1 files changed, 32 insertions, 2 deletions

diff --git a/unit_tests.py b/unit_tests.py
index fb8446f..c9d3886 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -13,8 +13,10 @@ from py11 import *
 from py11.mutex import MutexDB
 
 try:
-    from Crypto.Util.number import inverse
-    from Crypto.PublicKey   import RSA
+    from Crypto.Util.number     import inverse
+    from Crypto.PublicKey       import RSA
+    from Crypto.Signature       import PKCS1_v1_5
+    from Crypto.Hash            import SHA256
     pycrypto_loaded = True
 except ImportError:
     pycrypto_loaded = False
@@ -560,6 +562,34 @@ class TestKeys(TestCase):
         p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
+    @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
+    def test_load_sign_verify_rsa_1024_with_rpki_data(self):
+        "Load/sign/verify with RSA-1024-SHA-256, externally-supplied key"
+        public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
+        tbs = '''
+            31 6B 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 31
+            0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A 30 1C
+            06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D 31
+            36 30 37 31 36 30 39 35 32 35 37 5A 30 2F 06 09
+            2A 86 48 86 F7 0D 01 09 04 31 22 04 20 11 A2 E6
+            0F 1F 86 AF 45 25 4D 8F E1 1F C9 EA B3 83 4A 41
+            17 C1 42 B7 43 AD 51 5E F5 A2 F8 E3 25
+        '''
+        tbs = "".join(chr(int(i, 16)) for i in tbs.split())
+        p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
+        p11.C_SignUpdate(self.session, tbs)
+        sig = p11.C_SignFinal(self.session)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, tbs, sig)
+        verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem))
+        digest = SHA256.new(tbs)
+        self.assertTrue(verifier.verify(digest, sig))
+        p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
+        self.assertEqual(sig, p11.C_Sign(self.session, tbs))
+        p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
+        p11.C_VerifyUpdate(self.session, tbs)
+        p11.C_VerifyFinal(self.session, sig)
 
 # Keys for preload tests, here rather than inline because they're
 # bulky.  These are in PKCS #8 format, see PyCrypto or the "pkey" and