Add __eq__ to HashAlgorithm and padding instances #13271
Conversation
mathiasertl
force-pushed
the
add-eq-functions
branch
from
631283d to
2be27b4
Compare
CHANGELOG.rst
Outdated
| instances of classes in | ||
| :mod:`~cryptography.hazmat.primitives.asymmetric.padding` | ||
| comparable. | ||
| * Added `salt_length` property to |
There was a problem hiding this comment.
Let's put these in a separate PR. Whether or not we want to do __eq__ is possibly debateable, but if you want these properties to be public that's a separate discussion.
There was a problem hiding this comment.
Hi @reaperhulk
Thanks for the feedback - I've updated this PR to only include the __eq__ instances. I'll make a separate PR for the extra properties.
kr, Mat
mathiasertl
force-pushed
the
add-eq-functions
branch
from
2be27b4 to
a68beff
Compare
mathiasertl
changed the title
|
Looking at the test failures here the issue is that scapy creates its own HashAlgorithm, which now fails because they don't implement |
|
Or it could be a breaking change and that lib would need to implement the method. Open to implement any solution, just let me know what you prefer! |
|
@alex do you have an opinion here? I'm reluctant to spend breakage budget on this when we could avoid it with a concrete implementation, but I'm interested in other opinions. |
|
I'm pretty ambivalent about this. We have a few choices:
Of these I think (1) is probably best. |
|
For 3 the default impl could raise NotImplementedError so you wouldn’t need to have a potentially incorrect impl |
|
That can break existing applications, to the extent they're relying on the default |
|
I'm also ambivalent, I defer to your call and will adapt as requested. Just option three (default Implementation) seems like a bad idea to me. Mat |
|
After thinking for too long, I'm okay with option 1 here. |
|
Are you still interested in this PR? Happy to review/land with option 1 + a rebase to fix the changelog conflict |
mathiasertl
force-pushed
the
add-eq-functions
branch
from
a68beff to
7dd838f
Compare
alex
left a comment
alex
left a comment
There was a problem hiding this comment.
I think a question is whether we should be returning NotImplemented or False for diffefrent types
| eq_salt_length = self._salt_length is other._salt_length | ||
|
|
||
| return ( | ||
| isinstance(other, PSS) |
There was a problem hiding this comment.
We need to do this check first (otherwise you get an AttributeError) and return NotImplemented
|
|
||
| def __eq__(self, other: typing.Any) -> bool: | ||
| return ( | ||
| isinstance(other, OAEP) |
There was a problem hiding this comment.
Actually not correct in this case:
>>> h = hashes.SHA256()
>>> mgf = MGF1(h)
>>> OAEP(mgf, h, None) == h
False
CHANGELOG.rst
Outdated
| * Make instances of | ||
| :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` as well as | ||
| instances of classes in | ||
| :mod:`~cryptography.hazmat.primitives.asymmetric.padding` | ||
| comparable. |
There was a problem hiding this comment.
This isn't quite right for the behavior we implemented. I'd probably document it as "builtin hash classes can now be compared with =="
There was a problem hiding this comment.
agreed. will be updated.
mathiasertl
force-pushed
the
add-eq-functions
branch
from
7dd838f to
8fd3f3b
Compare
I don't know of any classes that do that. Standard python certainly doesn't: |
mathiasertl
force-pushed
the
add-eq-functions
branch
from
8fd3f3b to
c0e6409
Compare
:-) |
To quote official documentation - emphasis mine:
So I can implement it, it's just lots of extra code with no benefit that I'm aware of. |
mathiasertl
force-pushed
the
add-eq-functions
branch
3 times, most recently
from
d8d41e4 to
45d3bac
Compare
|
|
||
| def __eq__(self, other: typing.Any) -> bool: | ||
| return isinstance(other, DummyMGF) | ||
|
|
There was a problem hiding this comment.
This class is more-or-less duplicated in test_openssl as well!
I would offer to move it to tests.doubles.py for shorter code - if you approve.
mathiasertl
force-pushed
the
add-eq-functions
branch
from
45d3bac to
d71c7ac
Compare
4 participants
This PR:
__eq__()to all subclasses of HashAlgorithm.__eq__()to all padding classes.My primary use case is testing. First, it's really un-pythonic to me (obviously very subjective, but it feels just not right to me) to write
assert isinstance(cert.cert.signature_hash_algorithm, hashes.SHA256()), when I could writeassert cert.cert.signature_hash_algorithm == hashes.SHA256(). But once you start comparing to other data structures, it gets even uglier:I think this just looks a lot better and readable: