diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-04-23 12:37:59 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-04-23 12:37:59 -0700 |
| commit | ff2b8cebe85c5326c52a0b4ffe467f99e5526849 (patch) | |
| tree | 0aa12fbd439c44c9c9750e2babb3a7f5df5efa28 /cryptography | |
| parent | e5a3ccfb8fdbbfd8b6f20a9fc720d88ce1e40b9b (diff) | |
| parent | 50e6230014e298658c7776e0659223e664265c4a (diff) | |
| download | cryptography-ff2b8cebe85c5326c52a0b4ffe467f99e5526849.tar.gz cryptography-ff2b8cebe85c5326c52a0b4ffe467f99e5526849.tar.bz2 cryptography-ff2b8cebe85c5326c52a0b4ffe467f99e5526849.zip | |
Merge pull request #949 from reaperhulk/rsa-oaep-decrypt
OAEP support for RSA decryption
Diffstat (limited to 'cryptography')
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 25 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/padding.py | 13 |
2 files changed, 37 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 4c487e4d..16b963ae 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -32,7 +32,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa, rsa from cryptography.hazmat.primitives.asymmetric.padding import ( - MGF1, PKCS1v15, PSS + MGF1, OAEP, PKCS1v15, PSS ) from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, Blowfish, CAST5, Camellia, IDEA, SEED, TripleDES @@ -477,6 +477,29 @@ class Backend(object): def decrypt_rsa(self, private_key, ciphertext, padding): if isinstance(padding, PKCS1v15): padding_enum = self._lib.RSA_PKCS1_PADDING + elif isinstance(padding, OAEP): + padding_enum = self._lib.RSA_PKCS1_OAEP_PADDING + if not isinstance(padding._mgf, MGF1): + raise UnsupportedAlgorithm( + "Only MGF1 is supported by this backend", + _Reasons.UNSUPPORTED_MGF + ) + + if not isinstance(padding._mgf._algorithm, hashes.SHA1): + raise UnsupportedAlgorithm( + "This backend supports only SHA1 inside MGF1 when " + "using OAEP", + _Reasons.UNSUPPORTED_HASH + ) + + if padding._label is not None and padding._label != b"": + raise ValueError("This backend does not support OAEP labels") + + if not isinstance(padding._algorithm, hashes.SHA1): + raise UnsupportedAlgorithm( + "This backend only supports SHA1 when using OAEP", + _Reasons.UNSUPPORTED_HASH + ) else: raise UnsupportedAlgorithm( "{0} is not supported by this backend".format( diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index 72806a61..dcc6fe06 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -54,6 +54,19 @@ class PSS(object): self._salt_length = salt_length +@utils.register_interface(interfaces.AsymmetricPadding) +class OAEP(object): + name = "EME-OAEP" + + def __init__(self, mgf, algorithm, label): + if not isinstance(algorithm, interfaces.HashAlgorithm): + raise TypeError("Expected instance of interfaces.HashAlgorithm.") + + self._mgf = mgf + self._algorithm = algorithm + self._label = label + + class MGF1(object): MAX_LENGTH = object() |