From 5f80ba179738f878cab79347dedc0031b3c35573 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 13 Oct 2014 16:02:27 -0700 Subject: Fixed #1392 -- allow more combinations of p and q's bit lengths --- cryptography/hazmat/primitives/asymmetric/dsa.py | 15 +--- tests/hazmat/primitives/test_dsa.py | 99 ------------------------ 2 files changed, 4 insertions(+), 110 deletions(-) diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py index 5e72299a..97265868 100644 --- a/cryptography/hazmat/primitives/asymmetric/dsa.py +++ b/cryptography/hazmat/primitives/asymmetric/dsa.py @@ -27,17 +27,10 @@ def generate_private_key(key_size, backend): def _check_dsa_parameters(parameters): - if (utils.bit_length(parameters.p), - utils.bit_length(parameters.q)) not in ( - (1024, 160), - (2048, 256), - (3072, 256)): - raise ValueError( - "p and q's bit-lengths must be one of these pairs (1024, 160), " - "(2048, 256), or (3072, 256). Not ({0:d}, {1:d})".format( - utils.bit_length(parameters.p), utils.bit_length(parameters.q) - ) - ) + if utils.bit_length(parameters.p) not in [1024, 2048, 3072]: + raise ValueError("p must be exactly 1024, 2048, or 3072 bits long") + if utils.bit_length(parameters.q) not in [160, 256]: + raise ValueError("q must be exactly 160 or 256 bits long") if not (1 < parameters.g < parameters.p): raise ValueError("g, p don't satisfy 1 < g < p.") diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 02ed25d9..14b24d69 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -144,30 +144,6 @@ class TestDSA(object): g=DSA_KEY_3072.public_numbers.parameter_numbers.g, ).parameters(backend) - # Test a p, q pair of (1024, 256) bit lengths - with pytest.raises(ValueError): - dsa.DSAParameterNumbers( - p=DSA_KEY_1024.public_numbers.parameter_numbers.p, - q=DSA_KEY_2048.public_numbers.parameter_numbers.q, - g=DSA_KEY_1024.public_numbers.parameter_numbers.g, - ).parameters(backend) - - # Test a p, q pair of (2048, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAParameterNumbers( - p=DSA_KEY_2048.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_2048.public_numbers.parameter_numbers.g - ).parameters(backend) - - # Test a p, q pair of (3072, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAParameterNumbers( - p=DSA_KEY_3072.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_3072.public_numbers.parameter_numbers.g, - ).parameters(backend) - # Test a g < 1 with pytest.raises(ValueError): dsa.DSAParameterNumbers( @@ -291,48 +267,6 @@ class TestDSA(object): x=DSA_KEY_3072.x, ).private_key(backend) - # Test a p, q pair of (1024, 256) bit lengths - with pytest.raises(ValueError): - dsa.DSAPrivateNumbers( - public_numbers=dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_1024.public_numbers.parameter_numbers.p, - q=DSA_KEY_2048.public_numbers.parameter_numbers.q, - g=DSA_KEY_1024.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_1024.public_numbers.y - ), - x=DSA_KEY_1024.x, - ).private_key(backend) - - # Test a p, q pair of (2048, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAPrivateNumbers( - public_numbers=dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_2048.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_2048.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_2048.public_numbers.y - ), - x=DSA_KEY_2048.x, - ).private_key(backend) - - # Test a p, q pair of (3072, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAPrivateNumbers( - public_numbers=dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_3072.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_3072.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_3072.public_numbers.y - ), - x=DSA_KEY_3072.x, - ).private_key(backend) - # Test a g < 1 with pytest.raises(ValueError): dsa.DSAPrivateNumbers( @@ -551,39 +485,6 @@ class TestDSA(object): y=DSA_KEY_3072.public_numbers.y ).public_key(backend) - # Test a p, q pair of (1024, 256) bit lengths - with pytest.raises(ValueError): - dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_1024.public_numbers.parameter_numbers.p, - q=DSA_KEY_2048.public_numbers.parameter_numbers.q, - g=DSA_KEY_1024.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_1024.public_numbers.y - ).public_key(backend) - - # Test a p, q pair of (2048, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_2048.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_2048.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_2048.public_numbers.y - ).public_key(backend) - - # Test a p, q pair of (3072, 160) bit lengths - with pytest.raises(ValueError): - dsa.DSAPublicNumbers( - parameter_numbers=dsa.DSAParameterNumbers( - p=DSA_KEY_3072.public_numbers.parameter_numbers.p, - q=DSA_KEY_1024.public_numbers.parameter_numbers.q, - g=DSA_KEY_3072.public_numbers.parameter_numbers.g, - ), - y=DSA_KEY_3072.public_numbers.y - ).public_key(backend) - # Test a g < 1 with pytest.raises(ValueError): dsa.DSAPublicNumbers( -- cgit v1.2.3