Merge branch 'master' into rsa-pss-signing

* master: add mgf1_hash_supported unsupported hash check more concise way of generating tests switch to a lambda rename some things add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSS revert one import order change a few small fixes Add ASN1_TIME_free import order fixes for future automated checking Conflicts: tests/hazmat/primitives/test_rsa.py tests/hazmat/primitives/utils.py
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-03-20 18:43:04 -0400
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-03-20 18:43:04 -0400
commit: cdd0d2f045816f007a44d56691a023dd25bcb47a (patch)
tree: a81524d68aa5af550a69772e94c22977d2811d29 /tests/hazmat/primitives/test_rsa.py
parent: 798c03456d6f1fa8f27433a7e3928d583e1e120f (diff)
parent: 23c641dad201446a019d4a5f1181908744fd347a (diff)
download: cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.gz
cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.bz2
cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.zip
1 files changed, 136 insertions, 50 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 34f49f94..957e70a3 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -26,11 +26,11 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, UnsupportedInterface
 )
 from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
 
-from .utils import generate_rsa_pss_test, rsa_pss_signing_test
+from .utils import generate_rsa_verification_test, rsa_pss_signing_test
 from ...utils import (
-    load_pkcs1_vectors, load_vectors_from_file, load_rsa_nist_vectors
+    load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
 )
 
 
@@ -934,89 +934,175 @@ class TestRSAVerification(object):
             verifier.verify()
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
-    skip_message="Does not support SHA1 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA1(object):
-    test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test(
+class TestRSAPSSMGF1Verification(object):
+    test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA1()
-    )
-
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
-    skip_message="Does not support SHA224 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA224(object):
-    test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA224()
-    )
-
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
-    skip_message="Does not support SHA256 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA256(object):
-    test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA256()
-    )
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
+    test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384 with MGF1."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigGenPSS_186-2.rsp",
+            "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
-    skip_message="Does not support SHA384 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA384(object):
-    test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA384()
-    )
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
-    skip_message="Does not support SHA512 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA512(object):
-    test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test(
+class TestRSAPKCS1Verification(object):
+    test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
-            "SigGenPSS_186-2.rsp",
-            "SigGenPSS_186-3.rsp",
+            "SigVer15_186-3.rsp",
         ],
-        hashes.SHA512()
-    )
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
 
 
 class TestMGF1(object):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-03-20 18:43:04 -0400
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-03-20 18:43:04 -0400
commit	cdd0d2f045816f007a44d56691a023dd25bcb47a (patch)
tree	a81524d68aa5af550a69772e94c22977d2811d29 /tests/hazmat/primitives/test_rsa.py
parent	798c03456d6f1fa8f27433a7e3928d583e1e120f (diff)
parent	23c641dad201446a019d4a5f1181908744fd347a (diff)
download	cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.gz cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.bz2 cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.zip