aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/interfaces.py14
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py60
-rw-r--r--cryptography/hazmat/primitives/asymmetric/dsa.py207
-rw-r--r--docs/hazmat/backends/interfaces.rst33
-rw-r--r--docs/hazmat/primitives/asymmetric/dsa.rst167
-rw-r--r--tests/hazmat/backends/test_openssl.py36
-rw-r--r--tests/hazmat/primitives/test_dsa.py966
7 files changed, 461 insertions, 1022 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 00bcc443..69d776ff 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -159,20 +159,6 @@ class DSABackend(object):
"""
@abc.abstractmethod
- def create_dsa_signature_ctx(self, private_key, algorithm):
- """
- Returns an object conforming to the AsymmetricSignatureContext
- interface.
- """
-
- @abc.abstractmethod
- def create_dsa_verification_ctx(self, public_key, signature, algorithm):
- """
- Returns an object conforming to the AsymmetricVerificationContext
- interface.
- """
-
- @abc.abstractmethod
def dsa_hash_supported(self, algorithm):
"""
Return True if the hash algorithm is supported by the backend for DSA.
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index a0a7ac18..eadea50e 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -35,8 +35,7 @@ from cryptography.hazmat.backends.openssl.ciphers import (
)
from cryptography.hazmat.backends.openssl.cmac import _CMACContext
from cryptography.hazmat.backends.openssl.dsa import (
- _DSAParameters, _DSAPrivateKey, _DSAPublicKey,
- _DSASignatureContext, _DSAVerificationContext
+ _DSAParameters, _DSAPrivateKey, _DSAPublicKey
)
from cryptography.hazmat.backends.openssl.ec import (
_EllipticCurvePrivateKey, _EllipticCurvePublicKey
@@ -594,14 +593,9 @@ class Backend(object):
ctx = self._lib.DSA_new()
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.DSA_free)
- if isinstance(parameters, dsa.DSAParameters):
- ctx.p = self._int_to_bn(parameters.p)
- ctx.q = self._int_to_bn(parameters.q)
- ctx.g = self._int_to_bn(parameters.g)
- else:
- ctx.p = self._lib.BN_dup(parameters._dsa_cdata.p)
- ctx.q = self._lib.BN_dup(parameters._dsa_cdata.q)
- ctx.g = self._lib.BN_dup(parameters._dsa_cdata.g)
+ ctx.p = self._lib.BN_dup(parameters._dsa_cdata.p)
+ ctx.q = self._lib.BN_dup(parameters._dsa_cdata.q)
+ ctx.g = self._lib.BN_dup(parameters._dsa_cdata.g)
self._lib.DSA_generate_key(ctx)
@@ -611,29 +605,6 @@ class Backend(object):
parameters = self.generate_dsa_parameters(key_size)
return self.generate_dsa_private_key(parameters)
- def create_dsa_signature_ctx(self, private_key, algorithm):
- warnings.warn(
- "create_dsa_signature_ctx is deprecated and will be removed in "
- "a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- dsa_cdata = self._dsa_cdata_from_private_key(private_key)
- key = _DSAPrivateKey(self, dsa_cdata)
- return _DSASignatureContext(self, key, algorithm)
-
- def create_dsa_verification_ctx(self, public_key, signature,
- algorithm):
- warnings.warn(
- "create_dsa_verification_ctx is deprecated and will be removed in "
- "a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- dsa_cdata = self._dsa_cdata_from_public_key(public_key)
- key = _DSAPublicKey(self, dsa_cdata)
- return _DSAVerificationContext(self, key, signature, algorithm)
-
def load_dsa_private_numbers(self, numbers):
dsa._check_dsa_private_numbers(numbers)
parameter_numbers = numbers.public_numbers.parameter_numbers
@@ -675,29 +646,6 @@ class Backend(object):
return _DSAParameters(self, dsa_cdata)
- def _dsa_cdata_from_public_key(self, public_key):
- ctx = self._lib.DSA_new()
- assert ctx != self._ffi.NULL
- ctx = self._ffi.gc(ctx, self._lib.DSA_free)
- parameters = public_key.parameters()
- ctx.p = self._int_to_bn(parameters.p)
- ctx.q = self._int_to_bn(parameters.q)
- ctx.g = self._int_to_bn(parameters.g)
- ctx.pub_key = self._int_to_bn(public_key.y)
- return ctx
-
- def _dsa_cdata_from_private_key(self, private_key):
- ctx = self._lib.DSA_new()
- assert ctx != self._ffi.NULL
- ctx = self._ffi.gc(ctx, self._lib.DSA_free)
- parameters = private_key.parameters()
- ctx.p = self._int_to_bn(parameters.p)
- ctx.q = self._int_to_bn(parameters.q)
- ctx.g = self._int_to_bn(parameters.g)
- ctx.priv_key = self._int_to_bn(private_key.x)
- ctx.pub_key = self._int_to_bn(private_key.y)
- return ctx
-
def dsa_hash_supported(self, algorithm):
if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
return isinstance(algorithm, hashes.SHA1)
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index 04b22720..18076338 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -13,14 +13,9 @@
from __future__ import absolute_import, division, print_function
-import warnings
-
import six
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.backends.interfaces import DSABackend
-from cryptography.hazmat.primitives import interfaces
def generate_parameters(key_size, backend):
@@ -55,208 +50,6 @@ def _check_dsa_private_numbers(numbers):
raise ValueError("y must be equal to (g ** x % p).")
-@utils.register_interface(interfaces.DSAParameters)
-class DSAParameters(object):
- def __init__(self, modulus, subgroup_order, generator):
- warnings.warn(
- "The DSAParameters class is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- _check_dsa_parameters(
- DSAParameterNumbers(
- p=modulus,
- q=subgroup_order,
- g=generator
- )
- )
-
- self._modulus = modulus
- self._subgroup_order = subgroup_order
- self._generator = generator
-
- @classmethod
- def generate(cls, key_size, backend):
- warnings.warn(
- "generate is deprecated and will be removed in a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if not isinstance(backend, DSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement DSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- parameters = backend.generate_dsa_parameters(key_size)
- numbers = parameters.parameter_numbers()
- return cls(
- modulus=numbers.p,
- subgroup_order=numbers.q,
- generator=numbers.g
- )
-
- @property
- def modulus(self):
- return self._modulus
-
- @property
- def subgroup_order(self):
- return self._subgroup_order
-
- @property
- def generator(self):
- return self._generator
-
- @property
- def p(self):
- return self.modulus
-
- @property
- def q(self):
- return self.subgroup_order
-
- @property
- def g(self):
- return self.generator
-
-
-@utils.register_interface(interfaces.DSAPrivateKey)
-class DSAPrivateKey(object):
- def __init__(self, modulus, subgroup_order, generator, x, y):
- warnings.warn(
- "The DSAPrivateKey class is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if (
- not isinstance(x, six.integer_types) or
- not isinstance(y, six.integer_types)
- ):
- raise TypeError("DSAPrivateKey arguments must be integers.")
-
- _check_dsa_private_numbers(
- DSAPrivateNumbers(
- public_numbers=DSAPublicNumbers(
- parameter_numbers=DSAParameterNumbers(
- p=modulus,
- q=subgroup_order,
- g=generator
- ),
- y=y
- ),
- x=x
- )
- )
-
- self._modulus = modulus
- self._subgroup_order = subgroup_order
- self._generator = generator
- self._x = x
- self._y = y
-
- @classmethod
- def generate(cls, parameters, backend):
- warnings.warn(
- "generate is deprecated and will be removed in a future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- if not isinstance(backend, DSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement DSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- key = backend.generate_dsa_private_key(parameters)
- private_numbers = key.private_numbers()
- return cls(
- modulus=private_numbers.public_numbers.parameter_numbers.p,
- subgroup_order=private_numbers.public_numbers.parameter_numbers.q,
- generator=private_numbers.public_numbers.parameter_numbers.g,
- x=private_numbers.x,
- y=private_numbers.public_numbers.y
- )
-
- def signer(self, algorithm, backend):
- if not isinstance(backend, DSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement DSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.create_dsa_signature_ctx(self, algorithm)
-
- @property
- def key_size(self):
- return utils.bit_length(self._modulus)
-
- def public_key(self):
- return DSAPublicKey(self._modulus, self._subgroup_order,
- self._generator, self.y)
-
- @property
- def x(self):
- return self._x
-
- @property
- def y(self):
- return self._y
-
- def parameters(self):
- return DSAParameters(self._modulus, self._subgroup_order,
- self._generator)
-
-
-@utils.register_interface(interfaces.DSAPublicKey)
-class DSAPublicKey(object):
- def __init__(self, modulus, subgroup_order, generator, y):
- warnings.warn(
- "The DSAPublicKey class is deprecated and will be removed in a "
- "future version.",
- utils.DeprecatedIn05,
- stacklevel=2
- )
- _check_dsa_parameters(
- DSAParameterNumbers(
- p=modulus,
- q=subgroup_order,
- g=generator
- )
- )
- if not isinstance(y, six.integer_types):
- raise TypeError("y must be an integer.")
-
- self._modulus = modulus
- self._subgroup_order = subgroup_order
- self._generator = generator
- self._y = y
-
- def verifier(self, signature, algorithm, backend):
- if not isinstance(backend, DSABackend):
- raise UnsupportedAlgorithm(
- "Backend object does not implement DSABackend.",
- _Reasons.BACKEND_MISSING_INTERFACE
- )
-
- return backend.create_dsa_verification_ctx(self, signature,
- algorithm)
-
- @property
- def key_size(self):
- return utils.bit_length(self._modulus)
-
- @property
- def y(self):
- return self._y
-
- def parameters(self):
- return DSAParameters(self._modulus, self._subgroup_order,
- self._generator)
-
-
class DSAParameterNumbers(object):
def __init__(self, p, q, g):
if (
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 4f4c5680..78354182 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -341,39 +341,6 @@ A specific ``backend`` may provide one or more of these interfaces.
:raises ValueError: This is raised if the key size is not supported
by the backend.
- .. method:: create_dsa_signature_ctx(private_key, algorithm)
-
- .. deprecated:: 0.5
-
- :param private_key: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
- provider.
-
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
- provider
-
- :returns:
- :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
-
- .. method:: create_dsa_verification_ctx(public_key, signature, algorithm)
-
- .. deprecated:: 0.5
-
- :param public_key: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
- provider.
-
- :param bytes signature: The signature to verify. DER encoded as
- specified in :rfc:`6979`.
-
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
- provider.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
-
.. method:: dsa_hash_supported(algorithm):
:param algorithm: An instance of a
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index e411931b..302eea81 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -192,173 +192,6 @@ Numbers
:class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
provider.
-Deprecated Concrete Classes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-These classes were deprecated in version 0.5 in favor of backend specific
-providers of the
-:class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`,
-:class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`, and
-:class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` interfaces.
-
-.. class:: DSAParameters(modulus, subgroup_order, generator)
-
- .. versionadded:: 0.4
-
- .. deprecated:: 0.5
-
- DSA Parameters are required for generating a DSA private key.
-
- You should use :meth:`~generate` to generate new parameters.
-
- .. warning::
- This method only checks a limited set of properties of its arguments.
- Using DSA parameters that you do not trust or with incorrect arguments
- may lead to insecure operation, crashes, and other undefined behavior.
- We recommend that you only ever load parameters that were generated
- with software you trust.
-
-
- This class conforms to the
- :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
- interface.
-
- :raises TypeError: This is raised when the arguments are not all integers.
-
- :raises ValueError: This is raised when the values of ``modulus``,
- ``subgroup_order``, or ``generator`` do
- not match the bounds specified in `FIPS 186-4`_.
-
- .. classmethod:: generate(key_size, backend)
-
- Generate a new ``DSAParameters`` instance using ``backend``.
-
- :param int key_size: The length of the modulus in bits. It should be
- either 1024, 2048 or 3072. For keys generated in 2014 this should
- be `at least 2048`_ (See page 41). Note that some applications
- (such as SSH) have not yet gained support for larger key sizes
- specified in FIPS 186-3 and are still restricted to only the
- 1024-bit keys specified in FIPS 186-2.
-
- :return: A new instance of ``DSAParameters``
-
- :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
- the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
-
-
-.. class:: DSAPrivateKey(modulus, subgroup_order, generator, x, y)
-
- .. versionadded:: 0.4
-
- .. deprecated:: 0.5
-
- A DSA private key is required for signing messages.
-
- You should use :meth:`~generate` to generate new keys.
-
- .. warning::
- This method only checks a limited set of properties of its arguments.
- Using a DSA private key that you do not trust or with incorrect
- parameters may lead to insecure operation, crashes, and other undefined
- behavior. We recommend that you only ever load private keys that were
- generated with software you trust.
-
-
- This class conforms to the
- :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
- interface.
-
- :raises TypeError: This is raised when the arguments are not all integers.
-
- :raises ValueError: This is raised when the values of ``modulus``,
- ``subgroup_order``, or ``generator`` do
- not match the bounds specified in `FIPS 186-4`_.
-
- .. classmethod:: generate(parameters, backend)
-
- Generate a new ``DSAPrivateKey`` instance using ``backend``.
-
- :param parameters: A
- :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
- provider.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
- :return: A new instance of ``DSAPrivateKey``.
-
- :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
- the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
-
- :raises ValueError: This is raised if the key size is not (1024 or 2048 or 3072)
- or if the OpenSSL version is older than 1.0.0 and the key size is larger than 1024
- because older OpenSSL versions don't support a key size larger than 1024.
-
- .. method:: signer(algorithm, backend)
-
- .. versionadded:: 0.4
-
- Sign data which can be verified later by others using the public key.
-
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
- provider.
-
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
- provider.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
-
- :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
- the provided ``backend`` does not implement
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
-
-
-.. class:: DSAPublicKey(modulus, subgroup_order, generator, y)
-
- .. versionadded:: 0.4
-
- .. deprecated:: 0.5
-
- A DSA public key is required for verifying messages.
-
- Normally you do not need to directly construct public keys because you'll
- be loading them from a file, generating them automatically or receiving
- them from a 3rd party.
-
- This class conforms to the
- :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
- interface.
-
- :raises TypeError: This is raised when the arguments are not all integers.
-
- :raises ValueError: This is raised when the values of ``modulus``,
- ``subgroup_order``, ``generator``, or ``y``
- do not match the bounds specified in `FIPS 186-4`_.
-
- .. method:: verifier(signature, algorithm, backend)
-
- .. versionadded:: 0.4
-
- Verify data was signed by the private key associated with this public
- key.
-
- :param bytes signature: The signature to verify. DER encoded as
- specified in :rfc:`6979`.
-
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
- provider.
-
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index b3a17884..94b5818e 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -175,20 +175,22 @@ class TestOpenSSL(object):
)
def test_large_key_size_on_old_openssl(self):
with pytest.raises(ValueError):
- dsa.DSAParameters.generate(2048, backend=backend)
+ dsa.generate_parameters(2048, backend=backend)
with pytest.raises(ValueError):
- dsa.DSAParameters.generate(3072, backend=backend)
+ dsa.generate_parameters(3072, backend=backend)
@pytest.mark.skipif(
backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f,
reason="Requires a newer OpenSSL. Must be >= 1.0.0"
)
def test_large_key_size_on_new_openssl(self):
- parameters = dsa.DSAParameters.generate(2048, backend)
- assert utils.bit_length(parameters.p) == 2048
- parameters = dsa.DSAParameters.generate(3072, backend)
- assert utils.bit_length(parameters.p) == 3072
+ parameters = dsa.generate_parameters(2048, backend)
+ param_num = parameters.parameter_numbers()
+ assert utils.bit_length(param_num.p) == 2048
+ parameters = dsa.generate_parameters(3072, backend)
+ param_num = parameters.parameter_numbers()
+ assert utils.bit_length(param_num.p) == 3072
def test_int_to_bn(self):
value = (2 ** 4242) - 4242
@@ -502,28 +504,6 @@ class TestOpenSSLEllipticCurve(object):
_sn_to_elliptic_curve(backend, b"fake")
-class TestDeprecatedDSABackendMethods(object):
- def test_create_dsa_signature_ctx(self):
- params = dsa.DSAParameters.generate(1024, backend)
- key = dsa.DSAPrivateKey.generate(params, backend)
- pytest.deprecated_call(
- backend.create_dsa_signature_ctx,
- key,
- hashes.SHA1()
- )
-
- def test_create_dsa_verification_ctx(self):
- params = dsa.DSAParameters.generate(1024, backend)
- key = dsa.DSAPrivateKey.generate(params, backend)
- public_key = key.public_key()
- pytest.deprecated_call(
- backend.create_dsa_verification_ctx,
- public_key,
- b"\x00" * 128,
- hashes.SHA1()
- )
-
-
@pytest.mark.elliptic
class TestDeprecatedECBackendMethods(object):
def test_elliptic_curve_private_key_from_numbers(self):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 8c87cfdf..02ed25d9 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -18,8 +18,7 @@ import os
import pytest
-from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, _Reasons)
+from cryptography.exceptions import AlreadyFinalized, InvalidSignature
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.utils import bit_length
@@ -30,57 +29,18 @@ from .fixtures_dsa import (
from ...utils import (
der_encode_dsa_signature, load_fips_dsa_key_pair_vectors,
load_fips_dsa_sig_vectors, load_vectors_from_file,
- raises_unsupported_algorithm
)
-def _check_dsa_private_key(skey):
- assert skey
- assert skey.x
- assert skey.y
- assert skey.key_size
-
- skey_parameters = skey.parameters()
- assert skey_parameters
- assert skey_parameters.modulus
- assert skey_parameters.subgroup_order
- assert skey_parameters.generator
- assert skey_parameters.modulus == skey_parameters.p
- assert skey_parameters.subgroup_order == skey_parameters.q
- assert skey_parameters.generator == skey_parameters.g
-
- pkey = skey.public_key()
- assert pkey
- assert skey.y == pkey.y
- assert skey.key_size == pkey.key_size
-
- pkey_parameters = pkey.parameters()
- assert pkey_parameters
- assert pkey_parameters.modulus
- assert pkey_parameters.subgroup_order
- assert pkey_parameters.generator
- assert pkey_parameters.modulus == pkey_parameters.p
- assert pkey_parameters.subgroup_order == pkey_parameters.q
- assert pkey_parameters.generator == pkey_parameters.g
-
- assert skey_parameters.modulus == pkey_parameters.modulus
- assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
- assert skey_parameters.generator == pkey_parameters.generator
-
-
@pytest.mark.dsa
class TestDSA(object):
- def test_generate_dsa_parameters_class_method(self, backend):
- parameters = dsa.DSAParameters.generate(1024, backend)
- assert bit_length(parameters.p) == 1024
-
def test_generate_dsa_parameters(self, backend):
parameters = dsa.generate_parameters(1024, backend)
assert isinstance(parameters, interfaces.DSAParameters)
def test_generate_invalid_dsa_parameters(self, backend):
with pytest.raises(ValueError):
- dsa.DSAParameters.generate(1, backend)
+ dsa.generate_parameters(1, backend)
@pytest.mark.parametrize(
"vector",
@@ -127,529 +87,546 @@ class TestDSA(object):
skey_parameters.g, numbers.x, skey_parameters.p
)
- def test_invalid_parameters_argument_types(self):
- with pytest.raises(TypeError):
- dsa.DSAParameters(None, None, None)
-
- def test_invalid_private_key_argument_types(self):
- with pytest.raises(TypeError):
- dsa.DSAPrivateKey(None, None, None, None, None)
-
- def test_invalid_public_key_argument_types(self):
- with pytest.raises(TypeError):
- dsa.DSAPublicKey(None, None, None, None)
-
- def test_load_dsa_example_keys(self):
- parameters = dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g
- )
-
- assert parameters
- assert parameters.modulus
- assert parameters.subgroup_order
- assert parameters.generator
- assert parameters.modulus == parameters.p
- assert parameters.subgroup_order == parameters.q
- assert parameters.generator == parameters.g
-
- pub_key = dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- y=DSA_KEY_1024.public_numbers.y
- )
- assert pub_key
- assert pub_key.key_size
- assert pub_key.y
- pub_key_parameters = pub_key.parameters()
- assert pub_key_parameters
- assert pub_key_parameters.modulus
- assert pub_key_parameters.subgroup_order
- assert pub_key_parameters.generator
-
- skey = dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- y=DSA_KEY_1024.public_numbers.y,
- x=DSA_KEY_1024.x
- )
- assert skey
- _check_dsa_private_key(skey)
- skey_parameters = skey.parameters()
- assert skey_parameters
- assert skey_parameters.modulus
- assert skey_parameters.subgroup_order
- assert skey_parameters.generator
-
- pkey = dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- y=DSA_KEY_1024.public_numbers.y
- )
- assert pkey
- pkey_parameters = pkey.parameters()
- assert pkey_parameters
- assert pkey_parameters.modulus
- assert pkey_parameters.subgroup_order
- assert pkey_parameters.generator
-
- pkey2 = skey.public_key()
- assert pkey2
- pkey2_parameters = pkey.parameters()
- assert pkey2_parameters
- assert pkey2_parameters.modulus
- assert pkey2_parameters.subgroup_order
- assert pkey2_parameters.generator
-
- assert skey_parameters.modulus == pkey_parameters.modulus
- assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
- assert skey_parameters.generator == pkey_parameters.generator
- assert skey.y == pkey.y
- assert skey.key_size == pkey.key_size
-
- assert pkey_parameters.modulus == pkey2_parameters.modulus
- assert pkey_parameters.subgroup_order == \
- pkey2_parameters.subgroup_order
- assert pkey_parameters.generator == pkey2_parameters.generator
- assert pkey.y == pkey2.y
- assert pkey.key_size == pkey2.key_size
-
- def test_invalid_parameters_values(self):
- # Test a modulus < 1024 bits in length
- with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=2 ** 1000,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- )
-
- # Test a modulus < 2048 bits in length
+ def test_invalid_parameters_values(self, backend):
+ # Test a p < 1024 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=2 ** 2000,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=2 ** 1000,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a modulus < 3072 bits in length
+ # Test a p < 2048 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=2 ** 3000,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- )
-
- # Test a modulus > 3072 bits in length
- with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=2 ** 3100,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=2 ** 2000,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a subgroup_order < 160 bits in length
+ # Test a p < 3072 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 150,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=2 ** 3000,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a subgroup_order < 256 bits in length
+ # Test a p > 3072 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 250,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g
- )
+ dsa.DSAParameterNumbers(
+ p=2 ** 3100,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a subgroup_order > 256 bits in length
+ # Test a q < 160 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 260,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=2 ** 150,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
+ # Test a q < 256 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=2 ** 250,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g
+ ).parameters(backend)
- # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
+ # Test a q > 256 bits in length
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=2 ** 260,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
+ # Test a p, q pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a generator < 1
+ # Test a p, q pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=0
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g
+ ).parameters(backend)
- # Test a generator = 1
+ # Test a p, q pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=1
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).parameters(backend)
- # Test a generator > modulus
+ # Test a g < 1
with pytest.raises(ValueError):
- dsa.DSAParameters(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=2 ** 1200
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=0
+ ).parameters(backend)
- def test_invalid_dsa_private_key_arguments(self):
- # Test a modulus < 1024 bits in length
+ # Test a g = 1
with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=2 ** 1000,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=1
+ ).parameters(backend)
- # Test a modulus < 2048 bits in length
+ # Test a g > p
with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=2 ** 2000,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=2 ** 1200
+ ).parameters(backend)
+
+ def test_invalid_dsa_private_key_arguments(self, backend):
+ # Test a p < 1024 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 1000,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
+ x=DSA_KEY_1024.x
+ ).private_key(backend)
+
+ # Test a p < 2048 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 2000,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_2048.public_numbers.y
+ ),
x=DSA_KEY_2048.x,
- y=DSA_KEY_2048.public_numbers.y
- )
-
- # Test a modulus < 3072 bits in length
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=2 ** 3000,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a p < 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 3000,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_3072.public_numbers.y
+ ),
x=DSA_KEY_3072.x,
- y=DSA_KEY_3072.public_numbers.y
- )
-
- # Test a modulus > 3072 bits in length
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=2 ** 3100,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a p > 3072 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 3100,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_3072.public_numbers.y
+ ),
x=DSA_KEY_3072.x,
- y=DSA_KEY_3072.public_numbers.y
- )
-
- # Test a subgroup_order < 160 bits in length
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 150,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a q < 160 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=2 ** 150,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test a subgroup_order < 256 bits in length
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 250,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a q < 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=2 ** 250,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_2048.public_numbers.y
+ ),
x=DSA_KEY_2048.x,
- y=DSA_KEY_2048.public_numbers.y
- )
-
- # Test a subgroup_order > 256 bits in length
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 260,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a q > 256 bits in length
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=2 ** 260,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_3072.public_numbers.y
+ ),
x=DSA_KEY_3072.x,
- y=DSA_KEY_3072.public_numbers.y
- )
-
- # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a p, q pair of (1024, 256) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a p, q pair of (2048, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_2048.public_numbers.y
+ ),
x=DSA_KEY_2048.x,
- y=DSA_KEY_2048.public_numbers.y
- )
-
- # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test a p, q pair of (3072, 160) bit lengths
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_3072.public_numbers.y
+ ),
x=DSA_KEY_3072.x,
- y=DSA_KEY_3072.public_numbers.y
- )
-
- # Test a generator < 1
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=0,
+ ).private_key(backend)
+
+ # Test a g < 1
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=0,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test a generator = 1
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=1,
+ ).private_key(backend)
+
+ # Test a g = 1
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=1,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test a generator > modulus
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=2 ** 1200,
+ ).private_key(backend)
+
+ # Test a g > p
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=2 ** 1200,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=DSA_KEY_1024.x,
- y=DSA_KEY_1024.public_numbers.y
- )
+ ).private_key(backend)
# Test x = 0
with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=0,
- y=DSA_KEY_1024.public_numbers.y
- )
+ ).private_key(backend)
# Test x < 0
with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=-2,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test x = subgroup_order
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test x = q
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=2 ** 159,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test x > subgroup_order
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test x > q
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=2 ** 200,
- y=DSA_KEY_1024.public_numbers.y
- )
-
- # Test y != (generator ** x) % modulus
- with pytest.raises(ValueError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ).private_key(backend)
+
+ # Test y != (g ** x) % p
+ with pytest.raises(ValueError):
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=2 ** 100
+ ),
x=DSA_KEY_1024.x,
- y=2 ** 100
- )
+ ).private_key(backend)
# Test a non-integer y value
with pytest.raises(TypeError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=None
+ ),
x=DSA_KEY_1024.x,
- y=None
- )
+ ).private_key(backend)
# Test a non-integer x value
with pytest.raises(TypeError):
- dsa.DSAPrivateKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPrivateNumbers(
+ public_numbers=dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
+ y=DSA_KEY_1024.public_numbers.y
+ ),
x=None,
- y=DSA_KEY_1024.public_numbers.y
- )
+ ).private_key(backend)
- def test_invalid_dsa_public_key_arguments(self):
- # Test a modulus < 1024 bits in length
+ def test_invalid_dsa_public_key_arguments(self, backend):
+ # Test a p < 1024 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=2 ** 1000,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 1000,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus < 2048 bits in length
+ # Test a p < 2048 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=2 ** 2000,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 2000,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_2048.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus < 3072 bits in length
+ # Test a p < 3072 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=2 ** 3000,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 3000,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_3072.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus > 3072 bits in length
+ # Test a p > 3072 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=2 ** 3100,
- subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=2 ** 3100,
+ q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_3072.public_numbers.y
- )
+ ).public_key(backend)
- # Test a subgroup_order < 160 bits in length
+ # Test a q < 160 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 150,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=2 ** 150,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
- # Test a subgroup_order < 256 bits in length
+ # Test a q < 256 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 250,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=2 ** 250,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_2048.public_numbers.y
- )
+ ).public_key(backend)
- # Test a subgroup_order > 256 bits in length
+ # Test a q > 256 bits in length
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=2 ** 260,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=2 ** 260,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_3072.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus, subgroup_order pair of (1024, 256) bit lengths
+ # Test a p, q pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus, subgroup_order pair of (2048, 160) bit lengths
+ # Test a p, q pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_2048.public_numbers.y
- )
+ ).public_key(backend)
- # Test a modulus, subgroup_order pair of (3072, 160) bit lengths
+ # Test a p, q pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ ),
y=DSA_KEY_3072.public_numbers.y
- )
+ ).public_key(backend)
- # Test a generator < 1
+ # Test a g < 1
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=0,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=0,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
- # Test a generator = 1
+ # Test a g = 1
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=1,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=1,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
- # Test a generator > modulus
+ # Test a g > p
with pytest.raises(ValueError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=2 ** 1200,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=2 ** 1200,
+ ),
y=DSA_KEY_1024.public_numbers.y
- )
+ ).public_key(backend)
# Test a non-integer y value
with pytest.raises(TypeError):
- dsa.DSAPublicKey(
- modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ dsa.DSAPublicNumbers(
+ parameter_numbers=dsa.DSAParameterNumbers(
+ p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ ),
y=None
- )
+ ).public_key(backend)
@pytest.mark.dsa
@@ -698,27 +675,15 @@ class TestDSAVerification(object):
verifier.verify()
def test_dsa_verify_invalid_asn1(self, backend):
- parameters = pytest.deprecated_call(
- dsa.DSAParameters.generate,
- 1024,
- backend
- )
- private_key = pytest.deprecated_call(
- dsa.DSAPrivateKey.generate,
- parameters,
- backend
- )
- public_key = pytest.deprecated_call(private_key.public_key)
- verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend)
+ public_key = DSA_KEY_1024.public_numbers.public_key(backend)
+ verifier = public_key.verifier(b'fakesig', hashes.SHA1())
verifier.update(b'fakesig')
with pytest.raises(InvalidSignature):
verifier.verify()
def test_use_after_finalize(self, backend):
- parameters = dsa.DSAParameters.generate(1024, backend)
- private_key = dsa.DSAPrivateKey.generate(parameters, backend)
- public_key = private_key.public_key()
- verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend)
+ public_key = DSA_KEY_1024.public_numbers.public_key(backend)
+ verifier = public_key.verifier(b'fakesig', hashes.SHA1())
verifier.update(b'irrelevant')
with pytest.raises(InvalidSignature):
verifier.verify()
@@ -727,16 +692,6 @@ class TestDSAVerification(object):
with pytest.raises(AlreadyFinalized):
verifier.update(b"more data")
- def test_dsa_verifier_invalid_backend(self, backend):
- pretend_backend = object()
- params = dsa.DSAParameters.generate(1024, backend)
- private_key = dsa.DSAPrivateKey.generate(params, backend)
- public_key = private_key.public_key()
-
- with raises_unsupported_algorithm(
- _Reasons.BACKEND_MISSING_INTERFACE):
- public_key.verifier(b"sig", hashes.SHA1(), pretend_backend)
-
@pytest.mark.dsa
class TestDSASignature(object):
@@ -787,9 +742,8 @@ class TestDSASignature(object):
verifier.verify()
def test_use_after_finalize(self, backend):
- parameters = dsa.DSAParameters.generate(1024, backend)
- private_key = dsa.DSAPrivateKey.generate(parameters, backend)
- signer = private_key.signer(hashes.SHA1(), backend)
+ private_key = DSA_KEY_1024.private_key(backend)
+ signer = private_key.signer(hashes.SHA1())
signer.update(b"data")
signer.finalize()
with pytest.raises(AlreadyFinalized):
@@ -797,28 +751,6 @@ class TestDSASignature(object):
with pytest.raises(AlreadyFinalized):
signer.update(b"more data")
- def test_dsa_signer_invalid_backend(self, backend):
- pretend_backend = object()
- params = dsa.DSAParameters.generate(1024, backend)
- private_key = dsa.DSAPrivateKey.generate(params, backend)
-
- with raises_unsupported_algorithm(
- _Reasons.BACKEND_MISSING_INTERFACE):
- private_key.signer(hashes.SHA1(), pretend_backend)
-
-
-def test_dsa_generate_invalid_backend():
- pretend_backend = object()
-
- with raises_unsupported_algorithm(
- _Reasons.BACKEND_MISSING_INTERFACE):
- dsa.DSAParameters.generate(1024, pretend_backend)
-
- pretend_parameters = object()
- with raises_unsupported_algorithm(
- _Reasons.BACKEND_MISSING_INTERFACE):
- dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
-
class TestDSANumbers(object):
def test_dsa_parameter_numbers(self):
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 07:28:54 +0000