From 8df632bca56685effc66a8648199471931fac9c2 Mon Sep 17 00:00:00 2001 From: Ivan Levkivskyi Date: Thu, 21 Nov 2019 17:05:22 +0000 Subject: [PATCH] Fix some issues in cryptography package (#3474) Note: the verifier() methods are not in docs, but they don't look private and are actually used in some code. --- .../hazmat/primitives/asymmetric/dsa.pyi | 12 +++++--- .../hazmat/primitives/asymmetric/ec.pyi | 8 ++++-- .../hazmat/primitives/asymmetric/rsa.pyi | 7 +++-- third_party/2and3/cryptography/x509.pyi | 28 ++++++++++++------- 4 files changed, 36 insertions(+), 19 deletions(-) diff --git a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/dsa.pyi b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/dsa.pyi index 3dca306b3..ba957813d 100644 --- a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/dsa.pyi +++ b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/dsa.pyi @@ -1,7 +1,10 @@ from abc import ABCMeta, abstractmethod +from typing import Union + from cryptography.hazmat.backends.interfaces import DSABackend -from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding +from cryptography.hazmat.primitives.asymmetric import AsymmetricVerificationContext +from cryptography.hazmat.primitives.asymmetric.utils import Prehashed from cryptography.hazmat.primitives.hashes import HashAlgorithm from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat @@ -32,7 +35,7 @@ class DSAPrivateKey(metaclass=ABCMeta): @abstractmethod def public_key(self) -> DSAPublicKey: ... @abstractmethod - def sign(self, data: bytes, algorithm: HashAlgorithm) -> bytes: ... + def sign(self, data: bytes, algorithm: Union[HashAlgorithm, Prehashed]) -> bytes: ... class DSAPrivateKeyWithSerialization(DSAPrivateKey): @abstractmethod @@ -58,9 +61,10 @@ class DSAPublicKey(metaclass=ABCMeta): @abstractmethod def public_numbers(self) -> DSAPublicNumbers: ... @abstractmethod - def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ... + def verifier(self, signature: bytes, + signature_algorithm: Union[HashAlgorithm, Prehashed]) -> AsymmetricVerificationContext: ... @abstractmethod - def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ... + def verify(self, signature: bytes, data: bytes, algorithm: Union[HashAlgorithm, Prehashed]) -> None: ... DSAPublicKeyWithSerialization = DSAPublicKey diff --git a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/ec.pyi b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/ec.pyi index 34f8c8a12..af2893e8b 100644 --- a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/ec.pyi +++ b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/ec.pyi @@ -2,8 +2,8 @@ from abc import ABCMeta, abstractmethod from typing import ClassVar, Union from cryptography.hazmat.backends.interfaces import EllipticCurveBackend -from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding from cryptography.hazmat.primitives.asymmetric.utils import Prehashed +from cryptography.hazmat.primitives.asymmetric import AsymmetricVerificationContext from cryptography.hazmat.primitives.hashes import HashAlgorithm from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat from cryptography.x509 import ObjectIdentifier @@ -162,6 +162,8 @@ class EllipticCurvePrivateKey(metaclass=ABCMeta): def exchange(self, algorithm: ECDH, peer_public_key: EllipticCurvePublicKey) -> bytes: ... @abstractmethod def public_key(self) -> EllipticCurvePublicKey: ... + @abstractmethod + def sign(self, data: bytes, signature_algorithm: EllipticCurveSignatureAlgorithm) -> bytes: ... class EllipticCurvePrivateKeyWithSerialization(EllipticCurvePrivateKey): @abstractmethod @@ -193,9 +195,9 @@ class EllipticCurvePublicKey(metaclass=ABCMeta): @abstractmethod def public_numbers(self) -> EllipticCurvePublicNumbers: ... @abstractmethod - def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ... + def verifier(self, signature: bytes, signature_algorithm: EllipticCurveSignatureAlgorithm) -> AsymmetricVerificationContext: ... @abstractmethod - def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ... + def verify(self, signature: bytes, data: bytes, signature_algorithm: EllipticCurveSignatureAlgorithm) -> None: ... EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey diff --git a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/rsa.pyi b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/rsa.pyi index 93ccc5d62..30604dbed 100644 --- a/third_party/2and3/cryptography/hazmat/primitives/asymmetric/rsa.pyi +++ b/third_party/2and3/cryptography/hazmat/primitives/asymmetric/rsa.pyi @@ -2,6 +2,7 @@ from abc import ABCMeta, abstractmethod from typing import Tuple, Union from cryptography.hazmat.backends.interfaces import RSABackend +from cryptography.hazmat.primitives.asymmetric import AsymmetricVerificationContext from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding from cryptography.hazmat.primitives.asymmetric.utils import Prehashed from cryptography.hazmat.primitives.hashes import HashAlgorithm @@ -37,9 +38,11 @@ class RSAPublicKey(metaclass=ABCMeta): @abstractmethod def public_numbers(self) -> RSAPublicNumbers: ... @abstractmethod - def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ... + def verifier(self, signature: bytes, padding: AsymmetricPadding, + algorithm: Union[HashAlgorithm, Prehashed]) -> AsymmetricVerificationContext: ... @abstractmethod - def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ... + def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, + algorithm: Union[HashAlgorithm, Prehashed]) -> None: ... RSAPublicKeyWithSerialization = RSAPublicKey diff --git a/third_party/2and3/cryptography/x509.pyi b/third_party/2and3/cryptography/x509.pyi index 550fbfee5..4830b8dcc 100644 --- a/third_party/2and3/cryptography/x509.pyi +++ b/third_party/2and3/cryptography/x509.pyi @@ -2,7 +2,7 @@ import datetime from abc import ABCMeta, abstractmethod from enum import Enum from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network -from typing import Any, ClassVar, Dict, Generator, List, Optional, Union +from typing import Any, ClassVar, Generator, List, Optional, Union, Text, Iterable, Sequence from cryptography.hazmat.backends.interfaces import X509Backend from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey @@ -14,6 +14,7 @@ from cryptography.hazmat.primitives.hashes import HashAlgorithm from cryptography.hazmat.primitives.serialization import Encoding class ObjectIdentifier(object): + def __init__(self, dotted_string: str) -> None: ... def dotted_string(self) -> str: ... class CRLEntryExtensionOID(object): @@ -97,8 +98,8 @@ class SignatureAlgorithmOID(object): class NameAttribute(object): oid: ObjectIdentifier - value: str - def __init__(self, oid: ObjectIdentifier, value: str) -> None: ... + value: Text + def __init__(self, oid: ObjectIdentifier, value: Text) -> None: ... def rfc4514_string(self) -> str: ... class RelativeDistinguishedName(object): @@ -109,8 +110,9 @@ class RelativeDistinguishedName(object): class Name(object): rdns: List[RelativeDistinguishedName] - def __init__(self, attributes: List[Union[NameAttribute, RelativeDistinguishedName]]) -> None: ... + def __init__(self, attributes: Sequence[Union[NameAttribute, RelativeDistinguishedName]]) -> None: ... def __iter__(self) -> Generator[NameAttribute, None, None]: ... + def __len__(self) -> int: ... def get_attributes_for_oid(self, oid: ObjectIdentifier) -> List[NameAttribute]: ... def public_bytes(self, backend: X509Backend) -> bytes: ... def rfc4514_string(self) -> str: ... @@ -139,6 +141,12 @@ class Certificate(metaclass=ABCMeta): def public_key(self) -> Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey]: ... class CertificateBuilder(object): + def __init__(self, issuer_name: Optional[Name] = ..., subject_name: Optional[Name] = ..., + public_key: Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey, None] = ..., + serial_number: Optional[int] = ..., + not_valid_before: Optional[datetime.datetime] = ..., + not_valid_after: Optional[datetime.datetime] = ..., + extensions: Optional[Iterable[ExtensionType]] = ...) -> None: ... def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateBuilder: ... def issuer_name(self, name: Name) -> CertificateBuilder: ... def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder: ... @@ -231,8 +239,8 @@ class DirectoryName(GeneralName): def __init__(self, value: Name) -> None: ... class DNSName(GeneralName): - value: str - def __init__(self, value: str) -> None: ... + value: Text + def __init__(self, value: Text) -> None: ... class IPAddress(GeneralName): value: Union[IPv4Address, IPv6Address, IPv4Network, IPv6Network] @@ -248,12 +256,12 @@ class RegisteredID(GeneralName): def __init__(self, value: ObjectIdentifier) -> None: ... class RFC822Name(GeneralName): - value: str - def __init__(self, value: str) -> None: ... + value: Text + def __init__(self, value: Text) -> None: ... class UniformResourceIdentifier(GeneralName): - value: str - def __init__(self, value: str) -> None: ... + value: Text + def __init__(self, value: Text) -> None: ... # X.509 Extensions