Support for traditional OpenSSL and PKCS8 RSA private key serialization

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-02-21 18:34:00 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-02-25 07:49:52 -0600
commit: f83e25c81bb186ed8a96d4a569d5068546a24349 (patch)
tree: a34d97e993351ac1396e8d7481457cee21118171 /tests/hazmat/primitives/test_rsa.py
parent: 36394237388d19eacd3a80e79bf8c459cb234700 (diff)
download: cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.tar.gz
cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.tar.bz2
cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.zip
1 files changed, 97 insertions, 2 deletions
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 74183010..72bc08ad 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -15,8 +15,10 @@ from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidSignature, _Reasons
 )
-from cryptography.hazmat.backends.interfaces import RSABackend
-from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends.interfaces import (
+    PEMSerializationBackend, RSABackend
+)
+from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.hazmat.primitives.asymmetric.rsa import (
     RSAPrivateNumbers, RSAPublicNumbers
@@ -46,6 +48,11 @@ class DummyMGF(object):
     _salt_length = 0
 
 
+@utils.register_interface(serialization.KeySerializationEncryption)
+class DummyKeyEncryption(object):
+    pass
+
+
 def _flatten_pkcs1_examples(vectors):
     flattened_vectors = []
     for vector in vectors:
@@ -78,6 +85,18 @@ def test_modular_inverse():
     )
 
 
+def _skip_if_no_serialization(key, backend):
+    if not isinstance(key, rsa.RSAPrivateKeyWithSerialization):
+        pytest.skip(
+            "{0} does not support RSA key serialization".format(backend)
+        )
+
+
+def test_skip_if_no_serialization():
+    with pytest.raises(pytest.skip.Exception):
+        _skip_if_no_serialization("notakeywithserialization", "backend")
+
+
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 class TestRSA(object):
     @pytest.mark.parametrize(
@@ -1725,3 +1744,79 @@ class TestRSAPrimeFactorRecovery(object):
     def test_invalid_recover_prime_factors(self):
         with pytest.raises(ValueError):
             rsa.rsa_recover_prime_factors(34, 3, 7)
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=PEMSerializationBackend)
+class TestRSAPEMWriter(object):
+    @pytest.mark.parametrize(
+        ("serializer", "password"),
+        itertools.product(
+            [serialization.TraditionalOpenSSL, serialization.PKCS8],
+            [
+                b"s",
+                b"longerpassword",
+                b"!*$&(@#$*&($T@%_somesymbols",
+                b"\x01" * 1000,
+            ]
+        )
+    )
+    def test_dump_encrypted_pem(self, backend, serializer, password):
+        key = RSA_KEY_2048.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        serialized = key.dump(
+            serializer(serialization.Encoding.PEM),
+            serialization.BestAvailable(password)
+        )
+        loaded_key = serialization.load_pem_private_key(
+            serialized, password, backend
+        )
+        loaded_priv_num = loaded_key.private_numbers()
+        priv_num = key.private_numbers()
+        assert loaded_priv_num == priv_num
+
+    @pytest.mark.parametrize(
+        "serializer",
+        (serialization.TraditionalOpenSSL, serialization.PKCS8),
+    )
+    def test_dump_unencrypted_pem(self, backend, serializer):
+        key = RSA_KEY_2048.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        serialized = key.dump(
+            serializer(serialization.Encoding.PEM),
+            serialization.NoEncryption()
+        )
+        loaded_key = serialization.load_pem_private_key(
+            serialized, None, backend
+        )
+        loaded_priv_num = loaded_key.private_numbers()
+        priv_num = key.private_numbers()
+        assert loaded_priv_num == priv_num
+
+    def test_dump_invalid_serializer(self, backend):
+        key = RSA_KEY_2048.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        with pytest.raises(TypeError):
+            key.dump("notaserializer", serialization.NoEncryption())
+
+    def test_dump_invalid_encryption_algorithm(self, backend):
+        key = RSA_KEY_2048.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        with pytest.raises(TypeError):
+            key.dump(
+                serialization.TraditionalOpenSSL(
+                    serialization.Encoding.PEM
+                ),
+                "notanencalg"
+            )
+
+    def test_dump_unsupported_encryption_type(self, backend):
+        key = RSA_KEY_2048.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        with pytest.raises(ValueError):
+            key.dump(
+                serialization.TraditionalOpenSSL(
+                    serialization.Encoding.PEM
+                ),
+                DummyKeyEncryption()
+            )
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-02-21 18:34:00 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-02-25 07:49:52 -0600
commit	f83e25c81bb186ed8a96d4a569d5068546a24349 (patch)
tree	a34d97e993351ac1396e8d7481457cee21118171 /tests/hazmat/primitives/test_rsa.py
parent	36394237388d19eacd3a80e79bf8c459cb234700 (diff)
download	cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.tar.gz cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.tar.bz2 cryptography-f83e25c81bb186ed8a96d4a569d5068546a24349.zip