diff options
| -rwxr-xr-x | .travis/install.sh | 22 | ||||
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 4 | ||||
| -rw-r--r-- | tests/doubles.py | 43 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_commoncrypto.py | 13 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 53 | ||||
| -rw-r--r-- | tests/hazmat/primitives/fixtures_rsa.py | 72 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_block.py | 18 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 16 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hashes.py | 11 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 11 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_pbkdf2hmac.py | 13 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 75 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_x963_vectors.py | 11 | 
16 files changed, 214 insertions, 159 deletions
| diff --git a/.travis/install.sh b/.travis/install.sh index f163f217..e5b5f52d 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -15,10 +15,6 @@ if [[ "$(uname -s)" == 'Darwin' ]]; then      eval "$(pyenv init -)"      case "${TOXENV}" in -        py26) -            curl -O https://bootstrap.pypa.io/get-pip.py -            python get-pip.py --user -            ;;          py27)              curl -O https://bootstrap.pypa.io/get-pip.py              python get-pip.py --user @@ -51,8 +47,8 @@ if [[ "$(uname -s)" == 'Darwin' ]]; then      pyenv rehash      python -m pip install --user virtualenv  else -    # temporary pyenv installation to get latest pypy before container infra upgrade -    # now using the -latest because of a segfault bug we're encountering in 2.6.1 +    # temporary pyenv installation to get latest pypy until the travis +    # container infra is upgraded      if [[ "${TOXENV}" = pypy* ]]; then          git clone https://github.com/yyuu/pyenv.git ~/.pyenv          PYENV_ROOT="$HOME/.pyenv" @@ -62,24 +58,26 @@ else          pyenv global pypy-4.0.1      fi      if [[ "${OPENSSL}" == "0.9.8" ]]; then -        # We use 0.9.8l rather than zh because we have some branches for handling -        # < 0.9.8m that won't be exercised with a newer OpenSSL. (RHEL5 is 0.9.8e with -        # patches, but while that's in jenkins we don't get coverage data from it). +        # We use 0.9.8l rather than zh because we have some branches for +        # handling < 0.9.8m that won't be exercised with a newer OpenSSL. +        # (RHEL5 is 0.9.8e with patches, but while that's in jenkins we don't +        # get coverage data from it).          OPENSSL_VERSION_NUMBER="0.9.8l"          OPENSSL_DIR="ossl-098l"      elif [[ "${OPENSSL}" == "1.0.0" ]]; then          OPENSSL_VERSION_NUMBER="1.0.0t"          OPENSSL_DIR="ossl-100t"      fi -    # download, compile, and install if it's not already present via travis cache +    # download, compile, and install if it's not already present via travis +    # cache      if [ -n "$OPENSSL_DIR" ]; then          if [[ ! -f "$HOME/$OPENSSL_DIR/bin/openssl" ]]; then              curl -O https://www.openssl.org/source/openssl-$OPENSSL_VERSION_NUMBER.tar.gz              tar zxf openssl-$OPENSSL_VERSION_NUMBER.tar.gz              cd openssl-$OPENSSL_VERSION_NUMBER              ./config shared no-asm no-ssl2 -fPIC --prefix="$HOME/$OPENSSL_DIR" -            # modify the shlib version to a unique one to make sure the dynamic linker -            # doesn't load the system one. +            # modify the shlib version to a unique one to make sure the dynamic +            # linker doesn't load the system one.              sed -i "s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=100/" Makefile              sed -i "s/^SHLIB_MINOR=.*/SHLIB_MINOR=0.0/" Makefile              sed -i "s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=100.0.0/" Makefile diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6765f826..9c43a831 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,6 +10,8 @@ Changelog    ``cryptography`` 1.4.  * Added support for the :class:`~cryptography.x509.PolicyConstraints` X.509    extension. +* Fixed an intermittent ``AssertionError`` when performing an RSA decryption on +  an invalid ciphertext, ``ValueError`` is now correctly raised in all cases.  1.2.3 - 2016-03-01  ~~~~~~~~~~~~~~~~~~ diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 9d97be16..4ba90662 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -226,6 +226,7 @@ static const int PKCS12_F_PKCS12_PBE_CRYPT;  static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR;  static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; +static const int RSA_R_DATA_TOO_LARGE_FOR_MODULUS;  static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;  static const int RSA_R_BLOCK_TYPE_IS_NOT_01;  static const int RSA_R_BLOCK_TYPE_IS_NOT_02; diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index a48b167d..ba9c5ab6 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -139,6 +139,10 @@ def _handle_rsa_enc_dec_error(backend, key):              backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01,              backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02,              backend._lib.RSA_R_OAEP_DECODING_ERROR, +            # Though this error looks similar to the +            # RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, this occurs on decrypts, +            # rather then on encrypts +            backend._lib.RSA_R_DATA_TOO_LARGE_FOR_MODULUS,          ]          if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR:              decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR) diff --git a/tests/doubles.py b/tests/doubles.py new file mode 100644 index 00000000..2ff1942f --- /dev/null +++ b/tests/doubles.py @@ -0,0 +1,43 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +from cryptography import utils +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives.ciphers import CipherAlgorithm +from cryptography.hazmat.primitives.ciphers.modes import Mode + + +@utils.register_interface(CipherAlgorithm) +class DummyCipherAlgorithm(object): +    name = "dummy-cipher" +    block_size = 128 +    key_size = None + + +@utils.register_interface(Mode) +class DummyMode(object): +    name = "dummy-mode" + +    def validate_for_algorithm(self, algorithm): +        pass + + +@utils.register_interface(hashes.HashAlgorithm) +class DummyHashAlgorithm(object): +    name = "dummy-hash" +    block_size = None +    digest_size = None + + +@utils.register_interface(serialization.KeySerializationEncryption) +class DummyKeySerializationEncryption(object): +    pass + + +@utils.register_interface(padding.AsymmetricPadding) +class DummyAsymmetricPadding(object): +    name = "dummy-padding" diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index f7200016..2b730e93 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -6,23 +6,16 @@ from __future__ import absolute_import, division, print_function  import pytest -from cryptography import utils  from cryptography.exceptions import InternalError, _Reasons  from cryptography.hazmat.backends import _available_backends -from cryptography.hazmat.primitives.ciphers import Cipher, CipherAlgorithm +from cryptography.hazmat.primitives.ciphers import Cipher  from cryptography.hazmat.primitives.ciphers.algorithms import AES  from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM +from ...doubles import DummyCipherAlgorithm  from ...utils import raises_unsupported_algorithm -@utils.register_interface(CipherAlgorithm) -class DummyCipher(object): -    name = "dummy-cipher" -    block_size = None -    key_size = None - -  @pytest.mark.skipif("commoncrypto" not in                      [i.name for i in _available_backends()],                      reason="CommonCrypto not available") @@ -55,7 +48,7 @@ class TestCommonCrypto(object):          from cryptography.hazmat.backends.commoncrypto.backend import Backend          b = Backend()          cipher = Cipher( -            DummyCipher(), GCM(b"fake_iv_here"), backend=b, +            DummyCipherAlgorithm(), GCM(b"fake_iv_here"), backend=b,          )          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):              cipher.encryptor() diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index f94b94ab..072f8be3 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -21,15 +21,16 @@ from cryptography.hazmat.backends.openssl.backend import (  from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve  from cryptography.hazmat.primitives import hashes, serialization  from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding -from cryptography.hazmat.primitives.ciphers import ( -    BlockCipherAlgorithm, Cipher, CipherAlgorithm -) +from cryptography.hazmat.primitives.ciphers import Cipher  from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR, Mode +from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR  from ..primitives.fixtures_dsa import DSA_KEY_2048  from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512  from ..primitives.test_ec import _skip_curve_unsupported +from ...doubles import ( +    DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode +)  from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -47,32 +48,6 @@ class TestLibreSkip(object):              skip_if_libre_ssl(u"LibreSSL 2.1.6") -@utils.register_interface(Mode) -class DummyMode(object): -    name = "dummy-mode" - -    def validate_for_algorithm(self, algorithm): -        pass - - -@utils.register_interface(CipherAlgorithm) -class DummyCipher(object): -    name = "dummy-cipher" -    key_size = None - - -@utils.register_interface(padding.AsymmetricPadding) -class DummyPadding(object): -    name = "dummy-cipher" - - -@utils.register_interface(hashes.HashAlgorithm) -class DummyHash(object): -    name = "dummy-hash" -    block_size = None -    digest_size = None - -  class DummyMGF(object):      _salt_length = 0 @@ -111,12 +86,12 @@ class TestOpenSSL(object):      def test_nonexistent_cipher(self, mode):          b = Backend()          b.register_cipher_adapter( -            DummyCipher, +            DummyCipherAlgorithm,              type(mode),              lambda backend, cipher, mode: backend._ffi.NULL          )          cipher = Cipher( -            DummyCipher(), mode, backend=b, +            DummyCipherAlgorithm(), mode, backend=b,          )          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):              cipher.encryptor() @@ -383,11 +358,11 @@ class TestOpenSSLRSA(object):      def test_rsa_padding_unsupported_pss_mgf1_hash(self):          assert backend.rsa_padding_supported( -            padding.PSS(mgf=padding.MGF1(DummyHash()), salt_length=0) +            padding.PSS(mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0)          ) is False      def test_rsa_padding_unsupported(self): -        assert backend.rsa_padding_supported(DummyPadding()) is False +        assert backend.rsa_padding_supported(DummyAsymmetricPadding()) is False      def test_rsa_padding_supported_pkcs1v15(self):          assert backend.rsa_padding_supported(padding.PKCS1v15()) is True @@ -462,12 +437,8 @@ class TestOpenSSLRSA(object):  )  class TestOpenSSLCMAC(object):      def test_unsupported_cipher(self): -        @utils.register_interface(BlockCipherAlgorithm) -        class FakeAlgorithm(object): -            block_size = 64 -          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): -            backend.create_cmac_ctx(FakeAlgorithm()) +            backend.create_cmac_ctx(DummyCipherAlgorithm())  class TestOpenSSLCreateX509CSR(object): @@ -498,7 +469,9 @@ class TestOpenSSLSignX509Certificate(object):          private_key = RSA_KEY_2048.private_key(backend)          with pytest.raises(TypeError): -            backend.create_x509_certificate(object(), private_key, DummyHash()) +            backend.create_x509_certificate( +                object(), private_key, DummyHashAlgorithm() +            )      @pytest.mark.skipif(          backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000, diff --git a/tests/hazmat/primitives/fixtures_rsa.py b/tests/hazmat/primitives/fixtures_rsa.py index f93361de..a531783e 100644 --- a/tests/hazmat/primitives/fixtures_rsa.py +++ b/tests/hazmat/primitives/fixtures_rsa.py @@ -529,3 +529,75 @@ RSA_KEY_2048 = RSAPrivateNumbers(              "de04fd053846ca10a223b10cc841cc80fdebee44f3114c13e886af583", 16),      )  ) + +RSA_KEY_2048_ALT = RSAPrivateNumbers( +    d=int( +        "7522768467449591813737881904131688860626637897199391200040629" +        "8641018746450502628484395471408986929218353894683769457466923" +        "3079369551423094451013669595729568593462009746342148367797495" +        "5529909313614750246672441810743580455199636293179539903480635" +        "3091286716112931976896334411287175213124504134181121011488550" +        "5290054443979198998564749640800633368957384058700741073997703" +        "8877364695937023906368630297588990131009278072614118207348356" +        "4640244134189285070202534488517371577359510236833464698189075" +        "5160693085297816063285814039518178249628112908466649245545732" +        "5791532385553960363601827996980725025898649392004494256400884" +        "092073" +    ), +    dmp1=int( +        "5847872614112935747739644055317429405973942336206460017493394" +        "9737607778799766591021036792892472774720417920838206576785118" +        "8889624058962939702950175807073343659386156232294197300491647" +        "1029508414050591959344812347424476498076532682798598325230069" +        "0925827594762920534235575029199380552228825468180187156871965" +        "973" +    ), +    dmq1=int( +        "2949536259161239302081155875068405238857801001054083407704879" +        "8210876832264504685327766351157044892283801611558399025326793" +        "4131638001934454489864437565651739832511702151461257267169691" +        "6611992398459006200708626815153304591390855807749769768978152" +        "9854112656599931724820610358669306523835327459478374630794532" +        "167" +    ), +    iqmp=int( +        "7331180989818931535458916053540252830484856703208982675535284" +        "4613815808798190559315018094080936347757336989616401164752221" +        "8101156529898067044923499386460167055405998646366011838018441" +        "3678947694258190172377716154009305082091341215866326061721180" +        "3836418654472188816187630316821692982783286322262994892003058" +        "782" +    ), +    p=int( +        "1460007723851883695617573533155574746587863843382715314919865" +        "2434108956187429726002840717317310431378483921058946835896252" +        "7109559207437158778332364464259678946305487699031865937075508" +        "8616612925453842458055546540240601585731206561647892336916583" +        "0023641764106581040198845259766246869529221084602380669333021" +        "0819" +    ), +    q=int( +        "1433897765867889178402883410610177836503402597775250087462018" +        "4617952933433119527945447840336616357136736935069377619782227" +        "2822380830300262175671282877680573202309319960687756231128996" +        "9764855320953993690199846269451095044922353809602378616938811" +        "7513900906279873343591486841303392490561500301994171338761080" +        "4439" +    ), +    public_numbers=RSAPublicNumbers( +        e=65537, +        n=int( +            "209350181338107812610165420955871971489973659392253291327" +            "839812910252466502190690572476688311285621239204212139711" +            "207388949164851984253143698667018532039612470954223918242" +            "145976986600705122576087630525229796950722166468064721258" +            "490916138706756006902066136471049807637157890128560592039" +            "941717275079733754782848729566190631725183735944031456237" +            "089928120178187552521649483240599003240074352860189285952" +            "078970127554801074176375499583703254849309993132931268013" +            "715070507278514207864914944621214574162116786377990456375" +            "964817771730371110612100247262908550409785456157505694419" +            "00451152778245269283276012328748538414051025541" +        ) +    ) +) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 1b3fc1cb..4f7e63bf 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -8,7 +8,6 @@ import binascii  import pytest -from cryptography import utils  from cryptography.exceptions import (      AlreadyFinalized, _Reasons  ) @@ -20,23 +19,10 @@ from cryptography.hazmat.primitives.ciphers import (  from .utils import (      generate_aead_exception_test, generate_aead_tag_exception_test  ) +from ...doubles import DummyCipherAlgorithm, DummyMode  from ...utils import raises_unsupported_algorithm -@utils.register_interface(modes.Mode) -class DummyMode(object): -    name = "dummy-mode" - -    def validate_for_algorithm(self, algorithm): -        pass - - -@utils.register_interface(base.CipherAlgorithm) -class DummyCipher(object): -    name = "dummy-cipher" -    key_size = None - -  @pytest.mark.requires_backend_interface(interface=CipherBackend)  class TestCipher(object):      def test_creates_encryptor(self, backend): @@ -107,7 +93,7 @@ class TestCipherContext(object):      @pytest.mark.parametrize("mode", [DummyMode(), None])      def test_nonexistent_cipher(self, backend, mode):          cipher = Cipher( -            DummyCipher(), mode, backend +            DummyCipherAlgorithm(), mode, backend          )          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):              cipher.encryptor() diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index fcfda614..b02cadc8 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -9,7 +9,6 @@ import os  import pytest -from cryptography import utils  from cryptography.exceptions import AlreadyFinalized, InvalidSignature  from cryptography.hazmat.backends.interfaces import (      DSABackend, PEMSerializationBackend @@ -24,24 +23,13 @@ from cryptography.utils import bit_length  from .fixtures_dsa import (      DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072  ) +from ...doubles import DummyHashAlgorithm, DummyKeySerializationEncryption  from ...utils import (      load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,      load_vectors_from_file,  ) -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): -    pass - - -@utils.register_interface(hashes.HashAlgorithm) -class DummyHashAlgorithm(object): -    name = "dummy" -    digest_size = 32 -    block_size = 64 - -  def _skip_if_dsa_not_supported(backend, algorithm, p, q, g):      if (          not backend.dsa_parameters_supported(p, q, g) or @@ -994,7 +982,7 @@ class TestDSASerialization(object):              key.private_bytes(                  serialization.Encoding.PEM,                  serialization.PrivateFormat.TraditionalOpenSSL, -                DummyKeyEncryption() +                DummyKeySerializationEncryption()              ) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 600ea27f..08619b48 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -23,6 +23,7 @@ from cryptography.hazmat.primitives.asymmetric.utils import (  )  from .fixtures_ec import EC_KEY_SECP384R1 +from ...doubles import DummyKeySerializationEncryption  from ...utils import (      load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,      load_kasvs_ecdh_vectors, load_vectors_from_file, @@ -81,11 +82,6 @@ class DummySignatureAlgorithm(object):      algorithm = None -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): -    pass - -  @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)  def test_skip_curve_unsupported(backend):      with pytest.raises(pytest.skip.Exception): @@ -741,7 +737,7 @@ class TestECSerialization(object):              key.private_bytes(                  serialization.Encoding.PEM,                  serialization.PrivateFormat.TraditionalOpenSSL, -                DummyKeyEncryption() +                DummyKeySerializationEncryption()              )      def test_public_bytes_from_derived_public_key(self, backend): diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 8f7fdb18..a109c219 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -8,23 +8,16 @@ import pretend  import pytest -from cryptography import utils  from cryptography.exceptions import AlreadyFinalized, _Reasons  from cryptography.hazmat.backends.interfaces import HashBackend  from cryptography.hazmat.primitives import hashes  from .utils import generate_base_hash_test  from ..backends.test_multibackend import DummyHashBackend +from ...doubles import DummyHashAlgorithm  from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): -    name = "unsupported-dummy-hash" -    block_size = None -    digest_size = None - -  @pytest.mark.requires_backend_interface(interface=HashBackend)  class TestHashContext(object):      def test_hash_reject_unicode(self, backend): @@ -59,7 +52,7 @@ class TestHashContext(object):      def test_unsupported_hash(self, backend):          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): -            hashes.Hash(UnsupportedDummyHash(), backend) +            hashes.Hash(DummyHashAlgorithm(), backend)  @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 83b18cbc..82082a2d 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -8,7 +8,6 @@ import pretend  import pytest -from cryptography import utils  from cryptography.exceptions import (      AlreadyFinalized, InvalidSignature, _Reasons  ) @@ -17,16 +16,10 @@ from cryptography.hazmat.primitives import hashes, hmac  from .utils import generate_base_hmac_test  from ..backends.test_multibackend import DummyHMACBackend +from ...doubles import DummyHashAlgorithm  from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): -    name = "unsupported-dummy-hash" -    block_size = None -    digest_size = None - -  @pytest.mark.supported(      only_if=lambda backend: backend.hmac_supported(hashes.MD5()),      skip_message="Does not support MD5", @@ -95,7 +88,7 @@ class TestHMAC(object):      def test_unsupported_hash(self, backend):          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): -            hmac.HMAC(b"key", UnsupportedDummyHash(), backend) +            hmac.HMAC(b"key", DummyHashAlgorithm(), backend)  def test_invalid_backend(): diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index 7fb6bbd6..d971ebd0 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function  import pytest -from cryptography import utils  from cryptography.exceptions import (      AlreadyFinalized, InvalidKey, _Reasons  ) @@ -14,16 +13,10 @@ from cryptography.hazmat.backends import default_backend  from cryptography.hazmat.primitives import hashes  from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from ...doubles import DummyHashAlgorithm  from ...utils import raises_unsupported_algorithm -@utils.register_interface(hashes.HashAlgorithm) -class DummyHash(object): -    name = "dummy-hash" -    block_size = None -    digest_size = None - -  class TestPBKDF2HMAC(object):      def test_already_finalized(self):          kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) @@ -43,7 +36,9 @@ class TestPBKDF2HMAC(object):      def test_unsupported_algorithm(self):          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): -            PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend()) +            PBKDF2HMAC( +                DummyHashAlgorithm(), 20, b"salt", 10, default_backend() +            )      def test_invalid_key(self):          kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend()) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index c0b8923f..2331a935 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -11,7 +11,6 @@ import os  import pytest -from cryptography import utils  from cryptography.exceptions import (      AlreadyFinalized, InvalidSignature, _Reasons  ) @@ -27,39 +26,25 @@ from cryptography.hazmat.primitives.asymmetric.rsa import (  from .fixtures_rsa import (      RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028,      RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031, RSA_KEY_1536, RSA_KEY_2048, -    RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, RSA_KEY_745, -    RSA_KEY_768, +    RSA_KEY_2048_ALT, RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, +    RSA_KEY_745, RSA_KEY_768,  )  from .utils import (      _check_rsa_private_numbers, generate_rsa_verification_test  ) +from ...doubles import ( +    DummyAsymmetricPadding, DummyHashAlgorithm, DummyKeySerializationEncryption +)  from ...utils import (      load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,      raises_unsupported_algorithm  ) -@utils.register_interface(padding.AsymmetricPadding) -class DummyPadding(object): -    name = "UNSUPPORTED-PADDING" - -  class DummyMGF(object):      _salt_length = 0 -@utils.register_interface(serialization.KeySerializationEncryption) -class DummyKeyEncryption(object): -    pass - - -@utils.register_interface(hashes.HashAlgorithm) -class DummyHashAlgorithm(object): -    name = "dummy-hash" -    digest_size = 32 -    block_size = 64 - -  def _check_rsa_private_numbers_if_serializable(key):      if isinstance(key, rsa.RSAPrivateKeyWithSerialization):          _check_rsa_private_numbers(key.private_numbers()) @@ -405,7 +390,7 @@ class TestRSASignature(object):      def test_unsupported_padding(self, backend):          private_key = RSA_KEY_512.private_key(backend)          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): -            private_key.signer(DummyPadding(), hashes.SHA1()) +            private_key.signer(DummyAsymmetricPadding(), hashes.SHA1())      def test_padding_incorrect_type(self, backend):          private_key = RSA_KEY_512.private_key(backend) @@ -703,7 +688,9 @@ class TestRSAVerification(object):          private_key = RSA_KEY_512.private_key(backend)          public_key = private_key.public_key()          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): -            public_key.verifier(b"sig", DummyPadding(), hashes.SHA1()) +            public_key.verifier( +                b"sig", DummyAsymmetricPadding(), hashes.SHA1() +            )      @pytest.mark.supported(          only_if=lambda backend: backend.rsa_padding_supported( @@ -1130,7 +1117,7 @@ class TestRSADecryption(object):      def test_unsupported_padding(self, backend):          private_key = RSA_KEY_512.private_key(backend)          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): -            private_key.decrypt(b"0" * 64, DummyPadding()) +            private_key.decrypt(b"0" * 64, DummyAsymmetricPadding())      @pytest.mark.supported(          only_if=lambda backend: backend.rsa_padding_supported( @@ -1257,6 +1244,44 @@ class TestRSADecryption(object):                  )              ) +    @pytest.mark.supported( +        only_if=lambda backend: backend.rsa_padding_supported( +            padding.OAEP( +                mgf=padding.MGF1(algorithm=hashes.SHA1()), +                algorithm=hashes.SHA1(), +                label=None +            ) +        ), +        skip_message="Does not support OAEP." +    ) +    def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend): +        key = RSA_KEY_2048_ALT.private_key(backend) + +        ciphertext = ( +            b'\xb1ph\xc0\x0b\x1a|\xe6\xda\xea\xb5\xd7%\x94\x07\xf96\xfb\x96' +            b'\x11\x9b\xdc4\xea.-\x91\x80\x13S\x94\x04m\xe9\xc5/F\x1b\x9b:\\' +            b'\x1d\x04\x16ML\xae\xb32J\x01yuA\xbb\x83\x1c\x8f\xf6\xa5\xdbp\xcd' +            b'\nx\xc7\xf6\x15\xb2/\xdcH\xae\xe7\x13\x13by\r4t\x99\x0fc\x1f\xc1' +            b'\x1c\xb1\xdd\xc5\x08\xd1\xee\xa1XQ\xb8H@L5v\xc3\xaf\xf2\r\x97' +            b'\xed\xaa\xe7\xf1\xd4xai\xd3\x83\xd9\xaa9\xbfx\xe1\x87F \x01\xff' +            b'L\xccv}ae\xb3\xfa\xf2B\xb8\xf9\x04H\x94\x85\xcb\x86\xbb\\ghx!W31' +            b'\xc7;t\na_E\xc2\x16\xb0;\xa1\x18\t\x1b\xe1\xdb\x80>)\x15\xc6\x12' +            b'\xcb\xeeg`\x8b\x9b\x1b\x05y4\xb0\x84M6\xcd\xa1\x827o\xfd\x96\xba' +            b'Z#\x8d\xae\x01\xc9\xf2\xb6\xde\x89{8&eQ\x1e8\x03\x01#?\xb66\\' +            b'\xad.\xe9\xfa!\x95 c{\xcaz\xe0*\tP\r\x91\x9a)B\xb5\xadN\xf4$\x83' +            b'\t\xb5u\xab\x19\x99' +        ) + +        with pytest.raises(ValueError): +            key.decrypt( +                ciphertext, +                padding.OAEP( +                    algorithm=hashes.SHA1(), +                    mgf=padding.MGF1(hashes.SHA1()), +                    label=None +                ) +            ) +      def test_unsupported_oaep_mgf(self, backend):          private_key = RSA_KEY_512.private_key(backend)          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): @@ -1370,7 +1395,7 @@ class TestRSAEncryption(object):          public_key = private_key.public_key()          with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): -            public_key.encrypt(b"somedata", DummyPadding()) +            public_key.encrypt(b"somedata", DummyAsymmetricPadding())          with pytest.raises(TypeError):              public_key.encrypt(b"somedata", padding=object()) @@ -1995,7 +2020,7 @@ class TestRSAPrivateKeySerialization(object):              key.private_bytes(                  serialization.Encoding.PEM,                  serialization.PrivateFormat.TraditionalOpenSSL, -                DummyKeyEncryption() +                DummyKeySerializationEncryption()              ) diff --git a/tests/hazmat/primitives/test_x963_vectors.py b/tests/hazmat/primitives/test_x963_vectors.py index 0332e601..b09d1653 100644 --- a/tests/hazmat/primitives/test_x963_vectors.py +++ b/tests/hazmat/primitives/test_x963_vectors.py @@ -9,22 +9,15 @@ import os  import pytest -from cryptography import utils  from cryptography.hazmat.backends import default_backend  from cryptography.hazmat.backends.interfaces import HashBackend  from cryptography.hazmat.primitives import hashes  from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF +from ...doubles import DummyHashAlgorithm  from ...utils import load_vectors_from_file, load_x963_vectors -@utils.register_interface(hashes.HashAlgorithm) -class UnsupportedDummyHash(object): -    name = "unsupported-dummy-hash" -    block_size = None -    digest_size = None - -  def _skip_hashfn_unsupported(backend, hashfn):      if not backend.hash_supported(hashfn):          pytest.skip( @@ -69,4 +62,4 @@ class TestX963(object):          xkdf.verify(key, key_data)      def test_unsupported_hash(self, backend): -        _skip_hashfn_unsupported(backend, UnsupportedDummyHash()) +        _skip_hashfn_unsupported(backend, DummyHashAlgorithm()) | 
