RSA OAEP SHA2 Support (#2956)

* some rsa oaep sha2 support * various improvements * fix a thing * simplify * update the test * styyyyyle * more styyyyle * fix libre, remove a skip that should never be hit * OAEP version check fixes
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-06-04 07:39:58 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-06-04 07:39:58 -0700
commit: 4f125c122499e21050e46f20a18bbc4848b0f43b (patch)
tree: 78be36920851068fa32c1421a95ca3622c9b8a7e /tests/hazmat/backends
parent: 815a24bf3415e18e467e6740c35ade0220002240 (diff)
download: cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.tar.gz
cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.tar.bz2
cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.zip
1 files changed, 74 insertions, 2 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 2d09787b..2a49dcbb 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 import datetime
+import itertools
 import os
 import subprocess
 import sys
@@ -393,6 +394,45 @@ class TestOpenSSLRSA(object):
             ),
         ) is True
 
+    @pytest.mark.skipif(
+        backend._lib.Cryptography_HAS_RSA_OAEP_MD == 0,
+        reason="Requires OpenSSL with rsa_oaep_md (1.0.2+)"
+    )
+    def test_rsa_padding_supported_oaep_sha2_combinations(self):
+        hashalgs = [
+            hashes.SHA1(),
+            hashes.SHA224(),
+            hashes.SHA256(),
+            hashes.SHA384(),
+            hashes.SHA512(),
+        ]
+        for mgf1alg, oaepalg in itertools.product(hashalgs, hashalgs):
+            assert backend.rsa_padding_supported(
+                padding.OAEP(
+                    mgf=padding.MGF1(algorithm=mgf1alg),
+                    algorithm=oaepalg,
+                    label=None
+                ),
+            ) is True
+
+    def test_rsa_padding_unsupported_oaep_ripemd160_sha1(self):
+        assert backend.rsa_padding_supported(
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.RIPEMD160()),
+                algorithm=hashes.SHA1(),
+                label=None
+            ),
+        ) is False
+
+    def test_rsa_padding_unsupported_oaep_sha1_ripemd160(self):
+        assert backend.rsa_padding_supported(
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.RIPEMD160(),
+                label=None
+            ),
+        ) is False
+
     def test_rsa_padding_unsupported_mgf(self):
         assert backend.rsa_padding_supported(
             padding.OAEP(
@@ -406,9 +446,13 @@ class TestOpenSSLRSA(object):
             padding.PSS(mgf=DummyMGF(), salt_length=0)
         ) is False
 
+    @pytest.mark.skipif(
+        backend._lib.Cryptography_HAS_RSA_OAEP_MD == 1,
+        reason="Requires OpenSSL without rsa_oaep_md (< 1.0.2)"
+    )
     def test_unsupported_mgf1_hash_algorithm_decrypt(self):
         private_key = RSA_KEY_512.private_key(backend)
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
             private_key.decrypt(
                 b"0" * 64,
                 padding.OAEP(
@@ -418,9 +462,13 @@ class TestOpenSSLRSA(object):
                 )
             )
 
+    @pytest.mark.skipif(
+        backend._lib.Cryptography_HAS_RSA_OAEP_MD == 1,
+        reason="Requires OpenSSL without rsa_oaep_md (< 1.0.2)"
+    )
     def test_unsupported_oaep_hash_algorithm_decrypt(self):
         private_key = RSA_KEY_512.private_key(backend)
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
             private_key.decrypt(
                 b"0" * 64,
                 padding.OAEP(
@@ -430,6 +478,30 @@ class TestOpenSSLRSA(object):
                 )
             )
 
+    def test_unsupported_mgf1_hash_algorithm_ripemd160_decrypt(self):
+        private_key = RSA_KEY_512.private_key(backend)
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
+            private_key.decrypt(
+                b"0" * 64,
+                padding.OAEP(
+                    mgf=padding.MGF1(algorithm=hashes.RIPEMD160()),
+                    algorithm=hashes.RIPEMD160(),
+                    label=None
+                )
+            )
+
+    def test_unsupported_mgf1_hash_algorithm_whirlpool_decrypt(self):
+        private_key = RSA_KEY_512.private_key(backend)
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
+            private_key.decrypt(
+                b"0" * 64,
+                padding.OAEP(
+                    mgf=padding.MGF1(algorithm=hashes.Whirlpool()),
+                    algorithm=hashes.Whirlpool(),
+                    label=None
+                )
+            )
+
     def test_unsupported_oaep_label_decrypt(self):
         private_key = RSA_KEY_512.private_key(backend)
         with pytest.raises(ValueError):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-06-04 07:39:58 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-06-04 07:39:58 -0700
commit	4f125c122499e21050e46f20a18bbc4848b0f43b (patch)
tree	78be36920851068fa32c1421a95ca3622c9b8a7e /tests/hazmat/backends
parent	815a24bf3415e18e467e6740c35ade0220002240 (diff)
download	cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.tar.gz cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.tar.bz2 cryptography-4f125c122499e21050e46f20a18bbc4848b0f43b.zip