Split load_rsa_numbers into load_rsa_private_numbers and load_rsa_public_numbers.
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 19d6fb7..524e0a5 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -142,11 +142,18 @@
generation.
"""
- def load_rsa_numbers(self, numbers):
+ @abc.abstractmethod
+ def load_rsa_private_numbers(self, numbers):
"""
Returns an RSAPrivateKey provider.
"""
+ @abc.abstractmethod
+ def load_rsa_public_numbers(self, numbers):
+ """
+ Returns an RSAPublicKey provider.
+ """
+
@six.add_metaclass(abc.ABCMeta)
class DSABackend(object):
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index 5acec33..f3c7937 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -178,9 +178,16 @@
raise UnsupportedAlgorithm("RSA is not supported by the backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
- def load_rsa_numbers(self, numbers):
+ def load_rsa_private_numbers(self, numbers):
for b in self._filtered_backends(RSABackend):
- return b.load_rsa_numbers(numbers)
+ return b.load_rsa_private_numbers(numbers)
+
+ raise UnsupportedAlgorithm("RSA is not supported by the backend",
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
+
+ def load_rsa_public_numbers(self, numbers):
+ for b in self._filtered_backends(RSABackend):
+ return b.load_rsa_public_numbers(numbers)
raise UnsupportedAlgorithm("RSA is not supported by the backend",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index e5870f3..ffe0966 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -377,23 +377,23 @@
return (public_exponent >= 3 and public_exponent & 1 != 0 and
key_size >= 512)
- def load_rsa_numbers(self, numbers):
- if isinstance(numbers, rsa.RSAPublicNumbers):
- return rsa.RSAPublicKey(
- public_exponent=numbers.e,
- modulus=numbers.n
- )
- elif isinstance(numbers, rsa.RSAPrivateNumbers):
- return rsa.RSAPrivateKey(
- p=numbers.p,
- q=numbers.q,
- private_exponent=numbers.d,
- dmp1=numbers.dmp1,
- dmq1=numbers.dmq1,
- iqmp=numbers.iqmp,
- public_exponent=numbers.public_numbers.e,
- modulus=numbers.public_numbers.n
- )
+ def load_rsa_private_numbers(self, numbers):
+ return rsa.RSAPrivateKey(
+ p=numbers.p,
+ q=numbers.q,
+ private_exponent=numbers.d,
+ dmp1=numbers.dmp1,
+ dmq1=numbers.dmq1,
+ iqmp=numbers.iqmp,
+ public_exponent=numbers.public_numbers.e,
+ modulus=numbers.public_numbers.n
+ )
+
+ def load_rsa_public_numbers(self, numbers):
+ return rsa.RSAPublicKey(
+ public_exponent=numbers.e,
+ modulus=numbers.n
+ )
def _new_evp_pkey(self):
evp_pkey = self._lib.EVP_PKEY_new()
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index c7d5667..a32829f 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -322,18 +322,21 @@
:raises ValueError: When plaintext is too long for the key size.
- .. method:: load_rsa_numbers(numbers):
+ .. method:: load_rsa_private_numbers(numbers):
:param numbers: An instance of
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`.
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
:returns: A provider of
- :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` or
- :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
- depending on if it's input was an
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`.
+ :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`.
+
+ .. method:: load_rsa_public_numbers(numbers):
+
+ :param numbers: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
+
+ :returns: A provider of
+ :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`.
.. class:: TraditionalOpenSSLSerializationBackend
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 71755f9..5a62420 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -113,7 +113,10 @@
def encrypt_rsa(self, public_key, plaintext, padding):
pass
- def load_rsa_numbers(self, numbers):
+ def load_rsa_private_numbers(self, numbers):
+ pass
+
+ def load_rsa_public_numbers(self, numbers):
pass
@@ -239,7 +242,9 @@
backend.decrypt_rsa("private_key", "encrypted", padding.PKCS1v15())
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=3, n=1))
+ backend.load_rsa_private_numbers("private_numbers")
+
+ backend.load_rsa_public_numbers("public_numbers")
backend = MultiBackend([])
with raises_unsupported_algorithm(
@@ -287,7 +292,12 @@
with raises_unsupported_algorithm(
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
):
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=3, n=1))
+ backend.load_rsa_private_numbers("private_numbers")
+
+ with raises_unsupported_algorithm(
+ _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
+ ):
+ backend.load_rsa_public_numbers("public_numbers")
def test_dsa(self):
backend = MultiBackend([
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index a165259..a76c0ec 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1787,19 +1787,19 @@
# Test a modulus < 3.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=7, n=2))
+ backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=7, n=2))
# Test a public_exponent < 3
with pytest.raises(ValueError):
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=1, n=15))
+ backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=1, n=15))
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=17, n=15))
+ backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=17, n=15))
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(rsa.RSAPublicNumbers(e=16, n=15))
+ backend.load_rsa_public_numbers(rsa.RSAPublicNumbers(e=16, n=15))
def test_invalid_private_numbers_argument_values(self, backend):
# Start with p=3, q=11, private_exponent=3, public_exponent=7,
@@ -1808,7 +1808,7 @@
# Test a modulus < 3.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1825,7 +1825,7 @@
# Test a modulus != p * q.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1842,7 +1842,7 @@
# Test a p > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=37,
q=11,
@@ -1859,7 +1859,7 @@
# Test a q > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=37,
@@ -1876,7 +1876,7 @@
# Test a dmp1 > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1893,7 +1893,7 @@
# Test a dmq1 > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1910,7 +1910,7 @@
# Test an iqmp > modulus.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1927,7 +1927,7 @@
# Test a private_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1944,7 +1944,7 @@
# Test a public_exponent < 3
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1961,7 +1961,7 @@
# Test a public_exponent > modulus
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1978,7 +1978,7 @@
# Test a public_exponent that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -1995,7 +1995,7 @@
# Test a dmp1 that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,
@@ -2012,7 +2012,7 @@
# Test a dmq1 that is not odd.
with pytest.raises(ValueError):
- backend.load_rsa_numbers(
+ backend.load_rsa_private_numbers(
rsa.RSAPrivateNumbers(
p=3,
q=11,