release v0.1.8

7 files changed, 57 insertions, 22 deletions

diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
index 7ed68e6..e7424f5 100644
--- a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
+++ b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
@@ -1,7 +1,28 @@
-from typing import Optional, Callable
+from typing import Union, Callable, Optional
+from typing_extensions import Protocol
 
 from Cryptodome.PublicKey.RSA import RsaKey
-from Cryptodome.Signature.pss import PSS_SigScheme
 
 
-def new(rsa_key: RsaKey, mgfunc: Optional[Callable]=None, saltLen: Optional[int]=None, randfunc: Optional[Callable]=None) -> PSS_SigScheme: ...
+class Hash(Protocol):
+    def digest(self) -> bytes: ...
+    def update(self, bytes) -> None: ...
+
+
+class HashModule(Protocol):
+    @staticmethod
+    def new(data: Optional[bytes]) -> Hash: ...
+
+
+MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]
+RndFunction = Callable[[int], bytes]
+
+class PSS_SigScheme:
+    def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ...
+    def can_sign(self) -> bool: ...
+    def sign(self, msg_hash: Hash) -> bytes: ...
+    def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...
+
+
+
+def new(rsa_key: RsaKey, mgfunc: Optional[MaskFunction]=None, saltLen: Optional[int]=None, randfunc: Optional[RndFunction]=None) -> PSS_SigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
index 5851e5b..d02555c 100644
--- a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
+++ b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
@@ -1,6 +1,16 @@
+from typing import Optional
+from typing_extensions import Protocol
+
 from Cryptodome.PublicKey.RSA import RsaKey
 
-from Cryptodome.Signature.pkcs1_15 import PKCS115_SigScheme
+class Hash(Protocol):
+    def digest(self) -> bytes: ...
+
+class PKCS115_SigScheme:
+    def __init__(self, rsa_key: RsaKey) -> None: ...
+    def can_sign(self) -> bool: ...
+    def sign(self, msg_hash: Hash) -> bytes: ...
+    def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...
 
 
-def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ...
\ No newline at end of file
+def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/eddsa.py b/frozen_deps/Cryptodome/Signature/eddsa.py
index e80a866..638b96b 100644
--- a/frozen_deps/Cryptodome/Signature/eddsa.py
+++ b/frozen_deps/Cryptodome/Signature/eddsa.py
@@ -39,8 +39,9 @@ from Cryptodome.PublicKey.ECC import (EccKey,
 
 
 def import_public_key(encoded):
-    """Import an EdDSA ECC public key, when encoded as raw ``bytes`` as described
-    in RFC8032.
+    """Create a new Ed25519 or Ed448 public key object,
+    starting from the key encoded as raw ``bytes``,
+    in the format described in RFC8032.
 
     Args:
       encoded (bytes):
@@ -66,8 +67,9 @@ def import_public_key(encoded):
 
 
 def import_private_key(encoded):
-    """Import an EdDSA ECC private key, when encoded as raw ``bytes`` as described
-    in RFC8032.
+    """Create a new Ed25519 or Ed448 private key object,
+    starting from the key encoded as raw ``bytes``,
+    in the format described in RFC8032.
 
     Args:
       encoded (bytes):
@@ -313,7 +315,7 @@ def new(key, mode, context=None):
     can perform or verify an EdDSA signature.
 
     Args:
-        key (:class:`Cryptodome.PublicKey.ECC` object:
+        key (:class:`Cryptodome.PublicKey.ECC` object):
             The key to use for computing the signature (*private* keys only)
             or for verifying one.
             The key must be on the curve ``Ed25519`` or ``Ed448``.
diff --git a/frozen_deps/Cryptodome/Signature/eddsa.pyi b/frozen_deps/Cryptodome/Signature/eddsa.pyi
index bf985c4..809a7ad 100644
--- a/frozen_deps/Cryptodome/Signature/eddsa.pyi
+++ b/frozen_deps/Cryptodome/Signature/eddsa.pyi
@@ -18,4 +18,4 @@ class EdDSASigScheme(object):
     def sign(self, msg_or_hash: Union[bytes, Hash, XOF]) -> bytes: ...
     def verify(self, msg_or_hash: Union[bytes, Hash, XOF], signature: bytes) -> None: ...
 
-def new(key: EccKey, mode: bytes, context: Optional[bytes]=None) -> EdDSASigScheme: ...
+def new(key: EccKey, mode: str, context: Optional[bytes]=None) -> EdDSASigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/pkcs1_15.py b/frozen_deps/Cryptodome/Signature/pkcs1_15.py
index ae9257e..bdde78a 100644
--- a/frozen_deps/Cryptodome/Signature/pkcs1_15.py
+++ b/frozen_deps/Cryptodome/Signature/pkcs1_15.py
@@ -77,10 +77,11 @@ class PKCS115_SigScheme:
         em = _EMSA_PKCS1_V1_5_ENCODE(msg_hash, k)
         # Step 2a (OS2IP)
         em_int = bytes_to_long(em)
-        # Step 2b (RSASP1)
-        m_int = self._key._decrypt(em_int)
-        # Step 2c (I2OSP)
-        signature = long_to_bytes(m_int, k)
+        # Step 2b (RSASP1) and Step 2c (I2OSP)
+        signature = self._key._decrypt_to_bytes(em_int)
+        # Verify no faults occurred
+        if em_int != pow(bytes_to_long(signature), self._key.e, self._key.n):
+            raise ValueError("Fault detected in RSA private key operation")
         return signature
 
     def verify(self, msg_hash, signature):
@@ -202,7 +203,7 @@ def _EMSA_PKCS1_V1_5_ENCODE(msg_hash, emLen, with_hash_parameters=True):
     # We need at least 11 bytes for the remaining data: 3 fixed bytes and
     # at least 8 bytes of padding).
     if emLen<len(digestInfo)+11:
-        raise TypeError("Selected hash algorithm has a too long digest (%d bytes)." % len(digest))
+        raise TypeError("DigestInfo is too long for this RSA key (%d bytes)." % len(digestInfo))
     PS = b'\xFF' * (emLen - len(digestInfo) - 3)
     return b'\x00\x01' + PS + b'\x00' + digestInfo
 
diff --git a/frozen_deps/Cryptodome/Signature/pss.py b/frozen_deps/Cryptodome/Signature/pss.py
index 0b05ed2..b929e26 100644
--- a/frozen_deps/Cryptodome/Signature/pss.py
+++ b/frozen_deps/Cryptodome/Signature/pss.py
@@ -107,10 +107,11 @@ class PSS_SigScheme:
         em = _EMSA_PSS_ENCODE(msg_hash, modBits-1, self._randfunc, mgf, sLen)
         # Step 2a (OS2IP)
         em_int = bytes_to_long(em)
-        # Step 2b (RSASP1)
-        m_int = self._key._decrypt(em_int)
-        # Step 2c (I2OSP)
-        signature = long_to_bytes(m_int, k)
+        # Step 2b (RSASP1) and Step 2c (I2OSP)
+        signature = self._key._decrypt_to_bytes(em_int)
+        # Verify no faults occurred
+        if em_int != pow(bytes_to_long(signature), self._key.e, self._key.n):
+            raise ValueError("Fault detected in RSA private key operation")
         return signature
 
     def verify(self, msg_hash, signature):
@@ -178,7 +179,7 @@ def MGF1(mgfSeed, maskLen, hash_gen):
 
     :return: the mask, as a *byte string*
     """
-    
+
     T = b""
     for counter in iter_range(ceil_div(maskLen, hash_gen.digest_size)):
         c = long_to_bytes(counter, 4)
diff --git a/frozen_deps/Cryptodome/Signature/pss.pyi b/frozen_deps/Cryptodome/Signature/pss.pyi
index 9ca19ea..84a960e 100644
--- a/frozen_deps/Cryptodome/Signature/pss.pyi
+++ b/frozen_deps/Cryptodome/Signature/pss.pyi
@@ -18,7 +18,7 @@ MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]
 RndFunction = Callable[[int], bytes]
 
 class PSS_SigScheme:
-    def __init__(self, key: RsaKey, mgfunc: RndFunction, saltLen: int, randfunc: RndFunction) -> None: ...
+    def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ...
     def can_sign(self) -> bool: ...
     def sign(self, msg_hash: Hash) -> bytes: ...
     def verify(self, msg_hash: Hash, signature: bytes) -> None: ...