def generate_dsa_parameters(self, key_size):
if key_size not in (1024, 2048, 3072):
raise ValueError(
"Key size must be 1024 or 2048 or 3072 bits")
if (self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and
key_size > 1024):
raise ValueError(
"Key size must be 1024 because OpenSSL < 1.0.0 doesn't "
"support larger key sizes")
ctx = self._lib.DSA_new()
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.DSA_free)
res = self._lib.DSA_generate_parameters_ex(
ctx, key_size, self._ffi.NULL, 0,
self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
)
assert res == 1
return dsa.DSAParameters(
modulus=self._bn_to_int(ctx.p),
subgroup_order=self._bn_to_int(ctx.q),
generator=self._bn_to_int(ctx.g)
)
def test_generate_dsa_keys(self, vector, backend):
parameters = dsa.DSAParameters(modulus=vector['p'],
subgroup_order=vector['q'],
generator=vector['g'])
skey = dsa.DSAPrivateKey.generate(parameters, backend)
skey_parameters = skey.parameters()
assert skey_parameters.p == vector['p']
assert skey_parameters.q == vector['q']
assert skey_parameters.g == vector['g']
assert skey.key_size == bit_length(vector['p'])
assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
def test_invalid_parameters_values(self):
# Test a modulus < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=2**1000,
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_1024['g'], 16))
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=2**2000,
subgroup_order=int(self._parameters_2048['q'],
16),
generator=int(self._parameters_2048['g'], 16))
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=2**3000,
subgroup_order=int(self._parameters_3072['q'],
16),
generator=int(self._parameters_3072['g'], 16))
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=2**3100,
subgroup_order=int(self._parameters_3072['q'],
16),
generator=int(self._parameters_3072['g'], 16))
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=2**150,
generator=int(self._parameters_1024['g'], 16))
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_2048['p'], 16),
subgroup_order=2**250,
generator=int(self._parameters_2048['g'], 16))
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_3072['p'], 16),
subgroup_order=2**260,
generator=int(self._parameters_3072['g'], 16))
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_2048['q'],
16),
generator=int(self._parameters_1024['g'], 16))
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_2048['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_2048['g'], 16))
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_3072['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=int(self._parameters_3072['g'], 16))
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=0)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=1)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'],
16),
generator=2**1200)
def test_load_dsa_example_keys(self):
parameters = dsa.DSAParameters(
modulus=int(self._parameters_1024['p'], 16),
subgroup_order=int(self._parameters_1024['q'], 16),
generator=int(self._parameters_1024['g'], 16))
assert parameters
assert parameters.modulus
assert parameters.subgroup_order
assert parameters.generator
assert parameters.modulus == parameters.p
assert parameters.subgroup_order == parameters.q
assert parameters.generator == parameters.g
pub_key = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(
self._parameters_1024["q"], 16),
generator=int(self._parameters_1024["g"],
16),
y=int(self._parameters_1024["y"], 16))
assert pub_key
assert pub_key.key_size
assert pub_key.y
pub_key_parameters = pub_key.parameters()
assert pub_key_parameters
assert pub_key_parameters.modulus
assert pub_key_parameters.subgroup_order
assert pub_key_parameters.generator
skey = dsa.DSAPrivateKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(self._parameters_1024["q"],
16),
generator=int(self._parameters_1024["g"], 16),
x=int(self._parameters_1024["x"], 16),
y=int(self._parameters_1024["y"], 16))
assert skey
_check_dsa_private_key(skey)
skey_parameters = skey.parameters()
assert skey_parameters
assert skey_parameters.modulus
assert skey_parameters.subgroup_order
assert skey_parameters.generator
pkey = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16),
subgroup_order=int(self._parameters_1024["q"],
16),
generator=int(self._parameters_1024["g"], 16),
y=int(self._parameters_1024["y"], 16))
assert pkey
pkey_parameters = pkey.parameters()
assert pkey_parameters
assert pkey_parameters.modulus
assert pkey_parameters.subgroup_order
assert pkey_parameters.generator
pkey2 = skey.public_key()
assert pkey2
pkey2_parameters = pkey.parameters()
assert pkey2_parameters
assert pkey2_parameters.modulus
assert pkey2_parameters.subgroup_order
assert pkey2_parameters.generator
assert skey_parameters.modulus == pkey_parameters.modulus
assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
assert skey_parameters.generator == pkey_parameters.generator
assert skey.y == pkey.y
assert skey.key_size == pkey.key_size
assert pkey_parameters.modulus == pkey2_parameters.modulus
assert pkey_parameters.subgroup_order == \
pkey2_parameters.subgroup_order
assert pkey_parameters.generator == pkey2_parameters.generator
assert pkey.y == pkey2.y
assert pkey.key_size == pkey2.key_size
def test_invalid_parameters_argument_types(self):
with pytest.raises(TypeError):
dsa.DSAParameters(None, None, None)
def test_invalid_parameters_values(self):
# Test a modulus < 1024 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2**1000,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a modulus < 2048 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2**2000,
subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g,
)
# Test a modulus < 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2**3000,
subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a modulus > 3072 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=2**3100,
subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a subgroup_order < 160 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=2**150,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a subgroup_order < 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=2**250,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g)
# Test a subgroup_order > 256 bits in length
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=2**260,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a modulus, subgroup_order pair of (1024, 256) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
)
# Test a modulus, subgroup_order pair of (2048, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_2048.public_numbers.parameter_numbers.g)
# Test a modulus, subgroup_order pair of (3072, 160) bit lengths
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_3072.public_numbers.parameter_numbers.g,
)
# Test a generator < 1
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=0)
# Test a generator = 1
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=1)
# Test a generator > modulus
with pytest.raises(ValueError):
dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=2**1200)
def test_load_dsa_example_keys(self):
parameters = dsa.DSAParameters(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g)
assert parameters
assert parameters.modulus
assert parameters.subgroup_order
assert parameters.generator
assert parameters.modulus == parameters.p
assert parameters.subgroup_order == parameters.q
assert parameters.generator == parameters.g
pub_key = dsa.DSAPublicKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y)
assert pub_key
assert pub_key.key_size
assert pub_key.y
pub_key_parameters = pub_key.parameters()
assert pub_key_parameters
assert pub_key_parameters.modulus
assert pub_key_parameters.subgroup_order
assert pub_key_parameters.generator
skey = dsa.DSAPrivateKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y,
x=DSA_KEY_1024.x)
assert skey
_check_dsa_private_key(skey)
skey_parameters = skey.parameters()
assert skey_parameters
assert skey_parameters.modulus
assert skey_parameters.subgroup_order
assert skey_parameters.generator
pkey = dsa.DSAPublicKey(
modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p,
subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q,
generator=DSA_KEY_1024.public_numbers.parameter_numbers.g,
y=DSA_KEY_1024.public_numbers.y)
assert pkey
pkey_parameters = pkey.parameters()
assert pkey_parameters
assert pkey_parameters.modulus
assert pkey_parameters.subgroup_order
assert pkey_parameters.generator
pkey2 = skey.public_key()
assert pkey2
pkey2_parameters = pkey.parameters()
assert pkey2_parameters
assert pkey2_parameters.modulus
assert pkey2_parameters.subgroup_order
assert pkey2_parameters.generator
assert skey_parameters.modulus == pkey_parameters.modulus
assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order
assert skey_parameters.generator == pkey_parameters.generator
assert skey.y == pkey.y
assert skey.key_size == pkey.key_size
assert pkey_parameters.modulus == pkey2_parameters.modulus
assert pkey_parameters.subgroup_order == \
pkey2_parameters.subgroup_order
assert pkey_parameters.generator == pkey2_parameters.generator
assert pkey.y == pkey2.y
assert pkey.key_size == pkey2.key_size