.key_size // 8 + 5), pad)
|
|
|
|
def test_unsupported_padding(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
|
|
public_key.encrypt(b"somedata", DummyAsymmetricPadding())
|
|
with pytest.raises(TypeError):
|
|
public_key.encrypt(b"somedata", padding=object())
|
|
|
|
def test_unsupported_oaep_mgf(self, backend):
|
|
private_key = RSA_KEY_512.private_key(backend)
|
|
public_key = private_key.public_key()
|
|
|
|
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
|
|
public_key.encrypt(
|
|
b"ciphertext",
|
|
padding.OAEP(
|
|
mgf=DummyMGF(), algorithm=hashes.SHA1(), label=None
|
|
),
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
class TestRSANumbers(object):
|
|
def test_rsa_public_numbers(self):
|
|
public_numbers = rsa.RSAPublicNumbers(e=1, n=15)
|
|
assert public_numbers.e == 1
|
|
assert public_numbers.n == 15
|
|
|
|
def test_rsa_private_numbers(self):
|
|
public_numbers = rsa.RSAPublicNumbers(e=1, n=15)
|
|
private_numbers = rsa.RSAPrivateNumbers(
|
|
p=3,
|
|
q=5,
|
|
d=1,
|
|
dmp1=1,
|
|
dmq1=1,
|
|
iqmp=2,
|
|
public_numbers=public_numbers,
|
|
)
|
|
|
|
assert private_numbers.p == 3
|
|
assert private_numbers.q == 5
|
|
assert private_numbers.d == 1
|
|
assert private_numbers.dmp1 == 1
|
|
assert private_numbers.dmq1 == 1
|
|
assert private_numbers.iqmp == 2
|
|
assert private_numbers.public_numbers == public_numbers
|
|
|
|
def test_rsa_private_numbers_create_key(self, backend):
|
|
private_key = RSA_KEY_1024.private_key(backend)
|
|
assert private_key
|
|
|
|
def test_rsa_public_numbers_create_key(self, backend):
|
|
public_key = RSA_KEY_1024.public_numbers.public_key(backend)
|
|
assert public_key
|
|
|
|
public_key = rsa.RSAPublicNumbers(n=10, e=3).public_key(backend)
|
|
assert public_key
|
|
|
|
def test_public_numbers_invalid_types(self):
|
|
with pytest.raises(TypeError):
|
|
rsa.RSAPublicNumbers(e=None, n=15)
|
|
|
|
with pytest.raises(TypeError):
|
|
rsa.RSAPublicNumbers(e=1, n=None)
|
|
|
|
@pytest.mark.parametrize(
|
|
("p", "q", "d", "dmp1", "dmq1", "iqmp", "public_numbers"),
|
|
[
|
|
(None, 5, 1, 1, 1, 2, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, None, 1, 1, 1, 2, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, 5, None, 1, 1, 2, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, 5, 1, None, 1, 2, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, 5, 1, 1, None, 2, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, 5, 1, 1, 1, None, rsa.RSAPublicNumbers(e=1, n=15)),
|
|
(3, 5, 1, 1, 1, 2, None),
|
|
],
|
|
)
|
|
def test_private_numbers_invalid_types(
|
|
self, p, q, d, dmp1, dmq1, iqmp, public_numbers
|
|
):
|
|
with pytest.raises(TypeError):
|
|
rsa.RSAPrivateNumbers(
|
|
p=p,
|
|
q=q,
|
|
d=d,
|
|
dmp1=dmp1,
|
|
dmq1=dmq1,
|
|
iqmp=iqmp,
|
|
public_numbers=public_numbers,
|
|
)
|
|
|
|
@pytest.mark.parametrize(
|
|
("e", "n"),
|
|
[
|
|
(7, 2), # modulus < 3
|
|
(1, 15), # public_exponent < 3
|
|
(17, 15), # public_exponent > modulus
|
|
(14, 15), # public_exponent not odd
|
|
],
|
|
)
|
|
def test_invalid_public_numbers_argument_values(self, e, n, backend):
|
|
# Start with public_exponent=7, modulus=15. Then change one value at a
|
|
# time to test the bounds.
|
|
|
|
with pytest.raises(ValueError):
|
|
rsa.RSAPublicNumbers(e=e, n=n).public_key(backend)
|
|
|
|
@pytest.mark.parametrize(
|
|
("p", "q", "d", "dmp1", "dmq1", "iqmp", "e", "n"),
|
|
[
|
|
(3, 11, 3, 1, 3, 2, 7, 2), # modulus < 3
|
|
(3, 11, 3, 1, 3, 2, 7, 35), # modulus != p * q
|
|
(37, 11, 3, 1, 3, 2, 7, 33), # p > modulus
|
|
(3, 37, 3, 1, 3, 2, 7, 33), # q > modulus
|
|
(3, 11, 3, 35, 3, 2, 7, 33), # dmp1 > modulus
|
|
(3, 11, 3, 1, 35, 2, 7, 33), # dmq1 > modulus
|
|
(3, 11, 3, 1, 3, 35, 7, 33), # iqmp > modulus
|
|
(3, 11, 37, 1, 3, 2, 7, 33), # d > modulus
|
|
(3, 11, 3, 1, 3, 2, 1, 33), # public_exponent < 3
|
|
(3, 11, 3, 1, 3, 35, 65537, 33), # public_exponent > modulus
|
|
(3, 11, 3, 1, 3, 2, 6, 33), # public_exponent is not odd
|
|
(3, 11, 3, 2, 3, 2, 7, 33), # dmp1 is not odd
|
|
(3, 11, 3, 1, 4, 2, 7, 33), # dmq1 is not odd
|
|
],
|
|
)
|
|
def test_invalid_private_numbers_argument_values(
|
|
self, p, q, d, dmp1, dmq1, iqmp, e, n, backend
|
|
):
|
|
# Start with p=3, q=11, private_exponent=3, public_exponent=7,
|
|
# modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at
|
|
# a time to test the bounds.
|
|
|
|
with pytest.raises(ValueError):
|
|
rsa.RSAPrivateNumbers(
|
|
p=p,
|
|
q=q,
|
|
d=d,
|
|
dmp1=dmp1,
|
|
dmq1=dmq1,
|
|
iqmp=iqmp,
|
|
public_numbers=rsa.RSAPublicNumbers(e=e, n=n),
|
|
).private_key(backend)
|
|
|
|
def test_public_number_repr(self):
|
|
num = RSAPublicNumbers(1, 1)
|
|
assert repr(num) == "<RSAPublicNumbers(e=1, n=1)>"
|
|
|
|
|
|
class TestRSANumbersEquality(object):
|
|
def test_public_numbers_eq(self):
|
|
num = RSAPublicNumbers(1, 2)
|
|
num2 = RSAPublicNumbers(1, 2)
|
|
assert num == num2
|
|
|
|
def test_public_numbers_ne(self):
|
|
num = RSAPublicNumbers(1, 2)
|
|
assert num != RSAPublicNumbers(2, 2)
|
|
assert num != RSAPublicNumbers(1, 3)
|
|
assert num != object()
|
|
|
|
def test_private_numbers_eq(self):
|
|
pub = RSAPublicNumbers(1, 2)
|
|
num = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, pub)
|
|
pub2 = RSAPublicNumbers(1, 2)
|
|
num2 = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, pub2)
|
|
assert num == num2
|
|
|
|
def test_private_numbers_ne(self):
|
|
pub = RSAPublicNumbers(1, 2)
|
|
num = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, pub)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 3, 4, 5, 7, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 3, 4, 4, 6, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 3, 5, 5, 6, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 4, 4, 5, 6, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 3, 3, 4, 5, 6, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
2, 2, 3, 4, 5, 6, RSAPublicNumbers(1, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 3, 4, 5, 6, RSAPublicNumbers(2, 2)
|
|
)
|
|
assert num != RSAPrivateNumbers(
|
|
1, 2, 3, 4, 5, 6, RSAPublicNumbers(1, 3)
|
|
)
|
|
assert num != object()
|
|
|
|
def test_public_numbers_hash(self):
|
|
pub1 = RSAPublicNumbers(3, 17)
|
|
pub2 = RSAPublicNumbers(3, 17)
|
|
pub3 = RSAPublicNumbers(7, 21)
|
|
|
|
assert hash(pub1) == hash(pub2)
|
|
assert hash(pub1) != hash(pub3)
|
|
|
|
def test_private_numbers_hash(self):
|
|
priv1 = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, RSAPublicNumbers(1, 2))
|
|
priv2 = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, RSAPublicNumbers(1, 2))
|
|
priv3 = RSAPrivateNumbers(1, 2, 3, 4, 5, 6, RSAPublicNumbers(1, 3))
|
|
|
|
assert hash(priv1) == hash(priv2)
|
|
assert hash(priv1) != hash(priv3)
|
|
|
|
|
|
class TestRSAPrimeFactorRecovery(object):
|
|
@pytest.mark.parametrize(
|
|
"vector",
|
|
_flatten_pkcs1_examples(
|
|
load_vectors_from_file(
|
|
os.path.join("asymmetric", "RSA", "pkcs1v15crypt-vectors.txt"),
|
|
load_pkcs1_vectors,
|
|
)
|
|
),
|
|
)
|
|
def test_recover_prime_factors(self, vector):
|
|
private, public, example = vector
|
|
p, q = rsa.rsa_recover_prime_factors(
|
|
private["modulus"],
|
|
private["public_exponent"],
|
|
private["private_exponent"],
|
|
)
|
|
# Unfortunately there is no convention on which prime should be p
|
|
# and which one q. The function we use always makes p > q, but the
|
|
# NIST vectors are not so consistent. Accordingly, we verify we've
|
|
# recovered the proper (p, q) by sorting them and asserting on that.
|
|
assert sorted([p, q]) == sorted([private["p"], private["q"]])
|
|
assert p > q
|
|
|
|
def test_invalid_recover_prime_factors(self):
|
|
with pytest.raises(ValueError):
|
|
rsa.rsa_recover_prime_factors(34, 3, 7)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
@pytest.mark.requires_backend_interface(interface=PEMSerializationBackend)
|
|
class TestRSAPrivateKeySerialization(object):
|
|
@pytest.mark.parametrize(
|
|
("fmt", "password"),
|
|
itertools.product(
|
|
[
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
serialization.PrivateFormat.PKCS8,
|
|
],
|
|
[
|
|
b"s",
|
|
b"longerpassword",
|
|
b"!*$&(@#$*&($T@%_somesymbols",
|
|
b"\x01" * 1000,
|
|
],
|
|
),
|
|
)
|
|
def test_private_bytes_encrypted_pem(self, backend, fmt, password):
|
|
skip_fips_traditional_openssl(backend, fmt)
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
serialized = key.private_bytes(
|
|
serialization.Encoding.PEM,
|
|
fmt,
|
|
serialization.BestAvailableEncryption(password),
|
|
)
|
|
loaded_key = serialization.load_pem_private_key(
|
|
serialized, password, backend
|
|
)
|
|
loaded_priv_num = loaded_key.private_numbers()
|
|
priv_num = key.private_numbers()
|
|
assert loaded_priv_num == priv_num
|
|
|
|
@pytest.mark.parametrize(
|
|
("encoding", "fmt"),
|
|
[
|
|
(serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8),
|
|
(serialization.Encoding.DER, serialization.PrivateFormat.Raw),
|
|
(serialization.Encoding.Raw, serialization.PrivateFormat.Raw),
|
|
(serialization.Encoding.X962, serialization.PrivateFormat.PKCS8),
|
|
],
|
|
)
|
|
def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
key.private_bytes(encoding, fmt, serialization.NoEncryption())
|
|
|
|
@pytest.mark.parametrize(
|
|
("fmt", "password"),
|
|
[
|
|
[serialization.PrivateFormat.PKCS8, b"s"],
|
|
[serialization.PrivateFormat.PKCS8, b"longerpassword"],
|
|
[serialization.PrivateFormat.PKCS8, b"!*$&(@#$*&($T@%_somesymbol"],
|
|
[serialization.PrivateFormat.PKCS8, b"\x01" * 1000],
|
|
],
|
|
)
|
|
def test_private_bytes_encrypted_der(self, backend, fmt, password):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
serialized = key.private_bytes(
|
|
serialization.Encoding.DER,
|
|
fmt,
|
|
serialization.BestAvailableEncryption(password),
|
|
)
|
|
loaded_key = serialization.load_der_private_key(
|
|
serialized, password, backend
|
|
)
|
|
loaded_priv_num = loaded_key.private_numbers()
|
|
priv_num = key.private_numbers()
|
|
assert loaded_priv_num == priv_num
|
|
|
|
@pytest.mark.parametrize(
|
|
("encoding", "fmt", "loader_func"),
|
|
[
|
|
[
|
|
serialization.Encoding.PEM,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
serialization.load_pem_private_key,
|
|
],
|
|
[
|
|
serialization.Encoding.DER,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
serialization.load_der_private_key,
|
|
],
|
|
[
|
|
serialization.Encoding.PEM,
|
|
serialization.PrivateFormat.PKCS8,
|
|
serialization.load_pem_private_key,
|
|
],
|
|
[
|
|
serialization.Encoding.DER,
|
|
serialization.PrivateFormat.PKCS8,
|
|
serialization.load_der_private_key,
|
|
],
|
|
],
|
|
)
|
|
def test_private_bytes_unencrypted(
|
|
self, backend, encoding, fmt, loader_func
|
|
):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
serialized = key.private_bytes(
|
|
encoding, fmt, serialization.NoEncryption()
|
|
)
|
|
loaded_key = loader_func(serialized, None, backend)
|
|
loaded_priv_num = loaded_key.private_numbers()
|
|
priv_num = key.private_numbers()
|
|
assert loaded_priv_num == priv_num
|
|
|
|
@pytest.mark.skip_fips(
|
|
reason="Traditional OpenSSL key format is not supported in FIPS mode."
|
|
)
|
|
@pytest.mark.parametrize(
|
|
("key_path", "encoding", "loader_func"),
|
|
[
|
|
[
|
|
os.path.join(
|
|
"asymmetric",
|
|
"Traditional_OpenSSL_Serialization",
|
|
"testrsa.pem",
|
|
),
|
|
serialization.Encoding.PEM,
|
|
serialization.load_pem_private_key,
|
|
],
|
|
[
|
|
os.path.join("asymmetric", "DER_Serialization", "testrsa.der"),
|
|
serialization.Encoding.DER,
|
|
serialization.load_der_private_key,
|
|
],
|
|
],
|
|
)
|
|
def test_private_bytes_traditional_openssl_unencrypted(
|
|
self, backend, key_path, encoding, loader_func
|
|
):
|
|
key_bytes = load_vectors_from_file(
|
|
key_path, lambda pemfile: pemfile.read(), mode="rb"
|
|
)
|
|
key = loader_func(key_bytes, None, backend)
|
|
serialized = key.private_bytes(
|
|
encoding,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
serialization.NoEncryption(),
|
|
)
|
|
assert serialized == key_bytes
|
|
|
|
def test_private_bytes_traditional_der_encrypted_invalid(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
key.private_bytes(
|
|
serialization.Encoding.DER,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
serialization.BestAvailableEncryption(b"password"),
|
|
)
|
|
|
|
def test_private_bytes_invalid_encoding(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(TypeError):
|
|
key.private_bytes(
|
|
"notencoding",
|
|
serialization.PrivateFormat.PKCS8,
|
|
serialization.NoEncryption(),
|
|
)
|
|
|
|
def test_private_bytes_invalid_format(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(TypeError):
|
|
key.private_bytes(
|
|
serialization.Encoding.PEM,
|
|
"invalidformat",
|
|
serialization.NoEncryption(),
|
|
)
|
|
|
|
def test_private_bytes_invalid_encryption_algorithm(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(TypeError):
|
|
key.private_bytes(
|
|
serialization.Encoding.PEM,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
"notanencalg",
|
|
)
|
|
|
|
def test_private_bytes_unsupported_encryption_type(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend)
|
|
with pytest.raises(ValueError):
|
|
key.private_bytes(
|
|
serialization.Encoding.PEM,
|
|
serialization.PrivateFormat.TraditionalOpenSSL,
|
|
DummyKeySerializationEncryption(),
|
|
)
|
|
|
|
|
|
@pytest.mark.requires_backend_interface(interface=RSABackend)
|
|
@pytest.mark.requires_backend_interface(interface=PEMSerializationBackend)
|
|
class TestRSAPEMPublicKeySerialization(object):
|
|
@pytest.mark.parametrize(
|
|
("key_path", "loader_func", "encoding", "format"),
|
|
[
|
|
(
|
|
os.path.join("asymmetric", "public", "PKCS1", "rsa.pub.pem"),
|
|
serialization.load_pem_public_key,
|
|
serialization.Encoding.PEM,
|
|
serialization.PublicFormat.PKCS1,
|
|
),
|
|
(
|
|
os.path.join("asymmetric", "public", "PKCS1", "rsa.pub.der"),
|
|
serialization.load_der_public_key,
|
|
serialization.Encoding.DER,
|
|
serialization.PublicFormat.PKCS1,
|
|
),
|
|
(
|
|
os.path.join("asymmetric", "PKCS8", "unenc-rsa-pkcs8.pub.pem"),
|
|
serialization.load_pem_public_key,
|
|
serialization.Encoding.PEM,
|
|
serialization.PublicFormat.SubjectPublicKeyInfo,
|
|
),
|
|
(
|
|
os.path.join(
|
|
"asymmetric",
|
|
"DER_Serialization",
|
|
"unenc-rsa-pkcs8.pub.der",
|
|
),
|
|
serialization.load_der_public_key,
|
|
serialization.Encoding.DER,
|
|
serialization.PublicFormat.SubjectPublicKeyInfo,
|
|
),
|
|
],
|
|
)
|
|
def test_public_bytes_match(
|
|
self, key_path, loader_func, encoding, format, backend
|
|
):
|
|
key_bytes = load_vectors_from_file(
|
|
key_path, lambda pemfile: pemfile.read(), mode="rb"
|
|
)
|
|
key = loader_func(key_bytes, backend)
|
|
serialized = key.public_bytes(encoding, format)
|
|
assert serialized == key_bytes
|
|
|
|
def test_public_bytes_openssh(self, backend):
|
|
key_bytes = load_vectors_from_file(
|
|
os.path.join("asymmetric", "public", "PKCS1", "rsa.pub.pem"),
|
|
lambda pemfile: pemfile.read(),
|
|
mode="rb",
|
|
)
|
|
key = serialization.load_pem_public_key(key_bytes, backend)
|
|
|
|
ssh_bytes = key.public_bytes(
|
|
serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH
|
|
)
|
|
assert ssh_bytes == (
|
|
b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7JHoJfg6yNzLMOWet8Z49a4KD"
|
|
b"0dCspMAYvo2YAMB7/wdEycocujbhJ2n/seONi+5XqTqqFkM5VBl8rmkkFPZk/7x0"
|
|
b"xmdsTPECSWnHK+HhoaNDFPR3j8jQhVo1laxiqcEhAHegi5cwtFosuJAvSKAFKEvy"
|
|
b"D43si00DQnXWrYHAEQ=="
|
|
)
|
|
|
|
with pytest.raises(ValueError):
|
|
key.public_bytes(
|
|
serialization.Encoding.PEM, serialization.PublicFormat.OpenSSH
|
|
)
|
|
with pytest.raises(ValueError):
|
|
key.public_bytes(
|
|
serialization.Encoding.DER, serialization.PublicFormat.OpenSSH
|
|
)
|
|
with pytest.raises(ValueError):
|
|
key.public_bytes(
|
|
serialization.Encoding.OpenSSH,
|
|
serialization.PublicFormat.PKCS1,
|
|
)
|
|
with pytest.raises(ValueError):
|
|
key.public_bytes(
|
|
serialization.Encoding.OpenSSH,
|
|
serialization.PublicFormat.SubjectPublicKeyInfo,
|
|
)
|
|
|
|
def test_public_bytes_invalid_encoding(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend).public_key()
|
|
with pytest.raises(TypeError):
|
|
key.public_bytes("notencoding", serialization.PublicFormat.PKCS1)
|
|
|
|
def test_public_bytes_invalid_format(self, backend):
|
|
key = RSA_KEY_2048.private_key(backend).public_key()
|
|
with pytest.raises(TypeError):
|
|
key.public_bytes(serialization.Encoding.PEM, "invalidformat")
|
|
|
|
@pytest.mark.parametrize(
|
|
("encoding", "fmt"),
|
|
[
|
|
(
|
|
serialization.Encoding.Raw,
|
|
serialization.PublicFormat.SubjectPublicKeyInfo,
|
|
),
|
|
(serialization.Encoding.Raw, serialization.PublicFormat.PKCS1),
|
|
]
|
|
+ list(
|
|
itertools.product(
|
|
[
|
|
serialization.Encoding.Raw,
|
|
serialization.Encoding.X962,
|
|
serialization.Encoding.PEM,
|
|
serialization.Encoding.DER,
|
|
],
|
|
[
|
|
serialization.PublicFormat.Raw,
|
|
serialization.PublicFormat.UncompressedPoint,
|
|
serialization.PublicFormat.CompressedPoint,
|
|
],
|
|
)
|
|
),
|
|
)
|
|
def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
|
|
key = RSA_KEY_2048.private_key(backend).public_key()
|
|
with pytest.raises(ValueError):
|
|
key.public_bytes(encoding, fmt)
|