support prehashing in RSA sign (#3238)

* support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-11-20 21:13:23 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-11-20 08:13:23 -0500
commit: 033bd7167d6546d34576dd0d798318999ec82a07 (patch)
tree: 0d4cd37af635d75692924a3edd2a260c574aa1ed /docs/hazmat/primitives/asymmetric
parent: d3fd692441cc6ea8fd20dc0c3a834459ff27cf05 (diff)
download: cryptography-033bd7167d6546d34576dd0d798318999ec82a07.tar.gz
cryptography-033bd7167d6546d34576dd0d798318999ec82a07.tar.bz2
cryptography-033bd7167d6546d34576dd0d798318999ec82a07.zip
2 files changed, 40 insertions, 1 deletions
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index d37b40f8..b6acab6b 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -564,6 +564,9 @@ Key interfaces
     .. method:: sign(data, padding, algorithm)
 
         .. versionadded:: 1.4
+        .. versionchanged:: 1.6
+            :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
+            can now be used as an ``algorithm``.
 
         Sign one block of data which can be verified later by others using the
         public key.
@@ -574,7 +577,9 @@ Key interfaces
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`.
 
         :param algorithm: An instance of
-            :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
+            :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` or
+            :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
+            if the ``data`` you want to sign has already been hashed.
 
         :return bytes: Signature.
 
diff --git a/docs/hazmat/primitives/asymmetric/utils.rst b/docs/hazmat/primitives/asymmetric/utils.rst
index 07883598..f29b3e99 100644
--- a/docs/hazmat/primitives/asymmetric/utils.rst
+++ b/docs/hazmat/primitives/asymmetric/utils.rst
@@ -28,3 +28,37 @@ Asymmetric Utilities
     :param int s: The raw signature value ``s``.
 
     :return bytes: The encoded signature.
+
+.. class:: Prehashed(algorithm)
+
+    .. versionadded:: 1.6
+
+    ``Prehashed`` can be passed as the ``algorithm`` in
+    :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign`
+    if the data to be signed has been hashed beforehand.
+
+    :param algorithm: An instance of
+        :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
+
+    .. doctest::
+
+        >>> import hashlib
+        >>> from cryptography.hazmat.backends import default_backend
+        >>> from cryptography.hazmat.primitives import hashes
+        >>> from cryptography.hazmat.primitives.asymmetric import (
+        ...    padding, rsa, utils
+        ... )
+        >>> private_key = rsa.generate_private_key(
+        ...     public_exponent=65537,
+        ...     key_size=2048,
+        ...     backend=default_backend()
+        ... )
+        >>> prehashed_msg = hashlib.sha256(b"A message I want to sign").digest()
+        >>> signature = private_key.sign(
+        ...     prehashed_msg,
+        ...     padding.PSS(
+        ...         mgf=padding.MGF1(hashes.SHA256()),
+        ...         salt_length=padding.PSS.MAX_LENGTH
+        ...     ),
+        ...     utils.Prehashed(hashes.SHA256())
+        ... )
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-11-20 21:13:23 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-11-20 08:13:23 -0500
commit	033bd7167d6546d34576dd0d798318999ec82a07 (patch)
tree	0d4cd37af635d75692924a3edd2a260c574aa1ed /docs/hazmat/primitives/asymmetric
parent	d3fd692441cc6ea8fd20dc0c3a834459ff27cf05 (diff)
download	cryptography-033bd7167d6546d34576dd0d798318999ec82a07.tar.gz cryptography-033bd7167d6546d34576dd0d798318999ec82a07.tar.bz2 cryptography-033bd7167d6546d34576dd0d798318999ec82a07.zip