Merge pull request #1315 from public/dh-numbers
DH numbers
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst
new file mode 100644
index 0000000..fdf113f
--- /dev/null
+++ b/docs/hazmat/primitives/asymmetric/dh.rst
@@ -0,0 +1,64 @@
+.. hazmat::
+
+Diffie-Hellman key exchange
+===========================
+
+.. currentmodule:: cryptography.hazmat.primitives.asymmetric.dh
+
+
+.. class:: DHPrivateNumbers(x, public_numbers)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that make up a Diffie-Hellman private key.
+
+ .. attribute:: public_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
+
+ The :class:`DHPublicNumbers` which makes up the DH public
+ key associated with this DH private key.
+
+ .. attribute:: x
+
+ :type: int
+
+ The private value.
+
+
+.. class:: DHPublicNumbers(parameters, y)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that make up a Diffie-Hellman public key.
+
+ .. attribute:: parameter_numbers
+
+ :type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
+
+ The parameters for this DH group.
+
+ .. attribute:: y
+
+ :type: int
+
+ The public value.
+
+
+.. class:: DHParameterNumbers(p, g)
+
+ .. versionadded:: 0.8
+
+ The collection of integers that define a Diffie-Hellman group.
+
+ .. attribute:: p
+
+ :type: int
+
+ The prime modulus value.
+
+ .. attribute:: g
+
+ :type: int
+
+ The generator value.
diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst
index 59f00c5..4242a0b 100644
--- a/docs/hazmat/primitives/asymmetric/index.rst
+++ b/docs/hazmat/primitives/asymmetric/index.rst
@@ -29,6 +29,7 @@
dsa
ec
rsa
+ dh
serialization
interfaces
utils
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index ddd3789..9434a0b 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -14,6 +14,7 @@
cryptographic
cryptographically
Debian
+Diffie
decrypt
decrypted
decrypting
diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py
new file mode 100644
index 0000000..61556ef
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py
@@ -0,0 +1,101 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import six
+
+from cryptography import utils
+
+
+class DHPrivateNumbers(object):
+ def __init__(self, x, public_numbers):
+ if not isinstance(x, six.integer_types):
+ raise TypeError("x must be an integer.")
+
+ if not isinstance(public_numbers, DHPublicNumbers):
+ raise TypeError("public_numbers must be an instance of "
+ "DHPublicNumbers.")
+
+ self._x = x
+ self._public_numbers = public_numbers
+
+ def __eq__(self, other):
+ if not isinstance(other, DHPrivateNumbers):
+ return NotImplemented
+
+ return (
+ self._x == other._x and
+ self._public_numbers == other._public_numbers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ public_numbers = utils.read_only_property("_public_numbers")
+ x = utils.read_only_property("_x")
+
+
+class DHPublicNumbers(object):
+ def __init__(self, y, parameter_numbers):
+ if not isinstance(y, six.integer_types):
+ raise TypeError("y must be an integer.")
+
+ if not isinstance(parameter_numbers, DHParameterNumbers):
+ raise TypeError(
+ "parameters must be an instance of DHParameterNumbers.")
+
+ self._y = y
+ self._parameter_numbers = parameter_numbers
+
+ def __eq__(self, other):
+ if not isinstance(other, DHPublicNumbers):
+ return NotImplemented
+
+ return (
+ self._y == other._y and
+ self._parameter_numbers == other._parameter_numbers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ y = utils.read_only_property("_y")
+ parameter_numbers = utils.read_only_property("_parameter_numbers")
+
+
+class DHParameterNumbers(object):
+ def __init__(self, p, g):
+ if (
+ not isinstance(p, six.integer_types) or
+ not isinstance(g, six.integer_types)
+ ):
+ raise TypeError("p and g must be integers")
+
+ self._p = p
+ self._g = g
+
+ def __eq__(self, other):
+ if not isinstance(other, DHParameterNumbers):
+ return NotImplemented
+
+ return (
+ self._p == other._p and
+ self._g == other._g
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ p = utils.read_only_property("_p")
+ g = utils.read_only_property("_g")
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
new file mode 100644
index 0000000..115f3d8
--- /dev/null
+++ b/tests/hazmat/primitives/test_dh.py
@@ -0,0 +1,113 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import pytest
+
+from cryptography.hazmat.primitives.asymmetric import dh
+
+
+def test_dh_parameternumbers():
+ params = dh.DHParameterNumbers(
+ 65537, 3
+ )
+
+ assert params.p == 65537
+ assert params.g == 3
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ None, 3
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ 65537, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHParameterNumbers(
+ None, None
+ )
+
+
+def test_dh_numbers():
+ params = dh.DHParameterNumbers(
+ 65537, 3
+ )
+
+ public = dh.DHPublicNumbers(
+ 1, params
+ )
+
+ assert public.parameter_numbers is params
+ assert public.y == 1
+
+ with pytest.raises(TypeError):
+ dh.DHPublicNumbers(
+ 1, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHPublicNumbers(
+ None, params
+ )
+
+ private = dh.DHPrivateNumbers(
+ 1, public
+ )
+
+ assert private.public_numbers is public
+ assert private.x == 1
+
+ with pytest.raises(TypeError):
+ dh.DHPrivateNumbers(
+ 1, None
+ )
+
+ with pytest.raises(TypeError):
+ dh.DHPrivateNumbers(
+ None, public
+ )
+
+
+def test_dh_parameter_numbers_equality():
+ assert dh.DHParameterNumbers(65537, 3) == dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(6, 3) != dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(65537, 0) != dh.DHParameterNumbers(65537, 3)
+ assert dh.DHParameterNumbers(65537, 0) != object()
+
+
+def test_dh_private_numbers_equality():
+ params = dh.DHParameterNumbers(65537, 3)
+ public = dh.DHPublicNumbers(1, params)
+ private = dh.DHPrivateNumbers(2, public)
+
+ assert private == dh.DHPrivateNumbers(2, public)
+ assert private != dh.DHPrivateNumbers(0, public)
+ assert private != dh.DHPrivateNumbers(2, dh.DHPublicNumbers(0, params))
+ assert private != dh.DHPrivateNumbers(
+ 2, dh.DHPublicNumbers(1, dh.DHParameterNumbers(65537, 0))
+ )
+ assert private != object()
+
+
+def test_dh_public_numbers_equality():
+ params = dh.DHParameterNumbers(65537, 3)
+ public = dh.DHPublicNumbers(1, params)
+
+ assert public == dh.DHPublicNumbers(1, params)
+ assert public != dh.DHPublicNumbers(0, params)
+ assert public != dh.DHPublicNumbers(1, dh.DHParameterNumbers(65537, 0))
+ assert public != object()