From 26fcc5c24d7ef7e905181ba044447ed15746c73b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 2 Jun 2017 07:51:09 -1000 Subject: make signature and verification contexts error better re: prehashed (#3658) * make signature and verification contexts error better re: prehashed * code review feedback --- tests/hazmat/primitives/test_dsa.py | 12 ++++++++++++ tests/hazmat/primitives/test_ec.py | 16 ++++++++++++++++ tests/hazmat/primitives/test_rsa.py | 29 +++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 8160ad99..6ea05775 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -638,6 +638,18 @@ class TestDSAVerification(object): with pytest.raises(ValueError): public_key.verify(b"\x00" * 128, digest, prehashed_alg) + def test_prehashed_unsupported_in_signer_ctx(self, backend): + private_key = DSA_KEY_1024.private_key(backend) + with pytest.raises(TypeError): + private_key.signer(Prehashed(hashes.SHA1())) + + def test_prehashed_unsupported_in_verifier_ctx(self, backend): + public_key = DSA_KEY_1024.private_key(backend).public_key() + with pytest.raises(TypeError): + public_key.verifier( + b"0" * 64, Prehashed(hashes.SHA1()) + ) + @pytest.mark.requires_backend_interface(interface=DSABackend) class TestDSASignature(object): diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index d5db52ab..d9177045 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -629,6 +629,22 @@ class TestECDSAVectors(object): b"\x00" * 32, data, ec.ECDSA(Prehashed(hashes.SHA256())) ) + def test_prehashed_unsupported_in_signer_ctx(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + private_key = ec.generate_private_key(ec.SECP256R1(), backend) + with pytest.raises(TypeError): + private_key.signer(ec.ECDSA(Prehashed(hashes.SHA1()))) + + def test_prehashed_unsupported_in_verifier_ctx(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + private_key = ec.generate_private_key(ec.SECP256R1(), backend) + public_key = private_key.public_key() + with pytest.raises(TypeError): + public_key.verifier( + b"0" * 64, + ec.ECDSA(Prehashed(hashes.SHA1())) + ) + class TestECNumbersEquality(object): def test_public_numbers_eq(self): diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index cbb9be6f..7ce2746c 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -531,6 +531,35 @@ class TestRSASignature(object): with pytest.raises(ValueError): private_key.sign(digest, pss, prehashed_alg) + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5." + ) + def test_prehashed_unsupported_in_signer_ctx(self, backend): + private_key = RSA_KEY_512.private_key(backend) + with pytest.raises(TypeError): + private_key.signer( + padding.PKCS1v15(), + asym_utils.Prehashed(hashes.SHA1()) + ) + + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5." + ) + def test_prehashed_unsupported_in_verifier_ctx(self, backend): + public_key = RSA_KEY_512.private_key(backend).public_key() + with pytest.raises(TypeError): + public_key.verifier( + b"0" * 64, + padding.PKCS1v15(), + asym_utils.Prehashed(hashes.SHA1()) + ) + @pytest.mark.requires_backend_interface(interface=RSABackend) class TestRSAVerification(object): -- cgit v1.2.3