docs, tests, general huge improvements to RSA decryption

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-05 19:51:00 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-20 16:53:02 -0500
commit: 4c0a374dd90cd48c21267e4d8be1ddef8288b29c (patch)
tree: e78af314d7d64e9eb00a624465cbeedbc37dd469 /cryptography
parent: 16b953a22abf2092f6d428f04141f3e5c9513ce9 (diff)
download: cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.tar.gz
cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.tar.bz2
cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.zip
4 files changed, 34 insertions, 8 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index c5c5a16e..677f4c67 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -118,7 +118,7 @@ class RSABackend(object):
         """
 
     @abc.abstractmethod
-    def rsa_decrypt(self, private_key, ciphertext, padding):
+    def decrypt_rsa(self, private_key, ciphertext, padding):
         """
         Returns decrypted bytes.
         """
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 2965c781..ca898dfd 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -473,14 +473,15 @@ class Backend(object):
             y=self._bn_to_int(ctx.pub_key)
         )
 
-    def rsa_decrypt(self, private_key, ciphertext, padding):
+    def decrypt_rsa(self, private_key, ciphertext, padding):
         if isinstance(padding, PKCS1v15):
             padding_enum = self._lib.RSA_PKCS1_PADDING
         elif isinstance(padding, OAEP):
             padding_enum = self._lib.RSA_PKCS1_OAEP_PADDING
             if not isinstance(padding._mgf, MGF1):
                 raise UnsupportedAlgorithm(
-                    "Only MGF1 is supported by this backend"
+                    "Only MGF1 is supported by this backend",
+                    _Reasons.UNSUPPORTED_MGF
                 )
 
             if not isinstance(padding._mgf._algorithm, hashes.SHA1):
@@ -489,6 +490,16 @@ class Backend(object):
                     "using OAEP",
                     _Reasons.UNSUPPORTED_HASH
                 )
+
+            if padding._label is not None and padding._label != b"":
+                raise ValueError("This backend does not support OAEP labels")
+
+            if not isinstance(padding._algorithm, hashes.SHA1):
+                raise UnsupportedAlgorithm(
+                    "This backend only supports SHA1 when using OAEP",
+                    _Reasons.UNSUPPORTED_HASH
+                )
+
         else:
             raise UnsupportedAlgorithm(
                 "{0} is not supported by this backend".format(
@@ -519,16 +530,17 @@ class Backend(object):
                 ciphertext,
                 len(ciphertext)
             )
-            assert res >= 0
-            if res == 0:
+            if res <= 0:
                 errors = self._consume_errors()
                 assert errors
-                raise SystemError  # TODO
+                raise self._unknown_error(errors[0])  # TODO
 
             return self._ffi.buffer(buf)[:outlen[0]]
         else:
             rsa_cdata = self._rsa_cdata_from_private_key(private_key)
             rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
+            res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
+            assert res == 1
             key_size = self._lib.RSA_size(rsa_cdata)
             assert key_size > 0
             buf = self._ffi.new("unsigned char[]", key_size)
@@ -542,7 +554,7 @@ class Backend(object):
             if res < 0:
                 errors = self._consume_errors()
                 assert errors
-                raise SystemError  # TODO
+                raise self._unknown_error(errors[0])  # TODO
 
             return self._ffi.buffer(buf)[:res]
 
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index 899fed17..9755dbcf 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -58,8 +58,13 @@ class PSS(object):
 class OAEP(object):
     name = "EME-OAEP"
 
-    def __init__(self, mgf):
+    def __init__(self, mgf, algorithm, label):
         self._mgf = mgf
+        if not isinstance(algorithm, interfaces.HashAlgorithm):
+            raise TypeError("Expected instance of interfaces.HashAlgorithm.")
+
+        self._algorithm = algorithm
+        self._label = label
 
 
 class MGF1(object):
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index 5b15350a..cffd4e98 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -189,6 +189,15 @@ class RSAPrivateKey(object):
 
         return backend.create_rsa_signature_ctx(self, padding, algorithm)
 
+    def decrypt(self, ciphertext, padding, backend):
+        if not isinstance(backend, RSABackend):
+            raise UnsupportedAlgorithm(
+                "Backend object does not implement RSABackend",
+                _Reasons.BACKEND_MISSING_INTERFACE
+            )
+
+        return backend.decrypt_rsa(self, ciphertext, padding)
+
     @property
     def key_size(self):
         return utils.bit_length(self.modulus)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-05 19:51:00 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-20 16:53:02 -0500
commit	4c0a374dd90cd48c21267e4d8be1ddef8288b29c (patch)
tree	e78af314d7d64e9eb00a624465cbeedbc37dd469 /cryptography
parent	16b953a22abf2092f6d428f04141f3e5c9513ce9 (diff)
download	cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.tar.gz cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.tar.bz2 cryptography-4c0a374dd90cd48c21267e4d8be1ddef8288b29c.zip