aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/development/test-vectors.rst5
-rw-r--r--tests/x509/test_x509_ext.py32
-rw-r--r--vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.derbin0 -> 830 bytes
-rw-r--r--vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_no_params.derbin0 -> 280 bytes
4 files changed, 37 insertions, 0 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index f4387215..7584881a 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -86,6 +86,11 @@ Custom asymmetric vectors
* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and
``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit
key generated using OpenSSL from ``dsa_private_key.pem``.
+* ``asymmetric/DER_Serialization/dsa_public_key_no_params.der`` - Contains a
+ DSA public key with the optional parameters removed.
+* ``asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der`` -
+ Contains a DSA public key with the bit string padding value set to 2 rather
+ than the required 0.
* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and
``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024
bit key generated using OpenSSL.
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 11e35207..cf757abd 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -9,6 +9,8 @@ import datetime
import ipaddress
import os
+import pretend
+
import pytest
import six
@@ -20,6 +22,7 @@ from cryptography.hazmat.backends.interfaces import (
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.x509 import DNSName, NameConstraints, SubjectAlternativeName
+from cryptography.x509.extensions import _key_identifier_from_public_key
from cryptography.x509.general_name import _lazy_import_idna
from cryptography.x509.oid import (
AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID,
@@ -29,6 +32,7 @@ from cryptography.x509.oid import (
from .test_x509 import _load_cert
from ..hazmat.primitives.fixtures_rsa import RSA_KEY_2048
from ..hazmat.primitives.test_ec import _skip_curve_unsupported
+from ..utils import load_vectors_from_file
def _make_certbuilder(private_key):
@@ -1591,6 +1595,34 @@ class TestSubjectKeyIdentifierExtension(object):
)
assert ext.value == ski
+ @pytest.mark.requires_backend_interface(interface=DSABackend)
+ @pytest.mark.requires_backend_interface(interface=X509Backend)
+ def test_invalid_bit_string_padding_from_public_key(self, backend):
+ data = load_vectors_from_file(
+ filename=os.path.join(
+ "asymmetric", "DER_Serialization",
+ "dsa_public_key_invalid_bit_string.der"
+ ), loader=lambda data: data.read(), mode="rb"
+ )
+ pretend_key = pretend.stub(public_bytes=lambda x, y: data)
+ with pytest.raises(ValueError):
+ _key_identifier_from_public_key(pretend_key)
+
+ @pytest.mark.requires_backend_interface(interface=DSABackend)
+ @pytest.mark.requires_backend_interface(interface=X509Backend)
+ def test_no_optional_params_allowed_from_public_key(self, backend):
+ data = load_vectors_from_file(
+ filename=os.path.join(
+ "asymmetric", "DER_Serialization",
+ "dsa_public_key_no_params.der"
+ ), loader=lambda data: data.read(), mode="rb"
+ )
+ pretend_key = pretend.stub(public_bytes=lambda x, y: data)
+ key_identifier = _key_identifier_from_public_key(pretend_key)
+ assert key_identifier == binascii.unhexlify(
+ b"24c0133a6a492f2c48a18c7648e515db5ac76749"
+ )
+
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
def test_from_ec_public_key(self, backend):
diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der
new file mode 100644
index 00000000..7358bc1d
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der
Binary files differ
diff --git a/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_no_params.der b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_no_params.der
new file mode 100644
index 00000000..0270ac15
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/DER_Serialization/dsa_public_key_no_params.der
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-10 11:16:37 +0000