Merge pull request #826 from reaperhulk/rsa-more-sig-verification

RSA more sig verification

3 files changed, 158 insertions, 62 deletions

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 501ee0f6..5c6efbaf 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -40,6 +40,11 @@ class DummyCipher(object):
     name = "dummy-cipher"
 
 
+@utils.register_interface(interfaces.HashAlgorithm)
+class DummyHash(object):
+    name = "dummy-hash"
+
+
 class TestOpenSSL(object):
     def test_backend_exists(self):
         assert backend
@@ -162,6 +167,9 @@ class TestOpenSSL(object):
                 backend
             )
 
+    def test_unsupported_mgf1_hash_algorithm(self):
+        assert backend.mgf1_hash_supported(DummyHash()) is False
+
     # This test is not in the next class because to check if it's really
     # default we don't want to run the setup_method before it
     def test_osrandom_engine_is_default(self):
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 67b5b2e0..67189c24 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -27,7 +27,7 @@ from cryptography.exceptions import (
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
 
-from .utils import generate_rsa_pss_test
+from .utils import generate_rsa_verification_test
 from ...utils import (
     load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
 )
@@ -748,89 +748,175 @@ class TestRSAVerification(object):
             verifier.verify()
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
-    skip_message="Does not support SHA1 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA1(object):
-    test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test(
+class TestRSAPSSMGF1Verification(object):
+    test_rsa_pss_mgf1_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA1()
-    )
-
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
-    skip_message="Does not support SHA224 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA224(object):
-    test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA224()
-    )
-
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
-    skip_message="Does not support SHA256 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA256(object):
-    test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA256()
-    )
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
+    test_rsa_pss_mgf1_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384 with MGF1."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigGenPSS_186-2.rsp",
+            "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
-    skip_message="Does not support SHA384 with MGF1."
-)
-@pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA384(object):
-    test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test(
+    test_rsa_pss_mgf1_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512 with MGF1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
             "SigGenPSS_186-2.rsp",
             "SigGenPSS_186-3.rsp",
+            "SigVerPSS_186-3.rsp",
         ],
-        hashes.SHA384()
-    )
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=params["salt_length"]
+            )
+        )
+    ))
 
 
-@pytest.mark.supported(
-    only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
-    skip_message="Does not support SHA512 with MGF1."
-)
 @pytest.mark.rsa
-class TestRSAPSSMGF1VerificationSHA512(object):
-    test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test(
+class TestRSAPKCS1Verification(object):
+    test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1()),
+        skip_message="Does not support SHA1."
+    )(generate_rsa_verification_test(
         load_rsa_nist_vectors,
         os.path.join("asymmetric", "RSA", "FIPS_186-2"),
         [
-            "SigGenPSS_186-2.rsp",
-            "SigGenPSS_186-3.rsp",
+            "SigVer15_186-3.rsp",
         ],
-        hashes.SHA512()
-    )
+        hashes.SHA1(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224()),
+        skip_message="Does not support SHA224."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA224(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256()),
+        skip_message="Does not support SHA256."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA256(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384()),
+        skip_message="Does not support SHA384."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA384(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
+
+    test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported(
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
+        skip_message="Does not support SHA512."
+    )(generate_rsa_verification_test(
+        load_rsa_nist_vectors,
+        os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+        [
+            "SigVer15_186-3.rsp",
+        ],
+        hashes.SHA512(),
+        lambda params, hash_alg: padding.PKCS1v15()
+    ))
 
 
 class TestMGF1(object):
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index a29ef70e..2e838474 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -20,10 +20,11 @@ import os
 import pytest
 
 from cryptography.exceptions import (
-    AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized
+    AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag,
+    NotYetFinalized
 )
 from cryptography.hazmat.primitives import hashes, hmac
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.kdf.hkdf import HKDF
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@@ -374,33 +375,34 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm):
     return test_hkdf
 
 
-def generate_rsa_pss_test(param_loader, path, file_names, hash_alg):
+def generate_rsa_verification_test(param_loader, path, file_names, hash_alg,
+                                   pad_factory):
     all_params = _load_all_params(path, file_names, param_loader)
     all_params = [i for i in all_params
                   if i["algorithm"] == hash_alg.name.upper()]
 
     @pytest.mark.parametrize("params", all_params)
-    def test_rsa_pss(self, backend, params):
-        rsa_pss_test(backend, params, hash_alg)
+    def test_rsa_verification(self, backend, params):
+        rsa_verification_test(backend, params, hash_alg, pad_factory)
 
-    return test_rsa_pss
+    return test_rsa_verification
 
 
-def rsa_pss_test(backend, params, hash_alg):
+def rsa_verification_test(backend, params, hash_alg, pad_factory):
     public_key = rsa.RSAPublicKey(
         public_exponent=params["public_exponent"],
         modulus=params["modulus"]
     )
+    pad = pad_factory(params, hash_alg)
     verifier = public_key.verifier(
         binascii.unhexlify(params["s"]),
-        padding.PSS(
-            mgf=padding.MGF1(
-                algorithm=hash_alg,
-                salt_length=params["salt_length"]
-            )
-        ),
+        pad,
         hash_alg,
         backend
     )
     verifier.update(binascii.unhexlify(params["msg"]))
-    verifier.verify()
+    if params["fail"]:
+        with pytest.raises(InvalidSignature):
+            verifier.verify()
+    else:
+        verifier.verify()