(backend, wycheproof)
| 147 | "rsa_pss_misc_test.json", |
| 148 | ) |
| 149 | def test_rsa_pss_signature(backend, wycheproof): |
| 150 | digest = _DIGESTS[wycheproof.testgroup["sha"]] |
| 151 | mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] |
| 152 | if digest is None or mgf_digest is None: |
| 153 | pytest.skip( |
| 154 | "PSS with digest={} and MGF digest={} not supported".format( |
| 155 | wycheproof.testgroup["sha"], |
| 156 | wycheproof.testgroup["mgfSha"], |
| 157 | ) |
| 158 | ) |
| 159 | if backend._fips_enabled and ( |
| 160 | isinstance(digest, hashes.SHA1) |
| 161 | or isinstance(mgf_digest, hashes.SHA1) |
| 162 | # FIPS 186-4 only allows salt length == digest length for PSS |
| 163 | or wycheproof.testgroup["sLen"] != mgf_digest.digest_size |
| 164 | # inner MGF1 hash must match outer hash |
| 165 | or wycheproof.testgroup["sha"] != wycheproof.testgroup["mgfSha"] |
| 166 | ): |
| 167 | pytest.skip("Invalid params for FIPS") |
| 168 | |
| 169 | key = wycheproof.cache_value_to_group( |
| 170 | "cached_key", |
| 171 | lambda: serialization.load_der_public_key( |
| 172 | binascii.unhexlify(wycheproof.testgroup["publicKeyDer"]), |
| 173 | ), |
| 174 | ) |
| 175 | assert isinstance(key, rsa.RSAPublicKey) |
| 176 | |
| 177 | if wycheproof.valid or wycheproof.acceptable: |
| 178 | key.verify( |
| 179 | binascii.unhexlify(wycheproof.testcase["sig"]), |
| 180 | binascii.unhexlify(wycheproof.testcase["msg"]), |
| 181 | padding.PSS( |
| 182 | mgf=padding.MGF1(mgf_digest), |
| 183 | salt_length=wycheproof.testgroup["sLen"], |
| 184 | ), |
| 185 | digest, |
| 186 | ) |
| 187 | else: |
| 188 | with pytest.raises(InvalidSignature): |
| 189 | key.verify( |
| 190 | binascii.unhexlify(wycheproof.testcase["sig"]), |
| 191 | binascii.unhexlify(wycheproof.testcase["msg"]), |
| 192 | padding.PSS( |
| 193 | mgf=padding.MGF1(mgf_digest), |
| 194 | salt_length=wycheproof.testgroup["sLen"], |
| 195 | ), |
| 196 | digest, |
| 197 | ) |
| 198 | |
| 199 | |
| 200 | @wycheproof_tests( |
nothing calls this directly
no test coverage detected