From 4e602f383aa7ee7e43b344e805d92f9626f4a8c7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:07:54 -0500 Subject: RSA encryption support --- tests/hazmat/primitives/test_rsa.py | 123 ++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 7cf6e2f0..2661c1e9 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1379,3 +1379,126 @@ class TestRSADecryption(object): ), backend ) + + +@pytest.mark.rsa +class TestRSAEncryption(object): + @pytest.mark.parametrize( + "key_size,pad", + itertools.product( + (1024, 1025, 1029, 1031, 1536, 2048), + ( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + padding.PKCS1v15() + ) + ) + ) + def test_rsa_encrypt(self, key_size, pad, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=key_size, + backend=backend + ) + pt = b"encrypt me!" + public_key = private_key.public_key() + ct = public_key.encrypt( + pt, + pad, + backend + ) + assert ct != pt + assert len(ct) == math.ceil(public_key.key_size / 8.0) + recovered_pt = private_key.decrypt( + ct, + pad, + backend + ) + assert recovered_pt == pt + + @pytest.mark.parametrize( + "key_size,pad", + itertools.product( + (1024, 1025, 1029, 1031, 1536, 2048), + ( + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + padding.PKCS1v15() + ) + ) + ) + def test_rsa_encrypt_key_too_small(self, key_size, pad, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=key_size, + backend=backend + ) + public_key = private_key.public_key() + with pytest.raises(ValueError): + public_key.encrypt( + b"\x00" * (key_size // 8 - 1), + pad, + backend + ) + + def test_rsa_encrypt_data_too_large(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + with pytest.raises(ValueError): + public_key.encrypt( + b"\x00" * 129, + padding.PKCS1v15(), + backend + ) + + def test_rsa_encrypt_invalid_backend(self, backend): + pretend_backend = object() + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + public_key.encrypt( + b"irrelevant", + padding.PKCS1v15(), + pretend_backend + ) + + def test_unsupported_padding(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): + public_key.encrypt(b"somedata", DummyPadding(), backend) + + def test_unsupported_oaep_mgf(self, backend): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key.public_key() + + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): + public_key.encrypt( + b"ciphertext", + padding.OAEP( + mgf=DummyMGF(), + algorithm=hashes.SHA1(), + label=None + ), + backend + ) -- cgit v1.2.3 From 4ce810e22ccbf9ed1eadb4695e4cbe4cb59230fa Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 15:51:26 -0500 Subject: improve style in test, update docs for rsa encryption review --- tests/hazmat/primitives/test_rsa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 2661c1e9..adc46de4 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1420,7 +1420,7 @@ class TestRSAEncryption(object): assert recovered_pt == pt @pytest.mark.parametrize( - "key_size,pad", + ["key_size", "pad"], itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( -- cgit v1.2.3 From c83e6ef3a210a0294658baf1f7e6ecbd7a7e3d05 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 17:30:33 -0500 Subject: another style fix in the rsa tests that I missed last time... --- tests/hazmat/primitives/test_rsa.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index adc46de4..7d104da7 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1384,7 +1384,7 @@ class TestRSADecryption(object): @pytest.mark.rsa class TestRSAEncryption(object): @pytest.mark.parametrize( - "key_size,pad", + ("key_size", "pad"), itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( @@ -1420,7 +1420,7 @@ class TestRSAEncryption(object): assert recovered_pt == pt @pytest.mark.parametrize( - ["key_size", "pad"], + ("key_size", "pad"), itertools.product( (1024, 1025, 1029, 1031, 1536, 2048), ( -- cgit v1.2.3 From e86d8827de205c6d476e1567e887e0852a608110 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Apr 2014 09:08:42 -0500 Subject: move ct length check into decrypt function, address review comments --- tests/hazmat/primitives/test_rsa.py | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 7d104da7..602f5243 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1276,7 +1276,7 @@ class TestRSADecryption(object): backend=backend ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): - private_key.decrypt(b"somedata", DummyPadding(), backend) + private_key.decrypt(b"0" * 64, DummyPadding(), backend) def test_decrypt_invalid_decrypt(self, backend): private_key = rsa.RSAPrivateKey.generate( @@ -1371,7 +1371,7 @@ class TestRSADecryption(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=DummyMGF(), algorithm=hashes.SHA1(), @@ -1386,7 +1386,7 @@ class TestRSAEncryption(object): @pytest.mark.parametrize( ("key_size", "pad"), itertools.product( - (1024, 1025, 1029, 1031, 1536, 2048), + (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), @@ -1422,7 +1422,7 @@ class TestRSAEncryption(object): @pytest.mark.parametrize( ("key_size", "pad"), itertools.product( - (1024, 1025, 1029, 1031, 1536, 2048), + (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ( padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), @@ -1440,6 +1440,7 @@ class TestRSAEncryption(object): backend=backend ) public_key = private_key.public_key() + # Slightly smaller than the key size but not enough for padding. with pytest.raises(ValueError): public_key.encrypt( b"\x00" * (key_size // 8 - 1), @@ -1447,17 +1448,11 @@ class TestRSAEncryption(object): backend ) - def test_rsa_encrypt_data_too_large(self, backend): - private_key = rsa.RSAPrivateKey.generate( - public_exponent=65537, - key_size=512, - backend=backend - ) - public_key = private_key.public_key() + # Larger than the key size. with pytest.raises(ValueError): public_key.encrypt( - b"\x00" * 129, - padding.PKCS1v15(), + b"\x00" * (key_size // 8 + 5), + pad, backend ) -- cgit v1.2.3 From 857c0e9c18206c35958a4ad573e7c36a743daabd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Apr 2014 09:25:08 -0500 Subject: update some decryption tests --- tests/hazmat/backends/test_openssl.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 58511666..bba7d758 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -301,7 +301,7 @@ class TestOpenSSLRSA(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA1(), @@ -318,7 +318,7 @@ class TestOpenSSLRSA(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA256(), @@ -335,7 +335,7 @@ class TestOpenSSLRSA(object): ) with pytest.raises(ValueError): private_key.decrypt( - b"ciphertext", + b"0" * 64, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), -- cgit v1.2.3