diff options
| -rw-r--r-- | cryptography/hazmat/backends/interfaces.py | 9 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/multibackend.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 34 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 19 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_multibackend.py | 16 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 34 |
6 files changed, 75 insertions, 48 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 19d6fb70..524e0a5b 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -142,11 +142,18 @@ class RSABackend(object): generation. """ - def load_rsa_numbers(self, numbers): + @abc.abstractmethod + def load_rsa_private_numbers(self, numbers): """ Returns an RSAPrivateKey provider. """ + @abc.abstractmethod + def load_rsa_public_numbers(self, numbers): + """ + Returns an RSAPublicKey provider. + """ + @six.add_metaclass(abc.ABCMeta) class DSABackend(object): diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 5acec333..f3c79376 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -178,9 +178,16 @@ class MultiBackend(object): raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) - def load_rsa_numbers(self, numbers): + def load_rsa_private_numbers(self, numbers): for b in self._filtered_backends(RSABackend): - return b.load_rsa_numbers(numbers) + return b.load_rsa_private_numbers(numbers) + + raise UnsupportedAlgorithm("RSA is not supported by the backend", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + + def load_rsa_public_numbers(self, numbers): + for b in self._filtered_backends(RSABackend): + return b.load_rsa_public_numbers(numbers) raise UnsupportedAlgorithm("RSA is not supported by the backend", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index e5870f3e..ffe09663 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -377,23 +377,23 @@ class Backend(object): return (public_exponent >= 3 and public_exponent & 1 != 0 and key_size >= 512) - def load_rsa_numbers(self, numbers): - if isinstance(numbers, rsa.RSAPublicNumbers): - return rsa.RSAPublicKey( - public_exponent=numbers.e, - modulus=numbers.n - ) - elif isinstance(numbers, rsa.RSAPrivateNumbers): - return rsa.RSAPrivateKey( - p=numbers.p, - q=numbers.q, - private_exponent=numbers.d, - dmp1=numbers.dmp1, - dmq1=numbers.dmq1, - iqmp=numbers.iqmp, - public_exponent=numbers.public_numbers.e, - modulus=numbers.public_numbers.n - ) + def load_rsa_private_numbers(self, numbers): + return rsa.RSAPrivateKey( + p=numbers.p, + q=numbers.q, + private_exponent=numbers.d, + dmp1=numbers.dmp1, + dmq1=numbers.dmq1, + iqmp=numbers.iqmp, + public_exponent=numbers.public_numbers.e, + modulus=numbers.public_numbers.n + ) + + def load_rsa_public_numbers(self, numbers): + return rsa.RSAPublicKey( + public_exponent=numbers.e, + modulus=numbers.n + ) def _new_evp_pkey(self): evp_pkey = self._lib.EVP_PKEY_new() diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index c7d5667d..a32829fc 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -322,18 +322,21 @@ A specific ``backend`` may provide one or more of these interfaces. :raises ValueError: When plaintext is too long for the key size. - .. method:: load_rsa_numbers(numbers): + .. method:: load_rsa_private_numbers(numbers): :param numbers: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`. + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. :returns: A provider of - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` or - :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` - depending on if it's input was an - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`. + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`. + + .. method:: load_rsa_public_numbers(numbers): + + :param numbers: An instance of + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. + + :returns: A provider of + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`. .. class:: TraditionalOpenSSLSerializationBackend diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 71755f91..5a624204 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -113,7 +113,10 @@ class DummyRSABackend(object): def encrypt_rsa(self, public_key, plaintext, padding): pass - def load_rsa_numbers(self, numbers): + def load_rsa_private_numbers(self, numbers): + pass + + def load_rsa_public_numbers(self, numbers): pass @@ -239,7 +242,9 @@ class TestMultiBackend(object): backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15()) - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=3, n=1)) + backend.load_rsa_private_numbers("private_numbers") + + backend.load_rsa_public_numbers("public_numbers") backend = MultiBackend([]) with raises_unsupported_algorithm( @@ -287,7 +292,12 @@ class TestMultiBackend(object): with raises_unsupported_algorithm( _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM ): - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=3, n=1)) + backend.load_rsa_private_numbers("private_numbers") + + with raises_unsupported_algorithm( + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ): + backend.load_rsa_public_numbers("public_numbers") def test_dsa(self): backend = MultiBackend([ diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index a1652594..a76c0ec2 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1787,19 +1787,19 @@ class TestRSANumbers(object): # Test a modulus < 3. with pytest.raises(ValueError): - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=7, n=2)) + backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=7, n=2)) # Test a public_exponent < 3 with pytest.raises(ValueError): - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=1, n=15)) + backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=1, n=15)) # Test a public_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=17, n=15)) + backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=17, n=15)) # Test a public_exponent that is not odd. with pytest.raises(ValueError): - backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=16, n=15)) + backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=16, n=15)) def test_invalid_private_numbers_argument_values(self, backend): # Start with p=3, q=11, private_exponent=3, public_exponent=7, @@ -1808,7 +1808,7 @@ class TestRSANumbers(object): # Test a modulus < 3. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1825,7 +1825,7 @@ class TestRSANumbers(object): # Test a modulus != p * q. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1842,7 +1842,7 @@ class TestRSANumbers(object): # Test a p > modulus. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=37, q=11, @@ -1859,7 +1859,7 @@ class TestRSANumbers(object): # Test a q > modulus. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=37, @@ -1876,7 +1876,7 @@ class TestRSANumbers(object): # Test a dmp1 > modulus. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1893,7 +1893,7 @@ class TestRSANumbers(object): # Test a dmq1 > modulus. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1910,7 +1910,7 @@ class TestRSANumbers(object): # Test an iqmp > modulus. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1927,7 +1927,7 @@ class TestRSANumbers(object): # Test a private_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1944,7 +1944,7 @@ class TestRSANumbers(object): # Test a public_exponent < 3 with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1961,7 +1961,7 @@ class TestRSANumbers(object): # Test a public_exponent > modulus with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1978,7 +1978,7 @@ class TestRSANumbers(object): # Test a public_exponent that is not odd. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -1995,7 +1995,7 @@ class TestRSANumbers(object): # Test a dmp1 that is not odd. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, @@ -2012,7 +2012,7 @@ class TestRSANumbers(object): # Test a dmq1 that is not odd. with pytest.raises(ValueError): - backend.load_rsa_numbers( + backend.load_rsa_private_numbers( rsa.RSAPrivateNumbers( p=3, q=11, |