Allow RSA signing with raw data (without a DigestInfo)

jahkosha · jahkosha · commit 39ef00a00664 · 2025-11-17T13:49:17.000+01:00
diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -40,7 +40,7 @@ def sign(
         self,
         data: bytes,
         padding: AsymmetricPadding,
-        algorithm: asym_utils.Prehashed | hashes.HashAlgorithm,
+        algorithm: None | asym_utils.Prehashed | hashes.HashAlgorithm,
     ) -> bytes:
         """
         Signs the data.
diff --git a/src/rust/src/backend/rsa.rs b/src/rust/src/backend/rsa.rs
@@ -290,8 +290,16 @@ impl RsaPrivateKey {
         padding: &pyo3::Bound<'p, pyo3::PyAny>,
         algorithm: &pyo3::Bound<'p, pyo3::PyAny>,
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyAny>> {
-        let (data, algorithm) =
-            utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?;
+        let (data, algorithm) = {
+            if algorithm.is_none() {
+                (
+                    utils::BytesOrPyBytes::Bytes(data.as_bytes()),
+                    algorithm.clone(),
+                )
+            } else {
+                utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?
+            }
+        };
 
         let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?;
         ctx.sign_init().map_err(|_| {
@@ -441,8 +449,16 @@ impl RsaPublicKey {
         padding: &pyo3::Bound<'_, pyo3::PyAny>,
         algorithm: &pyo3::Bound<'_, pyo3::PyAny>,
     ) -> CryptographyResult<()> {
-        let (data, algorithm) =
-            utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?;
+        let (data, algorithm) = {
+            if algorithm.is_none() {
+                (
+                    utils::BytesOrPyBytes::Bytes(data.as_bytes()),
+                    algorithm.clone(),
+                )
+            } else {
+                utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?
+            }
+        };
 
         let mut ctx = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?;
         ctx.verify_init()?;
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
@@ -51,7 +51,9 @@
 )
 from .utils import (
     _check_rsa_private_numbers,
+    compute_rsa_hash_digest,
     generate_rsa_verification_test,
+    generate_rsa_verification_without_digest_test,
     skip_fips_traditional_openssl,
 )
 
@@ -442,6 +444,49 @@ def test_pkcs1v15_signing(self, backend, subtests):
                 )
                 assert binascii.hexlify(signature) == example["signature"]
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.rsa_padding_supported(
+            padding.PKCS1v15()
+        ),
+        skip_message="Does not support PKCS1v1.5.",
+    )
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.signature_hash_supported(
+            hashes.SHA1()
+        ),
+        skip_message="Does not support SHA1 signature.",
+    )
+    def test_pkcs1v15_signing_without_digest(self, backend, subtests):
+        vectors = _flatten_pkcs1_examples(
+            load_vectors_from_file(
+                os.path.join("asymmetric", "RSA", "pkcs1v15sign-vectors.txt"),
+                load_pkcs1_vectors,
+            )
+        )
+        for private, public, example in vectors:
+            with subtests.test():
+                private_key = rsa.RSAPrivateNumbers(
+                    p=private["p"],
+                    q=private["q"],
+                    d=private["private_exponent"],
+                    dmp1=private["dmp1"],
+                    dmq1=private["dmq1"],
+                    iqmp=private["iqmp"],
+                    public_numbers=rsa.RSAPublicNumbers(
+                        e=private["public_exponent"], n=private["modulus"]
+                    ),
+                ).private_key(backend, unsafe_skip_rsa_key_validation=True)
+                signature = private_key.sign(
+                    binascii.unhexlify(
+                        compute_rsa_hash_digest(
+                            backend, hashes.SHA1(), example["message"]
+                        )
+                    ),
+                    padding.PKCS1v15(),
+                    None,
+                )
+                assert binascii.hexlify(signature) == example["signature"]
+
     @pytest.mark.supported(
         only_if=lambda backend: backend.rsa_padding_supported(
             padding.PSS(
@@ -1522,6 +1567,26 @@ class TestRSAPKCS1Verification:
         )
     )
 
+    test_rsa_pkcs1v15_verify_sha1_without_digest = pytest.mark.supported(
+        only_if=lambda backend: (
+            backend.signature_hash_supported(hashes.SHA1())
+            and backend.rsa_padding_supported(padding.PKCS1v15())
+        ),
+        skip_message="Does not support SHA1 and PKCS1v1.5.",
+    )(
+        generate_rsa_verification_without_digest_test(
+            load_rsa_nist_vectors,
+            os.path.join("asymmetric", "RSA", "FIPS_186-2"),
+            [
+                "SigGen15_186-2.rsp",
+                "SigGen15_186-3.rsp",
+                "SigVer15_186-3.rsp",
+            ],
+            hashes.SHA1(),
+            lambda params, hash_alg: padding.PKCS1v15(),
+        )
+    )
+
     test_rsa_pkcs1v15_verify_sha224 = pytest.mark.supported(
         only_if=lambda backend: (
             backend.signature_hash_supported(hashes.SHA224())
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
@@ -37,6 +37,14 @@
 
 from ...utils import load_vectors_from_file
 
+_hash_alg_oids = {
+    "sha1": binascii.unhexlify(b"3021300906052b0e03021a05000414"),
+    "sha224": binascii.unhexlify(b"302d300d06096086480165030402040500041c"),
+    "sha256": binascii.unhexlify(b"3031300d060960864801650304020105000420"),
+    "sha384": binascii.unhexlify(b"3041300d060960864801650304020205000430"),
+    "sha512": binascii.unhexlify(b"3051300d060960864801650304020305000440"),
+}
+
 
 def _load_all_params(path, file_names, param_loader):
     all_params = []
@@ -47,6 +55,13 @@ def _load_all_params(path, file_names, param_loader):
     return all_params
 
 
+def compute_rsa_hash_digest(backend, hash_alg, msg):
+    oid = _hash_alg_oids[hash_alg.name]
+    h = hashes.Hash(hash_alg, backend=backend)
+    h.update(binascii.unhexlify(msg))
+    return binascii.hexlify(oid) + binascii.hexlify(h.finalize())
+
+
 def generate_encrypt_test(
     param_loader, path, file_names, cipher_factory, mode_factory
 ):
@@ -497,6 +512,24 @@ def test_rsa_verification(self, backend, subtests):
     return test_rsa_verification
 
 
+def generate_rsa_verification_without_digest_test(
+    param_loader, path, file_names, hash_alg, pad_factory
+):
+    def test_rsa_verification(self, backend, subtests):
+        all_params = _load_all_params(path, file_names, param_loader)
+        all_params = [
+            i for i in all_params if i["algorithm"] == hash_alg.name.upper()
+        ]
+        for params in all_params:
+            with subtests.test():
+                params["msg"] = compute_rsa_hash_digest(
+                    backend, hash_alg, params["msg"]
+                )
+                rsa_verification_test(backend, params, None, pad_factory)
+
+    return test_rsa_verification
+
+
 def rsa_verification_test(backend, params, hash_alg, pad_factory):
     public_numbers = rsa.RSAPublicNumbers(
         e=params["public_exponent"], n=params["modulus"]
