Add NoDigestInfo to sign using RSA with raw data

Author: jahkosha

src/cryptography/hazmat/primitives/asymmetric/rsa.py

@@ -40,7 +40,9 @@ def sign(
         self,
         data: bytes,
         padding: AsymmetricPadding,
-        algorithm: None | asym_utils.Prehashed | hashes.HashAlgorithm,
+        algorithm: asym_utils.Prehashed
+        | hashes.HashAlgorithm
+        | asym_utils.NoDigestInfo,
     ) -> bytes:
         """
         Signs the data.

src/cryptography/hazmat/primitives/asymmetric/utils.py

@@ -11,6 +11,10 @@
 encode_dss_signature = asn1.encode_dss_signature
 
 
+class NoDigestInfo:
+    pass
+
+
 class Prehashed:
     def __init__(self, algorithm: hashes.HashAlgorithm):
         if not isinstance(algorithm, hashes.HashAlgorithm):

src/rust/src/backend/rsa.rs

@@ -291,10 +291,10 @@ impl RsaPrivateKey {
         algorithm: &pyo3::Bound<'p, pyo3::PyAny>,
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyAny>> {
         let (data, algorithm) = {
-            if algorithm.is_none() {
+            if algorithm.is_instance(&types::NO_DIGEST_INFO.get(py)?)? {
                 (
                     utils::BytesOrPyBytes::Bytes(data.as_bytes()),
-                    algorithm.clone(),
+                    pyo3::types::PyNone::get(py).to_owned().into_any(),
                 )
             } else {
                 utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?
@@ -443,10 +443,10 @@ impl RsaPublicKey {
         algorithm: &pyo3::Bound<'_, pyo3::PyAny>,
     ) -> CryptographyResult<()> {
         let (data, algorithm) = {
-            if algorithm.is_none() {
+            if algorithm.is_instance(&types::NO_DIGEST_INFO.get(py)?)? {
                 (
                     utils::BytesOrPyBytes::Bytes(data.as_bytes()),
-                    algorithm.clone(),
+                    pyo3::types::PyNone::get(py).to_owned().into_any(),
                 )
             } else {
                 utils::calculate_digest_and_algorithm(py, data.as_bytes(), algorithm)?

src/rust/src/types.rs

@@ -393,6 +393,10 @@ pub static SHA1: LazyPyImport =
 pub static SHA256: LazyPyImport =
     LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA256"]);
 
+pub static NO_DIGEST_INFO: LazyPyImport = LazyPyImport::new(
+    "cryptography.hazmat.primitives.asymmetric.utils",
+    &["NoDigestInfo"],
+);
 pub static PREHASHED: LazyPyImport = LazyPyImport::new(
     "cryptography.hazmat.primitives.asymmetric.utils",
     &["Prehashed"],

tests/hazmat/primitives/test_rsa.py

@@ -483,7 +483,7 @@ def test_pkcs1v15_signing_without_digest(self, backend, subtests):
                         )
                     ),
                     padding.PKCS1v15(),
-                    None,
+                    asym_utils.NoDigestInfo(),
                 )
                 assert binascii.hexlify(signature) == example["signature"]
 

tests/hazmat/primitives/utils.py

@@ -21,6 +21,7 @@
 )
 from cryptography.hazmat.primitives import hashes, hmac, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric import utils as asym_utils
 from cryptography.hazmat.primitives.ciphers import (
     BlockCipherAlgorithm,
     Cipher,
@@ -525,7 +526,9 @@ def test_rsa_verification(self, backend, subtests):
                 params["msg"] = compute_rsa_hash_digest(
                     backend, hash_alg, params["msg"]
                 )
-                rsa_verification_test(backend, params, None, pad_factory)
+                rsa_verification_test(
+                    backend, params, asym_utils.NoDigestInfo(), pad_factory
+                )
 
     return test_rsa_verification