refactor DH a bit to generate less parameters (#5326)

speeds things up a bit and makes it easier to do the FIPS PR
pyca · Jul 20, 2020 · 972c886 · 972c886
1 parent 31359f3
commit 972c886
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 25 deletions.
diff --git a/tests/hazmat/primitives/fixtures_dh.py b/tests/hazmat/primitives/fixtures_dh.py
@@ -0,0 +1,24 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives.asymmetric import dh
+
+FFDH3072_P = dh.DHParameterNumbers(
+    p=int(
+        "ffffffffffffffffadf85458a2bb4a9aafdc5620273d3cf1d8b9c583ce2d3695a9e"
+        "13641146433fbcc939dce249b3ef97d2fe363630c75d8f681b202aec4617ad3df1e"
+        "d5d5fd65612433f51f5f066ed0856365553ded1af3b557135e7f57c935984f0c70e"
+        "0e68b77e2a689daf3efe8721df158a136ade73530acca4f483a797abc0ab182b324"
+        "fb61d108a94bb2c8e3fbb96adab760d7f4681d4f42a3de394df4ae56ede76372bb1"
+        "90b07a7c8ee0a6d709e02fce1cdf7e2ecc03404cd28342f619172fe9ce98583ff8e"
+        "4f1232eef28183c3fe3b1b4c6fad733bb5fcbc2ec22005c58ef1837d1683b2c6f34"
+        "a26c1b2effa886b4238611fcfdcde355b3b6519035bbc34f4def99c023861b46fc9"
+        "d6e6c9077ad91d2691f7f7ee598cb0fac186d91caefe130985139270b4130c93bc4"
+        "37944f4fd4452e2d74dd364f2e21e71f54bff5cae82ab9c9df69ee86d2bc522363a"
+        "0dabc521979b0deada1dbf9a42d5c4484e0abcd06bfa53ddef3c1b20ee3fd59d7c2"
+        "5e41d2b66c62e37ffffffffffffffff", 16
+    ), g=2
+)
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
@@ -16,6 +16,7 @@
 from cryptography.hazmat.primitives.asymmetric import dh
 from cryptography.utils import int_from_bytes
 
+from .fixtures_dh import FFDH3072_P
 from ...doubles import DummyKeySerializationEncryption
 from ...utils import load_nist_vectors, load_vectors_from_file
 
@@ -281,22 +282,21 @@ def test_generate_dh(self, backend, with_q):
         assert isinstance(key.parameters(), dh.DHParameters)
 
     def test_exchange(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         assert isinstance(parameters, dh.DHParameters)
 
         key1 = parameters.generate_private_key()
         key2 = parameters.generate_private_key()
 
         symkey1 = key1.exchange(key2.public_key())
         assert symkey1
-        assert len(symkey1) == 512 // 8
+        assert len(symkey1) == 3072 // 8
 
         symkey2 = key2.exchange(key1.public_key())
         assert symkey1 == symkey2
 
     def test_exchange_algorithm(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
-
+        parameters = FFDH3072_P.parameters(backend)
         key1 = parameters.generate_private_key()
         key2 = parameters.generate_private_key()
 
@@ -419,9 +419,8 @@ class TestDHPrivateKeySerialization(object):
             ],
         ]
     )
-    def test_private_bytes_unencrypted(self, backend, encoding,
-                                       loader_func):
-        parameters = dh.generate_parameters(2, 512, backend)
+    def test_private_bytes_unencrypted(self, backend, encoding, loader_func):
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         serialized = key.private_bytes(
             encoding, serialization.PrivateFormat.PKCS8,
@@ -442,7 +441,7 @@ def test_private_bytes_unencrypted(self, backend, encoding,
         ]
     )
     def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(ValueError):
             key.private_bytes(encoding, fmt, serialization.NoEncryption())
@@ -536,7 +535,7 @@ def test_private_bytes_values(self, key_path, loader_func,
             assert private_numbers.public_numbers.parameter_numbers.q is None
 
     def test_private_bytes_traditional_openssl_invalid(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(ValueError):
             key.private_bytes(
@@ -546,7 +545,7 @@ def test_private_bytes_traditional_openssl_invalid(self, backend):
             )
 
     def test_private_bytes_invalid_encoding(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(TypeError):
             key.private_bytes(
@@ -556,7 +555,7 @@ def test_private_bytes_invalid_encoding(self, backend):
             )
 
     def test_private_bytes_invalid_format(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(ValueError):
             key.private_bytes(
@@ -566,7 +565,7 @@ def test_private_bytes_invalid_format(self, backend):
             )
 
     def test_private_bytes_invalid_encryption_algorithm(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(TypeError):
             key.private_bytes(
@@ -576,7 +575,7 @@ def test_private_bytes_invalid_encryption_algorithm(self, backend):
             )
 
     def test_private_bytes_unsupported_encryption_type(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key()
         with pytest.raises(ValueError):
             key.private_bytes(
@@ -604,9 +603,8 @@ class TestDHPublicKeySerialization(object):
             ],
         ]
     )
-    def test_public_bytes(self, backend, encoding,
-                          loader_func):
-        parameters = dh.generate_parameters(2, 512, backend)
+    def test_public_bytes(self, backend, encoding, loader_func):
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key().public_key()
         serialized = key.public_bytes(
             encoding, serialization.PublicFormat.SubjectPublicKeyInfo
@@ -701,7 +699,7 @@ def test_public_bytes_values(self, key_path, loader_func,
             assert public_numbers.parameter_numbers.q is None
 
     def test_public_bytes_invalid_encoding(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key().public_key()
         with pytest.raises(TypeError):
             key.public_bytes(
@@ -710,7 +708,7 @@ def test_public_bytes_invalid_encoding(self, backend):
             )
 
     def test_public_bytes_pkcs1_unsupported(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key().public_key()
         with pytest.raises(ValueError):
             key.public_bytes(
@@ -736,9 +734,8 @@ class TestDHParameterSerialization(object):
             ],
         ]
     )
-    def test_parameter_bytes(self, backend, encoding,
-                             loader_func):
-        parameters = dh.generate_parameters(2, 512, backend)
+    def test_parameter_bytes(self, backend, encoding, loader_func):
+        parameters = FFDH3072_P.parameters(backend)
         serialized = parameters.parameter_bytes(
             encoding, serialization.ParameterFormat.PKCS3
         )
@@ -852,29 +849,29 @@ def test_public_bytes_values(self, param_path, loader_func,
         ))
     )
     def test_public_bytes_rejects_invalid(self, encoding, fmt, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         key = parameters.generate_private_key().public_key()
         with pytest.raises(ValueError):
             key.public_bytes(encoding, fmt)
 
     def test_parameter_bytes_invalid_encoding(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         with pytest.raises(TypeError):
             parameters.parameter_bytes(
                 "notencoding",
                 serialization.ParameterFormat.PKCS3
             )
 
     def test_parameter_bytes_invalid_format(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         with pytest.raises(ValueError):
             parameters.parameter_bytes(
                 serialization.Encoding.PEM,
                 "notformat"
             )
 
     def test_parameter_bytes_openssh_unsupported(self, backend):
-        parameters = dh.generate_parameters(2, 512, backend)
+        parameters = FFDH3072_P.parameters(backend)
         with pytest.raises(TypeError):
             parameters.parameter_bytes(
                 serialization.Encoding.OpenSSH,