def test_sign_pss() -> None: key.default_hash_algorithm = hashes.sha2_256() key.default_pss_options = None opt = rsa.PssOptions(salt_length=123) sig0 = run(key.sign_pss(b"Hello", opt)) sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt)) assert sig0.algorithm == AsymmetricAlgorithm.RSA assert sig1.algorithm == AsymmetricAlgorithm.RSA assert sig0.meta == rsa.RsaPssMetadata( AsymmetricAlgorithm.RSA, rsa.RsaScheme.PSS, hashes.sha2_256(), rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()), 123, b"\xbc", ) assert sig0.meta == sig1.meta with pytest.raises(NotImplementedError, match="Unsupported algorithm"): run( key.sign_pss( b"Hello", rsa.PssOptions( mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER)))) with pytest.raises(NotImplementedError, match="Only BC trailer supported"): run(key.sign_pss(b"Hello", rsa.PssOptions(trailer_field=b"foo"))) with pytest.raises(NotImplementedError, match="Custom salt not supported"): run(key.sign_pss(b"Hello", rsa.PssOptions(salt=b"foo")))
def test_sign_pss() -> None: key.default_hash_algorithm = hashes.sha2_256() key.default_pss_options = None opt = rsa.PssOptions(salt=urandom(123)) sig0 = run(key.sign_pss(b"Hello", opt)) sig1 = run(key.sign_pss_digest(sha2_256(b"Hello"), opt)) assert sig0 == sig1 assert sig0.algorithm == AsymmetricAlgorithm.RSA assert sig0.meta == rsa.RsaPssMetadata( AsymmetricAlgorithm.RSA, rsa.RsaScheme.PSS, hashes.sha2_256(), rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()), 123, b"\xbc", )
def test_sign() -> None: key.default_scheme = rsa.RsaScheme.PKCS1v1_5 key.default_hash_algorithm = hashes.sha2_256() meta = key.sig_meta sig0 = run(key.sign(b"Hello")) assert sig0.algorithm == AsymmetricAlgorithm.RSA assert sig0.meta == meta sig1 = run(key.sign_digest(sha2_256(b"Hello"))) assert sig1.algorithm == AsymmetricAlgorithm.RSA assert sig1.meta == meta key.default_hash_algorithm = hashes.md5() sig2 = run(key.sign_digest(sha2_256(b"Hello"))) assert sig2.meta == rsa.RsaV15Metadata(AsymmetricAlgorithm.RSA, rsa.RsaScheme.PKCS1v1_5, hashes.sha2_256()) assert sig2.meta == meta key.default_scheme = rsa.RsaScheme.PSS key.default_pss_options = rsa.PssOptions(trailer_field=b"foobar", salt_length=17) meta_pss = key.sig_meta sig3 = run(key.sign(b"Hello")) assert sig3.meta == meta_pss assert meta_pss == rsa.RsaPssMetadata( AsymmetricAlgorithm.RSA, rsa.RsaScheme.PSS, hashes.md5(), rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.md5()), 17, b"foobar", ) sig4 = run(key.sign_digest(md5(b"Hello"))) assert sig4.meta == meta_pss key.default_scheme = rsa.RsaScheme.RAW with pytest.raises(Exception, match="Bad default scheme"): run(key.sign(b"foo")) with pytest.raises(Exception, match="Bad default scheme"): run(key.sign_digest(md5(b"foo"))) with pytest.raises(Exception, match="Unsupported scheme"): key.sig_meta
def test_parse_pss_options() -> None: def_hash = hashes.sha2_256() with pytest.raises(TypeError, match="conflicting hash algorithms"): pss.parse_pss_options(pub, def_hash, rsa.PssOptions(hash_alg=hashes.sha1()), dgst_hash_alg=hashes.sha2_256()) assert pss.parse_pss_options(pub, def_hash).hash_alg == hashes.sha2_256() assert pss.parse_pss_options( pub, default_hash_alg=hashes.md5()).hash_alg == hashes.md5() assert pss.parse_pss_options( pub, def_hash, rsa.PssOptions(hash_alg=hashes.md5())).hash_alg == hashes.md5() assert pss.parse_pss_options( pub, def_hash, dgst_hash_alg=hashes.md5()).hash_alg == hashes.md5() mgf_md5 = rsa.MgfAlgorithm(rsa.MgfAlgorithmId.MGF1, rsa.Mgf1Parameters(hashes.md5())) mgf_md5_meta = rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.md5()) mgf_sha2_256_meta = rsa.Mgf1Metadata(rsa.MgfAlgorithmId.MGF1, hashes.sha2_256()) assert pss.parse_pss_options(pub, def_hash).mgf_alg == mgf_sha2_256_meta assert pss.parse_pss_options( pub, default_hash_alg=hashes.md5()).mgf_alg == mgf_md5_meta assert pss.parse_pss_options( pub, def_hash, rsa.PssOptions(mgf_alg=mgf_md5)).mgf_alg == mgf_md5_meta assert (mgf_sha2_256_meta == pss.parse_pss_options( pub, def_hash, rsa.PssOptions( mgf_alg=rsa.MgfAlgorithm(rsa.MgfAlgorithmId.MGF1))).mgf_alg) params = "params" test_alg = rsa.MgfAlgorithm(rsa.MgfAlgorithmId.OTHER, params) parsed = pss.parse_pss_options(pub, def_hash, rsa.PssOptions(mgf_alg=test_alg)).mgf_alg assert isinstance(parsed, rsa.OtherMgfMetadata) assert parsed.params is params with pytest.raises(NotImplementedError): pss.parse_pss_options( pub, def_hash, rsa.PssOptions(mgf_alg=rsa.MgfAlgorithm("foo", "bar")))
def load_private_key(path: Path) -> PrivateKey: logging.info('Loading private key in %s', path.absolute().resolve()) with path.open('rb') as fp: key = RsaPrivateKey(serialization.load_pem_private_key( fp.read(), password=None, backend=backend, )) key.default_scheme = RsaScheme.PKCS1v1_5 key.default_hash_algorithm = sha2_256() return key
def test_mgf1() -> None: h = hashlib.sha1(m2) assert pss.mgf1(h, len(db_mask)) == db_mask assert pss.mgf1(h, 0) == b"" assert pss.mgf1(h, 10) == db_mask[:10] assert pss.mgf1(h, 55) == db_mask[:55] assert pss.mgf1(h, 64) == db_mask[:64] assert len(pss.mgf1(h, 2345)) == 2345 assert pss.mgf1(h, len(db_mask)) == db_mask assert pss.mgf1(h, len(db_mask), hashes.sha1()) == db_mask assert pss.mgf1(h, len(db_mask), hashes.sha2_256()) != db_mask
def test_sign_v15() -> None: key.default_hash_algorithm = hashes.sha2_256() sig0 = run(key.sign_v15(b"Hello")) sig1 = run(key.sign_v15_digest(sha2_256(b"Hello"))) assert sig0 == sig1 assert sig0.algorithm == AsymmetricAlgorithm.RSA assert sig0.meta == rsa.RsaV15Metadata(AsymmetricAlgorithm.RSA, rsa.RsaScheme.PKCS1v1_5, hashes.sha2_256()) assert sig0.meta == sig1.meta key.default_hash_algorithm = hashes.md5() sig2 = run(key.sign_v15(b"Hello")) sig3 = run(key.sign_v15_digest(md5(b"Hello"))) assert sig2 == sig3 assert sig2.algorithm == AsymmetricAlgorithm.RSA assert sig2.meta == rsa.RsaV15Metadata(AsymmetricAlgorithm.RSA, rsa.RsaScheme.PKCS1v1_5, hashes.md5()) assert sig2.meta == sig3.meta sig4 = run(key.sign_v15(b"Hello", hashes.sha2_256())) assert sig0 == sig4
def test_signature() -> None: key = None meta = EcdsaSignatureMetadata(algorithm=AsymmetricAlgorithm.ECDSA, hash_alg=sha2_256()) val_10_20 = b"\x30\x06\x02\x01\x0a\x02\x01\x14" sig0 = EcdsaSignature(key=key, meta=meta, der=val_10_20) assert sig0.r == 10 assert sig0.s == 20 sig1 = EcdsaSignature(key=key, meta=meta, r=10, s=20) assert sig0 == sig1 with pytest.raises(ValueError, match="Bad parameters"): EcdsaSignature(key=key, meta=meta, der=val_10_20, r=10, s=20)
def gen_private_key(path: Path, algo: str, params: Mapping[str, Any]) -> PrivateKey: logging.info('Creating private %s key in %s', algo, path.absolute().resolve()) if algo == 'rsa': key = RsaPrivateKey(rsa.generate_private_key( public_exponent=int(params['exp']), key_size=int(params['bits']), backend=backend, )) key.default_scheme = RsaScheme.PKCS1v1_5 key.default_hash_algorithm = sha2_256() else: raise NotImplementedError(f'Algorithm {algo!r} not supported') try: old_umask = os.umask(0o177) with path.open('xt') as fp: fp.write(key.export_private_pem()) finally: os.umask(old_umask) return key
"a06e327ea7388c18e4740e350ed4e60f2e04fc41", "37f332f68db77bd9d7edd4969571ad671cf9dd3b", )), HashVector(hashes.sha1(), OID - 1 - 3 - 14 - 3 - 2 - 26, ( "da39a3ee5e6b4b0d3255bfef95601890afd80709", "8843d7f92416211de9ebb963ff4ce28125932878", "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", )), HashVector(hashes.sha2_224(), OID - 2 - 16 - 840 - 1 - 101 - 3 - 4 - 2 - 4, ( "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f", "de76c3e567fca9d246f5f8d3b2e704a38c3c5e258988ab525f941db8", "730e109bd7a8a32b1cb9d9a09aa2325d2430587ddbc0c38bad911525", )), HashVector( hashes.sha2_256(), OID - 2 - 16 - 840 - 1 - 101 - 3 - 4 - 2 - 1, ( "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2", "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592", )), HashVector(hashes.sha2_384(), OID - 2 - 16 - 840 - 1 - 101 - 3 - 4 - 2 - 2, ( "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", "3c9c30d9f665e74d515c842960d4a451c83a0125fd3de7392d7b37231af10c72ea58aedfcdf89a5765bf902af93ecf06", "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1", )), HashVector( hashes.sha2_512(), OID - 2 - 16 - 840 - 1 - 101 - 3 - 4 - 2 - 3, ( "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", "0a50261ebd1a390fed2bf326f2673c145582a6342d523204973d0219337f8161" "6a8069b012587cf5635f6925f1b56c360230c19b273500ee013e030601bf2425",