From 919a5b2af627a18c0298db8a4ac11d8b2b6da7b9 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 14 Mar 2015 13:15:17 -0500
Subject: DER serialization of DSA private keys

---
 tests/hazmat/primitives/test_dsa.py | 110 ++++++++++++++++++++++++++++--------
 1 file changed, 86 insertions(+), 24 deletions(-)

(limited to 'tests/hazmat/primitives')

diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 5f53c36c..5c83d5c7 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -833,53 +833,115 @@ class TestDSASerialization(object):
         assert loaded_priv_num == priv_num
 
     @pytest.mark.parametrize(
-        "fmt",
+        ("fmt", "password"),
         [
-            serialization.PrivateFormat.TraditionalOpenSSL,
-            serialization.PrivateFormat.PKCS8
-        ],
+            [serialization.PrivateFormat.PKCS8, b"s"],
+            [serialization.PrivateFormat.PKCS8, b"longerpassword"],
+            [serialization.PrivateFormat.PKCS8, b"!*$&(@#$*&($T@%_somesymbol"],
+            [serialization.PrivateFormat.PKCS8, b"\x01" * 1000]
+        ]
     )
-    def test_private_bytes_unencrypted_pem(self, backend, fmt):
+    def test_private_bytes_encrypted_der(self, backend, fmt, password):
         key_bytes = load_vectors_from_file(
-            os.path.join(
-                "asymmetric",
-                "Traditional_OpenSSL_Serialization",
-                "dsa.1024.pem"
-            ),
+            os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"),
             lambda pemfile: pemfile.read().encode()
         )
         key = serialization.load_pem_private_key(key_bytes, None, backend)
         _skip_if_no_serialization(key, backend)
         serialized = key.private_bytes(
-            serialization.Encoding.PEM,
+            serialization.Encoding.DER,
             fmt,
-            serialization.NoEncryption()
+            serialization.BestAvailableEncryption(password)
         )
-        loaded_key = serialization.load_pem_private_key(
-            serialized, None, backend
+        loaded_key = serialization.load_der_private_key(
+            serialized, password, backend
+        )
+        loaded_priv_num = loaded_key.private_numbers()
+        priv_num = key.private_numbers()
+        assert loaded_priv_num == priv_num
+
+    @pytest.mark.parametrize(
+        ("encoding", "fmt", "loader_func"),
+        [
+            [
+                serialization.Encoding.PEM,
+                serialization.PrivateFormat.TraditionalOpenSSL,
+                serialization.load_pem_private_key
+            ],
+            [
+                serialization.Encoding.DER,
+                serialization.PrivateFormat.TraditionalOpenSSL,
+                serialization.load_der_private_key
+            ],
+            [
+                serialization.Encoding.PEM,
+                serialization.PrivateFormat.PKCS8,
+                serialization.load_pem_private_key
+            ],
+            [
+                serialization.Encoding.DER,
+                serialization.PrivateFormat.PKCS8,
+                serialization.load_der_private_key
+            ],
+        ]
+    )
+    def test_private_bytes_unencrypted(self, backend, encoding, fmt,
+                                       loader_func):
+        key = DSA_KEY_1024.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        serialized = key.private_bytes(
+            encoding, fmt, serialization.NoEncryption()
         )
+        loaded_key = loader_func(serialized, None, backend)
         loaded_priv_num = loaded_key.private_numbers()
         priv_num = key.private_numbers()
         assert loaded_priv_num == priv_num
 
-    def test_private_bytes_traditional_openssl_unencrypted_pem(self, backend):
+    @pytest.mark.parametrize(
+        ("key_path", "encoding", "loader_func"),
+        [
+            [
+                os.path.join(
+                    "asymmetric",
+                    "Traditional_OpenSSL_Serialization",
+                    "dsa.1024.pem"
+                ),
+                serialization.Encoding.PEM,
+                serialization.load_pem_private_key
+            ],
+            [
+                os.path.join(
+                    "asymmetric", "DER_Serialization", "dsa.1024.der"
+                ),
+                serialization.Encoding.DER,
+                serialization.load_der_private_key
+            ],
+        ]
+    )
+    def test_private_bytes_traditional_openssl_unencrypted(
+        self, backend, key_path, encoding, loader_func
+    ):
         key_bytes = load_vectors_from_file(
-            os.path.join(
-                "asymmetric",
-                "Traditional_OpenSSL_Serialization",
-                "dsa.1024.pem"
-            ),
-            lambda pemfile: pemfile.read().encode()
+            key_path, lambda pemfile: pemfile.read(), mode="rb"
         )
-        key = serialization.load_pem_private_key(key_bytes, None, backend)
-        _skip_if_no_serialization(key, backend)
+        key = loader_func(key_bytes, None, backend)
         serialized = key.private_bytes(
-            serialization.Encoding.PEM,
+            encoding,
             serialization.PrivateFormat.TraditionalOpenSSL,
             serialization.NoEncryption()
         )
         assert serialized == key_bytes
 
+    def test_private_bytes_traditional_der_encrypted_invalid(self, backend):
+        key = DSA_KEY_1024.private_key(backend)
+        _skip_if_no_serialization(key, backend)
+        with pytest.raises(ValueError):
+            key.private_bytes(
+                serialization.Encoding.DER,
+                serialization.PrivateFormat.TraditionalOpenSSL,
+                serialization.BestAvailableEncryption(b"password")
+            )
+
     def test_private_bytes_invalid_encoding(self, backend):
         key = load_vectors_from_file(
             os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"),
-- 
cgit v1.2.3