diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 84fe83d48756..bcb88f912f78 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -193,6 +193,12 @@ Custom asymmetric vectors an invalid version field. * ``asymmetric/PKCS8/unknown-oid.der`` - Contains a PKCS8 encoded DER with an unknown OID. +* ``asymmetric/Traditional_OpenSSL_Serialization/rsa-wrong-version.pem`` - An + RSA key, encoded as a "traditional" ``RSA PRIVATE KEY`` PEM block, with an + invalid version number. +* ``asymmetric/Traditional_OpenSSL_Serialization/dsa-wrong-version.pem`` - A + DSA key, encoded as a "traditional" ``DSA PRIVATE KEY`` PEM block, with an + invalid version number. Key exchange diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 2c6a39cbc226..74a7955dd93d 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -1090,6 +1090,34 @@ def test_load_bad_encryption_oid_key(self, key_file, password, backend): ), ) + @pytest.mark.xfail() + def test_rsa_private_key_invalid_version(self): + data = load_vectors_from_file( + os.path.join( + "asymmetric", + "Traditional_OpenSSL_Serialization", + "rsa-wrong-version.pem", + ), + lambda f: f.read(), + mode="rb", + ) + with pytest.raises(ValueError): + load_pem_private_key(data, password=None) + + @pytest.mark.xfail() + def test_dsa_private_key_invalid_version(self): + data = load_vectors_from_file( + os.path.join( + "asymmetric", + "Traditional_OpenSSL_Serialization", + "dsa-wrong-version.pem", + ), + lambda f: f.read(), + mode="rb", + ) + with pytest.raises(ValueError): + load_pem_private_key(data, password=None) + class TestKeySerializationEncryptionTypes: def test_non_bytes_password(self): diff --git a/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/dsa-wrong-version.pem b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/dsa-wrong-version.pem new file mode 100644 index 000000000000..bfc7f50afe7a --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/dsa-wrong-version.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBEQKBgQCHc0onPSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXC +NjmetDFkPSO2R3MkruD4MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6p +LU4I1NWlekKUBAjQP2plM3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0 +sPS7m+gJzXCJ6brM/y4iSyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9f +ztMLhhxLaMvygncP6DOIxpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWem +WnGgcKSzkMStlGueW1lnFkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9Izh +QDkxDAACgYAP0fYZ4Nytae+Xm870Q1PC6kkI3DHKLxnJEudKqRzuMvaa5DauXC30 +L2Ifb93GBciTKPd/LAK6EcVnXiIgp/U1eTqzgNjzKAjJRIRBg70a2tbYJ71dRHOW +FqdGw3uIr1Hu9IZQk0qzyS0WP7ADXmhCsAqHMiCgwrHy/CYIo950EwIUErkN0hjz +Mf7Jz8+drwf9tboRi44= +-----END DSA PRIVATE KEY----- diff --git a/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/rsa-wrong-version.pem b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/rsa-wrong-version.pem new file mode 100644 index 000000000000..a50760d64295 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/Traditional_OpenSSL_Serialization/rsa-wrong-version.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBEQKCAQEAubZR/vxN1MmxwDEu5p8IA5kNWlOXhd0U8faIDZGY7h9xs7q7 +Hr6Xd4azC+oXDyS3oOexFvLGkIzzdJI5hJJBh4benU4PXz5W176euXHT+KT4EgV8 ++fkFO4KdHFTRo0D+XJCm4iilhx2pAHcBQbTG5vKYQJcYyxZGek9f9jiCsgQlUCj0 +l0Xe3Hyktcum14rPMrZQ8Gv4GGLtoIVqFOh2ftQIY0IoSm+XUulkNfcRmgXMMiCp +VHdKkx2+vh8asN+drq7bEydBw7XEjhoUJszZVPubUUDBTa7Jp5vpx8jlBhDftInH +U5mZz8FKx1dlurSuio312Ww940wSQ1saAs9uyQIDAQABAoIBAAmnaNIfWIZtaQrr +ePDZJzKqA/qEP5YLB5nfwx59c/HmUDlTxYK+zU3pLSk7OoakKyg3Ux/fxU23Xg0w +cBgBqFwSDpl7zisZKQI0cQ4v1MvnUNP9qrZYk8U5BXohuKIgG05Bi23/R0I5Bajg +sX/dFL07CDTMsKfCA9jmLmq0xlUtm3d4R8h050OsFZQqIYFrsXeRkhXuI1Bk+wp7 +O6qvrBSS4psvyA3Ba2M1Jdg+7XP6R6VamJQUilA1jrlMYrGehPPX2vhmzWpgaSDV +S6QdeqZI53fVJp/gCxKoz1zPgj9iwejcRC7Dp+M1aRP0RJGbqkpccpk0WBdUO0rd +X5waR38CgYEA+DN/vNS1ThTUImiJcl2dxxPkDIfmLOGIalF8cps9Ez3FGb+wJggX +iFCdK1A7wJZr3GfEV3HkH5hEzuG+losyY3NdbEfZgdrP3h/iEQxKy/5lZZmJC48T +HCDSRokZWfRdBtT63yBflPnqBQxmHv3HYNdHGhljvxYzODfvbcT4268CgYEAv4wq +1UrPZ/i2h4SfkezkdhkB6KvIsLyGBPVeZK1BOmIC27KOrARj+HgRwcqCaw7q+1PR +FbUN5ad190xenPgWG/wDD15AJmQ4jqHvfQrehVWeTmjO9RnLT1guxB+ZQknYuGCn +Qz8GEjIoJ6h7PMDXhQdYEbdrzLyQ/xU6EVkvowcCgYEA4M3MUd0bBkjJRw0GCOcQ +BANZF5xzd40jAKEjpa5DqEzXXBYJ1riXj+jsIhH+vNXBhhUaedV3OMKy9+rxs+sJ +zZftMyj0sa/dfKPGH4jRqmiVsGta/HQva9eyfR6qLpatN4XqX/QzfnzJYJ81U7aq +QmVaSiJa/PV/mNjY7MRuXpMCgYEAkErtpVlCnocMMVAlyI6Ul6ZE+toVR5Xsu2V/ +YwXkwi89CfUbZtez22PPtJVx42YMe6FrOxf1zQ92XQGJsGNufEw+neAZIRKUTFYO +i7qZYAXcSCLJ7Hcu4amDKTjIgdgRSut8dLrQPvrLpvxTQbPfZpXesRHkQgm2jIGY +CaOOsBcCgYA3ijrhl4w4Hc47SGsDhgHPBt+ndof9zS1WcyOAv/TzLuwgAnA0vNU7 +6AFi5AVKt/79vD5f6SOqgTDSyasB1qcP2jYV8GaIbqYQ4Gwpz1wuBkmkDKk28pC3 +ec2eK8O4cJUmZn91oQFuJorjuVAa5GluyMGvCdxWeAQVH96xSG7lEg== +-----END RSA PRIVATE KEY-----