diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-19 13:23:33 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-19 13:31:49 -0400 |
| commit | a3bb335b2bfec37b0a37be1f5525d70945d4d815 (patch) | |
| tree | 6faeaa82cf0332e58b1859552690937c9368c5b1 /tests/hazmat/primitives/utils.py | |
| parent | 06aa7961d9a922a931d25a99c6a69eb9f35c71d5 (diff) | |
| download | cryptography-a3bb335b2bfec37b0a37be1f5525d70945d4d815.tar.gz cryptography-a3bb335b2bfec37b0a37be1f5525d70945d4d815.tar.bz2 cryptography-a3bb335b2bfec37b0a37be1f5525d70945d4d815.zip | |
never trust openssl
Turns out you can't trust it to safely compute the max salt length
allowed for PSS, so now we get to do it ourselves. We also check for
whether the key size is large enough for the selected hash function
(PSS only for now, PKCS1 coming in another PR)
Diffstat (limited to 'tests/hazmat/primitives/utils.py')
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 31491023..5d3b4d15 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -406,3 +406,33 @@ def rsa_pss_test(backend, params, hash_alg): ) verifier.update(binascii.unhexlify(params["msg"])) verifier.verify() + + +def rsa_pss_signing_test(backend, hash_alg): + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=768, + backend=backend + ) + public_key = private_key.public_key() + pss = padding.PSS( + mgf=padding.MGF1( + algorithm=hash_alg, + salt_length=padding.MGF1.MAX_LENGTH + ) + ) + signer = private_key.signer( + pss, + hash_alg, + backend + ) + signer.update(b"testing signature") + signature = signer.finalize() + verifier = public_key.verifier( + signature, + pss, + hash_alg, + backend + ) + verifier.update(b"testing signature") + verifier.verify() |