From f555c74d5419a52648e2a903595c13bd13d13ce2 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 20 Nov 2016 22:48:10 +0800
Subject: support RSA verify with prehashing (#3265)

* support RSA verify with prehashing

* review feedback

* more dedupe

* refactor and move to a separate module
---
 docs/hazmat/primitives/asymmetric/rsa.rst   |  7 ++++++-
 docs/hazmat/primitives/asymmetric/utils.rst | 14 +++++++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

(limited to 'docs')

diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index b6acab6b..6cf0e499 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -703,6 +703,9 @@ Key interfaces
     .. method:: verify(signature, data, padding, algorithm)
 
         .. versionadded:: 1.4
+        .. versionchanged:: 1.6
+            :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
+            can now be used as an ``algorithm``.
 
         Verify one block of data was signed by the private key
         associated with this public key.
@@ -715,7 +718,9 @@ Key interfaces
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`.
 
         :param algorithm: An instance of
-            :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
+            :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` or
+            :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
+            if the ``data`` you want to sign has already been hashed.
 
         :raises cryptography.exceptions.InvalidSignature: If the signature does
             not validate.
diff --git a/docs/hazmat/primitives/asymmetric/utils.rst b/docs/hazmat/primitives/asymmetric/utils.rst
index f29b3e99..ab49e551 100644
--- a/docs/hazmat/primitives/asymmetric/utils.rst
+++ b/docs/hazmat/primitives/asymmetric/utils.rst
@@ -35,7 +35,9 @@ Asymmetric Utilities
 
     ``Prehashed`` can be passed as the ``algorithm`` in
     :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign`
-    if the data to be signed has been hashed beforehand.
+    or
+    :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.verify`
+    if the data to be signed or verified has been hashed beforehand.
 
     :param algorithm: An instance of
         :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
@@ -62,3 +64,13 @@ Asymmetric Utilities
         ...     ),
         ...     utils.Prehashed(hashes.SHA256())
         ... )
+        >>> public_key = private_key.public_key()
+        >>> public_key.verify(
+        ...     signature,
+        ...     prehashed_msg,
+        ...     padding.PSS(
+        ...         mgf=padding.MGF1(hashes.SHA256()),
+        ...         salt_length=padding.PSS.MAX_LENGTH
+        ...     ),
+        ...     utils.Prehashed(hashes.SHA256())
+        ... )
-- 
cgit v1.2.3