From 0197ed8dedcd24d3b690d1b76eb6866df14f56dd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 22 Jun 2014 18:06:28 -0600 Subject: DSA opaque OpenSSL --- tests/hazmat/primitives/test_dsa.py | 72 +++++++++++++++++++-------- tests/hazmat/primitives/test_serialization.py | 68 +++++++++++++------------ 2 files changed, 86 insertions(+), 54 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 1c266baa..76436f79 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -20,7 +20,7 @@ import pytest from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons) -from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.utils import bit_length @@ -70,10 +70,15 @@ def _check_dsa_private_key(skey): @pytest.mark.dsa class TestDSA(object): - def test_generate_dsa_parameters(self, backend): + def test_generate_dsa_parameters_class_method(self, backend): parameters = dsa.DSAParameters.generate(1024, backend) assert bit_length(parameters.p) == 1024 + def test_generate_dsa_parameters(self, backend): + parameters = dsa.generate_parameters(1024, backend) + assert isinstance(parameters, interfaces.DSAParameters) + # TODO: withnumbers check like RSA + def test_generate_invalid_dsa_parameters(self, backend): with pytest.raises(ValueError): dsa.DSAParameters.generate(1, backend) @@ -87,17 +92,31 @@ class TestDSA(object): ) ) def test_generate_dsa_keys(self, vector, backend): - parameters = dsa.DSAParameters(modulus=vector['p'], - subgroup_order=vector['q'], - generator=vector['g']) - skey = dsa.DSAPrivateKey.generate(parameters, backend) - - skey_parameters = skey.parameters() - assert skey_parameters.p == vector['p'] - assert skey_parameters.q == vector['q'] - assert skey_parameters.g == vector['g'] - assert skey.key_size == bit_length(vector['p']) - assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p) + parameters = dsa.DSAParameterNumbers( + p=vector['p'], + q=vector['q'], + g=vector['g'] + ).parameters(backend) + skey = dsa.generate_private_key(parameters) + if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers): + numbers = skey.private_numbers() + skey_parameters = numbers.public_numbers.parameter_numbers + pkey = skey.public_key() + parameters = pkey.parameters() + parameter_numbers = parameters.parameter_numbers() + assert parameter_numbers.p == skey_parameters.p + assert parameter_numbers.q == skey_parameters.q + assert parameter_numbers.g == skey_parameters.g + assert skey_parameters.p == vector['p'] + assert skey_parameters.q == vector['q'] + assert skey_parameters.g == vector['g'] + assert skey.key_size == bit_length(vector['p']) + assert pkey.key_size == skey.key_size + public_numbers = pkey.public_numbers() + assert numbers.public_numbers.y == public_numbers.y + assert numbers.public_numbers.y == pow( + skey_parameters.g, numbers.x, skey_parameters.p + ) def test_invalid_parameters_argument_types(self): with pytest.raises(TypeError): @@ -654,11 +673,14 @@ class TestDSAVerification(object): "{0} does not support the provided parameters".format(backend) ) - public_key = dsa.DSAPublicKey( - vector['p'], vector['q'], vector['g'], vector['y'] - ) + public_key = dsa.DSAPublicNumbers( + parameter_numbers=dsa.DSAParameterNumbers( + vector['p'], vector['q'], vector['g'] + ), + y=vector['y'] + ).public_key(backend) sig = der_encode_dsa_signature(vector['r'], vector['s']) - verifier = public_key.verifier(sig, algorithm(), backend) + verifier = public_key.verifier(sig, algorithm()) verifier.update(vector['msg']) if vector['result'] == "F": with pytest.raises(InvalidSignature): @@ -728,16 +750,22 @@ class TestDSASignature(object): "{0} does not support the provided parameters".format(backend) ) - private_key = dsa.DSAPrivateKey( - vector['p'], vector['q'], vector['g'], vector['x'], vector['y'] - ) - signer = private_key.signer(algorithm(), backend) + private_key = dsa.DSAPrivateNumbers( + public_numbers=dsa.DSAPublicNumbers( + parameter_numbers=dsa.DSAParameterNumbers( + vector['p'], vector['q'], vector['g'] + ), + y=vector['y'] + ), + x=vector['x'] + ).private_key(backend) + signer = private_key.signer(algorithm()) signer.update(vector['msg']) signature = signer.finalize() assert signature public_key = private_key.public_key() - verifier = public_key.verifier(signature, algorithm(), backend) + verifier = public_key.verifier(signature, algorithm()) verifier.update(vector['msg']) verifier.verify() diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 8a90b30e..30ac4f3d 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -21,7 +21,6 @@ import pytest from cryptography.exceptions import _Reasons from cryptography.hazmat.primitives import interfaces -from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.primitives.serialization import ( load_pem_pkcs8_private_key, load_pem_traditional_openssl_private_key ) @@ -73,7 +72,7 @@ class TestTraditionalOpenSSLSerialisation(object): ) assert key - assert isinstance(key, dsa.DSAPrivateKey) + assert isinstance(key, interfaces.DSAPrivateKey) def test_key1_pem_encrypted_values(self, backend): pkey = load_vectors_from_file( @@ -480,41 +479,46 @@ class TestPKCS8Serialisation(object): ) ) assert key - assert isinstance(key, dsa.DSAPrivateKey) + assert isinstance(key, interfaces.DSAPrivateKey) params = key.parameters() - assert isinstance(params, dsa.DSAParameters) - - assert key.x == int("00a535a8e1d0d91beafc8bee1d9b2a3a8de3311203", 16) - assert key.y == int( - "2b260ea97dc6a12ae932c640e7df3d8ff04a8a05a0324f8d5f1b23f15fa1" - "70ff3f42061124eff2586cb11b49a82dcdc1b90fc6a84fb10109cb67db5d" - "2da971aeaf17be5e37284563e4c64d9e5fc8480258b319f0de29d54d8350" - "70d9e287914d77df81491f4423b62da984eb3f45eb2a29fcea5dae525ac6" - "ab6bcce04bfdf5b6", - 16 - ) + assert isinstance(params, interfaces.DSAParameters) + + if isinstance(params, interfaces.DSAParametersWithNumbers): + num = key.private_numbers() + pub = num.public_numbers + parameter_numbers = pub.parameter_numbers + assert num.x == int("00a535a8e1d0d91beafc8bee1d9b2a3a8de3311203", + 16) + assert pub.y == int( + "2b260ea97dc6a12ae932c640e7df3d8ff04a8a05a0324f8d5f1b23f15fa1" + "70ff3f42061124eff2586cb11b49a82dcdc1b90fc6a84fb10109cb67db5d" + "2da971aeaf17be5e37284563e4c64d9e5fc8480258b319f0de29d54d8350" + "70d9e287914d77df81491f4423b62da984eb3f45eb2a29fcea5dae525ac6" + "ab6bcce04bfdf5b6", + 16 + ) - assert params.p == int( - "00aa0930cc145825221caffa28ac2894196a27833de5ec21270791689420" - "7774a2e7b238b0d36f1b2499a2c2585083eb01432924418d867faa212dd1" - "071d4dceb2782794ad393cc08a4d4ada7f68d6e839a5fcd34b4e402d82cb" - "8a8cb40fec31911bf9bd360b034caacb4c5e947992573c9e90099c1b0f05" - "940cabe5d2de49a167", - 16 - ) + assert parameter_numbers.p == int( + "00aa0930cc145825221caffa28ac2894196a27833de5ec21270791689420" + "7774a2e7b238b0d36f1b2499a2c2585083eb01432924418d867faa212dd1" + "071d4dceb2782794ad393cc08a4d4ada7f68d6e839a5fcd34b4e402d82cb" + "8a8cb40fec31911bf9bd360b034caacb4c5e947992573c9e90099c1b0f05" + "940cabe5d2de49a167", + 16 + ) - assert params.q == int("00adc0e869b36f0ac013a681fdf4d4899d69820451", - 16) + assert parameter_numbers.q == int( + "00adc0e869b36f0ac013a681fdf4d4899d69820451", 16) - assert params.g == int( - "008c6b4589afa53a4d1048bfc346d1f386ca75521ccf72ddaa251286880e" - "e13201ff48890bbfc33d79bacaec71e7a778507bd5f1a66422e39415be03" - "e71141ba324f5b93131929182c88a9fa4062836066cebe74b5c6690c7d10" - "1106c240ab7ebd54e4e3301fd086ce6adac922fb2713a2b0887cba13b9bc" - "68ce5cfff241cd3246", - 16 - ) + assert parameter_numbers.g == int( + "008c6b4589afa53a4d1048bfc346d1f386ca75521ccf72ddaa251286880e" + "e13201ff48890bbfc33d79bacaec71e7a778507bd5f1a66422e39415be03" + "e71141ba324f5b93131929182c88a9fa4062836066cebe74b5c6690c7d10" + "1106c240ab7ebd54e4e3301fd086ce6adac922fb2713a2b0887cba13b9bc" + "68ce5cfff241cd3246", + 16 + ) @pytest.mark.parametrize( ("key_file", "password"), -- cgit v1.2.3 From dacb5f9951064d19ac69c1198985af136f71a6db Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Jun 2014 09:15:07 -0600 Subject: add generate_private_key to DSAParameters + add a new function to dsa dsa.generate_private_key(key_size, backend) will allow you to generate a new DSA key and implicitly generate new parameters. This streamlines the common case and will be an avenue to support future backends that don't allow independent generation of DSAParameters (e.g. CommonCrypto) --- tests/hazmat/primitives/test_dsa.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 76436f79..531b448f 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -77,7 +77,6 @@ class TestDSA(object): def test_generate_dsa_parameters(self, backend): parameters = dsa.generate_parameters(1024, backend) assert isinstance(parameters, interfaces.DSAParameters) - # TODO: withnumbers check like RSA def test_generate_invalid_dsa_parameters(self, backend): with pytest.raises(ValueError): @@ -97,7 +96,7 @@ class TestDSA(object): q=vector['q'], g=vector['g'] ).parameters(backend) - skey = dsa.generate_private_key(parameters) + skey = parameters.generate_private_key() if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers): numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers @@ -118,6 +117,16 @@ class TestDSA(object): skey_parameters.g, numbers.x, skey_parameters.p ) + def test_generate_dsa_private_key_and_parameters(self, backend): + skey = dsa.generate_private_key(1024, backend) + assert skey + if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers): + numbers = skey.private_numbers() + skey_parameters = numbers.public_numbers.parameter_numbers + assert numbers.public_numbers.y == pow( + skey_parameters.g, numbers.x, skey_parameters.p + ) + def test_invalid_parameters_argument_types(self): with pytest.raises(TypeError): dsa.DSAParameters(None, None, None) -- cgit v1.2.3