aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/interfaces.py15
-rw-r--r--cryptography/hazmat/backends/multibackend.py16
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py8
-rw-r--r--cryptography/hazmat/primitives/asymmetric/dsa.py14
-rw-r--r--pytest.ini1
-rw-r--r--tests/conftest.py4
-rw-r--r--tests/hazmat/backends/test_multibackend.py35
-rw-r--r--tests/hazmat/backends/test_openssl.py12
-rw-r--r--tests/hazmat/primitives/test_dsa.py35
9 files changed, 121 insertions, 19 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 27b609ed..20c21118 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -113,6 +113,21 @@ class RSABackend(six.with_metaclass(abc.ABCMeta)):
"""
+class DSABackend(six.with_metaclass(abc.ABCMeta)):
+ @abc.abstractmethod
+ def generate_dsa_parameters(self, key_size):
+ """
+ Generate a DSAParameters instance with a modulus of key_size bits.
+ """
+
+ @abc.abstractmethod
+ def generate_dsa_private_key(self, parameters):
+ """
+ Generate an DSAPrivateKey instance with parameters as
+ a DSAParameters object.
+ """
+
+
class OpenSSLSerializationBackend(six.with_metaclass(abc.ABCMeta)):
@abc.abstractmethod
def load_openssl_pem_private_key(self, data, password):
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index aa649dd3..86cded85 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -16,7 +16,8 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+ RSABackend
)
@@ -25,6 +26,7 @@ from cryptography.hazmat.backends.interfaces import (
@utils.register_interface(HMACBackend)
@utils.register_interface(PBKDF2HMACBackend)
@utils.register_interface(RSABackend)
+@utils.register_interface(DSABackend)
class MultiBackend(object):
name = "multibackend"
@@ -142,3 +144,15 @@ class MultiBackend(object):
padding, algorithm)
raise UnsupportedAlgorithm("RSA is not supported by the backend",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+ def generate_dsa_parameters(self, key_size):
+ for b in self._filtered_backends(DSABackend):
+ return b.generate_dsa_parameters(key_size)
+ raise UnsupportedAlgorithm("DSA is not supported by the backend",
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+ def generate_dsa_private_key(self, parameters):
+ for b in self._filtered_backends(DSABackend):
+ return b.generate_dsa_private_key(parameters)
+ raise UnsupportedAlgorithm("DSA is not supported by the backend",
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index f161bd4e..82b7949e 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -25,7 +25,8 @@ from cryptography.exceptions import (
UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+ RSABackend
)
from cryptography.hazmat.bindings.openssl.binding import Binding
from cryptography.hazmat.primitives import hashes, interfaces
@@ -46,6 +47,7 @@ _OpenSSLError = collections.namedtuple("_OpenSSLError",
@utils.register_interface(CipherBackend)
+@utils.register_interface(DSABackend)
@utils.register_interface(HashBackend)
@utils.register_interface(HMACBackend)
@utils.register_interface(PBKDF2HMACBackend)
@@ -420,8 +422,8 @@ class Backend(object):
raise ValueError(
"Key size must be 1024 or 2048 or 3072 bits")
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f \
- and key_size > 1024:
+ if (self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and
+ key_size > 1024):
raise ValueError(
"Key size must be 1024 because OpenSSL < 1.0.0 doesn't "
"support larger key sizes")
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index e32e05c0..4c2de36a 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -16,6 +16,8 @@ from __future__ import absolute_import, division, print_function
import six
from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.backends.interfaces import DSABackend
from cryptography.hazmat.primitives import interfaces
@@ -51,6 +53,12 @@ class DSAParameters(object):
@classmethod
def generate(cls, key_size, backend):
+ if not isinstance(backend, DSABackend):
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement DSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
+
return backend.generate_dsa_parameters(key_size)
@property
@@ -102,6 +110,12 @@ class DSAPrivateKey(object):
@classmethod
def generate(cls, parameters, backend):
+ if not isinstance(backend, DSABackend):
+ raise UnsupportedAlgorithm(
+ "Backend object does not implement DSABackend",
+ _Reasons.BACKEND_MISSING_INTERFACE
+ )
+
return backend.generate_dsa_private_key(parameters)
@property
diff --git a/pytest.ini b/pytest.ini
index 3f65e30e..b590d0be 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -2,6 +2,7 @@
addopts = -r s
markers =
cipher: this test requires a backend providing CipherBackend
+ dsa: this test requires a backend providing DSABackend
hash: this test requires a backend providing HashBackend
hmac: this test requires a backend providing HMACBackend
pbkdf2hmac: this test requires a backend providing PBKDF2HMACBackend
diff --git a/tests/conftest.py b/tests/conftest.py
index 8e89af57..1ee2a993 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -17,7 +17,8 @@ import pytest
from cryptography.hazmat.backends import _available_backends
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+ RSABackend
)
from .utils import check_backend_support, check_for_iface, select_backends
@@ -37,6 +38,7 @@ def pytest_runtest_setup(item):
check_for_iface("cipher", CipherBackend, item)
check_for_iface("hash", HashBackend, item)
check_for_iface("pbkdf2hmac", PBKDF2HMACBackend, item)
+ check_for_iface("dsa", DSABackend, item)
check_for_iface("rsa", RSABackend, item)
check_backend_support(item)
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index f0be72b2..4ec8a110 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -18,7 +18,8 @@ from cryptography.exceptions import (
UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
- CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+ CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend,
+ DSABackend
)
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.primitives import hashes, hmac
@@ -27,6 +28,8 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from ...utils import raises_unsupported_algorithm
+from pretend import stub
+
@utils.register_interface(CipherBackend)
class DummyCipherBackend(object):
@@ -98,6 +101,15 @@ class DummyRSABackend(object):
pass
+@utils.register_interface(DSABackend)
+class DummyDSABackend(object):
+ def generate_dsa_parameters(self, key_size):
+ pass
+
+ def generate_dsa_private_key(self, parameters):
+ pass
+
+
class TestMultiBackend(object):
def test_ciphers(self):
backend = MultiBackend([
@@ -193,3 +205,24 @@ class TestMultiBackend(object):
):
backend.create_rsa_verification_ctx(
"public_key", "sig", padding.PKCS1v15(), hashes.MD5())
+
+ def test_dsa(self):
+ backend = MultiBackend([
+ DummyDSABackend()
+ ])
+
+ backend.generate_dsa_parameters(key_size=1024)
+
+ parameters = stub()
+ backend.generate_dsa_private_key(parameters)
+
+ backend = MultiBackend([])
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.generate_dsa_parameters(key_size=1024)
+
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.generate_dsa_private_key(parameters)
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 86404fe9..6ab16627 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -28,6 +28,8 @@ from cryptography.hazmat.primitives.ciphers.modes import CBC
from ...utils import raises_unsupported_algorithm
+from cryptography.utils import bit_length
+
@utils.register_interface(interfaces.Mode)
class DummyMode(object):
@@ -203,6 +205,16 @@ class TestOpenSSL(object):
with pytest.raises(ValueError):
dsa.DSAParameters.generate(3072, backend=backend)
+ @pytest.mark.skipif(
+ backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f,
+ reason="Requires a newer OpenSSL. Must be >= 1.0.0"
+ )
+ def test_large_key_size_on_new_openssl(self):
+ parameters = dsa.DSAParameters.generate(2048, backend)
+ assert bit_length(parameters.p) == 2048
+ parameters = dsa.DSAParameters.generate(3072, backend)
+ assert bit_length(parameters.p) == 3072
+
class TestOpenSSLRandomEngine(object):
def teardown_method(self, method):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 6503b9d4..2b5d4bb3 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -18,12 +18,13 @@ import os
import pytest
+from cryptography.exceptions import _Reasons
from cryptography.hazmat.primitives.asymmetric import dsa
-
from cryptography.utils import bit_length
from ...utils import (
- load_vectors_from_file, load_fips_dsa_key_pair_vectors
+ load_vectors_from_file, load_fips_dsa_key_pair_vectors,
+ raises_unsupported_algorithm
)
@@ -61,6 +62,7 @@ def _check_dsa_private_key(skey):
assert skey_parameters.generator == pkey_parameters.generator
+@pytest.mark.dsa
class TestDSA(object):
_parameters_1024 = {
'p': 'd38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341eabb47'
@@ -168,11 +170,10 @@ class TestDSA(object):
def test_generate_dsa_parameters(self, backend):
parameters = dsa.DSAParameters.generate(1024, backend)
assert bit_length(parameters.p) == 1024
- if backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000fL:
- parameters = dsa.DSAParameters.generate(2048, backend)
- assert bit_length(parameters.p) == 2048
- parameters = dsa.DSAParameters.generate(3072, backend)
- assert bit_length(parameters.p) == 3072
+
+ def test_generate_invalid_dsa_parameters(self, backend):
+ with pytest.raises(ValueError):
+ dsa.DSAParameters.generate(1, backend)
@pytest.mark.parametrize(
"vector",
@@ -183,12 +184,9 @@ class TestDSA(object):
)
)
def test_generate_dsa_keys(self, vector, backend):
- class Object(object):
- pass
- parameters = Object()
- parameters.p = vector['p']
- parameters.q = vector['q']
- parameters.g = vector['g']
+ parameters = dsa.DSAParameters(modulus=vector['p'],
+ subgroup_order=vector['q'],
+ generator=vector['g'])
skey = dsa.DSAPrivateKey.generate(parameters, backend)
skey_parameters = skey.parameters()
@@ -720,3 +718,14 @@ class TestDSA(object):
generator=int(self._parameters_1024['g'], 16),
y=None
)
+
+
+def test_dsa_generate_invalid_backend():
+ pretend_backend = object()
+
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ dsa.DSAParameters.generate(1024, pretend_backend)
+
+ pretend_parameters = object()
+ with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+ dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 20:23:21 +0000