diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-12 17:13:31 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-12 17:13:31 -0500 |
| commit | 56b1a88b6565f2239c717bb3c8514f84f55ee855 (patch) | |
| tree | df7c703853e8d1918d467156153edc27bccaef74 | |
| parent | f15a0a096289688f13c193633811c4aef0974e2f (diff) | |
| parent | 38df44151cdc6591385c4ec1691e782d05c8aec7 (diff) | |
| download | cryptography-56b1a88b6565f2239c717bb3c8514f84f55ee855.tar.gz cryptography-56b1a88b6565f2239c717bb3c8514f84f55ee855.tar.bz2 cryptography-56b1a88b6565f2239c717bb3c8514f84f55ee855.zip | |
Merge pull request #2262 from viraptor/non-bytes-signatures
Ensure early exeption on non-bytes signature
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/dsa.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 3 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 5 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 9 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 17 |
6 files changed, 39 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index f84857ff..f1bb6d9b 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -29,6 +29,9 @@ def _truncate_digest_for_dsa(dsa_cdata, digest, backend): @utils.register_interface(AsymmetricVerificationContext) class _DSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + self._backend = backend self._public_key = public_key self._signature = signature diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 7d3afb94..b8692e49 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -119,6 +119,8 @@ class _ECDSASignatureContext(object): @utils.register_interface(AsymmetricVerificationContext) class _ECDSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") self._backend = backend self._public_key = public_key self._signature = signature diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 822c7304..8e32eb02 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -337,6 +337,9 @@ class _RSASignatureContext(object): @utils.register_interface(AsymmetricVerificationContext) class _RSAVerificationContext(object): def __init__(self, backend, public_key, signature, padding, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + self._backend = backend self._public_key = public_key self._signature = signature diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index c263ef2b..d1f8f341 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -583,6 +583,11 @@ class TestDSAVerification(object): with pytest.raises(InvalidSignature): verifier.verify() + def test_signature_not_bytes(self, backend): + public_key = DSA_KEY_1024.public_numbers.public_key(backend) + with pytest.raises(TypeError): + public_key.verifier(1234, hashes.SHA1()) + def test_use_after_finalize(self, backend): public_key = DSA_KEY_1024.public_numbers.public_key(backend) verifier = public_key.verifier(b'fakesig', hashes.SHA1()) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 20465a2d..f2e340be 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -710,3 +710,12 @@ class TestEllipticCurvePEMPublicKeySerialization(object): key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.PKCS1 ) + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +class TestECDSAVerification(object): + def test_signature_not_bytes(self, backend): + key = ec.generate_private_key(ec.SECP192R1(), backend) + public_key = key.public_key() + with pytest.raises(TypeError): + public_key.verifier(1234, ec.ECDSA(hashes.SHA256())) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 0c5f7042..0b83fd65 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -679,6 +679,23 @@ class TestRSAVerification(object): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING): public_key.verifier(b"sig", DummyPadding(), hashes.SHA1()) + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PKCS1v15() + ), + skip_message="Does not support PKCS1v1.5." + ) + def test_signature_not_bytes(self, backend): + public_key = RSA_KEY_512.public_numbers.public_key(backend) + signature = 1234 + + with pytest.raises(TypeError): + public_key.verifier( + signature, + padding.PKCS1v15(), + hashes.SHA1() + ) + def test_padding_incorrect_type(self, backend): private_key = RSA_KEY_512.private_key(backend) public_key = private_key.public_key() |