Browse Source

Address verifier DeprecationWarning

The use of signer and verifier in cryptography has been
deprecated, and causes the following warning:

cursive/cursive/signature_utils.py:139: DeprecationWarning: signer
and verifier have been deprecated. Please use sign and verify
instead.

This patch adds a wrapper around the use of verifier, so
that sign and verify are used with cryptography, but the
client use of the library doesn't have to change.

Change-Id: Ib4aaa4fc9eb893b74f08bc8ff732a4dae152f685
Brianna Poulos 1 year ago
parent
commit
edd60e3a17
3 changed files with 104 additions and 14 deletions
  1. 26
    7
      cursive/signature_utils.py
  2. 1
    7
      cursive/tests/unit/test_signature_utils.py
  3. 77
    0
      cursive/verifiers.py

+ 26
- 7
cursive/signature_utils.py View File

@@ -30,6 +30,7 @@ from oslo_utils import encodeutils
30 30
 
31 31
 from cursive import exception
32 32
 from cursive.i18n import _, _LE
33
+from cursive import verifiers
33 34
 
34 35
 LOG = logging.getLogger(__name__)
35 36
 
@@ -126,6 +127,10 @@ def create_verifier_for_pss(signature, hash_method, public_key):
126 127
                                         are invalid
127 128
     :returns: the verifier to use to verify the signature for RSA-PSS
128 129
     """
130
+    # confirm none of the inputs are None
131
+    if not signature or not hash_method or not public_key:
132
+        return None
133
+
129 134
     # default to MGF1
130 135
     mgf = padding.MGF1(hash_method)
131 136
 
@@ -133,10 +138,14 @@ def create_verifier_for_pss(signature, hash_method, public_key):
133 138
     salt_length = padding.PSS.MAX_LENGTH
134 139
 
135 140
     # return the verifier
136
-    return public_key.verifier(
141
+    return verifiers.RSAVerifier(
137 142
         signature,
138
-        padding.PSS(mgf=mgf, salt_length=salt_length),
139
-        hash_method
143
+        hash_method,
144
+        public_key,
145
+        padding.PSS(
146
+            mgf=mgf,
147
+            salt_length=salt_length
148
+        )
140 149
     )
141 150
 
142 151
 
@@ -148,10 +157,15 @@ def create_verifier_for_ecc(signature, hash_method, public_key):
148 157
     :param public_key: the public key to use, as a cryptography object
149 158
     :returns: the verifier to use to verify the signature for ECC_*.
150 159
     """
160
+    # confirm none of the inputs are None
161
+    if not signature or not hash_method or not public_key:
162
+        return None
163
+
151 164
     # return the verifier
152
-    return public_key.verifier(
165
+    return verifiers.ECCVerifier(
153 166
         signature,
154
-        ec.ECDSA(hash_method)
167
+        hash_method,
168
+        public_key,
155 169
     )
156 170
 
157 171
 
@@ -163,10 +177,15 @@ def create_verifier_for_dsa(signature, hash_method, public_key):
163 177
     :param public_key: the public key to use, as a cryptography object
164 178
     :returns: the verifier to use to verify the signature for DSA
165 179
     """
180
+    # confirm none of the inputs are None
181
+    if not signature or not hash_method or not public_key:
182
+        return None
183
+
166 184
     # return the verifier
167
-    return public_key.verifier(
185
+    return verifiers.DSAVerifier(
168 186
         signature,
169
-        hash_method
187
+        hash_method,
188
+        public_key,
170 189
     )
171 190
 
172 191
 

+ 1
- 7
cursive/tests/unit/test_signature_utils.py View File

@@ -106,12 +106,6 @@ class FakeCryptoCertificate(object):
106 106
         return self.cert_not_valid_after
107 107
 
108 108
 
109
-class BadPublicKey(object):
110
-
111
-    def verifier(self, signature, padding, hash_method):
112
-        return None
113
-
114
-
115 109
 class TestSignatureUtils(base.TestCase):
116 110
     """Test methods of signature_utils"""
117 111
 
@@ -248,7 +242,7 @@ class TestSignatureUtils(base.TestCase):
248 242
 
249 243
     @mock.patch('cursive.signature_utils.get_public_key')
250 244
     def test_get_verifier_none(self, mock_get_pub_key):
251
-        mock_get_pub_key.return_value = BadPublicKey()
245
+        mock_get_pub_key.return_value = None
252 246
         img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
253 247
         self.assertRaisesRegex(exception.SignatureVerificationError,
254 248
                                'Error occurred while creating'

+ 77
- 0
cursive/verifiers.py View File

@@ -0,0 +1,77 @@
1
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#    not use this file except in compliance with the License. You may obtain
3
+#    a copy of the License at
4
+#
5
+#         http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#    Unless required by applicable law or agreed to in writing, software
8
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#    License for the specific language governing permissions and limitations
11
+#    under the License.
12
+
13
+"""Wrap cryptography verify with verifier."""
14
+
15
+from cryptography.hazmat.backends import default_backend
16
+from cryptography.hazmat.primitives.asymmetric import ec
17
+from cryptography.hazmat.primitives.asymmetric import utils
18
+from cryptography.hazmat.primitives import hashes
19
+
20
+
21
+class RSAVerifier(object):
22
+    def __init__(self, signature, hash_method, public_key, padding):
23
+        self._signature = signature
24
+        self._hash_method = hash_method
25
+        self._public_key = public_key
26
+        self._padding = padding
27
+        self._hasher = hashes.Hash(hash_method, default_backend())
28
+
29
+    def update(self, data):
30
+        self._hasher.update(data)
31
+
32
+    def verify(self):
33
+        digest = self._hasher.finalize()
34
+        self._public_key.verify(
35
+            self._signature,
36
+            digest,
37
+            self._padding,
38
+            utils.Prehashed(self._hash_method)
39
+        )
40
+
41
+
42
+class ECCVerifier(object):
43
+    def __init__(self, signature, hash_method, public_key):
44
+        self._signature = signature
45
+        self._hash_method = hash_method
46
+        self._public_key = public_key
47
+        self._hasher = hashes.Hash(hash_method, default_backend())
48
+
49
+    def update(self, data):
50
+        self._hasher.update(data)
51
+
52
+    def verify(self):
53
+        digest = self._hasher.finalize()
54
+        self._public_key.verify(
55
+            self._signature,
56
+            digest,
57
+            ec.ECDSA(utils.Prehashed(self._hash_method))
58
+        )
59
+
60
+
61
+class DSAVerifier(object):
62
+    def __init__(self, signature, hash_method, public_key):
63
+        self._signature = signature
64
+        self._hash_method = hash_method
65
+        self._public_key = public_key
66
+        self._hasher = hashes.Hash(hash_method, default_backend())
67
+
68
+    def update(self, data):
69
+        self._hasher.update(data)
70
+
71
+    def verify(self):
72
+        digest = self._hasher.finalize()
73
+        self._public_key.verify(
74
+            self._signature,
75
+            digest,
76
+            utils.Prehashed(self._hash_method)
77
+        )

Loading…
Cancel
Save