3 files changed, 78 insertions, 14 deletions

diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
new file mode 100644
index 00000000..bf55bad8
--- /dev/null
+++ b/tests/hazmat/primitives/test_asym_utils.py
@@ -0,0 +1,65 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import pytest
+
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    decode_rfc6979_signature, encode_rfc6979_signature
+)
+
+
+def test_rfc6979_signature():
+    sig = encode_rfc6979_signature(1, 1)
+    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
+    assert decode_rfc6979_signature(sig) == (1, 1)
+
+    r_s1 = (
+        1037234182290683143945502320610861668562885151617,
+        559776156650501990899426031439030258256861634312
+    )
+    sig2 = encode_rfc6979_signature(*r_s1)
+    assert sig2 == (
+        b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
+        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
+    )
+    assert decode_rfc6979_signature(sig2) == r_s1
+
+    sig3 = encode_rfc6979_signature(0, 0)
+    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
+    assert decode_rfc6979_signature(sig3) == (0, 0)
+
+    sig4 = encode_rfc6979_signature(-1, 0)
+    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
+    assert decode_rfc6979_signature(sig4) == (-1, 0)
+
+
+def test_encode_rfc6979_non_integer():
+    with pytest.raises(ValueError):
+        encode_rfc6979_signature("h", 3)
+
+    with pytest.raises(ValueError):
+        encode_rfc6979_signature("3", "2")
+
+    with pytest.raises(ValueError):
+        encode_rfc6979_signature(3, "h")
+
+    with pytest.raises(ValueError):
+        encode_rfc6979_signature(3.3, 1.2)
+
+    with pytest.raises(ValueError):
+        encode_rfc6979_signature("hello", "world")
+
+
+def test_decode_rfc6979_trailing_bytes():
+    with pytest.raises(ValueError):
+        decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
+
+
+def test_decode_rfc6979_invalid_asn1():
+    with pytest.raises(ValueError):
+        # This byte sequence has an invalid ASN.1 sequence length as well as
+        # an invalid integer length for the second integer.
+        decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 6411b7f9..f818f73b 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -12,14 +12,17 @@ from cryptography.exceptions import AlreadyFinalized, InvalidSignature
 from cryptography.hazmat.backends.interfaces import DSABackend
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import dsa
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    encode_rfc6979_signature
+)
 from cryptography.utils import bit_length
 
 from .fixtures_dsa import (
     DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072
 )
 from ...utils import (
-    der_encode_dsa_signature, load_fips_dsa_key_pair_vectors,
-    load_fips_dsa_sig_vectors, load_vectors_from_file,
+    load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,
+    load_vectors_from_file,
 )
 
 
@@ -557,7 +560,7 @@ class TestDSAVerification(object):
             ),
             y=vector['y']
         ).public_key(backend)
-        sig = der_encode_dsa_signature(vector['r'], vector['s'])
+        sig = encode_rfc6979_signature(vector['r'], vector['s'])
         verifier = public_key.verifier(sig, algorithm())
         verifier.update(vector['msg'])
         if vector['result'] == "F":
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 3080a6c2..a006f01f 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -13,11 +13,13 @@ from cryptography import exceptions, utils
 from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    encode_rfc6979_signature
+)
 
 from ...utils import (
-    der_encode_dsa_signature, load_fips_ecdsa_key_pair_vectors,
-    load_fips_ecdsa_signing_vectors, load_vectors_from_file,
-    raises_unsupported_algorithm
+    load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,
+    load_vectors_from_file, raises_unsupported_algorithm
 )
 
 _HASH_TYPES = {
@@ -305,10 +307,7 @@ class TestECDSAVectors(object):
             curve_type()
         ).public_key(backend)
 
-        signature = der_encode_dsa_signature(
-            vector['r'],
-            vector['s']
-        )
+        signature = encode_rfc6979_signature(vector['r'], vector['s'])
 
         verifier = key.verifier(
             signature,
@@ -337,10 +336,7 @@ class TestECDSAVectors(object):
             curve_type()
         ).public_key(backend)
 
-        signature = der_encode_dsa_signature(
-            vector['r'],
-            vector['s']
-        )
+        signature = encode_rfc6979_signature(vector['r'], vector['s'])
 
         verifier = key.verifier(
             signature,