Skip to content
Snippets Groups Projects
Commit d4f42633b9c8 authored by Paul Kehrer's avatar Paul Kehrer
Browse files

refactor DH a bit to generate less parameters (#5326) 

speeds things up a bit and makes it easier to do the FIPS PR
parent daa712c50090
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
tests/hazmat/primitives/fixtures_dh.py 0 → 100644
+ 24
0
View file @ d4f42633
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
from cryptography.hazmat.primitives.asymmetric import dh
FFDH3072_P = dh.DHParameterNumbers(
p=int(
"ffffffffffffffffadf85458a2bb4a9aafdc5620273d3cf1d8b9c583ce2d3695a9e"
"13641146433fbcc939dce249b3ef97d2fe363630c75d8f681b202aec4617ad3df1e"
"d5d5fd65612433f51f5f066ed0856365553ded1af3b557135e7f57c935984f0c70e"
"0e68b77e2a689daf3efe8721df158a136ade73530acca4f483a797abc0ab182b324"
"fb61d108a94bb2c8e3fbb96adab760d7f4681d4f42a3de394df4ae56ede76372bb1"
"90b07a7c8ee0a6d709e02fce1cdf7e2ecc03404cd28342f619172fe9ce98583ff8e"
"4f1232eef28183c3fe3b1b4c6fad733bb5fcbc2ec22005c58ef1837d1683b2c6f34"
"a26c1b2effa886b4238611fcfdcde355b3b6519035bbc34f4def99c023861b46fc9"
"d6e6c9077ad91d2691f7f7ee598cb0fac186d91caefe130985139270b4130c93bc4"
"37944f4fd4452e2d74dd364f2e21e71f54bff5cae82ab9c9df69ee86d2bc522363a"
"0dabc521979b0deada1dbf9a42d5c4484e0abcd06bfa53ddef3c1b20ee3fd59d7c2"
"5e41d2b66c62e37ffffffffffffffff", 16
), g=2
)
tests/hazmat/primitives/test_dh.py
+ 22
25
View file @ d4f42633
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
from cryptography.hazmat.primitives.asymmetric import dh from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.utils import int_from_bytes from cryptography.utils import int_from_bytes
from .fixtures_dh import FFDH3072_P
from ...doubles import DummyKeySerializationEncryption from ...doubles import DummyKeySerializationEncryption
from ...utils import load_nist_vectors, load_vectors_from_file from ...utils import load_nist_vectors, load_vectors_from_file
...@@ -281,7 +282,7 @@ ...@@ -281,7 +282,7 @@
assert isinstance(key.parameters(), dh.DHParameters) assert isinstance(key.parameters(), dh.DHParameters)
def test_exchange(self, backend): def test_exchange(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
assert isinstance(parameters, dh.DHParameters) assert isinstance(parameters, dh.DHParameters)
key1 = parameters.generate_private_key() key1 = parameters.generate_private_key()
...@@ -289,9 +290,9 @@ ...@@ -289,9 +290,9 @@
symkey1 = key1.exchange(key2.public_key()) symkey1 = key1.exchange(key2.public_key())
assert symkey1 assert symkey1
assert len(symkey1) == 512 // 8 assert len(symkey1) == 3072 // 8
symkey2 = key2.exchange(key1.public_key()) symkey2 = key2.exchange(key1.public_key())
assert symkey1 == symkey2 assert symkey1 == symkey2
def test_exchange_algorithm(self, backend): def test_exchange_algorithm(self, backend):
...@@ -293,10 +294,9 @@ ...@@ -293,10 +294,9 @@
symkey2 = key2.exchange(key1.public_key()) symkey2 = key2.exchange(key1.public_key())
assert symkey1 == symkey2 assert symkey1 == symkey2
def test_exchange_algorithm(self, backend): def test_exchange_algorithm(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key1 = parameters.generate_private_key() key1 = parameters.generate_private_key()
key2 = parameters.generate_private_key() key2 = parameters.generate_private_key()
...@@ -419,9 +419,8 @@ ...@@ -419,9 +419,8 @@
], ],
] ]
) )
def test_private_bytes_unencrypted(self, backend, encoding, def test_private_bytes_unencrypted(self, backend, encoding, loader_func):
loader_func): parameters = FFDH3072_P.parameters(backend)
parameters = dh.generate_parameters(2, 512, backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
serialized = key.private_bytes( serialized = key.private_bytes(
encoding, serialization.PrivateFormat.PKCS8, encoding, serialization.PrivateFormat.PKCS8,
...@@ -442,7 +441,7 @@ ...@@ -442,7 +441,7 @@
] ]
) )
def test_private_bytes_rejects_invalid(self, encoding, fmt, backend): def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.private_bytes(encoding, fmt, serialization.NoEncryption()) key.private_bytes(encoding, fmt, serialization.NoEncryption())
...@@ -536,7 +535,7 @@ ...@@ -536,7 +535,7 @@
assert private_numbers.public_numbers.parameter_numbers.q is None assert private_numbers.public_numbers.parameter_numbers.q is None
def test_private_bytes_traditional_openssl_invalid(self, backend): def test_private_bytes_traditional_openssl_invalid(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.private_bytes( key.private_bytes(
...@@ -546,7 +545,7 @@ ...@@ -546,7 +545,7 @@
) )
def test_private_bytes_invalid_encoding(self, backend): def test_private_bytes_invalid_encoding(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(TypeError): with pytest.raises(TypeError):
key.private_bytes( key.private_bytes(
...@@ -556,7 +555,7 @@ ...@@ -556,7 +555,7 @@
) )
def test_private_bytes_invalid_format(self, backend): def test_private_bytes_invalid_format(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.private_bytes( key.private_bytes(
...@@ -566,7 +565,7 @@ ...@@ -566,7 +565,7 @@
) )
def test_private_bytes_invalid_encryption_algorithm(self, backend): def test_private_bytes_invalid_encryption_algorithm(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(TypeError): with pytest.raises(TypeError):
key.private_bytes( key.private_bytes(
...@@ -576,7 +575,7 @@ ...@@ -576,7 +575,7 @@
) )
def test_private_bytes_unsupported_encryption_type(self, backend): def test_private_bytes_unsupported_encryption_type(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key() key = parameters.generate_private_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.private_bytes( key.private_bytes(
...@@ -604,9 +603,8 @@ ...@@ -604,9 +603,8 @@
], ],
] ]
) )
def test_public_bytes(self, backend, encoding, def test_public_bytes(self, backend, encoding, loader_func):
loader_func): parameters = FFDH3072_P.parameters(backend)
parameters = dh.generate_parameters(2, 512, backend)
key = parameters.generate_private_key().public_key() key = parameters.generate_private_key().public_key()
serialized = key.public_bytes( serialized = key.public_bytes(
encoding, serialization.PublicFormat.SubjectPublicKeyInfo encoding, serialization.PublicFormat.SubjectPublicKeyInfo
...@@ -701,7 +699,7 @@ ...@@ -701,7 +699,7 @@
assert public_numbers.parameter_numbers.q is None assert public_numbers.parameter_numbers.q is None
def test_public_bytes_invalid_encoding(self, backend): def test_public_bytes_invalid_encoding(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key().public_key() key = parameters.generate_private_key().public_key()
with pytest.raises(TypeError): with pytest.raises(TypeError):
key.public_bytes( key.public_bytes(
...@@ -710,7 +708,7 @@ ...@@ -710,7 +708,7 @@
) )
def test_public_bytes_pkcs1_unsupported(self, backend): def test_public_bytes_pkcs1_unsupported(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key().public_key() key = parameters.generate_private_key().public_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.public_bytes( key.public_bytes(
...@@ -736,9 +734,8 @@ ...@@ -736,9 +734,8 @@
], ],
] ]
) )
def test_parameter_bytes(self, backend, encoding, def test_parameter_bytes(self, backend, encoding, loader_func):
loader_func): parameters = FFDH3072_P.parameters(backend)
parameters = dh.generate_parameters(2, 512, backend)
serialized = parameters.parameter_bytes( serialized = parameters.parameter_bytes(
encoding, serialization.ParameterFormat.PKCS3 encoding, serialization.ParameterFormat.PKCS3
) )
...@@ -852,9 +849,9 @@ ...@@ -852,9 +849,9 @@
)) ))
) )
def test_public_bytes_rejects_invalid(self, encoding, fmt, backend): def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
key = parameters.generate_private_key().public_key() key = parameters.generate_private_key().public_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.public_bytes(encoding, fmt) key.public_bytes(encoding, fmt)
def test_parameter_bytes_invalid_encoding(self, backend): def test_parameter_bytes_invalid_encoding(self, backend):
...@@ -856,9 +853,9 @@ ...@@ -856,9 +853,9 @@
key = parameters.generate_private_key().public_key() key = parameters.generate_private_key().public_key()
with pytest.raises(ValueError): with pytest.raises(ValueError):
key.public_bytes(encoding, fmt) key.public_bytes(encoding, fmt)
def test_parameter_bytes_invalid_encoding(self, backend): def test_parameter_bytes_invalid_encoding(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
with pytest.raises(TypeError): with pytest.raises(TypeError):
parameters.parameter_bytes( parameters.parameter_bytes(
"notencoding", "notencoding",
...@@ -866,7 +863,7 @@ ...@@ -866,7 +863,7 @@
) )
def test_parameter_bytes_invalid_format(self, backend): def test_parameter_bytes_invalid_format(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
with pytest.raises(ValueError): with pytest.raises(ValueError):
parameters.parameter_bytes( parameters.parameter_bytes(
serialization.Encoding.PEM, serialization.Encoding.PEM,
...@@ -874,7 +871,7 @@ ...@@ -874,7 +871,7 @@
) )
def test_parameter_bytes_openssh_unsupported(self, backend): def test_parameter_bytes_openssh_unsupported(self, backend):
parameters = dh.generate_parameters(2, 512, backend) parameters = FFDH3072_P.parameters(backend)
with pytest.raises(TypeError): with pytest.raises(TypeError):
parameters.parameter_bytes( parameters.parameter_bytes(
serialization.Encoding.OpenSSH, serialization.Encoding.OpenSSH,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment