Skip to content

Allow RSA signing with raw data (without a DigestInfo) #13740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Allow RSA signing with raw data (without a DigestInfo) #13740

wants to merge 3 commits into from
+138 −6

Conversation

@jahkosha
Copy link
Contributor

@jahkosha jahkosha commented Oct 24, 2025

This fixes #3713 and #10226.

Instead of using the script written by @misterzed88 in #10226 to generate modified tests vectors, I did directly implement the same logic in the test infrastructure, so we can reuse directly the NIST (or others...) vectors stored in the tests.

@alex
Copy link
Member

alex commented Oct 24, 2025

I haven't reviewed in depth -- but I don't think we should use None to signify this, I think we should have a dedicated sentinel, Raw<Something> perhaps. None looks like a reasonable default, but this is the opposite of that :-)

@reaperhulk wdyt?

@jahkosha
Copy link
Contributor Author

jahkosha commented Oct 25, 2025

@alex yeah that is a fair concern 👍 in some early attempt I did add a NoHash hashes instead of using None, but I was afraid that would cause even more confusion so eventually I went with None.

I'll be happy to apply what you folks think is the best, if possible, please provide pointers where in the code-base a similar pattern is used so I can take inspiration from it.

@misterzed88
Copy link
Contributor

misterzed88 commented Oct 25, 2025
edited
Loading

I haven't reviewed in depth -- but I don't think we should use None to signify this, I think we should have a dedicated sentinel, Raw<Something> perhaps. None looks like a reasonable default, but this is the opposite of that :-)

@reaperhulk wdyt?

I would like to highlight that the API already uses None for this purpose (for the RSA signature recover functionality, ref. issue #5495). So whatever you decide, you may want to use the same method in all the API functions to make them symmetric.

@reaperhulk
Copy link
Member

reaperhulk commented Nov 1, 2025

Hmm, the inconsistency is a bit unfortunate. I'd be inclined to do a RawNoDigestInfo (or perhaps just NoDigestInfo?) sentinel here and then also add that as an option on the signature recovery method while retaining None for backwards compatibility. So this signature would look like sign(value, PKCS1v15(), RawNoDigestInfo()) or sign(value, PKCS1v15(), NoDigestInfo()).

@jahkosha
Copy link
Contributor Author

jahkosha commented Nov 4, 2025

@alex @reaperhulk I did add a sentinel NoDigestInfo and support it also on recover_data_from_signature

Please have an other look and let me know what you think

reaperhulk
reaperhulk reviewed Nov 4, 2025
View reviewed changes
src/rust/src/backend/rsa.rs
algorithm: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
let algorithm = if algorithm.is_instance(&types::NO_DIGEST_INFO.get(py)?)? {
&pyo3::types::PyNone::get(py).to_owned().into_any()
Copy link
Member

@reaperhulk reaperhulk Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This branch isn't covered so CI is failing, but should be an easy test to add.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reaperhulk reaperhulk reaperhulk left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow signing to exclude hash constant

4 participants

@jahkosha @alex @misterzed88 @reaperhulk