diff options
Diffstat (limited to 'tests/wycheproof/test_rsa.py')
| -rw-r--r-- | tests/wycheproof/test_rsa.py | 260 |
1 files changed, 260 insertions, 0 deletions
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py new file mode 100644 index 00000000..a7c26e6a --- /dev/null +++ b/tests/wycheproof/test_rsa.py @@ -0,0 +1,260 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import binascii + +import pytest + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends.interfaces import RSABackend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import padding + + +_DIGESTS = { + "SHA-1": hashes.SHA1(), + "SHA-224": hashes.SHA224(), + "SHA-256": hashes.SHA256(), + "SHA-384": hashes.SHA384(), + "SHA-512": hashes.SHA512(), + # Not supported by OpenSSL for RSA signing + "SHA-512/224": None, + "SHA-512/256": None, + "SHA3-224": hashes.SHA3_224(), + "SHA3-256": hashes.SHA3_256(), + "SHA3-384": hashes.SHA3_384(), + "SHA3-512": hashes.SHA3_512(), +} + + +def should_verify(backend, wycheproof): + if wycheproof.valid: + return True + + if wycheproof.acceptable: + if ( + ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER or + backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ) and wycheproof.has_flag("MissingNull") + ): + return False + return True + + return False + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.wycheproof_tests( + "rsa_signature_test.json", + "rsa_signature_2048_sha224_test.json", + "rsa_signature_2048_sha256_test.json", + "rsa_signature_2048_sha384_test.json", + "rsa_signature_2048_sha512_test.json", + "rsa_signature_2048_sha512_224_test.json", + "rsa_signature_2048_sha512_256_test.json", + "rsa_signature_2048_sha3_224_test.json", + "rsa_signature_2048_sha3_256_test.json", + "rsa_signature_2048_sha3_384_test.json", + "rsa_signature_2048_sha3_512_test.json", + "rsa_signature_3072_sha256_test.json", + "rsa_signature_3072_sha384_test.json", + "rsa_signature_3072_sha512_test.json", + "rsa_signature_3072_sha512_256_test.json", + "rsa_signature_3072_sha3_256_test.json", + "rsa_signature_3072_sha3_384_test.json", + "rsa_signature_3072_sha3_512_test.json", + "rsa_signature_4096_sha384_test.json", + "rsa_signature_4096_sha512_test.json", + "rsa_signature_4096_sha512_256_test.json", +) +def test_rsa_pkcs1v15_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + if digest is None or not backend.hash_supported(digest): + pytest.skip( + "Hash {} not supported".format(wycheproof.testgroup["sha"]) + ) + + if should_verify(backend, wycheproof): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + + +@pytest.mark.wycheproof_tests( + "rsa_sig_gen_misc_test.json" +) +def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): + key = serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode(), + password=None, + backend=backend, + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + + sig = key.sign( + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PKCS1v15(), + digest, + ) + assert sig == binascii.unhexlify(wycheproof.testcase["sig"]) + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.wycheproof_tests( + "rsa_pss_2048_sha1_mgf1_20_test.json", + "rsa_pss_2048_sha256_mgf1_0_test.json", + "rsa_pss_2048_sha256_mgf1_32_test.json", + "rsa_pss_2048_sha512_256_mgf1_28_test.json", + "rsa_pss_2048_sha512_256_mgf1_32_test.json", + "rsa_pss_3072_sha256_mgf1_32_test.json", + "rsa_pss_4096_sha256_mgf1_32_test.json", + "rsa_pss_4096_sha512_mgf1_32_test.json", + "rsa_pss_misc_test.json", +) +def test_rsa_pss_signature(backend, wycheproof): + key = serialization.load_der_public_key( + binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] + + if digest is None or mgf_digest is None: + pytest.skip( + "PSS with digest={} and MGF digest={} not supported".format( + wycheproof.testgroup["sha"], wycheproof.testgroup["mgfSha"], + ) + ) + + if wycheproof.valid or wycheproof.acceptable: + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PSS( + mgf=padding.MGF1(mgf_digest), + salt_length=wycheproof.testgroup["sLen"] + ), + digest + ) + else: + with pytest.raises(InvalidSignature): + key.verify( + binascii.unhexlify(wycheproof.testcase["sig"]), + binascii.unhexlify(wycheproof.testcase["msg"]), + padding.PSS( + mgf=padding.MGF1(mgf_digest), + salt_length=wycheproof.testgroup["sLen"] + ), + digest + ) + + +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.supported( + only_if=lambda backend: ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER or + backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ), + skip_message=( + "A handful of these tests fail on OpenSSL 1.0.2 and since upstream " + "isn't maintaining it, they'll never be fixed." + ), +) +@pytest.mark.wycheproof_tests( + "rsa_oaep_2048_sha1_mgf1sha1_test.json", + "rsa_oaep_2048_sha224_mgf1sha1_test.json", + "rsa_oaep_2048_sha224_mgf1sha224_test.json", + "rsa_oaep_2048_sha256_mgf1sha1_test.json", + "rsa_oaep_2048_sha256_mgf1sha256_test.json", + "rsa_oaep_2048_sha384_mgf1sha1_test.json", + "rsa_oaep_2048_sha384_mgf1sha384_test.json", + "rsa_oaep_2048_sha512_mgf1sha1_test.json", + "rsa_oaep_2048_sha512_mgf1sha512_test.json", + "rsa_oaep_3072_sha256_mgf1sha1_test.json", + "rsa_oaep_3072_sha256_mgf1sha256_test.json", + "rsa_oaep_3072_sha512_mgf1sha1_test.json", + "rsa_oaep_3072_sha512_mgf1sha512_test.json", + "rsa_oaep_4096_sha256_mgf1sha1_test.json", + "rsa_oaep_4096_sha256_mgf1sha256_test.json", + "rsa_oaep_4096_sha512_mgf1sha1_test.json", + "rsa_oaep_4096_sha512_mgf1sha512_test.json", + "rsa_oaep_misc_test.json", +) +def test_rsa_oaep_encryption(backend, wycheproof): + key = serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode("ascii"), + password=None, + backend=backend, + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] + mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] + + padding_algo = padding.OAEP( + mgf=padding.MGF1(algorithm=mgf_digest), + algorithm=digest, + label=binascii.unhexlify(wycheproof.testcase["label"]) + ) + + if not backend.rsa_padding_supported(padding_algo): + pytest.skip( + "OAEP with digest={} and MGF digest={} not supported".format( + wycheproof.testgroup["sha"], wycheproof.testgroup["mgfSha"], + ) + ) + + if wycheproof.valid or wycheproof.acceptable: + pt = key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding_algo + ) + assert pt == binascii.unhexlify(wycheproof.testcase["msg"]) + else: + with pytest.raises(ValueError): + key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding_algo + ) + + +@pytest.mark.wycheproof_tests( + "rsa_pkcs1_2048_test.json", + "rsa_pkcs1_3072_test.json", + "rsa_pkcs1_4096_test.json", +) +def test_rsa_pkcs1_encryption(backend, wycheproof): + key = serialization.load_pem_private_key( + wycheproof.testgroup["privateKeyPem"].encode("ascii"), + password=None, + backend=backend, + ) + + if wycheproof.valid: + pt = key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding.PKCS1v15() + ) + assert pt == binascii.unhexlify(wycheproof.testcase["msg"]) + else: + with pytest.raises(ValueError): + key.decrypt( + binascii.unhexlify(wycheproof.testcase["ct"]), + padding.PKCS1v15() + ) |