diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-20 18:43:04 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-20 18:43:04 -0400 |
commit | cdd0d2f045816f007a44d56691a023dd25bcb47a (patch) | |
tree | a81524d68aa5af550a69772e94c22977d2811d29 /tests/hazmat/primitives/test_rsa.py | |
parent | 798c03456d6f1fa8f27433a7e3928d583e1e120f (diff) | |
parent | 23c641dad201446a019d4a5f1181908744fd347a (diff) | |
download | cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.gz cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.tar.bz2 cryptography-cdd0d2f045816f007a44d56691a023dd25bcb47a.zip |
Merge branch 'master' into rsa-pss-signing
* master:
add mgf1_hash_supported unsupported hash check
more concise way of generating tests
switch to a lambda
rename some things
add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSS
revert one import order change
a few small fixes
Add ASN1_TIME_free
import order fixes for future automated checking
Conflicts:
tests/hazmat/primitives/test_rsa.py
tests/hazmat/primitives/utils.py
Diffstat (limited to 'tests/hazmat/primitives/test_rsa.py')
-rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 186 |
1 files changed, 136 insertions, 50 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 34f49f94..957e70a3 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -26,11 +26,11 @@ from cryptography.exceptions import ( UnsupportedAlgorithm, UnsupportedInterface ) from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import rsa, padding +from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_pss_test, rsa_pss_signing_test +from .utils import generate_rsa_verification_test, rsa_pss_signing_test from ...utils import ( - load_pkcs1_vectors, load_vectors_from_file, load_rsa_nist_vectors + load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -934,89 +934,175 @@ class TestRSAVerification(object): verifier.verify() -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1 with MGF1." -) @pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test( +class TestRSAPSSMGF1Verification(object): + test_rsa_pss_mgf1_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA1() - ) - + hashes.SHA1(), + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), - skip_message="Does not support SHA224 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA224() - ) - + hashes.SHA224(), + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), - skip_message="Does not support SHA256 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA256() - ) + hashes.SHA256(), + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) + )) + test_rsa_pss_mgf1_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384 with MGF1." + )(generate_rsa_verification_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigGenPSS_186-2.rsp", + "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", + ], + hashes.SHA384(), + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), - skip_message="Does not support SHA384 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA384() - ) + hashes.SHA512(), + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), - skip_message="Does not support SHA512 with MGF1." -) @pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test( +class TestRSAPKCS1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ - "SigGenPSS_186-2.rsp", - "SigGenPSS_186-3.rsp", + "SigVer15_186-3.rsp", ], - hashes.SHA512() - ) + hashes.SHA1(), + lambda params, hash_alg: padding.PKCS1v15() + )) + + test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224." + )(generate_rsa_verification_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA224(), + lambda params, hash_alg: padding.PKCS1v15() + )) + + test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256." + )(generate_rsa_verification_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA256(), + lambda params, hash_alg: padding.PKCS1v15() + )) + + test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384." + )(generate_rsa_verification_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA384(), + lambda params, hash_alg: padding.PKCS1v15() + )) + + test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512." + )(generate_rsa_verification_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA512(), + lambda params, hash_alg: padding.PKCS1v15() + )) class TestMGF1(object): |