def generate_dsa_parameters(self, key_size): if key_size not in (1024, 2048, 3072): raise ValueError( "Key size must be 1024 or 2048 or 3072 bits") if (self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and key_size > 1024): raise ValueError( "Key size must be 1024 because OpenSSL < 1.0.0 doesn't " "support larger key sizes") ctx = self._lib.DSA_new() assert ctx != self._ffi.NULL ctx = self._ffi.gc(ctx, self._lib.DSA_free) res = self._lib.DSA_generate_parameters_ex( ctx, key_size, self._ffi.NULL, 0, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL ) assert res == 1 return dsa.DSAParameters( modulus=self._bn_to_int(ctx.p), subgroup_order=self._bn_to_int(ctx.q), generator=self._bn_to_int(ctx.g) )
def test_generate_dsa_keys(self, vector, backend): parameters = dsa.DSAParameters(modulus=vector['p'], subgroup_order=vector['q'], generator=vector['g']) skey = dsa.DSAPrivateKey.generate(parameters, backend) skey_parameters = skey.parameters() assert skey_parameters.p == vector['p'] assert skey_parameters.q == vector['q'] assert skey_parameters.g == vector['g'] assert skey.key_size == bit_length(vector['p']) assert skey.y == pow(skey_parameters.g, skey.x, skey_parameters.p)
def test_invalid_parameters_values(self): # Test a modulus < 1024 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=2**1000, subgroup_order=int(self._parameters_1024['q'], 16), generator=int(self._parameters_1024['g'], 16)) # Test a modulus < 2048 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=2**2000, subgroup_order=int(self._parameters_2048['q'], 16), generator=int(self._parameters_2048['g'], 16)) # Test a modulus < 3072 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=2**3000, subgroup_order=int(self._parameters_3072['q'], 16), generator=int(self._parameters_3072['g'], 16)) # Test a modulus > 3072 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=2**3100, subgroup_order=int(self._parameters_3072['q'], 16), generator=int(self._parameters_3072['g'], 16)) # Test a subgroup_order < 160 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16), subgroup_order=2**150, generator=int(self._parameters_1024['g'], 16)) # Test a subgroup_order < 256 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_2048['p'], 16), subgroup_order=2**250, generator=int(self._parameters_2048['g'], 16)) # Test a subgroup_order > 256 bits in length with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_3072['p'], 16), subgroup_order=2**260, generator=int(self._parameters_3072['g'], 16)) # Test a modulus, subgroup_order pair of (1024, 256) bit lengths with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16), subgroup_order=int(self._parameters_2048['q'], 16), generator=int(self._parameters_1024['g'], 16)) # Test a modulus, subgroup_order pair of (2048, 160) bit lengths with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_2048['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=int(self._parameters_2048['g'], 16)) # Test a modulus, subgroup_order pair of (3072, 160) bit lengths with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_3072['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=int(self._parameters_3072['g'], 16)) # Test a generator < 1 with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=0) # Test a generator = 1 with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=1) # Test a generator > modulus with pytest.raises(ValueError): dsa.DSAParameters(modulus=int(self._parameters_1024['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=2**1200)
def test_load_dsa_example_keys(self): parameters = dsa.DSAParameters( modulus=int(self._parameters_1024['p'], 16), subgroup_order=int(self._parameters_1024['q'], 16), generator=int(self._parameters_1024['g'], 16)) assert parameters assert parameters.modulus assert parameters.subgroup_order assert parameters.generator assert parameters.modulus == parameters.p assert parameters.subgroup_order == parameters.q assert parameters.generator == parameters.g pub_key = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16), subgroup_order=int( self._parameters_1024["q"], 16), generator=int(self._parameters_1024["g"], 16), y=int(self._parameters_1024["y"], 16)) assert pub_key assert pub_key.key_size assert pub_key.y pub_key_parameters = pub_key.parameters() assert pub_key_parameters assert pub_key_parameters.modulus assert pub_key_parameters.subgroup_order assert pub_key_parameters.generator skey = dsa.DSAPrivateKey(modulus=int(self._parameters_1024["p"], 16), subgroup_order=int(self._parameters_1024["q"], 16), generator=int(self._parameters_1024["g"], 16), x=int(self._parameters_1024["x"], 16), y=int(self._parameters_1024["y"], 16)) assert skey _check_dsa_private_key(skey) skey_parameters = skey.parameters() assert skey_parameters assert skey_parameters.modulus assert skey_parameters.subgroup_order assert skey_parameters.generator pkey = dsa.DSAPublicKey(modulus=int(self._parameters_1024["p"], 16), subgroup_order=int(self._parameters_1024["q"], 16), generator=int(self._parameters_1024["g"], 16), y=int(self._parameters_1024["y"], 16)) assert pkey pkey_parameters = pkey.parameters() assert pkey_parameters assert pkey_parameters.modulus assert pkey_parameters.subgroup_order assert pkey_parameters.generator pkey2 = skey.public_key() assert pkey2 pkey2_parameters = pkey.parameters() assert pkey2_parameters assert pkey2_parameters.modulus assert pkey2_parameters.subgroup_order assert pkey2_parameters.generator assert skey_parameters.modulus == pkey_parameters.modulus assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order assert skey_parameters.generator == pkey_parameters.generator assert skey.y == pkey.y assert skey.key_size == pkey.key_size assert pkey_parameters.modulus == pkey2_parameters.modulus assert pkey_parameters.subgroup_order == \ pkey2_parameters.subgroup_order assert pkey_parameters.generator == pkey2_parameters.generator assert pkey.y == pkey2.y assert pkey.key_size == pkey2.key_size
def test_invalid_parameters_argument_types(self): with pytest.raises(TypeError): dsa.DSAParameters(None, None, None)
def test_invalid_parameters_values(self): # Test a modulus < 1024 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=2**1000, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, ) # Test a modulus < 2048 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=2**2000, subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q, generator=DSA_KEY_2048.public_numbers.parameter_numbers.g, ) # Test a modulus < 3072 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=2**3000, subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q, generator=DSA_KEY_3072.public_numbers.parameter_numbers.g, ) # Test a modulus > 3072 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=2**3100, subgroup_order=DSA_KEY_3072.public_numbers.parameter_numbers.q, generator=DSA_KEY_3072.public_numbers.parameter_numbers.g, ) # Test a subgroup_order < 160 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=2**150, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, ) # Test a subgroup_order < 256 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p, subgroup_order=2**250, generator=DSA_KEY_2048.public_numbers.parameter_numbers.g) # Test a subgroup_order > 256 bits in length with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p, subgroup_order=2**260, generator=DSA_KEY_3072.public_numbers.parameter_numbers.g, ) # Test a modulus, subgroup_order pair of (1024, 256) bit lengths with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_2048.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, ) # Test a modulus, subgroup_order pair of (2048, 160) bit lengths with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_2048.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_2048.public_numbers.parameter_numbers.g) # Test a modulus, subgroup_order pair of (3072, 160) bit lengths with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_3072.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_3072.public_numbers.parameter_numbers.g, ) # Test a generator < 1 with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=0) # Test a generator = 1 with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=1) # Test a generator > modulus with pytest.raises(ValueError): dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=2**1200)
def test_load_dsa_example_keys(self): parameters = dsa.DSAParameters( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g) assert parameters assert parameters.modulus assert parameters.subgroup_order assert parameters.generator assert parameters.modulus == parameters.p assert parameters.subgroup_order == parameters.q assert parameters.generator == parameters.g pub_key = dsa.DSAPublicKey( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, y=DSA_KEY_1024.public_numbers.y) assert pub_key assert pub_key.key_size assert pub_key.y pub_key_parameters = pub_key.parameters() assert pub_key_parameters assert pub_key_parameters.modulus assert pub_key_parameters.subgroup_order assert pub_key_parameters.generator skey = dsa.DSAPrivateKey( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, y=DSA_KEY_1024.public_numbers.y, x=DSA_KEY_1024.x) assert skey _check_dsa_private_key(skey) skey_parameters = skey.parameters() assert skey_parameters assert skey_parameters.modulus assert skey_parameters.subgroup_order assert skey_parameters.generator pkey = dsa.DSAPublicKey( modulus=DSA_KEY_1024.public_numbers.parameter_numbers.p, subgroup_order=DSA_KEY_1024.public_numbers.parameter_numbers.q, generator=DSA_KEY_1024.public_numbers.parameter_numbers.g, y=DSA_KEY_1024.public_numbers.y) assert pkey pkey_parameters = pkey.parameters() assert pkey_parameters assert pkey_parameters.modulus assert pkey_parameters.subgroup_order assert pkey_parameters.generator pkey2 = skey.public_key() assert pkey2 pkey2_parameters = pkey.parameters() assert pkey2_parameters assert pkey2_parameters.modulus assert pkey2_parameters.subgroup_order assert pkey2_parameters.generator assert skey_parameters.modulus == pkey_parameters.modulus assert skey_parameters.subgroup_order == pkey_parameters.subgroup_order assert skey_parameters.generator == pkey_parameters.generator assert skey.y == pkey.y assert skey.key_size == pkey.key_size assert pkey_parameters.modulus == pkey2_parameters.modulus assert pkey_parameters.subgroup_order == \ pkey2_parameters.subgroup_order assert pkey_parameters.generator == pkey2_parameters.generator assert pkey.y == pkey2.y assert pkey.key_size == pkey2.key_size