diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/utils.py | 31 | ||||
| -rw-r--r-- | src/cryptography/x509/extensions.py | 24 |
2 files changed, 7 insertions, 48 deletions
diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 44bf59d1..4c2337bf 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -6,9 +6,7 @@ from __future__ import absolute_import, division, print_function import warnings -from pyasn1.codec.der import decoder, encoder -from pyasn1.error import PyAsn1Error -from pyasn1.type import namedtype, univ +from asn1crypto.algos import DSASignature import six @@ -16,13 +14,6 @@ from cryptography import utils from cryptography.hazmat.primitives import hashes -class _DSSSigValue(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('r', univ.Integer()), - namedtype.NamedType('s', univ.Integer()) - ) - - def decode_rfc6979_signature(signature): warnings.warn( "decode_rfc6979_signature is deprecated and will " @@ -34,19 +25,8 @@ def decode_rfc6979_signature(signature): def decode_dss_signature(signature): - try: - data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) - except PyAsn1Error: - raise ValueError("Invalid signature data. Unable to decode ASN.1") - - if remaining: - raise ValueError( - "The signature contains bytes after the end of the ASN.1 sequence." - ) - - r = int(data.getComponentByName('r')) - s = int(data.getComponentByName('s')) - return (r, s) + data = DSASignature.load(signature, strict=True).native + return data['r'], data['s'] def encode_rfc6979_signature(r, s): @@ -66,10 +46,7 @@ def encode_dss_signature(r, s): ): raise ValueError("Both r and s must be integers") - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) - return encoder.encode(sig) + return DSASignature({'r': r, 's': s}).dump() class Prehashed(object): diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index f7f6fcd3..1a3ced7d 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -11,8 +11,7 @@ import ipaddress import warnings from enum import Enum -from pyasn1.codec.der import decoder -from pyasn1.type import namedtype, univ +from asn1crypto.keys import PublicKeyInfo import six @@ -27,13 +26,6 @@ from cryptography.x509.oid import ( ) -class _SubjectPublicKeyInfo(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('algorithm', univ.Sequence()), - namedtype.NamedType('subjectPublicKey', univ.BitString()) - ) - - def _key_identifier_from_public_key(public_key): if isinstance(public_key, RSAPublicKey): data = public_key.public_bytes( @@ -48,18 +40,8 @@ def _key_identifier_from_public_key(public_key): serialization.Encoding.DER, serialization.PublicFormat.SubjectPublicKeyInfo ) - spki, remaining = decoder.decode( - serialized, asn1Spec=_SubjectPublicKeyInfo() - ) - assert not remaining - # the univ.BitString object is a tuple of bits. We need bytes and - # pyasn1 really doesn't want to give them to us. To get it we'll - # build an integer and convert that to bytes. - bits = 0 - for bit in spki.getComponentByName("subjectPublicKey"): - bits = bits << 1 | bit - - data = utils.int_to_bytes(bits) + + data = six.binary_type(PublicKeyInfo.load(serialized)['public_key']) return hashlib.sha1(data).digest() |