Merge pull request #803 from alex/style
Don't put things with side effects in assert statements
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index 6bafe31..46e00b8 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -13,6 +13,8 @@
from __future__ import absolute_import, division, print_function
+import six
+
from cryptography import utils
from cryptography.hazmat.primitives import interfaces
@@ -20,3 +22,22 @@
@utils.register_interface(interfaces.AsymmetricPadding)
class PKCS1v15(object):
name = "EMSA-PKCS1-v1_5"
+
+
+class MGF1(object):
+ MAX_LENGTH = object()
+
+ def __init__(self, algorithm, salt_length):
+ if not isinstance(algorithm, interfaces.HashAlgorithm):
+ raise TypeError("Expected instance of interfaces.HashAlgorithm.")
+
+ self._algorithm = algorithm
+
+ if (not isinstance(salt_length, six.integer_types) and
+ salt_length is not self.MAX_LENGTH):
+ raise TypeError("salt_length must be an integer")
+
+ if salt_length is not self.MAX_LENGTH and salt_length < 0:
+ raise ValueError("salt_length must be zero or greater")
+
+ self._salt_length = salt_length
diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst
index 7aec3bd..8a03432 100644
--- a/docs/hazmat/primitives/asymmetric/padding.rst
+++ b/docs/hazmat/primitives/asymmetric/padding.rst
@@ -17,4 +17,27 @@
PKCS1 v1.5 (also known as simply PKCS1) is a simple padding scheme
developed for use with RSA keys. It is defined in :rfc:`3447`.
+Mask Generation Functions
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. class:: MGF1(algorithm, salt_length)
+
+ .. versionadded:: 0.3
+
+ MGF1 (Mask Generation Function 1) is used as the mask generation function
+ in :class:`PSS` padding. It takes a hash algorithm and a salt length.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :param int salt_length: The length of the salt. It is recommended that this
+ be set to ``MGF1.MAX_LENGTH``.
+
+ .. attribute:: MAX_LENGTH
+
+ Pass this attribute to ``salt_length`` to get the maximum salt length
+ available.
+
+
.. _`Padding is critical`: http://rdist.root.org/2009/10/06/why-rsa-encryption-padding-is-critical/
diff --git a/docs/installation.rst b/docs/installation.rst
index 63555ab..c6a2a5c 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -7,6 +7,18 @@
$ pip install cryptography
+Supported platforms
+-------------------
+
+Currently we test ``cryptography`` on Python 2.6, 2.7, 3.2, 3.3 and PyPy on
+these operating systems.
+
+* x86-64 CentOS 6.4 and CentOS 5
+* x86-64 FreeBSD 9.2 and FreeBSD 10
+* OS X 10.9 and OS X 10.8
+* x86-64 Ubuntu 12.04 LTS
+* 32-bit Python on 64-bit Windows Server 2008
+
On Windows
----------
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 7932326..114dc41 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -558,3 +558,30 @@
public_key = private_key.public_key()
with pytest.raises(TypeError):
public_key.verifier(b"sig", "notpadding", hashes.SHA1(), backend)
+
+
+class TestMGF1(object):
+ def test_invalid_hash_algorithm(self):
+ with pytest.raises(TypeError):
+ padding.MGF1(b"not_a_hash", 0)
+
+ def test_invalid_salt_length_not_integer(self):
+ with pytest.raises(TypeError):
+ padding.MGF1(hashes.SHA1(), b"not_a_length")
+
+ def test_invalid_salt_length_negative_integer(self):
+ with pytest.raises(ValueError):
+ padding.MGF1(hashes.SHA1(), -1)
+
+ def test_valid_mgf1_parameters(self):
+ algorithm = hashes.SHA1()
+ salt_length = algorithm.digest_size
+ mgf = padding.MGF1(algorithm, salt_length)
+ assert mgf._algorithm == algorithm
+ assert mgf._salt_length == salt_length
+
+ def test_valid_mgf1_parameters_maximum(self):
+ algorithm = hashes.SHA1()
+ mgf = padding.MGF1(algorithm, padding.MGF1.MAX_LENGTH)
+ assert mgf._algorithm == algorithm
+ assert mgf._salt_length == padding.MGF1.MAX_LENGTH