diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-16 11:18:33 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-16 20:48:33 +0530 |
| commit | 2e85a925b49e566776585f35a7c0653510d84262 (patch) | |
| tree | e6c6242efcab8249cbc56e6db8735e3566b0b96a /tests/wycheproof/test_rsa.py | |
| parent | b09b9ecd695187f323c509aecdf517cadcf728d1 (diff) | |
| download | cryptography-2e85a925b49e566776585f35a7c0653510d84262.tar.gz cryptography-2e85a925b49e566776585f35a7c0653510d84262.tar.bz2 cryptography-2e85a925b49e566776585f35a7c0653510d84262.zip | |
Refs #3331 -- added initial wycheproof integration, starting with x25519, rsa, and keywrap (#4310)
* Refs #3331 -- added initial wycheproof integration, starting with x25519 tests
Diffstat (limited to 'tests/wycheproof/test_rsa.py')
| -rw-r--r-- | tests/wycheproof/test_rsa.py | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py new file mode 100644 index 00000000..b8f2e19d --- /dev/null +++ b/tests/wycheproof/test_rsa.py @@ -0,0 +1,85 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends.interfaces import RSABackend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import padding + + +_DIGESTS = { + "SHA-1": hashes.SHA1(), + "SHA-224": hashes.SHA224(), + "SHA-256": hashes.SHA256(), + "SHA-384": hashes.SHA384(), + "SHA-512": hashes.SHA512(), +} + + +def should_verify(backend, wycheproof): + if wycheproof.valid: + return True + + if wycheproof.acceptable: + if ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and + wycheproof.has_flag("MissingNull") + ): + return False + return True + + return False + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.supported( + only_if=lambda backend: ( + # TODO: this also skips on LibreSSL, which is ok for now, since these + # don't pass on Libre, but we'll need to fix this after they resolve + # it. + not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 + ), + skip_message=( + "Many of these tests fail on OpenSSL < 1.0.2 and since upstream isn't" + " maintaining it, they'll never be fixed." + ), +) +@pytest.mark.wycheproof_tests( + "rsa_signature_test.json", + "rsa_signature_2048_sha224_test.json", + "rsa_signature_2048_sha256_test.json", + "rsa_signature_2048_sha512_test.json", + "rsa_signature_3072_sha256_test.json", + "rsa_signature_3072_sha384_test.json", + "rsa_signature_3072_sha512_test.json", + "rsa_signature_4096_sha384_test.json", + "rsa_signature_4096_sha512_test.json", +) +def test_rsa_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + if should_verify(backend, wycheproof): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) |