diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 3cb3b17efb22..0d2568297f76 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -845,6 +845,21 @@ def test_unsupported_hash(self, rsa_key_512: rsa.RSAPrivateKey, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): private_key.sign(message, pss, hashes.BLAKE2s(32)) + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) + ), + skip_message="Does not support PSS.", + ) + def test_unsupported_hash_pss_mgf1(self, rsa_key_512: rsa.RSAPrivateKey): + private_key = rsa_key_512 + message = b"my message" + pss = padding.PSS( + mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0 + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.sign(message, pss, hashes.SHA256()) + @pytest.mark.supported( only_if=lambda backend: backend.rsa_padding_supported( padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) @@ -1937,6 +1952,27 @@ def test_invalid_oaep_decryption_data_to_large_for_modulus(self, backend): ), ) + def test_unsupported_oaep_hash(self, rsa_key_2048: rsa.RSAPrivateKey): + private_key = rsa_key_2048 + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"0" * 256, + padding.OAEP( + mgf=padding.MGF1(DummyHashAlgorithm()), + algorithm=hashes.SHA256(), + label=None, + ), + ) + with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): + private_key.decrypt( + b"0" * 256, + padding.OAEP( + mgf=padding.MGF1(hashes.SHA256()), + algorithm=DummyHashAlgorithm(), + label=None, + ), + ) + def test_unsupported_oaep_mgf( self, rsa_key_2048: rsa.RSAPrivateKey, backend ):