aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/primitives/asymmetric/dsa.py15
-rw-r--r--tests/hazmat/primitives/test_dsa.py99
2 files changed, 4 insertions, 110 deletions
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index 5e72299a..97265868 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -27,17 +27,10 @@ def generate_private_key(key_size, backend):
def _check_dsa_parameters(parameters):
- if (utils.bit_length(parameters.p),
- utils.bit_length(parameters.q)) not in (
- (1024, 160),
- (2048, 256),
- (3072, 256)):
- raise ValueError(
- "p and q's bit-lengths must be one of these pairs (1024, 160), "
- "(2048, 256), or (3072, 256). Not ({0:d}, {1:d})".format(
- utils.bit_length(parameters.p), utils.bit_length(parameters.q)
- )
- )
+ if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
+ raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
+ if utils.bit_length(parameters.q) not in [160, 256]:
+ raise ValueError("q must be exactly 160 or 256 bits long")
if not (1 < parameters.g < parameters.p):
raise ValueError("g, p don't satisfy 1 < g < p.")
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 02ed25d9..14b24d69 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -144,30 +144,6 @@ class TestDSA(object):
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
).parameters(backend)
- # Test a p, q pair of (1024, 256) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAParameterNumbers(
- p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- ).parameters(backend)
-
- # Test a p, q pair of (2048, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAParameterNumbers(
- p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_2048.public_numbers.parameter_numbers.g
- ).parameters(backend)
-
- # Test a p, q pair of (3072, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAParameterNumbers(
- p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- ).parameters(backend)
-
# Test a g < 1
with pytest.raises(ValueError):
dsa.DSAParameterNumbers(
@@ -291,48 +267,6 @@ class TestDSA(object):
x=DSA_KEY_3072.x,
).private_key(backend)
- # Test a p, q pair of (1024, 256) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateNumbers(
- public_numbers=dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_1024.public_numbers.y
- ),
- x=DSA_KEY_1024.x,
- ).private_key(backend)
-
- # Test a p, q pair of (2048, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateNumbers(
- public_numbers=dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_2048.public_numbers.y
- ),
- x=DSA_KEY_2048.x,
- ).private_key(backend)
-
- # Test a p, q pair of (3072, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPrivateNumbers(
- public_numbers=dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_3072.public_numbers.y
- ),
- x=DSA_KEY_3072.x,
- ).private_key(backend)
-
# Test a g < 1
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
@@ -551,39 +485,6 @@ class TestDSA(object):
y=DSA_KEY_3072.public_numbers.y
).public_key(backend)
- # Test a p, q pair of (1024, 256) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
- q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
- g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_1024.public_numbers.y
- ).public_key(backend)
-
- # Test a p, q pair of (2048, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_2048.public_numbers.y
- ).public_key(backend)
-
- # Test a p, q pair of (3072, 160) bit lengths
- with pytest.raises(ValueError):
- dsa.DSAPublicNumbers(
- parameter_numbers=dsa.DSAParameterNumbers(
- p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
- q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
- g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
- ),
- y=DSA_KEY_3072.public_numbers.y
- ).public_key(backend)
-
# Test a g < 1
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 07:15:21 +0000