From e44efb634fb1db024fcd6e110eacbf59abbc4782 Mon Sep 17 00:00:00 2001
From: Aviv Palivoda <palaviv@gmail.com>
Date: Mon, 6 Mar 2017 04:24:55 +0200
Subject: DH subgroup order (q) (#3369)

* Support DH q (subgroup order)

* Change RFC5114.txt to NIST format

* Add tests for DH q

* Update docs for DH q

* Fix pep8

* Improve test covergae for DH q

* Create _dh_params_dup that copy q if DHparams_dup don't

On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually

* Copy q manually on libressl

* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup

* Support serialization of DH with q

* Add tests for serialization of DH with q

* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true

* Raise exception when trying to serialize DH X9.42 when not supported

* raise unsupported key type when deserilizing DH X9.42 if not supported

* pep8 fixes

* Fix test_serialization

* Add dhx_serialization_supported method to DHBacked

* document q in dh_parameters_supported

* Rename dhx_serialization_supported to dh_x942_serialization_supported
---
 tests/hazmat/backends/test_multibackend.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'tests/hazmat/backends/test_multibackend.py')

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index bd806731..9370387c 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -265,7 +265,10 @@ class DummyDHBackend(object):
     def generate_dh_private_key_and_parameters(self, generator, key_size):
         pass
 
-    def dh_parameters_supported(self, p, g):
+    def dh_parameters_supported(self, p, g, q=None):
+        pass
+
+    def dh_x942_serialization_supported(self):
         pass
 
 
@@ -638,6 +641,8 @@ class TestMultiBackend(object):
             backend.generate_dh_private_key_and_parameters(2, 512)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
             backend.dh_parameters_supported(2, 3)
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_DIFFIE_HELLMAN):
+            backend.dh_x942_serialization_supported()
 
     def test_scrypt(self):
         backend = MultiBackend([DummyScryptBackend()])
-- 
cgit v1.2.3