def test_verify_pss() -> None:
meta = rsa.RsaPssMetadata(
key.AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.sha1(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha1()),
len(salt),
b"\xbc",
)
assert salt == pss.verify_pss(emsg, pub.mod_bits, hashlib.sha1(msg), meta)
with pytest.raises(ValueError, match=r"Inconsistent hash algorithms"):
pss.verify_pss(emsg, pub.mod_bits, hashlib.sha2_256(msg), meta)
with pytest.raises(ValueError, match=r"Expected trailer"):
pss.verify_pss(emsg[:-1] + b'\xee', pub.mod_bits, hashlib.sha1(msg),
meta)
meta_bad_saltlen = rsa.RsaPssMetadata(
key.AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.sha1(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha1()),
15,
b"\xbc",
)
with pytest.raises(ValueError, match=r"Salt length is"):
pss.verify_pss(emsg, pub.mod_bits, hashlib.sha1(msg), meta_bad_saltlen)
with pytest.raises(ValueError, match=r"Hash mismatch"):
pss.verify_pss(emsg, pub.mod_bits, hashlib.sha1(msg + b'foo'), meta)
def test_pad_pss() -> None:
em, meta = pss.pad_pss(pub, hashes.sha1(), hashlib.sha1(msg),
rsa.PssOptions(salt=salt))
assert em == emsg
assert meta == rsa.RsaPssMetadata(
key.AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.sha1(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha1()),
len(salt),
b"\xbc",
)
with pytest.raises(NotImplementedError):
pss.pad_pss(
pub,
hashes.sha1(),
hashlib.sha1(msg),
rsa.PssOptions(
mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER, "meta")),
)
em, meta2 = pss.pad_pss(pub, hashes.sha1(), hashlib.sha1(msg),
rsa.PssOptions(salt_length=len(salt)))
assert em != emsg
assert meta == meta2
def test_sign_pss() -> None:
key.default_hash_algorithm = hashes.sha2_256()
key.default_pss_options = None
opt = rsa.PssOptions(salt_length=123)
sig0 = run(key.sign_pss(b"Hello", opt))
sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt))
assert sig0.algorithm == AsymmetricAlgorithm.RSA
assert sig1.algorithm == AsymmetricAlgorithm.RSA
assert sig0.meta == rsa.RsaPssMetadata(
AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.sha2_256(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()),
123,
b"\xbc",
)
assert sig0.meta == sig1.meta
with pytest.raises(NotImplementedError, match="Unsupported algorithm"):
run(
key.sign_pss(
b"Hello",
rsa.PssOptions(
mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER))))
with pytest.raises(NotImplementedError, match="Only BC trailer supported"):
run(key.sign_pss(b"Hello", rsa.PssOptions(trailer_field=b"foo")))
with pytest.raises(NotImplementedError, match="Custom salt not supported"):
run(key.sign_pss(b"Hello", rsa.PssOptions(salt=b"foo")))
def test_sign_pss() -> None:
key.default_hash_algorithm = hashes.sha2_256()
key.default_pss_options = None
opt = rsa.PssOptions(salt=urandom(123))
sig0 = run(key.sign_pss(b"Hello", opt))
sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt))
assert sig0 == sig1
assert sig0.algorithm == AsymmetricAlgorithm.RSA
assert sig0.meta == rsa.RsaPssMetadata(
AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.sha2_256(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()),
123,
b"\xbc",
)
def test_sign() -> None:
key.default_scheme = rsa.RsaScheme.PKCS1v1_5
key.default_hash_algorithm = hashes.sha2_256()
meta = key.sig_meta
sig0 = run(key.sign(b"Hello"))
assert sig0.algorithm == AsymmetricAlgorithm.RSA
assert sig0.meta == meta
sig1 = run(key.sign_digest(sha2_256(b"Hello")))
assert sig1.algorithm == AsymmetricAlgorithm.RSA
assert sig1.meta == meta
key.default_hash_algorithm = hashes.md5()
sig2 = run(key.sign_digest(sha2_256(b"Hello")))
assert sig2.meta == rsa.RsaV15Metadata(AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PKCS1v1_5,
hashes.sha2_256())
assert sig2.meta == meta
key.default_scheme = rsa.RsaScheme.PSS
key.default_pss_options = rsa.PssOptions(trailer_field=b"foobar",
salt_length=17)
meta_pss = key.sig_meta
sig3 = run(key.sign(b"Hello"))
assert sig3.meta == meta_pss
assert meta_pss == rsa.RsaPssMetadata(
AsymmetricAlgorithm.RSA,
rsa.RsaScheme.PSS,
hashes.md5(),
rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.md5()),
17,
b"foobar",
)
sig4 = run(key.sign_digest(md5(b"Hello")))
assert sig4.meta == meta_pss
key.default_scheme = rsa.RsaScheme.RAW
with pytest.raises(Exception, match="Bad default scheme"):
run(key.sign(b"foo"))
with pytest.raises(Exception, match="Bad default scheme"):
run(key.sign_digest(md5(b"foo")))
with pytest.raises(Exception, match="Unsupported scheme"):
key.sig_meta