diff options
| author | Marti Raudsepp <marti@juffo.org> | 2018-06-30 02:27:28 +0300 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-06-29 16:27:28 -0700 |
| commit | 3367806cd464fac96abd1b8416700ad174e8b64d (patch) | |
| tree | 914a214ce9072c46db1f911926a8785fc60530ff /src | |
| parent | 682014558f3521a942cdce3932837659ce24df34 (diff) | |
| download | cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.tar.gz cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.tar.bz2 cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.zip | |
Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294)
In 2005, IETF devised a more secure padding scheme to replace PKCS #1
v1.5. To make sure that nobody can easily support or use it, they
mandated lots of complicated parameters in the certificate, unlike any
other X.509 signature scheme.
https://tools.ietf.org/html/rfc4055
`_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be
supported as-is, because the hash algorithm is defined in the signature
algorithm parameters, not by the OID itself.
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/x509/__init__.py | 1 | ||||
| -rw-r--r-- | src/cryptography/x509/oid.py | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 224c9af6..d2f9b049 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -74,6 +74,7 @@ OID_RSA_WITH_SHA224 = SignatureAlgorithmOID.RSA_WITH_SHA224 OID_RSA_WITH_SHA256 = SignatureAlgorithmOID.RSA_WITH_SHA256 OID_RSA_WITH_SHA384 = SignatureAlgorithmOID.RSA_WITH_SHA384 OID_RSA_WITH_SHA512 = SignatureAlgorithmOID.RSA_WITH_SHA512 +OID_RSASSA_PSS = SignatureAlgorithmOID.RSASSA_PSS OID_COMMON_NAME = NameOID.COMMON_NAME OID_COUNTRY_NAME = NameOID.COUNTRY_NAME diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index 8b92d6b3..90003d79 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -137,6 +137,7 @@ class SignatureAlgorithmOID(object): RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11") RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12") RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13") + RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10") ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1") ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1") ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2") @@ -221,6 +222,7 @@ _OID_NAMES = { SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption", SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption", SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption", + SignatureAlgorithmOID.RSASSA_PSS: "RSASSA-PSS", SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1", SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224", SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256", |