From a98f95a14ef6394795b9a34402d41552e43a8101 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 09:55:17 -1000 Subject: add pyasn1 as a dependency --- dev-requirements.txt | 1 - setup.py | 2 +- tox.ini | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 4fff76b5..092b9914 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,7 +5,6 @@ invoke iso8601 pep8-naming pretend -pyasn1 pytest requests sphinx diff --git a/setup.py b/setup.py index 7a76909b..3e2ab3eb 100644 --- a/setup.py +++ b/setup.py @@ -36,6 +36,7 @@ VECTORS_DEPENDENCY = "cryptography_vectors=={0}".format(about['__version__']) requirements = [ CFFI_DEPENDENCY, + "pyasn1", SIX_DEPENDENCY, SETUPTOOLS_DEPENDENCY ] @@ -43,7 +44,6 @@ requirements = [ # If you add a new dep here you probably need to add it in the tox.ini as well test_requirements = [ "pytest", - "pyasn1", "pretend", "iso8601", ] diff --git a/tox.ini b/tox.ini index 4d4ac20c..89a4808f 100644 --- a/tox.ini +++ b/tox.ini @@ -7,7 +7,6 @@ deps = coverage iso8601 pretend - pyasn1 pytest ./vectors commands = -- cgit v1.2.3 From 65d054d1a9b8b122096d7994fc2fe675c06f423f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 10:29:59 -1000 Subject: add decode_rfc6979_signature helper for DSA/ECDSA --- docs/hazmat/primitives/asymmetric/dsa.rst | 3 ++- docs/hazmat/primitives/asymmetric/ec.rst | 4 +++- docs/hazmat/primitives/asymmetric/index.rst | 1 + docs/hazmat/primitives/asymmetric/utils.rst | 16 ++++++++++++++++ .../hazmat/primitives/asymmetric/utils.py | 22 ++++++++++++++++++++++ 5 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 docs/hazmat/primitives/asymmetric/utils.rst create mode 100644 src/cryptography/hazmat/primitives/asymmetric/utils.py diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 43741ede..df3c99fc 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -80,7 +80,8 @@ provider. >>> signature = signer.finalize() The ``signature`` is a ``bytes`` object, whose contents is DER encoded as -described in :rfc:`6979`. +described in :rfc:`6979`. This can be decoded using +:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature`. Verification ~~~~~~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index fd20cbb2..13ab7c11 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -53,7 +53,9 @@ Elliptic Curve Signature Algorithms >>> signature = signer.finalize() The ``signature`` is a ``bytes`` object, whose contents is DER encoded as - described in :rfc:`6979`. + described in :rfc:`6979`. This can be decoded using + :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature`. + .. class:: EllipticCurvePrivateNumbers(private_value, public_numbers) diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst index 6a5228ba..24f0f5b1 100644 --- a/docs/hazmat/primitives/asymmetric/index.rst +++ b/docs/hazmat/primitives/asymmetric/index.rst @@ -11,3 +11,4 @@ Asymmetric algorithms rsa padding serialization + utils diff --git a/docs/hazmat/primitives/asymmetric/utils.rst b/docs/hazmat/primitives/asymmetric/utils.rst new file mode 100644 index 00000000..9749b6d1 --- /dev/null +++ b/docs/hazmat/primitives/asymmetric/utils.rst @@ -0,0 +1,16 @@ +.. hazmat:: + +Asymmetric Utilities +==================== + +.. currentmodule:: cryptography.hazmat.primitives.asymmetric.utils + + +.. function:: decode_rfc6979_signature(signature) + + Takes in :rfc:`6979` signatures generated by the DSA/ECDSA signers and + returns a tuple ``(r, s)``. + + :param bytes signature: The signature to decode. + + :returns: The decoded tuple ``(r, s)``. diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py new file mode 100644 index 00000000..5e35b3f6 --- /dev/null +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -0,0 +1,22 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +from pyasn1.codec.der import decoder +from pyasn1.type import namedtype, univ + + +class _DSSSigValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('r', univ.Integer()), + namedtype.NamedType('s', univ.Integer()) + ) + + +def decode_rfc6979_signature(signature): + data = decoder.decode(signature, asn1Spec=_DSSSigValue()) + r = int(data[0].getComponentByName('r')) + s = int(data[0].getComponentByName('s')) + return (r, s) -- cgit v1.2.3 From aa7dacaf53e150d9d6e58224c46b88214f2957df Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 10:40:12 -1000 Subject: add encode_rfc6979_signature and refactor tests to use it --- docs/hazmat/primitives/asymmetric/utils.rst | 10 +++++++ .../hazmat/primitives/asymmetric/utils.py | 9 +++++- tests/hazmat/primitives/test_asym_utils.py | 34 ++++++++++++++++++++++ tests/hazmat/primitives/test_dsa.py | 9 ++++-- tests/hazmat/primitives/test_ec.py | 18 +++++------- tests/test_utils.py | 22 +------------- tests/utils.py | 17 ----------- 7 files changed, 66 insertions(+), 53 deletions(-) create mode 100644 tests/hazmat/primitives/test_asym_utils.py diff --git a/docs/hazmat/primitives/asymmetric/utils.rst b/docs/hazmat/primitives/asymmetric/utils.rst index 9749b6d1..6b348801 100644 --- a/docs/hazmat/primitives/asymmetric/utils.rst +++ b/docs/hazmat/primitives/asymmetric/utils.rst @@ -14,3 +14,13 @@ Asymmetric Utilities :param bytes signature: The signature to decode. :returns: The decoded tuple ``(r, s)``. + +.. function:: encode_rfc6979_signature(r, s) + + Creates an :rfc:`6979` byte string from raw signature values. + + :param int r: The raw signature value ``r``. + + :param int s: The raw signature value ``s``. + + :return bytes: The encoded signature. diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 5e35b3f6..0140e6c1 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -4,7 +4,7 @@ from __future__ import absolute_import, division, print_function -from pyasn1.codec.der import decoder +from pyasn1.codec.der import decoder, encoder from pyasn1.type import namedtype, univ @@ -20,3 +20,10 @@ def decode_rfc6979_signature(signature): r = int(data[0].getComponentByName('r')) s = int(data[0].getComponentByName('s')) return (r, s) + + +def encode_rfc6979_signature(r, s): + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) + return encoder.encode(sig) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py new file mode 100644 index 00000000..f2f8850f --- /dev/null +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -0,0 +1,34 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +from cryptography.hazmat.primitives.asymmetric.utils import ( + decode_rfc6979_signature, encode_rfc6979_signature +) + + +def test_rfc6979_signature(): + sig = encode_rfc6979_signature(1, 1) + assert sig == b"0\x06\x02\x01\x01\x02\x01\x01" + assert decode_rfc6979_signature(sig) == (1, 1) + + r_s1 = ( + 1037234182290683143945502320610861668562885151617, + 559776156650501990899426031439030258256861634312 + ) + sig2 = encode_rfc6979_signature(*r_s1) + assert sig2 == ( + b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b' + b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08' + ) + assert decode_rfc6979_signature(sig2) == r_s1 + + sig3 = encode_rfc6979_signature(0, 0) + assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00" + assert decode_rfc6979_signature(sig3) == (0, 0) + + sig4 = encode_rfc6979_signature(-1, 0) + assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00" + assert decode_rfc6979_signature(sig4) == (-1, 0) diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 6411b7f9..f818f73b 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -12,14 +12,17 @@ from cryptography.exceptions import AlreadyFinalized, InvalidSignature from cryptography.hazmat.backends.interfaces import DSABackend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa +from cryptography.hazmat.primitives.asymmetric.utils import ( + encode_rfc6979_signature +) from cryptography.utils import bit_length from .fixtures_dsa import ( DSA_KEY_1024, DSA_KEY_2048, DSA_KEY_3072 ) from ...utils import ( - der_encode_dsa_signature, load_fips_dsa_key_pair_vectors, - load_fips_dsa_sig_vectors, load_vectors_from_file, + load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors, + load_vectors_from_file, ) @@ -557,7 +560,7 @@ class TestDSAVerification(object): ), y=vector['y'] ).public_key(backend) - sig = der_encode_dsa_signature(vector['r'], vector['s']) + sig = encode_rfc6979_signature(vector['r'], vector['s']) verifier = public_key.verifier(sig, algorithm()) verifier.update(vector['msg']) if vector['result'] == "F": diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 3080a6c2..a006f01f 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -13,11 +13,13 @@ from cryptography import exceptions, utils from cryptography.hazmat.backends.interfaces import EllipticCurveBackend from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.asymmetric.utils import ( + encode_rfc6979_signature +) from ...utils import ( - der_encode_dsa_signature, load_fips_ecdsa_key_pair_vectors, - load_fips_ecdsa_signing_vectors, load_vectors_from_file, - raises_unsupported_algorithm + load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors, + load_vectors_from_file, raises_unsupported_algorithm ) _HASH_TYPES = { @@ -305,10 +307,7 @@ class TestECDSAVectors(object): curve_type() ).public_key(backend) - signature = der_encode_dsa_signature( - vector['r'], - vector['s'] - ) + signature = encode_rfc6979_signature(vector['r'], vector['s']) verifier = key.verifier( signature, @@ -337,10 +336,7 @@ class TestECDSAVectors(object): curve_type() ).public_key(backend) - signature = der_encode_dsa_signature( - vector['r'], - vector['s'] - ) + signature = encode_rfc6979_signature(vector['r'], vector['s']) verifier = key.verifier( signature, diff --git a/tests/test_utils.py b/tests/test_utils.py index 637c42bc..bc5f2e14 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -18,7 +18,7 @@ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons import cryptography_vectors from .utils import ( - check_backend_support, der_encode_dsa_signature, load_cryptrec_vectors, + check_backend_support, load_cryptrec_vectors, load_fips_dsa_key_pair_vectors, load_fips_dsa_sig_vectors, load_fips_ecdsa_key_pair_vectors, load_fips_ecdsa_signing_vectors, load_hash_vectors, load_kasvs_dh_vectors, load_nist_vectors, @@ -110,26 +110,6 @@ def test_check_backend_support_no_backend(): check_backend_support(item) -def test_der_encode_dsa_signature_values(): - sig = der_encode_dsa_signature(1, 1) - assert sig == b"0\x06\x02\x01\x01\x02\x01\x01" - - sig2 = der_encode_dsa_signature( - 1037234182290683143945502320610861668562885151617, - 559776156650501990899426031439030258256861634312 - ) - assert sig2 == ( - b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b' - b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08' - ) - - sig3 = der_encode_dsa_signature(0, 0) - assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00" - - sig4 = der_encode_dsa_signature(-1, 0) - assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00" - - def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 01ab4e6f..37efc580 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -9,9 +9,6 @@ import collections import re from contextlib import contextmanager -from pyasn1.codec.der import encoder -from pyasn1.type import namedtype, univ - import pytest import six @@ -73,20 +70,6 @@ def raises_unsupported_algorithm(reason): assert exc_info.value._reason is reason -class _DSSSigValue(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('r', univ.Integer()), - namedtype.NamedType('s', univ.Integer()) - ) - - -def der_encode_dsa_signature(r, s): - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) - return encoder.encode(sig) - - def load_vectors_from_file(filename, loader, mode="r"): with cryptography_vectors.open_vector_file(filename, mode) as vector_file: return loader(vector_file) -- cgit v1.2.3 From b3a3e5c78650f0bbcaa5386e2185381156032d56 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 11:27:32 -1000 Subject: add changelog entry --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a0d8150d..b8a799a2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.interfaces.MACContext` as a common interface for CMAC and HMAC and deprecated :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`. +* Added support for encoding and decoding :rfc:`6979` signatures in + :doc:`/hazmat/primitives/asymmetric/utils`. 0.6.1 - 2014-10-15 ~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 94a0713e3aa1b2ec4f98fe1eb690ef2160d70fdf Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 30 Nov 2014 09:51:10 -1000 Subject: error if signature has trailing bytes --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 4 ++++ tests/hazmat/primitives/test_asym_utils.py | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 0140e6c1..a1a40292 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -17,6 +17,10 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): data = decoder.decode(signature, asn1Spec=_DSSSigValue()) + if data[1]: + raise ValueError( + "The signature contains bytes after the end of the ASN.1 sequence." + ) r = int(data[0].getComponentByName('r')) s = int(data[0].getComponentByName('s')) return (r, s) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index f2f8850f..f8a67b68 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -4,6 +4,8 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography.hazmat.primitives.asymmetric.utils import ( decode_rfc6979_signature, encode_rfc6979_signature ) @@ -32,3 +34,8 @@ def test_rfc6979_signature(): sig4 = encode_rfc6979_signature(-1, 0) assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00" assert decode_rfc6979_signature(sig4) == (-1, 0) + + +def test_decode_rfc6979_trailing_bytes(): + with pytest.raises(ValueError): + decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") -- cgit v1.2.3 From d5fe4ba989f1c8ff5494fee3f6404a14456eac8d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 30 Nov 2014 10:18:08 -1000 Subject: assign tuple to multiple vars for better readability --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index a1a40292..36b9080d 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -16,13 +16,13 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data = decoder.decode(signature, asn1Spec=_DSSSigValue()) - if data[1]: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." ) - r = int(data[0].getComponentByName('r')) - s = int(data[0].getComponentByName('s')) + r = int(data.getComponentByName('r')) + s = int(data.getComponentByName('s')) return (r, s) -- cgit v1.2.3 From 73251faf2cb043dc9795b46c98c7084482d2aed2 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 6 Dec 2014 23:17:23 -0600 Subject: catch PyAsn1Error when decoding rfc6979 signature --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 7 ++++++- tests/hazmat/primitives/test_asym_utils.py | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 36b9080d..08bb40c7 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function from pyasn1.codec.der import decoder, encoder +from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ @@ -16,7 +17,11 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + try: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + except PyAsn1Error: + raise ValueError("Invalid signature data. Unable to decode ASN.1") + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index f8a67b68..640b5b3d 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -39,3 +39,8 @@ def test_rfc6979_signature(): def test_decode_rfc6979_trailing_bytes(): with pytest.raises(ValueError): decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") + + +def test_decode_rfc6979_invalid_asn1(): + with pytest.raises(ValueError): + decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01") -- cgit v1.2.3 From ae6db32351447bf41b809ea4b18f17641724dac1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 10:41:34 -0600 Subject: add comment describing how the ASN.1 sequence in a test is invalid --- tests/hazmat/primitives/test_asym_utils.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index 640b5b3d..1a945f3a 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -43,4 +43,6 @@ def test_decode_rfc6979_trailing_bytes(): def test_decode_rfc6979_invalid_asn1(): with pytest.raises(ValueError): + # This byte sequence has an invalid ASN.1 sequence length as well as + # an invalid integer length for the second integer. decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01") -- cgit v1.2.3 From a43964a0e90d7788b81521c9e7b949cdc2b555a0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 11:44:04 -0600 Subject: catch PyAsn1Error for encoding signature as well --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 10 +++++++--- tests/hazmat/primitives/test_asym_utils.py | 8 ++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 08bb40c7..cf5973a0 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -32,7 +32,11 @@ def decode_rfc6979_signature(signature): def encode_rfc6979_signature(r, s): - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) + try: + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) + except PyAsn1Error: + raise ValueError("Both r and s must be integers") + return encoder.encode(sig) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index 1a945f3a..3598f78a 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -36,6 +36,14 @@ def test_rfc6979_signature(): assert decode_rfc6979_signature(sig4) == (-1, 0) +def test_encode_rfc6979_non_integer(): + with pytest.raises(ValueError): + encode_rfc6979_signature("h", 3) + encode_rfc6979_signature(3, "h") + encode_rfc6979_signature(3.3, 1.2) + encode_rfc6979_signature("hello", "world") + + def test_decode_rfc6979_trailing_bytes(): with pytest.raises(ValueError): decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") -- cgit v1.2.3 From 6a4342c18ca0507f3d1842591553bddac6eb9189 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 13:52:39 -0600 Subject: directly test r, s for integer-ness --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 14 +++++++++----- tests/hazmat/primitives/test_asym_utils.py | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index cf5973a0..71f4ff8e 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -8,6 +8,8 @@ from pyasn1.codec.der import decoder, encoder from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ +import six + class _DSSSigValue(univ.Sequence): componentType = namedtype.NamedTypes( @@ -32,11 +34,13 @@ def decode_rfc6979_signature(signature): def encode_rfc6979_signature(r, s): - try: - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) - except PyAsn1Error: + if ( + not isinstance(r, six.integer_types) or + not isinstance(s, six.integer_types) + ): raise ValueError("Both r and s must be integers") + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) return encoder.encode(sig) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index 3598f78a..9403669c 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -39,6 +39,7 @@ def test_rfc6979_signature(): def test_encode_rfc6979_non_integer(): with pytest.raises(ValueError): encode_rfc6979_signature("h", 3) + encode_rfc6979_signature("3", "2") encode_rfc6979_signature(3, "h") encode_rfc6979_signature(3.3, 1.2) encode_rfc6979_signature("hello", "world") -- cgit v1.2.3 From ac4d5f2249de136cbfef72aa650dcc4703b67851 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 17:44:29 -0600 Subject: Stupid mistake number one billion. --- tests/hazmat/primitives/test_asym_utils.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index 9403669c..bf55bad8 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -39,9 +39,17 @@ def test_rfc6979_signature(): def test_encode_rfc6979_non_integer(): with pytest.raises(ValueError): encode_rfc6979_signature("h", 3) + + with pytest.raises(ValueError): encode_rfc6979_signature("3", "2") + + with pytest.raises(ValueError): encode_rfc6979_signature(3, "h") + + with pytest.raises(ValueError): encode_rfc6979_signature(3.3, 1.2) + + with pytest.raises(ValueError): encode_rfc6979_signature("hello", "world") -- cgit v1.2.3