From afc1ccdcc86371588328c7894d230c9db3757359 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 11:49:32 -0400 Subject: import order fixes for future automated checking --- tests/conftest.py | 4 ++-- tests/hazmat/backends/test_commoncrypto.py | 2 +- tests/hazmat/backends/test_multibackend.py | 2 +- tests/hazmat/backends/test_openssl.py | 8 ++++---- tests/hazmat/primitives/test_aes.py | 2 +- tests/hazmat/primitives/test_block.py | 2 +- tests/hazmat/primitives/test_ciphers.py | 2 +- tests/hazmat/primitives/test_hkdf.py | 3 +-- tests/hazmat/primitives/test_hmac.py | 2 +- tests/hazmat/primitives/test_pbkdf2hmac.py | 4 ++-- tests/hazmat/primitives/test_rsa.py | 4 ++-- tests/hazmat/primitives/twofactor/test_hotp.py | 4 ++-- tests/hazmat/primitives/twofactor/test_totp.py | 2 +- tests/hazmat/primitives/utils.py | 14 ++++++-------- tests/test_utils.py | 8 ++++---- tests/utils.py | 2 +- 16 files changed, 31 insertions(+), 34 deletions(-) (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 36183f46..8e89af57 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -17,10 +17,10 @@ import pytest from cryptography.hazmat.backends import _available_backends from cryptography.hazmat.backends.interfaces import ( - HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend, RSABackend + CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) -from .utils import check_for_iface, check_backend_support, select_backends +from .utils import check_backend_support, check_for_iface, select_backends def pytest_generate_tests(metafunc): diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 1062b2ba..72ed61c0 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -16,7 +16,7 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedCipher, InternalError +from cryptography.exceptions import InternalError, UnsupportedCipher from cryptography.hazmat.bindings.commoncrypto.binding import Binding from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers.algorithms import AES diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 31fb0a26..c5c0d82a 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -20,7 +20,7 @@ from cryptography.exceptions import ( UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash ) from cryptography.hazmat.backends.interfaces import ( - CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend + CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend ) from cryptography.hazmat.backends.multibackend import MultiBackend from cryptography.hazmat.primitives import hashes, hmac diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index c5d0a013..501ee0f6 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -17,11 +17,11 @@ import pytest from cryptography import utils from cryptography.exceptions import ( - UnsupportedCipher, UnsupportedHash, InternalError + InternalError, UnsupportedCipher, UnsupportedHash ) -from cryptography.hazmat.backends.openssl.backend import backend, Backend -from cryptography.hazmat.primitives import interfaces, hashes -from cryptography.hazmat.primitives.asymmetric import rsa, padding +from cryptography.hazmat.backends.openssl.backend import Backend, backend +from cryptography.hazmat.primitives import hashes, interfaces +from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index ad3626af..03be268d 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -20,7 +20,7 @@ import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes -from .utils import generate_encrypt_test, generate_aead_test +from .utils import generate_aead_test, generate_encrypt_test from ...utils import load_nist_vectors diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 8ff00fd9..f2dab6cf 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography import utils -from cryptography.exceptions import UnsupportedCipher, AlreadyFinalized +from cryptography.exceptions import AlreadyFinalized, UnsupportedCipher from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index bd9625e9..1bea0bdb 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -20,7 +20,7 @@ import pytest from cryptography.exceptions import UnsupportedInterface from cryptography.hazmat.primitives import ciphers from cryptography.hazmat.primitives.ciphers.algorithms import ( - AES, Camellia, TripleDES, Blowfish, ARC4, CAST5, IDEA + AES, ARC4, Blowfish, CAST5, Camellia, IDEA, TripleDES ) from cryptography.hazmat.primitives.ciphers.modes import ECB diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index 963fb69c..989709c6 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -13,9 +13,8 @@ from __future__ import absolute_import, division, print_function -import six - import pytest +import six from cryptography.exceptions import ( AlreadyFinalized, InvalidKey, UnsupportedInterface diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 3589e6ac..1065359a 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -21,7 +21,7 @@ import six from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedHash, InvalidSignature, UnsupportedInterface + AlreadyFinalized, InvalidSignature, UnsupportedHash, UnsupportedInterface ) from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index bf1e7f14..585693ea 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -18,11 +18,11 @@ import six from cryptography import utils from cryptography.exceptions import ( - InvalidKey, UnsupportedHash, AlreadyFinalized, UnsupportedInterface + AlreadyFinalized, InvalidKey, UnsupportedHash, UnsupportedInterface ) +from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC -from cryptography.hazmat.backends import default_backend @utils.register_interface(interfaces.HashAlgorithm) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 955e69c9..67b5b2e0 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -25,11 +25,11 @@ from cryptography.exceptions import ( UnsupportedAlgorithm, UnsupportedInterface ) from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import rsa, padding +from cryptography.hazmat.primitives.asymmetric import padding, rsa from .utils import generate_rsa_pss_test from ...utils import ( - load_pkcs1_vectors, load_vectors_from_file, load_rsa_nist_vectors + load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 548c6264..7692a082 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -18,10 +18,10 @@ import os import pytest from cryptography.exceptions import InvalidToken, UnsupportedInterface -from cryptography.hazmat.primitives.twofactor.hotp import HOTP from cryptography.hazmat.primitives import hashes -from tests.utils import load_vectors_from_file, load_nist_vectors from cryptography.hazmat.primitives.hashes import MD5, SHA1 +from cryptography.hazmat.primitives.twofactor.hotp import HOTP +from tests.utils import load_nist_vectors, load_vectors_from_file vectors = load_vectors_from_file( "twofactor/rfc-4226.txt", load_nist_vectors) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index 294c19ab..0b10c969 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -18,7 +18,7 @@ import pytest from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP -from tests.utils import load_vectors_from_file, load_nist_vectors +from tests.utils import load_nist_vectors, load_vectors_from_file vectors = load_vectors_from_file( "twofactor/rfc-6238.txt", load_nist_vectors) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 31491023..a29ef70e 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -14,21 +14,19 @@ from __future__ import absolute_import, division, print_function import binascii -import os - import itertools +import os import pytest +from cryptography.exceptions import ( + AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized +) from cryptography.hazmat.primitives import hashes, hmac -from cryptography.hazmat.primitives.asymmetric import rsa, padding -from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.kdf.hkdf import HKDF - -from cryptography.exceptions import ( - AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag, -) +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from ...utils import load_vectors_from_file diff --git a/tests/test_utils.py b/tests/test_utils.py index 1003d61d..e5ab4cf1 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -21,10 +21,10 @@ import pretend import pytest from .utils import ( - load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_hash_vectors, check_for_iface, check_backend_support, - select_backends, load_pkcs1_vectors, load_rsa_nist_vectors, - load_fips_dsa_key_pair_vectors + check_backend_support, check_for_iface, load_cryptrec_vectors, + load_fips_dsa_key_pair_vectors, load_hash_vectors, load_nist_vectors, + load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file, + select_backends ) diff --git a/tests/utils.py b/tests/utils.py index 4d6882c2..81a86dfc 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -16,8 +16,8 @@ from __future__ import absolute_import, division, print_function import collections import os -import six import pytest +import six HashVector = collections.namedtuple("HashVector", ["message", "digest"]) -- cgit v1.2.3 From 90450f362629872dd2b6756ac0ff55ca8aecf30b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 12:37:17 -0400 Subject: a few small fixes --- tests/hazmat/primitives/test_hkdf.py | 1 + tests/hazmat/primitives/twofactor/test_hotp.py | 3 ++- tests/hazmat/primitives/twofactor/test_totp.py | 3 ++- tests/utils.py | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index 989709c6..367addc9 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import pytest + import six from cryptography.exceptions import ( diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 7692a082..4bb7c6b3 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -21,7 +21,8 @@ from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.hashes import MD5, SHA1 from cryptography.hazmat.primitives.twofactor.hotp import HOTP -from tests.utils import load_nist_vectors, load_vectors_from_file + +from ....utils import load_nist_vectors, load_vectors_from_file vectors = load_vectors_from_file( "twofactor/rfc-4226.txt", load_nist_vectors) diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py index 0b10c969..d5b0a8ed 100644 --- a/tests/hazmat/primitives/twofactor/test_totp.py +++ b/tests/hazmat/primitives/twofactor/test_totp.py @@ -18,7 +18,8 @@ import pytest from cryptography.exceptions import InvalidToken, UnsupportedInterface from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.twofactor.totp import TOTP -from tests.utils import load_nist_vectors, load_vectors_from_file + +from ....utils import load_nist_vectors, load_vectors_from_file vectors = load_vectors_from_file( "twofactor/rfc-6238.txt", load_nist_vectors) diff --git a/tests/utils.py b/tests/utils.py index 81a86dfc..79996b6d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -17,6 +17,7 @@ import collections import os import pytest + import six -- cgit v1.2.3 From 49c8e2146492e83315145f803dfb0b746203e8e4 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 18 Mar 2014 07:54:34 -0400 Subject: add FIPS 186-2/3 signature verification tests for RSA PKCSv15 and PSS --- tests/hazmat/primitives/test_rsa.py | 117 ++++++++++++++++++++++++++++++++---- tests/hazmat/primitives/utils.py | 32 ++++++---- 2 files changed, 127 insertions(+), 22 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 67b5b2e0..ae0b4538 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,7 +27,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_pss_test +from .utils import generate_rsa_signature_test from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -754,14 +754,16 @@ class TestRSAVerification(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha1 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA1() + hashes.SHA1(), + padding.PSS ) @@ -771,14 +773,16 @@ class TestRSAPSSMGF1VerificationSHA1(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha224 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA224() + hashes.SHA224(), + padding.PSS ) @@ -788,14 +792,16 @@ class TestRSAPSSMGF1VerificationSHA224(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha256 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA256() + hashes.SHA256(), + padding.PSS ) @@ -805,14 +811,16 @@ class TestRSAPSSMGF1VerificationSHA256(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha384 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA384() + hashes.SHA384(), + padding.PSS ) @@ -822,14 +830,101 @@ class TestRSAPSSMGF1VerificationSHA384(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_pss_test( + test_rsa_pss_mgf1_sha512 = generate_rsa_signature_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ "SigGenPSS_186-2.rsp", "SigGenPSS_186-3.rsp", + "SigVerPSS_186-3.rsp", ], - hashes.SHA512() + hashes.SHA512(), + padding.PSS + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA1(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA224Verification(object): + test_rsa_pkcs1v15_verify_sha224 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA224(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA256Verification(object): + test_rsa_pkcs1v15_verify_sha256 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA256(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA384Verification(object): + test_rsa_pkcs1v15_verify_sha384 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA384(), + padding.PKCS1v15 + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512", +) +@pytest.mark.rsa +class TestRSAPKCS1SHA512Verification(object): + test_rsa_pkcs1v15_verify_sha512 = generate_rsa_signature_test( + load_rsa_nist_vectors, + os.path.join("asymmetric", "RSA", "FIPS_186-2"), + [ + "SigVer15_186-3.rsp", + ], + hashes.SHA512(), + padding.PKCS1v15 ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index a29ef70e..5db9a193 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -20,7 +20,8 @@ import os import pytest from cryptography.exceptions import ( - AlreadyFinalized, AlreadyUpdated, InvalidTag, NotYetFinalized + AlreadyFinalized, AlreadyUpdated, InvalidSignature, InvalidTag, + NotYetFinalized ) from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import padding, rsa @@ -374,33 +375,42 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf -def generate_rsa_pss_test(param_loader, path, file_names, hash_alg): +def generate_rsa_signature_test(param_loader, path, file_names, hash_alg, + pad_cls): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) - def test_rsa_pss(self, backend, params): - rsa_pss_test(backend, params, hash_alg) + def test_rsa_signature(self, backend, params): + rsa_signature_test(backend, params, hash_alg, pad_cls) - return test_rsa_pss + return test_rsa_signature -def rsa_pss_test(backend, params, hash_alg): +def rsa_signature_test(backend, params, hash_alg, pad_cls): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] ) - verifier = public_key.verifier( - binascii.unhexlify(params["s"]), - padding.PSS( + if pad_cls is padding.PKCS1v15: + pad = padding.PKCS1v15() + else: + pad = padding.PSS( mgf=padding.MGF1( algorithm=hash_alg, salt_length=params["salt_length"] ) - ), + ) + verifier = public_key.verifier( + binascii.unhexlify(params["s"]), + pad, hash_alg, backend ) verifier.update(binascii.unhexlify(params["msg"])) - verifier.verify() + if params["fail"]: + with pytest.raises(InvalidSignature): + verifier.verify() + else: + verifier.verify() -- cgit v1.2.3 From f29c3c55e86714dcdb81dd3a4625f9707966be78 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:35:40 -0400 Subject: rename some things --- tests/hazmat/primitives/test_rsa.py | 22 +++++++++++----------- tests/hazmat/primitives/utils.py | 12 ++++++------ 2 files changed, 17 insertions(+), 17 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index ae0b4538..cf201212 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -27,7 +27,7 @@ from cryptography.exceptions import ( from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import padding, rsa -from .utils import generate_rsa_signature_test +from .utils import generate_rsa_verification_test from ...utils import ( load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file ) @@ -754,7 +754,7 @@ class TestRSAVerification(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha1 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -773,7 +773,7 @@ class TestRSAPSSMGF1VerificationSHA1(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha224 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -792,7 +792,7 @@ class TestRSAPSSMGF1VerificationSHA224(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha256 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -811,7 +811,7 @@ class TestRSAPSSMGF1VerificationSHA256(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha384 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -830,7 +830,7 @@ class TestRSAPSSMGF1VerificationSHA384(object): ) @pytest.mark.rsa class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_signature_test( + test_rsa_pss_mgf1_sha512 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -849,7 +849,7 @@ class TestRSAPSSMGF1VerificationSHA512(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA1Verification(object): - test_rsa_pkcs1v15_verify_sha1 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha1 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -866,7 +866,7 @@ class TestRSAPKCS1SHA1Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA224Verification(object): - test_rsa_pkcs1v15_verify_sha224 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha224 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -883,7 +883,7 @@ class TestRSAPKCS1SHA224Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA256Verification(object): - test_rsa_pkcs1v15_verify_sha256 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha256 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -900,7 +900,7 @@ class TestRSAPKCS1SHA256Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA384Verification(object): - test_rsa_pkcs1v15_verify_sha384 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha384 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -917,7 +917,7 @@ class TestRSAPKCS1SHA384Verification(object): ) @pytest.mark.rsa class TestRSAPKCS1SHA512Verification(object): - test_rsa_pkcs1v15_verify_sha512 = generate_rsa_signature_test( + test_rsa_pkcs1v15_verify_sha512 = generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 5db9a193..89d0f5f1 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -375,20 +375,20 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf -def generate_rsa_signature_test(param_loader, path, file_names, hash_alg, - pad_cls): +def generate_rsa_verification_test(param_loader, path, file_names, hash_alg, + pad_cls): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) - def test_rsa_signature(self, backend, params): - rsa_signature_test(backend, params, hash_alg, pad_cls) + def test_rsa_verification(self, backend, params): + rsa_verification_test(backend, params, hash_alg, pad_cls) - return test_rsa_signature + return test_rsa_verification -def rsa_signature_test(backend, params, hash_alg, pad_cls): +def rsa_verification_test(backend, params, hash_alg, pad_cls): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] -- cgit v1.2.3 From c85f1797e4a02c0f4bcf5e70d0dc93bd46ec3d85 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:45:42 -0400 Subject: switch to a lambda --- tests/hazmat/primitives/test_rsa.py | 45 ++++++++++++++++++++++++++++--------- tests/hazmat/primitives/utils.py | 18 +++++---------- 2 files changed, 40 insertions(+), 23 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index cf201212..97ca3935 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -763,7 +763,12 @@ class TestRSAPSSMGF1VerificationSHA1(object): "SigVerPSS_186-3.rsp", ], hashes.SHA1(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -782,7 +787,12 @@ class TestRSAPSSMGF1VerificationSHA224(object): "SigVerPSS_186-3.rsp", ], hashes.SHA224(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -801,7 +811,12 @@ class TestRSAPSSMGF1VerificationSHA256(object): "SigVerPSS_186-3.rsp", ], hashes.SHA256(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -820,7 +835,12 @@ class TestRSAPSSMGF1VerificationSHA384(object): "SigVerPSS_186-3.rsp", ], hashes.SHA384(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -839,7 +859,12 @@ class TestRSAPSSMGF1VerificationSHA512(object): "SigVerPSS_186-3.rsp", ], hashes.SHA512(), - padding.PSS + lambda params, hash_alg: padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=params["salt_length"] + ) + ) ) @@ -856,7 +881,7 @@ class TestRSAPKCS1SHA1Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA1(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -873,7 +898,7 @@ class TestRSAPKCS1SHA224Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA224(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -890,7 +915,7 @@ class TestRSAPKCS1SHA256Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA256(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -907,7 +932,7 @@ class TestRSAPKCS1SHA384Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA384(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) @@ -924,7 +949,7 @@ class TestRSAPKCS1SHA512Verification(object): "SigVer15_186-3.rsp", ], hashes.SHA512(), - padding.PKCS1v15 + lambda params, hash_alg: padding.PKCS1v15() ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 89d0f5f1..2e838474 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -24,7 +24,7 @@ from cryptography.exceptions import ( NotYetFinalized ) from cryptography.hazmat.primitives import hashes, hmac -from cryptography.hazmat.primitives.asymmetric import padding, rsa +from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.kdf.hkdf import HKDF from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC @@ -376,32 +376,24 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): def generate_rsa_verification_test(param_loader, path, file_names, hash_alg, - pad_cls): + pad_factory): all_params = _load_all_params(path, file_names, param_loader) all_params = [i for i in all_params if i["algorithm"] == hash_alg.name.upper()] @pytest.mark.parametrize("params", all_params) def test_rsa_verification(self, backend, params): - rsa_verification_test(backend, params, hash_alg, pad_cls) + rsa_verification_test(backend, params, hash_alg, pad_factory) return test_rsa_verification -def rsa_verification_test(backend, params, hash_alg, pad_cls): +def rsa_verification_test(backend, params, hash_alg, pad_factory): public_key = rsa.RSAPublicKey( public_exponent=params["public_exponent"], modulus=params["modulus"] ) - if pad_cls is padding.PKCS1v15: - pad = padding.PKCS1v15() - else: - pad = padding.PSS( - mgf=padding.MGF1( - algorithm=hash_alg, - salt_length=params["salt_length"] - ) - ) + pad = pad_factory(params, hash_alg) verifier = public_key.verifier( binascii.unhexlify(params["s"]), pad, -- cgit v1.2.3 From 503ddf4376beff5495f746410a268f72b5e84bb4 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 09:55:06 -0400 Subject: more concise way of generating tests --- tests/hazmat/primitives/test_rsa.py | 138 ++++++++++++++---------------------- 1 file changed, 52 insertions(+), 86 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 97ca3935..67189c24 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -748,13 +748,12 @@ class TestRSAVerification(object): verifier.verify() -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1 with MGF1." -) @pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA1(object): - test_rsa_pss_mgf1_sha1 = generate_rsa_verification_test( +class TestRSAPSSMGF1Verification(object): + test_rsa_pss_mgf1_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -769,16 +768,12 @@ class TestRSAPSSMGF1VerificationSHA1(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), - skip_message="Does not support SHA224 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA224(object): - test_rsa_pss_mgf1_sha224 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -793,16 +788,12 @@ class TestRSAPSSMGF1VerificationSHA224(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), - skip_message="Does not support SHA256 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA256(object): - test_rsa_pss_mgf1_sha256 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -817,16 +808,12 @@ class TestRSAPSSMGF1VerificationSHA256(object): salt_length=params["salt_length"] ) ) - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), - skip_message="Does not support SHA384 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA384(object): - test_rsa_pss_mgf1_sha384 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -841,16 +828,12 @@ class TestRSAPSSMGF1VerificationSHA384(object): salt_length=params["salt_length"] ) ) - ) + )) - -@pytest.mark.supported( - only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), - skip_message="Does not support SHA512 with MGF1." -) -@pytest.mark.rsa -class TestRSAPSSMGF1VerificationSHA512(object): - test_rsa_pss_mgf1_sha512 = generate_rsa_verification_test( + test_rsa_pss_mgf1_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512 with MGF1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -865,16 +848,15 @@ class TestRSAPSSMGF1VerificationSHA512(object): salt_length=params["salt_length"] ) ) - ) + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA1()), - skip_message="Does not support SHA1", -) @pytest.mark.rsa -class TestRSAPKCS1SHA1Verification(object): - test_rsa_pkcs1v15_verify_sha1 = generate_rsa_verification_test( +class TestRSAPKCS1Verification(object): + test_rsa_pkcs1v15_verify_sha1 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1()), + skip_message="Does not support SHA1." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -882,16 +864,12 @@ class TestRSAPKCS1SHA1Verification(object): ], hashes.SHA1(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA224()), - skip_message="Does not support SHA224", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA224Verification(object): - test_rsa_pkcs1v15_verify_sha224 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224()), + skip_message="Does not support SHA224." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -899,16 +877,12 @@ class TestRSAPKCS1SHA224Verification(object): ], hashes.SHA224(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA256()), - skip_message="Does not support SHA256", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA256Verification(object): - test_rsa_pkcs1v15_verify_sha256 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha256 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256()), + skip_message="Does not support SHA256." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -916,16 +890,12 @@ class TestRSAPKCS1SHA256Verification(object): ], hashes.SHA256(), lambda params, hash_alg: padding.PKCS1v15() - ) - + )) -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA384()), - skip_message="Does not support SHA384", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA384Verification(object): - test_rsa_pkcs1v15_verify_sha384 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha384 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384()), + skip_message="Does not support SHA384." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -933,16 +903,12 @@ class TestRSAPKCS1SHA384Verification(object): ], hashes.SHA384(), lambda params, hash_alg: padding.PKCS1v15() - ) + )) - -@pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA512()), - skip_message="Does not support SHA512", -) -@pytest.mark.rsa -class TestRSAPKCS1SHA512Verification(object): - test_rsa_pkcs1v15_verify_sha512 = generate_rsa_verification_test( + test_rsa_pkcs1v15_verify_sha512 = pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512()), + skip_message="Does not support SHA512." + )(generate_rsa_verification_test( load_rsa_nist_vectors, os.path.join("asymmetric", "RSA", "FIPS_186-2"), [ @@ -950,7 +916,7 @@ class TestRSAPKCS1SHA512Verification(object): ], hashes.SHA512(), lambda params, hash_alg: padding.PKCS1v15() - ) + )) class TestMGF1(object): -- cgit v1.2.3 From 4d8358fb50253bebdf637f517da8ba2406080d3f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 19 Mar 2014 19:14:15 -0400 Subject: add mgf1_hash_supported unsupported hash check --- tests/hazmat/backends/test_openssl.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 501ee0f6..5c6efbaf 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -40,6 +40,11 @@ class DummyCipher(object): name = "dummy-cipher" +@utils.register_interface(interfaces.HashAlgorithm) +class DummyHash(object): + name = "dummy-hash" + + class TestOpenSSL(object): def test_backend_exists(self): assert backend @@ -162,6 +167,9 @@ class TestOpenSSL(object): backend ) + def test_unsupported_mgf1_hash_algorithm(self): + assert backend.mgf1_hash_supported(DummyHash()) is False + # This test is not in the next class because to check if it's really # default we don't want to run the setup_method before it def test_osrandom_engine_is_default(self): -- cgit v1.2.3