Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KMS: Add fail test cases for signing algorithms of RSA (#6728)

Browse Source
This commit is contained in:
Akira Noda 2023-08-26 16:16:51 +09:00 committed by GitHub
parent 111c349682
commit fedca69991
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tests/test_kms/test_kms_boto3.py
View File

@ -1204,6 +1204,47 @@ def test_sign_and_verify_digest_message_type_RSA(key_spec, signing_algorithm):
assert verify_response["SignatureValid"] is True
@mock_kms
@pytest.mark.parametrize(
"signing_algorithm, another_signing_algorithm",
list(
itertools.combinations(
["RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512"], 2
)
),
)
def test_fail_verify_digest_message_type_RSA(
signing_algorithm, another_signing_algorithm
):
client = boto3.client("kms", region_name="us-west-1")
key = client.create_key(
Description="sign-key", KeyUsage="SIGN_VERIFY", KeySpec="RSA_2048"
)
key_id = key["KeyMetadata"]["KeyId"]
digest = hashes.Hash(hashes.SHA256())
digest.update(b"this works")
digest.update(b"as well")
message = digest.finalize()
sign_response = client.sign(
KeyId=key_id,
Message=message,
SigningAlgorithm=signing_algorithm,
MessageType="DIGEST",
)
verify_response = client.verify(
KeyId=key_id,
Message=message,
Signature=sign_response["Signature"],
SigningAlgorithm=another_signing_algorithm,
)
assert verify_response["SignatureValid"] is False
@mock_kms
def test_sign_invalid_key_usage():
client = boto3.client("kms", region_name="us-west-2")