From 9ac7c1d9032816e161b64f8e283bffac99b85c2e Mon Sep 17 00:00:00 2001
From: Mohammed Attia <skeuomorf@gmail.com>
Date: Tue, 1 Apr 2014 14:23:27 +0200
Subject: Add tests for DSA parameters and key generation

---
 tests/hazmat/backends/test_openssl.py | 13 ++++++++++-
 tests/hazmat/primitives/test_dsa.py   | 41 +++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 016da0fc..86404fe9 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -21,7 +21,7 @@ from cryptography.exceptions import (
 )
 from cryptography.hazmat.backends.openssl.backend import Backend, backend
 from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -192,6 +192,17 @@ class TestOpenSSL(object):
         res = backend._lib.ENGINE_free(e)
         assert res == 1
 
+    @pytest.mark.skipif(
+        backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000f,
+        reason="Requires an older OpenSSL. Must be < 1.0.0"
+    )
+    def test_large_key_size_on_old_openssl(self):
+        with pytest.raises(ValueError):
+            dsa.DSAParameters.generate(2048, backend=backend)
+
+        with pytest.raises(ValueError):
+            dsa.DSAParameters.generate(3072, backend=backend)
+
 
 class TestOpenSSLRandomEngine(object):
     def teardown_method(self, method):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 2a2b9bda..6503b9d4 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -14,10 +14,18 @@
 
 from __future__ import absolute_import, division, print_function
 
+import os
+
 import pytest
 
 from cryptography.hazmat.primitives.asymmetric import dsa
 
+from cryptography.utils import bit_length
+
+from ...utils import (
+    load_vectors_from_file, load_fips_dsa_key_pair_vectors
+)
+
 
 def _check_dsa_private_key(skey):
     assert skey
@@ -157,6 +165,39 @@ class TestDSA(object):
         'f90f7dff6d2bae'
     }
 
+    def test_generate_dsa_parameters(self, backend):
+        parameters = dsa.DSAParameters.generate(1024, backend)
+        assert bit_length(parameters.p) == 1024
+        if backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000fL:
+            parameters = dsa.DSAParameters.generate(2048, backend)
+            assert bit_length(parameters.p) == 2048
+            parameters = dsa.DSAParameters.generate(3072, backend)
+            assert bit_length(parameters.p) == 3072
+
+    @pytest.mark.parametrize(
+        "vector",
+        load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "DSA", "FIPS_186-3", "KeyPair.rsp"),
+            load_fips_dsa_key_pair_vectors
+        )
+    )
+    def test_generate_dsa_keys(self, vector, backend):
+        class Object(object):
+            pass
+        parameters = Object()
+        parameters.p = vector['p']
+        parameters.q = vector['q']
+        parameters.g = vector['g']
+        skey = dsa.DSAPrivateKey.generate(parameters, backend)
+
+        skey_parameters = skey.parameters()
+        assert skey_parameters.p == vector['p']
+        assert skey_parameters.q == vector['q']
+        assert skey_parameters.g == vector['g']
+        assert skey.key_size == bit_length(vector['p'])
+        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
+
     def test_invalid_parameters_argument_types(self):
         with pytest.raises(TypeError):
             dsa.DSAParameters(None, None, None)
-- 
cgit v1.2.3


From 97c27c698dc5325aff3887cf13e0e58bcfd1acfe Mon Sep 17 00:00:00 2001
From: Mohammed Attia <skeuomorf@gmail.com>
Date: Wed, 2 Apr 2014 03:46:57 +0200
Subject: Add DSABackend

---
 tests/hazmat/backends/test_multibackend.py | 35 +++++++++++++++++++++++++++++-
 tests/hazmat/backends/test_openssl.py      | 12 ++++++++++
 tests/hazmat/primitives/test_dsa.py        | 35 +++++++++++++++++++-----------
 3 files changed, 68 insertions(+), 14 deletions(-)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index f0be72b2..4ec8a110 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -18,7 +18,8 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend
+    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend,
+    DSABackend
 )
 from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.primitives import hashes, hmac
@@ -27,6 +28,8 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
 from ...utils import raises_unsupported_algorithm
 
+from pretend import stub
+
 
 @utils.register_interface(CipherBackend)
 class DummyCipherBackend(object):
@@ -98,6 +101,15 @@ class DummyRSABackend(object):
         pass
 
 
+@utils.register_interface(DSABackend)
+class DummyDSABackend(object):
+    def generate_dsa_parameters(self, key_size):
+        pass
+
+    def generate_dsa_private_key(self, parameters):
+        pass
+
+
 class TestMultiBackend(object):
     def test_ciphers(self):
         backend = MultiBackend([
@@ -193,3 +205,24 @@ class TestMultiBackend(object):
         ):
             backend.create_rsa_verification_ctx(
                 "public_key", "sig", padding.PKCS1v15(), hashes.MD5())
+
+    def test_dsa(self):
+        backend = MultiBackend([
+            DummyDSABackend()
+        ])
+
+        backend.generate_dsa_parameters(key_size=1024)
+
+        parameters = stub()
+        backend.generate_dsa_private_key(parameters)
+
+        backend = MultiBackend([])
+        with raises_unsupported_algorithm(
+            _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+        ):
+            backend.generate_dsa_parameters(key_size=1024)
+
+        with raises_unsupported_algorithm(
+            _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+        ):
+            backend.generate_dsa_private_key(parameters)
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 86404fe9..6ab16627 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -28,6 +28,8 @@ from cryptography.hazmat.primitives.ciphers.modes import CBC
 
 from ...utils import raises_unsupported_algorithm
 
+from cryptography.utils import bit_length
+
 
 @utils.register_interface(interfaces.Mode)
 class DummyMode(object):
@@ -203,6 +205,16 @@ class TestOpenSSL(object):
         with pytest.raises(ValueError):
             dsa.DSAParameters.generate(3072, backend=backend)
 
+    @pytest.mark.skipif(
+        backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f,
+        reason="Requires a newer OpenSSL. Must be >= 1.0.0"
+    )
+    def test_large_key_size_on_new_openssl(self):
+        parameters = dsa.DSAParameters.generate(2048, backend)
+        assert bit_length(parameters.p) == 2048
+        parameters = dsa.DSAParameters.generate(3072, backend)
+        assert bit_length(parameters.p) == 3072
+
 
 class TestOpenSSLRandomEngine(object):
     def teardown_method(self, method):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 6503b9d4..2b5d4bb3 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -18,12 +18,13 @@ import os
 
 import pytest
 
+from cryptography.exceptions import _Reasons
 from cryptography.hazmat.primitives.asymmetric import dsa
-
 from cryptography.utils import bit_length
 
 from ...utils import (
-    load_vectors_from_file, load_fips_dsa_key_pair_vectors
+    load_vectors_from_file, load_fips_dsa_key_pair_vectors,
+    raises_unsupported_algorithm
 )
 
 
@@ -61,6 +62,7 @@ def _check_dsa_private_key(skey):
     assert skey_parameters.generator == pkey_parameters.generator
 
 
+@pytest.mark.dsa
 class TestDSA(object):
     _parameters_1024 = {
         'p': 'd38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341eabb47'
@@ -168,11 +170,10 @@ class TestDSA(object):
     def test_generate_dsa_parameters(self, backend):
         parameters = dsa.DSAParameters.generate(1024, backend)
         assert bit_length(parameters.p) == 1024
-        if backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000fL:
-            parameters = dsa.DSAParameters.generate(2048, backend)
-            assert bit_length(parameters.p) == 2048
-            parameters = dsa.DSAParameters.generate(3072, backend)
-            assert bit_length(parameters.p) == 3072
+
+    def test_generate_invalid_dsa_parameters(self, backend):
+        with pytest.raises(ValueError):
+            dsa.DSAParameters.generate(1, backend)
 
     @pytest.mark.parametrize(
         "vector",
@@ -183,12 +184,9 @@ class TestDSA(object):
         )
     )
     def test_generate_dsa_keys(self, vector, backend):
-        class Object(object):
-            pass
-        parameters = Object()
-        parameters.p = vector['p']
-        parameters.q = vector['q']
-        parameters.g = vector['g']
+        parameters = dsa.DSAParameters(modulus=vector['p'],
+                                       subgroup_order=vector['q'],
+                                       generator=vector['g'])
         skey = dsa.DSAPrivateKey.generate(parameters, backend)
 
         skey_parameters = skey.parameters()
@@ -720,3 +718,14 @@ class TestDSA(object):
                 generator=int(self._parameters_1024['g'], 16),
                 y=None
             )
+
+
+def test_dsa_generate_invalid_backend():
+    pretend_backend = object()
+
+    with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+        dsa.DSAParameters.generate(1024, pretend_backend)
+
+    pretend_parameters = object()
+    with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
+        dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
-- 
cgit v1.2.3


From 29474ac7dab3f5c8b664463ed28ec83b7b77250b Mon Sep 17 00:00:00 2001
From: Mohammed Attia <skeuomorf@gmail.com>
Date: Wed, 2 Apr 2014 04:03:09 +0200
Subject: Add docs for DSA parameters and key generation

---
 tests/hazmat/backends/test_multibackend.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 4ec8a110..f46009d4 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -18,8 +18,8 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HMACBackend, HashBackend, PBKDF2HMACBackend, RSABackend,
-    DSABackend
+    CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
+    RSABackend
 )
 from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.primitives import hashes, hmac
@@ -28,8 +28,6 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
 from ...utils import raises_unsupported_algorithm
 
-from pretend import stub
-
 
 @utils.register_interface(CipherBackend)
 class DummyCipherBackend(object):
@@ -213,7 +211,7 @@ class TestMultiBackend(object):
 
         backend.generate_dsa_parameters(key_size=1024)
 
-        parameters = stub()
+        parameters = object()
         backend.generate_dsa_private_key(parameters)
 
         backend = MultiBackend([])
-- 
cgit v1.2.3