From 4e602f383aa7ee7e43b344e805d92f9626f4a8c7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:07:54 -0500 Subject: RSA encryption support --- cryptography/hazmat/backends/interfaces.py | 6 ++ cryptography/hazmat/backends/openssl/backend.py | 83 +++++++++------ cryptography/hazmat/primitives/asymmetric/rsa.py | 9 ++ docs/hazmat/backends/interfaces.rst | 12 +++ docs/hazmat/primitives/asymmetric/rsa.rst | 60 +++++++++++ docs/hazmat/primitives/interfaces.rst | 17 ++++ tests/hazmat/primitives/test_rsa.py | 123 +++++++++++++++++++++++ 7 files changed, 280 insertions(+), 30 deletions(-) diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 677f4c67..ca7122c2 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -123,6 +123,12 @@ class RSABackend(object): Returns decrypted bytes. """ + @abc.abstractmethod + def encrypt_rsa(self, public_key, plaintext, padding): + """ + Returns encrypted bytes. + """ + @six.add_metaclass(abc.ABCMeta) class DSABackend(object): diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 16b963ae..7d48228a 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -475,6 +475,12 @@ class Backend(object): ) def decrypt_rsa(self, private_key, ciphertext, padding): + return self._enc_dec_rsa(b"DECRYPT", private_key, ciphertext, padding) + + def encrypt_rsa(self, public_key, plaintext, padding): + return self._enc_dec_rsa(b"ENCRYPT", public_key, plaintext, padding) + + def _enc_dec_rsa(self, enc_dec, key, data, padding): if isinstance(padding, PKCS1v15): padding_enum = self._lib.RSA_PKCS1_PADDING elif isinstance(padding, OAEP): @@ -508,24 +514,31 @@ class Backend(object): _Reasons.UNSUPPORTED_PADDING ) - key_size_bytes = int(math.ceil(private_key.key_size / 8.0)) - if key_size_bytes < len(ciphertext): - raise ValueError("Ciphertext too large for key size") + key_size_bytes = int(math.ceil(key.key_size / 8.0)) + if key_size_bytes < len(data): + raise ValueError("Data too large for key size") if self._lib.Cryptography_HAS_PKEY_CTX: - return self._decrypt_rsa_pkey_ctx(private_key, ciphertext, - padding_enum) + return self._enc_dec_rsa_pkey_ctx(enc_dec, key, data, padding_enum) + else: + return self._enc_dec_rsa_098(enc_dec, key, data, padding_enum) + + def _enc_dec_rsa_pkey_ctx(self, enc_dec, key, data, padding_enum): + if enc_dec == b"ENCRYPT": + init = self._lib.EVP_PKEY_encrypt_init + crypt = self._lib.Cryptography_EVP_PKEY_encrypt + evp_pkey = self._rsa_public_key_to_evp_pkey(key) else: - return self._decrypt_rsa_098(private_key, ciphertext, padding_enum) + init = self._lib.EVP_PKEY_decrypt_init + crypt = self._lib.Cryptography_EVP_PKEY_decrypt + evp_pkey = self._rsa_private_key_to_evp_pkey(key) - def _decrypt_rsa_pkey_ctx(self, private_key, ciphertext, padding_enum): - evp_pkey = self._rsa_private_key_to_evp_pkey(private_key) pkey_ctx = self._lib.EVP_PKEY_CTX_new( evp_pkey, self._ffi.NULL ) assert pkey_ctx != self._ffi.NULL pkey_ctx = self._ffi.gc(pkey_ctx, self._lib.EVP_PKEY_CTX_free) - res = self._lib.EVP_PKEY_decrypt_init(pkey_ctx) + res = init(pkey_ctx) assert res == 1 res = self._lib.EVP_PKEY_CTX_set_rsa_padding( pkey_ctx, padding_enum) @@ -534,50 +547,60 @@ class Backend(object): assert buf_size > 0 outlen = self._ffi.new("size_t *", buf_size) buf = self._ffi.new("char[]", buf_size) - res = self._lib.Cryptography_EVP_PKEY_decrypt( + res = crypt( pkey_ctx, buf, outlen, - ciphertext, - len(ciphertext) + data, + len(data) ) if res <= 0: - errors = self._consume_errors() - assert errors - assert errors[0].lib == self._lib.ERR_LIB_RSA - assert ( - errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or - errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_02 - ) - raise ValueError("Decryption failed") + self._handle_rsa_enc_dec_error(enc_dec) return self._ffi.buffer(buf)[:outlen[0]] - def _decrypt_rsa_098(self, private_key, ciphertext, padding_enum): - rsa_cdata = self._rsa_cdata_from_private_key(private_key) + def _enc_dec_rsa_098(self, enc_dec, key, data, padding_enum): + if enc_dec == b"ENCRYPT": + crypt = self._lib.RSA_public_encrypt + rsa_cdata = self._rsa_cdata_from_public_key(key) + else: + crypt = self._lib.RSA_private_decrypt + rsa_cdata = self._rsa_cdata_from_private_key(key) + rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) key_size = self._lib.RSA_size(rsa_cdata) assert key_size > 0 buf = self._ffi.new("unsigned char[]", key_size) - res = self._lib.RSA_private_decrypt( - len(ciphertext), - ciphertext, + res = crypt( + len(data), + data, buf, rsa_cdata, padding_enum ) if res < 0: - errors = self._consume_errors() - assert errors - assert errors[0].lib == self._lib.ERR_LIB_RSA + self._handle_rsa_enc_dec_error(enc_dec) + + return self._ffi.buffer(buf)[:res] + + def _handle_rsa_enc_dec_error(self, enc_dec): + errors = self._consume_errors() + assert errors + assert errors[0].lib == self._lib.ERR_LIB_RSA + if enc_dec == b"ENCRYPT": + assert (errors[0].reason == + self._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE) + raise ValueError( + "Data too long for key size. Encrypt less data or use a " + "larger key size" + ) + else: assert ( errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_02 ) raise ValueError("Decryption failed") - return self._ffi.buffer(buf)[:res] - def cmac_algorithm_supported(self, algorithm): return ( backend._lib.Cryptography_HAS_CMAC == 1 diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index cffd4e98..5d3bb36c 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -52,6 +52,15 @@ class RSAPublicKey(object): return backend.create_rsa_verification_ctx(self, signature, padding, algorithm) + def encrypt(self, plaintext, padding, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend", + _Reasons.BACKEND_MISSING_INTERFACE + ) + + return backend.encrypt_rsa(self, plaintext, padding) + @property def key_size(self): return utils.bit_length(self.modulus) diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 0349901a..ef7c0841 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -275,6 +275,18 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` provider. + .. method:: encrypt_rsa(public_key, plaintext, padding) + + :param public_key: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + .. class:: OpenSSLSerializationBackend diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 862df635..b0440695 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -267,6 +267,66 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. + .. method:: encrypt(plaintext, padding, backend) + + .. versionadded:: 0.4 + + Encrypt data using the public key. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return bytes: Encrypted data. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. + + :raises TypeError: This is raised when the padding is not an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :raises ValueError: This is raised if the data is too large for the + key size. If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` + it may also be raised for invalid label values. + + .. doctest:: + + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.asymmetric import padding, rsa + + >>> private_key = rsa.RSAPrivateKey.generate( + ... public_exponent=65537, + ... key_size=2048, + ... backend=default_backend() + ... ) + >>> public_key = private_key.public_key() + >>> ciphertext = public_key.encrypt( + >>> plaintext, + >>> padding.OAEP( + >>> mgf=padding.MGF1(algorithm=hashes.SHA1()), + >>> algorithm=hashes.SHA1(), + >>> label=None + >>> ), + >>> default_backend() + >>> ) + Handling partial RSA private keys --------------------------------- diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 3b837a0d..c76582c0 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -263,6 +263,23 @@ Asymmetric interfaces :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + .. method:: encrypt(plaintext, padding, backend) + + .. versionadded:: 0.4 + + Encrypt data with the public key. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return bytes: Encrypted data. .. attribute:: modulus diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 7cf6e2f0..2661c1e9 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1379,3 +1379,126 @@ class TestRSADecryption(object): ), backend ) + + +@pytest.mark.rsa +class TestRSAEncryption(object): + @pytest.mark.parametrize( + "key_size,pad", + itertools.product( + (1024, 1025, 1029, 1031, 1536, 2048), + ( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + padding.PKCS1v15() + ) + ) + ) + def test_rsa_encrypt(self, key_size, pad, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=key_size, + backend=backend + ) + pt = b"encrypt me!" + public_key = private_key.public_key() + ct = public_key.encrypt( + pt, + pad, + backend + ) + assert ct != pt + assert len(ct) == math.ceil(public_key.key_size / 8.0) + recovered_pt = private_key.decrypt( + ct, + pad, + backend + ) + assert recovered_pt == pt + + @pytest.mark.parametrize( + "key_size,pad", + itertools.product( + (1024, 1025, 1029, 1031, 1536, 2048), + ( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + padding.PKCS1v15() + ) + ) + ) + def test_rsa_encrypt_key_too_small(self, key_size, pad, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=key_size, + backend=backend + ) + public_key = private_key.public_key() + with pytest.raises(ValueError): + public_key.encrypt( + b"\x00" * (key_size // 8 - 1), + pad, + backend + ) + + def test_rsa_encrypt_data_too_large(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + with pytest.raises(ValueError): + public_key.encrypt( + b"\x00" * 129, + padding.PKCS1v15(), + backend + ) + + def test_rsa_encrypt_invalid_backend(self, backend): + pretend_backend = object() + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + public_key.encrypt( + b"irrelevant", + padding.PKCS1v15(), + pretend_backend + ) + + def test_unsupported_padding(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): + public_key.encrypt(b"somedata", DummyPadding(), backend) + + def test_unsupported_oaep_mgf(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): + public_key.encrypt( + b"ciphertext", + padding.OAEP( + mgf=DummyMGF(), + algorithm=hashes.SHA1(), + label=None + ), + backend + ) -- cgit v1.2.3 From 4721d6367d6dd648ebf9ba6eef5a90fd0ee2f69b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:08:54 -0500 Subject: update changelog --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 106e0ab2..2fa5e3ed 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Changelog removed from ``MGF1`` in two releases per our :doc:`/api-stability` policy. * Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`. +* Added decryption support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` + and encryption support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. 0.3 - 2014-03-27 ~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From c84b3fb5e150ad1d6a1a5f40b80d392461448665 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:12:28 -0500 Subject: change doctest to codeblock until we add multibackend support for encrypt --- docs/hazmat/primitives/asymmetric/rsa.rst | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index b0440695..ed0e1008 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -305,27 +305,27 @@ RSA :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` it may also be raised for invalid label values. - .. doctest:: + .. code-block:: python from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding, rsa - >>> private_key = rsa.RSAPrivateKey.generate( - ... public_exponent=65537, - ... key_size=2048, - ... backend=default_backend() - ... ) - >>> public_key = private_key.public_key() - >>> ciphertext = public_key.encrypt( - >>> plaintext, - >>> padding.OAEP( - >>> mgf=padding.MGF1(algorithm=hashes.SHA1()), - >>> algorithm=hashes.SHA1(), - >>> label=None - >>> ), - >>> default_backend() - >>> ) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=2048, + backend=default_backend() + ) + public_key = private_key.public_key() + ciphertext = public_key.encrypt( + plaintext, + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + default_backend() + ) Handling partial RSA private keys -- cgit v1.2.3 From 6ff1348dc76c8f900cabe0d281ef898cce6693f7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 13:25:30 -0500 Subject: determine operation type by isinstance on the key --- cryptography/hazmat/backends/openssl/backend.py | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 7d48228a..f1cd910b 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -475,12 +475,12 @@ class Backend(object): ) def decrypt_rsa(self, private_key, ciphertext, padding): - return self._enc_dec_rsa(b"DECRYPT", private_key, ciphertext, padding) + return self._enc_dec_rsa(private_key, ciphertext, padding) def encrypt_rsa(self, public_key, plaintext, padding): - return self._enc_dec_rsa(b"ENCRYPT", public_key, plaintext, padding) + return self._enc_dec_rsa(public_key, plaintext, padding) - def _enc_dec_rsa(self, enc_dec, key, data, padding): + def _enc_dec_rsa(self, key, data, padding): if isinstance(padding, PKCS1v15): padding_enum = self._lib.RSA_PKCS1_PADDING elif isinstance(padding, OAEP): @@ -519,12 +519,12 @@ class Backend(object): raise ValueError("Data too large for key size") if self._lib.Cryptography_HAS_PKEY_CTX: - return self._enc_dec_rsa_pkey_ctx(enc_dec, key, data, padding_enum) + return self._enc_dec_rsa_pkey_ctx(key, data, padding_enum) else: - return self._enc_dec_rsa_098(enc_dec, key, data, padding_enum) + return self._enc_dec_rsa_098(key, data, padding_enum) - def _enc_dec_rsa_pkey_ctx(self, enc_dec, key, data, padding_enum): - if enc_dec == b"ENCRYPT": + def _enc_dec_rsa_pkey_ctx(self, key, data, padding_enum): + if isinstance(key, rsa.RSAPublicKey): init = self._lib.EVP_PKEY_encrypt_init crypt = self._lib.Cryptography_EVP_PKEY_encrypt evp_pkey = self._rsa_public_key_to_evp_pkey(key) @@ -555,12 +555,12 @@ class Backend(object): len(data) ) if res <= 0: - self._handle_rsa_enc_dec_error(enc_dec) + self._handle_rsa_enc_dec_error(key) return self._ffi.buffer(buf)[:outlen[0]] - def _enc_dec_rsa_098(self, enc_dec, key, data, padding_enum): - if enc_dec == b"ENCRYPT": + def _enc_dec_rsa_098(self, key, data, padding_enum): + if isinstance(key, rsa.RSAPublicKey): crypt = self._lib.RSA_public_encrypt rsa_cdata = self._rsa_cdata_from_public_key(key) else: @@ -579,15 +579,15 @@ class Backend(object): padding_enum ) if res < 0: - self._handle_rsa_enc_dec_error(enc_dec) + self._handle_rsa_enc_dec_error(key) return self._ffi.buffer(buf)[:res] - def _handle_rsa_enc_dec_error(self, enc_dec): + def _handle_rsa_enc_dec_error(self, key): errors = self._consume_errors() assert errors assert errors[0].lib == self._lib.ERR_LIB_RSA - if enc_dec == b"ENCRYPT": + if isinstance(key, rsa.RSAPublicKey): assert (errors[0].reason == self._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE) raise ValueError( -- cgit v1.2.3 From 4ce810e22ccbf9ed1eadb4695e4cbe4cb59230fa Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 15:51:26 -0500 Subject: improve style in test, update docs for rsa encryption review --- docs/hazmat/primitives/asymmetric/rsa.rst | 3 ++- tests/hazmat/primitives/test_rsa.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index ed0e1008..68ad089d 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -271,7 +271,8 @@ RSA .. versionadded:: 0.4 - Encrypt data using the public key. + Encrypt data using the public key. The resulting ciphertext can only + be decrypted with the private key. :param bytes plaintext: The plaintext to encrypt. diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 2661c1e9..adc46de4 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1420,7 +1420,7 @@ class TestRSAEncryption(object): assert recovered_pt == pt @pytest.mark.parametrize( - "key_size,pad", + ["key_size", "pad"], itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( -- cgit v1.2.3 From c83e6ef3a210a0294658baf1f7e6ecbd7a7e3d05 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 17:30:33 -0500 Subject: another style fix in the rsa tests that I missed last time... --- tests/hazmat/primitives/test_rsa.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index adc46de4..7d104da7 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1384,7 +1384,7 @@ class TestRSADecryption(object): @pytest.mark.rsa class TestRSAEncryption(object): @pytest.mark.parametrize( - "key_size,pad", + ("key_size", "pad"), itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( @@ -1420,7 +1420,7 @@ class TestRSAEncryption(object): assert recovered_pt == pt @pytest.mark.parametrize( - ["key_size", "pad"], + ("key_size", "pad"), itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( -- cgit v1.2.3 From e86d8827de205c6d476e1567e887e0852a608110 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Apr 2014 09:08:42 -0500 Subject: move ct length check into decrypt function, address review comments --- cryptography/hazmat/backends/openssl/backend.py | 8 ++++---- tests/hazmat/primitives/test_rsa.py | 21 ++++++++------------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index f1cd910b..2114cd8f 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -475,6 +475,10 @@ class Backend(object): ) def decrypt_rsa(self, private_key, ciphertext, padding): + key_size_bytes = int(math.ceil(private_key.key_size / 8.0)) + if key_size_bytes != len(ciphertext): + raise ValueError("Ciphertext length must be equal to key size.") + return self._enc_dec_rsa(private_key, ciphertext, padding) def encrypt_rsa(self, public_key, plaintext, padding): @@ -514,10 +518,6 @@ class Backend(object): _Reasons.UNSUPPORTED_PADDING ) - key_size_bytes = int(math.ceil(key.key_size / 8.0)) - if key_size_bytes < len(data): - raise ValueError("Data too large for key size") - if self._lib.Cryptography_HAS_PKEY_CTX: return self._enc_dec_rsa_pkey_ctx(key, data, padding_enum) else: diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 7d104da7..602f5243 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1276,7 +1276,7 @@ class TestRSADecryption(object): backend=backend ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt(b"somedata", DummyPadding(), backend) + private_key.decrypt(b"0" * 64, DummyPadding(), backend) def test_decrypt_invalid_decrypt(self, backend): private_key = rsa.RSAPrivateKey.generate( @@ -1371,7 +1371,7 @@ class TestRSADecryption(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=DummyMGF(), algorithm=hashes.SHA1(), @@ -1386,7 +1386,7 @@ class TestRSAEncryption(object): @pytest.mark.parametrize( ("key_size", "pad"), itertools.product( - (1024, 1025, 1029, 1031, 1536, 2048), + (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), @@ -1422,7 +1422,7 @@ class TestRSAEncryption(object): @pytest.mark.parametrize( ("key_size", "pad"), itertools.product( - (1024, 1025, 1029, 1031, 1536, 2048), + (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), @@ -1440,6 +1440,7 @@ class TestRSAEncryption(object): backend=backend ) public_key = private_key.public_key() + # Slightly smaller than the key size but not enough for padding. with pytest.raises(ValueError): public_key.encrypt( b"\x00" * (key_size // 8 - 1), @@ -1447,17 +1448,11 @@ class TestRSAEncryption(object): backend ) - def test_rsa_encrypt_data_too_large(self, backend): - private_key = rsa.RSAPrivateKey.generate( - public_exponent=65537, - key_size=512, - backend=backend - ) - public_key = private_key.public_key() + # Larger than the key size. with pytest.raises(ValueError): public_key.encrypt( - b"\x00" * 129, - padding.PKCS1v15(), + b"\x00" * (key_size // 8 + 5), + pad, backend ) -- cgit v1.2.3 From 857c0e9c18206c35958a4ad573e7c36a743daabd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Apr 2014 09:25:08 -0500 Subject: update some decryption tests --- tests/hazmat/backends/test_openssl.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 58511666..bba7d758 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -301,7 +301,7 @@ class TestOpenSSLRSA(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA1(), @@ -318,7 +318,7 @@ class TestOpenSSLRSA(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA256(), @@ -335,7 +335,7 @@ class TestOpenSSLRSA(object): ) with pytest.raises(ValueError): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), -- cgit v1.2.3