Merge branch 'master' into idea-bespoke-vectors

* master: (246 commits)
  Fixed python3 incompatibility
  Removed dependency on setuptools for version check
  don't need to move these definitions
  conditional NIDs for 0.9.8e
  x509 changes for 0.9.8e support
  more changes for 0.9.8e support, this time in the ssl.h headers
  macro switches in evp for 0.9.8e
  bind some error constants conditionally for 0.9.8e support
  BIO macro switch for 0.9.8e support
  move some nids
  conditionally bind AES_wrap/unwrap for 0.9.8e support
  Add GPG key fingerprint for lvh
  change comparison to be easier to read
  ridiculous workaround time
  whoops
  Missing imports
  Convert stuff
  Add binding for DSA_new
  Fix drop in coverage levels by removing branches
  Added check to turn of CC backend for OS X version < 10.8
  ...

Conflicts:
	docs/development/test-vectors.rst

1 files changed, 209 insertions, 2 deletions

diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index a413f10b..79323265 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -14,16 +14,25 @@
 
 from __future__ import absolute_import, division, print_function
 
+import binascii
 import itertools
 import os
 
 import pytest
 
+from cryptography import exceptions, utils
+from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric import padding
 
 from ...utils import load_pkcs1_vectors, load_vectors_from_file
 
 
+@utils.register_interface(interfaces.AsymmetricPadding)
+class DummyPadding(object):
+    name = "UNSUPPORTED-PADDING"
+
+
 def _modinv(e, m):
     """
     Modular Multiplicative Inverse.  Returns x such that: (x*e) mod m == 1
@@ -55,6 +64,17 @@ def _check_rsa_private_key(skey):
     assert skey.key_size == pkey.key_size
 
 
+def _flatten_pkcs1_examples(vectors):
+    flattened_vectors = []
+    for vector in vectors:
+        examples = vector[0].pop("examples")
+        for example in examples:
+            merged_vector = (vector[0], vector[1], example)
+            flattened_vectors.append(merged_vector)
+
+    return flattened_vectors
+
+
 def test_modular_inverse():
     p = int(
         "d1f9f6c09fd3d38987f7970247b85a6da84907753d42ec52bc23b745093f4fff5cff3"
@@ -124,11 +144,23 @@ class TestRSA(object):
     def test_load_pss_vect_example_keys(self, pkcs1_example):
         secret, public = pkcs1_example
 
-        skey = rsa.RSAPrivateKey(**secret)
+        skey = rsa.RSAPrivateKey(
+            p=secret["p"],
+            q=secret["q"],
+            private_exponent=secret["private_exponent"],
+            dmp1=secret["dmp1"],
+            dmq1=secret["dmq1"],
+            iqmp=secret["iqmp"],
+            public_exponent=secret["public_exponent"],
+            modulus=secret["modulus"]
+        )
         assert skey
         _check_rsa_private_key(skey)
 
-        pkey = rsa.RSAPublicKey(**public)
+        pkey = rsa.RSAPublicKey(
+            public_exponent=public["public_exponent"],
+            modulus=public["modulus"]
+        )
         assert pkey
 
         pkey2 = skey.public_key()
@@ -351,3 +383,178 @@ class TestRSA(object):
         # Test a public_exponent that is not odd.
         with pytest.raises(ValueError):
             rsa.RSAPublicKey(public_exponent=6, modulus=15)
+
+
+@pytest.mark.rsa
+class TestRSASignature(object):
+    @pytest.mark.parametrize(
+        "pkcs1_example",
+        _flatten_pkcs1_examples(load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
+            load_pkcs1_vectors
+        ))
+    )
+    def test_pkcs1v15_signing(self, pkcs1_example, backend):
+        private, public, example = pkcs1_example
+        private_key = rsa.RSAPrivateKey(
+            p=private["p"],
+            q=private["q"],
+            private_exponent=private["private_exponent"],
+            dmp1=private["dmp1"],
+            dmq1=private["dmq1"],
+            iqmp=private["iqmp"],
+            public_exponent=private["public_exponent"],
+            modulus=private["modulus"]
+        )
+        signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+        signer.update(binascii.unhexlify(example["message"]))
+        signature = signer.finalize()
+        assert binascii.hexlify(signature) == example["signature"]
+
+    def test_use_after_finalize(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+        signer.update(b"sign me")
+        signer.finalize()
+        with pytest.raises(exceptions.AlreadyFinalized):
+            signer.finalize()
+        with pytest.raises(exceptions.AlreadyFinalized):
+            signer.update(b"more data")
+
+    def test_unsupported_padding(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        with pytest.raises(exceptions.UnsupportedPadding):
+            private_key.signer(DummyPadding(), hashes.SHA1(), backend)
+
+    def test_padding_incorrect_type(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        with pytest.raises(TypeError):
+            private_key.signer("notpadding", hashes.SHA1(), backend)
+
+
+@pytest.mark.rsa
+class TestRSAVerification(object):
+    @pytest.mark.parametrize(
+        "pkcs1_example",
+        _flatten_pkcs1_examples(load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
+            load_pkcs1_vectors
+        ))
+    )
+    def test_pkcs1v15_verification(self, pkcs1_example, backend):
+        private, public, example = pkcs1_example
+        public_key = rsa.RSAPublicKey(
+            public_exponent=public["public_exponent"],
+            modulus=public["modulus"]
+        )
+        verifier = public_key.verifier(
+            binascii.unhexlify(example["signature"]),
+            padding.PKCS1v15(),
+            hashes.SHA1(),
+            backend
+        )
+        verifier.update(binascii.unhexlify(example["message"]))
+        verifier.verify()
+
+    def test_invalid_pkcs1v15_signature_wrong_data(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        public_key = private_key.public_key()
+        signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+        signer.update(b"sign me")
+        signature = signer.finalize()
+        verifier = public_key.verifier(
+            signature,
+            padding.PKCS1v15(),
+            hashes.SHA1(),
+            backend
+        )
+        verifier.update(b"incorrect data")
+        with pytest.raises(exceptions.InvalidSignature):
+            verifier.verify()
+
+    def test_invalid_pkcs1v15_signature_wrong_key(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        private_key2 = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        public_key = private_key2.public_key()
+        signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+        signer.update(b"sign me")
+        signature = signer.finalize()
+        verifier = public_key.verifier(
+            signature,
+            padding.PKCS1v15(),
+            hashes.SHA1(),
+            backend
+        )
+        verifier.update(b"sign me")
+        with pytest.raises(exceptions.InvalidSignature):
+            verifier.verify()
+
+    def test_use_after_finalize(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        public_key = private_key.public_key()
+        signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+        signer.update(b"sign me")
+        signature = signer.finalize()
+
+        verifier = public_key.verifier(
+            signature,
+            padding.PKCS1v15(),
+            hashes.SHA1(),
+            backend
+        )
+        verifier.update(b"sign me")
+        verifier.verify()
+        with pytest.raises(exceptions.AlreadyFinalized):
+            verifier.verify()
+        with pytest.raises(exceptions.AlreadyFinalized):
+            verifier.update(b"more data")
+
+    def test_unsupported_padding(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        public_key = private_key.public_key()
+        with pytest.raises(exceptions.UnsupportedPadding):
+            public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend)
+
+    def test_padding_incorrect_type(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        public_key = private_key.public_key()
+        with pytest.raises(TypeError):
+            public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend)