def test_dsa_signing(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
_skip_if_dsa_not_supported(backend, algorithm, vector['p'],
vector['q'], vector['g'])
private_key = dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']),
y=vector['y']),
x=vector['x']).private_key(backend)
signer = pytest.deprecated_call(private_key.signer, algorithm())
signer.update(vector['msg'])
signature = signer.finalize()
assert signature
public_key = private_key.public_key()
verifier = public_key.verifier(signature, algorithm())
verifier.update(vector['msg'])
verifier.verify()
def sign_ssh_data(self, data):
key = dsa.DSAPrivateNumbers(
x=self.x,
public_numbers=dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p, q=self.q,
g=self.g))).private_key(backend=default_backend())
sig = key.sign(data, hashes.SHA1())
r, s = decode_dss_signature(sig)
m = Message()
m.add_string('ssh-dss')
# apparently, in rare cases, r or s may be shorter than 20 bytes!
rstr = util.deflate_long(r, 0)
sstr = util.deflate_long(s, 0)
if len(rstr) < 20:
rstr = zero_byte * (20 - len(rstr)) + rstr
if len(sstr) < 20:
sstr = zero_byte * (20 - len(sstr)) + sstr
m.add_string(rstr + sstr)
return m
def test_large_p(self, backend):
key = load_vectors_from_file(
os.path.join("asymmetric", "PEM_Serialization", "dsa_4096.pem"),
lambda pemfile: serialization.load_pem_private_key(
pemfile.read(), None, backend),
mode="rb",
)
pn = key.private_numbers()
assert pn.public_numbers.parameter_numbers.p.bit_length() == 4096
# Turn it back into a key to confirm that values this large pass
# verification
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=pn.public_numbers.parameter_numbers.p,
q=pn.public_numbers.parameter_numbers.q,
g=pn.public_numbers.parameter_numbers.g,
),
y=pn.public_numbers.y,
),
x=pn.x,
).private_key(backend)
def create_pubkey(pubkey_info):
"""
<Purpose>
Create and return a DSAPublicKey object from the passed pubkey_info
using pyca/cryptography.
<Arguments>
pubkey_info:
The DSA pubkey info dictionary as specified by
securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA
<Exceptions>
securesystemslib.exceptions.FormatError if
pubkey_info does not match securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA
securesystemslib.exceptions.UnsupportedLibraryError if
the cryptography module is not available
<Returns>
A cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey based on the
passed pubkey_info.
"""
if not CRYPTO: # pragma: no cover
raise securesystemslib.exceptions.UnsupportedLibraryError(
NO_CRYPTO_MSG)
securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA.check_match(pubkey_info)
y = int(pubkey_info['keyval']['public']['y'], 16)
g = int(pubkey_info['keyval']['public']['g'], 16)
p = int(pubkey_info['keyval']['public']['p'], 16)
q = int(pubkey_info['keyval']['public']['q'], 16)
parameter_numbers = dsa.DSAParameterNumbers(p, q, g)
pubkey = dsa.DSAPublicNumbers(y, parameter_numbers).public_key(
backends.default_backend())
return pubkey
def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, signature_alg):
if "ecdsa-" in signature_alg:
ec_key_value = self._find(key_value, "ECKeyValue", namespace="ds11")
named_curve = self._find(ec_key_value, "NamedCurve", namespace="ds11")
public_key = self._find(ec_key_value, "PublicKey", namespace="ds11")
key_data = b64decode(public_key.text)[1:]
x = bytes_to_long(key_data[:len(key_data)//2])
y = bytes_to_long(key_data[len(key_data)//2:])
curve_class = self.known_ecdsa_curves[named_curve.get("URI")]
key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend())
verifier = key.verifier(raw_signature, ec.ECDSA(self._get_signature_digest_method(signature_alg)))
elif "dsa-" in signature_alg:
dsa_key_value = self._find(key_value, "DSAKeyValue")
p = self._get_long(dsa_key_value, "P")
q = self._get_long(dsa_key_value, "Q")
g = self._get_long(dsa_key_value, "G", require=False)
y = self._get_long(dsa_key_value, "Y")
pn = dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g))
key = pn.public_key(backend=default_backend())
def as_der_sequence(r, s):
return long_to_bytes(0x30) + long_to_bytes(len(r) + len(s)) + r + s
def as_der_integer(i):
return long_to_bytes(0x02) + long_to_bytes(len(i)) + i
sig_as_der_seq = as_der_sequence(as_der_integer(raw_signature[:len(raw_signature)//2]),
as_der_integer(raw_signature[len(raw_signature)//2:]))
verifier = key.verifier(sig_as_der_seq, self._get_signature_digest_method(signature_alg))
elif "rsa-" in signature_alg:
rsa_key_value = self._find(key_value, "RSAKeyValue")
modulus = self._get_long(rsa_key_value, "Modulus")
exponent = self._get_long(rsa_key_value, "Exponent")
key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend())
verifier = key.verifier(raw_signature, padding=PKCS1v15(), algorithm=self._get_signature_digest_method(signature_alg))
else:
raise NotImplementedError()
verifier.update(signed_info_c14n)
verifier.verify()
def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, signature_alg):
if "ecdsa-" in signature_alg:
ec_key_value = self._find(key_value, "ECKeyValue", namespace="dsig11")
named_curve = self._find(ec_key_value, "NamedCurve", namespace="dsig11")
public_key = self._find(ec_key_value, "PublicKey", namespace="dsig11")
key_data = b64decode(public_key.text)[1:]
x = bytes_to_long(key_data[:len(key_data)//2])
y = bytes_to_long(key_data[len(key_data)//2:])
curve_class = self.known_ecdsa_curves[named_curve.get("URI")]
key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend())
key.verify(raw_signature,
data=signed_info_c14n,
signature_algorithm=ec.ECDSA(self._get_signature_digest_method(signature_alg)))
elif "dsa-" in signature_alg:
dsa_key_value = self._find(key_value, "DSAKeyValue")
p = self._get_long(dsa_key_value, "P")
q = self._get_long(dsa_key_value, "Q")
g = self._get_long(dsa_key_value, "G", require=False)
y = self._get_long(dsa_key_value, "Y")
pn = dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g))
key = pn.public_key(backend=default_backend())
from asn1crypto.algos import DSASignature
sig_as_der_seq = DSASignature.from_p1363(raw_signature).dump()
key.verify(sig_as_der_seq,
data=signed_info_c14n,
algorithm=self._get_signature_digest_method(signature_alg))
elif "rsa-" in signature_alg:
rsa_key_value = self._find(key_value, "RSAKeyValue")
modulus = self._get_long(rsa_key_value, "Modulus")
exponent = self._get_long(rsa_key_value, "Exponent")
key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend())
key.verify(raw_signature,
data=signed_info_c14n,
padding=PKCS1v15(),
algorithm=self._get_signature_digest_method(signature_alg))
else:
raise NotImplementedError()
def test_dsa_signing(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
if (not backend.dsa_parameters_supported(vector['p'], vector['q'],
vector['g'])
or not backend.dsa_hash_supported(algorithm)):
pytest.skip(
"{0} does not support the provided parameters".format(backend))
private_key = dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']),
y=vector['y']),
x=vector['x']).private_key(backend)
signer = private_key.signer(algorithm())
signer.update(vector['msg'])
signature = signer.finalize()
assert signature
public_key = private_key.public_key()
verifier = public_key.verifier(signature, algorithm())
verifier.update(vector['msg'])
verifier.verify()
def _fromString_BLOB(cls, blob):
"""
Return a public key object corresponding to this public key blob.
The format of a RSA public key blob is::
string 'ssh-rsa'
integer e
integer n
The format of a DSA public key blob is::
string 'ssh-dss'
integer p
integer q
integer g
integer y
@type blob: L{bytes}
@param blob: The key data.
@return: A new key.
@rtype: L{twisted.conch.ssh.keys.Key}
@raises BadKeyError: if the key type (the first string) is unknown.
"""
keyType, rest = common.getNS(blob)
if keyType == b'ssh-rsa':
e, n, rest = common.getMP(rest, 2)
return cls(
rsa.RSAPublicNumbers(e, n).public_key(default_backend()))
elif keyType == b'ssh-dss':
p, q, g, y, rest = common.getMP(rest, 4)
return cls(
dsa.DSAPublicNumbers(y=y,
parameter_numbers=dsa.DSAParameterNumbers(
p=p, q=q,
g=g)).public_key(default_backend()))
else:
raise BadKeyError('unknown blob type: %s' % (keyType, ))
def private_numbers(self):
p = self._backend._ffi.new("BIGNUM **")
q = self._backend._ffi.new("BIGNUM **")
g = self._backend._ffi.new("BIGNUM **")
pub_key = self._backend._ffi.new("BIGNUM **")
priv_key = self._backend._ffi.new("BIGNUM **")
self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g)
self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
self._backend.openssl_assert(q[0] != self._backend._ffi.NULL)
self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
self._backend._lib.DSA_get0_key(self._dsa_cdata, pub_key, priv_key)
self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
self._backend.openssl_assert(priv_key[0] != self._backend._ffi.NULL)
return dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=self._backend._bn_to_int(p[0]),
q=self._backend._bn_to_int(q[0]),
g=self._backend._bn_to_int(g[0]),
),
y=self._backend._bn_to_int(pub_key[0]),
),
x=self._backend._bn_to_int(priv_key[0]),
)
def test_private_numbers_ne(self):
pub = dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3))
priv = dsa.DSAPrivateNumbers(1, pub)
assert priv != dsa.DSAPrivateNumbers(
2, dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3))
)
assert priv != dsa.DSAPrivateNumbers(
1, dsa.DSAPublicNumbers(2, dsa.DSAParameterNumbers(1, 2, 3))
)
assert priv != dsa.DSAPrivateNumbers(
1, dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(2, 2, 3))
)
assert priv != dsa.DSAPrivateNumbers(
1, dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 3, 3))
)
assert priv != dsa.DSAPrivateNumbers(
1, dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 4))
)
assert priv != object()
def test_private_numbers_eq(self):
pub = dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3))
priv = dsa.DSAPrivateNumbers(1, pub)
assert priv == dsa.DSAPrivateNumbers(
1, dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3)))
def test_public_numbers_eq(self):
pub = dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3))
assert pub == dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3))
def test_dsa_public_numbers(self):
parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3)
public_numbers = dsa.DSAPublicNumbers(
y=4, parameter_numbers=parameter_numbers)
assert public_numbers.y == 4
assert public_numbers.parameter_numbers == parameter_numbers
def test_invalid_dsa_public_key_arguments(self, backend):
# Test a p < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**1000,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y).public_key(backend)
# Test a p < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**2000,
q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_2048.public_numbers.y).public_key(backend)
# Test a p < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**3000,
q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y).public_key(backend)
# Test a p > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**3100,
q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y).public_key(backend)
# Test a q < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=2**150,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y).public_key(backend)
# Test a q < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
q=2**250,
g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_2048.public_numbers.y).public_key(backend)
# Test a q > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
q=2**260,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y).public_key(backend)
# Test a g < 1
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=0,
),
y=DSA_KEY_1024.public_numbers.y).public_key(backend)
# Test a g = 1
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=1,
),
y=DSA_KEY_1024.public_numbers.y).public_key(backend)
# Test a g > p
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=2**1200,
),
y=DSA_KEY_1024.public_numbers.y).public_key(backend)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPublicNumbers(parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=None).public_key(backend)
def test_invalid_dsa_private_key_arguments(self, backend):
# Test a p < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**1000,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=DSA_KEY_1024.x).private_key(backend)
# Test a p < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**2000,
q=DSA_KEY_2048.public_numbers.parameter_numbers.q,
g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_2048.public_numbers.y),
x=DSA_KEY_2048.x,
).private_key(backend)
# Test a p < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**3000,
q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y),
x=DSA_KEY_3072.x,
).private_key(backend)
# Test a p > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=2**3100,
q=DSA_KEY_3072.public_numbers.parameter_numbers.q,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y),
x=DSA_KEY_3072.x,
).private_key(backend)
# Test a q < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=2**150,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test a q < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_2048.public_numbers.parameter_numbers.p,
q=2**250,
g=DSA_KEY_2048.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_2048.public_numbers.y),
x=DSA_KEY_2048.x,
).private_key(backend)
# Test a q > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_3072.public_numbers.parameter_numbers.p,
q=2**260,
g=DSA_KEY_3072.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_3072.public_numbers.y),
x=DSA_KEY_3072.x,
).private_key(backend)
# Test a g < 1
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=0,
),
y=DSA_KEY_1024.public_numbers.y),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test a g = 1
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=1,
),
y=DSA_KEY_1024.public_numbers.y),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test a g > p
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=2**1200,
),
y=DSA_KEY_1024.public_numbers.y),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test x = 0
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=0,
).private_key(backend)
# Test x < 0
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=-2,
).private_key(backend)
# Test x = q
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=2**159,
).private_key(backend)
# Test x > q
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=2**200,
).private_key(backend)
# Test y != (g ** x) % p
with pytest.raises(ValueError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=2**100),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test a non-integer y value
with pytest.raises(TypeError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=None),
x=DSA_KEY_1024.x,
).private_key(backend)
# Test a non-integer x value
with pytest.raises(TypeError):
dsa.DSAPrivateNumbers(
public_numbers=dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
p=DSA_KEY_1024.public_numbers.parameter_numbers.p,
q=DSA_KEY_1024.public_numbers.parameter_numbers.q,
g=DSA_KEY_1024.public_numbers.parameter_numbers.g,
),
y=DSA_KEY_1024.public_numbers.y),
x=None,
).private_key(backend)
def test_invalid_dsa_public_key_arguments(self, p, q, g, y, backend):
with pytest.raises(ValueError):
dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g), y=y
).public_key(backend)
def __privkey__(self):
params = dsa.DSAParameterNumbers(self.p, self.q, self.g)
pn = dsa.DSAPublicNumbers(self.y, params)
return dsa.DSAPrivateNumbers(self.x, pn).private_key(default_backend())
def construct_key(*, p, q, g, y, x) -> dsa.DSAPrivateKey:
params = dsa.DSAParameterNumbers(p, q, g)
pub = dsa.DSAPublicNumbers(y, params)
priv = dsa.DSAPrivateNumbers(x, pub)
return priv.private_key(backend=default_backend())
def _fromString_PRIVATE_OPENSSH(cls, data, passphrase):
"""
Return a private key object corresponding to this OpenSSH private key
string. If the key is encrypted, passphrase MUST be provided.
Providing a passphrase for an unencrypted key is an error.
The format of an OpenSSH private key string is::
-----BEGIN <key type> PRIVATE KEY-----
[Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,<initialization value>]
<base64-encoded ASN.1 structure>
------END <key type> PRIVATE KEY------
The ASN.1 structure of a RSA key is::
(0, n, e, d, p, q)
The ASN.1 structure of a DSA key is::
(0, p, q, g, y, x)
The ASN.1 structure of a ECDSA key is::
(ECParameters, OID, NULL)
@type data: L{bytes}
@param data: The key data.
@type passphrase: L{bytes} or L{None}
@param passphrase: The passphrase the key is encrypted with, or L{None}
if it is not encrypted.
@return: A new key.
@rtype: L{twisted.conch.ssh.keys.Key}
@raises BadKeyError: if
* a passphrase is provided for an unencrypted key
* the ASN.1 encoding is incorrect
@raises EncryptedKeyError: if
* a passphrase is not provided for an encrypted key
"""
lines = data.strip().splitlines()
kind = lines[0][11:-17]
if lines[1].startswith(b'Proc-Type: 4,ENCRYPTED'):
if not passphrase:
raise EncryptedKeyError('Passphrase must be provided '
'for an encrypted key')
# Determine cipher and initialization vector
try:
_, cipherIVInfo = lines[2].split(b' ', 1)
cipher, ivdata = cipherIVInfo.rstrip().split(b',', 1)
except ValueError:
raise BadKeyError('invalid DEK-info %r' % (lines[2],))
if cipher in (b'AES-128-CBC', b'AES-256-CBC'):
algorithmClass = algorithms.AES
keySize = int(int(cipher.split(b'-')[1])/8)
if len(ivdata) != 32:
raise BadKeyError('AES encrypted key with a bad IV')
elif cipher == b'DES-EDE3-CBC':
algorithmClass = algorithms.TripleDES
keySize = 24
if len(ivdata) != 16:
raise BadKeyError('DES encrypted key with a bad IV')
else:
raise BadKeyError('unknown encryption type %r' % (cipher,))
# Extract keyData for decoding
iv = bytes(bytearray([int(ivdata[i:i + 2], 16)
for i in range(0, len(ivdata), 2)]))
ba = md5(passphrase + iv[:8]).digest()
bb = md5(ba + passphrase + iv[:8]).digest()
decKey = (ba + bb)[:keySize]
b64Data = decodebytes(b''.join(lines[3:-1]))
decryptor = Cipher(
algorithmClass(decKey),
modes.CBC(iv),
backend=default_backend()
).decryptor()
keyData = decryptor.update(b64Data) + decryptor.finalize()
removeLen = ord(keyData[-1:])
keyData = keyData[:-removeLen]
else:
b64Data = b''.join(lines[1:-1])
keyData = decodebytes(b64Data)
try:
decodedKey = berDecoder.decode(keyData)[0]
except PyAsn1Error as e:
raise BadKeyError(
'Failed to decode key (Bad Passphrase?): %s' % (e,))
if kind == b'EC':
return cls(
load_pem_private_key(data, passphrase, default_backend()))
if kind == b'RSA':
if len(decodedKey) == 2: # Alternate RSA key
decodedKey = decodedKey[0]
if len(decodedKey) < 6:
raise BadKeyError('RSA key failed to decode properly')
n, e, d, p, q, dmp1, dmq1, iqmp = [
long(value) for value in decodedKey[1:9]
]
if p > q: # Make p smaller than q
p, q = q, p
return cls(
rsa.RSAPrivateNumbers(
p=p,
q=q,
d=d,
dmp1=dmp1,
dmq1=dmq1,
iqmp=iqmp,
public_numbers=rsa.RSAPublicNumbers(e=e, n=n),
).private_key(default_backend())
)
elif kind == b'DSA':
p, q, g, y, x = [long(value) for value in decodedKey[1: 6]]
if len(decodedKey) < 6:
raise BadKeyError('DSA key failed to decode properly')
return cls(
dsa.DSAPrivateNumbers(
x=x,
public_numbers=dsa.DSAPublicNumbers(
y=y,
parameter_numbers=dsa.DSAParameterNumbers(
p=p,
q=q,
g=g
)
)
).private_key(backend=default_backend())
)
else:
raise BadKeyError("unknown key type %s" % (kind,))
def _decode_numbers(cls, encoded_numbers):
p, q, g, y = read_content(encoded_numbers, MPI, MPI, MPI, MPI)
public_numbers = dsa.DSAPublicNumbers(y, dsa.DSAParameterNumbers(p, q, g))
return public_numbers.public_key(cls.__backend__)
def __pubkey__(self):
params = dsa.DSAParameterNumbers(self.p, self.q, self.g)
return dsa.DSAPublicNumbers(self.y,
params).public_key(default_backend())
