diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-11-20 12:00:33 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-11-19 23:00:33 -0500 |
commit | 756255103c0c6b6f0a7215682489257661a42782 (patch) | |
tree | 4745a55a1aada12698fac7d2591458a7664579e6 | |
parent | ae2fb63f6fed904c562d2add072c129b54006ab2 (diff) | |
download | cryptography-756255103c0c6b6f0a7215682489257661a42782.tar.gz cryptography-756255103c0c6b6f0a7215682489257661a42782.tar.bz2 cryptography-756255103c0c6b6f0a7215682489257661a42782.zip |
refactor dsa sign/verify as prep for prehash (#3262)
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/dsa.py | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index 43702861..07d2c3bc 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -31,6 +31,34 @@ def _truncate_digest_for_dsa(dsa_cdata, digest, backend): return _truncate_digest(digest, order_bits) +def _dsa_sig_sign(backend, private_key, data): + sig_buf_len = backend._lib.DSA_size(private_key._dsa_cdata) + sig_buf = backend._ffi.new("unsigned char[]", sig_buf_len) + buflen = backend._ffi.new("unsigned int *") + + # The first parameter passed to DSA_sign is unused by OpenSSL but + # must be an integer. + res = backend._lib.DSA_sign( + 0, data, len(data), sig_buf, buflen, private_key._dsa_cdata + ) + backend.openssl_assert(res == 1) + backend.openssl_assert(buflen[0]) + + return backend._ffi.buffer(sig_buf)[:buflen[0]] + + +def _dsa_sig_verify(backend, public_key, signature, data): + # The first parameter passed to DSA_verify is unused by OpenSSL but + # must be an integer. + res = backend._lib.DSA_verify( + 0, data, len(data), signature, len(signature), public_key._dsa_cdata + ) + + if res != 1: + backend._consume_errors() + raise InvalidSignature + + @utils.register_interface(AsymmetricVerificationContext) class _DSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): @@ -50,16 +78,9 @@ class _DSAVerificationContext(object): data_to_verify = _truncate_digest_for_dsa( self._public_key._dsa_cdata, data_to_verify, self._backend ) - - # The first parameter passed to DSA_verify is unused by OpenSSL but - # must be an integer. - res = self._backend._lib.DSA_verify( - 0, data_to_verify, len(data_to_verify), self._signature, - len(self._signature), self._public_key._dsa_cdata) - - if res != 1: - self._backend._consume_errors() - raise InvalidSignature + _dsa_sig_verify( + self._backend, self._public_key, self._signature, data_to_verify + ) @utils.register_interface(AsymmetricSignatureContext) @@ -78,19 +99,7 @@ class _DSASignatureContext(object): data_to_sign = _truncate_digest_for_dsa( self._private_key._dsa_cdata, data_to_sign, self._backend ) - sig_buf_len = self._backend._lib.DSA_size(self._private_key._dsa_cdata) - sig_buf = self._backend._ffi.new("unsigned char[]", sig_buf_len) - buflen = self._backend._ffi.new("unsigned int *") - - # The first parameter passed to DSA_sign is unused by OpenSSL but - # must be an integer. - res = self._backend._lib.DSA_sign( - 0, data_to_sign, len(data_to_sign), sig_buf, - buflen, self._private_key._dsa_cdata) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(buflen[0]) - - return self._backend._ffi.buffer(sig_buf)[:buflen[0]] + return _dsa_sig_sign(self._backend, self._private_key, data_to_sign) @utils.register_interface(dsa.DSAParametersWithNumbers) |