Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KMS: Add fail cases for testing verification of RSA Signing algorithms (#6738)

Browse Source
This commit is contained in:
Akira Noda 2023-08-29 03:39:50 +09:00 committed by GitHub
parent f0b8fedd84
commit 417ccbd54a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tests/test_kms/test_kms_boto3.py
View File

@ -1233,7 +1233,10 @@ def test_fail_verify_digest_message_type_RSA(
digest = hashes.Hash(hashes.SHA256()) digest = hashes.Hash(hashes.SHA256())
digest.update(b"this works") digest.update(b"this works")
digest.update(b"as well") digest.update(b"as well")
falsified_digest = digest.copy()
message = digest.finalize() message = digest.finalize()
falsified_digest.update(b"This sentence has been falsified")
falsified_message = falsified_digest.finalize()
sign_response = client.sign( sign_response = client.sign(
KeyId=key_id, KeyId=key_id,
@ -1242,6 +1245,16 @@ def test_fail_verify_digest_message_type_RSA(
MessageType="DIGEST", MessageType="DIGEST",
) )
# Verification fails if a message has been falsified.
verify_response = client.verify(
KeyId=key_id,
Message=falsified_message,
Signature=sign_response["Signature"],
SigningAlgorithm=signing_algorithm,
)
assert verify_response["SignatureValid"] is False
# Verification fails if a different signing algorithm is used than the one used in signature.
verify_response = client.verify( verify_response = client.verify(
KeyId=key_id, KeyId=key_id,
Message=message, Message=message,