Add tests for DSA parameters and key generation

4 files changed, 58 insertions, 6 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 3e6b1b5b..f161bd4e 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -431,15 +431,15 @@ class Backend(object):
         ctx = self._ffi.gc(ctx, self._lib.DSA_free)
 
         res = self._lib.DSA_generate_parameters_ex(
-            ctx, key_size, self._ffi.NULL, self._ffi.NULL,
+            ctx, key_size, self._ffi.NULL, 0,
             self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
         )
 
         assert res == 1
 
-        return dsa.DSAParams(
+        return dsa.DSAParameters(
             modulus=self._bn_to_int(ctx.p),
-            subroup_order=self._bn_to_int(ctx.q),
+            subgroup_order=self._bn_to_int(ctx.q),
             generator=self._bn_to_int(ctx.g)
         )
 
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index eb4a162c..e32e05c0 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -50,7 +50,7 @@ class DSAParameters(object):
         self._generator = generator
 
     @classmethod
-    def generate(cls, backend, key_size):
+    def generate(cls, key_size, backend):
         return backend.generate_dsa_parameters(key_size)
 
     @property
@@ -101,7 +101,7 @@ class DSAPrivateKey(object):
         self._y = y
 
     @classmethod
-    def generate(cls, backend, parameters):
+    def generate(cls, parameters, backend):
         return backend.generate_dsa_private_key(parameters)
 
     @property
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 016da0fc..86404fe9 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -21,7 +21,7 @@ from cryptography.exceptions import (
 )
 from cryptography.hazmat.backends.openssl.backend import Backend, backend
 from cryptography.hazmat.primitives import hashes, interfaces
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -192,6 +192,17 @@ class TestOpenSSL(object):
         res = backend._lib.ENGINE_free(e)
         assert res == 1
 
+    @pytest.mark.skipif(
+        backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000f,
+        reason="Requires an older OpenSSL. Must be < 1.0.0"
+    )
+    def test_large_key_size_on_old_openssl(self):
+        with pytest.raises(ValueError):
+            dsa.DSAParameters.generate(2048, backend=backend)
+
+        with pytest.raises(ValueError):
+            dsa.DSAParameters.generate(3072, backend=backend)
+
 
 class TestOpenSSLRandomEngine(object):
     def teardown_method(self, method):
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 2a2b9bda..6503b9d4 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -14,10 +14,18 @@
 
 from __future__ import absolute_import, division, print_function
 
+import os
+
 import pytest
 
 from cryptography.hazmat.primitives.asymmetric import dsa
 
+from cryptography.utils import bit_length
+
+from ...utils import (
+    load_vectors_from_file, load_fips_dsa_key_pair_vectors
+)
+
 
 def _check_dsa_private_key(skey):
     assert skey
@@ -157,6 +165,39 @@ class TestDSA(object):
         'f90f7dff6d2bae'
     }
 
+    def test_generate_dsa_parameters(self, backend):
+        parameters = dsa.DSAParameters.generate(1024, backend)
+        assert bit_length(parameters.p) == 1024
+        if backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000000fL:
+            parameters = dsa.DSAParameters.generate(2048, backend)
+            assert bit_length(parameters.p) == 2048
+            parameters = dsa.DSAParameters.generate(3072, backend)
+            assert bit_length(parameters.p) == 3072
+
+    @pytest.mark.parametrize(
+        "vector",
+        load_vectors_from_file(
+            os.path.join(
+                "asymmetric", "DSA", "FIPS_186-3", "KeyPair.rsp"),
+            load_fips_dsa_key_pair_vectors
+        )
+    )
+    def test_generate_dsa_keys(self, vector, backend):
+        class Object(object):
+            pass
+        parameters = Object()
+        parameters.p = vector['p']
+        parameters.q = vector['q']
+        parameters.g = vector['g']
+        skey = dsa.DSAPrivateKey.generate(parameters, backend)
+
+        skey_parameters = skey.parameters()
+        assert skey_parameters.p == vector['p']
+        assert skey_parameters.q == vector['q']
+        assert skey_parameters.g == vector['g']
+        assert skey.key_size == bit_length(vector['p'])
+        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
+
     def test_invalid_parameters_argument_types(self):
         with pytest.raises(TypeError):
             dsa.DSAParameters(None, None, None)