diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/conftest.py | 3 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 69 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 173 | 
3 files changed, 244 insertions, 1 deletions
| diff --git a/tests/conftest.py b/tests/conftest.py index ecad1b23..64982efd 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,7 +2,7 @@ import pytest  from cryptography.hazmat.backends import _ALL_BACKENDS  from cryptography.hazmat.backends.interfaces import ( -    HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend +    HMACBackend, CipherBackend, HashBackend, PBKDF2HMACBackend, RSABackend  )  from .utils import check_for_iface, check_backend_support, select_backends @@ -22,6 +22,7 @@ def pytest_runtest_setup(item):      check_for_iface("cipher", CipherBackend, item)      check_for_iface("hash", HashBackend, item)      check_for_iface("pbkdf2hmac", PBKDF2HMACBackend, item) +    check_for_iface("rsa", RSABackend, item)      check_backend_support(item) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index ea04c133..b24808df 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -152,3 +152,72 @@ class TestOpenSSL(object):              pytest.skip("Requires an older OpenSSL")          with pytest.raises(UnsupportedAlgorithm):              backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") + +    # This test is not in the next class because to check if it's really +    # default we don't want to run the setup_method before it +    def test_osrandom_engine_is_default(self): +        e = backend._lib.ENGINE_get_default_RAND() +        name = backend._lib.ENGINE_get_name(e) +        assert name == backend._lib.Cryptography_osrandom_engine_name +        res = backend._lib.ENGINE_free(e) +        assert res == 1 + + +class TestOpenSSLRandomEngine(object): +    def teardown_method(self, method): +        # we need to reset state to being default. backend is a shared global +        # for all these tests. +        backend.activate_osrandom_engine() +        current_default = backend._lib.ENGINE_get_default_RAND() +        name = backend._lib.ENGINE_get_name(current_default) +        assert name == backend._lib.Cryptography_osrandom_engine_name + +    def test_osrandom_sanity_check(self): +        # This test serves as a check against catastrophic failure. +        buf = backend._ffi.new("char[]", 500) +        res = backend._lib.RAND_bytes(buf, 500) +        assert res == 1 +        assert backend._ffi.buffer(buf)[:] != "\x00" * 500 + +    def test_activate_osrandom_already_default(self): +        e = backend._lib.ENGINE_get_default_RAND() +        name = backend._lib.ENGINE_get_name(e) +        assert name == backend._lib.Cryptography_osrandom_engine_name +        res = backend._lib.ENGINE_free(e) +        assert res == 1 +        backend.activate_osrandom_engine() +        e = backend._lib.ENGINE_get_default_RAND() +        name = backend._lib.ENGINE_get_name(e) +        assert name == backend._lib.Cryptography_osrandom_engine_name +        res = backend._lib.ENGINE_free(e) +        assert res == 1 + +    def test_activate_osrandom_no_default(self): +        backend.activate_builtin_random() +        e = backend._lib.ENGINE_get_default_RAND() +        assert e == backend._ffi.NULL +        backend.activate_osrandom_engine() +        e = backend._lib.ENGINE_get_default_RAND() +        name = backend._lib.ENGINE_get_name(e) +        assert name == backend._lib.Cryptography_osrandom_engine_name +        res = backend._lib.ENGINE_free(e) +        assert res == 1 + +    def test_activate_builtin_random(self): +        e = backend._lib.ENGINE_get_default_RAND() +        assert e != backend._ffi.NULL +        name = backend._lib.ENGINE_get_name(e) +        assert name == backend._lib.Cryptography_osrandom_engine_name +        res = backend._lib.ENGINE_free(e) +        assert res == 1 +        backend.activate_builtin_random() +        e = backend._lib.ENGINE_get_default_RAND() +        assert e == backend._ffi.NULL + +    def test_activate_builtin_random_already_active(self): +        backend.activate_builtin_random() +        e = backend._lib.ENGINE_get_default_RAND() +        assert e == backend._ffi.NULL +        backend.activate_builtin_random() +        e = backend._lib.ENGINE_get_default_RAND() +        assert e == backend._ffi.NULL diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py new file mode 100644 index 00000000..e2aca028 --- /dev/null +++ b/tests/hazmat/primitives/test_rsa.py @@ -0,0 +1,173 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +#    http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import absolute_import, division, print_function + +import os + +import pytest + +from cryptography.hazmat.primitives.asymmetric import rsa + +from ...utils import load_pkcs1_vectors, load_vectors_from_file + + +class TestRSA(object): +    @pytest.mark.parametrize( +        "pkcs1_example", +        load_vectors_from_file( +            os.path.join( +                "asymmetric", "RSA", "pkcs-1v2-1d2-vec", "pss-vect.txt"), +            load_pkcs1_vectors +        ) +    ) +    def test_load_pss_vect_example_keys(self, pkcs1_example): +        secret, public = pkcs1_example + +        skey = rsa.RSAPrivateKey(**secret) +        pkey = rsa.RSAPublicKey(**public) +        pkey2 = skey.public_key() + +        assert skey and pkey and pkey2 + +        assert skey.modulus +        assert skey.modulus == pkey.modulus +        assert skey.modulus == skey.n +        assert skey.public_exponent == pkey.public_exponent +        assert skey.public_exponent == skey.e +        assert skey.private_exponent == skey.d + +        assert pkey.modulus +        assert pkey.modulus == pkey2.modulus +        assert pkey.modulus == pkey.n +        assert pkey.public_exponent == pkey2.public_exponent +        assert pkey.public_exponent == pkey.e + +        assert skey.key_size +        assert skey.key_size == pkey.key_size +        assert skey.key_size == pkey2.key_size + +        assert skey.p * skey.q == skey.modulus + +    def test_invalid_private_key_argument_types(self): +        with pytest.raises(TypeError): +            rsa.RSAPrivateKey(None, None, None, None, None) + +    def test_invalid_public_key_argument_types(self): +        with pytest.raises(TypeError): +            rsa.RSAPublicKey(None, None) + +    def test_invalid_private_key_argument_values(self): +        # Start with p=3, q=5, private_exponent=14, public_exponent=7, +        # modulus=15. Then change one value at a time to test the bounds. + +        # Test a modulus < 3. +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=14, +                public_exponent=7, +                modulus=2 +            ) + +        # Test a modulus != p * q. +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=14, +                public_exponent=7, +                modulus=16 +            ) + +        # Test a p > modulus. +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=16, +                q=5, +                private_exponent=14, +                public_exponent=7, +                modulus=15 +            ) + +        # Test a q > modulus. +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=16, +                private_exponent=14, +                public_exponent=7, +                modulus=15 +            ) + +        # Test a private_exponent > modulus +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=16, +                public_exponent=7, +                modulus=15 +            ) + +        # Test a public_exponent < 3 +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=14, +                public_exponent=1, +                modulus=15 +            ) + +        # Test a public_exponent > modulus +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=14, +                public_exponent=17, +                modulus=15 +            ) + +        # Test a public_exponent that is not odd. +        with pytest.raises(ValueError): +            rsa.RSAPrivateKey( +                p=3, +                q=5, +                private_exponent=14, +                public_exponent=6, +                modulus=15 +            ) + +    def test_invalid_public_key_argument_values(self): +        # Start with public_exponent=7, modulus=15. Then change one value at a +        # time to test the bounds. + +        # Test a modulus < 3. +        with pytest.raises(ValueError): +            rsa.RSAPublicKey(public_exponent=7, modulus=2) + +        # Test a public_exponent < 3 +        with pytest.raises(ValueError): +            rsa.RSAPublicKey(public_exponent=1, modulus=15) + +        # Test a public_exponent > modulus +        with pytest.raises(ValueError): +            rsa.RSAPublicKey(public_exponent=17, modulus=15) + +        # Test a public_exponent that is not odd. +        with pytest.raises(ValueError): +            rsa.RSAPublicKey(public_exponent=6, modulus=15) | 
