| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Computing the blinding factor and its inverse was done in a thread-unsafe
manner. Locking the computation & update of the blinding factors, and
passing these around in frame- and stack-bound data, solves this.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Strings need to be encoded into bytes before the RSA module can operate
on them.
|
| |
|
|
|
|
|
|
|
|
|
| |
Store blinding factor + its inverse, so that they can be reused & updated
on every blinding operation. This avoids expensive computations.
The reuse of the previous blinding factor is done via squaring (mod n), as
per section 9 of 'A Timing Attack against RSA with the Chinese Remainder
Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
|
|
|
|
|
| |
Crypto length and blocksize are public info, so don't need side-channel
free comparison.
|
|
|
|
|
| |
Use `bytes.find()` instead of `bytes.index()`, as the former doesn't raise
an exception when the to-be-found byte doesn't exist.
|
| |
|
|
|
|
|
| |
According to PKCS#1 v1.5, the padding should be at least 8 bytes long.
See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use as many constant-time comparisons as practical in the
`rsa.pkcs1.decrypt` function.
`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
alternative would be to iterate over all the data byte by byte in
Python, which is several orders of magnitude slower. Given that a
perfect constant-time implementation is very hard or even impossible to
do in Python [1], I chose the more performant option here.
[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
See commit d15a7f3 for the reason why.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note that version 4.3 will not appear on the master branch, but is
available in the version-4.3-py27compatible branch only.
|
| |
|
|
|
|
|
|
|
| |
The third-party library that adds support for this to Python 3.5 is a
binary package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poetry breaks no-binary installations of the RSA library, which defeats
the purpose of this library.
See https://github.com/sybrenstuvel/python-rsa/issues/148
Among other changes, this reverts commit
fcf5b7457c70426a242b17db20dd4e34e1055f69.
I also added a workaround for an `ImportError` importing `zipp` on
Python 3.5.
|
|
|
|
| |
The newer versions always have a message, even on success.
|
|\ |
|
| |
| |
| |
| |
| | |
This resolves the issue that the files are uploaded to the wrong project
on pypi.org.
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
Supporting Python 3.8 not only required configuring Tox and Travis to
run the tests on that version, but also required updating the
dependencies. Without that update, `pluggy` wouldn't work properly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
|
| |
|
| |
|
|
|
|
| |
This is a requirement for RSA blinding, but wasn't implemented yet.
|
| |
|
|
|
|
|
|
| |
I've overridden the default configuration in such a way that the code as
it is now passes all the code smells checks. Especially the default code
complexity threshold is extremely low.
|
|
|
|
| |
Also reorganised the only function that had a higher complexity.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is based on https://github.com/sybrenstuvel/python-rsa/pull/96, with
a few improvements:
- The minimum of one use of SHA3 in a unit test, to at least touch it at
some point.
- Documented the support of SHA3.
- Only install the third-party library required by Python 3.5 when we're
running on Python 3.5. Newer Python versions support SHA3 natively.
|