9 files changed, 144 insertions, 94 deletions
diff --git a/tests/hazmat/primitives/fixtures_rsa.py b/tests/hazmat/primitives/fixtures_rsa.py
index f93361de..a531783e 100644
--- a/tests/hazmat/primitives/fixtures_rsa.py
+++ b/tests/hazmat/primitives/fixtures_rsa.py
@@ -529,3 +529,75 @@ RSA_KEY_2048 = RSAPrivateNumbers(
             "de04fd053846ca10a223b10cc841cc80fdebee44f3114c13e886af583", 16),
     )
 )
+
+RSA_KEY_2048_ALT = RSAPrivateNumbers(
+    d=int(
+        "7522768467449591813737881904131688860626637897199391200040629"
+        "8641018746450502628484395471408986929218353894683769457466923"
+        "3079369551423094451013669595729568593462009746342148367797495"
+        "5529909313614750246672441810743580455199636293179539903480635"
+        "3091286716112931976896334411287175213124504134181121011488550"
+        "5290054443979198998564749640800633368957384058700741073997703"
+        "8877364695937023906368630297588990131009278072614118207348356"
+        "4640244134189285070202534488517371577359510236833464698189075"
+        "5160693085297816063285814039518178249628112908466649245545732"
+        "5791532385553960363601827996980725025898649392004494256400884"
+        "092073"
+    ),
+    dmp1=int(
+        "5847872614112935747739644055317429405973942336206460017493394"
+        "9737607778799766591021036792892472774720417920838206576785118"
+        "8889624058962939702950175807073343659386156232294197300491647"
+        "1029508414050591959344812347424476498076532682798598325230069"
+        "0925827594762920534235575029199380552228825468180187156871965"
+        "973"
+    ),
+    dmq1=int(
+        "2949536259161239302081155875068405238857801001054083407704879"
+        "8210876832264504685327766351157044892283801611558399025326793"
+        "4131638001934454489864437565651739832511702151461257267169691"
+        "6611992398459006200708626815153304591390855807749769768978152"
+        "9854112656599931724820610358669306523835327459478374630794532"
+        "167"
+    ),
+    iqmp=int(
+        "7331180989818931535458916053540252830484856703208982675535284"
+        "4613815808798190559315018094080936347757336989616401164752221"
+        "8101156529898067044923499386460167055405998646366011838018441"
+        "3678947694258190172377716154009305082091341215866326061721180"
+        "3836418654472188816187630316821692982783286322262994892003058"
+        "782"
+    ),
+    p=int(
+        "1460007723851883695617573533155574746587863843382715314919865"
+        "2434108956187429726002840717317310431378483921058946835896252"
+        "7109559207437158778332364464259678946305487699031865937075508"
+        "8616612925453842458055546540240601585731206561647892336916583"
+        "0023641764106581040198845259766246869529221084602380669333021"
+        "0819"
+    ),
+    q=int(
+        "1433897765867889178402883410610177836503402597775250087462018"
+        "4617952933433119527945447840336616357136736935069377619782227"
+        "2822380830300262175671282877680573202309319960687756231128996"
+        "9764855320953993690199846269451095044922353809602378616938811"
+        "7513900906279873343591486841303392490561500301994171338761080"
+        "4439"
+    ),
+    public_numbers=RSAPublicNumbers(
+        e=65537,
+        n=int(
+            "209350181338107812610165420955871971489973659392253291327"
+            "839812910252466502190690572476688311285621239204212139711"
+            "207388949164851984253143698667018532039612470954223918242"
+            "145976986600705122576087630525229796950722166468064721258"
+            "490916138706756006902066136471049807637157890128560592039"
+            "941717275079733754782848729566190631725183735944031456237"
+            "089928120178187552521649483240599003240074352860189285952"
+            "078970127554801074176375499583703254849309993132931268013"
+            "715070507278514207864914944621214574162116786377990456375"
+            "964817771730371110612100247262908550409785456157505694419"
+            "00451152778245269283276012328748538414051025541"
+        )
+    )
+)
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 1b3fc1cb..4f7e63bf 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -8,7 +8,6 @@ import binascii
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, _Reasons
 )
@@ -20,23 +19,10 @@ from cryptography.hazmat.primitives.ciphers import (
 from .utils import (
     generate_aead_exception_test, generate_aead_tag_exception_test
 )
+from ...doubles import DummyCipherAlgorithm, DummyMode
 from ...utils import raises_unsupported_algorithm
 
 
-@utils.register_interface(modes.Mode)
-class DummyMode(object):
-    name = "dummy-mode"
-
-    def validate_for_algorithm(self, algorithm):
-        pass
-
-
-@utils.register_interface(base.CipherAlgorithm)
-class DummyCipher(object):
-    name = "dummy-cipher"
-    key_size = None
-
-
 @pytest.mark.requires_backend_interface(interface=CipherBackend)
 class TestCipher(object):
     def test_creates_encryptor(self, backend):
@@ -107,7 +93,7 @@ class TestCipherContext(object):
     @pytest.mark.parametrize("mode", [DummyMode(), None])
     def test_nonexistent_cipher(self, backend, mode):
         cipher = Cipher(
-            DummyCipher(), mode, backend
+            DummyCipherAlgorithm(), mode, backend
         )
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
             cipher.encryptor()
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index fcfda614..b02cadc8 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -9,7 +9,6 @@ import os
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import AlreadyFinalized, InvalidSignature
 from cryptography.hazmat.backends.interfaces import (
     DSABackend, PEMSerializationBackend
@@ -24,24 +23,13 @@ from cryptography.utils import bit_length
 from .fixtures_dsa import (
     DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072
 )
+from ...doubles import DummyHashAlgorithm, DummyKeySerializationEncryption
 from ...utils import (
     load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,
     load_vectors_from_file,
 )
 
 
-@utils.register_interface(serialization.KeySerializationEncryption)
-class DummyKeyEncryption(object):
-    pass
-
-
-@utils.register_interface(hashes.HashAlgorithm)
-class DummyHashAlgorithm(object):
-    name = "dummy"
-    digest_size = 32
-    block_size = 64
-
-
 def _skip_if_dsa_not_supported(backend, algorithm, p, q, g):
     if (
         not backend.dsa_parameters_supported(p, q, g) or
@@ -994,7 +982,7 @@ class TestDSASerialization(object):
             key.private_bytes(
                 serialization.Encoding.PEM,
                 serialization.PrivateFormat.TraditionalOpenSSL,
-                DummyKeyEncryption()
+                DummyKeySerializationEncryption()
             )
 
 
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 600ea27f..08619b48 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -23,6 +23,7 @@ from cryptography.hazmat.primitives.asymmetric.utils import (
 )
 
 from .fixtures_ec import EC_KEY_SECP384R1
+from ...doubles import DummyKeySerializationEncryption
 from ...utils import (
     load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,
     load_kasvs_ecdh_vectors, load_vectors_from_file,
@@ -81,11 +82,6 @@ class DummySignatureAlgorithm(object):
     algorithm = None
 
 
-@utils.register_interface(serialization.KeySerializationEncryption)
-class DummyKeyEncryption(object):
-    pass
-
-
 @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
 def test_skip_curve_unsupported(backend):
     with pytest.raises(pytest.skip.Exception):
@@ -741,7 +737,7 @@ class TestECSerialization(object):
             key.private_bytes(
                 serialization.Encoding.PEM,
                 serialization.PrivateFormat.TraditionalOpenSSL,
-                DummyKeyEncryption()
+                DummyKeySerializationEncryption()
             )
 
     def test_public_bytes_from_derived_public_key(self, backend):
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 8f7fdb18..a109c219 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -8,23 +8,16 @@ import pretend
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import AlreadyFinalized, _Reasons
 from cryptography.hazmat.backends.interfaces import HashBackend
 from cryptography.hazmat.primitives import hashes
 
 from .utils import generate_base_hash_test
 from ..backends.test_multibackend import DummyHashBackend
+from ...doubles import DummyHashAlgorithm
 from ...utils import raises_unsupported_algorithm
 
 
-@utils.register_interface(hashes.HashAlgorithm)
-class UnsupportedDummyHash(object):
-    name = "unsupported-dummy-hash"
-    block_size = None
-    digest_size = None
-
-
 @pytest.mark.requires_backend_interface(interface=HashBackend)
 class TestHashContext(object):
     def test_hash_reject_unicode(self, backend):
@@ -59,7 +52,7 @@ class TestHashContext(object):
 
     def test_unsupported_hash(self, backend):
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
-            hashes.Hash(UnsupportedDummyHash(), backend)
+            hashes.Hash(DummyHashAlgorithm(), backend)
 
 
 @pytest.mark.supported(
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 83b18cbc..82082a2d 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -8,7 +8,6 @@ import pretend
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidSignature, _Reasons
 )
@@ -17,16 +16,10 @@ from cryptography.hazmat.primitives import hashes, hmac
 
 from .utils import generate_base_hmac_test
 from ..backends.test_multibackend import DummyHMACBackend
+from ...doubles import DummyHashAlgorithm
 from ...utils import raises_unsupported_algorithm
 
 
-@utils.register_interface(hashes.HashAlgorithm)
-class UnsupportedDummyHash(object):
-    name = "unsupported-dummy-hash"
-    block_size = None
-    digest_size = None
-
-
 @pytest.mark.supported(
     only_if=lambda backend: backend.hmac_supported(hashes.MD5()),
     skip_message="Does not support MD5",
@@ -95,7 +88,7 @@ class TestHMAC(object):
 
     def test_unsupported_hash(self, backend):
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
-            hmac.HMAC(b"key", UnsupportedDummyHash(), backend)
+            hmac.HMAC(b"key", DummyHashAlgorithm(), backend)
 
 
 def test_invalid_backend():
diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py
index 7fb6bbd6..d971ebd0 100644
--- a/tests/hazmat/primitives/test_pbkdf2hmac.py
+++ b/tests/hazmat/primitives/test_pbkdf2hmac.py
@@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidKey, _Reasons
 )
@@ -14,16 +13,10 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 
+from ...doubles import DummyHashAlgorithm
 from ...utils import raises_unsupported_algorithm
 
 
-@utils.register_interface(hashes.HashAlgorithm)
-class DummyHash(object):
-    name = "dummy-hash"
-    block_size = None
-    digest_size = None
-
-
 class TestPBKDF2HMAC(object):
     def test_already_finalized(self):
         kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())
@@ -43,7 +36,9 @@ class TestPBKDF2HMAC(object):
 
     def test_unsupported_algorithm(self):
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
-            PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend())
+            PBKDF2HMAC(
+                DummyHashAlgorithm(), 20, b"salt", 10, default_backend()
+            )
 
     def test_invalid_key(self):
         kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index c432db82..2331a935 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -11,7 +11,6 @@ import os
 
 import pytest
 
-from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidSignature, _Reasons
 )
@@ -27,37 +26,32 @@ from cryptography.hazmat.primitives.asymmetric.rsa import (
 from .fixtures_rsa import (
     RSA_KEY_1024, RSA_KEY_1025, RSA_KEY_1026, RSA_KEY_1027, RSA_KEY_1028,
     RSA_KEY_1029, RSA_KEY_1030, RSA_KEY_1031, RSA_KEY_1536, RSA_KEY_2048,
-    RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599, RSA_KEY_745,
-    RSA_KEY_768,
+    RSA_KEY_2048_ALT, RSA_KEY_512, RSA_KEY_512_ALT, RSA_KEY_522, RSA_KEY_599,
+    RSA_KEY_745, RSA_KEY_768,
 )
 from .utils import (
     _check_rsa_private_numbers, generate_rsa_verification_test
 )
+from ...doubles import (
+    DummyAsymmetricPadding, DummyHashAlgorithm, DummyKeySerializationEncryption
+)
 from ...utils import (
     load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,
     raises_unsupported_algorithm
 )
 
 
-@utils.register_interface(padding.AsymmetricPadding)
-class DummyPadding(object):
-    name = "UNSUPPORTED-PADDING"
-
-
 class DummyMGF(object):
     _salt_length = 0
 
 
-@utils.register_interface(serialization.KeySerializationEncryption)
-class DummyKeyEncryption(object):
-    pass
+def _check_rsa_private_numbers_if_serializable(key):
+    if isinstance(key, rsa.RSAPrivateKeyWithSerialization):
+        _check_rsa_private_numbers(key.private_numbers())
 
 
-@utils.register_interface(hashes.HashAlgorithm)
-class DummyHashAlgorithm(object):
-    name = "dummy-hash"
-    digest_size = 32
-    block_size = 64
+def test_check_rsa_private_numbers_if_serializable():
+    _check_rsa_private_numbers_if_serializable("notserializable")
 
 
 def _flatten_pkcs1_examples(vectors):
@@ -123,7 +117,7 @@ class TestRSA(object):
         skey = rsa.generate_private_key(public_exponent, key_size, backend)
         assert skey.key_size == key_size
 
-        _check_rsa_private_numbers(skey.private_numbers())
+        _check_rsa_private_numbers_if_serializable(skey)
         pkey = skey.public_key()
         assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers)
 
@@ -396,7 +390,7 @@ class TestRSASignature(object):
     def test_unsupported_padding(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
-            private_key.signer(DummyPadding(), hashes.SHA1())
+            private_key.signer(DummyAsymmetricPadding(), hashes.SHA1())
 
     def test_padding_incorrect_type(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
@@ -694,7 +688,9 @@ class TestRSAVerification(object):
         private_key = RSA_KEY_512.private_key(backend)
         public_key = private_key.public_key()
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
-            public_key.verifier(b"sig", DummyPadding(), hashes.SHA1())
+            public_key.verifier(
+                b"sig", DummyAsymmetricPadding(), hashes.SHA1()
+            )
 
     @pytest.mark.supported(
         only_if=lambda backend: backend.rsa_padding_supported(
@@ -1121,7 +1117,7 @@ class TestRSADecryption(object):
     def test_unsupported_padding(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
-            private_key.decrypt(b"0" * 64, DummyPadding())
+            private_key.decrypt(b"0" * 64, DummyAsymmetricPadding())
 
     @pytest.mark.supported(
         only_if=lambda backend: backend.rsa_padding_supported(
@@ -1248,6 +1244,44 @@ class TestRSADecryption(object):
                 )
             )
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.rsa_padding_supported(
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.SHA1(),
+                label=None
+            )
+        ),
+        skip_message="Does not support OAEP."
+    )
+    def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend):
+        key = RSA_KEY_2048_ALT.private_key(backend)
+
+        ciphertext = (
+            b'\xb1ph\xc0\x0b\x1a|\xe6\xda\xea\xb5\xd7%\x94\x07\xf96\xfb\x96'
+            b'\x11\x9b\xdc4\xea.-\x91\x80\x13S\x94\x04m\xe9\xc5/F\x1b\x9b:\\'
+            b'\x1d\x04\x16ML\xae\xb32J\x01yuA\xbb\x83\x1c\x8f\xf6\xa5\xdbp\xcd'
+            b'\nx\xc7\xf6\x15\xb2/\xdcH\xae\xe7\x13\x13by\r4t\x99\x0fc\x1f\xc1'
+            b'\x1c\xb1\xdd\xc5\x08\xd1\xee\xa1XQ\xb8H@L5v\xc3\xaf\xf2\r\x97'
+            b'\xed\xaa\xe7\xf1\xd4xai\xd3\x83\xd9\xaa9\xbfx\xe1\x87F \x01\xff'
+            b'L\xccv}ae\xb3\xfa\xf2B\xb8\xf9\x04H\x94\x85\xcb\x86\xbb\\ghx!W31'
+            b'\xc7;t\na_E\xc2\x16\xb0;\xa1\x18\t\x1b\xe1\xdb\x80>)\x15\xc6\x12'
+            b'\xcb\xeeg`\x8b\x9b\x1b\x05y4\xb0\x84M6\xcd\xa1\x827o\xfd\x96\xba'
+            b'Z#\x8d\xae\x01\xc9\xf2\xb6\xde\x89{8&eQ\x1e8\x03\x01#?\xb66\\'
+            b'\xad.\xe9\xfa!\x95 c{\xcaz\xe0*\tP\r\x91\x9a)B\xb5\xadN\xf4$\x83'
+            b'\t\xb5u\xab\x19\x99'
+        )
+
+        with pytest.raises(ValueError):
+            key.decrypt(
+                ciphertext,
+                padding.OAEP(
+                    algorithm=hashes.SHA1(),
+                    mgf=padding.MGF1(hashes.SHA1()),
+                    label=None
+                )
+            )
+
     def test_unsupported_oaep_mgf(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
@@ -1361,7 +1395,7 @@ class TestRSAEncryption(object):
         public_key = private_key.public_key()
 
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
-            public_key.encrypt(b"somedata", DummyPadding())
+            public_key.encrypt(b"somedata", DummyAsymmetricPadding())
         with pytest.raises(TypeError):
             public_key.encrypt(b"somedata", padding=object())
 
@@ -1986,7 +2020,7 @@ class TestRSAPrivateKeySerialization(object):
             key.private_bytes(
                 serialization.Encoding.PEM,
                 serialization.PrivateFormat.TraditionalOpenSSL,
-                DummyKeyEncryption()
+                DummyKeySerializationEncryption()
             )
 
 
diff --git a/tests/hazmat/primitives/test_x963_vectors.py b/tests/hazmat/primitives/test_x963_vectors.py
index 0332e601..b09d1653 100644
--- a/tests/hazmat/primitives/test_x963_vectors.py
+++ b/tests/hazmat/primitives/test_x963_vectors.py
@@ -9,22 +9,15 @@ import os
 
 import pytest
 
-from cryptography import utils
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.backends.interfaces import HashBackend
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
 
+from ...doubles import DummyHashAlgorithm
 from ...utils import load_vectors_from_file, load_x963_vectors
 
 
-@utils.register_interface(hashes.HashAlgorithm)
-class UnsupportedDummyHash(object):
-    name = "unsupported-dummy-hash"
-    block_size = None
-    digest_size = None
-
-
 def _skip_hashfn_unsupported(backend, hashfn):
     if not backend.hash_supported(hashfn):
         pytest.skip(
@@ -69,4 +62,4 @@ class TestX963(object):
         xkdf.verify(key, key_data)
 
     def test_unsupported_hash(self, backend):
-        _skip_hashfn_unsupported(backend, UnsupportedDummyHash())
+        _skip_hashfn_unsupported(backend, DummyHashAlgorithm())