Example #1
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.generate_parameters(2048, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 2048
     parameters = dsa.generate_parameters(3072, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 3072
Example #2
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.generate_parameters(2048, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 2048
     parameters = dsa.generate_parameters(3072, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 3072
Example #3
0
def _check_dsa_parameters(parameters):
    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
    if utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #4
0
def _check_dsa_parameters(parameters):
    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
    if utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #5
0
def _check_dsa_parameters(parameters):
    if (utils.bit_length(parameters.p),
            utils.bit_length(parameters.q)) not in ((1024, 160), (2048, 256),
                                                    (3072, 256)):
        raise ValueError("p and q lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #6
0
def _check_dsa_parameters(parameters):
    if (utils.bit_length(parameters.p),
        utils.bit_length(parameters.q)) not in (
            (1024, 160),
            (2048, 256),
            (3072, 256)):
        raise ValueError("p and q lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #7
0
def _check_dsa_parameters(modulus, subgroup_order, generator):
    if (not isinstance(modulus, six.integer_types)
            or not isinstance(subgroup_order, six.integer_types)
            or not isinstance(generator, six.integer_types)):
        raise TypeError("DSA parameters must be integers.")

    if (utils.bit_length(modulus),
            utils.bit_length(subgroup_order)) not in ((1024, 160), (2048, 256),
                                                      (3072, 256)):
        raise ValueError("modulus and subgroup_order lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if generator <= 1 or generator >= modulus:
        raise ValueError("generator must be > 1 and < modulus.")
Example #8
0
    def test_generate_dh(self, backend):
        generator = 2
        key_size = 512

        parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
Example #9
0
 def test_generate_dsa_keys(self, vector, backend):
     parameters = dsa.DSAParameterNumbers(
         p=vector['p'],
         q=vector['q'],
         g=vector['g']
     ).parameters(backend)
     skey = parameters.generate_private_key()
     if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
         numbers = skey.private_numbers()
         skey_parameters = numbers.public_numbers.parameter_numbers
         pkey = skey.public_key()
         parameters = pkey.parameters()
         parameter_numbers = parameters.parameter_numbers()
         assert parameter_numbers.p == skey_parameters.p
         assert parameter_numbers.q == skey_parameters.q
         assert parameter_numbers.g == skey_parameters.g
         assert skey_parameters.p == vector['p']
         assert skey_parameters.q == vector['q']
         assert skey_parameters.g == vector['g']
         assert skey.key_size == bit_length(vector['p'])
         assert pkey.key_size == skey.key_size
         public_numbers = pkey.public_numbers()
         assert numbers.public_numbers.y == public_numbers.y
         assert numbers.public_numbers.y == pow(
             skey_parameters.g, numbers.x, skey_parameters.p
         )
Example #10
0
    def test_generate_dh(self, backend):
        generator = 2
        key_size = 512

        parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
Example #11
0
def _check_dsa_parameters(modulus, subgroup_order, generator):
    if (
        not isinstance(modulus, six.integer_types) or
        not isinstance(subgroup_order, six.integer_types) or
        not isinstance(generator, six.integer_types)
    ):
        raise TypeError("DSA parameters must be integers")

    if (utils.bit_length(modulus),
        utils.bit_length(subgroup_order)) not in (
            (1024, 160),
            (2048, 256),
            (3072, 256)):
        raise ValueError("modulus and subgroup_order lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256)")

    if generator <= 1 or generator >= modulus:
        raise ValueError("generator must be > 1 and < modulus")
Example #12
0
    def test_generate_dsa_keys(self, vector, backend):
        parameters = dsa.DSAParameters(modulus=vector["p"], subgroup_order=vector["q"], generator=vector["g"])
        skey = dsa.DSAPrivateKey.generate(parameters, backend)

        skey_parameters = skey.parameters()
        assert skey_parameters.p == vector["p"]
        assert skey_parameters.q == vector["q"]
        assert skey_parameters.g == vector["g"]
        assert skey.key_size == bit_length(vector["p"])
        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
Example #13
0
 def serial_number(self, number):
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return RevokedCertificateBuilder(number, self._revocation_date,
                                      self._extensions)
Example #14
0
    def test_generate_dsa_keys(self, vector, backend):
        parameters = dsa.DSAParameters(modulus=vector['p'],
                                       subgroup_order=vector['q'],
                                       generator=vector['g'])
        skey = dsa.DSAPrivateKey.generate(parameters, backend)

        skey_parameters = skey.parameters()
        assert skey_parameters.p == vector['p']
        assert skey_parameters.q == vector['q']
        assert skey_parameters.g == vector['g']
        assert skey.key_size == bit_length(vector['p'])
        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
Example #15
0
def _override_check_dsa_parameters(parameters):
    """Override check_dsa_parameters from cryptography's dsa.py

    Allows for shorter or longer parameters.p to be returned from the server's host key. This is a
    HORRIBLE hack and a security risk, please remove if possible!
    """
    # if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
    # raise ValueError("p is {}, must be exactly 1024, 2048, or 3072 bits long".format(utils.bit_length(parameters.p)))
    if crypto_utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #16
0
 def serial_number(self, number):
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return RevokedCertificateBuilder(
         number, self._revocation_date, self._extensions
     )
Example #17
0
def _override_check_dsa_parameters(parameters):

    """Override check_dsa_parameters from cryptography's dsa.py

    Allows for shorter or longer parameters.p to be returned from the server's host key. This is a
    HORRIBLE hack and a security risk, please remove if possible!
    """
    # if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        # raise ValueError("p is {}, must be exactly 1024, 2048, or 3072 bits long".format(utils.bit_length(parameters.p)))
    if crypto_utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
Example #18
0
    def serial_number(self, number):
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return RevokedCertificateBuilder(number, self._revocation_date,
                                         self._extensions)
Example #19
0
    def serial_number(self, number):
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return RevokedCertificateBuilder(
            number, self._revocation_date, self._extensions
        )
Example #20
0
 def serial_number(self, number):
     """
     Sets the certificate serial number.
     """
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return CertificateBuilder(self._issuer_name, self._subject_name,
                               self._public_key, number,
                               self._not_valid_before,
                               self._not_valid_after, self._extensions)
Example #21
0
 def serial_number(self, number):
     """
     Sets the certificate serial number.
     """
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return CertificateBuilder(
         self._issuer_name, self._subject_name,
         self._public_key, number, self._not_valid_before,
         self._not_valid_after, self._extensions
     )
Example #22
0
    def serial_number(self, number):
        """
        Sets the certificate serial number.
        """
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive.')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return CertificateBuilder(self._issuer_name, self._subject_name,
                                  self._public_key, number,
                                  self._not_valid_before,
                                  self._not_valid_after, self._extensions)
Example #23
0
    def serial_number(self, number):
        """
        Sets the certificate serial number.
        """
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive.')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return CertificateBuilder(
            self._issuer_name, self._subject_name,
            self._public_key, number, self._not_valid_before,
            self._not_valid_after, self._extensions
        )
    def _override_check_dsa_parameters(parameters):
        """
        Override check_dsa_parameters from cryptography's dsa.py

        Without this the error below occurs:

        ValueError: p must be exactly 1024, 2048, or 3072 bits long

        Allows for shorter or longer parameters.p to be returned
        from the server's host key. This is a HORRIBLE hack and a
        security risk, please remove if possible!

        By now, with firmware:

        2.0.5 Build 20200109 Rel.36203(s)

        It's still not possible to remove this hack.
        """
        if crypto_utils.bit_length(parameters.q) not in [160, 256]:
            raise ValueError("q must be exactly 160 or 256 bits long")

        if not (1 < parameters.g < parameters.p):
            raise ValueError("g, p don't satisfy 1 < g < p.")
Example #25
0
    def test_generate_dh(self, backend, with_q):
        if with_q:
            vector = load_vectors_from_file(
                os.path.join("asymmetric", "DH", "RFC5114.txt"),
                load_nist_vectors)[0]
            p = int(vector["p"], 16)
            g = int(vector["g"], 16)
            q = int(vector["q"], 16)
            parameters = dh.DHParameterNumbers(p, g, q).parameters(backend)
            key_size = 1024
        else:
            generator = 2
            key_size = 512

            parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
def test_bit_length():
    assert utils.bit_length(1) == 1
    assert utils.bit_length(11) == 4
Example #27
0
 def dsa_parameters_supported(self, p, q, g):
     if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
         return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
     else:
         return True
Example #28
0
 def test_generate_dsa_parameters(self, backend):
     parameters = dsa.DSAParameters.generate(1024, backend)
     assert bit_length(parameters.p) == 1024
Example #29
0
def test_bit_length():
    assert utils.bit_length(1) == 1
    assert utils.bit_length(11) == 4
Example #30
0
 def key_size(self):
     return utils.bit_length(self._modulus)
Example #31
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.DSAParameters.generate(2048, backend)
     assert utils.bit_length(parameters.p) == 2048
     parameters = dsa.DSAParameters.generate(3072, backend)
     assert utils.bit_length(parameters.p) == 3072
Example #32
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.DSAParameters.generate(2048, backend)
     assert utils.bit_length(parameters.p) == 2048
     parameters = dsa.DSAParameters.generate(3072, backend)
     assert utils.bit_length(parameters.p) == 3072
Example #33
0
 def dsa_parameters_supported(self, p, q, g):
     if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
         return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
     else:
         return True
Example #34
0
 def test_generate_dsa_parameters(self, backend):
     parameters = dsa.DSAParameters.generate(1024, backend)
     assert bit_length(parameters.p) == 1024
Example #35
0
 def key_size(self):
     return utils.bit_length(self._modulus)