test: port legacy pss max salt compat test

Since secure-systems-lab#585 SSlibKey no longer uses securesystemslib.keys to verify signatures, and thus no longer is tested via `test_*keys`. Good test coverage of the new SSlibKey implementation is already available in test_signer. This PR ports one missing test from: `test_rsa_keys.TestRSA_keys.test_verify_rsa_pss_different_salt_lengths` Used script to create test table entry (requires secure-systems-lab#590): ``` from cryptography.hazmat.primitives.asymmetric.padding import MGF1, PSS from cryptography.hazmat.primitives.hashes import SHA256 from securesystemslib.interface import import_rsa_privatekey_from_file from securesystemslib.signer import SSlibSigner scheme = "rsassa-pss-sha256" rsa_priv = import_rsa_privatekey_from_file( "tests/data/keystore/rsa_key", password="password", scheme=scheme ) signer = SSlibSigner(rsa_priv) signer._crypto_signer._padding = PSS( mgf=MGF1(SHA256()), salt_length=PSS.MAX_LENGTH ) signature = signer.sign(b"DATA") print( f""" # Test sig with max salt length (briefly available in v0.24.0) ( rsa_keyid, "rsa", "{scheme}", rsa_pub, "{signature.signature}", ), """ ) ``` Signed-off-by: Lukas Puehringer <[email protected]>
lukpueh · Jun 5, 2023 · a66db5b · a66db5b
1 parent 38765a2
commit a66db5b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/tests/test_signer.py b/tests/test_signer.py
@@ -110,6 +110,14 @@ def test_key_verify_signature(self):
                 rsa_pub,
                 "2f3ed7aa4d18fdb2a677d7a772f3b1283947b09b834a6d523a66b734404552ce4966e1984d4f4a46bc20f5effbc509bbf953469feb6eda5230e5bbe3399839e0d5c601e853918427849f2d90939a843527193932aef4711b65db353bc4adf76d4ec67886d6cbb2e2b315148deee649be7489fb09439a0d22b1abf4b4faa118dd8682f7be173ea398ecf0905eb8eb7232909492ceed1a3134fb678c10b0307ac9f5924b73399d7ac6e729c8e91eca6a0e541dafd22d5fc774fa900c18e38b854884342864951d05b519abf7cee8afe761334c546491b9a09545a9eb5a4096ac5e4be35b794fb9cb8c5204ddbc5eb7d1fc92c2f221d99d49909a41cd747e7f436c07480efb7e94f52d8a8641f9a32d2fa9e2e7f862537b66fa07ba56f44ce7d1f2ad7637ebd8c454d904eea09121977633bcef5748ccc843bc4ebe720878ad9caca97c714aeafeffffd9d1c0cd92218e78691c3abab43958f2defd39381bde71ed73de23044bf44791f8717e1d2150bb5fe7fe0184d089042c284e9ca5779276fc",
             ),
+            # Test sig with max salt length (briefly available in v0.24.0)
+            (
+                rsa_keyid,
+                "rsa",
+                "rsassa-pss-sha256",
+                rsa_pub,
+                "392c5017fd389863649fcda8ba054e1bb346c2ed5cc9959c897a731fc37cd3401c15d77ed17f040a70517c9256f2682181da9aedca08bf3c2aac26658d3064c7df73365da6b47b8f02cb18813cb899e26a101b82e45752cba556e9fa8ad224bb363efa1db9209873ec82ca74bcb7109facfc29f45e5521a6a856803b1a221609f711da2b93915a65d6bfb1f5635a5bc7bdb98510b824fad243c0eaa4ac6674e492d10c25a9e442e9ec6e72871b5d67dfc20b1d5a76ab5f357a6cba4ae9587009744a8023a71c9da38e7ed9c1264c649664c8b72593b79ecc4d0f76d9ad539ace51dd73e9bbf11535f17d6d4caae576f67d1b203a08d35a823eb7c2df99675d4b6651d647f29a6e179263e1a18eb03a6c9209d1daf40c465c19052d46e8e6f5bb480309b91b064e127ea20812e5c0b4fc7ddd98f401a1b920866543335ac31ea8cd650341ef321ce98c3ba48c2ea9172da3a614b8791f98ac7dffd6e2e8506694df100903d60dffa6cf4f6723724ba71aba462229d5f62b7e007553b8af54dabc",
+            ),
             (
                 rsa_keyid,
                 "rsa",