Remove deprecated RSA methods from backends, update tests
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 9a36674..4e30e6f 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -44,8 +44,7 @@
from cryptography.hazmat.backends.openssl.hashes import _HashContext
from cryptography.hazmat.backends.openssl.hmac import _HMACContext
from cryptography.hazmat.backends.openssl.rsa import (
- _RSAPrivateKey, _RSAPublicKey, _RSASignatureContext,
- _RSAVerificationContext
+ _RSAPrivateKey, _RSAPublicKey
)
from cryptography.hazmat.bindings.openssl.binding import Binding
from cryptography.hazmat.primitives import hashes
@@ -581,39 +580,6 @@
return ctx
- def create_rsa_signature_ctx(self, private_key, padding, algorithm):
- warnings.warn(
- "create_rsa_signature_ctx is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- rsa_cdata = self._rsa_cdata_from_private_key(private_key)
- key = _RSAPrivateKey(self, rsa_cdata)
- return _RSASignatureContext(self, key, padding, algorithm)
-
- def create_rsa_verification_ctx(self, public_key, signature, padding,
- algorithm):
- warnings.warn(
- "create_rsa_verification_ctx is deprecated and will be removed in "
- "a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- rsa_cdata = self._rsa_cdata_from_public_key(public_key)
- key = _RSAPublicKey(self, rsa_cdata)
- return _RSAVerificationContext(self, key, signature, padding,
- algorithm)
-
- def mgf1_hash_supported(self, algorithm):
- warnings.warn(
- "mgf1_hash_supported is deprecated and will be removed in "
- "a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- return self._mgf1_hash_supported(algorithm)
-
def _mgf1_hash_supported(self, algorithm):
if self._lib.Cryptography_HAS_MGF1_MD:
return self.hash_supported(algorithm)
@@ -774,28 +740,6 @@
else:
return True
- def decrypt_rsa(self, private_key, ciphertext, padding):
- warnings.warn(
- "decrypt_rsa is deprecated and will be removed in a future "
- "version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- rsa_cdata = self._rsa_cdata_from_private_key(private_key)
- key = _RSAPrivateKey(self, rsa_cdata)
- return key.decrypt(ciphertext, padding)
-
- def encrypt_rsa(self, public_key, plaintext, padding):
- warnings.warn(
- "encrypt_rsa is deprecated and will be removed in a future "
- "version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- rsa_cdata = self._rsa_cdata_from_public_key(public_key)
- key = _RSAPublicKey(self, rsa_cdata)
- return key.encrypt(plaintext, padding)
-
def cmac_algorithm_supported(self, algorithm):
return (
self._lib.Cryptography_HAS_CMAC == 1
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index 398b376..c192811 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -13,11 +13,8 @@
from __future__ import absolute_import, division, print_function
-import warnings
-
import six
-from cryptography import utils
from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import RSABackend
@@ -94,65 +91,6 @@
raise ValueError("e must be odd.")
-class RSAPublicKey(object):
- def __init__(self, public_exponent, modulus):
- warnings.warn(
- "The RSAPublicKey class is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if (
- not isinstance(public_exponent, six.integer_types) or
- not isinstance(modulus, six.integer_types)
- ):
- raise TypeError("RSAPublicKey arguments must be integers.")
-
- _check_public_key_components(public_exponent, modulus)
-
- self._public_exponent = public_exponent
- self._modulus = modulus
-
- def verifier(self, signature, padding, algorithm, backend):
- if not isinstance(backend, RSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.create_rsa_verification_ctx(self, signature, padding,
- algorithm)
-
- def encrypt(self, plaintext, padding, backend):
- if not isinstance(backend, RSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.encrypt_rsa(self, plaintext, padding)
-
- @property
- def key_size(self):
- return utils.bit_length(self.modulus)
-
- @property
- def public_exponent(self):
- return self._public_exponent
-
- @property
- def modulus(self):
- return self._modulus
-
- @property
- def e(self):
- return self.public_exponent
-
- @property
- def n(self):
- return self.modulus
-
-
def _modinv(e, m):
"""
Modular Multiplicative Inverse. Returns x such that: (x*e) mod m == 1
@@ -189,136 +127,6 @@
return private_exponent % (q - 1)
-class RSAPrivateKey(object):
- def __init__(self, p, q, private_exponent, dmp1, dmq1, iqmp,
- public_exponent, modulus):
- warnings.warn(
- "The RSAPrivateKey class is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if (
- not isinstance(p, six.integer_types) or
- not isinstance(q, six.integer_types) or
- not isinstance(dmp1, six.integer_types) or
- not isinstance(dmq1, six.integer_types) or
- not isinstance(iqmp, six.integer_types) or
- not isinstance(private_exponent, six.integer_types) or
- not isinstance(public_exponent, six.integer_types) or
- not isinstance(modulus, six.integer_types)
- ):
- raise TypeError("RSAPrivateKey arguments must be integers.")
-
- _check_private_key_components(p, q, private_exponent, dmp1, dmq1, iqmp,
- public_exponent, modulus)
-
- self._p = p
- self._q = q
- self._dmp1 = dmp1
- self._dmq1 = dmq1
- self._iqmp = iqmp
- self._private_exponent = private_exponent
- self._public_exponent = public_exponent
- self._modulus = modulus
-
- @classmethod
- def generate(cls, public_exponent, key_size, backend):
- warnings.warn(
- "generate is deprecated and will be removed in a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if not isinstance(backend, RSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- _verify_rsa_parameters(public_exponent, key_size)
- key = backend.generate_rsa_private_key(public_exponent, key_size)
- private_numbers = key.private_numbers()
- return RSAPrivateKey(
- p=private_numbers.p,
- q=private_numbers.q,
- dmp1=private_numbers.dmp1,
- dmq1=private_numbers.dmq1,
- iqmp=private_numbers.iqmp,
- private_exponent=private_numbers.d,
- public_exponent=private_numbers.public_numbers.e,
- modulus=private_numbers.public_numbers.n
- )
-
- def signer(self, padding, algorithm, backend):
- if not isinstance(backend, RSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.create_rsa_signature_ctx(self, padding, algorithm)
-
- def decrypt(self, ciphertext, padding, backend):
- if not isinstance(backend, RSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement RSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.decrypt_rsa(self, ciphertext, padding)
-
- @property
- def key_size(self):
- return utils.bit_length(self.modulus)
-
- def public_key(self):
- return RSAPublicKey(self.public_exponent, self.modulus)
-
- @property
- def p(self):
- return self._p
-
- @property
- def q(self):
- return self._q
-
- @property
- def private_exponent(self):
- return self._private_exponent
-
- @property
- def public_exponent(self):
- return self._public_exponent
-
- @property
- def modulus(self):
- return self._modulus
-
- @property
- def d(self):
- return self.private_exponent
-
- @property
- def dmp1(self):
- return self._dmp1
-
- @property
- def dmq1(self):
- return self._dmq1
-
- @property
- def iqmp(self):
- return self._iqmp
-
- @property
- def e(self):
- return self.public_exponent
-
- @property
- def n(self):
- return self.modulus
-
-
class RSAPrivateNumbers(object):
def __init__(self, p, q, d, dmp1, dmq1, iqmp,
public_numbers):
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index b00543f..b3a1788 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -325,7 +325,7 @@
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self):
- private_key = rsa.RSAPrivateKey.generate(
+ private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=512,
backend=backend
@@ -338,8 +338,7 @@
),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
@@ -351,16 +350,9 @@
),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
- def test_unsupported_mgf1_hash_algorithm(self):
- assert pytest.deprecated_call(
- backend.mgf1_hash_supported,
- DummyHash()
- ) is False
-
def test_rsa_padding_unsupported_pss_mgf1_hash(self):
assert backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(DummyHash()), salt_length=0)
@@ -400,7 +392,7 @@
) is False
def test_unsupported_mgf1_hash_algorithm_decrypt(self):
- private_key = rsa.RSAPrivateKey.generate(
+ private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=512,
backend=backend
@@ -412,12 +404,11 @@
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA1(),
label=None
- ),
- backend
+ )
)
def test_unsupported_oaep_hash_algorithm_decrypt(self):
- private_key = rsa.RSAPrivateKey.generate(
+ private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=512,
backend=backend
@@ -429,12 +420,11 @@
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA256(),
label=None
- ),
- backend
+ )
)
def test_unsupported_oaep_label_decrypt(self):
- private_key = rsa.RSAPrivateKey.generate(
+ private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=512,
backend=backend
@@ -446,8 +436,7 @@
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=b"label"
- ),
- backend
+ )
)
@@ -513,44 +502,6 @@
_sn_to_elliptic_curve(backend, b"fake")
-class TestDeprecatedRSABackendMethods(object):
- def test_create_rsa_signature_ctx(self):
- private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
- pytest.deprecated_call(
- backend.create_rsa_signature_ctx,
- private_key,
- padding.PKCS1v15(),
- hashes.SHA1()
- )
-
- def test_create_rsa_verification_ctx(self):
- private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
- public_key = private_key.public_key()
- pytest.deprecated_call(
- backend.create_rsa_verification_ctx,
- public_key,
- b"\x00" * 64,
- padding.PKCS1v15(),
- hashes.SHA1()
- )
-
- def test_encrypt_decrypt_rsa(self):
- private_key = rsa.RSAPrivateKey.generate(65537, 512, backend)
- public_key = private_key.public_key()
- ct = pytest.deprecated_call(
- backend.encrypt_rsa,
- public_key,
- b"\x00" * 32,
- padding.PKCS1v15()
- )
- pytest.deprecated_call(
- backend.decrypt_rsa,
- private_key,
- ct,
- padding.PKCS1v15()
- )
-
-
class TestDeprecatedDSABackendMethods(object):
def test_create_dsa_signature_ctx(self):
params = dsa.DSAParameters.generate(1024, backend)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 88b30d6..2323b0e 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -103,16 +103,6 @@
pkey = skey.public_key()
assert isinstance(pkey.public_numbers(), rsa.RSAPublicNumbers)
- def test_generate_rsa_key_class_method(self, backend):
- skey = pytest.deprecated_call(
- rsa.RSAPrivateKey.generate,
- 65537,
- 512,
- backend
- )
- assert skey.key_size == 512
- assert skey.public_exponent == 65537
-
def test_generate_bad_public_exponent(self, backend):
with pytest.raises(ValueError):
rsa.generate_private_key(public_exponent=1,
@@ -172,239 +162,6 @@
assert public_num.n == public_num2.n
assert public_num.e == public_num2.e
- def test_invalid_private_key_argument_types(self):
- with pytest.raises(TypeError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- None,
- None,
- None,
- None,
- None,
- None,
- None,
- None
- )
-
- def test_invalid_public_key_argument_types(self):
- with pytest.raises(TypeError):
- pytest.deprecated_call(rsa.RSAPublicKey, None, None)
-
- def test_invalid_private_key_argument_values(self):
- # Start with p=3, q=11, private_exponent=3, public_exponent=7,
- # modulus=33, dmp1=1, dmq1=3, iqmp=2. Then change one value at
- # a time to test the bounds.
-
- # Test a modulus < 3.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=2
- )
-
- # Test a modulus != p * q.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=35
- )
-
- # Test a p > modulus.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=37,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a q > modulus.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=37,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmp1 > modulus.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=35,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmq1 > modulus.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=35,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test an iqmp > modulus.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=35,
- public_exponent=7,
- modulus=33
- )
-
- # Test a private_exponent > modulus
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=37,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a public_exponent < 3
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=1,
- modulus=33
- )
-
- # Test a public_exponent > modulus
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=65537,
- modulus=33
- )
-
- # Test a public_exponent that is not odd.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=3,
- iqmp=2,
- public_exponent=6,
- modulus=33
- )
-
- # Test a dmp1 that is not odd.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=2,
- dmq1=3,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- # Test a dmq1 that is not odd.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=3,
- q=11,
- private_exponent=3,
- dmp1=1,
- dmq1=4,
- iqmp=2,
- public_exponent=7,
- modulus=33
- )
-
- def test_invalid_public_key_argument_values(self):
- # Start with public_exponent=7, modulus=15. Then change one value at a
- # time to test the bounds.
-
- # Test a modulus < 3.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPublicKey, public_exponent=7, modulus=2
- )
-
- # Test a public_exponent < 3
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPublicKey, public_exponent=1, modulus=15
- )
-
- # Test a public_exponent > modulus
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPublicKey, public_exponent=17, modulus=15
- )
-
- # Test a public_exponent that is not odd.
- with pytest.raises(ValueError):
- pytest.deprecated_call(
- rsa.RSAPublicKey, public_exponent=6, modulus=15
- )
-
def test_rsa_generate_invalid_backend():
pretend_backend = object()
@@ -412,11 +169,6 @@
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
rsa.generate_private_key(65537, 2048, pretend_backend)
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- pytest.deprecated_call(
- rsa.RSAPrivateKey.generate, 65537, 2048, pretend_backend
- )
-
@pytest.mark.rsa
class TestRSASignature(object):
@@ -436,18 +188,19 @@
)
def test_pkcs1v15_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey,
+ private_key = rsa.RSAPrivateNumbers(
p=private["p"],
q=private["q"],
- private_exponent=private["private_exponent"],
+ d=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_exponent=private["public_exponent"],
- modulus=private["modulus"]
- )
- signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1(), backend)
+ public_numbers=rsa.RSAPublicNumbers(
+ e=private["public_exponent"],
+ n=private["modulus"]
+ )
+ ).private_key(backend)
+ signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(binascii.unhexlify(example["message"]))
signature = signer.finalize()
assert binascii.hexlify(signature) == example["signature"]
@@ -471,28 +224,28 @@
)
def test_pss_signing(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey,
+ private_key = rsa.RSAPrivateNumbers(
p=private["p"],
q=private["q"],
- private_exponent=private["private_exponent"],
+ d=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_exponent=private["public_exponent"],
- modulus=private["modulus"]
- )
- public_key = rsa.RSAPublicKey(
- public_exponent=public["public_exponent"],
- modulus=public["modulus"]
- )
+ public_numbers=rsa.RSAPublicNumbers(
+ e=private["public_exponent"],
+ n=private["modulus"]
+ )
+ ).private_key(backend)
+ public_key = rsa.RSAPublicNumbers(
+ e=public["public_exponent"],
+ n=public["modulus"]
+ ).public_key(backend)
signer = private_key.signer(
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
signer.update(binascii.unhexlify(example["message"]))
signature = signer.finalize()
@@ -507,7 +260,6 @@
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA1(),
- backend
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -635,24 +387,6 @@
with pytest.raises(TypeError):
private_key.signer("notpadding", hashes.SHA1())
- def test_rsa_signer_invalid_backend(self, backend):
- pretend_backend = object()
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey,
- p=RSA_KEY_512.p,
- q=RSA_KEY_512.q,
- private_exponent=RSA_KEY_512.d,
- dmp1=RSA_KEY_512.dmp1,
- dmq1=RSA_KEY_512.dmq1,
- iqmp=RSA_KEY_512.iqmp,
- public_exponent=RSA_KEY_512.public_numbers.e,
- modulus=RSA_KEY_512.public_numbers.n
- )
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- private_key.signer(
- padding.PKCS1v15(), hashes.SHA256, pretend_backend)
-
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
@@ -720,15 +454,14 @@
)
def test_pkcs1v15_verification(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- public_key = rsa.RSAPublicKey(
- public_exponent=public["public_exponent"],
- modulus=public["modulus"]
- )
+ public_key = rsa.RSAPublicNumbers(
+ e=public["public_exponent"],
+ n=public["modulus"]
+ ).public_key(backend)
verifier = public_key.verifier(
binascii.unhexlify(example["signature"]),
padding.PKCS1v15(),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -795,18 +528,17 @@
)
def test_pss_verification(self, pkcs1_example, backend):
private, public, example = pkcs1_example
- public_key = rsa.RSAPublicKey(
- public_exponent=public["public_exponent"],
- modulus=public["modulus"]
- )
+ public_key = rsa.RSAPublicNumbers(
+ e=public["public_exponent"],
+ n=public["modulus"]
+ ).public_key(backend)
verifier = public_key.verifier(
binascii.unhexlify(example["signature"]),
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=20
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
@@ -821,14 +553,14 @@
skip_message="Does not support PSS."
)
def test_invalid_pss_signature_wrong_data(self, backend):
- public_key = rsa.RSAPublicKey(
- modulus=int(
+ public_key = rsa.RSAPublicNumbers(
+ n=int(
b"dffc2137d5e810cde9e4b4612f5796447218bab913b3fa98bdf7982e4fa6"
b"ec4d6653ef2b29fb1642b095befcbea6decc178fb4bed243d3c3592c6854"
b"6af2d3f3", 16
),
- public_exponent=65537
- )
+ e=65537
+ ).public_key(backend)
signature = binascii.unhexlify(
b"0e68c3649df91c5bc3665f96e157efa75b71934aaa514d91e94ca8418d100f45"
b"6f05288e58525f99666bab052adcffdf7186eb40f583bd38d98c97d3d524808b"
@@ -839,8 +571,7 @@
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(b"incorrect data")
with pytest.raises(InvalidSignature):
@@ -860,24 +591,23 @@
b"3a1880165014ba6eb53cc1449d13e5132ebcc0cfd9ade6d7a2494a0503bd0826"
b"f8a46c431e0d7be0ca3e453f8b2b009e2733764da7927cc6dbe7a021437a242e"
)
- public_key = rsa.RSAPublicKey(
- modulus=int(
+ public_key = rsa.RSAPublicNumbers(
+ n=int(
b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68"
b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8"
b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303"
b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4"
b"030d3581e13522e1", 16
),
- public_exponent=65537
- )
+ e=65537
+ ).public_key(backend)
verifier = public_key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -897,24 +627,23 @@
b"cb43bde4f7ab89eb4a79c6e8dd67e0d1af60715da64429d90c716a490b799c29"
b"194cf8046509c6ed851052367a74e2e92d9b38947ed74332acb115a03fcc0222"
)
- public_key = rsa.RSAPublicKey(
- modulus=int(
+ public_key = rsa.RSAPublicNumbers(
+ n=int(
b"381201f4905d67dfeb3dec131a0fbea773489227ec7a1448c3109189ac68"
b"5a95441be90866a14c4d2e139cd16db540ec6c7abab13ffff91443fd46a8"
b"960cbb7658ded26a5c95c86f6e40384e1c1239c63e541ba221191c4dd303"
b"231b42e33c6dbddf5ec9a746f09bf0c25d0f8d27f93ee0ae5c0d723348f4"
b"030d3581e13522", 16
),
- public_exponent=65537
- )
+ e=65537
+ ).public_key(backend)
verifier = public_key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -957,20 +686,6 @@
with pytest.raises(TypeError):
public_key.verifier(b"sig", "notpadding", hashes.SHA1())
- def test_rsa_verifier_invalid_backend(self, backend):
- pretend_backend = object()
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey.generate,
- 65537,
- 2048,
- backend
- )
- public_key = private_key.public_key()
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- public_key.verifier(
- b"foo", padding.PKCS1v15(), hashes.SHA256(), pretend_backend)
-
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
@@ -1034,14 +749,14 @@
b"8b9a3ae9fb3b64158f3476dd8d8a1f1425444e98940e0926378baa9944d219d8"
b"534c050ef6b19b1bdc6eb4da422e89161106a6f5b5cc16135b11eb6439b646bd"
)
- public_key = rsa.RSAPublicKey(
- modulus=int(
+ public_key = rsa.RSAPublicNumbers(
+ n=int(
b"d309e4612809437548b747d7f9eb9cd3340f54fe42bb3f84a36933b0839c"
b"11b0c8b7f67e11f7252370161e31159c49c784d4bc41c42a78ce0f0b40a3"
b"ca8ffb91", 16
),
- public_exponent=65537
- )
+ e=65537
+ ).public_key(backend)
verifier = public_key.verifier(
signature,
padding.PSS(
@@ -1050,8 +765,7 @@
),
salt_length=1000000
),
- hashes.SHA1(),
- backend
+ hashes.SHA1()
)
verifier.update(b"sign me")
with pytest.raises(InvalidSignature):
@@ -1354,23 +1068,21 @@
)
def test_decrypt_pkcs1v15_vectors(self, vector, backend):
private, public, example = vector
- skey = rsa.RSAPrivateKey(
+ skey = rsa.RSAPrivateNumbers(
p=private["p"],
q=private["q"],
- private_exponent=private["private_exponent"],
+ d=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_exponent=private["public_exponent"],
- modulus=private["modulus"]
- )
+ public_numbers=rsa.RSAPublicNumbers(
+ e=private["public_exponent"],
+ n=private["modulus"]
+ )
+ ).private_key(backend)
ciphertext = binascii.unhexlify(example["encryption"])
assert len(ciphertext) == math.ceil(skey.key_size / 8.0)
- message = skey.decrypt(
- ciphertext,
- padding.PKCS1v15(),
- backend
- )
+ message = skey.decrypt(ciphertext, padding.PKCS1v15())
assert message == binascii.unhexlify(example["message"])
def test_unsupported_padding(self, backend):
@@ -1424,19 +1136,6 @@
padding.PKCS1v15()
)
- def test_rsa_decrypt_invalid_backend(self, backend):
- pretend_backend = object()
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey.generate, 65537, 2048, backend
- )
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- private_key.decrypt(
- b"irrelevant",
- padding.PKCS1v15(),
- pretend_backend
- )
-
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.OAEP(
@@ -1457,25 +1156,25 @@
)
def test_decrypt_oaep_vectors(self, vector, backend):
private, public, example = vector
- skey = pytest.deprecated_call(
- rsa.RSAPrivateKey,
+ skey = rsa.RSAPrivateNumbers(
p=private["p"],
q=private["q"],
- private_exponent=private["private_exponent"],
+ d=private["private_exponent"],
dmp1=private["dmp1"],
dmq1=private["dmq1"],
iqmp=private["iqmp"],
- public_exponent=private["public_exponent"],
- modulus=private["modulus"]
- )
+ public_numbers=rsa.RSAPublicNumbers(
+ e=private["public_exponent"],
+ n=private["modulus"]
+ )
+ ).private_key(backend)
message = skey.decrypt(
binascii.unhexlify(example["encryption"]),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
- ),
- backend
+ )
)
assert message == binascii.unhexlify(example["message"])
@@ -1520,22 +1219,13 @@
)
)
def test_rsa_encrypt_oaep(self, key_data, pad, backend):
- private_key = rsa.RSAPrivateKey(
- p=key_data.p,
- q=key_data.q,
- private_exponent=key_data.d,
- dmp1=key_data.dmp1,
- dmq1=key_data.dmq1,
- iqmp=key_data.iqmp,
- public_exponent=key_data.public_numbers.e,
- modulus=key_data.public_numbers.n
- )
+ private_key = key_data.private_key(backend)
pt = b"encrypt me!"
public_key = private_key.public_key()
- ct = public_key.encrypt(pt, pad, backend)
+ ct = public_key.encrypt(pt, pad)
assert ct != pt
assert len(ct) == math.ceil(public_key.key_size / 8.0)
- recovered_pt = private_key.decrypt(ct, pad, backend)
+ recovered_pt = private_key.decrypt(ct, pad)
assert recovered_pt == pt
@pytest.mark.supported(
@@ -1596,20 +1286,6 @@
pad
)
- def test_rsa_encrypt_invalid_backend(self, backend):
- pretend_backend = object()
- private_key = pytest.deprecated_call(
- rsa.RSAPrivateKey.generate, 65537, 512, backend
- )
- public_key = private_key.public_key()
-
- with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
- public_key.encrypt(
- b"irrelevant",
- padding.PKCS1v15(),
- pretend_backend
- )
-
def test_unsupported_padding(self, backend):
private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()