DSA opaque OpenSSL

2 files changed, 86 insertions, 54 deletions

diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 1c266baa..76436f79 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -20,7 +20,7 @@ import pytest
 
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidSignature, _Reasons)
-from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import dsa
 from cryptography.utils import bit_length
 
@@ -70,10 +70,15 @@ def _check_dsa_private_key(skey):
 
 @pytest.mark.dsa
 class TestDSA(object):
-    def test_generate_dsa_parameters(self, backend):
+    def test_generate_dsa_parameters_class_method(self, backend):
         parameters = dsa.DSAParameters.generate(1024, backend)
         assert bit_length(parameters.p) == 1024
 
+    def test_generate_dsa_parameters(self, backend):
+        parameters = dsa.generate_parameters(1024, backend)
+        assert isinstance(parameters, interfaces.DSAParameters)
+        # TODO: withnumbers check like RSA
+
     def test_generate_invalid_dsa_parameters(self, backend):
         with pytest.raises(ValueError):
             dsa.DSAParameters.generate(1, backend)
@@ -87,17 +92,31 @@ class TestDSA(object):
         )
     )
     def test_generate_dsa_keys(self, vector, backend):
-        parameters = dsa.DSAParameters(modulus=vector['p'],
-                                       subgroup_order=vector['q'],
-                                       generator=vector['g'])
-        skey = dsa.DSAPrivateKey.generate(parameters, backend)
-
-        skey_parameters = skey.parameters()
-        assert skey_parameters.p == vector['p']
-        assert skey_parameters.q == vector['q']
-        assert skey_parameters.g == vector['g']
-        assert skey.key_size == bit_length(vector['p'])
-        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
+        parameters = dsa.DSAParameterNumbers(
+            p=vector['p'],
+            q=vector['q'],
+            g=vector['g']
+        ).parameters(backend)
+        skey = dsa.generate_private_key(parameters)
+        if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
+            numbers = skey.private_numbers()
+            skey_parameters = numbers.public_numbers.parameter_numbers
+            pkey = skey.public_key()
+            parameters = pkey.parameters()
+            parameter_numbers = parameters.parameter_numbers()
+            assert parameter_numbers.p == skey_parameters.p
+            assert parameter_numbers.q == skey_parameters.q
+            assert parameter_numbers.g == skey_parameters.g
+            assert skey_parameters.p == vector['p']
+            assert skey_parameters.q == vector['q']
+            assert skey_parameters.g == vector['g']
+            assert skey.key_size == bit_length(vector['p'])
+            assert pkey.key_size == skey.key_size
+            public_numbers = pkey.public_numbers()
+            assert numbers.public_numbers.y == public_numbers.y
+            assert numbers.public_numbers.y == pow(
+                skey_parameters.g, numbers.x, skey_parameters.p
+            )
 
     def test_invalid_parameters_argument_types(self):
         with pytest.raises(TypeError):
@@ -654,11 +673,14 @@ class TestDSAVerification(object):
                 "{0} does not support the provided parameters".format(backend)
             )
 
-        public_key = dsa.DSAPublicKey(
-            vector['p'], vector['q'], vector['g'], vector['y']
-        )
+        public_key = dsa.DSAPublicNumbers(
+            parameter_numbers=dsa.DSAParameterNumbers(
+                vector['p'], vector['q'], vector['g']
+            ),
+            y=vector['y']
+        ).public_key(backend)
         sig = der_encode_dsa_signature(vector['r'], vector['s'])
-        verifier = public_key.verifier(sig, algorithm(), backend)
+        verifier = public_key.verifier(sig, algorithm())
         verifier.update(vector['msg'])
         if vector['result'] == "F":
             with pytest.raises(InvalidSignature):
@@ -728,16 +750,22 @@ class TestDSASignature(object):
                 "{0} does not support the provided parameters".format(backend)
             )
 
-        private_key = dsa.DSAPrivateKey(
-            vector['p'], vector['q'], vector['g'], vector['x'], vector['y']
-        )
-        signer = private_key.signer(algorithm(), backend)
+        private_key = dsa.DSAPrivateNumbers(
+            public_numbers=dsa.DSAPublicNumbers(
+                parameter_numbers=dsa.DSAParameterNumbers(
+                    vector['p'], vector['q'], vector['g']
+                ),
+                y=vector['y']
+            ),
+            x=vector['x']
+        ).private_key(backend)
+        signer = private_key.signer(algorithm())
         signer.update(vector['msg'])
         signature = signer.finalize()
         assert signature
 
         public_key = private_key.public_key()
-        verifier = public_key.verifier(signature, algorithm(), backend)
+        verifier = public_key.verifier(signature, algorithm())
         verifier.update(vector['msg'])
         verifier.verify()
 
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 8a90b30e..30ac4f3d 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -21,7 +21,6 @@ import pytest
 
 from cryptography.exceptions import _Reasons
 from cryptography.hazmat.primitives import interfaces
-from cryptography.hazmat.primitives.asymmetric import dsa
 from cryptography.hazmat.primitives.serialization import (
     load_pem_pkcs8_private_key, load_pem_traditional_openssl_private_key
 )
@@ -73,7 +72,7 @@ class TestTraditionalOpenSSLSerialisation(object):
         )
 
         assert key
-        assert isinstance(key, dsa.DSAPrivateKey)
+        assert isinstance(key, interfaces.DSAPrivateKey)
 
     def test_key1_pem_encrypted_values(self, backend):
         pkey = load_vectors_from_file(
@@ -480,41 +479,46 @@ class TestPKCS8Serialisation(object):
             )
         )
         assert key
-        assert isinstance(key, dsa.DSAPrivateKey)
+        assert isinstance(key, interfaces.DSAPrivateKey)
 
         params = key.parameters()
-        assert isinstance(params, dsa.DSAParameters)
-
-        assert key.x == int("00a535a8e1d0d91beafc8bee1d9b2a3a8de3311203", 16)
-        assert key.y == int(
-            "2b260ea97dc6a12ae932c640e7df3d8ff04a8a05a0324f8d5f1b23f15fa1"
-            "70ff3f42061124eff2586cb11b49a82dcdc1b90fc6a84fb10109cb67db5d"
-            "2da971aeaf17be5e37284563e4c64d9e5fc8480258b319f0de29d54d8350"
-            "70d9e287914d77df81491f4423b62da984eb3f45eb2a29fcea5dae525ac6"
-            "ab6bcce04bfdf5b6",
-            16
-        )
+        assert isinstance(params, interfaces.DSAParameters)
+
+        if isinstance(params, interfaces.DSAParametersWithNumbers):
+            num = key.private_numbers()
+            pub = num.public_numbers
+            parameter_numbers = pub.parameter_numbers
+            assert num.x == int("00a535a8e1d0d91beafc8bee1d9b2a3a8de3311203",
+                                16)
+            assert pub.y == int(
+                "2b260ea97dc6a12ae932c640e7df3d8ff04a8a05a0324f8d5f1b23f15fa1"
+                "70ff3f42061124eff2586cb11b49a82dcdc1b90fc6a84fb10109cb67db5d"
+                "2da971aeaf17be5e37284563e4c64d9e5fc8480258b319f0de29d54d8350"
+                "70d9e287914d77df81491f4423b62da984eb3f45eb2a29fcea5dae525ac6"
+                "ab6bcce04bfdf5b6",
+                16
+            )
 
-        assert params.p == int(
-            "00aa0930cc145825221caffa28ac2894196a27833de5ec21270791689420"
-            "7774a2e7b238b0d36f1b2499a2c2585083eb01432924418d867faa212dd1"
-            "071d4dceb2782794ad393cc08a4d4ada7f68d6e839a5fcd34b4e402d82cb"
-            "8a8cb40fec31911bf9bd360b034caacb4c5e947992573c9e90099c1b0f05"
-            "940cabe5d2de49a167",
-            16
-        )
+            assert parameter_numbers.p == int(
+                "00aa0930cc145825221caffa28ac2894196a27833de5ec21270791689420"
+                "7774a2e7b238b0d36f1b2499a2c2585083eb01432924418d867faa212dd1"
+                "071d4dceb2782794ad393cc08a4d4ada7f68d6e839a5fcd34b4e402d82cb"
+                "8a8cb40fec31911bf9bd360b034caacb4c5e947992573c9e90099c1b0f05"
+                "940cabe5d2de49a167",
+                16
+            )
 
-        assert params.q == int("00adc0e869b36f0ac013a681fdf4d4899d69820451",
-                               16)
+            assert parameter_numbers.q == int(
+                "00adc0e869b36f0ac013a681fdf4d4899d69820451", 16)
 
-        assert params.g == int(
-            "008c6b4589afa53a4d1048bfc346d1f386ca75521ccf72ddaa251286880e"
-            "e13201ff48890bbfc33d79bacaec71e7a778507bd5f1a66422e39415be03"
-            "e71141ba324f5b93131929182c88a9fa4062836066cebe74b5c6690c7d10"
-            "1106c240ab7ebd54e4e3301fd086ce6adac922fb2713a2b0887cba13b9bc"
-            "68ce5cfff241cd3246",
-            16
-        )
+            assert parameter_numbers.g == int(
+                "008c6b4589afa53a4d1048bfc346d1f386ca75521ccf72ddaa251286880e"
+                "e13201ff48890bbfc33d79bacaec71e7a778507bd5f1a66422e39415be03"
+                "e71141ba324f5b93131929182c88a9fa4062836066cebe74b5c6690c7d10"
+                "1106c240ab7ebd54e4e3301fd086ce6adac922fb2713a2b0887cba13b9bc"
+                "68ce5cfff241cd3246",
+                16
+            )
 
     @pytest.mark.parametrize(
         ("key_file", "password"),