diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-02 07:51:09 -1000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-02 13:51:09 -0400 |
| commit | 26fcc5c24d7ef7e905181ba044447ed15746c73b (patch) | |
| tree | 00d9d9d22f28434f57dab94fa03bd357558d6db0 /src | |
| parent | a7e9a22886418b43ecdebd4ea3b5acba5425e822 (diff) | |
| download | cryptography-26fcc5c24d7ef7e905181ba044447ed15746c73b.tar.gz cryptography-26fcc5c24d7ef7e905181ba044447ed15746c73b.tar.bz2 cryptography-26fcc5c24d7ef7e905181ba044447ed15746c73b.zip | |
make signature and verification contexts error better re: prehashed (#3658)
* make signature and verification contexts error better re: prehashed
* code review feedback
Diffstat (limited to 'src')
4 files changed, 17 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index e2ed3dfd..c2223250 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm + _calculate_digest_and_algorithm, _check_not_prehashed ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -121,6 +121,7 @@ class _DSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, signature_algorithm): + _check_not_prehashed(signature_algorithm) return _DSASignatureContext(self._backend, self, signature_algorithm) def private_numbers(self): @@ -210,6 +211,7 @@ class _DSAPublicKey(object): if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") + _check_not_prehashed(signature_algorithm) return _DSAVerificationContext( self._backend, self, signature, signature_algorithm ) diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 3a81f919..b70735dc 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -9,7 +9,7 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm + _calculate_digest_and_algorithm, _check_not_prehashed ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -141,6 +141,7 @@ class _EllipticCurvePrivateKey(object): def signer(self, signature_algorithm): _check_signature_algorithm(signature_algorithm) + _check_not_prehashed(signature_algorithm.algorithm) return _ECDSASignatureContext( self._backend, self, signature_algorithm.algorithm ) @@ -244,6 +245,7 @@ class _EllipticCurvePublicKey(object): raise TypeError("signature must be bytes.") _check_signature_algorithm(signature_algorithm) + _check_not_prehashed(signature_algorithm.algorithm) return _ECDSAVerificationContext( self._backend, self, signature, signature_algorithm.algorithm ) diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 0a375721..fdde4589 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -11,7 +11,7 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm + _calculate_digest_and_algorithm, _check_not_prehashed ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ( @@ -378,6 +378,7 @@ class _RSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, padding, algorithm): + _check_not_prehashed(algorithm) return _RSASignatureContext(self._backend, self, padding, algorithm) def decrypt(self, ciphertext, padding): @@ -474,6 +475,7 @@ class _RSAPublicKey(object): if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") + _check_not_prehashed(algorithm) return _RSAVerificationContext( self._backend, self, signature, padding, algorithm ) diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py index e8b4a307..f71a62a5 100644 --- a/src/cryptography/hazmat/backends/openssl/utils.py +++ b/src/cryptography/hazmat/backends/openssl/utils.py @@ -23,3 +23,11 @@ def _calculate_digest_and_algorithm(backend, data, algorithm): ) return (data, algorithm) + + +def _check_not_prehashed(signature_algorithm): + if isinstance(signature_algorithm, Prehashed): + raise TypeError( + "Prehashed is only supported in the sign and verify methods. " + "It cannot be used with signer or verifier." + ) |