diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 88 |
1 files changed, 84 insertions, 4 deletions
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index bc3b1db6..4c3cd58a 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -18,12 +18,15 @@ import os import pytest -from cryptography.exceptions import _Reasons +from cryptography.exceptions import ( + AlreadyFinalized, InvalidSignature, _Reasons) +from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.utils import bit_length from ...utils import ( - load_fips_dsa_key_pair_vectors, load_vectors_from_file, + der_encode_dsa_signature, load_fips_dsa_key_pair_vectors, + load_fips_dsa_sig_vectors, load_vectors_from_file, raises_unsupported_algorithm ) @@ -720,12 +723,89 @@ class TestDSA(object): ) +@pytest.mark.dsa +class TestDSAVerification(object): + _algorithms_dict = { + 'SHA1': hashes.SHA1, + 'SHA224': hashes.SHA224, + 'SHA256': hashes.SHA256, + 'SHA384': hashes.SHA384, + 'SHA512': hashes.SHA512 + } + + @pytest.mark.parametrize( + "vector", + load_vectors_from_file( + os.path.join( + "asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"), + load_fips_dsa_sig_vectors + ) + ) + def test_dsa_verification(self, vector, backend): + digest_algorithm = vector['digest_algorithm'].replace("-", "") + algorithm = self._algorithms_dict[digest_algorithm] + if ( + not backend.dsa_parameters_supported( + vector['p'], vector['q'], vector['g'] + ) or not backend.dsa_hash_supported(algorithm) + ): + pytest.skip( + "{0} does not support the provided parameters".format(backend) + ) + + public_key = dsa.DSAPublicKey( + vector['p'], vector['q'], vector['g'], vector['y'] + ) + sig = der_encode_dsa_signature(vector['r'], vector['s']) + verifier = public_key.verifier(sig, algorithm(), backend) + verifier.update(vector['msg']) + if vector['result'] == "F": + with pytest.raises(InvalidSignature): + verifier.verify() + else: + verifier.verify() + + def test_dsa_verify_invalid_asn1(self, backend): + parameters = dsa.DSAParameters.generate(1024, backend) + private_key = dsa.DSAPrivateKey.generate(parameters, backend) + public_key = private_key.public_key() + verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend) + verifier.update(b'fakesig') + with pytest.raises(InvalidSignature): + verifier.verify() + + def test_use_after_finalize(self, backend): + parameters = dsa.DSAParameters.generate(1024, backend) + private_key = dsa.DSAPrivateKey.generate(parameters, backend) + public_key = private_key.public_key() + verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend) + verifier.update(b'irrelevant') + with pytest.raises(InvalidSignature): + verifier.verify() + with pytest.raises(AlreadyFinalized): + verifier.verify() + with pytest.raises(AlreadyFinalized): + verifier.update(b"more data") + + def test_dsa_verifier_invalid_backend(self, backend): + pretend_backend = object() + params = dsa.DSAParameters.generate(1024, backend) + private_key = dsa.DSAPrivateKey.generate(params, backend) + public_key = private_key.public_key() + + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): + public_key.verifier(b"sig", hashes.SHA1(), pretend_backend) + + def test_dsa_generate_invalid_backend(): pretend_backend = object() - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): dsa.DSAParameters.generate(1024, pretend_backend) pretend_parameters = object() - with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + with raises_unsupported_algorithm( + _Reasons.BACKEND_MISSING_INTERFACE): dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend) |