Exemple #1
0
def test_pad_pss() -> None:
    em, meta = pss.pad_pss(pub, hashes.sha1(), hashlib.sha1(msg),
                           rsa.PssOptions(salt=salt))
    assert em == emsg
    assert meta == rsa.RsaPssMetadata(
        key.AsymmetricAlgorithm.RSA,
        rsa.RsaScheme.PSS,
        hashes.sha1(),
        rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha1()),
        len(salt),
        b"\xbc",
    )

    with pytest.raises(NotImplementedError):
        pss.pad_pss(
            pub,
            hashes.sha1(),
            hashlib.sha1(msg),
            rsa.PssOptions(
                mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER, "meta")),
        )

    em, meta2 = pss.pad_pss(pub, hashes.sha1(), hashlib.sha1(msg),
                            rsa.PssOptions(salt_length=len(salt)))
    assert em != emsg
    assert meta == meta2
def test_sign_pss() -> None:
    key.default_hash_algorithm = hashes.sha2_256()
    key.default_pss_options = None

    opt = rsa.PssOptions(salt_length=123)
    sig0 = run(key.sign_pss(b"Hello", opt))
    sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt))
    assert sig0.algorithm == AsymmetricAlgorithm.RSA
    assert sig1.algorithm == AsymmetricAlgorithm.RSA
    assert sig0.meta == rsa.RsaPssMetadata(
        AsymmetricAlgorithm.RSA,
        rsa.RsaScheme.PSS,
        hashes.sha2_256(),
        rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()),
        123,
        b"\xbc",
    )
    assert sig0.meta == sig1.meta

    with pytest.raises(NotImplementedError, match="Unsupported algorithm"):
        run(
            key.sign_pss(
                b"Hello",
                rsa.PssOptions(
                    mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER))))
    with pytest.raises(NotImplementedError, match="Only BC trailer supported"):
        run(key.sign_pss(b"Hello", rsa.PssOptions(trailer_field=b"foo")))
    with pytest.raises(NotImplementedError, match="Custom salt not supported"):
        run(key.sign_pss(b"Hello", rsa.PssOptions(salt=b"foo")))
Exemple #3
0
def test_pss_options() -> None:
    assert rsa.PssOptions().trailer_field == b"\xbc"
    assert rsa.PssOptions(salt_length=20).salt_length == 20
    assert rsa.PssOptions(salt=b"foobar").salt == b"foobar"
    assert rsa.PssOptions(salt_length=6, salt=b"foobar").salt == b"foobar"

    with pytest.raises(ValueError):
        rsa.PssOptions(salt_length=20, salt=b"foobar")
def test_sign_pss() -> None:
    key.default_hash_algorithm = hashes.sha2_256()
    key.default_pss_options = None

    opt = rsa.PssOptions(salt=urandom(123))
    sig0 = run(key.sign_pss(b"Hello", opt))
    sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt))
    assert sig0 == sig1
    assert sig0.algorithm == AsymmetricAlgorithm.RSA
    assert sig0.meta == rsa.RsaPssMetadata(
        AsymmetricAlgorithm.RSA,
        rsa.RsaScheme.PSS,
        hashes.sha2_256(),
        rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()),
        123,
        b"\xbc",
    )
def test_sign() -> None:
    key.default_scheme = rsa.RsaScheme.PKCS1v1_5
    key.default_hash_algorithm = hashes.sha2_256()
    meta = key.sig_meta

    sig0 = run(key.sign(b"Hello"))
    assert sig0.algorithm == AsymmetricAlgorithm.RSA
    assert sig0.meta == meta

    sig1 = run(key.sign_digest(sha2_256(b"Hello")))
    assert sig1.algorithm == AsymmetricAlgorithm.RSA
    assert sig1.meta == meta

    key.default_hash_algorithm = hashes.md5()
    sig2 = run(key.sign_digest(sha2_256(b"Hello")))
    assert sig2.meta == rsa.RsaV15Metadata(AsymmetricAlgorithm.RSA,
                                           rsa.RsaScheme.PKCS1v1_5,
                                           hashes.sha2_256())
    assert sig2.meta == meta

    key.default_scheme = rsa.RsaScheme.PSS
    key.default_pss_options = rsa.PssOptions(trailer_field=b"foobar",
                                             salt_length=17)
    meta_pss = key.sig_meta
    sig3 = run(key.sign(b"Hello"))
    assert sig3.meta == meta_pss
    assert meta_pss == rsa.RsaPssMetadata(
        AsymmetricAlgorithm.RSA,
        rsa.RsaScheme.PSS,
        hashes.md5(),
        rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.md5()),
        17,
        b"foobar",
    )

    sig4 = run(key.sign_digest(md5(b"Hello")))
    assert sig4.meta == meta_pss

    key.default_scheme = rsa.RsaScheme.RAW
    with pytest.raises(Exception, match="Bad default scheme"):
        run(key.sign(b"foo"))
    with pytest.raises(Exception, match="Bad default scheme"):
        run(key.sign_digest(md5(b"foo")))
    with pytest.raises(Exception, match="Unsupported scheme"):
        key.sig_meta
Exemple #6
0
def test_parse_pss_options() -> None:
    def_hash = hashes.sha2_256()
    with pytest.raises(TypeError, match="conflicting hash algorithms"):
        pss.parse_pss_options(pub,
                              def_hash,
                              rsa.PssOptions(hash_alg=hashes.sha1()),
                              dgst_hash_alg=hashes.sha2_256())

    assert pss.parse_pss_options(pub, def_hash).hash_alg == hashes.sha2_256()
    assert pss.parse_pss_options(
        pub, default_hash_alg=hashes.md5()).hash_alg == hashes.md5()
    assert pss.parse_pss_options(
        pub, def_hash,
        rsa.PssOptions(hash_alg=hashes.md5())).hash_alg == hashes.md5()
    assert pss.parse_pss_options(
        pub, def_hash, dgst_hash_alg=hashes.md5()).hash_alg == hashes.md5()

    mgf_md5 = rsa.MgfAlgorithm(rsa.MgfAlgorithmId.MGF1,
                               rsa.Mgf1Parameters(hashes.md5()))
    mgf_md5_meta = rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.md5())
    mgf_sha2_256_meta = rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1,
                                         hashes.sha2_256())
    assert pss.parse_pss_options(pub, def_hash).mgf_alg == mgf_sha2_256_meta
    assert pss.parse_pss_options(
        pub, default_hash_alg=hashes.md5()).mgf_alg == mgf_md5_meta
    assert pss.parse_pss_options(
        pub, def_hash, rsa.PssOptions(mgf_alg=mgf_md5)).mgf_alg == mgf_md5_meta
    assert (mgf_sha2_256_meta == pss.parse_pss_options(
        pub, def_hash,
        rsa.PssOptions(
            mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.MGF1))).mgf_alg)

    params = "params"
    test_alg = rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER, params)
    parsed = pss.parse_pss_options(pub, def_hash,
                                   rsa.PssOptions(mgf_alg=test_alg)).mgf_alg
    assert isinstance(parsed, rsa.OtherMgfMetadata)
    assert parsed.params is params

    with pytest.raises(NotImplementedError):
        pss.parse_pss_options(
            pub, def_hash,
            rsa.PssOptions(mgf_alg=rsa.MgfAlgorithm("foo", "bar")))
Exemple #7
0
def test_calculate_salt_len() -> None:
    with pytest.raises(ValueError, match="dgst_len"):
        pss.calculate_salt_len(1024, rsa.PssOptions(), -32)

    with pytest.raises(ValueError, match="em_bits"):
        pss.calculate_salt_len(0, rsa.PssOptions(), 32)

    with pytest.raises(ValueError, match="Maximum"):
        pss.calculate_salt_len(128, rsa.PssOptions(), 128)

    assert pss.calculate_salt_len(1024, rsa.PssOptions(), 32) == 128 - 32 - 2
    assert pss.calculate_salt_len(1024, rsa.PssOptions(salt=bytes(17)),
                                  32) == 17
    assert pss.calculate_salt_len(
        1024, rsa.PssOptions(salt_length=rsa.PSS_SALT_LEN_MAX),
        32) == 128 - 32 - 2
    assert pss.calculate_salt_len(
        1024, rsa.PssOptions(salt_length=rsa.PSS_SALT_LEN_HASH), 32) == 32
    assert pss.calculate_salt_len(
        1024, rsa.PssOptions(salt_length=rsa.PSS_SALT_LEN_HASH),
        120) == 128 - 120 - 2

    with pytest.raises(ValueError, match="salt_length"):
        pss.calculate_salt_len(1024, rsa.PssOptions(salt_length=-15), 32)

    assert pss.calculate_salt_len(1024, rsa.PssOptions(salt_length=15),
                                  32) == 15
    assert pss.calculate_salt_len(1024, rsa.PssOptions(salt_length=66),
                                  32) == 66

    with pytest.raises(ValueError, match="Requested"):
        pss.calculate_salt_len(1024, rsa.PssOptions(salt=bytes(200)), 32)

    with pytest.raises(ValueError, match="Requested"):
        pss.calculate_salt_len(1024, rsa.PssOptions(salt_length=200), 32)