diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-04-02 17:12:26 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-04-02 21:28:53 -0500 |
commit | ba987453e648f6c40023c42524d11a4d568fcf99 (patch) | |
tree | d7d2a519954aeeab348ac35b4d19495e869b6605 /cryptography | |
parent | 5b2bf921d3c99035c2fe7a639af22dd267fbd0ad (diff) | |
download | cryptography-ba987453e648f6c40023c42524d11a4d568fcf99.tar.gz cryptography-ba987453e648f6c40023c42524d11a4d568fcf99.tar.bz2 cryptography-ba987453e648f6c40023c42524d11a4d568fcf99.zip |
move salt_length from MGF1 to PSS and start deprecation cycle
Diffstat (limited to 'cryptography')
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 19 | ||||
-rw-r--r-- | cryptography/hazmat/primitives/asymmetric/padding.py | 39 |
2 files changed, 44 insertions, 14 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 3293741c..0c632aee 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -701,15 +701,20 @@ class _HMACContext(object): return self._backend._ffi.buffer(buf)[:outlen[0]] -def _get_rsa_pss_salt_length(mgf, key_size, digest_size): - if mgf._salt_length is MGF1.MAX_LENGTH: +def _get_rsa_pss_salt_length(pss, key_size, digest_size): + if pss._mgf._salt_length is not None: + salt = pss._mgf._salt_length + else: + salt = pss._salt_length + + if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH: # bit length - 1 per RFC 3447 emlen = int(math.ceil((key_size - 1) / 8.0)) salt_length = emlen - digest_size - 2 assert salt_length >= 0 return salt_length else: - return mgf._salt_length + return salt @utils.register_interface(interfaces.AsymmetricSignatureContext) @@ -803,7 +808,7 @@ class _RSASignatureContext(object): res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( pkey_ctx, _get_rsa_pss_salt_length( - self._padding._mgf, + self._padding, self._private_key.key_size, self._hash_ctx.algorithm.digest_size ) @@ -871,7 +876,7 @@ class _RSASignatureContext(object): data_to_sign, evp_md, _get_rsa_pss_salt_length( - self._padding._mgf, + self._padding, self._private_key.key_size, len(data_to_sign) ) @@ -988,7 +993,7 @@ class _RSAVerificationContext(object): res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen( pkey_ctx, _get_rsa_pss_salt_length( - self._padding._mgf, + self._padding, self._public_key.key_size, self._hash_ctx.algorithm.digest_size ) @@ -1068,7 +1073,7 @@ class _RSAVerificationContext(object): evp_md, buf, _get_rsa_pss_salt_length( - self._padding._mgf, + self._padding, self._public_key.key_size, len(data_to_verify) ) diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index 02aff280..8a1929bb 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import warnings + import six from cryptography import utils @@ -26,26 +28,49 @@ class PKCS1v15(object): @utils.register_interface(interfaces.AsymmetricPadding) class PSS(object): + MAX_LENGTH = object() name = "EMSA-PSS" - def __init__(self, mgf): + def __init__(self, mgf, salt_length=None): self._mgf = mgf + if salt_length is None: + warnings.warn( + "salt_length is deprecated on MGF1 and should be added via the" + " PSS constructor.", + PendingDeprecationWarning + ) + else: + if (not isinstance(salt_length, six.integer_types) and + salt_length is not self.MAX_LENGTH): + raise TypeError("salt_length must be an integer") + + if salt_length is not self.MAX_LENGTH and salt_length < 0: + raise ValueError("salt_length must be zero or greater") + + self._salt_length = salt_length + class MGF1(object): MAX_LENGTH = object() - def __init__(self, algorithm, salt_length): + def __init__(self, algorithm, salt_length=None): if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") self._algorithm = algorithm - if (not isinstance(salt_length, six.integer_types) and - salt_length is not self.MAX_LENGTH): - raise TypeError("salt_length must be an integer") + if salt_length is not None: + warnings.warn( + "salt_length is deprecated on MGF1 and should be added via the" + " PSS constructor.", + PendingDeprecationWarning + ) + if (not isinstance(salt_length, six.integer_types) and + salt_length is not self.MAX_LENGTH): + raise TypeError("salt_length must be an integer") - if salt_length is not self.MAX_LENGTH and salt_length < 0: - raise ValueError("salt_length must be zero or greater") + if salt_length is not self.MAX_LENGTH and salt_length < 0: + raise ValueError("salt_length must be zero or greater") self._salt_length = salt_length |