add __eq__ for padding classes

Author: mathiasertl

CHANGELOG.rst

@@ -18,6 +18,11 @@ Changelog
 * Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
   classes from the cipher module. These are still available in
   :doc:`/hazmat/decrepit/index`.
+* Make instances of
+  :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` as well as
+  instances of classes in
+  :mod:`~cryptography.hazmat.primitives.asymmetric.padding`
+  comparable.
 
 .. _v45-0-6:
 

src/cryptography/hazmat/primitives/asymmetric/padding.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import abc
+import typing
 
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives._asymmetric import (
@@ -16,6 +17,9 @@
 class PKCS1v15(AsymmetricPadding):
     name = "EMSA-PKCS1-v1_5"
 
+    def __eq__(self, other: typing.Any) -> bool:
+        return isinstance(other, PKCS1v15)
+
 
 class _MaxLength:
     "Sentinel value for `MAX_LENGTH`."
@@ -56,6 +60,18 @@ def __init__(
 
         self._salt_length = salt_length
 
+    def __eq__(self, other: typing.Any) -> bool:
+        if isinstance(self._salt_length, int):
+            eq_salt_length = self._salt_length == other._salt_length
+        else:
+            eq_salt_length = self._salt_length is other._salt_length
+
+        return (
+            isinstance(other, PSS)
+            and eq_salt_length
+            and self._mgf == other._mgf
+        )
+
     @property
     def mgf(self) -> MGF:
         return self._mgf
@@ -77,6 +93,14 @@ def __init__(
         self._algorithm = algorithm
         self._label = label
 
+    def __eq__(self, other: typing.Any) -> bool:
+        return (
+            isinstance(other, OAEP)
+            and self._mgf == other._mgf
+            and self._algorithm == other._algorithm
+            and self._label == other._label
+        )
+
     @property
     def algorithm(self) -> hashes.HashAlgorithm:
         return self._algorithm
@@ -89,6 +113,13 @@ def mgf(self) -> MGF:
 class MGF(metaclass=abc.ABCMeta):
     _algorithm: hashes.HashAlgorithm
 
+    @abc.abstractmethod
+    def __eq__(self, other: typing.Any) -> bool:
+        """
+        Implement equality checking.
+        """
+        ...
+
 
 class MGF1(MGF):
     def __init__(self, algorithm: hashes.HashAlgorithm):
@@ -97,6 +128,9 @@ def __init__(self, algorithm: hashes.HashAlgorithm):
 
         self._algorithm = algorithm
 
+    def __eq__(self, other: typing.Any) -> bool:
+        return isinstance(other, MGF1) and self._algorithm == other._algorithm
+
 
 def calculate_max_pss_salt_length(
     key: rsa.RSAPrivateKey | rsa.RSAPublicKey,

tests/hazmat/backends/test_openssl.py

@@ -4,6 +4,7 @@
 
 
 import itertools
+import typing
 
 import pytest
 
@@ -32,6 +33,9 @@ class DummyMGF(padding.MGF):
     _salt_length = 0
     _algorithm = hashes.SHA1()
 
+    def __eq__(self, other: typing.Any) -> bool:
+        return isinstance(other, DummyMGF)
+
 
 class TestOpenSSL:
     def test_backend_exists(self):

tests/hazmat/primitives/test_rsa.py

@@ -7,6 +7,7 @@
 import copy
 import itertools
 import os
+import typing
 
 import pytest
 
@@ -70,6 +71,9 @@ class DummyMGF(padding.MGF):
     _salt_length = 0
     _algorithm = hashes.SHA256()
 
+    def __eq__(self, other: typing.Any) -> bool:
+        return isinstance(other, DummyMGF)
+
 
 def _check_fips_key_length(backend, private_key):
     if (
@@ -1603,6 +1607,14 @@ class TestRSAPKCS1Verification:
     )
 
 
+class TestPKCS1v15:
+    def test_eq(self):
+        assert padding.PKCS1v15() == padding.PKCS1v15()
+        assert padding.PKCS1v15() != padding.PSS(
+            mgf=padding.MGF1(hashes.SHA256()), salt_length=32
+        )
+
+
 class TestPSS:
     def test_calculate_max_pss_salt_length(self):
         with pytest.raises(TypeError):
@@ -1644,8 +1656,68 @@ def test_mgf_property(self):
         assert pss.mgf == mgf
         assert pss.mgf == pss._mgf
 
+    @pytest.mark.parametrize("xof", [hashes.SHA256(), hashes.SHA512()])
+    @pytest.mark.parametrize(
+        "salt_length",
+        [
+            1,
+            32,
+            padding.PSS.MAX_LENGTH,
+            padding.PSS.AUTO,
+            padding.PSS.DIGEST_LENGTH,
+        ],
+    )
+    def test_eq(
+        self, xof: hashes.HashAlgorithm, salt_length: typing.Any
+    ) -> None:
+        assert padding.PSS(
+            salt_length=salt_length, mgf=padding.MGF1(algorithm=xof)
+        ) == padding.PSS(
+            salt_length=salt_length, mgf=padding.MGF1(algorithm=xof)
+        )
+
+    @pytest.mark.parametrize(
+        "salt_length",
+        [
+            1,
+            32,
+            padding.PSS.MAX_LENGTH,
+            padding.PSS.AUTO,
+            padding.PSS.DIGEST_LENGTH,
+        ],
+    )
+    def test_not_eq_with_different_salt_length(
+        self, salt_length: typing.Any
+    ) -> None:
+        xof = hashes.SHA256()
+        assert padding.PSS(
+            salt_length=salt_length, mgf=padding.MGF1(algorithm=xof)
+        ) != padding.PSS(salt_length=64, mgf=padding.MGF1(algorithm=xof))
+
+    def test_not_eq_with_salt_length_object_identity(self) -> None:
+        xof = hashes.SHA256()
+        assert padding.PSS(
+            salt_length=padding.PSS.AUTO, mgf=padding.MGF1(algorithm=xof)
+        ) != padding.PSS(
+            salt_length=padding.PSS.DIGEST_LENGTH,
+            mgf=padding.MGF1(algorithm=xof),
+        )
+
+    def test_not_eq_with_different_mgf(self) -> None:
+        assert padding.PSS(
+            salt_length=padding.PSS.AUTO,
+            mgf=padding.MGF1(algorithm=hashes.SHA256()),
+        ) != padding.PSS(
+            salt_length=padding.PSS.AUTO,
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+        )
+
 
 class TestMGF1:
+    def test_eq(self) -> None:
+        assert padding.MGF1(hashes.SHA256()) == padding.MGF1(hashes.SHA256())
+        assert padding.MGF1(hashes.SHA256()) != padding.MGF1(hashes.SHA512())
+
     def test_invalid_hash_algorithm(self):
         with pytest.raises(TypeError):
             padding.MGF1(b"not_a_hash")  # type:ignore[arg-type]
@@ -1680,6 +1752,47 @@ def test_mgf_property(self):
         assert oaep.mgf == mgf
         assert oaep.mgf == oaep._mgf
 
+    @pytest.mark.parametrize("xof", [hashes.SHA256(), hashes.SHA512()])
+    @pytest.mark.parametrize("label", [None, b"", b"foo"])
+    def test_eq(self, xof: hashes.HashAlgorithm, label: bytes | None) -> None:
+        mgf = padding.MGF1(algorithm=xof)
+        assert padding.OAEP(
+            mgf=mgf, algorithm=xof, label=label
+        ) == padding.OAEP(mgf=mgf, algorithm=xof, label=label)
+
+    def test_not_eq_with_different_mgf(self) -> None:
+        assert padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA256()),
+            algorithm=hashes.SHA256(),
+            label=None,
+        ) != padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+            algorithm=hashes.SHA256(),
+            label=None,
+        )
+
+    def test_not_eq_with_different_algorithm(self) -> None:
+        assert padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+            algorithm=hashes.SHA512(),
+            label=None,
+        ) != padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+            algorithm=hashes.SHA256(),
+            label=None,
+        )
+
+    def test_not_eq_with_different_label(self) -> None:
+        assert padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+            algorithm=hashes.SHA256(),
+            label=None,
+        ) != padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA512()),
+            algorithm=hashes.SHA256(),
+            label=b"",
+        )
+
 
 class TestRSADecryption:
     @pytest.mark.supported(