OAEP support for RSA decryption

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-21 15:35:38 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-22 11:18:42 -0500
commit: 5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc (patch)
tree: efa4bd9546b4f4557a96ede57847be562a12f573 /cryptography
parent: 8a312c2ccc99351f1a05dc607a574669944ea4cd (diff)
download: cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.tar.gz
cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.tar.bz2
cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.zip
2 files changed, 37 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 4c487e4d..16b963ae 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -32,7 +32,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import dsa, rsa
 from cryptography.hazmat.primitives.asymmetric.padding import (
-    MGF1, PKCS1v15, PSS
+    MGF1, OAEP, PKCS1v15, PSS
 )
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES, ARC4, Blowfish, CAST5, Camellia, IDEA, SEED, TripleDES
@@ -477,6 +477,29 @@ class Backend(object):
     def decrypt_rsa(self, private_key, ciphertext, padding):
         if isinstance(padding, PKCS1v15):
             padding_enum = self._lib.RSA_PKCS1_PADDING
+        elif isinstance(padding, OAEP):
+            padding_enum = self._lib.RSA_PKCS1_OAEP_PADDING
+            if not isinstance(padding._mgf, MGF1):
+                raise UnsupportedAlgorithm(
+                    "Only MGF1 is supported by this backend",
+                    _Reasons.UNSUPPORTED_MGF
+                )
+
+            if not isinstance(padding._mgf._algorithm, hashes.SHA1):
+                raise UnsupportedAlgorithm(
+                    "This backend supports only SHA1 inside MGF1 when "
+                    "using OAEP",
+                    _Reasons.UNSUPPORTED_HASH
+                )
+
+            if padding._label is not None and padding._label != b"":
+                raise ValueError("This backend does not support OAEP labels")
+
+            if not isinstance(padding._algorithm, hashes.SHA1):
+                raise UnsupportedAlgorithm(
+                    "This backend only supports SHA1 when using OAEP",
+                    _Reasons.UNSUPPORTED_HASH
+                )
         else:
             raise UnsupportedAlgorithm(
                 "{0} is not supported by this backend".format(
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index 72806a61..dcc6fe06 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -54,6 +54,19 @@ class PSS(object):
         self._salt_length = salt_length
 
 
+@utils.register_interface(interfaces.AsymmetricPadding)
+class OAEP(object):
+    name = "EME-OAEP"
+
+    def __init__(self, mgf, algorithm, label):
+        if not isinstance(algorithm, interfaces.HashAlgorithm):
+            raise TypeError("Expected instance of interfaces.HashAlgorithm.")
+
+        self._mgf = mgf
+        self._algorithm = algorithm
+        self._label = label
+
+
 class MGF1(object):
     MAX_LENGTH = object()
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-21 15:35:38 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-22 11:18:42 -0500
commit	5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc (patch)
tree	efa4bd9546b4f4557a96ede57847be562a12f573 /cryptography
parent	8a312c2ccc99351f1a05dc607a574669944ea4cd (diff)
download	cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.tar.gz cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.tar.bz2 cryptography-5186d69cdf8bf3fbed8a4fa6806cfe83a89424dc.zip