Add rng parameter to from_pem classmethod, add unit tests.

roberthdevries · roberthdevries · commit 377542f1f94e · 2026-04-17T23:19:29.000+02:00
diff --git a/tests/test_ciphers.py b/tests/test_ciphers.py
@@ -26,6 +26,7 @@
 from wolfcrypt._ffi import lib as _lib
 from wolfcrypt.ciphers import MODE_CTR, MODE_ECB, MODE_CBC, WolfCryptError
 from wolfcrypt.utils import t2b, h2b
+from wolfcrypt.random import Random
 import os
 
 certs_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), "certs")
@@ -325,10 +326,18 @@ def test_chacha_enc_dec(chacha_obj):
         assert plaintext == dec
 
 if _lib.RSA_ENABLED:
+    @pytest.fixture
+    def rng():
+        return Random()
+
     @pytest.fixture
     def rsa_private(vectors):
         return RsaPrivate(vectors[RsaPrivate].key)
 
+    @pytest.fixture
+    def rsa_private_rng(vectors, rng):
+        return RsaPrivate(vectors[RsaPrivate].key, rng=rng)
+
     @pytest.fixture
     def rsa_private_oaep(vectors):
         return RsaPrivate(vectors[RsaPrivate].key, hash_type=HASH_TYPE_SHA)
@@ -345,6 +354,10 @@ def rsa_private_pkcs8(vectors):
     def rsa_public(vectors):
         return RsaPublic(vectors[RsaPublic].key)
 
+    @pytest.fixture
+    def rsa_public_rng(vectors, rng):
+        return RsaPublic(vectors[RsaPublic].key, rng=rng)
+
     @pytest.fixture
     def rsa_public_oaep(vectors):
         return RsaPublic(vectors[RsaPublic].key, hash_type=HASH_TYPE_SHA)
@@ -365,6 +378,17 @@ def rsa_public_pem(vectors):
             pem = f.read()
         return RsaPublic.from_pem(pem)
 
+    @pytest.fixture
+    def rsa_private_pem_rng(vectors, rng):
+        with open(vectors[RsaPrivate].pem, "rb") as f:
+            pem = f.read()
+        return RsaPrivate.from_pem(pem, rng=rng)
+
+    @pytest.fixture
+    def rsa_public_pem_rng(vectors, rng):
+        with open(vectors[RsaPublic].pem, "rb") as f:
+            pem = f.read()
+        return RsaPublic.from_pem(pem, rng=rng)
 
     def test_new_rsa_raises(vectors):
         with pytest.raises(WolfCryptError):
@@ -394,6 +418,22 @@ def test_rsa_encrypt_decrypt(rsa_private, rsa_public):
         assert 1024 / 8 == len(ciphertext) == rsa_private.output_size
         assert plaintext == rsa_private.decrypt(ciphertext)
 
+    def test_rsa_encrypt_decrypt_rng(rsa_private_rng, rsa_public_rng):
+        plaintext = t2b("Everyone gets Friday off.")
+
+        # normal usage, encrypt with public, decrypt with private
+        ciphertext = rsa_public_rng.encrypt(plaintext)
+
+        assert 1024 / 8 == len(ciphertext) == rsa_public_rng.output_size
+        assert plaintext == rsa_private_rng.decrypt(ciphertext)
+
+        # private object holds both private and public info, so it can also encrypt
+        # using the known public key.
+        ciphertext = rsa_private_rng.encrypt(plaintext)
+
+        assert 1024 / 8 == len(ciphertext) == rsa_private_rng.output_size
+        assert plaintext == rsa_private_rng.decrypt(ciphertext)
+
     def test_rsa_encrypt_decrypt_pad_oaep(rsa_private_oaep, rsa_public_oaep):
         plaintext = t2b("Everyone gets Friday off.")
 
@@ -477,6 +517,22 @@ def test_rsa_sign_verify_pem(rsa_private_pem, rsa_public_pem):
         assert 256 == len(signature) == rsa_private_pem.output_size
         assert plaintext == rsa_private_pem.verify(signature)
 
+    def test_rsa_sign_verify_pem_rng(rsa_private_pem_rng, rsa_public_pem_rng):
+        plaintext = t2b("Everyone gets Friday off.")
+
+        # normal usage, sign with private, verify with public
+        signature = rsa_private_pem_rng.sign(plaintext)
+
+        assert 256 == len(signature) == rsa_private_pem_rng.output_size
+        assert plaintext == rsa_public_pem_rng.verify(signature)
+
+        # private object holds both private and public info, so it can also verify
+        # using the known public key.
+        signature = rsa_private_pem_rng.sign(plaintext)
+
+        assert 256 == len(signature) == rsa_private_pem_rng.output_size
+        assert plaintext == rsa_private_pem_rng.verify(signature)
+
     def test_rsa_pkcs8_sign_verify(rsa_private_pkcs8, rsa_public):
         plaintext = t2b("Everyone gets Friday off.")
 
diff --git a/wolfcrypt/ciphers.py b/wolfcrypt/ciphers.py
@@ -750,9 +750,9 @@ def __init__(self, key=None, hash_type=None, rng=None):
 
         if _lib.ASN_ENABLED:
             @classmethod
-            def from_pem(cls, file, hash_type=None):
+            def from_pem(cls, file, hash_type=None, rng=None):
                 der = pem_to_der(file, _lib.PUBLICKEY_TYPE)
-                return cls(key=der, hash_type=hash_type)
+                return cls(key=der, hash_type=hash_type, rng=rng)
 
         def encrypt(self, plaintext):
             """
@@ -916,9 +916,9 @@ def __init__(self, key=None, hash_type=None, rng=None):  # pylint: disable=super
 
         if _lib.ASN_ENABLED:
             @classmethod
-            def from_pem(cls, file, hash_type=None):
+            def from_pem(cls, file, hash_type=None, rng=None):
                 der = pem_to_der(file, _lib.PRIVATEKEY_TYPE)
-                return cls(key=der, hash_type=hash_type)
+                return cls(key=der, hash_type=hash_type, rng=rng)
 
         if _lib.KEYGEN_ENABLED:
             def encode_key(self):
