From 5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 21 Apr 2014 15:35:38 -0500 Subject: OAEP support for RSA decryption --- tests/hazmat/backends/test_openssl.py | 51 ++++++++++++++++++++++++++++++ tests/hazmat/primitives/test_rsa.py | 59 +++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) (limited to 'tests/hazmat') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 98537360..58511666 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -293,6 +293,57 @@ class TestOpenSSLRSA(object): def test_unsupported_mgf1_hash_algorithm(self): assert backend.mgf1_hash_supported(DummyHash()) is False + def test_unsupported_mgf1_hash_algorithm_decrypt(self): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"ciphertext", + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA1(), + label=None + ), + backend + ) + + def test_unsupported_oaep_hash_algorithm_decrypt(self): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"ciphertext", + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA256(), + label=None + ), + backend + ) + + def test_unsupported_oaep_label_decrypt(self): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + with pytest.raises(ValueError): + private_key.decrypt( + b"ciphertext", + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=b"label" + ), + backend + ) + @pytest.mark.skipif( backend._lib.OPENSSL_VERSION_NUMBER <= 0x10001000, diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index a5266d57..7cf6e2f0 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1227,6 +1227,17 @@ class TestMGF1(object): assert mgf._salt_length == padding.MGF1.MAX_LENGTH +class TestOAEP(object): + def test_invalid_algorithm(self): + mgf = padding.MGF1(hashes.SHA1()) + with pytest.raises(TypeError): + padding.OAEP( + mgf=mgf, + algorithm=b"", + label=None + ) + + @pytest.mark.rsa class TestRSADecryption(object): @pytest.mark.parametrize( @@ -1320,3 +1331,51 @@ class TestRSADecryption(object): padding.PKCS1v15(), pretend_backend ) + + @pytest.mark.parametrize( + "vector", + _flatten_pkcs1_examples(load_vectors_from_file( + os.path.join( + "asymmetric", "RSA", "pkcs-1v2-1d2-vec", "oaep-vect.txt"), + load_pkcs1_vectors + )) + ) + def test_decrypt_oaep_vectors(self, vector, backend): + private, public, example = vector + skey = rsa.RSAPrivateKey( + p=private["p"], + q=private["q"], + private_exponent=private["private_exponent"], + dmp1=private["dmp1"], + dmq1=private["dmq1"], + iqmp=private["iqmp"], + public_exponent=private["public_exponent"], + modulus=private["modulus"] + ) + message = skey.decrypt( + binascii.unhexlify(example["encryption"]), + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + backend + ) + assert message == binascii.unhexlify(example["message"]) + + def test_unsupported_oaep_mgf(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): + private_key.decrypt( + b"ciphertext", + padding.OAEP( + mgf=DummyMGF(), + algorithm=hashes.SHA1(), + label=None + ), + backend + ) -- cgit v1.2.3