diff options
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 104 |
1 files changed, 99 insertions, 5 deletions
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index bc3b1db6..3e37fdf4 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -18,13 +18,15 @@ import os import pytest -from cryptography.exceptions import _Reasons +from cryptography.exceptions import ( + AlreadyFinalized, InvalidSignature, _Reasons) +from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.utils import bit_length from ...utils import ( - load_fips_dsa_key_pair_vectors, load_vectors_from_file, - raises_unsupported_algorithm + load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors, + load_vectors_from_file, raises_unsupported_algorithm ) @@ -720,12 +722,104 @@ class TestDSA(object): ) +@pytest.mark.dsa +class TestDSAVerification(object): + @pytest.mark.parametrize( + "vector", + load_vectors_from_file( + os.path.join( + "asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"), + load_fips_dsa_sig_vectors + ) + ) + def test_dsa_verification(self, vector, backend): + public_key = dsa.DSAPublicKey(vector['p'], vector['q'], vector['g'], + vector['y']) + + digest_algorithm = vector['digest_algorithm'].replace("-", "") + algorithms_dict = { + 'SHA1': hashes.SHA1, + 'SHA224': hashes.SHA224, + 'SHA256': hashes.SHA256, + 'SHA384': hashes.SHA384, + 'SHA512': hashes.SHA512} + + algorithm = algorithms_dict[digest_algorithm] + + if ( + backend.dsa_parameters_supported(vector['p'], vector['q']) + and backend.dsa_hash_supported(algorithm) + ): + sig_buf = backend.dsa_signature_from_components( + vector['r'], vector['s']) + + verifier = public_key.verifier( + sig_buf, algorithm(), backend) + + verifier.update(vector['msg']) + + if vector['result'] == "F": + with pytest.raises(InvalidSignature): + verifier.verify() + else: + verifier.verify() + with pytest.raises(AlreadyFinalized): + verifier.verify() + with pytest.raises(AlreadyFinalized): + verifier.update(b"more data") + + @pytest.mark.parametrize( + "vector", + load_vectors_from_file( + os.path.join( + "asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"), + load_fips_dsa_sig_vectors + ) + ) + def test_dsa_verifier_invalid_digest_algorithm(self, vector, backend): + public_key = dsa.DSAPublicKey(vector['p'], vector['q'], vector['g'], + vector['y']) + + digest_algorithm = vector['digest_algorithm'].replace("-", "") + algorithms_dict = { + 'SHA1': hashes.SHA1, + 'SHA224': hashes.SHA224, + 'SHA256': hashes.SHA256, + 'SHA384': hashes.SHA384, + 'SHA512': hashes.SHA512} + + algorithm = algorithms_dict[digest_algorithm] + + if ( + backend.dsa_parameters_supported(vector['p'], vector['q']) + and backend.dsa_hash_supported(algorithm) + ): + sig_buf = backend.dsa_signature_from_components( + vector['r'], vector['s']) + + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_HASH): + public_key.verifier(sig_buf, hashes.MD5(), backend) + + def test_dsa_verifier_invalid_backend(self, backend): + pretend_backend = object() + params = dsa.DSAParameters.generate(1024, backend) + private_key = dsa.DSAPrivateKey.generate(params, backend) + public_key = private_key.public_key() + + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): + public_key.verifier(b"sig", hashes.SHA1(), pretend_backend) + + def test_dsa_generate_invalid_backend(): pretend_backend = object() - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): dsa.DSAParameters.generate(1024, pretend_backend) pretend_parameters = object() - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend) |