def generate_dsa_private_key(self, parameters):
ctx = self._lib.DSA_new()
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.DSA_free)
ctx.p = self._int_to_bn(parameters.p)
ctx.q = self._int_to_bn(parameters.q)
ctx.g = self._int_to_bn(parameters.g)
self._lib.DSA_generate_key(ctx)
return dsa.DSAPrivateKey(
modulus=self._bn_to_int(ctx.p),
subgroup_order=self._bn_to_int(ctx.q),
generator=self._bn_to_int(ctx.g),
x=self._bn_to_int(ctx.priv_key),
y=self._bn_to_int(ctx.pub_key)
)
def test_dsa_signing(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
if (not backend.dsa_parameters_supported(vector['p'], vector['q'],
vector['g'])
or not backend.dsa_hash_supported(algorithm)):
pytest.skip(
"{0} does not support the provided parameters".format(backend))
private_key = dsa.DSAPrivateKey(vector['p'], vector['q'], vector['g'],
vector['x'], vector['y'])
signer = private_key.signer(algorithm(), backend)
signer.update(vector['msg'])
signature = signer.finalize()
assert signature
public_key = private_key.public_key()
verifier = public_key.verifier(signature, algorithm(), backend)
verifier.update(vector['msg'])
verifier.verify()
def test_invalid_dsa_private_key_arguments(self):
# Test a modulus < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=2**1000,
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=2**2000,
subgroup_order=int(self._parameters_2048['q'],
16),
generator=int(self._parameters_2048['g'], 16),
x=int(self._parameters_2048['x'], 16),
y=int(self._parameters_2048['y'], 16))
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=2**3000,
subgroup_order=int(self._parameters_3072['q'],
16),
generator=int(self._parameters_3072['g'], 16),
x=int(self._parameters_3072['x'], 16),
y=int(self._parameters_3072['y'], 16))
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=2**3100,
subgroup_order=int(self._parameters_3072['q'],
16),
generator=int(self._parameters_3072['g'], 16),
x=int(self._parameters_3072['x'], 16),
y=int(self._parameters_3072['y'], 16))
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=2**150,
generator=int(self._parameters_1024['g'], 16),
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_2048['p'], 16),
subgroup_order=2**250,
generator=int(self._parameters_2048['g'], 16),
x=int(self._parameters_2048['x'], 16),
y=int(self._parameters_2048['y'], 16))
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_3072['p'], 16),
subgroup_order=2**260,
generator=int(self._parameters_3072['g'], 16),
x=int(self._parameters_3072['x'], 16),
y=int(self._parameters_3072['y'], 16))
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_2048['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_2048['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_2048['g'], 16),
x=int(self._parameters_2048['x'], 16),
y=int(self._parameters_2048['y'], 16))
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_3072['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_3072['g'], 16),
x=int(self._parameters_3072['x'], 16),
y=int(self._parameters_3072['y'], 16))
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=0,
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=1,
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=2**1200,
x=int(self._parameters_1024['x'], 16),
y=int(self._parameters_1024['y'], 16))
# Test x = 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=0,
y=int(self._parameters_1024['y'], 16))
# Test x < 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=-2,
y=int(self._parameters_1024['y'], 16))
# Test x = subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=2**159,
y=int(self._parameters_1024['y'], 16))
# Test x > subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=2**200,
y=int(self._parameters_1024['y'], 16))
# Test y != (generator ** x) % modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=int(self._parameters_1024['x'], 16),
y=2**100)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=int(self._parameters_1024['x'], 16),
y=None)
# Test a non-integer x value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16),
x=None,
y=int(self._parameters_1024['x'], 16))
def test_load_dsa_example_keys(self):
parameters = dsa.DSAParameters(
modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'], 16),
generator=int(self._parameters_1024['g'], 16))
assert parameters
assert parameters.modulus
assert parameters.subgroup_order
assert parameters.generator
assert parameters.modulus == parameters.p
assert parameters.subgroup_order == parameters.q
assert parameters.generator == parameters.g
pub_key = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(
self._parameters_1024["q"], 16),
generator=int(self._parameters_1024["g"],
16),
y=int(self._parameters_1024["y"], 16))
assert pub_key
assert pub_key.key_size
assert pub_key.y
pub_key_parameters = pub_key.parameters()
assert pub_key_parameters
assert pub_key_parameters.modulus
assert pub_key_parameters.subgroup_order
assert pub_key_parameters.generator
skey = dsa.DSAPrivateKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(self._parameters_1024["q"],
16),
generator=int(self._parameters_1024["g"], 16),
x=int(self._parameters_1024["x"], 16),
y=int(self._parameters_1024["y"], 16))
assert skey
_check_dsa_private_key(skey)
skey_parameters = skey.parameters()
assert skey_parameters
assert skey_parameters.modulus
assert skey_parameters.subgroup_order
assert skey_parameters.generator
pkey = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(self._parameters_1024["q"],
16),
generator=int(self._parameters_1024["g"], 16),
y=int(self._parameters_1024["y"], 16))
assert pkey
pkey_parameters = pkey.parameters()
assert pkey_parameters
assert pkey_parameters.modulus
assert pkey_parameters.subgroup_order
assert pkey_parameters.generator
pkey2 = skey.public_key()
assert pkey2
pkey2_parameters = pkey.parameters()
assert pkey2_parameters
assert pkey2_parameters.modulus
assert pkey2_parameters.subgroup_order
assert pkey2_parameters.generator
assert skey_parameters.modulus == pkey_parameters.modulus
assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
assert skey_parameters.generator == pkey_parameters.generator
assert skey.y == pkey.y
assert skey.key_size == pkey.key_size
assert pkey_parameters.modulus == pkey2_parameters.modulus
assert pkey_parameters.subgroup_order == \
pkey2_parameters.subgroup_order
assert pkey_parameters.generator == pkey2_parameters.generator
assert pkey.y == pkey2.y
assert pkey.key_size == pkey2.key_size
def test_invalid_private_key_argument_types(self):
with pytest.raises(TypeError):
dsa.DSAPrivateKey(None, None, None, None, None)
def test_invalid_dsa_private_key_arguments(self):
# Test a modulus < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2**1000,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2**2000,
subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
x=DSA_KEY_2048.x,
y=DSA_KEY_2048.public_numbers.y)
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2**3000,
subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
x=DSA_KEY_3072.x,
y=DSA_KEY_3072.public_numbers.y)
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=2**3100,
subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
x=DSA_KEY_3072.x,
y=DSA_KEY_3072.public_numbers.y)
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=2**150,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=2**250,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
x=DSA_KEY_2048.x,
y=DSA_KEY_2048.public_numbers.y)
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=2**260,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
x=DSA_KEY_3072.x,
y=DSA_KEY_3072.public_numbers.y)
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
x=DSA_KEY_2048.x,
y=DSA_KEY_2048.public_numbers.y)
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
x=DSA_KEY_3072.x,
y=DSA_KEY_3072.public_numbers.y)
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=0,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=1,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=2**1200,
x=DSA_KEY_1024.x,
y=DSA_KEY_1024.public_numbers.y)
# Test x = 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=0,
y=DSA_KEY_1024.public_numbers.y)
# Test x < 0
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=-2,
y=DSA_KEY_1024.public_numbers.y)
# Test x = subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=2**159,
y=DSA_KEY_1024.public_numbers.y)
# Test x > subgroup_order
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=2**200,
y=DSA_KEY_1024.public_numbers.y)
# Test y != (generator ** x) % modulus
with pytest.raises(ValueError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=DSA_KEY_1024.x,
y=2**100)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=DSA_KEY_1024.x,
y=None)
# Test a non-integer x value
with pytest.raises(TypeError):
dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
x=None,
y=DSA_KEY_1024.public_numbers.y)
def test_load_dsa_example_keys(self):
parameters = dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g)
assert parameters
assert parameters.modulus
assert parameters.subgroup_order
assert parameters.generator
assert parameters.modulus == parameters.p
assert parameters.subgroup_order == parameters.q
assert parameters.generator == parameters.g
pub_key = dsa.DSAPublicKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y)
assert pub_key
assert pub_key.key_size
assert pub_key.y
pub_key_parameters = pub_key.parameters()
assert pub_key_parameters
assert pub_key_parameters.modulus
assert pub_key_parameters.subgroup_order
assert pub_key_parameters.generator
skey = dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y,
x=DSA_KEY_1024.x)
assert skey
_check_dsa_private_key(skey)
skey_parameters = skey.parameters()
assert skey_parameters
assert skey_parameters.modulus
assert skey_parameters.subgroup_order
assert skey_parameters.generator
pkey = dsa.DSAPublicKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y)
assert pkey
pkey_parameters = pkey.parameters()
assert pkey_parameters
assert pkey_parameters.modulus
assert pkey_parameters.subgroup_order
assert pkey_parameters.generator
pkey2 = skey.public_key()
assert pkey2
pkey2_parameters = pkey.parameters()
assert pkey2_parameters
assert pkey2_parameters.modulus
assert pkey2_parameters.subgroup_order
assert pkey2_parameters.generator
assert skey_parameters.modulus == pkey_parameters.modulus
assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
assert skey_parameters.generator == pkey_parameters.generator
assert skey.y == pkey.y
assert skey.key_size == pkey.key_size
assert pkey_parameters.modulus == pkey2_parameters.modulus
assert pkey_parameters.subgroup_order == \
pkey2_parameters.subgroup_order
assert pkey_parameters.generator == pkey2_parameters.generator
assert pkey.y == pkey2.y
assert pkey.key_size == pkey2.key_size