コード例 #1
0
ファイル: test_openssl.py プロジェクト: Ayrx/cryptography
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.generate_parameters(2048, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 2048
     parameters = dsa.generate_parameters(3072, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 3072
コード例 #2
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.generate_parameters(2048, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 2048
     parameters = dsa.generate_parameters(3072, backend)
     param_num = parameters.parameter_numbers()
     assert utils.bit_length(param_num.p) == 3072
コード例 #3
0
ファイル: dsa.py プロジェクト: dstufft/cryptography
def _check_dsa_parameters(parameters):
    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
    if utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #4
0
ファイル: dsa.py プロジェクト: 06094051/XX-Net
def _check_dsa_parameters(parameters):
    if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
    if utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #5
0
ファイル: dsa.py プロジェクト: esaul/cryptography
def _check_dsa_parameters(parameters):
    if (utils.bit_length(parameters.p),
            utils.bit_length(parameters.q)) not in ((1024, 160), (2048, 256),
                                                    (3072, 256)):
        raise ValueError("p and q lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #6
0
ファイル: dsa.py プロジェクト: 668Jerry/rations
def _check_dsa_parameters(parameters):
    if (utils.bit_length(parameters.p),
        utils.bit_length(parameters.q)) not in (
            (1024, 160),
            (2048, 256),
            (3072, 256)):
        raise ValueError("p and q lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #7
0
def _check_dsa_parameters(modulus, subgroup_order, generator):
    if (not isinstance(modulus, six.integer_types)
            or not isinstance(subgroup_order, six.integer_types)
            or not isinstance(generator, six.integer_types)):
        raise TypeError("DSA parameters must be integers.")

    if (utils.bit_length(modulus),
            utils.bit_length(subgroup_order)) not in ((1024, 160), (2048, 256),
                                                      (3072, 256)):
        raise ValueError("modulus and subgroup_order lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256).")

    if generator <= 1 or generator >= modulus:
        raise ValueError("generator must be > 1 and < modulus.")
コード例 #8
0
    def test_generate_dh(self, backend):
        generator = 2
        key_size = 512

        parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
コード例 #9
0
 def test_generate_dsa_keys(self, vector, backend):
     parameters = dsa.DSAParameterNumbers(
         p=vector['p'],
         q=vector['q'],
         g=vector['g']
     ).parameters(backend)
     skey = parameters.generate_private_key()
     if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
         numbers = skey.private_numbers()
         skey_parameters = numbers.public_numbers.parameter_numbers
         pkey = skey.public_key()
         parameters = pkey.parameters()
         parameter_numbers = parameters.parameter_numbers()
         assert parameter_numbers.p == skey_parameters.p
         assert parameter_numbers.q == skey_parameters.q
         assert parameter_numbers.g == skey_parameters.g
         assert skey_parameters.p == vector['p']
         assert skey_parameters.q == vector['q']
         assert skey_parameters.g == vector['g']
         assert skey.key_size == bit_length(vector['p'])
         assert pkey.key_size == skey.key_size
         public_numbers = pkey.public_numbers()
         assert numbers.public_numbers.y == public_numbers.y
         assert numbers.public_numbers.y == pow(
             skey_parameters.g, numbers.x, skey_parameters.p
         )
コード例 #10
0
ファイル: test_dh.py プロジェクト: jon-oracle/cryptography
    def test_generate_dh(self, backend):
        generator = 2
        key_size = 512

        parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
コード例 #11
0
ファイル: dsa.py プロジェクト: adaminfinitum/scrapy-test
def _check_dsa_parameters(modulus, subgroup_order, generator):
    if (
        not isinstance(modulus, six.integer_types) or
        not isinstance(subgroup_order, six.integer_types) or
        not isinstance(generator, six.integer_types)
    ):
        raise TypeError("DSA parameters must be integers")

    if (utils.bit_length(modulus),
        utils.bit_length(subgroup_order)) not in (
            (1024, 160),
            (2048, 256),
            (3072, 256)):
        raise ValueError("modulus and subgroup_order lengths must be "
                         "one of these pairs (1024, 160) or (2048, 256) "
                         "or (3072, 256)")

    if generator <= 1 or generator >= modulus:
        raise ValueError("generator must be > 1 and < modulus")
コード例 #12
0
ファイル: test_dsa.py プロジェクト: B-Rich/cryptography
    def test_generate_dsa_keys(self, vector, backend):
        parameters = dsa.DSAParameters(modulus=vector["p"], subgroup_order=vector["q"], generator=vector["g"])
        skey = dsa.DSAPrivateKey.generate(parameters, backend)

        skey_parameters = skey.parameters()
        assert skey_parameters.p == vector["p"]
        assert skey_parameters.q == vector["q"]
        assert skey_parameters.g == vector["g"]
        assert skey.key_size == bit_length(vector["p"])
        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
コード例 #13
0
 def serial_number(self, number):
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return RevokedCertificateBuilder(number, self._revocation_date,
                                      self._extensions)
コード例 #14
0
    def test_generate_dsa_keys(self, vector, backend):
        parameters = dsa.DSAParameters(modulus=vector['p'],
                                       subgroup_order=vector['q'],
                                       generator=vector['g'])
        skey = dsa.DSAPrivateKey.generate(parameters, backend)

        skey_parameters = skey.parameters()
        assert skey_parameters.p == vector['p']
        assert skey_parameters.q == vector['q']
        assert skey_parameters.g == vector['g']
        assert skey.key_size == bit_length(vector['p'])
        assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
コード例 #15
0
def _override_check_dsa_parameters(parameters):
    """Override check_dsa_parameters from cryptography's dsa.py

    Allows for shorter or longer parameters.p to be returned from the server's host key. This is a
    HORRIBLE hack and a security risk, please remove if possible!
    """
    # if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
    # raise ValueError("p is {}, must be exactly 1024, 2048, or 3072 bits long".format(utils.bit_length(parameters.p)))
    if crypto_utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #16
0
 def serial_number(self, number):
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return RevokedCertificateBuilder(
         number, self._revocation_date, self._extensions
     )
コード例 #17
0
ファイル: sentry_pdu.py プロジェクト: ctomkow/swITch
def _override_check_dsa_parameters(parameters):

    """Override check_dsa_parameters from cryptography's dsa.py

    Allows for shorter or longer parameters.p to be returned from the server's host key. This is a
    HORRIBLE hack and a security risk, please remove if possible!
    """
    # if utils.bit_length(parameters.p) not in [1024, 2048, 3072]:
        # raise ValueError("p is {}, must be exactly 1024, 2048, or 3072 bits long".format(utils.bit_length(parameters.p)))
    if crypto_utils.bit_length(parameters.q) not in [160, 256]:
        raise ValueError("q must be exactly 160 or 256 bits long")

    if not (1 < parameters.g < parameters.p):
        raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #18
0
ファイル: base.py プロジェクト: 18636800170/videoWebsie
    def serial_number(self, number):
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return RevokedCertificateBuilder(number, self._revocation_date,
                                         self._extensions)
コード例 #19
0
ファイル: base.py プロジェクト: gorisaka/cryptography
    def serial_number(self, number):
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return RevokedCertificateBuilder(
            number, self._revocation_date, self._extensions
        )
コード例 #20
0
 def serial_number(self, number):
     """
     Sets the certificate serial number.
     """
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return CertificateBuilder(self._issuer_name, self._subject_name,
                               self._public_key, number,
                               self._not_valid_before,
                               self._not_valid_after, self._extensions)
コード例 #21
0
ファイル: base.py プロジェクト: Hasimir/cryptography
 def serial_number(self, number):
     """
     Sets the certificate serial number.
     """
     if not isinstance(number, six.integer_types):
         raise TypeError('Serial number must be of integral type.')
     if self._serial_number is not None:
         raise ValueError('The serial number may only be set once.')
     if number < 0:
         raise ValueError('The serial number should be non-negative.')
     if utils.bit_length(number) > 160:  # As defined in RFC 5280
         raise ValueError('The serial number should not be more than 160 '
                          'bits.')
     return CertificateBuilder(
         self._issuer_name, self._subject_name,
         self._public_key, number, self._not_valid_before,
         self._not_valid_after, self._extensions
     )
コード例 #22
0
ファイル: base.py プロジェクト: 18636800170/videoWebsie
    def serial_number(self, number):
        """
        Sets the certificate serial number.
        """
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive.')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return CertificateBuilder(self._issuer_name, self._subject_name,
                                  self._public_key, number,
                                  self._not_valid_before,
                                  self._not_valid_after, self._extensions)
コード例 #23
0
ファイル: base.py プロジェクト: gorisaka/cryptography
    def serial_number(self, number):
        """
        Sets the certificate serial number.
        """
        if not isinstance(number, six.integer_types):
            raise TypeError('Serial number must be of integral type.')
        if self._serial_number is not None:
            raise ValueError('The serial number may only be set once.')
        if number <= 0:
            raise ValueError('The serial number should be positive.')

        # ASN.1 integers are always signed, so most significant bit must be
        # zero.
        if utils.bit_length(number) >= 160:  # As defined in RFC 5280
            raise ValueError('The serial number should not be more than 159 '
                             'bits.')
        return CertificateBuilder(
            self._issuer_name, self._subject_name,
            self._public_key, number, self._not_valid_before,
            self._not_valid_after, self._extensions
        )
コード例 #24
0
    def _override_check_dsa_parameters(parameters):
        """
        Override check_dsa_parameters from cryptography's dsa.py

        Without this the error below occurs:

        ValueError: p must be exactly 1024, 2048, or 3072 bits long

        Allows for shorter or longer parameters.p to be returned
        from the server's host key. This is a HORRIBLE hack and a
        security risk, please remove if possible!

        By now, with firmware:

        2.0.5 Build 20200109 Rel.36203(s)

        It's still not possible to remove this hack.
        """
        if crypto_utils.bit_length(parameters.q) not in [160, 256]:
            raise ValueError("q must be exactly 160 or 256 bits long")

        if not (1 < parameters.g < parameters.p):
            raise ValueError("g, p don't satisfy 1 < g < p.")
コード例 #25
0
    def test_generate_dh(self, backend, with_q):
        if with_q:
            vector = load_vectors_from_file(
                os.path.join("asymmetric", "DH", "RFC5114.txt"),
                load_nist_vectors)[0]
            p = int(vector["p"], 16)
            g = int(vector["g"], 16)
            q = int(vector["q"], 16)
            parameters = dh.DHParameterNumbers(p, g, q).parameters(backend)
            key_size = 1024
        else:
            generator = 2
            key_size = 512

            parameters = dh.generate_parameters(generator, key_size, backend)
        assert isinstance(parameters, dh.DHParameters)

        key = parameters.generate_private_key()
        assert isinstance(key, dh.DHPrivateKey)
        assert key.key_size == key_size

        public = key.public_key()
        assert isinstance(public, dh.DHPublicKey)
        assert public.key_size == key_size

        assert isinstance(parameters, dh.DHParametersWithSerialization)
        parameter_numbers = parameters.parameter_numbers()
        assert isinstance(parameter_numbers, dh.DHParameterNumbers)
        assert bit_length(parameter_numbers.p) == key_size

        assert isinstance(public, dh.DHPublicKeyWithSerialization)
        assert isinstance(public.public_numbers(), dh.DHPublicNumbers)
        assert isinstance(public.parameters(), dh.DHParameters)

        assert isinstance(key, dh.DHPrivateKeyWithSerialization)
        assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
        assert isinstance(key.parameters(), dh.DHParameters)
コード例 #26
0
def test_bit_length():
    assert utils.bit_length(1) == 1
    assert utils.bit_length(11) == 4
コード例 #27
0
 def dsa_parameters_supported(self, p, q, g):
     if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
         return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
     else:
         return True
コード例 #28
0
 def test_generate_dsa_parameters(self, backend):
     parameters = dsa.DSAParameters.generate(1024, backend)
     assert bit_length(parameters.p) == 1024
コード例 #29
0
def test_bit_length():
    assert utils.bit_length(1) == 1
    assert utils.bit_length(11) == 4
コード例 #30
0
ファイル: dsa.py プロジェクト: 668Jerry/rations
 def key_size(self):
     return utils.bit_length(self._modulus)
コード例 #31
0
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.DSAParameters.generate(2048, backend)
     assert utils.bit_length(parameters.p) == 2048
     parameters = dsa.DSAParameters.generate(3072, backend)
     assert utils.bit_length(parameters.p) == 3072
コード例 #32
0
ファイル: test_openssl.py プロジェクト: derwolfe/cryptography
 def test_large_key_size_on_new_openssl(self):
     parameters = dsa.DSAParameters.generate(2048, backend)
     assert utils.bit_length(parameters.p) == 2048
     parameters = dsa.DSAParameters.generate(3072, backend)
     assert utils.bit_length(parameters.p) == 3072
コード例 #33
0
ファイル: backend.py プロジェクト: CoderBotOrg/coderbotsrv
 def dsa_parameters_supported(self, p, q, g):
     if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
         return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
     else:
         return True
コード例 #34
0
ファイル: test_dsa.py プロジェクト: kennwhite/cryptography
 def test_generate_dsa_parameters(self, backend):
     parameters = dsa.DSAParameters.generate(1024, backend)
     assert bit_length(parameters.p) == 1024
コード例 #35
0
 def key_size(self):
     return utils.bit_length(self._modulus)