summaryrefslogtreecommitdiff
path: root/lib/Crypto/SelfTest/Cipher
Commit message (Collapse)AuthorAgeFilesLines
* Throw exception when IV is used with ECB or CTRLegrandin2014-02-211-8/+23
| | | | | | | | | | | | The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. For CTR mode, it is confusing: it takes some time to see that a different parameter is needed (the counter). For ECB mode, it is outright dangerous. This patch forces an exception to be raised.
* Add encrypt_and_digest() and decrypt_and_verify()Legrandin2013-10-201-23/+46
| | | | | | | | | | | | | | | | | | | | | | | This patch adds encrypt_and_digest() and decrypt_and_verify() methods to a cipher object. In most cases they are just shortcuts to the existing functions. For SIV mode, decrypt_and_verify() replaces decrypt(). [dlitz@dlitz.net: Squashed with bugfix commit:] Bug in encrypt_and_digest() (all AEAD modes) decrypt() was being called instead of encrypt(). Added also a unit test to validate that composition of encrypt_and_digest() and decrypt_and_verify() is the identity function. [dlitz@dlitz.net: Included changes from the following commit from the author's pull request:] - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes. [dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"] [dlitz@dlitz.net: Replaced MacMismatchError with ValueError] [dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
* Add support for GCM mode (AES only).Legrandin2013-10-202-2/+199
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main change done by this commit is adding support for MODE_GCM (NIST SP 800 38D). Test vectors are included. The mode uses a C extension (Crypto.Util.galois._ghash) to compute the GHASH step. The C implementation is the most basic one and it is still significantly (5x times) slower than CTR. Optimizations can be introduced using tables (CPU/memory trade-off) or even AES NI instructions on newer x86 CPUs. This patch also simplifies Crypto.Cipher.blockalgo.py by: * removing duplicated code previously shared by digest() and verify(). * removing duplicated code previously shared by Crypto.Hash.CMAC and Crypto.Cipher.block_algo (management of internal buffers for MACs that can only operate on block aligned data, like CMAC, CBCMAC, and now also GHASH). [dlitz@dlitz.net: Included changes from the following commits from the author's pull request:] - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes. - [ca460a7] Made blockalgo.py more PEP-8 compliant; The second parameter of the _GHASH constructor is now the length of the block (block_size) and not the full module. [dlitz@dlitz.net: Replaced MacMismatchError with ValueError] [dlitz@dlitz.net: Replaced ApiUsageError with TypeError] [dlitz@dlitz.net: Replaced renamed variable `ht` with original `h`] [dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
* Add support for SIV (Synthetic IV) modeLegrandin2013-10-202-22/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch add supports for SIV, an AEAD block cipher mode defined in RFC5297. SIV is only valid for AES. The PRF of SIV (S2V) is factored out in the Protocol.KDF module. See the following example to get a feeling of the API (slightly different than other AEAD mode, during decryption). Encryption (Python 2): >>> from Crypto.Cipher import AES >>> key = b'0'*32 >>> siv = AES.new(key, AES.MODE_SIV) >>> ct = siv.encrypt(b'Message') >>> mac = siv.digest() Decryption (Python 2): >>> from Crypto.Cipher import AES, MacMismatchError >>> key = b'0'*32 >>> siv = AES.new(key, AES.MODE_SIV) >>> pt = siv.decrypt(ct + mac) >>> try: >>> siv.verify(mac) >>> print "Plaintext", pt >>> except MacMismatchError: >>> print "Error" This change also fixes the description/design of AEAD API. With SIV (RFC5297), decryption can only start when the MAC is known. The original AEAD API did not support that. For SIV the MAC is now exceptionally passed together with the ciphertext to the decrypt() method. [dlitz@dlitz.net: Included changes from the following commits from the author's pull request:] - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes. - [d7727fb] Fix description/design of AEAD API. - [fb62fae] ApiUsageError becomes TypeError [whitespace] - [4ec64d8] Removed last references to ApiUsageError [whitespace] - [ee46922] Removed most 'import *' statements - [ca460a7] Made blockalgo.py more PEP-8 compliant; The second parameter of the _GHASH constructor is now the length of the block (block_size) and not the full module. [dlitz@dlitz.net: A conflict that was not resolved in the previous commit was originally resolved here. Moved the resolution to the previous commit.] [dlitz@dlitz.net: Replaced MacMismatchError with ValueError] [dlitz@dlitz.net: Replaced ApiUsageError with TypeError] [dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
* Add EAX authenticated encryption modeLegrandin2013-10-202-6/+92
| | | | | | | | | [dlitz@dlitz.net: Included changes from the following commits from the author's pull request:] - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes. - [ca460a7] Made blockalgo.py more PEP-8 compliant; The second parameter of the _GHASH constructor is now the length of the block (block_size) and not the full module. [dlitz@dlitz.net: Fixed unresolved conflict in lib/Crypto/Cipher/blockalgo.py]
* Add support for CCM mode (AES only).Legrandin2013-10-202-15/+559
| | | | | | | | | | | | | | [dlitz@dlitz.net: Included changes from the following commits from the author's pull request:] - [5306cf3] Added support for CCM mode (AES cipher only) - [9abe301] Added CCM tests - [f0c1395] Add MacMismatchError and ApiUsageError - [fb62fae] ApiUsageError becomes TypeError - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes. - [4ec64d8] Removed last references to ApiUsageError - [80bfd35] Corrected AES-CCM examples [dlitz@dlitz.net: Removed unrelated documentation change] [dlitz@dlitz.net: Renamed 'targs' back to 'args'] [dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
* Fixed MODE_OFB requiring paddingdev-jjc2013-07-142-1/+25
| | | | | | Closes: https://bugs.launchpad.net/pycrypto/+bug/996193 Closes: https://github.com/dlitz/pycrypto/pull/26 [dlitz: Squashed and fixed whitespace.]
* Counter: Deprecate disable_shortcut; Remove __PCT_CTR_SHORTCUT__ entirelyDwayne Litzenberger2013-07-141-8/+35
| | | | | | | | | | | | The `disable_shortcut` option served as a workaround in case `__PCT_CTR_SHORTCUT__` leaked through a wrapper object, but I don't think anyone actually used it, and it was a bad idea to expose it as part of the public API. Now that we do strong type checking inside block_template.c, there shoujld be no need to ever use this option. It's now a no-op, retained for backward compatibility only. It will be removed in some future version of PyCrypto.
* AES-NI support: Python 2.1 Backward compatibilityDwayne Litzenberger2013-04-211-1/+4
| | | | | - METH_NOARGS was introduced in Python 2.2. - Python 2.1 doesn't have True and False builtins.
* Initial AES-NI supportSebastian Ramacher2013-04-212-2/+9
|
* Hash: Rename SHA->SHA1 and RIPEMD->RIPEMD160 (1/2)Dwayne Litzenberger2013-02-161-2/+2
| | | | | | | | | These algorithm names were confusing, because there are actually algorithms called "SHA" (a.k.a. SHA-0) and "RIPEMD" (the original version). This commit just renames the modules, with no backward-compatibility support.
* Added ARC4-drop[n] cipherLegrandin2012-06-201-0/+20
|
* Add test vectors for ARC4Legrandin2012-06-201-2/+358
| | | | | Test vectors are taken from RFC 6229. All tests pass.
* Reenable redefined tests.Sebastian Ramacher2012-05-281-5/+6
| | | | | | | | The test suite contains tests that are disabled because they have the same name as other tests. Renaming them enables them again. PKCS1_OAEP_Tests.testEncryptDecrypt1 is updated to work with the new interface of PKCS1_OAEP.
* Fix block ciphers allowing empty string as IVDwayne C. Litzenberger2012-05-241-1/+26
| | | | Bug report: https://bugs.launchpad.net/pycrypto/+bug/997464
* Added test vectors from NIST 800-38ALegrandin2012-05-181-0/+136
| | | | | | | | Test vectors cover ECB, CBC, OFB, CFB-8, CFB-128, and CTR modes for AES-128, AES-192, and AES-256. Test vectors for CFB-1 have not been added because it is not a mode supported by PyCrypto.
* Added OPENPGP mode to RoundTripTestsLegrandin2012-05-171-2/+8
|
* Added OpenPGP modeLegrandin2012-05-173-4/+64
|
* Removed PGP mode from block ciphersLegrandin2012-05-141-1/+15
|
* Merge from upstreamLegrandin2011-12-221-10/+10
|\
| * Python 3.x fixes:Dwayne C. Litzenberger2011-10-221-8/+8
| | | | | | | | | | - Use absolute imports - Fix StringIO import so that 2to3 can translate it
* | Merged from upstream (py3k support) and modified so that all unit tests pass.Legrandin2011-10-1811-186/+376
|\ \ | |/
| * Don't abuse __builtins__Dwayne C. Litzenberger2011-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | According to Jean-Paul Calderone at https://bugs.launchpad.net/pycrypto/+bug/785150: `__builtins__` is an implementation detail of CPython. It takes on inconsistent values at various times. The use in `common.py` happens to work on recent version of CPython, but it doesn't work on PyPy. The only thing you should ever do, when you're doing this sort of thing, is "import __builtin__; __builtin__.foo".
| * Py3k compatibility: testsDwayne C. Litzenberger2011-10-101-2/+3
| |
| * Fix bare CR (which is a SyntaxError in Python 2.1)Dwayne C. Litzenberger2011-05-211-1/+2
| |
| * Unwraping byte conversion on test vectors.Anders Sundman2011-04-249-1202/+1201
| | | | | | | | Doing the wraping later, at the point of use instead.
| * Add unit tests for Crypto.Random.randomThorsten Behrens2010-12-311-3/+3
| | | | | | | | | | | | o Add unit tests o Fix random.shuffle() o random.sample() does not work on 2.1. This has not been fixed.
| * Add Ron Rivet TestThorsten Behrens2010-12-301-1/+41
| | | | | | | | | | o Add Ron Rivet DES test to test_DES.py o Started on API documentation for 3.x
| * Changes to allow pycrpyto to work on Python 3.x as well as 2.1 through 2.7Thorsten Behrens2010-12-289-1202/+1346
| |
* | Added Lorenz Quack's native C implementation of all SHA-2 algorithmLegrandin2011-10-161-1/+1
| | | | | | | | | | | | | | | | | | (as submitted here https://bugs.launchpad.net/pycrypto/+bug/544792) so that they are available also in Python 2.1, 2.2, 2.3 and 2.4. Regardless where the implementation comes from (Python standard library or our native modules, depending on the Python version), all Crypto.Hash objects are always used as front-ends.
* | Restructure both PKCS#1 ciphers as objects, to make them more uniform with ↵Legrandin2011-10-112-21/+30
| | | | | | | | other ciphers in the module.
* | To simplify, no RNG needs to be provided with PKCS1 encryption: the one ↵Legrandin2011-10-022-10/+13
| | | | | | | | | | | | | | belonging to each RSA key is reused. Error detection is internally implemented in a simpler (and safer) way for PKCS1 OAEP decryption. General fixes to documentation for PKCS1.
* | Modify decryption function for PKCS#1 v1.5 so that a sentinel is returned in ↵Legrandin2011-09-281-5/+5
| | | | | | | | case of padding error, as opposed to an exception being raised. Added also more information on how to avoid timing attacks.
* | Add PKCS#1 OAEP encryption, with test casesLegrandin2011-02-172-1/+364
| |
* | Added PKCS#1 v1.5 encryptionLegrandin2011-02-102-0/+168
|/
* Add roundtripping test (it passes)Dwayne C. Litzenberger2010-12-101-0/+23
|
* SelfTest: Clarify descriptions & ordering of Cipher testsDwayne C. Litzenberger2009-10-121-4/+28
|
* SelfTest: Add regression test for MODE_CTR ciphers not raising OverflowError ↵Dwayne C. Litzenberger2009-10-121-0/+20
| | | | when shortcut is used
* SelfTest: When testing CTR mode ciphers, test both with the shortcut and ↵Dwayne C. Litzenberger2009-10-121-0/+10
| | | | without the shortcut
* SelfTest: Test stream cipher (and MODE_CTR) API behaviourDwayne C. Litzenberger2009-10-121-0/+27
|
* SelfTest: Add AES-CTR testsDwayne C. Litzenberger2009-10-122-4/+66
|
* SelfTest: when using CFB mode, make sure block ciphers enforce that ↵Dwayne C. Litzenberger2009-10-101-4/+20
| | | | segment_size is a non-zero multiple of 8 bits
* test_DES3.py: Add test for two-key (16-byte key) 3DESDwayne C. Litzenberger2009-08-021-0/+5
|
* SelfTest: Add test for segfault when using MODE_CTR without specifying ↵Dwayne C. Litzenberger2009-08-021-0/+15
| | | | 'counter' keyword argument
* test_XOR.py: Fix test for bug where keys longer than 32 bytes are silently ↵Dwayne C. Litzenberger2009-08-021-2/+3
| | | | | | | truncated The previous commit 670005e15c088f30973050c3933adabbc8a3005c that claimed to test this bug didn't actually test this bug.
* test_XOR.py: Test for bug where keys longer than 32 bytes are silently truncatedDwayne C. Litzenberger2009-08-021-5/+10
| | | | This wasn't treated as a bug before. Now it is.
* Restore Crypto.Cipher.XOR and its self-testDwayne C. Litzenberger2009-08-021-0/+1
| | | | This commit depends on files restored by the previous 2 commits.
* Resurrect lib/Crypto/SelfTest/Cipher/test_XOR.pyDwayne C. Litzenberger2009-08-021-0/+64
| | | | This partly reverts commit efe206d04d175a848eaf572f58e9fd1389a3be64.
* Remove SelfTest modules for IDEA, RC5, and XOR ciphersDwayne C. Litzenberger2009-03-014-240/+0
|
* Legal: Dedicate my files to the public domain.Dwayne C. Litzenberger2009-03-0112-252/+204
| | | | | | | | | | | | | In an attempt to simplify the copyright status of PyCrypto, I'm placing my code into the public domain, and encouraging other contributors to do the same. I have used a public domain dedication that was recommended in a book on FOSS legal issues[1], followed by the warranty disclaimer boilerplate from the MIT license. [1] _Intellectual Property and Open Source: A Practical Guide to Protecting Code_, a book written by Van Lindberg and published by O'Reilly Media. (ISBN 978-0-596-51796-0)
View Lorry Controller Status