aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py1026
-rw-r--r--cryptography/hazmat/backends/openssl/ciphers.py219
-rw-r--r--cryptography/hazmat/backends/openssl/cmac.py80
-rw-r--r--cryptography/hazmat/backends/openssl/dsa.py86
-rw-r--r--cryptography/hazmat/backends/openssl/ec.py175
-rw-r--r--cryptography/hazmat/backends/openssl/hmac.py80
-rw-r--r--cryptography/hazmat/backends/openssl/rsa.py491
-rw-r--r--cryptography/hazmat/primitives/asymmetric/dsa.py71
-rw-r--r--cryptography/hazmat/primitives/interfaces.py75
-rw-r--r--docs/hazmat/primitives/asymmetric/dsa.rst67
-rw-r--r--docs/hazmat/primitives/asymmetric/rsa.rst485
-rw-r--r--docs/hazmat/primitives/interfaces.rst176
-rw-r--r--tests/hazmat/primitives/fixtures_dsa.py162
-rw-r--r--tests/hazmat/primitives/test_dsa.py513
14 files changed, 2020 insertions, 1686 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 41be88a0..81f944e5 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -15,21 +15,35 @@ from __future__ import absolute_import, division, print_function
import collections
import itertools
-import math
import warnings
import six
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
- UnsupportedAlgorithm, _Reasons
+ InternalError, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import (
CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend,
HashBackend, PBKDF2HMACBackend, PKCS8SerializationBackend, RSABackend,
TraditionalOpenSSLSerializationBackend
)
+from cryptography.hazmat.backends.openssl.ciphers import (
+ _AESCTRCipherContext, _CipherContext
+)
+from cryptography.hazmat.backends.openssl.cmac import _CMACContext
+from cryptography.hazmat.backends.openssl.dsa import (
+ _DSASignatureContext, _DSAVerificationContext
+)
+from cryptography.hazmat.backends.openssl.ec import (
+ _ECDSASignatureContext, _ECDSAVerificationContext,
+ _EllipticCurvePrivateKey, _EllipticCurvePublicKey
+)
+from cryptography.hazmat.backends.openssl.hmac import _HMACContext
+from cryptography.hazmat.backends.openssl.rsa import (
+ _RSAPrivateKey, _RSAPublicKey, _RSASignatureContext,
+ _RSAVerificationContext
+)
from cryptography.hazmat.bindings.openssl.binding import Binding
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
@@ -42,9 +56,6 @@ from cryptography.hazmat.primitives.ciphers.algorithms import (
from cryptography.hazmat.primitives.ciphers.modes import (
CBC, CFB, CFB8, CTR, ECB, GCM, OFB
)
-from cryptography.hazmat.primitives.interfaces import (
- RSAPrivateKeyWithNumbers, RSAPublicKeyWithNumbers
-)
_MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
@@ -1168,206 +1179,6 @@ class GetCipherByName(object):
return backend._lib.EVP_get_cipherbyname(cipher_name.encode("ascii"))
-@utils.register_interface(interfaces.CipherContext)
-@utils.register_interface(interfaces.AEADCipherContext)
-@utils.register_interface(interfaces.AEADEncryptionContext)
-class _CipherContext(object):
- _ENCRYPT = 1
- _DECRYPT = 0
-
- def __init__(self, backend, cipher, mode, operation):
- self._backend = backend
- self._cipher = cipher
- self._mode = mode
- self._operation = operation
- self._tag = None
-
- if isinstance(self._cipher, interfaces.BlockCipherAlgorithm):
- self._block_size = self._cipher.block_size
- else:
- self._block_size = 1
-
- ctx = self._backend._lib.EVP_CIPHER_CTX_new()
- ctx = self._backend._ffi.gc(
- ctx, self._backend._lib.EVP_CIPHER_CTX_free
- )
-
- registry = self._backend._cipher_registry
- try:
- adapter = registry[type(cipher), type(mode)]
- except KeyError:
- raise UnsupportedAlgorithm(
- "cipher {0} in {1} mode is not supported "
- "by this backend.".format(
- cipher.name, mode.name if mode else mode),
- _Reasons.UNSUPPORTED_CIPHER
- )
-
- evp_cipher = adapter(self._backend, cipher, mode)
- if evp_cipher == self._backend._ffi.NULL:
- raise UnsupportedAlgorithm(
- "cipher {0} in {1} mode is not supported "
- "by this backend.".format(
- cipher.name, mode.name if mode else mode),
- _Reasons.UNSUPPORTED_CIPHER
- )
-
- if isinstance(mode, interfaces.ModeWithInitializationVector):
- iv_nonce = mode.initialization_vector
- elif isinstance(mode, interfaces.ModeWithNonce):
- iv_nonce = mode.nonce
- else:
- iv_nonce = self._backend._ffi.NULL
- # begin init with cipher and operation type
- res = self._backend._lib.EVP_CipherInit_ex(ctx, evp_cipher,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- operation)
- assert res != 0
- # set the key length to handle variable key ciphers
- res = self._backend._lib.EVP_CIPHER_CTX_set_key_length(
- ctx, len(cipher.key)
- )
- assert res != 0
- if isinstance(mode, GCM):
- res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
- ctx, self._backend._lib.EVP_CTRL_GCM_SET_IVLEN,
- len(iv_nonce), self._backend._ffi.NULL
- )
- assert res != 0
- if operation == self._DECRYPT:
- res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
- ctx, self._backend._lib.EVP_CTRL_GCM_SET_TAG,
- len(mode.tag), mode.tag
- )
- assert res != 0
-
- # pass key/iv
- res = self._backend._lib.EVP_CipherInit_ex(
- ctx,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- cipher.key,
- iv_nonce,
- operation
- )
- assert res != 0
- # We purposely disable padding here as it's handled higher up in the
- # API.
- self._backend._lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
- self._ctx = ctx
-
- def update(self, data):
- # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
- # to SIGABRT if you call update with an empty byte string. This can be
- # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
- # should be taken only when length is zero and mode is not GCM because
- # AES GCM can return improper tag values if you don't call update
- # with empty plaintext when authenticating AAD for ...reasons.
- if len(data) == 0 and not isinstance(self._mode, GCM):
- return b""
-
- buf = self._backend._ffi.new("unsigned char[]",
- len(data) + self._block_size - 1)
- outlen = self._backend._ffi.new("int *")
- res = self._backend._lib.EVP_CipherUpdate(self._ctx, buf, outlen, data,
- len(data))
- assert res != 0
- return self._backend._ffi.buffer(buf)[:outlen[0]]
-
- def finalize(self):
- buf = self._backend._ffi.new("unsigned char[]", self._block_size)
- outlen = self._backend._ffi.new("int *")
- res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
- if res == 0:
- errors = self._backend._consume_errors()
-
- if not errors and isinstance(self._mode, GCM):
- raise InvalidTag
-
- assert errors
-
- if errors[0][1:] == (
- self._backend._lib.ERR_LIB_EVP,
- self._backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX,
- self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
- ) or errors[0][1:] == (
- self._backend._lib.ERR_LIB_EVP,
- self._backend._lib.EVP_F_EVP_DECRYPTFINAL_EX,
- self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
- ):
- raise ValueError(
- "The length of the provided data is not a multiple of "
- "the block length."
- )
- else:
- raise self._backend._unknown_error(errors[0])
-
- if (isinstance(self._mode, GCM) and
- self._operation == self._ENCRYPT):
- block_byte_size = self._block_size // 8
- tag_buf = self._backend._ffi.new(
- "unsigned char[]", block_byte_size
- )
- res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
- self._ctx, self._backend._lib.EVP_CTRL_GCM_GET_TAG,
- block_byte_size, tag_buf
- )
- assert res != 0
- self._tag = self._backend._ffi.buffer(tag_buf)[:]
-
- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
- assert res == 1
- return self._backend._ffi.buffer(buf)[:outlen[0]]
-
- def authenticate_additional_data(self, data):
- outlen = self._backend._ffi.new("int *")
- res = self._backend._lib.EVP_CipherUpdate(
- self._ctx, self._backend._ffi.NULL, outlen, data, len(data)
- )
- assert res != 0
-
- @property
- def tag(self):
- return self._tag
-
-
-@utils.register_interface(interfaces.CipherContext)
-class _AESCTRCipherContext(object):
- """
- This is needed to provide support for AES CTR mode in OpenSSL 0.9.8. It can
- be removed when we drop 0.9.8 support (RHEL5 extended life ends 2020).
- """
- def __init__(self, backend, cipher, mode):
- self._backend = backend
-
- self._key = self._backend._ffi.new("AES_KEY *")
- assert self._key != self._backend._ffi.NULL
- res = self._backend._lib.AES_set_encrypt_key(
- cipher.key, len(cipher.key) * 8, self._key
- )
- assert res == 0
- self._ecount = self._backend._ffi.new("char[]", 16)
- self._nonce = self._backend._ffi.new("char[16]", mode.nonce)
- self._num = self._backend._ffi.new("unsigned int *", 0)
-
- def update(self, data):
- buf = self._backend._ffi.new("unsigned char[]", len(data))
- self._backend._lib.AES_ctr128_encrypt(
- data, buf, len(data), self._key, self._nonce,
- self._ecount, self._num
- )
- return self._backend._ffi.buffer(buf)[:]
-
- def finalize(self):
- self._key = None
- self._ecount = None
- self._nonce = None
- self._num = None
- return b""
-
-
@utils.register_interface(interfaces.HashContext)
class _HashContext(object):
def __init__(self, backend, algorithm, ctx=None):
@@ -1418,807 +1229,4 @@ class _HashContext(object):
return self._backend._ffi.buffer(buf)[:outlen[0]]
-@utils.register_interface(interfaces.HashContext)
-class _HMACContext(object):
- def __init__(self, backend, key, algorithm, ctx=None):
- self.algorithm = algorithm
- self._backend = backend
-
- if ctx is None:
- ctx = self._backend._ffi.new("HMAC_CTX *")
- self._backend._lib.HMAC_CTX_init(ctx)
- ctx = self._backend._ffi.gc(
- ctx, self._backend._lib.HMAC_CTX_cleanup
- )
- evp_md = self._backend._lib.EVP_get_digestbyname(
- algorithm.name.encode('ascii'))
- if evp_md == self._backend._ffi.NULL:
- raise UnsupportedAlgorithm(
- "{0} is not a supported hash on this backend.".format(
- algorithm.name),
- _Reasons.UNSUPPORTED_HASH
- )
- res = self._backend._lib.Cryptography_HMAC_Init_ex(
- ctx, key, len(key), evp_md, self._backend._ffi.NULL
- )
- assert res != 0
-
- self._ctx = ctx
- self._key = key
-
- def copy(self):
- copied_ctx = self._backend._ffi.new("HMAC_CTX *")
- self._backend._lib.HMAC_CTX_init(copied_ctx)
- copied_ctx = self._backend._ffi.gc(
- copied_ctx, self._backend._lib.HMAC_CTX_cleanup
- )
- res = self._backend._lib.Cryptography_HMAC_CTX_copy(
- copied_ctx, self._ctx
- )
- assert res != 0
- return _HMACContext(
- self._backend, self._key, self.algorithm, ctx=copied_ctx
- )
-
- def update(self, data):
- res = self._backend._lib.Cryptography_HMAC_Update(
- self._ctx, data, len(data)
- )
- assert res != 0
-
- def finalize(self):
- buf = self._backend._ffi.new("unsigned char[]",
- self._backend._lib.EVP_MAX_MD_SIZE)
- outlen = self._backend._ffi.new("unsigned int *")
- res = self._backend._lib.Cryptography_HMAC_Final(
- self._ctx, buf, outlen
- )
- assert res != 0
- assert outlen[0] == self.algorithm.digest_size
- self._backend._lib.HMAC_CTX_cleanup(self._ctx)
- return self._backend._ffi.buffer(buf)[:outlen[0]]
-
-
-def _get_rsa_pss_salt_length(pss, key_size, digest_size):
- if pss._mgf._salt_length is not None:
- salt = pss._mgf._salt_length
- else:
- salt = pss._salt_length
-
- if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
- # bit length - 1 per RFC 3447
- emlen = int(math.ceil((key_size - 1) / 8.0))
- salt_length = emlen - digest_size - 2
- assert salt_length >= 0
- return salt_length
- else:
- return salt
-
-
-@utils.register_interface(interfaces.AsymmetricSignatureContext)
-class _RSASignatureContext(object):
- def __init__(self, backend, private_key, padding, algorithm):
- self._backend = backend
- self._private_key = private_key
-
- if not isinstance(padding, interfaces.AsymmetricPadding):
- raise TypeError(
- "Expected provider of interfaces.AsymmetricPadding.")
-
- self._pkey_size = self._backend._lib.EVP_PKEY_size(
- self._private_key._evp_pkey
- )
-
- if isinstance(padding, PKCS1v15):
- if self._backend._lib.Cryptography_HAS_PKEY_CTX:
- self._finalize_method = self._finalize_pkey_ctx
- self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING
- else:
- self._finalize_method = self._finalize_pkcs1
- elif isinstance(padding, PSS):
- if not isinstance(padding._mgf, MGF1):
- raise UnsupportedAlgorithm(
- "Only MGF1 is supported by this backend.",
- _Reasons.UNSUPPORTED_MGF
- )
-
- # Size of key in bytes - 2 is the maximum
- # PSS signature length (salt length is checked later)
- assert self._pkey_size > 0
- if self._pkey_size - algorithm.digest_size - 2 < 0:
- raise ValueError("Digest too large for key size. Use a larger "
- "key.")
-
- if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedAlgorithm(
- "When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1.",
- _Reasons.UNSUPPORTED_HASH
- )
-
- if self._backend._lib.Cryptography_HAS_PKEY_CTX:
- self._finalize_method = self._finalize_pkey_ctx
- self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING
- else:
- self._finalize_method = self._finalize_pss
- else:
- raise UnsupportedAlgorithm(
- "{0} is not supported by this backend.".format(padding.name),
- _Reasons.UNSUPPORTED_PADDING
- )
-
- self._padding = padding
- self._algorithm = algorithm
- self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
- def update(self, data):
- self._hash_ctx.update(data)
-
- def finalize(self):
- evp_md = self._backend._lib.EVP_get_digestbyname(
- self._algorithm.name.encode("ascii"))
- assert evp_md != self._backend._ffi.NULL
-
- return self._finalize_method(evp_md)
-
- def _finalize_pkey_ctx(self, evp_md):
- pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new(
- self._private_key._evp_pkey, self._backend._ffi.NULL
- )
- assert pkey_ctx != self._backend._ffi.NULL
- pkey_ctx = self._backend._ffi.gc(pkey_ctx,
- self._backend._lib.EVP_PKEY_CTX_free)
- res = self._backend._lib.EVP_PKEY_sign_init(pkey_ctx)
- assert res == 1
- res = self._backend._lib.EVP_PKEY_CTX_set_signature_md(
- pkey_ctx, evp_md)
- assert res > 0
-
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding(
- pkey_ctx, self._padding_enum)
- assert res > 0
- if isinstance(self._padding, PSS):
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
- pkey_ctx,
- _get_rsa_pss_salt_length(
- self._padding,
- self._private_key.key_size,
- self._hash_ctx.algorithm.digest_size
- )
- )
- assert res > 0
-
- if self._backend._lib.Cryptography_HAS_MGF1_MD:
- # MGF1 MD is configurable in OpenSSL 1.0.1+
- mgf1_md = self._backend._lib.EVP_get_digestbyname(
- self._padding._mgf._algorithm.name.encode("ascii"))
- assert mgf1_md != self._backend._ffi.NULL
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(
- pkey_ctx, mgf1_md
- )
- assert res > 0
- data_to_sign = self._hash_ctx.finalize()
- buflen = self._backend._ffi.new("size_t *")
- res = self._backend._lib.EVP_PKEY_sign(
- pkey_ctx,
- self._backend._ffi.NULL,
- buflen,
- data_to_sign,
- len(data_to_sign)
- )
- assert res == 1
- buf = self._backend._ffi.new("unsigned char[]", buflen[0])
- res = self._backend._lib.EVP_PKEY_sign(
- pkey_ctx, buf, buflen, data_to_sign, len(data_to_sign))
- if res != 1:
- errors = self._backend._consume_errors()
- assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
- reason = None
- if (errors[0].reason ==
- self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE):
- reason = ("Salt length too long for key size. Try using "
- "MAX_LENGTH instead.")
- elif (errors[0].reason ==
- self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY):
- reason = "Digest too large for key size. Use a larger key."
- assert reason is not None
- raise ValueError(reason)
-
- return self._backend._ffi.buffer(buf)[:]
-
- def _finalize_pkcs1(self, evp_md):
- if self._hash_ctx._ctx is None:
- raise AlreadyFinalized("Context has already been finalized.")
-
- sig_buf = self._backend._ffi.new("char[]", self._pkey_size)
- sig_len = self._backend._ffi.new("unsigned int *")
- res = self._backend._lib.EVP_SignFinal(
- self._hash_ctx._ctx._ctx,
- sig_buf,
- sig_len,
- self._private_key._evp_pkey
- )
- self._hash_ctx.finalize()
- if res == 0:
- errors = self._backend._consume_errors()
- assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
- assert (errors[0].reason ==
- self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
- raise ValueError("Digest too large for key size. Use a larger "
- "key.")
-
- return self._backend._ffi.buffer(sig_buf)[:sig_len[0]]
-
- def _finalize_pss(self, evp_md):
- data_to_sign = self._hash_ctx.finalize()
- padded = self._backend._ffi.new("unsigned char[]", self._pkey_size)
- res = self._backend._lib.RSA_padding_add_PKCS1_PSS(
- self._private_key._rsa_cdata,
- padded,
- data_to_sign,
- evp_md,
- _get_rsa_pss_salt_length(
- self._padding,
- self._private_key.key_size,
- len(data_to_sign)
- )
- )
- if res != 1:
- errors = self._backend._consume_errors()
- assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
- assert (errors[0].reason ==
- self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
- raise ValueError("Salt length too long for key size. Try using "
- "MAX_LENGTH instead.")
-
- sig_buf = self._backend._ffi.new("char[]", self._pkey_size)
- sig_len = self._backend._lib.RSA_private_encrypt(
- self._pkey_size,
- padded,
- sig_buf,
- self._private_key._rsa_cdata,
- self._backend._lib.RSA_NO_PADDING
- )
- assert sig_len != -1
- return self._backend._ffi.buffer(sig_buf)[:sig_len]
-
-
-@utils.register_interface(interfaces.AsymmetricVerificationContext)
-class _RSAVerificationContext(object):
- def __init__(self, backend, public_key, signature, padding, algorithm):
- self._backend = backend
- self._public_key = public_key
- self._signature = signature
-
- if not isinstance(padding, interfaces.AsymmetricPadding):
- raise TypeError(
- "Expected provider of interfaces.AsymmetricPadding.")
-
- self._pkey_size = self._backend._lib.EVP_PKEY_size(
- self._public_key._evp_pkey
- )
-
- if isinstance(padding, PKCS1v15):
- if self._backend._lib.Cryptography_HAS_PKEY_CTX:
- self._verify_method = self._verify_pkey_ctx
- self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING
- else:
- self._verify_method = self._verify_pkcs1
- elif isinstance(padding, PSS):
- if not isinstance(padding._mgf, MGF1):
- raise UnsupportedAlgorithm(
- "Only MGF1 is supported by this backend.",
- _Reasons.UNSUPPORTED_MGF
- )
-
- # Size of key in bytes - 2 is the maximum
- # PSS signature length (salt length is checked later)
- assert self._pkey_size > 0
- if self._pkey_size - algorithm.digest_size - 2 < 0:
- raise ValueError(
- "Digest too large for key size. Check that you have the "
- "correct key and digest algorithm."
- )
-
- if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
- raise UnsupportedAlgorithm(
- "When OpenSSL is older than 1.0.1 then only SHA1 is "
- "supported with MGF1.",
- _Reasons.UNSUPPORTED_HASH
- )
-
- if self._backend._lib.Cryptography_HAS_PKEY_CTX:
- self._verify_method = self._verify_pkey_ctx
- self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING
- else:
- self._verify_method = self._verify_pss
- else:
- raise UnsupportedAlgorithm(
- "{0} is not supported by this backend.".format(padding.name),
- _Reasons.UNSUPPORTED_PADDING
- )
-
- self._padding = padding
- self._algorithm = algorithm
- self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
- def update(self, data):
- self._hash_ctx.update(data)
-
- def verify(self):
- evp_md = self._backend._lib.EVP_get_digestbyname(
- self._algorithm.name.encode("ascii"))
- assert evp_md != self._backend._ffi.NULL
-
- self._verify_method(evp_md)
-
- def _verify_pkey_ctx(self, evp_md):
- pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new(
- self._public_key._evp_pkey, self._backend._ffi.NULL
- )
- assert pkey_ctx != self._backend._ffi.NULL
- pkey_ctx = self._backend._ffi.gc(pkey_ctx,
- self._backend._lib.EVP_PKEY_CTX_free)
- res = self._backend._lib.EVP_PKEY_verify_init(pkey_ctx)
- assert res == 1
- res = self._backend._lib.EVP_PKEY_CTX_set_signature_md(
- pkey_ctx, evp_md)
- assert res > 0
-
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding(
- pkey_ctx, self._padding_enum)
- assert res > 0
- if isinstance(self._padding, PSS):
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
- pkey_ctx,
- _get_rsa_pss_salt_length(
- self._padding,
- self._public_key.key_size,
- self._hash_ctx.algorithm.digest_size
- )
- )
- assert res > 0
- if self._backend._lib.Cryptography_HAS_MGF1_MD:
- # MGF1 MD is configurable in OpenSSL 1.0.1+
- mgf1_md = self._backend._lib.EVP_get_digestbyname(
- self._padding._mgf._algorithm.name.encode("ascii"))
- assert mgf1_md != self._backend._ffi.NULL
- res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(
- pkey_ctx, mgf1_md
- )
- assert res > 0
-
- data_to_verify = self._hash_ctx.finalize()
- res = self._backend._lib.EVP_PKEY_verify(
- pkey_ctx,
- self._signature,
- len(self._signature),
- data_to_verify,
- len(data_to_verify)
- )
- # The previous call can return negative numbers in the event of an
- # error. This is not a signature failure but we need to fail if it
- # occurs.
- assert res >= 0
- if res == 0:
- errors = self._backend._consume_errors()
- assert errors
- raise InvalidSignature
-
- def _verify_pkcs1(self, evp_md):
- if self._hash_ctx._ctx is None:
- raise AlreadyFinalized("Context has already been finalized.")
-
- res = self._backend._lib.EVP_VerifyFinal(
- self._hash_ctx._ctx._ctx,
- self._signature,
- len(self._signature),
- self._public_key._evp_pkey
- )
- self._hash_ctx.finalize()
- # The previous call can return negative numbers in the event of an
- # error. This is not a signature failure but we need to fail if it
- # occurs.
- assert res >= 0
- if res == 0:
- errors = self._backend._consume_errors()
- assert errors
- raise InvalidSignature
-
- def _verify_pss(self, evp_md):
- buf = self._backend._ffi.new("unsigned char[]", self._pkey_size)
- res = self._backend._lib.RSA_public_decrypt(
- len(self._signature),
- self._signature,
- buf,
- self._public_key._rsa_cdata,
- self._backend._lib.RSA_NO_PADDING
- )
- if res != self._pkey_size:
- errors = self._backend._consume_errors()
- assert errors
- raise InvalidSignature
-
- data_to_verify = self._hash_ctx.finalize()
- res = self._backend._lib.RSA_verify_PKCS1_PSS(
- self._public_key._rsa_cdata,
- data_to_verify,
- evp_md,
- buf,
- _get_rsa_pss_salt_length(
- self._padding,
- self._public_key.key_size,
- len(data_to_verify)
- )
- )
- if res != 1:
- errors = self._backend._consume_errors()
- assert errors
- raise InvalidSignature
-
-
-@utils.register_interface(interfaces.AsymmetricVerificationContext)
-class _DSAVerificationContext(object):
- def __init__(self, backend, public_key, signature, algorithm):
- self._backend = backend
- self._public_key = public_key
- self._signature = signature
- self._algorithm = algorithm
-
- self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
- def update(self, data):
- self._hash_ctx.update(data)
-
- def verify(self):
- self._dsa_cdata = self._backend._dsa_cdata_from_public_key(
- self._public_key)
- self._dsa_cdata = self._backend._ffi.gc(self._dsa_cdata,
- self._backend._lib.DSA_free)
-
- data_to_verify = self._hash_ctx.finalize()
-
- # The first parameter passed to DSA_verify is unused by OpenSSL but
- # must be an integer.
- res = self._backend._lib.DSA_verify(
- 0, data_to_verify, len(data_to_verify), self._signature,
- len(self._signature), self._dsa_cdata)
-
- if res != 1:
- errors = self._backend._consume_errors()
- assert errors
- if res == -1:
- assert errors[0].lib == self._backend._lib.ERR_LIB_ASN1
-
- raise InvalidSignature
-
-
-@utils.register_interface(interfaces.AsymmetricSignatureContext)
-class _DSASignatureContext(object):
- def __init__(self, backend, private_key, algorithm):
- self._backend = backend
- self._private_key = private_key
- self._algorithm = algorithm
- self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
- self._dsa_cdata = self._backend._dsa_cdata_from_private_key(
- self._private_key)
- self._dsa_cdata = self._backend._ffi.gc(self._dsa_cdata,
- self._backend._lib.DSA_free)
-
- def update(self, data):
- self._hash_ctx.update(data)
-
- def finalize(self):
- data_to_sign = self._hash_ctx.finalize()
- sig_buf_len = self._backend._lib.DSA_size(self._dsa_cdata)
- sig_buf = self._backend._ffi.new("unsigned char[]", sig_buf_len)
- buflen = self._backend._ffi.new("unsigned int *")
-
- # The first parameter passed to DSA_sign is unused by OpenSSL but
- # must be an integer.
- res = self._backend._lib.DSA_sign(
- 0, data_to_sign, len(data_to_sign), sig_buf,
- buflen, self._dsa_cdata)
- assert res == 1
- assert buflen[0]
-
- return self._backend._ffi.buffer(sig_buf)[:buflen[0]]
-
-
-@utils.register_interface(interfaces.CMACContext)
-class _CMACContext(object):
- def __init__(self, backend, algorithm, ctx=None):
- if not backend.cmac_algorithm_supported(algorithm):
- raise UnsupportedAlgorithm("This backend does not support CMAC.",
- _Reasons.UNSUPPORTED_CIPHER)
-
- self._backend = backend
- self._key = algorithm.key
- self._algorithm = algorithm
- self._output_length = algorithm.block_size // 8
-
- if ctx is None:
- registry = self._backend._cipher_registry
- adapter = registry[type(algorithm), CBC]
-
- evp_cipher = adapter(self._backend, algorithm, CBC)
-
- ctx = self._backend._lib.CMAC_CTX_new()
-
- assert ctx != self._backend._ffi.NULL
- ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free)
-
- self._backend._lib.CMAC_Init(
- ctx, self._key, len(self._key),
- evp_cipher, self._backend._ffi.NULL
- )
-
- self._ctx = ctx
-
- def update(self, data):
- res = self._backend._lib.CMAC_Update(self._ctx, data, len(data))
- assert res == 1
-
- def finalize(self):
- buf = self._backend._ffi.new("unsigned char[]", self._output_length)
- length = self._backend._ffi.new("size_t *", self._output_length)
- res = self._backend._lib.CMAC_Final(
- self._ctx, buf, length
- )
- assert res == 1
-
- self._ctx = None
-
- return self._backend._ffi.buffer(buf)[:]
-
- def copy(self):
- copied_ctx = self._backend._lib.CMAC_CTX_new()
- copied_ctx = self._backend._ffi.gc(
- copied_ctx, self._backend._lib.CMAC_CTX_free
- )
- res = self._backend._lib.CMAC_CTX_copy(
- copied_ctx, self._ctx
- )
- assert res == 1
- return _CMACContext(
- self._backend, self._algorithm, ctx=copied_ctx
- )
-
-
-def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
- _lib = backend._lib
- _ffi = backend._ffi
-
- digest_len = len(digest)
-
- group = _lib.EC_KEY_get0_group(ec_key_cdata)
-
- bn_ctx = _lib.BN_CTX_new()
- assert bn_ctx != _ffi.NULL
- bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free)
-
- order = _lib.BN_CTX_get(bn_ctx)
- assert order != _ffi.NULL
-
- res = _lib.EC_GROUP_get_order(group, order, bn_ctx)
- assert res == 1
-
- order_bits = _lib.BN_num_bits(order)
-
- if 8 * digest_len > order_bits:
- digest_len = (order_bits + 7) // 8
- digest = digest[:digest_len]
-
- if 8 * digest_len > order_bits:
- rshift = 8 - (order_bits & 0x7)
- assert rshift > 0 and rshift < 8
-
- mask = 0xFF >> rshift << rshift
-
- # Set the bottom rshift bits to 0
- digest = digest[:-1] + six.int2byte(six.indexbytes(digest, -1) & mask)
-
- return digest
-
-
-@utils.register_interface(interfaces.AsymmetricSignatureContext)
-class _ECDSASignatureContext(object):
- def __init__(self, backend, private_key, algorithm):
- self._backend = backend
- self._private_key = private_key
- self._digest = hashes.Hash(algorithm, backend)
-
- def update(self, data):
- self._digest.update(data)
-
- def finalize(self):
- ec_key = self._private_key._ec_key
-
- digest = self._digest.finalize()
-
- digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend)
-
- max_size = self._backend._lib.ECDSA_size(ec_key)
- assert max_size > 0
-
- sigbuf = self._backend._ffi.new("char[]", max_size)
- siglen_ptr = self._backend._ffi.new("unsigned int[]", 1)
- res = self._backend._lib.ECDSA_sign(
- 0,
- digest,
- len(digest),
- sigbuf,
- siglen_ptr,
- ec_key
- )
- assert res == 1
- return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]]
-
-
-@utils.register_interface(interfaces.AsymmetricVerificationContext)
-class _ECDSAVerificationContext(object):
- def __init__(self, backend, public_key, signature, algorithm):
- self._backend = backend
- self._public_key = public_key
- self._signature = signature
- self._digest = hashes.Hash(algorithm, backend)
-
- def update(self, data):
- self._digest.update(data)
-
- def verify(self):
- ec_key = self._public_key._ec_key
-
- digest = self._digest.finalize()
-
- digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend)
-
- res = self._backend._lib.ECDSA_verify(
- 0,
- digest,
- len(digest),
- self._signature,
- len(self._signature),
- ec_key
- )
- if res != 1:
- self._backend._consume_errors()
- raise InvalidSignature
- return True
-
-
-@utils.register_interface(interfaces.EllipticCurvePrivateKey)
-class _EllipticCurvePrivateKey(object):
- def __init__(self, backend, ec_key_cdata, curve):
- self._backend = backend
- self._ec_key = ec_key_cdata
- self._curve = curve
-
- @property
- def curve(self):
- return self._curve
-
- def signer(self, signature_algorithm):
- if isinstance(signature_algorithm, ec.ECDSA):
- return self._backend._create_ecdsa_signature_ctx(
- self, signature_algorithm)
- else:
- raise UnsupportedAlgorithm(
- "Unsupported elliptic curve signature algorithm.",
- _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
-
- def public_key(self):
- public_ec_key = self._backend._public_ec_key_from_private_ec_key(
- self._ec_key
- )
-
- return _EllipticCurvePublicKey(
- self._backend, public_ec_key, self._curve)
-
-
-@utils.register_interface(interfaces.EllipticCurvePublicKey)
-class _EllipticCurvePublicKey(object):
- def __init__(self, backend, ec_key_cdata, curve):
- self._backend = backend
- self._ec_key = ec_key_cdata
- self._curve = curve
-
- @property
- def curve(self):
- return self._curve
-
- def verifier(self, signature, signature_algorithm):
- if isinstance(signature_algorithm, ec.ECDSA):
- return self._backend._create_ecdsa_verification_ctx(
- self, signature, signature_algorithm)
- else:
- raise UnsupportedAlgorithm(
- "Unsupported elliptic curve signature algorithm.",
- _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
-
-
-@utils.register_interface(RSAPrivateKeyWithNumbers)
-class _RSAPrivateKey(object):
- def __init__(self, backend, rsa_cdata):
- self._backend = backend
- self._rsa_cdata = rsa_cdata
-
- evp_pkey = self._backend._lib.EVP_PKEY_new()
- assert evp_pkey != self._backend._ffi.NULL
- evp_pkey = self._backend._ffi.gc(
- evp_pkey, self._backend._lib.EVP_PKEY_free
- )
- res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata)
- assert res == 1
- self._evp_pkey = evp_pkey
-
- self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n)
-
- def signer(self, padding, algorithm):
- return _RSASignatureContext(self._backend, self, padding, algorithm)
-
- def decrypt(self, ciphertext, padding):
- key_size_bytes = int(math.ceil(self.key_size / 8.0))
- if key_size_bytes != len(ciphertext):
- raise ValueError("Ciphertext length must be equal to key size.")
-
- return self._backend._enc_dec_rsa(self, ciphertext, padding)
-
- def public_key(self):
- ctx = self._backend._lib.RSA_new()
- assert ctx != self._backend._ffi.NULL
- ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free)
- ctx.e = self._backend._lib.BN_dup(self._rsa_cdata.e)
- ctx.n = self._backend._lib.BN_dup(self._rsa_cdata.n)
- res = self._backend._lib.RSA_blinding_on(ctx, self._backend._ffi.NULL)
- assert res == 1
- return _RSAPublicKey(self._backend, ctx)
-
- def private_numbers(self):
- return rsa.RSAPrivateNumbers(
- p=self._backend._bn_to_int(self._rsa_cdata.p),
- q=self._backend._bn_to_int(self._rsa_cdata.q),
- d=self._backend._bn_to_int(self._rsa_cdata.d),
- dmp1=self._backend._bn_to_int(self._rsa_cdata.dmp1),
- dmq1=self._backend._bn_to_int(self._rsa_cdata.dmq1),
- iqmp=self._backend._bn_to_int(self._rsa_cdata.iqmp),
- public_numbers=rsa.RSAPublicNumbers(
- e=self._backend._bn_to_int(self._rsa_cdata.e),
- n=self._backend._bn_to_int(self._rsa_cdata.n),
- )
- )
-
-
-@utils.register_interface(RSAPublicKeyWithNumbers)
-class _RSAPublicKey(object):
- def __init__(self, backend, rsa_cdata):
- self._backend = backend
- self._rsa_cdata = rsa_cdata
-
- evp_pkey = self._backend._lib.EVP_PKEY_new()
- assert evp_pkey != self._backend._ffi.NULL
- evp_pkey = self._backend._ffi.gc(
- evp_pkey, self._backend._lib.EVP_PKEY_free
- )
- res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata)
- assert res == 1
- self._evp_pkey = evp_pkey
-
- self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n)
-
- def verifier(self, signature, padding, algorithm):
- return _RSAVerificationContext(
- self._backend, self, signature, padding, algorithm
- )
-
- def encrypt(self, plaintext, padding):
- return self._backend._enc_dec_rsa(self, plaintext, padding)
-
- def public_numbers(self):
- return rsa.RSAPublicNumbers(
- e=self._backend._bn_to_int(self._rsa_cdata.e),
- n=self._backend._bn_to_int(self._rsa_cdata.n),
- )
-
-
backend = Backend()
diff --git a/cryptography/hazmat/backends/openssl/ciphers.py b/cryptography/hazmat/backends/openssl/ciphers.py
new file mode 100644
index 00000000..c3a5499a
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/ciphers.py
@@ -0,0 +1,219 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography import utils
+from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives.ciphers.modes import GCM
+
+
+@utils.register_interface(interfaces.CipherContext)
+@utils.register_interface(interfaces.AEADCipherContext)
+@utils.register_interface(interfaces.AEADEncryptionContext)
+class _CipherContext(object):
+ _ENCRYPT = 1
+ _DECRYPT = 0
+
+ def __init__(self, backend, cipher, mode, operation):
+ self._backend = backend
+ self._cipher = cipher
+ self._mode = mode
+ self._operation = operation
+ self._tag = None
+
+ if isinstance(self._cipher, interfaces.BlockCipherAlgorithm):
+ self._block_size = self._cipher.block_size
+ else:
+ self._block_size = 1
+
+ ctx = self._backend._lib.EVP_CIPHER_CTX_new()
+ ctx = self._backend._ffi.gc(
+ ctx, self._backend._lib.EVP_CIPHER_CTX_free
+ )
+
+ registry = self._backend._cipher_registry
+ try:
+ adapter = registry[type(cipher), type(mode)]
+ except KeyError:
+ raise UnsupportedAlgorithm(
+ "cipher {0} in {1} mode is not supported "
+ "by this backend.".format(
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
+ )
+
+ evp_cipher = adapter(self._backend, cipher, mode)
+ if evp_cipher == self._backend._ffi.NULL:
+ raise UnsupportedAlgorithm(
+ "cipher {0} in {1} mode is not supported "
+ "by this backend.".format(
+ cipher.name, mode.name if mode else mode),
+ _Reasons.UNSUPPORTED_CIPHER
+ )
+
+ if isinstance(mode, interfaces.ModeWithInitializationVector):
+ iv_nonce = mode.initialization_vector
+ elif isinstance(mode, interfaces.ModeWithNonce):
+ iv_nonce = mode.nonce
+ else:
+ iv_nonce = self._backend._ffi.NULL
+ # begin init with cipher and operation type
+ res = self._backend._lib.EVP_CipherInit_ex(ctx, evp_cipher,
+ self._backend._ffi.NULL,
+ self._backend._ffi.NULL,
+ self._backend._ffi.NULL,
+ operation)
+ assert res != 0
+ # set the key length to handle variable key ciphers
+ res = self._backend._lib.EVP_CIPHER_CTX_set_key_length(
+ ctx, len(cipher.key)
+ )
+ assert res != 0
+ if isinstance(mode, GCM):
+ res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+ ctx, self._backend._lib.EVP_CTRL_GCM_SET_IVLEN,
+ len(iv_nonce), self._backend._ffi.NULL
+ )
+ assert res != 0
+ if operation == self._DECRYPT:
+ res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+ ctx, self._backend._lib.EVP_CTRL_GCM_SET_TAG,
+ len(mode.tag), mode.tag
+ )
+ assert res != 0
+
+ # pass key/iv
+ res = self._backend._lib.EVP_CipherInit_ex(
+ ctx,
+ self._backend._ffi.NULL,
+ self._backend._ffi.NULL,
+ cipher.key,
+ iv_nonce,
+ operation
+ )
+ assert res != 0
+ # We purposely disable padding here as it's handled higher up in the
+ # API.
+ self._backend._lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
+ self._ctx = ctx
+
+ def update(self, data):
+ # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
+ # to SIGABRT if you call update with an empty byte string. This can be
+ # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
+ # should be taken only when length is zero and mode is not GCM because
+ # AES GCM can return improper tag values if you don't call update
+ # with empty plaintext when authenticating AAD for ...reasons.
+ if len(data) == 0 and not isinstance(self._mode, GCM):
+ return b""
+
+ buf = self._backend._ffi.new("unsigned char[]",
+ len(data) + self._block_size - 1)
+ outlen = self._backend._ffi.new("int *")
+ res = self._backend._lib.EVP_CipherUpdate(self._ctx, buf, outlen, data,
+ len(data))
+ assert res != 0
+ return self._backend._ffi.buffer(buf)[:outlen[0]]
+
+ def finalize(self):
+ buf = self._backend._ffi.new("unsigned char[]", self._block_size)
+ outlen = self._backend._ffi.new("int *")
+ res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
+ if res == 0:
+ errors = self._backend._consume_errors()
+
+ if not errors and isinstance(self._mode, GCM):
+ raise InvalidTag
+
+ assert errors
+
+ if errors[0][1:] == (
+ self._backend._lib.ERR_LIB_EVP,
+ self._backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX,
+ self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
+ ) or errors[0][1:] == (
+ self._backend._lib.ERR_LIB_EVP,
+ self._backend._lib.EVP_F_EVP_DECRYPTFINAL_EX,
+ self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
+ ):
+ raise ValueError(
+ "The length of the provided data is not a multiple of "
+ "the block length."
+ )
+ else:
+ raise self._backend._unknown_error(errors[0])
+
+ if (isinstance(self._mode, GCM) and
+ self._operation == self._ENCRYPT):
+ block_byte_size = self._block_size // 8
+ tag_buf = self._backend._ffi.new(
+ "unsigned char[]", block_byte_size
+ )
+ res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+ self._ctx, self._backend._lib.EVP_CTRL_GCM_GET_TAG,
+ block_byte_size, tag_buf
+ )
+ assert res != 0
+ self._tag = self._backend._ffi.buffer(tag_buf)[:]
+
+ res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
+ assert res == 1
+ return self._backend._ffi.buffer(buf)[:outlen[0]]
+
+ def authenticate_additional_data(self, data):
+ outlen = self._backend._ffi.new("int *")
+ res = self._backend._lib.EVP_CipherUpdate(
+ self._ctx, self._backend._ffi.NULL, outlen, data, len(data)
+ )
+ assert res != 0
+
+ @property
+ def tag(self):
+ return self._tag
+
+
+@utils.register_interface(interfaces.CipherContext)
+class _AESCTRCipherContext(object):
+ """
+ This is needed to provide support for AES CTR mode in OpenSSL 0.9.8. It can
+ be removed when we drop 0.9.8 support (RHEL5 extended life ends 2020).
+ """
+ def __init__(self, backend, cipher, mode):
+ self._backend = backend
+
+ self._key = self._backend._ffi.new("AES_KEY *")
+ assert self._key != self._backend._ffi.NULL
+ res = self._backend._lib.AES_set_encrypt_key(
+ cipher.key, len(cipher.key) * 8, self._key
+ )
+ assert res == 0
+ self._ecount = self._backend._ffi.new("char[]", 16)
+ self._nonce = self._backend._ffi.new("char[16]", mode.nonce)
+ self._num = self._backend._ffi.new("unsigned int *", 0)
+
+ def update(self, data):
+ buf = self._backend._ffi.new("unsigned char[]", len(data))
+ self._backend._lib.AES_ctr128_encrypt(
+ data, buf, len(data), self._key, self._nonce,
+ self._ecount, self._num
+ )
+ return self._backend._ffi.buffer(buf)[:]
+
+ def finalize(self):
+ self._key = None
+ self._ecount = None
+ self._nonce = None
+ self._num = None
+ return b""
diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py
new file mode 100644
index 00000000..7acf4391
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/cmac.py
@@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+
+from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives.ciphers.modes import CBC
+
+
+@utils.register_interface(interfaces.CMACContext)
+class _CMACContext(object):
+ def __init__(self, backend, algorithm, ctx=None):
+ if not backend.cmac_algorithm_supported(algorithm):
+ raise UnsupportedAlgorithm("This backend does not support CMAC.",
+ _Reasons.UNSUPPORTED_CIPHER)
+
+ self._backend = backend
+ self._key = algorithm.key
+ self._algorithm = algorithm
+ self._output_length = algorithm.block_size // 8
+
+ if ctx is None:
+ registry = self._backend._cipher_registry
+ adapter = registry[type(algorithm), CBC]
+
+ evp_cipher = adapter(self._backend, algorithm, CBC)
+
+ ctx = self._backend._lib.CMAC_CTX_new()
+
+ assert ctx != self._backend._ffi.NULL
+ ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free)
+
+ self._backend._lib.CMAC_Init(
+ ctx, self._key, len(self._key),
+ evp_cipher, self._backend._ffi.NULL
+ )
+
+ self._ctx = ctx
+
+ def update(self, data):
+ res = self._backend._lib.CMAC_Update(self._ctx, data, len(data))
+ assert res == 1
+
+ def finalize(self):
+ buf = self._backend._ffi.new("unsigned char[]", self._output_length)
+ length = self._backend._ffi.new("size_t *", self._output_length)
+ res = self._backend._lib.CMAC_Final(
+ self._ctx, buf, length
+ )
+ assert res == 1
+
+ self._ctx = None
+
+ return self._backend._ffi.buffer(buf)[:]
+
+ def copy(self):
+ copied_ctx = self._backend._lib.CMAC_CTX_new()
+ copied_ctx = self._backend._ffi.gc(
+ copied_ctx, self._backend._lib.CMAC_CTX_free
+ )
+ res = self._backend._lib.CMAC_CTX_copy(
+ copied_ctx, self._ctx
+ )
+ assert res == 1
+ return _CMACContext(
+ self._backend, self._algorithm, ctx=copied_ctx
+ )
diff --git a/cryptography/hazmat/backends/openssl/dsa.py b/cryptography/hazmat/backends/openssl/dsa.py
new file mode 100644
index 00000000..ec05c3aa
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/dsa.py
@@ -0,0 +1,86 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography import utils
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes, interfaces
+
+
+@utils.register_interface(interfaces.AsymmetricVerificationContext)
+class _DSAVerificationContext(object):
+ def __init__(self, backend, public_key, signature, algorithm):
+ self._backend = backend
+ self._public_key = public_key
+ self._signature = signature
+ self._algorithm = algorithm
+
+ self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
+
+ def update(self, data):
+ self._hash_ctx.update(data)
+
+ def verify(self):
+ self._dsa_cdata = self._backend._dsa_cdata_from_public_key(
+ self._public_key)
+ self._dsa_cdata = self._backend._ffi.gc(self._dsa_cdata,
+ self._backend._lib.DSA_free)
+
+ data_to_verify = self._hash_ctx.finalize()
+
+ # The first parameter passed to DSA_verify is unused by OpenSSL but
+ # must be an integer.
+ res = self._backend._lib.DSA_verify(
+ 0, data_to_verify, len(data_to_verify), self._signature,
+ len(self._signature), self._dsa_cdata)
+
+ if res != 1:
+ errors = self._backend._consume_errors()
+ assert errors
+ if res == -1:
+ assert errors[0].lib == self._backend._lib.ERR_LIB_ASN1
+
+ raise InvalidSignature
+
+
+@utils.register_interface(interfaces.AsymmetricSignatureContext)
+class _DSASignatureContext(object):
+ def __init__(self, backend, private_key, algorithm):
+ self._backend = backend
+ self._private_key = private_key
+ self._algorithm = algorithm
+ self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
+ self._dsa_cdata = self._backend._dsa_cdata_from_private_key(
+ self._private_key)
+ self._dsa_cdata = self._backend._ffi.gc(self._dsa_cdata,
+ self._backend._lib.DSA_free)
+
+ def update(self, data):
+ self._hash_ctx.update(data)
+
+ def finalize(self):
+ data_to_sign = self._hash_ctx.finalize()
+ sig_buf_len = self._backend._lib.DSA_size(self._dsa_cdata)
+ sig_buf = self._backend._ffi.new("unsigned char[]", sig_buf_len)
+ buflen = self._backend._ffi.new("unsigned int *")
+
+ # The first parameter passed to DSA_sign is unused by OpenSSL but
+ # must be an integer.
+ res = self._backend._lib.DSA_sign(
+ 0, data_to_sign, len(data_to_sign), sig_buf,
+ buflen, self._dsa_cdata)
+ assert res == 1
+ assert buflen[0]
+
+ return self._backend._ffi.buffer(sig_buf)[:buflen[0]]
diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py
new file mode 100644
index 00000000..892d20ea
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/ec.py
@@ -0,0 +1,175 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+from cryptography.exceptions import (
+ InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives.asymmetric import ec
+
+
+def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
+ _lib = backend._lib
+ _ffi = backend._ffi
+
+ digest_len = len(digest)
+
+ group = _lib.EC_KEY_get0_group(ec_key_cdata)
+
+ bn_ctx = _lib.BN_CTX_new()
+ assert bn_ctx != _ffi.NULL
+ bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free)
+
+ order = _lib.BN_CTX_get(bn_ctx)
+ assert order != _ffi.NULL
+
+ res = _lib.EC_GROUP_get_order(group, order, bn_ctx)
+ assert res == 1
+
+ order_bits = _lib.BN_num_bits(order)
+
+ if 8 * digest_len > order_bits:
+ digest_len = (order_bits + 7) // 8
+ digest = digest[:digest_len]
+
+ if 8 * digest_len > order_bits:
+ rshift = 8 - (order_bits & 0x7)
+ assert rshift > 0 and rshift < 8
+
+ mask = 0xFF >> rshift << rshift
+
+ # Set the bottom rshift bits to 0
+ digest = digest[:-1] + six.int2byte(six.indexbytes(digest, -1) & mask)
+
+ return digest
+
+
+@utils.register_interface(interfaces.AsymmetricSignatureContext)
+class _ECDSASignatureContext(object):
+ def __init__(self, backend, private_key, algorithm):
+ self._backend = backend
+ self._private_key = private_key
+ self._digest = hashes.Hash(algorithm, backend)
+
+ def update(self, data):
+ self._digest.update(data)
+
+ def finalize(self):
+ ec_key = self._private_key._ec_key
+
+ digest = self._digest.finalize()
+
+ digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend)
+
+ max_size = self._backend._lib.ECDSA_size(ec_key)
+ assert max_size > 0
+
+ sigbuf = self._backend._ffi.new("char[]", max_size)
+ siglen_ptr = self._backend._ffi.new("unsigned int[]", 1)
+ res = self._backend._lib.ECDSA_sign(
+ 0,
+ digest,
+ len(digest),
+ sigbuf,
+ siglen_ptr,
+ ec_key
+ )
+ assert res == 1
+ return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]]
+
+
+@utils.register_interface(interfaces.AsymmetricVerificationContext)
+class _ECDSAVerificationContext(object):
+ def __init__(self, backend, public_key, signature, algorithm):
+ self._backend = backend
+ self._public_key = public_key
+ self._signature = signature
+ self._digest = hashes.Hash(algorithm, backend)
+
+ def update(self, data):
+ self._digest.update(data)
+
+ def verify(self):
+ ec_key = self._public_key._ec_key
+
+ digest = self._digest.finalize()
+
+ digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend)
+
+ res = self._backend._lib.ECDSA_verify(
+ 0,
+ digest,
+ len(digest),
+ self._signature,
+ len(self._signature),
+ ec_key
+ )
+ if res != 1:
+ self._backend._consume_errors()
+ raise InvalidSignature
+ return True
+
+
+@utils.register_interface(interfaces.EllipticCurvePrivateKey)
+class _EllipticCurvePrivateKey(object):
+ def __init__(self, backend, ec_key_cdata, curve):
+ self._backend = backend
+ self._ec_key = ec_key_cdata
+ self._curve = curve
+
+ @property
+ def curve(self):
+ return self._curve
+
+ def signer(self, signature_algorithm):
+ if isinstance(signature_algorithm, ec.ECDSA):
+ return self._backend._create_ecdsa_signature_ctx(
+ self, signature_algorithm)
+ else:
+ raise UnsupportedAlgorithm(
+ "Unsupported elliptic curve signature algorithm.",
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+ def public_key(self):
+ public_ec_key = self._backend._public_ec_key_from_private_ec_key(
+ self._ec_key
+ )
+
+ return _EllipticCurvePublicKey(
+ self._backend, public_ec_key, self._curve)
+
+
+@utils.register_interface(interfaces.EllipticCurvePublicKey)
+class _EllipticCurvePublicKey(object):
+ def __init__(self, backend, ec_key_cdata, curve):
+ self._backend = backend
+ self._ec_key = ec_key_cdata
+ self._curve = curve
+
+ @property
+ def curve(self):
+ return self._curve
+
+ def verifier(self, signature, signature_algorithm):
+ if isinstance(signature_algorithm, ec.ECDSA):
+ return self._backend._create_ecdsa_verification_ctx(
+ self, signature, signature_algorithm)
+ else:
+ raise UnsupportedAlgorithm(
+ "Unsupported elliptic curve signature algorithm.",
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py
new file mode 100644
index 00000000..3f1576f5
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/hmac.py
@@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+
+from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.primitives import interfaces
+
+
+@utils.register_interface(interfaces.HashContext)
+class _HMACContext(object):
+ def __init__(self, backend, key, algorithm, ctx=None):
+ self.algorithm = algorithm
+ self._backend = backend
+
+ if ctx is None:
+ ctx = self._backend._ffi.new("HMAC_CTX *")
+ self._backend._lib.HMAC_CTX_init(ctx)
+ ctx = self._backend._ffi.gc(
+ ctx, self._backend._lib.HMAC_CTX_cleanup
+ )
+ evp_md = self._backend._lib.EVP_get_digestbyname(
+ algorithm.name.encode('ascii'))
+ if evp_md == self._backend._ffi.NULL:
+ raise UnsupportedAlgorithm(
+ "{0} is not a supported hash on this backend.".format(
+ algorithm.name),
+ _Reasons.UNSUPPORTED_HASH
+ )
+ res = self._backend._lib.Cryptography_HMAC_Init_ex(
+ ctx, key, len(key), evp_md, self._backend._ffi.NULL
+ )
+ assert res != 0
+
+ self._ctx = ctx
+ self._key = key
+
+ def copy(self):
+ copied_ctx = self._backend._ffi.new("HMAC_CTX *")
+ self._backend._lib.HMAC_CTX_init(copied_ctx)
+ copied_ctx = self._backend._ffi.gc(
+ copied_ctx, self._backend._lib.HMAC_CTX_cleanup
+ )
+ res = self._backend._lib.Cryptography_HMAC_CTX_copy(
+ copied_ctx, self._ctx
+ )
+ assert res != 0
+ return _HMACContext(
+ self._backend, self._key, self.algorithm, ctx=copied_ctx
+ )
+
+ def update(self, data):
+ res = self._backend._lib.Cryptography_HMAC_Update(
+ self._ctx, data, len(data)
+ )
+ assert res != 0
+
+ def finalize(self):
+ buf = self._backend._ffi.new("unsigned char[]",
+ self._backend._lib.EVP_MAX_MD_SIZE)
+ outlen = self._backend._ffi.new("unsigned int *")
+ res = self._backend._lib.Cryptography_HMAC_Final(
+ self._ctx, buf, outlen
+ )
+ assert res != 0
+ assert outlen[0] == self.algorithm.digest_size
+ self._backend._lib.HMAC_CTX_cleanup(self._ctx)
+ return self._backend._ffi.buffer(buf)[:outlen[0]]
diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py
new file mode 100644
index 00000000..2fada1b9
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/rsa.py
@@ -0,0 +1,491 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import math
+
+from cryptography import utils
+from cryptography.exceptions import (
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric.padding import (
+ MGF1, PKCS1v15, PSS
+)
+from cryptography.hazmat.primitives.interfaces import (
+ RSAPrivateKeyWithNumbers, RSAPublicKeyWithNumbers
+)
+
+
+def _get_rsa_pss_salt_length(pss, key_size, digest_size):
+ if pss._mgf._salt_length is not None:
+ salt = pss._mgf._salt_length
+ else:
+ salt = pss._salt_length
+
+ if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
+ # bit length - 1 per RFC 3447
+ emlen = int(math.ceil((key_size - 1) / 8.0))
+ salt_length = emlen - digest_size - 2
+ assert salt_length >= 0
+ return salt_length
+ else:
+ return salt
+
+
+@utils.register_interface(interfaces.AsymmetricSignatureContext)
+class _RSASignatureContext(object):
+ def __init__(self, backend, private_key, padding, algorithm):
+ self._backend = backend
+ self._private_key = private_key
+
+ if not isinstance(padding, interfaces.AsymmetricPadding):
+ raise TypeError(
+ "Expected provider of interfaces.AsymmetricPadding.")
+
+ self._pkey_size = self._backend._lib.EVP_PKEY_size(
+ self._private_key._evp_pkey
+ )
+
+ if isinstance(padding, PKCS1v15):
+ if self._backend._lib.Cryptography_HAS_PKEY_CTX:
+ self._finalize_method = self._finalize_pkey_ctx
+ self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING
+ else:
+ self._finalize_method = self._finalize_pkcs1
+ elif isinstance(padding, PSS):
+ if not isinstance(padding._mgf, MGF1):
+ raise UnsupportedAlgorithm(
+ "Only MGF1 is supported by this backend.",
+ _Reasons.UNSUPPORTED_MGF
+ )
+
+ # Size of key in bytes - 2 is the maximum
+ # PSS signature length (salt length is checked later)
+ assert self._pkey_size > 0
+ if self._pkey_size - algorithm.digest_size - 2 < 0:
+ raise ValueError("Digest too large for key size. Use a larger "
+ "key.")
+
+ if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
+ raise UnsupportedAlgorithm(
+ "When OpenSSL is older than 1.0.1 then only SHA1 is "
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
+ )
+
+ if self._backend._lib.Cryptography_HAS_PKEY_CTX:
+ self._finalize_method = self._finalize_pkey_ctx
+ self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING
+ else:
+ self._finalize_method = self._finalize_pss
+ else:
+ raise UnsupportedAlgorithm(
+ "{0} is not supported by this backend.".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
+ )
+
+ self._padding = padding
+ self._algorithm = algorithm
+ self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
+
+ def update(self, data):
+ self._hash_ctx.update(data)
+
+ def finalize(self):
+ evp_md = self._backend._lib.EVP_get_digestbyname(
+ self._algorithm.name.encode("ascii"))
+ assert evp_md != self._backend._ffi.NULL
+
+ return self._finalize_method(evp_md)
+
+ def _finalize_pkey_ctx(self, evp_md):
+ pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new(
+ self._private_key._evp_pkey, self._backend._ffi.NULL
+ )
+ assert pkey_ctx != self._backend._ffi.NULL
+ pkey_ctx = self._backend._ffi.gc(pkey_ctx,
+ self._backend._lib.EVP_PKEY_CTX_free)
+ res = self._backend._lib.EVP_PKEY_sign_init(pkey_ctx)
+ assert res == 1
+ res = self._backend._lib.EVP_PKEY_CTX_set_signature_md(
+ pkey_ctx, evp_md)
+ assert res > 0
+
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding(
+ pkey_ctx, self._padding_enum)
+ assert res > 0
+ if isinstance(self._padding, PSS):
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
+ pkey_ctx,
+ _get_rsa_pss_salt_length(
+ self._padding,
+ self._private_key.key_size,
+ self._hash_ctx.algorithm.digest_size
+ )
+ )
+ assert res > 0
+
+ if self._backend._lib.Cryptography_HAS_MGF1_MD:
+ # MGF1 MD is configurable in OpenSSL 1.0.1+
+ mgf1_md = self._backend._lib.EVP_get_digestbyname(
+ self._padding._mgf._algorithm.name.encode("ascii"))
+ assert mgf1_md != self._backend._ffi.NULL
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(
+ pkey_ctx, mgf1_md
+ )
+ assert res > 0
+ data_to_sign = self._hash_ctx.finalize()
+ buflen = self._backend._ffi.new("size_t *")
+ res = self._backend._lib.EVP_PKEY_sign(
+ pkey_ctx,
+ self._backend._ffi.NULL,
+ buflen,
+ data_to_sign,
+ len(data_to_sign)
+ )
+ assert res == 1
+ buf = self._backend._ffi.new("unsigned char[]", buflen[0])
+ res = self._backend._lib.EVP_PKEY_sign(
+ pkey_ctx, buf, buflen, data_to_sign, len(data_to_sign))
+ if res != 1:
+ errors = self._backend._consume_errors()
+ assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
+ reason = None
+ if (errors[0].reason ==
+ self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE):
+ reason = ("Salt length too long for key size. Try using "
+ "MAX_LENGTH instead.")
+ elif (errors[0].reason ==
+ self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY):
+ reason = "Digest too large for key size. Use a larger key."
+ assert reason is not None
+ raise ValueError(reason)
+
+ return self._backend._ffi.buffer(buf)[:]
+
+ def _finalize_pkcs1(self, evp_md):
+ if self._hash_ctx._ctx is None:
+ raise AlreadyFinalized("Context has already been finalized.")
+
+ sig_buf = self._backend._ffi.new("char[]", self._pkey_size)
+ sig_len = self._backend._ffi.new("unsigned int *")
+ res = self._backend._lib.EVP_SignFinal(
+ self._hash_ctx._ctx._ctx,
+ sig_buf,
+ sig_len,
+ self._private_key._evp_pkey
+ )
+ self._hash_ctx.finalize()
+ if res == 0:
+ errors = self._backend._consume_errors()
+ assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
+ assert (errors[0].reason ==
+ self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
+ raise ValueError("Digest too large for key size. Use a larger "
+ "key.")
+
+ return self._backend._ffi.buffer(sig_buf)[:sig_len[0]]
+
+ def _finalize_pss(self, evp_md):
+ data_to_sign = self._hash_ctx.finalize()
+ padded = self._backend._ffi.new("unsigned char[]", self._pkey_size)
+ res = self._backend._lib.RSA_padding_add_PKCS1_PSS(
+ self._private_key._rsa_cdata,
+ padded,
+ data_to_sign,
+ evp_md,
+ _get_rsa_pss_salt_length(
+ self._padding,
+ self._private_key.key_size,
+ len(data_to_sign)
+ )
+ )
+ if res != 1:
+ errors = self._backend._consume_errors()
+ assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
+ assert (errors[0].reason ==
+ self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
+ raise ValueError("Salt length too long for key size. Try using "
+ "MAX_LENGTH instead.")
+
+ sig_buf = self._backend._ffi.new("char[]", self._pkey_size)
+ sig_len = self._backend._lib.RSA_private_encrypt(
+ self._pkey_size,
+ padded,
+ sig_buf,
+ self._private_key._rsa_cdata,
+ self._backend._lib.RSA_NO_PADDING
+ )
+ assert sig_len != -1
+ return self._backend._ffi.buffer(sig_buf)[:sig_len]
+
+
+@utils.register_interface(interfaces.AsymmetricVerificationContext)
+class _RSAVerificationContext(object):
+ def __init__(self, backend, public_key, signature, padding, algorithm):
+ self._backend = backend
+ self._public_key = public_key
+ self._signature = signature
+
+ if not isinstance(padding, interfaces.AsymmetricPadding):
+ raise TypeError(
+ "Expected provider of interfaces.AsymmetricPadding.")
+
+ self._pkey_size = self._backend._lib.EVP_PKEY_size(
+ self._public_key._evp_pkey
+ )
+
+ if isinstance(padding, PKCS1v15):
+ if self._backend._lib.Cryptography_HAS_PKEY_CTX:
+ self._verify_method = self._verify_pkey_ctx
+ self._padding_enum = self._backend._lib.RSA_PKCS1_PADDING
+ else:
+ self._verify_method = self._verify_pkcs1
+ elif isinstance(padding, PSS):
+ if not isinstance(padding._mgf, MGF1):
+ raise UnsupportedAlgorithm(
+ "Only MGF1 is supported by this backend.",
+ _Reasons.UNSUPPORTED_MGF
+ )
+
+ # Size of key in bytes - 2 is the maximum
+ # PSS signature length (salt length is checked later)
+ assert self._pkey_size > 0
+ if self._pkey_size - algorithm.digest_size - 2 < 0:
+ raise ValueError(
+ "Digest too large for key size. Check that you have the "
+ "correct key and digest algorithm."
+ )
+
+ if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
+ raise UnsupportedAlgorithm(
+ "When OpenSSL is older than 1.0.1 then only SHA1 is "
+ "supported with MGF1.",
+ _Reasons.UNSUPPORTED_HASH
+ )
+
+ if self._backend._lib.Cryptography_HAS_PKEY_CTX:
+ self._verify_method = self._verify_pkey_ctx
+ self._padding_enum = self._backend._lib.RSA_PKCS1_PSS_PADDING
+ else:
+ self._verify_method = self._verify_pss
+ else:
+ raise UnsupportedAlgorithm(
+ "{0} is not supported by this backend.".format(padding.name),
+ _Reasons.UNSUPPORTED_PADDING
+ )
+
+ self._padding = padding
+ self._algorithm = algorithm
+ self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
+
+ def update(self, data):
+ self._hash_ctx.update(data)
+
+ def verify(self):
+ evp_md = self._backend._lib.EVP_get_digestbyname(
+ self._algorithm.name.encode("ascii"))
+ assert evp_md != self._backend._ffi.NULL
+
+ self._verify_method(evp_md)
+
+ def _verify_pkey_ctx(self, evp_md):
+ pkey_ctx = self._backend._lib.EVP_PKEY_CTX_new(
+ self._public_key._evp_pkey, self._backend._ffi.NULL
+ )
+ assert pkey_ctx != self._backend._ffi.NULL
+ pkey_ctx = self._backend._ffi.gc(pkey_ctx,
+ self._backend._lib.EVP_PKEY_CTX_free)
+ res = self._backend._lib.EVP_PKEY_verify_init(pkey_ctx)
+ assert res == 1
+ res = self._backend._lib.EVP_PKEY_CTX_set_signature_md(
+ pkey_ctx, evp_md)
+ assert res > 0
+
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_padding(
+ pkey_ctx, self._padding_enum)
+ assert res > 0
+ if isinstance(self._padding, PSS):
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
+ pkey_ctx,
+ _get_rsa_pss_salt_length(
+ self._padding,
+ self._public_key.key_size,
+ self._hash_ctx.algorithm.digest_size
+ )
+ )
+ assert res > 0
+ if self._backend._lib.Cryptography_HAS_MGF1_MD:
+ # MGF1 MD is configurable in OpenSSL 1.0.1+
+ mgf1_md = self._backend._lib.EVP_get_digestbyname(
+ self._padding._mgf._algorithm.name.encode("ascii"))
+ assert mgf1_md != self._backend._ffi.NULL
+ res = self._backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(
+ pkey_ctx, mgf1_md
+ )
+ assert res > 0
+
+ data_to_verify = self._hash_ctx.finalize()
+ res = self._backend._lib.EVP_PKEY_verify(
+ pkey_ctx,
+ self._signature,
+ len(self._signature),
+ data_to_verify,
+ len(data_to_verify)
+ )
+ # The previous call can return negative numbers in the event of an
+ # error. This is not a signature failure but we need to fail if it
+ # occurs.
+ assert res >= 0
+ if res == 0:
+ errors = self._backend._consume_errors()
+ assert errors
+ raise InvalidSignature
+
+ def _verify_pkcs1(self, evp_md):
+ if self._hash_ctx._ctx is None:
+ raise AlreadyFinalized("Context has already been finalized.")
+
+ res = self._backend._lib.EVP_VerifyFinal(
+ self._hash_ctx._ctx._ctx,
+ self._signature,
+ len(self._signature),
+ self._public_key._evp_pkey
+ )
+ self._hash_ctx.finalize()
+ # The previous call can return negative numbers in the event of an
+ # error. This is not a signature failure but we need to fail if it
+ # occurs.
+ assert res >= 0
+ if res == 0:
+ errors = self._backend._consume_errors()
+ assert errors
+ raise InvalidSignature
+
+ def _verify_pss(self, evp_md):
+ buf = self._backend._ffi.new("unsigned char[]", self._pkey_size)
+ res = self._backend._lib.RSA_public_decrypt(
+ len(self._signature),
+ self._signature,
+ buf,
+ self._public_key._rsa_cdata,
+ self._backend._lib.RSA_NO_PADDING
+ )
+ if res != self._pkey_size:
+ errors = self._backend._consume_errors()
+ assert errors
+ raise InvalidSignature
+
+ data_to_verify = self._hash_ctx.finalize()
+ res = self._backend._lib.RSA_verify_PKCS1_PSS(
+ self._public_key._rsa_cdata,
+ data_to_verify,
+ evp_md,
+ buf,
+ _get_rsa_pss_salt_length(
+ self._padding,
+ self._public_key.key_size,
+ len(data_to_verify)
+ )
+ )
+ if res != 1:
+ errors = self._backend._consume_errors()
+ assert errors
+ raise InvalidSignature
+
+
+@utils.register_interface(RSAPrivateKeyWithNumbers)
+class _RSAPrivateKey(object):
+ def __init__(self, backend, rsa_cdata):
+ self._backend = backend
+ self._rsa_cdata = rsa_cdata
+
+ evp_pkey = self._backend._lib.EVP_PKEY_new()
+ assert evp_pkey != self._backend._ffi.NULL
+ evp_pkey = self._backend._ffi.gc(
+ evp_pkey, self._backend._lib.EVP_PKEY_free
+ )
+ res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata)
+ assert res == 1
+ self._evp_pkey = evp_pkey
+
+ self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n)
+
+ def signer(self, padding, algorithm):
+ return _RSASignatureContext(self._backend, self, padding, algorithm)
+
+ def decrypt(self, ciphertext, padding):
+ key_size_bytes = int(math.ceil(self.key_size / 8.0))
+ if key_size_bytes != len(ciphertext):
+ raise ValueError("Ciphertext length must be equal to key size.")
+
+ return self._backend._enc_dec_rsa(self, ciphertext, padding)
+
+ def public_key(self):
+ ctx = self._backend._lib.RSA_new()
+ assert ctx != self._backend._ffi.NULL
+ ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free)
+ ctx.e = self._backend._lib.BN_dup(self._rsa_cdata.e)
+ ctx.n = self._backend._lib.BN_dup(self._rsa_cdata.n)
+ res = self._backend._lib.RSA_blinding_on(ctx, self._backend._ffi.NULL)
+ assert res == 1
+ return _RSAPublicKey(self._backend, ctx)
+
+ def private_numbers(self):
+ return rsa.RSAPrivateNumbers(
+ p=self._backend._bn_to_int(self._rsa_cdata.p),
+ q=self._backend._bn_to_int(self._rsa_cdata.q),
+ d=self._backend._bn_to_int(self._rsa_cdata.d),
+ dmp1=self._backend._bn_to_int(self._rsa_cdata.dmp1),
+ dmq1=self._backend._bn_to_int(self._rsa_cdata.dmq1),
+ iqmp=self._backend._bn_to_int(self._rsa_cdata.iqmp),
+ public_numbers=rsa.RSAPublicNumbers(
+ e=self._backend._bn_to_int(self._rsa_cdata.e),
+ n=self._backend._bn_to_int(self._rsa_cdata.n),
+ )
+ )
+
+
+@utils.register_interface(RSAPublicKeyWithNumbers)
+class _RSAPublicKey(object):
+ def __init__(self, backend, rsa_cdata):
+ self._backend = backend
+ self._rsa_cdata = rsa_cdata
+
+ evp_pkey = self._backend._lib.EVP_PKEY_new()
+ assert evp_pkey != self._backend._ffi.NULL
+ evp_pkey = self._backend._ffi.gc(
+ evp_pkey, self._backend._lib.EVP_PKEY_free
+ )
+ res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata)
+ assert res == 1
+ self._evp_pkey = evp_pkey
+
+ self.key_size = self._backend._lib.BN_num_bits(self._rsa_cdata.n)
+
+ def verifier(self, signature, padding, algorithm):
+ return _RSAVerificationContext(
+ self._backend, self, signature, padding, algorithm
+ )
+
+ def encrypt(self, plaintext, padding):
+ return self._backend._enc_dec_rsa(self, plaintext, padding)
+
+ def public_numbers(self):
+ return rsa.RSAPublicNumbers(
+ e=self._backend._bn_to_int(self._rsa_cdata.e),
+ n=self._backend._bn_to_int(self._rsa_cdata.n),
+ )
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index a9ae9ecb..4d78679e 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -181,3 +181,74 @@ class DSAPublicKey(object):
def parameters(self):
return DSAParameters(self._modulus, self._subgroup_order,
self._generator)
+
+
+class DSAParameterNumbers(object):
+ def __init__(self, p, q, g):
+ if (
+ not isinstance(p, six.integer_types) or
+ not isinstance(q, six.integer_types) or
+ not isinstance(g, six.integer_types)
+ ):
+ raise TypeError(
+ "DSAParameterNumbers p, q, and g arguments must be integers."
+ )
+
+ self._p = p
+ self._q = q
+ self._g = g
+
+ @property
+ def p(self):
+ return self._p
+
+ @property
+ def q(self):
+ return self._q
+
+ @property
+ def g(self):
+ return self._g
+
+
+class DSAPublicNumbers(object):
+ def __init__(self, y, parameter_numbers):
+ if not isinstance(y, six.integer_types):
+ raise TypeError("DSAPublicNumbers y argument must be an integer.")
+
+ if not isinstance(parameter_numbers, DSAParameterNumbers):
+ raise TypeError(
+ "parameter_numbers must be a DSAParameterNumbers instance."
+ )
+
+ self._y = y
+ self._parameter_numbers = parameter_numbers
+
+ @property
+ def y(self):
+ return self._y
+
+ @property
+ def parameter_numbers(self):
+ return self._parameter_numbers
+
+
+class DSAPrivateNumbers(object):
+ def __init__(self, x, public_numbers):
+ if not isinstance(x, six.integer_types):
+ raise TypeError("DSAPrivateNumbers x argument must be an integer.")
+
+ if not isinstance(public_numbers, DSAPublicNumbers):
+ raise TypeError(
+ "public_numbers must be a DSAPublicNumbers instance."
+ )
+ self._public_numbers = public_numbers
+ self._x = x
+
+ @property
+ def x(self):
+ return self._x
+
+ @property
+ def public_numbers(self):
+ return self._public_numbers
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index dd901aae..ef8640c2 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -251,48 +251,15 @@ class RSAPublicKeyWithNumbers(RSAPublicKey):
@six.add_metaclass(abc.ABCMeta)
class DSAParameters(object):
- @abc.abstractproperty
- def modulus(self):
- """
- The prime modulus that's used in generating the DSA keypair and used
- in the DSA signing and verification processes.
- """
+ pass
- @abc.abstractproperty
- def subgroup_order(self):
- """
- The subgroup order that's used in generating the DSA keypair
- by the generator and used in the DSA signing and verification
- processes.
- """
- @abc.abstractproperty
- def generator(self):
- """
- The generator that is used in generating the DSA keypair and used
- in the DSA signing and verification processes.
- """
-
- @abc.abstractproperty
- def p(self):
- """
- The prime modulus that's used in generating the DSA keypair and used
- in the DSA signing and verification processes. Alias for modulus.
- """
-
- @abc.abstractproperty
- def q(self):
- """
- The subgroup order that's used in generating the DSA keypair
- by the generator and used in the DSA signing and verification
- processes. Alias for subgroup_order.
- """
-
- @abc.abstractproperty
- def g(self):
+@six.add_metaclass(abc.ABCMeta)
+class DSAParametersWithNumbers(DSAParameters):
+ @abc.abstractmethod
+ def parameter_numbers(self):
"""
- The generator that is used in generating the DSA keypair and used
- in the DSA signing and verification processes. Alias for generator.
+ Returns a DSAParameterNumbers.
"""
@@ -310,22 +277,19 @@ class DSAPrivateKey(object):
The DSAPublicKey associated with this private key.
"""
- @abc.abstractproperty
- def x(self):
+ @abc.abstractmethod
+ def parameters(self):
"""
- The private key "x" in the DSA structure.
+ The DSAParameters object associated with this private key.
"""
- @abc.abstractproperty
- def y(self):
- """
- The public key.
- """
+@six.add_metaclass(abc.ABCMeta)
+class DSAPrivateKeyWithNumbers(DSAPrivateKey):
@abc.abstractmethod
- def parameters(self):
+ def private_numbers(self):
"""
- The DSAParameters object associated with this private key.
+ Returns a DSAPrivateNumbers.
"""
@@ -337,16 +301,19 @@ class DSAPublicKey(object):
The bit length of the prime modulus.
"""
- @abc.abstractproperty
- def y(self):
+ @abc.abstractmethod
+ def parameters(self):
"""
- The public key.
+ The DSAParameters object associated with this public key.
"""
+
+@six.add_metaclass(abc.ABCMeta)
+class DSAPublicKeyWithNumbers(DSAPublicKey):
@abc.abstractmethod
- def parameters(self):
+ def public_numbers(self):
"""
- The DSAParameters object associated with this public key.
+ Returns a DSAPublicNumbers.
"""
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 6848d84c..2167e528 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -210,6 +210,73 @@ DSA
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
+.. class:: DSAParameterNumbers(p, q, g)
+
+ .. versionadded:: 0.5
+
+ The collection of integers that make up a set of DSA parameters.
+
+ .. attribute:: p
+
+ :type: int
+
+ The public modulus.
+
+ .. attribute:: q
+
+ :type: int
+
+ The sub-group order.
+
+ .. attribute:: g
+
+ :type: int
+
+ The generator.
+
+.. class:: DSAPublicNumbers(y, parameter_numbers)
+
+ .. versionadded:: 0.5
+
+ The collection of integers that make up a DSA public key.
+
+ .. attribute:: y
+
+ :type: int
+
+ The public value ``y``.
+
+ .. attribute:: parameter_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
+
+ The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
+ associated with the public key.
+
+.. class:: DSAPrivateNumbers(x, public_numbers)
+
+ .. versionadded:: 0.5
+
+ The collection of integers that make up a DSA private key.
+
+ .. warning::
+
+ Revealing the value of ``x`` will compromise the security of any
+ cryptographic operations performed.
+
+ .. attribute:: x
+
+ :type: int
+
+ The private value ``x``.
+
+ .. attribute:: public_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
+
+ The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
+ associated with the private key.
+
.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index c3962901..7250066a 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -7,6 +7,8 @@ RSA
`RSA`_ is a `public-key`_ algorithm for encrypting and signing messages.
+Generation
+~~~~~~~~~~
.. function:: generate_private_key(public_exponent, key_size, backend)
@@ -31,10 +33,233 @@ RSA
the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.RSABackend`
+Signing
+~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
+provider.
+
+.. doctest::
+
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> from cryptography.hazmat.primitives import hashes
+ >>> from cryptography.hazmat.primitives.asymmetric import rsa, padding
+ >>> private_key = rsa.generate_private_key(
+ ... public_exponent=65537,
+ ... key_size=2048,
+ ... backend=default_backend()
+ ... )
+ >>> signer = private_key.signer(
+ ... padding.PSS(
+ ... mgf=padding.MGF1(hashes.SHA256()),
+ ... salt_length=padding.PSS.MAX_LENGTH
+ ... ),
+ ... hashes.SHA256()
+ ... )
+ >>> signer.update(b"this is some data I'd like")
+ >>> signer.update(b" to sign")
+ >>> signature = signer.finalize()
+
+
+Verification
+~~~~~~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
+provider.
+
+.. doctest::
+
+ >>> public_key = private_key.public_key()
+ >>> verifier = public_key.verifier(
+ ... signature,
+ ... padding.PSS(
+ ... mgf=padding.MGF1(hashes.SHA256()),
+ ... salt_length=padding.PSS.MAX_LENGTH
+ ... ),
+ ... hashes.SHA256()
+ ... )
+ >>> data = b"this is some data I'd like to sign"
+ >>> verifier.update(data)
+ >>> verifier.verify()
+
+Encryption
+~~~~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
+provider.
+
+.. doctest::
+
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> from cryptography.hazmat.primitives import hashes
+ >>> from cryptography.hazmat.primitives.asymmetric import padding
+
+ >>> # Generate a key
+ >>> private_key = rsa.generate_private_key(
+ ... public_exponent=65537,
+ ... key_size=2048,
+ ... backend=default_backend()
+ ... )
+ >>> public_key = private_key.public_key()
+ >>> # encrypt some data
+ >>> ciphertext = public_key.encrypt(
+ ... b"encrypted data",
+ ... padding.OAEP(
+ ... mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ ... algorithm=hashes.SHA1(),
+ ... label=None
+ ... )
+ ... )
+
+Decryption
+~~~~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
+provider.
+
+.. doctest::
+
+ >>> plaintext = private_key.decrypt(
+ ... ciphertext,
+ ... padding.OAEP(
+ ... mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ ... algorithm=hashes.SHA1(),
+ ... label=None
+ ... )
+ ... )
+
+Numbers
+~~~~~~~
+
+These classes hold the constituent components of an RSA key. They are useful
+only when more traditional :doc:`/hazmat/primitives/asymmetric/serialization`
+is unavailable.
+
+.. class:: RSAPublicNumbers(e, n)
+
+ .. versionadded:: 0.5
+
+ The collection of integers that make up an RSA public key.
+
+ .. attribute:: n
+
+ :type: int
+
+ The public modulus.
+
+ .. attribute:: e
+
+ :type: int
+
+ The public exponent.
+
+
+.. class:: RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, public_numbers)
+
+ .. versionadded:: 0.5
+
+ The collection of integers that make up an RSA private key.
+
+ .. warning::
+
+ With the exception of the integers contained in the
+ :class:`RSAPublicNumbers` all attributes of this class must be kept
+ secret. Revealing them will compromise the security of any
+ cryptographic operations performed with a key loaded from them.
+
+ .. attribute:: public_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.rsa.RSAPublicNumbers`
+
+ The :class:`RSAPublicNumbers` which makes up the RSA public key
+ associated with this RSA private key.
+
+ .. attribute:: p
+
+ :type: int
+
+ ``p``, one of the two primes composing the :attr:`modulus`.
+
+ .. attribute:: q
+
+ :type: int
+
+ ``q``, one of the two primes composing the :attr:`modulus`.
+
+ .. attribute:: d
+
+ :type: int
+
+ The private exponent. Alias for :attr:`private_exponent`.
+
+ .. attribute:: dmp1
+
+ :type: int
+
+ A `Chinese remainder theorem`_ coefficient used to speed up RSA
+ operations. Calculated as: d mod (p-1)
+
+ .. attribute:: dmq1
+
+ :type: int
+
+ A `Chinese remainder theorem`_ coefficient used to speed up RSA
+ operations. Calculated as: d mod (q-1)
+
+ .. attribute:: iqmp
+
+ :type: int
+
+ A `Chinese remainder theorem`_ coefficient used to speed up RSA
+ operations. Calculated as: q\ :sup:`-1` mod p
+
+Handling partial RSA private keys
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you are trying to load RSA private keys yourself you may find that not all
+parameters required by ``RSAPrivateNumbers`` are available. In particular the
+`Chinese Remainder Theorem`_ (CRT) values ``dmp1``, ``dmq1``, ``iqmp`` may be
+missing or present in a different form. For example `OpenPGP`_ does not include
+the ``iqmp``, ``dmp1`` or ``dmq1`` parameters.
+
+The following functions are provided for users who want to work with keys like
+this without having to do the math themselves.
+
+.. function:: rsa_crt_iqmp(p, q)
+
+ .. versionadded:: 0.4
+
+ Generates the ``iqmp`` (also known as ``qInv``) parameter from the RSA
+ primes ``p`` and ``q``.
+
+.. function:: rsa_crt_dmp1(private_exponent, p)
+
+ .. versionadded:: 0.4
+
+ Generates the ``dmp1`` parameter from the RSA private exponent and prime
+ ``p``.
+
+.. function:: rsa_crt_dmq1(private_exponent, q)
+
+ .. versionadded:: 0.4
+
+ Generates the ``dmq1`` parameter from the RSA private exponent and prime
+ ``q``.
+
+Deprecated Concrete Classes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These classes were deprecated in version 0.5 in favor of backend specific
+providers of the
+:class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` and
+:class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interfaces.
+
.. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus)
.. versionadded:: 0.2
+ .. deprecated:: 0.5
+
An RSA private key is required for decryption and signing of messages.
You should use :func:`generate_private_key` to generate new keys.
@@ -47,10 +272,6 @@ RSA
generated with software you trust.
- This class conforms to the
- :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
- interface.
-
:raises TypeError: This is raised when the arguments are not all integers.
:raises ValueError: This is raised when the values of ``p``, ``q``,
@@ -85,28 +306,6 @@ RSA
Sign data which can be verified later by others using the public key.
- .. doctest::
-
- >>> from cryptography.hazmat.backends import default_backend
- >>> from cryptography.hazmat.primitives import hashes
- >>> from cryptography.hazmat.primitives.asymmetric import rsa, padding
- >>> private_key = rsa.RSAPrivateKey.generate(
- ... public_exponent=65537,
- ... key_size=2048,
- ... backend=default_backend()
- ... )
- >>> signer = private_key.signer(
- ... padding.PSS(
- ... mgf=padding.MGF1(hashes.SHA256()),
- ... salt_length=padding.PSS.MAX_LENGTH
- ... ),
- ... hashes.SHA256(),
- ... default_backend()
- ... )
- >>> signer.update(b"this is some data I'd like")
- >>> signer.update(b" to sign")
- >>> signature = signer.finalize()
-
:param padding: An instance of a
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
provider. Valid values are
@@ -181,55 +380,19 @@ RSA
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`
it may also be raised for invalid label values.
- .. doctest::
-
- >>> from cryptography.hazmat.backends import default_backend
- >>> from cryptography.hazmat.primitives import hashes
- >>> from cryptography.hazmat.primitives.asymmetric import padding
-
- >>> # Generate a key
- >>> private_key = rsa.RSAPrivateKey.generate(
- ... public_exponent=65537,
- ... key_size=2048,
- ... backend=default_backend()
- ... )
- >>> public_key = private_key.public_key()
- >>> # encrypt some data
- >>> ciphertext = public_key.encrypt(
- ... b"encrypted data",
- ... padding.OAEP(
- ... mgf=padding.MGF1(algorithm=hashes.SHA1()),
- ... algorithm=hashes.SHA1(),
- ... label=None
- ... ),
- ... default_backend()
- ... )
- >>> # Now do the actual decryption
- >>> plaintext = private_key.decrypt(
- ... ciphertext,
- ... padding.OAEP(
- ... mgf=padding.MGF1(algorithm=hashes.SHA1()),
- ... algorithm=hashes.SHA1(),
- ... label=None
- ... ),
- ... default_backend()
- ... )
-
.. class:: RSAPublicKey(public_exponent, modulus)
.. versionadded:: 0.2
+ .. deprecated:: 0.5
+
An RSA public key is required for encryption and verification of messages.
Normally you do not need to directly construct public keys because you'll
be loading them from a file, generating them automatically or receiving
them from a 3rd party.
- This class conforms to the
- :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
- interface.
-
:raises TypeError: This is raised when the arguments are not all integers.
:raises ValueError: This is raised when the values of ``public_exponent``
@@ -243,40 +406,6 @@ RSA
Verify data was signed by the private key associated with this public
key.
- .. doctest::
-
- >>> from cryptography.hazmat.backends import default_backend
- >>> from cryptography.hazmat.primitives import hashes
- >>> from cryptography.hazmat.primitives.asymmetric import rsa, padding
- >>> private_key = rsa.RSAPrivateKey.generate(
- ... public_exponent=65537,
- ... key_size=2048,
- ... backend=default_backend()
- ... )
- >>> signer = private_key.signer(
- ... padding.PSS(
- ... mgf=padding.MGF1(hashes.SHA256()),
- ... salt_length=padding.PSS.MAX_LENGTH
- ... ),
- ... hashes.SHA256(),
- ... default_backend()
- ... )
- >>> data = b"this is some data I'd like to sign"
- >>> signer.update(data)
- >>> signature = signer.finalize()
- >>> public_key = private_key.public_key()
- >>> verifier = public_key.verifier(
- ... signature,
- ... padding.PSS(
- ... mgf=padding.MGF1(hashes.SHA256()),
- ... salt_length=padding.PSS.MAX_LENGTH
- ... ),
- ... hashes.SHA256(),
- ... default_backend()
- ... )
- >>> verifier.update(data)
- >>> verifier.verify()
-
:param bytes signature: The signature to verify.
:param padding: An instance of a
@@ -354,166 +483,6 @@ RSA
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`
it may also be raised for invalid label values.
- .. doctest::
-
- >>> from cryptography.hazmat.backends import default_backend
- >>> from cryptography.hazmat.primitives import hashes
- >>> from cryptography.hazmat.primitives.asymmetric import padding
-
- >>> # Generate a key
- >>> private_key = rsa.RSAPrivateKey.generate(
- ... public_exponent=65537,
- ... key_size=2048,
- ... backend=default_backend()
- ... )
- >>> public_key = private_key.public_key()
- >>> # encrypt some data
- >>> ciphertext = public_key.encrypt(
- ... b"encrypted data",
- ... padding.OAEP(
- ... mgf=padding.MGF1(algorithm=hashes.SHA1()),
- ... algorithm=hashes.SHA1(),
- ... label=None
- ... ),
- ... default_backend()
- ... )
-
-
-.. class:: RSAPublicNumbers(e, n)
-
- .. versionadded:: 0.5
-
- The collection of integers that make up an RSA public key.
-
- .. method:: public_key(backend)
-
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
- provider.
-
- :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
- provider.
-
- :raises UnsupportedAlgorithm: If the given backend does not support
- loading numbers.
-
- .. attribute:: n
-
- :type: int
-
- The public modulus.
-
- .. attribute:: e
-
- :type: int
-
- The public exponent.
-
-
-.. class:: RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, public_numbers)
-
- .. versionadded:: 0.5
-
- The collection of integers that make up an RSA private key.
-
- .. warning::
-
- With the exception of the integers contained in the
- :class:`RSAPublicNumbers` all attributes of this class must be kept
- secret. Revealing them will compromise the security of any
- cryptographic operations performed with a key loaded from them.
-
- .. method:: private_key(backend)
-
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
- provider.
-
- :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
- provider.
-
- :raises UnsupportedAlgorithm: If the given backend does not support
- loading numbers.
-
- .. attribute:: public_numbers
-
- :type: :class:`~cryptography.hazmat.primitives.rsa.RSAPublicNumbers`
-
- The :class:`RSAPublicNumbers` which makes up the RSA public key
- associated with this RSA private key.
-
- .. attribute:: p
-
- :type: int
-
- ``p``, one of the two primes composing the :attr:`modulus`.
-
- .. attribute:: q
-
- :type: int
-
- ``q``, one of the two primes composing the :attr:`modulus`.
-
- .. attribute:: d
-
- :type: int
-
- The private exponent. Alias for :attr:`private_exponent`.
-
- .. attribute:: dmp1
-
- :type: int
-
- A `Chinese remainder theorem`_ coefficient used to speed up RSA
- operations. Calculated as: d mod (p-1)
-
- .. attribute:: dmq1
-
- :type: int
-
- A `Chinese remainder theorem`_ coefficient used to speed up RSA
- operations. Calculated as: d mod (q-1)
-
- .. attribute:: iqmp
-
- :type: int
-
- A `Chinese remainder theorem`_ coefficient used to speed up RSA
- operations. Calculated as: q\ :sup:`-1` mod p
-
-
-Handling partial RSA private keys
----------------------------------
-
-If you are trying to load RSA private keys yourself you may find that not all
-parameters required by ``RSAPrivateKey`` are available. In particular the
-`Chinese Remainder Theorem`_ (CRT) values ``dmp1``, ``dmq1``, ``iqmp`` may be
-missing or present in a different form. For example `OpenPGP`_ does not include
-the ``iqmp``, ``dmp1`` or ``dmq1`` parameters.
-
-The following functions are provided for users who want to work with keys like
-this without having to do the math themselves.
-
-.. function:: rsa_crt_iqmp(p, q)
-
- .. versionadded:: 0.4
-
- Generates the ``iqmp`` (also known as ``qInv``) parameter from the RSA
- primes ``p`` and ``q``.
-
-.. function:: rsa_crt_dmp1(private_exponent, p)
-
- .. versionadded:: 0.4
-
- Generates the ``dmp1`` parameter from the RSA private exponent and prime
- ``p``.
-
-.. function:: rsa_crt_dmq1(private_exponent, q)
-
- .. versionadded:: 0.4
-
- Generates the ``dmq1`` parameter from the RSA private exponent and prime
- ``q``.
.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 029c4c1f..755cef41 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -13,7 +13,7 @@ to document argument and return types.
Symmetric ciphers
-~~~~~~~~~~~~~~~~~
+-----------------
.. currentmodule:: cryptography.hazmat.primitives.interfaces
@@ -48,7 +48,7 @@ Symmetric ciphers
Cipher modes
-------------
+~~~~~~~~~~~~
Interfaces used by the symmetric cipher modes described in
:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
@@ -104,7 +104,44 @@ Interfaces used by the symmetric cipher modes described in
individual modes.
Asymmetric interfaces
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
+
+.. class:: AsymmetricSignatureContext
+
+ .. versionadded:: 0.2
+
+ .. method:: update(data)
+
+ :param bytes data: The data you want to sign.
+
+ .. method:: finalize()
+
+ :return bytes signature: The signature.
+
+
+.. class:: AsymmetricVerificationContext
+
+ .. versionadded:: 0.2
+
+ .. method:: update(data)
+
+ :param bytes data: The data you wish to verify using the signature.
+
+ .. method:: verify()
+
+ :raises cryptography.exceptions.InvalidSignature: If the signature does
+ not validate.
+
+
+.. class:: AsymmetricPadding
+
+ .. versionadded:: 0.2
+
+ .. attribute:: name
+
+
+RSA
+~~~
.. class:: RSAPrivateKey
@@ -236,55 +273,31 @@ Asymmetric interfaces
instance.
+DSA
+~~~
+
.. class:: DSAParameters
.. versionadded:: 0.3
`DSA`_ parameters.
- .. attribute:: modulus
- :type: int
+.. class:: DSAParametersWithNumbers
- The prime modulus that is used in generating the DSA key pair and used
- in the DSA signing and verification processes.
-
- .. attribute:: subgroup_order
-
- :type: int
-
- The subgroup order that is used in generating the DSA key pair
- by the generator and used in the DSA signing and verification
- processes.
-
- .. attribute:: generator
-
- :type: int
-
- The generator that is used in generating the DSA key pair and used
- in the DSA signing and verification processes.
-
- .. attribute:: p
-
- :type: int
-
- The prime modulus that is used in generating the DSA key pair and used
- in the DSA signing and verification processes. Alias for :attr:`modulus`.
-
- .. attribute:: q
-
- :type: int
+ .. versionadded:: 0.5
- The subgroup order that is used in generating the DSA key pair
- by the generator and used in the DSA signing and verification
- processes. Alias for :attr:`subgroup_order`.
+ Extends :class:`DSAParameters`.
- .. attribute:: g
+ .. method:: parameter_numbers()
- :type: int
+ Create a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
+ object.
- The generator that is used in generating the DSA key pair and used
- in the DSA signing and verification processes. Alias for :attr:`generator`.
+ :returns: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
+ instance.
.. class:: DSAPrivateKey
@@ -328,17 +341,22 @@ Asymmetric interfaces
The bit length of the modulus.
- .. attribute:: x
- :type: int
+.. class:: DSAPrivateKeyWithNumbers
- The private key.
+ .. versionadded:: 0.5
- .. attribute:: y
+ Extends :class:`DSAPrivateKey`.
- :type: int
+ .. method:: private_numbers()
+
+ Create a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
+ object.
- The public key.
+ :returns: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
+ instance.
.. class:: DSAPublicKey
@@ -353,12 +371,6 @@ Asymmetric interfaces
The bit length of the modulus.
- .. attribute:: y
-
- :type: int
-
- The public key.
-
.. method:: parameters()
:return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
@@ -387,6 +399,23 @@ Asymmetric interfaces
:class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
+.. class:: DSAPublicKeyWithNumbers
+
+ .. versionadded:: 0.5
+
+ Extends :class:`DSAPublicKey`.
+
+ .. method:: private_numbers()
+
+ Create a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
+ object.
+
+ :returns: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
+ instance.
+
+
.. class:: EllipticCurve
.. versionadded:: 0.5
@@ -407,6 +436,9 @@ Asymmetric interfaces
The bit length of the curve's base point.
+Elliptic Curve
+~~~~~~~~~~~~~~
+
.. class:: EllipticCurveSignatureAlgorithm
.. versionadded:: 0.5
@@ -475,42 +507,8 @@ Asymmetric interfaces
The elliptic curve for this key.
-.. class:: AsymmetricSignatureContext
-
- .. versionadded:: 0.2
-
- .. method:: update(data)
-
- :param bytes data: The data you want to sign.
-
- .. method:: finalize()
-
- :return bytes signature: The signature.
-
-
-.. class:: AsymmetricVerificationContext
-
- .. versionadded:: 0.2
-
- .. method:: update(data)
-
- :param bytes data: The data you wish to verify using the signature.
-
- .. method:: verify()
-
- :raises cryptography.exceptions.InvalidSignature: If the signature does
- not validate.
-
-
-.. class:: AsymmetricPadding
-
- .. versionadded:: 0.2
-
- .. attribute:: name
-
-
Hash algorithms
-~~~~~~~~~~~~~~~
+---------------
.. class:: HashAlgorithm
@@ -556,7 +554,7 @@ Hash algorithms
Key derivation functions
-~~~~~~~~~~~~~~~~~~~~~~~~
+------------------------
.. class:: KeyDerivationFunction
@@ -601,7 +599,7 @@ Key derivation functions
`CMAC`_
-~~~~~~~
+-------
.. class:: CMACContext
diff --git a/tests/hazmat/primitives/fixtures_dsa.py b/tests/hazmat/primitives/fixtures_dsa.py
new file mode 100644
index 00000000..34de8f01
--- /dev/null
+++ b/tests/hazmat/primitives/fixtures_dsa.py
@@ -0,0 +1,162 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives.asymmetric.dsa import (
+ DSAParameterNumbers, DSAPrivateNumbers, DSAPublicNumbers
+)
+
+
+DSA_KEY_1024 = DSAPrivateNumbers(
+ public_numbers=DSAPublicNumbers(
+ parameter_numbers=DSAParameterNumbers(
+ p=int(
+ 'd38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef34'
+ '1eabb47cf8a7a8a41e792a156b7ce97206c4f9c5ce6fc5ae7912102b6'
+ 'b502e59050b5b21ce263dddb2044b652236f4d42ab4b5d6aa73189cef'
+ '1ace778d7845a5c1c1c7147123188f8dc551054ee162b634d60f097f7'
+ '19076640e20980a0093113a8bd73', 16
+ ),
+ q=int('96c5390a8b612c0e422bb2b0ea194a3ec935a281', 16),
+ g=int(
+ '06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce499'
+ '1d2b862259d6b4548a6495b195aa0e0b6137ca37eb23b94074d3c3d30'
+ '0042bdf15762812b6333ef7b07ceba78607610fcc9ee68491dbc1e34c'
+ 'd12615474e52b18bc934fb00c61d39e7da8902291c4434a4e2224c3f4'
+ 'fd9f93cd6f4f17fc076341a7e7d9', 16
+ )
+ ),
+ y=int(
+ '6f26d98d41de7d871b6381851c9d91fa03942092ab6097e76422070edb71d'
+ 'b44ff568280fdb1709f8fc3feab39f1f824adaeb2a298088156ac31af1aa0'
+ '4bf54f475bdcfdcf2f8a2dd973e922d83e76f016558617603129b21c70bf7'
+ 'd0e5dc9e68fe332e295b65876eb9a12fe6fca9f1a1ce80204646bf99b5771'
+ 'd249a6fea627', 16
+ )
+ ),
+ x=int('8185fee9cc7c0e91fd85503274f1cd5a3fd15a49', 16)
+)
+
+DSA_KEY_2048 = DSAPrivateNumbers(
+ public_numbers=DSAPublicNumbers(
+ parameter_numbers=DSAParameterNumbers(
+ p=int(
+ 'ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace5e9c4'
+ '1434c9cf0a8e9498acb0f4663c08b4484eace845f6fb17dac62c98e70'
+ '6af0fc74e4da1c6c2b3fbf5a1d58ff82fc1a66f3e8b12252c40278fff'
+ '9dd7f102eed2cb5b7323ebf1908c234d935414dded7f8d244e54561b0'
+ 'dca39b301de8c49da9fb23df33c6182e3f983208c560fb5119fbf78eb'
+ 'e3e6564ee235c6a15cbb9ac247baba5a423bc6582a1a9d8a2b4f0e9e3'
+ 'd9dbac122f750dd754325135257488b1f6ecabf21bff2947fe0d3b2cb'
+ '7ffe67f4e7fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a908c36e9'
+ '5e60bf49ca4368b8b892b9c79f61ef91c47567c40e1f80ac5aa66ef7',
+ 16
+ ),
+ q=int(
+ '8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b18f507'
+ '192c19d', 16
+ ),
+ g=int(
+ 'e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b1'
+ '913413d344d1d8d84a333839d88eee431521f6e357c16e6a93be111a9'
+ '8076739cd401bab3b9d565bf4fb99e9d185b1e14d61c93700133f908b'
+ 'ae03e28764d107dcd2ea7674217622074bb19efff482f5f5c1a86d555'
+ '1b2fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6ad7f9f0f3c6156'
+ '8f78d0706b10a26f23b4f197c322b825002284a0aca91807bba98ece9'
+ '12b80e10cdf180cf99a35f210c1655fbfdd74f13b1b5046591f840387'
+ '3d12239834dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed27'
+ '3b146ec1ca06d0adf55dd91d65c37297bda78c6d210c0bc26e558302',
+ 16
+ )
+ ),
+ y=int(
+ '6b32e31ab9031dc4dd0b5039a78d07826687ab087ae6de4736f5b0434e125'
+ '3092e8a0b231f9c87f3fc8a4cb5634eb194bf1b638b7a7889620ce6711567'
+ 'e36aa36cda4604cfaa601a45918371d4ccf68d8b10a50a0460eb1dc0fff62'
+ 'ef5e6ee4d473e18ea4a66c196fb7e677a49b48241a0b4a97128eff30fa437'
+ '050501a584f8771e7280d26d5af30784039159c11ebfea10b692fd0a58215'
+ 'eeb18bff117e13f08db792ed4151a218e4bed8dddfb0793225bd1e9773505'
+ '166f4bd8cedbb286ea28232972da7bae836ba97329ba6b0a36508e50a52a7'
+ '675e476d4d4137eae13f22a9d2fefde708ba8f34bf336c6e76331761e4b06'
+ '17633fe7ec3f23672fb19d27', 16
+ )
+ ),
+ x=int(
+ '405772da6e90d809e77d5de796562a2dd4dfd10ef00a83a3aba6bd818a0348a1',
+ 16
+ )
+)
+
+DSA_KEY_3072 = DSAPrivateNumbers(
+ public_numbers=DSAPublicNumbers(
+ parameter_numbers=DSAParameterNumbers(
+ p=int(
+ 'f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d582'
+ '8c352f593a9a787760ce34b789879941f2f01f02319f6ae0b756f1a84'
+ '2ba54c85612ed632ee2d79ef17f06b77c641b7b080aff52a03fc2462e'
+ '80abc64d223723c236deeb7d201078ec01ca1fbc1763139e25099a84e'
+ 'c389159c409792080736bd7caa816b92edf23f2c351f90074aa5ea265'
+ '1b372f8b58a0a65554db2561d706a63685000ac576b7e4562e262a142'
+ '85a9c6370b290e4eb7757527d80b6c0fd5df831d36f3d1d35f12ab060'
+ '548de1605fd15f7c7aafed688b146a02c945156e284f5b71282045aba'
+ '9844d48b5df2e9e7a5887121eae7d7b01db7cdf6ff917cd8eb50c6bf1'
+ 'd54f90cce1a491a9c74fea88f7e7230b047d16b5a6027881d6f154818'
+ 'f06e513faf40c8814630e4e254f17a47bfe9cb519b98289935bf17673'
+ 'ae4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f747'
+ '6cd715eaabb7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c1'
+ '136f303f4b4d25ad5b692229957', 16
+ ),
+ q=int(
+ 'd3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210f6169'
+ '041653b', 16
+ ),
+ g=int(
+ 'ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978db2104'
+ 'd7394b493c18332c64cec906a71c3778bd93341165dee8e6cd4ca6f13'
+ 'afff531191194ada55ecf01ff94d6cf7c4768b82dd29cd131aaf202ae'
+ 'fd40e564375285c01f3220af4d70b96f1395420d778228f1461f5d0b8'
+ 'e47357e87b1fe3286223b553e3fc9928f16ae3067ded6721bedf1d1a0'
+ '1bfd22b9ae85fce77820d88cdf50a6bde20668ad77a707d1c60fcc5d5'
+ '1c9de488610d0285eb8ff721ff141f93a9fb23c1d1f7654c07c46e588'
+ '36d1652828f71057b8aff0b0778ef2ca934ea9d0f37daddade2d823a4'
+ 'd8e362721082e279d003b575ee59fd050d105dfd71cd63154efe431a0'
+ '869178d9811f4f231dc5dcf3b0ec0f2b0f9896c32ec6c7ee7d60aa971'
+ '09e09224907328d4e6acd10117e45774406c4c947da8020649c3168f6'
+ '90e0bd6e91ac67074d1d436b58ae374523deaf6c93c1e6920db4a080b'
+ '744804bb073cecfe83fa9398cf150afa286dc7eb7949750cf5001ce10'
+ '4e9187f7e16859afa8fd0d775ae', 16
+ )
+ ),
+ y=int(
+ '814824e435e1e6f38daa239aad6dad21033afce6a3ebd35c1359348a0f241'
+ '8871968c2babfc2baf47742148828f8612183178f126504da73566b6bab33'
+ 'ba1f124c15aa461555c2451d86c94ee21c3e3fc24c55527e01b1f03adcdd8'
+ 'ec5cb08082803a7b6a829c3e99eeb332a2cf5c035b0ce0078d3d414d31fa4'
+ '7e9726be2989b8d06da2e6cd363f5a7d1515e3f4925e0b32adeae3025cc5a'
+ '996f6fd27494ea408763de48f3bb39f6a06514b019899b312ec570851637b'
+ '8865cff3a52bf5d54ad5a19e6e400a2d33251055d0a440b50d53f4791391d'
+ 'c754ad02b9eab74c46b4903f9d76f824339914db108057af7cde657d41766'
+ 'a99991ac8787694f4185d6f91d7627048f827b405ec67bf2fe56141c4c581'
+ 'd8c317333624e073e5879a82437cb0c7b435c0ce434e15965db1315d64895'
+ '991e6bbe7dac040c42052408bbc53423fd31098248a58f8a67da3a39895cd'
+ '0cc927515d044c1e3cb6a3259c3d0da354cce89ea3552c59609db10ee9899'
+ '86527436af21d9485ddf25f90f7dff6d2bae', 16
+ )
+ ),
+ x=int(
+ 'b2764c46113983777d3e7e97589f1303806d14ad9f2f1ef033097de954b17706',
+ 16
+ )
+)
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index cbe10e9c..1c266baa 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -24,6 +24,9 @@ from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.utils import bit_length
+from .fixtures_dsa import (
+ DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072
+)
from ...utils import (
der_encode_dsa_signature, load_fips_dsa_key_pair_vectors,
load_fips_dsa_sig_vectors, load_vectors_from_file,
@@ -67,109 +70,6 @@ def _check_dsa_private_key(skey):
@pytest.mark.dsa
class TestDSA(object):
- _parameters_1024 = {
- 'p': 'd38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d4b725ef341eabb47'
- 'cf8a7a8a41e792a156b7ce97206c4f9c5ce6fc5ae7912102b6b502e59050b5b21ce26'
- '3dddb2044b652236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c7147123188f8'
- 'dc551054ee162b634d60f097f719076640e20980a0093113a8bd73',
-
- 'q': '96c5390a8b612c0e422bb2b0ea194a3ec935a281',
-
- 'g': '06b7861abbd35cc89e79c52f68d20875389b127361ca66822138ce4991d2b862'
- '259d6b4548a6495b195aa0e0b6137ca37eb23b94074d3c3d300042bdf15762812b633'
- '3ef7b07ceba78607610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c61d39e'
- '7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc076341a7e7d9',
-
- 'x': '8185fee9cc7c0e91fd85503274f1cd5a3fd15a49',
-
- 'y': '6f26d98d41de7d871b6381851c9d91fa03942092ab6097e76422070edb71db44'
- 'ff568280fdb1709f8fc3feab39f1f824adaeb2a298088156ac31af1aa04bf54f475bd'
- 'cfdcf2f8a2dd973e922d83e76f016558617603129b21c70bf7d0e5dc9e68fe332e295'
- 'b65876eb9a12fe6fca9f1a1ce80204646bf99b5771d249a6fea627'
- }
-
- _parameters_2048 = {
- 'p': 'ea1fb1af22881558ef93be8a5f8653c5a559434c49c8c2c12ace5e9c41434c9c'
- 'f0a8e9498acb0f4663c08b4484eace845f6fb17dac62c98e706af0fc74e4da1c6c2b3'
- 'fbf5a1d58ff82fc1a66f3e8b12252c40278fff9dd7f102eed2cb5b7323ebf1908c234'
- 'd935414dded7f8d244e54561b0dca39b301de8c49da9fb23df33c6182e3f983208c56'
- '0fb5119fbf78ebe3e6564ee235c6a15cbb9ac247baba5a423bc6582a1a9d8a2b4f0e9'
- 'e3d9dbac122f750dd754325135257488b1f6ecabf21bff2947fe0d3b2cb7ffe67f4e7'
- 'fcdf1214f6053e72a5bb0dd20a0e9fe6db2df0a908c36e95e60bf49ca4368b8b892b9'
- 'c79f61ef91c47567c40e1f80ac5aa66ef7',
-
- 'q': '8ec73f3761caf5fdfe6e4e82098bf10f898740dcb808204bf6b18f'
- '507192c19d',
-
- 'g': 'e4c4eca88415b23ecf811c96e48cd24200fe916631a68a684e6ccb6b1913413d'
- '344d1d8d84a333839d88eee431521f6e357c16e6a93be111a98076739cd401bab3b9d'
- '565bf4fb99e9d185b1e14d61c93700133f908bae03e28764d107dcd2ea76742176220'
- '74bb19efff482f5f5c1a86d5551b2fc68d1c6e9d8011958ef4b9c2a3a55d0d3c882e6'
- 'ad7f9f0f3c61568f78d0706b10a26f23b4f197c322b825002284a0aca91807bba98ec'
- 'e912b80e10cdf180cf99a35f210c1655fbfdd74f13b1b5046591f8403873d12239834'
- 'dd6c4eceb42bf7482e1794a1601357b629ddfa971f2ed273b146ec1ca06d0adf55dd9'
- '1d65c37297bda78c6d210c0bc26e558302',
-
- 'x': '405772da6e90d809e77d5de796562a2dd4dfd10ef00a83a3aba6bd'
- '818a0348a1',
-
- 'y': '6b32e31ab9031dc4dd0b5039a78d07826687ab087ae6de4736f5b0434e125309'
- '2e8a0b231f9c87f3fc8a4cb5634eb194bf1b638b7a7889620ce6711567e36aa36cda4'
- '604cfaa601a45918371d4ccf68d8b10a50a0460eb1dc0fff62ef5e6ee4d473e18ea4a'
- '66c196fb7e677a49b48241a0b4a97128eff30fa437050501a584f8771e7280d26d5af'
- '30784039159c11ebfea10b692fd0a58215eeb18bff117e13f08db792ed4151a218e4b'
- 'ed8dddfb0793225bd1e9773505166f4bd8cedbb286ea28232972da7bae836ba97329b'
- 'a6b0a36508e50a52a7675e476d4d4137eae13f22a9d2fefde708ba8f34bf336c6e763'
- '31761e4b0617633fe7ec3f23672fb19d27'
- }
-
- _parameters_3072 = {
- 'p': 'f335666dd1339165af8b9a5e3835adfe15c158e4c3c7bd53132e7d5828c352f5'
- '93a9a787760ce34b789879941f2f01f02319f6ae0b756f1a842ba54c85612ed632ee2'
- 'd79ef17f06b77c641b7b080aff52a03fc2462e80abc64d223723c236deeb7d201078e'
- 'c01ca1fbc1763139e25099a84ec389159c409792080736bd7caa816b92edf23f2c351'
- 'f90074aa5ea2651b372f8b58a0a65554db2561d706a63685000ac576b7e4562e262a1'
- '4285a9c6370b290e4eb7757527d80b6c0fd5df831d36f3d1d35f12ab060548de1605f'
- 'd15f7c7aafed688b146a02c945156e284f5b71282045aba9844d48b5df2e9e7a58871'
- '21eae7d7b01db7cdf6ff917cd8eb50c6bf1d54f90cce1a491a9c74fea88f7e7230b04'
- '7d16b5a6027881d6f154818f06e513faf40c8814630e4e254f17a47bfe9cb519b9828'
- '9935bf17673ae4c8033504a20a898d0032ee402b72d5986322f3bdfb27400561f7476'
- 'cd715eaabb7338b854e51fc2fa026a5a579b6dcea1b1c0559c13d3c1136f303f4b4d2'
- '5ad5b692229957',
-
- 'q': 'd3eba6521240694015ef94412e08bf3cf8d635a455a398d6f210f'
- '6169041653b',
-
- 'g': 'ce84b30ddf290a9f787a7c2f1ce92c1cbf4ef400e3cd7ce4978db2104d7394b4'
- '93c18332c64cec906a71c3778bd93341165dee8e6cd4ca6f13afff531191194ada55e'
- 'cf01ff94d6cf7c4768b82dd29cd131aaf202aefd40e564375285c01f3220af4d70b96'
- 'f1395420d778228f1461f5d0b8e47357e87b1fe3286223b553e3fc9928f16ae3067de'
- 'd6721bedf1d1a01bfd22b9ae85fce77820d88cdf50a6bde20668ad77a707d1c60fcc5'
- 'd51c9de488610d0285eb8ff721ff141f93a9fb23c1d1f7654c07c46e58836d1652828'
- 'f71057b8aff0b0778ef2ca934ea9d0f37daddade2d823a4d8e362721082e279d003b5'
- '75ee59fd050d105dfd71cd63154efe431a0869178d9811f4f231dc5dcf3b0ec0f2b0f'
- '9896c32ec6c7ee7d60aa97109e09224907328d4e6acd10117e45774406c4c947da802'
- '0649c3168f690e0bd6e91ac67074d1d436b58ae374523deaf6c93c1e6920db4a080b7'
- '44804bb073cecfe83fa9398cf150afa286dc7eb7949750cf5001ce104e9187f7e1685'
- '9afa8fd0d775ae',
-
- 'x': 'b2764c46113983777d3e7e97589f1303806d14ad9f2f1ef033097'
- 'de954b17706',
-
- 'y': '814824e435e1e6f38daa239aad6dad21033afce6a3ebd35c1359348a0f241887'
- '1968c2babfc2baf47742148828f8612183178f126504da73566b6bab33ba1f124c15a'
- 'a461555c2451d86c94ee21c3e3fc24c55527e01b1f03adcdd8ec5cb08082803a7b6a8'
- '29c3e99eeb332a2cf5c035b0ce0078d3d414d31fa47e9726be2989b8d06da2e6cd363'
- 'f5a7d1515e3f4925e0b32adeae3025cc5a996f6fd27494ea408763de48f3bb39f6a06'
- '514b019899b312ec570851637b8865cff3a52bf5d54ad5a19e6e400a2d33251055d0a'
- '440b50d53f4791391dc754ad02b9eab74c46b4903f9d76f824339914db108057af7cd'
- 'e657d41766a99991ac8787694f4185d6f91d7627048f827b405ec67bf2fe56141c4c5'
- '81d8c317333624e073e5879a82437cb0c7b435c0ce434e15965db1315d64895991e6b'
- 'be7dac040c42052408bbc53423fd31098248a58f8a67da3a39895cd0cc927515d044c'
- '1e3cb6a3259c3d0da354cce89ea3552c59609db10ee989986527436af21d9485ddf25'
- 'f90f7dff6d2bae'
- }
-
def test_generate_dsa_parameters(self, backend):
parameters = dsa.DSAParameters.generate(1024, backend)
assert bit_length(parameters.p) == 1024
@@ -213,9 +113,10 @@ class TestDSA(object):
def test_load_dsa_example_keys(self):
parameters = dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16))
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g
+ )
assert parameters
assert parameters.modulus
@@ -226,10 +127,10 @@ class TestDSA(object):
assert parameters.generator == parameters.g
pub_key = dsa.DSAPublicKey(
- modulus=int(self._parameters_1024["p"], 16),
- subgroup_order=int(self._parameters_1024["q"], 16),
- generator=int(self._parameters_1024["g"], 16),
- y=int(self._parameters_1024["y"], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y
)
assert pub_key
assert pub_key.key_size
@@ -241,11 +142,11 @@ class TestDSA(object):
assert pub_key_parameters.generator
skey = dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024["p"], 16),
- subgroup_order=int(self._parameters_1024["q"], 16),
- generator=int(self._parameters_1024["g"], 16),
- x=int(self._parameters_1024["x"], 16),
- y=int(self._parameters_1024["y"], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y,
+ x=DSA_KEY_1024.x
)
assert skey
_check_dsa_private_key(skey)
@@ -256,10 +157,10 @@ class TestDSA(object):
assert skey_parameters.generator
pkey = dsa.DSAPublicKey(
- modulus=int(self._parameters_1024["p"], 16),
- subgroup_order=int(self._parameters_1024["q"], 16),
- generator=int(self._parameters_1024["g"], 16),
- y=int(self._parameters_1024["y"], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y
)
assert pkey
pkey_parameters = pkey.parameters()
@@ -294,103 +195,103 @@ class TestDSA(object):
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2 ** 1000,
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16)
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2 ** 2000,
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_2048['g'], 16)
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
)
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2 ** 3000,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2 ** 3100,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 150,
- generator=int(self._parameters_1024['g'], 16)
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_2048['p'], 16),
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 250,
- generator=int(self._parameters_2048['g'], 16)
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g
)
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_3072['p'], 16),
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 260,
- generator=int(self._parameters_3072['g'], 16)
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_1024['g'], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_2048['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_2048['g'], 16)
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g
)
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_3072['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_3072['g'], 16)
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=0
)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=1
)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAParameters(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=2 ** 1200
)
@@ -399,200 +300,200 @@ class TestDSA(object):
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2 ** 1000,
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2 ** 2000,
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_2048['g'], 16),
- x=int(self._parameters_2048['x'], 16),
- y=int(self._parameters_2048['y'], 16)
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_2048.x,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2 ** 3000,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- x=int(self._parameters_3072['x'], 16),
- y=int(self._parameters_3072['y'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_3072.x,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2 ** 3100,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- x=int(self._parameters_3072['x'], 16),
- y=int(self._parameters_3072['y'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_3072.x,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 150,
- generator=int(self._parameters_1024['g'], 16),
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_2048['p'], 16),
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 250,
- generator=int(self._parameters_2048['g'], 16),
- x=int(self._parameters_2048['x'], 16),
- y=int(self._parameters_2048['y'], 16)
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_2048.x,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_3072['p'], 16),
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 260,
- generator=int(self._parameters_3072['g'], 16),
- x=int(self._parameters_3072['x'], 16),
- y=int(self._parameters_3072['y'], 16)
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_3072.x,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_2048['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_2048['g'], 16),
- x=int(self._parameters_2048['x'], 16),
- y=int(self._parameters_2048['y'], 16)
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_2048.x,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_3072['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- x=int(self._parameters_3072['x'], 16),
- y=int(self._parameters_3072['y'], 16)
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_3072.x,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=0,
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=1,
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=2 ** 1200,
- x=int(self._parameters_1024['x'], 16),
- y=int(self._parameters_1024['y'], 16)
+ x=DSA_KEY_1024.x,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test x = 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=0,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test x < 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=-2,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test x = subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=2 ** 159,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test x > subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=2 ** 200,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test y != (generator ** x) % modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- x=int(self._parameters_1024['x'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_1024.x,
y=2 ** 100
)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- x=int(self._parameters_1024['x'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ x=DSA_KEY_1024.x,
y=None
)
# Test a non-integer x value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=None,
- y=int(self._parameters_1024['x'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
def test_invalid_dsa_public_key_arguments(self):
@@ -600,125 +501,125 @@ class TestDSA(object):
with pytest.raises(ValueError):
dsa.DSAPublicKey(
modulus=2 ** 1000,
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- y=int(self._parameters_1024['y'], 16)
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
modulus=2 ** 2000,
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_2048['g'], 16),
- y=int(self._parameters_2048['y'], 16)
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
modulus=2 ** 3000,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- y=int(self._parameters_3072['y'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
modulus=2 ** 3100,
- subgroup_order=int(self._parameters_3072['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- y=int(self._parameters_3072['y'], 16)
+ subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 150,
- generator=int(self._parameters_1024['g'], 16),
- y=int(self._parameters_1024['y'], 16)
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_2048['p'], 16),
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 250,
- generator=int(self._parameters_2048['g'], 16),
- y=int(self._parameters_2048['y'], 16)
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_3072['p'], 16),
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=2 ** 260,
- generator=int(self._parameters_3072['g'], 16),
- y=int(self._parameters_3072['y'], 16)
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_2048['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
- y=int(self._parameters_1024['y'], 16)
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_2048['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_2048['g'], 16),
- y=int(self._parameters_2048['y'], 16)
+ modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_2048.public_numbers.y
)
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_3072['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_3072['g'], 16),
- y=int(self._parameters_3072['y'], 16)
+ modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
+ y=DSA_KEY_3072.public_numbers.y
)
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=0,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=1,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=2 ** 1200,
- y=int(self._parameters_1024['y'], 16)
+ y=DSA_KEY_1024.public_numbers.y
)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPublicKey(
- modulus=int(self._parameters_1024['p'], 16),
- subgroup_order=int(self._parameters_1024['q'], 16),
- generator=int(self._parameters_1024['g'], 16),
+ modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
+ subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
+ generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=None
)
@@ -872,3 +773,63 @@ def test_dsa_generate_invalid_backend():
with raises_unsupported_algorithm(
_Reasons.BACKEND_MISSING_INTERFACE):
dsa.DSAPrivateKey.generate(pretend_parameters, pretend_backend)
+
+
+class TestDSANumbers(object):
+ def test_dsa_parameter_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ assert parameter_numbers.p == 1
+ assert parameter_numbers.q == 2
+ assert parameter_numbers.g == 3
+
+ def test_dsa_parameter_numbers_invalid_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=None, q=2, g=3)
+
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=1, q=None, g=3)
+
+ with pytest.raises(TypeError):
+ dsa.DSAParameterNumbers(p=1, q=2, g=None)
+
+ def test_dsa_public_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ assert public_numbers.y == 4
+ assert public_numbers.parameter_numbers == parameter_numbers
+
+ def test_dsa_public_numbers_invalid_types(self):
+ with pytest.raises(TypeError):
+ dsa.DSAPublicNumbers(y=4, parameter_numbers=None)
+
+ with pytest.raises(TypeError):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ dsa.DSAPublicNumbers(y=None, parameter_numbers=parameter_numbers)
+
+ def test_dsa_private_numbers(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ private_numbers = dsa.DSAPrivateNumbers(
+ x=5,
+ public_numbers=public_numbers
+ )
+ assert private_numbers.x == 5
+ assert private_numbers.public_numbers == public_numbers
+
+ def test_dsa_private_numbers_invalid_types(self):
+ parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
+ public_numbers = dsa.DSAPublicNumbers(
+ y=4,
+ parameter_numbers=parameter_numbers
+ )
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateNumbers(x=4, public_numbers=None)
+
+ with pytest.raises(TypeError):
+ dsa.DSAPrivateNumbers(x=None, public_numbers=public_numbers)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 04:19:16 +0000