From 3fc686ea06d4c2dcaf6b363ec1c54a72d995df88 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 09:07:27 -0500
Subject: dss_sig_value: Pure python conversion of (r, s) to byte stream

---
 tests/test_utils.py | 36 +++++++++++++++++++++++++++++++-----
 tests/utils.py      | 27 +++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/tests/test_utils.py b/tests/test_utils.py
index 7a0b9e74..7b3ffbc3 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -27,11 +27,11 @@ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 import cryptography_vectors
 
 from .utils import (
-    check_backend_support, check_for_iface, load_cryptrec_vectors,
-    load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,
-    load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,
-    load_hash_vectors, load_nist_vectors, load_pkcs1_vectors,
-    load_rsa_nist_vectors, load_vectors_from_file,
+    check_backend_support, check_for_iface, dss_sig_value,
+    load_cryptrec_vectors, load_fips_dsa_key_pair_vectors,
+    load_fips_dsa_sig_vectors, load_fips_ecdsa_key_pair_vectors,
+    load_fips_ecdsa_signing_vectors, load_hash_vectors, load_nist_vectors,
+    load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file,
     raises_unsupported_algorithm, select_backends
 )
 
@@ -125,6 +125,32 @@ def test_check_backend_support_no_backend():
         check_backend_support(item)
 
 
+def test_dss_sig_value():
+    sig = dss_sig_value(1, 1)
+    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
+
+    sig2 = dss_sig_value(1037234182290683143945502320610861668562885151617,
+                         559776156650501990899426031439030258256861634312)
+    assert sig2 == (
+        b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
+        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
+    )
+
+    sig3 = dss_sig_value(0, 0)
+    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
+
+
+def test_dss_sig_value_negative():
+    with pytest.raises(ValueError):
+        dss_sig_value(-1, 1)
+
+    with pytest.raises(ValueError):
+        dss_sig_value(1, -1)
+
+    with pytest.raises(ValueError):
+        dss_sig_value(-1, -1)
+
+
 def test_load_nist_vectors():
     vector_data = textwrap.dedent("""
     # CAVS 11.1
diff --git a/tests/utils.py b/tests/utils.py
index 60b6f5a2..d8565130 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -80,6 +80,33 @@ def raises_unsupported_algorithm(reason):
     assert exc_info.value._reason is reason
 
 
+def _int_to_asn1_int(i):
+    """
+    Used by dss_sig_value to convert python integers to ASN.1 integer bytes.
+    """
+    if i == 0:
+        return b'\x02\x01\x00'
+    if i < 0:
+        raise ValueError("This only supports positive integers right now.")
+    result = []
+    while i:
+        result.append(six.int2byte(i & 0xFF))
+        i >>= 8
+    # ASN.1 integers are stored big endian two's complement, so add a byte if
+    # the ordinal value of the last byte is over 0x7f.
+    if ord(result[-1]) > 127:
+        result.append(b"\x00")
+    result.reverse()
+    packed = b''.join(result)
+    return b"\x02" + chr(len(packed)).encode("ascii") + packed
+
+
+def dss_sig_value(r, s):
+    combined = _int_to_asn1_int(r) + _int_to_asn1_int(s)
+    sig = b"0" + chr(len(combined)).encode("ascii") + combined
+    return sig
+
+
 def load_vectors_from_file(filename, loader):
     with cryptography_vectors.open_vector_file(filename) as vector_file:
         return loader(vector_file)
-- 
cgit v1.2.3


From d3e3df9308498153e795f6421b83b97c493c1aba Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 11:13:17 -0500
Subject: use pyasn1 for creating the dss-sig-value structure

---
 dev-requirements.txt |  1 +
 setup.py             |  1 +
 tests/test_utils.py  | 11 -----------
 tests/utils.py       | 34 ++++++++++++----------------------
 tox.ini              |  1 +
 5 files changed, 15 insertions(+), 33 deletions(-)

diff --git a/dev-requirements.txt b/dev-requirements.txt
index 092b9914..4fff76b5 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -5,6 +5,7 @@ invoke
 iso8601
 pep8-naming
 pretend
+pyasn1
 pytest
 requests
 sphinx
diff --git a/setup.py b/setup.py
index c841911f..4dd9e629 100644
--- a/setup.py
+++ b/setup.py
@@ -44,6 +44,7 @@ requirements = [
 # If you add a new dep here you probably need to add it in the tox.ini as well
 test_requirements = [
     "pytest",
+    "pyasn1",
     "pretend",
     "iso8601",
 ]
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 7b3ffbc3..ae9f6928 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -140,17 +140,6 @@ def test_dss_sig_value():
     assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
 
 
-def test_dss_sig_value_negative():
-    with pytest.raises(ValueError):
-        dss_sig_value(-1, 1)
-
-    with pytest.raises(ValueError):
-        dss_sig_value(1, -1)
-
-    with pytest.raises(ValueError):
-        dss_sig_value(-1, -1)
-
-
 def test_load_nist_vectors():
     vector_data = textwrap.dedent("""
     # CAVS 11.1
diff --git a/tests/utils.py b/tests/utils.py
index d8565130..37565b4d 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -18,6 +18,9 @@ import collections
 import re
 from contextlib import contextmanager
 
+from pyasn1.codec.ber import encoder
+from pyasn1.type import namedtype, univ
+
 import pytest
 
 import six
@@ -80,31 +83,18 @@ def raises_unsupported_algorithm(reason):
     assert exc_info.value._reason is reason
 
 
-def _int_to_asn1_int(i):
-    """
-    Used by dss_sig_value to convert python integers to ASN.1 integer bytes.
-    """
-    if i == 0:
-        return b'\x02\x01\x00'
-    if i < 0:
-        raise ValueError("This only supports positive integers right now.")
-    result = []
-    while i:
-        result.append(six.int2byte(i & 0xFF))
-        i >>= 8
-    # ASN.1 integers are stored big endian two's complement, so add a byte if
-    # the ordinal value of the last byte is over 0x7f.
-    if ord(result[-1]) > 127:
-        result.append(b"\x00")
-    result.reverse()
-    packed = b''.join(result)
-    return b"\x02" + chr(len(packed)).encode("ascii") + packed
+class DSSSigValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
 
 
 def dss_sig_value(r, s):
-    combined = _int_to_asn1_int(r) + _int_to_asn1_int(s)
-    sig = b"0" + chr(len(combined)).encode("ascii") + combined
-    return sig
+    sig = DSSSigValue()
+    sig.setComponentByName('r', r)
+    sig.setComponentByName('s', s)
+    return encoder.encode(sig)
 
 
 def load_vectors_from_file(filename, loader):
diff --git a/tox.ini b/tox.ini
index da959955..e7d168d6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -7,6 +7,7 @@ deps =
     coverage
     iso8601
     pretend
+    pyasn1
     pytest
     ./vectors
 commands =
-- 
cgit v1.2.3


From d0dc6a36a5747208c7a5ced15521fef033ce7880 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 12:12:50 -0500
Subject: make DSSSigValue class private

---
 tests/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/utils.py b/tests/utils.py
index 37565b4d..483291e3 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -83,7 +83,7 @@ def raises_unsupported_algorithm(reason):
     assert exc_info.value._reason is reason
 
 
-class DSSSigValue(univ.Sequence):
+class _DSSSigValue(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('r', univ.Integer()),
         namedtype.NamedType('s', univ.Integer())
@@ -91,7 +91,7 @@ class DSSSigValue(univ.Sequence):
 
 
 def dss_sig_value(r, s):
-    sig = DSSSigValue()
+    sig = _DSSSigValue()
     sig.setComponentByName('r', r)
     sig.setComponentByName('s', s)
     return encoder.encode(sig)
-- 
cgit v1.2.3


From 14951f4252814c0cfcde5db05b4af12e93f570a9 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 12:14:48 -0500
Subject: rename dss_sig_value -> der_encode_dsa_signature

---
 tests/test_utils.py | 14 ++++++++------
 tests/utils.py      |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/tests/test_utils.py b/tests/test_utils.py
index ae9f6928..e454cc20 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -27,7 +27,7 @@ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 import cryptography_vectors
 
 from .utils import (
-    check_backend_support, check_for_iface, dss_sig_value,
+    check_backend_support, check_for_iface, der_encode_dsa_signature,
     load_cryptrec_vectors, load_fips_dsa_key_pair_vectors,
     load_fips_dsa_sig_vectors, load_fips_ecdsa_key_pair_vectors,
     load_fips_ecdsa_signing_vectors, load_hash_vectors, load_nist_vectors,
@@ -125,18 +125,20 @@ def test_check_backend_support_no_backend():
         check_backend_support(item)
 
 
-def test_dss_sig_value():
-    sig = dss_sig_value(1, 1)
+def test_der_encode_dsa_signature_values():
+    sig = der_encode_dsa_signature(1, 1)
     assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
 
-    sig2 = dss_sig_value(1037234182290683143945502320610861668562885151617,
-                         559776156650501990899426031439030258256861634312)
+    sig2 = der_encode_dsa_signature(
+        1037234182290683143945502320610861668562885151617,
+        559776156650501990899426031439030258256861634312
+    )
     assert sig2 == (
         b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
         b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
     )
 
-    sig3 = dss_sig_value(0, 0)
+    sig3 = der_encode_dsa_signature(0, 0)
     assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
 
 
diff --git a/tests/utils.py b/tests/utils.py
index 483291e3..c80e97b7 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -90,7 +90,7 @@ class _DSSSigValue(univ.Sequence):
     )
 
 
-def dss_sig_value(r, s):
+def der_encode_dsa_signature(r, s):
     sig = _DSSSigValue()
     sig.setComponentByName('r', r)
     sig.setComponentByName('s', s)
-- 
cgit v1.2.3


From a409ae1dcbfef839eee80182f5c1de964a517b58 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 13:28:28 -0500
Subject: we should use der rather than ber

Doesn't make a difference in this specific case but it is correct.
---
 tests/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/utils.py b/tests/utils.py
index c80e97b7..5c0e2343 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -18,7 +18,7 @@ import collections
 import re
 from contextlib import contextmanager
 
-from pyasn1.codec.ber import encoder
+from pyasn1.codec.der import encoder
 from pyasn1.type import namedtype, univ
 
 import pytest
-- 
cgit v1.2.3


From be8ce55717d4c2951a76c0989a692a20aa338ea1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Apr 2014 14:12:26 -0500
Subject: negative test

---
 tests/test_utils.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/test_utils.py b/tests/test_utils.py
index e454cc20..4673b49e 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -141,6 +141,9 @@ def test_der_encode_dsa_signature_values():
     sig3 = der_encode_dsa_signature(0, 0)
     assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
 
+    sig4 = der_encode_dsa_signature(-1, 0)
+    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
+
 
 def test_load_nist_vectors():
     vector_data = textwrap.dedent("""
-- 
cgit v1.2.3