From 4a5f9c5bd3071b408112ac62a2c1fdf3b817f478 Mon Sep 17 00:00:00 2001
From: DmitriyMusatkin <musatkd@amazon.com>
Date: Mon, 18 Nov 2024 12:07:03 -0800
Subject: [PATCH] push

---
 awscrt/crypto.py | 25 ++++++++++++++++++++++++-
 crt/aws-c-cal    |  2 +-
 source/crypto.c  | 25 +++++++++++++++++++++++++
 source/crypto.h  |  3 +++
 4 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/awscrt/crypto.py b/awscrt/crypto.py
index 35b7027fa..62ef25418 100644
--- a/awscrt/crypto.py
+++ b/awscrt/crypto.py
@@ -91,7 +91,12 @@ class RSASignatureAlgorithm(IntEnum):
     PKCSv1.5 padding with sha256 hash function
     """
 
-    PSS_SHA256 = 1
+    PKCS1_5_SHA1 = 1
+    """
+    PKCSv1.5 padding with sha1 hash function
+    """
+
+    PSS_SHA256 = 2
     """
     PSS padding with sha256 hash function
     """
@@ -117,6 +122,24 @@ def new_public_key_from_pem_data(pem_data: Union[str, bytes, bytearray, memoryvi
         Raises ValueError if pem does not have public key object.
         """
         return RSA(binding=_awscrt.rsa_public_key_from_pem_data(pem_data))
+    
+    @staticmethod
+    def new_private_key_from_der_data(pem_data: Union[str, bytes, bytearray, memoryview]) -> 'RSA':
+        """
+        Creates a new instance of private RSA key pair from der data.
+        Expects key in PKCS1 format.
+        Raises ValueError if pem does not have private key object.
+        """
+        return RSA(binding=_awscrt.rsa_private_key_from_der_data(pem_data))
+
+    @staticmethod
+    def new_public_key_from_der_data(pem_data: Union[str, bytes, bytearray, memoryview]) -> 'RSA':
+        """
+        Creates a new instance of public RSA key pair from der data.
+        Expects key in PKCS1 format.
+        Raises ValueError if pem does not have public key object.
+        """
+        return RSA(binding=_awscrt.rsa_public_key_from_der_data(pem_data))
 
     def encrypt(self, encryption_algorithm: RSAEncryptionAlgorithm,
                 plaintext: Union[bytes, bytearray, memoryview]) -> bytes:
diff --git a/crt/aws-c-cal b/crt/aws-c-cal
index 656762aef..fbbe2612a 160000
--- a/crt/aws-c-cal
+++ b/crt/aws-c-cal
@@ -1 +1 @@
-Subproject commit 656762aefbee2bc8f509cb23cd107abff20a72bb
+Subproject commit fbbe2612a3385d1ded02a52d20ad7fd2da4501f4
diff --git a/source/crypto.c b/source/crypto.c
index 249e9276f..ebbdf25bd 100644
--- a/source/crypto.c
+++ b/source/crypto.c
@@ -350,6 +350,31 @@ PyObject *aws_py_rsa_public_key_from_pem_data(PyObject *self, PyObject *args) {
     return capsule;
 }
 
+PyObject *aws_py_rsa_private_key_from_der_data(PyObject *self, PyObject *args) {
+    (void)self;
+
+    struct aws_byte_cursor der_data_cur;
+    if (!PyArg_ParseTuple(args, "s#", &pem_data_cur.ptr, &pem_data_cur.len)) {
+        return NULL;
+    }
+
+    struct aws_rsa_key_pair *key_pair =
+        aws_rsa_key_pair_new_from_private_key_pkcs1(allocator, &der_data_cur);
+
+    if (key_pair == NULL) {
+        PyErr_AwsLastError();
+        goto on_done;
+    }
+
+    capsule = PyCapsule_New(key_pair, s_capsule_name_rsa, s_rsa_destructor);
+
+    if (capsule == NULL) {
+        aws_rsa_key_pair_release(key_pair);
+    }
+
+    return capsule;
+}
+
 PyObject *aws_py_rsa_encrypt(PyObject *self, PyObject *args) {
     (void)self;
 
diff --git a/source/crypto.h b/source/crypto.h
index 4c03e65a4..3e8db5f74 100644
--- a/source/crypto.h
+++ b/source/crypto.h
@@ -32,6 +32,9 @@ PyObject *aws_py_sha256_hmac_compute(PyObject *self, PyObject *args);
 PyObject *aws_py_rsa_private_key_from_pem_data(PyObject *self, PyObject *args);
 PyObject *aws_py_rsa_public_key_from_pem_data(PyObject *self, PyObject *args);
 
+PyObject *aws_py_rsa_private_key_from_der_data(PyObject *self, PyObject *args);
+PyObject *aws_py_rsa_public_key_from_der_data(PyObject *self, PyObject *args);
+
 PyObject *aws_py_rsa_encrypt(PyObject *self, PyObject *args);
 PyObject *aws_py_rsa_decrypt(PyObject *self, PyObject *args);
 PyObject *aws_py_rsa_sign(PyObject *self, PyObject *args);