diff options
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/rsa.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/twofactor/hotp.py | 3 | ||||
| -rw-r--r-- | docs/hazmat/primitives/twofactor.rst | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/twofactor/test_hotp.py | 6 |
4 files changed, 24 insertions, 2 deletions
diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index 359305c6..f895cd02 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -37,6 +37,7 @@ static const int RSA_PKCS1_PSS_PADDING; static const int RSA_F4; static const int Cryptography_HAS_PSS_PADDING; +static const int Cryptography_HAS_MGF1_MD; """ FUNCTIONS = """ @@ -70,6 +71,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *, int, const unsigned char *, MACROS = """ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int); int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int); +int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *, EVP_MD *); """ CUSTOMIZATIONS = """ @@ -82,6 +84,12 @@ int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL; int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL; static const long RSA_PKCS1_PSS_PADDING = 0; #endif +#if OPENSSL_VERSION_NUMBER >= 0x1000100f +static const long Cryptography_HAS_MGF1_MD = 1; +#else +static const long Cryptography_HAS_MGF1_MD = 0; +int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL; +#endif """ CONDITIONAL_NAMES = { @@ -92,4 +100,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_PSS_PADDING": [ "RSA_PKCS1_PSS_PADDING", ], + "Cryptography_HAS_MGF1_MD": [ + "EVP_PKEY_CTX_set_rsa_mgf1_md", + ], } diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 88bde715..83260225 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -27,6 +27,9 @@ class HOTP(object): if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") + if not isinstance(length, six.integer_types): + raise TypeError("Length parameter must be an integer type") + if length < 6 or length > 8: raise ValueError("Length of HOTP has to be between 6 to 8.") diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 0e781439..3912d483 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -50,7 +50,8 @@ codes (HMAC). :raises TypeError: This is raised if the provided ``algorithm`` is not :class:`~cryptography.hazmat.primitives.hashes.SHA1()`, :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or - :class:`~cryptography.hazmat.primitives.hashes.SHA512()`. + :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the + ``length`` parameter is not an integer. .. method:: generate(counter) @@ -145,7 +146,8 @@ similar to the following code. :raises TypeError: This is raised if the provided ``algorithm`` is not :class:`~cryptography.hazmat.primitives.hashes.SHA1()`, :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or - :class:`~cryptography.hazmat.primitives.hashes.SHA512()`. + :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the + ``length`` parameter is not an integer. .. method:: generate(time) diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py index 4c726b77..0f8c4a53 100644 --- a/tests/hazmat/primitives/twofactor/test_hotp.py +++ b/tests/hazmat/primitives/twofactor/test_hotp.py @@ -87,3 +87,9 @@ class TestHOTP(object): with pytest.raises(InvalidToken): hotp.verify(b"123456", counter) + + def test_length_not_int(self, backend): + secret = b"12345678901234567890" + + with pytest.raises(TypeError): + HOTP(secret, b"foo", SHA1(), backend) |