diff options
Diffstat (limited to 'tests/test-rsa.py')
| -rw-r--r-- | tests/test-rsa.py | 118 |
1 files changed, 59 insertions, 59 deletions
diff --git a/tests/test-rsa.py b/tests/test-rsa.py index d0538ed..39f46cd 100644 --- a/tests/test-rsa.py +++ b/tests/test-rsa.py @@ -45,10 +45,10 @@ from textwrap import TextWrapper import sys, os.path def KeyLengthType(arg): - val = int(arg) - if val % 8 != 0: - raise ValueError - return val + val = int(arg) + if val % 8 != 0: + raise ValueError + return val parser = ArgumentParser(description = __doc__) parser.add_argument("--pad-to-modulus", action = "store_true", @@ -71,22 +71,22 @@ scriptname = os.path.basename(sys.argv[0]) wrapper = TextWrapper(width = 78, initial_indent = " " * 2, subsequent_indent = " " * 2) def printlines(*lines, **kwargs): - for line in lines: - args.output.write(line.format(**kwargs) + "\n") + for line in lines: + args.output.write(line.format(**kwargs) + "\n") def trailing_comma(item, sequence): - return "" if item == sequence[-1] else "," + return "" if item == sequence[-1] else "," def print_hex(name, value, comment): - value = hexlify(value).decode("ascii") - printlines("static const uint8_t {name}[] = {{ /* {comment}, {length:d} bytes */", - wrapper.fill(", ".join("0x" + value[i : i + 2] for i in range(0, len(value), 2))) - "}};", "", - name = name, comment = comment, length = len(value)) + value = hexlify(value).decode("ascii") + printlines("static const uint8_t {name}[] = {{ /* {comment}, {length:d} bytes */", + wrapper.fill(", ".join("0x" + value[i : i + 2] for i in range(0, len(value), 2))) + "}};", "", + name = name, comment = comment, length = len(value)) def pad_to_blocksize(value, blocksize): - extra = len(value) % blocksize - return value if extra == 0 else (b"\x00" * (blocksize - extra)) + value + extra = len(value) % blocksize + return value if extra == 0 else (b"\x00" * (blocksize - extra)) + value # Funnily enough, PyCrypto and Cryptlib use exactly the same names for # RSA key components, see Cryptlib documentation pages 186-187 & 339. @@ -109,48 +109,48 @@ fields = ("n", "e", "d", "p", "q", "dP", "dQ", "u", "m", "s") for k_len in args.key_lengths: - k = RSA.generate(k_len) # Cryptlib insists u < p, probably with good reason, - while k.u >= k.p: # and I'm sure not going to argue the math with Peter, - k = RSA.generate(k_len) # so keep trying until we pass this test - - m = EMSA_PKCS1_V1_5_ENCODE(h, k_len/8) - s = PKCS115_SigScheme(k).sign(h) - assert len(m) == len(s) - - if args.pad_to_modulus: - blocksize = k_len/8 - if args.extra_word: - blocksize += 4 - else: - blocksize = 4 - - printlines("/* {k_len:d}-bit RSA private key (PKCS #{pkcs:d})", - k.exportKey(format = "PEM", pkcs = args.pkcs_encoding), - "*/", "", - k_len = k_len, pkcs = args.pkcs_encoding) - - # PyCrypto doesn't precalculate dP or dQ, and for some reason it - # does u backwards (uses (1/p % q) and swaps the roles of p and q in - # the CRT calculation to compensate), so we just calculate our own. - - for name in fields: - if name in "ms": - continue - elif name == "dP": - value = k.d % (k.p - 1) - elif name == "dQ": - value = k.d % (k.q - 1) - elif name == "u": - value = inverse(k.q, k.p) - else: - value = getattr(k, name) + k = RSA.generate(k_len) # Cryptlib insists u < p, probably with good reason, + while k.u >= k.p: # and I'm sure not going to argue the math with Peter, + k = RSA.generate(k_len) # so keep trying until we pass this test - print_hex("{}_{:d}".format(name, k_len), - long_to_bytes(value, blocksize = blocksize), - "key component {}".format(name)) + m = EMSA_PKCS1_V1_5_ENCODE(h, k_len/8) + s = PKCS115_SigScheme(k).sign(h) + assert len(m) == len(s) - print_hex("m_{:d}".format(k_len), pad_to_blocksize(m, blocksize), "message to be signed") - print_hex("s_{:d}".format(k_len), pad_to_blocksize(s, blocksize), "signed message") + if args.pad_to_modulus: + blocksize = k_len/8 + if args.extra_word: + blocksize += 4 + else: + blocksize = 4 + + printlines("/* {k_len:d}-bit RSA private key (PKCS #{pkcs:d})", + k.exportKey(format = "PEM", pkcs = args.pkcs_encoding), + "*/", "", + k_len = k_len, pkcs = args.pkcs_encoding) + + # PyCrypto doesn't precalculate dP or dQ, and for some reason it + # does u backwards (uses (1/p % q) and swaps the roles of p and q in + # the CRT calculation to compensate), so we just calculate our own. + + for name in fields: + if name in "ms": + continue + elif name == "dP": + value = k.d % (k.p - 1) + elif name == "dQ": + value = k.d % (k.q - 1) + elif name == "u": + value = inverse(k.q, k.p) + else: + value = getattr(k, name) + + print_hex("{}_{:d}".format(name, k_len), + long_to_bytes(value, blocksize = blocksize), + "key component {}".format(name)) + + print_hex("m_{:d}".format(k_len), pad_to_blocksize(m, blocksize), "message to be signed") + print_hex("s_{:d}".format(k_len), pad_to_blocksize(s, blocksize), "signed message") printlines("typedef struct {{ const uint8_t *val; size_t len; }} rsa_tc_bn_t;", "typedef struct {{ size_t size; rsa_tc_bn_t {fields}; }} rsa_tc_t;", @@ -158,9 +158,9 @@ printlines("typedef struct {{ const uint8_t *val; size_t len; }} rsa_tc_bn_t;", "static const rsa_tc_t rsa_tc[] = {{", fields = ", ".join(fields)) for k_len in args.key_lengths: - printlines(" {{ {k_len:d},", k_len = k_len) - for field in fields: - printlines(" {{ {field}_{k_len:d}, sizeof({field}_{k_len:d}) }}{comma}", - field = field, k_len = k_len, comma = trailing_comma(field, fields)) - printlines(" }}{comma}", comma = trailing_comma(k_len, args.key_lengths)) + printlines(" {{ {k_len:d},", k_len = k_len) + for field in fields: + printlines(" {{ {field}_{k_len:d}, sizeof({field}_{k_len:d}) }}{comma}", + field = field, k_len = k_len, comma = trailing_comma(field, fields)) + printlines(" }}{comma}", comma = trailing_comma(k_len, args.key_lengths)) printlines("}};") |