From 42b3713eede3f5b417b0ce123fdcc9c4c24009d3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 23 Feb 2014 19:13:19 -0600 Subject: add RSA verification support --- tests/hazmat/backends/test_multibackend.py | 11 ++++ tests/hazmat/primitives/test_rsa.py | 88 ++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index be1e76e2..5a8f9934 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -89,6 +89,10 @@ class DummyRSABackend(object): def create_rsa_signature_ctx(self, private_key, padding, algorithm): pass + def create_rsa_verification_ctx(self, public_key, signature, padding, + algorithm): + pass + class TestMultiBackend(object): def test_ciphers(self): @@ -165,6 +169,9 @@ class TestMultiBackend(object): backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(), hashes.MD5()) + backend.create_rsa_verification_ctx("public_key", "sig", + padding.PKCS1(), hashes.MD5()) + backend = MultiBackend([]) with pytest.raises(UnsupportedAlgorithm): backend.generate_rsa_private_key(key_size=1024, public_exponent=3) @@ -172,3 +179,7 @@ class TestMultiBackend(object): with pytest.raises(UnsupportedAlgorithm): backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(), hashes.MD5()) + + with pytest.raises(UnsupportedAlgorithm): + backend.create_rsa_verification_ctx("public_key", "sig", + padding.PKCS1(), hashes.MD5()) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 647c51b4..552bfc5f 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -443,3 +443,91 @@ class TestRSASignature(object): ) with pytest.raises(TypeError): private_key.signer("notpadding", hashes.SHA1(), backend) + + +@pytest.mark.rsa +class TestRSAVerification(object): + @pytest.mark.parametrize( + "pkcs1_example", + _flatten_pkcs1_examples(load_vectors_from_file( + os.path.join( + "asymmetric", "RSA", "pkcs1v15sign-vectors.txt"), + load_pkcs1_vectors + )) + ) + def test_pkcs1v15_verification(self, pkcs1_example, backend): + private, public, example = pkcs1_example + public_key = rsa.RSAPublicKey(**public) + verifier = public_key.verifier( + binascii.unhexlify(example["signature"]), + padding.PKCS1(), + hashes.SHA1(), + backend + ) + verifier.update(binascii.unhexlify(example["message"])) + verifier.verify() + + def test_invalid_pkcs1v15_signature_wrong_data(self, backend): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer.update(b"sign me") + signature = signer.finalize() + verifier = public_key.verifier( + signature, + padding.PKCS1(), + hashes.SHA1(), + backend + ) + verifier.update(b"incorrect data") + with pytest.raises(exceptions.InvalidAsymmetricSignature): + verifier.verify() + + def test_invalid_pkcs1v15_signature_wrong_key(self, backend): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + public_key._modulus += 2 + signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer.update(b"sign me") + signature = signer.finalize() + verifier = public_key.verifier( + signature, + padding.PKCS1(), + hashes.SHA1(), + backend + ) + verifier.update(b"sign me") + with pytest.raises(exceptions.InvalidAsymmetricSignature): + verifier.verify() + + def test_use_after_finalize(self, backend): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer.update(b"sign me") + signature = signer.finalize() + + verifier = public_key.verifier( + signature, + padding.PKCS1(), + hashes.SHA1(), + backend + ) + verifier.update(b"sign me") + verifier.verify() + with pytest.raises(exceptions.AlreadyFinalized): + verifier.verify() + with pytest.raises(exceptions.AlreadyFinalized): + verifier.update(b"more data") + + def test_unsupported_padding(self, backend): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + with pytest.raises(exceptions.UnsupportedAsymmetricPadding): + public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) + + def test_padding_incorrect_type(self, backend): + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + public_key = private_key.public_key() + with pytest.raises(TypeError): + public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend) -- cgit v1.2.3 From 4c0b4a99982138c4ab83dfffb19975a91c57d1ab Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 23 Feb 2014 19:28:44 -0600 Subject: more kwargs --- tests/hazmat/primitives/test_rsa.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 552bfc5f..fb4d1d77 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -457,7 +457,10 @@ class TestRSAVerification(object): ) def test_pkcs1v15_verification(self, pkcs1_example, backend): private, public, example = pkcs1_example - public_key = rsa.RSAPublicKey(**public) + public_key = rsa.RSAPublicKey( + public_exponent=public["public_exponent"], + modulus=public["modulus"] + ) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), padding.PKCS1(), -- cgit v1.2.3 From 8186251635237187012df878645a4e4af3822e4e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 25 Feb 2014 13:29:21 -0600 Subject: kwargs and class renames to bring verification up to date --- tests/hazmat/primitives/test_rsa.py | 50 ++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 15 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index fb4d1d77..649165b8 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -463,7 +463,7 @@ class TestRSAVerification(object): ) verifier = public_key.verifier( binascii.unhexlify(example["signature"]), - padding.PKCS1(), + padding.PKCS1v15(), hashes.SHA1(), backend ) @@ -471,48 +471,60 @@ class TestRSAVerification(object): verifier.verify() def test_invalid_pkcs1v15_signature_wrong_data(self, backend): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) public_key = private_key.public_key() - signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, - padding.PKCS1(), + padding.PKCS1v15(), hashes.SHA1(), backend ) verifier.update(b"incorrect data") - with pytest.raises(exceptions.InvalidAsymmetricSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_invalid_pkcs1v15_signature_wrong_key(self, backend): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) public_key = private_key.public_key() public_key._modulus += 2 - signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, - padding.PKCS1(), + padding.PKCS1v15(), hashes.SHA1(), backend ) verifier.update(b"sign me") - with pytest.raises(exceptions.InvalidAsymmetricSignature): + with pytest.raises(exceptions.InvalidSignature): verifier.verify() def test_use_after_finalize(self, backend): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) public_key = private_key.public_key() - signer = private_key.signer(padding.PKCS1(), hashes.SHA1(), backend) + signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signature = signer.finalize() verifier = public_key.verifier( signature, - padding.PKCS1(), + padding.PKCS1v15(), hashes.SHA1(), backend ) @@ -524,13 +536,21 @@ class TestRSAVerification(object): verifier.update(b"more data") def test_unsupported_padding(self, backend): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) public_key = private_key.public_key() - with pytest.raises(exceptions.UnsupportedAsymmetricPadding): + with pytest.raises(exceptions.UnsupportedPadding): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1(), backend) def test_padding_incorrect_type(self, backend): - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) public_key = private_key.public_key() with pytest.raises(TypeError): public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend) -- cgit v1.2.3 From dc720296556645f0641907e3618f6a1613c39fe7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 25 Feb 2014 22:59:58 -0600 Subject: more PKCS1->PKCS1v15 --- tests/hazmat/backends/test_multibackend.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 5a8f9934..63168180 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -170,7 +170,7 @@ class TestMultiBackend(object): hashes.MD5()) backend.create_rsa_verification_ctx("public_key", "sig", - padding.PKCS1(), hashes.MD5()) + padding.PKCS1v15(), hashes.MD5()) backend = MultiBackend([]) with pytest.raises(UnsupportedAlgorithm): @@ -181,5 +181,5 @@ class TestMultiBackend(object): hashes.MD5()) with pytest.raises(UnsupportedAlgorithm): - backend.create_rsa_verification_ctx("public_key", "sig", - padding.PKCS1(), hashes.MD5()) + backend.create_rsa_verification_ctx( + "public_key", "sig", padding.PKCS1v15(), hashes.MD5()) -- cgit v1.2.3 From fef1fbd1187b7fc80589553fb192210dd15a3a1c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Feb 2014 23:39:37 -0400 Subject: address some review comments --- tests/hazmat/primitives/test_rsa.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 649165b8..79323265 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -496,8 +496,12 @@ class TestRSAVerification(object): key_size=512, backend=backend ) - public_key = private_key.public_key() - public_key._modulus += 2 + private_key2 = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=512, + backend=backend + ) + public_key = private_key2.public_key() signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend) signer.update(b"sign me") signature = signer.finalize() -- cgit v1.2.3