add encode_rfc6979_signature and refactor tests to use it

2026-05-14 20:37:55 +00:00 · 2014-11-27 10:40:12 -10:00 · 2014-11-27 10:40:12 -10:00 · aa7dacaf53
commit aa7dacaf53
parent 65d054d1a9
7 changed files with 66 additions and 53 deletions
--- a/docs/hazmat/primitives/asymmetric/utils.rst
+++ b/docs/hazmat/primitives/asymmetric/utils.rst
@ -14,3 +14,13 @@ Asymmetric Utilities
    :param bytes signature: The signature to decode.

    :returns: The decoded tuple ``(r, s)``.
+
+.. function:: encode_rfc6979_signature(r, s)
+
+    Creates an :rfc:`6979` byte string from raw signature values.
+
+    :param int r: The raw signature value ``r``.
+
+    :param int s: The raw signature value ``s``.
+
+    :return bytes: The encoded signature.
--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py
@ -4,7 +4,7 @@

 from __future__ import absolute_import, division, print_function

-from pyasn1.codec.der import decoder
+from pyasn1.codec.der import decoder, encoder
 from pyasn1.type import namedtype, univ


@ -20,3 +20,10 @@ def decode_rfc6979_signature(signature):
    r = int(data[0].getComponentByName('r'))
    s = int(data[0].getComponentByName('s'))
    return (r, s)
+
+
+def encode_rfc6979_signature(r, s):
+    sig = _DSSSigValue()
+    sig.setComponentByName('r', r)
+    sig.setComponentByName('s', s)
+    return encoder.encode(sig)
--- a/tests/hazmat/primitives/test_asym_utils.py
+++ b/tests/hazmat/primitives/test_asym_utils.py
@ -0,0 +1,34 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    decode_rfc6979_signature, encode_rfc6979_signature
+)
+
+
+def test_rfc6979_signature():
+    sig = encode_rfc6979_signature(1, 1)
+    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
+    assert decode_rfc6979_signature(sig) == (1, 1)
+
+    r_s1 = (
+        1037234182290683143945502320610861668562885151617,
+        559776156650501990899426031439030258256861634312
+    )
+    sig2 = encode_rfc6979_signature(*r_s1)
+    assert sig2 == (
+        b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
+        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
+    )
+    assert decode_rfc6979_signature(sig2) == r_s1
+
+    sig3 = encode_rfc6979_signature(0, 0)
+    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
+    assert decode_rfc6979_signature(sig3) == (0, 0)
+
+    sig4 = encode_rfc6979_signature(-1, 0)
+    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
+    assert decode_rfc6979_signature(sig4) == (-1, 0)
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@ -12,14 +12,17 @@ from cryptography.exceptions import AlreadyFinalized, InvalidSignature
 from cryptography.hazmat.backends.interfaces import DSABackend
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import dsa
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    encode_rfc6979_signature
+)
 from cryptography.utils import bit_length

 from .fixtures_dsa import (
    DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072
 )
 from ...utils import (
-    der_encode_dsa_signature, load_fips_dsa_key_pair_vectors,
-    load_fips_dsa_sig_vectors, load_vectors_from_file,
+    load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,
+    load_vectors_from_file,
 )


@ -557,7 +560,7 @@ class TestDSAVerification(object):
            ),
            y=vector['y']
        ).public_key(backend)
-        sig = der_encode_dsa_signature(vector['r'], vector['s'])
+        sig = encode_rfc6979_signature(vector['r'], vector['s'])
        verifier = public_key.verifier(sig, algorithm())
        verifier.update(vector['msg'])
        if vector['result'] == "F":
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@ -13,11 +13,13 @@ from cryptography import exceptions, utils
 from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    encode_rfc6979_signature
+)

 from ...utils import (
-    der_encode_dsa_signature, load_fips_ecdsa_key_pair_vectors,
-    load_fips_ecdsa_signing_vectors, load_vectors_from_file,
-    raises_unsupported_algorithm
+    load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,
+    load_vectors_from_file, raises_unsupported_algorithm
 )

 _HASH_TYPES = {
@ -305,10 +307,7 @@ class TestECDSAVectors(object):
            curve_type()
        ).public_key(backend)

-        signature = der_encode_dsa_signature(
-            vector['r'],
-            vector['s']
-        )
+        signature = encode_rfc6979_signature(vector['r'], vector['s'])

        verifier = key.verifier(
            signature,
@ -337,10 +336,7 @@ class TestECDSAVectors(object):
            curve_type()
        ).public_key(backend)

-        signature = der_encode_dsa_signature(
-            vector['r'],
-            vector['s']
-        )
+        signature = encode_rfc6979_signature(vector['r'], vector['s'])

        verifier = key.verifier(
            signature,
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@ -18,7 +18,7 @@ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 import cryptography_vectors

 from .utils import (
-    check_backend_support, der_encode_dsa_signature, load_cryptrec_vectors,
+    check_backend_support, load_cryptrec_vectors,
    load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors,
    load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors,
    load_hash_vectors, load_kasvs_dh_vectors, load_nist_vectors,
@ -110,26 +110,6 @@ def test_check_backend_support_no_backend():
        check_backend_support(item)


-def test_der_encode_dsa_signature_values():
-    sig = der_encode_dsa_signature(1, 1)
-    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
-
-    sig2 = der_encode_dsa_signature(
-        1037234182290683143945502320610861668562885151617,
-        559776156650501990899426031439030258256861634312
-    )
-    assert sig2 == (
-        b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
-        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
-    )
-
-    sig3 = der_encode_dsa_signature(0, 0)
-    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
-
-    sig4 = der_encode_dsa_signature(-1, 0)
-    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
-
-
 def test_load_nist_vectors():
    vector_data = textwrap.dedent("""
    # CAVS 11.1
--- a/tests/utils.py
+++ b/tests/utils.py
@ -9,9 +9,6 @@ import collections
 import re
 from contextlib import contextmanager

-from pyasn1.codec.der import encoder
-from pyasn1.type import namedtype, univ
-
 import pytest

 import six
@ -73,20 +70,6 @@ def raises_unsupported_algorithm(reason):
    assert exc_info.value._reason is reason


-class _DSSSigValue(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('r', univ.Integer()),
-        namedtype.NamedType('s', univ.Integer())
-    )
-
-
-def der_encode_dsa_signature(r, s):
-    sig = _DSSSigValue()
-    sig.setComponentByName('r', r)
-    sig.setComponentByName('s', s)
-    return encoder.encode(sig)
-
-
 def load_vectors_from_file(filename, loader, mode="r"):
    with cryptography_vectors.open_vector_file(filename, mode) as vector_file:
        return loader(vector_file)