summaryrefslogtreecommitdiff
path: root/lib/Crypto/PublicKey
Commit message (Collapse)AuthorAgeFilesLines
* Increase attempts for recovering RSA (p,q) from (n,e,d)stageWouter Bolsterlee2014-06-231-1/+1
| | | | | | | | | | | | | | | Bump the maximum number of iterations to recover (p,q) given (n,e,d) to increase the chance that the algorithm succeeds. The algorithm used is a probabilistic one with a 1/2 chance of finding the right value in each iteration, so it's likely that only a few iterations are needed. However, in some extreme cases this may still fail. Bumping the maximum number allow the algorithm to correctly find the right values for these cases. This changes bumps the number of iterations from 50 to 500 (the value 'a' is increased by 2 in each step), and hence reduces the chance of failure from 2**-50 to 2**-500. Note that this change does *not* result in a performance degradation.
* Add side-channel countermeasures to DSA.Legrandin2014-06-222-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch strenghten the DSA signing code against side-channel attacks. The DSA signing formulae: r = (g^{k} mod p) mod q s = k^{-1} * (H(m) + r*x) mod q becomes: b = random in [1..q) r = (g^{k} mod p) mod q s = (b * k)^{-1} * (b*H(m) + r*(b*x)) mod q In this way we avoid that the secret (x) gets multiplied by a random factor (r) which is immediately disclosed to an attacker (which we assume can both collect (r) and also monitor the side-channel produced by the multiplication). See also attack DSA_2 in: "Minimum Requirements for Evaluating Side-Channel Attack Resistance of RSA, DSA and Diffie-Hellman Key Exchange Implementations", BSI
* Extended fix for the RSA boundary checkLegrandin2014-06-222-1/+6
|
* Remove a few custom exception types.Legrandin2014-06-222-8/+5
| | | | | | | | | | | The following custom exceptions are replaced with ValueError: * Crypto.Util.PaddingError * Crypto.PublicKey.KeyFormatError The custom Crypto.Util.asn1.NoDerElementError is now private to the module. Some white spaces have been removed.
* FIX #1191411: RSA export exampleLegrandin2013-07-141-1/+1
| | | | Closes: https://bugs.launchpad.net/pycrypto/+bug/1191411
* Add support for import/export of DSA keysLegrandin2013-07-142-7/+313
| | | | | | | | | | | | This patch adds methods importKey() to DSA module and exportKey() to _DSAobj object. Public and private keys can be imported/exported in a variety of formats: * DER vs PEM * PKCS#8 vs OpenSSL vs OpenSSH/OpenSSL * Encrypted vs clear
* Added support for PKCS#8-encrypted private keys.Legrandin2013-07-141-167/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
* Add blinding to ElGamal decryption.Legrandin2013-04-211-2/+11
|
* Hash: Rename SHA->SHA1 and RIPEMD->RIPEMD160 (1/2)Dwayne Litzenberger2013-02-161-4/+4
| | | | | | | | | These algorithm names were confusing, because there are actually algorithms called "SHA" (a.k.a. SHA-0) and "RIPEMD" (the original version). This commit just renames the modules, with no backward-compatibility support.
* Fix RSA object serializationFrank Sievertsen2013-02-161-0/+2
|
* Merge remote-tracking branch 'sebastinas/reenable-tests'Dwayne C. Litzenberger2012-05-281-4/+4
|\
| * Raise a ValueError as documented.Sebastian Ramacher2012-05-281-1/+1
| | | | | | | | Also add a test case for it.
| * Return a byte string if format is set to OpenSSH.Sebastian Ramacher2012-05-281-3/+3
| | | | | | | | RSA.exportKey claims to return a byte string, so really return one.
* | Except shadows builtin IndexError.Sebastian Ramacher2012-05-281-1/+1
|/ | | | | | | | | | | | | | Constructs like try: ... except ValueError, IndexError: ... don't work as expected. This only catches a ValueError and replaces the builtin IndexError with the catches ValueError object. See [1] for details. [1] http://docs.python.org/whatsnew/2.6.html#pep-3110-exception-handling-changes
* Remove qNEW signature algorithmDwayne C. Litzenberger2012-05-242-189/+1
| | | | I doubt anyone uses it anyway, and we have no test suite for it.
* Add ability to import RSAPublicKey objects (encoded in DER or PEM)Legrandin2012-05-181-6/+12
|
* Clarification of how RSA keys can be imported/exportedLegrandin2012-05-181-14/+23
|
* Fixed two small bugs in ElGamal code.Legrandin2012-04-261-4/+4
|
* Domain parameters for ElGamal and DSA can be freely shared. The message M to ↵Legrandin2012-04-262-14/+26
| | | | sign must really be hash.
* Fix to bug #985164 (ElGamal key generation). Fix to missing range check in ↵Legrandin2012-04-181-24/+40
| | | | signature verification.
* Refreshed documentation for ElGamal. Small corrections to DSA and RSA.Legrandin2012-04-183-24/+236
|
* Polished the Crypto.PublicKey page.Added hyperlinks to RFCs.Legrandin2012-04-124-5/+20
|
* Refreshed documentation for DSA. Minor fixes in RSA documentation.Legrandin2012-04-123-16/+197
|
* Refreshed documentation for RSA. epydoc does not generate documentation for ↵Legrandin2012-04-103-44/+227
| | | | private methods, and inherited ones are made more explicit.
* Merge from upstreamLegrandin2011-10-191-0/+2
|\
| * _RSAKey._decrypt() uses Garner's algorithmwhen possible, as _fastmath.c does.Legrandin2011-10-171-1/+9
| |
| * FIX BUG 702835: "Import key code is not compatible with GMP library"Legrandin2011-10-171-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | The bug is at: https://bugs.launchpad.net/pycrypto/+bug/702835 When importing an DER RSA private key, u (that is, p^{-1} mod q) must be computed manually. RSA.importKey() also raises a more descriptive exception in case of an unknown key format. Conflicts: lib/Crypto/PublicKey/RSA.py
* | Further fixed for python 3Legrandin2011-10-191-1/+1
| |
* | Merged from upstream (py3k support) and modified so that all unit tests pass.Legrandin2011-10-185-33/+52
|\ \ | |/
| * fix exception message in Crypto.PublicKey.RSA.generateSebastian Ramacher2011-10-101-2/+2
| | | | | | | | | | Applied patch from Debian python-crypto 2.3-3: debian/patches/fix-RSA-generate-exception.patch
| * Merge from dlitz/masterAnders Sundman2011-05-191-2/+17
| |\
| * | PY3K _fastmath supportThorsten Behrens2010-12-293-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o _fastmath now builds and runs on PY3K o Changes to setup.py to allow /usr/include for gmp.h o Changes to setup.py to allow linking fastmath w/ static mpir on Windows without warning messages o Changes to test_DSA/test_RSA to throw an exception if _fastmath is present but cannot be imported (due to an issue building _fastmath or the shared gmp/mpir libraries not being reachable) o number.py has the code to flag a failing _fastmath, but that code is commented out for a better runtime experience o Clean up the if for py21compat import - should have been == not is o Clean up some '== None' occurences, now 'is None' instead
| * | Changes to allow pycrpyto to work on Python 3.x as well as 2.1 through 2.7Thorsten Behrens2010-12-285-69/+80
| | |
* | | Added support for export and import of unencrypted PKCS#8 keys (with tests).Legrandin2011-10-111-38/+84
| | | | | | | | | | | | FIX: Certain public exponents were not correctly exported in OpenSSH keys.
* | | Added support for pass phrase and DES/3DES encrypted PEM keys, for both ↵Legrandin2011-10-031-7/+64
| | | | | | | | | | | | import and export.
* | | Added support for export of public RSA keys in OpenSSH formatLegrandin2011-09-211-5/+17
| | |
* | | Add support for import of OpenSSH public keysLegrandin2011-09-211-2/+14
| | |
* | | Merged with upstream.Legrandin2011-09-201-2/+15
|\ \ \ | | |/ | |/|
| * | Avoid timing attacks: Do blinded RSA by defaultDwayne C. Litzenberger2011-02-211-2/+15
| |/ | | | | | | | | Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
* | Factorization of n from d stops after 100 attempts, with test cases.Legrandin2011-02-061-2/+4
| |
* | Added more documentation for the RSA module.Legrandin2011-01-211-19/+142
| |
* | Keep p<q check while generating an RSA key, but tell people why really we do ↵Legrandin2011-01-192-3/+5
| | | | | | | | it (that is, because it helps a little the inversion step that follows).
* | Allow RSA to be generated with an arbitary public exponent e.Legrandin2011-01-183-18/+59
| | | | | | | | | | | | | | | | Small fix to importKey documentation (ASN.1 structure names were incorrect for public keys). Factors of an RSA private key are computed from private exponent d (both slowmath and fastmath).
* | Pure tab-to-space conversion with :retab in vim.Legrandin2011-01-161-61/+61
| |
* | _RSAKey._decrypt() uses Garner's algorithmwhen possible, as _fastmath.c does.Legrandin2011-01-161-1/+9
| |
* | FIX BUG 702835. When importing an DER RSA private key, u (that is, p^{-1} ↵Legrandin2011-01-161-5/+20
|/ | | | mod q) must be computed manually. RSA.importKey() also raises a more descriptive exception in case of an unknown key format.
* Make RSA.generate raise a more user-friendly exception message when the user ↵Dwayne C. Litzenberger2010-08-271-0/+3
| | | | | | | | | | | | | | tries to generate a bogus-length key. Before this change, doing RSA.generate(128*5) would raise an exception saying: "bits must be multiple of 128 and > 512" This was because getStrongPrime was raising the exception when trying to generate 320-bit primes (which is correct behaviour). Now, we raise a more friendly error message: "RSA modulus length must be a multiple of 256 and > 1024"
* _slowmath: Compute RSA u parameter when it's not given to RSA.constructDwayne C. Litzenberger2010-08-261-1/+4
| | | | This makes _slowmath behave the same as _fastmath in this regard.
* Support for older versions of pythonLegrandin2010-08-021-5/+7
| | | | | | This patch add support for older python 2.1/2.2 to the previous one (DER/PEM). Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
* Add ability to export and import RSA keys in DER and PEM format.Legrandin2010-08-021-1/+72
| | | | | | | | | | | | | | | | | | | | | | Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
View Lorry Controller Status