summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2023-05-14 08:07:26 +0800
committerGitHub <noreply@github.com>2023-05-14 00:07:26 +0000
commit6cac7bcaf743d56215dd68a88f121c0811cfeb2b (patch)
tree325ef158e235f6b4d0405a6446abb584ccfa6228
parent05900ddc6e3860af3517b0e351bc841f46732f1a (diff)
downloadcryptography-6cac7bcaf743d56215dd68a88f121c0811cfeb2b.tar.gz
refactor signature algorithm parameters into a separate function (#8921)
* refactor signature algorithm parameters into a separate function this will be used in the verify_directly_issued_by PR * fix coverage with more refactoring
Diffstat
-rw-r--r--src/rust/src/x509/certificate.rs188
1 files changed, 104 insertions, 84 deletions
diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs
index 92ef6c967..4c0725023 100644
--- a/src/rust/src/x509/certificate.rs
+++ b/src/rust/src/x509/certificate.rs
@@ -269,29 +269,7 @@ impl Certificate {
&self,
py: pyo3::Python<'p>,
) -> Result<&'p pyo3::PyAny, CryptographyError> {
- let sig_oids_to_hash = py
- .import(pyo3::intern!(py, "cryptography.hazmat._oid"))?
- .getattr(pyo3::intern!(py, "_SIG_OIDS_TO_HASH"))?;
- match &self.raw.borrow_value().signature_alg.params {
- common::AlgorithmParameters::RsaPss(opt_pss) => {
- let pss = opt_pss.as_ref().ok_or_else(|| {
- pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters")
- })?;
- hash_oid_py_hash(py, pss.hash_algorithm.oid().clone())
- }
- _ => {
- let hash_alg = sig_oids_to_hash.get_item(self.signature_algorithm_oid(py)?);
- match hash_alg {
- Ok(data) => Ok(data),
- Err(_) => Err(CryptographyError::from(
- exceptions::UnsupportedAlgorithm::new_err(format!(
- "Signature algorithm OID: {} not recognized",
- self.raw.borrow_value().signature_alg.oid()
- )),
- )),
- }
- }
- }
+ identify_signature_hash_algorithm(py, &self.raw.borrow_value().signature_alg)
}
#[getter]
@@ -304,67 +282,7 @@ impl Certificate {
&'p self,
py: pyo3::Python<'p>,
) -> CryptographyResult<&'p pyo3::PyAny> {
- match &self.raw.borrow_value().signature_alg.params {
- common::AlgorithmParameters::RsaPss(opt_pss) => {
- let pss = opt_pss.as_ref().ok_or_else(|| {
- pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters")
- })?;
- if pss.mask_gen_algorithm.oid != oid::MGF1_OID {
- return Err(CryptographyError::from(
- pyo3::exceptions::PyValueError::new_err(format!(
- "Unsupported mask generation OID: {}",
- pss.mask_gen_algorithm.oid
- )),
- ));
- }
- let py_mask_gen_hash_alg =
- hash_oid_py_hash(py, pss.mask_gen_algorithm.params.oid().clone())?;
- let padding = py.import(pyo3::intern!(
- py,
- "cryptography.hazmat.primitives.asymmetric.padding"
- ))?;
- let py_mgf = padding
- .getattr(pyo3::intern!(py, "MGF1"))?
- .call1((py_mask_gen_hash_alg,))?;
- Ok(padding
- .getattr(pyo3::intern!(py, "PSS"))?
- .call1((py_mgf, pss.salt_length))?)
- }
- common::AlgorithmParameters::RsaWithSha1(_)
- | common::AlgorithmParameters::RsaWithSha1Alt(_)
- | common::AlgorithmParameters::RsaWithSha224(_)
- | common::AlgorithmParameters::RsaWithSha256(_)
- | common::AlgorithmParameters::RsaWithSha384(_)
- | common::AlgorithmParameters::RsaWithSha512(_)
- | common::AlgorithmParameters::RsaWithSha3_224(_)
- | common::AlgorithmParameters::RsaWithSha3_256(_)
- | common::AlgorithmParameters::RsaWithSha3_384(_)
- | common::AlgorithmParameters::RsaWithSha3_512(_) => {
- let pkcs = py
- .import(pyo3::intern!(
- py,
- "cryptography.hazmat.primitives.asymmetric.padding"
- ))?
- .getattr(pyo3::intern!(py, "PKCS1v15"))?
- .call0()?;
- Ok(pkcs)
- }
- common::AlgorithmParameters::EcDsaWithSha224
- | common::AlgorithmParameters::EcDsaWithSha256
- | common::AlgorithmParameters::EcDsaWithSha384
- | common::AlgorithmParameters::EcDsaWithSha512
- | common::AlgorithmParameters::EcDsaWithSha3_224
- | common::AlgorithmParameters::EcDsaWithSha3_256
- | common::AlgorithmParameters::EcDsaWithSha3_384
- | common::AlgorithmParameters::EcDsaWithSha3_512 => Ok(py
- .import(pyo3::intern!(
- py,
- "cryptography.hazmat.primitives.asymmetric.ec"
- ))?
- .getattr(pyo3::intern!(py, "ECDSA"))?
- .call1((self.signature_hash_algorithm(py)?,))?),
- _ => Ok(py.None().into_ref(py)),
- }
+ identify_signature_algorithm_parameters(py, &self.raw.borrow_value().signature_alg)
}
#[getter]
@@ -1076,6 +994,108 @@ pub(crate) fn set_bit(vals: &mut [u8], n: usize, set: bool) {
}
}
+pub(crate) fn identify_signature_hash_algorithm<'p>(
+ py: pyo3::Python<'p>,
+ signature_algorithm: &common::AlgorithmIdentifier<'_>,
+) -> CryptographyResult<&'p pyo3::PyAny> {
+ let sig_oids_to_hash = py
+ .import(pyo3::intern!(py, "cryptography.hazmat._oid"))?
+ .getattr(pyo3::intern!(py, "_SIG_OIDS_TO_HASH"))?;
+ match &signature_algorithm.params {
+ common::AlgorithmParameters::RsaPss(opt_pss) => {
+ let pss = opt_pss.as_ref().ok_or_else(|| {
+ pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters")
+ })?;
+ hash_oid_py_hash(py, pss.hash_algorithm.oid().clone())
+ }
+ _ => {
+ let py_sig_alg_oid = oid_to_py_oid(py, signature_algorithm.oid())?;
+ let hash_alg = sig_oids_to_hash.get_item(py_sig_alg_oid);
+ match hash_alg {
+ Ok(data) => Ok(data),
+ Err(_) => Err(CryptographyError::from(
+ exceptions::UnsupportedAlgorithm::new_err(format!(
+ "Signature algorithm OID: {} not recognized",
+ signature_algorithm.oid()
+ )),
+ )),
+ }
+ }
+ }
+}
+
+pub(crate) fn identify_signature_algorithm_parameters<'p>(
+ py: pyo3::Python<'p>,
+ signature_algorithm: &common::AlgorithmIdentifier<'_>,
+) -> CryptographyResult<&'p pyo3::PyAny> {
+ match &signature_algorithm.params {
+ common::AlgorithmParameters::RsaPss(opt_pss) => {
+ let pss = opt_pss.as_ref().ok_or_else(|| {
+ pyo3::exceptions::PyValueError::new_err("Invalid RSA PSS parameters")
+ })?;
+ if pss.mask_gen_algorithm.oid != oid::MGF1_OID {
+ return Err(CryptographyError::from(
+ pyo3::exceptions::PyValueError::new_err(format!(
+ "Unsupported mask generation OID: {}",
+ pss.mask_gen_algorithm.oid
+ )),
+ ));
+ }
+ let py_mask_gen_hash_alg =
+ hash_oid_py_hash(py, pss.mask_gen_algorithm.params.oid().clone())?;
+ let padding = py.import(pyo3::intern!(
+ py,
+ "cryptography.hazmat.primitives.asymmetric.padding"
+ ))?;
+ let py_mgf = padding
+ .getattr(pyo3::intern!(py, "MGF1"))?
+ .call1((py_mask_gen_hash_alg,))?;
+ Ok(padding
+ .getattr(pyo3::intern!(py, "PSS"))?
+ .call1((py_mgf, pss.salt_length))?)
+ }
+ common::AlgorithmParameters::RsaWithSha1(_)
+ | common::AlgorithmParameters::RsaWithSha1Alt(_)
+ | common::AlgorithmParameters::RsaWithSha224(_)
+ | common::AlgorithmParameters::RsaWithSha256(_)
+ | common::AlgorithmParameters::RsaWithSha384(_)
+ | common::AlgorithmParameters::RsaWithSha512(_)
+ | common::AlgorithmParameters::RsaWithSha3_224(_)
+ | common::AlgorithmParameters::RsaWithSha3_256(_)
+ | common::AlgorithmParameters::RsaWithSha3_384(_)
+ | common::AlgorithmParameters::RsaWithSha3_512(_) => {
+ let pkcs = py
+ .import(pyo3::intern!(
+ py,
+ "cryptography.hazmat.primitives.asymmetric.padding"
+ ))?
+ .getattr(pyo3::intern!(py, "PKCS1v15"))?
+ .call0()?;
+ Ok(pkcs)
+ }
+ common::AlgorithmParameters::EcDsaWithSha224
+ | common::AlgorithmParameters::EcDsaWithSha256
+ | common::AlgorithmParameters::EcDsaWithSha384
+ | common::AlgorithmParameters::EcDsaWithSha512
+ | common::AlgorithmParameters::EcDsaWithSha3_224
+ | common::AlgorithmParameters::EcDsaWithSha3_256
+ | common::AlgorithmParameters::EcDsaWithSha3_384
+ | common::AlgorithmParameters::EcDsaWithSha3_512 => {
+ let signature_hash_algorithm =
+ identify_signature_hash_algorithm(py, signature_algorithm)?;
+
+ Ok(py
+ .import(pyo3::intern!(
+ py,
+ "cryptography.hazmat.primitives.asymmetric.ec"
+ ))?
+ .getattr(pyo3::intern!(py, "ECDSA"))?
+ .call1((signature_hash_algorithm,))?)
+ }
+ _ => Ok(py.None().into_ref(py)),
+ }
+}
+
pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<()> {
module.add_function(pyo3::wrap_pyfunction!(load_der_x509_certificate, module)?)?;
module.add_function(pyo3::wrap_pyfunction!(load_pem_x509_certificate, module)?)?;
View Lorry Controller Status